WildFly can be booted in two different modes. A managed domain allows
-you to run and manage a multi-server topology. Alternatively, you can
-run a standalone server instance.
For many use cases, the centralized management capability available via
-a managed domain is not necessary. For these use cases, a WildFly
-instance can be run as a "standalone server". A standalone server
-instance is an independent process, much like an JBoss Application
-Server 3, 4, 5, or 6 instance is. Standalone instances can be launched
-via the standalone.sh or standalone.bat launch scripts.
-
-
-
If more than one standalone instance is launched and multi-server
-management is desired, it is the user’s responsibility to coordinate
-management across the servers. For example, to deploy an application
-across all of the standalone servers, the user would need to
-individually deploy the application on each server.
-
-
-
It is perfectly possible to launch multiple standalone server instances
-and have them form an HA cluster, just like it was possible with JBoss
-Application Server 3, 4, 5 and 6.
One of the primary new features of WildFly is the ability to manage
-multiple WildFly instances from a single control point. A collection of
-such servers is referred to as the members of a "domain" with a single
-Domain Controller process acting as the central management control
-point. All of the WildFly instances in the domain share a common
-management policy, with the Domain Controller acting to ensure that each
-server is configured according to that policy. Domains can span multiple
-physical (or virtual) machines, with all WildFly instances on a given
-host under the control of a special Host Controller process. One Host
-Controller instance is configured to act as the central Domain
-Controller. The Host Controller on each host interacts with the Domain
-Controller to control the lifecycle of the application server instances
-running on its host and to assist the Domain Controller in managing
-them.
-
-
-
When you launch a WildFly managed domain on a host (via the domain.sh
-or domain.bat launch scripts) your intent is to launch a Host
-Controller and usually at least one WildFly instance. On one of the
-hosts the Host Controller should be configured to act as the Domain
-Controller. See Domain Setup for details.
-
-
-
The following is an example managed domain topology:
When the domain.sh or domain.bat script is run on a host, a process
-known as a Host Controller is launched. The Host Controller is solely
-concerned with server management; it does not itself handle application
-server workloads. The Host Controller is responsible for starting and
-stopping the individual application server processes that run on its
-host, and interacts with the Domain Controller to help manage them.
-
-
-
Each Host Controller by default reads its configuration from the
-domain/configuration/host.xml file located in the unzipped WildFly
-installation on its host’s filesystem. The host.xml file contains
-configuration information that is specific to the particular host.
-Primarily:
-
-
-
-
-
the listing of the names of the actual WildFly instances that are
-meant to run off of this installation.
-
-
-
configuration of how the Host Controller is to contact the Domain
-Controller to register itself and access the domain configuration. This
-may either be configuration of how to find and contact a remote Domain
-Controller, or a configuration telling the Host Controller to itself act
-as the Domain Controller.
-
-
-
configuration of items that are specific to the local physical
-installation. For example, named interface definitions declared in
-domain.xml (see below) can be mapped to an actual machine-specific IP
-address in host.xml. Abstract path names in domain.xml can be mapped
-to actual filesystem paths in host.xml.
One Host Controller instance is configured to act as the central
-management point for the entire domain, i.e. to be the Domain
-Controller. The primary responsibility of the Domain Controller is to
-maintain the domain’s central management policy, to ensure all Host
-Controllers are aware of its current contents, and to assist the Host
-Controllers in ensuring any running application server instances are
-configured in accordance with this policy. This central management
-policy is stored by default in the domain/configuration/domain.xml
-file in the unzipped WildFly installation on Domain Controller’s host’s
-filesystem.
-
-
-
A domain.xml file must be located in the domain/configuration
-directory of an installation that’s meant to run the Domain Controller.
-It does not need to be present in installations that are not meant to
-run a Domain Controller; i.e. those whose Host Controller is configured
-to contact a remote Domain Controller. The presence of a domain.xml
-file on such a server does no harm.
-
-
-
The domain.xml file includes, among other things, the configuration of
-the various "profiles" that WildFly instances in the domain can be
-configured to run. A profile configuration includes the detailed
-configuration of the various subsystems that comprise that profile (e.g.
-an embedded JBoss Web instance is a subsystem; a JBoss TS transaction
-manager is a subsystem, etc). The domain configuration also includes the
-definition of groups of sockets that those subsystems may open. The
-domain configuration also includes the definition of "server groups":
A server group is set of server instances that will be managed and
-configured as one. In a managed domain each application server instance
-is a member of a server group. (Even if the group only has a single
-server, the server is still a member of a group.) It is the
-responsibility of the Domain Controller and the Host Controllers to
-ensure that all servers in a server group have a consistent
-configuration. They should all be configured with the same profile and
-they should have the same deployment content deployed.
-
-
-
The domain can have multiple server groups. The above diagram shows two
-server groups, "ServerGroupA" and "ServerGroupB". Different server
-groups can be configured with different profiles and deployments; for
-example in a domain with different tiers of servers providing different
-services. Different server groups can also run the same profile and have
-the same deployments; for example to support rolling application upgrade
-scenarios where a complete service outage is avoided by first upgrading
-the application on one server group and then upgrading a second server
-group.
A server-group configuration includes the following required attributes:
-
-
-
-
-
name — the name of the server group
-
-
-
profile — the name of the profile the servers in the group should run
-
-
-
-
-
In addition, the following optional elements are available:
-
-
-
-
-
socket-binding-group — specifies the name of the default socket
-binding group to use on servers in the group. Can be overridden on a
-per-server basis in host.xml. If not provided in the server-group
-element, it must be provided for each server in host.xml.
-
-
-
deployments — the deployment content that should be deployed on the
-servers in the group.
-
-
-
deployment-overlays — the overlays and their associated deployments.
-
-
-
system-properties — system properties that should be set on all
-servers in the group
-
-
-
jvm — default jvm settings for all servers in the group. The Host
-Controller will merge these settings with any provided in host.xml to
-derive the settings to use to launch the server’s JVM. See
-JVM settings for further details.
Each "Server" in the above diagram represents an actual application
-server instance. The server runs in a separate JVM process from the Host
-Controller. The Host Controller is responsible for launching that
-process. (In a managed domain the end user cannot directly launch a
-server process from the command line.)
-
-
-
The Host Controller synthesizes the server’s configuration by combining
-elements from the domain wide configuration (from domain.xml ) and the
-host-specific configuration (from host.xml ).
Which use cases are appropriate for managed domain and which are
-appropriate for standalone servers? A managed domain is all about
-coordinated multi-server management — with it WildFly provides a
-central point through which users can manage multiple servers, with rich
-capabilities to keep those servers' configurations consistent and the
-ability to roll out configuration changes (including deployments) to the
-servers in a coordinated fashion.
-
-
-
It’s important to understand that the choice between a managed domain
-and standalone servers is all about how your servers are managed, not
-what capabilities they have to service end user requests. This
-distinction is particularly important when it comes to high availability
-clusters. It’s important to understand that HA functionality is
-orthogonal to running standalone servers or a managed domain. That is, a
-group of standalone servers can be configured to form an HA cluster. The
-domain and standalone modes determine how the servers are managed, not
-what capabilities they provide.
-
-
-
So, given all that:
-
-
-
-
-
A single server installation gains nothing from running in a managed
-domain, so running a standalone server is a better choice.
-
-
-
For multi-server production environments, the choice of running a
-managed domain versus standalone servers comes down to whether the user
-wants to use the centralized management capabilities a managed domain
-provides. Some enterprises have developed their own sophisticated
-multi-server management capabilities and are comfortable coordinating
-changes across a number of independent WildFly instances. For these
-enterprises, a multi-server architecture comprised of individual
-standalone servers is a good option.
-
-
-
Running a standalone server is better suited for most development
-scenarios. Any individual server configuration that can be achieved in a
-managed domain can also be achieved in a standalone server, so even if
-the application being developed will eventually run in production on a
-managed domain installation, much (probably most) development can be
-done using a standalone server.
-
-
-
Running a managed domain mode can be helpful in some advanced
-development scenarios; i.e. those involving interaction between multiple
-WildFly instances. Developers may find that setting up various servers
-as members of a domain is an efficient way to launch a multi-server
-cluster.
An extension is a module that extends the core capabilities of the
-server. The WildFly core is very simple and lightweight; most of the
-capabilities people associate with an application server are provided
-via extensions. An extension is packaged as a module in the modules
-folder. The user indicates that they want a particular extension to be
-available by including an <extension/> element naming its module in
-the domain.xml or standalone.xml file.
The most significant part of the configuration in domain.xml and
-standalone.xml is the configuration of one (in standalone.xml) or
-more (in domain.xml) "profiles". A profile is a named set of subsystem
-configurations. A subsystem is an added set of capabilities added to the
-core server by an extension (see "Extensions" above). A subsystem
-provides servlet handling capabilities; a subsystem provides an Jakarta Enterprise Beans
-container; a subsystem provides Jakarta Transactions, etc. A profile is a named list of
-subsystems, along with the details of each subsystem’s configuration. A
-profile with a large number of subsystems results in a server with a
-large set of capabilities. A profile with a small, focused set of
-subsystems will have fewer capabilities but a smaller footprint.
-
-
-
The content of an individual profile configuration looks largely the
-same in domain.xml and standalone.xml. The only difference is
-standalone.xml is only allowed to have a single profile element (the
-profile the server will run), while domain.xml can have many profiles,
-each of which can be mapped to one or more groups of servers.
-
-
-
The contents of individual subsystem configurations look exactly the
-same between domain.xml and standalone.xml.
A logical name for a filesystem path. The domain.xml, host.xml and
-standalone.xml configurations all include a section where paths can be
-declared. Other sections of the configuration can then reference those
-paths by their logical name, rather than having to include the full
-details of the path (which may vary on different machines). For example,
-the logging subsystem configuration includes a reference to the "
-`jboss.server.log.dir`" path that points to the server’s " `log`"
-directory.
WildFly automatically provides a number of standard paths without any
-need for the user to configure them in a configuration file:
-
-
-
-
-
jboss.home.dir - the root directory of the WildFly distribution
-
-
-
user.home - user’s home directory
-
-
-
user.dir - user’s current working directory
-
-
-
java.home - java installation directory
-
-
-
jboss.server.base.dir - root directory for an individual server
-instance
-
-
-
jboss.server.config.dir - directory the server will use for
-configuration file storage
-
-
-
jboss.server.data.dir - directory the server will use for persistent
-data file storage
-
-
-
jboss.server.log.dir - directory the server will use for log file
-storage
-
-
-
jboss.server.temp.dir - directory the server will use for temporary
-file storage
-
-
-
jboss.controller.temp.dir - directory the server will use for
-temporary file storage
-
-
-
jboss.domain.servers.dir - directory under which a host controller
-will create the working area for individual server instances (managed
-domain mode only)
-
-
-
-
-
Users can add their own paths or override all except the first 5 of the
-above by adding a <path/> element to their configuration file.
path — the actual filesystem path. Treated as an absolute path,
-unless the 'relative-to' attribute is specified, in which case the value
-is treated as relative to that path.
-
-
-
relative-to — (optional) the name of another previously named path,
-or of one of the standard paths provided by the system.
-
-
-
-
-
A <path/> element in a domain.xml need not include anything more
-than the name attribute; i.e. it need not include any information
-indicating what the actual filesystem path is:
-
-
-
-
<pathname="x"/>
-
-
-
-
Such a configuration simply says, "There is a path named 'x' that other
-parts of the domain.xml configuration can reference. The actual
-filesystem location pointed to by 'x' is host-specific and will be
-specified in each machine’s host.xml file." If this approach is used,
-there must be a path element in each machine’s host.xml that specifies
-what the actual filesystem path is:
-
-
-
-
<pathname="x"path="/var/x"/>
-
-
-
-
A <path/> element in a standalone.xml must include the specification
-of the actual filesystem path.
A logical name for a network interface/IP address/host name to which
-sockets can be bound. The domain.xml, host.xml and standalone.xml
-configurations all include a section where interfaces can be declared.
-Other sections of the configuration can then reference those interfaces
-by their logical name, rather than having to include the full details of
-the interface (which may vary on different machines). An interface
-configuration includes the logical name of the interface as well as
-information specifying the criteria to use for resolving the actual
-physical address to use. See Interfaces
-and ports for further details.
-
-
-
An <interface/> element in a domain.xml need not include anything
-more than the name attribute; i.e. it need not include any information
-indicating what the actual IP address associated with the name is:
-
-
-
-
<interfacename="internal"/>
-
-
-
-
Such a configuration simply says, "There is an interface named
-'internal' that other parts of the domain.xml configuration can
-reference. The actual IP address pointed to by 'internal' is
-host-specific and will be specified in each machine’s host.xml file." If
-this approach is used, there must be an interface element in each
-machine’s host.xml that specifies the criteria for determining the IP
-address:
A socket binding is a named configuration for a socket.
-
-
-
The domain.xml and standalone.xml configurations both include a
-section where named socket configurations can be declared. Other
-sections of the configuration can then reference those sockets by their
-logical name, rather than having to include the full details of the
-socket configuration (which may vary on different machines).
-See Socket Binding Groups
-for full details.
System property values can be set in a number of places in domain.xml,
-host.xml and standalone.xml. The values in standalone.xml are set
-as part of the server boot process. Values in domain.xml and
-host.xml are applied to servers when they are launched.
-
-
-
When a system property is configured in domain.xml or host.xml, the
-servers it ends up being applied to depends on where it is set. Setting
-a system property in a child element directly under the domain.xml
-root results in the property being set on all servers. Setting it in a
-<system-property/> element inside a <server-group/> element in
-domain.xml results in the property being set on all servers in the
-group. Setting it in a child element directly under the host.xml root
-results in the property being set on all servers controlled by that
-host’s Host Controller. Finally, setting it in a <system-property/>
-element inside a <server/> element in host.xml result in the
-property being set on that server. The same property can be configured
-in multiple locations, with a value in a <server/> element taking
-precedence over a value specified directly under the host.xml root
-element, the value in a host.xml taking precedence over anything from
-domain.xml, and a value in a <server-group/> element taking
-precedence over a value specified directly under the domain.xml root
-element.
Scripts are located in the $JBOSS_HOME/bin directory. Within this directory you will find script configuration files
-for standalone and domain startup scripts for each platform. These files can be used to configure your environment
-without having to edit the scripts themselves. For example, you can configure the JAVA_OPTS environment variable to
-configure the JVM before the container is launched.
By default, these are in the $JBOSS_HOME/bin directory. However, you can set the STANDALONE_CONF environment
-variable for standalone servers or DOMAIN_CONF environment variable for domain servers with a value of the
-absolute path to the file.
Starting with WildFly 23, common configuration files were introduced. These files are invoked from every script in the
-$JBOSS_HOME/bin directory. While these configuration files are not present in the directory by default, they
-can be added. You can simply just add the common.conf configuration file for the script type you want to
-execute and all scripts in the directory will invoke the configuration script.
-
-
-
-
-
common.conf for bash scripts
-
-
-
common.conf.bat for Windows batch scripts
-
-
-
common.conf.ps1 for PowerShell scripts
-
-
-
-
-
You can also set the COMMON_CONF environment variable to have this configuration script live outside the
-$JBOSS_HOME/bin directory.
-
-
-
-
-
-
-
-
-If you provide a common configuration file it will be invoked before the standalone and domain script
-configuration files. For example invoking standalone.sh first invokes the common.conf then later invokes
-the standalone.conf.
-
When WildFly parses your configuration files at boot, or when you use
-one of the AS’s Management Clients you are
-adding, removing or modifying management resources in the AS’s
-internal management model. A WildFly management resource has the
-following characteristics:
All WildFly management resources are organized in a tree. The path to
-the node in the tree for a particular resource is its address. Each
-segment in a resource’s address is a key/value pair:
-
-
-
-
-
The key is the resource’s type, in the context of its parent. So,
-for example, the root resource for a standalone server has children of
-type subsystem, interface, socket-binding, etc. The resource for
-the subsystem that provides the AS’s webserver capability has children
-of type connector and virtual-server. The resource for the subsystem
-that provides the AS’s messaging server capability has, among others,
-children of type jms-queue and jms-topic.
-
-
-
The value is the name of a particular resource of the given type, e.g
-web or messaging for subsystems or http or https for web
-subsystem connectors.
-
-
-
-
-
The full address for a resource is the ordered list of key/value pairs
-that lead from the root of the tree to the resource. Typical notation is
-to separate the elements in the address with a '/' and to separate the
-key and the value with an '=':
Querying or modifying the state of a resource is done via an operation.
-An operation has the following characteristics:
-
-
-
-
-
A string name
-
-
-
Zero or more named parameters. Each parameter has a string name, and a
-value of type org.jboss.dmr.ModelNode (or, when invoked via the CLI,
-the text representation of a ModelNode; when invoked via the HTTP API,
-the JSON representation of a ModelNode.) Parameters may be optional.
-
-
-
A return value, which will be of type org.jboss.dmr.ModelNode (or,
-when invoked via the CLI, the text representation of a ModelNode; when
-invoked via the HTTP API, the JSON representation of a ModelNode.)
-
-
-
-
-
Every resource except the root resource will have an add operation and
-should have a remove operation ("should" because in WildFly 29 many do
-not). The parameters for the add operation vary depending on the
-resource. The remove operation has no parameters.
-
-
-
There are also a number of "global" operations that apply to all
-resources. See Global operations for full
-details.
-
-
-
The operations a resource supports can themselves be determined by
-invoking an operation: the read-operation-names operation. Once the
-name of an operation is known, details about its parameters and return
-value can be determined by invoking the read-operation-description
-operation. For example, to learn the names of the operations exposed by
-the root resource for a standalone server, and then learn the full
-details of one of them, via the CLI one would:
-
-
-
-
[standalone@localhost:9990 /] :read-operation-names
-{
- "outcome" => "success",
- "result" => [
- "add-namespace",
- "add-schema-location",
- "delete-snapshot",
- "full-replace-deployment",
- "list-snapshots",
- "read-attribute",
- "read-children-names",
- "read-children-resources",
- "read-children-types",
- "read-config-as-xml",
- "read-operation-description",
- "read-operation-names",
- "read-resource",
- "read-resource-description",
- "reload",
- "remove-namespace",
- "remove-schema-location",
- "replace-deployment",
- "shutdown",
- "take-snapshot",
- "upload-deployment-bytes",
- "upload-deployment-stream",
- "upload-deployment-url",
- "validate-address",
- "write-attribute"
- ]
-}
-[standalone@localhost:9990 /] :read-operation-description(name=upload-deployment-url)
-{
- "outcome" => "success",
- "result" => {
- "operation-name" => "upload-deployment-url",
- "description" => "Indicates that the deployment content available at the included URL should be added to the deployment content repository. Note that this operation does not indicate the content should be deployed into the runtime.",
- "request-properties" => {"url" => {
- "type" => STRING,
- "description" => "The URL at which the deployment content is available for upload to the domain's or standalone server's deployment content repository.. Note that the URL must be accessible from the target of the operation (i.e. the Domain Controller or standalone server).",
- "required" => true,
- "min-length" => 1,
- "nillable" => false
- }},
- "reply-properties" => {
- "type" => BYTES,
- "description" => "The hash of managed deployment content that has been uploaded to the domain's or standalone server's deployment content repository.",
- "min-length" => 20,
- "max-length" => 20,
- "nillable" => false
- }
- }
-}
-
-
-
-
See Descriptions
-below for more on how to learn about the operations a resource exposes.
Management resources expose information about their state as attributes.
-Attributes have string name, and a value of type
-org.jboss.dmr.ModelNode (or: for the CLI, the text representation of a
-ModelNode; for HTTP API, the JSON representation of a ModelNode.)
-
-
-
Attributes can either be read-only or read-write. Reading and writing
-attribute values is done via the global read-attribute and
-write-attribute operations.
-
-
-
The read-attribute operation takes a single parameter "name" whose
-value is a the name of the attribute. For example, to read the "port"
-attribute of a socket-binding resource via the CLI:
Attributes can have one of two possible storage types:
-
-
-
-
-
CONFIGURATION – means the value of the attribute is stored in the
-persistent configuration; i.e. in the domain.xml, host.xml or
-standalone.xml file from which the resource’s configuration was read.
-
-
-
RUNTIME – the attribute value is only available from a running
-server; the value is not stored in the persistent configuration. A
-metric (e.g. number of requests serviced) is a typical example of a
-RUNTIME attribute.
-
-
-
-
-
The values of all of the attributes a resource exposes can be obtained
-via the read-resource operation, with the "include-runtime" parameter
-set to "true". For example, from the CLI:
Omit the "include-runtime" parameter (or set it to "false") to limit
-output to those attributes whose values are stored in the persistent
-configuration:
It is possible to override the value of any simple attribute by providing an environment variable with a name
-that maps to the attribute (and its resource).
-
-
-
-
-
-
-
-
-
-
Complex attributes (which have their type set to LIST, OBJECT, or PROPERTY) can not be overridden using an environment variable.
-
-
-
-
-
-
-
If there is an environment variable with such a name, the management resource will use the value of this environment variable
-when the management resource validates and sets the attribute value.
-This takes place before the attribute value is resolved (if it contains an expression) or corrected.
-
-
-
-
-
-
-
-
-
-
This feature is disabled by default. To enable it, the environment variable WILDFLY_OVERRIDING_ENV_VARS must be set (its value is not relevant):
If WildFly is started with that environment variable, the value of the proxy-address-forwarding attribute on the
-/subsystem=undertow/server=default-server/http-listener=default will be set to the value of the environment variable:
If an attribute value is determined from an environment variable, the next time the configuration is persisted, that value from the environment variable will be persisted.
-Until an operation triggers such persistence of the configuration file, the configuration file will not reflect the current running configuration.
Management resources may support child resources. The
-types of children a
-resource supports (e.g. connector for the web subsystem resource) can
-be obtained by querying the resource’s description (see
-Descriptions below)
-or by invoking the read-children-types operation. Once you know the
-legal child types, you can query the names of all children of a given
-type by using the global read-children-types operation. The operation
-takes a single parameter "child-type" whose value is the type. For
-example, a resource representing a socket binding group has children. To
-find the type of those children and the names of resources of that type
-via the CLI one could:
All resources expose metadata that describes their attributes,
-operations and child types. This metadata is itself obtained by invoking
-one or more of the global operations each
-resource supports. We showed examples of the read-operation-names,
-read-operation-description, read-children-types and
-read-children-names operations above.
-
-
-
The read-resource-description operation can be used to find the
-details of the attributes and child types associated with a resource.
-For example, using the CLI:
-
-
-
-
[standalone@localhost:9990 /] /socket-binding-group=standard-sockets:read-resource-description
-{
- "outcome" => "success",
- "result" => {
- "description" => "Contains a list of socket configurations.",
- "head-comment-allowed" => true,
- "tail-comment-allowed" => false,
- "attributes" => {
- "name" => {
- "type" => STRING,
- "description" => "The name of the socket binding group.",
- "required" => true,
- "head-comment-allowed" => false,
- "tail-comment-allowed" => false,
- "access-type" => "read-only",
- "storage" => "configuration"
- },
- "default-interface" => {
- "type" => STRING,
- "description" => "Name of an interface that should be used as the interface for any sockets that do not explicitly declare one.",
- "required" => true,
- "head-comment-allowed" => false,
- "tail-comment-allowed" => false,
- "access-type" => "read-write",
- "storage" => "configuration"
- },
- "port-offset" => {
- "type" => INT,
- "description" => "Increment to apply to the base port values defined in the socket bindings to derive the runtime values to use on this server.",
- "required" => false,
- "head-comment-allowed" => true,
- "tail-comment-allowed" => false,
- "access-type" => "read-write",
- "storage" => "configuration"
- }
- },
- "operations" => {},
- "children" => {"socket-binding" => {
- "description" => "The individual socket configurtions.",
- "min-occurs" => 0,
- "model-description" => undefined
- }}
- }
-}
-
-
-
-
Note the
-"operations" ⇒ }} in the output above. If the command had included the {{operations
-parameter (i.e.
-/socket-binding-group=standard-sockets:read-resource-description(operations=true))
-the output would have included the description of each operation
-supported by the resource.
-
-
-
See the Global operations section for
-details on other parameters supported by the read-resource-description
-operation and all the other globally available operations.
WildFly management resources are conceptually quite similar to Open
-MBeans. They have the following primary differences:
-
-
-
-
-
WildFly management resources are organized in a tree structure. The
-order of the key value pairs in a resource’s address is significant, as
-it defines the resource’s position in the tree. The order of the key
-properties in a JMX ObjectName is not significant.
-
-
-
In an Open MBean attribute values, operation parameter values and
-operation return values must either be one of the simple JDK types
-(String, Boolean, Integer, etc) or implement either the
-javax.management.openmbean.CompositeData interface or the
-javax.management.openmbean.TabularData interface. WildFly management
-resource attribute values, operation parameter values and operation
-return values are all of type org.jboss.dmr.ModelNode.
As noted above, management resources are organized in a tree structure.
-The structure of the tree depends on whether you are running a
-standalone server or a managed domain.
In a managed domain, the structure of the managed resource tree spans
-the entire domain, covering both the domain wide configuration (e.g.
-what’s in domain.xml, the host specific configuration for each host
-(e.g. what’s in host.xml, and the resources exposed by each running
-application server. The Host Controller processes in a managed domain
-provide access to all or part of the overall resource tree. How much is
-available depends on whether the management client is interacting with
-the Host Controller that is acting as the Domain Controller. If
-the Host Controller is the Domain Controller, then the section of
-the tree for each host is available. If the Host Controller is a secondary Host Controller
-to a remote Domain Controller, then only the portion of the tree
-associated with that host is available.
-
-
-
-
-
The root resource for the entire domain. The persistent configuration
-associated with this resource and its children, except for those of type
-host, is persisted in the domain.xml file on the Domain Controller.
-
-
-
-
extension – extensions available in the domain
-
-
-
path – paths available on across the domain
-
-
-
system-property – system properties set as part of the
-configuration (i.e. not on the command line) and available across the
-domain
-
-
-
profile – sets of subsystem configurations that can be assigned to
-server groups
-
-
-
-
subsystem – configuration of subsystems that are part of the
-profile
-
-
-
-
-
-
interface – interface configurations
-
-
-
socket-binding-group – sets of socket bindings configurations that
-can be applied to server groups
deployment – deployments available for assignment to server groups
-
-
-
deployment-overlay — deployment-overlays content available to
-overlay deployments in server groups
-
-
-
server-group – server group configurations
-
-
-
host – the individual Host Controllers. Each child of this type
-represents the root resource for a particular host. The persistent
-configuration associated with one of these resources or its children is
-persisted in the host’s host.xml file.
-
-
-
-
path – paths available on each server on the host
-
-
-
system-property – system properties to set on each server on the
-host
-
-
-
core-service=management – the Host Controller’s core management
-services
-
-
-
interface – interface configurations that apply to the Host
-Controller or servers on the host
-
-
-
jvm – JVM configurations that can be applied when launching
-servers
-
-
-
server-config – configuration describing how the Host Controller
-should launch a server; what server group configuration to use, and any
-server-specific overrides of items specified in other resources
-
-
-
server – the root resource for a running server. Resources from
-here and below are not directly persisted; the domain-wide and host
-level resources contain the persistent configuration that drives a
-server
-
-
-
-
extension – extensions installed in the server
-
-
-
path – paths available on the server
-
-
-
system-property – system properties set as part of the
-configuration (i.e. not on the command line)
-
-
-
core-service=management – the server’s core management services
-
-
-
core-service=service-container – resource for the JBoss MSC
-ServiceContainer that’s at the heart of the AS
-
-
-
subsystem – the subsystems installed on the server. The bulk of
-the management model will be children of type subsystem
-
-
-
interface – interface configurations
-
-
-
socket-binding-group – the central resource for the server’s
-socket bindings
WildFly offers three different approaches to configure and manage
-servers: a web interface, a command line client and a set of XML
-configuration files. Regardless of the approach you choose, the
-configuration is always synchronized across the different views and
-finally persisted to the XML files.
The HTTP API endpoint is the entry point for management clients that
-rely on the HTTP protocol to integrate with the management layer. It
-uses a JSON encoded protocol and a de-typed, RPC style API to describe
-and execute management operations against a managed domain or standalone
-server. It’s used by the web console, but offers integration
-capabilities for a wide range of other clients too.
-
-
-
The HTTP API endpoint is co-located with either the domain controller or
-a standalone server. By default, it runs on port 9990:
~(See standalone/configuration/standalone.xml or
-domain/configuration/host.xml)~
-
-
-
The HTTP API Endpoint serves two different contexts. One for executing
-management operations and another one that allows you to access the web
-interface:
For the responses returned from the HTTP management interface it is also possible to define custom constant HTTP headers that will be added to any response based on matching a configured prefix against the request path.
-
-
-
As an example it could be desirable to add a HTTP header X-Help which points users to the correct location to obtain assistance. The following management operation can be executed within the CLI to activate returning this header on all requests.
The example here has illustrated adding a single header for all requests matching the path prefix / i.e. every request. More advanced mappings can be defined by specifying a mapping for a more specific path prefix such as /management.
-
-
-
If a request matches multiple mappings such as a request to /management where mappings for / and /management have been specified the headers from all of the mappings will be applied to the corresponding request.
-
-
-
Within a single mapping it is also possible to define multiple headers which should be set on the corresponding response.
-
-
-
As the constant-headers attribute is set verification will be performed to verify that the HTTP headers specified are only making use of allowed characters as specified in the HTTP specification RFCs.
-
-
-
Additionally as they have special handling within the management interface overriding the following headers is disallowed and attempts to set these will result in an error being reported.
-
-
-
-
-
Connection
-
-
-
Content-Length
-
-
-
Content-Type
-
-
-
Date
-
-
-
Transfer-Encoding
-
-
-
-
-
The configured headers are set at the very end of processing the request immediately before the response is returned to the client, this will mean any of the configured headers will override the same headers set by the corresponding endpoint.
The Command Line Interface (CLI) is a management tool for a managed
-domain or standalone server. It allows a user to connect to the domain
-controller or a standalone server and execute management operations
-available through the de-typed management model.
Depending on the operating system, the CLI is launched using
-jboss-cli.sh or jboss-cli.bat located in the WildFly bin
-directory. For further information on the default directory structure,
-please consult the " Getting Started
-Guide".
-
-
-
The first thing to do after the CLI has started is to connect to a
-managed WildFly instance. This is done using the command connect, e.g.
-
-
-
-
./bin/jboss-cli.sh
-You are disconnected at the moment. Type 'connect' to connect to the server
-or 'help' for the list of supported commands.
-[disconnected /]
-
-[disconnected /] connect
-[domain@localhost:9990 /]
-
-[domain@localhost:9990 /] quit
-Closed connection to localhost:9990
-
-
-
-
localhost:9990 is the default host and port combination for the
-WildFly CLI client.
-
-
-
The host and the port of the server can be provided as an optional
-parameter, if the server is not listening on localhost:9990.
-
-
-
-
./bin/jboss-cli.sh
-You are disconnected at the moment. Type 'connect' to connect to the server
-[disconnected /] connect 192.168.0.10:9990
-Connected to standalone controller at 192.168.0.1:9990
-
-
-
-
The :9990 is not required as the CLI will use port 9990 by default. The
-port needs to be provided if the server is listening on some other port.
-
-
-
To terminate the session type quit.
-
-
-
-
-
-
-
-
-The jboss-cli script accepts a --connect parameter: ./jboss-cli.sh
---connect
-
-
-
-
-
-
The --controller parameter can be used to specify the host and port of
-the server: ./jboss-cli.sh --connect --controller=192.168.0.1:9990
-
-
-
Help is also available:
-
-
-
In order to list the set of commands that are currently available in the current context
-use the option --commands (NB: the following examples are not displaying an
-exhaustive set of CLI commands, more and/or different commands could be available
-in your running CLI instance):
-
-
-
-
[domain@localhost:9990 /] help --commands
-Commands available in the current context:
-batch connection-factory deployment-overlay if patch reload try
-cd connection-info echo jdbc-driver-info pwd rollout-plan undeploy
-clear data-source echo-dmr jms-queue quit run-batch unset
-command deploy help jms-topic read-attribute set version
-connect deployment-info history ls read-operation shutdown xa-data-source
-To read a description of a specific command execute 'help <command name>'.
-
-
-
-
The help command can print help for any command or operation. For operations,
-the operation description is formatted as a command help (synopsis, description and
-options). Some commands (eg: patch) expose two levels of documentation. A high
-level description for the command itself and a dedicated help content for each action (eg: apply).
-The help documentation of each command makes it clear if this two levels are available or not.
-
-
-
Use Tab-completion to discover the set of commands and operations:
-
-
-
-
help <TAB>
-
-
-
-
The list of all commands (enabled or not) is displayed.
-
-
-
Examples
-
-
-
-
-
Display the help of the patch command:
-
-
-
-
-
-
help patch
-
-
-
-
-
-
Display the help of the apply action of the patch command:
-
-
-
-
-
-
help patch apply
-
-
-
-
-
-
Display the description of the elytronkey-store resource add operation
-formatted as a command help content:
The CLI can also be run in non-interactive mode to support scripts and
-other types of command line or batch processing. The --command and
---commands arguments can be used to pass a command or a list of commands
-to execute. Additionally a --file argument is supported which enables
-CLI commands to be provided from a text file.
-
-
-
For example the following command can be used to list all the current
-deployments
The output can be combined with other shell commands for further
-processing, for example to find out what .war files are deployed:
-
-
-
-
$ ./bin/jboss-cli.sh --connect --commands=ls\ deployment | grep war
-sample.war
-
-
-
-
In order to match a command with its output, you can provide the option
---echo-command (or add the XML element <echo-command> to the CLI
-configuration file) in order to make the CLI to include the prompt
-command + options in the output. With this option enabled, any executed
-command will be added to the output.
By default CLI command and operation executions are not timely bounded.
-It means that a command never ending its execution will make the CLI
-process to be stuck and unresponsive. To protect the CLI from this
-behavior, one can set a command execution timeout.
In interactive mode, when a timeout occurs, an error message is
-displayed then the console prompt is made available to type new
-commands. In non interactive mode (executing a script or a list of
-commands), when a timeout occurs, an exception is thrown and the CLI
-execution is stopped. In both modes (interactive and non interactive),
-when a timeout occurs, the CLI will make a best effort to cancel the
-associated server side activities.
Once the CLI is running, the timeout can be adjusted to cope with the
-commands to execute. For example a batch command will need a longer
-timeout than a non batch one. The command command-timeout allows to
-get, set and reset the command timeout.
The command command-timeout set update the timeout value to a number
-of seconds. If a timeout has been set via configuration (XML file or
-option), it is overridden by the set action.
-
-
-
-
[standalone@localhost:9990 /] command-timeout set 10
The command command-timeout reset \{config|default} allows to set the
-timeout to its configuration value (XML file or option) or default value
-(0 second). If no configuration value is set, resetting to the
-configuration value sets the timeout to its default value (0 seconds).
The native interface shares the same security configuration as the http
-interface, however we also support a local authentication mechanism
-which means that the CLI can authenticate against the local WildFly
-instance without prompting the user for a username and password. This
-mechanism only works if the user running the CLI has read access to the
-standalone/tmp/auth folder or domain/tmp/auth folder under the
-respective WildFly installation - if the local mechanism fails then the
-CLI will fallback to prompting for a username and password for a user
-configured as in Default HTTP Interface Security.
-
-
-
Establishing a CLI connection to a remote server will require a username
-and password by default.
Operation requests allow for low level interaction with the management
-model. They are different from the high level commands (i.e.
-create-jms-queue) in that they allow you to read and modify the server
-configuration as if you were editing the XML configuration files
-directly. The configuration is represented as a tree of addressable
-resources, where each node in the tree (aka resource) offers a set of
-operations to execute.
-
-
-
An operation request basically consists of three parts: The address,
-an operation name and an optional set of parameters.
-
-
-
The formal specification for an operation request is:
Tab-completion is supported for all commands and options, i.e.
-node-types and node-names, operation names and parameter names.
-
-
-
In operation Tab-completion, required parameters have a name terminated by the
-'*' character. This helps identify which are the parameters that must be set in order to
-construct a valid operation. Furthermore, Tab-completion does not propose
-parameters that are alternatives of parameters already present in the operation.
bytes, hash, input-stream-index and url are required but also alternatives
-(only one of them can be set). As soon as one of these parameter has been set, the
-others are no longer proposed by completion.
target-path argument is automatically inlined in the command.
-
-
-
-
-
-
-
-
-We are also considering adding aliases that are less verbose for the user, and
-will translate into the corresponding operation requests in the
-background.
-
-
-
-
-
-
Whitespaces between the separators in the operation request strings are
-not significant.
The operation types can be distinguished between common operations that
-exist on any node and specific operations that belong to a particular
-configuration resource (i.e. subsystem). The common operations are:
-
-
-
-
-
add
-
-
-
read-attribute
-
-
-
read-children-names
-
-
-
read-children-resources
-
-
-
read-children-types
-
-
-
read-operation-description
-
-
-
read-operation-names
-
-
-
read-resource
-
-
-
read-resource-description
-
-
-
remove
-
-
-
validate-address
-
-
-
write-attribute
-
-
-
-
-
For a list of specific operations (e.g. operations that relate to the
-logging subsystem) you can always query the model itself. For example,
-to read the operations supported by the logging subsystem resource on a
-standalone server:
As you can see, the logging resource offers four additional operations,
-namely root-logger-assign-handler, root-logger-unassign-handler,
-set-root-logger and remove-root-logger.
-
-
-
Further documentation about a resource or operation can be retrieved
-through the description:
-
-
-
-
[standalone@localhost:9990 /] /subsystem=logging:read-operation-description(name=change-root-log-level)
-{
- "outcome" => "success",
- "result" => {
- "operation-name" => "change-root-log-level",
- "description" => "Change the root logger level.",
- "request-properties" => {"level" => {
- "type" => STRING,
- "description" => "The log level specifying which message levels will be logged by this logger.
- Message levels lower than this value will be discarded.",
- "required" => true
- }}
- }
-}
-
-
-
-
Full model
-
-
-
-
-
-
-
-
-To see the full model enter :read-resource(recursive=true).
-
Command (and operation request) history is enabled by default. The
-history is kept both in-memory and in a file on the disk, i.e. it is
-preserved between command line sessions. The history file name is
-.jboss-cli-history and is automatically created in the user’s home
-directory. When the command line interface is launched this file is read
-and the in-memory history is initialized with its content.
-
-
-
-
-
-
-
-
-While in the command line session, you can use the arrow keys to go back
-and forth in the history of commands and operations.
-
-
-
-
-
-
To manipulate the history you can use the history command. If executed
-without any arguments, it will print all the recorded commands and
-operations (up to the configured maximum, which defaults to 500) from
-the in-memory history.
-
-
-
history supports three optional arguments:
-
-
-
-
-
disable - will disable history expansion (but will not clear the
-previously recorded history);
-
-
-
enabled - will re-enable history expansion (starting from the last
-recorded command before the history expansion was disabled);
-
-
-
clear - will clear the in-memory history (but not the file one).
In interactive mode, when the content to display is longer than the terminal
- height, the content is paged. You can navigate the content by using the following
- keys and mouse events:
-
-
-
-
-
space or PAGE_DOWN: scroll the content one page down.
-
-
-
'\' or PAGE_UP: scroll the content one page up.
-
-
-
';' or up arrow or mouse wheel up: scroll the content one line up.
-
-
-
ENTER or down arrow or mouse wheel down: scroll the content one line down.
-
-
-
HOME or 'g': scroll to the top of the content. NB: HOME is only supported
-for keyboards containing this key.
-
-
-
END or 'G': scroll to the bottom of the content. NB: END is only supported
-for keyboards containing this key.
-
-
-
'q' or 'Q' or ESC: exit the paging.
-
-
-
-
-
NB: When the end of the content is reached (using ENTER, space, …) the paging
- is automatically exited.
-
-
-
It is possible to search for text when the content is paged. Search is operated
- with the following keys:
-
-
-
-
-
'/' to display prompt allowing to type some text. Type return to launch the search.
-You can use up/down arrows to retrieve previously typed text. NB: search history
- is not persisted when CLI process exits.
-
-
-
'n' to jump to the next match if any. If no search text has been typed, then the
-last entry from the search history is used.
-
-
-
'N' to jump to the previous match if any. If no search text has been typed,
-then the last entry from the search history is used.
-
-
-
-
-
There are two possible ways to disable the output paging and write the whole output of the commands at once:
-
-
-
-
-
--no-output-paging command line parameter will disable the output paging;
-
-
-
Add <output-paging>false<output-paging> in jboss-cli.xml.
-
-
-
-
-
-
-
-
-
-
-On Windows, searching and navigating backward is only supported starting with Windows 10 and Windows Server 2016.
-
-
-
-
-
-
-
-
-
-
-
-If the CLI process is sent the signal KILL(9) while it is paging, the terminal will stay
- in alternate mode. This makes the terminal to behave in an unexpected manner (display and mouse events).
- In order to restore the terminal state call: tput rmcup.
-
The batch mode allows one to group commands and operations and execute
-them together as an atomic unit. If at least one of the commands or
-operations fails, all the other successfully executed commands and
-operations in the batch are rolled back.
-
-
-
Not all of the commands are allowed in the batch. For example, commands
-like cd, ls, help, etc. are not allowed in the batch since they
-don’t translate into operation requests. Only the commands that
-translate into operation requests are allowed in the batch. The batch,
-actually, is executed as a composite operation request.
-
-
-
The batch mode is entered by executing command batch.
WildFly is distributed secured by default. The default security
-mechanism is username / password based making use of HTTP Digest for the
-authentication process.
-
-
-
The reason for securing the server by default is so that if the
-management interfaces are accidentally exposed on a public IP address
-authentication is required to connect - for this reason there is no
-default user in the distribution.
-
-
-
The user are stored in a properties file called mgmt-users.properties
-under standalone/configuration and domain/configuration depending on the
-running mode of the server, these files contain the users username along
-with a pre-prepared hash of the username along with the name of the
-realm and the users password.
-
-
-
-
-
-
-
-
-Although the properties files do not contain the plain text passwords
-they should still be guarded as the pre-prepared hashes could be used to
-gain access to any server with the same realm if the same user has used
-the same password.
-
-
-
-
-
-
To manipulate the files and add users we provide a utility add-user.sh
-and add-user.bat to add the users and generate the hashes, to add a user
-you should execute the script and follow the guided process.
-
-The full details of the add-user utility are described later but for the
-purpose of accessing the management interface you need to enter the
-following values: -
-
-
-
-
-
Type of user - This will be a 'Management User' to selection option a.
-
-
-
Realm - This MUST match the realm name used in the configuration so
-unless you have changed the configuration to use a different realm name
-leave this set as 'ManagementRealm'.
-
-
-
Username - The username of the user you are adding.
-
-
-
Password - The users password.
-
-
-
-
-
Provided the validation passes you will then be asked to confirm you
-want to add the user and the properties files will be updated.
-
-
-
For the final question, as this is a user that is going to be accessing
-the admin console just answer 'n' - this option will be described later
-for adding secondary host controllers that authenticate against a
-Domain Controller but that is a later topic.
-
-
-
After a new user has been added the server should be restarted or the
-load operation should be executed on the ManagementRealm or
-ApplicationRealm resource in the elytron subsystem as appropriate.
The native interface shares the same security configuration as the http
-interface, however we also support a local authentication mechanism
-which means that the CLI can authenticate against the local WildFly
-instance without prompting the user for a username and password. This
-mechanism only works if the user running the CLI has read access to the
-standalone/tmp/auth folder or domain/tmp/auth folder under the
-respective WildFly installation - if the local mechanism fails then the
-CLI will fallback to prompting for a username and password for a user
-configured as in Default HTTP Interface Security.
-
-
-
Establishing a CLI connection to a remote server will require a username
-and password by default.
The Command Line Interface (CLI) is a management tool for a managed
-domain or standalone server. It allows a user to connect to the domain
-controller or a standalone server and execute management operations
-available through the de-typed management model.
WildFly stores its configuration in centralized XML configuration files,
-one per server for standalone servers and, for managed domains, one per
-host with an additional domain wide policy controlled by the Domain Controller.
-These files are meant to be human-readable and human editable.
-
-
-
-
-
-
-
-
-The XML configuration files act as a central, authoritative source of
-configuration. Any configuration changes made via the web interface or
-the CLI are persisted back to the XML configuration files. If a domain
-or standalone server is offline, the XML configuration files can be hand
-edited as well, and any changes will be picked up when the domain or
-standalone server is next started. However, users are encouraged to use
-the web interface or the CLI in preference to making offline edits to
-the configuration files. External changes made to the configuration
-files while processes are running will not be detected, and may be
-overwritten.
-
The XML configuration for a standalone server can be found in the
-standalone/configuration directory. The default configuration file is
-standalone/configuration/standalone.xml.
-
-
-
The standalone/configuration directory includes a number of other
-standard configuration files, e.g. standalone-full.xml,
-standalone-ha.xml and standalone-full-ha.xml each of which is
-similar to the default standalone.xml file but includes additional
-subsystems not present in the default configuration. If you prefer to
-use one of these files as your server configuration, you can specify it
-with the [line-through]*c* or -server-config command line argument:
In a managed domain, the XML files are found in the
-domain/configuration directory. There are two types of configuration
-files – one per host, and then a single domain-wide file managed by the
-primary Host Controller, aka the Domain Controller. (For more on the types of
-processes in a managed domain, see Operating
-Modes.)
When you start a managed domain process, a Host Controller instance is
-launched, and it parses its own configuration file to determine its own
-configuration, how it should integrate with the rest of the domain, any
-host-specific values for settings in the domain wide configuration (e.g.
-IP addresses) and what servers it should launch. This information is
-contained in the host-specific configuration file, the default version
-of which is domain/configuration/host.xml.
-
-
-
Each host will have its own variant host.xml, with settings
-appropriate for its role in the domain. WildFly ships with three
-standard variants:
-
-
-
-
-
-
-
-
-
host-primary.xml
-
A configuration that specifies the Host Controller
-should become the primary Host Controller, aka the Domain Controller.
-No servers will be started by this Host Controller, which is a recommended
-setup for a production Domain Controller.
-
-
-
-
-
host-secondary.xml
-
A configuration that specifies the Host Controller
-should not become the primary Host Controller and instead should register with a remote
-primary Host Controller and be controlled by it. This configuration launches servers,
-although a user will likely wish to modify how many servers are launched
-and what server groups they belong to.
-
-
-
host.xml
-
The default host configuration, tailored for an easy out of
-the box experience experimenting with a managed domain. This
-configuration specifies the Host Controller should become the primary Host Controller,
-aka the Domain Controller, but it also launches a couple of servers.
-
-
-
-
-
Which host-specific configuration should be used can be controlled via
-the _ --host-config_ command line argument:
Once a Host Controller has processed its host-specific configuration, it
-knows whether it is configured to act as the Domain Controller.
-If it is, it must parse the domain wide configuration file, by default
-located at domain/configuration/domain.xml. This file contains the
-bulk of the settings that should be applied to the servers in the domain
-when they are launched – among other things, what subsystems they should
-run with what settings, what sockets should be used, and what
-deployments should be deployed.
-
-
-
Which domain-wide configuration should be used can be controlled via the
-_ --domain-config_ command line argument:
That argument is only relevant for hosts configured to act as the
-Domain Controller.
-
-
-
A secondary Host Controller does not usually parse the domain wide
-configuration file. A secondary Host Controller gets the domain wide configuration from the
-remote Domain Controller when it registers with it. A secondary Host Controller also
-will not persist changes to a domain.xml file if one is present on the
-filesystem. For that reason it is recommended that no domain.xml be
-kept on the filesystem of hosts that will only run as secondary Host Controllers.
-
-
-
A secondary Host Controller can be configured to keep a locally persisted copy of the domain
-wide configuration and then use it on boot (in case the Domain Controller is not
-available.) See --backup and --cached-dc under
-Command line parameters.
WildFly uses named interface references throughout the configuration. A
-network interface is declared by specifying a logical name and a
-selection criteria for the physical interface:
This means the server in question declares two interfaces: One is
-referred to as " management"; the other one " public". The "
-management" interface is used for all components and services that are
-required by the management layer (i.e. the HTTP Management Endpoint).
-The " public" interface binding is used for any application related
-network communication (i.e. Web, Messaging, etc). There is nothing
-special about these names; interfaces can be declared with any name.
-Other sections of the configuration can then reference those interfaces
-by their logical name, rather than having to include the full details of
-the interface (which, on servers in a management domain, may vary on
-different machines).
-
-
-
The domain.xml, host.xml and standalone.xml configuration files
-all include a section where interfaces can be declared. If we take a
-look at the XML declaration it reveals the selection criteria. The
-criteria is one of two types: either a single element indicating that
-the interface should be bound to a wildcard address, or a set of one or
-more characteristics that an interface or address must have in order to
-be a valid match. The selection criteria in this example are specific IP
-addresses for each interface:
<interfacename="global">
- <!-- Use the wildcard address -->
- <any-address/>
-</interface>
-
-<interfacename="external">
- <nicname="eth0"/>
-</interface>
-
-<interfacename="default">
- <!-- Match any interface/address on the right subnet if it's
- up, supports multicast and isn't point-to-point -->
- <subnet-matchvalue="192.168.0.0/16"/>
- <up/>
- <multicast/>
- <not>
- <point-to-point/>
- </not>
-</interface>
-
-
-
-
-
-
-
-
-
-An interface configuration element is used to provide a single InetAddress to parts
-of the server that reference that interface. If the selection criteria specified for
-the interface element results in more than one address meeting the criteria, then a
-warning will be logged and one just one address will be selected and used. Preference
-will be given to network interfaces that are up, are non-loopback and are not
-point-to-point.
-
WildFly supports using the -b command line argument to specify the
-address to assign to interfaces. See
-Controlling the Bind Address with -b for further details.
The socket configuration in WildFly works similarly to the interfaces
-declarations. Sockets are declared using a logical name, by which they
-will be referenced throughout the configuration. Socket declarations are
-grouped under a certain name. This allows you to easily reference a
-particular socket binding group when configuring server groups in a
-managed domain. Socket binding groups reference an interface by its
-logical name:
A socket binding includes the following information:
-
-
-
-
-
name — logical name of the socket configuration that should be used
-elsewhere in the configuration
-
-
-
port — base port to which a socket based on this configuration should
-be bound. (Note that servers can be configured to override this base
-value by applying an increment or decrement to all port values.)
-
-
-
interface (optional) — logical name (see "Interfaces declarations"
-above) of the interface to which a socket based on this configuration
-should be bound. If not defined, the value of the "default-interface"
-attribute from the enclosing socket binding group will be used.
-
-
-
multicast-address (optional) — if the socket will be used for
-multicast, the multicast address to use
-
-
-
multicast-port (optional) — if the socket will be used for multicast,
-the multicast port to use
-
-
-
fixed-port (optional, defaults to false) — if true, declares that the
-value of port should always be used for the socket and should not be
-overridden by applying an increment or decrement
WildFly supports the use of both IPv4 and IPv6 addresses. By default,
-WildFly is configured for use in an IPv4 network and so if you are
-running in an IPv4 network, no changes are required. If you need to run
-in an IPv6 network, the changes required are minimal and involve
-changing the JVM stack and address preferences, and adjusting any
-interface IP address values specified in the configuration
-(standalone.xml or domain.xml).
The system properties java.net.preferIPv4Stack and
-java.net.preferIPv6Addresses are used to configure the JVM for use with
-IPv4 or IPv6 addresses. With WildFly, in order to run using IPv4
-addresses, you need to specify java.net.preferIPv4Stack=true; in order
-to run with IPv6 addresses, you need to specify
-java.net.preferIPv4Stack=false (the JVM default) and
-java.net.preferIPv6Addresses=true. The latter ensures that any hostname
-to IP address conversions always return IPv6 address variants.
-
-
-
These system properties are conveniently set by the JAVA_OPTS
-environment variable, defined in the standalone.conf (or domain.conf)
-file. For example, to change the IP stack preference from its default of
-IPv4 to IPv6, edit the standalone.conf (or domain.conf) file and change
-its default IPv4 setting:
-
-
-
-
if [ "x$JAVA_OPTS" = "x" ]; then
- JAVA_OPTS=" ... -Djava.net.preferIPv4Stack=true ..."
-...
-
-
-
-
to an IPv6 suitable setting:
-
-
-
-
if [ "x$JAVA_OPTS" = "x" ]; then
- JAVA_OPTS=" ... -Djava.net.preferIPv4Stack=false -Djava.net.preferIPv6Addresses=true ..."
-...
To change the IP address literals referenced in standalone.xml (or
-domain.xml), first visit the interface declarations and ensure that
-valid IPv6 addresses are being used as interface values. For example, to
-change the default configuration in which the loopback interface is used
-as the primary interface, change from the IPv4 loopback address:
Note that when embedding IPv6 address literals in the substitution
-expression, square brackets surrounding the IP address literal are used
-to avoid ambiguity. This follows the convention for the use of IPv6
-literals in URLs.
-
-
-
Over and above making such changes for the interface definitions, you
-should also check the rest of your configuration file and adjust IP
-address literals from IPv4 to IPv6 as required.
For use with the default configuration we supply a utility add-user
-which can be used to manage the properties files for the default realms
-used to store the users and their roles.
-
-
-
The add-user utility can be used to manage both the users in the
-ManagementRealm and the users in the ApplicationRealm, changes made
-apply to the properties file used both for domain mode and standalone
-mode.
-
-
-
-
-
-
-
-
-After you have installed your application server and decided if you are
-going to run in standalone mode or domain mode you can delete the parent
-folder for the mode you are not using, the add-user utility will then
-only be managing the properties file for the mode in use.
-
-
-
-
-
-
The add-user utility is a command line utility however it can be run in
-both interactive and non-interactive mode. Depending on your platform
-the script to run the add-user utility is either add-user.sh or
-add-user.bat which can be found in \{ jboss.home}/bin.
-
-
-
This guide now contains a couple of examples of this utility in use to
-accomplish the most common tasks.
Adding users to the properties files is the primary purpose of this
-utility. Usernames can only contain the following characters in any
-number and in any order:
-The default name of the realm for management users is ManagementRealm,
-when the utility prompts for the realm name just accept the default
-unless you have switched to a different realm.
-
Here we have added a new Management User called adminUser, as you can
-see some of the questions offer default responses so you can just press
-enter without repeating the default value.
-
-
-
For now just answer n or no to the final question, adding users to
-be used by processes is described in more detail in the domain
-management chapter.
To add a user in non-interactive mode the command
-./add-user.sh {username} {password} can be used.
-
-
-
-
-
-
-
-
-
-
-
-If you add users using this approach there is a risk that any other user
-that can view the list of running process may see the arguments
-including the password of the user being added, there is also the risk
-that the username / password combination will be cached in the history
-file of the shell you are currently using.
-
Here a new user called appUser has been added, in this case a comma
-separated list of roles has also been specified.
-
-
-
As with adding a management user just answer n or no to the final
-question until you know you are adding a user that will be establishing
-a connection from one server to another.
To add an application user non-interactively use the command
-./add-user.sh -a {username} {password}.
-
-
-
-
-
-
-
-
-
-
-
-Non-interactive mode does not support defining a list of users, to
-associate a user with a set of roles you will need to manually edit the
-application-roles.properties file by hand.
-
Within the add-user utility it is also possible to update existing
-users, in interactive mode you will be prompted to confirm if this is
-your intention.
There are still a few features to add to the add-user utility such as
-removing users or adding application users with roles in non-interactive
-mode, if you are interested in contributing to WildFly development the
-add-user utility is a good place to start as it is a stand alone
-utility, however it is a part of the AS build so you can become familiar
-with the AS development processes without needing to delve straight into
-the internals of the application server.
WildFly introduces a Role Based Access Control scheme that allows
-different administrative users to have different sets of permissions to
-read and update parts of the management tree. This replaces the simple
-permission scheme used in JBoss AS 7, where anyone who could
-successfully authenticate to the management security realm would have
-all permissions.
WildFly ships with two access control "providers", the "simple"
-provider, and the "rbac" provider. The "simple" provider is the default,
-and provides a permission scheme equivalent to the JBoss AS 7 behavior
-where any authenticated administrator has all permissions. The "rbac"
-provider gives the finer grained permission scheme that is the focus of
-this section.
-
-
-
The access control configuration is included in the management section
-of a standalone server’s standalone.xml, or in a new "management"
-section in a managed domain’s domain.xml. The access control policy is
-centrally configured in a managed domain.
As you can see, the provider is set to "simple" by default. With the
-"simple" provider, the nested "role-mapping" section is not actually
-relevant. It’s there to help ensure that if the provider attribute is
-switched to "rbac" there will be at least one user mapped to a role that
-can continue to administer the system. This default mapping assigns the
-"$local" user name to the RBAC role that provides all permissions, the
-"SuperUser" role. The "$local" user name is the name an administrator
-will be assigned if he or she uses the CLI on the same system as the
-WildFly instance and the "local" authentication scheme is enabled.
The access control scheme implemented by the "rbac" provider is based on
-seven standard roles. A role is a named set of permissions to perform
-one of the actions: addressing (i.e. looking up) a management resource,
-reading it, or modifying it. The different roles have constraints
-applied to their permissions that are used to determine whether the
-permission is granted.
The seven standard roles are divided into two broad categories, based on
-whether the role can deal with items that are considered to be "security
-sensitive". Resources, attributes and operations that may affect
-administrative security (e.g. security realm resources and attributes
-that contain passwords) are "security sensitive".
-
-
-
Four roles are not given permissions for "security sensitive" items:
-
-
-
-
-
Monitor – a read-only role. Cannot modify any resource.
-
-
-
Operator – Monitor permissions, plus can modify runtime state, but
-cannot modify anything that ends up in the persistent configuration.
-Could, for example, restart a server.
-
-
-
Maintainer – Operator permissions, plus can modify the persistent
-configuration.
-
-
-
Deployer – like a Maintainer, but with permission to modify persistent
-configuration constrained to resources that are considered to be
-"application resources". A deployment is an application resource. The
-messaging server is not. Items like datasources and Jakarta Messaging destinations are
-not considered to be application resources by default, but this is
-configurable.
-
-
-
-
-
Three roles are granted permissions for security sensitive items:
-
-
-
-
-
SuperUser – has all permissions. Equivalent to a JBoss AS 7
-administrator.
-
-
-
Administrator – has all permissions except cannot read or write
-resources related to the administrative audit logging system.
-
-
-
Auditor – can read anything. Can only modify the resources related to
-the administrative audit logging system.
-
-
-
-
-
The Auditor and Administrator roles are meant for organizations that
-want a separation of responsibilities between those who audit normal
-administrative actions and those who perform them, with those who
-perform most actions (Administrator role) not being able to read or
-alter the auditing configuration.
As mentioned above, permissions are granted to perform one of three
-actions, addressing a resource, reading it, and modifying. The latter
-two actions are fairly self-explanatory. But what is meant by
-"addressing" a resource?
-
-
-
"Addressing" a resource refers to taking an action that allows the user
-to determine whether a resource at a given address actually exists. For
-example, the "read-children-names" operation lets a user determine valid
-addresses. Trying to read a resource and getting a "Permission denied"
-error also gives the user a clue that there actually is a resource at
-the requested address.
-
-
-
Some resources may include sensitive information as part of their
-address. For example, security realm resources include the realm name as
-the last element in the address. That realm name is potentially security
-sensitive; for example it is part of the data used when creating a hash
-of a user password. Because some addresses may contain security
-sensitive data, a user needs permission to even "address" a resource. If
-a user attempts to address a resource and does not have permission, they
-will not receive a "permission denied" type error. Rather, the system
-will respond as if the resource does not even exist, e.g. excluding the
-resource from the result of the "read-children-names" operation or
-responding with a "No such resource" error instead of "Permission
-denied" if the user is attempting to read or write the resource.
-
-
-
Another term for "addressing" a resource is "looking up" the resource.
Use the CLI to switch the access-control provider.
-
-
-
-
-
-
-
-
-Before changing the provider to "rbac", be sure your configuration has a
-user who will be mapped to one of the RBAC roles, preferably with at
-least one in the Administrator or SuperUser role. Otherwise your
-installation will not be manageable except by shutting it down and
-editing the xml configuration. If you have started with one of the
-standard xml configurations shipped with WildFly, the "$local" user will
-be mapped to the "SuperUser" role and the "local" authentication scheme will be
-enabled. This will allow a user running the CLI on the same system as the
-WildFly process to have full administrative permissions. Remote CLI users and
-web-based admin console users will have no permissions.
-
-
-
-
-
-
We recommend mapping at least one
-user besides "$local" before switching the provider to "rbac". You can
-do all of the configuration associated with the "rbac" provider even
-when the provider is set to "simple"
-
-
-
The management resources related to access control are located in the
-core-service=management/access=authorization portion of the management
-resource tree. Update the provider attribute to change between the
-"simple" and "rbac" providers. Any update requires a reload or restart
-to take effect.
In a managed domain, the access control configuration is part of the
-domain wide configuration, so the resource address is the same as above,
-but the CLI is connected to the Domain Controller:
As with a standalone server, a reload or restart is required for the
-change to take effect. In this case, all hosts and servers in the domain
-will need to be reloaded or restarted, starting with the Domain
-Controller, so be sure to plan well before making this change.
Once the "rbac" access control provider is enabled, only users who are
-mapped to one of the available roles will have any administrative
-permissions at all. So, to make RBAC useful, a mapping between
-individual users or groups of users and the available roles must be
-performed.
Now if user jsmith authenticates to any security domain associated with
-the management interface they are using, he will be mapped to the
-Administrator role.
A "group" is an arbitrary collection of users that may exist in the end
-user environment. They can be named whatever the end user organization
-wants and can contain whatever users the end user organization wants.
-Some of the authentication store types supported by WildFly security
-realms include the ability to access information about what groups a
-user is a member of and associate this information with the Subject
-produced when the user is authenticated. This is currently supported for
-the following authentication store types:
-
-
-
-
-
properties file (via the <realm_name>-groups.properties file)
The easiest way to map groups to roles is to use the web-based admin
-console.
-
-
-
Navigate to the "Administration" tab and the "Groups" subtab. From there
-group mappings can be added, removed, or edited.
-
-
-
-
-
-
The CLI can also be used to map groups to roles. The only difference to
-individual user mapping is the value of the type attribute should be
-GROUP instead of USER.
It’s possible to specify that all authenticated users should be mapped
-to a particular role. This could be used, for example, to ensure that
-anyone who can authenticate can at least have Monitor privileges.
-
-
-
-
-
-
-
-
-A user who can authenticate to the management security realm but who
-does not map to a role will not be able to perform any administrative
-functions, not even reads.
-
-
-
-
-
-
In the web based admin console, navigate to the "Administration" tab,
-"Roles" subtab, highlight the relevant role, click the "Edit" button and
-click on the "Include All" checkbox:
It is also possible to explicitly exclude certain users and groups from
-a role. Exclusions take precedence over inclusions, including cases
-where the include-all attribute is set to true for a role.
-
-
-
In the admin console, excludes are done in the same screens as includes.
-In the add dialog, simply change the "Type" pulldown to "Exclude".
-
-
-
-
-
-
In the CLI, excludes are identical to includes, except the resource
-address has exclude instead of include as the key for the last
-address element:
It is possible that a given user will be mapped to more than one role.
-When this occurs, by default the user will be granted the union of the
-permissions of the two roles. This behavior can be changed on a global
-basis to instead respond to the user request with an error if this
-situation is detected:
-
-
-
-
[standalone@localhost:9990 /] cd core-service=management/access=authorization
-[standalone@localhost:9990 access=authorization] :write-attribute(name=permission-combination-policy,value=rejecting)
-{"outcome" => "success"}
-
-
-
-
Note that no reload is required; the change takes immediate effect.
-
-
-
To restore the default behavior, set the value to "permissive":
-
-
-
-
[standalone@localhost:9990 /] cd core-service=management/access=authorization
-[standalone@localhost:9990 access=authorization] :write-attribute(name=permission-combination-policy,value=permissive)
-{"outcome" => "success"}
A managed domain may involve a variety of servers running different
-configurations and hosting different applications. In such an
-environment, it is likely that there will be different teams of
-administrators responsible for different parts of the domain. To allow
-organizations to grant permissions to only parts of a domain, WildFly’s
-RBAC scheme allows for the creation of custom "scoped roles". Scoped
-roles are based on the seven standard roles, but with permissions
-limited to a portion of the domain – either to a set of server groups or
-to a set of hosts.
The privileges for a server-group scoped role are constrained to
-resources associated with one or more server groups. Server groups are
-often associated with a particular application or set of applications;
-organizations that have separate teams responsible for different
-applications may find server-group scoped roles useful.
-
-
-
A server-group scoped role is equivalent to the default role upon which
-it is based, but with privileges constrained to target resources in the
-resource trees rooted in the server group resources. The server-group
-scoped role can be configured to include privileges for the following
-resources trees logically related to the server group:
-
-
-
-
-
Profile
-
-
-
Socket Binding Group
-
-
-
Deployment
-
-
-
Deployment override
-
-
-
Server group
-
-
-
Server config
-
-
-
Server
-
-
-
-
-
Resources in the profile, socket binding group, server config and server
-portions of the tree that are not logically related to a server group
-associated with the server-group scoped role will not be addressable by
-a user in that role. So, in a domain with server groups "a" and "b", a
-user in a server-group scoped role that grants access to "a" will not be
-able to address /server-group=b. The system will treat that resource as
-non-existent for that user.
-
-
-
In addition to these privileges, users in a server-group scoped role
-will have non-sensitive read privileges (equivalent to the Monitor role)
-for resources other than those listed above.
-
-
-
The easiest way to create a server-group scoped role is to
-use the admin console.
-But you can also use the CLI to create a server-group scoped role.
The privileges for a host-scoped role are constrained to resources
-associated with one or more hosts. A user with a host-scoped role cannot
-modify the domain wide configuration. Organizations may use host-scoped
-roles to give administrators relatively broad administrative rights for
-a host without granting such rights across the managed domain.
-
-
-
A host-scoped role is equivalent to the default role upon which it is
-based, but with privileges constrained to target resources in the
-resource trees rooted in the host resources for one or more specified
-hosts.
-
-
-
In addition to these privileges, users in a host-scoped role will have
-non-sensitive read privileges (equivalent to the Monitor role) for
-domain wide resources (i.e. those not in the /host=* section of the
-tree.)
-
-
-
Resources in the /host=* portion of the tree that are unrelated to the
-hosts specified for the Host Scoped Role will not be visible to users in
-that host-scoped role. So, in a domain with hosts "a" and "b", a user in
-a host-scoped role that grants access to "a" will not be able to address
-/host=b. The system will treat that resource as non-existent for that
-user.
-
-
-
The easiest way to create a host-scoped role is to
-use the admin console.
-But you can also use the CLI to create a host scoped role.
Both server-group and host scoped roles can be added, removed or edited
-via the admin console. Select "Scoped Roles" from the "Administration"
-tab, "Roles" subtab:
-
-
-
-
-
-
When adding a new scoped role, use the dialogue’s "Type" pull down to
-choose between a host scoped role and a server-group scoped role. Then
-place the names of the relevant hosts or server groups in the "Scope"
-text are.
"Sensitivity" constraints are about restricting access to
-security-sensitive data. Different organizations may have different
-opinions about what is security sensitive, so WildFly provides
-configuration options to allow users to tailor these constraints.
The developers of the WildFly core and of any subsystem may annotate
-resources, attributes or operations with a "sensitivity classification".
-Classifications are either provided by the core and may be applicable
-anywhere in the management model, or they are scoped to a particular
-subsystem. For each classification, there will be a setting declaring
-whether by default the addressing, read and write actions are considered
-to be sensitive. If an action is sensitive, only users in the roles able
-to deal with sensitive data (Administrator, Auditor, SuperUser) will
-have permissions.
-
-
-
Using the CLI, administrators can see the settings for a classification.
-For example, there is a core classification called "socket-config" that
-is applied to elements throughout the model that relate to configuring
-sockets:
-
-
-
-
[domain@localhost:9990 /] cd core-service=management/access=authorization/constraint=sensitivity-classification/type=core/classification=socket-config
-[domain@localhost:9990 classification=socket-config] ls -l
-ATTRIBUTE VALUE TYPE
-configured-requires-addressable undefined BOOLEAN
-configured-requires-read undefined BOOLEAN
-configured-requires-write undefined BOOLEAN
-default-requires-addressable false BOOLEAN
-default-requires-read false BOOLEAN
-default-requires-write true BOOLEAN
-
-CHILD MIN-OCCURS MAX-OCCURS
-applies-to n/a n/a
-
-
-
-
The various default-requires-… attributes indicate whether a user
-must be in a role that allows security sensitive actions in order to
-perform the action. In the socket-config example above,
-default-requires-write is true, while the others are false. So, by
-default modifying a setting involving socket configuration is considered
-sensitive, while addressing those resources or doing reads is not
-sensitive.
-
-
-
The default-requires-… attributes are read-only. The
-configured-requires-… attributes however can be modified to override
-the default settings with ones appropriate for your organization. For
-example, if your organization doesn’t regard modifying socket
-configuration settings to be security sensitive, you can change that
-setting:
Administrators can also read the management model to see to which
-resources, attributes and operations a particular sensitivity
-classification applies:
There will be a separate child for each address to which the
-classification applies. The entire-resource attribute will be true if
-the classification applies to the entire resource. Otherwise, the
-attributes and operations attributes will include the names of
-attributes or operations to which the classification applies.
By default any attribute or operation parameter whose value includes a
-security vault expression will be treated as sensitive, even if no
-sensitivity classification applies or the classification does not treat
-the action as sensitive.
-
-
-
This setting can be globally changed via the CLI. There is a resource
-for this configuration:
-
-
-
-
[domain@localhost:9990 /] cd core-service=management/access=authorization/constraint=vault-expression
-[domain@localhost:9990 constraint=vault-expression] ls -l
-ATTRIBUTE VALUE TYPE
-configured-requires-read undefined BOOLEAN
-configured-requires-write undefined BOOLEAN
-default-requires-read true BOOLEAN
-default-requires-write true BOOLEAN
-
-
-
-
The various default-requires-… attributes indicate whether a user
-must be in a role that allows security sensitive actions in order to
-perform the action. So, by default both reading and writing attributes
-whose values include vault expressions requires a user to be in one of
-the roles with sensitive data permissions.
-
-
-
The default-requires-… attributes are read-only. The
-configured-requires-… attributes however can be modified to override
-the default settings with settings appropriate for your organization.
-For example, if your organization doesn’t regard reading vault
-expressions to be security sensitive, you can change that setting:
-This vault-expression constraint overlaps somewhat with the
-core
-"credential" sensitivity classification in that the most typical uses
-of a vault expression are in attributes that contain a user name or
-password, and those will typically be annotated with the "credential"
-sensitivity classification. So, if you change the settings for the
-"credential" sensitivity classification you may also need to make a
-corresponding change to the vault-expression constraint settings, or
-your change will not have full effect.
-
-
-
-
-
-
Be aware though, that vault expressions can be used in any attribute
-that supports expressions, not just in credential-type attributes. So it
-is important to be familiar with where and how your organization uses
-vault expressions before changing these settings.
The standard Deployer role
-has its write permissions limited to resources that are considered to be
-"application resources"; i.e. conceptually part of an application and
-not part of the general server configuration. By default, only
-deployment resources are considered to be application resources.
-However, different organizations may have different opinions on what
-qualifies as an application resource, so for resource types that
-subsystems authors consider potentially to be application resources,
-WildFly provides a configuration option to declare them as such. Such
-resources will be annotated with an "application classification".
-
-
-
For example, the mail subsystem provides such a classification:
-
-
-
-
[domain@localhost:9990 /] cd /core-service=management/access=authorization/constraint=application-classification/type=mail/classification=mail-session
-[domain@localhost:9990 classification=mail-session] ls -l
-ATTRIBUTE VALUE TYPE
-configured-application undefined BOOLEAN
-default-application false BOOLEAN
-
-CHILD MIN-OCCURS MAX-OCCURS
-applies-to n/a n/a
-
-
-
-
Use read-resource or read-children-resources to see what resources
-have this classification applied:
The RBAC scheme will result in reduced permissions for administrators
-who do not map to the SuperUser role, so this will of course have some
-impact on their experience when using administrative tools like the
-admin console and the CLI.
The admin console takes great pains to provide a good user experience
-even when the user has reduced permissions. Resources the user is not
-permitted to see will simply not be shown, or if appropriate will be
-replaced in the UI with an indication that the user is not authorized.
-Interaction units like "Add" and "Remove" buttons and "Edit" links will
-be suppressed if the user has no write permissions.
The CLI is a much more unconstrained tool than the admin console is,
-allowing users to try to execute whatever operations they wish, so it’s
-more likely that users who attempt to do things for which they lack
-necessary permissions will receive failure messages. For example, a user
-in the Monitor role cannot read passwords:
This prevents unauthorized users fishing for sensitive data in resource
-addresses by checking for "Permission denied" type failures.
-
-
-
Users who use the read-resource operation may ask for data, some of
-which they are allowed to see and some of which they are not. If this
-happens, the request will not fail, but inaccessible data will be elided
-and a response header will be included advising on what was not
-included. Here we show the effect of a Monitor trying to recursively
-read the elytron subsystem configuration:
The response-headers section includes access control data in a list
-with one element per relevant resource. (In this case there’s just one.)
-The absolute and relative address of the resource is shown, along with
-the fact that the value of the deep-copy-subject-mode attribute has
-been filtered (i.e. undefined is shown as the value, which may not be
-the real value) as well as the fact that child resources of type
-security-domain have been filtered.
The management model descriptive metadata returned from operations like
-read-resource-description and read-operation-description can be
-configured to include information describing the access control
-constraints relevant to the resource, This is done by using the
-access-control parameter. The output will be tailored to the caller’s
-permissions. For example, a user who maps to the Monitor role could ask
-for information about a resource in the mail subsystem:
Because trim-descriptions was used as the value for the
-access-control parameter, the typical "description", "attributes",
-"operations" and "children" data is largely suppressed. (For more on
-this, see below.) The
-access-constraints field indicates that this resource is annotated
-with an application constraint. The access-control field includes information about the
-permissions the current caller has for this resource. The default
-section shows the default settings for resources of this type. The
-read and write fields directly under default show that the caller
-can, in general, read this resource but cannot write it. The
-attributes section shows the individual attribute settings. Note that
-Monitor cannot read the username and password attributes.
-
-
-
There are three valid values for the access-control parameter to
-read-resource-description and read-operation-description:
-
-
-
-
-
none – do not include access control information in the response.
-This is the default behavior if no parameter is included.
-
-
-
trim-descriptions – remove the normal description details, as shown
-in the example above
-
-
-
combined-descriptions – include both the normal output and the
-access control data
Users can learn in which roles they are operating. In the admin console,
-click on your name in the top right corner; the roles you are in will be
-shown.
-
-
-
-
-
-
CLI users should use the whoami operation with the verbose attribute
-set:
If a user maps to the SuperUser role, WildFly also supports letting that
-user request that they instead map to one or more other roles. This can
-be useful when doing demos, or when the SuperUser is changing the RBAC
-configuration and wants to see what effect the changes have from the
-perspective of a user in another role. This capability is only available
-to the SuperUser role, so it can only be used to narrow a user’s
-permissions, not to potentially increase them.
With the CLI, run-as capability is on a per-request basis. It is done by
-using the "roles" operation header, the value of which can be the name
-of a single role or a bracket-enclosed, comma-delimited list of role
-names.
This "run-as" capability is available even if the "simple" access
-control provider is used. When the "simple" provider is used, any
-authenticated administrator is treated the same as if they would map to
-SuperUser when the "rbac" provider is used.
-However, the "simple" provider actually understands all of the "rbac"
-provider configuration settings described above, but only makes use of
-them if the "run-as" capability is used for a request. Otherwise, the
-SuperUser role has all permissions, so detailed configuration is
-irrelevant.
-
-
-
Using the run-as capability with the "simple" provider may be useful if
-an administrator is setting up an rbac provider configuration before
-switching the provider to rbac to make that configuration take effect.
-The administrator can then run-as different roles to see the effect of
-the planned settings.
In a managed domain, deployments are associated with a server-group
-(see Core management concepts).
-Any server within the server group will then be provided with that
-deployment.
-
-
-
The domain and host controller components manage the distribution of
-binaries across network boundaries.
Distributing deployment binaries involves two steps: uploading the
-deployment to the repository the domain controller will use to
-distribute its contents, and then assigning the deployment to one or
-more server groups.
-
-
-
You can do this in one sweep with the CLI:
-
-
-
-
[domain@localhost:9990 /] deploy ~/Desktop/test-application.war
-Either --all-server-groups or --server-groups must be specified.
-
-[domain@localhost:9990 /] deploy ~/Desktop/test-application.war --all-server-groups
-'test-application.war' deployed successfully.
-
-
-
-
The deployment will be available to the domain controller, assigned to a
-server group, and deployed on all running servers in that group:
If you only want the deployment deployed on servers in some server
-groups, but not all, use the --server-groups parameter instead of
--all-server-groups:
Managed and unmanaged deployments can be 'exploded', i.e. on the
-filesystem in the form of a directory structure whose structure
-corresponds to an unzipped version of the archive. An exploded
-deployment can be convenient to administer if your administrative
-processes involve inserting or replacing files from a base version in
-order to create a version tailored for a particular use (for example,
-copy in a base deployment and then copy in a jboss-web.xml file to
-tailor a deployment for use in WildFly.) Exploded deployments are also
-nice in some development scenarios, as you can replace static content
-(e.g. .html, .css) files in the deployment and have the new content
-visible immediately without requiring a redeploy.
-
-
-
Since unmanaged deployment content is directly in your charge, the
-following operations only make sense for a managed deployment.
This will create an empty exploded deployment to which you’ll be able to
-add content. The empty content parameter is required to check that you
-really intend to create an empty deployment and not just forget to
-define the content.
This will 'explode' an existing archive deployment to its exploded
-format. This operation is not recursive so you need to explode the
-sub-deployment if you want to be able to manipulate the sub-deployment
-content. You can do this by specifying the sub-deployment archive path
-as a parameter to the explode operation.
Now you can add or remove content to your exploded deployment. Note that
-per-default this will overwrite existing contents, you can specify the
-overwrite parameter to make the operation fail if the content already
-exists.
Each content specifies a source content and the target path to which it
-will be copied relative to the deployment root. With WildFly 11 you can
-use input-stream-index (which was a convenient way to pass a stream of
-content) from the CLI by pointing it to a local file.
[domain@localhost:9990 /] attachment save --operation=/deployment=kitchensink.ear:read-content(path=META-INF/MANIFEST.MF) --file=example
-File saved to /home/mjurc/wildfly/build/target/wildfly-11.0.0.Alpha1-SNAPSHOT/example
When you deploy content, the domain controller adds two types of entries
-to the domain.xml configuration file, one showing global information
-about the deployment, and another for each relevant server group showing
-how it is used by that server group:
Deployments on a standalone server work in a similar way to those on
-managed domains. The main difference is that there are no server group
-associations.
Deployment content (for example, war, ear, jar, and sar files) can be
-placed in the standalone/deployments directory of the WildFly
-distribution, in order to be automatically deployed into the server
-runtime. For this to work the deployment-scanner subsystem must be
-present. The scanner periodically checks the contents of the deployments
-directory and reacts to changes by updating the server.
-
-
-
-
-
-
-
-
-Users are encouraged to use the WildFly management APIs to upload and
-deploy deployment content instead of relying on the deployment scanner
-that periodically scans the directory, particularly if running
-production systems.
-
The WildFly filesystem deployment scanner operates in one of two
-different modes, depending on whether it will directly monitor the
-deployment content in order to decide to deploy or redeploy it.
-
-
-
Auto-deploy mode:
-
-
-
The scanner will directly monitor the deployment content, automatically
-deploying new content and redeploying content whose timestamp has
-changed. This is similiar to the behavior of previous AS releases,
-although there are differences:
-
-
-
-
-
A change in any file in an exploded deployment triggers redeploy.
-Because EE 6+ applications do not require deployment descriptors,
-there is no attempt to monitor deployment descriptors and only redeploy
-when a deployment descriptor changes.
-
-
-
The scanner will place marker files in this directory as an indication
-of the status of its attempts to deploy or undeploy content. These are
-detailed below.
-
-
-
-
-
Manual deploy mode:
-
-
-
The scanner will not attempt to directly monitor the deployment content
-and decide if or when the end user wishes the content to be deployed.
-Instead, the scanner relies on a system of marker files, with the user’s
-addition or removal of a marker file serving as a sort of command
-telling the scanner to deploy, undeploy or redeploy content.
-
-
-
Auto-deploy mode and manual deploy mode can be independently configured
-for zipped deployment content and exploded deployment content. This is
-done via the "auto-deploy" attribute on the deployment-scanner element
-in the standalone.xml configuration file:
By default, auto-deploy of zipped content is enabled, and auto-deploy of
-exploded content is disabled. Manual deploy mode is strongly recommended
-for exploded content, as exploded content is inherently vulnerable to
-the scanner trying to auto-deploy partially copied content.
The marker files always have the same name as the deployment content to
-which they relate, but with an additional file suffix appended. For
-example, the marker file to indicate the example.war file should be
-deployed is named example.war.dodeploy. Different marker file suffixes
-have different meanings.
-
-
-
The relevant marker file types are:
-
-
-
-
-
-
-
-
-
File
-
Purpose
-
-
-
-
-
.dodeploy
-
Placed by the user to indicate that the given content
-should be deployed into the runtime (or redeployed if already deployed in
-the runtime.)
-
-
-
.skipdeploy
-
Disables auto-deploy of the content for as long as the
-file is present. Most useful for allowing updates to exploded content
-without having the scanner initiate redeploy in the middle of the update.
-Can be used with zipped content as well, although the scanner will detect
-in-progress changes to zipped content and wait until changes are
-complete.
-
-
-
.isdeploying
-
Placed by the deployment scanner service to indicate that
-it has noticed a .dodeploy file or new or updated auto-deploymode content
-and is in the process of deploying the content.This marker file will be
-deleted when the deployment process completes.
-
-
-
.deployed
-
Placed by the deployment scanner service to indicate that
-the given content has been deployed into the runtime. If an end user
-deletes this file, the content will be undeployed.
-
-
-
.failed
-
Placed by the deployment scanner service to indicate that
-the given content failed to deploy into the runtime. The contentof the
-file will include some information about the cause ofthe failure. Note
-that with auto-deploy mode, removing this file will make the deployment
-eligible for deployment again.
-
-
-
.isundeploying
-
Placed by the deployment scanner service to indicate
-that it has noticed a .deployed file has been deleted and the content is
-being undeployed. This marker file will be deleted when the undeployment
-process completes.
-
-
-
.undeployed
-
Placed by the deployment scanner service to indicate that
-the given content has been undeployed from the runtime. If an end user
-deletes this file, it has no impact.
-
-
-
.pending
-
Placed by the deployment scanner service to indicate that
-it has noticed the need to deploy content but has not yet instructed the
-server to deploy it. This file is created if the scanner detects that
-some auto-deploy content is still in the process of being copied or if
-there is some problem that prevents auto-deployment. The scanner will not
-instruct the server to deploy or undeploy any content (not just
-the directly affected content) as long as this condition holds.
WildFly supports two mechanisms for dealing with deployment content –
-managed and unmanaged deployments.
-
-
-
With a managed deployment the server takes the deployment content and
-copies it into an internal content repository and thereafter uses that
-copy of the content, not the original user-provided content. The server
-is thereafter responsible for the content it uses.
-
-
-
With an unmanaged deployment the user provides the local filesystem path
-of deployment content, and the server directly uses that content.
-However, the user is responsible for ensuring that content, e.g. for
-making sure that no changes are made to it that will negatively impact
-the functioning of the deployed application.
-
-
-
To help you differentiate managed from unmanaged deployments the
-deployment model has a runtime boolean attribute 'managed'.
-
-
-
Managed deployments have a number of benefits over unmanaged:
-
-
-
-
-
They can be manipulated by remote management clients, not requiring
-access to the server filesystem.
-
-
-
In a managed domain, WildFly/EAP will take responsibility for
-replicating a copy of the deployment to all hosts/servers in the domain
-where it is needed. With an unmanaged deployment, it is the user’s
-responsibility to have the deployment available on the local filesystem
-on all relevant hosts, at a consistent path.
-
-
-
The deployment content actually used is stored on the filesystem in
-the internal content repository, which should help shelter it from
-unintended changes.
-
-
-
-
-
All of the previous examples above illustrate using managed deployments,
-except for any discussion of deployment scanner handling of exploded
-deployments. In WildFly 10 and earlier exploded deployments are always
-unmanaged, this is no longer the case since WildFly 11.
For a managed deployment, the actual file the server uses when creating
-runtime services is not the file provided to the CLI deploy command or
-to the web console. It is a copy of that file stored in an internal
-content repository. The repository is located in the
-domain/data/content directory for a managed domain, or in
-standalone/data/content for a standalone server. Actual binaries are
-stored in a subdirectory:
-
-
-
-
ls domain/data/content/
- |---/47
- |-----95cc29338b5049e238941231b36b3946952991
- |---/dd
- |-----a9881fa7811b22f1424b4c5acccb13c71202bd
-
-
-
-
-
-
-
-
-
-The location of the content repository and its internal structure is
-subject to change at any time and should not be relied upon by end
-users.
-
-
-
-
-
-
The description of a managed deployment in the domain or standalone
-configuration file includes an attribute recording the SHA1 hash of the
-deployment content:
The WildFly process calculates and records that hash when the user
-invokes a management operation (e.g. CLI deploy command or using the
-console) providing deployment content. The user is not expected to
-calculate the hash.
-
-
-
The sha1 attribute in the content element tells the WildFly process
-where to find the deployment content in its internal content repository.
-
-
-
In a domain each host will have a copy of the content needed by its
-servers in its own local content repository. The WildFly domain
-controller and secondary Host Controller processes take responsibility for
-ensuring each host has the needed content.
An unmanaged deployment is one where the server directly deploys the
-content at a path you specify instead of making an internal copy and
-then deploying the copy.
-
-
-
Initially deploying an unmanaged deployment is much like deploying a
-managed one, except you tell WildFly that you do not want the deployment
-to be managed:
When you do this, instead of the server making a copy of the content at
-/Desktop/test-application.war, calculating the hash of the content,
-storing the hash in the configuration file and then installing the copy
-into the runtime, instead it will convert
-/Desktop/test-application.war to an absolute path, store the path in
-the configuration file, and then install the original content in the
-runtime.
-
-
-
You can also use unmanaged deployments in a domain:
However, before you run this command you must ensure that a copy of the
-content is present on all machines that have servers in the target
-server groups, all at the same filesystem path. The domain will not copy
-the file for you.
Doing a replacement of the deployment with a new version is a bit
-different, the server is using the file you want to replace. You should
-undeploy the deployment, replace the content, and then deploy again. Or
-you can stop the server, replace the deployment and deploy again.
Deployment overlays are our way of 'overlaying' content into an existing
-deployment, without physically modifying the contents of the deployment
-archive. Possible use cases include swapping out deployment descriptors,
-modifying static web resources to change the branding of an application,
-or even replacing jar libraries with different versions.
-
-
-
Deployment overlays have a different lifecycle to a deployment. In order
-to use a deployment overlay, you first create the overlay, using the CLI
-or the management API. You then add files to the overlay, specifying the
-deployment paths you want them to overlay. Once you have created the
-overlay you then have to link it to a deployment name (which is done
-slightly differently depending on if you are in standalone or domain
-mode). Once you have created the link any deployment that matches the
-specified deployment name will have the overlay applied.
-
-
-
When you modify or create an overlay it will not affect existing
-deployments, they must be redeployed in order to take effect
To create a deployment overlay the CLI provides a high level command to
-do all the steps specified above in one go. An example command is given
-below for both standalone and domain mode:
The following chapters will focus on the high level management use cases
-that are available through the CLI and the web interface. For a detailed
-description of each subsystem configuration property, please consult the
-respective component reference.
-
-
-
Schema Location
-
-
-
-
-
-
-
-
-The configuration schemas can found in $JBOSS_HOME/docs/schema.
-
The EE subsystem provides common functionality in the Jakarta EE platform,
-such as the EE Concurrency Utilities (JSR 236) and @Resource
-injection. The subsystem is also responsible for managing the lifecycle
-of Jakarta EE application’s deployments, that is, .ear files and configuration of global directories to share common libraries across all deployed applications.
-
-
-
The EE subsystem configuration may be used to:
-
-
-
-
-
customise the deployment of Jakarta EE applications
-
-
-
create EE Concurrency Utilities instances
-
-
-
define the default bindings
-
-
-
-
-
The subsystem name is ee and this document covers EE subsystem version
-5.0, which XML namespace within WildFly XML configurations is
-urn:jboss:domain:ee:5.0. The path for the subsystem’s XML schema,
-within WildFly’s distribution, is docs/schema/jboss-as-ee_5_0.xsd.
-
-
-
Subsystem XML configuration example with all elements and attributes
-specified:
Global modules is a set of JBoss Modules that will be added as
-dependencies to the JBoss Modules module of every Jakarta EE deployment. Such
-dependencies allows Jakarta EE deployments to see the classes exported by
-the global modules.
-
-
-
Each global module is defined through the module resource, an example
-of its XML configuration:
The only mandatory attribute is the JBoss Modules module name, the slot
-attribute defaults to main, and both define the JBoss Modules module ID to
-reference.
-
-
-
The optional annotations attribute, which defaults to false,
-indicates if a pre-computed annotation index should be imported from
-META-INF/jandex.idx
-
-
-
The optional services attribute indicates if any services exposed in
-META-INF/services should be made available to the deployments class
-loader, and defaults to false.
-
-
-
The optional meta-inf attribute, which defaults to true, indicates
-if the Module’s META-INF path should be available to the deployment’s
-class loader.
Global modules can be used to share common libraries across all deployed applications, but it could be impractical if the name of a shared library changes very often or if there are many libraries you want to share. Both cases will require changes in the underlying module.xml that represents this global module.
-
-
-
The EE subsystem allows the configuration of a global directory, which represents a directory tree scanned automatically to include .jar files and resources as a single additional dependency. This module dependency is added as a system dependency on each deployed application. Basically, with a global directory, you will be relying on WildFly to automate the maintenance and configuration of a JBoss Modules module that represents the jar files and resources of a specific directory.
-
-
-
You can configure a global directory using the following operation:
The following attributes are available on the global-directory resource:
-
-
-
-
-
path: The path of the directory to scan. (Mandatory)
-
-
-
relative-to: The name of another previously named path, or of one of the standard paths provided by the system. (Optional)
-
-
-
-
-
When a global-directory is created, the server establishes a JBoss Modules module with one Path Resource Loader created using 'path' and 'relative-to' attributes and one Jar Resource loader for each jar file included in this directory and its subdirectories.
-
-
-
The 'Path Resource Loader' will make available any file as a resource to the application. The 'Jar Resource loader' will make available any class inside of the jar file to the applications.
-
-
-
For example, suppose you have configured one global directory pointing to the following directory tree:
The name of the generated module follows the pattern deployment.external.global-directory.{global-directory-name} and as such, it can be excluded selectively using your deployment-structure.xml.
-
-
-
All resources will be available from the application class loader. For example, you could access the above property files using the context ClassLoader of your current thread:
All classes inside of each jar file will also be available, and the order of how the resource-root are created internally will govern the order of the class loading. The jar resources of the generated module will be created iterating over all jar files found in the directory tree. Each directory is scanned alphabetically starting from the root, and on each level, each subdirectory is also explored alphabetically until visiting all the branch. Files found on each level are also added in alphabetical order.
-
-
-
Notice you should know which classes are exposed on each .jar file and avoid conflicts including the same class twice with incompatible binary change. In those cases, classloading errors are likely to occur. Specifically, you should not add classes that interfere with the classes the server already makes available for your application; the goal of a global directory is not to override and replace existing library versions shipped with the server. It is a facility that will allow moving common frameworks you usually add to your application libs to a common place to facilitate maintenance.
-
-
-
The module created from the shared directory is loaded as soon as the first application is deployed in the server after creating the global-directory. That means, if the server is started/restarted and there are no applications deployed, then the global directory is neither scanned nor the module loaded. Any change in any of the contents of the global-directory will require a server reload to make them available to the deployed applications.
-
-
-
In case of domain mode or distributed environments, it is the user responsibility to make the content of the configured global directory consistent across all the server instances, as well as distribute the jar files that they contain.
A flag indicating whether each of the subdeployments within a .ear can
-access classes belonging to another subdeployment within the same
-.ear. The default value is false, which allows the subdeployments to
-see classes belonging to other subdeployments within the .ear.
If the ear-subdeployments-isolated is set to false, then the classes
-in web.war can access classes belonging to ejb1.jar and ejb2.jar.
-Similarly, classes from ejb1.jar can access classes from ejb2.jar
-(and vice-versa).
-
-
-
-
-
-
-
-
-This flag has no effect on the isolated classloader of the .war
-file(s), i.e. irrespective of whether this flag is set to true or
-false, the .war within a .ear will have a isolated classloader,
-and other subdeployments within that .ear will not be able to access
-classes from that .war. This is as per spec.
-
The EE subsystem configuration includes flags to configure whether
-system property replacement will be done on XML descriptors and Java
-Annotations included in Jakarta EE deployments.
-
-
-
-
-
-
-
-
-System properties etc are resolved in the security context of the
-application server itself, not the deployment that contains the file.
-This means that if you are running with a security manager and enable
-this property, a deployment can potentially access system properties or
-environment entries that the security manager would have otherwise
-prevented.
-
Flag indicating whether system property replacement will be performed on
-standard Jakarta EE XML descriptors. If not configured this defaults to
-true, however it is set to false in the standard configuration files
-shipped with WildFly.
Flag indicating whether system property replacement will be performed on
-WildFly proprietary XML descriptors, such as jboss-app.xml. This
-defaults to true.
EE Concurrency Utilities (JSR 236) were introduced to
-ease the task of writing multithreaded applications. Instances
-of these utilities are managed by WildFly, and the related configuration.
The Context Service is a concurrency utility which creates contextual
-proxies from existent objects. WildFly Context Services are also used to
-propagate the context from a Jakarta EE application invocation thread, to
-the threads internally used by the other EE Concurrency Utilities.
-Context Service instances may be created using the subsystem XML
-configuration:
The name attribute is mandatory, and it’s value should be a unique
-name within all Context Services.
-
-
-
The jndi-name attribute is also mandatory, and defines where in the
-JNDI the Context Service should be placed.
-
-
-
The optional use-trasaction-setup-provider attribute indicates if the
-contextual proxies built by the Context Service should suspend
-transactions in context, when invoking the proxy objects, and its value
-defaults to true.
-
-
-
Management clients, such as the WildFly CLI, may also be used to
-configure Context Service instances. An example to add and remove
-one named other:
The Managed Thread Factory allows Jakarta EE applications to create new
-threads. WildFly Managed Thread Factory instances may also, optionally,
-use a Context Service instance to propagate the Jakarta EE application
-thread’s context to the new threads. Instance creation is done through
-the EE subsystem, by editing the subsystem XML configuration:
The name attribute is mandatory, and it’s value should be a unique
-name within all Managed Thread Factories.
-
-
-
The jndi-name attribute is also mandatory, and defines where in the
-JNDI the Managed Thread Factory should be placed.
-
-
-
The optional context-service references an existent Context Service by
-its name. If specified then thread created by the factory will
-propagate the invocation context, present when creating the thread.
-
-
-
The optional priority indicates the priority for new threads created
-by the factory, and defaults to 5.
-
-
-
Management clients, such as the WildFly CLI, may also be used to
-configure Managed Thread Factory instances. An example to add and
-remove one named other:
The Managed Executor Service is the Jakarta EE adaptation of Java SE
-Executor Service, providing to Jakarta EE applications the functionality of
-asynchronous task execution. WildFly is responsible to manage the
-lifecycle of Managed Executor Service instances, which are specified
-through the EE subsystem XML configuration:
The name attribute is mandatory, and it’s value should be a unique
-name within all Managed Executor Services.
-
-
-
The jndi-name attribute is also mandatory, and defines where in the
-JNDI the Managed Executor Service should be placed.
-
-
-
The optional context-service references an existent Context Service by
-its name. If specified then the referenced Context Service will
-capture the invocation context present when submitting a task to the
-executor, which will then be used when executing the task.
-
-
-
The optional thread-factory references an existent Managed Thread
-Factory by its name, to handle the creation of internal threads. If
-not specified then a Managed Thread Factory with default configuration
-will be created and used internally.
-
-
-
The mandatory core-threads provides the number of threads to keep in
-the executor’s pool, even if they are idle. If this is not defined or
-is set to 0, the core pool size will be calculated based on the number
-of available processors.
-
-
-
The optional queue-length indicates the number of tasks that can be
-stored in the input queue. The default value is 0, which means the
-queue capacity is unlimited.
-
-
-
The executor’s task queue is based on the values of the attributes
-core-threads and queue-length:
-
-
-
-
-
If queue-length is 0, or queue-length is
-Integer.MAX_VALUE (2147483647) and core-threads is 0, direct
-handoff queuing strategy will be used and a synchronous queue will be
-created.
-
-
-
If queue-length is Integer.MAX_VALUE but core-threads is not
-0, an unbounded queue will be used.
-
-
-
For any other valid value for queue-length, a bounded queue wil be
-created.
-
-
-
-
-
The optional hung-task-threshold defines a runtime threshold value, in
-milliseconds, for tasks to be considered hung by the executor.
-A value of 0 will never consider tasks to be hung.
-
-
-
The optional hung-task-termination-period defines the period, in
-milliseconds, for attempting the termination of hung tasks, by cancelling
-their execution, and interrupting their executing threads. Please note
-that the termination of a cancelled hung task is not guaranteed.
-A value of 0, which is the default, deactivates the periodic
-cancellation of hung tasks. Management clients, such as the WildFly CLI,
-may still be used to manually attempt the termination of hung tasks:
The optional long-running-tasks is a hint to optimize the execution of
-long running tasks, and defaults to false.
-
-
-
The optional max-threads defines the the maximum number of threads
-used by the executor, which defaults to Integer.MAX_VALUE (2147483647).
-
-
-
The optional keepalive-time defines the time, in milliseconds, that an
-internal thread may be idle. The attribute default value is 60000.
-
-
-
The optional reject-policy defines the policy to use when a task is
-rejected by the executor. The attribute value may be the default
-ABORT, which means an exception should be thrown, or RETRY_ABORT,
-which means the executor will try to submit it once more, before
-throwing an exception.
-
-
-
Management clients, such as the WildFly CLI, may also be used to
-configure Managed Executor Service instances. An example to add and
-remove one named other:
The Managed Scheduled Executor Service is the Jakarta EE adaptation of Java
-SE Scheduled Executor Service, providing to Jakarta EE applications the
-functionality of scheduling task execution. WildFly is responsible to
-manage the lifecycle of Managed Scheduled Executor Service instances,
-which are specified through the EE subsystem XML configuration:
The name attribute is mandatory, and it’s value should be a unique
-name within all Managed Scheduled Executor Services.
-
-
-
The jndi-name attribute is also mandatory, and defines where in the
-JNDI the Managed Scheduled Executor Service should be placed.
-
-
-
The optional context-service references an existent Context Service by
-its name. If specified then the referenced Context Service will
-capture the invocation context present when submitting a task to the
-executor, which will then be used when executing the task.
-
-
-
The optional thread-factory references an existent Managed Thread
-Factory by its name, to handle the creation of internal threads. If
-not specified then a Managed Thread Factory with default configuration
-will be created and used internally.
-
-
-
The mandatory core-threads provides the number of threads to keep in
-the executor’s pool, even if they are idle. A value of 0 means there
-is no limit.
-
-
-
The optional hung-task-threshold defines a runtime threshold value, in
-milliseconds, for tasks to be considered hung by the executor.
-A value of 0 will never consider tasks to be hung.
-
-
-
The optional hung-task-termination-period defines the period, in
-milliseconds, for attempting the termination of hung tasks, by cancelling
-their execution, and interrupting their executing threads. Please note
-that the termination of a cancelled hung task is not guaranteed.
-A value of 0, which is the default, deactivates the periodic
-cancellation of hung tasks. Management clients, such as the WildFly CLI,
-may still be used to manually attempt the termination of hung tasks:
The optional long-running-tasks is a hint to optimize the execution of
-long running tasks, and defaults to false.
-
-
-
The optional keepalive-time defines the time, in milliseconds, that an
-internal thread may be idle. The attribute default value is 60000.
-
-
-
The optional reject-policy defines the policy to use when a task is
-rejected by the executor. The attribute value may be the default
-ABORT, which means an exception should be thrown, or RETRY_ABORT,
-which means the executor will try to submit it once more, before
-throwing an exception.
-
-
-
Management clients, such as the WildFly CLI, may also be used to
-configure Managed Scheduled Executor Service instances. An example to
-add and remove one named other:
The Jakarta EE Specification mandates the existence of a default instance
-for each of the following resources:
-
-
-
-
-
Context Service
-
-
-
Datasource
-
-
-
Jakarta Messaging Connection Factory
-
-
-
Managed Executor Service
-
-
-
Managed Scheduled Executor Service
-
-
-
Managed Thread Factory
-
-
-
-
-
The EE subsystem looks up the default instances from JNDI, using the
-names in the default bindings configuration, before placing those in the
-standard JNDI names, such as java:comp/DefaultManagedExecutorService:
Above bindings become application dependencies upon deployment. However in some cases
-they might not be required or covered by non-default resources. In such case default binding could be:
-
-
-
-
-
-
-
rewriten - to point to user configured resource( :write-attribute(name=…,value=…) )
-
-
-
undefined - if there is no need for runtime dependency( :undefine-attribute(name=…) )
-
-
-
-
-
-
-
-
-
-
-
-
-The default bindings are optional, if the jndi name for a default
-binding is not configured then the related resource will not be
-available to Jakarta EE applications.
-
-
-
-
-
-
-
-
-
-
-
-If default EE resources are not required and bindings do not point at them,
-it is safe to remove or turn off default services.
-
The Naming subsystem provides the JNDI implementation on WildFly, and
-its configuration allows to:
-
-
-
-
-
bind entries in global JNDI namespaces
-
-
-
turn off/on the remote JNDI interface
-
-
-
-
-
The subsystem name is naming and this document covers Naming subsystem
-version 2.0, which XML namespace within WildFly XML configurations is
-urn:jboss:domain:naming:2.0. The path for the subsystem’s XML schema,
-within WildFly’s distribution, is docs/schema/jboss-as-naming_2_0.xsd.
-
-
-
Subsystem XML configuration example with all elements and attributes
-specified:
The Naming subsystem configuration allows binding entries into the
-following global JNDI namespaces:
-
-
-
-
-
java:global
-
-
-
java:jboss
-
-
-
java:
-
-
-
-
-
-
-
-
-
-
-If WildFly is to be used as a Jakarta EE application server, then it’s
-recommended to opt for java:global, since it is a standard (i.e.
-portable) namespace.
-
-
-
-
-
-
Four different types of bindings are supported:
-
-
-
-
-
Simple
-
-
-
Object Factory
-
-
-
External Context
-
-
-
Lookup
-
-
-
-
-
In the subsystem’s XML configuration, global bindings are configured
-through the <bindings /> XML element, as an example:
The name attribute is mandatory and specifies the target JNDI name for
-the entry.
-
-
-
The value attribute is mandatory and defines the entry’s value.
-
-
-
The optional type attribute, which defaults to java.lang.String,
-specifies the type of the entry’s value. Besides java.lang.String,
-allowed types are all the primitive types and their corresponding object
-wrapper classes, such as int or java.lang.Integer, and java.net.URL.
-
-
-
Management clients, such as the WildFly CLI, may be used to configure
-simple bindings. An example to add and remove the one in the XML
-example above:
The Naming subsystem configuration allows the binding of
-javax.naming.spi.ObjectFactory entries, through the object-factory
-XML element, for instance:
The name attribute is mandatory and specifies the target JNDI name for
-the entry.
-
-
-
The class attribute is mandatory and defines the object factory’s Java
-type.
-
-
-
The module attribute is mandatory and specifies the JBoss Module ID
-where the object factory Java class may be loaded from.
-
-
-
The optional environment child element may be used to provide a custom
-environment to the object factory.
-
-
-
Management clients, such as the WildFly CLI, may be used to configure
-object factory bindings. An example to add and remove the one in the
-XML example above:
Federation of external JNDI contexts, such as a LDAP context, are
-achieved by adding External Context bindings to the global bindings
-configuration, through the external-context XML element. An example of
-its XML configuration:
The name attribute is mandatory and specifies the target JNDI name for
-the entry.
-
-
-
The class attribute is mandatory and indicates the Java initial naming
-context type used to create the federated context. Note that such type
-must have a constructor with a single environment map argument.
-
-
-
The optional module attribute specifies the JBoss Module ID where any
-classes required by the external JNDI context may be loaded from.
-
-
-
The optional cache attribute, which value defaults to false,
-indicates if the external context instance should be cached.
-
-
-
The optional environment child element may be used to provide the
-custom environment needed to lookup the external context.
-
-
-
Management clients, such as the WildFly CLI, may be used to configure
-external context bindings. An example to add and remove the one in
-the XML example above:
Some JNDI providers may fail when their resources are looked up if they
-do not implement properly the lookup(Name) method. Their errors would
-look like:
-
-
-
-
-
-
-
-
11:31:49,047 ERROR org.jboss.resource.adapter.jms.inflow.JmsActivation
-(default-threads -1) javax.naming.InvalidNameException: Only support
-CompoundName namesat
-com.tibco.tibjms.naming.TibjmsContext.lookup(TibjmsContext.java:504)at
-javax.naming.InitialContext.lookup(InitialContext.java:421)
-
-
-
-
-
To work around their shortcomings, the
-org.jboss.as.naming.lookup.by.string property can be specified in the
-external-context’s environment to use instead the lookup(String) method
-(with a performance degradation):
The Naming subsystem configuration allows the binding of existent
-entries into additional names, i.e. aliases. Binding aliases are
-specified through the lookup XML element. An example of its XML
-configuration:
The name attribute is mandatory and specifies the target JNDI name for
-the entry.
-
-
-
The lookup attribute is mandatory and indicates the source JNDI name.
-It can chain lookups on external contexts. For example, having an
-external context bounded to java:global/federation/ldap/example,
-searching can be done there by setting lookup attribute to
-java:global/federation/ldap/example/subfolder.
-
-
-
Management clients, such as the WildFly CLI, may be used to configure
-binding aliases. An example to add and remove the one in the XML
-example above:
The Naming subsystem configuration may be used to (de)activate the
-remote JNDI interface, which allows clients to lookup entries present in
-a remote WildFly instance.
-
-
-
-
-
-
-
-
-Only entries within the java:jboss/exported context are accessible
-over remote JNDI.
-
-
-
-
-
-
In the subsystem’s XML configuration, remote JNDI access bindings are
-configured through the <remote-naming /> XML element:
-
-
-
-
<remote-naming/>
-
-
-
-
Management clients, such as the WildFly CLI, may be used to add/remove
-the remote JNDI interface. An example to add and remove the one in
-the XML example above:
Datasources are configured through the datasource subsystem. Declaring
-a new datasource consists of two separate steps: You would need to
-provide a JDBC driver and define a datasource that references the driver
-you installed.
The recommended way to install a JDBC driver into WildFly 29 is to deploy
-it as a regular JAR deployment. The reason for this is that when you run
-WildFly in domain mode, deployments are automatically propagated to all
-servers to which the deployment applies; thus distribution of the driver
-JAR is one less thing for you to worry about!
-
-
-
Any JDBC 4-compliant driver will automatically be recognized and
-installed into the system by name and version. A JDBC JAR is identified
-using the Java service provider mechanism. Such JARs will contain a text
-a file named META-INF/services/java.sql.Driver, which contains the
-name of the class(es) of the Drivers which exist in that JAR. If your
-JDBC driver JAR is not JDBC 4-compliant, it can be made deployable in
-one of a few ways.
-
-
-
Modify the JAR
-
-
-
The most straightforward solution is to simply modify the JAR and add
-the missing file. You can do this from your command shell by:
-
-
-
-
-
Change to, or create, an empty temporary directory.
-
-
-
Create a META-INF subdirectory.
-
-
-
Create a META-INF/services subdirectory.
-
-
-
Create a META-INF/services/java.sql.Driver file which contains one
-line - the fully-qualified class name of the JDBC driver.
-
-
-
Use the jar command-line tool to update the JAR like this:
-
-
-
-
-
-
jar \-uf jdbc-driver.jar META-INF/services/java.sql.Driver
-
-
-
-
For a detailed explanation how to deploy JDBC 4 compliant driver jar,
-please refer to the chapter " Application Deployment".
The datasource subsystem is provided by the
-IronJacamar project. For a detailed
-description of the available configuration properties, please consult
-the project documentation.
The Agroal subsystem allows the definition of datasources. Declaring a new datasource consists of two separate steps: provide a JDBC driver and define a datasource that references the driver you installed.
-
-
-
The Agroal subsystem is provided by the Agroal project. For a detailed description of the available configuration properties, please consult the project documentation.
A driver definition is a reference to a class in a JDBC driver. Multiple definitions can be created on the same JDBC driver for multiple classes in it. Agroal requires an implementation of java.sql.Driver or javax.sql.DataSource for non-XA datasources, while for XA a javax.sql.XADataSource implementation is required.
-
-
-
-
-
-
-
-
-Agroal will try to load an java.sql.Driver from the specified module if the class is not defined
-
-
-
-
-
-
-
-
-
-
-
-Any installed driver provides an operation called class-info that lists all the properties available for that particular class, that can be set in the connection-factory.
-
Agroal provides both XA and non-XA datasources and most of the attributes that define them are common. This definition is mainly split in two logical units: the connection factory and the connection pool. As the name implies, the connection factory has all that is required to create new connections and connection pool defines how connections are handled by the pool.
The connection factory requires a reference to a driver (see agroal-driver-installation). With a java.sql.Driver the preferred way to 'point' to the database is to specify an url attribute while for javax.sql.DataSource and javax.sql.XADataSource the preferred way is to specify connection-properties.
-
-
-
-
-
-
-
-
-Attributes username and password are provided for basic authentication with the database. Agroal does not allow username and password to be set as connection-properties due to security requirements.
-
-
-
-
-
-
Other features provided by the connection-factory definition include the possibility of executing a SQL statement right after the connection has been created and to specify the isolation level of transactions in the database.
The main attributes of the connection-pool definition are the ones that control it’s size. While the initial size attribute is only taken into account while bootstrapping the pool, min size and max size are always enforced and can be changed at any time without requiring a reload of the server.
-
-
-
Another important attribute of the connection-pool is the blocking timeout that defines the maximum amount of time a thread will wait for a connection. If that time elapses and still no connection is available an exception is thrown. Keep in mind that the default value is 0, meaning that a thread will wait forever for a connection to become available. Changing this setting does not require a reload of the server.
-
-
-
The connection pool provides other convenient features like background validation of connections on the pool, removal of idle connections from the pool and detection of connections held for too long by one thread. All these features are disabled by default and can be enabled by specifying an interval of time on the corresponding attribute.
-
-
-
-
-
-
-
-
-There is a set of flush operations that perform many of these features on-demand. These are flush-all to close all connections immediately, flush-graceful to close all connections under normal operation, flush-invalid to remove any invalid connections from the pool and flush-idle to remove any connections not being used.
-
The available statistics include the number of created / destroyed connections and the number of connections in use / available in the pool. There are also statistics for the time it takes to create a connection and for how long have threads been blocked waiting for a connection.
In addition to all the common attributes, a datasource definition may disable the Jakarta Transactions integration.
-
-
-
Deferred enlistment is not supported, meaning that if Jakarta Transactions is enabled a connection must always be obtained within the scope of a transaction. The connection will always be enlisted with that transaction (lazy enlistment is not supported).
-
-
-
-
-
-
-
-
-The connectable attribute allows a non-XA datasource to take part in an XA transaction ('Last Resource Commit Optimization (LRCO)' / 'Commit Markable Resource')
-
-The overall server logging configuration is represented by the logging
-subsystem. It consists of four notable parts: handler configurations,
-logger, the root logger declarations (aka log categories) and
-logging profiles. Each logger does reference a handler (or set of
-handlers). Each handler declares the log format and output:
-
The add-logging-api-dependencies controls whether or not the container
-adds
-implicit
-logging API dependencies to your deployments. If set to true, the
-default, all the implicit logging API dependencies are added. If set to
-false the dependencies are not added to your deployments.
The use-deployment-logging-config controls whether or not your
-deployment is scanned for
-per-deployment
-logging. If set to true, the default,
-per-deployment
-logging is enabled. Set to false to disable this feature.
Per-deployment logging allows you to add a logging configuration file to
-your deployment and have the logging for that deployment configured
-according to the configuration file. In an EAR the configuration should
-be in the META-INF directory. In a WAR or JAR deployment the
-configuration file can be in either the META-INF or WEB-INF/classes
-directories.
-
-
-
The following configuration files are allowed:
-
-
-
-
-
logging.properties
-
-
-
jboss-logging.properties
-
-
-
-
-
You can also disable this functionality by changing the
-use-deployment-logging-config attribute to false.
Logging profiles are like additional logging subsystems. Each logging
-profile constists of three of the four notable parts listed above:
-handler configurations, logger and the root logger declarations.
-
-
-
You can assign a logging profile to a deployment via the deployments
-manifest. Add a Logging-Profile entry to the MANIFEST.MF file with a
-value of the logging profile id. For example a logging profile defined
-on /subsystem=logging/logging-profile=ejbs the MANIFEST.MF would look
-like:
-
-
-
-
Manifest-Version: 1.0
-Logging-Profile: ejbs
-
-
-
-
A logging profile can be assigned to any number of deployments. Using a
-logging profile also allows for runtime changes to the configuration.
-This is an advantage over the per-deployment logging configuration as
-the redeploy is not required for logging changes to take affect.
In a managed domain two types of log files do exist: Controller and
-server logs. The controller components govern the domain as whole. It’s
-their responsibility to start/stop server instances and execute managed
-operations throughout the domain. Server logs contain the logging
-information for a particular server instance. They are co-located with
-the host the server is running on.
-
-
-
For the sake of simplicity we look at the default setup for managed
-domain. In this case, both the domain controller components and the
-servers are located on the same host:
Log files can be listed and viewed via management operations. The log
-files allowed to be viewed are intentionally limited to files that exist
-in the jboss.server.log.dir and are associated with a known file
-handler. Known file handler types include file-handler,
-periodic-rotating-file-handler and size-rotating-file-handler. The
-operations are valid in both standalone and domain modes.
You may have noticed that there is a logging.properties file in the
-configuration directory. This is logging configuration is used when the
-server boots up until the logging subsystem kicks in. If the logging
-subsystem is not included in your configuration, then this would act as
-the logging configuration for the entire server.
-
-
-
-
-
-
-
-
-The logging.properties file is overwritten at boot and with each
-change to the logging subsystem. Any changes made to the file are not
-persisted. Any changes made to the XML configuration or via management
-operations will be persisted to the logging.properties file and used
-on the next boot.
-
A custom formatter to be used with handlers. Note that most log records are formatted in the printf format. Formatters
-may require invocation of the org.jboss.logmanager.ExtLogRecord#getFormattedMessage() for the message to be properly
-formatted.
Handlers define how log messages are recorded. If a message is said to be
-{oracle-javadocs}/java.logging/java/util/logging/Logger.html#isLoggable-java.util.logging.Level-[loggable] by a
-logger the message is then processed by the log handler.
-
-
-
The following are the available handlers for WildFly Full;
An async-handler is a handler that asynchronously writes log messages to it’s child handlers. This type of
-handler is generally used to wrap other handlers that take a substantial time to write messages.
A periodic-rotating-file-handler is a handler that writes log messages to the specified file. The file rotates on
-the date pattern specified in the suffix attribute. The suffix must be a valid pattern recognized by the
-java.text.SimpleDateFormat and must not rotate on seconds or
-milliseconds.
-
-
-
-
-
-
-
-
-The rotate happens before the next message is written by the handler.
-
A periodic-size-rotating-file-handler is a handler that writes log messages to the specified file. The file rotates on
-the date pattern specified in the suffix attribute or the rotate-size attribute. The suffix must be a valid
-pattern recognized by the java.text.SimpleDateFormat and must
-not rotate on seconds or milliseconds.
-
-
-
The max-backup-index works differently on this handler than the
-size-rotating-file-handler. The date suffix of the file to be rotated must be the
-same as the current expected suffix. For example with a suffix pattern of yyyy-MM and a rotate-size of 10m the
-file will be rotated with the current month each time the 10Mb size is reached.
-
-
-
-
-
-
-
-
-The rotate happens before the next message is written by the handler.
-
A size-rotating-file-handler is a handler that writes log messages to the specified file. The file rotates when
-the file size is greater than the rotate-size attribute. The rotated file will be kept and the index appended
-to the name moving previously rotated file indexes up by 1 until the max-backup-index is reached. Once the
-max-backup-index is reached, the indexed files will be overwritten.
-
-
-
-
-
-
-
-
-The rotate happens before the next message is written by the handler.
-
A socket-handler is a handler which sends messages over a socket. This can be a TCP or UDP socket and must be
-defined in a socket binding group under the local-destination-outbound-socket-binding or
-remote-destination-outbound-socket-binding resource.
-
-
-
During the boot logging messages will be queued until the socket binding is configured and the logging subsystem is
-added. This is important to note because setting the level of the handler to DEBUG or TRACE could result in
-large memory consumption during boot.
-
-
-
-
-
-
-
-
-
-
A server booted in --admin-only mode will discard messages rather than send them over a socket.
-
-
-
-
-
-
-
CLI Example
-
-
# Add the socket binding
-/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=log-server:add(host=localhost, port=4560)
-# Add a json-formatter
-/subsystem=logging/json-formatter=json:add
-# Add the socket handler
-/subsystem=logging/socket-handler=log-server-handler:add(named-formatter=json, level=INFO, outbound-socket-binding-ref=log-server)
-# Add the handler to the root logger
-/subsystem=logging/root-logger=ROOT:add-handler(name=log-server-handler)
A syslog-handler is a handler that writes to a syslog server via UDP. The handler support
-RFC3164 or RFC5424 formats.
-
-
-
-
-
-
-
-
-
-
The syslog-handler is missing some configuration properties that may be
-useful in some scenarios like setting a formatter. Use the
-org.jboss.logmanager.handlers.SyslogHandler in module
-org.jboss.logmanager as a
-custom-handler to exploit
-these benefits. Additional attributes will be added at some point so
-this will no longer be necessary.
Create a file handler. There are 3 different types of file handlers
-to choose from; file-handler, periodic-rotating-file-handler and
-size-rotating-file-handler. In this example we’ll just use a simple
-file-handler.
Loggers are used to log messages. A logger is defined by a category
-generally consisting of a package name or a class name.
-
-
-
A logger is the first step to determining if a messages should be logged
-or not. If a logger is defined with a level, the level of the message
-must be greater than the level defined on the logger. The filter is then
-checked next and the rules of the filter will determine whether or not
-the messages is said to be loggable.
A logger resource uses the path subsystem=logging/logger=$category
-where $category is the of the logger. For example to a logger named
-org.wildfly.example would have a resource path of
-subsystem=logging/logger=org.wildfly.example.
-You may notice that the category and filter attributes are missing.
-While filter is writable it may be deprecated and removed in the
-future. Both attributes are still on the resource for legacy reasons.
-
The handlers attribute is a list of handler names that should be
-attached to the logger. If the
-use-parent-handlers
-attribute is set to true and the log messages is determined to be
-loggable, parent loggers will continue to be processed.
A logger hierarchy is defined by it’s category. The category is a .
-(dot) delimited string generally consisting of the package name or a
-class name. For example the logger org.wildfly is the parent logger of
-org.wildfly.example.
Filters are used to add fine grained control over a log message. A filter can be assigned to a logger or log handler.
-See the Filter documentation for details on filters.
The filter resource allows a custom filter to be used. The custom filter must reside in a module and implement the
-Filter interface.
-
-
-
It’s generally suggested to add filters to a handler. By default loggers do no inherit filters. This means if a filter
-is placed on a logger named org.jboss.as.logging is only checked if the logger name is equal to org.jboss.as.logging.
Accepts a filter as an argument and inverts
-the returned value.
-
The expression takes a single filter for it’s
-argument.
-
not(match("JBAS"))
-
-
-
all
-
all(filterExpressions)
-
A filter consisting of several filters in
-a chain. If any filter find the log message to be unloggable, the
-message will not be logged and subsequent filters will not be checked.
-
The expression takes a comma delimited list of filters for it’s
-argument.
-
all(match("JBAS"), match("WELD"))
-
-
-
any
-
any(filterExpressions)
-
A filter consisting of several filters in
-a chain. If any filter fins the log message to be loggable, the message
-will be logged and the subsequent filters will not be checked.
-
The
-expression takes a comma delimited list of filters for it’s argument.
-
any(match("JBAS"), match("WELD"))
-
-
-
levelChange
-
levelChange(level)
-
A filter which modifies the log record
-with a new level.
-
The expression takes a single string based level for
-it’s argument.
-
levelChange(WARN)
-
-
-
levels
-
levels(levels)
-
A filter which includes log messages with a
-level that is listed in the list of levels.
-
The expression takes a
-comma delimited list of string based levels for it’s argument.
-
levels(DEBUG, INFO, WARN, ERROR)
-
-
-
levelRange
-
levelRange([minLevel,maxLevel])
-
A filter which logs
-records that are within the level range.
-
The filter expression uses a
-"[" to indicate a minimum inclusive level and a "]" to indicate a
-maximum inclusive level. Otherwise use "(" or ")" respectively indicate
-exclusive. The first argument for the expression is the minimum level
-allowed, the second argument is the maximum level allowed.
-
minimum
-level must be less than ERROR and the maximum level must be greater than
-DEBUGlevelRange(ERROR, DEBUG) minimum level must be less than or equal
-to ERROR and the maximum level must be greater than
-DEBUGlevelRange[ERROR, DEBUG) minimum level must be less than or equal
-to ERROR and the maximum level must be greater or equal to
-INFOlevelRange[ERROR, INFO]
-
-
-
match
-
match("pattern")
-
A regular-expression based filter. The raw
-unformatted message is used against the pattern.
-
The expression takes a
-regular expression for it’s argument. match("JBAS\d+")
-
-
-
-
substitute
-
substitute("pattern", "replacement value")
-
A filter which
-replaces the first match to the pattern with the replacement value.
-
The
-first argument for the expression is the pattern the second argument is
-the replacement text.
-
substitute("JBAS", "EAP")
-
-
-
substituteAll
-
substituteAll("pattern", "replacement value")
-
A filter
-which replaces all matches of the pattern with the replacement value.
-
The first argument for the expression is the pattern the second
-argument is the replacement text.
-
substituteAll("JBAS", "EAP")
-
-
-
filterName
-
myCustomFilter
-
A custom filter which is defined on a filter resource.
This element is used to configure the instance pool that is used by
-default for stateless session beans. If it is not present stateless
-session beans are not pooled, but are instead created on demand for
-every invocation. The instance pool can be overridden on a per
-deployment or per bean level using jboss-ejb3.xml or the
-org.jboss.ejb3.annotation.Pool annotation. The instance pools
-themselves are configured in the <pools> element.
This element is used to configure Stateful Session Beans.
-
-
-
-
-
default-session-timeout This optional attribute specifies the default
-amount of time in milliseconds a stateful session bean can remain idle
-before it is eligible for removal by the container.
-It can be overridden via ejb-jar.xml deployment descriptor or via
-jakarta.ejb.StatefulTimeout annotation.
-
-
-
default-access-timeout This attribute specifies the default time
-concurrent invocations on the same bean instance will wait to acquire
-the instance lock. It can be overridden via the deployment descriptor or
-via the jakarta.ejb.AccessTimeout annotation.
-
-
-
cache-ref This attribute is used to set the default cache for
-beans which require a passivating cache. It can be overridden by jboss-ejb3.xml, or via
-the org.jboss.ejb3.annotation.Cache annotation.
-
-
-
non-passivating-cache-ref This attribute is used to set the default cache
-for beans which require a non-passivating cache.
This element is used to configure Singleton Session Beans.
-
-
-
-
-
default-access-timeout This attribute specifies the default time
-concurrent invocations will wait to acquire the instance lock. It can be
-overridden via the deployment descriptor or via the
-jakarta.ejb.AccessTimeout annotation.
This element is used to configure the instance pool that is used by
-default for Message Driven Beans. If it is not present they are not
-pooled, but are instead created on demand for every invocation. The
-instance pool can be overridden on a per deployment or per bean level
-using jboss-ejb3.xml or the org.jboss.ejb3.annotation.Pool
-annotation. The instance pools themselves are configured in the
-<pools> element.
This element is used to configure the instance pool that is used by
-default for Entity Beans. If it is not present they are not pooled, but
-are instead created on demand for every invocation. The instance pool
-can be overridden on a per deployment or per bean level using
-jboss-ejb3.xml or the org.jboss.ejb3.annotation.Pool annotation. The
-instance pools themselves are configured in the <pools> element.
This element is used to define named cache factories to support the persistence of SFSB session states.
-Cache factories may be passivating (an in-memory cache with the ability to passivate to persistant store
-the session states of beans not recently used and then activate them when needed) or non-passivating
-(an in-memory cache only). Default values for passivating and non-passivating caches are specified
-in the <stateful> element mentioned above. A SFSB may override the named cache used to store its session states
-via the @Cache annotation (in its class definition) or via a corresponding deployment descriptor.
This element defines a passivating cache factory (in-memory plus passivation to persistent store) for storing
-session states of a SFSB. A passivating cache factory relies on a bean-management provider to configure
-the passivation mechanism and the persistent store that it uses.
-
-
-
-
-
bean-management This attribute specifies the bean-management provider to be used to
-support passivation of cache entries. The bean-management provider is defined and configured
-in the distributable-ejb subsystem (see the High Availability Guide).
-If the attribute is non-defined, the default bean management provider
-defined in the distributable-ejb subsystem is used.
This element is used to enable remote EJB invocations. In other words, it allows a remote EJB client
-application to make invocations on Jakarta Enterprise beans deployed on the server.
-
-
-
It specifies the following attributes:
-
-
-
-
-
connectors specifies a space-separated list of remoting connectors to use (as defined in the remoting
-subsystem configuration) for accepting invocations.
-
-
-
thread-pool specifies a thread pool to use for processing incoming remote invocations
A remote profile specifies a configuration of remote invocations that can
-be referenced by many deployments. EJBs that are meant to be invoked can
-be discovered in either a static or a dynamic way.
-
-
-
Static discovery decides which remote node to connect to based on the information
-provided by the administrator.
-
-
-
Dynamic discovery is responsible for monitoring the available EJBs on all the
-nodes to which connections are configured and decides which remote node to
-connect to based on the gathered data.
-
-
-
-
-
name the name of the profile
-
-
-
exclude-local-receiver If set, no local receiver is used in this profile
-
-
-
local-receiver-pass-by-value If set, local receiver will pass ejb beans by value
Static ejb discovery allows the administrator to explicitly specify on which remote nodes
-given EJBs are located. The module tag is used to define it:
This is used to configure the thread pools used by async, timer and
-remote invocations.
-
-
-
-
-
max-threads specifies the maximum number of threads in the thread pool.
-It is a required attribute and defaults to 10.
-
-
-
core-threads specifies the number of core threads in the thread pool.
-It is an optional attribute and defaults to max-threads value.
-
-
-
keepalive-time specifies the amount of time that non-core threads can
-stay idle before they become eligible for removal. It is an optional
-attribute and defaults to 60 seconds.
This is used to enable IIOP (i.e. CORBA) invocation of EJB’s. If this
-element is present then the JacORB subsystem must also be installed. It
-supports the following two attributes:
-
-
-
-
-
enable-by-default If this is true then all EJB’s with EJB2.x home
-interfaces are exposed via IIOP, otherwise they must be explicitly
-enabled via jboss-ejb3.xml.
-
-
-
use-qualified-name If this is true then EJB’s are bound to the corba
-naming context with a binding name that contains the application and
-modules name of the deployment (e.g. myear/myejbjar/MyBean), if this is
-false the default binding name is simply the bean name.
By default remote interface invocations use pass by value, as required
-by the EJB spec. This element can use used to enable pass by reference,
-which can give you a performance boost. Note WildFly will do a shallow
-check to see if the caller and the EJB have access to the same class
-definitions, which means if you are passing something such as a
-List<MyObject>, WildFly only checks the List to see if it is the same
-class definition on the call & EJB side. If the top level class
-definition is the same, JBoss will make the call using pass by
-reference, which means that if MyObject or any objects beneath it are
-loaded from different classloaders, you would get a ClassCastException.
-If the top level class definitions are loaded from different
-classloaders, JBoss will use pass by value. JBoss cannot do a deep check
-of all of the classes to ensure no ClassCastExceptions will occur
-because doing a deep check would eliminate any performance boost you
-would have received by using call by reference. It is recommended that
-you configure pass by reference only on callers that you are sure will
-use the same class definitions and not globally. This can be done via a
-configuration in the jboss-ejb-client.xml as shown below.
-
-
-
To configure a caller/client use pass by reference, you configure your
-top level deployment with a META-INF/jboss-ejb-client.xml containing:
This element configures a number of server-side interceptors which can be
-configured without changing the deployments.
-
-
-
Each interceptor is configured in <interceptor> tag which contains the
-following fields:
-
-
-
-
-
module - the module in which the interceptor is defined
-
-
-
class - the class which implements the interceptor
-
-
-
-
-
In order to use server interceptors you have to create a module that implements
-them and place it into ${WILDFLY_HOME}/modules directory.
-
-
-
Interceptor implementations are POJO classes which use
-jakarta.interceptor.AroundInvoke and jakarta.interceptor.AroundTimeout to
-mark interceptor methods.
Web subsystem was replaced in WildFly 8 with Undertow.
-
-
-
-
-
There are two main parts to the undertow subsystem, which are server and
-Servlet container configuration, as well as some ancillary items.
-Advanced topics like load balancing and failover are covered on the
-"High Availability Guide". The default configuration does is suitable
-for most use cases and provides reasonable performance settings.
the default servlet container to use for deployments
-
-
-
instance-id
-
the id of Undertow. Defaults to "${jboss.node.name}" if undefined
-
-
-
obfuscate-session-route
-
set this to "true" to indicate the
-instance-id should be obfuscated in routing. This prevents instance-id from being sent across
-HTTP connections when serving remote requests with the HTTP invoker.
-
-
-
default-security-domain
-
the default security domain used by web deployments
-
-
-
statistics-enabled
-
set this to true to enable statistics gathering for Undertow subsystem
-
-
-
-
-
-
-
-
-
-
-
-
When setting obfuscate-session-route to "true", the server’s
-name is used as a salt in the hashing algorithm that obfuscates the value of instance-id.
-For that reason, it is strongly advised that the value of the server be changed from "default-server" to something
-else, or else it would be easy to reverse engineer the obfuscated route to its original value, using "default-server"
-bytes as the salt.
The buffer cache is used for caching content, such as static files.
-Multiple buffer caches can be configured, which allows for separate
-servers to use different sized caches.
-
-
-
Buffers are allocated in regions, and are of a fixed size. If you are
-caching many small files then using a smaller buffer size will be
-better.
-
-
-
The total amount of space used can be calculated by multiplying the
-buffer size by the number of buffers per region by the maximum number of
-regions.
The following settings are common to all connectors:
-
-
-
-
-
-
-
-
-
Attribute
-
Description
-
-
-
-
-
allow-encoded-slash
-
If a request comes in with encoded / characters (i.e. %2F), will these be decoded.
-
-
-
allow-equals-in-cookie-value
-
If this is true then Undertow will allow non-escaped equals characters in unquoted cookie values.
-Unquoted cookie values may not contain equals characters. If present the value ends before the
-equals sign. The remainder of the cookie value will be dropped.
-
-
-
allow-unescaped-characters-in-url
-
If this is true Undertow will accept non-encoded characters that are disallowed by the URI specification.
-This defaults to false, and in general should not be needed as most clients correctly encode characters.
-Note that setting this to true can be considered a security risk, as allowing non-standard characters can
-allow request smuggling attacks in some circumstances.
-
-
-
always-set-keep-alive
-
If this is true then a Connection: keep-alive header will be added to responses, even when it is not
-strictly required by the specification.
-
-
-
buffer-pipelined-data
-
If we should buffer pipelined requests.
-
-
-
buffer-pool
-
The listeners buffer pool
-
-
-
certificate-forwarding
-
If certificate forwarding should be enabled. If this is enabled then the listener will take the certificate
-from the SSL_CLIENT_CERT attribute. This should only be enabled if behind a proxy, and the proxy is
-configured to always set these headers.
-
-
-
decode-url
-
If this is true then the parser will decode the URL and query parameters using the selected character
-encoding (UTF-8 by default). If this is false they will not be decoded. This will allow a later handler to
-decode them into whatever charset is desired.
-
-
-
disallowed-methods
-
A comma separated list of HTTP methods that are not allowed
-
-
-
enable-http2
-
Enables HTTP2 support for this listener
-
-
-
enabled (Deprecated)
-
If the listener is enabled
-
-
-
http2-enable-push
-
If server push is enabled for this connection
-
-
-
http2-header-table-size
-
The size of the header table used for HPACK compression, in bytes. This amount of memory will be allocated
-per connection for compression. Larger values use more memory but may give better compression.
-
-
-
http2-initial-window-size
-
The flow control window size that controls how quickly the client can send data to the server
-
-
-
http2-max-concurrent-streams
-
The maximum number of HTTP/2 streams that can be active at any time on a single connection
-
-
-
http2-max-frame-size
-
The max HTTP/2 frame size
-
-
-
http2-max-header-list-size
-
The maximum size of request headers the server is prepared to accept
-
-
-
max-buffered-request-size
-
Maximum size of a buffered request, in bytes. Requests are not usually buffered, the most common case is
-when performing SSL renegotiation for a POST request, and the post data must be fully buffered in order
-to perform the renegotiation.
-
-
-
max-connections
-
The maximum number of concurrent connections. Only values greater than 0 are allowed. For unlimited
-connections simply undefine this attribute value.
-
-
-
max-cookies
-
The maximum number of cookies that will be parsed. This is used to protect against hash vulnerabilities.
-
-
-
max-header-size
-
The maximum size of a http request header, in bytes.
-
-
-
max-headers
-
The maximum number of headers that will be parsed. This is used to protect against hash vulnerabilities.
-
-
-
max-parameters
-
The maximum number of parameters that will be parsed. This is used to protect against hash vulnerabilities.
-This applies to both query parameters, and to POST data, but is not cumulative (i.e. you can potentially
-have max parameters * 2 total parameters).
-
-
-
max-post-size
-
The maximum size of a post that will be accepted, in bytes.
-
-
-
no-request-timeout
-
The length of time in milliseconds that the connection can be idle before it is closed by the container.
-
-
-
proxy-address-forwarding
-
Enables handling of x-forwarded-host header (and other x-forwarded-* headers) and use this header information
-to set the remote address. This should only be used behind a trusted proxy that sets these headers otherwise
-a remote user can spoof their IP address.
-
-
-
proxy-protocol
-
If this is true then the listener will use the proxy protocol v1, as defined by
-https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt. This option MUST only be enabled for listeners
-that are behind a load balancer that supports the same protocol.
-
-
-
read-timeout
-
Configure a read timeout for a socket, in milliseconds. If the given amount of time elapses without a
-successful read taking place, the socket’s next read will throw a {@link ReadTimeoutException}.
-
-
-
receive-buffer
-
The receive buffer size, in bytes.
-
-
-
record-request-start-time
-
If this is true then Undertow will record the request start time, to allow for request time to be logged.
-This has a small but measurable performance impact
-
-
-
request-parse-timeout
-
The maximum amount of time (in milliseconds) that can be spent parsing the request
-
-
-
require-host-http11
-
Require that all HTTP/1.1 requests have a 'Host' header, as per the RFC. IF the request does not include
-this header it will be rejected with a 403.
-
-
-
resolve-peer-address
-
Enables host dns lookup
-
-
-
rfc6265-cookie-validation
-
If cookies should be validated to ensure they comply with RFC6265.
-
-
-
secure
-
If this is true then requests that originate from this listener are marked as secure, even if the request
-is not using HTTPS.
-
-
-
send-buffer
-
The send buffer size, in bytes.
-
-
-
socket-binding
-
The listener socket binding
-
-
-
tcp-backlog
-
Configure a server with the specified backlog.
-
-
-
tcp-keep-alive
-
Configure a channel to send TCP keep-alive messages in an implementation-dependent manner.
-
-
-
url-charset
-
URL charset
-
-
-
worker
-
The listeners XNIO worker
-
-
-
write-timeout
-
Configure a write timeout for a socket, in milliseconds. If the given amount of time
-elapses without a successful write taking place, the socket’s next write will throw
-a {@link WriteTimeoutException}.
If this listener is supporting non-SSL requests, and a request is received for which a matching
-<security-constraint> requires SSL transport, undertow will automatically redirect the request to the
-socket binding port specified here.
Https listener provides secure access to the server. The most important
-configuration option is ssl-context which cross references a pre-configured
-SSL Context instance.
A whitespace separated list of additional host names that should
-be matched
-
-
-
default-web-module
-
The name of a deployment that should be used to
-serve up requests that do not match anything.
-
-
-
queue-requests-on-start
-
If requests should be queued on start for this host. If this is set to false the default
-response code will be returned instead.
-
Note: If a Non-graceful Startup is requested, and the queue-requests-on-start attribute is not set, requests will NOT be
-queued despite the default value of true for the property. In the instance of a non-graceful startup, non-queued requests
-are required. However, if non-graceful is configured, but queue-requests-on-start is explicitly set to true, then requests
-will be queued, effectively disabling the non-graceful mode for requests to that host.
Each host allows for access logging to the console which writes structured data in JSON format. This only writes to
-stdout and is a single line of JSON structured data.
-
-
-
The attributes management model attribute is used to determine which exchange attributes should be logged. This is
-similar to the pattern used for traditional access logging. The main difference being since the data is structured
-the ability to use defined keys is essential.
-
-
-
A metadata attribute also exists which allows extra metadata to be added to the output. The value of the attribute is
-a set of arbitrary key/value pairs. The values can include management model expressions, which must be resolvable when
-the console access log service is started. The value is resolved once per start or reload of the server.
The servlet-container element corresponds to an instance of an Undertow
-Servlet container. Most servers will only need a single servlet
-container, however there may be cases where it makes sense to define
-multiple containers (in particular if you want applications to be
-isolated, so they cannot dispatch to each other using the
-RequestDispatcher. You can also use multiple Servlet containers to serve
-different applications from the same context path on different virtual
-hosts).
-
-
-
-
-
-
-
-
-
Attribute
-
Description
-
-
-
-
-
allow-non-standard-wrappers
-
The Servlet specification requires
-applications to only wrap the request/response using wrapper classes
-that extend from the ServletRequestWrapper and ServletResponseWrapper
-classes. If this is set to true then this restriction is relaxed.
-
-
-
default-buffer-cache
-
The buffer cache that is used to cache static
-resources in the default Servlet.
-
-
-
stack-trace-on-error
-
Can be either all, none, or local-only. When set
-to none Undertow will never display stack traces. When set to All
-Undertow will always display them (not recommended for production use).
-When set to local-only Undertow will only display them for requests from
-local addresses, where there are no headers to indicate that the request
-has been proxied. Note that this feature means that the Undertow error
-page will be displayed instead of the default error page specified in
-web.xml.
-
-
-
default-encoding
-
The default encoding to use for requests and
-responses.
-
-
-
use-listener-encoding
-
If this is true then the default encoding will
-be the same as that used by the listener that received the request.
-
-
-
preserve-path-on-forward
-
If this is true, the return values of the
-getServletPath(), getRequestURL() and getRequestURI() methods from
- HttpServletRequest will be unchanged following a
- RequestDispatcher.forward() call, and point to the original resource requested.
-If false, following the RequestDispatcher.forward() call, they will
-point to the resource being forwarded to.
This allows you to change the attributes of the affinity cookie.
-If the affinity cookie is configured, the affinity will not be appended to the session ID, but will be sent via the configured cookie name.
Persistent sessions allow session data to be saved across redeploys and
-restarts. This feature is enabled by adding the persistent-sessions
-element to the server config. This is mostly intended to be a
-development time feature.
-
-
-
If the path is not specified then session data is stored in memory, and
-will only be persistent across redeploys, rather than restarts.
The AJP listeners are child resources of the subsystem undertow. They
-are used with mod_jk, mod_proxy and mod_cluster of the Apache httpd
-front-end. Each listener does reference a particular socket binding:
WildFly 10 added support for using the Undertow subsystem as a load
-balancer. WildFly supports two different approaches, you can either
-define a static load balancer, and specify the back end hosts in your
-configuration, or use it as a mod_cluster frontend, and use mod_cluster
-to dynamically update the hosts.
WildFly uses Undertow’s proxy capabilities to act as a load balancer.
-Undertow will connect to the back end servers using its built in client,
-and proxies requests.
-
-
-
The following protocols are supported:
-
-
-
-
-
http
-
-
-
ajp
-
-
-
http2
-
-
-
h2c (clear text HTTP2)
-Of these protocols h2c should give the best performance, if the back end
-servers support it.
-
-
-
-
-
The Undertow proxy uses async IO, the only threads that are involved in
-the request is the IO thread that is responsible for the connection. The
-connection to the back end server is made from the same thread, which
-removes the need for any thread safety constructs.
-If both the front and back end servers support server push, and HTTP2 is
-in use then the proxy also supports pushing responses to the client. In
-cases where proxy and backend are capable of server push, but the client
-does not support it the server will send a X-Disable-Push header to let
-the backend know that it should not attempt to push for this request.
# configure correct path to WildFly installation
-WILDFLY_HOME=/path/to/wildfly
-
-# configure correct IP of the node
-MY_IP=192.168.1.1
-
-# run the load balancer profile
-$WILDFLY_HOME/bin/standalone.sh -b $MY_IP -bprivate $MY_IP -c standalone-load-balancer.xml
-
-
-
-
It’s highly recommended to use private/internal network for communication between load balancer and nodes.
-To do this set the correct IP address to the private interface (-bprivate argument).
Run the server with the HA (or Full HA) profile, which has mod_cluster component included.
-If the UDP multicast is working in your environment, the workers should work out of the box without any change.
-If it’s not the case, then configure the IP address of the load balancer statically.
-
-
-
-
# configure correct path to WildFly installation
-WILDFLY_HOME=/path/to/wildfly
-# configure correct IP of the node
-MY_IP=192.168.1.2
-
-# Configure static load balancer IP address.
-# This is necessary when UDP multicast doesn't work in your environment.
-LOAD_BALANCER_IP=192.168.1.1
-$WILDFLY_HOME/bin/jboss-cli.sh <<EOT
-
-embed-server -c=standalone-ha.xml
-/subsystem=modcluster/proxy=default:write-attribute(name=advertise, value=false)
-/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=proxy1:add(host=$LOAD_BALANCER_IP, port=8090)
-/subsystem=modcluster/proxy=default:list-add(name=proxies, value=proxy1)
-EOT
-
-# start the woker node with HA profile
-$WILDFLY_HOME/bin/standalone.sh -c standalone-ha.xml -b $MY_IP -bprivate $MY_IP
-
-
-
-
Again, to make it safe, users should configure private/internal IP address into MY_IP variable.
To use WildFly as a static load balancer the first step is to create a
-proxy handler in the Undertow subsystem. For the purposes of this
-example we are going to assume that our load balancer is going to load
-balance between two servers, sv1.foo.com and sv2.foo.com, and will be
-using the AJP protocol.
-
-
-
The first step is to add a reverse proxy handler to the Undertow
-subsystem:
The Jakarta Messaging server configuration is done through the messaging-activemq
-subsystem. In this chapter we are going outline the frequently used
-configuration options. For a more detailed explanation please consult
-the Artemis user guide (See "Component Reference").
The configuration options discussed in this section assume that the the
-org.wildfly.extension.messaging-activemq extension is present in your
-configuration. This extension is not included in the standard
-standalone.xml and standalone-ha.xml configurations included in the
-WildFly distribution. It is, however, included with the
-standalone-full.xml and standalone-full-ha.xml configurations.
-
-
-
You can add the extension to a configuration without it either by adding
-an <extension module="org.wildfly.extension.messaging-activemq"/>
-element to the xml or by using the following CLI operation:
There are three kinds of basic Jakarta Messaging connection-factory that depends
-on the type of connectors that is used.
-
-
-
There is also a pooled-connection-factory which is special in that it
-is essentially a configuration facade for both the inbound and
-outbound connectors of the the Artemis Jakarta Connectors Resource Adapter. An MDB can
-be configured to use a pooled-connection-factory (e.g. using
-@ResourceAdapter). In this context, the MDB leverages the inbound
-connector of the Artemis Jakarta Connectors RA. Other kinds of clients can look up the
-pooled-connection-factory in JNDI (or inject it) and use it to send
-messages. In this context, such a client would leverage the outbound
-connector of the Artemis Jakarta Connectors RA. A pooled-connection-factory is also
-special because:
-
-
-
-
-
It is only available to local clients, although it can be configured
-to point to a remote server.
-
-
-
As the name suggests, it is pooled and therefore provides superior
-performance to the clients which are able to use it. The pool size can
-be configured via the max-pool-size and min-pool-size attributes.
-
-
-
It should only be used to send (i.e. produce) messages when looked
-up in JNDI or injected.
-
-
-
It can be configured to use specific security credentials via the
-user and password attributes. This is useful if the remote server to
-which it is pointing is secured.
-
-
-
Resources acquired from it will be automatically enlisted any on-going
-Jakarta Transactions. If you want to send a message from an Jakarta Enterprise Beans using CMT
-then this is likely the connection factory you want to use so the send
-operation will be atomically committed along with the rest of the Jakarta Enterprise Beans’s
-transaction operations.
-
-
-
-
-
To be clear, the inbound connector of the Artemis Jakarta Connectors RA (which is for
-consuming messages) is only used by MDBs and other Jakarta Connectors based components.
-It is not available to traditional clients.
-
-
-
Both a connection-factory and a pooled-connection-factory reference
-a connector declaration.
-
-
-
A netty-connector is associated with a socket-binding which tells
-the client using the connection-factory where to connect.
-
-
-
-
-
A connection-factory referencing a netty-connector is suitable to
-be used by a remote client to send messages to or receive messages
-from the server (assuming the connection-factory has an appropriately
-exported entry).
-
-
-
A pooled-connection-factory looked up in JNDI or injected which is
-referencing a netty-connector is suitable to be used by a local
-client to send messages to a remote server granted the socket-binding
-references an outbound-socket-binding pointing to the remote server in
-question.
-
-
-
A pooled-connection-factory used by an MDB which is referencing a
-remote-connector is suitable to consume messages from a remote server
-granted the socket-binding references an outbound-socket-binding
-pointing to the remote server in question.
-
-
-
-
-
An in-vm-connector is associated with a server-id which tells the
-client using the connection-factory where to connect (since multiple
-Artemis servers can run in a single JVM).
-
-
-
-
-
A connection-factory referencing an in-vm-connector is suitable to
-be used by a local client to either send messages to or receive
-messages from a local server.
-
-
-
A pooled-connection-factory looked up in JNDI or injected which is
-referencing an in-vm-connector is suitable to be used by a local
-client only to send messages to a local server.
-
-
-
A pooled-connection-factory used by an MDB which is referencing an
-in-vm-connector is suitable only to consume messages from a local
-server.
-
-
-
-
-
A http-connector is associated with the socket-binding that
-represents the HTTP socket (by default, named http).
-
-
-
-
-
A connection-factory referencing a http-connector is suitable to
-be used by a remote client to send messages to or receive messages from
-the server by connecting to its HTTP port before upgrading to the
-messaging protocol.
-
-
-
A pooled-connection-factory referencing a http-connector is
-suitable to be used by a local client to send messages to a remote
-server granted the socket-binding references an
-outbound-socket-binding pointing to the remote server in question.
-
-
-
A pooled-connection-factory used by an MDB which is referencing a
-http-connector is suitable only to consume messages from a remote
-server granted the socket-binding references an
-outbound-socket-binding pointing to the remote server in question.
-
-
-
-
-
The entry declaration of a connection-factory or a
-pooled-connection-factory specifies the JNDI name under which the
-factory will be exposed. Only JNDI names bound in the
-"java:jboss/exported" namespace are available to remote clients. If a
-connection-factory has an entry bound in the "java:jboss/exported"
-namespace a remote client would look-up the connection-factory using
-the text after"java:jboss/exported". For example, the "
-RemoteConnectionFactory`" is bound by default to
-`"java:jboss/exported/jms/RemoteConnectionFactory" which means a remote
-client would look-up this connection-factory using "
-jms/RemoteConnectionFactory`". A `pooled-connection-factory should
-not have any entry bound in the " java:jboss/exported`" namespace
-because a `pooled-connection-factory is not suitable for remote
-clients.
-
-
-
Since Jakarta Messaging 2.0, a default Jakarta Messaging connection factory is accessible to Jakarta EE
-applications under the JNDI name java:comp/DefaultJMSConnectionFactory.
-The WildFly messaging subsystem defines a pooled-connection-factory that
-is used to provide this default connection factory. Any parameter change
-on this pooled-connection-factory will be take into account by any EE
-application looking the default Jakarta Messaging provider under the JNDI name
-java:comp/DefaultJMSConnectionFactory.
Jakarta Messaging queues and topics are sub resources of the messaging-actively
-subsystem. One can define either a jms-queue or jms-topic. Each
-destination must be given a name and contain at least one entry in
-its entries element (separated by whitespace).
-
-
-
Each entry refers to a JNDI name of the queue or topic. Keep in mind
-that any jms-queue or jms-topic which needs to be accessed by a
-remote client needs to have an entry in the "java:jboss/exported"
-namespace. As with connection factories, if a jms-queue or or
-jms-topic has an entry bound in the "java:jboss/exported" namespace a
-remote client would look it up using the text after
-"java:jboss/exported`". For example, the following `jms-queue
-"testQueue" is bound to "java:jboss/exported/jms/queue/test" which means
-a remote client would look-up this \{{kms-queue} using
-"jms/queue/test". A local client could look it up using
-"java:jboss/exported/jms/queue/test", "java:jms/queue/test", or more
-simply "jms/queue/test":
When a queue is paused, it will receive messages but will not deliver them. When it’s resumed, it’ll begin delivering the queued messages, if any.
-When a topic is paused, it will receive messages but will not deliver them. Newly added subscribers will be paused too until the topic is resumed. When it is resumed, delivering will occur again. The persist parameter ensure that the topic stays paused on the restart of the server.
A number of additional commands to maintain the Jakarta Messaging subsystem are
-available as well:
-
-
-
-
[standalone@localhost:9990 /] jms-queue --help --commands
-add
-...
-remove
-To read the description of a specific command execute 'jms-queue command_name --help'.
Some of the settings are applied against an address wild card instead of
-a specific messaging destination. The dead letter queue and redelivery
-settings belong into this group:
By default, Artemis will use the " ApplicationDomain`" Elytron security
-domain. This domain is used to authenticate users making connections to Artemis
-and then they are authorized to perform specific functions based on their
-role(s) and the `security-settings described above. This domain can be
-changed by using the elytron-domain, e.g.:
The preferred way is to reuse an SSLContext defined in the Elytron subsystem and reference it using the ssl-context attribute available on http-acceptor, remote-acceptor, http-connector and remote-acceptor.
-That way you can use the SSLContext with the broker but also with other services such as Undertow.
-
-
-
-
-
-
-
-
-One point that you have to take into account is the fact that the connector might be used on a different point than the server you have configured it on.
-For example, if you obtain the connection factory remotely using JNDI, the SSLContext configured in the connector is 'relative' to your client and not to the server it was configured.
-That means that a standalone client wouldn’t be able to resolve it, and if this is running on another WildFly instance, the Elytron SSLContext must be configured there.
-
If the Artemis server is configured to be clustered, it will use the
-cluster 's user and password attributes to connect to other
-Artemis nodes in the cluster.
-
-
-
If you do not change the default value of <cluster-password>, Artemis
-will fail to authenticate with the error:
-
-
-
-
HQ224018: Failed to create session: HornetQExceptionerrorType=CLUSTER_SECURITY_EXCEPTION message=HQ119099: Unable to authenticate cluster user: HORNETQ.CLUSTER.ADMIN.USER
-
-
-
-
To prevent this error, you must specify a value for
-<cluster-password>. It is possible to encrypt this value by as an encrypted
-expression by referring to the Elytron documentation.
-
-
-
Alternatively, you can use the system property
-jboss.messaging.cluster.password to specify the cluster password from
-the command line.
-This feature is primarily intended for development as destinations
-deployed this way can not be managed with any of the provided management
-tools (e.g. console, CLI, etc).
-
The function of a Jakarta Messaging bridge is to consume messages from a source Jakarta Messaging
-destination, and send them to a target Jakarta Messaging destination. Typically either
-the source or the target destinations are on different servers.
-The bridge can also be used to bridge messages from other non Artemis
-messaging servers, as long as they are JMS 1.1 compliant.
-
-
-
The Jakarta Messaging Bridge is provided by the Artemis project. For a detailed
-description of the available configuration properties, please consult
-the project documentation.
Source and target Jakarta Messaging resources (destination and connection factories)
-are looked up using JNDI.
-If either the source or the target resources are managed by another
-messaging server than WildFly, the required client classes must be
-bundled in a module. The name of the module must then be declared when
-the Jakarta Messaging Bridge is configured.
-
-
-
The use of a Jakarta Messaging bridges with any messaging provider will require to
-create a module containing the jar of this provider.
-
-
-
Let’s suppose we want to use an hypothetical messaging provider named
-AcmeMQ. We want to bridge messages coming from a source AcmeMQ
-destination to a target destination on the local WildFly messaging
-server. To lookup AcmeMQ resources from JNDI, 2 jars are required,
-acmemq-1.2.3.jar, mylogapi-0.0.1.jar (please note these jars do not
-exist, this is just for the example purpose). We must not include a
-Jakarta Messaging jar since it will be provided by a WildFly module directly.
-
-
-
To use these resources in a Jakarta Messaging bridge, we must bundle them in a WildFly
-module:
<?xml version="1.0" encoding="UTF-8"?>
-<modulexmlns="urn:jboss:module:1.9"name="org.acmemq">
- <properties>
- <propertyname="jboss.api"value="private"/>
- </properties>
-
-
- <resources>
- <!-- insert resources required to connect to the source or target -->
- <!-- messaging brokers if it not another WildFly instance -->
- <resource-rootpath="acmemq-1.2.3.jar"/>
- <resource-rootpath="mylogapi-0.0.1.jar"/>
- </resources>
-
-
- <dependencies>
- <!-- add the dependencies required by messaging Bridge code -->
- <modulename="java.se"/>
- <modulename="jakarta.jms.api"/>
- <modulename="jakarta.transaction.api"/>
- <modulename="org.jboss.remote-naming"/>
- <!-- we depend on org.apache.activemq.artemis module since we will send messages to -->
- <!-- the Artemis server embedded in the local WildFly instance -->
- <modulename="org.apache.activemq.artemis"/>
- </dependencies>
-</module>
The source and target sections contain the name of the Jakarta Messaging resource
-( connection-factory and destination) that will be looked up in
-JNDI.
-It optionally defines the user and password credentials. If they are
-set, they will be passed as arguments when creating the Jakarta Messaging connection
-from the looked up ConnectionFactory.
-It is also possible to define JNDI context properties in the
-source-context and target-context sections. If these sections are
-absent, the Jakarta Messaging resources will be looked up in the local WildFly
-instance (as it is the case in the target section in the example
-above).
Currently two statistics are available on a Jakarta Messaging bridge: the number of processed messages and the number of aborted/rolled back messages.
-Those are available with the following command :
The messaging-activemq subsystem is provided by the Artemis project. For
-a detailed description of the available configuration properties, please
-consult the project documentation.
You can configure the disk space usage of the journal by using the global-max-disk-usage attribute, thus blocking the paging and processing of new messages until some disk space is available.
-This is done from the CLI:
You can define at which frequency the disk usage is checked using the disk-scan-period attribute.
-
-
-
In the same way configure the maximal memory affected to processing messages by using the global-max-memory-size attribute, thus blocking the processing of new messages until some memory space is available.
-This is done from the CLI:
When things go wrong on the broker, the critical analyzer may act as a safeguard shutting down the broker or the JVM.
-If the response time goes beyond a configured timeout, the broker is considered unstable and an action can be taken to either shutdown the broker or halt the VM.
-Currently in WildFly this will only be logged but you can change that behaviour by setting the critical-analyzer-policy attribute to HALT or SHUTDOWN.
-For this, the critical analyzer measures the response time in:
-
-
-
-
-
Queue delivery (adding to the queue)
-
-
-
Journal storage
-
-
-
Paging operations
-
-
-
-
-
You can configure the critical analyzer on the broker using the CLI.
-To disable the critical analyzer, you can execute the following CLI command:
If you need to troubleshoot the journal you can use the print-data operation. Like the export operation, it needs to be executed in admin-mode.
-Also this will send back a file so it must be coupled with the attachment operation to display or save the result. Note that the display operation won’t work properly if you are asking for a zipped version of the data.
The messaging-activemq subsystem allows to configure a
-pooled-connection-factory resource to let a local client deployed in
-WildFly connect to a remote Artemis server.
-
-
-
The configuration of such a pooled-connection-factory is done in 3
-steps:
-
-
-
-
-
create an outbound-socket-binding pointing to the remote messaging
-server:
In Artemis 1.x topics and queues used had a prefix(jms.topic. and jms.queue.) that were prepended to the destination name.
-In Artemis 2.x this is no longer the case, but for compatibility reasons WildFly still prepend those prefixes and tells Artemis to run in compatibility mode.
-If you are connecting to a remote Artemis 2.x, it may not be in compatibility mode and thus the old prefixes may not be used anymore.
-If you need to use destinations without those prefixes, you can configure your connection factory not to use them by setting the attribute enable-amq1-prefix to false.
You can also add queues and topics defined on a remote Artemis server to be used as if they were local to the server. This means that you can make those remote destinations available via JNDI just like local destinations.
-You can also configure destinations not to enable the Artemis 1.x prefixes by setting the attribute enable-amq1-prefix to false. Those destinations are defined out-of the server element:
When a pooled-connection-factory is configured to connect to a remote
-Artemis, it is possible to configure Message-Driven Beans (MDB) to have
-them consume messages from this remote server.
-
-
-
The MDB must be annotated with the @ResourceAdapter annotation using
-the name of the pooled-connection-factory resource
If the MDB needs to produce messages to the remote server, it must
-inject the pooled-connection-factory by looking it up in JNDI using
-one of its entries.
A MDB must also specify which destination it will consume messages from.
-
-
-
The standard way is to define a destinationLookup activation config
-property that corresponds to a JNDI lookup on the local server.
-When the MDB is consuming from a remote Artemis server it will now create those bindings locally.
-It is possible to use the naming subsystem to configure
-external context federation to have local JNDI
-bindings delegating to external bindings.
-
-
-
However there is a simpler solution to configure the destination when
-using the Artemis Resource Adapter.
-Instead of using JDNI to lookup the Jakarta Messaging Destination resource, you can
-just specify the name of the destination (as configured in the remote
-Artemis server) using the destination activation config property and
-set the useJNDI activation config property to false to let the Artemis
-Resource Adapter create automatically the Jakarta Messaging destination without
-requiring any JNDI lookup.
These properties configure the MDB to consume messages from the Jakarta Messaging
-Queue named myQueue hosted on the remote Artemis server.
-In most cases, such a MDB does not need to lookup other destinations to
-process the consumed messages and it can use the JMSReplyTo destination
-if it is defined on the message.
-If the MDB needs any other Jakarta Messaging destinations defined on the remote
-server, it must use client-side JNDI by following the
-Artemis
-documentation or configure external configuration context in the naming
-subsystem (which allows to inject the Jakarta Messaging resources using the
-@Resource annotation).
The annotation @JMSDestinationDefinition can be used to create a destination on a remote Artemis Server. This will work in the same way as for a local server.
-For this it needs to be able to access Artemis management queue. If your remote Artemis Server management queue is not the default one you can pass the management queue address as a property to the @JMSDestinationDefinition.
-Please note that the destination is created remotely but won’t be removed once the deployement is undeployed/removed.
-
-
-
-
@JMSDestinationDefinition(
- // explicitly mention a resourceAdapter corresponding to a pooled-connection-factory resource to the remote server
- resourceAdapter = "activemq-ra",
- name="java:global/env/myQueue2",
- interfaceName="jakarta.jms.Queue",
- destinationName="myQueue2",
- properties = {
- "management-address=my.management.queue",
- "selector=color = 'red'"
- }
-)
-
-
-
-
You can also configure destinations not to enable the Artemis 1.x prefixes by adding a property enable-amq1-prefix to false to the @JMSDestinationDefinition.
-
-
-
-
@JMSDestinationDefinition(
- // explicitly mention a resourceAdapter corresponding to a pooled-connection-factory resource to the remote server
- resourceAdapter = "activemq-ra",
- name="java:global/env/myQueue2",
- interfaceName="jakarta.jms.Queue",
- destinationName="myQueue2",
- properties = {
- "enable-amq1-prefix=false"
- }
-)
WildFly supports both backwards and forwards compatibility with
-legacy versions that were using HornetQ as their messaging brokers (such
-as JBoss AS7 or WildFly 8 and 9).
-These two compatibility modes are provided by the ActiveMQ Artemis
-project that supports HornetQ’s CORE protocol:
-
-
-
-
-
backward compatibility: WildFly messaging clients (using Artemis) can
-connect to a legacy app server (running HornetQ)
-
-
-
forward compatibility: legacy messaging clients (using HornetQ) can connect
-to a WildFly 29 app server (running Artemis).
Forward compatibility requires no code change in legacy messaging clients. It
-is provided by the WildFly messaging-activemq subsystem and its
-resources.
-
-
-
-
-
legacy-connection-factory is a subresource of the
-messaging-activemq’s `server and can be used to store in JNDI a
-HornetQ-based ConnectionFactory.
The legacy-entries must be used by legacy clients (using HornetQ)
-while the regular entries are for WildFly 29 Jakarta Messaging clients (using
-Artemis).
-
-
-
The legacy client will then lookup these legacy messaging resources to
-communicate with WildFly.
-To avoid any code change in the legacy messaging clients, the legacy JNDI
-entries must match the lookup expected by the legacy client.
During migration, the legacy messaging subsystem will create a
-legacy-connection-factory resource and add legacy-entries to the
-jms-queue and jms-topic resource if the boolean attribute
-add-legacy-entries is set to true for its migrate operation. If
-that is the case, the legacy entries in the migrated
-messaging-activemq subsystem will correspond to the entries specified
-in the legacy messaging subsystem and the regular entries will be
-created with a -new suffix.
-If add-legacy-entries is set to false during migration, no legacy
-resources will be created in the messaging-activemq subsystem and
-legacy messaging clients will not be able to communicate with WildFly 29
-servers.
Backward compatibility requires no configuration change in the legacy
-server.
-WildFly 29 clients do not look up resources on the legacy server but
-use client-side JNDI to create their Jakarta Messaging resources. WildFly’s Artemis client
-can then use these resources to communicate with the legacy server
-using the HornetQ CORE protocol.
-
-
-
Artemis supports
-Client-side
-JNDI to create Jakarta Messaging resources ( ConnectionFactory and Destination).
-
-
-
For example, if a WildFly 29 messaging client wants to communicate with a
-legacy server using a queue named myQueue, it must use the
-following properties to configure its JNDI InitialContext:
-
-
-
-
java.naming.factory.initial=org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory
-connectionFactory.jms/ConnectionFactory=tcp://<legacy server address>:5445? \
- protocolManagerFactoryStr=org.apache.activemq.artemis.core.protocol.hornetq.client.HornetQClientProtocolManagerFactory
-queue.jms/myQueue=myQueue
-
-
-
-
It can then use the jms/ConnectionFactory name to create the Jakarta Messaging
-ConnectionFactory and jms/myQueue to create the Jakarta Messaging Queue.
-Note that the property
-protocolManagerFactoryStr=org.apache.activemq.artemis.core.protocol.hornetq.client.HornetQClientProtocolManagerFactory
-is mandatory when specifying the URL of the legacy connection factory so
-that the Artemis JMS client can communicate with the HornetQ broker in
-the legacy server.
Apache ActiveMQ Artemis (like HornetQ beforehand) ships with a high
-performance journal. Since Apache ActiveMQ Artemis handles its own
-persistence, rather than relying on a database or other 3rd party
-persistence engine it is very highly optimised for the specific
-messaging use cases. The majority of the journal is written in Java,
-however we abstract out the interaction with the actual file system to
-allow different pluggable implementations.
-
-
-
Apache ActiveMQ Artemis ships with two implementations:
-
-
-
-
-
Java NIO.
-
-
-
-
-
The first implementation uses standard Java NIO to interface with the
-file system. This provides extremely good performance and runs on any
-platform where there’s a Java 6+ runtime.
-
-
-
-
-
Linux Asynchronous IO
-
-
-
-
-
The second implementation uses a thin native code wrapper to talk to the
-Linux asynchronous IO library (AIO). With AIO, Apache ActiveMQ Artemis
-will be called back when the data has made it to disk, allowing us to
-avoid explicit syncs altogether and simply send back confirmation of
-completion when AIO informs us that the data has been persisted.
-
-
-
Using AIO will typically provide even better performance than using Java
-NIO.
-
-
-
The AIO journal is only available when running Linux kernel 2.6 or later
-and after having installed libaio (if it’s not already installed). If AIO is
-not supported on the system then Artemis will fallback to NIO. To know which
-type of journal is effectively used you can execute the following command using jboss-cli:
Please note that AIO is represented by ASYNCIO in the WildFly model configuration.
-
-
-
Also, please note that AIO will only work with the following file
-systems: ext2, ext3, ext4, jfs, xfs. With other file systems, e.g. NFS
-it may appear to work, but it will fall back to a slower synchronous
-behaviour. Don’t put the journal on a NFS share!
-
-
-
One point that should be added is that AIO doesn’t work well with
-encrypted partitions, thus you have to move to NIO on those.
If you see the following exception in your WildFly log file / console
-
-
-
-
[org.apache.activemq.artemis.core.server] (ServerService Thread Pool -- 64) AMQ222010: Critical IO Error, shutting down the server. file=AIOSequentialFile:/home/wildfly/wildfly-10.0.0.Final/standalone/data/activemq/journal/activemq-data-2.amq, message=Cannot open file:The Argument is invalid: java.io.IOException: Cannot open file:The Argument is invalid
- at org.apache.activemq.artemis.jlibaio.LibaioContext.open(Native Method)
-
-
-
-
that means that AIO isn’t working properly on your system.
-
-
-
To use NIO instead execute the following command using jboss-cli:
[org.hornetq.core.server] (ServerService Thread Pool -- 64) HQ222010: Critical IO Error, shutting down the server. file=AIOSequentialFile:/home/wildfly/wildfly-9.0.2.Final/standalone/data/messagingjournal/hornetq-data-1.hq, message=Can't open file: HornetQException[errorType=NATIVE_ERROR_CANT_OPEN_CLOSE_FILE message=Can't open file]
- at org.hornetq.core.libaio.Native.init(Native Method)
-
-
-
-
that means that AIO isn’t working properly on your system.
-
-
-
To use NIO instead execute the following commnd using jboss-cli :
The Artemis server that are integrated to WildFly can be configured to
-use a JDBC store for its messaging journal instead of its file-based
-journal.
-The server resource of the messaging-activemq subsystem needs to
-configure its journal-datasource attribute to be able to use JDBC
-store. If this attribute is not defined, the regular file-base journal
-will be used for the Artemis server.
-This attribute value must correspond to a data source defined in the
-datasource subsystem.
-
-
-
For example, if the datasources subsystem defines an ExampleDS data
-source at /subsystem=datasources/data-source=ExampleDS, the Artemis
-server can use it for its JDBC store with the operation:
Artemis JDBC store uses SQL commands to create the tables used to
-persist its information.
-These SQL commands may differ depending on the type of database. The SQL
-commands used by the JDBC store are located in modules/system/layers/base/org/apache/activemq/artemis/main/artemis-jdbc-store-${ARTEMIS_VERSION}.jar/journal-sql.properties.
-
-
-
Artemis uses different JDBC tables to store its bindings information,
-the persistent messages and the large messages (paging is not supported
-yet).
-
-
-
The name of these tables can be configured with the
-journal-bindings-table, journal-messages-table,
-journal-page-store-table, and journal-large-messages-table.
-
-
-
Please note that the configuration of the underlying pool is something that you need to take care of.
-You need at least four connections:
-
-
-
-
-
one for the binding
-
-
-
one for the messages journal
-
-
-
one for the lease lock (if you use HA)
-
-
-
one for the node manager shared state (if you use HA)
-
-
-
-
-
So you should define a min-pool-size of 4 for the pool.
-But one fact that you need to take into account is that paging and large messages can use an unbounded number of threads.
-The size, a.k.a. max-pool-size, of the pool should be defined according to the amount of concurrent threads that perform page/large message streaming operations. There is no defined rule for this as there is no 1-1 relation between the number of threads and the number of connections. The number of connections depend on the number of threads processing paging and large messages operations as well as the time you are willing to wait to get a connection (cf. blocking-timeout-wait-millis). When new large messages or paging operations occur they will be in a dedicated thread and will try to get a connection, being enqueued until one is ready or the time to obtain one runs out which will create a failure.
-You really need to tailor your configuration according to your needs and test it in your environment following the DataSource configuration subsystem documentation and perform tests and peroformance runs before going to production.
Each Artemis server can be configured to broadcast itself and/or discovery other Artemis servers within a cluster.
-Artemis supports two mechanisms for configuring broadcast/discovery:
Artemis can leverage the membership of an existing JGroups channel to both broadcast its identity and discover nodes on which Artemis servers are deployed.
-WildFly’s default full-ha profile uses this mechanism for broadcast/discovery using the default JGroups channel of the server (as defined by the JGroups subsystem).
-
-
-
To add this support to a profile that does not include it by default, use the following:
To segregate Artemis servers use a distinct membership, configure broadcast/discovery using a separate channel. To do this, first create the channel resource:
If the cluster is behind an HTTP load balancer we need to indicate to the clients that they must not use the cluster topology to connect to it but keep on using the initial connection to the load-balancer.
-For this you need to specify on the (pooled) connection factory not to use the topology by setting the attribute "use-topology-for-load-balancing" to false.
It is possible that if a replicated live or backup server becomes isolated in a network that failover will occur and you will end up with 2 live servers serving messages in a cluster, this we call split brain. You main mitigate this problem by configuring one or more addresses that are part of your network topology, that will be pinged through the life cycle of the server.
-
-
-
The server will stop itself until the network is back on such case.
-This is configured using the following configuration attributes:
-
-
-
-
-
network-check-NIC: The NIC (Network Interface Controller) to be used to validate the network.
-
-
-
network-check-period: The frequency of how often we should check if the network is still up.
-
-
-
network-check-timeout: The timeout used on the ping.
-
-
-
network-check-list: This is a comma separated list, no spaces, of DNS or IPs (it should accept IPV6) to be used to validate the network.
-
-
-
network-check-URL-list: The list of HTTP URIs to be used to validate the network.
-
-
-
network-check-ping-command: The command used to ping IPV4 addresses.
-
-
-
network-check-ping6-command: The command used to ping IPV6 addresses.
Make sure you understand your network topology as this is meant to validate your network. Using IPs that could eventually disappear or be partially visible may defeat the purpose. You can use a list of multiple IPs. Any successful ping will make the server OK to continue running
Transaction subsystem configures the behaviour of the transaction manager.
-Narayana is the transaction manager used in WildFly.
-The second component configured within the subsystem is
-WildFly Transaction Client
-(the WFTC serves as an abstract layer to work with the transactional context).
The structure of the transaction subsystem follows the structure of Narayana component.
-Narayana defines a separate configuration bean for every
-internal module.
-For example any configuration related to Narayana core is available through beans
-CoordinatorEnvironmentBean and
-CoreEnvironmentBean,
-for JTA processing it is
-JTAEnvironmentBean,
-for the transaction recovery setup it’s
-RecoveryEnvironmentBean.
-
-
-
The transaction subsystem provides only a sub-set of the configuration available via Narayana beans.
-Any other configuration option provided by Narayana is still possible to be configured via
-system properties and JVM restart is usually required.
-
-
-
Narayana defines unified naming for the system properties which are used for configuration.
-The system property is in form [bean name].[property name]. For example, the system property with name RecoveryEnvironmentBean.periodicRecoveryInitilizationOffset defined in
-RecoveryEnvironmentBean
-configures a waiting time for first time execution of the periodic recovery after application server starts.
The transaction subsystem separates the configuration into sections in XML configuration file.
-Every section belongs to some Narayana module.
-The configuration for model consists, on the other hand, of a flat structure of attributes
-(most of them at top level).
-
-
-
For example, the subsystem defines the node identifier under core-environment XML element in XML
-configuration, while the node-identifer attribute is defined directly under /subsystem=transactions
-resource in the model.
-
-
-
The description of individual attributes and their meaning can be found in the
-Model Reference Guide.
node-identifier, process-id-uuid, process-id-socket-binding, process-id-socket-max-ports model
- attributes are configured under core-environment XML element
If you configure the recovery-listener then Narayana binds the linked socket, and a user may request
-an explicit launch of
-the recovery scan.
-We can see an example of the socket communication in the following example.
-
-
-
telnet communication with recovery listener
-
-
telnet localhost 4712
-# command to start the recovery scan
-SCAN[enter]
-# at this time the transaction recovery has been started
-^]
-close
When subsystem defines the statistics-enabled to true Narayana starts gathering
-statistics about transaction processing. User can view a single attribute
-or list all statistics attributes as a group.
-Transaction statistics attributes are read-only runtime attributes.
-
-
-
observing all transaction statistics attributes
-
-
# connect to a running application server
-./bin/jboss-cli.sh -c
-
-# enable transaction statistics
-/subsystem=transactions:write-attribute(name=statistics-enabled, value=true)
-# list all statistics attributes
-/subsystem=transactions:read-attribute-group(name=statistics, include-runtime=true)
Narayana needs to persist data about transaction processing to a transaction log.
-This persistent storage is called object store in context of Narayana.
-Narayana requires to persist a log for an XA transactions that are processed
-with the two-phase commit protocol. Otherwise, the transaction is held only in memory
-without storing anything to the object store.
-
-
-
Narayana provides three object stores implementations.
-
-
-
-
-
ShadowNoFileLock store persists records in directory structure on the file system.
-A separate file represents an record, log of a prepared transaction.
-Used when attributes use-jdbc-store and use-journal-store are both false.
-
-
-
Journal store persists records in a journal file on the file system.
-Records are stored in append only log implemented within ActiveMQ Artemis
-project.
-Used when attribute use-journal-store is true and use-jdbc-store is false.
-
-
-
JDBC stores persists records in a database. The records are accessible via JDBC connection.
-This store requires a linked datasource from the datasources subsystem.
-Used when attribute use-jdbc-store is true and use-journal-store is false.
An XML configuration of object-store XML element configuring the journal store with model attributes
-object-store-path, object-store-relative-to, journal-store-enable-async-io is
JDBC implementation makes the transaction log to be persisted into a database.
-Transaction subsystem accesses the database via linked (via JNDI) non-transactional (jta=false) datasource.
-When the transaction subsystem configures the JDBC store implementation then
-the Transaction Manager creates one or few database tables (if they do not exist) to persist transaction data
-when WildFly starts. Narayana creates a separate table for each store type.
-Narayana uses the store type to grouping transaction records of the same type.
-
-
-
Narayana uses the following store types in WildFly
-
-
-
-
-
action store stores data for JTA transactions
-
-
-
state store stores data for TXOJ objects
-
-
-
communications store stores data for monitoring remote JTS transactions and storing CORBA IOR’s
-
-
-
-
-
Attributes configuration may define a prefix for each store type.
-When we configure no prefix, or the same prefix for all store types
-then Narayana saves the transaction data into the same database table.
-By default, Narayana persists transaction log in database table named JBossTSTxTable.
Makes possible for a database non-XA datasource (i.e., a local resource) to reliably
-participate in an XA transaction
-in the two-phase commit processing.
-The datasource has to be configured with connectable attribute of value true and linked to transaction
-subsystem as a commit markable resource (CMR).
-
-
-
As a prerequisite the database must contain a table named xids
-(the database table name can be configured with attribute name under commit-markable-resource)
-where Narayana persists additional metadata when two-phase commit prepares the non-XA datasource.
-
-
-
The SQL select that has to be working for xids table can be found
-in the Narayana code.
-
-
-
example of SQL statement to create the xids table to store CMR metadata
log-store is a runtime only resource
-that can be loaded with a snapshot of the content of the Narayana object store.
-The operation /subsystem=transactions/log-store=log-store:probe loads
-persisted transaction records from object store and that can be viewed in the model.
-Another :probe operation flushes the old data and loads up-to-date records.
The transactions and participant resources contains several operations
-that can be used to work with the content of the object store.
-
-
-
-
-
delete Removes the transaction record from the object store
-and calls the XAResource.forget call at all participants.
-
-
-
refresh Reloads information from the Narayana object store about the participant
-and updates the information from object store to model.
-
-
-
recover This operation switches the participant status to PREPARED.
-This is useful mostly for HEURISTIC participant records as HEURISTIC state is
-skipped by period recovery processing. Switching the HEURISTIC to PREPARED
-means that the periodic recovery will try to finish the record.
-
-
-
-
-
operations at log-store transactions structure
-
-
# delete of the transaction that subsequently deletes all participants
-/subsystem=transactions/log-store=log-store/transactions=0\:ffffc0a80065\:-22769d16\:60c87436\:1a:delete
-# delete of the particular participant
-/subsystem=transactions/log-store=log-store/transactions=0\:ffffc0a80065\:-22769d16\:60c87436\:1a/participants=1:delete
-# refresh and recover
-/subsystem=transactions/log-store=log-store/transactions=0\:ffffc0a80065\:-22769d16\:60c87436\:1a/participants=1:refresh
-/subsystem=transactions/log-store=log-store/transactions=0\:ffffc0a80065\:-22769d16\:60c87436\:1a/participants=1:recover
This org.wildfly.extension.metrics extension is included in all the standalone configurations included in the
-WildFly distribution as well as the metrics layer.
-
-
-
You can also add the extension to a configuration without it either by adding
-an <extension module="org.wildfly.extension.metrics"/>
-element to the xml or by using the following CLI operation:
The /subsystem=metrics resource defines three attributes:
-
-
-
-
-
security-enabled - a boolean to indicate whether authentication is required to access the HTTP metrics endpoint (described below). By default, it is true. The
-standalone configurations explicitly sets it to false to accept unauthenticated access to the HTTP endpoints.
-
-
-
exposed-subsystems - a list of strings corresponding to the names of subsystems that exposes their metrics in the HTTP metrics endpoints.
-By default, it is not defined (there will be no metrics exposed by subsystem. The special wildcard "" can be used to expose metrics from all subsystems. The standalone
-configuration sets this attribute to "".
-
-
-
prefix - A string to prepend to WildFly metrics that are exposed by the HTTP endpoint /metrics with the Prometheus output format.
Secured access to the HTTP endpoint is controlled by the security-enabled attribute of the /subsystem=metrics resource.
-If it is set to true, the HTTP client must be authenticated.
-
-
-
If security is disabled, the HTTP endpoint returns a 200 OK response:
-
-
-
-
$ curl -v http://localhost:9990/metrics
-< HTTP/1.1 200 OK
-...
-# HELP base_classloader_total_loaded_class_count Displays the total number of classes that have been loaded since the Java virtual machine has started execution
-.
-# TYPE base_classloader_total_loaded_class_count counter
-base_classloader_total_loaded_class_count 10822.0
-...
-
-
-
-
If security has been enabled, the HTTP client must pass the credentials corresponding to a management user
-created by the add-user script. For example:
-
-
-
-
$ curl -v --digest -u myadminuser:myadminpassword http://localhost:9990/metrics
-< HTTP/1.1 200 OK
-...
-# HELP base_classloader_total_loaded_class_count Displays the total number of classes that have been loaded since the Java virtual machine has started execution
-.
-# TYPE base_classloader_total_loaded_class_count counter
-base_classloader_total_loaded_class_count 10822.0
-...
-
-
-
-
If the authentication fails, the server will reply with a 401 NOT AUTHORIZED response.
WildFly metrics names are based on the subsystem that provides them as well as the name of the attribute from the management model.
-Their name can also be prepended with a prefix (specified on the /subsystem=metrics resource).
-Other information is stored using labels.
-
-
-
For example Undertow exposes a metric attribute request-count for every Servlet in an application deployment.
-This attribute will be exposed to Prometheus with the name wildfly_undertow_request_count.
-Other information such as the name of the Servlet are added to the labels of the metrics.
-
-
-
The helloworld quickstart demonstrates the use of CDI and Servlet in Wildfly.
-A corresponding metric will be exposed for it with the name and labels:
-Some subsystems (such as undertow or messaging-activemq) do not enable their statistics by default
-as they have an impact on performance and memory usage. These subsystems provides a statistics-enabled attribute that must
-be set to true to enable them.
-For convenience, WildFly standalone configuration provides expressions to enable the statistics by setting a
-System property -Dwildfly.statistics-enabled=true to enable statistics on the subsystems provided by the configuration.
-
Micrometer is a vendor-neutral observability facade that provides a generic, reusable API for registering and recording metrics related to application performance. This extension provides an integration with Micrometer, exposing its API to deployed applications so that they may expose application-specific metrics in addition to the server metrics added by the extension.
-
-
-
-
-
-
-
-
-Standard WildFly continues to use the existing metrics subsystem, so this extension must be manually added and configured. See below for details.
-
This org.wildfly.extension.micrometer extension is available to all the standalone configurations included in the WildFly distribution, but must be added manually:
This subsystem exposes metrics from the WildFly Management Model and JVM MBeans, as well as end-user applications via the Micrometer API now exposed to applications deployed to the server. By default, this extension will attempt to push metrics data via the OTLP protocol to an OpenTelemetry-compatible "collector". The endpoint for the collector must be configured explicitly, as you can see in the write-attribute statement above.
-
-
-
-
-
-
-
-
-It is assumed that the server administrator will provision and secure the collector, which is outside the scope of this document.
-
-
-
-
-
-
Note that this an alternative to the existing WildFly Metrics extension. While they may be run concurrently, it is not advisable, as this will likely have an impact on server performance due to the duplicated metrics collection. To disable WildFly Metrics, issue these commands:
exposed-subsystems - a list of strings corresponding to the names of subsystems that exposes their metrics in the
-HTTP metrics endpoints. By default, it is not defined (there will be no metrics exposed by subsystem). The special wildcard "*" can be used to expose metrics from all subsystems. The standalone configuration sets this attribute to "*".
-
-
-
step - the step size, or reporting frequency, to use (in seconds).
WildFly metrics names are based on the subsystem that provides them, as well as the name of the attribute from the management model.
-
-
-
For example Undertow exposes a metric attribute request-count for every Servlet in an application deployment. This attribute will be exposed with the name undertow_request_count. Other information such as the name of the Servlet are added to the tags of the metric.
-
-
-
The helloworld quickstart demonstrates the use of CDI and Servlet in WildFly. A corresponding metric will be exposed for it with the name and tags:
-Some subsystems (such as undertow or messaging-activemq) do not enable their statistics by default as they have an impact on performance and memory usage. These subsystems provide a statistics-enabled attribute that must be set to true to enable them. For convenience, WildFly standalone configuration provides expressions to enable the statistics by setting a System property -Dwildfly.statistics-enabled=true to enable statistics on the subsystems provided by the configuration.
-
Unlike the previous metrics systems, this new extension exposes an API (that of Micrometer) to applications in order to allow developers to record and export metrics out of the box. To do so, application developers will need to inject a MeterRegistry instance:
This provides the application with a MeterRegistry instance that will have any recorded metrics exported with the system metrics WildFly already exposes. There is no need for an application to include the Micrometer dependencies in the application archive, as they are provided by the server out-of-the-box:
This extension is not included in any of the standalone configurations included in the WildFly distribution.
-To enable, the administrator must run the following CLI commands:
The sampler is configured via the sampler element:
-
-
-
-
-
type: The type of sampler to use
-
-
-
-
on: Always on (all traces are recorded)
-
-
-
off: Always off (no traces are recorded)
-
-
-
ratio: Return a ratio of the traces (e.g., 1 trace in 10000).
-
-
-
-
-
-
ratio: The value used to configure the ratio sampler, which must be within [0.0, 1.0].For example, if 1 trace in 10,000 is to be exported, this value would be 0.0001.
The following XML is an example of the full configuration, including default values (WildFly does not typically persist
-default values, so what you see in the configuration file may look different):
All incoming REST requests are automatically traced, so no work needs be done in user applications.If a REST request is received and the OpenTelemetry context propagation header (traceparent) is present, the request will traced as part of the remote trace context automatically.
-
-
-
Likewise, all Jakarta REST Client calls will have the trace context added to outgoing request headers so that requests to external applications can be traced correctly (assuming the remote system properly handles OpenTelemetry trace context propagation).If the REST Client call is made to another application on the local WildFly server, or a remote server of the same version or later, the trace context will propagate automatically as described above.
-
-
-
While automatic tracing may be sufficient in many cases, it will often be desirable to have traces occur throughout the user application.To support that, WildFly makes available the io.opentelemetry.api.OpenTelemetry and
-io.opentelemetry.api.trace.Tracer instances, via CDI injection.A user application, then is able to create arbitrary spans as part of the server-managed trace:
-
-
-
-
@Path("/myEndpoint")
-publicclassMyEndpoint {
- @Inject
- private Tracer tracer;
-
- @GET
- public Response doSomeWork() {
- final Span span = tracer.spanBuilder("Doing some work")
- .startSpan();
- span.makeCurrent();
- doSomeMoreWork();
- span.addEvent("Make request to external system.");
- makeExternalRequest();
- span.addEvent("All the work is done.");
- span.end();
-
- return Response.ok().build();
-}
This subsystem exposes only healthiness checks for the WildFly runtime.
-Support for MicroProfile Health is provided by
-the microprofile-health-smallrye subsystem.
This org.wildfly.extension.health extension is included in all the standalone configurations included in the
-WildFly distribution as well as the health layer.
-
-
-
You can also add the extension to a configuration without it either by adding
-an <extension module="org.wildfly.extension.health"/>
-element to the xml or by using the following CLI operation:
The /subsystem=health resource defines one attribute:
-
-
-
-
-
security-enabled - a boolean to indicate whether authentication is required to access the HTTP health endpoint (described below). By default, it is true. The
-standalone configurations explicitly sets it to false to accept unauthenticated access to the HTTP endpoints.
Secured access to the HTTP endpoint is controlled by the security-enabled attribute.
-If it is set to true, the HTTP client must be authenticated.
-
-
-
If security has been enabled, the HTTP client must pass the credentials corresponding to a management user
-created by the add-user script. For example:
If the authentication fails, the server will reply with a 401 NOT AUTHORIZED response.
-
-
-
-
-
-
-
-
-The HTTP response contains additional information with individual outcomes for each probe that determined the healthiness.
-This is informational only and the HTTP response code is the only relevant data to determine the healthiness of the application server.
-
This extension is included in the standard configurations included in the
-WildFly distribution.
-
-
-
You can also add the extension to a configuration without it either by adding
-an <extension module="org.wildfly.extension.microprofile.config-smallrye"/>
-element to the xml or by using the following CLI operation:
In addition to the default ConfigSources specified by the MicroProfile Config specification
-(environment variables, System properties and META-INF/microprofile-config.properties file), the
-microprofile-config-smallrye provides additional types of ConfigSource
-This corresponds to the layout used by OpenShift ConfigMaps.
-The dir value corresponds to the mountPath in the ConfigMap definition in OpenShift or Kubernetes.
-
You can also point to a root directory by adjusting the examples in the preceding section to include
-root=true when defining them. Top level directories within this root directory each become an
-individual ConfigSource reading from a directory similar to what we saw earlier in
-ConfigSource from Directory. Any directories below the top-level
-directories are ignored. Also, any files in the root directory are ignored; only files in the top
-level directories within the root directory will be used for the configuration.
-
-
-
This is especially useful when running on OpenShift where constructs such as ConfigMap and
-ServiceBinding instances get mapped under
-a common known location. For example if there are two ConfigMap instances (for this example,
-we will call them map-a, and map-b) used by your application pod, they will
-each get mapped under /etc/config. So you would have /etc/config/map-a and /etc/config/map-b
-directories.
-
-
-
Each of these directories will have files where the file name is the name of the property and the file
-content is the value of the property, like we saw earlier.
-
-
-
We can thus simply run the following CLI command to pick up all these child directories as
-a ConfigSource each:
Specifying the root directory rather than each individual directory removes the need to know the
-exact names of each entry under the common parent directory (this is especially useful in some
-OpenShift scenarios where the names of these directories are auto-generated).
-
-
-
The situation where two ConfigSource entries under the same root both contain the same property
-should be avoided. However, to make this situation deterministic, the directories representing each
-ConfigSource are sorted by their name according to standard Java sorting rules before doing the
-lookup of values. To make this more concrete, if we have the following entries:
-* /etc/config/map-a/name contains kabir
-* /etc/config/map-b/name contains jeff
-
-
-
Since map-a will come before map-b after sorting, in the following scenario kabir (coming from
-map-a) will be injected for the following username field:
You may override this default sorting by including a file called config_ordinal in a directory. The
-ordinal specified in that file will be used for config values coming from that directory. Building
-on our previous example, if we had:
-* /etc/config/map-a/config_ordinal contains 120
-* /etc/config/map-b/config_ordinal contains 140
-
-
-
Since now map-b has a higher ordinal (140) than map-a (120), we will instead inject the value
-jeff for the earlier username field.
-
-
-
If there is no config_ordinal file in a top-level directory under the root directory, the
-ordinal used when specifying the ConfigSource will be used for that directory.
You can create a specific type of ConfigSource implementation by creating a config-source resource
-with a class attribute.
-
-
-
For example, you can provide an implementation of org.eclipse.microprofile.config.spi.ConfigSource
-that is named org.example.MyConfigSource and provided by a JBoss module named org.example:
You can create a specific type of ConfigSourceProvider implementation by creating a config-source-provider resource
-with a class attribute.
-
-
-
For example, you can provide an implementation of org.eclipse.microprofile.config.spi.ConfigSourceProvider
-that is named org.example.MyConfigSourceProvider and provided by a JBoss module named org.example:
Applications that are deployed in WildFly must have Jakarta Contexts and Dependency Injection enabled (e.g. with a META-INF/beans.xml
-or by having Jakarta Contexts and Dependency Injection Bean annotation) to be able to use MicroProfile Config in their code.
This extension is included in the standalone-microprofile configurations included in the
-WildFly distribution.
-
-
-
You can also add the extension to a configuration without it either by adding
-an <extension module="org.wildfly.extension.microprofile.health-smallrye"/>
-element to the xml or by using the following CLI operation:
Secured access to the HTTP endpoint is controlled by the security-enabled attribute of the /subsystem=microprofile-health-smallrye resource.
-The value of this attribute will override the security-enabled attribute of the /subsystem=health resource (documented in Health subsystem configuration guide).
-If it is set to true, the HTTP client must be authenticated.
-
-
-
If security has been enabled, the HTTP client must pass the credentials corresponding to a management user
-created by the add-user script. For example:
WildFly provides some readiness procedures that are checked to determine if the application server is ready to serve requests:
-
-
-
-
-
boot-errors checks that there were no errors during the server boot sequence
-
-
-
deployments-status checks that all deployments were deployed without errors
-
-
-
server-state checks that the server state is running
-
-
-
empty-readiness-checks determines the status when there are no readiness check procedures deployed to the server. The outcome of this procedure is determined by the empty-readiness-checks-status attribute. If the attribute is
-UP (by default), the server can be ready when there are no readiness checks in the deployments. Setting the empty-readiness-checks-status attribute to DOWN will make this procedure fail when there are no readiness checks in the deployments.
-
-
-
-
-
If a deployment does not provide any readiness checks, WildFly will automatically add one for each deployment (named ready-<deployment name>) which always returns UP.
-
-
-
-
-
-
-
-
-
-
This allows applications that does not provide readiness checks to still be able to inform cloud containers when they are ready to serve requests.
-Setting empty-readiness-checks-status to DOWN ensures that the server will not be ready until the application is deployed. At that time, the ready-<deployment name>
-will be added (which returns UP) and the empty-readiness-checks procedure will no longer be checked as there is now a readiness check procedure provided either by the deployment or by the server.
-
-
-
-
-
-
-
WildFly also provide a liveness procedure that is checked to determine if the application server is live:
-
-
-
-
-
empty-liveness-checks determines the status when there are no liveness check procedures deployed to the server. The outcome of this procedure is determined by the empty-liveness-checks-status attribute. If the attribute is
-UP (by default), the server can be live when there are no liveness checks in the deployments. Setting the empty-liveness-checks-status attribute to DOWN will make this procedure fail when there are no liveness checks in the deployments.
-
-
-
-
-
WildFly also provides a similar procedure for what concerns startup checks:
-
-
-
-
-
empty-startup-checks determines the status when there are no startup check procedures deployed to the server. The outcome of this procedure is determined by the empty-startup-checks-status attribute. If the attribute is
-UP (by default), the server can be ready when there are no startup checks in the deployments. Setting the empty-startup-checks-status attribute to DOWN will make this procedure fail when there are no readiness checks in the deployments.
-
-
-
-
-
If a deployment does not provide any startup checks, WildFly will automatically add one for each deployment (named started-<deployment name>) which always returns UP.
-
-
-
-
-
-
-
-
-
-
This allows applications that does not provide startup checks to still be able to inform cloud containers when they are started to proceed with the container start.
-Setting empty-startup-checks-status to DOWN ensures that the server will not be ready until the application is deployed. At that time, the started-<deployment name>
-will be added (which returns UP) and the empty-startup-checks procedure will no longer be checked as there is now a startup check procedure provided either by the deployment or by the server.
It is possible to disable all these server procedures by using the MicroProfile Config property mp.health.disable-default-procedures.
-
-
-
-
-
-
-
-
-
-
The MicroProfile Config property mp.health.disable-default-procedures is read at 2 different times:
-
-
-
-
-
When the server starts, to determine if its server procedures should be disabled or enabled. It can be set using the system property mp.health.disable-default-procedures or the environment variable MP_HEALTH_DISABLE_DEFAULT_PROCEDURES. Setting this property in a deployment is ignored at that time.
-
-
-
When an application is deployed, to determine if WildFly should add a readiness check if the deployment does not provide any. At that time, setting this property in a microprofile-config.properties file in the deployment would be taken into account. (with the usual priority rules for MicroProfile Config properties).
-
-
-
-
-
-
-
-
-
When the mp.health.disable-default-procedures is set to true the server will not return any of its health checks in the responses which involve also the default empty configurable checks included before the deployments are processed, namely empty-readiness-checks, empty-startup-checks, and empty-liveness-checks. This means that the server might prematurely respond with invalid UP response particularly to startup and readiness invocations before the user deployment is processed. For this reason, MicroProfile Health specification defines two MicroProfile Config properties that specify the response returned while the server is still processing deployments, i.e. it returns an empty health response:
-
-
-
-
-
mp.health.default.readiness.empty.response (default DOWN) that specifies empty readiness response. This response will be switched to UP once the user deployment is processed even if it doesn’t contain any readiness checks. Otherwise, it will be switched to the status set by the user readiness checks.
-
-
-
mp.health.default.startup.empty.response (default DOWN) that specifies empty startup response. This response will be switched to UP once the user deployment is processed even if it doesn’t contain any startup checks. Otherwise, it will be switched to the status set by the user startup checks.
Support for MicroProfile JWT RBAC is provided by the microprofile-jwt-smallrye subsystem.
-
-
-
The MicroProfile JWT specification describes how authentication can be performed using cryptographically signed JWT tokens and the contents of the token to be used to establish a resuting identity without relying on access to external repositories of identities such as databases or directory servers.
The MicroProfile JWT integration is provided by the microprofile-jwt-smallrye subsystem and is included in the default configuration, if not present the subsystem can be added using the following CLI commands.
The microprofile-jwt-smallrye subsystem contains no configurable attributes or resources, it’s presence is required however to detect if a deployment is making use of the MP-JWT authentication mechanism and to activate support for JWT making use of the SmallRye JWT project.
The subsystem will scan all deployments to detect if the MP-JWT mechanism is required for any web components and if true activate the integration and the authentication mechanism.
-
-
-
The classes in the deployment will be scanned to identify if there is a class which extends jakarta.ws.rs.core.Application annotated with the org.eclipse.microprofile.auth.LoginConfig to specify an auth-method. Additionally the auth-method contained within the deployments web.xml will be checked.
-
-
-
If authentication configuration is defined within the @LoginConfig annotation and within the web.xml deployment descriptor the contents of the web.xml are given precedence.
-
-
-
If after evaluating the deployment the resulting auth-method is MP-JWT then this integration will be activated, in all other cases no activation will occur and deployment will continue as normal.
For an individual deployment the configuration in relation to MicroProfile JWT can be provided using MicroProfile Config properties, many are defined within the MicroProfile JWT specification however SmallRye JWT also supports some additional properties.
There are presently a couple of limitations with support for JWKS which we are looking to address.
-
-
-
-
-
If a JWKS is inlined using the mp.jwt.verify.publickey property then only the first key from the set will be used with the remainder being ignored.
-
-
-
Encoding of JWKS using Base64 is presently unsupported.
-
-
-
-
-
In both cases a clear text JWKS can be referenced instead using the mp.jwt.verify.publickey.location config property.
-
-
-
Support for Base64 encoded JWKS keys and inlined JWKS keys within the mp.jwt.verify.publickey property will be further evaluation and either support added or a contibution to the specification to remove these options.
The SmallRye JWT specific properties allow for a lot of customisation not covered by the specification, however as these are not specification defined they could be subject to change.
-
-
-
-
-
-
-
-
-
-
Property Name
-
Default
-
Description
-
-
-
smallrye.jwt.verify.key.location
-
NONE
-
Location of the verification key which can point to both public and secret keys. Secret keys can only be in the JWK format. Note that 'mp.jwt.verify.publickey.location' will be ignored if this property is set.
-
-
-
smallrye.jwt.verify.algorithm
-
RS256
-
Signature algorithm. Set it to ES256 to support the Elliptic Curve signature algorithm. This property is deprecated, use mp.jwt.verify.publickey.algorithm.
-
-
-
smallrye.jwt.verify.key-format
-
ANY
-
Set this property to a specific key format such as PEM_KEY, PEM_CERTIFICATE, JWK or JWK_BASE64URL to optimize the way the verification key is loaded.
-
-
-
smallrye.jwt.verify.relax-key-validation
-
false
-
Relax the validation of the verification keys, setting this property to true will allow public RSA keys with the length less than 2048 bit.
-
-
-
smallrye.jwt.verify.certificate-thumbprint
-
false
-
If this property is enabled then a signed token must contain either 'x5t' or 'x5t#S256' X509Certificate thumbprint headers. Verification keys can only be in JWK or PEM Certificate key formats in this case. JWK keys must have a 'x5c' (Base64-encoded X509Certificate) property set.
-
-
-
smallrye.jwt.token.header
-
Authorization
-
Set this property if another header such as Cookie is used to pass the token. This property is deprecated, use mp.jwt.token.header.
-
-
-
smallrye.jwt.token.cookie
-
none
-
Name of the cookie containing a token. This property will be effective only if smallrye.jwt.token.header is set to Cookie. This property is deprecated, use mp.jwt.token.cookie.
-
-
-
smallrye.jwt.always-check-authorization
-
false
-
Set this property to true for Authorization header be checked even if the smallrye.jwt.token.header is set to Cookie but no cookie with a smallrye.jwt.token.cookie name exists.
-
-
-
smallrye.jwt.token.schemes
-
Bearer
-
Comma-separated list containing an alternative single or multiple schemes, for example, DPoP.
-
-
-
smallrye.jwt.token.kid
-
none
-
Key identifier. If it is set then the verification JWK key as well every JWT token must have a matching kid header.
-
-
-
smallrye.jwt.time-to-live
-
none
-
The maximum number of seconds that a JWT may be issued for use. Effectively, the difference between the expiration date of the JWT and the issued at date must not exceed this value.
-
-
-
smallrye.jwt.require.named-principal
-
false
-
If an application relies on java.security.Principal returning a name then a token must have a upn or preferred_username or sub claim set. Setting this property will result in SmallRye JWT throwing an exception if none of these claims is available for the application code to reliably deal with a non-null Principal name.
-
-
-
smallrye.jwt.path.sub
-
none
-
Path to the claim containing the subject name. It starts from the top level JSON object and can contain multiple segments where each segment represents a JSON object name only, example: realms/subject. This property can be used if a token has no 'sub' claim but has the subject set in a different claim. Use double quotes with the namespace qualified claims.
-
-
-
smallrye.jwt.claims.sub
-
none
-
This property can be used to set a default sub claim value when the current token has no standard or custom sub claim available. Effectively this property can be used to customize java.security.Principal name if no upn or preferred_username or sub claim is set.
-
-
-
smallrye.jwt.path.groups
-
none
-
Path to the claim containing the groups. It starts from the top level JSON object and can contain multiple segments where each segment represents a JSON object name only, example: realm/groups. This property can be used if a token has no 'groups' claim but has the groups set in a different claim. Use double quotes with the namespace qualified claims.
-
-
-
smallrye.jwt.groups-separator
-
' '
-
Separator for splitting a string which may contain multiple group values. It will only be used if the smallrye.jwt.path.groups property points to a custom claim whose value is a string. The default value is a single space because a standard OAuth2 scope claim may contain a space separated sequence.
-
-
-
smallrye.jwt.claims.groups
-
none
-
This property can be used to set a default groups claim value when the current token has no standard or custom groups claim available.
-
-
-
smallrye.jwt.jwks.refresh-interval
-
60
-
JWK cache refresh interval in minutes. It will be ignored unless the mp.jwt.verify.publickey.location points to the HTTP or HTTPS URL based JWK set and no HTTP Cache-Control response header with a positive max-age parameter value is returned from a JWK set endpoint.
-
-
-
smallrye.jwt.jwks.forced-refresh-interval
-
30
-
Forced JWK cache refresh interval in minutes which is used to restrict the frequency of the forced refresh attempts which may happen when the token verification fails due to the cache having no JWK key with a kid property matching the current token’s kid header. It will be ignored unless the mp.jwt.verify.publickey.location points to the HTTP or HTTPS URL based JWK set.
-
-
-
smallrye.jwt.expiration.grace
-
60
-
Expiration grace in seconds. By default an expired token will still be accepted if the current time is no more than 1 min after the token expiry time.
-
-
-
smallrye.jwt.verify.aud
-
none
-
Comma separated list of the audiences that a token aud claim may contain. This property is deprecated. Use mp.jwt.verify.audiences instead.
-
-
-
smallrye.jwt.required.claims
-
none
-
Comma separated list of the claims that a token must contain.
-
-
-
smallrye.jwt.decrypt.key.location
-
none
-
Config property allows for an external or internal location of Private Decryption Key to be specified. This property is deprecated, use mp.jwt.decrypt.key.location.
-
-
-
smallrye.jwt.decrypt.algorithm
-
RSA_OAEP
-
Decryption algorithm.
-
-
-
smallrye.jwt.token.decryption.kid
-
none
-
Decryption Key identifier. If it is set then the decryption JWK key as well every JWT token must have a matching kid header.
For traditional deployments to WildFly where security is required a security domain name would be identified during deployment and this in turn would be mapped to use configured resources either within the elytron or legacy security subsystems.
-
-
-
One of the main motivations for using MicroProfile JWT is the ability to describe an identity from the incoming token without relying on access to external resources. For this reason MicroProfile JWT deployments will not depend on managed SecurityDomain resources, instead a virtual SecurityDomain will be created and used across the deployment.
-
-
-
As the deployment is configured entirely within the MicroProfile Config properties other than the presence of the microprofile-jwt-smallrye subsystem the virtual SecurityDomain means no other managed configuration is required for the deployment.
The OpenAPI specification defines a contract for JAX-RS applications in the same way that WSDL defined a contract for legacy web services.
-The MicroProfile OpenAPI specification defines a mechanism for generating an OpenAPI v3 document from a JAX-RS application as well as an API for customizing production of the document.
The MicroProfile OpenAPI capability is provided by the microprofile-openapi-smallrye subsystem.
-This subsystem is included in the default standalone-microprofile.xml configuration of the WildFly distribution.
-
-
-
You can also add the subsystem manually to any profile via the CLI:
The microprofile-openapi-smallrye subsystem obtains all of its configuration via MicroProfile Config. Thus the subsystem itself defines no attributes.
-
-
-
In addition to the standard Open API configuration properties, WildFly supports the following additional MicroProfile Config properties:
-
-
-
-
-
-
-
-
-
-
Property
-
Default
-
Description
-
-
-
-
-
mp.openapi.extensions.enabled
-
true
-
Enables/disables registration of an OpenAPI endpoint. Many users will want to parameterize this to selectively enable/disable OpenAPI in different environments.
-
-
-
mp.openapi.extensions.path
-
/openapi
-
Used to customize the path of the OpenAPI endpoint.
-
-
-
mp.openapi.extensions.servers.relative
-
true
-
Indicates whether auto-generated Server records are absolute or relative to the location of the OpenAPI endpoint. If absolute, WildFly will generate Server records including the protocols, hosts, and ports at which the given deployment is accessible.
The MicroProfile OpenAPI specification defines an HTTP endpoint that serves an OpenAPI 3.0 document describing the REST endpoints for the host.
-The OpenAPI endpoint is registered using the configured path (e.g. http://localhost:8080/openapi) local to the root of the host associated with a given deployment.
-
-
-
-
-
-
-
-
-Currently, the OpenAPI endpoint for a given virtual host can only document a single JAX-RS deployment.
-To use OpenAPI with multiple JAX-RS deployments registered with different context paths on the same virtual host, each deployment should use a distinct endpoint path.
-
-
-
-
-
-
By default, the OpenAPI endpoint returns a YAML document.
-Alternatively, a JSON document can be requested via an Accept HTTP header, or a format query parameter.
If the Undertow server/host of a given application defines an HTTPS listener, then the OpenAPI document will also be available via HTTPS, e.g. https://localhost:8443/openapi
This extension is automatically included in the standalone-microprofile server profiles,
-however, it is not included by default in the default configuration of WildFly.
-
-
-
-
-
-
-
-
-The MicroProfile Metrics extension and subsystem are required by this extension to provide Metrics integration,
-please follow the instructions in the MicroProfile Metrics Subsystem Configuration section.
-If the Metrics subsystem is not available, no metrics data will be collected.
-
-
-
-
-
-
You can add the extension to a configuration without it either by using the following CLI operations:
Support for MicroProfile Reactive Streams Operators is
-provided as a Tech Preview feature by the microprofile-reactive-streams-operators-smallrye subsystem.
This extension is not included in the standard configurations included in the WildFly distribution.
-
-
-
You can add the extension to a configuration either by adding
-an <extension module="org.wildfly.extension.microprofile.reactive-streams-operators-smallrye"/>
-element to the xml or by using the following CLI operation:
If you provision your own server and include the microprofile-reactive-streams-operators layer, you will get the required modules, and the extension and subsystem will be added to your configuration.
WildFly’s MicroProfile Reactive Streams Operators subsystem implements MicroProfile Reactive Streams Operators 2.0, which adds support for asynchronous streaming of data. It essentially replicates the the interfaces, and their implementations, that were made available in the java.util.concurrent.Flow class introduced in Java 9. Thus MicroProfile Reactive Streams Operators can be considered a stop-gap until Java 9 and later is ubiquitous.
The microprofile-reactive-streams-operators-smallrye subsystem contains no configurable attributes or resources. Its presence makes the interfaces
-from the MicroProfile Reactive Streams Operators available to a deployment, and provides the implementation. Additionally it makes an instance of the ReactiveStreamsEngine class available for injection.
This extension is not included in the standard configurations included in the WildFly distribution.
-
-
-
You can add the extension to a configuration either by adding
-an <extension module="org.wildfly.extension.microprofile.reactive-messaging-smallrye"/>
-element to the xml or by using the following CLI operation:
If you provision your own server and include the microprofile-reactive-messaging Galleon layer, you will get the required modules, and the extension and subsystem will be added to your configuration.
-
-
-
If you provision the microprofile-reactive-messaging-kafka Galleon layer it includes the modules to enable the Kafka connector functionality. The microprofile-reactive-messaging-kafka layer includes the microprofile-reactive-messaging layer which provides the core MicroProfile Reactive Messaging functionality.
WildFly’s MicroProfile Reactive Messaging subsystem implements MicroProfile Reactive Messaging {eclipse-mp-reactive-messaging-api-version}, which adds support for asynchronous messaging support based on MicroProfile Reactive Streams Operators.
The microprofile-reactive-messaging-smallrye subsystem contains no configurable attributes or resources. For the core MicroProfile Reactive Messaging functionality there is no configuration. For configuration of the connectors to external brokers MicroProfile Config is used.
The subsystem will scan all deployments to find classes containing methods with the org.eclipse.microprofile.reactive.messaging.Incoming or org.eclipse.microprofile.reactive.messaging.Outgoing annotations. If these annotations are found, Reactive Messaging will be enabled for the deployment.
See the spec for more thorough examples, this section just attempts to summarize the highlights.
-
-
-
Version 1.0 of the MicroProfile Reactive Messaging specification introduced the @Incoming and @Outgoing annotations. They are intended for use in an @ApplicationScoped (or @Dependent) CDI bean:
Values generated by the generate() method will be received by the consume() method. In this basic setup where the channel names match, the streams are dealt with in-memory. We’ll see how to have them handled by Kafka later on.
-
-
-
In the above example, we are essentially generating values and consuming them with no user-interaction. MicroProfile Reactive Messaging 2.0 introduces a @Channel annotation, which can be used to inject a Publisher for receiving values sent on streams, and an Emitter which can be used to send values to a stream. This makes it easier to send/receive values from code paths resulting from user interaction:
In the above example we can now easily send data to the Reactive Messaging streams by calling Emitter.send(). Similarly, we can subscribe to the Publisher and receive the data. However, receiving still has a few shortcomings:
-
-
-
-
-
The above example will not work out of the box. When trying to send on the Emitter, you will get an error that there are no subscibers (which in turn runs the risk of causing overflow). This can be worked around by creating a subscription on the Publisher.
-
-
-
At present there can only be one subscription on the injected Publisher.
-
-
-
-
-
The above points means that this Publisher is not usable directly as an asynchronous return value for e.g. a Jakarta RESTFul Webservices endpoint. As the Jakarta RESTFul Webservices request is what will create the subscription such a call would need to happen before calling Emitter.send().
-
-
-
If we replace the Emitter with the generate() method from the original method our example will work. However, if we return the Publisher to more than one Jakarta RESTFul Webservices request, we end up with more than one subscriptions which will not all receive every single value.
-
-
-
User’s applications intended to return published values to users via e.g. Jakarta RESTFul Webservices will need to do their own subscriptions and buffering of the data. Care must be taken to not let the cache grow uncontrolled, which could cause OutOfMemoryErrors.
MicroProfile Reactive Messaging is designed to be flexible enough to integrate with a wide variety of external messaging systems. This functionality is provided via 'connectors'.
-
-
-
The only included connector at the moment is the Kafka connector.
-
-
-
Connectors are configured using MicroProfile Config. The property keys for the methods have some prefixes mandated by the MicroProfile Reactive Messaging Specification which lists these as:
Essentially channel-name is the @Incoming.value() or the @Outgoing.value().
-
-
-
If we have the following pair of methods:
-
-
-
-
@Outgoing("to")
-publicint send() {
- int i = // Randomly generated...
-}
-
-@Incoming("from")
-publicvoid receive(int i) {
- // Process payload
-}
-
-
-
-
Then the property prefixes mandated by the MicroProfile Reactive Messaging specifications are:
-
-
-
-
-
mp.messaging.incoming.from. - this would pick out the property as configuration of the receive() method.
-
-
-
mp.messaging.outgoing.to. - this would pick out the property as configuration of the send() method.
-
-
-
-
-
Note that although these prefixes are understood by the subsystem, the full set depends on the connector you want to configure. Different connectors understand different properties.
Next we will briefly discuss each of these entries. Remember the to channel is on the send() method, and the from channel is on the receive() method.
-
-
-
kafka.bootstrap.servers=kafka:9092 sets the URL of the Kafka broker to connect to for the whole application. It could also be done for just the to channel by setting mp.messaging.outgoing.to.bootstrap.servers=kafka:9092 instead.
-
-
-
mp.messaging.outgoing.to.connector=smallrye-kafka says that we want to use Kafka to back the to channel. Note that the value smallrye-kafka is SmallRye Reactive Messaging specific, and will only be understood if the Kafka connector is enabled.
-
-
-
mp.messaging.outgoing.to.topic=my-topic says that we will send data to the Kafka topic called my-topic.
-
-
-
mp.messaging.outgoing.to.value.serializer=org.apache.kafka.common.serialization.IntegerSerializer tells the connector to use IntegerSerializer to serialize the values output by the send() method when writing to the topic. Kafka provides serializers for the standard Java types. You may implement your own serializer by writing a class implementing org.apache.kafka.common.serialization.Serializer and including it in the deployment.
-
-
-
mp.messaging.incoming.from.connector=smallrye-kafka says that we want to use Kafka to back the from channel. As above, the value smallrye-kafka is SmallRye Reactive Messaging specific.
-
-
-
mp.messaging.incoming.from.topic=my-topic says that we will read data from the Kafka topic called my-topic.
-
-
-
mp.messaging.incoming.from.value.deserializer=org.apache.kafka.common.serialization.IntegerDeserializer tells the connector to use IntegerDeserializer to deserialize the values from the topic before calling the receive() method. You may implement your own deserializer by writing a class implementing org.apache.kafka.common.serialization.Deserializer and including it in the deployment.
-
-
-
In addition to the above, Apache Kafka, and SmallRye Reactive Messaging’s Kafka connector understand a lot more properties. These can be found in the SmallRye Reactive Messaging Kafka connector documentation, and in the Apache Kafka documentation for the producers and the consumers.
-
-
-
The prefixes discussed above are stripped off before passing the property to Kafka. The same happens for other configuration properties. See the Kafka documentation for more details about how to configure Kafka consumers and producers.
If connecting to a Kafka instance secured with SSL and SASL, the following example 'microprofile-config.properties' will help you get started. There are a few new properties. We are showing them on the connector level but they could equally well be defined on the channel level (i.e. with the mp.messaging.outgoing.to-kafka. and mp.messaging.incoming.from-kafka. prefixes from the previous examples rather than the connector-wide mp.messaging.connector.smallrye-kafka prefix).
-
-
-
-
mp.messaging.connector.smallrye-kafka.bootstrap.servers=localhost:9092
-mp.messaging.connector.smallrye-kafka.sasl.mechanism=PLAIN
-mp.messaging.connector.smallrye-kafka.security.protocol=SASL_SSL
-mp.messaging.connector.smallrye-kafka.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
- username="${USER}" \
- password="${PASSWORD}";
-mp.messaging.connector.smallrye-kafka.wildfly.elytron.ssl.context=test
-
-# Channel configuration would follow here, but is left out for brevity
-
-
-
-
Each of these lines has the following meaning:
-
-
-
-
-
mp.messaging.connector.smallrye-kafka.bootstrap.servers=localhost:9092 - specifies the Kafka servers to connect to. This is the same as in the previous examples
-
-
-
mp.messaging.connector.smallrye-kafka.sasl.mechanism=PLAIN - specifies the SASL mechanism to use. See sasl.mechanism in the Kafka documentation for other choices.
-
-
-
mp.messaging.connector.smallrye-kafka.security.protocol - specifies the protocol mechanism to use. See security.protocol in the Kafka documentation for other choices. In this case we are using SASL_SSL which means that communication is over SSL, and that SASL is used to authenticate
-
-
-
mp.messaging.connector.smallrye-kafka.sasl.jaas.config=… - specifies how we will authenticate with Kafka. In order to not hardcode the credentials in our microprofile-config.properties file we are using the property substitution feature of MicroProfile Config. In this case, if you have defined the USER and PASSWORD environment variables they will be passed in as part of the configuration
-
-
-
mp.messaging.connector.smallrye-kafka.wildfly.elytron.ssl.context=test - this is not needed if Kafka is secured with a CA signed certificate. If you are using self-signed certificates, you will need to specify a truststore in the Elytron subsystem, and create an SSLContext referencing that. The value of this property is used to look up the SSLContext in the Elytron subsystem under /subsystem=elytron/client-ssl-context=* in the WildFly management model. In this case the property value is test, so we look up the SSLContext defined by /subsystem=elytron/client-ssl-context=test and use that configure the truststore to use for the connection to Kafka.
In order to be able to get more information about messages received from Kafka, and to be able to influence how Kafka handles messages, there is a user API for Kafka. This API lives in the io/smallrye/reactive/messaging/kafka/api package.
the key of the Kafka record represented by a Message
-
-
-
the Kafka topic and partition used for the Message, and the offset within those
-
-
-
the Messagetimestamp and timestampType
-
-
-
the Messageheaders - these are pieces of information the application can attach on the producing side, and receive on the consuming side. They are stored and forwarded on by Kafka but have no meaning to Kafka itself.
-
-
-
-
-
-
OutgoingKafkaRecordMetadata - This is constructed via the builder returned via the builder() method, and allows you to specify/override how Kafka will handle the messages. Similar to the IncomingKafkaRecordMetadata case, you can set:
-
-
-
-
the key. Kafka will then treat this entry as the key of the message
-
-
-
the topic, as already seen we typically use the microprofile-config.properties configuration to specify the topic to use for a channel backed by Kafka. However, in some cases the code sending the message might need to make some choices (for example depending on values contained in the data) about which topic to send to. Specifying this here will make Kafka use that topic.
-
-
-
the partition. Generally, it is best to let Kafka’s partitioner choose the partition, but for cases where it is essential to be able to specify it this can be done
-
-
-
the timestamp if you don’t want the one auto-generated by Kafka
-
-
-
headers - you can attach headers for the consumer, as mentioned for IncomingKafkaRecordMetadata
-
-
-
-
-
-
KafkaMetadataUtil contains utility methods to write OutgoingKafkaRecordMetadata to a Message, and to read IncomingKafkaRecordMetadata from a Message. Note that if you write OutgoingKafkaRecordMetadata to a Message which is sent to a channel not handled by Kafka it will be ignored, and if you attempt to read IncomingKafkaRecordMetadata from a Message arriving from a channel no handled by Kafka it will be null.
-
-
-
-
-
The following example shows how to write and read the key from a message:
-
-
-
-
@Inject
-@Channel("from-user")
-Emitter<Integer> emitter;
-
-@Incoming("from-user")
-@Outgoing("to-kafka")
-public Message<Integer> send(Message<Integer> msg) {
- // Set the key in the metadata
- OutgoingKafkaRecordMetadata<String> md =
- OutgoingKafkaRecordMetadata.<String>builder()
- .withKey("KEY-" + i)
- .build();
- // Note that Message is immutable so the copy returned by this method
- // call is not the same as the parameter to the method
- return KafkaMetadataUtil.writeOutgoingKafkaMetadata(msg, md);
-}
-
-@Incoming("from-kafka")
-public CompletionStage<Void> receive(Message<Integer> msg) {
- IncomingKafkaRecordMetadata<String, Integer> metadata =
- KafkaMetadataUtil.readIncomingKafkaMetadata(msg).get();
-
- // We can now read the Kafka record key
- String key = metadata.getKey();
-
- // When using the Message wrapper around the payload we need to explicitly ack
- // them
- return msg.ack();
-}
-
-
-
-
To configure the Kafka mapping we need a microprofile-config.properties
This configuration looks a lot like the previous configuration that we saw, but note that we need to specify the key.serializer for the outgoing channel, and the key.deserializer for the incoming channel. As before, they are implementations of org.apache.kafka.common.serialization.Serializer and org.apache.kafka.common.serialization.Deserializer respectively. Kafka provides implementations for basic types, and you may write your own and include them in the deployment.
While we do expose the Kafka Clients jar in our BOMs, its usage is limited to
-
-
-
-
-
Classes/interfaces exposed via the Kafka User API, e.g.:
-
-
-
-
org.apache.kafka.common.header.Header and org.apache.kafka.common.header.Headers and implementations of those that are considered public API as per the Apache Kafka documentation.
-
-
-
org.apache.kafka.clients.consumer.ConsumerRecord
-
-
-
org.apache.kafka.common.record.TimestampType
-
-
-
-
-
-
Classes/interfaces needed for serialization and deserialization:
Implementatations of org.apache.kafka.common.serialization.Deserializer and org.apache.kafka.common.serialization.Serializer in the org.apache.kafka.common.serialization package
The MicroProfile Telemetry integration is provided by the microprofle-telemetry subsystem, and is included in the default configuration. If not no present, the subsystem can be added using the following CLI commands.
-
-
-
-
-
-
-
-
-
-
The MicroProfile Telemetry subsystem depends on the OpenTelemetry subsystem, so it must be added prior to adding MicroProfile Telemetry.
The MicroProfile Telemetry subsystem contains no configurable attributes or resources. Any server configuration related to OpenTelemetry should be made to the opentelemetry subsystem, the documentation for which can be found in the relevant section of the Administration Guide.
-
-
-
The MicroProfile Telemetry subsystem does, however, allow for individual applications to override any server configuration via MicroProfile Config. For example, the default service name used in exported traces is derived from the deployment name, so if the deployment archive is my-application-1.0.war, the service name will be my-application-1.0.war. This can be overridden using the standard OpenTelemetry configuration properties (documented here):
-
-
-
-
otel.service.name=My Application
-
-
-
-
Note also that, per spec requirements, MicroProfile Telemetry is disabled by default and must be manually enabled on a per-application basis:
The microprofile-lra-coordinator subsystem provides the LRA Coordinator capabilities required for the coordination of the distributed transactions.
-
-
-
The microprofile-lra-participant subsystem provides capabilities required to define services that participate in the LRAs by executing transactional actions and compensations. They communicate with the LRA Coordinator in order to process distributed transactions.
You can add the extension to a configuration either by adding
-an <extension module="org.wildfly.extension.microprofile.lra-coordinator"/>
-element to the xml or by using the following CLI operation:
If you provision your own server and include the microprofile-lra-coordinator Galleon layer, you will get the required modules, and the extension and subsystem will be added to your configuration.
You can add the extension to a configuration either by adding
-an <extension module="org.wildfly.extension.microprofile.lra-participant"/>
-element to the xml or by using the following CLI operation:
If you provision your own server and include the microprofile-lra-participant Galleon layer, you will get the required modules, and the extension and subsystem will be added to your configuration.
WildFly’s MicroProfile LRA Participant subsystem implements MicroProfile
-LRA {eclipse-mp-lra-api-version}, which adds support for Long Running Actions based on the saga pattern. The MicroProfile LRA Coordinator subsystem is used to provide coordination of such transactions which LRA Participants contact in order to enlist into the LRAs.
-
-
-
Tha LRA Coordinator can also run independently in the distributed system and can be started with for instance Docker like this:
-
-
-
-
$ docker run -p 8080:8080 quay.io/jbosstm/lra-coordinator
JBossWS components are provided to the application server through the
-webservices subsystem. JBossWS components handle the processing of WS
-endpoints. The subsystem supports the configuration of published
-endpoint addresses, and endpoint handler chains. A default webservice
-subsystem is provided in the server’s domain and standalone
-configuration files.
JBossWS supports the rewriting of the <soap:address> element of
-endpoints published in WSDL contracts. This feature is useful for
-controlling the server address that is advertised to clients for each
-endpoint.
-
-
-
The following elements are available and can be modified (all are
-optional):
-
-
-
-
-
-
-
-
-
-
Name
-
Type
-
Description
-
-
-
-
-
modify-wsdl-address
-
boolean
-
This boolean enables and disables the
-address rewrite functionality.When modify-wsdl-address is set to true
-and the content of <soap:address> is a valid URL, JBossWS will rewrite
-the URL using the values of wsdl-host and wsdl-port or
-wsdl-secure-port.When modify-wsdl-address is set to false and the
-content of <soap:address> is a valid URL, JBossWS will not rewrite the
-URL. The <soap:address> URL will be used.When the content of
-<soap:address> is not a valid URL, JBossWS will rewrite it no matter
-what the setting of modify-wsdl-address.If modify-wsdl-address is set to
-true and wsdl-host is not defined or explicitly set to
-'jbossws.undefined.host' the content of <soap:address> URL is use.
-JBossWS uses the requester’s host when rewriting the <soap:address>When
-modify-wsdl-address is not defined JBossWS uses a default value of true.
-
-
-
wsdl-host
-
string
-
The hostname / IP address to be used for rewriting
-<soap:address>.If wsdl-host is set to jbossws.undefined.host, JBossWS
-uses the requester’s host when rewriting the <soap:address>When
-wsdl-host is not defined JBossWS uses a default value of
-'jbossws.undefined.host'.
-
-
-
wsdl-port
-
int
-
Set this property to explicitly define the HTTP port
-that will be used for rewriting the SOAP address.Otherwise the HTTP port
-will be identified by querying the list of installed HTTP connectors.
-
-
-
wsdl-secure-port
-
int
-
Set this property to explicitly define the HTTPS
-port that will be used for rewriting the SOAP address.Otherwise the
-HTTPS port will be identified by querying the list of installed HTTPS
-connectors.
-
-
-
wsdl-uri-scheme
-
string
-
This property explicitly sets the URI scheme
-to use for rewriting <soap:address> . Valid values are http and https.
-This configuration overrides scheme computed by processing the endpoint
-(even if a transport guaranteeis specified). The provided values for
-wsdl-port and wsdl-secure-port (or their default values) are used
-depending on specified scheme.
-
-
-
wsdl-path-rewrite-rule
-
string
-
This string defines a SED substitution
-command (e.g., 's/regexp/replacement/g') that JBossWS executes against
-the path component of each <soap:address> URL published from the
-server.When wsdl-path-rewrite-rule is not defined, JBossWS retains the
-original path component of each <soap:address> URL.When
-'modify-wsdl-address' is set to "false" this element is ignored.
JBossWS enables extra setup configuration data to be predefined and
-associated with an endpoint implementation. Predefined endpoint
-configurations can be used for Jakarta XML Web Services client and Jakarta XML Web Services endpoint setup.
-Endpoint configurations can include Jakarta XML Web Services handlers and key/value
-properties declarations. This feature provides a convenient way to add
-handlers to WS endpoints and to set key/value properties that control
-JBossWS and Apache CXF internals (
-see
-Apache CXF configuration).
-
-
-
The webservices subsystem provides
-schema
-to support the definition of named sets of endpoint configuration data.
-Annotation, org.jboss.ws.api.annotation.EndpointConfig is provided to
-map the named configuration to the endpoint implementation.
-
-
-
There is no limit to the number of endpoint configurations that can be
-defined within the webservices subsystem. Each endpoint configuration
-must have a name that is unique within the webservices subsystem.
-Endpoint configurations defined in the webservices subsystem are
-available for reference by name through the annotation to any endpoint
-in a deployed application.
-
-
-
WildFly ships with two predefined endpoint configurations.
-Standard-Endpoint-Config is the default configuration.
-Recording-Endpoint-Config is an example of custom endpoint configuration
-and includes a recording handler.
-The Standard-Endpoint-Config is a special endpoint configuration. It
-is used for any endpoint that does not have an explicitly assigned
-endpoint configuration.
-
Endpoint configs are defined using the endpoint-config element. Each
-endpoint configuration may include properties and handlers set to the
-endpoints associated to the configuration.
Each endpoint configuration may be associated with zero or more PRE and
-POST handler chains. Each handler chain may include JAXWS handlers. For
-outbound messages the PRE handler chains are executed before any handler
-that is attached to the endpoint using the standard means, such as with
-annotation @HandlerChain, and POST handler chains are executed after
-those objects have executed. For inbound messages the POST handler
-chains are executed before any handler that is attached to the endpoint
-using the standard means and the PRE handler chains are executed after
-those objects have executed.
-
-
-
-
* Server inbound messages
-Client --> ... --> POST HANDLER --> ENDPOINT HANDLERS --> PRE HANDLERS --> Endpoint
-
-* Server outbound messages
-Endpoint --> PRE HANDLER --> ENDPOINT HANDLERS --> POST HANDLERS --> ... --> Client
-
-
-
-
The protocol-binding attribute must be used to set the protocols for
-which the chain will be triggered.
-The class attribute is used to provide the fully qualified class name
-of the handler. At deploy time, an instance of the class is created for
-each referencing deployment. For class creation to succeed, the
-deployment classloader must to be able to load the handler class.
-
Each web service endpoint is exposed through the deployment that
-provides the endpoint implementation. Each endpoint can be queried as a
-deployment resource. For further information please consult the chapter
-"Application Deployment". Each web service endpoint specifies a web
-context and a WSDL Url:
The web service subsystem is provided by the JBossWS project. For a
-detailed description of the available configuration properties, please
-consult the project documentation.
Resource adapters are configured through the resource-adapters
-subsystem. Declaring a new resource adapter consists of two separate
-steps: You would need to deploy the .rar archive and define a resource
-adapter entry in the subsystem.
The resource adapter subsystem is provided by the
-IronJacamar project. For a detailed
-description of the available configuration properties, please consult
-the project documentation.
-The batch subsystem is used to configure an environment for running
-batch applications. WildFly uses
-JBeret for it’s batch implementation.
-Specific information about JBeret can be found in the
-user guide. The
-resource path, in CLI notation, for the subsystem
-is subsystem=batch-jberet.
-
A new security-domain attribute was added to the batch-jberet
-subsystem to allow batch jobs to be executed under that security domain.
-Jobs that are stopped as part of a suspend operation will be restarted
-on execution of a resume with the original user that started job.
-
-
-
There was a
-org.wildfly.extension.batch.jberet.deployment.BatchPermission added to
-allow a security restraint to various batch functions. The following
-functions can be controlled with this permission.
-
-
-
-
-
start
-
-
-
stop
-
-
-
restart
-
-
-
abandon
-
-
-
read
-
-
-
-
-
The read function allows users to use the getter methods from the
-jakarta.batch.operations.JobOperator or read the batch-jberet
-deployment resource, for example
-/deployment=my.war/subsystem=batch-jberet:read-resource.
The batch subsystem supports 2 types of job repository:
-
-
-
-
-
in-memory job repository: all job execution data are kept in the memory
-of WildFly instance. When the server shuts down, all job execution data
-are lost. In a clustered environment, each WildFly server instance has its
-own in-memory job repository, and it is not possible to share job execution
-data between WildFly instances. This is the default job repository in
-batch subsystem.
-
-
-
jdbc job repository: all job execution data are saved in a relational
-database accessed via jdbc. In a clustered environment, a jdbc job repository
-can be used to share job execution data between WildFly instances.
-For example, one may start a job execution in one instance, stop and restart
-it from a different WildFly instance.
In some cases, when a job repository accumulates a large number of job
-execution records (say hundreds of thousands), application deployment times may
-be negatively impacted. This is relevant mainly to persistent job repository
-implementations, like the jdbc job repository.
-
-
-
In order to avoid accumulating too high a number of job execution records, the
-application can delete old executions via
-JobOperator.abandon(long executionId), or other means like pruning the
-database tables can be employed.
-
-
-
If it’s no possible to avoid storing large number of job execution records,
-the job repositories can be configured to limit the number of job executions
-that is returned by them by setting the execution-records-limit attribute.
-If the attribute is set, Wildfly will only load specified maximum number of
-job executions from the backing storage mechanism.
There are no deployment descriptors for configuring a batch environment
-defined by the JSR-352
-specification. In WildFly you can use a
-jboss-all.xml deployment descriptor to define aspects of the batch
-environment for your deployment.
-
-
-
In the jboss-all.xml deployment descriptor you can define a named job
-repository, a new job repository and/or a named thread pool. A named job
-repository and named thread pool are resources defined on the batch
-subsystem. Only a named thread pool is allowed to be defined in the
-deployment descriptor.
Some subsystems in WildFly register runtime
-resources for deployments. The batch subsystem registers jobs and
-executions. The jobs are registered using the job name, this is not
-the job XML name. Executions are registered using the execution id.
The batch subsystem resource on a deployment also has 3 operations to
-interact with batch jobs on the selected deployment. There is a
-start-job, stop-job and restart-job operation. The execution
-resource also has a stop-job and restart-job operation.
Jakarta Faces configuration is handled by the jsf subsystem. The jsf subsystem
-allows multiple Jakarta Faces implementations to be installed on the same WildFly server. In particular, any
-version that implements spec level 4.0 or higher can be installed. For each Jakarta Faces
-implementation, a new slot needs to be created under jakarta.faces.impl, jakarta.faces.api, and
-org.jboss.as.jsf-injection. When the jsf subsystem starts up, it scans the module path to find all
-the Jakarta Faces implementations that have been installed. The default Jakarta Faces implementation that
-WildFly should use is defined by the default-jsf-impl-slot subsystem attribute.
WildFly supports provisioning a server using the Galleon tool, which allows an administrator to provision a server with
-only the desired features, which are delivered as feature packs. For more information, see Provisioning WildFly with Galleon.
-For an example of such a feature pack, see the WildFly MyFaces Feature Pack
-project in the WildFly Extras GitHub organization.
-
-
-
As a quick start, to provision a server using this feature pack, one might use a commandline like the following:
After starting the server, the following CLI command can be used to verify that your new Jakarta Faces
-implementation has been installed successfully. The new Jakarta Faces implementation should appear in the output
-of this command.
The following CLI command can be used to make a newly installed Jakarta Faces implementation the default Jakarta
-Server Faces implementation used by WildFly:
A Jakarta Faces app can be configured to use an installed Jakarta Faces implementation that’s not the
-default implementation by adding a org.jboss.jbossfaces.JSF_CONFIG_NAME context parameter to its web.xml file. For
-example, to indicate that a Jakarta Faces app should use MyFaces 4.0.0 (assuming MyFaces 4.0.0 has been installed
-on the server), the following context parameter would need to be added:
This setting can be overridden for a particular Jakarta Faces deployment by adding the
-com.sun.faces.disallowDoctypeDecl context parameter to the deployment’s web.xml file:
The JMX subsystem registers a service with the Remoting endpoint so that
-remote access to JMX can be obtained over the exposed Remoting
-connector.
-
-
-
This is switched on by default in standalone mode and accessible over
-port 9990 but in domain mode is switched off so needs to be enabled - in
-domain mode the port will be the port of the Remoting connector for the
-WildFly instance to be monitored.
-
-
-
To use the connector you can access it in the standard way using a
-service:jmx URL:
-
-
-
-
importjavax.management.MBeanServerConnection;
-importjavax.management.remote.JMXConnector;
-importjavax.management.remote.JMXConnectorFactory;
-importjavax.management.remote.JMXServiceURL;
-
-publicclassJMXExample {
-
- publicstaticvoid main(String[] args) throwsException {
- //Get a connection to the WildFly MBean server on localhost
- String host = "localhost";
- int port = 9990; // management-web port
- String urlString =
- System.getProperty("jmx.service.url","service:jmx:remote+http://" + host + ":" + port);
- JMXServiceURL serviceURL = newJMXServiceURL(urlString);
- JMXConnector jmxConnector = JMXConnectorFactory.connect(serviceURL, null);
- MBeanServerConnection connection = jmxConnector.getMBeanServerConnection();
-
- //Invoke on the WildFly MBean server
- int count = connection.getMBeanCount();
- System.out.println(count);
- jmxConnector.close();
- }
-}
-
-
-
-
You also need to set your classpath when running the above example. The
-following script covers Linux. If your environment is much different,
-paste your script when you have it working.
-If using jconsole use the jconsole.sh and jconsole.bat scripts
-included in the /bin directory of the WildFly distribution as these set
-the classpath as required to connect over Remoting.
-
-
-
-
-
-
In addition to the standard JVM MBeans, the WildFly MBean server
-contains the following MBeans:
-
-
-
-
-
-
-
-
-
JMX ObjectName
-
Description
-
-
-
-
-
jboss.msc:type=container,name=jboss-as
-
Exposes management operations
-on the JBoss Modular Service Container, which is the dependency
-injection framework at the heart of WildFly. It is useful for debugging
-dependency problems, for example if you are integrating your own
-subsystems, as it exposes operations to dump all services and their
-current states
-
-
-
jboss.naming:type=JNDIView
-
Shows what is bound in JNDI
-
-
-
jboss.modules:type=ModuleLoader,name=*
-
This collection of MBeans
-exposes management operations on JBoss Modules classloading layer. It is
-useful for debugging dependency problems arising from missing module
-dependencies
Audit logging for the JMX MBean server managed by the JMX subsystem. The
-resource is at /subsystem=jmx/configuration=audit-log and its
-attributes are similar to the ones mentioned for
-/core-service=management/access=audit/logger=audit-log in
-Audit logging.
-
-
-
-
-
-
-
-
-
Attribute
-
Description
-
-
-
-
-
enabled
-
true to enable logging of the JMX operations
-
-
-
log-boot
-
true to log the JMX operations when booting the server, false
-otherwise
-
-
-
log-read-only
-
If true all operations will be audit logged, if false
-only operations that change the model will be logged
-
-
-
-
-
Then which handlers are used to log the management operations are
-configured as handler=* children of the logger. These handlers and
-their formatters are defined in the global
-/core-service=management/access=audit section mentioned in
-Audit logging.
The same JSON Formatter is used as described in
-Audit logging. However the records for MBean
-Server invocations have slightly different fields from those logged for
-the core management layer.
It includes an optional timestamp and then the following information in
-the json record
-
-
-
-
-
-
-
-
-
Field name
-
Description
-
-
-
-
-
type
-
This will have the value jmx meaning it comes from the jmx
-subsystem
-
-
-
r/o
-
true if the operation has read only impact on the MBean(s)
-
-
-
booting
-
true if the operation was executed during the bootup process,
-false if it was executed once the server is up and running
-
-
-
version
-
The version number of the WildFly instance
-
-
-
user
-
The username of the authenticated user.
-
-
-
domainUUID
-
This is not currently populated for JMX operations
-
-
-
access
-
This can have one of the following values:*NATIVE - The
-operation came in through the native management interface, for example
-the CLI*HTTP - The operation came in through the domain HTTP interface,
-for example the admin console*JMX - The operation came in through the
-JMX subsystem. See JMX for how to configure audit logging for JMX.
-
-
-
remote-address
-
The address of the client executing this operation
-
-
-
method
-
The name of the called MBeanServer method
-
-
-
sig
-
The signature of the called called MBeanServer method
-
-
-
params
-
The actual parameters passed in to the MBeanServer method, a
-simple Object.toString() is called on each parameter.
-
-
-
error
-
If calling the MBeanServer method resulted in an error, this
-field will be populated with Throwable.getMessage()
The deployment scanner is only used in standalone mode. Its job is to
-monitor a directory for new files and to deploy those files. It can be
-found in standalone.xml:
You can define more deployment-scanner entries to scan for deployments
-from more locations. The configuration showed will scan the
-JBOSS_HOME/standalone/deployments directory every five seconds. The
-runtime model is shown below, and uses default values for attributes not
-specified in the xml:
The name of the scanner. default is used if not specified
-
-
-
path
-
STRING
-
The actual filesystem path to be scanned. Treated as an
-absolute path, unless the 'relative-to' attribute is specified, in which
-case the value is treated as relative to that path.
-
-
-
relative-to
-
STRING
-
Reference to a filesystem path defined in the
-"paths" section of the server configuration, or one of the system
-properties specified on startup. In the example above
-jboss.server.base.dir resolves to JBOSS_HOME/standalone
-
-
-
scan-enabled
-
BOOLEAN
-
If true scanning is enabled
-
-
-
scan-interval
-
INT
-
Periodic interval, in milliseconds, at which the
-repository should be scanned for changes. A value of less than 1
-indicates the repository should only be scanned at initial startup.
-
-
-
auto-deploy-zipped
-
BOOLEAN
-
Controls whether zipped deployment content
-should be automatically deployed by the scanner without requiring the
-user to add a .dodeploy marker file.
-
-
-
auto-deploy-exploded
-
BOOLEAN
-
Controls whether exploded deployment
-content should be automatically deployed by the scanner without
-requiring the user to add a .dodeploy marker file. Setting this to
-'true' is not recommended for anything but basic development scenarios,
-as there is no way to ensure that deployment will not occur in the
-middle of changes to the content.
-
-
-
auto-deploy-xml
-
BOOLEAN
-
Controls whether XML content should be
-automatically deployed by the scanner without requiring a .dodeploy
-marker file.
-
-
-
deployment-timeout
-
LONG
-
Timeout, in seconds, a deployment is allows
-to execute before being canceled. The default is 60 seconds.
-
-
-
-
-
Deployment scanners can be added by modifying standalone.xml before
-starting up the server or they can be added and removed at runtime using
-the CLI
The core management subsystem is composed services used to manage the
-server or monitor its status.
-The core management subsystem configuration may be used to:
-
-
-
-
-
register a listener for a server lifecycle events.
You can create an implementation of
-org.wildfly.extension.core.management.client.ProcessStateListener
-which will be notified on running and runtime configuration state
-changes thus enabling the developer to react to those changes.
-
-
-
In order to use this feature you need to create your own module then
-configure and deploy it using the core management subsystem.
To compile it you need to depend on the
-org.wildfly.core:wildfly-core-management-client maven module. Now
-let’s add the module to the wildfly modules :
You can use the core management subsystem to enable and configure an
-in-memory history of the last configuration changes.
-For example to track the last 5 configuration changes let’s active this
-:
The required extension is in the module org.jboss.as.jaxrs. In most cases the extension should be present. However, if it
-is not you can add it with CLI.
By default the jaxrs subsystem is empty which results in default configuration values being used.
-
-
-
This can be changed with a management client such as the CLI or the web console. You can get detailed information about the
-"Configuration switches" in section 3.5 of the RESTEasy User Guide.
-
-
-
An example configuring the subsystem with the CLI:
The use of hyphens is a WildFly convention. The hyphens are translated into periods before
-the parameters are passed into RESTEasy so that they conform to the RESTEasy parameter names.
-
-
-
For a discussion of the various parameters, see the RESTEasy User Guide.
-
-
-
-
-
-
-
-
-
-
-
-
-One important thing to understand is that these parameters are global. That is, they apply to all deployments.
-Since these parameters are global, the classes referred to in "resteasy.providers" and "resteasy.disable.providers"
-must be available to all deployments. In practice, then, they are meant to enable
-or disable RESTEasy providers. Note that they can be used in conjunction with
-"resteasy-use-builtin-providers" to tailor a set of available providers.
-
-
-
-
-
-
-
-
-
-
-
-Another important fact is that once parameters are changed via some management interface the changes require
- a redeployment of any applications previously deployed.
-
-
-
-
-
-
-
-
-
-
-
-RESTEasy has introduced a new treatment of jakarta.ws.rs.WebApplicationException's thrown by a
-Jakarta REST client or MicroProfile REST Client running inside a RESTful resource, in which the embedded
-jakarta.ws.rs.core.Response is "sanitized" before being returned to prevent the risk of information leaking from a
-third party. The original behavior can be restored by setting the parameter
-"resteasy.original.webapplicationexception.behavior" to "true". See the RESTEasy User Guide
-chapter "Resteasy WebApplicationExceptions" for more information.
-
The elytron-oidc-client subsystem is included in the default configuration. If not present, the subsystem can be
-added using the following CLI commands.
By default, the elytron-oidc-client subsystem does not contain any configured resources or attributes.
-
-
-
The configuration required to secure an application with OpenID Connect can either be provided within the
-application itself or within the elytron-oidc-client subsystem.
The configuration required to secure an application with OpenID Connect can be specified in the deployment.
-
-
-
The first step is to create an oidc.json configuration file in the WEB-INF directory of the application.
-The second step is to set the auth-method to OIDC in the application’s web.xml file.
-
-
-
Here is an example of an oidc.json configuration file:
Instead of adding configuration to your deployment to secure it with OpenID Connect as described in the
-previous section, another option is to add configuration to the elytron-oidc-client subsystem instead.
-
-
-
The following example shows how to add configuration to the elytron-oidc-client subsystem.
The secure-deployment resource allows you to provide configuration for a specific deployment. In
-the example above, the secure-deployment resource is providing the configuration that should be used
-for the DEPLOYMENT_RUNTIME_NAME.war deployment, where DEPLOYMENT_RUNTIME_NAME corresponds to
-the runtime-name for the deployment.
-
-
-
The various configuration options that can be specified in the secure-deployment configuration
-correspond to the same options that can be specified in the oidc.json configuration that was
-explained in the previous section.
-
-
-
If you have multiple applications that are being secured using the same OpenID provider,
-the provider configuration can be defined separately as shown in the example below:
The elytron-oidc-client subsystem will scan deployments to detect if the OIDC authentication mechanism
-is required for any web components (i.e., for each deployment, the subsystem will determine if OIDC configuration
-has either been found within the deployment or if there is OIDC configuration for the deployment in the subsystem
-configuration). If the subsystem detects that the OIDC mechanism is indeed required, the subsystem will
-activate the authentication mechanism automatically. Otherwise, no activation will occur and deployment
-will continue normally.
The purpose of using OpenID Connect is to verify a user’s identity based on the authentication that’s been
-performed by the OpenID provider. For this reason, OpenID Connect deployments do not depend on security-domain
-resources that have been defined in the Elytron subsystem, like traditional deployments do. Instead,
-the elytron-oidc-client subsystem will automatically create and make use of its own virtual security domain
-across the deployment. No further managed configuration is required.
-
-
-
-
-
-
-
-
-
-
To propagate an identity from a virtual security domain, additional configuration might be required
-depending on your use case. See Identity Propagation for more details.
The provider-url attribute in the oidc.json configuration and in the elytron-oidc-client
-subsystem configuration allows you to specify the URL for the OpenID provider that you’d like to use.
-For WildFly 25, the elytron-oidc-client subsystem has been tested with the Keycloak OpenID provider.
-Other OpenID providers haven’t been extensively tested yet so the use of other OpenID providers should
-be considered experimental for now and should not be used in a production environment yet. Proper support
-for other OpenID providers will be added in a future WildFly release.
By default, when verifying an access token, the elytron-oidc-client subsystem expects the token
-to contain a typ claim with value Bearer. Access tokens provided by the Keycloak OpenID provider
-contain this claim. However, access tokens provided by other OpenID providers might not include this
-claim, causing token validation to fail. When using an OpenID provider other than Keycloak,
-it is possible to disable the typ claim validation by setting the wildfly.elytron.oidc.disable.typ.claim.validation
-system property to true.
In some cases, it might be desirable to secure an application using multiple oidc.json configuration files.
-For example, you might want a different oidc.json file to be used depending on the request in order to authenticate
-users from multiple Keycloak realms. The elytron-oidc-client subsystem makes it possible to use a custom configuration
-resolver so you can define which configuration file to use for each request.
-
-
-
To make use of the multi-tenancy feature, you need to create a class that implements the
-org.wildfly.security.http.oidc.OidcClientConfigurationResolver interface, as shown in the example below:
-
-
-
-
packageexample;
-
-importjava.io.InputStream;
-importjava.util.HashMap;
-importjava.util.Map;
-importjava.util.concurrent.ConcurrentHashMap;
-
-importorg.wildfly.security.http.oidc.OidcClientConfiguration;
-importorg.wildfly.security.http.oidc.OidcClientConfigurationBuilder;
-importorg.wildfly.security.http.oidc.OidcClientConfigurationResolver;
-importorg.wildfly.security.http.oidc.OidcHttpFacade;
-
-publicclassMyCustomConfigResolverimplements OidcClientConfigurationResolver {
-
- privatefinalMap<String, OidcClientConfiguration> cache = newConcurrentHashMap<>();
-
- @Override
- public OidcClientConfiguration resolve(OidcHttpFacade.Request request) {
- String path = request.getURI();
- String realm = ... // determine which Keycloak realm to use based on the request path
- OidcClientConfiguration clientConfiguration = cache.get(realm);
- if (clientConfiguration == null) {
- InputStream is = getClass().getResourceAsStream("/oidc-" + realm + ".json"); // config to use based on the realm
- clientConfiguration = OidcClientConfigurationBuilder.build(is);
- cache.put(realm, clientConfiguration);
- }
- return clientConfiguration;
- }
-
-}
-
-
-
-
Once you’ve created your OidcClientConfigurationResolver `, you can specify that you want to make
-use of your custom configuration resolver by setting the `oidc.config.resolvercontext-param in
-your application’s web.xml file, as shown in the example below:
When securing an application with OpenID Connect, the elytron-oidc-client subsystem will automatically
-create a virtual security domain for you. If your application invokes an EJB, additional configuration
-might be required to propagate the security identity from the virtual security domain depending on how
-the EJB is being secured.
If your application secured with OpenID Connect invokes an EJB within the same deployment (e.g.,
-within the same WAR or EAR) or invokes an EJB in a separate deployment (e.g., across EARs)
-and you’d like to secure the EJB using a different security domain from your servlet,
-additional configuration will be needed to outflow the security identities established by
-the virtual security domain to another security domain.
-
-
-
The virtual-security-domain resource allows you to specify that security identities
-established by a virtual security domain should automatically be outflowed to other
-security domains. A virtual-security-domain resource has a few attributes, as
-described below:
-
-
-
-
-
name - This is the runtime name of a deployment associated with a virtual security domain (e.g.,
-DEPLOYMENT_NAME.ear, a deployment that has a subdeployment that is secured using OpenID Connect).
-
-
-
outflow-security-domains - This is the list of security-domains that security identities from
-the virtual security domain should be automatically outflowed to.
-
-
-
outflow-anonymous - When outflowing to a security domain, if outflow is not possible, should the
-anonymous identity be used? Outflow to a security domain might not be possible if the domain does
-not trust this domain or if the identity being outflowed to a domain does not exist in that domain.
-Outflowing anonymous has the effect of clearing any identity already established for that domain.
-This attribute defaults to false.
-
-
-
-
-
In addition to configuring a virtual-security-domain resource, you’ll also need to update the
-security-domain configuration for your EJB to indicate that it should trust security identities established
-by the virtual-security-domain. This can be specified by configuring the trusted-virtual-security-domains
-attribute for a security-domain (e.g., setting the trusted-virtual-security-domains attribute to
-DEPLOYMENT_NAME.ear for a security-domain would indicate that this security-domain
-should trust the virtual security domain associated with the DEPLOYMENT_NAME.ear deployment).
-
-
-
The virtual-security-domain configuration and trusted-virtual-security-domains configuration
-will allow security identities established by a virtual security domain to be successfully
-outflowed to a security-domain being used to secure the EJB.
If your application secured with OpenID Connect invokes an EJB within the same deployment (e.g.,
-within the same WAR or EAR), and you’d like to secure the EJB using the same virtual security
-domain as your servlet, no additional configuration is required. This means that if no security
-domain configuration has been explicitly specified for the EJB, the virtual security domain will
-automatically be used to secure the EJB.
If your application secured with OpenID Connect invokes an EJB in a separate deployment (e.g., across EARs)
-and you’d like to secure the EJB using the same virtual security domain as your servlet,
-additional configuration will be needed. In particular, the EJB will need to reference the virtual
-security domain explicitly.
-
-
-
The virtual-security-domain resource allows you to reference the virtual security domain
-from the security domain configuration for the EJB. As an example, a virtual-security-domain
-resource could be added as follows:
An annotation like @SecurityDomain(DEPLOYMENT_NAME.ear) can then be added to the EJB,
-where DEPLOYMENT_NAME.ear is a reference to the virtual-security-domain defined above.
-
-
-
This configuration indicates that the virtual security domain associated with DEPLOYMENT_NAME.ear
-should be used to secure the EJB.
The management console can be secured with OpenID Connect using the Keycloak OpenID provider.
-
-
-
-
-
-
-
-
-
-
The ability to secure the management console with the Keycloak OpenID provider is only available when
-running a standalone server and is not supported when running a managed domain. The management
-CLI cannot be secured with OpenID Connect.
-
-
-
-
-
-
-
To secure the management console with OpenID Connect, configuration is required on the Keycloak side
-and in the elytron-oidc-client subsystem.
Follow the steps in Keycloak’s getting started guide to
-add a new realm called wildfly-infra.
-
-
-
Then, create a new OpenID Connect client called wildfly-console. Set the Valid Redirect URIs using
-the URI used to access the WildFly management console, e.g., http://localhost:9990/console/. Similarly, you’ll
-also need to set *Web Origins using the management port for your WildFly instance, e.g.,
-http://localhost:9990.
-
-
-
Next, create a second OpenID Connect client called wildfly-management. This will be a bearer-only client so in
-the Capability configuration, be sure to uncheck the Standard flow and Direct access grants.
-
-
-
If you will be configuring WildFly to enable Role Based Access Control (RBAC), you can also create
-a new Realm role (e.g., Administrator) and assign it to a user.
We need to add a secure-deployment resource that references the wildfly-management client that was created
-in the previous section.
-
-
-
A secure-server that references the wildfly-console client is also needed.
-
-
-
Some example CLI commands that add these resources can be seen here:
-
-
-
-
# Configure the Keycloak provider
-/subsystem=elytron-oidc-client/provider=keycloak:add(provider-url=http://localhost:8180/realms/wildfly-infra)
-
-# Create a secure-deployment in order to protect mgmt interface
-/subsystem=elytron-oidc-client/secure-deployment=wildfly-management:add(provider=keycloak,client-id=wildfly-management,principal-attribute=preferred_username,bearer-only=true,ssl-required=EXTERNAL)
-
-# Enable RBAC where roles are obtained from the identity
-/core-service=management/access=authorization:write-attribute(name=provider,value=rbac)
-/core-service=management/access=authorization:write-attribute(name=use-identity-roles,value=true)
-
-# Create a secure-server in order to publish the management console configuration via mgmt interface
-/subsystem=elytron-oidc-client/secure-server=wildfly-console:add(provider=keycloak,client-id=wildfly-console,public-client=true)
-
-# reload
-reload
With the above configuration in place, when you access the management console (e.g., http://localhost:9990/console/),
-you will be redirected to Keycloak to log in, and will then be redirected back to the management console upon successful
-authentication.
The presence of each of these turns on a piece of functionality:
-
-
-
-
-
-
-
-
-
Name
-
Description
-
-
-
-
-
jdr
-
Enables the gathering of diagnostic data for use in remote
-analysis of error conditions. Although the data is in a simple format
-and could be useful to anyone, primarily useful for JBoss EAP
-subscribers who would provide the data to Red Hat when requesting
-support
-
-
-
pojo
-
Enables the deployment of applications containing JBoss
-Microcontainer services, as supported by previous versions of JBoss
-Application Server
-
-
-
sar
-
Enables the deployment of .SAR archives containing MBean services,
-as supported by previous versions of JBoss Application Server
To run a group of servers as a managed domain you need to configure both
-the domain controller and each host that joins the domain. This sections
-focuses on the network configuration for the domain and host controller
-components. For background information users are encouraged to review
-the Operating modes and
-Configuration
-Files sections.
The domain controller is the central government for a managed domain. A
-domain controller configuration requires two steps:
-
-
-
-
-
A host needs to be configured to act as the Domain Controller for the
-whole domain
-
-
-
The host must expose an addressable management interface binding for
-the managed hosts to communicate with it
-
-
-
-
-
Example IP Addresses
-
-
-
-
-
-
-
-
-In this example the domain controller uses 192.168.0.101 and the host
-controller 192.168.0.10
-
-
-
-
-
-
Configuring a host to act as the Domain Controller is done through the
-domain-controller declaration in host.xml. If it includes the
-<local/> element, then this host will become the domain controller:
A host acting as the Domain Controller must expose a management
-interface on an address accessible to the other hosts in the domain.
-Exposing an HTTP(S) management interface is not required, but is
-recommended as it allows the Administration Console to work:
The interface attributes above refer to a named interface declaration
-later in the host.xml file. This interface declaration will be used to
-resolve a corresponding network interface.
Please consult the chapter "Interface Configuration" for a more detailed
-explanation on how to configure network interfaces.
-
-
-
Next by default the Domain Controller is configured to require
-authentication so a user needs to be added that can be used by the secondary
-Host Controller to connect.
-
-
-
Make use of the add-user utility to add a new user, for this example I
-am adding a new user called "secondary".
-
-
-
-
-
-
-
-
-add-user MUST be run on the Domain Controller and NOT the
-secondary Host Controller.
-
Once the Domain Controller is configured correctly you can proceed with
-any host that should join the domain. The Host Controller configuration
-requires three steps:
-
-
-
-
-
The logical host name (within the domain) needs to be distinct
-
-
-
The Host Controller needs to know the Domain Controller IP address
-
-
-
-
-
Provide a distinct, logical name for the host. In the following example
-we simply name it "secondary":
If the name attribute is not set, the default name for the host will
-be the value of the jboss.host.name system property. If that is not
-set, the value of the HOSTNAME or COMPUTERNAME environment variable
-will be used, one of which will be set on most operating systems. If
-neither is set the name will be the value of
-InetAddress.getLocalHost().getHostName().
-
-
-
An authentication-context needs to be defined in the elytron subsystem
-to contain the identity of the host controller.
-The name of each host needs to be unique when registering with the
-Domain Controller, however the username does not - using the username
-attribute allows the same account to be used by multiple hosts if this
-makes sense in your environment.
-
WildFly 10 and later make it easy for secondary Host Controllers to "ignore"
-parts of the domain wide configuration. What does the mean and why is it
-useful?
-
-
-
One of the responsibilities of the Domain Controller is ensuring that
-all running Host Controllers have a consistent local copy of the domain
-wide configuration (i.e. those resources whose address does not begin
-with /host=*, i.e. those that are persisted in domain.xml. Having
-that local copy allows a user to do the following things:
-
-
-
-
-
Ask the secondary Host Controller to launch its already configured servers, even if the
-Domain Controller is not running.
-
-
-
Configured new servers, using different server groups from those
-current running, and ask the secondary Host Controller to launch them, even if the Domain
-Controller is not running.
-
-
-
Reconfigure the secondary Host Controller to act as the Domain Controller, allowing it to
-take over as the Domain Controller if the previous Domain Controller has failed or been shut
-down.
-
-
-
-
-
However, of these three things only the latter two require that the
-secondary Host Controller maintain a complete copy of the domain wide configuration. The
-first only requires the secondary Host Controller to have the portion of the domain wide
-configuration that is relevant to its current servers. And the first use
-case is the most common one. A secondary Host Controller that is only meant to support the
-first use case can safely "ignore" portions of the domain wide
-configuration. And there are benefits to ignoring some resources:
-
-
-
-
-
If a server group is ignored, and the deployments mapped to that
-server group aren’t mapped to other non-ignored groups, then the secondary Host Controller
-does not need to pull down a copy of the deployment content from the
-Domain Controller. That can save disk space on the secondary Host Controller, improve the speed of
-starting new hosts and reduce network traffic.
-
-
-
WildFly supports "mixed domains" where a later version Domain
-Controller can manage secondary Host Controllers running previous versions. But those
-"legacy" secondary Host Controllers cannot understand configuration resources, attributes
-and operations introduced in newer versions. So any attempt to use newer
-things in the domain wide configuration will fail unless the legacy
-secondary Host Controllers are ignoring the relevant resources. But ignoring resources will
-allow the legacy secondary Host Controllers to work fine managing servers using profiles
-without new concepts, while other hosts can run servers with profiles
-that take advantage of the latest features.
-
-
-
-
-
Prior to WildFly 10, a secondary Host Controller could be configured to ignore some
-resources, but the mechanism was not particularly user friendly:
-
-
-
-
-
The resources to be ignored had to be listed in a fair amount of
-detail in each host’s configuration.
-
-
-
If a new resource is added and needs to be ignored, then each host
-that needs to ignore that must be updated to record that.
-
-
-
-
-
Starting with WildFly 10, this kind of detailed configuration is no
-longer required. Instead, with the standard versions of host.xml, the
-secondary Host Controller will behave as follows:
-
-
-
-
-
If the secondary Host Controller was started with the --backup command line parameter,
-the behavior will be the same as releases prior to 10; i.e. only
-resources specifically configured to be ignored will be ignored.
-
-
-
Otherwise, the secondary Host Controller will "ignore unused resources".
-
-
-
-
-
What does "ignoring unused resources" mean?
-
-
-
-
-
Any server-group that is not referenced by one of the host’s
-server-config resources is ignored.
-
-
-
Any profile that is not referenced by a non-ignored server-group,
-either directly or indirectly via the profile resource’s 'include'
-attribute, is ignored
-
-
-
Any socket-binding-group that is not directly referenced by one of the
-host’s server-config resources, or referenced by a non-ignored
-server-group, is ignored
-
-
-
Extension resources will not be automatically ignored, even if no
-non-ignored profile uses the extension. Ignoring an extension requires
-explicit configuration. Perhaps in a future release extensions will be
-explicitly ignored.
-
-
-
If a change is made to the secondary Host Controller host’s configuration or to the domain
-wide configuration that reduces the set of ignored resources, then as
-part of handling that change the secondary Host Controller will contact the Domain Controller to pull
-down the missing pieces of configuration and will integrate those pieces
-in its local copy of the management model. Examples of such changes
-include adding a new server-config that references a previously ignored
-server-group or socket-binding-group, changing the server-group or
-socket-binding-group assigned to a server-config, changing the profile
-or socket-binding-group assigned to a non-ignored server-group, or
-adding a profile or socket-binding-group to the set of those included
-directly or indirectly by a non-ignored profile or socket-binding-group.
-
-
-
-
-
The default behavior can be changed, either to always ignore unused
-resources, even if --backup is used, or to not ignore unused
-resources, by updating the domain-controller element in the host-xml
-file and setting the ignore-unused-configuration attribute:
The "ignore unused resources" behavior can be used in combination with
-the pre-WildFly 10 detailed specification of what to ignore. If that is
-done both the unused resources and the explicitly declared resources
-will be ignored. Here’s an example of such a configuration, one where
-the secondary Host Controller cannot use the "org.example.foo" extension that has been
-installed on the Domain Controller and on some secondary Host Controllers, but not this one:
The Domain Controller also defines the socket binding groups and the
-profiles. The socket binding groups define the default socket bindings
-that are used:
~(See domain/configuration/domain.xml)~
-In this example the bigger-sockets group includes all the socket
-bindings defined in the standard-sockets groups and then defines an
-extra socket binding of its own.
-
-
-
A profile is a collection of subsystems, and these subsystems are what
-implement the functionality people expect of an application server.
-
-
-
-
<profiles>
- <profilename="default">
- <subsystemxmlns="urn:jboss:domain:web:1.0">
- <connectorname="http"scheme="http"protocol="HTTP/1.1"socket-binding="http"/>
- [...]
- </subsystem>
- <\!-\- The rest of the subsystems here \-->
- [...]
- </profile>
- <profilename="bigger">
- <subsystemxmlns="urn:jboss:domain:web:1.0">
- <connectorname="http"scheme="http"protocol="HTTP/1.1"socket-binding="http"/>
- [...]
- </subsystem>
- <\!-\- The same subsystems as defined by 'default' here \-->
- [...]
- <subsystemxmlns="urn:jboss:domain:fictional-example:1.0">
- <socket-to-usename="unique-to-bigger"/>
- </subsystem>
- </profile>
-</profiles>
-
-
-
-
~(See domain/configuration/domain.xml)~
-Here we have two profiles. The bigger profile contains all the same
-subsystems as the default profile (although the parameters for the
-various subsystems could be different in each profile), and adds the
-fictional-example subsystem which references the unique-to-bigger
-socket binding.
server-one and server-two both are associated with
-main-server-group so that means they both run the subsystems defined
-by the default profile, and have the socket bindings defined by the
-standard-sockets socket binding group. Since all the servers defined
-by a host will be run on the same physical host we would get port
-conflicts unless we used
-<socket-binding-group ref="standard-sockets" port-offset="150"/> for
-server-two. This means that server-two will use the socket bindings
-defined by standard-sockets but it will add 150 to each port number
-defined, so the value used for http will be 8230 for server-two.
-
-
-
server-three will not be started due to its auto-start="false". The
-default value if no auto-start is given is true so both server-one
-and server-two will be started when the host controller is started.
-server-three belongs to other-server-group, so if its auto-start
-were changed to true it would start up using the subsystems from the
-bigger profile, and it would use the bigger-sockets socket binding
-group.
~(See domain/configuration/host.xml)~
-From the preceding examples we can see that we also had a jvm
-reference at server group level in the Domain Controller. The jvm’s name
-must match one of the definitions in the Host Controller. The values
-supplied at Domain Controller and Host Controller level are combined,
-with the Host Controller taking precedence if the same parameter is
-given in both places.
-
-
-
Finally, as seen, we can also override the jvm at server level. Again,
-the jvm’s name must match one of the definitions in the Host Controller.
-The values are combined with the ones coming in from Domain
-Controller and Host Controller level, this time the server definition
-takes precedence if the same parameter is given in all places.
-
-
-
Following these rules the jvm parameters to start each server would be
To start up a WildFly managed domain, execute the
-$JBOSS_HOME/bin/domain.sh script. To start up a standalone server,
-execute the $JBOSS_HOME/bin/standalone.sh. With no arguments, the
-default configuration is used. You can override the default
-configuration by providing arguments on the command line, or in your
-calling script.
This command starts up a standalone server instance using a non-standard
-AS home directory and a custom configuration directory. For specific
-information about system properties, refer to the definitions below.
-
-
-
Instead of passing the parameters directly, you can put them into a
-properties file, and pass the properties file to the script, as in the
-two examples below.
Note however, that properties set this way are not processed as part of
-JVM launch. They are processed early in the boot process, but this
-mechanism should not be used for setting properties that control JVM
-behavior (e.g. java.net.perferIPv4Stack) or the behavior of the JBoss
-Modules classloading system.
-
-
-
The syntax for passing in parameters and properties files is the same
-regardless of whether you are running the domain.sh, standalone.sh,
-or the Microsoft Windows scripts domain.bat or standalone.bat.
-
-
-
The properties file is a standard Java property file containing
-key=value pairs:
System properties can also be set via the xml configuration files. Note
-however that for a standalone server properties set this way will not be
-set until the xml configuration is parsed and the commands created by
-the parser have been executed. So this mechanism should not be used for
-setting properties whose value needs to be set before this point.
The standalone and the managed domain modes each use a default
-configuration which expects various files and writable directories to
-exist in standard locations. Each of these standard locations is
-associated with a system property, which has a default value. To
-override a system property, pass its new value using the one of the
-mechanisms above. The locations which can be controlled via system
-property are:
For some command line arguments frequently used in previous major
-releases of WildFly, replacing the "=" in the above examples with a
-space is supported, for compatibility.
-
-
-
-
-b 192.168.100.10
-
-
-
-
If possible, use the -x=value syntax. New parameters will always
-support this syntax.
-
-
-
The sections below describe the command line parameter names that are
-available in standalone and domain mode.
Set the server’s running type to ADMIN_ONLY causing it
-to open administrative interfaces and accept management requests but not
-start other runtime services or accept end user requests.
-
-
-
--server-config -c
-
standalone.xml
-
A relative path which is interpreted
-to be relative to jboss.server.config.dir. The name of the configuration
-file to use.
-
-
-
--read-only-server-config
-
-
-
A relative path which is interpreted to
-be relative to jboss.server.config.dir. This is similar to
---server-config but if this alternative is specified the server will not
-overwrite the file when the management model is changed. However, a full
-versioned history is maintained of the file.
-
-
-
--graceful-startup
-
true
-
Start the servers in gracefully, queuing or cleanly rejecting incoming requests until the server is fully started.
-
-
-
--git-repo
-
-
-
remote Git repository URL to use for configuration directory and content repository content or local if only a local repository is to be used.
-
-
-
--git-branch
-
master
-
The Git branch or tag to be used. If a tag name is used then the future commits will go into the detached state.
-
-
-
--git-auth
-
-
-
A URL to an Elytron configuration file containing the credentials to be used for connecting to the Git repository.
Set the host controller’s running type to ADMIN_ONLY causing it to open
-administrative interfaces and accept management requests but not start servers or, if this
-host controller is the primary for the domain, accept incoming connections from secondary
-host controllers.
-
-
-
--domain-config -c
-
domain.xml
-
A relative path which is interpreted to
-be relative to jboss.domain.config.dir. The name of the domain wide
-configuration file to use.
-
-
-
--read-only-domain-config
-
-
-
A relative path which is interpreted to
-be relative to jboss.domain.config.dir. This is similar to
---domain-config but if this alternative is specified the host
-controller will not overwrite the file when the management model is
-changed. However, a full versioned history is maintained of the file.
-
-
-
--host-config
-
host.xml
-
A relative path which is interpreted to be
-relative to jboss.domain.config.dir. The name of the host-specific
-configuration file to use.
-
-
-
--read-only-host-config
-
-
-
A relative path which is interpreted to be
-relative to jboss.domain.config.dir. This is similar to --host-config
-but if this alternative is specified the host controller will not
-overwrite the file when the management model is changed. However, a full
-versioned history is maintained of the file.
-
-
-
-
-
The following parameters take no value and are only usable on secondary host
-controllers (i.e. hosts configured to connect to a remote domain
-controller.)
-
-
-
-
-
-
-
-
-
Name
-
Function
-
-
-
-
-
--backup
-
Causes the secondary host controller to create and maintain a
-local copy (domain.cached-remote.xml) of the domain configuration. If
-ignore-unused-configuration is unset in host.xml,a complete copy of the
-domain configuration will be stored locally, otherwise the configured
-value of ignore-unused-configuration in host.xml will be used. (See
-ignore-unused-configuration for more details.)
-
-
-
--cached-dc
-
If the secondary host controller is unable to contact the
-domain controller to get its configuration at boot, this option
-will allow the secondary host controller to boot and become operational using
-a previously cached copy of the domain configuration
-(domain.cached-remote.xml.) If the cached configuration is not present,
-this boot will fail. This file is created using one of the
-following methods:- A previously successful connection to the
-domain controller using --backup or --cached-dc.- Copying the domain
-configuration from an alternative host to
-domain/configuration/domain.cached-remote.xml.The unavailable
-domain controller will be polled periodically for availability, and once
-becoming available, the secondary host controller will reconnect to the
-domain controller and synchronize the domain configuration. During
-the interval the domain controller is unavailable, the secondary host
-controller will not be able to make any modifications to the domain
-configuration, but it may launch servers and handle requests to deployed
-applications etc.
WildFly binds sockets to the IP addresses and interfaces contained in
-the <interfaces> elements in standalone.xml, domain.xml and
-host.xml. (See
-Interfaces
-and
-Socket
-Bindings for further information on these elements.) The standard
-configurations that ship with WildFly includes two interface
-configurations:
Those configurations use the values of system properties
-jboss.bind.address.management and jboss.bind.address if they are
-set. If they are not set, 127.0.0.1 is used for each value.
-
-
-
As noted in
-Common
-Parameters, the AS supports the -b and -b<name> command line
-switches. The only function of these switches is to set system
-properties jboss.bind.address and jboss.bind.address.<name>
-respectively. However, because of the way the standard WildFly
-configuration files are set up, using the -b switches can indirectly
-control how the AS binds sockets.
-
-
-
If your interface configurations match those shown above, using this
-as your launch command causes all sockets associated with interface
-named "public" to be bound to 192.168.100.10.
-
-
-
-
$JBOSS_HOME/bin/standalone.sh -b=192.168.100.10
-
-
-
-
In the standard config files, public interfaces are those not associated
-with server management. Public interfaces handle normal end-user
-requests.
-
-
-
-
-
-
-
-
-The interface named "public" is not inherently special. It is provided
-as a convenience. You can name your interfaces to suit your environment.
-
-
-
-
-
-
To bind the public interfaces to all IPv4 addresses (the IPv4 wildcard
-address), use the following syntax:
-
-
-
-
$JBOSS_HOME/bin/standalone.sh -b=0.0.0.0
-
-
-
-
You can also bind the management interfaces, as follows:
In the standard config files, management interfaces are those sockets
-associated with server management, such as the socket used by the CLI,
-the HTTP socket used by the admin console, and the JMX connector socket.
-
-
-
-
-
-
-
-
-The -b switch only controls the interface bindings because the
-standard config files that ship with WildFly sets things up that way. If
-you change the <interfaces> section in your configuration to no longer
-use the system properties controlled by -b, then setting -b in your
-launch command will have no effect.
-
-
-
-
-
-
For example, this perfectly valid setting for the "public" interface
-causes -b to have no effect on the "public" interface:
The key point is the contents of the configuration files determine the
-configuration. Settings like-bare not overrides of the
-configuration files. They only provide a shorter syntax for setting a
-system properties that may or may not be referenced in the configuration
-files. They are provided as a convenience, and you can choose to modify
-your configuration to ignore them.
WildFly may use multicast communication for some services, particularly
-those involving high availability clustering. The multicast addresses
-and ports used are configured using the socket-binding elements in
-standalone.xml and domain.xml. (See
-Socket
-Bindings for further information on these elements.) The standard HA
-configurations that ship with WildFly include two socket binding
-configurations that use a default multicast address:
Those configurations use the values of system property
-jboss.default.multicast.address if it is set. If it is not set,
-230.0.0.4 is used for each value. (The configuration may include other
-socket bindings for multicast-based services that are not meant to use
-the default multicast address; e.g. a binding the mod-cluster services
-use to communicate on a separate address/port with Apache httpd
-servers.)
-
-
-
As noted in
-Common Parameters, the AS supports the -u command line switch. The only
-function of this switch is to set system property jboss.default.multicast.address. However, because of the way the
-standard AS configuration files are set up, using the -u switches can indirectly control how the AS uses multicast.
-
-
-
If your socket binding configurations match those shown above, using
-this as your launch command causes the service using those sockets
-configurations to be communicate over multicast address 230.0.1.2.
-
-
-
-
$JBOSS_HOME/bin/standalone.sh -u=230.0.1.2
-
-
-
-
-
-
-
-
-
-As with the -b switch, the -u switch only controls the multicast
-address used because the standard config files that ship with WildFly
-sets things up that way. If you change the <socket-binding> sections
-in your configuration to no longer use the system properties controlled
-by -u, then setting -u in your launch command will have no effect.
-
WildFly introduces the ability to suspend and resume servers. This can
-be combined with shutdown to enable the server to gracefully finish
-processing all active requests and then shut down. When a server is
-suspended it will immediately stop accepting new requests, but wait for
-existing requests to complete. A suspended server can be resumed at any
-point, and will begin processing requests immediately. Suspending and
-resuming has no effect on deployment state (e.g. if a server is
-suspended singleton Jakarta Enterprise Beans’s will not be destroyed). As of WildFly 11 it is
-also possible to start a server in suspended mode which means it will
-not accept requests until it has been resumed. Servers will also be
-suspended during the boot process, so no requests will be accepted until
-the startup process is 100% complete.
-
-
-
Suspend/Resume has no effect on management operations; management
-operations can still be performed while a server is suspended. If you
-wish to perform a management operation that will affect the operation of
-the server you can suspend the server, perform the operation, and then
-resume the server. This allows all requests to finish, and makes sure
-that no requests are running while the management changes are taking
-place.
-
-
-
-
-
-
-
-
-
-
If you perform a management operation while the server is suspended,
-and the response to that operation includes the
-operation-requires-reload or operation-requires-restart response
-headers, then the operation will not take full effect until that
-reload or restart is done. Simply resuming the server will not be
-sufficient to cause the change to take effect.
-
-
-
-
-
-
-
When a server is suspending it goes through four different states:
-
-
-
-
-
RUNNING - The normal state, the server is accepting requests and
-running normally
-
-
-
PRE_SUSPEND - In PRE_SUSPEND the server will notify external parties
-that it is about to suspend, for example mod_cluster will notify the
-load balancer that the deployment is suspending. Requests are still
-accepted in this phase.
-
-
-
SUSPENDING - All new requests are rejected, and the server is
-waiting for all active requests to finish. If there are no active
-requests at suspend time this phase will be skipped.
-
-
-
SUSPENDED - All requests have completed, and the server is
-suspended.
In order to start into suspended mode when using a standalone server you
-need to add --start-mode=suspend to the command line. It is also
-possible to specify the start-mode in the reload operation to cause
-the server to reload into suspended mode (other possible values for
-start-mode are normal and admin-only).
-
-
-
In domain mode servers can be started in suspended mode by passing the
-suspend=true parameter to any command that causes a server to start,
-restart or reload (e.g. :start-servers(suspend=true)).
WildFly introduces a new subsystem called the Request Controller
-Subsystem. This optional subsystem tracks all requests at their entry
-point, which is how the graceful shutdown mechanism knows when all requests
-are done. (It also allows you to provide a global limit on the total
-number of running requests).
-
-
-
If this subsystem is not present suspend/resume will be limited. In
-general things that happen in the PRE_SUSPEND phase will work as normal
-(stopping message delivery, notifying the load balancer); however the
-server will not wait for all requests to complete and instead will move
-straight to SUSPENDED mode.
-
-
-
There is a small performance penalty associated with the request
-controller subsystem (about on par with enabling statistics), so if you
-do not require the suspend/resume functionality this subsystem can be
-removed to get a small performance boost.
Suspend/Resume is a service provided by the WildFly platform that any
-subsystem may choose to integrate with. Some subsystems integrate
-directly with the suspend controller, while others integrate through the
-request controller subsystem.
-
-
-
The following subsystems support graceful shutdown. Note that only
-subsystems that provide an external entry point to the server need
-graceful shutdown support. For example the Jakarta RESTful Web Services subsystem does not
-require suspend/resume support as all access to Jakarta RESTful Web Services is through the
-web connector.
-
-
-
-
-
Undertow - Undertow will wait for all requests to finish.
-
-
-
mod_cluster - The mod_cluster subsystem will notify the load
-balancer that the server is suspending in the PRE_SUSPEND phase.
-
-
-
Jakarta Enterprise Beans - Jakarta Enterprise Beans will wait
-for all remote Jakarta Enterprise Beans requests and MDB message
-deliveries to finish. Delivery to MDB’s is stopped in the PRE_SUSPEND
-phase. Jakarta Enterprise Beans timers are suspended, and missed timers will be activated
-when the server is resumed.
-
-
-
Batch - Batch jobs will be stopped at a checkpoint while the server
-is suspending. They will be restarted from that checkpoint when the
-server returns to running mode.
-
-
-
EE Concurrency - The server will wait for all active jobs to finish.
-All jobs that have already been queued will be skipped.
-
-
-
Transactions - The transaction subsystem waits for all running
-transactions to finish while the server is suspending. During that time
-the server refuses to start any new transaction. But any in-flight
-transaction will be serviced - e.g. the server will accept any
-incoming remote call which carries the context of a transaction already
-started at the suspending server.
When you work with Jakarta Enterprise Beans you have to enable the graceful shutdown
-functionality by setting the attribute enable-graceful-txn-shutdown to
-true. For example, in the ejb3 subsystem section of standalone.xml:
-
-
-
-
<enable-graceful-txn-shutdownvalue="false"/>
-
-
-
-
By default graceful shutdown is disabled for the ejb subsystem.
-The reason for this is that the behavior might be unwelcome in cluster
-environments, as the server notifies remote clients that the node is no
-longer available for remote calls only after the transactions are
-finished. During that brief window of time, the client of a cluster may
-send a new request to a node that is shutting down and it will refuse the
-request because it is not related to an existing transaction.
-If this attribute enable-graceful-txn-shutdown is set to false, we
-disable the graceful behavior and Jakarta Enterprise Beans clients will not attempt to invoke
-the node when it suspends, regardless of active transactions.
Suspend/Resume can be controlled via the following CLI operations
-and commands in standalone mode:
-
-
-
:suspend(suspend-timeout=x)
-
-
-
Suspends the server. If the timeout is specified it will wait in the
-SUSPENDING phase up to the specified number of seconds for all requests
-to finish. If there is no timeout specified or the value is less than
-zero it will wait indefinitely.
-
-
-
:resume
-
-
-
Resumes a previously suspended server. The server should be able to
-begin serving requests immediately.
-
-
-
:read-attribute(name=suspend-state)
-
-
-
Returns the current suspend state of the server.
-
-
-
shutdown --suspend-timeout=x
-
-
-
If a timeout parameter is passed to the shutdown command then a graceful
-shutdown will be performed. The server will be suspended, and will wait
-in SUSPENDING state up to the specified number of seconds for all requests
-to finish before shutting down. A timeout value of less than zero means
-it will wait indefinitely.
Note that even though the host controller itself is being shut down, the suspend-timeout attribute for the shutdown operation at host level is applied to the servers only and not to the host controller itself.
If you use an OS signal like TERM to shut down your WildFly standalone server
-process, e.g. via kill -15 <pid>, the WildFly server will shut down gracefully.
-By default, the behavior will be analogous to a CLI shutdown --suspend-timeout=0 command;
-that is the process will not wait in SUSPENDING state for in-flight requests to
-complete before proceeding to SUSPENDED state and then shutting down. A different
-timeout can be configured by setting the org.wildfly.sigterm.suspend.timeout
-system property. The value of the property should be an integer indicating the maximum
-number of seconds to wait for in-flight requests to complete. A value of -1 means
-the server should wait indefinitely.
-
-
-
Graceful shutdown via an OS signal will not work if the server JVM is configured
-to disable signal handling (i.e. with the -Xrs argument to java). It also won’t
-work if the method used to terminate the process doesn’t result in a signal the
-JVM can respond to (e.g. kill -9).
-
-
-
In a managed domain, Process Controller and Host Controller processes will not attempt
-any sort of graceful shutdown in response to a signal. A domain mode server may, but
-the proper way to control the lifecycle of a domain mode server process is via the
-management API and its managing Host Controller, not via direct signals to the server
-process.
By default, WildFly starts up gracefully, meaning that incoming requests are queued or cleanly rejected
-until the server is ready to process them. In some instances, though, it may be desirable to allow the
-server to begin to process requests at the earliest possible moment. One such example might be
-when two deployed applications need to interact with one another during the deployment or
-application startup. In one such scenario, Application A needs to make a REST request to
-Application B to get information vital to its own startup. Under a graceful startup, the request
-to Application B will block until the server is fully started. However, the server can’t fully
-start, as Application A is waiting for data from Application B before its deploy/startup can
-complete. In this situation, a deadlock occurs, and the server startup times out.
-
-
-
A non-graceful startup is intended to address this situation in that it will allow WildFly to
-begin attempting to answer requests as soon as possible. In the scenario above, assuming
-Application B has successfully deployed/started, Application A can also start immediately, as its
-request will be fulfilled. Note, however, that a race condition can occur: if Application B is
-not yet deployed (e.g., the deploy order is incorrect, or B has not finished starting), then
-Application A may still fail to start since Application B is not available. WildFly users making
-use of non-graceful startups must be aware of this and take steps to remedy those scenarios. With
-a non-graceful startup, however, WildFly will no longer be the cause of a deployment failure in
-such a configuration.
-
-
-
Some discussion here of how this relates to reloading and restarting, as well as to suspended starts, is
-important. When reloading, the ApplicationServerService is stopped, and a new one started. It is equivalent
-to if it was being started the first time: all the same stuff happens, but it happens faster because a lot of
-classloading and static initialization doesn’t have to happen again. This includes honoring the value of
-graceful-startup, so if the server was initially started non-gracefully, it will be reloaded in the same manner.
-
-
-
Restarting the server is similar. A restart means a new JVM, so all the initialization happens again, exactly
-as it did on the first start. When restarting in domain mode, the Host Controller simply rereads the config
-file and does the same thing it did the first time. In standalone, the restart is driven by standalone.[sh|ps1|bat].
-The running JVM exits with a specific exit code, which the script recognizes and starts a new server, using the
-same parameters as the first start, so if you start a server non-gracefully, you will restart a server
-non-gracefully.
-
-
-
Finally, there’s start-mode=suspend. In the event that an administrator specifies a suspended start as well as a
-non-graceful start, the suspended start will "win". That is to say, the server will start in a suspended mode,
-the graceful-start=false will be disregarded, and the server will log a message indicating that this is happening.
Starting a standalone server is done through the bin/standalone.sh
-script. However in a managed domain server instances are managed by the
-domain controller and need to be started through the management layer:
-
-
-
First of all, get to know which servers are configured on a particular
-host:
Configuration of the JVM settings is different for a managed domain and
-a standalone server. In a managed domain, the domain controller
-components are responsible for starting and stopping server processes and
-hence determine the JVM settings. For a standalone server, it’s the
-responsibility of the process that started the server (e.g. passing them
-as command line arguments).
In a managed domain the JVM settings can be declared at different
-scopes: For a specific server group, for a host or for a particular
-server. If not declared, the settings are inherited from the parent
-scope. This allows you to customize or extend the JVM settings within
-every layer.
-
-
-
Let’s take a look at the JVM declaration for a server group:
In this example the server group "main-server-group" declares a heap
-size of 64m and a maximum heap size of 512m. Any server that belongs
-to this group will inherit these settings. You can change these settings
-for the group as a whole, or a specific server or host:
The Controlling filesystem locations with system properties section describes the available system properties associated with relevant WildFly file system paths. In addition to all the domain mode properties, the following server specific properties are also available for resolution as JVM options:
-
-
-
-
-
jboss.server.base.dir
-
-
-
jboss.server.log.dir
-
-
-
jboss.server.data.dir
-
-
-
jboss.server.temp.dir
-
-
-
-
-
This ability is useful when you need to configure JVM settings without specifying a specific server name. For example, if you want to redirect the GC logging to a file to the default log server directory, you can configure the following JVM option at host level:
For a standalone sever you have to pass in the JVM settings either as
-command line arguments when executing the
-$JBOSS_HOME/bin/standalone.sh script, or by declaring them in
-$JBOSS_HOME/bin/standalone.conf. (For Windows users, the script to
-execute is %JBOSS_HOME%/bin/standalone.bat while the JVM settings can
-be declared in %JBOSS_HOME%/bin/standalone.conf.bat.)
WildFly comes with audit logging built in for management operations
-affecting the management model. By default it is turned off. The
-information is output as JSON records.
-
-
-
The default configuration of audit logging in standalone.xml looks as
-follows:
Audit data are stored in standalone/data/audit-log.log.
-
-
-
-
-
-
-
-
-The audit logging subsystem has a lot of internal dependencies, and it
-logs operations changing, enabling and disabling its components. When
-configuring or changing things at runtime it is a good idea to make
-these changes as part of a CLI batch. For example if you are adding a
-syslog handler you need to add the handler and its information as one
-step. Similarly if you are using a file handler, and want to change its
-path and relative-to attributes, that needs to happen as one step.
-
The first thing that needs configuring is the formatter, we currently
-support outputting log records as JSON. You can define several
-formatters, for use with different handlers. A log record has the
-following format, and it is the formatter’s job to format the data
-presented:
It includes an optional timestamp and then the following information in
-the json record
-
-
-
-
-
-
-
-
-
Field name
-
Description
-
-
-
-
-
type
-
This can have the values core, meaning it is a management
-operation, or jmx meaning it comes from the jmx subsystem (see the jmx
-subsystem for configuration of the jmx subsystem’s audit logging)
-
-
-
r/o
-
true if the operation does not change the management model, false
-otherwise
-
-
-
booting
-
true if the operation was executed during the bootup process,
-false if it was executed once the server is up and running
-
-
-
version
-
The version number of the WildFly instance
-
-
-
user
-
The username of the authenticated user. In this case the
-operation has been logged via the CLI on the same machine as the running
-server, so the special $local user is used
-
-
-
domainUUID
-
An ID to link together all operations as they are
-propagated from the Domain Controller to its servers, secondary Host
-Controllers, and secondary Host Controller servers
-
-
-
access
-
This can have one of the following values:*NATIVE - The
-operation came in through the native management interface, for example
-the CLI*HTTP - The operation came in through the domain HTTP interface,
-for example the admin console*JMX - The operation came in through the
-JMX subsystem. See JMX for how to configure audit logging for JMX.
-
-
-
remote-address
-
The address of the client executing this operation
-
-
-
success
-
true if the operation succeeded, false if it was rolled back
-
-
-
ops
-
The operations being executed. This is a list of the operations
-serialized to JSON. At boot this will be all the operations resulting
-from parsing the xml. Once booted the list will typically just contain a
-single entry
-
-
-
-
-
The json formatter resource has the following attributes:
-
-
-
-
-
-
-
-
-
Attribute
-
Description
-
-
-
-
-
include-date
-
Boolan toggling whether or not to include the timestamp
-in the formatted log records
-
-
-
date-separator
-
A string containing characters to separate the date and
-the rest of the formatted log message. Will be ignored if
-include-date=false
-
-
-
date-format
-
The date format to use for the timestamp as understood by
-java.text.SimpleDateFormat. Will be ignored if include-date=false
-
-
-
compact
-
If true will format the JSON on one line. There may still be
-values containing new lines, so if having the whole record on one line
-is important, set escape-new-line or escape-control-characters to true
-
-
-
escape-control-characters
-
If true it will escape all control
-characters (ascii entries with a decimal value < 32) with the ascii code
-in octal, e.g. a new line becomes '#012'. If this is true, it will
-override escape-new-line=false
-
-
-
escape-new-line
-
If true it will escape all new lines with the ascii
-code in octal, e.g. "#012".
A handler is responsible for taking the formatted data and logging it to
-a location. There are currently two types of handlers, File and Syslog.
-You can configure several of each type of handler and use them to log
-information.
The file handlers log the audit log records to a file on the server. The
-attributes for the file handler are
-
-
-
-
-
-
-
-
-
-
Attribute
-
Description
-
Read Only
-
-
-
-
-
formatter
-
The name of a JSON formatter to use to format the log
-records
-
false
-
-
-
path
-
The path of the audit log file
-
false
-
-
-
relative-to
-
The name of another previously named path, or of one of
-the standard paths provided by the system. If relative-to is provided,
-the value of the path attribute is treated as relative to the path
-specified by this attribute
-
false
-
-
-
failure-count
-
The number of logging failures since the handler was
-initialized
-
true
-
-
-
max-failure-count
-
The maximum number of logging failures before
-disabling this handler
-
false
-
-
-
disabled-due-to-failure
-
true if this handler was disabled due to
-logging failures
-
true
-
-
-
-
-
In our standard configuration path=audit-log.log and
-relative-to=jboss.server.data.dir, typically this will be
-$JBOSS_HOME/standalone/data/audit-log.log
The default configuration does not have syslog audit logging set up.
-Syslog is a better choice for audit logging since you can log to a
-remote syslog server, and secure the authentication to happen over TLS
-with client certificate authentication. Syslog servers vary a lot in
-their capabilities so not all settings in this section apply to all
-syslog servers. We have tested with rsyslog.
The syslog handler resource has the following attributes:
-
-
-
-
-
-
-
-
-
-
formatter
-
The name of a JSON formatter to use to format the log
-records
-
false
-
-
-
-
-
failure-count
-
The number of logging failures since the handler was
-initialized
-
true
-
-
-
max-failure-count
-
The maximum number of logging failures before
-disabling this handler
-
false
-
-
-
disabled-due-to-failure
-
true if this handler was disabled due to
-logging failures
-
true
-
-
-
syslog-format
-
Whether to set the syslog format to the one specified in
-RFC-5424 or RFC-3164
-
false
-
-
-
max-length
-
The maximum length in bytes a log message, including the
-header, is allowed to be. If undefined, it will default to 1024 bytes if
-the syslog-format is RFC3164, or 2048 bytes if the syslog-format is
-RFC5424.
-
false
-
-
-
truncate
-
Whether or not a message, including the header, should
-truncate the message if the length in bytes is greater than the maximum
-length. If set to false messages will be split and sent with the same
-header values
-
false
-
-
-
-
-
When adding a syslog handler you also need to add the protocol it will
-use to communicate with the syslog server. The valid choices for
-protocol are UDP, TCP and TLS. The protocol must be added at the
-same time as you add the syslog handler, or it will fail. Also, you can
-only add one protocol for the handler.
Configures the handler to use UDP to communicate with the syslog server.
-The address of the UDP resource is
-/core-service=management/access=audit/syslog-handler=*/protocol=udp.
-The attributes of the UDP resource are:
-
-
-
-
-
-
-
-
-
Attribute
-
Description
-
-
-
-
-
host
-
The host of the syslog server for the udp requests
-
-
-
port
-
The port of the syslog server listening for the udp requests
Configures the handler to use TCP to communicate with the syslog server.
-The address of the TCP resource is
-/core-service=management/access=audit/syslog-handler=*/protocol=tcp.
-The attributes of the TCP resource are:
-
-
-
-
-
-
-
-
-
Attribute
-
Description
-
-
-
-
-
host
-
The host of the syslog server for the tcp requests
-
-
-
port
-
The port of the syslog server listening for the tcp requests
-
-
-
message-transfer
-
The message transfer setting as described in section
-3.4 of RFC-6587. This can either be OCTET_COUNTING as described in
-section 3.4.1 of RFC-6587, or NON_TRANSPARENT_FRAMING as described in
-section 3.4.1 of RFC-6587
Configures the handler to use TLC to communicate securely with the
-syslog server. The address of the TLS resource is
-/core-service=management/access=audit/syslog-handler=*/protocol=tls.
-The attributes of the TLS resource are the same as for TCP:
-
-
-
-
-
-
-
-
-
Attribute
-
Description
-
-
-
-
-
host
-
The host of the syslog server for the tls requests
-
-
-
port
-
The port of the syslog server listening for the tls requests
-
-
-
message-transfer
-
The message transfer setting as described in section
-3.4 of RFC-6587. This can either be OCTET_COUNTING as described in
-section 3.4.1 of RFC-6587, or NON_TRANSPARENT_FRAMING as described in
-section 3.4.1 of RFC-6587
-
-
-
-
-
If the syslog server’s TLS certificate is not signed by a certificate
-signing authority, you will need to set up a truststore to trust the
-certificate. The resource for the trust store is a child of the TLS
-resource, and the full address is
-/core-service=management/access=audit/syslog-handler=*/protocol=tls/authentication=truststore.
-The attributes of the truststore resource are:
-
-
-
-
-
-
-
-
-
Attribute
-
Description
-
-
-
-
-
keystore-password
-
The password for the truststore
-
-
-
keystore-path
-
The path of the truststore
-
-
-
keystore-relative-to
-
The name of another previously named path, or of
-one of the standard paths provided by the system. If
-keystore-relative-to is provided, the value of the keystore-path
-attribute is treated as relative to the path specified by this attribute
If you have set up the syslog server to require client certificate
-authentication, when creating your handler you will also need to set up
-a client certificate store containing the certificate to be presented to
-the syslog server. The address of the client certificate store resource
-is
-/core-service=management/access=audit/syslog-handler=*/protocol=tls/authentication=client-certificate-store
-and its attributes are:
-
-
-
-
-
-
-
-
-
Attribute
-
Description
-
-
-
-
-
keystore-password
-
The password for the keystore
-
-
-
key-password
-
The password for the keystore key
-
-
-
keystore-path
-
The path of the keystore
-
-
-
keystore-relative-to
-
The name of another previously named path, or of
-one of the standard paths provided by the system. If
-keystore-relative-to is provided, the value of the keystore-path
-attribute is treated as relative to the path specified by this attribute
The final part that needs configuring is the logger for the management
-operations. This references one or more handlers and is configured at
-/core-service=management/access=audit/logger=audit-log. The attributes
-for this resource are:
-
-
-
-
-
-
-
-
-
Attribute
-
Description
-
-
-
-
-
enabled
-
true to enable logging of the management operations
-
-
-
log-boot
-
true to log the management operations when booting the
-server, false otherwise
-
-
-
log-read-only
-
If true all operations will be audit logged, if false
-only operations that change the model will be logged
-
-
-
-
-
Then which handlers are used to log the management operations are
-configured as handler=* children of the logger.
In domain mode audit logging is configured for each host in its
-host.xml file. This means that when connecting to the DC, the
-configuration of the audit logging is under the host’s entry, e.g. here
-is the default configuration:
We now have two file handlers, one called host-file used to configure
-the file to log management operations on the host, and one called
-server-file used to log management operations executed on the servers.
-Then logger=audit-log is used to configure the logger for the host
-controller, referencing the host-file handler.
-server-logger=audit-log is used to configure the logger for the
-managed servers, referencing the server-file handler. The attributes
-for server-logger=audit-log are the same as for
-server-logger=audit-log in the previous section. Having the host
-controller and server loggers configured independently means we can
-control audit logging for managed servers and the host controller
-independently.
An operation is considered to be not proceeding normally if it has been
-executing with the exclusive operation lock held for longer than 15
-seconds. Read-only operations do not acquire the exclusive operation
-lock, so this operation will not cancel read-only operations. Operations
-blocking waiting for another operation to release the exclusive lock
-will also not be cancelled.
-
-
-
If there isn’t any operation that is failing to proceed normally, there
-will be a failure response:
-
-
-
-
[standalone@localhost:9990 /] /core-service=management/service=management-operations:cancel-non-progressing-operation
-{
- "outcome" => "failed",
- "failure-description" => "WFLYDM0089: No operation was found that has been holding the operation execution write lock for long than [15] seconds",
- "rolled-back" => true
-}
The mechanism used to submit a request to the server.
-NATIVE, JMX, HTTP
-
-
-
address
-
The address of the resource targeted by the operation. The
-value in the final element of the address will be '<hidden>' if the
-caller is not authorized to address the operation’s target resource.
-
-
-
caller-thread
-
The name of the thread that is executing the operation.
-
-
-
cancelled
-
Whether the operation has been cancelled.
-
-
-
exclusive-status
-
Amount of time in nanoseconds the operation has
-been executing with the exclusive operation execution lock held, or -1
-if the operation does not hold the exclusive execution lock.
-
-
-
execution-status
-
The current activity of the operation. See below for
-details.
-
-
-
operation
-
The name of the operation, or '<hidden>' if the caller is
-not authorized to address the operation’s target resource.
-
-
-
running-time
-
Amount of time the operation has been executing, in
-nanoseconds.
-
-
-
-
-
The following are the values for the exclusive-running-time attribute:
-
-
-
-
-
-
-
-
-
Value
-
Meaning
-
-
-
-
-
executing
-
The caller thread is actively executing
-
-
-
awaiting-other-operation
-
The caller thread is blocking waiting for
-another operation to release the exclusive execution lock
-
-
-
awaiting-stability
-
The caller thread has made changes to the service
-container and is waiting for the service container to stabilize
-
-
-
completing
-
The operation is committed and is completing execution
-
-
-
rolling-back
-
The operation is rolling back
-
-
-
-
-
All currently executing operations can be viewed in one request using
-the read-children-resources operation:
The cancel-non-progressing-operation operation is a convenience
-operation for identifying and canceling an operation. However, an
-administrator can examine the active-operation resources to identify any
-operation, and then directly cancel it by invoking the cancel
-operation on the resource for the desired operation.
As an operation executes, the execution thread may block at various
-points, particularly while waiting for the service container to
-stabilize following any changes. Since an operation may be holding the
-exclusive execution lock while blocking, in WildFly execution behavior
-was changed to ensure that blocking will eventually time out, resulting
-in roll back of the operation.
-
-
-
The default blocking timeout is 300 seconds. This is intentionally long,
-as the idea is to only trigger a timeout when something has definitely
-gone wrong with the operation, without any false positives.
-
-
-
An administrator can control the blocking timeout for an individual
-operation by using the blocking-timeout operation header. For example,
-if a particular deployment is known to take an extremely long time to
-deploy, the default 300 second timeout could be increased:
Note the blocking timeout is not a guaranteed maximum execution time
-for an operation. If it only a timeout that will be enforced at various
-points during operation execution.
The management operations may modify the model. When this occurs the xml
-backing the model is written out again reflecting the latest changes. In
-addition a full history of the file is maintained. The history of the
-file goes in a separate directory under the configuration directory.
-
-
-
As mentioned in Command line parameters the default
-configuration file can be selected using a command-line parameter. For a
-standalone server instance the history of the active standalone.xml is
-kept in jboss.server.config.dir/standalone_xml_history (See
-Command line parameters#standalone_system_properties
-for more details). For a domain the active domain.xml and host.xml
-histories are kept in jboss.domain.config.dir/domain_xml_history and
-jboss.domain.config.dir/host_xml_history.
-
-
-
The rest of this section will only discuss the history for
-standalone.xml. The concepts are exactly the same for domain.xml and
-host.xml.
-
-
-
Within standalone_xml_history itself following a successful first time
-boot we end up with three new files:
-
-
-
-
-
standalone.initial.xml - This contains the original configuration
-that was used the first time we successfully booted. This file will
-never be overwritten. You may of course delete the history directory and
-any files in it at any stage.
-
-
-
standalone.boot.xml - This contains the original configuration that
-was used for the last successful boot of the server. This gets
-overwritten every time we boot the server successfully.
-
-
-
standalone.last.xml - At this stage the contents will be identical
-to standalone.boot.xml. This file gets overwritten each time the
-server successfully writes the configuration, if there was an unexpected
-failure writing the configuration this file is the last known successful
-write.
-
-
-
-
-
standalone_xml_history contains a directory called current which
-should be empty. Now if we execute a management operation that modifies
-the model, for example adding a new system property using the CLI:
The original configuration file is backed up to
-standalone_xml_history/current/standalone.v1.xml. The next change to
-the model would result in a file called standalone.v2.xml etc. The 100
-most recent of these files are kept.
-
-
-
The change is applied to the original configuration file
-
-
-
The changed original configuration file is copied to
-standalone.last.xml
-
-
-
-
-
When restarting the server, any existing
-standalone_xml_history/current directory is moved to a new timestamped
-folder within the standalone_xml_history, and a new current folder
-is created. These timestamped folders are kept for 30 days.
In addition to the backups taken by the server as described above you
-can manually take snapshots which will be stored in the snapshot
-folder under the _xml_history folder, the automatic backups described
-above are subject to automatic house keeping so will eventually be
-automatically removed, the snapshots on the other hand can be entirely
-managed by the administrator.
-
-
-
You may also take your own snapshots using the CLI:
In domain mode executing the snapshot operations against the root node
-will work against the domain model. To do this for a host model you need
-to navigate to the host in question:
For subsequent server starts it may be desirable to take the state of
-the server back to one of the previously known states, for a number of
-items an abbreviated reverence to the file can be used:
-
-
-
-
-
-
-
-
-
-
Abbreviation
-
Parameter
-
Description
-
-
-
-
-
initial
-
--server-config=initial
-
This will start the server using the
-initial configuration first used to start the server.
-
-
-
boot
-
--server-config=boot
-
This will use the configuration from the
-last successful boot of the server.
-
-
-
last
-
--server-config=last
-
This will start the server using the
-configuration backed up from the last successful save.
-
-
-
v?
-
--server-config=v?
-
This will server the _xml_history/current
-folder for the configuration where ? is the number of the backup to use.
-
-
-
-?
-
--server-config=-?
-
The server will be started after searching the
-snapshot folder for the configuration which matches this prefix.
-
-
-
-
-
In addition to this the --server-config parameter can always be used
-to specify a configuration relative to the jboss.server.config.dir and
-finally if no matching configuration is found an attempt to locate the
-configuration as an absolute path will be made.
To enhance the initial configuration file history we have now a native Git support to manage the configuration history. This feature goes a little farther than the initial configuration file history in that it also manages content repository content and all the configuration files (such as properties). This feature only work for standalone servers using the default directory layout.
-
-
-
As mentioned in Command line parameters we support the usage of a remote Git repository to pull the configuration from or create or use a local Git repository.
-In fact if a .git directory exists under jboss.server.base.dir then using Git for managing configuration files will be automatically activated.
-Each modification of the content or the configuration will result in a new commit when the operation is successful and there are changes to commit. If there is an authenticated user then it will be stored as the author of the commit.
-Please note that this is a real Git repository so using a native Git client you can manipulate it.
-
-
-
Now if we execute a management operation that modifies
-the model, for example adding a new system property using the CLI:
Starting the server with the option --git-repo=local will initiate a Git repository if none exists or use the current Git repository. When initiating the local Git repository a .gitignore file will be created and added to the initial commit.
-
-
-
If a --git-branch parameter is added then the repository will be checked out on the supplied branch. Please note that the branch will not be automatically created and must exist in the repository already. By default, if no parameter is specified, the branch master will be used.
If a remote Git repository is provided then the server will try to pull from it at boot. If this is the first time we are pulling then local files will be deleted to avoid the pull to fail because of the need to overwrite those existing files.
-The parameter for --git-repo can be a URL or a remote alias provided you have manually added it to the local git configuration.
-
-
-
If a --git-branch parameter is added then the branch will be pulled, otherwise it will default to master.
-
-
-
For example this is an elytron configuration file that you could use to connect to GitHub via the --git-auth parameter:
Sample command line to start the server using the standalone-full.xml file pulled from Github and being authenticated via the Elytron configuration file github-wildfly-config.xml:
In addition to the commits taken by the server as described above you
-can manually take snapshots which will be stored as tags in the Git repository.
-You can choose the tag name and the commit message attached to this tag.
-
-
-
You may also take your own snapshots using the CLI:
Users may also connect to an SSH git server. In order to connect to any SSH git server to manage your configuration file history, you must use an Elytron configuration
-file to specify your SSH credentials. The following example shows how to specify an SSH url and a wildfly-config.xml file
-containing SSH credentials:
This configuration indicates that the private key to be used for SSH authentication is in the file id_ec_test in the
-directory /home/user/git-persistence and the passphrase "secret" is needed to decrypt the key.
-
-
-
The ssh-credential accepts the following attributes:
-
-
-
-
-
ssh-directory - the path to the directory containing the private key file and the known hosts file. The default value
-is [user.home]/.ssh.
-
-
-
private-key-file - the name of the file containing the private key. The default private key file names used are: id_rsa,
-id_dsa, and id_ecdsa.
-
-
-
known-hosts-file - the name of the file containing the known SSH hosts you trust. The default value is known_hosts
-
-
-
-
-
One of the following child elements may also be used to specify the passphrase to be used to decrypt the private key (if applicable):
Along with the key-pair credential, if your known SSH hosts are not in ~/.ssh/known_hosts, you should specify an ssh-credential
-with the ssh-directory and known-hosts-file attributes defined to specify the location and name of your known hosts file.
-
-
-
When specifying keys in OpenSSH format, it is only necessary to specify the private key and the public key will be parsed
-from the private key string. When specifying key pairs in PKCS format, it is necessary to specify both the private and
-public keys using the following elements:
It is possible to specify your SSH credentials as a reference to a credential store entry.
-See: Adding a Credential
-to a credential store and Referencing Credentials
-stored in a credential store.
A common way to manage WildFly installations over time is to start with a standard configuration file (e.g. the out-of-the-box standalone.xml file that comes with each WildFly release) and then apply installation specific customizations to it (e.g. add datasource resources and Elytron security realm resources to integrate with the company’s own services). As the standard configuration file evolves over time (with new releases) the goal is to efficiently re-apply the installation specific customizations. Users have several ways to apply their customizations: edit the XML manually or with XML manipulation tools (neither of which is recommended), create jboss-cli scripts that you can run on each upgrade, or use WildFly’s YAML configuration file feature.
-
-
-
With the YAML configuration file approach, you provide one or more YAML files that specify the resources that you want WildFly to add to its running configuration, along with any configuration attribute values that should differ from what’s in standalone.xml. Using YAML files has advantages over using CLI scripts:
-
-
-
-
-
CLI scripts can be tricky to write as they usually aren’t idempotent. If you run a script that adds a datasource, that datasource is now in the standalone.xml file, so if you run the script again, it will fail due to attempting to add an existing resource. This can be worked around by using the --read-ony-server-config command line flag instead of the usual -c / --server-config. Or you can write more complex CLI scripts that check whether resources already exist before attempting to add them. Both of these approaches can work, but they can be tricky to do correctly. The YAML configuration file approach is idempotent. The WildFly server reads the YAML at boot and updates its running configuration, but it does not update the standalone.xml file, so the same thing can be done repeatedly.
-
-
-
Applying a CLI script usually involves launching a separate Java process (the WildFly CLI). Needing to do this can be a poor fit for configuration customization workflows. With the YAML configuration file approach, the WildFly server process itself process the YAML as part of boot.
Using the --yaml or -y argument you can pass a list of YAML files. Each path needs to be separated by the File.pathSeparator. It is a semicolon (;) on Windows and colon (:) on Mac and Unix-based operating systems.
-Paths can be absolute, relative to the current execution directory or relative to the standalone configuration directory.
This section is an in depth reference to the WildFly management API.
-Readers are encouraged to read the
-Management clients and
-Core management concepts sections
-for fundamental background information, as well as the
-Management tasks and
-Domain setup sections for key task oriented
-information. This section is meant as an in depth reference to delve
-into some of the key details.
Reads a management resource’s attribute values along with either basic
-or complete information about any child resources. Supports the following
-parameters, none of which are required:
-
-
-
-
-
recursive – (boolean, default is false) – whether to include
-complete information about child resources, recursively.
-
-
-
recursive-depth – (int) – The depth to which information about child
-resources should be included if recursive is true. If not set, the
-depth will be unlimited; i.e. all descendant resources will be included.
-
-
-
proxies – (boolean, default is false) – whether to include remote
-resources in a recursive query (i.e. host level resources from secondary
-Host Controllers in a query of the Domain Controller; running server
-resources in a query of a host).
-
-
-
include-runtime – (boolean, default is false) – whether to include
-runtime attributes (i.e. those whose value does not come from the
-persistent configuration) in the response.
-
-
-
include-defaults – (boolean, default is true) – whether to include
-in the result default values not set by users. Many attributes have a
-default value that will be used in the runtime if the users have not
-provided an explicit value. If this parameter is false the value for
-such attributes in the result will be undefined. If true the result
-will include the default value for such parameters.
Reads the value of an individual attribute. Takes a single, required,
-parameter:
-
-
-
-
-
name – (string) – the name of the attribute to read.
-
-
-
include-defaults – (boolean, default is true) – whether to include
-in the result default values not set by users. Many attributes have a
-default value that will be used in the runtime if the users have not
-provided an explicit value. If this parameter is false the value for
-such attributes in the result will be undefined. If true the result
-will include the default value for such parameters.
Sets the value of an individual attribute to the undefined value, if
-such a value is allowed for the attribute. The operation will fail if
-the undefined value is not allowed. Takes a single required parameter:
-
-
-
-
-
name – (string) – the name of the attribute to write.
Removes an element from the value of a list attribute, either the
-element at a specified index, or the first element whose value matches
-a specified value:
-
-
-
-
-
name – (string) – the name of the list attribute to add new value
-to.
-
-
-
value – (type depends on the element being written, optional) – the
-element to be removed. Optional and ignored if index is specified.
-
-
-
index – (int, optional) – index in the list whose element should be
-removed. By default it is undefined, meaning value should be
-specified.
-
-
-
-
-
This operation will fail if the specified attribute is not a list.
Empties the list attribute. It is different from :undefine-attribute
-as it results in attribute of type list with 0 elements, whereas
-:undefine-attribute results in an undefined value for the attribute
-
-
-
-
-
name – (string) – the name of the list attribute
-
-
-
-
-
This operation will fail if the specified attribute is not a list.
Empties the map attribute. It is different from :undefine-attribute as
-it results in attribute of type map with 0 entries, whereas
-:undefine-attribute results in an undefined value for the attribute
-
-
-
-
-
name – (string) – the name of the map attribute
-
-
-
-
-
This operation will fail if the specified attribute is not a map.
Returns the description of a resource’s attributes, types of children
-and, optionally, operations. Supports the
-following parameters, none of which are required:
-
-
-
-
-
recursive – (boolean, default is false) – whether to include
-information about child resources, recursively.
-
-
-
proxies – (boolean, default is false) – whether to include remote
-resources in a recursive query (i.e. host level resources from secondary
-Host Controllers in a query of the Domain Controller; running server
-resources in a query of a host)
-
-
-
operations – (boolean, default is false) – whether to include
-descriptions of the resource’s operations
-
-
-
inherited – (boolean, default is true) – if operations is
-true, whether to include descriptions of operations inherited from
-higher level resources. The global operations described in this section
-are themselves inherited from the root resource, so the primary effect
-of setting inherited to false is to exclude the descriptions of the
-global operations from the output.
Returns a list of the
-types of child resources the resource supports. Takes two optional
-parameters:
-
-
-
-
-
include-aliases – (boolean, default is false) – whether to include
-alias children (i.e. those which are aliases of other sub-resources) in
-the response.
-
-
-
include-singletons – (boolean, default is false) – whether to
-include singleton children (i.e. those are children that acts as
-resource aggregate and are registered with a wildcard name) in the
-response
-wildfly-dev
-discussion around this topic.
Returns information about all of a resource’s children that are of a
-given type.
-For each child resource, the returned information is equivalent to
-executing the read-resource operation on that resource. Takes the
-following parameters, of which only \{{child-type} is required:
-
-
-
-
-
child-type – (string) – the name of the type of child resource
-
-
-
recursive – (boolean, default is false) – whether to include
-complete information about child resources, recursively.
-
-
-
recursive-depth – (int) – The depth to which information about child
-resources should be included if recursive is \{{true}. If not set,
-the depth will be unlimited; i.e. all descendant resources will be
-included.
-
-
-
proxies – (boolean, default is false) – whether to include remote
-resources in a recursive query (i.e. host level resources from secondary
-Host Controllers in a query of the Domain Controller; running server
-resources in a query of a host)
-
-
-
include-runtime – (boolean, default is false) – whether to include
-runtime attributes (i.e. those whose value does not come from the
-persistent configuration) in the response.
-
-
-
include-defaults – (boolean, default is true) – whether to include
-in the result default values not set by users. Many attributes have a
-default value that will be used in the runtime if the users have not
-provided an explicit value. If this parameter is false the value for
-such attributes in the result will be undefined. If true the result
-will include the default value for such parameters.
Returns a list of attributes of a
-type for a given attribute group name. For each attribute the returned
-information is equivalent to executing the read-attribute operation of
-that resource. Takes the following parameters, of which only \{{name}
-is required:
-
-
-
-
-
name – (string) – the name of the attribute group to read.
-
-
-
include-defaults – (boolean, default is true) – whether to include
-in the result default values not set by users. Many attributes have a
-default value that will be used in the runtime if the users have not
-provided an explicit value. If this parameter is false the value for
-such attributes in the result will be undefined. If true the result
-will include the default value for such parameters.
-
-
-
include-runtime – (boolean, default is false) – whether to include
-runtime attributes (i.e. those whose value does not come from the
-persistent configuration) in the response.
-
-
-
include-aliases – (boolean, default is false) – whether to include
-alias attributes (i.e. those which are alias of other attributes) in the
-response.
Besides the global operations described above, by convention nearly
-every resource should expose an add operation and a remove
-operation. Exceptions to this convention are the root resource, and
-resources that do not store persistent configuration and are created
-dynamically at runtime (e.g. resources representing the JVM’s platform
-mbeans or resources representing aspects of the running state of a
-deployment.)
The operation that creates a new resource must be named add. The
-operation may take zero or more parameters; what those parameters are
-depends on the resource being created.
The management model exposed by WildFly is very large and complex. There
-are dozens, probably hundreds of logical concepts involved – hosts,
-server groups, servers, subsystems, datasources, web connectors, and on
-and on – each of which in a classic objected oriented API design could
-be represented by a Java type (i.e. a Java class or interface.)
-However, a primary goal in the development of WildFly’s native
-management API was to ensure that clients built to use the API had as
-few compile-time and run-time dependencies on JBoss-provided classes as
-possible, and that the API exposed by those libraries be powerful but
-also simple and stable. A management client running with the management
-libraries created for an earlier version of WildFly should still work if
-used to manage a later version domain. The management client libraries
-needed to be forward compatible.
-
-
-
It is highly unlikely that an API that consists of hundreds of Java
-types could be kept forward compatible. Instead, the WildFly management
-API is a detyped API. A detyped API is like decaffeinated coffee – it
-still has a little bit of caffeine, but not enough to keep you awake at
-night. WildFly’s management API still has a few Java types in it (it’s
-impossible for a Java library to have no types!) but not enough to keep
-you (or us) up at night worrying that your management clients won’t be
-forward compatible.
-
-
-
A detyped API works by making it possible to build up arbitrarily
-complex data structures using a small number of Java types. All of the
-parameter values and return values in the API are expressed using those
-few types. Ideally, most of the types are basic JDK types, like
-java.lang.String, java.lang.Integer, etc. In addition to the basic
-JDK types, WildFly’s detyped management API uses a small library called
-jboss-dmr. The purpose of this section is to provide a basic overview
-of the jboss-dmr library.
-
-
-
Even if you don’t use jboss-dmr directly (probably the case for all but
-a few users), some of the information in this section may be useful.
-When you invoke operations using the application server’s Command Line
-Interface, the return values are just the text representation of of a
-jboss-dmr ModelNode. If your CLI commands require complex parameter
-values, you may yourself end up writing the text representation of a
-ModelNode. And if you use the HTTP management API, all response bodies
-as well as the request body for any POST will be a JSON representation
-of a ModelNode.
-
-
-
The source code for jboss-dmr is available on
-Github. The maven coordinates for
-a jboss-dmr release are org.jboss.jboss-dmr:jboss-dmr.
The public API exposed by jboss-dmr is very simple: just three classes,
-one of which is an enum!
-
-
-
The primary class is org.jboss.dmr.ModelNode. A ModelNode is
-essentially just a wrapper around some value; the value is typically
-some basic JDK type. A ModelNode exposes a getType() method. This
-method returns a value of type org.jboss.dmr.ModelType, which is an
-enum of all the valid types of values. And that’s 95% of the public API;
-a class and an enum. (We’ll get to the third class, Property, below.)
To illustrate how to work with ModelNode s, we’ll use the
-Beanshell scripting library. We won’t get into
-many details of beanshell here; it’s a simple and intuitive tool and
-hopefully the following examples are as well.
-
-
-
We’ll start by launching a beanshell interpreter, with the jboss-dmr
-library available on the classpath. Then we’ll tell beanshell to import
-all the jboss-dmr classes so they are available for use:
-
-
-
-
$ java -cp bsh-2.0b4.jar:jboss-dmr-1.0.0.Final.jar bsh.Interpreter
-BeanShell 2.0b4 - by Pat Niemeyer (pat@pat.net)
-bsh % import org.jboss.dmr.*;
-bsh %
-
-
-
-
Next, create a ModelNode and use the beanshell print function to
-output what type it is:
bsh % node.set("A string");
-bsh % print(node.asInt());
-// Error: // Uncaught Exception: Method Invocation node.asInt : at Line: 20 : in file: <unknown file> : node .asInt ( )
-
-Target exception: java.lang.NumberFormatException: For input string: "A string"
-
-java.lang.NumberFormatException: For input string: "A string"
- at java.lang.NumberFormatException.forInputString(NumberFormatException.java:48)
- at java.lang.Integer.parseInt(Integer.java:449)
- at java.lang.Integer.parseInt(Integer.java:499)
- at org.jboss.dmr.StringModelValue.asInt(StringModelValue.java:61)
- at org.jboss.dmr.ModelNode.asInt(ModelNode.java:117)
- ....
-
-
-
-
The ModelNode.getType() method can be used to ensure a node has an
-expected value type before attempting a type conversion.
-
-
-
One set variant takes another ModelNode as its argument. The value
-of the passed in node is copied, so there is no shared state between the
-two model nodes:
-
-
-
-
bsh % node.set("A string");
-bsh % ModelNode another = new ModelNode();
-bsh % another.set(node);
-bsh % print(another.asString());
-A string
-bsh % node.set("changed");
-bsh % print(node.asString());
-changed
-bsh % print(another.asString());
-A string
-
-
-
-
A ModelNode can be cloned. Again, there is no shared state between the
-original node and its clone:
The above examples aren’t particularly interesting; if all we can do
-with a ModelNode is wrap a simple Java primitive, what use is that?
-However, a ModelNode’s value can be more complex than a simple
-primitive, and using these more complex types we can build complex data
-structures. The first more complex type is `ModelType.LIST.
-
-
-
Use the add methods to initialize a node’s value as a list and add to
-the list:
-
-
-
-
bsh % ModelNode list = new ModelNode();
-bsh % list.add(5);
-bsh % list.add(10);
-bsh % print(list.getType());
-LIST
-
-
-
-
Use asInt() to find the size of the list:
-
-
-
-
bsh % print(list.asInt());
-2
-
-
-
-
Use the overloaded get method variant that takes an int param to
-retrieve an item. The item is returned as a ModelNode:
Here’s one of the trickiest things about jboss-dmr:Theget
-methods actually mutate state; they are not "read-only". For example,
-calling get with an index that does not exist yet in the list will
-actually create a child of type ModelType.UNDEFINED at that index (and
-will create UNDEFINED children for any intervening indices.)
That’s not so interesting in the above example, but later on with node
-of type ModelType.OBJECT we’ll see how that kind of method chaining
-can let you build up fairly complex data structures with a minimum of
-code.
-
-
-
Use the asList() method to get a List<ModelNode> of the children:
-
-
-
-
bsh % for (ModelNode element : list.asList()) {
-print(element.getType());
-}
-INT
-INT
-STRING
-UNDEFINED
-UNDEFINED
-INT
-
-
-
-
The asString() and toString() methods provide slightly differently
-formatted text representations of a ModelType.LIST node:
Directly instantiating a Property via its constructor is not common.
-More typically one of the two argument ModelNode.add or
-ModelNode.set variants is used. The first argument is the property
-name:
The most powerful and most commonly used complex value type in jboss-dmr
-is ModelType.OBJECT. A ModelNode whose value is ModelType.OBJECT
-internally maintains a Map<String, ModelNode.
-
-
-
Use the get method variant that takes a string argument to add an
-entry to the map. If no entry exists under the given name, a new entry
-is added with a the value being a ModelType.UNDEFINED node. The node
-is returned:
-
-
-
-
bsh % ModelNode range = new ModelNode();
-bsh % ModelNode min = range.get("min");
-bsh % print(range.toString());
-{"min" => undefined}
-bsh % min.set(2);
-bsh % print(range.toString());
-{"min" => 2}
-
-
-
-
Again it is important to remember that thegetoperation may mutate
-the state of a model node by adding a new entry.It is not a read-only
-operation.
-
-
-
Since get will never return null, a common pattern is to use method
-chaining to create the key/value pair:
A call to get passing an already existing key will of course return
-the same model node as was returned the first time get was called with
-that key:
-
-
-
-
bsh % print(min == range.get("min"));
-true
-
-
-
-
Multiple parameters can be passed to get. This is a simple way to
-traverse a tree made up of ModelType.OBJECT nodes. Again, get may
-mutate the node on which it is invoked; e.g. it will actually create the
-tree if nodes do not exist. This next example uses a workaround to get
-beanshell to handle the overloaded get method that takes a variable
-number of arguments:
The semantics of the backing map in a node of ModelType.OBJECT are
-those of a LinkedHashMap. The map remembers the order in which
-key/value pairs are added. This is relevant when iterating over the
-pairs after calling asPropertyList() and for controlling the order in
-which key/value pairs appear in the output from toString().
-
-
-
Since the get method will actually mutate the state of a node if the
-given key does not exist, ModelNode provides a couple methods to let
-you check whether the entry is there. The has method simply does that:
Very often, the need is to not only know whether the key/value pair
-exists, but whether the value is defined (i.e. not
-ModelType.UNDEFINED. This kind of check is analogous to checking
-whether a field in a Java class has a null value. The hasDefined lets
-you do this:
A value of type ModelType.EXPRESSION is stored as a string, but can
-later be resolved to different value. The string has a special syntax
-that should be familiar to those who have used the system property
-substitution feature in previous JBoss AS releases.
When the resolve operation is called, the string is parsed and any
-embedded system properties are resolved against the JVM’s current system
-property values. A new ModelNode is returned whose value is the
-resolved string:
In addition to system properties, in the above examples, we also support substituting
-from environment variables. See the Expression Resolution
-subsection for a more thorough description of how this works in practice.
A detailed description of the resources, attributes and operations that
-make up the management model provided by an individual WildFly instance
-or by any Domain Controller or secondary Host Controller process can be
-queried using the read-resource-description, read-operation-names,
-read-operation-description and read-child-types operations described
-in the Global operations section. In this
-section we provide details on what’s included in those descriptions.
All portions of the management model exposed by WildFly are addressable
-via an ordered list of key/value pairs. For each addressable
-Management Resource, the following
-descriptive information will be available:
-
-
-
-
-
description – String – text description of this portion of the model
-
-
-
min-occurs – int, either 0 or 1 – Minimum number of resources of
-this type that must exist in a valid model. If not present, the default
-value is 0.
-
-
-
max-occurs – int – Maximum number of resources of this type that may
-exist in a valid model. If not present, the default value depends upon
-the value of the final key/value pair in the address of the described
-resource. If this value is '*', the default value is Integer.MAX_VALUE,
-i.e. there is no limit. If this value is some other string, the default
-value is 1.
-
-
-
attributes – Map of String (the attribute name) to complex structure
-– the configuration attributes available in this portion of the model.
-See the Description of an Attribute section
-for the representation of each attribute.
-
-
-
operations – Map of String (the operation name) to complex structure
-– the operations that can be targeted at this address. See the
-Description of an Operation section
-for the representation of each operation.
-
-
-
children – Map of String (the type of child) to complex structure –
-the relationship of this portion of the model to other addressable
-portions of the model. See the
-Description of Parent/Child Relationships
-section for the representation of each child relationship.
-
-
-
head-comment-allowed – boolean – This description key is for
-possible future use.
-
-
-
tail-comment-allowed – boolean – This description key is for
-possible future use.
-
-
-
-
-
For example:
-
-
-
-
{
- "description => "A manageable resource",
- "tail-comment-allowed" => false,
- "attributes" => {
- "foo" => {
- .... details of attribute foo
- }
- },
- "operations" => {
- "start" => {
- .... details of the start operation
- }
- },
- "children" => {
- "bar" => {
- .... details of the relationship with children of type "bar"
- }
- }
-}
An attribute is a portion of the management model that is not directly
-addressable. Instead, it is conceptually a property of an addressable
-management resource. For
-each attribute in the model, the following descriptive information will
-be available:
-
-
-
-
-
description – String – text description of the attribute
-
-
-
type – org.jboss.dmr.ModelType – the type of the attribute value.
-One of the enum values BIG_DECIMAL, BIG_INTEGER, BOOLEAN, BYTES, DOUBLE,
-INT, LIST, LONG, OBJECT, PROPERTY, STRING. Most of these are
-self-explanatory. An OBJECT will be represented in the detyped model as
-a map of string keys to values of some other legal type, conceptually
-similar to a javax.management.openmbean.CompositeData. A PROPERTY is a
-single key/value pair, where the key is a string, and the value is of
-some other legal type.
-
-
-
value-type – ModelType or complex structure – Only present if type
-is LIST or OBJECT. If all elements in the LIST or all the values of the
-OBJECT type are of the same type, this will be one of the ModelType
-enums BIG_DECIMAL, BIG_INTEGER, BOOLEAN, BYTES, DOUBLE, INT, LONG,
-STRING. Otherwise, value-type will detail the structure of the
-attribute value, enumerating the value’s fields and the type of their
-value. So, an attribute with a type of LIST and a value-type value
-of ModelType.STRING is analogous to a Java List<String>, while one
-with a value-type value of ModelType.INT is analogous to a Java
-List<Integer>. An attribute with a type of OBJECT and a value-type
-value of ModelType.STRING is analogous to a Java
-Map<String, String>. An attribute with a type of OBJECT and a
-value-type whose value is not of type ModelType represents a
-fully-defined complex object, with the object’s legal fields and their
-values described.
-
-
-
expressions-allowed – boolean – indicates whether the value of the
-attribute may be of type ModelType.EXPRESSION, instead of its standard
-type (see type and value-type above for discussion of an attribute’s
-standard type.) A value of ModelType.EXPRESSION contains a
-system-property or environment variable
-substitution expression that the server will resolve
-against the server-side system property map before using the value. For
-example, an attribute named max-threads may have an expression value of
-${example.pool.max-threads:10} instead of just 10. Default value if
-not present is false.
-See the Expression Resolution subsection
-for a more thorough description.
-
-
-
required – boolean – true if the attribute must have a defined value
-in a representation of its portion of the model unless another attribute
-included in a list of alternatives is defined; false if it may be
-undefined (implying a null value) even in the absence of alternatives.
-If not present, true is the default.
-
-
-
nillable – boolean – true if the attribute might not have a defined
-value in a representation of its portion of the model. A nillable
-attribute may
-be undefined either because it is not required or because it is
-required but has alternatives and one of the alternatives is defined.
-
-
-
storage – String – Either "configuration" or "runtime". If
-"configuration", the attribute’s value is stored as part of the
-persistent configuration (e.g. in domain.xml, host.xml or
-standalone.xml.) If "runtime" the attribute’s value is not stored in the
-persistent configuration; the value only exists as long as the resource
-is running.
-
-
-
access-type – String – One of "read-only", "read-write" or "metric".
-Whether an attribute value can be written, or can only read. A "metric"
-is a read-only attribute whose value is not stored in the persistent
-configuration, and whose value may change due to activity on the server.
-If an attribute is "read-write", the resource will expose an operation
-named "write-attribute" whose "name" parameter will accept this
-attribute’s name and whose "value" parameter will accept a valid value
-for this attribute. That operation will be the standard means of
-updating this attribute’s value.
-
-
-
restart-required – String – One of "no-services", "all-services",
-"resource-services" or "jvm". Only relevant to attributes whose
-access-type is read-write. Indicates whether execution of a
-write-attribute operation whose name parameter specifies this attribute
-requires a restart of services (or an entire JVM) in order for the
-change to take effect in the runtime . See the discussion of
-Applying
-Updates to Runtime Services below. Default value is "no-services".
-
-
-
default – the default value for the attribute that will be used in
-runtime services if the attribute is not explicitly defined and no other
-attributes listed as alternatives are defined.
-
-
-
alternatives – List of string – Indicates an exclusive relationship
-between attributes. If this attribute is defined, the other attributes
-listed in this descriptor’s value should be undefined, even if their
-required descriptor says true; i.e. the presence of this attribute
-satisfies the requirement. Note that an attribute that is not explicitly
-configured but has a default value is still regarded as not being
-defined for purposes of checking whether the exclusive relationship has
-been violated. Default is undefined; i.e. this does not apply to most
-attributes.
-
-
-
requires – List of string – Indicates that if this attribute has a
-value (other than undefined), the other attributes listed in this
-descriptor’s value must also have a value, even if their required
-descriptor says false. This would typically be used in conjunction with
-alternatives. For example, attributes "a" and "b" are required, but are
-alternatives to each other; "c" and "d" are optional. But "b" requires
-"c" and "d", so if "b" is used, "c" and "d" must also be defined.
-Default is undefined; i.e. this does not apply to most attributes.
-
-
-
capability-reference – string – if defined indicates that this
-attribute’s value specifies the dynamic portion of the name of the
-specified capability provided by another resource. This indicates the
-attribute is a reference to another area of the management model. (Note
-that at present some attributes that reference other areas of the model
-may not provide this information.)
-
-
-
head-comment-allowed – boolean – This description key is for
-possible future use.
-
-
-
tail-comment-allowed – boolean – This description key is for
-possible future use.
-
-
-
arbitrary key/value pairs that further describe the attribute value,
-e.g. "max" ⇒ 2. See the Arbitrary
-Descriptors section.
A management resource may have operations associated with it. The
-description of an operation will include the following information:
-
-
-
-
-
operation-name – String – the name of the operation
-
-
-
description – String – text description of the operation
-
-
-
request-properties – Map of String to complex structure –
-description of the parameters of the operation. Keys are the names of
-the parameters, values are descriptions of the parameter value types.
-See
-below
-for details on the description of parameter value types.
-
-
-
reply-properties – complex structure, or empty – description of the
-return value of the operation, with an empty node meaning void. See
-below
-for details on the description of operation return value types.
-
-
-
restart-required – String – One of "no-services", "all-services",
-"resource-services" or "jvm". Indicates whether the operation makes a
-configuration change that requires a restart of services (or an entire
-JVM) in order for the change to take effect in the runtime. See
-the discussion of Applying
-Updates to Runtime Services below. Default value is "no-services".
description – String – text description of the parameter or return
-value
-
-
-
type – org.jboss.dmr.ModelType – the type of the parameter or
-return value. One of the enum values BIG_DECIMAL, BIG_INTEGER, BOOLEAN,
-BYTES, DOUBLE, INT, LIST, LONG, OBJECT, PROPERTY, STRING.
-
-
-
value-type – ModelType or complex structure – Only present if type
-is LIST or OBJECT. If all elements in the LIST or all the values of the
-OBJECT type are of the same type, this will be one of the ModelType
-enums BIG_DECIMAL, BIG_INTEGER, BOOLEAN, BYTES, DOUBLE, INT, LIST, LONG,
-PROPERTY, STRING. Otherwise, value-type will detail the structure of the
-attribute value, enumerating the value’s fields and the type of their
-value.So, a parameter with a type of LIST and a value-type value of
-ModelType.STRING is analogous to a Java List<String>, while one with
-a value-type value of ModelType.INT is analogous to a Java
-List<Integer>. A parameter with a type of OBJECT and a value-type
-value of ModelType.STRING is analogous to a Java
-Map<String, String>. A parameter with a type of OBJECT and a
-value-type whose value is not of type ModelType represents a
-fully-defined complex object, with the object’s legal fields and their
-values described.
-
-
-
expressions-allowed – boolean – indicates whether the value of the
-the parameter or return value may be of type ModelType.EXPRESSION,
-instead its standard type (see type and value-type above for discussion
-of the standard type.) A value of ModelType.EXPRESSION contains a
-system-property or environment variable
-substitution expression that the server will resolve
-against the server-side system property map before using the value. For
-example, a parameter named max-threads may have an expression value of
-${example.pool.max-threads:10} instead of just 10. Default value if
-not present is false.
-See the Expression Resolution subsection
-for a more thorough description.
-
-
-
required – boolean – true if the parameter or return value must have
-a defined value in the operation or response unless another item
-included in a list of alternatives is defined; false if it may be
-undefined (implying a null value) even in the absence of alternatives.
-If not present, true is the default.
-
-
-
nillable – boolean – true if the parameter or return value might not
-have a defined value in a representation of its portion of the model. A
-nillable parameter or return value may be undefined either because it is
-not required or because it is required but has alternatives and one
-of the alternatives is defined.
-
-
-
default – the default value for the parameter that will be used in
-runtime services if the parameter is not explicitly defined and no other
-parameters listed as alternatives are defined.
-
-
-
restart-required – String – One of "no-services", "all-services",
-"resource-services" or "jvm". Only relevant to attributes whose
-access-type is read-write. Indicates whether execution of a
-write-attribute operation whose name parameter specifies this attribute
-requires a restart of services (or an entire JVM) in order for the
-change to take effect in the runtime . See the discussion of
-Applying
-Updates to Runtime Services below. Default value is "no-services".
-
-
-
alternatives – List of string – Indicates an exclusive relationship
-between parameters. If this attribute is defined, the other parameters
-listed in this descriptor’s value should be undefined, even if their
-required descriptor says true; i.e. the presence of this parameter
-satisfies the requirement. Note that an parameer that is not explicitly
-configured but has a default value is still regarded as not being
-defined for purposes of checking whether the exclusive relationship has
-been violated. Default is undefined; i.e. this does not apply to most
-parameters.
-
-
-
requires – List of string – Indicates that if this parameter has a
-value (other than undefined), the other parameters listed in this
-descriptor’s value must also have a value, even if their required
-descriptor says false. This would typically be used in conjunction with
-alternatives. For example, parameters "a" and "b" are required, but are
-alternatives to each other; "c" and "d" are optional. But "b" requires
-"c" and "d", so if "b" is used, "c" and "d" must also be defined.
-Default is undefined; i.e. this does not apply to most parameters.
-
-
-
arbitrary key/value pairs that further describe the attribute value,
-e.g. "max" ⇒2. See the Arbitrary Descriptors
-section.
The description of an attribute, operation parameter or operation return
-value type can include arbitrary key/value pairs that provide extra
-information. Whether a particular key/value pair is present depends on
-the context, e.g. a pair with key "max" would probably only occur as
-part of the description of some numeric type.
-
-
-
Following are standard keys and their expected value type. If descriptor
-authors want to add an arbitrary key/value pair to some descriptor and
-the semantic matches the meaning of one of the following items, the
-standard key/value type must be used.
-
-
-
-
-
min – int – the minimum value of some numeric type. The absence of
-this item implies there is no minimum value.
-
-
-
max – int – the maximum value of some numeric type. The absence of
-this item implies there is no maximum value.
-
-
-
min-length – int – the minimum length of some string, list or byte[]
-type. The absence of this item implies a minimum length of zero.
-
-
-
max-length – int – the maximum length of some string, list or
-byte[]. The absence of this item implies there is no maximum value.
-
-
-
allowed – List – a list of legal values. The type of the elements in
-the list should match the type of the attribute.
-
-
-
unit - The unit of the value, if one is applicable - e.g. ns, ms, s,
-m, h, KB, MB, TB. See the
-org.jboss.as.controller.client.helpers.MeasurementUnit in the
-org.jboss.as:jboss-as-controller-client artifact for a listing of legal
-measurement units..
-
-
-
filesystem-path – boolean – a flag to indicate that the attribute is a
-path on the filesystem.
-
-
-
attached-streams – boolean – a flag to indicate that the attribute is a
-stream id to an attached stream.
-
-
-
relative-to – boolean – a flag to indicate that the attribute is a
-relative path.
-
-
-
feature-reference – boolean – a flag to indicate that the attribute is a
-reference to a provisioning feature via a capability.
-
-
-
-
-
Some examples:
-
-
-
-
{
- "operation-name" => "incrementFoo",
- "description" => "Increase the value of the 'foo' attribute by the given amount",
- "request-properties" => {
- "increment" => {
- "type" => INT,
- "description" => "The amount to increment",
- "required" => true
- }},
- "reply-properties" => {
- "type" => INT,
- "description" => "The new value",
- }
-}
The address used to target an addressable portion of the model must be
-an ordered list of key value pairs. The effect of this requirement is
-the addressable portions of the model naturally form a tree structure,
-with parent nodes in the tree defining what the valid keys are and the
-children defining what the valid values are. The parent node also
-defines the cardinality of the relationship. The description of the
-parent node includes a children element that describes these
-relationships:
-
-
-
-
{
- ....
- "children" => {
- "connector" => {
- .... description of the relationship with children of type "connector"
- },
- "virtual-host" => {
- .... description of the relationship with children of type "virtual-host"
- }
-}
-
-
-
-
The description of each relationship will include the following
-elements:
-
-
-
-
-
description – String – text description of the relationship
-
-
-
model-description – either "undefined" or a complex structure – This
-is a node of ModelType.OBJECT, the keys of which are legal values for
-the value portion of the address of a resource of this type, with the
-special character '*' indicating the value portion can have an arbitrary
-value. The values in the node are the full description of the particular
-child resource (its text description, attributes, operations, children)
-as detailed above. This model-description may also be "undefined",
-i.e. a null value, if the query that asked for the parent node’s
-description did not include the "recursive" param set to true.
-
-
-
-
-
Example with if the recursive flag was set to true:
-
-
-
-
{
- "description" => "The connectors used to handle client connections",
- "model-description" => {
- "*" => {
- "description" => "Handles client connections",
- "min-occurs" => 1,
- "attributes => {
- ... details of children as documented above
- },
- "operations" => {
- .... details of operations as documented above
- },
- "children" => {
- .... details of the children's children
- }
- }
- }
-}
-
-
-
-
If the recursive flag was false:
-
-
-
-
{
- "description" => "The connectors used to handle client connections",
- "model-description" => undefined
-}
An attribute or operation description may include a restart-required
-descriptor; this section is an explanation of the
-meaning of that descriptor.
-
-
-
An operation that changes a management resource’s persistent
-configuration usually can also also affect a runtime service associated
-with the resource. For example, there is a runtime service associated
-with any host.xml or standalone.xml <interface> element; other
-services in the runtime depend on that service to provide the
-InetAddress associated with the interface. In many cases, an update to
-a resource’s persistent configuration can be immediately applied to the
-associated runtime service. The runtime service’s state is updated to
-reflect the new value(s).
-
-
-
However, in many cases the runtime service’s state cannot be updated
-without restarting the service. Restarting a service can have broad
-effects. A restart of a service A will trigger a restart of other
-services B, C and D that depend on A, triggering a restart of services that
-depend on B, C and D, etc. Those service restarts may very well disrupt
-handling of end-user requests.
-
-
-
Because restarting a service can be disruptive to end-user request
-handling, the handlers for management operations will not restart any
-service without some form of explicit instruction from the end user
-indicating a service restart is desired. In a few cases, simply
-executing the operation is an indication the user wants services to
-restart (e.g. a /host=primary/server-config=server-one:restart
-operation in a managed domain, or a /:reload operation on a standalone
-server.) For all other cases, if an operation (or attribute write)
-cannot be performed without restarting a service, the metadata
-describing the operation or attribute will include a restart-required
-descriptor whose value indicates what is necessary
-for the operation to affect the runtime:
-
-
-
-
-
no-services – Applying the operation to the runtime does not require
-the restart of any services. This value is the default if the
-restart-required descriptor is not present.
-
-
-
all-services – The operation can only immediately update the
-persistent configuration; applying the operation to the runtime will
-require a subsequent restart of all services in the affected VM.
-Executing the operation will put the server into a reload-required
-state. Until a restart of all services is performed the response to this
-operation and to any subsequent operation will include a response header
-"process-state" ⇒ "reload-required". For a standalone server, a
-restart of all services can be accomplished by executing the reload
-CLI command. For a server in a managed domain, restarting all services
-is done via a reload operation targeting the particular server (e.g.
-/host=primary/server=server-one:reload).
-
-
-
jvm --The operation can only immediately update the persistent
-configuration; applying the operation to the runtime will require a full
-process restart (i.e. stop the JVM and launch a new JVM). Executing the
-operation will put the server into a restart-required state. Until
-a restart is performed the response to this operation and to any
-subsequent operation will include a response header
-"process-state" ⇒ "restart-required". For a standalone server, a full
-process restart requires first stopping the server via OS-level
-operations (Ctrl-C, kill) or via the shutdown CLI command, and then
-starting the server again from the command line. For a server in a
-managed domain, restarting a server requires executing the
-/host=<host>/server-config=<server>:restart operation.
-
-
-
resource-services – The operation can only immediately update the
-persistent configuration; applying the operation to the runtime will
-require a subsequent restart of some services associated with the
-resource. If the operation includes the request header
-"allow-resource-service-restart" ⇒ true, the handler for the
-operation will go ahead and restart the runtime service. Otherwise
-executing the operation will put the server into a reload-required
-state. (See the discussion of all-services above for more on the
-reload-required state.)
When resolving an expression in the model the following locations are checked.
-For this example we will use the expression ${my.example-expr}.
-
-
-
-
-
First we check if there is a system property with the name
-my.example-expr.
-If there is, we use its value as the result of the resolution.
-If not, we continue checking the next locations.
-
-
-
We convert the name my.example-expr to upper case, and replace all
-non-alphanumeric characters with underscores, ending up with
-MY_EXAMPLE_EXPR. We check if there is an environment variable with that
-name. If there is, we use its value as the result of the resolution.
-If not, we continue checking the next location.
-
-
-
-
-
-
-
-
-
-
-This step was introduced for WildFly 25, and has the scope to introduce some issues in special cases. Say you have an environment variable COMMON_VAR_NAME=foo already in use, and you use ${common-var-name:bar} in the wildfly configuration. Prior to WildFly 25, the default value (i.e. bar) will be used. In WildFly 25 and later, the value from the environment variable (i.e. foo) will be used.
-
-
-
-
-
-
-
-
If (and only if) the original name starts with env. we trim the prefix
-and look for an environment variable called what we are left with, with no
-conversion performed (e.g. if the original name was env.example, we look for
-an environment variable called example; if the original name was
-env.MY_EXAMPLE_EXPR, we look for an environment variable called MY_EXAMPLE_EXPR).
-If there is such an environmet variable, we use its value as the result of the resolution.
-
-
-
If none of the above checks yielded a result, the resolution failed. The
-final step is to check if the expression provided a default. Our ${my.example-expr}
-example provided no default, so the expression could not be resolved. If
-we had specified a default in the expression the default is returned (e.g. for
-${my.example-expr:hello}, the value hello is returned).
The Management API in WildFly is accessible through multiple channels,
-one of them being HTTP and JSON.
-
-
-
Even if you haven’t used a curl command line you might already have used
-this channel since it is how the web console interact with the
-Management API.
-
-
-
WildFly is distributed secured by default, the default security
-mechanism is username / password based making use of HTTP Digest for
-the authentication process.
-
-
-
Thus you need to create a user with the add-user.sh script.
While you can do everything with POST, some operations can be called
-through a 'classical' GET request.
-
-
-
These are the supported operations for a GET :
-
-
-
-
-
attribute : for a read-attribute operation
-
-
-
resource : for a read-resource operation
-
-
-
resource-description : for a read-resource-description operation
-
-
-
snapshots : for the list-snapshots operation
-
-
-
operation-description : for a read-operation-description operation
-
-
-
operation-names : for ad read-operation-names operation
-
-
-
-
-
The URL format is the following one : http://server:9990/management/
-<path_to_resource>?operation=<operation_name>&operation_parameter=<value>…
-
-
-
path_to_resource is the path to the wanted resource replacing all '='
-with '/' : thus for example subsystem=undertow/server=default-server
-becomes subsystem/undertow/server/default-server.
Here’s an example of an operation on a resource with a nested address
-and passed parameters. This is same as if you would run
-/host=primary/server=server-01:read-attribute(name=server-state)
Following example will get us information from http connection in
-undertow subsystem including run-time attributes
-This is the same as running
-/subsystem=undertow/server=default-server:read-resource(include-runtime=true,recursive=true)
-in CLI
A standalone WildFly process, or a managed domain Domain Controller or
-secondary Host Controller process can be configured to listen for remote
-management requests using its "native management interface":
~(See standalone/configuration/standalone.xml or
-domain/configuration/host.xml)~
-
-
-
The CLI tool that comes with the application server uses this interface,
-and user can develop custom clients that use it as well. In this section
-we’ll cover the basics on how to develop such a client. We’ll also cover
-details on the format of low-level management operation requests and
-responses – information that should prove useful for users of the CLI
-tool as well.
The native management interface uses an open protocol based on the JBoss
-Remoting library. JBoss Remoting is used to establish a communication
-channel from the client to the process being managed. Once the
-communication channel is established the primary traffic over the
-channel is management requests initiated by the client and asynchronous
-responses from the target process.
-
-
-
A custom Java-based client should have the maven artifact
-org.jboss.as:jboss-as-controller-client and its dependencies on the
-classpath. The other dependencies are:
-
-
-
-
-
-
-
-
-
Maven Artifact
-
Purpose
-
-
-
-
-
org.jboss.remoting:jboss-remoting
-
Remote communication
-
-
-
org.jboss:jboss-dmr
-
Detyped representation of the management model
-
-
-
org.jboss.as:jboss-as-protocol
-
Wire protocol for remote WildFly
-management
-
-
-
org.jboss.sasl:jboss-sasl
-
SASL authentication
-
-
-
org.jboss.xnio:xnio-api
-
Non-blocking IO
-
-
-
org.jboss.xnio:xnio-nio
-
Non-blocking IO
-
-
-
org.jboss.logging:jboss-logging
-
Logging
-
-
-
org.jboss.threads:jboss-threads
-
Thread management
-
-
-
org.jboss.marshalling:jboss-marshalling
-
Marshalling and unmarshalling
-data to/from streams
-
-
-
-
-
The client API is entirely within the
-org.jboss.as:jboss-as-controller-client artifact; the other
-dependencies are part of the internal implementation of
-org.jboss.as:jboss-as-controller-client and are not compile-time
-dependencies of any custom client based on it.
-
-
-
The management protocol is an open protocol, so a completely custom
-client could be developed without using these libraries (e.g. using
-Python or some other language.)
The org.jboss.as.controller.client.ModelControllerClient class is the
-main class a custom client would use to manage a WildFly server instance
-or a Domain Controller or secondary Host Controller.
-
-
-
The custom client must have maven artifact
-org.jboss.as:jboss-as-controller-client and its dependencies on the
-classpath.
The address and port are what is configured in the target process'
-<management><management-interfaces><native-interface…/> element.
-
-
-
Typically, however, the native management interface will be secured,
-requiring clients to authenticate. On the client side, the custom client
-will need to provide the user’s authentication credentials, obtained in
-whatever manner is appropriate for the client (e.g. from a dialog box in
-a GUI-based client.) Access to these credentials is provided by passing
-in an implementation of the
-javax.security.auth.callback.CallbackHandler interface. For example:
Management requests are formulated using the org.jboss.dmr.ModelNode
-class from the jboss-dmr library. The jboss-dmr library allows the
-complete WildFly management model to be expressed using a very small
-number of Java types. See
-Detyped
-management and the jboss-dmr library for full details on using this
-library.
-
-
-
Let’s show an example of creating an operation request object that can
-be used to
-read
-the resource description for the web subsystem’s HTTP connector:
-
-
-
-
ModelNode op = new ModelNode();
-op.get("operation").set("read-resource-description");
-
-ModelNode address = op.get("address");
-address.add("subsystem", "web");
-address.add("connector", "http");
-
-op.get("recursive").set(true);
-op.get("operations").set(true);
-
-
-
-
What we’ve done here is created a ModelNode of type ModelType.OBJECT
-with the following fields:
-
-
-
-
-
operation – the name of the operation to invoke. All operation
-requests must include this field and its value must be a String.
-
-
-
address – the address of the resource to invoke the operation
-against. This field’s must be of ModelType.LIST with each element in
-the list being a ModelType.PROPERTY. If this field is omitted the
-operation will target the root resource. The operation can be targeted
-at any address in the management model; here we are targeting it at the
-resource for the web subsystem’s http connector.
-
-
-
-
-
In this case, the request includes two optional parameters:
-
-
-
-
-
recursive – true means you want the description of child resources
-under this resource. Default is false
-
-
-
operations – true means you want the description of operations
-exposed by the resource to be included. Default is false.
-
-
-
-
-
Different operations take different parameters, and some take no
-parameters at all.
The example above produces an operation request ModelNode equivalent to
-what the CLI produces internally when it parses and executes the
-following low-level CLI command:
The execute operation shown above will block the calling thread until
-the response is received from the process being managed.
-ModelControllerClient also exposes and API allowing asynchronous
-invocation:
-
-
-
-
Future<ModelNode> future = client.executeAsync(op);
-. . . // do other stuff
-ModelNode returnVal = future.get();
-System.out.println(returnVal.get("result").toString());
A ModelControllerClient can be reused for multiple requests. Creating
-a new ModelControllerClient for each request is an anti-pattern.
-However, when the ModelControllerClient is no longer needed, it should
-always be explicitly closed, allowing it to close down any connections
-to the process it was managing and release other resources:
ModelNode op = new ModelNode();
-op.get("operation").set("write-attribute");
-ModelNode addr = op.get("address");
-addr.add("profile", "production");
-addr.add("subsystem", "threads");
-addr.add("bounded-queue-thread-pool", "pool1");
-op.get("name").set("count");
-op.get("value").set(20);
-System.out.println(op);
-
-
-
-
The order in which the outermost elements appear in the request is not
-relevant. The required elements are:
-
-
-
-
-
operation – String – The name of the operation being invoked.
-
-
-
address – the address of the managed resource against which the
-request should be executed. If not set, the address is the root
-resource. The address is an ordered list of key-value pairs describing
-where the resource resides in the overall management resource tree.
-Management resources are organized in a tree, so the order in which
-elements in the address occur is important.
-
-
-
-
-
The other key/value pairs are parameter names and their values. The
-names and values should match what is specified in the
-operation’s
-description.
-
-
-
Parameters may have any name, except for the reserved words operation,
-address and operation-headers.
Besides the special operation and address values discussed above,
-operation requests can also include special "header" values that help
-control how the operation executes. These headers are created under the
-special reserved word operation-headers:
rollback-on-runtime-failure – boolean, optional, defaults to true.
-Whether an operation that successfully updates the persistent
-configuration model should be reverted if it fails to apply to the
-runtime. Operations that affect the persistent configuration are applied
-in two stages – first to the configuration model and then to the actual
-running services. If there is an error applying to the configuration
-model the operation will be aborted with no configuration change and no
-change to running services will be attempted. However, operations are
-allowed to change the configuration model even if there is a failure to
-apply the change to the running services – if and only if this
-rollback-on-runtime-failure header is set to false. So, this header
-only deals with what happens if there is a problem applying an operation
-to the running state of a server (e.g. actually increasing the size of a
-runtime thread pool.)
-
-
-
rollout-plan – only relevant to requests made to a Domain Controller
-or Host Controller. See "
-Operations with a
-Rollout Plan" for details.
roles – String or list of strings. Name(s) of RBAC role(s) the
-permissions for which should be used when making access control
-decisions instead of those from the roles normally associated with the
-user invoking the operation. Only respected if the user is normally
-associated with a role with all permissions (i.e. SuperUser), meaning
-this can only be used to reduce permissions for a caller, not to
-increase permissions.
-
-
-
blocking-timeout – int, optional, defaults to 300. Maximum time, in
-seconds, that the operation should block at various points waiting for
-completion. If this period is exceeded, the operation will roll back.
-Does not represent an overall maximum execution time for an operation;
-rather it is meant to serve as a sort of fail-safe measure to prevent
-problematic operations indefinitely tying up resources.
The root resource for a Domain or Host Controller or an individual
-server will expose an operation named " `composite`". This operation
-executes a list of other operations as an atomic unit (although the
-atomicity requirement can be
-relaxed.
-The structure of the request for the " `composite`" operation has the
-same fundamental structure as a simple operation (i.e. operation name,
-address, params as key value pairs).
The "composite" operation takes a single parameter:
-
-
-
-
-
steps – a list, where each item in the list has the same structure
-as a simple operation request. In the example above each of the two
-steps is modifying the thread pool configuration for a different pool.
-There need not be any particular relationship between the steps. Note
-that the rollback-on-runtime-failure and rollout-plan operation
-headers are not supported for the individual steps in a composite
-operation.
-
-
-
+
-The `rollback-on-runtime-failure` operation header discussed above has a
-particular meaning when applied to a composite operation, controlling
-whether steps that successfully execute should be reverted if other
-steps fail at runtime. Note that if any steps modify the persistent
-configuration, and any of those steps fail, all steps will be reverted.
-Partial/incomplete changes to the persistent configuration are not
-allowed.
Operations targeted at domain or host level resources can potentially
-impact multiple servers. Such operations can include a "rollout plan"
-detailing the sequence in which the operation should be applied to
-servers as well as policies for detailing whether the operation should
-be reverted if it fails to execute successfully on some servers.
-
-
-
If the operation includes a rollout plan, the structure is as follows:
As you can see, the rollout plan is another structure in the
-operation-headers section. The root node of the structure allows two
-children:
-
-
-
-
-
in-series – a list – A list of activities that are to be performed
-in series, with each activity reaching completion before the next step
-is executed. Each activity involves the application of the operation to
-the servers in one or more server groups. See below for details on each
-element in the list.
-
-
-
rollback-across-groups – boolean – indicates whether the need to
-rollback the operation on all the servers in one server group should
-trigger a rollback across all the server groups. This is an optional
-setting, and defaults to false.
-
-
-
-
-
Each element in the list under the in-series node must have one or the
-other of the following structures:
-
-
-
-
-
concurrent-groups – a map of server group names to policies
-controlling how the operation should be applied to that server group.
-For each server group in the map, the operation may be applied
-concurrently. See below for details on the per-server-group policy
-configuration.
-
-
-
server-group – a single key/value mapping of a server group name to
-a policy controlling how the operation should be applied to that server
-group. See below for details on the policy configuration. (Note: there
-is no difference in plan execution between this and a "
-`concurrent-groups`" map with a single entry.)
-
-
-
-
-
The policy controlling how the operation is applied to the servers
-within a server group has the following elements, each of which is
-optional:
-
-
-
-
-
rolling-to-servers – boolean – If true, the operation will be
-applied to each server in the group in series. If false or not
-specified, the operation will be applied to the servers in the group
-concurrently.
-
-
-
max-failed-servers – int – Maximum number of servers in the group
-that can fail to apply the operation before it should be reverted on all
-servers in the group. The default value if not specified is zero; i.e.
-failure on any server triggers rollback across the group.
-
-
-
max-failure-percentage – int between 0 and 100 – Maximum percentage
-of the total number of servers in the group that can fail to apply the
-operation before it should be reverted on all servers in the group. The
-default value if not specified is zero; i.e. failure on any server
-triggers rollback across the group.
-
-
-
-
-
If both max-failed-servers and max-failure-percentage are set,
-max-failure-percentage takes precedence.
-
-
-
Looking at the (contrived) example above, application of the operation
-to the servers in the domain would be done in 3 phases. If the policy
-for any server group triggers a rollback of the operation across the
-server group, all other server groups will be rolled back as well. The 3
-phases are:
-
-
-
-
-
Server groups groupA and groupB will have the operation applied
-concurrently. The operation will be applied to the servers in groupA in
-series, while all servers in groupB will handle the operation
-concurrently. If more than 20% of the servers in groupA fail to apply
-the operation, it will be rolled back across that group. If any servers
-in groupB fail to apply the operation it will be rolled back across that
-group.
-
-
-
Once all servers in groupA and groupB are complete, the operation
-will be applied to the servers in groupC. Those servers will handle the
-operation concurrently. If more than one server in groupC fails to apply
-the operation it will be rolled back across that group.
-
-
-
Once all servers in groupC are complete, server groups groupD and
-groupE will have the operation applied concurrently. The operation will
-be applied to the servers in groupD in series, while all servers in
-groupE will handle the operation concurrently. If more than 20% of the
-servers in groupD fail to apply the operation, it will be rolled back
-across that group. If any servers in groupE fail to apply the operation
-it will be rolled back across that group.
All operations that impact multiple servers will be executed with a
-rollout plan. However, actually specifying the rollout plan in the
-operation request is not required. If no rollout-plan operation header
-is specified, a default plan will be generated. The plan will have the
-following characteristics:
-
-
-
-
-
There will only be a single high level phase. All server groups
-affected by the operation will have the operation applied concurrently.
-
-
-
Within each server group, the operation will be applied to all servers
-concurrently.
-
-
-
Failure on any server in a server group will cause rollback across the
-group.
-
-
-
Failure of any server group will result in rollback of all other
-server groups.
Since a rollout plan may be quite complex, having to pass it as a header
-every time can become quickly painful. So instead we can store it in the
-model and then reference it when we want to use it.
-To create a rollout plan you can use the operation rollout-plan add
-like this :
Simple responses are provided by the following types of operations:
-
-
-
-
-
Non-composite operations that target a single server. (See below for
-more on composite operations).
-
-
-
Non-composite operations that target a Domain Controller or secondary Host
-Controller and don’t require the responder to apply the operation on
-multiple servers and aggregate their results (e.g. a simple read of a
-domain configuration property.)
-
-
-
-
-
The response will always include a simple boolean outcome field, with
-one of three possible values:
-
-
-
-
-
success – the operation executed successfully
-
-
-
failed – the operation failed
-
-
-
cancelled – the execution of the operation was cancelled. (This
-would be an unusual outcome for a simple operation which would generally
-very rapidly reach a point in its execution where it couldn’t be
-cancelled.)
-
-
-
-
-
The other fields in the response will depend on whether the operation
-was successful.
Besides the standard outcome, result and failure-description
-fields described above, the response may also include various headers
-that provide more information about the affect of the operation or about
-the overall state of the server. The headers will be child element under
-a field named response-headers. For example:
A response header is typically related to whether an operation could be
-applied to the targeted runtime without requiring a restart of some or
-all services, or even of the target process itself. Please see the
-"Applying
-Updates to Runtime Services" section of the Description of the
-Management Model section for a discussion of the basic concepts related
-to what happens if an operation requires a service restart to be
-applied.
-
-
-
The current possible response headers are:
-
-
-
-
-
operation-requires-reload – boolean – indicates that the specific
-operation that has generated this response requires a restart of all
-services in the process in order to take effect in the runtime. This
-would typically only have a value of 'true'; the absence of the header
-is the same as a value of 'false.'
-
-
-
operation-requires-restart – boolean – indicates that the specific
-operation that has generated this response requires a full process
-restart in order to take effect in the runtime. This would typically
-only have a value of 'true'; the absence of the header is the same as a
-value of 'false.'
-
-
-
process-state – enumeration – Provides information about the overall
-state of the target process. One of the following values:
-
-
-
-
starting – the process is starting
-
-
-
running – the process is in a normal running state. The
-process-state header would typically not be seen with this value; the
-absence of the header is the same as a value of 'running'.
-
-
-
reload-required – some operation (not necessarily this one) has
-executed that requires a restart of all services in order for a
-configuration change to take effect in the runtime.
-
-
-
restart-required – some operation (not necessarily this one) has
-executed that requires a full process restart in order for a
-configuration change to take effect in the runtime.
A composite operation is one that incorporates more than one simple
-operation in a list and executes them atomically. See the
-"Composite
-Operations" section for more information.
-
-
-
Basic composite responses are provided by the following types of
-operations:
-
-
-
-
-
Composite operations that target a single server.
-
-
-
Composite operations that target a Domain Controller or a secondary Host
-Controller and don’t require the responder to apply the operation on
-multiple servers and aggregate their results (e.g. a list of simple
-reads of domain configuration properties.)
-
-
-
-
-
The high level format of a basic composite operation response is largely
-the same as that of a simple operation response, although there is an
-important semantic difference. For a composite operation, the meaning of
-the outcome flag is controlled by the value of the operation request’s
-rollback-on-runtime-failure header field. If that field was false
-(default is true), the outcome flag will be success if all steps were
-successfully applied to the persistent configuration even if none of
-the composite operation’s steps was successfully applied to the runtime.
-
-
-
What’s distinctive about a composite operation response is the result
-field. First, even if the operation was not successful, the result
-field will usually be present. (It won’t be present if there was some
-sort of immediate failure that prevented the responder from even
-attempting to execute the individual operations.) Second, the content of
-the result field will be a map. Each entry in the map will record the
-result of an element in the steps parameter of the composite operation
-request. The key for each item in the map will be the string " step-X`"
-where "X" is the 1-based index of the step’s position in the request’s
-`steps list. So each individual operation in the composite operation
-will have its result recorded.
-
-
-
The individual operation results will have the same basic format as the
-simple operation results described above. However, there are some
-differences from the simple operation case when the individual
-operation’s outcome flag is failed. These relate to the fact that in
-a composite operation, individual operations can be rolled back or not
-even attempted.
-
-
-
If an individual operation was not even attempted (because the overall
-operation was cancelled or, more likely, a prior operation failed):
-
-
-
-
{
- "outcome" => "cancelled"
-}
-
-
-
-
An individual operation that failed and was rolled back:
And for a failed 3 step composite operation, where the first step
-succeeded and the second failed, triggering cancellation of the 3rd and
-rollback of the others:
Multi-server responses are provided by operations that target a Domain
-Controller or secondary Host Controller and require the responder to apply
-the operation on multiple servers and aggregate their results (e.g.
-nearly all domain or host configuration updates.)
-
-
-
Multi-server operations are executed in several stages.
-
-
-
First, the operation may need to be applied against the authoritative
-configuration model maintained by the Domain Controller (for
-domain.xml confgurations) or a Host Controller (for a host.xml
-configuration). If there is a failure at this stage, the operation is
-automatically rolled back, with a response like this:
-
-
-
-
{
- "outcome" => "failed",
- "failure-description" => {
- "domain-failure-description" => "[JBAS-33333] Failed to apply X to the domain model"
- }
-}
-
-
-
-
If the operation was addressed to the domain model, in the next stage
-the Domain Controller will ask each secondary Host Controller to apply it to
-its local copy of the domain model. If any Host Controller fails to do
-so, the Domain Controller will tell all Host Controllers to revert the
-change, and it will revert the change locally as well. The response to
-the client will look like this:
-
-
-
-
{
- "outcome" => "failed",
- "failure-description" => {
- "host-failure-descriptions" => {
- "hostA" => "[DOM-3333] Failed to apply to the domain model",
- "hostB" => "[DOM-3333] Failed to apply to the domain model"
- }
- }
-}
-
-
-
-
If the preceding stages succeed, the operation will be pushed to all
-affected servers. If the operation is successful on all servers, the
-response will look like this (this example operation has a void
-response, hence the result for each server is undefined):
The operation need not succeed on all servers in order to get an
-"outcome" ⇒ "success" result. All that is required is that it succeed
-on at least one server without the rollback policies in the rollout plan
-triggering a rollback on that server. An example response in such a
-situation would look like this:
Overview of all system properties in WildFly including OS system
-properties and properties specified on command line using -D, -P or
---properties arguments.
Descriptions, possible attribute type and values, permission and whether
-expressions ( $\{ … } ) are allowed from the underlying model are
-shown by the read-resource-description command.
The attribute for interface is named "resolved-address". It’s a runtime
-attribute so it does not show up in :read-resource by default. You have
-to add the "include-runtime" parameter.
WildFly scripts for Windows end with "Press any key to continue …".
-This behavior is useful when script is executed by double clicking the
-script but not when you need to invoke several commands from custom
-script (e.g. 'bin/jboss-admin.bat --connect command=:shutdown').
-
-
-
To avoid "Press any key to continue …" message you need to specify
-NOPAUSE variable. Call 'set NOPAUSE=true' in command line before running
-any WildFly 29 .bat script or include it in your custom script before
-invoking scripts from WildFly.
In addition to the legacy deploy, undeploy and deployment-info commands,
-that stay un-changed, the CLI offers a deployment command that properly
-separates the various use cases encountered when managing deployments. This command
-offers a simpler interface and should be the way to go when managing deployments.
-New features will be added thanks to the deployment command, legacy commands will not evolve.
-This document contains a summary of the capabilities of this command, type help deployment
-to display the list of all available actions and help deployment <action> for the detailed
-description of an action.
-
-
-
Actions to deploy some content:
-
-
-
-
-
deployment deploy-file: To deploy a file located on the file system.
-
-
-
deployment deploy-url: To deploy content referenced by an URL.
-
-
-
deployment deploy-cli-achive: To deploy some content thanks to a CLI archive
-(.cli file) located on the file system.
-
-
-
-
-
Actions to enable some deployments:
-
-
-
-
-
deployment enable: To enable a given disabled deployment.
-
-
-
deployment enable-all: To enable all disabled deployments.
-
-
-
-
-
Actions to disable some deployments:
-
-
-
-
-
deployment disable: To disable a given enabled deployment.
-
-
-
deployment disable-all: To disable all enabled deployments.
-
-
-
-
-
Actions to undeploy some deployments:
-
-
-
-
-
deployment undeploy: To undeploy a given deployment and remove its content
-from the repository.
-
-
-
deployment undeploy-cli-archive: To undeploy some content using a CLI archive
-(.cli file) located on the file system.
-
-
-
-
-
Actions to get information on some deployments:
-
-
-
-
-
deployment info: To display information about single or multiple deployments.
-
-
-
deployment list: To display all the existing deployments.
It can be desirable to incrementally create and(or) update a WildFly
-deployment. This chapter details how this can be achieved using the
-WildFly CLI tool.
-
-
-
Steps to create an empty deployment and add an index html file.
add-content operation allows you to add more than one file (
-content argument is a list of complex types).
-
-
-
CLI offers completion for browse-content’s path and
-remove-content's paths argument.
-
-
-
You can safely use operations that are using attached streams in batch
-operations. In the case of batch operations, streams are attached to the
-composite operation.
-
-
-
-
-
-
-
-
-
-
-On Windows, path separator '\' needs to be escaped, this is a limitation
-of CLI handling complex types. The file path completion is automatically
-escaping the paths it is proposing.
-
In order to benefit from CLI support for attached file streams and file
-system completion, you need to properly structure your operation
-arguments. Steps to create an operation that receives a list of file
-streams attached to the operation:
-
-
-
-
-
Define your operation argument as a LIST of INT (The LIST
-value-type must be of type INT).
-
-
-
In the description of your argument, add the 2 following boolean
-descriptors: filesystem-path and attached-streams
-
-
-
-
-
When your operation is called from the CLI, file system completion will
-be automatically proposed for your argument. At execution time, the file
-system paths will be automatically converted onto the index of the
-attached streams.
Some management resources are exposing the content of files in the
-matter of streams. Streams returned by a management operation are
-attached to the headers of the management response. The CLI command
-attachment (see CLI help for a detailed description of this command)
-allows to display or save the content of the attached streams.
The command for allows to iterate the content of an operation result. As an
-example, this command can be used to display the content of the Manifest files
-present in all deployed applications. For example:
-
-
-
-
for deployed in :read-children-names(child-type=deployment)
- echo $deployed Manifest content
- attachment display --operation=/deployment=$deployed:read-content(path=META-INF/MANIFEST.MF)
-done
-
-
-
-
When this for block is executed, the content of all Manifest files is displayed in the CLI console.
-
-
-
Tips
-
-
-
-
-
The scope of the defined variable is limited to the for block.
-
-
-
If a variable with the same name already exists, the for command will print an error.
-
-
-
If the operation doesn’t return a list, the for command will print an error.
-
-
-
for block can be discarded and not execute by adding the option --discard to done.
CLi offers a security command to group all security related management actions
-under a single command.
-
-
-
-
-
security enable-ssl-management: To enable SSL (elytron SSLContext) for the
-management interfaces. Type help security enable-ssl-management for a
-complete description of the command.
-
-
-
-
-
Among other ways to configure SSL, this command offers an interactive wizard to
-help you configure SSL by generating a self-signed certificate.
-Example of wizard usage:
-
-
-
-
security enable-ssl-management --interactive
-Please provide required pieces of information to enable SSL:
-Key-store file name (default management.keystore):
-Password (blank generated):
-What is your first and last name? [Unknown]:
-What is the name of your organizational unit? [Unknown]:
-What is the name of your organization? [Unknown]:
-What is the name of your City or Locality? [Unknown]:
-What is the name of your State or Province? [Unknown]:
-What is the two-letter country code for this unit? [Unknown]:
-Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct y/n [y]?
-Validity (in days, blank default):
-Alias (blank generated):
-Enable SSL Mutual Authentication y/n (blank n):n
-
-SSL options:
-key store file: management.keystore
-distinguished name: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
-password: KRzne5s1
-validity: default
-alias: alias-265e6c6d-ff4e-4b8c-8f10-f015d678eb29
-Server keystore file management.keystore, certificate signing request management.csr and
-certificate file management.keystore.pem will be generated in server configuration directory.
-Do you confirm y/n :y
-
-
-
-
NB: Once the command is executed, the CLI will reload the server and reconnect to it.
-
-
-
This command can also obtain the certificates from the Let’s Encrypt certificate authority
-by use of the --lets-encrypt parameter.
-Besides the mentioned workflow the user will be prompted to specify more information
-(eg: account key store, certificate authority account) to obtain the certificate from Let’s Encrypt.
-
-
-
-
-
security disable-ssl-management: To disable SSL (elytron SSLContext) for the
-management interfaces. Type help security disable-ssl-management for
-a complete description of the command.
-
-
-
security enable-ssl-http-server: To enable SSL (elytron SSLContext) for the
-undertow server. The same wizard as the enable-ssl-management action is available.
-Type help security enable-ssl-http-server for a complete description of the command.
-
-
-
-
-
This command can also obtain the certificates from the Let’s Encrypt certificate authority
-by use of the --lets-encrypt parameter.
-Besides the mentioned workflow the user will be prompted to specify more information
-(eg: account key store, certificate authority account) to obtain the certificate from Let’s Encrypt.
-
-
-
-
-
security disable-ssl-http-server: To disable SSL (elytron SSLContext) for the
-undertow server. Type help security disable-ssl-http-server for a complete
-description of the command.
-
-
-
security enable-sasl-management: To enable SASL authentication (elytron SASL factory) for the
-management interfaces. Calling this command without any option will have the
-effect to associate the out of the box SASL factory to the http-interface.
-Type help security enable-sasl-management for a complete description of the command.
-
-
-
-
-
This command supports a subset of SASL mechanisms such as: EXTERNAL, DIGEST-MD5,
-JBOSS-LOCAL-USER, SCRAM-*, … The CLI completer proposes the set of mechanisms that
-can be properly configured using this command. Each mechanism can be associated
-to a property file realm, a file-system realm or a trust-store realm according to its nature.
-
-
-
NB: Once the command is executed, the CLI will reload the server and reconnect to it.
-
-
-
-
-
security disable-sasl-management: To disable SASL for the
-management interfaces. If a mechanism is provided, this mechanism will be removed
-from the factory, the factory will stay associated to the interface. Without mechanism, the
-factory is no more active on the management interface. Type help security disable-sasl-management
-for a complete description of the command.
-
-
-
security reorder-sasl-management: To re-order the list of SASL mechanisms present
-in the factory. Order of mechanisms is of importance, the first in the list is sent to the client.
-Type help security reorder-sasl-management for a complete description of the command.
-
-
-
security enable-http-auth-management: To enable HTTP authentication (elytron HTTP factory) for the
-management http-interface. Calling this command without any option will have the
-effect to associate the out of the box HTTP Authentication factory to the http-interface.
-Type help security enable-http-auth-management for a complete description of the command.
-
-
-
-
-
This command supports a subset of HTTP mechanisms such as: BASIC, CLIENT_CERT, DIGEST, …
-The CLI completer proposes the set of mechanisms that can be properly configured
-using this command. Each mechanism can be associated to a property file realm,
-a file-system realm or a trust-store realm according to its nature.
-
-
-
NB: Once the command is executed, the CLI will reload the server and reconnect to it.
-
-
-
-
-
security disable-http-auth-management: To disable HTTP Authentication for the
-http management interface. If a mechanism is provided, this mechanism will be removed
-from the factory, the factory will stay associated to the interface. Without mechanism, the
-factory is no more active on the management interface. Type help security disable-http-auth-management
-for a complete description of the command.
-
-
-
security enable-http-auth-http-server: To enable HTTP authentication (elytron HTTP factory) for the
-given undertow security domain.
-Type help security enable-http-auth-http-server for a complete description of the command.
-
-
-
-
-
This command supports a subset of HTTP mechanisms such as: BASIC, CLIENT_CERT, DIGEST, …
-The CLI completer proposes the set of mechanisms that can be properly configured
-using this command. Each mechanism can be associated to a property file realm,
-a file-system realm or a trust-store realm according to its nature.
-
-
-
NB: Once the command is executed, the CLI will reload the server and reconnect to it.
-
-
-
-
-
security disable-http-auth-http-server: To disable HTTP Authentication for the
-given undertow security domain. If a mechanism is provided, this mechanism will be removed
-from the factory, the factory will stay associated to the security domain. Without mechanism, the
-factory is no more active on the security-domain. Type help security disable-http-auth-http-server
-for a complete description of the command.
The CLI script JBOSS_HOME/docs/examples/enable-microprofile.cli can be applied to a default standalone configuration
-to add support for MicroProfile.
-
-
-
Impact on updated configuration:
-
-
-
-
-
Addition of MicroProfile subsystems.
-
-
-
Removal of security subsystem.
-
-
-
Removal of ManagementRealm.
-
-
-
Elytron security used for management and application entry points.
-
-
-
-
-
By default the script updates standalone.xml configuration.
-Thanks to the config=<config name> system property, the script can be applied to another standalone configuration.
-
-
-
NB: this script has to be applied offline with no server running.
This document details the steps to follow in order to develop a WildFly application
-packaged as a bootable JAR. A bootable JAR can be run both on bare-metal and cloud platforms.
-
-
-
Developing an application packaged as a bootable JAR is not different from developing an application for a traditional
-WildFly server installation using Maven.
-The extra steps required to package your application inside a bootable JAR are handled by the
-org.wildfly.plugins:wildfly-jar-maven-plugin Maven plugin.
-
-
-
This document contains the minimal information set required to build and run a WildFly bootable JAR.
-Complete information on the Maven plugin usage can be found in the bootable JAR documentation.
-
-
-
-
-
1. Adding the bootable JAR Maven plugin to your pom file
-
-
-
This is done by adding an extra build step to your application deployment Maven pom.xml file.
The next chapter covers the plugin configuration items that are required to identify the WildFly server version and content.
-
-
-
-
-
2. Galleon configuration
-
-
-
The Bootable JAR Maven plugin depends on Galleon to construct the WildFly server contained in the JAR file.
-
-
-
Galleon is configured thanks to the Maven plugin <configuration> element.
-
-
-
The first required piece of information that Galleon needs is a reference to the WildFly Galleon feature-pack.
-The WildFly Galleon feature-pack is a maven artifact that contains everything needed to dynamically provision a server.
-This feature-pack, as well as the feature-packs on which its depends,
-are deployed in public maven repositories.
-
-
-
When the bootable JAR Maven plugin builds a JAR, WildFly feature-packs are retrieved and
-their content is assembled to create the server contained in the JAR.
-
-
-
Once you have identified a WildFly Galleon feature-pack, you need to select a set of
-WildFly Layers that are used to compose the server.
-
-
-
The set of Galleon layers to include is driven by the needs of the application you are developing.
-The list of WildFly Layers provides details on
-the server features that each layer brings. Make sure that the API and server features you are using (eg: Jakarta RESTful Web Services, MicroProfile Config, datasources)
-are provided by the layers you are choosing.
-
-
-
If you decide not to specify Galleon layers, a server containing all MicroProfile subsystems is
-provisioned. (The server configuration is identical to the standalone-microprofile.xml configuration
-in the traditional WildFly server zip.)
(1) In this plugin configuration extract, we are retrieving the latest WildFly Galleon feature-pack installed in the
- org.jboss.universe:community-universe Galleon universe. In case you would like to provision a specific version of the server,
-you would need to specify the server version, for example wildfly@maven(org.jboss.universe:community-universe)#21.0.0.Final
If your project is using WildFly Preview, the feature-pack-location to use
-is wildfly-preview@maven(org.jboss.universe:community-universe).
-
-
-
-
-
-
-
2.1. WildFly Layers
-
-
A Galleon layer is a name that identifies a server capability (e.g.: jaxrs,
-ejb, microprofile-config, jpa) or an aggregation of such capabilities. A layer captures a server capability in the form of:
-
-
-
-
-
A piece of server XML configuration (e.g.: extension, configured subsystem, interfaces) that describes the capability.
-
-
-
A set of modules and other filesystem content that implements the capability.
-
-
-
-
-
When you are using a layer, it delivers these pieces of information in order for
-Galleon to assemble a server containing only the required configuration and modules.
-
-
-
In the tables below we provide basic information about all of the layers WildFly provides.
-
-
-
Besides the layer names and a brief description of each, the tables below detail the various dependency relationships
-between layers. If the capabilities provided by a layer A require capabilities provided by another layer B, then layer A will depend on layer B.
-If you ask for layer A, then Galleon will automatically provide B as well. In some cases A’s dependency on B can be optional; that
-is A typically comes with B, but can function without it. In this case if you ask for A by default Galleon will provide B as well,
-but you can tell Galleon to exclude B.
-
-
-
Some layers are logical alternatives to other layers. If two layers are alternatives to each other they both provide the same general
-capabilities, but with different implementation characteristics. For example a number of layers provide the capability to cache different
-types of objects. These layers typically come in pairs of alternatives, where one alternative provides local caching, while the other provides
-distributed caching. If a layer you want has an optional dependency on a layer that has an alternative, you can exclude that dependency
-and instead specify the alternative. If a layer has an alternative the Description column in the tables below will identify it.
-
-
-
-
-
-
-
-
-
-
If the elytron layer is present, security will be handled by the elytron subsystem.
-The undertow and ejb subsystems are configured with an otherapplication-security-domain that references the Elytron ApplicationDomain security domain.
-
-
-
-
-
-
-
2.1.1. Foundational Galleon layers
-
-
A single Galleon layer can provide a relatively small set of capabilities, but most users will want to start with a broader set
-of capabilities without having to spell out all the details. To help with this WildFly provides a few foundational layers
-all of which provide typical core WildFly capabilities like the logging subsystem and a secure remote management interface.
-
-
-
You don’t have to base your WildFly installation on one of these foundational layers, but doing so may be more convenient.
A typical manageable server core. This layer could serve as a base for a more
-specialized WildFly that doesn’t need the capabilities provided by the other foundational layers.
Support for the Undertow HTTP server. Provides servlet support but does not provide typical EE integration like resource injection.
-Use web-server for a servlet container with EE integration.
Support for distributable web applications. Configures a non-local Infinispan-based container web cache for data session handling suitable to clustering environments.
Support for loading the HAL web console from the /console context on the HTTP
-management interface. Not required to use a HAL console obtained independently
-and configured to connect to the server.
Support for distributable web applications. Configures a local Infinispan-based container web cache for data session handling suitable to single node environments.
-References in this document to Java Persistence API (JPA) refer to the Jakarta Persistence unless otherwise noted.
- References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
-
-
-
-
-
-
-
-
-
-
3. Additional configuration
-
-
-
The plugin allows you to specify additional configuration items:
-
-
-
-
-
A set of WildFly CLI scripts to execute to fine tune the server configuration.
-
-
-
Some extra content to be copied inside the bootable JAR (e.g.: server keystore).
-
-
-
-
-
Check this documentation for more details on how to configure execution of
-CLI scripts and to package extra content.
-
-
-
-
-
4. Packaging your application
-
-
-
Call ` mvn package` to package both your application and the bootable JAR in the file <project build directory>/<project final name>-bootable.jar
-
-
-
In order to speed-up the development of your application (avoid rebuilding the JAR each time your application is re-compiled),
-the Maven plugin offers a development mode that allows you to build and start the bootable JAR only once.
As of WildFly 11 a common configuration framework has been introduced for use by the client libraries to define configuration, this allows for the configuration to be shared across multiple clients rather than relying on their own configuration files. As an example the configuration used by a Jakarta Enterprise Beans client can be shared with the JBoss CLI, if both of these required SSL configuration this can now be defined once and re-used.
-
-
-
Programmatic APIs are also available for many of the options however this document is focusing on the configuration available within the common wildfly-config.xml configuration file.
-
-
-
-
-
2. wildfly-config.xml Discovery
-
-
-
At the time a client requires access to its configuration, the class path is scanned for a wildfly-config.xml or META-INF/wildfly-config.xml file. Once the file is located the configuration will be parsed to be made available for that client.
-
-
-
Alternatively, the wildfly.config.url system property can also be specified to identify the location of the configuration that should be used.
-
-
-
-
-
3. Configuration Sections
-
-
-
3.1. <authentication-client /> - WildFly Elytron
-
-
The <authentication-client/> element can be added to the wildfly-config.xml configuration to define configuration in relation to authentication configuration for outbound connections and SSL configuration for outbound connections e.g.
Note: A single wildfly-config.xml could be used by multiple projects using multiple versions of WildFly Elytron, newer versions of WildFly Elytron will introduce new configuration using later namespace versions however they will still continue to support the previously released schemas until advertised otherwise. For the configuration to be compatible with this either use a schema and namespace compatible with all the versions in use, or multiple authentication-client elements can be added, these should be added ordered by namespace youngest to oldest. If a configuration with a later namespace is discovered by a newer WildFly Elytron client it will be used and parsing will not look for an older version as well.
-
-
-
The <authentication-client /> configuration can contain the following sections: -
-
-
-
-
<credential-stores />
-
-
Definitions of credential stores to be referenced from elsewhere in the configuration.
-
-
<key-stores />
-
-
Definitions of KeyStores to be referenced elsewhere in the configuration.
-
-
<authentication-rules />
-
-
Rules to be applied for outbound connections to match against an appropriate authentication configuration.
-
-
<authentication-configurations />
-
-
The individual authentication configurations that will be matched by the authentication rules.
-
-
<net-authenticator />
-
-
Flag to enable integration with the [java.net.Authenticator|https://docs.oracle.com/javase/8/docs/api/java/net/Authenticator.html].
-
-
<ssl-context-rules />
-
-
Rules to be applied for outbound connections to match against an appropriate SSL context configuration.
-
-
<ssl-contexts />
-
-
Individual SSL context definitions that will be matched by the ssl context rules.
-
-
<providers/>
-
-
Definition of how [java.security.Provider|https://docs.oracle.com/javase/8/docs/api/java/security/Provider.html] instances will be discovered.
-
-
-
-
-
3.1.1. <credential-stores />
-
-
The <credential-stores /> element can be used to define individual named credential stores that can subsequently be used elsewhere in the configuration to reference stored credentials as an alternative to the credentials being embedded in the configuration.
The <attribute/> element can be repeated as many times as is required for the configuration.
-
-
-
-
<protection-parameter-credentials />
-
-
One or more credentials to be assembled into a protection parameter when initialising the credential store.
-
-
-
-
-
The <protection-paramter-credentials /> element can contain one more more child elements, which of these are actually supported will depend on the credential store implementation: -
The <key-stores /> element can be used to define individual key-store definitions that can subsequently be referenced from alternative locations within the configuration.
-
-
-
-
<?xml version="1.0" encoding="UTF-8"?>
-
-<configuration>
- <authentication-clientxmlns="urn:elytron:1.0">
- <key-stores>
- <key-storename="...">
- <!-- One of the following to specify where to load the KeyStore from. -->
- <file-namename="..."/>
- <load-fromuri-"..."/>
- <resourcename="..."/>
- <!-- One of the following to specify the protection parameter to unlock the KeyStore. -->
- <key-store-clear-passwordpassword="..."/>
- <key-store-masked-passwordalgorithm="..."key-material="..."iteration-count="..."salt="..."masked-password="..."initialization-vector="..."/>
- <key-store-credential>...</key-store-credential>
- </key-store>
- </key-stores>
- ...
- </authentication-client>
-</configuration>
-
-
-
-
An individual <key-store /> definition must contain exactly one of the following elements to define where to load the store from.
-
-
-
-
<file name="…" />*
-
-
Load from file where 'name' is the name of the file.
-
-
<load-from uri="…" />
-
-
Load the file from the URI specified.
-
-
<resource name="…" />
-
-
Load as a resource from the Thread context classloader where 'name' is the name of the resource to load.
-
-
-
-
-
Exactly one of the following elements must also be present to specify the protection parameter for initialisation of the KeyStore.
(Mandatory) - Name of the KeyStore being referenced to load the entry from.
-
-
alias
-
-
(Optional) - The alias of the entry to load from the referenced KeyStore, this can only be omitted for KeyStores that contain only a single entry.
-
-
-
-
-
Java KeyStores also make use of a protection parameter when accessing a single entry in addition to the protection parameter to load the KeyStore, exactly one of the following elements must be present to specify the protection parameter of the entry being loaded.
Reference to a credential stored in a credential store.
-
-
<key-store-credential>…</key-store-credential>
-
-
A reference to another KeyStore to obtain an Entry to use as the protection parameter to access the alias.
-
-
-
-
-
The <key-store-credential /> is exactly the same, this means theoretically a chain of references could be used to lead to the unlocking of the required alias.
-
-
-
-
3.1.3. <authentication-rules /> and <ssl-context-rules />
-
-
When either an authentication-configuration or an ssl-context is required the URI of the resources being accessed as well as an optional abstract type and abstract type authority and matched against the rules defined in the configuration to identify which authentication-configuration or ssl-context should be used.
-
-
-
The rules to match <authentication-configuration /> instances are defined within the <authentication-rules /> element.
Overall this means that authentication configuration matching is independent of SSLContext matching. By separating the rules from the configurations is means multiple rules can be defined that match against the same configuration.
-
-
-
The rules applied so first match wins and not most specific match wins, to achieve a most specific match wins configuration place the most specific rules at the beginning leaving the more general matches towards the end.
-
-
-
For both the <authentication-rules /> and the <ssl-context-rules /> the structure of the rules is identical other than one references an authentication configuration and the other references an SSLContext.
-
-
-
-
<ruleuse-configuration|use-ssl-context="...">
- <!-- At most one of the following two can be defined. -->
- <match-no-user/>
- <match-username="..."/>
- <!-- Each of the following can be defined at most once. -->
- <match-protocolname="..."/>
- <match-hostname="..."/>
- <match-pathname="..."/>
- <match-portnumber="..."/>
- <match-urnname="..."/>
- <match-domainname="..."/>
- <match-abstract-typename="..."authority="..."/>
-</rule>
-
-
-
-
Where multiple matches are defined within a rule they must all match for the rule to apply. If a rule is defined with no match elements then it becomes a match all rule and will match anything, these can be useful at the end of the configuration to ensure something matches.
-
-
-
The individual match elements are: -
-
-
-
-
<match-no-user />
-
-
user-info can be embedded within a URI, this rule matches when there is no user-info.
-<match-user name="…" /> - Matches when the user-info embedded in the URI matches the name specified within this element.
-<match-protocol name="…" /> - Matches the protocol within the URI against the name specified in this match element.
-<match-host-name name="…" /> - Matches the host name from within the URI against the name specified in this match element.
-<match-path name="…" /> - Matches the path from the URI against the name specified in this match element.
-<match-port number="…" /> - Matches the port number specified within the URI against the number in this match element. This only matches against the number specified within the URI and not against any default derrived from the protocol.
-<match-urn name="…" />" - Matches the scheme specific part of the URI against the name specified within this element.
-
-
* <match-domain-name name="…"/>
-
-
Matches where the protocol of the URI is 'domain' and the scheme specific part of the URI is the name specified within this match element.
-
-
<match-abstract-type name="…" authority="…" />
-
-
Matches the abstract type and/or authority against the values specified within this match element.
Elytron client provides a java security provider which can be used to register a JVM wide default SSLContext. The provider can instantiate an SSLContext from an Elytron client configuration file. This SSLContext will then be the one returned when SSLContext.getDefault() is called. When this provider is registered then all client libraries that use SSLContext.getDefault() will use the Elytron client configuration without having to use Elytron client APIs in their code.
-
-
-
To register this org.wildfly.security.auth.client.WildFlyElytronClientDefaultSSLContextProvider provider, a runtime dependency on wildfly-elytron-client and wildfly-client-config is needed. Then it can be registered the usual way, either statically or dynamically.
-
-
-
The provider loads the SSL context from either the current authentication context obtained from the classpath, or from the authentication context obtained from the file whose path is passed into the security provider either programmatically or as an argument in the java.security file. Any arguments passed to the provider directly have precedence over the authentication context from the classpath.
-
-
-
As an example, the SSL context configured to match all rules is the one that will be initialized and returned by this provider:
Alternatively, the provider can be registered in the java.security file and the path to an Elytron client configuration file can be optionally specified as shown below:
A regular expression pattern and replacement to re-write the user name used for authentication.
-
-
<sasl-mechanism-selector selector="…" />
-
-
A SASL mechanism selector using the syntax from [org.wildfly.security.sasl.SaslMechanismSelector,fromString()|https://github.com/wildfly-security/wildfly-elytron/blob/1.1.4.Final/src/main/java/org/wildfly/security/sasl/SaslMechanismSelector.java#L544]
Specify the name that should be used for authorization if different from the authentication identity.
-
-
<providers/>
-
-
This element is described in more detail within [<providers />|#Providers] and overrides the default or inherited provider discovery with a definition specific to this authentication configuration definition.
-
-
-
-
-
The final two elements are mutually exclusive and define how the SASL mechanism factories will be discovered for authentication.
-
-
-
-
<use-provider-sasl-factory />
-
-
The [java.security.Provider|https://docs.oracle.com/javase/8/docs/api/java/security/Provider.html] instances either inherited or defined in this configuration will be used to locate the available SASL client factories.
SASL client factories will be discovered using service loader discovery on the specified module or if not specified using the ClassLoader loading the configuration.
-
-
-
-
-
-
3.1.5. <net-authenticator />
-
-
This element contains no specific configuration, however if present the [org.wildfly.security.auth.util.ElytronAuthenticator|http://wildfly-security.github.io/wildfly-elytron/1.1.x/org/wildfly/security/auth/util/ElytronAuthenticator.html] will be registered with [java.net.Authenticator.setDefault(Authenticator)|https://docs.oracle.com/javase/8/docs/api/java/net/Authenticator.html#setDefault-java.net.Authenticator-] meaning that the WildFly Elytron authentication client configuration can be used for authentication where the JDK APIs are used for HTTP calls which require authentication.
-
-
-
There are some limitations within this integration as the JDK will cache the authentication JVM wide from the first call so is better used in stand alone processes that don’t require different credentials for different calls to the same URI,
-
-
-
-
3.1.6. <ssl-contexts />
-
-
The <ssl-contexts /> element holds individual names SSLContext definitions that can subsequently be matched by the [<ssl-context-rules />|#Rules].
The element <default-ssl-context name="…" /> simply takes the SSLContext obtainable from [javax.net.ssl.SSLContext.getDefault()|https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLContext.html#getDefault--] and assigns it a name so it can referenced from the [<ssl-context-rules />|#Rules]. This element can be repeated meaning the default SSLContext can be referenced using different names.
-
-
-
The element <ssl-context /> is used to define a named configured SSLContext, each of the child elements is optional and can be specified at most once to build up the configuration of the SSLContext.
-
-
-
-
<key-store-ssl-certificate>
-
-
Defines a reference to an entry within a KeyStore for the key and certificate to use in this SSLContext.
This structure is identical to the structure use in [<key-store-credential />|#key-store-credential], but it is to obtain the entry for the key and certificate. The nested elements however remain the protection parameter to unlock the entry. In comparison with the key-store-credential the key-store-ssl-certificate allows to configure also the TrustManager: -
-
-
-
-
provider-name
-
-
- Name of the provider used to obtain the KeyManagerFactory.
-
-
algorithm
-
-
- The algorithm name of the KeyManagerFactory to obtain.
-
-
<trust-store-key-store-name />
-
-
A reference to a KeyStore that will be used to initialise the TrustManager.
-
-
<cipher-suite selector="…" names="…" />
-
-
Configuration to filter the enabled cipher suites. This element must contain at least one of the following two attributes: -
-
-
selector
-
-
(Optional) Used to configure the enabled cipher suites for TLSv1.2 and below. The format of the selector attribute is described in detail
-in org.wildfly.security.ssl.CipherSuiteSelector.fromString(selector).
-The default value is DEFAULT, which corresponds to all known cipher suites that do not have NULL encryption and excludes any cipher suites that have no authentication.
-
-
names
-
-
(Optional) Used to configure the enabled cipher suites for TLSv1.3. The format of the names attribute is a simple colon (":")
-separated list of TLSv1.3 cipher suite names (e.g., TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256).
-This attribute must be specified in order for TLSv1.3 to be enabled.
-
-
-
-
-
The following example configuration specifies that the default filtering should be used for TLSv1.2 and below and specifies that the
-TLS_AES_128_CCM_8_SHA256 and TLS_AES_256_GCM_SHA384 cipher suites should be used for TLSv1.3.
Used to define a space separated list of the protocols to be supported. The default value is TLSv1 TLSv1.1 TLSv1.2 TLSv1.3. Note that the TLSv1.3 protocol will only be usable when running against JDK 11 or higher.
-
-
<provider-name />
-
-
Once the available providers have been identified only the provider with the name defined on this element will be used.
-
-
<providers/>
-
-
This element is described in more detail within [<providers />|#Providers] and overrides the default or inherited provider discovery with a definition specific to this SSLContext definition.
-
-
<certificate-revocation-list />
-
-
The presence of this element enabled checking the peer’s certificate against a certificate revocation list, this element defines both a path to the certificate revocation list and also specifies the maximum number of non-self-issued intermediate certificates that may exist in a certification path
-
-
<certificate-revocation-lists />
-
-
This element enables checking the peer’s certificate against multiple certificate revocation lists. This element defines a list of certificate revocation list objects which define a path to the certificate revocation list,
-and also the base path of the certificate revocation list file.
-
-
-
-
-
-
-
-
-
-
-The certificate-revocation-list element can be substituted by a certificate-revocation-lists element which in turn allows the
-configuration of multiple certificate revocation lists as follows.
-
Older JDK versions use SSLv2Hello during the initial SSL handshake message
-where the SSL/TLS version that will be used for the rest of the communication is
-negotiated.
-
-
-
Using SSLv2Hello is discouraged, therefore newer JDK versions disable this protocol
-on the client by default. However, they do provide the ability to re-enable it if necessary.
-
-
-
SSLv2Hello can be configured as a supported protocol for the SSL context as follows:
-
-
-
-
<protocol names="SSLv2Hello TLSv1">
-
-
-
-
-
WARNING:
-
-
-
-
The use of SSLv2Hello is strongly discouraged.
-
-
-
SSLv2Hello cannot be configured by itself, as its purpose is to determine
-which encryption protocols are supported by the server it connects to. It always
-needs to be configured along side another encryption protocol.
-
-
-
Additionally, IBM JDK does not support specifying SSLv2Hello in its client, although a
-server side connection always accepts this protocol.
-
-
-
-
-
-
-
3.1.7. <providers />
-
-
The <providers /> element is used to define how [java.security.Provider|https://docs.oracle.com/javase/8/docs/api/java/security/Provider.html] instances are located when required. The other configuration sections of <authentication-client /> are independent of each other, the <providers /> configuration however applies to the current element and it’s children unless overridden, this configuration can be specified in the following locations.
If an individual <credential-store />, <authentication-configuration />, or <ssl-context /> contains a <providers /> definition that that definition will apply specifically to that instance. If a configured item does not contain a <providers /> definition but a top level <providers /> is defined within <authentication-configuration /> then that will be used instead.
Both the child elements are optional, can appear in any order and can be repeated although repeating <global /> would not really be beneficial.
-
-
-
-
<global />
-
-
The providers from [java.security.Security.getProviders()|https://docs.oracle.com/javase/8/docs/api/java/security/Security.html#getProviders--]
-
-
<credential-stores />
-
-
Providers loaded using service loader discovery from the module specified, if no module is specified the ClassLoader which loaded the authentication client is used.
-
-
-
-
-
Where no <provider /> configuration exists the default behaviour is the equivalent of: -
This gives the WildFly Elytron Provider priority over any globally registered Providers but also allows for the globally registered providers to be used.
-
-
-
-
3.1.8. Masked Password Types
-
-
The authentication client supports the following masked password types:
The following attributes are used to define the masked password:
-
-
-
-
algorithm
-
-
The algorithm that was used to encrypt the password. If this attribute is not specified, the default value is "masked-MD5-DES".
-A list of the supported algorithm types can be found in
-Masked Password Type
-
-
key-material
-
-
The initial key material that was used to encrypt the password. If this attribute is not specified, the default value is "somearbitrarycrazystringthatdoesnotmatter".
-
-
iteration-count
-
-
The iteration count that was used to encrypt the password. This attribute is required.
-
-
salt
-
-
The salt that was used to encrypt the password. This attribute is required.
-
-
masked-password
-
-
The base64 encrypted password (without the "MASK-" prefix). This attribute is required.
-
-
initialization-vector
-
-
The initialization vector that was used to encrypt the password. This attribute is optional.
-
-
-
-
-
-
-
3.2. jboss-ejb-client
-
-
The jboss-ejb-client.xml can be used to conifure EJB client from within a deployment. The file
-should be located in jar’s META-INF directory.
Configurations that will be used to setup an EJB client context for the deployment.
-
-
-
-
-
invocation-timeout A timeout, in milliseconds, that will be used for EJB invocations.
-A value of zero or a negative value will imply a "wait forever" semantic where the invocation
-will never timeout and the client will wait for the invocation result indefinitely.
-
-
-
deployment-node-selector The fully qualified class name of the class which implements the
-org.jboss.ejb.client.DeploymentNodeSelector interface. The instance of this class will be used
-for selecting nodes, from among multiple eligible nodes within an EJB client context, which can
-handle a particular deployment.
-
-
-
default-compression Default compression level (from 0 to 9) of request and response message
-payload.
-
-
-
-
-
<ejb-receivers>
-
-
Configures a number of remoting based EJB receivers.
-
-
-
-
-
exclude-local-receiver Set to true if the local receiver which gets added to the EJB client
-context by default, has to be excluded from the context.
-
-
-
local-receiver-pass-by-value Set to false if the local receiver that’s available in the EJB
-client context, should use pass-by-reference (instead of pass-by-value) semantics for the EJB invocations.
-
-
-
-
-
<remoting-ejb-receiver>
-
-
-
-
outbound-connection-ref Reference to an outbound connection configured in the remoting subsystem.
-
-
-
connect-timeout The timeout, in milliseconds, to be used while creating a connection.
-
-
-
-
-
-
-
<http-connections>
-
-
Configures remote http-connection for EJB invocation
-
-
-
<http-connection>
-
-
HTTP Connection for EJB invocation.
-
-
-
-
-
uri Uniform Resource Identifier for the HTTP connection should be defined.
-
-
-
-
-
-
-
<profile>
-
-
References a remoting profile configured in the remoting subsystem.
-
-
-
-
-
name The name of the profile.
-
-
-
-
-
-
-
-
-
-
-References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
-
-
-
-
-
-
-
-
-
3.3. Remoting Client Configuration
-
-
3.3.1. <endpoint /> - Remoting Client
-
-
You can use the endpoint element, which is in the urn:jboss-remoting:5.0 namespace, to configure a JBoss Remoting client endpoint using the wildfly-config.xml file. This section describes how to configure a JBoss Remoting client using this element.
This section describes the child elements and attributes that can be configured within this element.
-
-
-
The <endpoint /> element contains the following optional attribute:
-
-
-
-
-
-
-
-
-
Attribute Name
-
Attribute Description
-
-
-
-
-
name
-
The endpoint name. If not given, an endpoint name will be derived from the system’s host name, if possible.
-
-
-
-
-
The <endpoint /> element can optionally contain the following two child elements, as described in the next sections:
-
-
-
-
-
<providers />
-
-
-
<connections />
-
-
-
-
-
The configured endpoint will use the default XNIO configuration.
-
-
-
<providers />
-
-
This optional element specifies transport providers for the remote endpoint. It can contain any number of <provider /> sub-elements.
-
-
-
<provider />
-
-
This element defines a remote transport provider provider. It has the following attributes.
-
-
-
-
-
-
-
-
-
Attribute Name
-
Attribute Description
-
-
-
-
-
scheme
-
The primary URI scheme which corresponds to this provider. This attribute is required.
-
-
-
aliases
-
A space-separated list of other URI scheme names that are also recognized for this provider . This attribute is optional.
-
-
-
module
-
The name of the module that contains the provider implementation. This attribute is optional; if not given, the class loader of JBoss Remoting itself will be searched for the provider class.
-
-
-
class
-
The name of the class that implements the transport provider. This attribute is optional; if not given, the Java java.util.ServiceLoader facility will be used to search for the provider class.
-
-
-
-
-
This element has no content.
-
-
-
-
-
<connections />
-
-
This optional element specifies connections for the remote endpoint. It can contain any number of [#connection] elements.
-
-
-
<connection />
-
-
This element defines a connection for the remote endpoint. It has the following attributes.
-
-
-
-
-
-
-
-
-
Attribute Name
-
Attribute Description
-
-
-
-
-
destination
-
The destination URI for the connection. This attribute is required.
-
-
-
read-timeout
-
The timeout, in seconds, for read operations on the corresponding socket. This attribute is optional, however it should only be given if a heartbeat-interval is defined.
-
-
-
write-timeout
-
The timeout, in seconds, for a write operation. This attribute is optional, however it should only be given if a heartbeat-interval is defined..
-
-
-
ip-traffic-class
-
Defines the numeric IP traffic class to use for this connection’s traffic. This attribute is optional.
-
-
-
tcp-keepalive
-
Boolean setting that determines whether to use TCP keepalive. This attribute is optional.
-
-
-
heartbeat-interval
-
The interval, in milliseconds, to use when checking for a connection heartbeat. This attribute is optional.
-
-
-
-
-
-
-
Example Remoting Client Configuration in the wildfly-config.xml File
You can use the worker element, which is in the urn:xnio:3.5 namespace, to configure a default XNIO worker using the wildfly-config.xml file. This section describes how to do this.
This section describes the child elements that can be configured within this root worker element.
-
-
-
The <worker /> element can optionally contain the following child elements, as described in the next sections:
-
-
-
-
-
<daemon-threads />
-
-
-
<worker-name />
-
-
-
<pool-size />
-
-
-
<task-keepalive />
-
-
-
<io-threads />
-
-
-
<stack-size />
-
-
-
<outbound-bind-addresses />
-
-
-
-
-
<daemon-threads />
-
-
This optional element takes a single required attribute:
-
-
-
-
-
-
-
-
-
Attribute Name
-
Attribute Description
-
-
-
-
-
value
-
The value of the setting (required). A value of true indicates that worker and task threads should be daemon threads, and false indicates that they should not be daemon threads. If this element is not given, a value of true is assumed.
-
-
-
-
-
This element has no content.
-
-
-
-
<worker-name />
-
-
This element defines the name of the worker. The worker name will appear in thread dumps and in JMX.
-
-
-
-
-
-
-
-
-
Attribute Name
-
Attribute Description
-
-
-
-
-
value
-
The worker’s name (required).
-
-
-
-
-
This element has no content.
-
-
-
-
<pool-size />
-
-
This optional element defines the size parameters of the worker’s task thread pool. The following attributes are allowed:
-
-
-
-
-
-
-
-
-
Attribute Name
-
Attribute Description
-
-
-
-
-
max-threads
-
A positive integer which specifies the maximum number of threads that should be created (required).
-
-
-
-
-
-
<task-keepalive />
-
-
This optional element establishes the keep-alive time of task threads before they may be expired.
-
-
-
-
-
-
-
-
-
Attribute Name
-
Attribute Description
-
-
-
-
-
value
-
A positive integer which represents the minimum number of seconds to keep idle threads alive (required).
-
-
-
-
-
-
<io-threads />
-
-
This optional element determines how many I/O (selector) threads should be maintained. Generally this number should be a small constant multiple of the number of available cores.
-
-
-
-
-
-
-
-
-
Attribute Name
-
Attribute Description
-
-
-
-
-
value
-
A positive integer value for the number of I/O threads (required).
-
-
-
-
-
-
<stack-size />
-
-
This optional element establishes the desired minimum thread stack size for worker threads.
-
-
-
-
-
-
-
-
-
Attribute Name
-
Attribute Description
-
-
-
-
-
value
-
A positive integer value which indicates the requested stack size, in bytes (required).
-
-
-
-
-
-
<outbound-bind-addresses />
-
-
This optional element specifies bind addresses to use for outbound connections. Each bind address mapping consists of a destination IP address block, and a bind address and optional port number to use for connections to destinations within that block.
-
-
-
<bind-address />
-
-
This element defines an individual bind address mapping.
-
-
-
-
-
-
-
-
-
Attribute Name
-
Attribute Description
-
-
-
-
-
match
-
The IP address block in CIDR notation to match (required).
-
-
-
bind-address
-
The IP address to bind to if the address block matches (required).
-
-
-
bind-port
-
A specific port number to bind to if the address block matches (optional, defaults to 0 meaning "any port").
-
-
-
-
-
-
-
-
-
3.5. webservices-client
-
-
<webservices /> - Webservices Client
-
-
-
The <webservices /> element in a wildfly-config.xml file can be used to specify Web Services Client configuration that will apply during assigning of configurations when building a client. This element is from the “urn:elytron:client:1.5” namespace. Below is the example of use:
The <webservices /> element can optionally contain the following child elements:
-
-
-
-
-
<set-http-mechanism name="BASIC"/> This element is used to specify an HTTP mechanism that WS client should use to authenticate. Currently only the HTTP Basic authentication is supported and used as default.
-
-
-
<set-ws-security-type name="UsernameToken"/> This element is used to specify WS-Security type that WS client will use to authenticate with the server. Currently only Username Token Profile can be configured.
-
-
-
-
-
These elements will take effect only if both username and password are configured in Elytron client.
-
-
-
-
-
-
-
+
+
+
+
+
+
+
Redirecting to the latest version. If the page doesn't open, click the following link: /latest/Client_Guide.html
+
\ No newline at end of file
diff --git a/29/Cloud_References.html b/29/Cloud_References.html
index 344404611..55e495787 100644
--- a/29/Cloud_References.html
+++ b/29/Cloud_References.html
@@ -1,544 +1,11 @@
-
-
-
-
-
-References
-
-
-
-
-
-
Since JBoss AS 7, Class loading is considerably different from previous
-versions of JBoss AS. Class loading is based on the
-MODULES project. Instead of the more familiar
-hierarchical class loading environment, WildFly’s class loading is based
-on modules that have to define explicit dependencies on other modules.
-Deployments in WildFly are also modules, and do not have access to
-classes that are defined in jars in the application server unless an
-explicit dependency on those classes is defined.
-
-
-
1.1. Deployment Module Names
-
-
Module names for top level deployments follow the format
-deployment.myarchive.war while sub deployments are named like
-deployment.myear.ear.mywar.war.
-
-
-
This means that it is possible for a deployment to import classes from
-another deployment using the other deployments module name, the details
-of how to add an explicit module dependency are explained below.
-
-
-
-
1.2. Automatic Dependencies
-
-
Even though in WildFly modules are isolated by default, as part of the
-deployment process some dependencies on modules defined by the
-application server are set up for you automatically. For instance, if
-you are deploying a Jakarta EE application a dependency on the Java EE
-API’s will be added to your module automatically. Similarly, if your
-module contains a beans.xml file a dependency on
-Weld will be added automatically, along
-with any supporting modules that weld needs to operate.
Automatic dependencies can be excluded through the use of
-jboss-deployment-structure.xml.
-
-
-
-
1.3. Class Loading Precedence
-
-
A common source of errors in Java applications is including API classes
-in a deployment that are also provided by the container. This can result
-in multiple versions of the class being created and the deployment
-failing to deploy properly. To prevent this in WildFly, module
-dependencies are added in a specific order that should prevent this
-situation from occurring.
-
-
-
In order of highest priority to lowest priority
-
-
-
-
-
System Dependencies - These are dependencies that are added to the
-module automatically by the container, including the Jakarta EE api’s.
-
-
-
User Dependencies - These are dependencies that are added through
-jboss-deployment-structure.xml or through the Dependencies: manifest
-entry.
-
-
-
Local Resource - Class files packaged up inside the deployment
-itself, e.g. class files from WEB-INF/classes or WEB-INF/lib of a
-war.
-
-
-
Inter deployment dependencies - These are dependencies on other
-deployments in an ear deployment. This can include classes in an ear’s
-lib directory, or classes defined in other ejb jars.
-
-
-
-
-
-
1.4. WAR Class Loading
-
-
The war is considered to be a single module, so classes defined in
-WEB-INF/lib are treated the same as classes in WEB-INF/classes. All
-classes packaged in the war will be loaded with the same class loader.
-
-
-
-
1.5. EAR Class Loading
-
-
Ear deployments are multi-module deployments. This means that not all
-classes inside an ear will necessarily have access to all other classes
-in the ear, unless explicit dependencies have been defined. By default
-the EAR/lib directory is a single module, and every WAR or EJB jar
-deployment is also a separate module. Sub deployments (wars and
-ejb-jars) always have a dependency on the parent module, which gives
-them access to classes in EAR/lib, however they do not always have an
-automatic dependency on each other. This behaviour is controlled via the
-ear-subdeployments-isolated setting in the ee subsystem configuration:
If the ear-subdeployments-isolated is set to false, then the classes in
-web.war can access classes belonging to ejb1.jar and ejb2.jar.
-Similarly, classes from ejb1.jar can access classes from ejb2.jar (and
-vice-versa).
-
-
-
-
-
-
-
-
-The ear-subdeployments-isolated element value has no effect on the
-isolated classloader of the .war file(s). i.e. irrespective of whether
-this flag is set to true or false, the .war within a .ear will have an
-isolated classloader and other sub-deployments within that .ear will not
-be able to access classes from that .war. This is as per spec.
-
-
-
-
-
-
If the ear-subdeployments-isolated is set to true then no automatic
-module dependencies between the sub-deployments are set up. User must
-manually setup the dependency with Class-Path entries, or by setting
-up explicit module dependencies.
-
-
-
Portability
-
-
-
-
-
-
-
-
-The Jakarta EE specification says that portable applications should not
-rely on sub deployments having access to other sub deployments unless an
-explicit Class-Path entry is set in the MANIFEST.MF. So portable
-applications should always use Class-Path entry to explicitly state
-their dependencies.
-
-
-
-
-
-
-
-
-
-
-
-It is also possible to override the ear-subdeployments-isolated element
-value at a per deployment level. See the section on
-jboss-deployment-structure.xml below.
-
-
-
-
-
-
1.5.1. Dependencies: Manifest Entries
-
-
Deployments (or more correctly modules within a deployment) may set up
-dependencies on other modules by adding a Dependencies: manifest
-entry. This entry consists of a comma separated list of module names
-that the deployment requires. The available modules can be seen under
-the modules directory in the application server distribution. For
-example to add a dependency on javassist and apache velocity you can add
-a manifest entry as follows:
Each dependency entry may also specify some of the following parameters
-by adding them after the module name:
-
-
-
-
-
export This means that the dependencies will be exported, so any
-module that depends on this module will also get access to the
-dependency.
-
-
-
services By default items in META-INF of a dependency are not
-accessible, this makes items from META-INF/services accessible so
-services in
-the modules can be loaded.
-
-
-
optional If this is specified the deployment will not fail if the
-module is not available.
-
-
-
meta-inf This will make the contents of the META-INF directory
-available (unlike services, which just makes META-INF/services
-available). In general this will not cause any deployment descriptors in
-META-INF to be processed, with the exception of beans.xml. If a
-beans.xml file is present this module will be scanned by Weld and any
-resulting beans will be available to the application.
-
-
-
annotations If a Jandex index has be created for the module these
-annotations will be merged into the deployments annotation index. The
-Jandex index can be generated using
-the Jandex Ant task or the Jandex Maven plugin, and must be named
-META-INF/jandex.idx. Note that it is not
-necessary to break open the jar being indexed to add this to the modules
-class path, a better approach is to create a jar containing just this
-index, and adding it as an additional resource root in the module.xml
-file.
-
-
-
-
-
Adding a dependency to all modules in an EAR
-
-
-
-
-
-
-
-
-Using the export parameter it is possible to add a dependency to all
-sub deployments in an ear. If a module is exported from a
-Dependencies: entry in the top level of the ear (or by a jar in the
-ear/lib directory) it will be available to all sub deployments as
-well.
-
-
-
-
-
-
-
-
-
-
-
-To generate a MANIFEST.MF entry when using maven put the following in
-your pom.xml:
-
If your deployment is a jar you must use the maven-jar-plugin rather
-than the maven-war-plugin.
-
-
-
-
1.5.2. Class Path Entries
-
-
It is also possible to add module dependencies on other modules inside
-the deployment using the Class-Path manifest entry. This can be used
-within an ear to set up dependencies between sub deployments, and also
-to allow modules access to additional jars deployed in an ear that are
-not sub deployments and are not in the EAR/lib directory. If a jar in
-the EAR/lib directory references a jar via Class-Path: then this
-additional jar is merged into the parent ear’s module, and is accessible
-to all sub deployments in the ear.
-
-
-
-
-
1.6. Global Modules
-
-
It is also possible to set up global modules, that are accessible to all
-deployments. This is done by modifying the configuration file
-(standalone/domain.xml).
-
-
-
For example, to add javassist to all deployments you can use the
-following XML:
Note that the slot field is optional and defaults to main.
-
-
-
-
1.7. Global Directory
-
-
The EE subsystem allows the configuration of a global directory, which represents a directory tree scanned automatically to include .jar files and resources as a single additional dependency. This dependency is added as a system dependency to all deployed application. See Subsystem EE Global Directory to get more information about how to set up a global directory.
-
-
-
-
1.8. JBoss Deployment Structure File
-
-
jboss-deployment-structure.xml is a JBoss specific deployment
-descriptor that can be used to control class loading in a fine grained
-manner. It should be placed in the top level deployment, in META-INF
-(or WEB-INF for web deployments). It can do the following:
-
-
-
-
-
Prevent automatic dependencies from being added
-
-
-
Add additional dependencies
-
-
-
Define additional modules
-
-
-
Change an EAR deployments isolated class loading behaviour
-
-
-
Add additional resource roots to a module
-
-
-
-
-
An example of a complete jboss-deployment-structure.xml file for an
-ear deployment is as follows:
-
-
-
jboss-deployment-structure.xml
-
-
<jboss-deployment-structure>
- <!-- Make sub deployments isolated by default, so they cannot see each others classes without a Class-Path entry -->
- <ear-subdeployments-isolated>true</ear-subdeployments-isolated>
- <!-- This corresponds to the top level deployment. For a war this is the war's module, for an ear -->
- <!-- This is the top level ear module, which contains all the classes in the EAR's lib folder -->
- <deployment>
- <!-- exclude-subsystem prevents a subsystems deployment unit processors running on a deployment -->
- <!-- which gives basically the same effect as removing the subsystem, but it only affects single deployment -->
- <exclude-subsystems>
- <subsystemname="logging"/>
- </exclude-subsystems>
- <!-- Exclusions allow you to prevent the server from automatically adding some dependencies -->
- <exclusions>
- <modulename="org.javassist"/>
- </exclusions>
- <!-- This allows you to define additional dependencies, it is the same as using the Dependencies: manifest attribute -->
- <dependencies>
- <modulename="deployment.javassist.proxy"/>
- <modulename="deployment.myjavassist"/>
- <!-- Import META-INF/services for ServiceLoader impls as well -->
- <modulename="myservicemodule"services="import"/>
- </dependencies>
- <!-- These add additional classes to the module. In this case it is the same as including the jar in the EAR's lib directory -->
- <resources>
- <resource-rootpath="my-library.jar"/>
- </resources>
- </deployment>
- <sub-deploymentname="myapp.war">
- <!-- This corresponds to the module for a web deployment -->
- <!-- it can use all the same tags as the <deployment> entry above -->
- <dependencies>
- <!-- Adds a dependency on a ejb jar. This could also be done with a Class-Path entry -->
- <modulename="deployment.myear.ear.myejbjar.jar"/>
- </dependencies>
- <!-- Set's local resources to have the lowest priority -->
- <!-- If the same class is both in the sub deployment and in another sub deployment that -->
- <!-- is visible to the war, then the Class from the other deployment will be loaded, -->
- <!-- rather than the class actually packaged in the war. -->
- <!-- This can be used to resolve ClassCastExceptions if the same class is in multiple sub deployments-->
- <local-lastvalue="true"/>
- </sub-deployment>
- <!-- Now we are going to define two additional modules -->
- <!-- This one is a different version of javassist that we have packaged -->
- <modulename="deployment.myjavassist">
- <resources>
- <resource-rootpath="javassist.jar">
- <!-- We want to use the servers version of javassist.util.proxy.* so we filter it out-->
- <filter>
- <excludepath="javassist/util/proxy"/>
- </filter>
- </resource-root>
- </resources>
- </module>
- <!-- This is a module that re-exports the containers version of javassist.util.proxy -->
- <!-- This means that there is only one version of the Proxy classes defined -->
- <modulename="deployment.javassist.proxy">
- <dependencies>
- <modulename="org.javassist">
- <imports>
- <includepath="javassist/util/proxy"/>
- <excludepath="/**"/>
- </imports>
- </module>
- </dependencies>
- </module>
-</jboss-deployment-structure>
Not all JDK classes are exposed to a deployment by default. If your
-deployment uses JDK classes that are not exposed you can get access to
-them using jboss-deployment-structure.xml with system dependencies:
-
-
-
Using jboss-deployment-structure.xml to access JDK classes
1.10. The "jboss.api" property and application use of modules shipped with WildFly
-
-
The WildFly distribution includes a large number of modules, a great
-many of which are included for use by WildFly internals, with no testing
-of the appropriateness of their direct use by applications or any
-commitment to continue to ship those modules in future releases if they
-are no longer needed by the internals. So how can a user know whether it
-is advisable for their application to specify an explicit dependency on
-a module WildFly ships? The "jboss.api" property specified in the
-module’s module.xml file can tell you:
If a module does not have a property element like the above, then it’s
-equivalent to one with a value of "public".
-
-
-
Following are the meanings of the various values you may see for the
-jboss.api property:
-
-
-
-
-
-
-
-
-
Value
-
Meaning
-
-
-
-
-
public
-
May be explicitly depended upon by end user applications. Will
-continue to be available in future releases within the same major series
-and should not have incompatible API changes in future releases within
-the same minor series, and ideally not within the same major series.
-
-
-
private
-
Intended for internal use only. Only tested according to
-internal usage. May not be safe for end user applications to use
-directly.Could change significantly or be removed in a future release
-without notice.
-
-
-
unsupported
-
If you see this value in a module.xml in a WildFly
-release, please file a bug report, as it is not applicable in WildFly.
-In EAP it has a meaning equivalent to "private" but that does not mean
-the module is "private" in WildFly; it could very easily be "public".
-
-
-
preview
-
May be explicitly depended upon by end user applications, but
-there are no guarantees of continued availability in future releases or
-that there will not be incompatible API changes. This is not a common
-classification in WildFly. It is not used in WildFly 10.
-
-
-
deprecated
-
May be explicitly depended upon by end user applications.
-Stable and reliable but an alternative should be sought. Will be removed
-in a future major release.
-
-
-
-
-
Note that these definitions are only applicable to WildFly. In EAP and
-other Red Hat products based on WildFly the same classifiers are used,
-with generally similar meaning, but the precise meaning is per the
-definitions on the Red Hat customer support portal.
-
-
-
If an application declares a direct dependency on a module marked
-"private", "unsupported" or "deprecated", during deployment a WARN
-message will be logged. The logging will be in log categories
-"org.jboss.as.dependency.private", "org.jboss.as.dependency.unsupported"
-and "org.jboss.as.dependency.deprecated" respectively. These categories
-are not used for other purposes, so once you feel sufficiently warned
-the logging can be safely suppressed by turning the log level for the
-relevant category to ERROR or higher.
-
-
-
Other than the WARN messages noted above, declaring a direct dependency
-on a non-public module has no impact on how WildFly processes the
-deployment.
-
-
-
-
1.11. How to list the module dependencies of a deployed application
-
-
In WildFly it is possible to list the module dependencies added by the container to your deployed application. This task can be achieved via the command line interface, where specific operations are available to list the module dependencies for deployments and ear-subdeployments.
-
-
-
You can list the module dependencies of a deployment using the list-modules operation as below:
By default, the list-modules operation shows the list of dependencies in a compact view, including only the module name. You can control this output using the attribute verbose=[false*|true] to enable/disable a detailed response.
-
-
-
The following output shows an example of a detailed view:
The list_modules operation shows information in three different categories:
-
-
-
-
-
system-dependencies: These are the dependencies added implicitly by the server container.
-
-
-
local-dependencies: These are dependencies on other parts of the deployment.
-
-
-
user-dependencies: These are the dependencies defined by the user via a manifest file or deployment-structure.xml.
-
-
-
-
-
For each module, the following information is shown:
-
-
-
-
-
name: The module name and, if the slot name is not the default "main" slot, the slot name is concatenated after a ":" character separator.
-
-
-
optional: If the dependency was added as an optional dependency.
-
-
-
export: If the dependency is being exported to other modules.
-
-
-
import-services: If the module for the deployment or subdeployment is allowed to import services from the dependency.
-
-
-
-
-
-
-
-
2. Implicit module dependencies for deployments
-
-
-
As explained in the Class Loading in WildFly article,
-WildFly 29 is based on module classloading. A class within a module B
-isn’t visible to a class within a module A, unless module B adds a
-dependency on module A. Module dependencies can be explicitly (as
-explained in that classloading article) or can be "implicit". This
-article will explain what implicit module dependencies mean and how,
-when and which modules are added as implicit dependencies.
-
-
-
2.1. What’s an implicit module dependency?
-
-
Consider an application deployment which contains Jakarta Enterprise Beans. Jakarta Enterprise Beans typically
-need access to classes from the jakarta.ejb.* package and other Jakarta EE
-API packages. The jars containing these packages are already shipped in
-WildFly and are available as "modules". The module which contains the
-jakarta.ejb.* classes has a specific name and so does the module which
-contains all the Jakarta EE API classes. For an application to be able to
-use these classes, it has to add a dependency on the relevant modules.
-Forcing the application developers to add module dependencies like these
-(i.e. dependencies which can be "inferred") isn’t a productive approach.
-Hence, whenever an application is being deployed, the deployers within
-the server, which are processing this deployment "implicitly" add these
-module dependencies to the deployment so that these classes are visible
-to the deployment at runtime. This way the application developer doesn’t
-have to worry about adding them explicitly. How and when these implicit
-dependencies are added is explained in the next section.
-
-
-
-
2.2. How and when is an implicit module dependency added?
-
-
When a deployment is being processed by the server, it goes through a
-chain of "deployment processors". Each of these processors will have a
-way to check if the deployment meets a certain criteria and if it does,
-the deployment processor adds an implicit module dependency to that
-deployment. Let’s take an example - Consider (again) an Jakarta Enterprise Beans 3 deployment
-which has the following class:
As can be seen, we have a simple @Stateless Jakarta Enterprise Beans. When the deployment
-containing this class is being processed, the Jakarta Enterprise Beans deployment processor
-will see that the deployment contains a class with the @Stateless
-annotation and thus identifies this as an Jakarta Enterprise Beans deployment. This is just
-one of the several ways, various deployment processors can identify a
-deployment of some specific type. The Jakarta Enterprise Beans deployment processor will
-then add an implicit dependency on the Jakarta EE API module, so that all
-the Jakarta EE API classes are visible to the deployment.
-
-
-
Some subsystems will always add API classes, even if the trigger
-condition is not met. These are listed separately below.
-
-
-
In the next section, we’ll list down the implicit module dependencies
-that are added to a deployment, by various deployers within WildFly.
-
-
-
-
2.3. Which are the implicit module dependencies?
-
-
-
-
-
-
-
-
-
-
Subsystem responsible for adding the implicit dependency
-
Dependencies
-that are always added
-
Dependencies that are added if a trigger
-condition is met
-
Trigger which leads to the implicit module dependency
-being added
-
-
-
-
-
Core Server
-
java.se org.jboss.vfs
-
-
-
-
-
Batch Subsystem
-
jakarta.batch.api
-
-
implicit
-
-
-
EE Subsystem
-
javaee.api
-
-
-
-
-
Jakarta Enterprise Beans 3 subsystem
-
-
javaee.api
-
The presence of ejb-jar.xml (in valid
-locations in the deployment, as specified by spec) or the presence of
-annotation based Jakarta Enterprise Beans (ex: @Stateless, @Stateful, @MessageDriven etc)
If the deployment is a resource adaptor (RAR)
-deployment.
-
-
-
Jakarta Persistence (Hibernate) subsystem
-
jakarta.persistence.api
-
javaee.api
-org.jboss.as.jpa org.hibernate
-
The presence of an @PersistenceUnit or
-@PersistenceContext annotation, or a <persistence-unit-ref> or
-<persistence-context-ref> in a deployment descriptor..
If a
-beans.xml file is detected in the deployment
-
-
-
-
-
-
-
-
3. Deployment Descriptors used In WildFly
-
-
-
This page gives a list and a description of all the valid deployment
-descriptors that a WildFly deployment can use. This document is a work
-in progress.
-
-
-
-
-
-
-
-
-
-
-
-
Descriptor
-
Location
-
Specification
-
Description
-
Info
-
-
-
-
-
jboss-deployment-structure.xml
-
META-INF or WEB-INF of the top level
-deployment
-
-
This file can be used to control class loading for the
-deployment
-
Class Loading in WildFly
-
-
-
beans.xml
-
WEB-INF or META-INF
-
Jakarta Contexts and Dependency Injection
-
The presence of this descriptor
-(even if empty) activates Jakarta Contexts and Dependency Injection
-
Weld Reference Guide
-
-
-
web.xml
-
WEB-INF
-
Servlet
-
Web deployment descriptor
-
-
-
-
jboss-web.xml
-
WEB-INF
-
-
JBoss Web deployment descriptor. This can be
-use to override settings from web.xml, and to set WildFly specific
-options
-
-
-
-
ejb-jar.xml
-
WEB-INF of a war, or META-INF of an Jakarta Enterprise Beans jar
-
Jakarta Enterprise Beans
-
The Jakarta Enterprise Beans
-spec deployment descriptor
-
ejb-jar.xml schema
-
-
-
jboss-ejb3.xml
-
WEB-INF of a war, or META-INF of an Jakarta Enterprise Beans jar
-
-
The
-JBoss Jakarta Enterprise Beans deployment descriptor, this can be used to override settings
-from ejb-jar.xml, and to set WildFly specific settings
-
-
-
-
application.xml
-
META-INF of an EAR
-
Jakarta EE Platform Specification
-
-
application.xml schema
-
-
-
jboss-app.xml
-
META-INF of an EAR
-
-
JBoss application deployment
-descriptor, can be used to override settings application.xml, and to set
-WildFly specific settings
-
-
-
-
persistence.xml
-
META-INF
-
Jakarta Persistence
-
Jakarta Persistence descriptor used for defining
-persistence units
-
Hibernate Reference Guide
-
-
-
jboss-ejb-client.xml
-
WEB-INF of a war, or META-INF of an Jakarta Enterprise Beans jar
-
-
Remote Jakarta Enterprise Beans settings. This file is used to setup the Jakarta Enterprise Beans client context
-for a deployment that is used for remote Jakarta Enterprise Beans invocations
-
Jakarta Enterprise Beans
-invocations from a remote server instance
-
-
-
jbosscmp-jdbc.xml
-
META-INF of an Jakarta Enterprise Beans jar
-
-
CMP deployment
-descriptor. Used to map CMP entity beans to a database. The format is
-largely unchanged from previous versions.
-
-
-
-
ra.xml
-
META-INF of a rar archive
-
-
Spec deployment descriptor for
-resource adaptor deployments
-
IronJacamar Reference Guide Schema
-
-
-
ironjacamar.xml
-
META-INF of a rar archive
-
-
JBoss deployment
-descriptor for resource adaptor deployments
-
IronJacamar Reference Guide
-
-
-
*-jms.xml
-
META-INF or WEB-INF
-
-
Jakarta Messaging message destination deployment
-descriptor, used to deploy message destinations with a deployment
-
-
-
-
*-ds.xml
-
META-INF or WEB-INF
-
-
Datasource deployment descriptor, use
-to bundle datasources with a deployment
-
DataSource Configuration
-
-
-
application-client.xml
-
META-INF of an application client jar
-
Jakarta EE
-Platform Specification
-
The spec deployment descriptor for application
-client deployments
-
application-client.xml schema
-
-
-
jboss-client.xml
-
META-INF of an application client jar
-
-
The WildFly
-specific deployment descriptor for application client deployments
-
-
-
-
jboss-webservices.xml
-
META-INF for Jakarta Enterprise Beans webservice deployments or
-WEB-INF for POJO webservice deployments/Jakarta Enterprise Beans webservice endpoints bundled
-in .war
-
-
The JBossWS 4.0.x specific deployment descriptor for
-webservice endpoints
-
-
-
-
-
-
-
-
4. Development Guidelines and Recommended Practices
-
-
-
The purpose of this page is to document tips and techniques that will
-assist developers in creating fast, secure, and reliable applications.
-It is also a place to note what you should avoid doing when developing
-applications.
-
-
-
-
-
5. Application Client Reference
-
-
-
As a Jakarta EE compliant server, WildFly 29 contains an application
-client. An application client is essentially a cut down server instance,
-that allows you to use EE features such as injection in a client side
-program.
-
-
-
-
-
-
-
-
-This article is not a tutorial on application client development, rather
-it covers the specifics of the WildFly application client. There are
-tutorials available elsewhere that cover application client basics, such
-as
-this
-one.
-
-
-
-
-
-
-
-
-
-
-
-Note that the application client is different from the Jakarta Enterprise Beans client
-libraries, it is perfectly possible to write a client application that does
-not use the application client, but instead uses the jboss-ejb-client
-library directly.
-
-
-
-
-
-
5.1. Getting Started
-
-
To launch the application client use the appclient.sh or
-appclient.bat script in the bin directory. For example:
The --host argument tells the appclient the server to connect to. The
-next argument is the application client deployment to use, application
-clients can only run a single deployment, and this deployment must also
-be deployed on the full server instance that the client is connecting
-too.
-
-
-
Any arguments after the deployment to use are passed directly through to
-the application clients main function.
-
-
-
-
5.2. Connecting to more than one host
-
-
If you want to connect to more than one host or make use of the
-clustering functionality then you need to specify a
-jboss-ejb-client.properties file rather than a host:
The embedded API can be used to launch WildFly Full within a currently running process.
-
-
-
The embedded server can be reinitialized with a different JBoss Home. However the module directory, module.path
-system property, and the modules system packages, jboss.modules.system.pkgs system property, are effectively static.
-This means that creating a new embedded server or host controller within the same VM will not allow overriding the
-modules directory or the system packages.
-
-
-
You can also set a hint to indicate which log manager is being used. The hint attempts to ensure that JBoss Logging
-will bind to the correct log manager. It also adds the hinted logging package to the modules system packages.
-
-
-
-
-
-
-
-
-If using the embedded API with Java 11 you’ll need to add --add-module=java.se to your JVM arguments. See
-MODULES-372 for details.
-
-
-
-
-
-
6.1. Standalone API
-
-
A standalone server allows you to manage the lifecycle of a server within the currently running process. The server
-can be configured in admin-only mode or fully started and applications can be deployed.
-
-
-
6.1.1. Examples
-
-
Simple Example
-
-
final StandaloneServer server = EmbeddedProcessFactory.createStandaloneServer(Configuration.Builder.of(jbossHome).build());
-server.start();
-
-try {
- // Print the listening address
- final ModelControllerClient client = server.getModelControllerClient();
- final ModelNode address = Operations.createAddress("interface", "public");
- final ModelNode op = Operations.createReadAttributeOperation(address, "inet-address");
- op.get("resolve-expressions").set(true);
- final ModelNode result = client.execute(op);
- if (!Operations.isSuccessfulOutcome((result))) {
- thrownewRuntimeException("Failed to get the public inet-address: " + Operations.getFailureDescription(result));
- }
- System.out.printf("Listening on %s%n", Operations.readResult(result).asString());
-} finally {
- server.stop();
-}
-
-
-
-
Server in admin-only Example
-
-
final StandaloneServer server = EmbeddedProcessFactory.createStandaloneServer(
- Configuration.Builder.of(jbossHome)
- .addCommandArgument("--admin-only")
- .build());
-server.start();
-
-try {
- // Print the listening address
- final ModelControllerClient client = server.getModelControllerClient();
- final ModelNode address = Operations.createAddress();
- final ModelNode op = Operations.createReadAttributeOperation(address, "running-mode");
- op.get("resolve-expressions").set(true);
- final ModelNode result = client.execute(op);
- if (!Operations.isSuccessfulOutcome((result))) {
- thrownewRuntimeException("Failed to get the running-mode: " + Operations.getFailureDescription(result));
- }
- System.out.printf("Running mode is %s%n", Operations.readResult(result).asString());
-} finally {
- server.stop();
-}
-
-
-
-
log4j2 Hint
-
-
final StandaloneServer server = EmbeddedProcessFactory.createStandaloneServer(Configuration.Builder.of(jbossHome)
- .setLoggerHint(Configuration.LoggerHint.LOG4J2)
- .build()
-);
-server.start();
-
-try {
- // Print the listening address
- final ModelControllerClient client = server.getModelControllerClient();
- final ModelNode address = Operations.createAddress("interface", "public");
- final ModelNode op = Operations.createReadAttributeOperation(address, "inet-address");
- op.get("resolve-expressions").set(true);
- final ModelNode result = client.execute(op);
- if (!Operations.isSuccessfulOutcome((result))) {
- thrownewRuntimeException("Failed to get the public inet-address: " + Operations.getFailureDescription(result));
- }
- org.apache.logging.log4j.LogManager.getFormatterLogger(Main.class).info("Listening on %s%n", Operations.readResult(result).asString());
-} finally {
- server.stop();
-}
-
-
-
-
-
-
6.2. Host Controller API
-
-
The host controller API creates a host controller in the current process. The host controller is started in admin-only
-mode therefore servers within the domain cannot be started. However the server configuration can be altered via
-management operations.
-
-
-
6.2.1. Example
-
-
Simple Example
-
-
final HostController server = EmbeddedProcessFactory.createHostController(Configuration.Builder.of(jbossHome).build());
-server.start();
-
-try {
- // Print the listening address
- final ModelControllerClient client = server.getModelControllerClient();
- final ModelNode address = new ModelNode().setEmptyList();
- final ModelNode op = Operations.createOperation(ClientConstants.READ_CHILDREN_NAMES_OPERATION, address);
- op.get(ClientConstants.CHILD_TYPE).set(ClientConstants.SERVER_GROUP);
- final ModelNode result = client.execute(op);
- if (!Operations.isSuccessfulOutcome(result)) {
- thrownewRuntimeException("Failed to get the public inet-address: " + Operations.getFailureDescription(result));
- }
- System.out.println("Available server groups:");
- for (ModelNode value : Operations.readResult(result).asList()) {
- System.out.printf("\t%s%n", value.asString());
- }
-} finally {
- server.stop();
-}
-
-
-
-
-
-
-
-
7. CDI Reference
-
-
-
WildFly uses Weld, the CDI reference
-implementation as its CDI provider. To activate CDI for a deployment
-simply add a beans.xml file in any archive in the deployment.
-
-
-
This document is not intended to be a CDI tutorial, it only covers CDI
-usage that is specific to WildFly. For some general information on CDI
-see the below links:
For WildFly 29 onwards, it is now possible to have classes outside the
-deployment be picked up as CDI beans. In order for this to work, you must
-add a dependency on the external deployment that your beans are coming
-from, and make sure the META-INF directory of this deployment is
-imported, so that your deployment has visibility to the beans.xml file
-(To import beans from outside the deployment they must be in an archive
-with a beans.xml file).
-
-
-
There are two ways to do this, either using the MANIFEST.MF or using
-jboss-deployment-structure.xml.
-
-
-
Using MANIFEST.MF you need to add a Dependencies entry, with
-meta-inf specified after the entry, e.g.
Note that this can be used to create beans from both modules in the
-modules directory, and from other deployments.
-
-
-
For more information on class loading and adding dependencies to your
-deployment please see the Class
-Loading Guide
-
-
-
-
7.2. Suppressing implicit bean archives
-
-
CDI 1.1 brings new options to packaging of CDI-enabled applications. In
-addition to well-known explicit bean archives (basically any archive
-containing the beans.xml file) the specification introduces implicit
-bean archives.
-
-
-
An implicit bean archive is any archive that contains one or more
-classes annotated with a bean defining annotation (scope annotation) or
-one or more session beans. As a result, the beans.xml file is no longer
-required for CDI to work in your application.
-
-
-
In an implicit bean archive only those classes that are either
-annotated with bean defining annotations or are session beans are
-recognized by CDI as beans (other classes cannot be injected).
-
-
-
This has a side-effect, though. Libraries exist that make use of scope
-annotation (bean defining annotations) for their own convenience but are
-not designed to run with CDI support. Guava would be an example of such
-library. If your application bundles such library it will be recognized
-as a CDI archive and may
-fail the
-deployment.
-
-
-
Fortunately, WildFly makes it possible to suppress implicit bean
-archives and only enable CDI in archives that bundle the beans.xml file.
-There are two ways to achieve this:
-
-
-
7.2.1. Per-deployment configuration
-
-
You can either set this up for your deployment only by adding the
-following content to the META-INF/jboss-all.xml file of your
-application:
CDI 1.1 clarifies some aspects of how CDI protable extensions work. As a
-result, some extensions that do not use the API properly (but were
-tolerated in CDI 1.0 environment) may stop working with CDI 1.1.If this
-is the case of your application you will see an exception like this:
-
-
-
-
org.jboss.weld.exceptions.IllegalStateException: WELD-001332: BeanManager method getBeans() is not available during application initialization
-
-
-
-
Fortunatelly, there is a non-portable mode available in WildFly which
-skips some of the API usage checks and therefore allows the legacy
-extensions to work as before.
-
-
-
Again, there are two ways to enable the non-portable mode:
-
-
-
7.3.1. Per-deployment configuration
-
-
You can either set this up for your deployment only by adding the
-following content to the META-INF/jboss-all.xml file of your
-application:
Note that new portable extensions should always use the
-BeanManager
-APIproperly and thus never require the non-portable mode. The
-non-portable mode only exists to preserve compatibility with legacy
-extensions!
-
-
-
-
-
-
-
-
-References in this document to CDI refer to Jakarta Contexts and Dependency Injection unless otherwise noted.
-
-
-
-
-
-
-
-
-
-
8. EE Concurrency Utilities
-
-
-
-EE Concurrency Utilities (JSR 236) is a technology introduced with Java
-EE 7, which adapts well known Java SE concurrency utilities to the Java
-EE application environment specifics. The Jakarta EE application server is
-responsible for the creation (and shutdown) of every instance of the EE
-Concurrency Utilities, and provide these to the applications, ready to
-use.
-
-
-
-
The EE Concurrency Utilities support the propagation of the invocation
-context, capturing the existent context in the application threads to
-use in their own threads, the same way a logged-in user principal is
-propagated when a servlet invokes an Jakarta Enterprise Beans asynchronously. The propagation
-of the invocation context includes, by default, the class loading, JNDI
-and security contexts.
-
-
-
WildFly creates a single default instance of each EE Concurrency Utility
-type in all configurations within the distribution, as mandated by the
-specification, but additional instances, perhaps customised to better
-serve a specific usage, may be created through WildFly’s EE Subsystem
-Configuration. To learn how to configure EE Concurrency Utilities please
-refer to EE Concurrency
-Utilities Configuration. Additionally, the EE subsystem configuration
-also includes the configuration of which instance should be considered
-the default instance mandated by the Jakarta EE specification, and such
-configuration is covered by
-Default EE Bindings Configuration.
-
-
-
8.1. Context Service
-
-
The Context Service ( jakarta.enterprise.concurrent.ContextService) is a
-brand new concurrency utility, which applications may use to build
-contextual proxies from existing objects.
-
-
-
A contextual proxy is an object that sets an invocation context, captured
-when created, whenever is invoked, before delegating the invocation to
-the original object.
WildFly default configurations creates a single default instance of a
-Context Service, which may be retrieved through @Resource injection:
-
-
-
-
@Resource
-private ContextService contextService;
-
-
-
-
-
-
-
-
-
-To retrieve instead a non default Context Service instance,
-@Resource’s `lookup attribute needs to specify the JNDI name used in
-the wanted instance configuration. WildFly will always inject the
-default instance, no matter what’s the name attribute value, if the
-lookup attribute is not defined.
-
-
-
-
-
-
Applications may alternatively use instead the standard JNDI API:
-As mandated by the Jakarta EE specification, the default Context Service
-instance’s JNDI name is java:comp/DefaultContextService.
-
-
-
-
-
-
-
8.2. Managed Thread Factory
-
-
The Managed Thread Factory (
-jakarta.enterprise.concurrent.ManagedThreadFactory) allows Java EE
-applications to create Java threads. It is an extension of Java SE’s
-Thread Factory ( java.util.concurrent.ThreadFactory) adapted to the
-Jakarta EE platform specifics.
-
-
-
Managed Thread Factory instances are managed by the application server,
-thus Jakarta EE applications are forbidden to invoke any lifecycle related
-method.
-
-
-
In case the Managed Thread Factory is configured to use a Context
-Service, the application’s thread context is captured when a thread
-creation is requested, and such context is propagated to the thread’s
-Runnable execution.
-
-
-
Managed Thread Factory threads implement
-jakarta.enterprise.concurrent.ManageableThread, which allows an
-application to learn about termination status.
-To retrieve instead a non default Managed Thread Factory instance,
-@Resource’s `lookup attribute needs to specify the JNDI name used in
-the wanted instance configuration. WildFly will always inject the
-default instance, no matter what’s the name attribute value, in case
-the lookup attribute is not defined.
-
-
-
-
-
-
Applications may alternatively use instead the standard JNDI API:
-As mandated by the Jakarta EE specification, the default Managed Thread
-Factory instance’s JNDI name is java:comp/DefaultManagedThreadFactory.
-
-
-
-
-
-
-
8.3. Managed Executor Service
-
-
The Managed Executor Service (
-jakarta.enterprise.concurrent.ManagedExecutorService) allows Java EE
-applications to submit tasks for asynchronous execution. It is an
-extension of Java SE’s Executor Service (
-java.util.concurrent.ExecutorService) adapted to the Jakarta EE platform
-requirements.
-
-
-
Managed Executor Service instances are managed by the application
-server, thus Jakarta EE applications are forbidden to invoke any lifecycle
-related method.
-
-
-
In case the Managed Executor Service is configured to use a Context
-Service, the application’s thread context is captured when the task is
-submitted, and propagated to the executor thread responsible for the
-task execution.
-To retrieve instead a non default Managed Executor Service instance,
-@Resource’s `lookup attribute needs to specify the JNDI name used in
-the wanted instance configuration. WildFly will always inject the
-default instance, no matter what’s the name attribute value, in case
-the lookup attribute is not defined.
-
-
-
-
-
-
Applications may alternatively use instead the standard JNDI API:
-As mandated by the Jakarta EE specification, the default Managed Executor
-Service instance’s JNDI name is
-java:comp/DefaultManagedExecutorService.
-
-
-
-
-
-
-
8.4. Managed Scheduled Executor Service
-
-
The Managed Scheduled Executor Service (
-jakarta.enterprise.concurrent.ManagedScheduledExecutorService) allows
-Jakarta EE applications to schedule tasks for asynchronous execution. It is
-an extension of Java SE’s Executor Service (
-java.util.concurrent.ScheduledExecutorService) adapted to the Java EE
-platform requirements.
-
-
-
Managed Scheduled Executor Service instances are managed by the
-application server, thus Jakarta EE applications are forbidden to invoke
-any lifecycle related method.
-
-
-
In case the Managed Scheduled Executor Service is configured to use a
-Context Service, the application’s thread context is captured when the
-task is scheduled, and propagated to the executor thread responsible for
-the task execution.
WildFly default configurations creates a single default instance of a
-Managed Scheduled Executor Service, which may be retrieved through
-@Resource injection:
-To retrieve instead a non default Managed Scheduled Executor Service
-instance, @Resource’s `lookup attribute needs to specify the JNDI
-name used in the wanted instance configuration. WildFly will always
-inject the default instance, no matter what’s the name attribute
-value, in case the lookup attribute is not defined.
-
-
-
-
-
-
Applications may alternatively use instead the standard JNDI API:
-As mandated by the Jakarta EE specification, the default Managed Scheduled
-Executor Service instance’s JNDI name is
-java:comp/DefaultManagedScheduledExecutorService.
-
-
-
-
-
-
-
-
-
9. Jakarta Enterprise Beans 3 Reference Guide
-
-
-
This chapter details the extensions that are available when developing
-Enterprise Java Beans tm on WildFly 29.
-
-
-
Currently, there is no support for configuring the extensions using an
-implementation specific descriptor file.
-
-
-
9.1. Resource Adapter for Message Driven Beans
-
-
Each Message Driven Bean must be connected to a resource adapter.
-
-
-
9.1.1. Specification of Resource Adapter using Metadata Annotations
-
-
The ResourceAdapter annotation is used to specify the resource adapter
-with which the MDB should connect.
-
-
-
The value of the annotation is the name of the deployment unit
-containing the resource adapter. For example jms-ra.rar.
Whenever a run-as role is specified for a given method invocation the
-default anonymous principal is used as the caller principal. This
-principal can be overridden by specifying a run-as principal.
-
-
-
9.2.1. Specification of Run-as Principal using Metadata Annotations
-
-
The RunAsPrincipal annotation is used to specify the run-as principal
-to use for a given method invocation.
-
-
-
The value of the annotation specifies the name of the principal to
-use. The actual type of the principal is undefined and should not be
-relied upon.
-
-
-
Using this annotation without specifying a run-as role is considered an
-error.
-
-
-
For example:
-
-
-
-
@RunAs("admin")
-@RunAsPrincipal("MyBean")
-
-
-
-
-
-
9.3. Security Domain
-
-
Each Enterprise Java Bean tm can be associated with a security domain.
-Only when an Jakarta Enterprise Beans are associated with a security domain will
-authentication and authorization be enforced.
-
-
-
9.3.1. Specification of Security Domain using Metadata Annotations
-
-
The SecurityDomain annotation is used to specify the security domain
-to associate with the Jakarta Enterprise Beans.
-
-
-
The value of the annotation is the name of the security domain to be
-used.
-
-
-
For example:
-
-
-
-
@SecurityDomain("other")
-
-
-
-
-
-
9.4. Transaction Timeout
-
-
For any newly started transaction a transaction timeout can be specified
-in seconds.
-
-
-
When a transaction timeout of 0 is used, then the actual transaction
-timeout will default to the domain configured default.
-TODO: add link to tx subsystem
-
-
-
Although this is only applicable when using transaction attribute
-REQUIRED or REQUIRES_NEW the application server will not detect
-invalid setups.
-
-
-
New Transactions
-
-
-
-
-
-
-
-
-Take care that even when transaction attribute REQUIRED is specified,
-the timeout will only be applicable if a new transaction is started.
-
-
-
-
-
-
9.4.1. Specification of Transaction Timeout with Metadata Annotations
-
-
The TransactionTimeout annotation is used to specify the transaction
-timeout for a given method.
-
-
-
The value of the annotation is the timeout used in the given unit
-granularity. It must be a positive integer or 0. Whenever 0 is specified
-the default domain configured timeout is used.
-
-
-
The unit specifies the granularity of the value. The actual value
-used is converted to seconds. Specifying a granularity lower than
-SECONDS is considered an error, even when the computed value will
-result in an even amount of seconds.
-
-
-
For example:@TransactionTimeout(value = 10, unit = TimeUnit.SECONDS)
-
-
-
-
9.4.2. Specification of Transaction Timeout in the Deployment Descriptor
-
-
The trans-timeout element is used to define the transaction timeout
-for business, home, component, and message-listener interface methods;
-no-interface view methods; web service endpoint methods; and timeout
-callback methods.
-
-
-
The trans-timeout element resides in the urn:trans-timeout namespace
-and is part of the standard container-transaction element as defined
-in the jboss namespace.
-
-
-
For the rules when a container-transaction is applicable please refer
-to EJB 3.1 FR 13.3.7.2.1.
The service is responsible to call the registered timeout methods of the
-different session beans.
-
-
-
-
-
-
-
-
-A persistent timer will be identified by the name of the EAR, the name
-of the sub-deployment JAR and the Bean’s name.
-If one of those names are changed (e.g. EAR name contain a version) the
-timer entry became orphaned and the timer event will not longer be
-fired.
-
-
-
-
-
-
9.5.1. Single event timer
-
-
The timer is will be started once at the specified time.
-
-
-
In case of a server restart the timeout method of a persistent timer
-will only be called directly if the specified time is elapsed.
-If the timer is not persistent, it will no longer be available
-if JBoss is restarted or the application is redeployed.
-
-
-
-
9.5.2. Recurring timer
-
-
The timer will be started at the specified first occurrence and after
-that point at each time if the interval is elapsed.
-If the timer will be started during the last execution is not finished
-the execution will be suppressed with a warning to avoid concurrent
-execution.
-
-
-
In case of server downtime for a persistent timer, the timeout method
-will be called only once if one, or more than one, interval is
-elapsed.
-If the timer is not persistent, it will no longer be active
-after the server is restarted or the application is redeployed.
-
-
-
-
9.5.3. Calendar timer
-
-
The timer will be started if the schedule expression match. It will be
-automatically deactivated and removed if there will be no next
-expiration possible, i.e. If you set a specific year.
-
-
-
For example:
-
-
-
-
@Schedule( ... dayOfMonth="1", month="1", year="2012") +
-// start once at 01-01-2012 00:00:00
-
-
-
-
Programmatic calendar timer
-
-
If the timer is persistent it will be fetched at server start and the
-missed timeouts are called concurrent.
-If a persistent timer contains an end date it will be executed once
-nevertheless how many times the execution was missed. Also a retry will
-be suppressed if the timeout method throw an Exception.
-In case of such expired timer access to the given Timer object might
-throw a NoMoreTimeoutExcption or NoSuchObjectException.
-
-
-
If the timer is non persistent it will not longer be active after the
-server is restarted or the application is redeployed.
-
-
-
TODO: clarify whether this should happen concurrently/blocked or even
-fired only once like a recurring timer!
-
-
-
-
Annotated calendar timer
-
-
If the timer is non persistent it will not activated for missed events
-during the server is down. In case of server start the timer is
-scheduled based on the @Schedule annotation.
-
-
-
If the timer is persistent (default if not deactivated by annotation)
-all missed events are fetched at server start and the annotated timeout
-method is called concurrent.
-
-
-
TODO: clarify whether this should happen concurrently/blocked or even
-fired only once like a recurring timer!
-
-
-
-
-
-
9.6. Container interceptors
-
-
-JBoss AS versions prior to WildFly8 allowed a JBoss specific way to
-plug-in user application specific interceptors on the server side so
-that those interceptors get invoked during an EJB invocation. Such
-interceptors differed from the typical (portable) spec provided Jakarta EE
-interceptors. The Jakarta Interceptors are expected to run after the
-container has done necessary invocation processing which involves
-security context propagation, transaction management and other such
-duties. As a result, these Jakarta Interceptors come too late into the
-picture, if the user applications have to intercept the call before
-certain container specific interceptor(s) are run.
-
-
-
-
9.6.1. Typical EJB invocation call path on the server
The invocation on the bean.doSomething() triggers the following (only
-relevant portion of the flow shown below):
-
-
-
-
-
WildFly specific interceptor (a.k.a container interceptor) 1
-
-
-
WildFly specific interceptor (a.k.a container interceptor) 2
-
-
-
….
-
-
-
WildFly specific interceptor (a.k.a container interceptor) N
-
-
-
User application specific Jakarta EE interceptor(s) (if any)
-
-
-
Invocation on the EJB instance’s method
-
-
-
-
-
The WildFly specific interceptors include the security context
-propagation, transaction management and other container provided
-services. In some cases, the " `container interceptors`" (let’s call
-them that) might even decide break the invocation flow and not let the
-invocation proceed (for example: due to the invoking caller not being
-among the allowed user roles who can invoke the method on the bean).
-
-
-
Previous versions of JBoss AS allowed a way to plug-in the user
-application specific interceptors (which relied on JBoss AS specific
-libraries) into this invocation flow so that they do run some
-application specific logic before the control reaches step#5 above. For
-example, AS5 allowed the use of JBoss AOP interceptors to do this.
-
-
-
As of WildFly 8, this feature was implemented.
-
-
-
-
9.6.2. Configuring container interceptors
-
-
As you can see from the JIRA https://issues.redhat.com/browse/AS7-5897,
-one of the goals of this feature implementation was to make sure that we
-don’t introduce any new WildFly specific library dependencies for the
-container interceptors. So we decided to allow the Jakarta Interceptors
-(which are just POJO classes with lifecycle callback annotations) to be
-used as container interceptors. As such you won’t need any dependency on
-any WildFly specific libraries. That will allow us to support this
-feature for a longer time in future versions of WildFly.
-
-
-
Furthermore, configuring these container interceptors is similar to
-configuring the Jakarta Interceptors for EJBs. In fact, it uses the same
-xsd elements that are allowed in ejb-jar.xml for 3.1 version of ejb-jar
-deployment descriptor.
-
-
-
-
-
-
-
-
-Container interceptors can only be configured via deployment
-descriptors. There’s no annotation based way to configure container
-interceptors. This was an intentional decision, taken to avoid
-introducing any WildFly specific library dependency for the annotation.
-
-
-
-
-
-
Configuring the container interceptors can be done in jboss-ejb3.xml
-file, which then gets placed under the META-INF folder of the EJB
-deployment, just like the ejb-jar.xml. Here’s an example of how the
-container interceptor(s) can be configured in jboss-ejb3.xml:
The usage of urn:container-interceptors:1.0 namespace which allows the
-container-interceptors elements to be configured
-
-
-
The container-interceptors element which contain the interceptor
-bindings
-
-
-
The interceptor bindings themselves are the same elements as what the
-EJB3.1 xsd allows for standard Jakarta Interceptors
-
-
-
The interceptors can be bound either to all EJBs in the deployment
-(using the * wildcard) or individual bean level (using the specific
-EJB name) or at specific method level for the EJBs.
The interceptor classes themselves are simple POJOs and use the
-@jakarta.annotation.AroundInvoke to mark the around invoke method which
-will get invoked during the invocation on the bean. Here’s an example of
-the interceptor:
9.6.3. Container interceptor positioning in the interceptor chain
-
-
The container interceptors configured for a EJB are guaranteed to be run
-before the WildFly provided security interceptors, transaction
-management interceptors and other such interceptors thus allowing the
-user application specific container interceptors to setup any relevant
-context data before the invocation proceeds.
-
-
-
-
9.6.4. Semantic difference between container interceptor(s) and Jakarta Interceptors API
-
-
Although the container interceptors are modeled to be similar to the
-Jakarta Interceptors, there are some differences in the API semantics.
-One such difference is that invoking on
-jakarta.interceptor.InvocationContext.getTarget() method is illegal for
-container interceptors since these interceptors are invoked way before
-the EJB components are setup or instantiated.
-References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
-
-
-
-
-
-
-
-
9.7. Jakarta Enterprise Beans 3 Database Persistent Timers
-
-
-WildFly now supports persistent timers backed by a shared database. High-availability
-support is provided through the database, and as a result it is not
-intended to be a super high performance solution that supports thousands
-of timers going off a second, however properly tuned it should provide
-sufficient performance for most use cases.
-
-
-
-
-
-
-
-
-
-Note that for this to work correctly the underlying database must
-support the READ_COMMITTED or SERIALIZABLE isolation mode and the
-datasource must be configured accordingly
-
-
-
-
-
-
9.7.1. Setup
-
-
In order to use clustered timers it is necessary to add a database
-backed timer store. This can be done from the CLI with the following
-command:
allow-execution - If this node is allowed to execute timers. If this
-is false then timers added on this node will be added to the database
-for another node to execute. This allows you to limit timer execution to
-a few nodes in a cluster, which can greatly reduce database load for
-large clusters.
-
-
-
datasource-jndi-name - The datasource to use
-
-
-
refresh-interval - The refresh interval in milliseconds. This is the
-period of time that must elapse before this node will check the database
-for new timers added by other nodes. A smaller value means that timers
-will be picked up more quickly, however it will result in more load on
-the database. This is most important to tune if you are adding timers
-that will expire quickly. If the node that added the timer cannot
-execute it (e.g. because it has failed or because allow-execution is
-false), this timer may not be executed until a node has refreshed.
-
-
-
database - Define the type of database that is in use. Some SQL
-statements are customised by database, and this tells the data store
-which version of the SQL to use.
-Without this attribute the server try to detected the type
-automatically, current supported types are postgresql, mysql, oracle,
-db2, hsql and h2.
-Note that this SQL resides in the file
-modules/system/layers/base/org/jboss/as/ejb3/main/timers/timer-sql.properties
-And as such is it possible to modify the SQL that is executed or add
-support for new databases by adding new DB specific SQL to this file (if
-you do add support for a new database it would be greatly appreciated if
-you could contribute the SQL back to the project).
-
-
-
partition - A node will only see timers from other nodes that have
-the same partition name. This allows you to break a large cluster up
-into several smaller clusters, which should improve performance. e.g.
-instead of having a cluster of 100 nodes, where all hundred are trying
-to execute and refresh the same timers, you can create 20 clusters of 5
-nodes by giving ever group of 5 a different partition name.
-
-
-
-
-
Non clustered timers
-
-
Note that you can still use the database data store for non-clustered
-timers, in which case set the refresh interval to zero and make sure
-that every node has a unique partition name (or uses a different
-database).
-
-
-
-
-
9.7.2. Using clustered timers in a deployment
-
-
It is possible to use the data store as default for all applications by
-changing the default-data-store within the ejb3 subsystem:
Another option is to use a separate data store for specific
-applications, all that is required is to set the timer data store name
-in jboss-ejb3.xml:
In a clustered deployment, multiple nodes updating timer datastore may cause the in-memory timer state to be temporarily
-out of sync. Some application may find the refresh-interval configuration not sufficient in some cases, and
-need to programmatically refresh timers. This can be done with Jakarta Interceptors configured for those business methods
-that need this capability, as illustrated in the following steps:
-
-
-
-
-
Implement an Jakarta Interceptors that enables wildfly.ejb.timer.refresh.enabled to true. For example,
Configure the Jakarta Interceptors to the target stateless or singleton bean business methods.
-When wildfly.ejb.timer.refresh.enabled is set to true, calling TimerService.getAllTimers()
-will first refresh from timer datastore before returning timers. For example,
-
-
-
-
-
-
@Singleton
-publicclassRefreshBean1 ... {
-
- @Interceptors(RefreshInterceptor.class)
- publicvoid businessMethod1() {
- ...
- // since wildfly.ejb.timer.refresh.enabled is set to true in interceptor for this business method,
- // calling timerService.getAllTimers() will first refresh from timer datastore before returning timers.
- final Collection<Timer> allTimers = timerService.getAllTimers();
- ...
- }
-}
-
-
-
-
-
-
Applications may configure such an interceptor to certain business methods that require this capability.
-Alternatively, applications may implement a dedicated business method to programmatically refresh timers, to
-be invoked by other parts of the application when needed. For example,
-
-
-
-
-
-
@Interceptors(RefreshInterceptor.class)
- publicList<Timer> getAllTimerInfoWithRefresh() {
- return timerService.getAllTimers();
- }
-
- publicvoid businessMethod1() {
- final LocalBusinessInterface businessObject = sessionContext.getBusinessObject(LocalBusinessInterface.class);
- businessObject.getAllTimerInfoWithRefresh();
-
- // timer has been programmatically refreshed from datastore.
- // continue with other business logic...
- }
-
-
-
-
-
9.7.4. Technical details
-
-
Internally every node that is allowed to execute timers schedules a
-timeout for every timer is knows about. When this timeout expires then
-this node attempts to 'lock' the timer, by updating its state to
-running. The query this executes looks like:
-
-
-
-
UPDATE JBOSS_EJB_TIMER SET TIMER_STATE=? WHERE ID=? AND TIMER_STATE<>? AND NEXT_DATE=?;
-
-
-
-
Due to the use of a transaction and READ_COMMITTED or SERIALIZABLE
-isolation mode only one node will succeed in updating the row, and this
-is the node that the timer will run on.
-
-
-
-
-
9.8. Jakarta Enterprise Beans Distributed Timers
-
-
-WildFly now supports distributed timers backed by an embedded Infinispan cache.
-The Infinispan cache not only provides an HA solution for persistent timer metadata, in the case of a server crash or restart,
-but also distributes timer execution evenly between cluster members.
-Consequently, this solution generally provides better performance and scalability than the existing database solution.
-
-
-
-
This feature can also be used to provide file, database, or remote Infinispan cluster persistence of timer metadata for single server architectures, effectively replacing the existing file-store and database-store TimerService facilities.
-Additionally, this feature can also provide passivation support for non-persistent timers to allow the creation of large number of transient timers without the risk of running out of memory.
-
-
-
9.8.1. Setup
-
-
Distributed timer behavior is configured via the distributable-ejb subsystem, and can be configured globally via the ejb3 subsystem or customized per EJB via the timer-service EJB deployment descriptor namespace.
-
-
-
WildFly’s HA profiles (e.g. standalone-ha.xml) are configured to use the distributable timer service by default to handle both persistent and non-persistent timers.
-
-
-
To enable the use of distributable timer service within a non-HA profile (e.g. standalone.xml), one must first disable the existing data store mechanism, and then specify the timer management to use for persistent timers, which references a timer management resource from the distributable-ejb subsystem.
To use distributable timer management for transient (i.e. non-persistent) timers, remove the thread-pool-name attribute, and then specify the timer management to use for transient timers, which references a timer management resource from the distributable-ejb subsystem.
The <persistent-timer-management/> and <transient-timer-management/> elements above each reference a named timer management resource defined within the distributable-ejb subsystem.
To enable IIOP you must have the JacORB subsystem installed, and the
-<iiop/> element present in the ejb3 subsystem configuration. The
-standalone-full.xml configuration that comes with the distribution has
-both of these enabled.
-
-
-
The <iiop/> element takes two attributes that control the default
-behaviour of the server, for full details see EJB3
-subsystem configuration guide.
-
-
-
-
9.9.2. Enabling JTS
-
-
To enable JTS simply add a <jts/> element to the transactions
-subsystem configuration.
-
-
-
It is also necessary to enable the JacORB transactions interceptor as
-shown below.
Downloading stubs directly from the server is no longer supported. If
-you do not wish to pre-generate your stub classes JDK Dynamic stubs can
-be used instead. The enable JDK dynamic stubs simply set the
-com.sun.CORBA.ORBUseDynamicStub system property to true.
-
-
-
-
9.9.4. Configuring Jakarta Enterprise Beans IIOP settings via jboss-ejb3.xml
-
-
TODO
-
-
-
-
-
9.10. Jakarta Enterprise Beans over HTTP
-
-
Beginning with WildFly 11 it is now possible to use HTTP as the
-transport (instead of remoting) for remote Jakarta Enterprise Beans and JNDI invocations.
-
-
-
Everything mentioned below is applicable for both JNDI and Jakarta Enterprise Beans
-functionality.
-
-
-
9.10.1. Server Configuration
-
-
In order to configure the server the http-invoker needs to be enabled on
-each virtual host you wish to use in the Undertow subsystem. This is
-enabled by default in standard configs, but if it has been removed it
-can be added via:
The Hhttp-invoker takes two parameters, a path (which defaults to
-/wildfly-services) and a http-authentication-factory which must be a
-reference to an Elytron http-authentication-factory.
-
-
-
Note that any deployment that wishes to use this must use Elytron
-security with the same security domain that corresponds to the HTTP
-authentication factory.
-
-
-
-
9.10.2. Performing Invocations
-
-
The mechanism for performing invocations is exactly the same as for the
-remoting based Jakarta Enterprise Beans client, the only difference is that instead of a
-'remote+http' URI you use a 'http' URI (which must include the path that
-was configured in the invoker). For example if you are currently using
-'remote+ http://localhost:8080' as the target URI, you would change this
-to 'http://localhost:8080/wildfly-services'.
jboss-ejb3.xml is a custom deployment descriptor that can be placed in
-either ejb-jar or war archives. If it is placed in an ejb-jar then it
-must be placed in the META-INF folder, in a web archive it must be
-placed in the WEB-INF folder.
-
-
-
The contents of jboss-ejb3.xml are merged with the contents of
-ejb-jar.xml, with the jboss-ejb3.xml items taking precedence.
As you can see the format is largely similar to ejb-jar.xml, in fact
-they even use the same namespaces, however jboss-ejb3.xml adds some
-additional namespaces of its own to allow for configuring non-spec info.
-The format of the standard http://java.sun.com/xml/ns/javaee is well
-documented elsewhere, this document will cover the non-standard
-namespaces.
-
-
-
-
-
-
-
-
-Namespace "http://www.jboss.com/xml/ns/javaee" is bound to "jboss-ejb3-spec-2_0.xsd": this file redefines some elements of "ejb-jar_3_1.xml"
-
The following namespaces can all be used in the <assembly-descriptor>
-element. They can be used to apply their configuration to a single bean,
-or to all beans in the deployment by using * as the ejb-name.
-
-
-
The security namespace urn:security
-
-
This allows you to set the security domain and the run-as principal for
-an Jakarta Enterprise Beans.
The IIOP namespace is where IIOP settings are configured. As there are
-quite a large number of options these are covered in the
-IIOP guide.
-
-
-
-
The pool namespace urn:ejb-pool:1.0
-
-
This allows you to select the pool that is used by the SLSB or MDB.
-Pools are defined in the server configuration (i.e. standalone.xml or
-domain.xml)
This namespace is deprecated and as of WildFly 29 its use has no effect.
-The clustering behavior of Jakarta Enterprise Beans are determined by the profile in use on
-the server.
-
-
-
-
The timer-service namespace urn:timer-service:2.0
-
-
This allows you to customize the TimerService behavior for a given EJB.
There are three mechanisms in WildFly that allow controlling if a
-specific MDB is actively receiving or not messages:
-
-
-
-
-
delivery active
-
-
-
delivery groups
-
-
-
clustered singleton
-
-
-
-
-
We will see each one of them in the following sections.
-
-
-
9.12.1. Delivery Active
-
-
Delivery active is simply an attribute associated with the MDB that
-indicates if the MDB is receiving messages or not. If an MDB is not
-currently receiving messages, the messages will be saved in the queue or
-topic for later, according to the rules of the topic/queue.
-
-
-
You can configure delivery active using xml or annotations, and you can
-change its value after deployment using the cli.
-
-
-
-
-
jboss-ejb3.xml:
-
-
-
-
-
In the jboss-ejb3 xml file, configure the value of active as false to
-mark that the MDB will not be receiving messages as soon as it is
-deployed:
These management operations dynamically change the value of the active
-attribute, enabling or disabling delivery for the MDB. at runtime To use
-them, connect to the WildFly instance you want to manage, then enter the
-path of the MDB you want to manage delivery for:
Delivery groups provide a straightforward way to manage delivery for a
-group of MDBs. Every MDB belonging to a delivery group has delivery
-active if that group is active, and has delivery inactive
-whenever the group is not active.
-
-
-
You can add a delivery group to the ejb3 subsystem using either the
-subsystem xml or cli. Next, we will see examples of each case. In those
-examples we will add only a single delivery group, but keep in mind that
-you can add as many delivery groups as you need to a WildFly instance.
-
-
-
-
-
the ejb3 subsystem xml (located in your configuration xml, such as
-standalone.xml)
The example above adds a delivery group named "mdb-group-name" (you can
-use whatever name suits you best as the group name). The "true" active
-attribute indicates that all MDBs belonging to that group will have
-delivery active right after deployment. If you mark that attribute as
-false, you are indicating that every MDB belonging to the group will not
-start receiving messages after deployment, a condition that will remain
-until the group becomes active.
-
-
-
-
-
jboss-cli
-
-
-
-
-
You can add a mdb-delivery-group using the add command as below:
You can also use a wildcard to mark that all MDBs in your application
-belong to a delivery-group. In the following example, we add all MDBs in
-the application to group1, except for HelloWorldMDB, that is added to
-group2:
In the example above, we use the wildcard to specify that every MDB in the
-ejb-jar will belong to mdb-delivery-group1.
-That means that, in order for delivery of messages to be active for those MDBs,
-mdb-delivery-group1 must be active.
-
-
-
In addition, the configuration above specifies that HelloWorldMDB belongs also
-to mdb-delivery-group2 and mdb-delivery-group3. So, delivery of messages to
- HelloWorldMDB will only be active when mdb-delivery-group1,
- mdb-delivery-group2, and mdb-delivery-group3 are all active.
-
-
-
The same could be specified using the @DeliveryGroup annotation:
Notice that all the delivery-groups used by an application must be installed in
-the WildFly server upon deployment, or the deployment will fail with a message
-stating that the delivery-group is missing.
-
-
-
-
-
9.12.3. Clustered Singleton Delivery
-
-
Delivery can be marked as singleton in a clustered environment. In this
-case, only one node in the cluster will have delivery active for that
-MDB, whereas in all other nodes, delivery will be inactive. This option
-can be used for applications that are deployed in all nodes of the
-cluster. Such applications will be active in all nodes of the cluster,
-except for the MDBs that are marked as clustered singleton. For those
-MDBs, only one cluster node will be processing their messages. In case
-that node stops, another node will have delivery activated, guaranteeing
-that there is always one node processing the messages. This node is what
-we call primary singleton provider of the MDB.
-
-
-
Notice that applications using clustered singleton delivery can only be
-deployed in clustered WildFly servers (i.e., servers that are using the
-ha configuration).
-
-
-
To mark delivery as clustered singleton, you can use the jboss-ejb3.xml
-or the @ClusteredSingleton annotation:
As in the previous jboss-ejb3.xml examples, a wildcard can be used in
-the place of the ejb-name to indicate that all MDBs in the application
-are singleton clustered.
-
-
-
-
-
annotation
-
-
-
-
-
You can use the org.jboss.ejb3.annotation.ClusteredSingleton annotation
-to mark an MDB as clustered singleton:
9.12.4. Using Multiple MDB Delivery Control Mechanisms
-
-
The previous delivery control mechanisms can be used together in a
-single MDB. In this case, they work as a set of restrictions for
-delivery to be active in a MDB.
-
-
-
For example, if an MDB belongs to one or more delivery groups and is also a
-clustered singleton MDB, the delivery will be active for that MDB only
-if the delivery groups are active in the cluster node that was elected as
-the primary singleton provider.
-
-
-
Also, if you use jboss-cli to stopDelivery on a MDB that belongs to one or more
-delivery groups, the MDB will stop receiving messages in case all groups
-were active. If one or more of the groups associated with the MDB was not active,
-the MDB will continue in the same, inactive state. But, once all groups become active,
-the MDB will still be prevented from receiving messages, unless a startDelivery
-operation is executed to revert the previously executed stopDelivery operation.
-
-
-
Invoking stopDelivery on an MDB that is marked as clustered singleton
-will work in a similar way: no visible effect if the current node is not
-the primary singleton provider; but it will stop delivery of messages
-for that MDB if the current node is the primary singleton provider. If
-the current node is not the primary singleton provider, but eventually becomes so, the
-delivery of messages will not be active for that MDB, unless a
-startDelivery operation is invoked.
-
-
-
In other words, when more than one delivery control mechanism is used in
-conjunction, they act as a set of restrictions that need all to be true
-in order for the MDB to receive messages:
-
-
-
-
-
MDB belongs to one delivery-group + stop-delivery was invoked: the delivery group
-needs to be active and the delivery needs to be restarted (via start-delivery) in order
-for that MDB to start receiving messages;
-
-
-
MDB belongs to one delivery-group + MDB is clustered singleton: the delivery group
-needs to be active and the current node needs to be the primary singleton provider
-node in order for that MDB to start receiving messages;
-
-
-
MDB belongs to one delivery-group + MDB is clustered singleton + stop-delivery was invoked:
-as above, the delivery-group has to be active, the current cluster node must be the
-primary singleton provider node, plus, start-delivery needs to be invoked on that MDB,
-only with these three factors being true the MDB will start receiving messages.
-
-
-
MDB belongs to multiple delivery-groups + stop-delivery was invoked: all the delivery
-groups need to be active and the delivery needs to be restarted (via start-delivery) in
-order for that MDB to start receiving messages;
-
-
-
MDB belongs to multiple delivery-groups + MDB is clustered singleton: all the delivery
-groups need to be active and the current node needs to be the primary singleton
-provider node in order for that MDB to start receiving messages;
-
-
-
MDB belongs to multiple delivery-groups + MDB is clustered singleton + stop-delivery was
-invoked: as above, all delivery-groups must be active, and current cluster node has to be the
-primary singleton provider node, plus, start-delivery needs to be invoked on that MDB, only
-with these three factors being true the MDB will start receiving messages.
-
-
-
-
-
-
-
9.13. Securing Jakarta Enterprise Beans
-
-
The Jakarta EE spec specifies certain annotations (like @RolesAllowed,
-@PermitAll, @DenyAll) which can be used on Jakarta Enterprise Beans implementation classes
-and/or the business method implementations of the beans. Like with all
-other configurations, these security related configurations can also be
-done via the deployment descriptor (ejb-jar.xml). We won’t be going
-into the details of Jakarta EE specific annotations/deployment descriptor
-configurations in this chapter but instead will be looking at the vendor
-specific extensions to the security configurations.
-
-
-
9.13.1. Security Domain
-
-
The Jakarta EE spec doesn’t mandate a specific way to configure security
-domain for a bean. It leaves it to the vendor implementations to allow
-such configurations, the way they wish. In WildFly 29, the use of
-@org.jboss.ejb3.annotation.SecurityDomain annotation allows the
-developer to configure the security domain for a bean. Here’s an
-example:
The use of @SecurityDomain annotation lets the developer to point the
-container to the name of the security domain which is configured in the
-Jakarta Enterprise Beans 3 subsystem in the standalone/domain configuration. The configuration
-of the security domain in the Jakarta Enterprise Beans 3 subsystem is out of the scope of this
-chapter.
-
-
-
An alternate way of configuring a security domain, instead of using
-annotation, is to use jboss-ejb3.xml deployment descriptor. Here’s an
-example of how the configuration will look like:
-
-
-
-
<?xml version="1.0" encoding="UTF-8"?>
-<jboss:jboss
- xmlns="http://java.sun.com/xml/ns/javaee"
- xmlns:jboss="http://www.jboss.com/xml/ns/javaee"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:s="urn:security:1.1"
- xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-2_0.xsd http://java.sun.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-spec-2_0.xsd"
- version="3.1"impl-version="2.0">
-
- <assembly-descriptor>
- <s:security>
- <!-- Even wildcard * is supported -->
- <ejb-name>MyBean</ejb-name>
- <!-- Name of the security domain which is configured in the EJB3 subsystem -->
- <s:security-domain>other</s:security-domain>
- </s:security>
- </assembly-descriptor>
-</jboss:jboss>
-
-
-
-
As you can see we use the security-domain element to configure the
-security domain.
-
-
-
-
-
-
-
-
-The jboss-ejb3.xml is expected to be placed in the .jar/META-INF folder
-of a .jar deployment or .war/WEB-INF folder of a .war deployment.
-
-
-
-
-
-
-
9.13.2. Absence of security domain configuration but presence of other
As you can see the doSomething method is configured to be accessible
-for users with role "bar". However, the bean isn’t configured for any
-specific security domain. Prior to WildFly 29, the absence of an
-explicitly configured security domain on the bean would leave the bean
-unsecured, which meant that even if the doSomething method was
-configured with @RolesAllowed("bar") anyone even without the "bar"
-role could invoke on the bean.
-
-
-
In WildFly 29, the presence of any security metadata (like @RolesAllowed,
-@PermitAll, @DenyAll, @RunAs, @RunAsPrincipal) on the bean or any
-business method of the bean, makes the bean secure, even in the absence
-of an explicitly configured security domain. In such cases, the security
-domain name is default to "other". Users can explicitly configure an
-security domain for the bean if they want to using either the annotation
-or deployment descriptor approach explained earlier.
-
-
-
-
9.13.3. Access to methods without explicit security metadata, on a secured
As you can see the doSomething method is marked for access for only
-users with role "bar". That enables security on the bean (with security
-domain defaulted to "other"). However, notice that the method
-helloWorld doesn’t have any specific security configurations.
-
-
-
In WildFly 29, such methods which have no explicit security
-configurations, in a secured bean, will be treated similar to a method
-with @DenyAll configuration. What that means is, no one is allowed
-access to the helloWorld method. This behaviour can be controlled via
-the jboss-ejb3.xml deployment descriptor at a per bean level or a per
-deployment level as follows:
-
-
-
-
<?xml version="1.0" encoding="UTF-8"?>
-<jboss:jboss
- xmlns="http://java.sun.com/xml/ns/javaee"
- xmlns:jboss="http://www.jboss.com/xml/ns/javaee"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:s="urn:security:1.1"
- xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-2_0.xsd http://java.sun.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-spec-2_0.xsd"
- version="3.1"impl-version="2.0">
-
- <assembly-descriptor>
- <s:security>
- <!-- Even wildcard * is supported where * is equivalent to all EJBs in the deployment -->
- <ejb-name>FooBean</ejb-name>
- <s:missing-method-permissions-deny-access>false</s:missing-method-permissions-deny-access>
- </s:security>
- </assembly-descriptor>
-</jboss:jboss>
-
-
-
-
Notice the use of <missing-method-permissions-deny-access> element.
-The value for this element can either be true or false. If this element
-isn’t configured then it is equivalent to a value of true i.e. no one is
-allowed access to methods, which have no explicit security
-configurations, on secured beans. Setting this to false allows access to
-such methods for all users i.e. the behaviour will be switched to be
-similar to @PermitAll.
-
-
-
This behaviour can also be configured at the Jakarta Enterprise Beans 3 subsystem level so
-that it applies to all Jakarta Enterprise Beans 3 deployments on the server, as follows:
Again, the default-missing-method-permissions-deny-access element
-accepts either a true or false value. A value of true makes the
-behaviour similar to @DenyAll and a value of false makes it behave
-like @PermitAll
-
-
-
-
-
9.14. Jakarta Enterprise Beans Client Interceptors
-
-
9.14.1. Implementing Client Interceptors
-
-
The Jakarta Enterprise Beans client supports the notion of client side interceptors. These are interceptors
-that are run before an invocation is dispatched, and can modify various properties of
-the request before it is sent, as well as modifying parameters and the return value.
-
-
-
These interceptors are represented by the class org.jboss.ejb.client.EJBClientInterceptor,
-and are generally registered placing interceptor class names in
-META-INF/services/org.jboss.ejb.client.EJBClientInterceptor.
-
-
-
For more details about what can be modified refer to the Jakarta Enterprise Beans client JavaDoc.
-
-
-
-
9.14.2. Accessing invocation context data
-
-
It is possible for client interceptors to access data from the invocation context data map used in the server
-invocation (i.e. InvocationContext.getContextData()). To access a specific key you must call
-org.jboss.ejb.client.EJBClientInvocationContext.addReturnedContextDataKey(String key) with
-the name of the key you are interested in. This method must be called from the handleInvocation method
-of the interceptor.
-
-
-
If there is data in the context map under this specific key then it will be sent back to the client
-and will be available in the handleInvocationResult in the client invocations context data map.
-
-
-
-
-
9.15. Jakarta Enterprise Beans on Kubernetes
-
-
If the WildFly server is deployed on Kubernetes then there are several
-points that you need to bear in mind when you use EJBs.
-
-
-
-
-
-
-
-
-When deploying on Kubernetes you should consider the use of the WildFly Operator.
- It manages the Kubernetes objects in WildFly friendly way.
- For example, it uses StatefulSet for the correct handling of EJB remoting and transaction recovery processing.
-
-
-
-
-
-
The rest of this chapter assumes the StatefulSet is used
-as the Kubernetes API object for managing the WildFly server.
-
-
-
The StatefulSet provides a guarantee of persistent storage and network hostname stability
-over the restarts of the pod.
-
-
-
These two guarantees are particularly important for the transaction manager which is a stateful component.
-The persistent storage over restarts is needed as the transaction log is usually stored at the file system.
-If the transaction manager creates a transaction log record it’s created only at the transaction log particular to the WildFly instance.
-The hostname stability is needed as the WildFly may be contacted via EJB remote call with transaction propagation.
-The WildFly has to be reachable under the same hostname even after pod restarts.
-As the transaction log is bound to the particular WildFly instance it may be finished only there.
-
-
-
9.15.1. EJB calls on Kubernetes
-
-
The EJB caller has two options on how to configure the remote call.
-It can be defined either as a remote outbound connection (see details at Admin Guide, section Outbound Connections)
-or you may use a direct InitialContext lookup in your code.
-
-
-
If you use either case then for the Kubernetes you need to adjust the configuration of the target node.
-For the target hostname, you need to use the DNS name of the very first pod managed by StatefulSet.
-
-
-
The StatefulSet guarantees depend on the ordering of the pods. The pods are named in the prescribed order.
-If you scale your application up to 3 replicas you may expect
-your pods will have names such as wildfly-server-0, wildfly-server-1, wildfly-server-2.
-
-
-
It’s expected a headless services
-to be used along with the StatefulSet. With the headless service, there is ensured the DNS hostname for the pod.
-If the application uses the WildFly Operator, a headless service will be created with a name such as wildfly-server-headless.
-Then the DNS name of the very first pod will be wildfly-server-0.wildfly-server-headless.
-
-
-
The use of the hosname wildfly-server-0.wildfly-server-headless
-guarantees that the EJB call may reach any WildFly instance connected to the cluster.
-It’s a bootstrap connection which is used to initialize the EJB client
-which gathers the structure of the WildFly cluster as the next step.
-
-
-
-
9.15.2. EJB configuration for Kubernetes
-
-
These are steps you need to process in order to run EJB remote calls.
-Some steps are related to the server configuration, the other ones
-on your application.
All the socket-binding must define the client mapping for the DNS value mapped by StatefulSet headless service.
-For example if the application is named wildfly-server and the StatefulSet headless service is named wildfly-server-headless
-then the http socket binding has to be defined in the following way:
A small workaround is needed for the remote EJB transaction recovery on Kubernetes
-(the issue could be tracked at WFCORE-4668).
-The WildFly application server has to be configured with property wildfly.config.url.
-The wildfly.config.url points to a XML configuration file. If we consider one being placed at $JBOSS_HOME/standalone/configuration/wildfly-config.xml
-then the property is setup as JAVA_OPTS="$JAVA_OPTS -Dwildfly.config.url=$JBOSS_HOME/standalone/configuration/wildfly-config.xml".
-The wildfly-config.xml defines the EJB recovery authentication to be used during transaction recovery for remote EJB calls.
-The target server has to configure a user that is permitted to receive the EJB remote calls.
-Such a user is then configured by standard means of security configuration.
-Let’s say there is configured a user on the target server.
-The user is created with script $JBOSS_HOME/bin/add-user.sh under the ApplicationRealm.
-Then the caller WildFly uses the configuration in wildfly-config.xml this way
-(you may copy the content below, but replace the >>PASTE_…_HERE<< with user and password you configured):
-References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
-
-
-
-
-
-
-
-
9.16. Jakarta Enterprise Beans Deployment Runtime Resources
-
-
Enterprise bean deployment exposes certain management runtime resources to help users inspect enterprise bean metadata
-and monitor invocation statistics. Bean metadata is configured in the application via deployment descriptor and
-annotations. Stateless, stateful, singleton session beans and message-driven beans support a common set of resources,
-and also resources specific to the bean type. For example, these are some of the common enterprise bean resources:
-
-
-
-
-
jndi-names
-
-
-
component-class-name
-
-
-
declared-roles
-
-
-
transaction-type
-
-
-
stateful-timeout
-
-
-
activation-config
-
-
-
-
-
Users can view these enterprise bean resources via WildFly CLI or Administration Console. The following sections
-provides sample CLI and Administration Console output for each enterprise bean type. For complete details, refer to
-WildFly Model Reference Documentation
-
-
-
9.16.1. Stateless Session Bean Runtime Resources
-
-
To view the management runtime resources for a deployed stateless session bean in CLI, run the following CLI command:
To view it in WildFly Administration Console, go to the Management Model section of the target deployment. For example,
-
-
-
-
-
-
-
-
-
-
10. JPA Reference Guide
-
-
-
10.1. Introduction
-
-
The WildFly JPA subsystem implements the Jakarta Persistence 3.1 container-managed
-requirements. Deploys the persistence unit definitions, the persistence
-unit/context annotations and persistence unit/context references in the
-deployment descriptor. JPA Applications use the Hibernate (version 5.3)
-persistence provider, which is included with WildFly. The JPA subsystem
-uses the standard SPI (jakarta.persistence.spi.PersistenceProvider) to
-access the Hibernate persistence provider and some additional extensions
-as well.
-
-
-
During application deployment, JPA use is detected (e.g. persistence.xml
-or @PersistenceContext/Unit annotations) and injects Hibernate
-dependencies into the application deployment. This makes it easy to
-deploy JPA applications.
Or remove the persistence provider class name from your persistence.xml
-(so the default provider will be used).
-
-
-
-
10.3. Entity manager
-
-
The entity manager (jakarta.persistence.EntityManager class) is similar to
-the Hibernate Session class; applications use it to
-create/read/update/delete data (and related operations). Applications
-can use application-managed or container-managed entity managers. Keep
-in mind that the entity manager is not thread safe, don’t share the same
-entity manager instance with multiple threads.
-
-
-
Internally, the entity manager, has a persistence context for managing
-entities. You can think of the persistence context as being closely
-associated with the entity manager.
-
-
-
-
10.4. Container-managed entity manager
-
-
When you inject a container-managed entity managers into an application
-variable, it is treated like an (EE container controlled) Java proxy
-object, that will be associated with an underlying EntityManager
-instance, for each started JTA transaction and is flushed/closed when
-the JTA transaction commits. Such that when your application code
-invokes EntityManager.anyMethod(), the current JTA transaction is
-searched (using persistence unit name as key) for the underlying
-EntityManager instance, if not found, a new EntityManager instance is
-created and associated with the current JTA transaction, to be reused
-for the next EntityManager invocation. Use the @PersistenceContext
-annotation, to inject a container-managed entity manager into a
-jakarta.persistence.EntityManager variable.
-
-
-
-
10.5. Application-managed entity manager
-
-
An application-managed entity manager is kept around until the
-application closes it. The scope of the application-managed entity
-manager is from when the application creates it and lasts until the
-application closes it. Use the @PersistenceUnit annotation, to inject
-a persistence unit into a jakarta.persistence.EntityManagerFactory
-variable. The EntityManagerFactory can return an application-managed
-entity manager.
-
-
-
-
10.6. Persistence Context
-
-
The JPA persistence context contains the entities managed by the entity
-manager (via the JPA persistence provider). The underlying entity
-manager maintains the persistence context. The persistence context acts
-like a first level (transactional) cache for interacting with the
-datasource. Loaded entities are placed into the persistence context
-before being returned to the application. Entities changes are also
-placed into the persistence context (to be saved in the database when
-the transaction commits).
-
-
-
-
10.7. Transaction-scoped Persistence Context
-
-
The transaction-scoped persistence context coordinates with the (active)
-JTA transaction. When the transaction commits, the persistence context
-is flushed to the datasource (entity objects are detached but may still
-be referenced by application code). All entity changes that are expected
-to be saved to the datasource, must be made during a transaction.
-Entities read outside of a transaction will be detached when the entity
-manager invocation completes. Example transaction-scoped persistence
-context is below.
-
-
-
-
@Stateful// will use container managed transactions
-publicclassCustomerManager {
- @PersistenceContext(unitName = "customerPU") // default type is PersistenceContextType.TRANSACTION
- EntityManager em;
- public customer createCustomer(String name, String address) {
- Customer customer = new Customer(name, address);
- em.persist(customer); // persist new Customer when JTA transaction completes (when method ends).
- // internally:
- // 1. Look for existing "customerPU" persistence context in active JTA transaction and use if found.
- // 2. Else create new "customerPU" persistence context (e.g. instance of org.hibernate.ejb.HibernatePersistence)
- // and put in current active JTA transaction.
- return customer; // return Customer entity (will be detached from the persistence context when caller gets control)
- } // Transaction.commit will be called, Customer entity will be persisted to the database and "customerPU" persistence context closed
-
-
-
-
-
10.8. Extended Persistence Context
-
-
The (ee container managed) extended persistence context can span
-multiple transactions and allows data modifications to be queued up
-(without an active JTA transaction), to be applied
-during completion of next JTA transaction. The Container-managed extended persistence
-context can only be injected into a stateful session bean.
JPA 2.2 specification section 7.6.3.1
-
-If a stateful session bean instantiates a stateful session bean (executing in the same EJB container instance) which also has such an extended persistence context with the same synchronization type, the extended persistence context of the first stateful session bean is inherited by the second stateful session bean and bound to it, and this rule recursively applies independently of whether transactions are active or not at the point of the creation of the stateful session beans. If the stateful session beans differ in declared synchronization type, the EJBException is thrown by the container. If the persistence context has been inherited by any stateful session beans, the container does not close the persistence context until all such stateful session beans have been removed or otherwise destroyed.
-
-
-
-
By default, the current stateful session bean being created, will (
-deeply) inherit the extended persistence context from any stateful
-session bean executing in the current Java thread. The deep
-inheritance of extended persistence context includes walking multiple
-levels up the stateful bean call stack (inheriting from parent beans).
-The deep inheritance of extended persistence context includes sibling
-beans. For example, parentA references child beans beanBwithXPC &
-beanCwithXPC. Even though parentA doesn’t have an extended persistence
-context, beanBwithXPC & beanCwithXPC will share the same extended
-persistence context.
-
-
-
Some other EE application servers, use shallow inheritance, where
-stateful session bean only inherit from the parent stateful session bean
-(if there is a parent bean). Sibling beans do not share the same
-extended persistence context unless their (common) parent bean also has
-the same extended persistence context.
-
-
-
Applications can include a (top-level) jboss-all.xml deployment
-descriptor that specifies either the (default) DEEP extended
-persistence context inheritance or SHALLOW.
-
-
-
The WF/docs/schema/jboss-jpa_1_0.xsd describes the jboss-jpa
-deployment descriptor that may be included in the jboss-all.xml. Below
-is an example of using SHALLOW extended persistence context
-inheritance:
The AS console/cli can change the default extended persistence context
-setting (DEEP or SHALLOW). The following cli commands will read the
-current JPA settings and enable SHALLOW extended persistence context
-inheritance for applications that do not include the jboss-jpa
-deployment descriptor:
-
-
-
-
-
/jboss-cli.sh
-
cd subsystem=jpa
-:read-resource
-:write-attribute(name=default-extended-persistence-inheritance,value="SHALLOW")
-
-
-
-
-
-
-
10.9. Entities
-
-
JPA allows use of your (pojo) plain old Java class to represent a
-database table row.
-
-
-
-
@PersistenceContext EntityManager em;
-Integer bomPk = getIndexKeyValue();
-BillOfMaterials bom = em.find(BillOfMaterials.class, bomPk); // read existing table row into BillOfMaterials class
-
-BillOfMaterials createdBom = new BillOfMaterials("..."); // create new entity
-em.persist(createdBom); // createdBom is now managed and will be saved to database when the current JTA transaction completes
-
-
-
-
The entity lifecycle is managed by the underlying persistence provider.
-
-
-
-
-
New (transient): an entity is new if it has just been instantiated
-using the new operator, and it is not associated with a persistence
-context. It has no persistent representation in the database and no
-identifier value has been assigned.
-
-
-
Managed (persistent): a managed entity instance is an instance with a
-persistent identity that is currently associated with a persistence
-context.
-
-
-
Detached: the entity instance is an instance with a persistent
-identity that is no longer associated with a persistence context,
-usually because the persistence context was closed or the instance was
-evicted from the context.
-
-
-
Removed: a removed entity instance is an instance with a persistent
-identity, associated with a persistence context, but scheduled for
-removal from the database.
-
-
-
-
-
-
10.10. Deployment
-
-
The persistence.xml contains the persistence unit configuration (e.g.
-datasource name) and as described in the JPA 2.0 spec (section 8.2), the
-jar file or directory whose META-INF directory contains the
-persistence.xml file is termed the root of the persistence unit. In Java
-EE environments, the root of a persistence unit must be one of the
-following (quoted directly from the JPA 2.0 specification):
-
-
-
"
-
-
-
-
-
an EJB-JAR file
-
-
-
the WEB-INF/classes directory of a WAR file
-
-
-
a jar file in the WEB-INF/lib directory of a WAR file
-
-
-
a jar file in the EAR library directory
-
-
-
an application client jar file
-
-
-
-
-
The persistence.xml can specify either a JTA datasource or a non-JTA
-datasource. The JTA datasource is expected to be used within the EE
-environment (even when reading data without an active transaction). If a
-datasource is not specified, the default-datasource will instead be used
-(must be configured).
-
-
-
-
-
-
-
-
-Java Persistence 1.0 supported use of a jar file in the root of
-the EAR as the root of a persistence unit. This use is no longer
-supported. Portable applications should use the EAR library directory
-for this case instead.
-
-
-
-
-
-
"
-
-
-
Question: Can you have a EAR/META-INF/persistence.xml?
-
-
-
Answer: No, the above may deploy but it could include other archives
-also in the EAR, so you may have deployment issues for other reasons.
-Better to put the persistence.xml in an EAR/lib/somePuJar.jar.
-
-
-
-
10.11. Troubleshooting
-
-
The org.jboss.as.jpa logging can be enabled to get the following
-information:
-
-
-
-
-
INFO - when persistence.xml has been parsed, starting of persistence
-unit service (per deployed persistence.xml), stopping of persistence
-unit service
-
-
-
DEBUG - informs about entity managers being injected, creating/reusing
-transaction scoped entity manager for active transaction
-
-
-
TRACE - shows how long each entity manager operation took in
-milliseconds, application searches for a persistence unit, parsing of
-persistence.xml
-
-
-
-
-
To enable TRACE, open the as/standalone/configuration/standalone.xml (or
-as/domain/configuration/domain.xml) file. Search for <subsystem
-xmlns="urn:jboss:domain:logging:1.0"> and add the org.jboss.as.jpa
-category. You need to change the console-handler level from INFO to
-TRACE.
To troubleshoot issues with the Hibernate second level cache, try
-enabling trace for org.hibernate.SQL + org.hibernate.cache.infinispan
-org.infinispan:
To enable the second level cache with Hibernate, just set the
-hibernate.cache.use_second_level_cache property to true or
-set shared-cache-mode to one of the following:
-
-
-
-
-
ENABLE_SELECTIVE
-
-
-
DISABLE_SELECTIVE
-
-
-
ALL
-
-
-
-
-
Infinispan is the cache provider for JPA applications, so you don’t need to specify
-anything in addition. The Infinispan version that is included in
-WildFly is expected to work with the Hibernate version that is included
-with WildFly. Example persistence.xml settings:
-
-
-
-
<?xml version="1.0" encoding="UTF-8"?><persistencexmlns="http://java.sun.com/xml/ns/persistence"version="1.0">
-<persistence-unitname="2lc_example_pu">
- <description>example of enabling the second level cache.</description>
- <jta-data-source>java:jboss/datasources/mydatasource</jta-data-source>
- <shared-cache-mode>ENABLE_SELECTIVE</shared-cache-mode>
-</persistence-unit>
-</persistence>
-
-
-
-
Here is an example of enabling the second level cache for a Hibernate
-native API hibernate.cfg.xml file:
The Hibernate native API application will also need a MANIFEST.MF:
-
-
-
-
Dependencies: org.infinispan,org.hibernate
-
-
-
-
Infinispan
-Hibernate/JPA second level cache provider documentation contains
-advanced configuration information but you should bear in mind that when
-Hibernate runs within WildFly 29, some of those configuration options,
-such as region factory, are not needed. Moreover, the application server
-providers you with option of selecting a different cache container for
-Infinispan via hibernate.cache.infinispan.container persistence
-property. To reiterate, this property is not mandatory and a default
-container is already deployed for by the application server to host the
-second level cache.
-
-
-
Here is an example of what the Hibernate cache settings may currently be
-in your standalone.xml:
WildFly includes Hibernate Search.
-If you want to use the bundled version of Hibernate Search, which requires to use the default Hibernate ORM persistence provider:
-
-
-
-
-
Ensure at least one entity in your application is annotated with org.hibernate.search.mapper.pojo.mapping.definition.annotation.Indexed,
-so that WildFly will make the module org.hibernate.search.mapper.orm:main available to your deployment.
-
-
-
Ensure you set the configuration property hibernate.search.backend.type to lucene,
-so that WildFly will make the module org.hibernate.search.backend.lucene:main available to your deployment.
-
-
-
Alternatively, add dependencies to those modules explicitly,
-for example using a manifest entry.
-Do not forget to append the services keyword, otherwise Hibernate Search may not detect these modules.
If you do not want Hibernate Search to be exposed to your deployment, set the persistence property wildfly.jpa.hibernate.search.module to either none to not automatically inject any Hibernate Search module, or to any other module identifier to inject a different module. For example you could set wildfly.jpa.hibernate.search.module=org.hibernate.search.mapper.orm:6.1.0.Beta1 to use the experimental version 6.1.0.Beta1 instead of the provided module; in this case you’ll have to download and add the custom modules to the application server as other versions are not included. When setting wildfly.jpa.hibernate.search.module=none you might also opt to include Hibernate Search and its dependencies within your application but we highly recommend the modules approach.
-
-
-
-
10.14. Packaging the Hibernate JPA persistence provider with your application
-
-
WildFly allows the packaging of Hibernate persistence provider jars with
-the application. The JPA deployer will detect the presence of a
-persistence provider in the application and
-jboss.as.jpa.providerModule needs to be set to application.
You need to copy the EclipseLink (3.0 or newer) jar into the WildFly
-modules/org/eclipse/persistence/main folder and update
-modules/org/eclipse/persistence/main/module.xml to include the
-EclipseLink jar (take care to use the jar name that you copied in). If
-you happen to leave the EclipseLink version number in the jar name, the
-module.xml should reflect that. This will help you get your application
-that depends on EclipseLink, to deploy on WildFly.
Applications that use the Hibernate API directly, can be referred to
-as native Hibernate applications. Native Hibernate applications, can
-choose to use the Hibernate jars included with WildFly or they can
-package their own copy of the Hibernate jars. Applications that utilize
-JPA will automatically have the Hibernate classes injected onto the
-application deployment classpath. Meaning that JPA applications, should
-expect to use the Hibernate jars included in WildFly.
-
-
-
Example MANIFEST.MF entry to add dependency for Hibernate native
-applications:
10.18. Hibernate ORM 5.1 native API bytecode transformer was removed
-
-
If your application references the Hibernate ORM 5.1 native API bytecode transformer, you should remove references to org.jboss.as.hibernate.Hibernate51CompatibilityTransformer
-in any jboss-deployment-structure.xml files in your application. The Hibernate51CompatibilityTransformer system property is now ignored.
-
-
-
For the following example Hibernate51CompatibilityTransformer.xml, you need to remove each transformer:
WildFly automatically sets or checks the following Hibernate properties (if
-not already set in persistence unit definition):
-
-
-
-
-
-
-
-
-
Property
-
Purpose
-
-
-
-
-
hibernate.id.new_generator_mappings
-
Can no longer be set to false by applications as per the Hibernate 6 change to only support hibernate.id.new_generator_mappings=true.
-
-
-
hibernate.transaction.jta.platform= instance of
-org.hibernate.service.jta.platform.spi.JtaPlatform interface
-
The
-transaction manager, user transaction and transaction synchronization
-registry is passed into Hibernate via this class.
-
-
-
hibernate.session_factory_name = qualified persistence unit name
-
Is
-set to the application name + persistence unit name (application can
-specify a different value but it needs to be unique across all
-application deployments on the AS instance).
-
-
-
hibernate.session_factory_name_is_jndi = false
-
only set if the
-application didn’t specify a value for hibernate.session_factory_name.
-
-
-
hibernate.entitymanager_factory_name = qualified persistence unit
-name
-
Is set to the application name + persistence unit name
-(application can specify a different value but it needs to be unique
-across all application deployments on the AS instance).
-This replaces the hibernate.ejb.entitymanager_factory_name property which is no longer supported.
Sets all of the various hibernate.jpa.* properties to true (hibernate.jpa.compliance.transaction, hibernate.jpa.compliance.closed,hibernate.jpa.compliance.query, hibernate.jpa.compliance.list, hibernate.jpa.compliance.caching, hibernate.jpa.compliance.proxy
-
-
-
hibernate.enable_lazy_load_no_trans=false
-
-
-
-
-
-
-
10.20. Persistence unit properties
-
-
The following properties are supported in the persistence unit
-definition (in the persistence.xml file):
-
-
-
-
-
-
-
-
-
Property
-
Purpose
-
-
-
-
-
jboss.as.jpa.providerModule
-
name of the persistence provider module
-(default is org.hibernate). Should be application, if a persistence
-provider is packaged with the application. See note below about some
-module names that are built in (based on the provider).
-
-
-
jboss.as.jpa.adapterModule
-
name of the integration classes that help
-WildFly to work with the persistence provider.
-
-
-
jboss.as.jpa.adapterClass
-
class name of the integration adapter.
-
-
-
jboss.as.jpa.managed
-
set to false to disable container managed JPA
-access to the persistence unit. The default is true, which enables
-container managed JPA access to the persistence unit. This is typically
-set to false for Spring applications.
-
-
-
jboss.as.jpa.classtransformer
-
set to false to disable class
-transformers for the persistence unit. Set to true, to allow entity
-class enhancing/rewriting.
-
-
-
wildfly.jpa.default-unit
-
set to true to choose the default persistence
-unit in an application. This is useful if you inject a persistence
-context without specifying the unitName (@PersistenceContext
-EntityManager em) but have multiple persistence units specified in your
-persistence.xml.
-
-
-
wildfly.jpa.twophasebootstrap
-
persistence providers (like Hibernate
-ORM 4.3+ via EntityManagerFactoryBuilder), allow a two phase persistence
-unit bootstrap, which improves JPA integration with Jakarta Contexts and Dependency Injection. Setting the
-wildfly.jpa.twophasebootstrap hint to false, disables the two phase
-bootstrap (for the persistence unit that contains the hint).
-
-
-
wildfly.jpa.applicationdatasource
-
set to true when using an application defined DataSource or resource reference to a global DataSource.
-
-
-
wildfly.jpa.allowdefaultdatasourceuse
-
set to false to prevent
-persistence unit from using the default data source. Defaults to true.
-This is only important for persistence units that do not specify a
-datasource.
-
-
-
jboss.as.jpa.deferdetach
-
Controls whether a transaction scoped
-persistence context used in a non-JTA transaction thread will detach
-loaded entities after each EntityManager invocation or when the
-persistence context is closed (e.g. business method ends). Defaults to
-false (entities are cleared after EntityManager invocation) and if set
-to true, the detach is deferred until the context is closed.
-
-
-
wildfly.jpa.skipquerydetach
-
Controls whether a transaction scoped
-persistence context used in a non-JTA transaction thread will detach
-Query results immediately. Defaults to
-false (Query results are detached immediately) and if set
-to true, the detach is deferred until the persistence context is closed.
-
-
-
wildfly.jpa.hibernate.search.module
-
Controls which version of
-Hibernate Search to include on classpath. Only makes sense when using
-Hibernate as JPA implementation. The default is auto; other valid values
-are none or a full module identifier to use an alternative version.
-
-
-
jboss.as.jpa.scopedname
-
Specify the qualified (application scoped)
-persistence unit name to be used. By default, this is internally set to
-the application name + persistence unit name. The
-hibernate.cache.region_prefix will default to whatever you set
-jboss.as.jpa.scopedname to. Make sure you set the
-jboss.as.jpa.scopedname value to a value not already in use by other
-applications deployed on the same application server instance.
-
-
-
wildfly.jpa.allowjoinedunsync
-
If set to true, allows an
-SynchronizationType.UNSYNCHRONIZED persistence context that has been
-joined to the active JTA transaction, to be propagated into a
-SynchronizationType.SYNCHRONIZED persistence context. Otherwise, an
-IllegalStateException exception would of been thrown that complains that
-an unsychronized persistence context cannot be propagated into a
-synchronized persistence context. Defaults to false.
-
-
-
wildfly.jpa.skipmixedsynctypechecking
-
Set to true to disable the
-throwing of an IllegalStateException exception when propagating an
-SynchronizationType.UNSYNCHRONIZED persistence context into a
-SynchronizationType.SYNCHRONIZED persistence context. This is a
-workaround intended to allow applications that used to incorrectly not
-get IllegalStateException exception with extended persistence contexts,
-to avoid the IllegalStateException, so they don’t have to change their
-application right away (for compatibility purposes). This hint may be
-deprecated in a future release. See WFLY-7108 for more details. Defaults
-to false.
-
-
-
wildfly.jpa.regionfactory
-
Only applies to Hibernate ORM 5.3+, set to false to disable automatic use of Infinispan as second level cache (hibernate.cache.region.factory_class).
-
-
-
wildfly.jpa.jtaplatform
-
Only applies to Hibernate ORM 5.3+, set to false to disable automatic configuring of the JTA integration platform (hibernate.transaction.jta.platform).
-
-
-
-
-
-
10.21. Determine the persistence provider module
-
-
As mentioned above, if the jboss.as.jpa.providerModule property is not
-specified, the provider module name is determined by the provider name
-specified in the persistence.xml. The mapping is:
10.22. Binding EntityManagerFactory/EntityManager to JNDI
-
-
By default WildFly does not bind the entity manager factory to JNDI.
-However, you can explicitly configure this in the persistence.xml of
-your application by setting the jboss.entity.manager.factory.jndi.name
-hint. The value of that property should be the JNDI name to which the entity manager factory should be bound.
-
-
-
You can also bind a container managed (transaction scoped) entity manager to JNDI as well, }}via hint
-jboss.entity.manager.jndi.name\{
-}{{. As a reminder, a transaction scoped entity manager (persistence context), acts as a proxy that always gets an unique underlying entity manager (at the persistence provider level).
-
-
-
Here’s an example:
-
-
-
persistence.xml
-
-
-
-
<?xml version="1.0" encoding="UTF-8"?>
-<persistenceversion="2.0"
-xmlns="http://java.sun.com/xml/ns/persistence"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-xsi:schemaLocation="
- http://java.sun.com/xml/ns/persistence
- http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd">
- <persistence-unitname="myPU">
- <!-- If you are running in a production environment, add a managed
- data source, the example data source is just for proofs of concept! -->
- <jta-data-source>java:jboss/datasources/ExampleDS</jta-data-source>
- <properties>
- <!-- Bind entity manager factory to JNDI at java:jboss/myEntityManagerFactory -->
- <propertyname="jboss.entity.manager.factory.jndi.name"value="java:jboss/myEntityManagerFactory"/>
- <propertyname="jboss.entity.manager.jndi.name"value="java:/myEntityManager"/>
- </properties>
- </persistence-unit>
-</persistence>
-References in this document to Java Transaction API (JTA) refer to Jakarta Transactions unless otherwise noted.
- References in this document to Java Persistence API (JPA) refer to the Jakarta Persistence unless otherwise noted.
-
-
-
-
-
-
-
-
-
11. JTA Reference
-
-
-
WildFly uses Narayana as the implementation of the JTA specification.
-Narayana manages transactions in the application server.
-
-
-
11.1. Transactions in Enterprise Java applications
-
-
Transactions are one of the core functionalities provided by the container
-for the applications. A developer can manage transactions either with
-the programmatic approach - with API defined by JTA specification.
-Or he can use annotations. There are two types.
-
-
-
-
-
first - EJB annotations, their meaning and capabilities are defined under
-EJB specification and are valid when used in the EJB component
-
-
-
second - CDI annotations, their meaning is defined under JTA specification
-
-
-
-
-
11.1.1. Transactions managed with programmatic JTA API
-
-
The JTA API is defined under
-jakarta.transaction
-package. The package could be considered a bit misguiding as it presents classes
-which are expected to be used by application developer. These classes
-are intended as an API for the application server (as the WildFly is).
-
-
-
The user is expected to interact with
-jakarta.transaction.UserTransaction
-which defines the transaction boundaries. The UserTransaction could be used
-in case the transaction is not defined by annotation at the method
-- aka. the transaction is not managed by the container. Those are places like
-servlets, CDI bean which is not annotated with @Transactional and
-EJBs defined as bean managed.
-
-
-
UserTransaction is available via CDI injection
-
-
-
-
@Inject
-UserTransaction txn;
-
-
-
-
or with EJB @Resource injection where you can additionally define the JNDI
-name to be looked-up. The specification says it’s java:comp/UserTransaction.
jakarta.transaction.TransactionManager
-is not meant to be used by business logic but if you need to register
-a synchronization
-or you need to change transaction timeout (before the begin() method is called)
-then it will be the option for you.
-
-
-
The TransactionManager could be taken with injection
-and looked-up with the JNDI name
If you start using CDI beans then you can manage transactions either programmatically
-or you can use annotations.
-The @Transactional
-defines transaction boundaries
-(start of the method starts the transaction, while the transaction is finished at its end).
-If the method finishes sucessfully the transaction is committed.
-If the transaction ends with RuntimeException then it’s rolled-back.
-
-
-
When you define the method to be @Transactional you define the behaviour
-of incoming (or non-existent) transactional context.
-Please refer the to documentation for
-Transactional.TxType.
-
-
-
It’s important to note that the TxType influences the transaction management
-only when called with the managed CDI bean. If you call the method directly -
-without the CDI container wraps the invocation then the TxType has no effect.
-
-
-
-
@RequestScope
-publicclassMyCDIBean {
- @Inject
- MyCDIBean myBean;
-
- @Transactional(TxType.REQUIRED)
- publicvoid mainMethod() {
- // CDI container does not wrap the invocation
- // no new transaction is started
- innerFunctionality();
-
- // CDI container starts a new transaction
- // the method uses TxType.REQUIRES_NEW and is called from the CDI bean
- myBean.innerFunctionality();
- }
-
- @Transactional(TxType.REQUIRES_NEW)
- privatevoid innerFunctionality() {
- // some business logic
- }
-}
-
-
-
-
-
-
-
-
-
-the exception handling could be influenced by attributes
- rollbackOn and dontRollbackOn (of the @Transactional annotation)
-
-
-
-
-
-
-
-
-
-
-
-if you use the @Transactional for managing transactions boundaries
- you won’t be permitted to use the UserTransaction methods.
- If you do so you can expect a runtime exception being thrown.
-
-
-
-
-
-
CDI introduces as well a scope for use with transactions -
-@TransactionScoped.
-you can define the same behaviour when you use the ejb-jar.xml
- descriptor instead of the annotations
-
-
-
-
-
-
The WildFly provides specific annotation org.jboss.ejb3.annotation.TransactionTimeout
-which gives you the chance to change the transaction timeout for a particular bean/method.
-
-
-
-
-
-
-
-
-when you use message-driven bean then the @TransactionTimeout does not work
- and you need to define the timeout through the @ActivationConfigProperty:
- @ActivationConfigProperty(propertyName="transactionTimeout", propertyValue="1")
-
-
-
-
-
-
The default behaviour of an EJB is to be
-
-
-
-
-
container managed - transaction boundaries are driven by annotations
-
-
-
when the EJB method is invoked - a new transaction is started when no transaction context is available,
-or the method joins the existing transactions when the transaction context is passed by the call
-
-
-
-
-
It’s the same transactional behaviour as if the EJB is annotated with
Using the @TransactionManagement(TransactionManagementType.CONTAINER) means
-the container is responsible to manage transactions. The boundary of the transaction
-is defined by the start and end of the method and you influence the behaviour by using
-@TransactionAttribute.
-
-
-
If java.lang.RuntimeException is thrown the transaction is rolled back.
-EJBContext
-could be used to define the transaction should be rolled-back
-by the end of the method when setRollbackOnly is used.
-
-
-
-
@Stateless
-publicclassMyBean {
- @PersistenceContext
- private EntityManager em;
-
- @Resource
- EJBContext ctx;
-
- publicvoid method() {
- em.persist(new TestEntity());
- // at the end of the method the rollback is called
- ctx.setRollbackOnly();
- }
-}
-
-
-
-
-
-
-
-
-
-the EJBContext let you get the UserTransaction but you are not allowed
- to do any operation with that when you run container managed transaction.
- You can expect to receive a runtime exception in such case.
-
-
-
-
-
-
-
Bean managed transactions
-
-
Using the @TransactionManagement(TransactionManagementType.BEAN) means
-the transaction will be managed manually with the use of the JTA API.
-That’s with the UserTransaction injections and methods on it.
-You can inject the EJBContext to get the UserTransaction instance too.
-
-
-
-
-
-
-
-
-if a call is made from the container-managed method,
- passing the transaction context to the bean managed method
- then the context is suspended. It’s similar(!) to
- call transaction managed bean annotated with
- @TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
-
-
-
-
-
-
-
Transaction synchronization
-
-
JTA API gives a chance to react to the event of a finishing transaction.
-The definition says that transaction manager announces the even of beforeCompletion and afterCompletion
-which are defined by the interface jakarta.transaction.Synchronization.
-The beforeCompletion
-callback is invoked at time the transaction manager starts to commit the global transaction. The invocation is processed in the transaction context.
-The afterCompletion
-is invoked after the transaction is committed or rolled-back (and is processed outside of the transaction context).
-
-
-
The user needs just to create a simple Java POJO and implement the interface.
-
-
-
-
publicclassMySynchronization
- implements jakarta.transaction.Synchronization {
- @Override
- publicvoid beforeCompletion() {
- System.out.println("Transaction is about to be finished"):
- }
-
- @Override
- publicvoid afterCompletion(int status) {
- System.out.println("Transaction finished with status " + status):
- }
-}
-
-
-
-
For registration of the synchronization callback, the user can inject the
-jakarta.transaction.TransactionSynchronizationRegistry.
-(the mandated JNDI location for the object is at java:comp/TransactionSynchronizationRegistry) and then to register
-the synchronization instance. The instance is bound to the currently active transaction.
The transaction synchronization registry adds other useful methods which are putResource(Object key, Object value)
-and getResource(Object key). Their purpose is saving data objects alongside the transaction context.
-When the transaction is active you can store and retrieve the saved data. When the transaction is finished
-and there is no transaction context available (e.g. at afterCompletion) the java.lang.IllegalStateException
-is thrown.
-
-
-
The other option for the user is to use the transaction object
-to register the synchronization.
When the user runs the Stateful Session Bean he can implement
-interface jakarta.ejb.SessionSynchronization
-(or to use annotations) for the definition of the synchronization callbacks onto the bean.
-The session synchronization defines three methods.
-Of these three methods afterBegin is not connected to the transaction synchronization so we will not discuss it further.
-The following example works with annotations but the bean may just implement the SessionSynchronization
-interface and it would work the same way.
-
-
-
-
// only(!) SFSB can use the capability of SessionSynchronization
-@Stateful
-publicclassMyStatefulBean {
- publicvoid method() {
- System.out.println("Running an important business logic...");
- Thread.sleep(42000);
- }
-
- @BeforeCompletion
- publicvoid beforeCompletion() {
- System.out.println("Transaction is about to be finished"):
- }
-
- @AfterCompletion
- publicvoid afterCompletion(boolean committed) {
- System.out.println("Transaction finished with the outcome "
- + (committed ? "committed" : "rolled-back")):
- }
-}
The WildFly classloading is based
-on the jboss modules
-which define the modular class loading system.
-The transactions for CDI comes as the extension and because of it
-this extension has to be available at the application classpath.
-If the application/deployment uses annotations @Transactional
-or @TransactionScoped then class loading handling is done automatically.
-
-
-
There is one limitation with the CDI with this approach.
-If your application adds the transactional annotations dynamically
-(you adds the annotations dynamically during runtime) then the
-transaction module has to be
-explicitly added
-to the application classpath.
-
-
-
This can be done with creating META-INF/MANIFEST.MF or
-with use of jboss-deployment-structure.xml descriptor. The MANIFEST.MF
-could look like
The Narayana component is configured to log only messages with level WARN
-(see category com.arjuna in the standalone-*.xml).
-If you struggle issues of the transactional handling
-you can get a better insight into transaction processing by setting the level to TRACE.
The TRACE could overwhelm you with information from the transactions subsystem.
-Let’s quickly review what are the most important points to look at in the log.
-
-
-
-
-
-
-
-
-It’s beneficial to understand how
- the two-phase commit works.
-
-
-
-
-
-
An example of the log messages produces by Narayana is (the content is shortened for sake of brevity)
It’s good to consider to follow with the thread id (in the log above it’s default-task-1).
-The transaction could be suspended and started at the different thread
-but it’s not usual.
-
-
-
The log shows the Narayana processes the two-phase commit. Bear in mind that the example above
-shows only one resource to be part of the two-phase commit handling.
-That’s intentional for the log not being too long.
-
-
-
the section-1 refers to the point where the transaction is started. The
-JTA synchronizations
- are registered and the transaction is added to be handled by transaction reaper
- (the transaction reaper is an independent thread taking care of transaction timeouts,
- see more at section Transaction timeouts
- in the Narayana documentation).
-
-
-
At this place consider the BasicAction (a Narayana abstraction for the transaction)
-is identified by string 0:ffff0a28050c:-a09a5fe:5c598d64:3b.
-It refers to the transaction id. You can track it through the log and follow
-what is happening with the particular transaction.
-
-
-
the section-2 refers to the part of business logic processing. That’s the time
-when a database insertion is run or Jakarta Messaging sends a message to a queue.
-That’s where you spot message containing enlistResource. After the resource
-is enlisted to the transaction the transaction manager saves a record
-persistently under transaction log store.
-
-
-
the section-3 refers to the time when the transaction is about to be committed.
-That means all business logic was finished (that could be the time a method
-annotated with @Transactional reached its end).
-
-
-
the section-4 refers to the first phase of 2PC which is prepare. You can see
-XAResourceRecord.topLevelPrepare informing what’s the global transaction id
-(already defined at the start of the transaction) and the branch id
-(particular to each resource). The resource is then prepared.
-
-
-
when whole prepare phase finishes Narayana saves the state into object store
-
-
-
the section-5 refers to the second phase of 2PC which is commit. You can see
-XAResourceRecord.topLevelCommit with similar information as for prepare.
-
-
-
the section-6 shows the transaction is finished, information about the transaction
-is removed from the Narayana object store and unregistered from the transaction reaper.
-
-
-
-
-
For more grained troubleshooting you can consider using
-Byteman tool.
-
-
-
-
11.4. Transactions configuration
-
-
Configuration related to the behaviour of the Narayana transaction manager
-is covered under transactions subsystem. For the details refer to
-Admin Guide Transactions subsystem.
-
-
-
To check the subsystem model you can use the WildFly model reference
-or list all the configuration options of the subsystem in jboss-cli
-References in this document to CDI refer to Jakarta Contexts and Dependency Injection unless otherwise noted.
- References in this document to Java Transaction API (JTA) refer to Jakarta Transactions unless otherwise noted.
- References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
-
-
-
-
-
-
-
-
-
12. JNDI Reference
-
-
-
-WildFly offers several mechanisms to retrieve components by name. Every
-WildFly instance has it’s own local JNDI namespace ( java:) which is
-unique per JVM. The layout of this namespace is primarily governed by
-the Jakarta EE specification. Applications which share the same WildFly
-instance can use this namespace to intercommunicate. In addition to
-local JNDI, a variety of mechanisms exist to access remote components.
-
-
-
-
-
-
Client JNDI - This is a mechanism by which remote components can be
-accessed using the JNDI APIs, but without network round-trips . This
-approach is the most efficient, and removes a potential single point
-of failure . For this reason, it is highly recommended to use Client
-JNDI over traditional remote JNDI access. However, to make this
-possible, it does require that all names follow a strict layout, so user
-customizations are not possible. Currently only access to remote Jakarta Enterprise Beans
-are supported via the ejb: namespace. Future revisions will likely add a
-Jakarta Messaging client JNDI namespace.
-
-
-
Traditional Remote JNDI - This is a more familiar approach to EE
-application developers, where the client performs a remote component
-name lookup against a server, and a proxy/stub to the component is
-serialized as part of the name lookup and returned to the client. The
-client then invokes a method on the proxy which results in another
-remote network call to the underlying service. In a nutshell,
-traditional remote JNDI involves two calls to invoke an EE component,
-whereas Client JNDI requires one. It does however allow for customized
-names, and for a centralised directory for multiple application servers.
-This centralized directory is, however, a single point of failure.
-
-
-
EE Application Client / Server-To-Server Delegation - This approach is
-where local names are bound as an alias to a remote name using one of
-the above mechanisms. This is useful in that it allows applications to
-only ever reference standard portable Jakarta EE names in both code and
-deployment descriptors. It also allows for the application to be unaware
-of network topology details/ This can even work with Java SE clients by
-using the little known EE Application Client feature. This feature
-allows you to run an extremely minimal AS server around your
-application, so that you can take advantage of certain core services
-such as naming and injection.
-
-
-
-
-
-
-
13. Local JNDI
-
-
-
The Jakarta EE platform specification defines the following JNDI contexts:
-
-
-
-
-
java:comp - The namespace is scoped to the current component (i.e.
-Jakarta Enterprise Beans)
-
-
-
java:module - Scoped to the current module
-
-
-
java:app - Scoped to the current application
-
-
-
java:global - Scoped to the application server
-
-
-
-
-
In addition to the standard namespaces, WildFly also provides the
-following two global namespaces:
-
-
-
-
-
java:jboss
-
-
-
java:/
-
-
-
-
-
-
-
-
-
-
-Only entries within the java:jboss/exported context are accessible
-over remote JNDI.
-
-
-
-
-
-
-
-
-
-
-
-For web deployments java:comp is aliased to java:module, so Jakarta Enterprise Beans’s
-deployed in a war do not have their own comp namespace.
-
-
-
-
-
-
13.1. Binding entries to JNDI
-
-
There are several methods that can be used to bind entries into JNDI in
-WildFly.
-
-
-
13.1.1. Using a deployment descriptor
-
-
For Jakarta EE applications the recommended way is to use a
-deployment descriptor to create the binding. For
-example the following web.xml binds the string "Hello World" to
-java:global/mystring and the string "Hello Module" to
-java:comp/env/hello (any non absolute JNDI name is relative to
-java:comp/env context).
Standard Jakarta EE applications may use the standard JNDI API, included
-with Java SE, to bind entries in the global namespaces (the standard
-java:comp, java:module and java:app namespaces are read-only, as
-mandated by the Jakarta EE Platform Specification).
-There is no need to unbind entries created programmatically, since
-WildFly tracks which bindings belong to a deployment, and the bindings
-are automatically removed when the deployment is undeployed.
-
-
-
-
-
-
-
WildFly Modules and Extensions
-
-
With respect to code in WildFly Modules/Extensions, which is executed
-out of a Jakarta EE application context, using the standard JNDI API may
-result in a UnsupportedOperationException if the target namespace uses a
-WritableServiceBasedNamingStore. To work around that, the bind()
-invocation needs to be wrapped using WildFly proprietary APIs:
-The ServiceTarget removes the bind when uninstalled, thus using one out
-of the module/extension domain usage should be avoided, unless entries
-are removed using unbind().
-
-
-
-
-
-
-
-
13.1.3. Naming Subsystem Configuration
-
-
It is also possible to bind to one of the three global namespaces using
-configuration in the naming subsystem. This can be done by either
-editing the standalone.xml/domain.xml file directly, or through the
-management API.
-
-
-
Four different types of bindings are supported:
-
-
-
-
-
Simple - A primitive or java.net.URL entry (default is
-java.lang.String).
-
-
-
Object Factory - This allows to specify the
-javax.naming.spi.ObjectFactory that is used to create the looked up
-value.
-
-
-
External Context - An external context to federate, such as an LDAP
-Directory Service
-
-
-
Lookup - The allows to create JNDI aliases, when this entry is looked
-up it will lookup the target and return the result.
Note that @Resource is more than a JNDI lookup, it also binds an entry
-in the component’s JNDI environment. The new bind JNDI name is defined
-by @Resource’s `name attribute, which value, if unspecified, is the
-Java type concatenated with / and the field’s name, for instance
-java.lang.String/myString. More, similar to when using deployment
-descriptors to bind JNDI entries. unless the name is an absolute JNDI
-name, it is considered relative to java:comp/env. For instance, with
-respect to the field named myString above, the @Resource’s `lookup
-attribute instructs WildFly to lookup the value in
-java:global/mystring, bind it in
-java:comp/env/java.lang.String/myString, and then inject such value
-into the field.
-
-
-
With respect to the field named hello, there is no lookup attribute
-value defined, so the responsibility to provide the entry’s value is
-delegated to the deployment descriptor. Considering that the deployment
-descriptor was the web.xml previously shown, which defines an
-environment entry with same hello name, then WildFly inject the valued
-defined in the deployment descriptor into the field.
-
-
-
The executor field has no attributes specified, so the bind’s name
-would default to
-java:comp/env/jakarta.enterprise.concurrent.ManagedExecutorService/executor,
-but there is no such entry in the deployment descriptor, and when that
-happens it’s up to WildFly to provide a default value or null, depending
-on the field’s Java type. In this particular case WildFly would inject
-the default instance of a managed executor service, the value in
-java:comp/DefaultManagedExecutorService, as mandated by the EE
-Concurrency Utilities 1.0 Specification (JSR 236).
-
-
-
-
13.2.2. Standard Java SE JNDI API
-
-
Jakarta EE applications may use, without any additional configuration
-needed, the standard JNDI API to lookup an entry from JNDI:
WildFly supports two different types of remote JNDI.
-
-
-
14.1. http-remoting:
-
-
The http-remoting: protocol implementation is provided by JBoss Remote
-Naming project, and uses http upgrade to lookup items from the servers
-local JNDI. To use it, you must have the appropriate jars on the class
-path, if you are maven user can be done simply by adding the following
-to your pom.xml dependencies:
If you are not using maven a shaded jar that contains all required
-classes
-can be found in the bin/client directory of WildFly’s distribution.
-
-
-
-
finalProperties env = newProperties();
-env.put(Context.INITIAL_CONTEXT_FACTORY, "org.wildfly.naming.client.WildFlyInitialContextFactory");
-env.put(Context.PROVIDER_URL, "http-remoting://localhost:8080");
-// the property below is required ONLY if there is no ejb client configuration loaded (such as a
-// jboss-ejb-client.properties in the class path) and the context will be used to lookup EJBs
-env.put("jboss.naming.client.ejb.context", true);
-InitialContext remoteContext = newInitialContext(env);
-RemoteCalculator ejb = (RemoteCalculator) remoteContext.lookup("wildfly-http-remoting-ejb/CalculatorBean!"
- + RemoteCalculator.class.getName());
-
-
-
-
-
-
-
-
-
-The http-remoting client assumes JNDI names in remote lookups are
-relative to java:jboss/exported namespace, a lookup of an absolute JNDI
-name will fail.
-
-
-
-
-
-
-
14.2. ejb:
-
-
The ejb: namespace implementation is provided by the jboss-ejb-client
-library, and allows the lookup of EJB’s using their application name,
-module name, ejb name and interface type. To use it, you must have the
-appropriate jars on the class path, if you are maven user can be done
-simply by adding the following to your pom.xml dependencies:
If you are not using maven a shaded jar that contains all required
-classes
-can be found in the bin/client directory of WildFly’s distribution.
-
-
-
This is a client side JNDI implementation. Instead of looking up an EJB
-on the server the lookup name contains enough information for the client
-side library to generate a proxy with the EJB information. When you
-invoke a method on this proxy it will use the current EJB client context
-to perform the invocation. If the current context does not have a
-connection to a server with the specified EJB deployed then an error
-will occur. Using this protocol it is possible to look up EJB’s that do
-not actually exist, and no error will be thrown until the proxy is
-actually used. The exception to this is stateful session beans, which
-need to connect to a server when they are created in order to create the
-session bean instance on the server.
The first example is a lookup of a singleton, stateless or EJB 2.x home
-interface. This lookup will not hit the server, instead a proxy will be
-generated for the remote interface specified in the name. The second
-example is for a stateful session bean, in this case the JNDI lookup
-will hit the server, in order to tell the server to create the SFSB
-session.
-References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
-
-
-
-
-
-
-
-
-
15. Jakarta RESTful Web Services Reference Guide
-
-
-
RESTEasy is the Jakarta RESTful Web Services implementation used in WildFly Full. For detailed documentation see the
-RESTEasy 6.2.4.Final documentation.
-
-
-
15.1. Jakarta RESTful Web Services Activation
-
-
This section outlines the three options you have for deploying Jakarta RESTful Web Services
-applications in WildFly 29. These three methods are specified in the
-Jakarta RESTful Web Services 3.1 specification in section 2.3.2.
-
-
-
15.1.1. Subclassing jakarta.ws.rs.core.Application and using @ApplicationPath
-
-
This is the easiest way and does not require any xml configuration.
-Simply include a subclass of jakarta.ws.rs.core.Application in your
-application, and annotate it with the path that you want your JAX-RS
-classes to be available. For example:
This will make your Jakarta RESTful Web Services resources available under /
-mywebappcontext/hello.
-
-
-
-
-
-
-
-
-Note that you only have to add the mapping, not the corresponding
-servlet. The server is responsible for adding the corresponding servlet
-automatically.
-
-
-
-
-
-
-
-
15.2. Using Jackson for serialization
-
-
By default, for JSON processing the Jakarta JSON Processing API is used. However, you can use Jackson instead. This can
-be achieved by setting the resteasy.preferJacksonOverJsonB property as a system property or as a
-context property in the deployment’s web.xml. There is also a subsystem attribute, resteasy-prefer-jackson-over-jsonb,
-which can be set to true. Finally, if no value is set for the context and system properties, the subsystem scans Jakarta
-RESTful Web Services deployments for Jackson annotations and sets the property to true if any of those annotations are
-found.
-
-
-
15.2.1. Custom ObjectMapper
-
-
In some cases you may want to or need to create a custom ObjectMapper. This can be achieved by creating a
-jakarta.ws.rs.ext.ContextResolver which creates the ObjectMapper. The following example creates an ObjectMapper
-which allows JSR-310 date/times.
As of WildFly 27 and RESTEasy 6.2 to get the Jakarta XML Binding annotations to work with Jackson for JSON serialization
-you need to use a custom ObjectMapper. An example of this ObjectMapper would look like:
The tracing feature provides more internal states of the Jakarta RESTful Web Services container. For example, it could
-be able to show what filters a request is going through, or how long time a request is processed and other kinds of information.
-
-
-
The tracing feature can be enabled by setting the tracing-type attribute to ALL or ON_DEMAND. You can also control
-the threshold with the tracing-threshold attribute. The following is an example of enabling tracing using CLI:
You can also configure the tracing feature with the context parameters resteasy.server.tracing.type and
-resteasy.server.tracing.threshold in your deployments web.xml file.
-
-
-
-
-
-
-
-
-The tracing feature should not be used in production environments. Data can be exposed to clients via HTTP headers.
-
-
-
-
-
-
-
15.4. RESTEasy Spring Framework Integration
-
-
WildFly generally includes support for Jakarta Context and Dependency Injection (CDI). The Spring Framework, however,
-does not support CDI. You may need to exclude some subsystems and modules for Spring applications to work with Jakarta
-RESTful Web Services.
-
-
-
The following is an example jboss-deployment-structure.xml that may be needed.
The org.jboss.resteasy.resteasy-cdi module adds CDI support for the RESTEasy implementation. Excluding this
-should allow Spring deployments to work.
-
-
-
-
-
-
-
-
-References in this document to Java API for RESTful Web Services (JAX-RS) refer to Jakarta RESTful Web Services unless otherwise noted.
-
-
-
-
-
-
-
-
-
16. Sharing sessions between wars in an ear
-
-
-
Undertow allows you to share sessions between wars in an ear, if it is
-explicitly configured to do so. Note that if you use this feature your
-applications may not be portable, as this is not a standard servlet
-feature.
-
-
-
In order to enable this you must include a shared-session-config
-element in the jboss-all.xml file in the META-INF directory of the
-ear:
The Web Services functionalities of WildFly are provided by the JBossWS
-project integration.
-
-
-
The latest project documentation is available
-here.
-
-
-
This section covers the most relevant topics for the JBossWS version
-available on WildFly 29.
-
-
-
17.1. Jakarta XML Web Services User Guide
-
-
The Java API for XML-Based Web
-Services (JAX-WS / JSR-224) defines the mapping between WSDL and Java
-as well as the classes to be used for accessing webservices and
-publishing them. JBossWS implements the latest JAX-WS specification,
-hence users can reference it for any vendor agnostic webservice usage
-need. Below is a brief overview of the most basic functionalities.
-
-
-
17.1.1. Web Service Endpoints
-
-
Jakarta XML Web Services simplifies the development model for a web service endpoint a
-great deal. In short, an endpoint implementation bean is annotated with
-Jakarta XML Web Services annotations and deployed to the server. The server automatically
-generates and publishes the abstract contract (i.e. wsdl+schema) for
-client consumption. All marshalling/unmarshalling is delegated to
-JAXB.
-
-
-
Plain old Java Object (POJO)
-
-
Let’s take a look at simple POJO endpoint implementation. All endpoint
-associated metadata is provided via
-JSR-181 annotations
Note, only the endpoint implementation bean and web.xml are required.
-
-
-
-
Accessing the generated WSDL
-
-
A successfully deployed service endpoint will show up in the WildFly
-managent console. You can get the deployed endpoint wsdl address there
-too.
-
-
-
-
-
-
-
-
-Note, it is also possible to generate the abstract contract off line
-using JBossWS tools. For details of that please see Bottom-Up (Java to
-WSDL).
-
-
-
-
-
-
-
-
Jakarta Enterprise Beans 3 Stateless Session Bean (SLSB)
-
-
The Jakarta XML Web Services programming model supports the same set of annotations on
-Jakarta Enterprise Beans 3 stateless session beans as on POJO endpoints.
A successfully deployed service endpoint will show up in the WildFly
-managent console. You can get the deployed endpoint wsdl address there
-too.
-
-
-
-
-
-
-
-
-Note, it is also possible to generate the abstract contract off line
-using JBossWS tools. For details of that please see Bottom-Up (Java to
-WSDL).
-
-
-
-
-
-
-
-
Endpoint Provider
-
-
Jakarta XML Web Services services typically implement a native Java service endpoint
-interface (SEI), perhaps mapped from a WSDL port type, either directly
-or via the use of annotations.
-
-
-
Java SEIs provide a high level Java-centric abstraction that hides the
-details of converting between Java objects and their XML representations
-for use in XML-based messages. However, in some cases it is desirable
-for services to be able to operate at the XML message level. The
-Provider interface offers an alternative to SEIs and may be implemented
-by services wishing to work at the XML message level.
-
-
-
A Provider based service instances invoke method is called for each
-message received for the service.
-
-
-
-
@WebServiceProvider(wsdlLocation = "WEB-INF/wsdl/Provider.wsdl")
-@ServiceMode(value = Service.Mode.PAYLOAD)
-public class ProviderBeanPayload implements Provider<Source>
-{
- public Source invoke(Source req)
- {
- // Access the entire request PAYLOAD and return the response PAYLOAD
- }
-}
-
-
-
-
Note, Service.Mode.PAYLOAD is the default and does not have to be
-declared explicitly. You can also use Service.Mode.MESSAGE to access
-the entire SOAP message (i.e. with MESSAGE the Provider can also see
-SOAP Headers)
-
-
-
The abstract contract for a provider endpoint cannot be
-derived/generated automatically. Therefore it is necessary to specify
-the wsdlLocation with the @WebServiceProvider annotation.
-
-
-
-
-
17.1.2. Web Service Clients
-
-
Service
-
-
Service is an abstraction that represents a WSDL service. A WSDL
-service is a collection of related ports, each of which consists of a
-port type bound to a particular protocol and available at a particular
-endpoint address.
-
-
-
For most clients, you will start with a set of stubs generated from the
-WSDL. One of these will be the service, and you will create objects of
-that class in order to work with the service (see "static case" below).
-
-
-
Service Usage
-
-Static case
-
-
Most clients will start with a WSDL file, and generate some stubs using
-JBossWS tools like wsconsume. This usually gives a mass of files, one
-of which is the top of the tree. This is the service implementation
-class.
-
-
-
The generated implementation class can be recognised as it will have two
-public constructors, one with no arguments and one with two arguments,
-representing the wsdl location (a java.net.URL) and the service name
-(a javax.xml.namespace.QName) respectively.
-
-
-
Usually you will use the no-argument constructor. In this case the WSDL
-location and service name are those found in the WSDL. These are set
-implicitly from the @WebServiceClient annotation that decorates the
-generated class.
-
-
-
The following code snippet shows the generated constructors from the
-generated class:
-
-
-
-
// Generated Service Class
-
-@WebServiceClient(name="StockQuoteService", targetNamespace="http://example.com/stocks", wsdlLocation="http://example.com/stocks.wsdl")
-public class StockQuoteService extends jakarta.xml.ws.Service
-{
- public StockQuoteService()
- {
- super(new URL("http://example.com/stocks.wsdl"), new QName("http://example.com/stocks", "StockQuoteService"));
- }
-
- public StockQuoteService(String wsdlLocation, QName serviceName)
- {
- super(wsdlLocation, serviceName);
- }
-
- ...
-}
-
-
-
-
Section Dynamic Proxy explains how to obtain a port from the service and
-how to invoke an operation on the port. If you need to work with the XML
-payload directly or with the XML representation of the entire SOAP
-message, have a look at Dispatch.
-
-
-
-Dynamic case
-
-
In the dynamic case, when nothing is generated, a web service client
-uses Service.create to create Service instances, the following code
-illustrates this process.
-
-
-
-
URL wsdlLocation = new URL("http://example.org/my.wsdl");
-QName serviceName = new QName("http://example.org/sample", "MyService");
-Service service = Service.create(wsdlLocation, serviceName);
-
-
-
-
-
-
Handler Resolver
-
-
Jakarta XML Web Services provides a flexible plug-in framework for message processing
-modules, known as handlers, that may be used to extend the capabilities
-of a Jakarta XML Web Services runtime system. Handler Framework describes the handler
-framework in detail. A Service instance provides access to a
-HandlerResolver via a pair of getHandlerResolver /
-setHandlerResolver methods that may be used to configure a set of
-handlers on a per-service, per-port or per-protocol binding basis.
-
-
-
When a Service instance is used to create a proxy or a Dispatch instance
-then the handler resolver currently registered with the service is used
-to create the required handler chain. Subsequent changes to the handler
-resolver configured for a Service instance do not affect the handlers on
-previously created proxies, or Dispatch instances.
-
-
-
-
Executor
-
-
Service instances can be configured with a
-java.util.concurrent.Executor. The executor will then be used to
-invoke any asynchronous callbacks requested by the application. The
-setExecutor and getExecutor methods of Service can be used to
-modify and retrieve the executor configured for a service.
-
-
-
-
-
Dynamic Proxy
-
-
You can create an instance of a client proxy using one of getPort
-methods on the Service.
-
-
-
-
/**
- * The getPort method returns a proxy. A service client
- * uses this proxy to invoke operations on the target
- * service endpoint. The <code>serviceEndpointInterface</code>
- * specifies the service endpoint interface that is supported by
- * the created dynamic proxy instance.
- **/
-public <T> T getPort(QName portName, Class<T> serviceEndpointInterface)
-{
- ...
-}
-
-/**
- * The getPort method returns a proxy. The parameter
- * <code>serviceEndpointInterface</code> specifies the service
- * endpoint interface that is supported by the returned proxy.
- * In the implementation of this method, the Jakarta XML Web Services
- * runtime system takes the responsibility of selecting a protocol
- * binding (and a port) and configuring the proxy accordingly.
- * The returned proxy should not be reconfigured by the client.
- *
- **/
-public <T> T getPort(Class<T> serviceEndpointInterface)
-{
- ...
-}
-
-
-
-
The service endpoint interface (SEI) is usually generated using tools.
-For details see Top Down (WSDL to Java)
-
-
-
A generated static Service usually also offers typed methods to get
-ports. These methods also return dynamic proxies that implement the SEI.
The @WebServiceRef annotation is used to declare a reference to a Web
-service. It follows the resource pattern exemplified by the
-jakarta.annotation.Resource annotation in
-JSR-250.
-
-
-
There are two uses to the WebServiceRef annotation:
-
-
-
-
-
To define a reference whose type is a generated service class. In
-this case, the type and value element will both refer to the generated
-service class type. Moreover, if the reference type can be inferred by
-the field/method declaration the annotation is applied to, the type and
-value elements MAY have the default value (Object.class, that is). If
-the type cannot be inferred, then at least the type element MUST be
-present with a non-default value.
-
-
-
To define a reference whose type is a SEI. In this case, the type
-element MAY be present with its default value if the type of the
-reference can be inferred from the annotated field/method declaration,
-but the value element MUST always be present and refer to a generated
-service class type (a subtype of jakarta.xml.ws.Service). The wsdlLocation
-element, if present, overrides theWSDL location information specified in
-the WebService annotation of the referenced generated service class.
-
-
-
public class EJB3Client implements EJB3Remote
-{
- @WebServiceRef
- public TestEndpointService service4;
-
- @WebServiceRef
- public TestEndpoint port3;
-
-
-
-
-
-
-
-
Dispatch
-
-
XMLWeb Services use XML messages for communication between services and
-service clients. The higher level Jakarta XML Web Services APIs are designed to hide the
-details of converting between Java method invocations and the
-corresponding XML messages, but in some cases operating at the XML
-message level is desirable. The Dispatch interface provides support for
-this mode of interaction.
-
-
-
Dispatch supports two usage modes, identified by the constants
-jakarta.xml.ws.Service.Mode.MESSAGE and
-jakarta.xml.ws.Service.Mode.PAYLOAD respectively:
-
-
-
Message In this mode, client applications work directly with
-protocol-specific message structures. E.g., when used with a SOAP
-protocol binding, a client application would work directly with a SOAP
-message.
-
-
-
Message Payload In this mode, client applications work with the
-payload of messages rather than the messages themselves. E.g., when used
-with a SOAP protocol binding, a client application would work with the
-contents of the SOAP Body rather than the SOAP message as a whole.
-
-
-
Dispatch is a low level API that requires clients to construct messages
-or message payloads as XML and requires an intimate knowledge of the
-desired message or payload structure. Dispatch is a generic class that
-supports input and output of messages or message payloads of any type.
The BindingProvider interface represents a component that provides a
-protocol binding for use by clients, it is implemented by proxies and is
-extended by the Dispatch interface.
-
-
-
BindingProvider instances may provide asynchronous operation
-capabilities. When used, asynchronous operation invocations are
-decoupled from the BindingProvider instance at invocation time such
-that the response context is not updated when the operation completes.
-Instead a separate response context is made available using the
-Response interface.
-
-
-
-
public void testInvokeAsync() throws Exception
-{
- URL wsdlURL = new URL("http://" + getServerHost() + ":8080/jaxws-samples-asynchronous?wsdl");
- QName serviceName = new QName(targetNS, "TestEndpointService");
- Service service = Service.create(wsdlURL, serviceName);
- TestEndpoint port = service.getPort(TestEndpoint.class);
- Response response = port.echoAsync("Async");
- // access future
- String retStr = (String) response.get();
- assertEquals("Async", retStr);
-}
-
-
-
-
-
Oneway Invocations
-
-
@Oneway indicates that the given web method has only an input message
-and no output. Typically, a oneway method returns the thread of control
-to the calling application prior to executing the actual business
-method.
There are two properties to configure the http connection timeout and
-client receive time out:
-
-
-
-
public void testConfigureTimeout() throws Exception
-{
- //Set timeout until a connection is established
- ((BindingProvider)port).getRequestContext().put("jakarta.xml.ws.client.connectionTimeout", "6000");
-
- //Set timeout until the response is received
- ((BindingProvider) port).getRequestContext().put("jakarta.xml.ws.client.receiveTimeout", "1000");
-
- port.echo("testTimeout");
-}
-
-
-
-
-
-
17.1.3. Common API
-
-
This sections describes concepts that apply equally to Web Service
-Endpoints and Web Service Clients.
-
-
-
Handler Framework
-
-
The handler framework is implemented by a Jakarta XML Web Services protocol binding in
-both client and server side runtimes. Proxies, and Dispatch instances,
-known collectively as binding providers, each use protocol bindings to
-bind their abstract functionality to specific protocols.
-
-
-
Client and server-side handlers are organized into an ordered list known
-as a handler chain. The handlers within a handler chain are invoked each
-time a message is sent or received. Inbound messages are processed by
-handlers prior to binding provider processing. Outbound messages are
-processed by handlers after any binding provider processing.
-
-
-
Handlers are invoked with a message context that provides methods to
-access and modify inbound and outbound messages and to manage a set of
-properties. Message context properties may be used to facilitate
-communication between individual handlers and between handlers and
-client and service implementations. Different types of handlers are
-invoked with different types of message context.
-
-
-
Logical Handler
-
-
Handlers that only operate on message context properties and message
-payloads. Logical handlers are protocol agnostic and are unable to
-affect protocol specific parts of a message. Logical handlers are
-handlers that implement jakarta.xml.ws.handler.LogicalHandler.
-
-
-
-
Protocol Handler
-
-
Handlers that operate on message context properties and protocol
-specific messages. Protocol handlers are specific to a particular
-protocol and may access and change protocol specific aspects of a
-message. Protocol handlers are handlers that implement any interface
-derived from jakarta.xml.ws.handler.Handler except
-jakarta.xml.ws.handler.LogicalHandler.
-
-
-
-
Service endpoint handlers
-
-
On the service endpoint, handlers are defined using the @HandlerChain
-annotation.
\2. A relative path from the source file or class file. (ex:
-bar/handlerfile1.xml)
-
-
-
-
Service client handlers
-
-
On the client side, handler can be configured using the @HandlerChain
-annotation on the SEI or dynamically using the API.
-
-
-
-
Service service = Service.create(wsdlURL, serviceName);
-Endpoint port = (Endpoint)service.getPort(Endpoint.class);
-
-BindingProvider bindingProvider = (BindingProvider)port;
-List<Handler> handlerChain = new ArrayList<Handler>();
-handlerChain.add(new LogHandler());
-handlerChain.add(new AuthorizationHandler());
-handlerChain.add(new RoutingHandler());
-bindingProvider.getBinding().setHandlerChain(handlerChain); // important!
-
-
-
-
-
-
Message Context
-
-
MessageContext is the super interface for all Jakarta XML Web Services message contexts.
-It extends Map<String,Object> with additional methods and constants to
-manage a set of properties that enable handlers in a handler chain to
-share processing related state. For example, a handler may use the put
-method to insert a property in the message context that one or more
-other handlers in the handler chain may subsequently obtain via the get
-method.
-
-
-
Properties are scoped as either APPLICATION or HANDLER. All properties
-are available to all handlers for an instance of an MEP on a particular
-endpoint. E.g., if a logical handler puts a property in the message
-context, that property will also be available to any protocol handlers
-in the chain during the execution of an MEP instance. APPLICATION scoped
-properties are also made available to client applications (see section
-4.2.1) and service endpoint implementations. The defaultscope for a
-property is HANDLER.
-
-
-
Logical Message Context
-
-
Logical Handlers are passed a message context of type
-LogicalMessageContext when invoked. LogicalMessageContext extends
-MessageContext with methods to obtain and modify the message payload,
-it does not provide access to the protocol specific aspects of amessage.
-A protocol binding defines what component of a message are available via
-a logical message context. The SOAP binding defines that a logical
-handler deployed in a SOAP binding can access the contents of the SOAP
-body but not the SOAP headers whereas the XML/HTTP binding defines that
-a logical handler can access the entire XML payload of a message.
-
-
-
-
SOAP Message Context
-
-
SOAP handlers are passed a SOAPMessageContext when invoked.
-SOAPMessageContext extends MessageContext with methods to obtain and
-modify the SOAP message payload.
-
-
-
-
-
Fault Handling
-
-
An implementation may thow a SOAPFaultException
-
-
-
-
public void throwSoapFaultException()
-{
- SOAPFactory factory = SOAPFactory.newInstance();
- SOAPFault fault = factory.createFault("this is a fault string!", new QName("http://foo", "FooCode"));
- fault.setFaultActor("mr.actor");
- fault.addDetail().addChildElement("test");
- thrownew SOAPFaultException(fault);
-}
The ServiceMode annotation is used to specify the mode for a provider
-class, i.e. whether a provider wants to have access to protocol message
-payloads (e.g. a SOAP body) or the entire protocol messages (e.g. a SOAP
-envelope).
-
-
-
-
jakarta.xml.ws.WebFault
-
-
The WebFault annotation is used when mapping WSDL faults to Java
-exceptions, see section 2.5. It is used to capture the name of the fault
-element used when marshalling the Jakarta XML Binding type generated from the global
-element referenced by the WSDL fault message. It can also be used to
-customize the mapping of service specific exceptions to WSDL faults.
-
-
-
-
jakarta.xml.ws.RequestWrapper
-
-
The RequestWrapper annotation is applied to the methods of an SEI. It
-is used to capture the Jakarta XML Binding generated request wrapper bean and the
-element name and namespace for marshalling / unmarshalling the bean. The
-default value of localName element is the operationName as defined in
-WebMethod annotation and the default value for the targetNamespace
-element is the target namespace of the SEI.When starting from Java, this
-annotation is used to resolve overloading conflicts in document literal
-mode. Only the className element is required in this case.
-
-
-
-
jakarta.xml.ws.ResponseWrapper
-
-
The ResponseWrapper annotation is applied to the methods of an SEI. It
-is used to capture the Jakarta XML Binding generated response wrapper bean and the
-element name and namespace for marshalling / unmarshalling the bean. The
-default value of the localName element is the operationName as defined
-in the WebMethod appended with "Response" and the default value of the
-targetNamespace element is the target namespace of the SEI. When
-starting from Java, this annotation is used to resolve overloading
-conflicts in document literal mode. Only the className element is
-required in this case.
-
-
-
-
jakarta.xml.ws.WebServiceClient
-
-
The WebServiceClient annotation is specified on a generated service
-class (see 2.7). It is used to associate a class with a specific Web
-service, identify by a URL to a WSDL document and the qualified name of
-a wsdl:service element.
-
-
-
-
jakarta.xml.ws.WebEndpoint
-
-
The WebEndpoint annotation is specified on the getPortName() methods
-of a generated service class (see 2.7). It is used to associate a get
-method with a specific wsdl:port, identified by its local name (a
-NCName).
-
-
-
-
jakarta.xml.ws.WebServiceProvider
-
-
The WebServiceProvider annotation is specified on classes that
-implement a strongly typed jakarta.xml.ws.Provider. It is used to
-declare that a class that satisfies the requirements for a provider (see
-5.1) does indeed define a Web service endpoint, much like the
-WebService annotation does for SEI-based endpoints.
-
-
-
The WebServiceProvider and WebService annotations are mutually
-exclusive.
-
-
-
-
jakarta.xml.ws.BindingType
-
-
The BindingType annotation is applied to an endpoint implementation
-class. It specifies the binding to use when publishing an endpoint of
-this type.
-
-
-
The default binding for an endpoint is the SOAP 1.1/HTTP one.
-
-
-
-
jakarta.xml.ws.WebServiceRef
-
-
The WebServiceRef annotation is used to declare a reference to a Web
-service. It follows the resource pattern exemplified by the
-jakarta.annotation.Resource annotation in JSR-250 [JBWS:32]. The
-WebServiceRef annotation is required to be honored when running on the
-Jakarta EE platform, where it is subject to the common resource injection
-rules described by the platform specification [JBWS:33].
-
-
-
-
jakarta.xml.ws.WebServiceRefs
-
-
The WebServiceRefs annotation is used to declare multiple references
-to Web services on a single class. It is necessary to work around the
-limition against specifying repeated annotations of the same type on any
-given class, which prevents listing multiple jakarta.ws.WebServiceRef
-annotations one after the other. This annotation follows the resource
-pattern exemplified by the jakarta.annotation.Resources annotation in
-JSR-250.
-
-
-
Since no name and type can be inferred in this case, each
-WebServiceRef annotation inside a WebServiceRefs MUST contain name and
-type elements with non-default values. The WebServiceRef annotation is
-required to be honored when running on the Jakarta EE platform, where it
-is subject to the common resource injection rules described by the
-platform specification.
-
-
-
-
jakarta.xml.ws.Action
-
-
The Action annotation is applied to the methods of a SEI. It used to
-generate the wsa:Action on wsdl:input and wsdl:output of each
-wsdl:operation mapped from the annotated methods.
-
-
-
-
jakarta.xml.ws.FaultAction
-
-
The FaultAction annotation is used within the Action annotation to
-generate the wsa:Action element on the wsdl:fault element of each
-wsdl:operation mapped from the annotated methods.
-
-
-
-
-
17.1.5. JSR-181 Annotations
-
-
JSR-181 defines the syntax and semantics of Java Web Service (JWS)
-metadata and default values.
Marks a Java class as implementing a Web Service, or a Java interface as
-defining a Web Service interface.
-
-
-
-
jakarta.jws.WebMethod
-
-
Customizes a method that is exposed as a Web Service operation.
-
-
-
-
jakarta.jws.OneWay
-
-
Indicates that the given web method has only an input message and no
-output. Typically, a oneway method returns the thread of control to the
-calling application prior to executing the actual business method. A
-JSR-181 processor is REQUIRED to report an error if an operation marked
-@Oneway has a return value, declares any checked exceptions or has any
-INOUT or OUT parameters.
-
-
-
-
jakarta.jws.WebParam
-
-
Customizes the mapping of an individual parameter to a Web Service
-message part and XML element.
-
-
-
-
jakarta.jws.WebResult
-
-
Customizes the mapping of the return value to a WSDL part and XML
-element.
-
-
-
-
jakarta.jws.SOAPBinding
-
-
Specifies the mapping of the Web Service onto the SOAP message protocol.
-
-
-
The SOAPBinding annotation has a target of TYPE and METHOD. The
-annotation may be placed on a method if and only if the
-SOAPBinding.style is DOCUMENT. Implementations MUST report an error
-if the SOAPBinding annotation is placed on a method with a
-SOAPBinding.style of RPC. Methods that do not have a SOAPBinding
-annotation accept the SOAPBinding behavior defined on the type.
-
-
-
-
jakarta.jws.HandlerChain
-
-
The @HandlerChain annotation associates the Web Service with an
-externally defined handler chain.
-
-
-
It is an error to combine this annotation with the
-@SOAPMessageHandlers annotation.
-
-
-
The @HandlerChain annotation MAY be present on the endpoint interface
-and service implementation bean. The service implementation bean’s
-@HandlerChain is used if @HandlerChain is present on both.
-
-
-
The @HandlerChain annotation MAY be specified on the type only. The
-annotation target includes METHOD and FIELD for use by Jakarta XML Web Services Specification-2.x.
-
-
-
-
-
-
-
-
-References in this document to Java API for XML-Based Web Services (JAX-WS) refer to the Jakarta XML Web Services unless otherwise noted
-
-
-
-
-
-
-
-
-
17.2. Jakarta XML Web Services Tools
-
-
The Jakarta XML Web Services tools provided by JBossWS can be used in a variety of ways.
-First we will look at server-side development strategies, and then
-proceed to the client.
-
-
-
17.2.1. Server side
-
-
When developing a Web Service Endpoint (the server-side) you have the
-option of starting from Java ( bottom-up development), or from the
-abstact contract (WSDL) that defines your service ( top-down
-development). If this is a new service (no existing contract), the
-bottom-up approach is the fastest route; you only need to add a few
-annotations to your classes to get a service up and running. However, if
-you are developing a service with an already defined contract, it is far
-simpler to use the top-down approach, since the provided tool will
-generate the annotated code for you.
-
-
-
Bottom-up use cases:
-
-
-
-
-
Exposing an already existing Jakarta Enterprise Beans 3 bean as a Web Service
-
-
-
Providing a new service, and you want the contract to be generated for
-you
-
-
-
-
-
Top-down use cases:
-
-
-
-
-
Replacing the implementation of an existing Web Service, and you can’t
-break compatibility with older clients
-
-
-
Exposing a service that conforms to a contract specified by a third
-party (e.g. a vender that calls you back using an already defined
-protocol).
-
-
-
Creating a service that adheres to the XML Schema and WSDL you
-developed by hand up front
-
-
-
-
-
The following Jakarta XML Web Services command line tools are included in JBossWS:
-
-
-
-
-
-
-
-
-
Command
-
Description
-
-
-
-
-
wsprovide
-
Generates Jakarta XML Web Services portable artifacts, and provides the
-abstract contract. Used for bottom-up development.
-
-
-
wsconsume
-
Consumes the abstract contract (WSDL and Schema files), and
-produces artifacts for both a server and client. Used for top-down and
-client development
-
-
-
-
-
Bottom-Up (Using wsprovide)
-
-
The bottom-up strategy involves developing the Java code for your
-service, and then annotating it using Jakarta XML Web Services annotations. These
-annotations can be used to customize the contract that is generated for
-your service. For example, you can change the operation name to map to
-anything you like. However, all of the annotations have sensible
-defaults, so only the @WebService annotation is required.
A JSE or Jakarta Enterprise Beans 3 deployment can be built using this class, and it is the
-only Java code needed to deploy on JBossWS. The WSDL, and all other Java
-artifacts called "wrapper classes" will be generated for you at deploy
-time. This actually goes beyond the Jakarta XML Web Services specification, which requires
-that wrapper classes be generated using an offline tool. The reason for
-this requirement is purely a vender implementation problem, and since we
-do not believe in burdening a developer with a bunch of additional
-steps, we generate these as well. However, if you want your deployment
-to be portable to other application servers, you will unfortunately need
-to use a tool and add the generated classes to your deployment.
-
-
-
This is the primary purpose of the wsprovide tool, to generate
-portable Jakarta XML Web Services artifacts. Additionally, it can be used to "provide" the
-abstract contract (WSDL file) for your service. This can be obtained by
-invoking wsprovide using the "-w" option:
-Remember that when deploying on JBossWS you do not need to run this
-tool. You only need it for generating portable artifacts and/or the
-abstract contract for your service.
-
-
-
-
-
-
Let’s create a POJO endpoint for deployment on WildFly. A simple
-web.xml needs to be created:
The war can then be deployed to the JBoss Application Server.The war can
-then be deployed to the JBoss Application Server; this will internally
-invoke wsprovide, which will generate the WSDL. If deployment was
-successful, and you are using the default settings, it should be
-available in the server management console.
-
-
-
For a portable Jakarta XML Web Services deployment, the wrapper classes generated earlier
-could be added to the deployment.
-
-
-
-
Top-Down (Using wsconsume)
-
-
The top-down development strategy begins with the abstract contract for
-the service, which includes the WSDL file and zero or more schema files.
-The wsconsume tool is then used to consume this contract, and produce
-annotated Java classes (and optionally sources) that define it.
-
-
-
-
-
-
-
-
-wsconsume may have problems with symlinks on Unix systems
-
-
-
-
-
-
Using the WSDL file from the bottom-up example, a new Java
-implementation that adheres to this service can be generated. The "-k"
-option is passed to wsconsume to preserve the Java source files that
-are generated, instead of providing just classes:
The following table shows the purpose of each generated file:
-
-
-
-
-
-
-
-
-
File
-
Purpose
-
-
-
-
-
Echo.java
-
Service Endpoint Interface
-
-
-
Echo_Type.java
-
Wrapper bean for request message
-
-
-
EchoResponse.java
-
Wrapper bean for response message
-
-
-
ObjectFactory.java
-
Jakarta XML Binding XML Registry
-
-
-
package-info.java
-
Holder for Jakarta XML Binding package annotations
-
-
-
EchoService.java
-
Used only by Jakarta XML Web Services clients
-
-
-
-
-
Examining the Service Endpoint Interface reveals annotations that are
-more explicit than in the class written by hand in the bottom-up
-example, however, these evaluate to the same contract:
Before going to detail on the client-side it is important to understand
-the decoupling concept that is central to Web Services. Web Services are
-not the best fit for internal RPC, even though they can be used in this
-way. There are much better technologies for this (CORBA, and RMI for
-example). Web Services were designed specifically for interoperable
-coarse-grained correspondence. There is no expectation or guarantee that
-any party participating in a Web Service interaction will be at any
-particular location, running on any particular OS, or written in any
-particular programming language. So because of this, it is important to
-clearly separate client and server implementations. The only thing they
-should have in common is the abstract contract definition. If, for
-whatever reason, your software does not adhere to this principal, then
-you should not be using Web Services. For the above reasons, the
-recommended methodology for developing a client is to follow the
-top-down approach , even if the client is running on the same server.
-
-
-
Let’s repeat the process of the top-down section, although using the
-deployed WSDL, instead of the one generated offline by wsprovide. The
-reason why we do this is just to get the right value for soap:address.
-This value must be computed at deploy time, since it is based on
-container configuration specifics. You could of course edit the WSDL
-file yourself, although you need to ensure that the path is correct.
As you can see, this generated class extends the main client entry point
-in Jakarta XML Web Services, jakarta.xml.ws.Service. While you can use Service directly,
-this is far simpler since it provides the configuration info for you.
-The only method we really care about is the getEchoPort() method,
-which returns an instance of our Service Endpoint Interface. Any WS
-operation can then be called by just invoking a method on the returned
-interface.
-
-
-
-
-
-
-
-
-It’s not recommended to refer to a remote WSDL URL in a production
-application. This causes network I/O every time you instantiate the
-Service Object. Instead, use the tool on a saved local copy, or use the
-URL version of the constructor to provide a new WSDL location.
-
-
-
-
-
-
All that is left to do, is write and compile the client:
It is easy to change the endpoint address of your operation at runtime,
-setting the ENDPOINT_ADDRESS_PROPERTY as shown below:
-
-
-
-
EchoService service = new EchoService();
- Echo echo = service.getEchoPort();
-
- /* Set NEW Endpoint Location */
- String endpointURL = "http://NEW_ENDPOINT_URL";
- BindingProvider bp = (BindingProvider)echo;
- bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpointURL);
-
- System.out.println("Server said: " + echo.echo(args0));
-
-
-
-
-
-
17.3. wsconsume
-
-
wsconsume is a command line tool and ant task that "consumes" the
-abstract contract (WSDL file) and produces portable Jakarta XML Web Services and
-client artifacts.
-
-
-
17.3.1. Command Line Tool
-
-
The command line tool has the following usage:
-
-
-
-
usage: wsconsume [options] <wsdl-url>
-options:
- -h, --help Show this help message
- -b, --binding=<file> One or more Jakarta XML Web Services or Jakarta XML Binding binding files
- -k, --keep Keep/Generate Java source
- -c --catalog=<file> Oasis XML Catalog file for entity resolution
- -j --clientjar=<name> Create a jar file of the generated artifacts for calling the webservice
- -p --package=<name> The target package for generated source
- -w --wsdlLocation=<loc> Value to use for @WebServiceClient.wsdlLocation
- -o, --output=<directory> The directory to put generated artifacts
- -s, --source=<directory> The directory to put Java source
- -t, --target=<2.0|2.1|2.2> The Jakarta XML Web Services specification target
- -q, --quiet Be somewhat more quiet
- -v, --verbose Show full exception stack traces
- -l, --load-consumer Load the consumer and exit (debug utility)
- -e, --extension Enable SOAP 1.2 binding extension
- -a, --additionalHeaders Enables processing of implicit SOAP headers
- -n, --nocompile Do not compile generated sources
-
-
-
-
-
-
-
-
-
-The wsdlLocation is used when creating the Service to be used by clients
-and will be added to the @WebServiceClient annotation, for an endpoint
-implementation based on the generated service endpoint interface you
-will need to manually add the wsdlLocation to the @WebService annotation
-on your web service implementation and not the service endpoint
-interface.
-
-
-
-
-
-
Examples
-
-
Generate artifacts in Java class form only:
-
-
-
-
wsconsume Example.wsdl
-
-
-
-
Generate source and class files:
-
-
-
-
wsconsume -k Example.wsdl
-
-
-
-
Generate source and class files in a custom directory:
-
-
-
-
wsconsume -k -o custom Example.wsdl
-
-
-
-
Generate source and class files in the org.foo package:
-
-
-
-
wsconsume -k -p org.foo Example.wsdl
-
-
-
-
Generate source and class files using multiple binding files:
The wsconsume tools is included in the
-org.jboss.ws.plugins:jaxws-tools-maven-plugin plugin. The plugin has
-two goals for running the tool, wsconsume and wsconsume-test, which
-basically do the same during different maven build phases (the former
-triggers the sources generation during generate-sources phase, the
-latter during the generate-test-sources one).
-
-
-
The wsconsume plugin has the following parameters:
-
-
-
-
-
-
-
-
-
-
Attribute
-
Description
-
Default
-
-
-
-
-
bindingFiles
-
Jakarta XML Web Services or Jakarta XML Binding binding file
-
true
-
-
-
classpathElements
-
Each classpathElement provides alibrary file to be
-added to classpath
Enables more informational output about command progress.
-
false
-
-
-
wsdls
-
The WSDL files or URLs to consume
-
n/a
-
-
-
extension
-
Enable SOAP 1.2 binding extension.
-
false
-
-
-
encoding
-
The charset encoding to use for generated sources.
-
$\{project.build.sourceEncoding}
-
-
-
argLine
-
An optional additional argline to be used when running in fork
-mode;can be used to set endorse dir, enable debugging,
-etc.Example<argLine>-Djava.endorsed.dirs=…</argLine>
-
none
-
-
-
fork
-
Whether or not to run the generation task in a separate VM.
-
false
-
-
-
target
-
A preference for the Jakarta XML Web Services specification target
-
Depends on
-the underlying stack and endorsed dirs if any
-
-
-
-
-
Examples
-
-
You can use wsconsume in your own project build simply referencing the
-jaxws-tools-maven-plugin in the configured plugins in your pom.xml
-file.
-
-
-
The following example makes the plugin consume the test.wsdl file and
-generate SEI and wrappers' java sources. The generated sources are then
-compiled together with the other project classes.
Finally, if the wsconsume invocation is required for consuming a wsdl to
-be used in your testsuite only, you might want to use the
-wsconsume-test goal as follows:
Plugin stack dependencyThe plugin itself does not have an explicit
-dependency to a JBossWS stack, as it’s meant for being used with
-implementations of any supported version of the JBossWS SPI. So the
-user is expected to set a dependency in his own pom.xml to the desired
-JBossWS stack version. The plugin will rely on the that for using the
-proper tooling.
-Be careful when using this plugin with the Maven War Plugin as that
-include any project dependency into the generated application war
-archive. You might want to set <scope>provided</scope> for the
-JBossWS stack dependency to avoid that.
-
-
-
-
-
-
-
-
-
-
-
-Up to version 1.1.2.Final, the artifactId of the plugin was
-maven-jaxws-tools-plugin.
-
-
-
-
-
-
-
-
17.3.3. Ant Task
-
-
The wsconsume Ant task ( org.jboss.ws.tools.ant.WSConsumeTask) has
-the following attributes:
-
-
-
-
-
-
-
-
-
-
Attribute
-
Description
-
Default
-
-
-
-
-
fork
-
Whether or not to run the generation task in a separate VM.
-
true
-
-
-
keep
-
Keep/Enable Java source code generation.
-
false
-
-
-
catalog
-
Oasis XML Catalog file for entity resolution
-
none
-
-
-
package
-
The target Java package for generated code.
-
generated
-
-
-
binding
-
A Jakarta XML Web Services or Jakarta XML Binding binding file
-
none
-
-
-
wsdlLocation
-
Value to use for @WebServiceClient.wsdlLocation
-
generated
-
-
-
encoding
-
The charset encoding to use for generated sources
-
n/a
-
-
-
destdir
-
The output directory for generated artifacts.
-
"output"
-
-
-
sourcedestdir
-
The output directory for Java source.
-
value of destdir
-
-
-
target
-
The Jakarta XML Web Services specification target. Allowed values are 2.0, 2.1
-and 2.2
-
-
-
-
verbose
-
Enables more informational output about command progress.
-
false
-
-
-
wsdl
-
The WSDL file or URL
-
n/a
-
-
-
extension
-
Enable SOAP 1.2 binding extension.
-
false
-
-
-
additionalHeaders
-
Enables processing of implicit SOAP headers
-
false
-
-
-
-
-
-
-
-
-
-
-Users also need to put streamBuffer.jar and stax-ex.jar to the classpath
-of the ant task to generate the appropriate artefacts.
-
-
-
-
-
-
-
-
-
-
-
-The wsdlLocation is used when creating the Service to be used by clients
-and will be added to the @WebServiceClient annotation, for an endpoint
-implementation based on the generated service endpoint interface you
-will need to manually add the wsdlLocation to the @WebService annotation
-on your web service implementation and not the service endpoint
-interface.
-
-
-
-
-
-
Also, the following nested elements are supported:
-
-
-
-
-
-
-
-
-
-
Element
-
Description
-
Default
-
-
-
-
-
binding
-
A Jakarta XML Web Services or Jakarta XML Binding binding file
-
none
-
-
-
jvmarg
-
Allows setting of custom jvm arguments
-
-
-
-
-
-
Examples
-
-
Generate Jakarta XML Web Services source and classes in a separate JVM with separate
-directories, a custom wsdl location attribute, and a list of binding
-files from foo.wsdl:
wsprovide is a command line tool, Maven plugin and Ant task that
-generates portable Jakarta XML Web Services artifacts for a service endpoint
-implementation. It also has the option to "provide" the abstract
-contract for offline usage.
-
-
-
17.4.1. Command Line Tool
-
-
The command line tool has the following usage:
-
-
-
-
usage: wsprovide [options] <endpoint class name>
-options:
- -h, --help Show this help message
- -k, --keep Keep/Generate Java source
- -w, --wsdl Enable WSDL file generation
- -a, --address The generated port soap:address in wsdl
- -c. --classpath=<path> The classpath that contains the endpoint
- -o, --output=<directory> The directory to put generated artifacts
- -r, --resource=<directory> The directory to put resource artifacts
- -s, --source=<directory> The directory to put Java source
- -e, --extension Enable SOAP 1.2 binding extension
- -q, --quiet Be somewhat more quiet
- -t, --show-traces Show full exception stack traces
-
-
-
-
Examples
-
-
Generating wrapper classes for portable artifacts in the "generated"
-directory:
-
-
-
-
wsprovide -o generated foo.Endpoint
-
-
-
-
Generating wrapper classes and WSDL in the "generated" directory
The wsprovide tools is included in the
-org.jboss.ws.plugins:jaxws-tools-maven-plugin plugin. The plugin
-has two goals for running the tool, wsprovide and wsprovide-test,
-which basically do the same during different Maven build phases (the
-former triggers the sources generation during process-classes phase,
-the latter during the process-test-classes one).
-
-
-
The wsprovide plugin has the following parameters:
-
-
-
-
-
-
-
-
-
-
Attribute
-
Description
-
Default
-
-
-
-
-
testClasspathElements
-
Each classpathElement provides alibrary file to
-be added to classpath
Plugin stack dependencyThe plugin itself does not have an explicit
-dependency to a JBossWS stack, as it’s meant for being used with
-implementations of any supported version of the JBossWS SPI. So the
-user is expected to set a dependency in his own pom.xml to the desired
-JBossWS stack version. The plugin will rely on the that for using the
-proper tooling.
-Be careful when using this plugin with the Maven War Plugin as that
-include any project dependency into the generated application war
-archive. You might want to set <scope>provided</scope> for the
-JBossWS stack dependency to avoid that.
-
-
-
-
-
-
-
-
-
-
-
-Up to version 1.1.2.Final, the artifactId of the plugin was
-maven-jaxws-tools-plugin.
-
-
-
-
-
-
-
-
17.4.3. Ant Task
-
-
The wsprovide ant task ( org.jboss.ws.tools.ant.WSProvideTask) has the
-following attributes:
-
-
-
-
-
-
-
-
-
-
Attribute
-
Description
-
Default
-
-
-
-
-
fork
-
Whether or not to run the generation task in a separate VM.
-
true
-
-
-
keep
-
Keep/Enable Java source code generation.
-
false
-
-
-
destdir
-
The output directory for generated artifacts.
-
"output"
-
-
-
resourcedestdir
-
The output directory for resource artifacts
-(WSDL/XSD).
-
value of destdir
-
-
-
sourcedestdir
-
The output directory for Java source.
-
value of destdir
-
-
-
extension
-
Enable SOAP 1.2 binding extension.
-
false
-
-
-
genwsdl
-
Whether or not to generate WSDL.
-
false
-
-
-
address
-
The generated port soap:address in wsdl.
-
-
-
-
verbose
-
Enables more informational output about command progress.
-
false
-
-
-
sei
-
Service Endpoint Implementation.
-
-
-
-
classpath
-
The classpath that contains the service endpoint
-implementation.
-
"."
-
-
-
-
-
Examples
-
-
Executing wsprovide in verbose mode with separate output directories for
-source, resources, and classes:
17.5. Jakarta XML Web Services Advanced User Guide
-
-
17.5.1. Logging
-
-
Logging of inbound and outbound messages is a common need. Different
-approaches are available for achieving that:
-
-
-
Jakarta XML Web Services Handler approach
-
-
A portable way of performing logging is writing a simple Jakarta XML Web Services handler
-dumping the messages that are passed in it; the handler can be added to
-the desired client/endpoints (programmatically / using @HandlerChain
-Jakarta XML Web Services annotation).
-
-
-
The predefined client and endpoint configuration
-mechanism allows user to add the logging handler to any client/endpoint
-or to some of them only (in which case the @EndpointConfig annotation
-/ JBossWS API is required though).
-
-
-
-
Apache CXF approach
-
-
Apache CXF also comes with logging interceptors that can be easily used
-to log messages to the console or configured client/server log files.
-Those interceptors can be added to client, endpoint and buses in
-multiple ways:
-
-
-
System property
-
-
Setting the org.apache.cxf.logging.enabled system property to true
-causes the logging interceptors to be added to any Bus instance being
-created on the JVM.
-
-
-
-
-
-
-
-
-On WildFly, the system property is easily set by adding what follows to
-the standalone / domain server configuration just after the extensions
-section:
-
Logging interceptors can be selectively added to endpoints using the
-Apache CXF annotations @org.apache.cxf.interceptor.InInterceptors and
-@org.apache.cxf.interceptor.OutInterceptors. The same is achieved on
-client side by programmatically adding new instances of the logging
-interceptors to the client or the bus.
-
-
-
Alternatively, Apache CXF also comes with a
-org.apache.cxf.feature.LoggingFeature that can be used on clients and
-endpoints (either annotating them with
-@org.apache.cxf.feature.Features or directly with
-@org.apache.cxf.annotations.Logging).
JBossWS includes most of the WS-* specification functionalities through
-the integration with Apache CXF. In particular, the whole WS-Security
-Policy framework is fully supported, enabling full contract driven
-configuration of complex features like WS-Security.
-
-
-
In details information available further down in this documentation
-book.
-
-
-
-
17.5.3. Address rewrite
-
-
JBossWS allows users to configure the soap:address attribute in the
-wsdl contract of deployed services.
If the content of <soap:address> in the wsdl is a valid URL, JBossWS
-will not rewrite it unless modify-wsdl-address is true. If the content
-of <soap:address> is not a valid URL instead, JBossWS will always
-rewrite it using the attribute values given below. Please note that the
-variable $\{jboss.bind.address} can be used to set the address which
-the application is bound to at each startup.
-
-
-
The wsdl-secure-port and wsdl-port attributes are used to explicitly
-define the ports to be used for rewriting the SOAP address. If these
-attributes are not set, the ports will be identified by querying the
-list of installed connectors. If multiple connectors are found the port
-of the first connector is used.
-
-
-
-
Dynamic rewrite
-
-
When the application server is bound to multiple addresses or
-non-trivial real-world network architectures cause request for different
-external addresses to hit the same endpoint, a static rewrite of the
-soap:address may not be enough. JBossWS allows for both the soap:address
-in the wsdl and the wsdl address in the console to be rewritten with the
-host use in the client request. This way, users always get the right
-wsdl address assuming they’re connecting to an instance having the
-endpoint they’re looking for. To trigger this behaviour, the
-jbossws.undefined.host value has to be specified for the wsdl-host
-element.
Of course, when a confidential transport address is required, the
-addresses are always rewritten using https protocol and the port
-currently configured for the https/ssl connector.
-
-
-
-
-
17.5.4. Configuration through deployment descriptor
-
-
The jboss-webservices.xml deployment descriptor can be used to provide
-additional configuration for a given deployment. The expected location
-of it is:
-
-
-
-
-
META-INF/jboss-webservices.xml for Jakarta Enterprise Beans webservice deployments
-
-
-
WEB-INF/jboss-webservices.xml for POJO webservice deployments and
-Jakarta Enterprise Beans webservice endpoints bundled in war archives
-
-
-
-
-
The structure of file is the following (schemas are available
-here):
Elements <config-name> and <config-file> can be used to associate
-any endpoint provided in the deployment with a given
-endpoint configuration. Endpoint configuration are
-either specified in the referenced config file or in the WildFly domain
-model (webservices subsystem). For further details on the endpoint
-configurations and their management in the domain model, please see the
-related
-documentation.
<property> elements can be used to setup simple property values to
-configure the ws stack behavior. Allowed property names and values are
-mentioned in the guide under related topics.
Apache CXF has a feature for validating incoming and outgoing SOAP
-messages on both client and server side. The validation is performed
-against the relevant schema in the endpoint wsdl contract (server side)
-or the wsdl contract used for building up the service proxy (client
-side).
-
-
-
Schema validation can be turned on programmatically on client side
Alternatively, any endpoint and client running in-container can be
-associated to a JBossWS predefined configuration
-having the schema-validation-enabled property set to true in the
-referenced config file.
-
-
-
Finally, JBossWS also allows for server-wide (default) setup of schema
-validation by using the Standard-Endpoint-Config and
-Standard-Client-Config special configurations (which apply to any
-client / endpoint unless a different configuration is specified for
-them)
As Kohsuke Kawaguchi wrote on
-his
-blog, one common complaint from the Jakarta XML Binding users is the lack of support
-for binding 3rd party classes. The scenario is this: you are trying to
-annotate your classes with Jakarta XML Binding annotations to make it XML bindable, but
-some of the classes are coming from libraries and JDK, and thus you
-cannot put necessary Jakarta XML Binding annotations on it.
-
-
-
To solve this Jakarta XML Binding has been designed to provide hooks for programmatic
-introduction of annotations to the runtime.
-
-
-
This is currently leveraged by the JBoss Jakarta XML Binding Introductions project,
-using which users can define annotations in XML and make Jakarta XML Binding see those
-as if those were in the class files (perhaps coming from 3rd party
-libraries).
17.5.8. Predefined client and endpoint configurations
-
-
-JBossWS permits extra setup configuration data to be predefined and
-associated with an endpoint or a client. Configurations can include
-Jakarta XML Web Services handlers and key/value property declarations that control JBossWS
-and Apache CXF internals. Predefined configurations can be used for
-Jakarta XML Web Services client and Jakarta XML Web Services endpoint setup.
-
-
-
-
Configurations can be defined in the webservice subsystem and in an
-application’s deployment descriptor file. There can be many
-configuration definitions in the webservice subsystem and in an
-application. Each configuration must have a name that is unique within
-the server. Configurations defined in an application are local to the
-application. Endpoint implementations declare the use of a specific
-configuration through the use of the
-org.jboss.ws.api.annotation.EndpointConfig annotation. An endpoint
-configuration defined in the webservices subsystem is available to all
-deployed applications on the server container and can be referenced by
-name in the annotation. An endpoint configuration defined in an
-application must be referenced by both deployment descriptor file name
-and configuration name by the annotation.
-
-
-
Handlers
-
-
-
Each endpoint configuration may be associated with zero or more PRE and
-POST handler chains. Each handler chain may include JAXWS handlers. For
-outbound messages the PRE handler chains are executed before any handler
-that is attached to the endpoint using the standard means, such as with
-annotation @HandlerChain, and POST handler chains are executed after
-those objects have executed. For inbound messages the POST handler
-chains are executed before any handler that is attached to the endpoint
-using the standard means and the PRE handler chains are executed after
-those objects have executed.
-
-
-
-
* Server inbound messages
-Client --> ... --> POST HANDLER --> ENDPOINT HANDLERS --> PRE HANDLERS --> Endpoint
-
-* Server outbound messages
-Endpoint --> PRE HANDLER --> ENDPOINT HANDLERS --> POST HANDLERS --> ... --> Client
-
-
-
-
The same applies for client configurations.
-
-
-
Properties
-
-
-
Key/value properties are used for controlling both some Apache CXF
-internals and some JBossWS options. Specific supported values are
-mentioned where relevant in the rest of the documentation.
-
-
-
Assigning configurations
-
-
Endpoints and clients are assigned configuration through different
-means. Users can explicitly require a given configuration or rely on
-container defaults. The assignment process can be split up as follows:
-
-
-
-
-
Explicit assignment through annotations (for endpoints) or API
-programmatic usage (for clients)
-
-
-
Automatic assignment of configurations from default descriptors
-
-
-
Automatic assignment of configurations from container
-
-
-
-
-
Endpoint configuration assignment
-
-
The explicit configuration assignment is meant for developer that know
-in advance their endpoint or client has to be setup according to a
-specified configuration. The configuration is either coming from a
-descriptor that is included in the application deployment, or is
-included in the application server webservices subsystem management
-model.
-
-
-
-
Endpoint Configuration Deployment Descriptor
-
-
Jakarta EE archives that can contain Jakarta XML Web Services client and endpoint
-implementations can also contain predefined client and endpoint
-configuration declarations. All endpoint/client configuration
-definitions for a given archive must be provided in a single deployment
-descriptor file, which must be an implementation of schema
-jbossws-jaxws-config.
-Many endpoint/client configurations can be defined in the deployment
-descriptor file. Each configuration must have a name that is unique
-within the server on which the application is deployed. The
-configuration name can’t be referred to by endpoint/client
-implementations outside the application. Here is an example of a
-descriptor, containing two endpoint configurations:
WildFly allows declaring JBossWS client and server predefined
-configurations in the webservices subsystem section of the server
-model. As a consequence it is possible to declare server-wide handlers
-to be added to the chain of each endpoint or client assigned to a given
-configuration.
-
-
-
Please refer to the
-WildFly
-documentation for details on managing the webservices subsystem such
-as adding, removing and modifying handlers and properties.
-
-
-
The allowed contents in the webservices subsystem are defined by the
-schema
-included in the application server.
-
-
-Standard configurations
-
-
Clients running in-container as well as endpoints are assigned standard
-configurations by default. The defaults are used unless different
-configurations are set as described on this page. This enables
-administrators to tune the default handler chains for client and
-endpoint configurations. The names of the default client and endpoint
-configurations, used in the webservices subsystem are
-Standard-Client-Config and Standard-Endpoint-Config respectively.
-
-
-
-Handlers classloading
-
-
When setting a server-wide handler, please note the handler class needs
-to be available through each ws deployment classloader. As a consequence
-proper module dependencies might need to be specified in the deployments
-that are going to leverage a given predefined configuration. A shortcut
-is to add a dependency to the module containing the handler class in one
-of the modules which are already automatically set as dependencies to
-any deployment, for instance org.jboss.ws.spi.
Once a configuration is available to a given application, the
-org.jboss.ws.api.annotation.EndpointConfig annotation is used to
-assign an endpoint configuration to a Jakarta XML Web Services endpoint implementation.
-When assigning a configuration that is defined in the webservices
-subsystem only the configuration name is specified. When assigning a
-configuration that is defined in the application, the relative path to
-the deployment descriptor and the configuration name must be specified.
The most practical way of setting a configuration is using
-org.jboss.ws.api.configuration.ClientConfigFeature, a JAXWS Feature
-extension provided by JBossWS:
-
-
-
-
importorg.jboss.ws.api.configuration.ClientConfigFeature;
-
-...
-
-Service service = Service.create(wsdlURL, serviceName);
-Endpoint port = service.getPort(Endpoint.class, new ClientConfigFeature("META-INF/my-client-config.xml", "Custom Client Config"));
-port.echo("Kermit");
-
-... or ....
-
-port = service.getPort(Endpoint.class, new ClientConfigFeature("META-INF/my-client-config.xml", "Custom Client Config"), true); //setup properties too from the configuration
-port.echo("Kermit");
-... or ...
-
-port = service.getPort(Endpoint.class, new ClientConfigFeature(null, testConfigName)); //reads from current container configurations if available
-port.echo("Kermit");
-
-
-
-
JBossWS parses the specified configuration file. The configuration file
-must be found as a resource by the classloader of the current thread.
-The
-jbossws-jaxws-config
-schema defines the descriptor contents and is included in the
-jbossws-spi artifact.
-
-
-
-Explicit setup through API
-
-
Alternatively, JBossWS API comes with facility classes that can be used
-for assigning configurations when building a client. JAXWS handlers read
-from client configurations as follows:
-
-
-
-
importorg.jboss.ws.api.configuration.ClientConfigUtil;
-importorg.jboss.ws.api.configuration.ClientConfigurer;
-
-...
-
-Service service = Service.create(wsdlURL, serviceName);
-Endpoint port = service.getPort(Endpoint.class);
-BindingProvider bp = (BindingProvider)port;
-ClientConfigUtil.setConfigHandlers(bp, "META-INF/my-client-config.xml", "Custom Client Config 1");
-port.echo("Kermit");
-
-...
-
-ClientConfigurer configurer = ClientConfigUtil.resolveClientConfigurer();
-configurer.setConfigHandlers(bp, "META-INF/my-client-config.xml", "Custom Client Config 2");
-port.echo("Kermit");
-
-...
-
-configurer.setConfigHandlers(bp, "META-INF/my-client-config.xml", "Custom Client Config 3");
-port.echo("Kermit");
-
-...
-
-configurer.setConfigHandlers(bp, null, "Container Custom Client Config"); //reads from current container configurations if available
-port.echo("Kermit");
-
-
-
-
-
-
similarly, properties are read from client configurations as
-follows:
-
-
-
-
-
-
importorg.jboss.ws.api.configuration.ClientConfigUtil;
-importorg.jboss.ws.api.configuration.ClientConfigurer;
-
-...
-
-Service service = Service.create(wsdlURL, serviceName);
-Endpoint port = service.getPort(Endpoint.class);
-
-ClientConfigUtil.setConfigProperties(port, "META-INF/my-client-config.xml", "Custom Client Config 1");
-port.echo("Kermit");
-
-...
-
-ClientConfigurer configurer = ClientConfigUtil.resolveClientConfigurer();
-configurer.setConfigProperties(port, "META-INF/my-client-config.xml", "Custom Client Config 2");
-port.echo("Kermit");
-
-...
-
-configurer.setConfigProperties(port, "META-INF/my-client-config.xml", "Custom Client Config 3");
-port.echo("Kermit");
-
-...
-
-configurer.setConfigProperties(port, null, "Container Custom Client Config"); //reads from current container configurations if available
-port.echo("Kermit");
-
-...
-
-configurer.setConfigProperties(port, null, null); //reads from current Elytron client configuration if available
-port.echo("Kermit");
-
-
-
-
The default ClientConfigurer implementation parses the specified
-configuration file, if any, after having resolved it as a resources
-using the current thread context classloader. The
-jbossws-jaxws-config
-schema defines the descriptor contents and is included in the
-jbossws-spi artifact.
-
-
-
If WildFly Elytron client configuration is present, the client will automatically use SSL context and credentials (for HTTP Basic authentication or Username Token Profile) from this configuration if these were not already configured.
-
-
-
-
-
Automatic configuration from default descriptors
-
-
In some cases, the application developer might not be aware of the
-configuration that will need to be used for its client and endpoint
-implementation, perhaps because that’s a concern of the application
-deployer. In other cases, explicit usage (compile time dependency) of
-JBossWS API might not be accepted. To cope with such scenarios, JBossWS
-allows including default client ( jaxws-client-config.xml) and
-endpoint ( jaxws-endpoint-config.xml) descriptor within the
-application (in its root), which are parsed for getting configurations
-any time a configuration file name is not specified.
-
-
-
If the configuration name is also not specified, JBossWS automatically
-looks for a configuration named the same as
-
-
-
-
-
the endpoint implementation class (full qualified name), in case of
-Jakarta XML Web Services endpoints;
-
-
-
the service endpoint interface (full qualified name), in case of
-Jakarta XML Web Services clients.
-
-
-
-
-
No automatic configuration name is selected for Dispatch clients.
-
-
-
So, for instance, an endpoint implementation class
-org.foo.bar.EndpointImpl for which no pre-defined configuration is
-explicitly set will cause JBossWS to look for a
-org.foo.bar.EndpointImpl named configuration within a
-jaxws-endpoint-config.xml descriptor in the root of the application
-deployment. Similarly, on client side, a client proxy implementing
-org.foo.bar.Endpoint interface (SEI) will have the setup read from a
-org.foo.bar.Endpoint named configuration in jaxws-client-config.xml
-descriptor.
-
-
-
-
Automatic configuration assignment from container setup
-
-
JBossWS fall-backs to getting predefined configurations from the
-container setup whenever no explicit configuration has been provided and
-the default descriptors are either not available or do not contain
-relevant configurations. This gives additional control on the Jakarta XML Web Services
-client and endpoint setup to administrators, as the container setup can
-be managed independently from the deployed applications.
-JBossWS hence accesses the webservices subsystem the same as explained
-above for explicitly named configuration; the default configuration
-names used for look are
-
-
-
-
-
the endpoint implementation class (full qualified name), in case of
-Jakarta XML Web Services endpoints;
-
-
-
the service endpoint interface (full qualified name), in case of
-Jakarta XML Web Services clients.
-Dispatch clients are not automatically configured. If no configuration
-is found using names computed as above, the Standard-Client-Config and
-Standard-Endpoint-Config configurations are used for clients and
-endpoints respectively
-
-
-
-
-
-
-
-
17.5.9. Authentication
-
-
Authentication
-
-
Here the simplest way to authenticate a web service user with JBossWS is
-explained.
-
-
-
First we secure the access to the SLSB as we would do for normal (non
-web service) invocations: this can be easily done through the
-@RolesAllowed, @PermitAll, @DenyAll annotation. The allowed user roles
-can be set with these annotations both on the bean class and on any of
-its business methods.
The security domain as well as its the authentication and authorization
-mechanisms are defined differently depending on the application server
-version in use.
-
-
-
-
Use BindingProvider to set principal/credential
-
-
A web service client may use the jakarta.xml.ws.BindingProvider
-interface to set the username/password combination
All Jakarta XML Web Services functionalities provided by JBossWS on top of WildFly are
-currently served through a proper integration of the JBoss Web Services
-stack with most of the Apache CXF project
-modules.
-
-
-
Apache CXF is an open source services framework. It allows building and
-developing services using frontend programming APIs (including Jakarta XML Web Services),
-with services speaking a variety of protocols such as SOAP and XML/HTTP
-over a variety of transports such as HTTP and Jakarta Messaging.
-
-
-
The integration layer ( JBossWS-CXF in short hereafter) is mainly
-meant for:
-
-
-
-
-
allowing using standard webservices APIs (including Jakarta XML Web Services) on
-WildFly; this is performed internally leveraging Apache CXF without
-requiring the user to deal with it;
-
-
-
allowing using Apache CXF advanced features (including WS-*) on top of
-WildFly without requiring the user to deal with / setup / care about the
-required integration steps for running in such a container.
-
-
-
-
-
In order for achieving the goals above, the JBossWS-CXF integration
-supports the JBoss ws endpoint deployment mechanism and comes with many
-internal customizations on top of Apache CXF.
-
-
-
In the next sections a list of technical suggestions and notes on the
-integration is provided; please also refer to the
-Apache CXF official documentation
-for in-depth details on the CXF architecture.
-
-
-
-
Building WS applications the JBoss way
-
-
The Apache CXF client and endpoint configuration as explained in the
-Apache CXF official user guide is
-heavily based on Spring. Apache CXF basically parses Spring cxf.xml
-descriptors; those may contain any basic bean plus specific ws client
-and endpoint beans which CXF has custom parsers for. Apache CXF can be
-used to deploy webservice endpoints on any servlet container by
-including its libraries in the deployment; in such a scenario Spring
-basically serves as a convenient configuration option, given direct
-Apache CXF API usage won’t be very handy. Similar reasoning applies on
-client side, where a Spring based descriptor offers a shortcut for
-setting up Apache CXF internals.
-
-
-
This said, nowadays almost any Apache CXF functionality can be
-configured and used through direct API usage, without Spring. As a
-consequence of that and given the considerations in the sections below,
-the JBossWS integration with Apache CXF does not rely on Spring
-descriptors.
-
-
-
Portable applications
-
-
WildFly is much more then a servlet container; it actually provides
-users with a fully compliant target platform for Jakarta EE applications.
-
-
-
Generally speaking, users are encouraged to write portable
-applications by relying only on Jakarta XML Web Services specification whenever
-possible. That would by the way ensure easy migrations to and from other
-compliant platforms. Being a Jakarta EE container, WildFly already comes
-with a Jakarta XML Web Services compliant implementation, which is basically Apache CXF
-plus the JBossWS-CXF integration layer. So users just need to write
-their Jakarta XML Web Services application; no need for embedding any Apache CXF or any
-ws related dependency library in user deployments. Please refer to the
-Jakarta XML Web Services User Guide section of the documentation for
-getting started.
-
-
-
WS-* usage (including WS-Security, WS-Addressing, WS-ReliableMessaging,
-…) should also be configured in the most portable way; that is by
-relying on proper WS-Policy assertions on the endpoint WSDL contracts,
-so that client and endpoint configuration is basically a matter of
-setting few ws context properties. The WS-* related sections of this
-documentation cover all the details on configuring applications making
-use of WS-* through policies.
-
-
-
As a consequence of the reasoning above, the JBossWS-CXF integration is
-currently built directly on the Apache CXF API and aims at allowing
-users to configure webservice clients and endpoints without Spring
-descriptors.
-
-
-
-
Direct Apache CXF API usage
-
-
Whenever users can’t really meet their application requirements with
-Jakarta XML Web Services plus WS-Policy, it is of course still possible to rely on direct
-Apache CXF API usage (given that’s included in the AS), loosing the Java
-EE portability of the application. That could be the case of a user
-needing specific Apache CXF functionalities, or having to consume WS-*
-enabled endpoints advertised through legacy wsdl contracts without
-WS-Policy assertions.
-
-
-
On server side, direct Apache CXF API usage might not be always possible
-or end up being not very easy. For this reason, the JBossWS integration
-comes with a convenient alternative through customization options in the
-jboss-webservices.xml descriptor described below on this page.
-Properties can be declared in jboss-webservices.xml to control Apache
-CXF internals like interceptors, features, etc.
-
-
-
-
-
Bus usage
-
-
Creating a Bus instance
-
-
Most of the Apache CXF features are configurable using the
-org.apache.cxf.Bus class. While for basic Jakarta XML Web Services usage the user might
-never need to explicitly deal with Bus, using Apache CXF specific
-features generally requires getting a handle to a org.apache.cxf.Bus
-instance. This can happen on client side as well as in a ws endpoint or
-handler business code.
-
-
-
New Bus instances are produced by the currently configured
-org.apache.cxf.BusFactory implementation the following way:
-
-
-
-
Bus bus = BusFactory.newInstance().createBus();
-
-
-
-
The algorithm for selecting the actual implementation of BusFactory to
-be used leverages the Service API, basically looking for optional
-configurations in META-INF/services/… location using the current
-thread context classloader. JBossWS-CXF integration comes with its own
-implementation of BusFactory,
-org.jboss.wsf.stack.cxf.client.configuration.JBossWSBusFactory, that
-allows for seamless setup of JBossWS customizations on top of Apache
-CXF. So, assuming the JBossWS-CXF libraries are available in the current
-thread context classloader, the JBossWSBusFactory is automatically
-retrieved by the BusFactory.newInstance() call above.
-
-
-
JBossWS users willing to explicitly use functionalities of
-org.apache.cxf.bus.CXFBusFactory, get the same API with JBossWS
-additions through JBossWSBusFactory:
-
-
-
-
Map<Class, Object> myExtensions = newHashMap<Class, Object>();
-myExtensions.put(...);
-Bus bus = new JBossWSBusFactory().createBus(myExtensions);
-
-
-
-
-
Using existing Bus instances
-
-
Apache CXF keeps reference to a global default Bus instance as well as
-to a thread default bus for each thread. That is performed through
-static members in org.apache.cxf.BusFactory, which also comes with
-the following methods in the public API:
-
-
-
-
publicstaticsynchronized Bus getDefaultBus()
-publicstaticsynchronized Bus getDefaultBus(boolean createIfNeeded)
-publicstaticsynchronizedvoid setDefaultBus(Bus bus)
-publicstatic Bus getThreadDefaultBus()
-publicstatic Bus getThreadDefaultBus(boolean createIfNeeded)
-publicstaticvoid setThreadDefaultBus(Bus bus)
-
-
-
-
Please note that the default behaviour of getDefaultBus()/
-getDefaultBus(true)/getThreadDefaultBus()/
-getThreadDefaultBus(true) is to create a new Bus instance if that’s
-not set yet. Moreover getThreadDefaultBus() and
-getThreadDefaultBus(true) first fallback to retrieving the configured
-global default bus before actually trying creating a new instance (and
-the created new instance is set as global default bus if that was not
-set there yet).
-
-
-
The drawback of this mechanism (which is basically fine in JSE
-environment) is that when running in WildFly container you need to be
-careful in order not to (mis)use a bus over multiple applications
-(assuming the Apache CXF classes are loaded by the same classloader,
-which is currently the case with WildFly).
-
-
-
Here is a list of general suggestions to avoid problems when running
-in-container:
-
-
-
-
-
forget about the global default bus; you don’t need that, so don’t do
-getDefaultBus()/getDefaultBus(true)/setDefaultBus() in
-your code;
-
-
-
avoid getThreadDefaultBus()/getThreadDefaultBus(true) unless
-you already know for sure the default bus is already set;
-
-
-
keep in mind thread pooling whenever you customize a thread default
-bus instance (for instance adding bus scope interceptors, …), as that
-thread and bus might be later reused; so either shutdown the bus when
-you’re done or explicitly remove it from the BusFactory thread
-association.
-
-
-
-
-
Finally, remember that each time you explictly create a new Bus instance
-(factory.createBus()) that is set as thread default bus and global
-default bus if those are not set yet. The JAXWS Provider
-implementation also creates Bus instances internally, in particular
-the JBossWS version of JAXWS Provider makes sure the default bus is
-never internally used and instead a new Bus is created if required
-(more details on this in the next paragraph).
-
-
-
-
Bus selection strategies for JAXWS clients
-
-
JAXWS clients require an Apache CXF Bus to be available; the client is
-registered within the Bus and the Bus affects the client behavior (e.g.
-through the configured CXF interceptors). The way a bus is internally
-selected for serving a given JAXWS client is very important, especially
-for in-container clients; for this reason, JBossWS users can choose the
-preferred Bus selection strategy. The strategy is enforced in the
-jakarta.xml.ws.spi.Provider implementation from the JBossWS integration,
-being that called whenever a JAXWS Service (client) is requested.
-
-
-Thread bus strategy (THREAD_BUS)
-
-
Each time the vanilla JAXWS api is used to create a Bus, the JBossWS-CXF
-integration will automatically make sure a Bus is currently associated
-to the current thread in the BusFactory. If that’s not the case, a new
-Bus is created and linked to the current thread (to prevent the user
-from relying on the default Bus). The Apache CXF engine will then create
-the client using the current thread Bus.
-
-
-
This is the default strategy, and the most straightforward one in Java
-SE environments; it lets users automatically reuse a previously created
-Bus instance and allows using customized Bus that can possibly be
-created and associated to the thread before building up a JAXWS client.
-
-
-
The drawback of the strategy is that the link between the Bus instance
-and the thread needs to be eventually cleaned up (when not needed
-anymore). This is really evident in a Jakarta EE environment (hence when
-running in-container), as threads from pools (e.g. serving web requests)
-are re-used.
-
-
-
When relying on this strategy, the safest approach to be sure of
-cleaning up the link is to surround the JAXWS client with a
-try/finally block as below:
-
-
-
-
try {
- Service service = Service.create(wsdlURL, serviceQName);
- MyEndpoint port = service.getPort(MyEndpoint.class);
- //...
-} finally {
- BusFactory.setThreadDefaultBus(null);
- // OR (if you don't need the bus and the client anymore)
- Bus bus = BusFactory.getThreadDefaultBus(false);
- bus.shutdown(true);
-}
-
-
-
-
-New bus strategy (NEW_BUS)
-
-
Another strategy is to have the JAXWS Provider from the JBossWS
-integration create a new Bus each time a JAXWS client is built. The main
-benefit of this approach is that a fresh bus won’t rely on any formerly
-cached information (e.g. cached WSDL / schemas) which might have changed
-after the previous client creation. The main drawback is of course worse
-performance as the Bus creation takes time.
-
-
-
If there’s a bus already associated to the current thread before the
-JAXWS client creation, that is automatically restored when returning
-control to the user; in other words, the newly created bus will be used
-only for the created JAXWS client but won’t stay associated to the
-current thread at the end of the process. Similarly, if the thread was
-not associated to any bus before the client creation, no bus will be
-associated to the thread at the end of the client creation.
-
-
-
-Thread context classloader bus strategy (TCCL_BUS)
-
-
The last strategy is to have the bus created for serving the client be
-associated to the current thread context classloader (TCCL). That
-basically means the same Bus instance is shared by JAXWS clients running
-when the same TCCL is set. This is particularly interesting as each web
-application deployment usually has its own context classloader, so this
-strategy is possibly a way to keep the number of created Bus instances
-bound to the application number in WildFly container.
-
-
-
If there’s a bus already associated to the current thread before the
-JAXWS client creation, that is automatically restored when returning
-control to the user; in other words, the bus corresponding to the
-current thread context classloader will be used only for the created
-JAXWS client but won’t stay associated to the current thread at the end
-of the process. If the thread was not associated to any bus before the
-client creation, a new bus will be created (and later user for any other
-client built with this strategy and the same TCCL in place); no bus will
-be associated to the thread at the end of the client creation.
-
-
-
-Strategy configuration
-
-
Users can request a given Bus selection strategy to be used for the
-client being built by specifying one of the following JBossWS features
-(which extend jakarta.xml.ws.WebServiceFeature):
Service service = Service.create(wsdlURL, serviceQName, new UseThreadBusFeature());
-
-
-
-
If no feature is explicitly specified, the system default strategy is
-used, which can be modified through the
-org.jboss.ws.cxf.jaxws-client.bus.strategy system property when
-starting the JVM. The valid values for the property are THREAD_BUS,
-NEW_BUS and TCCL_BUS. The default is THREAD_BUS.
-
-
-
-
-
-
Server Side Integration Customization
-
-
The JBossWS-CXF server side integration takes care of internally
-creating proper Apache CXF structures (including a Bus instance, of
-course) for the provided ws deployment. Should the deployment include
-multiple endpoints, those would all live within the same Apache CXF Bus,
-which would of course be completely separated by the other deployments'
-bus instances.
-
-
-
While JBossWS sets sensible defaults for most of the Apache CXF
-configuration options on server side, users might want to fine tune the
-Bus instance that’s created for their deployment; a
-jboss-webservices.xml descriptor can be used for deployment level
-customizations.
JBossWS-CXF integration comes with a set of allowed property names to
-control Apache CXF internals.
-
-
-WorkQueue configuration
-
-
Apache CXF uses WorkQueue instances for dealing with some operations
-(e.g. @Oneway requests processing). A
-WorkQueueManager
-is installed in the Bus as an extension and allows for adding / removing
-queues as well as controlling the existing ones.
-
-
-
On server side, queues can be provided by using the
-cxf.queue.<queue-name>.* properties in jboss-webservices.xml (e.g.
-cxf.queue.default.maxQueueSize for controlling the max queue size of
-the default workqueue). At deployment time, the JBossWS integration
-can add new instances of
-AutomaticWorkQueueImpl
-to the currently configured WorkQueueManager; the properties below are
-used to fill in parameter into the
-AutomaticWorkQueueImpl
-constructor:
-
-
-
-
-
-
-
-
-
Property
-
Default value
-
-
-
-
-
cxf.queue.<queue-name>.maxQueueSize
-
256
-
-
-
cxf.queue.<queue-name>.initialThreads
-
0
-
-
-
cxf.queue.<queue-name>.highWaterMark
-
25
-
-
-
cxf.queue.<queue-name>.lowWaterMark
-
5
-
-
-
cxf.queue.<queue-name>.dequeueTimeout
-
120000
-
-
-
-
-
-Policy alternative selector
-
-
The Apache CXF policy engine supports different strategies to deal with
-policy alternatives. JBossWS-CXF integration currently defaults to the
-MaximalAlternativeSelector,
-but still allows for setting different selector implementation using the
-cxf.policy.alternativeSelector property in jboss-webservices.xml.
-
-
-
-MBean management
-
-
Apache CXF allows managing its MBean objects that are installed into the
-WildFly MBean server. The feature is enabled on a deployment basis
-through the cxf.management.enabled property in
-jboss-webservices.xml. The
-cxf.management.installResponseTimeInterceptors property can also be
-used to control installation of CXF response time interceptors, which
-are added by default when enabling MBean management, but might not be
-desired in some cases. Here is an example:
Schema validation of exchanged messages can also be enabled in
-jboss-webservices.xml. Further details available
-here.
-
-
-
-Interceptors
-
-
The jboss-webservices.xml descriptor also allows specifying the
-cxf.interceptors.in and cxf.interceptors.out properties; those
-allows declaring interceptors to be attached to the Bus instance that’s
-created for serving the deployment.
The jboss-webservices.xml descriptor also allows specifying the
-cxf.features property; that allows declaring features to be attached
-to any endpoint belonging to the Bus instance that’s created for serving
-the deployment.
WS-Discovery support can be turned on in jboss-webservices for the
-current deployment. Further details available here.
-
-
-
-
-
-
Apache CXF interceptors
-
-
Apache CXF supports declaring interceptors using one of the following
-approaches:
-
-
-
-
-
Annotation usage on endpoint classes (
-@org.apache.cxf.interceptor.InInterceptor,
-@org.apache.cxf.interceptor.OutInterceptor)
-
-
-
Direct API usage on client side (through the
-org.apache.cxf.interceptor.InterceptorProvider interface)
-
-
-
Spring descriptor usage ( cxf.xml)
-
-
-
-
-
As the Spring descriptor usage is not supported, the JBossWS integration
-adds an additional descriptor based approach to avoid requiring
-modifications to the actual client/endpoint code. Users can declare
-interceptors within predefined client and endpoint
-configurations by specifying a list of interceptor class names for the
-cxf.interceptors.in and cxf.interceptors.out properties.
A new instance of each specified interceptor class will be added to the
-client or endpoint the configuration is assigned to. The interceptor
-classes must have a no-argument constructor.
-
-
-
-
Apache CXF features
-
-
Apache CXF supports declaring features using one of the following
-approaches:
-
-
-
-
-
Annotation usage on endpoint classes (
-@org.apache.cxf.feature.Features)
-
-
-
Direct API usage on client side (through extensions of the
-org.apache.cxf.feature.AbstractFeature class)
-
-
-
Spring descriptor usage ( cxf.xml)
-
-
-
-
-
As the Spring descriptor usage is not supported, the JBossWS integration
-adds an additional descriptor based approach to avoid requiring
-modifications to the actual client/endpoint code. Users can declare
-features within predefined client and endpoint
-configurations by specifying a list of feature class names for the
-cxf.features property.
A new instance of each specified feature class will be added to the
-client or endpoint the configuration is assigned to. The feature classes
-must have a no-argument constructor.
-
-
-
-
Properties driven bean creation
-
-
Sections above explain how to declare CXF interceptors and features
-through properties either in a client/endpoint predefined configuration
-or in a jboss-webservices.xml descriptor. By getting the
-feature/interceptor class name only specified, the container simply
-tries to create a bean instance using the class default constructor.
-This sets a limitation on the feature/interceptor configuration, unless
-custom extensions of vanilla CXF classes are provided, with the default
-constructor setting properties before eventually using the super
-constructor.
-
-
-
To cope with this issue, JBossWS integration comes with a mechanism for
-configuring simple bean hierarchies when building them up from
-properties. Properties can have bean reference values, that is strings
-starting with ##. Property reference keys are used to specify the bean
-class name and the value for for each attribute. So for instance the
-following properties:
-
-
-
-
-
-
-
-
-
Key
-
Value
-
-
-
-
-
cxf.features
-
foo, bar
-
-
-
##foo
-
org.jboss.Foo
-
-
-
##foo.par
-
34
-
-
-
##bar
-
org.jboss.Bar
-
-
-
##bar.color
-
blue
-
-
-
-
-
would result into the stack installing two feature instances, the same
-that would have been created by
-
-
-
-
importorg.Bar;
-importorg.Foo;
-
-...
-
-Foo foo = new Foo();
-foo.setPar(34);
-Bar bar = new Bar();
-bar.setColor("blue");
-
-
-
-
The mechanism assumes that the classes are valid beans with proper
-getter and setter methods; value objects are cast to the correct
-primitive type by inspecting the class definition. Nested beans can of
-course be configured.
-
-
-
-
HTTPConduit configuration
-
-
HTTP transport setup in Apache CXF is achieved through
-org.apache.cxf.transport.http.HTTPConduit
-configurations.
-When running on top of the JBossWS integration, conduits can be
-programmatically modified using the Apache CXF API as follows:
-
-
-
-
importorg.apache.cxf.frontend.ClientProxy;
-importorg.apache.cxf.transport.http.HTTPConduit;
-importorg.apache.cxf.transports.http.configuration.HTTPClientPolicy;
-
-//set chunking threshold before using a Jakarta XML Web Services port client
-...
-HTTPConduit conduit = (HTTPConduit)ClientProxy.getClient(port).getConduit();
-HTTPClientPolicy client = conduit.getClient();
-
-client.setChunkingThreshold(8192);
-...
-
-
-
-
Users can also control the default values for the most common
-HTTPConduit parameters by setting specific system properties; the
-provided values will override Apache CXF defaut values.
-
-
-
-
-
-
-
-
-
Property
-
Description
-
-
-
-
-
cxf.client.allowChunking
-
A boolean to tell Apache CXF whether to allow
-send messages using chunking.
-
-
-
cxf.client.chunkingThreshold
-
An integer value to tell Apache CXF the
-threshold at which switching from non-chunking to chunking mode.
-
-
-
cxf.client.connectionTimeout
-
A long value to tell Apache CXF how many
-milliseconds to set the connection timeout to
-
-
-
cxf.client.receiveTimeout
-
A long value to tell Apache CXF how many
-milliseconds to set the receive timeout to
-
-
-
cxf.client.connection
-
A string to tell Apache CXF to use Keep-Alive or
-close connection type
-
-
-
cxf.tls-client.disableCNCheck
-
A boolean to tell Apache CXF whether
-disabling CN host name check or not
-
-
-
-
-
The vanilla Apache CXF defaults apply when the system properties above
-are not set.
-
-
-
-
-
17.5.11. WS-Addressing
-
-
JBoss Web Services inherits full WS-Addressing capabilities from the
-underlying Apache CXF implementation. Apache CXF provides support for
-2004-08 and 1.0 versions of
-WS-Addressing.
-
-
-
Enabling WS-Addressing
-
-
WS-Addressing can be turned on in multiple standard ways:
-
-
-
-
-
consuming a WSDL contract that specifies a WS-Addressing assertion /
-policy
-
-
-
using the @jakarta.xml.ws.soap.Addressing annotation
-
-
-
using the jakarta.xml.ws.soap.AddressingFeature feature
The WS-Addressing support is also perfectly integrated with the Apache
-CXF WS-Policy engine.
-
-
-
This basically means that the WSDL contract generation for code-first
-endpoint deployment is policy-aware: users can annotate endpoints with
-the @jakarta.xml.ws.soap.Addressing annotation and expect the
-published WSDL contract to contain proper WS-Addressing policy (assuming
-no wsdlLocation is specified in the endpoint’s @WebService
-annotation).
-
-
-
Similarly, on client side users do not need to manually specify the
-jakarta.xml.ws.soap.AddressingFeature feature, as the policy engine is
-able to properly process the WS-Addressing policy in the consumed WSDL
-and turn on addressing as requested.
-
-
-
-
Example
-
-
Here is an example showing how to simply enable WS-Addressing through
-WS-Policy.
-
-
-
Endpoint
-
-
A simple Jakarta XML Web Services endpoint is prepared using a java-first approach;
-WS-Addressing is enforced through @Addressing annotation and no
-wsdlLocation is provided in @WebService:
WS-Security provides the means to secure your services beyond transport
-level protocols such as HTTPS. Through a number of standards such as
-XML-Encryption, and headers defined
-in the
-WS-Security
-standard, it allows you to:
-
-
-
-
-
Pass authentication tokens between services.
-
-
-
Encrypt messages or parts of messages.
-
-
-
Sign messages.
-
-
-
Timestamp messages.
-
-
-
-
-
WS-Security makes heavy use of public and private key cryptography. It
-is helpful to understand these basics to really understand how to
-configure WS-Security. With public key cryptography, a user has a pair
-of public and private keys. These are generated using a large prime
-number and a key function.
-
-
-
-
-
-
The keys are related mathematically, but cannot be derived from one
-another. With these keys we can encrypt messages. For example, if Bob
-wants to send a message to Alice, he can encrypt a message using her
-public key. Alice can then decrypt this message using her private key.
-Only Alice can decrypt this message as she is the only one with the
-private key.
-
-
-
-
-
-
Messages can also be signed. This allows you to ensure the authenticity
-of the message. If Alice wants to send a message to Bob, and Bob wants
-to be sure that it is from Alice, Alice can sign the message using her
-private key. Bob can then verify that the message is from Alice by using
-her public key.
-
-
-
-
-
-
-
JBoss WS-Security support
-
-
JBoss Web Services supports many real world scenarios requiring
-WS-Security functionalities. This includes signature and encryption
-support through X509 certificates, authentication and authorization
-through username tokens as well as all ws-security configurations
-covered by WS-
-SecurityPolicy
-specification.
-
-
-
As well as for other WS-* features, the core of
-WS-Security functionalities is provided through the Apache CXF engine.
-On top of that the JBossWS integration adds few configuration
-enhancements to simplify the setup of WS-Security enabled endpoints.
-
-
-
Apache CXF WS-Security implementation
-
-
Apache CXF features a top class WS-Security module supporting multiple
-configurations and easily extendible.
-
-
-
The system is based on interceptors that delegate to
-Apache WSS4J for the low level security
-operations. Interceptors can be configured in different ways, either
-through Spring configuration files or directly using Apache CXF client
-API. Please refer to the
-Apache CXF documentation if
-you’re looking for more details.
-
-
-
Recent versions of Apache CXF, however, introduced support for
-WS-Security Policy, which aims at moving most of the security
-configuration into the service contract (through policies), so that
-clients can easily be configured almost completely automatically from
-that. This way users do not need to manually deal with configuring /
-installing the required interceptors; the Apache CXF WS-Policy engine
-internally takes care of that instead.
-
-
-WS-Security Policy support
-
-
WS-SecurityPolicy describes the actions that are required to securely
-communicate with a service advertised in a given WSDL contract. The WSDL
-bindings / operations reference WS-Policy fragments with the security
-requirements to interact with the service. The
-WS-SecurityPolicy
-specification allows for specifying things like asymmetric/symmetric
-keys, using transports (https) for encryption, which parts/headers to
-encrypt or sign, whether to sign then encrypt or encrypt then sign,
-whether to include timestamps, whether to use derived keys, etc.
-
-
-
However some mandatory configuration elements are not covered by
-WS-SecurityPolicy, basically because they’re not meant to be public /
-part of the published endpoint contract; those include things such as
-keystore locations, usernames and passwords, etc. Apache CXF allows
-configuring these elements either through Spring xml descriptors or
-using the client API / annotations. Below is the list of supported
-configuration properties:
-
-
-
-
-
-
-
-
-
ws-security.username
-
The username used for UsernameToken policy
-assertions
-
-
-
-
-
ws-security.password
-
The password used for UsernameToken policy
-assertions. If not specified, the callback handler will be called.
-
-
-
ws-security.callback-handler
-
The WSS4J security CallbackHandler that
-will be used to retrieve passwords for keystores and UsernameTokens.
-
-
-
ws-security.signature.properties
-
The properties file/object that
-contains the WSS4J properties for configuring the signature keystore and
-crypto objects
-
-
-
ws-security.encryption.properties
-
The properties file/object that
-contains the WSS4J properties for configuring the encryption keystore
-and crypto objects
-
-
-
ws-security.signature.username
-
The username or alias for the key in
-the signature keystore that will be used. If not specified, it uses the
-the default alias set in the properties file. If that’s also not set,
-and the keystore only contains a single key, that key will be used.
-
-
-
ws-security.encryption.username
-
The username or alias for the key in
-the encryption keystore that will be used. If not specified, it uses the
-the default alias set in the properties file. If that’s also not set,
-and the keystore only contains a single key, that key will be used. For
-the web service provider, the useReqSigCert keyword can be used to
-accept (encrypt to) any client whose public key is in the service’s
-truststore (defined in ws-security.encryption.properties.)
-
-
-
ws-security.signature.crypto
-
Instead of specifying the signature
-properties, this can point to the full WSS4J Crypto object. This can
-allow easier "programmatic" configuration of the Crypto information."
-
-
-
ws-security.encryption.crypto
-
Instead of specifying the encryption
-properties, this can point to the full WSS4J Crypto object. This can
-allow easier "programmatic" configuration of the Crypto information."
In order for removing the need of Spring on server side for setting up
-WS-Security configuration properties not covered by policies, the
-JBossWS integration allows for getting those pieces of information from
-a defined endpoint configuration. Endpoint
-configurationscan include property declarations and endpoint
-implementations can be associated with a given endpoint configuration
-using the @EndpointConfig annotation.
The JBossWS configuration additions allow for a descriptor approach to
-the WS-Security Policy engine configuration. If you prefer to provide
-the same information through an annotation approach, you can leverage
-the Apache CXF @org.apache.cxf.annotations.EndpointProperties
-annotation:
In this section some sample of WS-Security service endpoints and clients
-are provided. Please note they’re only meant as tutorials; you should
-really careful isolate the ws-security policies / assertion that best
-suite your security needs before going to production environment.
-
-
-
-
-
-
-
-
-The following sections provide directions and examples on understanding
-some of the configuration options for WS-Security engine. Please note
-the implementor remains responsible for assessing the application
-requirements and choosing the most suitable security policy for them.
-
-
-
-
-
-
Signature and encryption
-
-Endpoint
-
-
First of all you need to create the web service endpoint using Jakarta XML Web Services.
-While this can generally be achieved in different ways, it’s required to
-use a contract-first approach when using WS-Security, as the policies
-declared in the wsdl are parsed by the Apache CXF engine on both server
-and client sides. So, here is an example of WSDL contract enforcing
-signature and encryption using X 509 certificates (the referenced schema
-is omitted):
The referenced jaxws-endpoint-config.xml descriptor is used to provide
-a custom endpoint configuration with the required server side
-configuration properties; this tells the engine which certificate / key
-to use for signature / signature verification and for encryption /
-decryption:
the bob.properties configuration file is also referenced above; it
-includes the WSS4J Crypto properties which in turn link to the keystore
-file, type and the alias/password to use for accessing it:
A callback handler for the letting Apache CXF access the keystore is
-also provided:
-
-
-
-
packageorg.jboss.test.ws.jaxws.samples.wsse.policy.basic;
-
-importjava.io.IOException;
-importjava.util.HashMap;
-importjava.util.Map;
-importjavax.security.auth.callback.Callback;
-importjavax.security.auth.callback.CallbackHandler;
-importjavax.security.auth.callback.UnsupportedCallbackException;
-importorg.apache.ws.security.WSPasswordCallback;
-
-publicclassKeystorePasswordCallbackimplementsCallbackHandler {
- privateMap<String, String> passwords = newHashMap<String, String>();
-
- public KeystorePasswordCallback() {
- passwords.put("alice", "password");
- passwords.put("bob", "password");
- }
-
- /**
- * It attempts to get the password from the private
- * alias/passwords map.
- */
- publicvoid handle(Callback[] callbacks) throwsIOException, UnsupportedCallbackException {
- for (int i = 0; i < callbacks.length; i++) {
- WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
-
- String pass = passwords.get(pc.getIdentifier());
- if (pass != null) {
- pc.setPassword(pass);
- return;
- }
- }
- }
-
- /**
- * Add an alias/password pair to the callback mechanism.
- */
- publicvoid setAliasPassword(String alias, String password) {
- passwords.put(alias, password);
- }
-}
-
-
-
-
Assuming the bob.pkcs12 keystore has been properly generated and contains
-Bob’s (server) full key (private/certificate + public key) as well as
-Alice’s (client) public key, we can proceed to packaging the endpoint.
-Here is the expected content (the endpoint is a POJO one in a war
-archive, but EJB3 endpoints in jar archives are of course also
-supported):
-
-
-
-
alessio@inuyasha /dati/jbossws/stack/cxf/trunk $ jar -tvf ./modules/testsuite/cxf-tests/target/test-libs/jaxws-samples-wsse-policy-sign-encrypt.war
- 0 Thu Jun 16 18:50:48 CEST 2011 META-INF/
- 140 Thu Jun 16 18:50:46 CEST 2011 META-INF/MANIFEST.MF
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/
- 586 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/web.xml
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/basic/
- 1687 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/basic/KeystorePasswordCallback.class
- 383 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/basic/ServiceIface.class
- 1070 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/basic/ServiceImpl.class
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/
- 705 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHello.class
- 1069 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHelloResponse.class
- 1225 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/jaxws-endpoint-config.xml
- 0 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/wsdl/
- 4086 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/wsdl/SecurityService.wsdl
- 653 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/wsdl/SecurityService_schema1.xsd
- 1820 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/classes/bob.pkcs12
- 311 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/classes/bob.properties
-
-
-
-
As you can see, the jaxws classes generated by the tools are of course
-also included, as well as a basic web.xml referencing the endpoint
-bean:
You start by consuming the published WSDL contract using the wsconsume
-tool on client side too. Then you simply invoke the the endpoint as a
-standard Jakarta XML Web Services one:
As you can see, the WS-Security properties are set in the request
-context. Here the KeystorePasswordCallback is the same as on server
-side above, you might want/need different implementation in real world
-scenarios, of course.
-The alice.properties file is the client side equivalent of the server
-side bob.properties and references the alice.pkcs12 keystore file,
-which has been populated with Alice’s (client) full key
-(private/certificate + public key) as well as Bob’s (server) public key.
The Apache CXF WS-Policy engine will digest the security requirements in
-the contract and ensure a valid secure communication is in place for
-interacting with the server endpoint.
-
-
-
-Endpoint serving multiple clients
-
-
The server side configuration described above implies the endpoint is
-configured for serving a given client which a service agreement has been
-established for. In some real world scenarios though, the same server
-might be expected to be able to deal with (including decrypting and
-encrypting) messages coming from and being sent to multiple clients.
-Apache CXF supports that through the useReqSigCert value for the
-ws-security.encryption.username configuration parameter.
-
-
-
Of course the referenced server side keystore then needs to contain the
-public key of all the clients that are expected to be served.
-
-
-
-
-
Authentication and authorization
-
-
The Username Token Profile can be used to provide client’s credentials
-to a WS-Security enabled target endpoint.
-
-
-
Apache CXF provides means for setting basic password callback handlers
-on both client and server sides to set/check passwords; the
-ws-security.username and ws-security.callback-handler properties can
-be used similarly as shown in the signature and encryption example.
-Things become more interesting when requiring a given user to be
-authenticated (and authorized) against a security domain on the target
-application server.
-
-
-
On server side, you need to install two additional interceptors that act
-as bridges towards the application server authentication layer:
-
-
-
-
-
an interceptor for performing authentication and populating a valid
-SecurityContext; the provided interceptor should extend
-org.apache.cxf.ws.interceptor.security.AbstractUsernameTokenInInterceptor,
-in particular JBossWS integration comes with
-org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingInterceptor
-for this;
-
-
-
an interceptor for performing authorization; CXF requires that to
-extend
-org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor,
-for instance the SimpleAuthorizingInterceptor can be used for simply
-mapping endpoint operations to allowed roles.
-
-
-
-
-
So, here follows an example of WS-SecurityPolicy endpoint using Username
-Token Profile for authenticating through the application server security
-domain system.
-
-
-Endpoint
-
-
As in the other example, we start with a wsdl contract containing the
-proper WS-Security Policy:
Please note the specified JBoss security domain needs to be properly
-configured for computing digests.
-
-
-
The service endpoint can be generated using the wsconsume tool and
-then enriched with a @EndpointConfig annotation and @InInterceptors
-annotation to add the two interceptors mentioned above for JAAS
-integration:
The POJOEndpointAuthorizationInterceptor is included into the
-deployment and deals with the roles cheks:
-
-
-
-
packageorg.jboss.test.ws.jaxws.samples.wsse.policy.jaas;
-
-importjava.util.HashMap;
-importjava.util.Map;
-importorg.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor;
-
-publicclassPOJOEndpointAuthorizationInterceptorextends SimpleAuthorizingInterceptor
-{
-
- public POJOEndpointAuthorizationInterceptor()
- {
- super();
- readRoles();
- }
-
- privatevoid readRoles()
- {
- //just an example, this might read from a configuration file or such
- Map<String, String> roles = newHashMap<String, String>();
- roles.put("sayHello", "friend");
- roles.put("greetMe", "snoopies");
- setMethodRolesMap(roles);
- }
-}
-
-
-
-
The jaxws-endpoint-config.xml descriptor is used to provide a custom
-endpoint configuration with the required server side configuration
-properties; in particular for this Username Token case that’s just a CXF
-configuration option for leaving the username token validation to the
-configured interceptors:
In order for requiring a given JBoss security domain to be used to
-protect access to the endpoint (a POJO one in this case), we declare
-that in a jboss-web.xml descriptor (the JBossWS security domain is
-used):
-
-
-
-
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">
-<jboss-web>
- <security-domain>java:/jaas/JBossWS</security-domain>
-</jboss-web
The endpoint is packaged into a war archive, including the JAXWS classes
-generated by wsconsume:
-
-
-
-
alessio@inuyasha /dati/jbossws/stack/cxf/trunk $ jar -tvf ./modules/testsuite/cxf-tests/target/test-libs/jaxws-samples-wsse-policy-username-jaas.war
- 0 Thu Jun 16 18:50:48 CEST 2011 META-INF/
- 155 Thu Jun 16 18:50:46 CEST 2011 META-INF/MANIFEST.MF
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/
- 585 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/web.xml
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaas/
- 982 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaas/POJOEndpointAuthorizationInterceptor.class
- 412 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaas/ServiceIface.class
- 1398 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaas/ServiceImpl.class
- 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/
- 701 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/GreetMe.class
- 1065 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/GreetMeResponse.class
- 705 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHello.class
- 1069 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHelloResponse.class
- 556 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/jaxws-endpoint-config.xml
- 241 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/jboss-web.xml
- 0 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/wsdl/
- 3183 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/wsdl/SecurityService.wsdl
- 1012 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/wsdl/SecurityService_schema1.xsd
-
-
-
-
-
-
-
-
-
-If you’re deploying the endpoint archive on WildFly, remember to add a
-dependency to org.apache.ws.security and org.apache.cxf module (due
-to the @InInterceptor annotation) in the MANIFEST.MF file.
-
Here too you start by consuming the published WSDL contract using the
-wsconsume tool. Then you simply invoke the the endpoint as a standard
-Jakarta XML Web Services one:
The UsernamePasswordCallback class is shown below and is responsible
-for setting the passwords on client side just before performing the
-invocations:
If everything has been done properly, you should expect to calls to
-sayHello() fail when done with user "snoopy" and pass with user
-"kermit" (and credential "thefrog"); moreover, you should get an
-authorization error when trying to call greetMe() with user "kermit",
-as that does not have the "snoopies" role.
-
-
-
-
-
Secure transport
-
-
Another quite common use case is using WS-Security Username Token
-Profile over a secure transport (HTTPS). A scenario like this is
-implemented similarly to what’s described in the previous example,
-except for few differences explained below.
-
-
-
First of all, here is an excerpt of a wsdl wth a sample security policy
-for Username Token over HTTPS:
Apache CXF supports
-WS-SecureConversation
-specification, which is about improving performance by allowing client
-and server to negotiate initial security keys to be used for later
-communication encryption/signature. This is done by having two policies
-in the wsdl contract, an outer one setting the security requirements to
-actually communicate with the endpoint and a bootstrap one, related to
-the communication for establishing the secure conversation keys. The
-client will be automatically sending an initial message to the server
-for negotiating the keys, then the actual communication to the endpoint
-takes place. As a consequence, Apache CXF needs a way to specify which
-WS-Security configuration properties are intended for the bootstrap
-policy and which are intended for the actual service policy. To
-accomplish this, properties intended for the bootstrap policy are
-appended with .sct.
WS-Trust is a Web
-service specification that defines extensions to WS-Security. It is a
-general framework for implementing security in a distributed system. The
-standard is based on a centralized Security Token Service, STS, which is
-capable of authenticating clients and issuing tokens containing various
-kinds of authentication and authorization data. The specification
-describes a protocol used for issuance, exchange, and validation of
-security tokens, however the following specifications play an important
-role in the WS-Trust architecture:
-WS-SecurityPolicy
-1.2,
-SAML
-2.0,
-Username
-Token Profile,
-X.509
-Token Profile,
-SAML
-Token Profile, and
-Kerberos
-Token Profile.
-
-
-
The WS-Trust extensions address the needs of applications that span
-multiple domains and requires the sharing of security keys by providing
-a standards based trusted third party web service (STS) to broker trust
-relationships between a Web service requester and a Web service
-provider. This architecture also alleviates the pain of service updates
-that require credential changes by providing a common location for this
-information. The STS is the common access point from which both the
-requester and provider retrieves and verifies security tokens.
-
-
-
There are three main components of the WS-Trust specification.
-
-
-
-
-
The Security Token Service (STS), a web service that issues, renews,
-and validates security tokens.
-
-
-
The message formats for security token requests and responses.
-
-
-
The mechanisms for key exchange
-
-
-
-
-
-
Security Token Service
-
-
The Security Token Service, STS, is the core of the WS-Trust
-specification. It is a standards based mechanism for authentication and
-authorization. The STS is an implementation of the WS-Trust
-specification’s protocol for issuing, exchanging, and validating
-security tokens, based on token format, namespace, or trust boundaries.
-The STS is a web service that acts as a trusted third party to broker
-trust relationships between a Web service requester and a Web service
-provider. It is a common access point trusted by both requester and
-provider to provide interoperable security tokens. It removes the need
-for a direct relationship between the two. Because the STS is a
-standards based mechanism for authentication, it helps ensure
-interoperability across realms and between different platforms.
-
-
-
The STS’s WSDL contract defines how other applications and processes
-interact with it. In particular the WSDL defines the WS-Trust and
-WS-Security policies that a requester must fulfill in order to
-successfully communicate with the STS’s endpoints. A web service
-requester consumes the STS’s WSDL and with the aid of an STSClient
-utility, generates a message request compliant with the stated security
-policies and submits it to the STS endpoint. The STS validates the
-request and returns an appropriate response.
-
-
-
-
Apache CXF support
-
-
Apache CXF is an open-source, fully featured Web services framework. The
-JBossWS open source project integrates the JBoss Web Services (JBossWS)
-stack with the Apache CXF project modules thus providing WS-Trust and
-other Jakarta XML Web Services functionality in WildFly. This integration makes it easy to
-deploy CXF STS implementations, however WildFly can run any WS-Trust
-compliant STS. In addition the Apache CXF API provides a STSClient
-utility to facilitate web service requester communication with its STS.
-
-
-
Detailed information about the Apache CXF’s WS-Trust implementation can
-be found
-here.
-
-
-
-
A Basic WS-Trust Scenario
-
-
Here is an example of a basic WS-Trust scenario. It is comprised of a
-Web service requester (ws-requester), a Web service provider
-(ws-provider), and a Security Token Service (STS). The ws-provider
-requires a SAML 2.0 token issued from a designed STS to be presented by
-the ws-requester using asymmetric binding. These communication
-requirements are declared in the ws-provider’s WSDL. The STS requires
-ws-requester credentials be provided in a WSS UsernameToken format
-request using symmetric binding. The STS’s response is provided
-containing a SAML 2.0 token. These communication requirements are
-declared in the STS’s WSDL.
-
-
-
-
-
A ws-requester contacts the ws-provider and consumes its WSDL. Upon
-finding the security token issuer requirement, it creates and configures
-a STSClient with the information it requires to generate a proper
-request.
-
-
-
The STSClient contacts the STS and consumes its WSDL. The security
-policies are discovered. The STSClient creates and sends an
-authentication request, with appropriate credentials.
-
-
-
The STS verifies the credentials.
-
-
-
In response, the STS issues a security token that provides proof
-that the ws-requester has authenticated with the STS.
-
-
-
The STClient presents a message with the security token to the
-ws-provider.
-
-
-
The ws-provider verifies the token was issued by the STS, thus
-proving the ws-requester has successfully authenticated with the STS.
-
-
-
The ws-provider executes the requested service and returns the
-results to the the ws-requester.
-
-
-
-
-
Web service provider
-
-
This section examines the crucial elements in providing endpoint
-security in the web service provider described in the basic WS-Trust
-scenario. The components that will be discussed are.
-
-
-
-
-
web service provider’s WSDL
-
-
-
web service provider’s Interface and Implementation classes.
-
-
-
ServerCallbackHandler class
-
-
-
Crypto properties and keystore files
-
-
-
MANIFEST.MF
-
-
-
-
-Web service provider WSDL
-
-
The web service provider is a contract-first endpoint. All the WS-trust
-and security policies for it are declared in the WSDL,
-SecurityService.wsdl. For this scenario a ws-requester is required to
-present a SAML 2.0 token issued from a designed STS. The address of the
-STS is provided in the WSDL. An asymmetric binding policy is used to
-encrypt and sign the SOAP body of messages that pass back and forth
-between ws-requester and ws-provider. X.509 certificates are use for the
-asymmetric binding. The rules for sharing the public and private keys in
-the SOAP request and response messages are declared. A detailed
-explanation of the security settings are provided in the comments in the
-listing below.
-
-
-
-
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<definitionstargetNamespace="http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy"name="SecurityService"
- xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy"
- xmlns:xsd="http://www.w3.org/2001/XMLSchema"
- xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
- xmlns="http://schemas.xmlsoap.org/wsdl/"
- xmlns:wsp="http://www.w3.org/ns/ws-policy"
- xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
- xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsaws="http://www.w3.org/2005/08/addressing"
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
- xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
- <types>
- <xsd:schema>
- <xsd:importnamespace="http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy"schemaLocation="SecurityService_schema1.xsd"/>
- </xsd:schema>
- </types>
- <messagename="sayHello">
- <partname="parameters"element="tns:sayHello"/>
- </message>
- <messagename="sayHelloResponse">
- <partname="parameters"element="tns:sayHelloResponse"/>
- </message>
- <portTypename="ServiceIface">
- <operationname="sayHello">
- <inputmessage="tns:sayHello"/>
- <outputmessage="tns:sayHelloResponse"/>
- </operation>
- </portType>
- <!--
- The wsp:PolicyReference binds the security requirments on all the STS endpoints.
- The wsp:Policy wsu:Id="#AsymmetricSAML2Policy" element is defined later in this file.
- -->
- <bindingname="SecurityServicePortBinding"type="tns:ServiceIface">
- <wsp:PolicyReferenceURI="#AsymmetricSAML2Policy"/>
- <soap:bindingtransport="http://schemas.xmlsoap.org/soap/http"style="document"/>
- <operationname="sayHello">
- <soap:operationsoapAction=""/>
- <input>
- <soap:bodyuse="literal"/>
- <wsp:PolicyReferenceURI="#Input_Policy"/>
- </input>
- <output>
- <soap:bodyuse="literal"/>
- <wsp:PolicyReferenceURI="#Output_Policy"/>
- </output>
- </operation>
- </binding>
- <servicename="SecurityService">
- <portname="SecurityServicePort"binding="tns:SecurityServicePortBinding">
- <soap:addresslocation="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust/SecurityService"/>
- </port>
- </service>
-
- <wsp:Policywsu:Id="AsymmetricSAML2Policy">
- <wsp:ExactlyOne>
- <wsp:All>
- <!--
- The wsam:Addressing element, indicates that the endpoints of this
- web service MUST conform to the WS-Addressing specification. The
- attribute wsp:Optional="false" enforces this assertion.
- -->
- <wsam:Addressingwsp:Optional="false">
- <wsp:Policy/>
- </wsam:Addressing>
- <!--
- The sp:AsymmetricBinding element indicates that security is provided
- at the SOAP layer. A public/private key combinations is required to
- protect the message. The initiator will use it's private key to sign
- the message and the recipient's public key is used to encrypt the message.
- The recipient of the message will use it's private key to decrypt it and
- initiator's public key to verify the signature.
- -->
- <sp:AsymmetricBinding>
- <wsp:Policy>
- <!--
- The sp:InitiatorToken element specifies the elements required in
- generating the initiator request to the ws-provider's service.
- -->
- <sp:InitiatorToken>
- <wsp:Policy>
- <!--
- The sp:IssuedToken element asserts that a SAML 2.0 security token is
- expected from the STS using a public key type. The
- sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
- attribute instructs the runtime to include the initiator's public key
- with every message sent to the recipient.
-
- The sp:RequestSecurityTokenTemplate element directs that all of the
- children of this element will be copied directly into the body of the
- RequestSecurityToken (RST) message that is sent to the STS when the
- initiator asks the STS to issue a token.
- -->
- <sp:IssuedToken
- sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
- <sp:RequestSecurityTokenTemplate>
- <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
- <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType>
- </sp:RequestSecurityTokenTemplate>
- <wsp:Policy>
- <sp:RequireInternalReference/>
- </wsp:Policy>
- <!--
- The sp:Issuer element defines the STS's address and endpoint information
- This information is used by the STSClient.
- -->
- <sp:Issuer>
- <wsaws:Address>http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService</wsaws:Address>
- <wsaws:Metadataxmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance"
- wsdli:wsdlLocation="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService?wsdl">
- <wsaw:ServiceNamexmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
- xmlns:stsns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
- EndpointName="UT_Port">stsns:SecurityTokenService</wsaw:ServiceName>
- </wsaws:Metadata>
- </sp:Issuer>
- </sp:IssuedToken>
- </wsp:Policy>
- </sp:InitiatorToken>
- <!--
- The sp:RecipientToken element asserts the type of public/private key-pair
- expected from the recipient. The
- sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
- attribute indicates that the initiator's public key will never be included
- in the reply messages.
-
- The sp:WssX509V3Token10 element indicates that an X509 Version 3 token
- should be used in the message.
- -->
- <sp:RecipientToken>
- <wsp:Policy>
- <sp:X509Token
- sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
- <wsp:Policy>
- <sp:WssX509V3Token10/>
- <sp:RequireIssuerSerialReference/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:RecipientToken>
-<!--
- The sp:Layout element, indicates the layout rules to apply when adding
- items to the security header. The sp:Lax sub-element indicates items
- are added to the security header in any order that conforms to
- WSS: SOAP Message Security.
--->
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:OnlySignEntireHeadersAndBody/>
- <!--
- The sp:AlgorithmSuite element, requires the Basic256 algorithm suite
- be used in performing cryptographic operations.
--->
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic256/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- </wsp:Policy>
- </sp:AsymmetricBinding>
-<!--
- The sp:Wss11 element declares WSS: SOAP Message Security 1.1 options
- to be supported by the STS. These particular elements generally refer
- to how keys are referenced within the SOAP envelope. These are normally
- handled by CXF.
--->
- <sp:Wss11>
- <wsp:Policy>
- <sp:MustSupportRefIssuerSerial/>
- <sp:MustSupportRefThumbprint/>
- <sp:MustSupportRefEncryptedKey/>
- </wsp:Policy>
- </sp:Wss11>
-<!--
- The sp:Trust13 element declares controls for WS-Trust 1.3 options.
- They are policy assertions related to exchanges specifically with
- client and server challenges and entropy behaviors. Again these are
- normally handled by CXF.
--->
- <sp:Trust13>
- <wsp:Policy>
- <sp:MustSupportIssuedTokens/>
- <sp:RequireClientEntropy/>
- <sp:RequireServerEntropy/>
- </wsp:Policy>
- </sp:Trust13>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
-
- <wsp:Policywsu:Id="Input_Policy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:EncryptedParts>
- <sp:Body/>
- </sp:EncryptedParts>
- <sp:SignedParts>
- <sp:Body/>
- <sp:HeaderName="To"Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="From"Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="FaultTo"Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="ReplyTo"Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="MessageID"Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="RelatesTo"Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="Action"Namespace="http://www.w3.org/2005/08/addressing"/>
- </sp:SignedParts>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
-
- <wsp:Policywsu:Id="Output_Policy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:EncryptedParts>
- <sp:Body/>
- </sp:EncryptedParts>
- <sp:SignedParts>
- <sp:Body/>
- <sp:HeaderName="To"Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="From"Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="FaultTo"Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="ReplyTo"Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="MessageID"Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="RelatesTo"Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="Action"Namespace="http://www.w3.org/2005/08/addressing"/>
- </sp:SignedParts>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
-</definitions>
-
-
-
-
-Web service provider Interface
-
-
The web service provider interface class, ServiceIface, is a simple
-straight forward web service definition.
The web service provider implementation class, ServiceImpl, is a simple
-POJO. It uses the standard WebService annotation to define the service
-endpoint. In addition there are two Apache CXF annotations,
-EndpointProperties and EndpointProperty used for configuring the
-endpoint for the CXF runtime. These annotations come from the
-Apache WSS4J project, which provides a
-Java implementation of the primary WS-Security standards for Web
-Services. These annotations are programmatically adding properties to
-the endpoint. With plain Apache CXF, these properties are often set via
-the <jaxws:properties> element on the <jaxws:endpoint> element in the
-Spring config; these annotations allow the properties to be configured
-in the code.
-
-
-
WSS4J uses the Crypto interface to get keys and certificates for
-encryption/decryption and for signature creation/verification. As is
-asserted by the WSDL, X509 keys and certificates are required for this
-service. The WSS4J configuration information being provided by
-ServiceImpl is for Crypto’s Merlin implementation. More information will
-be provided about this in the keystore section.
-
-
-
The first EndpointProperty statement in the listing is declaring the
-user’s name to use for the message signature. It is used as the alias
-name in the keystore to get the user’s cert and private key for
-signature. The next two EndpointProperty statements declares the Java
-properties file that contains the (Merlin) crypto configuration
-information. In this case both for signing and encrypting the messages.
-WSS4J reads this file and extra required information for message
-handling. The last EndpointProperty statement declares the
-ServerCallbackHandler implementation class. It is used to obtain the
-user’s password for the certificates in the keystore file.
ServerCallbackHandler is a callback handler for the WSS4J Crypto API. It
-is used to obtain the password for the private key in the keystore. This
-class enables CXF to retrieve the password of the user name to use for
-the message signature. A certificates' password is not discoverable. The
-creator of the certificate must record the password he assigns and
-provide it when requested through the CallbackHandler. In this scenario
-skpass is the password for user myservicekey.
WSS4J’s Crypto implementation is loaded and configured via a Java
-properties file that contains Crypto configuration data. The file
-contains implementation-specific properties such as a keystore location,
-password, default alias and the like. This application is using the
-Merlin implementation. File serviceKeystore.properties contains this
-information.
-
-
-
File servicestore.jks, is a Java KeyStore (JKS) repository. It contains
-self signed certificates for myservicekey and mystskey. Self signed
-certificates are not appropriate for production use.
When deployed on WildFly this application requires access to the JBossWs
-and CXF APIs provided in module org.jboss.ws.cxf.jbossws-cxf-client. The
-dependency statement directs the server to provide them at deployment.
This section examines the crucial elements in providing the Security
-Token Service functionality described in the basic WS-Trust scenario.
-The components that will be discussed are.
-
-
-
-
-
STS’s WSDL
-
-
-
STS’s implementation class.
-
-
-
STSCallbackHandler class
-
-
-
Crypto properties and keystore files
-
-
-
MANIFEST.MF
-
-
-
Server configuration files
-
-
-
-
-STS WSDL
-
-
The STS is a contract-first endpoint. All the WS-trust and security
-policies for it are declared in the WSDL, ws-trust-1.4-service.wsdl. A
-symmetric binding policy is used to encrypt and sign the SOAP body of
-messages that pass back and forth between ws-requester and the STS. The
-ws-requester is required to authenticate itself by providing WSS
-UsernameToken credentials. The rules for sharing the public and private
-keys in the SOAP request and response messages are declared. A detailed
-explanation of the security settings are provided in the comments in the
-listing below.
-
-
-
-
<?xml version="1.0" encoding="UTF-8"?>
-<wsdl:definitions
- targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
- xmlns:tns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
- xmlns:wstrust="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
- xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
- xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
- xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl"
- xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsp="http://www.w3.org/ns/ws-policy"
- xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
-
- <wsdl:types>
- <xs:schemaelementFormDefault="qualified"targetNamespace='http://docs.oasis-open.org/ws-sx/ws-trust/200512'>
-
- <xs:elementname='RequestSecurityToken'type='wst:AbstractRequestSecurityTokenType'/>
- <xs:elementname='RequestSecurityTokenResponse'type='wst:AbstractRequestSecurityTokenType'/>
-
- <xs:complexTypename='AbstractRequestSecurityTokenType'>
- <xs:sequence>
- <xs:anynamespace='##any'processContents='lax'minOccurs='0'maxOccurs='unbounded'/>
- </xs:sequence>
- <xs:attributename='Context'type='xs:anyURI'use='optional'/>
- <xs:anyAttributenamespace='##other'processContents='lax'/>
- </xs:complexType>
- <xs:elementname='RequestSecurityTokenCollection'type='wst:RequestSecurityTokenCollectionType'/>
- <xs:complexTypename='RequestSecurityTokenCollectionType'>
- <xs:sequence>
- <xs:elementname='RequestSecurityToken'type='wst:AbstractRequestSecurityTokenType'minOccurs='2'maxOccurs='unbounded'/>
- </xs:sequence>
- </xs:complexType>
-
- <xs:elementname='RequestSecurityTokenResponseCollection'type='wst:RequestSecurityTokenResponseCollectionType'/>
- <xs:complexTypename='RequestSecurityTokenResponseCollectionType'>
- <xs:sequence>
- <xs:elementref='wst:RequestSecurityTokenResponse'minOccurs='1'maxOccurs='unbounded'/>
- </xs:sequence>
- <xs:anyAttributenamespace='##other'processContents='lax'/>
- </xs:complexType>
-
- </xs:schema>
- </wsdl:types>
-
- <!-- WS-Trust defines the following GEDs -->
- <wsdl:messagename="RequestSecurityTokenMsg">
- <wsdl:partname="request"element="wst:RequestSecurityToken"/>
- </wsdl:message>
- <wsdl:messagename="RequestSecurityTokenResponseMsg">
- <wsdl:partname="response"
- element="wst:RequestSecurityTokenResponse"/>
- </wsdl:message>
- <wsdl:messagename="RequestSecurityTokenCollectionMsg">
- <wsdl:partname="requestCollection"
- element="wst:RequestSecurityTokenCollection"/>
- </wsdl:message>
- <wsdl:messagename="RequestSecurityTokenResponseCollectionMsg">
- <wsdl:partname="responseCollection"
- element="wst:RequestSecurityTokenResponseCollection"/>
- </wsdl:message>
-
- <!-- This portType an example of a Requestor (or other) endpoint that
- Accepts SOAP-based challenges from a Security Token Service -->
- <wsdl:portTypename="WSSecurityRequestor">
- <wsdl:operationname="Challenge">
- <wsdl:inputmessage="tns:RequestSecurityTokenResponseMsg"/>
- <wsdl:outputmessage="tns:RequestSecurityTokenResponseMsg"/>
- </wsdl:operation>
- </wsdl:portType>
-
-
- <!-- This portType is an example of an STS supporting full protocol -->
-<!--
- The wsdl:portType and data types are XML elements defined by the
- WS_Trust specification. The wsdl:portType defines the endpoints
- supported in the STS implementation. This WSDL defines all operations
- that an STS implementation can support.
--->
- <wsdl:portTypename="STS">
- <wsdl:operationname="Cancel">
- <wsdl:inputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"message="tns:RequestSecurityTokenMsg"/>
- <wsdl:outputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinal"message="tns:RequestSecurityTokenResponseMsg"/>
- </wsdl:operation>
- <wsdl:operationname="Issue">
- <wsdl:inputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"message="tns:RequestSecurityTokenMsg"/>
- <wsdl:outputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal"message="tns:RequestSecurityTokenResponseCollectionMsg"/>
- </wsdl:operation>
- <wsdl:operationname="Renew">
- <wsdl:inputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"message="tns:RequestSecurityTokenMsg"/>
- <wsdl:outputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal"message="tns:RequestSecurityTokenResponseMsg"/>
- </wsdl:operation>
- <wsdl:operationname="Validate">
- <wsdl:inputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"message="tns:RequestSecurityTokenMsg"/>
- <wsdl:outputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinal"message="tns:RequestSecurityTokenResponseMsg"/>
- </wsdl:operation>
- <wsdl:operationname="KeyExchangeToken">
- <wsdl:inputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KET"message="tns:RequestSecurityTokenMsg"/>
- <wsdl:outputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/KETFinal"message="tns:RequestSecurityTokenResponseMsg"/>
- </wsdl:operation>
- <wsdl:operationname="RequestCollection">
- <wsdl:inputmessage="tns:RequestSecurityTokenCollectionMsg"/>
- <wsdl:outputmessage="tns:RequestSecurityTokenResponseCollectionMsg"/>
- </wsdl:operation>
- </wsdl:portType>
-
- <!-- This portType is an example of an endpoint that accepts
- Unsolicited RequestSecurityTokenResponse messages -->
- <wsdl:portTypename="SecurityTokenResponseService">
- <wsdl:operationname="RequestSecurityTokenResponse">
- <wsdl:inputmessage="tns:RequestSecurityTokenResponseMsg"/>
- </wsdl:operation>
- </wsdl:portType>
-
-<!--
- The wsp:PolicyReference binds the security requirments on all the STS endpoints.
- The wsp:Policy wsu:Id="UT_policy" element is later in this file.
--->
- <wsdl:bindingname="UT_Binding"type="wstrust:STS">
- <wsp:PolicyReferenceURI="#UT_policy"/>
- <soap:bindingstyle="document"
- transport="http://schemas.xmlsoap.org/soap/http"/>
- <wsdl:operationname="Issue">
- <soap:operation
- soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"/>
- <wsdl:input>
- <wsp:PolicyReference
- URI="#Input_policy"/>
- <soap:bodyuse="literal"/>
- </wsdl:input>
- <wsdl:output>
- <wsp:PolicyReference
- URI="#Output_policy"/>
- <soap:bodyuse="literal"/>
- </wsdl:output>
- </wsdl:operation>
- <wsdl:operationname="Validate">
- <soap:operation
- soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"/>
- <wsdl:input>
- <wsp:PolicyReference
- URI="#Input_policy"/>
- <soap:bodyuse="literal"/>
- </wsdl:input>
- <wsdl:output>
- <wsp:PolicyReference
- URI="#Output_policy"/>
- <soap:bodyuse="literal"/>
- </wsdl:output>
- </wsdl:operation>
- <wsdl:operationname="Cancel">
- <soap:operation
- soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"/>
- <wsdl:input>
- <soap:bodyuse="literal"/>
- </wsdl:input>
- <wsdl:output>
- <soap:bodyuse="literal"/>
- </wsdl:output>
- </wsdl:operation>
- <wsdl:operationname="Renew">
- <soap:operation
- soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"/>
- <wsdl:input>
- <soap:bodyuse="literal"/>
- </wsdl:input>
- <wsdl:output>
- <soap:bodyuse="literal"/>
- </wsdl:output>
- </wsdl:operation>
- <wsdl:operationname="KeyExchangeToken">
- <soap:operation
- soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken"/>
- <wsdl:input>
- <soap:bodyuse="literal"/>
- </wsdl:input>
- <wsdl:output>
- <soap:bodyuse="literal"/>
- </wsdl:output>
- </wsdl:operation>
- <wsdl:operationname="RequestCollection">
- <soap:operation
- soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection"/>
- <wsdl:input>
- <soap:bodyuse="literal"/>
- </wsdl:input>
- <wsdl:output>
- <soap:bodyuse="literal"/>
- </wsdl:output>
- </wsdl:operation>
- </wsdl:binding>
-
- <wsdl:servicename="SecurityTokenService">
- <wsdl:portname="UT_Port"binding="tns:UT_Binding">
- <soap:addresslocation="http://localhost:8080/SecurityTokenService/UT"/>
- </wsdl:port>
- </wsdl:service>
-
- <wsp:Policywsu:Id="UT_policy">
- <wsp:ExactlyOne>
- <wsp:All>
-<!--
- The sp:UsingAddressing element, indicates that the endpoints of this
- web service conforms to the WS-Addressing specification. More detail
- can be found here: [http://www.w3.org/TR/2006/CR-ws-addr-wsdl-20060529]
--->
- <wsap10:UsingAddressing/>
-<!--
- The sp:SymmetricBinding element indicates that security is provided
- at the SOAP layer and any initiator must authenticate itself by providing
- WSS UsernameToken credentials.
--->
- <sp:SymmetricBinding
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <wsp:Policy>
-<!--
- In a symmetric binding, the keys used for encrypting and signing in both
- directions are derived from a single key, the one specified by the
- sp:ProtectionToken element. The sp:X509Token sub-element declares this
- key to be a X.509 certificate and the
- IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never"
- attribute adds the requirement that the token MUST NOT be included in
- any messages sent between the initiator and the recipient; rather, an
- external reference to the token should be used. Lastly the WssX509V3Token10
- sub-element declares that the Username token presented by the initiator
- should be compliant with Web Services Security UsernameToken Profile
- 1.0 specification. [ http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf ]
--->
- <sp:ProtectionToken>
- <wsp:Policy>
- <sp:X509Token
- sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
- <wsp:Policy>
- <sp:RequireDerivedKeys/>
- <sp:RequireThumbprintReference/>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:ProtectionToken>
-<!--
- The sp:AlgorithmSuite element, requires the Basic256 algorithm suite
- be used in performing cryptographic operations.
--->
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic256/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
-<!--
- The sp:Layout element, indicates the layout rules to apply when adding
- items to the security header. The sp:Lax sub-element indicates items
- are added to the security header in any order that conforms to
- WSS: SOAP Message Security.
--->
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:EncryptSignature/>
- <sp:OnlySignEntireHeadersAndBody/>
- </wsp:Policy>
- </sp:SymmetricBinding>
-<!--
- The sp:SignedSupportingTokens element declares that the security header
- of messages must contain a sp:UsernameToken and the token must be signed.
- The attribute IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"
- on sp:UsernameToken indicates that the token MUST be included in all
- messages sent from initiator to the recipient and that the token MUST
- NOT be included in messages sent from the recipient to the initiator.
- And finally the element sp:WssUsernameToken10 is a policy assertion
- indicating the Username token should be as defined in Web Services
- Security UsernameToken Profile 1.0
--->
- <sp:SignedSupportingTokens
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <wsp:Policy>
- <sp:UsernameToken
- sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
- <wsp:Policy>
- <sp:WssUsernameToken10/>
- </wsp:Policy>
- </sp:UsernameToken>
- </wsp:Policy>
- </sp:SignedSupportingTokens>
-<!--
- The sp:Wss11 element declares WSS: SOAP Message Security 1.1 options
- to be supported by the STS. These particular elements generally refer
- to how keys are referenced within the SOAP envelope. These are normally
- handled by CXF.
--->
- <sp:Wss11
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <wsp:Policy>
- <sp:MustSupportRefKeyIdentifier/>
- <sp:MustSupportRefIssuerSerial/>
- <sp:MustSupportRefThumbprint/>
- <sp:MustSupportRefEncryptedKey/>
- </wsp:Policy>
- </sp:Wss11>
-<!--
- The sp:Trust13 element declares controls for WS-Trust 1.3 options.
- They are policy assertions related to exchanges specifically with
- client and server challenges and entropy behaviors. Again these are
- normally handled by CXF.
--->
- <sp:Trust13
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <wsp:Policy>
- <sp:MustSupportIssuedTokens/>
- <sp:RequireClientEntropy/>
- <sp:RequireServerEntropy/>
- </wsp:Policy>
- </sp:Trust13>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
-
- <wsp:Policywsu:Id="Input_policy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:SignedParts
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <sp:Body/>
- <sp:HeaderName="To"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="From"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="FaultTo"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="ReplyTo"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="MessageID"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="RelatesTo"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="Action"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- </sp:SignedParts>
- <sp:EncryptedParts
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <sp:Body/>
- </sp:EncryptedParts>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
-
- <wsp:Policywsu:Id="Output_policy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:SignedParts
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <sp:Body/>
- <sp:HeaderName="To"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="From"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="FaultTo"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="ReplyTo"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="MessageID"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="RelatesTo"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="Action"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- </sp:SignedParts>
- <sp:EncryptedParts
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <sp:Body/>
- </sp:EncryptedParts>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
-
-</wsdl:definitions>
-
-
-
-
-STS Implementation
-
-
The Apache CXF’s STS, SecurityTokenServiceProvider, is a web service
-provider that is compliant with the protocols and functionality defined
-by the WS-Trust specification. It has a modular architecture. Many of
-its components are configurable or replaceable and there are many
-optional features that are enabled by implementing and configuring
-plug-ins. Users can customize their own STS by extending from
-SecurityTokenServiceProvider and overriding the default settings.
-Extensive information about the CXF’s STS configurable and pluggable
-components can be found
-here.
-
-
-
This STS implementation class, SimpleSTS, is a POJO that extends from
-SecurityTokenServiceProvider. Note that the class is defined with a
-WebServiceProvider annotation and not a WebService annotation. This
-annotation defines the service as a Provider-based endpoint, meaning it
-supports a more messaging-oriented approach to Web services. In
-particular, it signals that the exchanged messages will be XML documents
-of some type. SecurityTokenServiceProvider is an implementation of the
-jakarta.xml.ws.Provider interface. In comparison the WebService annotation
-defines a (service endpoint interface) SEI-based endpoint which supports
-message exchange via SOAP envelopes.
-
-
-
As was done in the ServiceImpl class, the WSS4J annotations
-EndpointProperties and EndpointProperty are providing endpoint
-configuration for the CXF runtime. This was previous described
-here.
-
-
-
The InInterceptors annotation is used to specify a JBossWS integration
-interceptor to be used for authenticating incoming requests; JAAS
-integration is used here for authentication, the username/passoword
-coming from the UsernameToken in the ws-requester message are used for
-authenticating the requester against a security domain on the
-application server hosting the STS deployment.
-
-
-
In this implementation we are customizing the operations of token
-issuance, token validation and their static properties.
-
-
-
StaticSTSProperties is used to set select properties for configuring
-resources in the STS. You may think this is a duplication of the
-settings made with the WSS4J annotations. The values are the same but
-the underlaying structures being set are different, thus this
-information must be declared in both places.
-
-
-
The setIssuer setting is important because it uniquely identifies the
-issuing STS. The issuer string is embedded in issued tokens and, when
-validating tokens, the STS checks the issuer string value. Consequently,
-it is important to use the issuer string in a consistent way, so that
-the STS can recognize the tokens that it has issued.
-
-
-
The setEndpoints call allows the declaration of a set of allowed token
-recipients by address. The addresses are specified as reg-ex patterns.
-
-
-
TokenIssueOperation and TokenValidateOperation have a modular structure.
-This allows custom behaviors to be injected into the processing of
-messages. In this case we are overriding the
-SecurityTokenServiceProvider’s default behavior and performing SAML
-token processing and validation. CXF provides an implementation of a
-SAMLTokenProvider and SAMLTokenValidator which we are using rather than
-writing our own.
STSCallbackHandler is a callback handler for the WSS4J Crypto API. It is
-used to obtain the password for the private key in the keystore. This
-class enables CXF to retrieve the password of the user name to use for
-the message signature.
WSS4J’s Crypto implementation is loaded and configured via a Java
-properties file that contains Crypto configuration data. The file
-contains implementation-specific properties such as a keystore location,
-password, default alias and the like. This application is using the
-Merlin implementation. File stsKeystore.properties contains this
-information.
-
-
-
File servicestore.jks, is a Java KeyStore (JKS) repository. It contains
-self signed certificates for myservicekey and mystskey. Self signed
-certificates are not appropriate for production use.
When deployed on WildFly, this application requires access to the
-JBossWs and CXF APIs provided in modules
-org.jboss.ws.cxf.jbossws-cxf-client and org.apache.cxf. The Apache CXF
-internals, org.apache.cxf.impl, are needed to build the STS
-configuration in the SampleSTS constructor. The dependency statement
-directs the server to provide them at deployment.
The STS requires a JBoss security domain be configured. The
-jboss-web.xml descriptor declares a named security
-domain,"JBossWS-trust-sts" to be used by this service for
-authentication. This security domain requires two properties files and
-the addition of a security-domain declaration in the JBoss server
-configuration file.
-
-
-
For this scenario the domain needs to contain user alice, password
-clarinet, and role friend. See the listings below for
-jbossws-users.properties and jbossws-roles.properties. In addition the
-following XML elements must be added to the Elytron subsystem in the
-server configuration file. Replace " SOME_PATH" with appropriate
-information and then configure authentication with this security domain.
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" ">
-<jboss-web>
- <security-domain>java:/jaas/JBossWS-trust-sts</security-domain>
-</jboss-web>
-
-
-
-
jbossws-users.properties
-
-
-
-
# A sample users.properties file for use with the UsersRolesLoginModule
-alice=clarinet
-
-
-
-
jbossws-roles.properties
-
-
-
-
# A sample roles.properties file for use with the UsersRolesLoginModule
-alice=friend
-
-
-
-
WS-MetadataExchange and interoperability
-
-
-
-
-
-
-
-
-To achieve better interoperability, you might consider allowing the STS
-endpoint to reply to WS-MetadataExchange messages directed to the /mex
-URL sub-path (e.g.
-http://localhost:8080/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService/mex).
-This can be done by tweaking the url-pattern for the underlying
-endpoint servlet, for instance by adding a web.xml descriptor as
-follows to the deployment:<?xml version="1.0" encoding="UTF-8"?>
-<web-app
-version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
-xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
-http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">;
-<servlet>
-<servlet-name>TestSecurityTokenService</servlet-name>
-<servlet-class>org.jboss.test.ws.jaxws.samples.wsse.policy.trust.SampleSTS</servlet-class>
-</servlet>
-<servlet-mapping>
-<servlet-name>TestSecurityTokenService</servlet-name>
-<url-pattern>/SecurityTokenService/*</url-pattern>
-</servlet-mapping>
-</web-app>
-As a matter of fact, at the time of writing some webservices
-implementations (including Metro) assume the /mex URL as the default
-choice for directing WS-MetadataExchange requests to and use that to
-retrieve STS wsdl contracts.
-
-
-
-
-
-
-
-
Web service requester
-
-
This section examines the crucial elements in calling a web service that
-implements endpoint security as described in the basic WS-Trust
-scenario. The components that will be discussed are.
-
-
-
-
-
web service requester’s implementation
-
-
-
ClientCallbackHandler
-
-
-
Crypto properties and keystore files
-
-
-
-
-Web service requester Implementation
-
-
The ws-requester, the client, uses standard procedures for creating a
-reference to the web service in the first four line. To address the
-endpoint security requirements, the web service’s "Request Context" is
-configured with the information needed in message generation. In
-addition, the STSClient that communicates with the STS is configured
-with similar values. Note the key strings ending with a ".it" suffix.
-This suffix flags these settings as belonging to the STSClient. The
-internal CXF code assigns this information to the STSClient that is
-auto-generated for this service call.
-
-
-
There is an alternate method of setting up the STSCLient. The user may
-provide their own instance of the STSClient. The CXF code will use this
-object and not auto-generate one. This is used in the ActAs and
-OnBehalfOf examples. When providing the STSClient in this way, the user
-must provide a org.apache.cxf.Bus for it and the configuration keys must
-not have the ".it" suffix.
-
-
-
-
QName serviceName = newQName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", "SecurityService");
-URL wsdlURL = newURL(serviceURL + "?wsdl");
-Service service = Service.create(wsdlURL, serviceName);
-ServiceIface proxy = (ServiceIface) service.getPort(ServiceIface.class);
-
-// set the security related configuration information for the service "request"
-Map<String, Object> ctx = ((BindingProvider) proxy).getRequestContext();
-ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
-ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
-ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
-ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
-ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myservicekey");
-
-
-//-- Configuration settings that will be transfered to the STSClient
-// "alice" is the name provided for the WSS Username. Her password will
-// be retreived from the ClientCallbackHander by the STSClient.
-ctx.put(SecurityConstants.USERNAME + ".it", "alice");
-ctx.put(SecurityConstants.CALLBACK_HANDLER + ".it", new ClientCallbackHandler());
-ctx.put(SecurityConstants.ENCRYPT_PROPERTIES + ".it",
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
-ctx.put(SecurityConstants.ENCRYPT_USERNAME + ".it", "mystskey");
-// alias name in the keystore to get the user's public key to send to the STS
-ctx.put(SecurityConstants.STS_TOKEN_USERNAME + ".it", "myclientkey");
-// Crypto property configuration to use for the STS
-ctx.put(SecurityConstants.STS_TOKEN_PROPERTIES + ".it",
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
-// write out an X509Certificate structure in UseKey/KeyInfo
-ctx.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO + ".it", "true");
-// Setting indicates the STSclient should not try using the WS-MetadataExchange
-// call using STS EPR WSA address when the endpoint contract does not contain
-// WS-MetadataExchange info.
-ctx.put("ws-security.sts.disable-wsmex-call-using-epr-address", "true");
-
-proxy.sayHello();
-
-
-
-
-ClientCallbackHandler
-
-
ClientCallbackHandler is a callback handler for the WSS4J Crypto API. It
-is used to obtain the password for the private key in the keystore. This
-class enables CXF to retrieve the password of the user name to use for
-the message signature. Note that "alice" and her password have been
-provided here. This information is not in the (JKS) keystore but
-provided in the WildFly security domain. It was declared in file
-jbossws-users.properties.
WSS4J’s Crypto implementation is loaded and configured via a Java
-properties file that contains Crypto configuration data. The file
-contains implementation-specific properties such as a keystore location,
-password, default alias and the like. This application is using the
-Merlin implementation. File clientKeystore.properties contains this
-information.
-
-
-
File clientstore.jks, is a Java KeyStore (JKS) repository. It contains
-self signed certificates for myservicekey and mystskey. Self signed
-certificates are not appropriate for production use.
The ActAs feature is used in scenarios that require composite
-delegation. It is commonly used in multi-tiered systems where an
-application calls a service on behalf of a logged in user or a service
-calls another service on behalf of the original caller.
-
-
-
ActAs is nothing more than a new sub-element in the RequestSecurityToken
-(RST). It provides additional information about the original caller when
-a token is negotiated with the STS. The ActAs element usually takes the
-form of a token with identity claims such as name, role, and
-authorization code, for the client to access the service.
-
-
-
The ActAs scenario is an extension of
-the basic
-WS-Trust scenario. In this example the ActAs service calls the
-ws-service on behalf of a user. There are only a couple of additions to
-the basic scenario’s code. An ActAs web service provider and callback
-handler have been added. The ActAs web services' WSDL imposes the same
-security policies as the ws-provider. UsernameTokenCallbackHandler is
-new. It is a utility that generates the content for the ActAs element.
-And lastly there are a couple of code additions in the STS to support
-the ActAs request.
-
-
-
Web service provider
-
-
This section examines the web service elements from the basic WS-Trust
-scenario that have been changed to address the needs of the ActAs
-example. The components are
-
-
-
-
-
ActAs web service provider’s WSDL
-
-
-
ActAs web service provider’s Interface and Implementation classes.
-
-
-
ActAsCallbackHandler class
-
-
-
UsernameTokenCallbackHandler
-
-
-
Crypto properties and keystore files
-
-
-
MANIFEST.MF
-
-
-
-
-Web service provider WSDL
-
-
The ActAs web service provider’s WSDL is a clone of the ws-provider’s
-WSDL. The wsp:Policy section is the same. There are changes to the
-service endpoint, targetNamespace, portType, binding name, and service.
The web service provider implementation class, ActAsServiceImpl, is a
-simple POJO. It uses the standard WebService annotation to define the
-service endpoint and two Apache WSS4J annotations, EndpointProperties
-and EndpointProperty used for configuring the endpoint for the CXF
-runtime. The WSS4J configuration information provided is for WSS4J’s
-Crypto Merlin implementation.
-
-
-
ActAsServiceImpl is calling ServiceImpl acting on behalf of the user.
-Method setupService performs the requisite configuration setup.
ActAsCallbackHandler is a callback handler for the WSS4J Crypto API. It
-is used to obtain the password for the private key in the keystore. This
-class enables CXF to retrieve the password of the user name to use for
-the message signature. This class has been revised to return the
-passwords for this service, myactaskey and the "actas" user, alice.
The ActAs and OnBeholdOf sub-elements of the RequestSecurityToken are
-required to be defined as WSSE Username Tokens. This utility generates
-the properly formated element.
-
-
-
-
packageorg.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared;
-
-importorg.apache.cxf.helpers.DOMUtils;
-importorg.apache.cxf.message.Message;
-importorg.apache.cxf.ws.security.SecurityConstants;
-importorg.apache.cxf.ws.security.trust.delegation.DelegationCallback;
-importorg.apache.ws.security.WSConstants;
-importorg.apache.ws.security.message.token.UsernameToken;
-importorg.w3c.dom.Document;
-importorg.w3c.dom.Node;
-importorg.w3c.dom.Element;
-importorg.w3c.dom.ls.DOMImplementationLS;
-importorg.w3c.dom.ls.LSSerializer;
-
-importjavax.security.auth.callback.Callback;
-importjavax.security.auth.callback.CallbackHandler;
-importjavax.security.auth.callback.UnsupportedCallbackException;
-importjava.io.IOException;
-importjava.util.Map;
-
-/**
-* A utility to provide the 3 different input parameter types for jaxws property
-* "ws-security.sts.token.act-as" and "ws-security.sts.token.on-behalf-of".
-* This implementation obtains a username and password via the jaxws property
-* "ws-security.username" and "ws-security.password" respectively, as defined
-* in SecurityConstants. It creates a wss UsernameToken to be used as the
-* delegation token.
-*/
-
-publicclassUsernameTokenCallbackHandlerimplementsCallbackHandler {
-
- publicvoid handle(Callback[] callbacks)
- throwsIOException, UnsupportedCallbackException {
- for (int i = 0; i < callbacks.length; i++) {
- if (callbacks[i] instanceof DelegationCallback) {
- DelegationCallback callback = (DelegationCallback) callbacks[i];
- Message message = callback.getCurrentMessage();
-
- String username =
- (String)message.getContextualProperty(SecurityConstants.USERNAME);
- String password =
- (String)message.getContextualProperty(SecurityConstants.PASSWORD);
- if (username != null) {
- Node contentNode = message.getContent(Node.class);
- Document doc = null;
- if (contentNode != null) {
- doc = contentNode.getOwnerDocument();
- } else {
- doc = DOMUtils.createDocument();
- }
- UsernameToken usernameToken = createWSSEUsernameToken(username,password, doc);
- callback.setToken(usernameToken.getElement());
- }
- } else {
- thrownewUnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
- }
- }
- }
-
- /**
- * Provide UsernameToken as a string.
- * @param ctx
- * @return
- */
- publicString getUsernameTokenString(Map<String, Object> ctx){
- Document doc = DOMUtils.createDocument();
- String result = null;
- String username = (String)ctx.get(SecurityConstants.USERNAME);
- String password = (String)ctx.get(SecurityConstants.PASSWORD);
- if (username != null) {
- UsernameToken usernameToken = createWSSEUsernameToken(username,password, doc);
- result = toString(usernameToken.getElement().getFirstChild().getParentNode());
- }
- return result;
- }
-
- /**
- *
- * @param username
- * @param password
- * @return
- */
- publicString getUsernameTokenString(String username, String password){
- Document doc = DOMUtils.createDocument();
- String result = null;
- if (username != null) {
- UsernameToken usernameToken = createWSSEUsernameToken(username,password, doc);
- result = toString(usernameToken.getElement().getFirstChild().getParentNode());
- }
- return result;
- }
-
- /**
- * Provide UsernameToken as a DOM Element.
- * @param ctx
- * @return
- */
- publicElement getUsernameTokenElement(Map<String, Object> ctx){
- Document doc = DOMUtils.createDocument();
- Element result = null;
- UsernameToken usernameToken = null;
- String username = (String)ctx.get(SecurityConstants.USERNAME);
- String password = (String)ctx.get(SecurityConstants.PASSWORD);
- if (username != null) {
- usernameToken = createWSSEUsernameToken(username,password, doc);
- result = usernameToken.getElement();
- }
- return result;
- }
-
- /**
- *
- * @param username
- * @param password
- * @return
- */
- publicElement getUsernameTokenElement(String username, String password){
- Document doc = DOMUtils.createDocument();
- Element result = null;
- UsernameToken usernameToken = null;
- if (username != null) {
- usernameToken = createWSSEUsernameToken(username,password, doc);
- result = usernameToken.getElement();
- }
- return result;
- }
-
- private UsernameToken createWSSEUsernameToken(String username, String password, Document doc) {
-
- UsernameToken usernameToken = new UsernameToken(true, doc,
- (password == null)? null: WSConstants.PASSWORD_TEXT);
- usernameToken.setName(username);
- usernameToken.addWSUNamespace();
- usernameToken.addWSSENamespace();
- usernameToken.setID("id-" + username);
-
- if (password != null){
- usernameToken.setPassword(password);
- }
-
- return usernameToken;
- }
-
-
- privateString toString(Node node) {
- String str = null;
-
- if (node != null) {
- DOMImplementationLS lsImpl = (DOMImplementationLS)
- node.getOwnerDocument().getImplementation().getFeature("LS", "3.0");
- LSSerializer serializer = lsImpl.createLSSerializer();
- serializer.getDomConfig().setParameter("xml-declaration", false); //by default its true, so set it to false to get String without xml-declaration
- str = serializer.writeToString(node);
- }
- return str;
- }
-
-}
-
-
-
-
-Crypto properties and keystore files
-
-
The ActAs service must provide its own credentials. The requisite
-properties file, actasKeystore.properties, and keystore, actasstore.jks,
-were created.
When deployed on WildFly this application requires access to the JBossWs
-and CXF APIs provided in modules org.jboss.ws.cxf.jbossws-cxf-client and
-org.apache.cxf. The Apache CXF internals, org.apache.cxf.impl, are
-needed in handling the ActAs and OnBehalfOf extensions. The dependency
-statement directs the server to provide them at deployment.
This section examines the STS elements from the basic WS-Trust scenario
-that have been changed to address the needs of the ActAs example. The
-components are.
-
-
-
-
-
STS’s implementation class.
-
-
-
STSCallbackHandler class
-
-
-
-
-STS Implementation class
-
-
The initial description of SampleSTS can be found
-here.
-
-
-
The declaration of the set of allowed token recipients by address has
-been extended to accept ActAs addresses and OnBehalfOf addresses. The
-addresses are specified as reg-ex patterns.
-
-
-
The TokenIssueOperation requires class, UsernameTokenValidator be
-provided in order to validate the contents of the OnBehalfOf claims and
-class, UsernameTokenDelegationHandler to be provided in order to process
-the token delegation request of the ActAs on OnBehalfOf user.
-
-
-
-
packageorg.jboss.test.ws.jaxws.samples.wsse.policy.trust.sts;
-
-importjava.util.Arrays;
-importjava.util.LinkedList;
-importjava.util.List;
-
-importjakarta.xml.ws.WebServiceProvider;
-
-importorg.apache.cxf.annotations.EndpointProperties;
-importorg.apache.cxf.annotations.EndpointProperty;
-importorg.apache.cxf.interceptor.InInterceptors;
-importorg.apache.cxf.sts.StaticSTSProperties;
-importorg.apache.cxf.sts.operation.TokenIssueOperation;
-importorg.apache.cxf.sts.operation.TokenValidateOperation;
-importorg.apache.cxf.sts.service.ServiceMBean;
-importorg.apache.cxf.sts.service.StaticService;
-importorg.apache.cxf.sts.token.delegation.UsernameTokenDelegationHandler;
-importorg.apache.cxf.sts.token.provider.SAMLTokenProvider;
-importorg.apache.cxf.sts.token.validator.SAMLTokenValidator;
-importorg.apache.cxf.sts.token.validator.UsernameTokenValidator;
-importorg.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider;
-
-@WebServiceProvider(serviceName = "SecurityTokenService",
- portName = "UT_Port",
- targetNamespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/",
- wsdlLocation = "WEB-INF/wsdl/ws-trust-1.4-service.wsdl")
-//be sure to have dependency on org.apache.cxf module when on AS7, otherwise Apache CXF annotations are ignored
-@EndpointProperties(value = {
- @EndpointProperty(key = "ws-security.signature.username", value = "mystskey"),
- @EndpointProperty(key = "ws-security.signature.properties", value = "stsKeystore.properties"),
- @EndpointProperty(key = "ws-security.callback-handler", value = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.sts.STSCallbackHandler"),
- @EndpointProperty(key = "ws-security.validate.token", value = "false") //to let the JAAS integration deal with validation through the interceptor below
-})
-@InInterceptors(interceptors = {"org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor"})
-publicclassSampleSTSextends SecurityTokenServiceProvider
-{
- public SampleSTS() throwsException
- {
- super();
-
- StaticSTSProperties props = new StaticSTSProperties();
- props.setSignatureCryptoProperties("stsKeystore.properties");
- props.setSignatureUsername("mystskey");
- props.setCallbackHandlerClass(STSCallbackHandler.class.getName());
- props.setIssuer("DoubleItSTSIssuer");
-
- List<ServiceMBean> services = newLinkedList<ServiceMBean>();
- StaticService service = new StaticService();
- service.setEndpoints(Arrays.asList(
- "http://localhost:(\\d)*/jaxws-samples-wsse-policy-trust/SecurityService",
- "http://\\[::1\\]:(\\d)*/jaxws-samples-wsse-policy-trust/SecurityService",
- "http://\\[0:0:0:0:0:0:0:1\\]:(\\d)*/jaxws-samples-wsse-policy-trust/SecurityService",
-
- "http://localhost:(\\d)*/jaxws-samples-wsse-policy-trust-actas/ActAsService",
- "http://\\[::1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-actas/ActAsService",
- "http://\\[0:0:0:0:0:0:0:1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-actas/ActAsService",
-
- "http://localhost:(\\d)*/jaxws-samples-wsse-policy-trust-onbehalfof/OnBehalfOfService",
- "http://\\[::1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-onbehalfof/OnBehalfOfService",
- "http://\\[0:0:0:0:0:0:0:1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-onbehalfof/OnBehalfOfService"
- ));
- services.add(service);
-
- TokenIssueOperation issueOperation = new TokenIssueOperation();
- issueOperation.setServices(services);
- issueOperation.getTokenProviders().add(new SAMLTokenProvider());
- // required for OnBehalfOf
- issueOperation.getTokenValidators().add(new UsernameTokenValidator());
- // added for OnBehalfOf and ActAs
- issueOperation.getDelegationHandlers().add(new UsernameTokenDelegationHandler());
- issueOperation.setStsProperties(props);
-
- TokenValidateOperation validateOperation = new TokenValidateOperation();
- validateOperation.getTokenValidators().add(new SAMLTokenValidator());
- validateOperation.setStsProperties(props);
-
- this.setIssueOperation(issueOperation);
- this.setValidateOperation(validateOperation);
- }
-}
-
-
-
-
-STSCallbackHandler
-
-
The user, alice, and corresponding password was required to be added for
-the ActAs example.
This section examines the ws-requester elements from the basic WS-Trust
-scenario that have been changed to address the needs of the ActAs
-example. The component is
-
-
-
-
-
ActAs web service requester implementation class
-
-
-
-
-Web service requester Implementation
-
-
The ActAs ws-requester, the client, uses standard procedures for
-creating a reference to the web service in the first four lines. To
-address the endpoint security requirements, the web service’s "Request
-Context" is configured via the BindingProvider. Information needed in
-the message generation is provided through it. The ActAs user,
-myactaskey, is declared in this section and UsernameTokenCallbackHandler
-is used to provide the contents of the ActAs element to the STSClient.
-In this example a STSClient object is created and provided to the
-proxy’s request context. The alternative is to provide keys tagged with
-the ".it" suffix as was done in
-the
-Basic Scenario client. The use of ActAs is configured through the props
-map using the SecurityConstants.STS_TOKEN_ACT_AS key. The alternative is
-to use the STSClient.setActAs method.
The OnBehalfOf feature is used in scenarios that use the proxy pattern.
-In such scenarios, the client cannot access the STS directly, instead it
-communicates through a proxy gateway. The proxy gateway authenticates
-the caller and puts information about the caller into the OnBehalfOf
-element of the RequestSecurityToken (RST) sent to the real STS for
-processing. The resulting token contains only claims related to the
-client of the proxy, making the proxy completely transparent to the
-receiver of the issued token.
-
-
-
OnBehalfOf is nothing more than a new sub-element in the RST. It
-provides additional information about the original caller when a token
-is negotiated with the STS. The OnBehalfOf element usually takes the
-form of a token with identity claims such as name, role, and
-authorization code, for the client to access the service.
-
-
-
The OnBehalfOf scenario is an extension of
-the
-basic WS-Trust scenario. In this example the OnBehalfOf service calls
-the ws-service on behalf of a user. There are only a couple of additions
-to the basic scenario’s code. An OnBehalfOf web service provider and
-callback handler have been added. The OnBehalfOf web services' WSDL
-imposes the same security policies as the ws-provider.
-UsernameTokenCallbackHandler is a utility shared with ActAs. It
-generates the content for the OnBehalfOf element. And lastly there are
-code additions in the STS that both OnBehalfOf and ActAs share in
-common.
This section examines the web service elements from the basic WS-Trust
-scenario that have been changed to address the needs of the OnBehalfOf
-example. The components are.
-
-
-
-
-
web service provider’s WSDL
-
-
-
web service provider’s Interface and Implementation classes.
-
-
-
OnBehalfOfCallbackHandler class
-
-
-
-
-Web service provider WSDL
-
-
The OnBehalfOf web service provider’s WSDL is a clone of the
-ws-provider’s WSDL. The wsp:Policy section is the same. There are
-changes to the service endpoint, targetNamespace, portType, binding
-name, and service.
The web service provider implementation class, OnBehalfOfServiceImpl, is
-a simple POJO. It uses the standard WebService annotation to define the
-service endpoint and two Apache WSS4J annotations, EndpointProperties
-and EndpointProperty used for configuring the endpoint for the CXF
-runtime. The WSS4J configuration information provided is for WSS4J’s
-Crypto Merlin implementation.
-
-
-
OnBehalfOfServiceImpl is calling the ServiceImpl acting on behalf of the
-user. Method setupService performs the requisite configuration setup.
OnBehalfOfCallbackHandler is a callback handler for the WSS4J Crypto
-API. It is used to obtain the password for the private key in the
-keystore. This class enables CXF to retrieve the password of the user
-name to use for the message signature. This class has been revised to
-return the passwords for this service, myactaskey and the "OnBehalfOf"
-user, alice.
This section examines the ws-requester elements from the basic WS-Trust
-scenario that have been changed to address the needs of the OnBehalfOf
-example. The component is
-
-
-
-
-
OnBehalfOf web service requester implementation class
-
-
-
-
-Web service requester Implementation
-
-
The OnBehalfOf ws-requester, the client, uses standard procedures for
-creating a reference to the web service in the first four lines. To
-address the endpoint security requirements, the web service’s "Request
-Context" is configured via the BindingProvider. Information needed in
-the message generation is provided through it. The OnBehalfOf user,
-alice, is declared in this section and the callbackHandler,
-UsernameTokenCallbackHandler is provided to the STSClient for generation
-of the contents for the OnBehalfOf message element. In this example a
-STSClient object is created and provided to the proxy’s request context.
-The alternative is to provide keys tagged with the ".it" suffix as was
-done in
-the
-Basic Scenario client. The use of OnBehalfOf is configured by the
-method call stsClient.setOnBehalfOf. The alternative is to use the key
-SecurityConstants.STS_TOKEN_ON_BEHALF_OF and a value in the props map.
-
-
-
-
finalQName serviceName = newQName("http://www.jboss.org/jbossws/ws-extensions/onbehalfofwssecuritypolicy", "OnBehalfOfService");
-finalURL wsdlURL = newURL(serviceURL + "?wsdl");
-Service service = Service.create(wsdlURL, serviceName);
-OnBehalfOfServiceIface proxy = (OnBehalfOfServiceIface) service.getPort(OnBehalfOfServiceIface.class);
-
-
-Bus bus = BusFactory.newInstance().createBus();
-try {
-
- BusFactory.setThreadDefaultBus(bus);
-
- Map<String, Object> ctx = proxy.getRequestContext();
-
- ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
- ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
- ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myactaskey");
- ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
- ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
-
- // user and password OnBehalfOf user
- // UsernameTokenCallbackHandler will extract this information when called
- ctx.put(SecurityConstants.USERNAME,"alice");
- ctx.put(SecurityConstants.PASSWORD, "clarinet");
-
- STSClient stsClient = new STSClient(bus);
-
- // Providing the STSClient the mechanism to create the claims contents for OnBehalfOf
- stsClient.setOnBehalfOf(new UsernameTokenCallbackHandler());
-
- Map<String, Object> props = stsClient.getProperties();
- props.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
- props.put(SecurityConstants.ENCRYPT_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
- props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
- props.put(SecurityConstants.STS_TOKEN_USERNAME, "myclientkey");
- props.put(SecurityConstants.STS_TOKEN_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
- props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
-
- ctx.put(SecurityConstants.STS_CLIENT, stsClient);
-
-} finally {
- bus.shutdown(true);
-}
-proxy.sayHello();
-
-
-
-
-
-
-
SAML Bearer Assertion Scenario
-
-
WS-Trust deals with managing software security tokens. A SAML assertion
-is a type of security token. In the SAML Bearer scenario, the service
-provider automatically trusts that the incoming SOAP request came from
-the subject defined in the SAML token after the service verifies the
-tokens signature.
-
-
-
Implementation of this scenario has the following requirements.
-
-
-
-
-
SAML tokens with a Bearer subject confirmation method must be
-protected so the token can not be snooped. In most cases, a bearer token
-combined with HTTPS is sufficient to prevent "a man in the middle"
-getting possession of the token. This means a security policy that uses
-a sp:TransportBinding and sp:HttpsToken.
-
-
-
A bearer token has no encryption or signing keys associated with it,
-therefore a sp:IssuedToken of bearer keyType should be used with a
-sp:SupportingToken or a sp:SignedSupportingTokens.
-
-
-
-
-
Web service Provider
-
-
This section examines the web service elements for the SAML Bearer
-scenario. The components are
-
-
-
-
-
Bearer web service provider’s WSDL
-
-
-
SSL configuration
-
-
-
Bearer web service provider’s Interface and Implementation classes.
-
-
-
Crypto properties and keystore files
-
-
-
MANIFEST.MF
-
-
-
-
-Web service provider WSDL
-
-
The web service provider is a contract-first endpoint. All the WS-trust
-and security policies for it are declared in WSDL, BearerService.wsdl.
-For this scenario a ws-requester is required to present a SAML 2.0
-Bearer token issued from a designed STS. The address of the STS is
-provided in the WSDL. HTTPS, a TransportBinding and HttpsToken policy
-are used to protect the SOAP body of messages that pass back and forth
-between ws-requester and ws-provider. A detailed explanation of the
-security settings are provided in the comments in the listing below.
-
-
-
-
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<definitionstargetNamespace="http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypolicy"
- name="BearerService"
- xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypolicy"
- xmlns:xsd="http://www.w3.org/2001/XMLSchema"
- xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
- xmlns="http://schemas.xmlsoap.org/wsdl/"
- xmlns:wsp="http://www.w3.org/ns/ws-policy"
- xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
- xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsaws="http://www.w3.org/2005/08/addressing"
- xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
- xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
-
- <types>
- <xsd:schema>
- <xsd:importnamespace="http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypolicy"
- schemaLocation="BearerService_schema1.xsd"/>
- </xsd:schema>
- </types>
- <messagename="sayHello">
- <partname="parameters"element="tns:sayHello"/>
- </message>
- <messagename="sayHelloResponse">
- <partname="parameters"element="tns:sayHelloResponse"/>
- </message>
- <portTypename="BearerIface">
- <operationname="sayHello">
- <inputmessage="tns:sayHello"/>
- <outputmessage="tns:sayHelloResponse"/>
- </operation>
- </portType>
-
-<!--
- The wsp:PolicyReference binds the security requirments on all the endpoints.
- The wsp:Policy wsu:Id="#TransportSAML2BearerPolicy" element is defined later in this file.
--->
- <bindingname="BearerServicePortBinding"type="tns:BearerIface">
- <wsp:PolicyReferenceURI="#TransportSAML2BearerPolicy"/>
- <soap:bindingtransport="http://schemas.xmlsoap.org/soap/http"style="document"/>
- <operationname="sayHello">
- <soap:operationsoapAction=""/>
- <input>
- <soap:bodyuse="literal"/>
- </input>
- <output>
- <soap:bodyuse="literal"/>
- </output>
- </operation>
- </binding>
-
-<!--
- The soap:address has been defined to use JBoss's https port, 8443. This is
- set in conjunction with the sp:TransportBinding policy for https.
--->
- <servicename="BearerService">
- <portname="BearerServicePort"binding="tns:BearerServicePortBinding">
- <soap:addresslocation="https://@jboss.bind.address@:8443/jaxws-samples-wsse-policy-trust-bearer/BearerService"/>
- </port>
- </service>
-
-
- <wsp:Policywsu:Id="TransportSAML2BearerPolicy">
- <wsp:ExactlyOne>
- <wsp:All>
- <!--
- The wsam:Addressing element, indicates that the endpoints of this
- web service MUST conform to the WS-Addressing specification. The
- attribute wsp:Optional="false" enforces this assertion.
- -->
- <wsam:Addressingwsp:Optional="false">
- <wsp:Policy/>
- </wsam:Addressing>
-
-<!--
- The sp:TransportBinding element indicates that security is provided by the
- message exchange transport medium, https. WS-Security policy specification
- defines the sp:HttpsToken for use in exchanging messages transmitted over HTTPS.
--->
- <sp:TransportBinding
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <wsp:Policy>
- <sp:TransportToken>
- <wsp:Policy>
- <sp:HttpsToken>
- <wsp:Policy/>
- </sp:HttpsToken>
- </wsp:Policy>
- </sp:TransportToken>
-<!--
- The sp:AlgorithmSuite element, requires the TripleDes algorithm suite
- be used in performing cryptographic operations.
--->
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:TripleDes/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
-<!--
- The sp:Layout element, indicates the layout rules to apply when adding
- items to the security header. The sp:Lax sub-element indicates items
- are added to the security header in any order that conforms to
- WSS: SOAP Message Security.
--->
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- </wsp:Policy>
- </sp:TransportBinding>
-
-<!--
- The sp:SignedSupportingTokens element causes the supporting tokens
- to be signed using the primary token that is used to sign the message.
--->
- <sp:SignedSupportingTokens
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <wsp:Policy>
-<!--
- The sp:IssuedToken element asserts that a SAML 2.0 security token of type
- Bearer is expected from the STS. The
- sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
- attribute instructs the runtime to include the initiator's public key
- with every message sent to the recipient.
-
- The sp:RequestSecurityTokenTemplate element directs that all of the
- children of this element will be copied directly into the body of the
- RequestSecurityToken (RST) message that is sent to the STS when the
- initiator asks the STS to issue a token.
--->
- <sp:IssuedToken
- sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
- <sp:RequestSecurityTokenTemplate>
- <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
- <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</t:KeyType>
- </sp:RequestSecurityTokenTemplate>
- <wsp:Policy>
- <sp:RequireInternalReference/>
- </wsp:Policy>
-<!--
- The sp:Issuer element defines the STS's address and endpoint information
- This information is used by the STSClient.
--->
- <sp:Issuer>
- <wsaws:Address>http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-bearer/SecurityTokenService</wsaws:Address>
- <wsaws:Metadata
- xmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance"
- wsdli:wsdlLocation="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-bearer/SecurityTokenService?wsdl">
- <wsaw:ServiceName
- xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
- xmlns:stsns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
- EndpointName="UT_Port">stsns:SecurityTokenService</wsaw:ServiceName>
- </wsaws:Metadata>
- </sp:Issuer>
-
- </sp:IssuedToken>
- </wsp:Policy>
- </sp:SignedSupportingTokens>
-<!--
- The sp:Wss11 element declares WSS: SOAP Message Security 1.1 options
- to be supported by the STS. These particular elements generally refer
- to how keys are referenced within the SOAP envelope. These are normally
- handled by CXF.
--->
- <sp:Wss11>
- <wsp:Policy>
- <sp:MustSupportRefIssuerSerial/>
- <sp:MustSupportRefThumbprint/>
- <sp:MustSupportRefEncryptedKey/>
- </wsp:Policy>
- </sp:Wss11>
-<!--
- The sp:Trust13 element declares controls for WS-Trust 1.3 options.
- They are policy assertions related to exchanges specifically with
- client and server challenges and entropy behaviors. Again these are
- normally handled by CXF.
--->
- <sp:Trust13>
- <wsp:Policy>
- <sp:MustSupportIssuedTokens/>
- <sp:RequireClientEntropy/>
- <sp:RequireServerEntropy/>
- </wsp:Policy>
- </sp:Trust13>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
-
-</definitions>
-
-
-
-
-SSL configuration
-
-
This web service is using https, therefore the JBoss server must be
-configured to provide SSL support in the Web subsystem. There are 2
-components to SSL configuration.
-
-
-
-
-
create a certificate keystore
-
-
-
declare an SSL connector in the Web subsystem of the JBoss server
-configuration file.
The web service provider implementation class, BearerImpl, is a simple
-POJO. It uses the standard WebService annotation to define the service
-endpoint. In addition there are two Apache CXF annotations,
-EndpointProperties and EndpointProperty used for configuring the
-endpoint for the CXF runtime. These annotations come from the
-Apache WSS4J project, which provides a
-Java implementation of the primary WS-Security standards for Web
-Services. These annotations are programmatically adding properties to
-the endpoint. With plain Apache CXF, these properties are often set via
-the <jaxws:properties> element on the <jaxws:endpoint> element in the
-Spring config; these annotations allow the properties to be configured
-in the code.
-
-
-
WSS4J uses the Crypto interface to get keys and certificates for
-signature creation/verification, as is asserted by the WSDL for this
-service. The WSS4J configuration information being provided by
-BearerImpl is for Crypto’s Merlin implementation. More information will
-be provided about this in the keystore section.
-
-
-
Because the web service provider automatically trusts that the incoming
-SOAP request came from the subject defined in the SAML token there is no
-need for a Crypto callbackHandler class or a signature username, unlike
-in prior examples, however in order to verify the message signature, the
-Java properties file that contains the (Merlin) crypto configuration
-information is still required.
WSS4J’s Crypto implementation is loaded and configured via a Java
-properties file that contains Crypto configuration data. The file
-contains implementation-specific properties such as a keystore location,
-password, default alias and the like. This application is using the
-Merlin implementation. File serviceKeystore.properties contains this
-information.
-
-
-
File servicestore.jks, is a Java KeyStore (JKS) repository. It contains
-self signed certificates for myservicekey and mystskey. Self signed
-certificates are not appropriate for production use.
When deployed on WildFly this application requires access to the JBossWs
-and CXF APIs provided in module org.jboss.ws.cxf.jbossws-cxf-client. The
-dependency statement directs the server to provide them at deployment.
This section examines the crucial elements in providing the Security
-Token Service functionality for providing a SAML Bearer token. The
-components that will be discussed are.
-
-
-
-
-
Security Domain
-
-
-
STS’s WSDL
-
-
-
STS’s implementation class
-
-
-
STSBearerCallbackHandler
-
-
-
Crypto properties and keystore files
-
-
-
MANIFEST.MF
-
-
-
-
-Security Domain
-
-
The STS requires a JBoss security domain be configured. The
-jboss-web.xml descriptor declares a named security
-domain,"JBossWS-trust-sts" to be used by this service for
-authentication. This security domain requires two properties files and
-the addition of a security-domain declaration in the JBoss server
-configuration file.
-
-
-
For this scenario the domain needs to contain user alice, password
-clarinet, and role friend. See the listings below for
-jbossws-users.properties and jbossws-roles.properties. In addition the
-following XML elements must be added to the Elytron subsystem in the
-server configuration file. Replace " SOME_PATH" with appropriate
-information and then configure authentication with this security domain.
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" ">
-<jboss-web>
- <security-domain>java:/jaas/JBossWS-trust-sts</security-domain>
-</jboss-web>
-
-
-
-
jbossws-users.properties
-
-
-
-
# A sample users.properties file for use with the UsersRolesLoginModule
-alice=clarinet
-
-
-
-
jbossws-roles.properties
-
-
-
-
# A sample roles.properties file for use with the UsersRolesLoginModule
-alice=friend
-
-
-
-
-STS’s WSDL
-
-
-
<?xml version="1.0" encoding="UTF-8"?>
-<wsdl:definitions
- targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
- xmlns:tns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
- xmlns:wstrust="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
- xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
- xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
- xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl"
- xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsp="http://www.w3.org/ns/ws-policy"
- xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
- xmlns:xs="http://www.w3.org/2001/XMLSchema"
- xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
-
- <wsdl:types>
- <xs:schemaelementFormDefault="qualified"
- targetNamespace='http://docs.oasis-open.org/ws-sx/ws-trust/200512'>
-
- <xs:elementname='RequestSecurityToken'
- type='wst:AbstractRequestSecurityTokenType'/>
- <xs:elementname='RequestSecurityTokenResponse'
- type='wst:AbstractRequestSecurityTokenType'/>
-
- <xs:complexTypename='AbstractRequestSecurityTokenType'>
- <xs:sequence>
- <xs:anynamespace='##any'processContents='lax'minOccurs='0'
- maxOccurs='unbounded'/>
- </xs:sequence>
- <xs:attributename='Context'type='xs:anyURI'use='optional'/>
- <xs:anyAttributenamespace='##other'processContents='lax'/>
- </xs:complexType>
- <xs:elementname='RequestSecurityTokenCollection'
- type='wst:RequestSecurityTokenCollectionType'/>
- <xs:complexTypename='RequestSecurityTokenCollectionType'>
- <xs:sequence>
- <xs:elementname='RequestSecurityToken'
- type='wst:AbstractRequestSecurityTokenType'minOccurs='2'
- maxOccurs='unbounded'/>
- </xs:sequence>
- </xs:complexType>
-
- <xs:elementname='RequestSecurityTokenResponseCollection'
- type='wst:RequestSecurityTokenResponseCollectionType'/>
- <xs:complexTypename='RequestSecurityTokenResponseCollectionType'>
- <xs:sequence>
- <xs:elementref='wst:RequestSecurityTokenResponse'minOccurs='1'
- maxOccurs='unbounded'/>
- </xs:sequence>
- <xs:anyAttributenamespace='##other'processContents='lax'/>
- </xs:complexType>
-
- </xs:schema>
- </wsdl:types>
-
- <!-- WS-Trust defines the following GEDs -->
- <wsdl:messagename="RequestSecurityTokenMsg">
- <wsdl:partname="request"element="wst:RequestSecurityToken"/>
- </wsdl:message>
- <wsdl:messagename="RequestSecurityTokenResponseMsg">
- <wsdl:partname="response"
- element="wst:RequestSecurityTokenResponse"/>
- </wsdl:message>
- <wsdl:messagename="RequestSecurityTokenCollectionMsg">
- <wsdl:partname="requestCollection"
- element="wst:RequestSecurityTokenCollection"/>
- </wsdl:message>
- <wsdl:messagename="RequestSecurityTokenResponseCollectionMsg">
- <wsdl:partname="responseCollection"
- element="wst:RequestSecurityTokenResponseCollection"/>
- </wsdl:message>
-
- <!-- This portType an example of a Requestor (or other) endpoint that
- Accepts SOAP-based challenges from a Security Token Service -->
- <wsdl:portTypename="WSSecurityRequestor">
- <wsdl:operationname="Challenge">
- <wsdl:inputmessage="tns:RequestSecurityTokenResponseMsg"/>
- <wsdl:outputmessage="tns:RequestSecurityTokenResponseMsg"/>
- </wsdl:operation>
- </wsdl:portType>
-
- <!-- This portType is an example of an STS supporting full protocol -->
- <!--
- The wsdl:portType and data types are XML elements defined by the
- WS_Trust specification. The wsdl:portType defines the endpoints
- supported in the STS implementation. This WSDL defines all operations
- that an STS implementation can support.
- -->
- <wsdl:portTypename="STS">
- <wsdl:operationname="Cancel">
- <wsdl:input
- wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"
- message="tns:RequestSecurityTokenMsg"/>
- <wsdl:output
- wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinal"
- message="tns:RequestSecurityTokenResponseMsg"/>
- </wsdl:operation>
- <wsdl:operationname="Issue">
- <wsdl:input
- wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"
- message="tns:RequestSecurityTokenMsg"/>
- <wsdl:output
- wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal"
- message="tns:RequestSecurityTokenResponseCollectionMsg"/>
- </wsdl:operation>
- <wsdl:operationname="Renew">
- <wsdl:input
- wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"
- message="tns:RequestSecurityTokenMsg"/>
- <wsdl:output
- wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal"
- message="tns:RequestSecurityTokenResponseMsg"/>
- </wsdl:operation>
- <wsdl:operationname="Validate">
- <wsdl:input
- wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"
- message="tns:RequestSecurityTokenMsg"/>
- <wsdl:output
- wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinal"
- message="tns:RequestSecurityTokenResponseMsg"/>
- </wsdl:operation>
- <wsdl:operationname="KeyExchangeToken">
- <wsdl:input
- wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KET"
- message="tns:RequestSecurityTokenMsg"/>
- <wsdl:output
- wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/KETFinal"
- message="tns:RequestSecurityTokenResponseMsg"/>
- </wsdl:operation>
- <wsdl:operationname="RequestCollection">
- <wsdl:inputmessage="tns:RequestSecurityTokenCollectionMsg"/>
- <wsdl:outputmessage="tns:RequestSecurityTokenResponseCollectionMsg"/>
- </wsdl:operation>
- </wsdl:portType>
-
- <!-- This portType is an example of an endpoint that accepts
- Unsolicited RequestSecurityTokenResponse messages -->
- <wsdl:portTypename="SecurityTokenResponseService">
- <wsdl:operationname="RequestSecurityTokenResponse">
- <wsdl:inputmessage="tns:RequestSecurityTokenResponseMsg"/>
- </wsdl:operation>
- </wsdl:portType>
-
- <!--
- The wsp:PolicyReference binds the security requirments on all the STS endpoints.
- The wsp:Policy wsu:Id="UT_policy" element is later in this file.
- -->
- <wsdl:bindingname="UT_Binding"type="wstrust:STS">
- <wsp:PolicyReferenceURI="#UT_policy"/>
- <soap:bindingstyle="document"
- transport="http://schemas.xmlsoap.org/soap/http"/>
- <wsdl:operationname="Issue">
- <soap:operation
- soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"/>
- <wsdl:input>
- <wsp:PolicyReference
- URI="#Input_policy"/>
- <soap:bodyuse="literal"/>
- </wsdl:input>
- <wsdl:output>
- <wsp:PolicyReference
- URI="#Output_policy"/>
- <soap:bodyuse="literal"/>
- </wsdl:output>
- </wsdl:operation>
- <wsdl:operationname="Validate">
- <soap:operation
- soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"/>
- <wsdl:input>
- <wsp:PolicyReference
- URI="#Input_policy"/>
- <soap:bodyuse="literal"/>
- </wsdl:input>
- <wsdl:output>
- <wsp:PolicyReference
- URI="#Output_policy"/>
- <soap:bodyuse="literal"/>
- </wsdl:output>
- </wsdl:operation>
- <wsdl:operationname="Cancel">
- <soap:operation
- soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"/>
- <wsdl:input>
- <soap:bodyuse="literal"/>
- </wsdl:input>
- <wsdl:output>
- <soap:bodyuse="literal"/>
- </wsdl:output>
- </wsdl:operation>
- <wsdl:operationname="Renew">
- <soap:operation
- soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"/>
- <wsdl:input>
- <soap:bodyuse="literal"/>
- </wsdl:input>
- <wsdl:output>
- <soap:bodyuse="literal"/>
- </wsdl:output>
- </wsdl:operation>
- <wsdl:operationname="KeyExchangeToken">
- <soap:operation
- soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken"/>
- <wsdl:input>
- <soap:bodyuse="literal"/>
- </wsdl:input>
- <wsdl:output>
- <soap:bodyuse="literal"/>
- </wsdl:output>
- </wsdl:operation>
- <wsdl:operationname="RequestCollection">
- <soap:operation
- soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection"/>
- <wsdl:input>
- <soap:bodyuse="literal"/>
- </wsdl:input>
- <wsdl:output>
- <soap:bodyuse="literal"/>
- </wsdl:output>
- </wsdl:operation>
- </wsdl:binding>
-
- <wsdl:servicename="SecurityTokenService">
- <wsdl:portname="UT_Port"binding="tns:UT_Binding">
- <soap:addresslocation="http://localhost:8080/SecurityTokenService/UT"/>
- </wsdl:port>
- </wsdl:service>
-
-
- <wsp:Policywsu:Id="UT_policy">
- <wsp:ExactlyOne>
- <wsp:All>
- <!--
- The sp:UsingAddressing element, indicates that the endpoints of this
- web service conforms to the WS-Addressing specification. More detail
- can be found here: [http://www.w3.org/TR/2006/CR-ws-addr-wsdl-20060529]
- -->
- <wsap10:UsingAddressing/>
- <!--
- The sp:SymmetricBinding element indicates that security is provided
- at the SOAP layer and any initiator must authenticate itself by providing
- WSS UsernameToken credentials.
- -->
- <sp:SymmetricBinding
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <wsp:Policy>
- <!--
- In a symmetric binding, the keys used for encrypting and signing in both
- directions are derived from a single key, the one specified by the
- sp:ProtectionToken element. The sp:X509Token sub-element declares this
- key to be a X.509 certificate and the
- IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never"
- attribute adds the requirement that the token MUST NOT be included in
- any messages sent between the initiator and the recipient; rather, an
- external reference to the token should be used. Lastly the WssX509V3Token10
- sub-element declares that the Username token presented by the initiator
- should be compliant with Web Services Security UsernameToken Profile
- 1.0 specification. [ http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf ]
- -->
- <sp:ProtectionToken>
- <wsp:Policy>
- <sp:X509Token
- sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
- <wsp:Policy>
- <sp:RequireDerivedKeys/>
- <sp:RequireThumbprintReference/>
- <sp:WssX509V3Token10/>
- </wsp:Policy>
- </sp:X509Token>
- </wsp:Policy>
- </sp:ProtectionToken>
- <!--
- The sp:AlgorithmSuite element, requires the Basic256 algorithm suite
- be used in performing cryptographic operations.
- -->
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:Basic256/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
- <!--
- The sp:Layout element, indicates the layout rules to apply when adding
- items to the security header. The sp:Lax sub-element indicates items
- are added to the security header in any order that conforms to
- WSS: SOAP Message Security.
- -->
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- <sp:EncryptSignature/>
- <sp:OnlySignEntireHeadersAndBody/>
- </wsp:Policy>
- </sp:SymmetricBinding>
-
- <!--
- The sp:SignedSupportingTokens element declares that the security header
- of messages must contain a sp:UsernameToken and the token must be signed.
- The attribute IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"
- on sp:UsernameToken indicates that the token MUST be included in all
- messages sent from initiator to the recipient and that the token MUST
- NOT be included in messages sent from the recipient to the initiator.
- And finally the element sp:WssUsernameToken10 is a policy assertion
- indicating the Username token should be as defined in Web Services
- Security UsernameToken Profile 1.0
- -->
- <sp:SignedSupportingTokens
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <wsp:Policy>
- <sp:UsernameToken
- sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
- <wsp:Policy>
- <sp:WssUsernameToken10/>
- </wsp:Policy>
- </sp:UsernameToken>
- </wsp:Policy>
- </sp:SignedSupportingTokens>
- <!--
- The sp:Wss11 element declares WSS: SOAP Message Security 1.1 options
- to be supported by the STS. These particular elements generally refer
- to how keys are referenced within the SOAP envelope. These are normally
- handled by CXF.
- -->
- <sp:Wss11
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <wsp:Policy>
- <sp:MustSupportRefKeyIdentifier/>
- <sp:MustSupportRefIssuerSerial/>
- <sp:MustSupportRefThumbprint/>
- <sp:MustSupportRefEncryptedKey/>
- </wsp:Policy>
- </sp:Wss11>
- <!--
- The sp:Trust13 element declares controls for WS-Trust 1.3 options.
- They are policy assertions related to exchanges specifically with
- client and server challenges and entropy behaviors. Again these are
- normally handled by CXF.
- -->
- <sp:Trust13
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <wsp:Policy>
- <sp:MustSupportIssuedTokens/>
- <sp:RequireClientEntropy/>
- <sp:RequireServerEntropy/>
- </wsp:Policy>
- </sp:Trust13>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
-
- <wsp:Policywsu:Id="Input_policy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:SignedParts
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <sp:Body/>
- <sp:HeaderName="To"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="From"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="FaultTo"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="ReplyTo"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="MessageID"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="RelatesTo"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="Action"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- </sp:SignedParts>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
-
- <wsp:Policywsu:Id="Output_policy">
- <wsp:ExactlyOne>
- <wsp:All>
- <sp:SignedParts
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <sp:Body/>
- <sp:HeaderName="To"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="From"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="FaultTo"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="ReplyTo"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="MessageID"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="RelatesTo"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- <sp:HeaderName="Action"
- Namespace="http://www.w3.org/2005/08/addressing"/>
- </sp:SignedParts>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
-
-</wsdl:definitions>
-
-
-
-
-STS’s implementation class
-
-
The Apache CXF’s STS, SecurityTokenServiceProvider, is a web service
-provider that is compliant with the protocols and functionality defined
-by the WS-Trust specification. It has a modular architecture. Many of
-its components are configurable or replaceable and there are many
-optional features that are enabled by implementing and configuring
-plug-ins. Users can customize their own STS by extending from
-SecurityTokenServiceProvider and overriding the default settings.
-Extensive information about the CXF’s STS configurable and pluggable
-components can be found
-here.
-
-
-
This STS implementation class, SampleSTSBearer, is a POJO that extends
-from SecurityTokenServiceProvider. Note that the class is defined with a
-WebServiceProvider annotation and not a WebService annotation. This
-annotation defines the service as a Provider-based endpoint, meaning it
-supports a more messaging-oriented approach to Web services. In
-particular, it signals that the exchanged messages will be XML documents
-of some type. SecurityTokenServiceProvider is an implementation of the
-jakarta.xml.ws.Provider interface. In comparison the WebService annotation
-defines a (service endpoint interface) SEI-based endpoint which supports
-message exchange via SOAP envelopes.
-
-
-
As was done in the BearerImpl class, the WSS4J annotations
-EndpointProperties and EndpointProperty are providing endpoint
-configuration for the CXF runtime. The first EndpointProperty statement
-in the listing is declaring the user’s name to use for the message
-signature. It is used as the alias name in the keystore to get the
-user’s cert and private key for signature. The next two EndpointProperty
-statements declares the Java properties file that contains the (Merlin)
-crypto configuration information. In this case both for signing and
-encrypting the messages. WSS4J reads this file and extra required
-information for message handling. The last EndpointProperty statement
-declares the STSBearerCallbackHandler implementation class. It is used
-to obtain the user’s password for the certificates in the keystore file.
-
-
-
In this implementation we are customizing the operations of token
-issuance, token validation and their static properties.
-
-
-
StaticSTSProperties is used to set select properties for configuring
-resources in the STS. You may think this is a duplication of the
-settings made with the WSS4J annotations. The values are the same but
-the underlaying structures being set are different, thus this
-information must be declared in both places.
-
-
-
The setIssuer setting is important because it uniquely identifies the
-issuing STS. The issuer string is embedded in issued tokens and, when
-validating tokens, the STS checks the issuer string value. Consequently,
-it is important to use the issuer string in a consistent way, so that
-the STS can recognize the tokens that it has issued.
-
-
-
The setEndpoints call allows the declaration of a set of allowed token
-recipients by address. The addresses are specified as reg-ex patterns.
-
-
-
TokenIssueOperation has a modular structure. This allows custom
-behaviors to be injected into the processing of messages. In this case
-we are overriding the SecurityTokenServiceProvider’s default behavior
-and performing SAML token processing. CXF provides an implementation of
-a SAMLTokenProvider which we are using rather than writing our own.
STSBearerCallbackHandler is a callback handler for the WSS4J Crypto API.
-It is used to obtain the password for the private key in the keystore.
-This class enables CXF to retrieve the password of the user name to use
-for the message signature.
WSS4J’s Crypto implementation is loaded and configured via a Java
-properties file that contains Crypto configuration data. The file
-contains implementation-specific properties such as a keystore location,
-password, default alias and the like. This application is using the
-Merlin implementation. File stsKeystore.properties contains this
-information.
-
-
-
File servicestore.jks, is a Java KeyStore (JKS) repository. It contains
-self signed certificates for myservicekey and mystskey. Self signed
-certificates are not appropriate for production use.
When deployed on WildFly, this application requires access to the
-JBossWs and CXF APIs provided in modules
-org.jboss.ws.cxf.jbossws-cxf-client and org.apache.cxf. The Apache CXF
-internals, org.apache.cxf.impl, are needed to build the STS
-configuration in the SampleSTS constructor. The dependency statement
-directs the server to provide them at deployment.
This section examines the crucial elements in calling a web service that
-implements endpoint security as described in the SAML Bearer scenario.
-The components that will be discussed are.
-
-
-
-
-
Web service requester’s implementation
-
-
-
ClientCallbackHandler
-
-
-
Crypto properties and keystore files
-
-
-
-
-Web service requester Implementation
-
-
The ws-requester, the client, uses standard procedures for creating a
-reference to the web service. To address the endpoint security
-requirements, the web service’s "Request Context" is configured with the
-information needed in message generation. In addition, the STSClient
-that communicates with the STS is configured with similar values. Note
-the key strings ending with a ".it" suffix. This suffix flags these
-settings as belonging to the STSClient. The internal CXF code assigns
-this information to the STSClient that is auto-generated for this
-service call.
-
-
-
There is an alternate method of setting up the STSCLient. The user may
-provide their own instance of the STSClient. The CXF code will use this
-object and not auto-generate one. When providing the STSClient in this
-way, the user must provide a org.apache.cxf.Bus for it and the
-configuration keys must not have the ".it" suffix. This is used in the
-ActAs and OnBehalfOf examples.
-
-
-
-
String serviceURL = "https://" + getServerHost() + ":8443/jaxws-samples-wsse-policy-trust-bearer/BearerService";
-
- finalQName serviceName = newQName("http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypolicy", "BearerService");
- Service service = Service.create(newURL(serviceURL + "?wsdl"), serviceName);
- BearerIface proxy = (BearerIface) service.getPort(BearerIface.class);
-
- Map<String, Object> ctx = ((BindingProvider)proxy).getRequestContext();
-
- // set the security related configuration information for the service "request"
- ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
- ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
- ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
- ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
- ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myservicekey");
-
- //-- Configuration settings that will be transfered to the STSClient
- // "alice" is the name provided for the WSS Username. Her password will
- // be retreived from the ClientCallbackHander by the STSClient.
- ctx.put(SecurityConstants.USERNAME + ".it", "alice");
- ctx.put(SecurityConstants.CALLBACK_HANDLER + ".it", new ClientCallbackHandler());
- ctx.put(SecurityConstants.ENCRYPT_PROPERTIES + ".it",
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
- ctx.put(SecurityConstants.ENCRYPT_USERNAME + ".it", "mystskey");
- ctx.put(SecurityConstants.STS_TOKEN_USERNAME + ".it", "myclientkey");
- ctx.put(SecurityConstants.STS_TOKEN_PROPERTIES + ".it",
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
- ctx.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO + ".it", "true");
-
- proxy.sayHello();
ClientCallbackHandler is a callback handler for the WSS4J Crypto API. It
-is used to obtain the password for the private key in the keystore. This
-class enables CXF to retrieve the password of the user name to use for
-the message signature. Note that "alice" and her password have been
-provided here. This information is not in the (JKS) keystore but
-provided in the WildFly security domain. It was declared in file
-jbossws-users.properties.
WSS4J’s Crypto implementation is loaded and configured via a Java
-properties file that contains Crypto configuration data. The file
-contains implementation-specific properties such as a keystore location,
-password, default alias and the like. This application is using the
-Merlin implementation. File clientKeystore.properties contains this
-information.
-
-
-
File clientstore.jks, is a Java KeyStore (JKS) repository. It contains
-self signed certificates for myservicekey and mystskey. Self signed
-certificates are not appropriate for production use.
WS-Trust deals with managing software security tokens. A SAML assertion
-is a type of security token. In the Holder-Of-Key method, the STS
-creates a SAML token containing the client’s public key and signs the
-SAML token with its private key. The client includes the SAML token and
-signs the outgoing soap envelope to the web service with its private
-key. The web service validates the SOAP message and the SAML token.
-
-
-
Implementation of this scenario has the following requirements.
-
-
-
-
-
SAML tokens with a Holder-Of-Key subject confirmation method must be
-protected so the token can not be snooped. In most cases, a
-Holder-Of-Key token combined with HTTPS is sufficient to prevent "a man
-in the middle" getting possession of the token. This means a security
-policy that uses a sp:TransportBinding and sp:HttpsToken.
-
-
-
A Holder-Of-Key token has no encryption or signing keys associated
-with it, therefore a sp:IssuedToken of SymmetricKey or PublicKey keyType
-should be used with a sp:SignedEndorsingSupportingTokens.
-
-
-
-
-
Web service Provider
-
-
This section examines the web service elements for the SAML
-Holder-Of-Key scenario. The components are
-
-
-
-
-
Web service provider’s WSDL
-
-
-
SSL configuration
-
-
-
Web service provider’s Interface and Implementation classes.
-
-
-
Crypto properties and keystore files
-
-
-
MANIFEST.MF
-
-
-
-
-Web service provider WSDL
-
-
The web service provider is a contract-first endpoint. All the WS-trust
-and security policies for it are declared in the WSDL,
-HolderOfKeyService.wsdl. For this scenario a ws-requester is required to
-present a SAML 2.0 token of SymmetricKey keyType, issued from a designed
-STS. The address of the STS is provided in the WSDL. A transport binding
-policy is used. The token is declared to be signed and endorsed,
-sp:SignedEndorsingSupportingTokens. A detailed explanation of the
-security settings are provided in the comments in the listing below.
-
-
-
-
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<definitionstargetNamespace="http://www.jboss.org/jbossws/ws-extensions/holderofkeywssecuritypolicy"
- name="HolderOfKeyService"
- xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/holderofkeywssecuritypolicy"
- xmlns:xsd="http://www.w3.org/2001/XMLSchema"
- xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
- xmlns="http://schemas.xmlsoap.org/wsdl/"
- xmlns:wsp="http://www.w3.org/ns/ws-policy"
- xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
- xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
- xmlns:wsaws="http://www.w3.org/2005/08/addressing"
- xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
- xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
-
- <types>
- <xsd:schema>
- <xsd:importnamespace="http://www.jboss.org/jbossws/ws-extensions/holderofkeywssecuritypolicy"
- schemaLocation="HolderOfKeyService_schema1.xsd"/>
- </xsd:schema>
- </types>
- <messagename="sayHello">
- <partname="parameters"element="tns:sayHello"/>
- </message>
- <messagename="sayHelloResponse">
- <partname="parameters"element="tns:sayHelloResponse"/>
- </message>
- <portTypename="HolderOfKeyIface">
- <operationname="sayHello">
- <inputmessage="tns:sayHello"/>
- <outputmessage="tns:sayHelloResponse"/>
- </operation>
- </portType>
-<!--
- The wsp:PolicyReference binds the security requirments on all the endpoints.
- The wsp:Policy wsu:Id="#TransportSAML2HolderOfKeyPolicy" element is defined later in this file.
--->
- <bindingname="HolderOfKeyServicePortBinding"type="tns:HolderOfKeyIface">
- <wsp:PolicyReferenceURI="#TransportSAML2HolderOfKeyPolicy"/>
- <soap:bindingtransport="http://schemas.xmlsoap.org/soap/http"style="document"/>
- <operationname="sayHello">
- <soap:operationsoapAction=""/>
- <input>
- <soap:bodyuse="literal"/>
- </input>
- <output>
- <soap:bodyuse="literal"/>
- </output>
- </operation>
- </binding>
-<!--
- The soap:address has been defined to use JBoss's https port, 8443. This is
- set in conjunction with the sp:TransportBinding policy for https.
--->
- <servicename="HolderOfKeyService">
- <portname="HolderOfKeyServicePort"binding="tns:HolderOfKeyServicePortBinding">
- <soap:addresslocation="https://@jboss.bind.address@:8443/jaxws-samples-wsse-policy-trust-holderofkey/HolderOfKeyService"/>
- </port>
- </service>
-
-
- <wsp:Policywsu:Id="TransportSAML2HolderOfKeyPolicy">
- <wsp:ExactlyOne>
- <wsp:All>
- <!--
- The wsam:Addressing element, indicates that the endpoints of this
- web service MUST conform to the WS-Addressing specification. The
- attribute wsp:Optional="false" enforces this assertion.
- -->
- <wsam:Addressingwsp:Optional="false">
- <wsp:Policy/>
- </wsam:Addressing>
-<!--
- The sp:TransportBinding element indicates that security is provided by the
- message exchange transport medium, https. WS-Security policy specification
- defines the sp:HttpsToken for use in exchanging messages transmitted over HTTPS.
--->
- <sp:TransportBinding
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <wsp:Policy>
- <sp:TransportToken>
- <wsp:Policy>
- <sp:HttpsToken>
- <wsp:Policy/>
- </sp:HttpsToken>
- </wsp:Policy>
- </sp:TransportToken>
-<!--
- The sp:AlgorithmSuite element, requires the TripleDes algorithm suite
- be used in performing cryptographic operations.
--->
- <sp:AlgorithmSuite>
- <wsp:Policy>
- <sp:TripleDes/>
- </wsp:Policy>
- </sp:AlgorithmSuite>
-<!--
- The sp:Layout element, indicates the layout rules to apply when adding
- items to the security header. The sp:Lax sub-element indicates items
- are added to the security header in any order that conforms to
- WSS: SOAP Message Security.
--->
- <sp:Layout>
- <wsp:Policy>
- <sp:Lax/>
- </wsp:Policy>
- </sp:Layout>
- <sp:IncludeTimestamp/>
- </wsp:Policy>
- </sp:TransportBinding>
-
-<!--
- The sp:SignedEndorsingSupportingTokens, when transport level security level is
- used there will be no message signature and the signature generated by the
- supporting token will sign the Timestamp.
--->
- <sp:SignedEndorsingSupportingTokens
- xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
- <wsp:Policy>
-<!--
- The sp:IssuedToken element asserts that a SAML 2.0 security token of type
- Bearer is expected from the STS. The
- sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
- attribute instructs the runtime to include the initiator's public key
- with every message sent to the recipient.
-
- The sp:RequestSecurityTokenTemplate element directs that all of the
- children of this element will be copied directly into the body of the
- RequestSecurityToken (RST) message that is sent to the STS when the
- initiator asks the STS to issue a token.
--->
- <sp:IssuedToken
- sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
- <sp:RequestSecurityTokenTemplate>
- <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
- <!--
- KeyType of "SymmetricKey", the client must prove to the WS service that it
- possesses a particular symmetric session key.
- -->
- <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</t:KeyType>
- </sp:RequestSecurityTokenTemplate>
- <wsp:Policy>
- <sp:RequireInternalReference/>
- </wsp:Policy>
-<!--
- The sp:Issuer element defines the STS's address and endpoint information
- This information is used by the STSClient.
--->
- <sp:Issuer>
- <wsaws:Address>http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-holderofkey/SecurityTokenService</wsaws:Address>
- <wsaws:Metadata
- xmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance"
- wsdli:wsdlLocation="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-holderofkey/SecurityTokenService?wsdl">
- <wsaw:ServiceName
- xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
- xmlns:stsns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
- EndpointName="UT_Port">stsns:SecurityTokenService</wsaw:ServiceName>
- </wsaws:Metadata>
- </sp:Issuer>
-
- </sp:IssuedToken>
- </wsp:Policy>
- </sp:SignedEndorsingSupportingTokens>
-<!--
- The sp:Wss11 element declares WSS: SOAP Message Security 1.1 options
- to be supported by the STS. These particular elements generally refer
- to how keys are referenced within the SOAP envelope. These are normally
- handled by CXF.
--->
- <sp:Wss11>
- <wsp:Policy>
- <sp:MustSupportRefIssuerSerial/>
- <sp:MustSupportRefThumbprint/>
- <sp:MustSupportRefEncryptedKey/>
- </wsp:Policy>
- </sp:Wss11>
-<!--
- The sp:Trust13 element declares controls for WS-Trust 1.3 options.
- They are policy assertions related to exchanges specifically with
- client and server challenges and entropy behaviors. Again these are
- normally handled by CXF.
--->
- <sp:Trust13>
- <wsp:Policy>
- <sp:MustSupportIssuedTokens/>
- <sp:RequireClientEntropy/>
- <sp:RequireServerEntropy/>
- </wsp:Policy>
- </sp:Trust13>
- </wsp:All>
- </wsp:ExactlyOne>
- </wsp:Policy>
-
-</definitions>
This web service is using https, therefore the JBoss server must be
-configured to provide SSL support in the Web subsystem. There are 2
-components to SSL configuration.
-
-
-
-
-
create a certificate keystore
-
-
-
declare an SSL connector in the Web subsystem of the JBoss server
-configuration file.
The web service provider implementation class, HolderOfKeyImpl, is a
-simple POJO. It uses the standard WebService annotation to define the
-service endpoint. In addition there are two Apache CXF annotations,
-EndpointProperties and EndpointProperty used for configuring the
-endpoint for the CXF runtime. These annotations come from the
-Apache WSS4J project, which provides a
-Java implementation of the primary WS-Security standards for Web
-Services. These annotations are programmatically adding properties to
-the endpoint. With plain Apache CXF, these properties are often set via
-the <jaxws:properties> element on the <jaxws:endpoint> element in the
-Spring config; these annotations allow the properties to be configured
-in the code.
-
-
-
WSS4J uses the Crypto interface to get keys and certificates for
-signature creation/verification, as is asserted by the WSDL for this
-service. The WSS4J configuration information being provided by
-HolderOfKeyImpl is for Crypto’s Merlin implementation. More information
-will be provided about this in the keystore section.
-
-
-
The first EndpointProperty statement in the listing disables ensurance
-of compliance with the Basic Security Profile 1.1. The next
-EndpointProperty statements declares the Java properties file that
-contains the (Merlin) crypto configuration information. The last
-EndpointProperty statement declares the STSHolderOfKeyCallbackHandler
-implementation class. It is used to obtain the user’s password for the
-certificates in the keystore file.
WSS4J’s Crypto implementation is loaded and configured via a Java
-properties file that contains Crypto configuration data. The file
-contains implementation-specific properties such as a keystore location,
-password, default alias and the like. This application is using the
-Merlin implementation. File serviceKeystore.properties contains this
-information.
-
-
-
File servicestore.jks, is a Java KeyStore (JKS) repository. It contains
-self signed certificates for myservicekey and mystskey. Self signed
-certificates are not appropriate for production use.
When deployed on WildFly this application requires access to the JBossWs
-and CXF APIs provided in module org.jboss.ws.cxf.jbossws-cxf-client. The
-dependency statement directs the server to provide them at deployment.
This section examines the crucial elements in providing the Security
-Token Service functionality for providing a SAML Holder-Of-Key token.
-The components that will be discussed are.
-
-
-
-
-
Security Domain
-
-
-
STS’s WSDL
-
-
-
STS’s implementation class
-
-
-
STSBearerCallbackHandler
-
-
-
Crypto properties and keystore files
-
-
-
MANIFEST.MF
-
-
-
-
-Security Domain
-
-
The STS requires a JBoss security domain be configured. The
-jboss-web.xml descriptor declares a named security
-domain,"JBossWS-trust-sts" to be used by this service for
-authentication. This security domain requires two properties files and
-the addition of a security-domain declaration in the JBoss server
-configuration file.
-
-
-
For this scenario the domain needs to contain user alice, password
-clarinet, and role friend. See the listings below for
-jbossws-users.properties and jbossws-roles.properties. In addition the
-following XML elements must be added to the Elytron subsystem in the
-server configuration file. Replace " SOME_PATH" with appropriate
-information and then configure authentication with this security domain.
The Apache CXF’s STS, SecurityTokenServiceProvider, is a web service
-provider that is compliant with the protocols and functionality defined
-by the WS-Trust specification. It has a modular architecture. Many of
-its components are configurable or replaceable and there are many
-optional features that are enabled by implementing and configuring
-plug-ins. Users can customize their own STS by extending from
-SecurityTokenServiceProvider and overriding the default settings.
-Extensive information about the CXF’s STS configurable and pluggable
-components can be found
-here.
-
-
-
This STS implementation class, SampleSTSHolderOfKey, is a POJO that
-extends from SecurityTokenServiceProvider. Note that the class is
-defined with a WebServiceProvider annotation and not a WebService
-annotation. This annotation defines the service as a Provider-based
-endpoint, meaning it supports a more messaging-oriented approach to Web
-services. In particular, it signals that the exchanged messages will be
-XML documents of some type. SecurityTokenServiceProvider is an
-implementation of the jakarta.xml.ws.Provider interface. In comparison the
-WebService annotation defines a (service endpoint interface) SEI-based
-endpoint which supports message exchange via SOAP envelopes.
-
-
-
As was done in the HolderOfKeyImpl class, the WSS4J annotations
-EndpointProperties and EndpointProperty are providing endpoint
-configuration for the CXF runtime. The first EndpointProperty statements
-declares the Java properties file that contains the (Merlin) crypto
-configuration information. WSS4J reads this file and extra required
-information for message handling. The last EndpointProperty statement
-declares the STSHolderOfKeyCallbackHandler implementation class. It is
-used to obtain the user’s password for the certificates in the keystore
-file.
-
-
-
In this implementation we are customizing the operations of token
-issuance and their static properties.
-
-
-
StaticSTSProperties is used to set select properties for configuring
-resources in the STS. You may think this is a duplication of the
-settings made with the WSS4J annotations. The values are the same but
-the underlaying structures being set are different, thus this
-information must be declared in both places.
-
-
-
The setIssuer setting is important because it uniquely identifies the
-issuing STS. The issuer string is embedded in issued tokens and, when
-validating tokens, the STS checks the issuer string value. Consequently,
-it is important to use the issuer string in a consistent way, so that
-the STS can recognize the tokens that it has issued.
-
-
-
The setEndpoints call allows the declaration of a set of allowed token
-recipients by address. The addresses are specified as reg-ex patterns.
-
-
-
TokenIssueOperation has a modular structure. This allows custom
-behaviors to be injected into the processing of messages. In this case
-we are overriding the SecurityTokenServiceProvider’s default behavior
-and performing SAML token processing. CXF provides an implementation of
-a SAMLTokenProvider which we are using rather than writing our own.
STSHolderOfKeyCallbackHandler is a callback handler for the WSS4J Crypto
-API. It is used to obtain the password for the private key in the
-keystore. This class enables CXF to retrieve the password of the user
-name to use for the message signature.
WSS4J’s Crypto implementation is loaded and configured via a Java
-properties file that contains Crypto configuration data. The file
-contains implementation-specific properties such as a keystore location,
-password, default alias and the like. This application is using the
-Merlin implementation. File stsKeystore.properties contains this
-information.
-
-
-
File servicestore.jks, is a Java KeyStore (JKS) repository. It contains
-self signed certificates for myservicekey and mystskey. Self signed
-certificates are not appropriate for production use.
When deployed on WildFly, this application requires access to the
-JBossWs and CXF APIs provided in modules
-org.jboss.ws.cxf.jbossws-cxf-client and org.apache.cxf. The Apache CXF
-internals, org.apache.cxf.impl, are needed to build the STS
-configuration in the SampleSTSHolderOfKey constructor. The dependency
-statement directs the server to provide them at deployment.
This section examines the crucial elements in calling a web service that
-implements endpoint security as described in the SAML Holder-Of-Key
-scenario. The components that will be discussed are.
-
-
-
-
-
web service requester’s implementation
-
-
-
ClientCallbackHandler
-
-
-
Crypto properties and keystore files
-
-
-
-
-Web service requester Implementation
-
-
The ws-requester, the client, uses standard procedures for creating a
-reference to the web service. To address the endpoint security
-requirements, the web service’s "Request Context" is configured with the
-information needed in message generation. In addition, the STSClient
-that communicates with the STS is configured with similar values. Note
-the key strings ending with a ".it" suffix. This suffix flags these
-settings as belonging to the STSClient. The internal CXF code assigns
-this information to the STSClient that is auto-generated for this
-service call.
-
-
-
There is an alternate method of setting up the STSCLient. The user may
-provide their own instance of the STSClient. The CXF code will use this
-object and not auto-generate one. When providing the STSClient in this
-way, the user must provide a org.apache.cxf.Bus for it and the
-configuration keys must not have the ".it" suffix. This is used in the
-ActAs and OnBehalfOf examples.
-
-
-
-
String serviceURL = "https://" + getServerHost() + ":8443/jaxws-samples-wsse-policy-trust-holderofkey/HolderOfKeyService";
-
-finalQName serviceName = newQName("http://www.jboss.org/jbossws/ws-extensions/holderofkeywssecuritypolicy", "HolderOfKeyService");
-finalURL wsdlURL = newURL(serviceURL + "?wsdl");
-Service service = Service.create(wsdlURL, serviceName);
-HolderOfKeyIface proxy = (HolderOfKeyIface) service.getPort(HolderOfKeyIface.class);
-
-Map<String, Object> ctx = ((BindingProvider)proxy).getRequestContext();
-
-// set the security related configuration information for the service "request"
-ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
-ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
-ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
-ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
-ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myservicekey");
-
-//-- Configuration settings that will be transfered to the STSClient
-// "alice" is the name provided for the WSS Username. Her password will
-// be retreived from the ClientCallbackHander by the STSClient.
-ctx.put(SecurityConstants.USERNAME + ".it", "alice");
-ctx.put(SecurityConstants.CALLBACK_HANDLER + ".it", new ClientCallbackHandler());
-ctx.put(SecurityConstants.ENCRYPT_PROPERTIES + ".it",
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
-ctx.put(SecurityConstants.ENCRYPT_USERNAME + ".it", "mystskey");
-ctx.put(SecurityConstants.STS_TOKEN_USERNAME + ".it", "myclientkey");
-ctx.put(SecurityConstants.STS_TOKEN_PROPERTIES + ".it",
- Thread.currentThread().getContextClassLoader().getResource(
- "META-INF/clientKeystore.properties"));
-ctx.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO + ".it", "true");
-
-proxy.sayHello();
-
-
-
-
-ClientCallbackHandler
-
-
ClientCallbackHandler is a callback handler for the WSS4J Crypto API. It
-is used to obtain the password for the private key in the keystore. This
-class enables CXF to retrieve the password of the user name to use for
-the message signature. Note that "alice" and her password have been
-provided here. This information is not in the (JKS) keystore but
-provided in the WildFly security domain. It was declared in file
-jbossws-users.properties.
WSS4J’s Crypto implementation is loaded and configured via a Java
-properties file that contains Crypto configuration data. The file
-contains implementation-specific properties such as a keystore location,
-password, default alias and the like. This application is using the
-Merlin implementation. File clientKeystore.properties contains this
-information.
-
-
-
File clientstore.jks, is a Java KeyStore (JKS) repository. It contains
-self signed certificates for myservicekey and mystskey. Self signed
-certificates are not appropriate for production use.
JBoss Web Services inherits full WS-Reliable Messaging capabilities from
-the underlying Apache CXF implementation. At the time of writing, Apache
-CXF provides support for the
-WS-Reliable Messaging 1.0
-(February 2005) version of the specification.
-
-
-
Enabling WS-Reliable Messaging
-
-
WS-Reliable Messaging is implemented internally in Apache CXF through a
-set of interceptors that deal with the low level requirements of the
-reliable messaging protocol. In order for enabling WS-Reliable
-Messaging, users need to either:
-
-
-
-
-
consume a WSDL contract that specifies proper WS-Reliable Messaging
-policies / assertions
-
-
-
manually add / configure the reliable messaging interceptors
-
-
-
specify the reliable messaging policies in an optional CXF Spring XML
-descriptor
-
-
-
specify the Apache CXF reliable messaging feature in an optional CXF
-Spring XML descriptor
-
-
-
-
-
The former approach relies on the Apache CXF WS-Policy engine and is the
-only portable one. The other approaches are Apache CXF proprietary ones,
-however they allow for fine-grained configuration of protocol aspects
-that are not covered by the WS-Reliable Messaging Policy. More details
-are available in the
-Apache CXF
-documentation.
-
-
-
-
Example
-
-
In this example we configure WS-Reliable Messaging endpoint and client
-through the WS-Policy support.
-
-
-
Endpoint
-
-
We go with a contract-first approach, so we start by creating a proper
-WSDL contract, containing the WS-Reliable Messaging and WS-Addressing
-policies (the latter is a requirement of the former):
Finally we package the generated POJO endpoint together with a basic
-web.xml the usual way and deploy to the application server. The
-webservices stack automatically detects the policies and enables
-WS-Reliable Messaging.
-
-
-
-
Client
-
-
The endpoint advertises his RM capabilities (and requirements) through
-the published WSDL and the client is required to also enable WS-RM for
-successfully exchanging messages with the server.
-
-
-
So a regular JAX WS client is enough if the user does not need to tune
-any specific detail of the RM subsystem.
Fine-grained tuning of WS-Reliable Messaging engine requires setting up
-proper RM features and attach them for instance to the client proxy.
-Here is an example:
-
-
-
-
packageorg.jboss.test.ws.jaxws.samples.wsrm.client;
-
-//...
-importjakarta.xml.ws.Service;
-importorg.apache.cxf.ws.rm.feature.RMFeature;
-importorg.apache.cxf.ws.rm.manager.AcksPolicyType;
-importorg.apache.cxf.ws.rm.manager.DestinationPolicyType;
-importorg.jboss.test.ws.jaxws.samples.wsrm.generated.SimpleService;
-
-// ...
-Service service = Service.create(wsdlURL, serviceName);
-
-RMFeature feature = new RMFeature();
-RMAssertion rma = new RMAssertion();
-RMAssertion.BaseRetransmissionInterval bri = new RMAssertion.BaseRetransmissionInterval();
-bri.setMilliseconds(4000L);
-rma.setBaseRetransmissionInterval(bri);
-AcknowledgementInterval ai = new AcknowledgementInterval();
-ai.setMilliseconds(2000L);
-rma.setAcknowledgementInterval(ai);
-feature.setRMAssertion(rma);
-DestinationPolicyType dp = new DestinationPolicyType();
-AcksPolicyType ap = new AcksPolicyType();
-ap.setIntraMessageThreshold(0);
-dp.setAcksPolicy(ap);
-feature.setDestinationPolicy(dp);
-
-SimpleService proxy = (SimpleService)service.getPort(SimpleService.class, feature);
-proxy.echo("Hello World");
-
-
-
-
The same can of course be achieved by factoring the feature into a
-custom pojo extending org.apache.cxf.ws.rm.feature.RMFeature and
-setting the obtained property in a client configuration:
-
-
-
-
packageorg.jboss.test.ws.jaxws.samples.wsrm.client;
-
-importorg.apache.cxf.ws.rm.feature.RMFeature;
-importorg.apache.cxf.ws.rm.manager.AcksPolicyType;
-importorg.apache.cxf.ws.rm.manager.DestinationPolicyType;
-importorg.apache.cxf.ws.rmp.v200502.RMAssertion;
-importorg.apache.cxf.ws.rmp.v200502.RMAssertion.AcknowledgementInterval;
-
-publicclassCustomRMFeatureextends RMFeature
-{
- public CustomRMFeature() {
- super();
- RMAssertion rma = new RMAssertion();
- RMAssertion.BaseRetransmissionInterval bri = new RMAssertion.BaseRetransmissionInterval();
- bri.setMilliseconds(4000L);
- rma.setBaseRetransmissionInterval(bri);
- AcknowledgementInterval ai = new AcknowledgementInterval();
- ai.setMilliseconds(2000L);
- rma.setAcknowledgementInterval(ai);
- super.setRMAssertion(rma);
- DestinationPolicyType dp = new DestinationPolicyType();
- AcksPolicyType ap = new AcksPolicyType();
- ap.setIntraMessageThreshold(0);
- dp.setAcksPolicy(ap);
- super.setDestinationPolicy(dp);
- }
-}
-
-
-
-
-
-
this is how the jaxws-client-config.xml descriptor would look:
JBoss Web Services allows communication over the Jakarta Messaging transport. The
-functionality comes from Apache CXF support for the
-SOAP over Java Message Service 1.0
-specification, which is aimed at a set of standards for interoperable
-transport of SOAP messages over Jakarta Messaging.
-
-
-
On top of Apache CXF functionalities, the JBossWS integration allows
-users to deploy WS archives containing both Jakarta Messaging and HTTP endpoints
-the same way as they do for basic HTTP WS endpoints (in war
-archives). The webservices layer of WildFly takes care of looking for
-Jakarta Messaging enpdoints in the deployed archive and starts them delegating to
-the Apache CXF core similarly as with HTTP endpoints.
-
-
-
Configuring SOAP over Jakarta Messaging
-
-
As per specification, the SOAP over Jakarta Messaging transport configuration is
-controlled by proper elements and attributes in the binding and
-service elements of the WSDL contract. So a Jakarta Messaging endpoint is usually
-developed using a contract-first approach.
-
-
-
The Apache CXF
-documentation covers all the details of the supported configurations.
-The minimum configuration implies:
-
-
-
-
-
setting a proper Jakarta Messaging URI in the soap:addresslocation [1]
-
-
-
providing a JNDI connection factory name to be used for connecting to
-the queues [2]
Apache CXF takes care of setting up the Jakarta Messaging transport for endpoint
-implementations whose @WebService annotation points to a port declared
-for Jakarta Messaging transport as explained above.
-
-
-
-
-
-
-
-
-JBossWS currently supports POJO endpoints only for Jakarta Messaging transport use.
-The endpoint classes can be deployed as part of jar or war archives.
-
-
-
-
-
-
The web.xml descriptor in war archives doesn’t need any entry for
-Jakarta Messaging endpoints.
-
-
-
-
Examples
-
-
Jakarta Messaging endpoint only deployment
-
-
In this example we create a simple endpoint relying on SOAP over Jakarta Messaging
-and deploy it as part of a jar archive.
-
-
-
The endpoint is created using wsconsume tool from a WSDL contract such
-as:
-The HelloWorldImplPort here is meant for using the testQueue that
-has to be created before deploying the endpoint.
-
-
-
-
-
-
At the time of writing, java:/ConnectionFactory is the default
-connection factory JNDI location on WildFly
-
-
-
For allowing remote JNDI lookup of the connection factory, a specific
-service ( HelloWorldService) for remote clients is added to the WSDL.
-The java:jms/RemoteConnectionFactory is the JNDI location of the same
-connection factory mentioned above, except it’s exposed for remote
-lookup. The soapjms:jndiInitialContextFactory and soap:jmsjndiURL
-complete the remote connection configuration, specifying the initial
-context factory class to use and the JNDI registry address.
-
-
-
-
-
-
-
-
-Have a look at the application server domain for finding out the
-configured connection factory JNDI locations.
-
-
-
-
-
-
The endpoint implementation is a basic Jakarta XML Web Services POJO using @WebService
-annotation to refer to the consumed contract:
-The endpoint implementation references the HelloWorldServiceLocal wsdl
-service, so that the local JNDI connection factory location is used for
-starting the endpoint on server side.
-
-
-
-
-
-
That’s pretty much all. We just need to package the generated service
-endpoint interface, the endpoint implementation and the WSDL file in a
-jar archive and deploy it:
-
-
-
-
alessio@inuyasha /dati/jbossws/stack/cxf/trunk $ jar -tvf ./modules/testsuite/cxf-tests/target/test-libs/jaxws-cxf-jms-only-deployment.jar
- 0 Thu Jun 23 15:18:44 CEST 2011 META-INF/
- 129 Thu Jun 23 15:18:42 CEST 2011 META-INF/MANIFEST.MF
- 0 Thu Jun 23 15:18:42 CEST 2011 org/
- 0 Thu Jun 23 15:18:42 CEST 2011 org/jboss/
- 0 Thu Jun 23 15:18:42 CEST 2011 org/jboss/test/
- 0 Thu Jun 23 15:18:42 CEST 2011 org/jboss/test/ws/
- 0 Thu Jun 23 15:18:42 CEST 2011 org/jboss/test/ws/jaxws/
- 0 Thu Jun 23 15:18:42 CEST 2011 org/jboss/test/ws/jaxws/cxf/
- 0 Thu Jun 23 15:18:42 CEST 2011 org/jboss/test/ws/jaxws/cxf/jms/
- 313 Thu Jun 23 15:18:42 CEST 2011 org/jboss/test/ws/jaxws/cxf/jms/HelloWorld.class
- 1173 Thu Jun 23 15:18:42 CEST 2011 org/jboss/test/ws/jaxws/cxf/jms/HelloWorldImpl.class
- 0 Thu Jun 23 15:18:40 CEST 2011 META-INF/wsdl/
- 3074 Thu Jun 23 15:18:40 CEST 2011 META-INF/wsdl/HelloWorldService.wsdl
-
-
-
-
-
-
-
-
-
-A dependency on org.hornetq module needs to be added in MANIFEST.MF
-when deploying to WildFly.
-
A Jakarta XML Web Services client can interact with the Jakarta Messaging endpoint the usual way:
-
-
-
-
URL wsdlUrl = ...
-//start another bus to avoid affecting the one that could already be assigned to the current thread - optional but highly suggested
-Bus bus = BusFactory.newInstance().createBus();
-BusFactory.setThreadDefaultBus(bus);
-try
-{
- QName serviceName = newQName("http://org.jboss.ws/jaxws/cxf/jms", "HelloWorldService");
- Service service = Service.create(wsdlUrl, serviceName);
- HelloWorld proxy = (HelloWorld) service.getPort(newQName("http://org.jboss.ws/jaxws/cxf/jms", "HelloWorldImplPort"), HelloWorld.class);
- setupProxy(proxy);
- proxy.echo("Hi");
-}
-finally
-{
- bus.shutdown(true);
-}
-
-
-
-
-
-
-
-
-
-The WSDL location URL needs to be retrieved in a custom way, depending
-on the client application. Given the endpoint is Jakarta Messaging only, there’s no
-automatically published WSDL contract.
-
-
-
-
-
-
in order for performing the remote invocation (which internally goes
-through remote JNDI lookup of the connection factory), the calling user
-credentials need to be set into the Apache CXF JMSConduit:
-Have a look at the WildFly domain and messaging configuration for
-finding out the actual security requirements. At the time of writing, a
-user with guest role is required and that’s internally checked using
-the other security domain.
-
-
-
-
-
-
Of course once the endpoint is exposed over Jakarta Messaging transport, any plain Jakarta Messaging
-client can also be used to send messages to the webservice endpoint. You
-can have a look at the SOAP over Jakarta Messaging spec details and code the client
-similarly to
The same considerations of the previous example regarding the Jakarta Messaging queue
-and JNDI connection factory still apply.
-Here we can implement the endpoint in multiple ways, either with a
-common implementation class that’s extended by the Jakarta Messaging and HTTP ones, or
-keep the two implementation classes independent and just have them
-implement the same service endpoint interface:
Both classes are packaged together the service endpoint interface and
-the WSDL file in a war archive:
-
-
-
-
alessio@inuyasha /dati/jbossws/stack/cxf/trunk $ jar -tvf ./modules/testsuite/cxf-spring-tests/target/test-libs/jaxws-cxf-jms-http-deployment.war
- 0 Thu Jun 23 15:18:44 CEST 2011 META-INF/
- 129 Thu Jun 23 15:18:42 CEST 2011 META-INF/MANIFEST.MF
- 0 Thu Jun 23 15:18:44 CEST 2011 WEB-INF/
- 569 Thu Jun 23 15:18:40 CEST 2011 WEB-INF/web.xml
- 0 Thu Jun 23 15:18:44 CEST 2011 WEB-INF/classes/
- 0 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/
- 0 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/jboss/
- 0 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/jboss/test/
- 0 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/jboss/test/ws/
- 0 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/
- 0 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/cxf/
- 0 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/cxf/jms_http/
- 318 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/cxf/jms_http/HelloWorld.class
- 1192 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/cxf/jms_http/HelloWorldImpl.class
- 1246 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/cxf/jms_http/HttpHelloWorldImpl.class
- 0 Thu Jun 23 15:18:40 CEST 2011 WEB-INF/wsdl/
- 3068 Thu Jun 23 15:18:40 CEST 2011 WEB-INF/wsdl/HelloWorldService.wsdl
-
-
-
-
A trivial web.xml descriptor is also included to trigger the HTTP
-endpoint publish:
-Here too the MANIFEST.MF needs to declare a dependency on org.hornetq
-module when deploying to WildFly.
-
-
-
-
-
-
Finally, the Jakarta XML Web Services client can ineract with both Jakarta Messaging and HTTP endpoints
-as usual:
-
-
-
-
//start another bus to avoid affecting the one that could already be assigned to current thread - optional but highly suggested
-Bus bus = BusFactory.newInstance().createBus();
-BusFactory.setThreadDefaultBus(bus);
-try
-{
- QName serviceName = newQName("http://org.jboss.ws/jaxws/cxf/jms", "HelloWorldService");
- Service service = Service.create(wsdlUrl, serviceName);
-
- //JMS test
- HelloWorld proxy = (HelloWorld) service.getPort(newQName("http://org.jboss.ws/jaxws/cxf/jms", "HelloWorldImplPort"), HelloWorld.class);
- setupProxy(proxy);
- proxy.echo("Hi");
- //HTTP test
- HelloWorld httpProxy = (HelloWorld) service.getPort(newQName("http://org.jboss.ws/jaxws/cxf/jms", "HttpHelloWorldImplPort"), HelloWorld.class);
- httpProxy.echo("Hi");
-}
-finally
-{
- bus.shutdown(true);
-}
-
-
-
-
-
Use of Endpoint.publish() API
-
-
An alternative to deploying an archive containing Jakarta Messaging endpoints is in
-starting them directly using the Jakarta XML Web Services Endpoint.publish(..) API.
-
-
-
That’s as easy as doing:
-
-
-
-
Object implementor = new HelloWorldImpl();
-Endpoint ep = Endpoint.publish("jms:queue:testQueue", implementor);
-try
-{
- //use or let others use the endpoint
-}
-finally
-{
- ep.stop();
-}
-
-
-
-
where HelloWorldImpl is a POJO endpoint implementation referencing a
-Jakarta Messaging port in a given WSDL contract, as explained in the previous
-examples.
-
-
-
The main difference among the deployment approach is in the direct
-control and responsibility over the endpoint lifecycle ( start/publish
-and stop).
-
-
-
-
-
-
17.5.16. HTTP Proxy
-
-
The HTTP Proxy related functionalities of JBoss Web Services are
-provided by the Apache CXF http transport layer.
-
-
-
The suggested configuration mechanism when running JBoss Web Services is
-explained below; for further information please refer to the
-Apache
-CXF documentation.
-
-
-
Configuration
-
-
The HTTP proxy configuration for a given Jakarta XML Web Services client can be set in the
-following ways:
-
-
-
-
-
through the http.proxyHost and http.proxyPort system properties,
-or
-
-
-
leveraging the org.apache.cxf.transport.http.HTTPConduit options
-
-
-
-
-
The former is a JVM level configuration; for instance, assuming the http
-proxy is currently running at http://localhost:9934, here is the setup:
The latter is a client stub/port level configuration: the setup is
-performed on the HTTPConduit object that’s part of the Apache CXF
-Client abstraction.
The ProxyAuthorizationPolicy also allows for setting the authotization
-type as well as the username / password to be used.
-
-
-
Speaking of authorization and authentication, please note that the JDK
-already features the java.net.Authenticator facility, which is used
-whenever opening a connection to a given URL requiring a http proxy.
-Users might want to set a custom Authenticator for instance when needing
-to read WSDL contracts before actually calling into the JBoss Web
-Services / Apache CXF code; here is an example:
Apache CXF includes support for Web Services Dynamic Discovery (
-WS-Discovery),
-which is a protocol to enable dynamic discovery of services available on
-the local network. The protocol implies using a UDP based multicast
-transport to announce new services and probe for existing services. A
-managed mode where a discovery proxy is used to reduce the amount of
-required multicast traffic is also covered by the protocol.
-
-
-
JBossWS integrates the WS-Discovery
-functionalities provided
-by Apache CXF into the application server.
-
-
-
Enabling WS-Discovery
-
-
Apache CXF enables WS-Discovery depending on the availability of its
-runtime component; given that’s always shipped in the application
-server, JBossWS integration requires using the
-cxf.ws-discovery.enabled
-property
-usage for enabling WS-Discovery for a given deployment. By default
-WS-Discovery is disabled on the application server. Below is an
-example of jboss-webservices.xml descriptor to be used for enabling
-WS-Discovery:
By default, a WS-Discovery service endpoint (SOAP-over-UDP bound) will
-be started the first time a WS-Discovery enabled deployment is processed
-on the application server. Every ws endpoint belonging to WS-Discovery
-enabled deployments will be automatically registered into such a
-WS-Discovery service endpoint ( Hello messages). The service will
-reply to Probe and Resolve messages received on UDP port 3702
-(including multicast messages sent to IPv4 address 239.255.255.250,
-as per
-specification).
-Endpoints will eventually be automatically unregistered using Bye
-messages upon undeployment.
-
-
-
-
Probing services
-
-
Apache CXF comes with a WS-Discovery API that can be used to probe /
-resolve services. When running in-container, a JBoss module
-dependency to the org.apache.cxf.impl module is to
-be set to have access to WS-Discovery client functionalities.
-
-
-
The
-org.apache.cxf.ws.discovery.WSDiscoveryClient
-class provides the probe and resolve methods which also accepts
-filters on scopes. Users can rely on them for locating available
-endpoints on the network. Please have a look at the JBossWS testsuite
-which includes a
-sample
-on CXF WS-Discovery usage.
by adding policy assertions to wsdl contracts and letting the runtime
-consume them and behave accordingly;
-
-
-
by specifying endpoint policy attachments using either CXF annotations
-or features.
-
-
-
-
-
Of course users can also make direct use of the Apache CXF policy
-framework,
-defining custom
-assertions, etc.
-
-
-
Finally, JBossWS provides some additional annotations for simplified
-policy attachment.
-
-
-
Contract-first approach
-
-
WS-Policies can be attached and referenced in wsdl elements (the
-specifications describe all possible alternatives). Apache CXF
-automatically recognizes, reads and uses policies defined in the wsdl.
-
-
-
Users should hence develop endpoints using the contract-first
-approach, that is explicitly providing the contract for their services.
-Here is a excerpt taken from a wsdl including a WS-Addressing policy:
Of course, CXF also acts upon policies specified in wsdl documents
-consumed on client side.
-
-
-
-
Code-first approach
-
-
For those preferring code-first (java-first) endpoint development,
-Apache CXF comes with org.apache.cxf.annotations.Policy and
-org.apache.cxf.annotations.Policies annotations to be used for
-attaching policy fragments to the wsdl generated at deploy time.
-
-
-
Here is an example of a code-first endpoint including @Policy
-annotation:
The referenced descriptor is to be added to the deployment and will
-include the policy to be attached; the attachment position in the
-contracts is defined through the placement attribute. Here is a
-descriptor example:
Both approaches above require users to actually write their policies'
-assertions; while this offer great flexibility and control of the actual
-contract, providing the assertions might end up being quite a
-challenging task for complex policies. For this reason, the JBossWS
-integration provides policy sets, which are basically pre-defined
-groups of policy assertions corresponding to well known / common needs.
-Each set has a label allowing users to specify it in the
-@org.jboss.ws.api.annotation.PolicySets annotation to have the policy
-assertions for that set attached to the annotated endpoint. Multiple
-labels can also be specified. Here is an example of the @PolicySets
-annotation on a service endpoint interface:
The three sets specified in @PolicySets will cause the wsdl generated
-for the endpoint having this interface to be enriched with some policy
-assertions for WS-RM, WS-Security and WS-Addressing.
-
-
-
The labels' list of known sets is stored in the
-META-INF/policies/org.jboss.wsf.stack.cxf.extensions.policy.PolicyAttachmentStore
-file within the jbossws-cxf-client.jar (
-org.jboss.ws.cxf:jbossws-cxf-client maven artifact). Actual policy
-fragments for each set are also stored in the same artifact at
-META-INF/policies/<set-label>-<attachment-position>.xml.
-
-
-
Here is a list of the available policy sets:
-
-
-
-
-
-
-
-
-
Label
-
Description
-
-
-
-
-
WS-Addressing
-
Basic WS-Addressing policy
-
-
-
WS-RM_Policy_spec_example
-
The basic WS-RM policy example in the WS-RM
-specification
-
-
-
WS-SP-EX2121_SSL_UT_Supporting_Token
-
The group of policy assertions
-used in the section 2.1.2.1 example of the WS-Security Policy Examples
-1.0 specification
A WS-Security policy for asymmetric binding (encrypt before signing)
-using X.509v1 tokens, 3DES + RSA 1.5 algorithms and with token
-protections enabled
-
-
-
AsymmetricBinding_X509v1_GCM256OAEP_ProtectTokens
-
The same as before,
-but using custom Apache CXF algorithm suite including GCM 256 + RSA OAEP
-algorithms
-
-
-
-
-
-
-
-
-
-
-Always verify the contents of the generated wsdl contract, as policy
-sets are potentially subject to updates between JBossWS releases. This
-is especially important when dealing with security related policies; the
-provided sets are to be considered as convenient configuration options
-only; users remain responsible for the policies in their contracts.
-
-
-
-
-
-
-
-
-
-
-
-The org.jboss.wsf.stack.cxf.extensions.policy.Constants interface has
-convenient String constants for the available policy set labels.
-
-
-
-
-
-
-
-
-
-
-
-If you feel a new set should be added, just propose it by writing the
-user forum!
-
-
-
-
-
-
-
-
-
17.5.19. Published WSDL customization
-
-
Endpoint address rewrite
-
-
JBossWS supports the rewrite of the <soap:address> element of
-endpoints published in WSDL contracts. This feature is useful for
-controlling the server address that is advertised to clients for each
-endpoint. The rewrite mechanism is configured at server level through a
-set of elements in the webservices subsystem of the WildFly management
-model. Please refer to the container documentation for details on the
-options supported in the selected container version. Below is a list of
-the elements available in the latest WildFly sources:
-
-
-
-
-
-
-
-
-
-
Name
-
Type
-
Description
-
-
-
-
-
modify-wsdl-address
-
boolean
-
This boolean enables and disables the
-address rewrite functionality.When modify-wsdl-address is set to true
-and the content of <soap:address> is a valid URL, JBossWS will rewrite
-the URL using the values of wsdl-host and wsdl-port or
-wsdl-secure-port.When modify-wsdl-address is set to false and the
-content of <soap:address> is a valid URL, JBossWS will not rewrite the
-URL. The <soap:address> URL will be used.When the content of
-<soap:address> is not a valid URL, JBossWS will rewrite it no matter
-what the setting of modify-wsdl-address.If modify-wsdl-address is set to
-true and wsdl-host is not defined or explicitly set to
-'jbossws.undefined.host' the content of <soap:address> URL is use.
-JBossWS uses the requester’s host when rewriting the <soap:address>When
-modify-wsdl-address is not defined JBossWS uses a default value of true.
-
-
-
wsdl-host
-
string
-
The hostname / IP address to be used for rewriting
-<soap:address>.If wsdl-host is set to jbossws.undefined.host, JBossWS
-uses the requester’s host when rewriting the <soap:address>When
-wsdl-host is not defined JBossWS uses a default value of
-'jbossws.undefined.host'.
-
-
-
wsdl-port
-
int
-
Set this property to explicitly define the HTTP port
-that will be used for rewriting the SOAP address.Otherwise the HTTP port
-will be identified by querying the list of installed HTTP connectors.
-
-
-
wsdl-secure-port
-
int
-
Set this property to explicitly define the HTTPS
-port that will be used for rewriting the SOAP address.Otherwise the
-HTTPS port will be identified by querying the list of installed HTTPS
-connectors.
-
-
-
wsdl-uri-scheme
-
string
-
This property explicitly sets the URI scheme
-to use for rewriting <soap:address> . Valid values are http and https.
-This configuration overrides scheme computed by processing the endpoint
-(even if a transport guaranteeis specified). The provided values for
-wsdl-port and wsdl-secure-port (or their default values) are used
-depending on specified scheme.
-
-
-
wsdl-path-rewrite-rule
-
string
-
This string defines a SED substitution
-command (e.g., 's/regexp/replacement/g') that JBossWS executes against
-the path component of each <soap:address> URL published from the
-server.When wsdl-path-rewrite-rule is not defined, JBossWS retains the
-original path component of each <soap:address> URL.When
-'modify-wsdl-address' is set to "false" this element is ignored.
-
-
-
-
-
Additionally, users can override the server level configuration by
-requesting a specific rewrite behavior for a given endpoint deployment.
-That is achieved by setting one of the following properties within a
-jboss-webservices.xml descriptor:
-
-
-
-
-
-
-
-
-
Property
-
Corresponding server option
-
-
-
-
-
wsdl.soapAddress.rewrite.modify-wsdl-address
-
modify-wsdl-address
-
-
-
wsdl.soapAddress.rewrite.wsdl-host
-
wsdl-host
-
-
-
wsdl.soapAddress.rewrite.wsdl-port
-
wsdl-port
-
-
-
wsdl.soapAddress.rewrite.wsdl-secure-port
-
wsdl-secure-port
-
-
-
wsdl.soapAddress.rewrite.wsdl-path-rewrite-rule
-
wsdl-path-rewrite-rule
-
-
-
wsdl.soapAddress.rewrite.wsdl-uri-scheme
-
wsdl-uri-scheme
-
-
-
-
-
Here is an example of partial overriding of the default configuration
-for a specific deployment:
System property references wrapped within "@" characters are expanded
-when found in WSDL attribute and element values. This allows for
-instance including multiple WS-Policy declarations in the contract and
-selecting the policy to use depending on a server wide system property;
-here is an example:
If the org.jboss.wsf.test.JBWS3628TestCase.policy system property is
-defined and set to " WS-Addressing_policy ", WS-Addressing will be
-enabled for the endpoint defined by the contract above.
-
-
-
-
-
-
17.6. JBoss Modules and WS applications
-
-
The JBoss Web Services functionalities are provided by a given set of
-modules / libraries installed on WildFly, which are organized into JBoss
-Modules modules. In particular the org.jboss.as.webservices.* and
-org.jboss.ws.* modules belong to the JBossWS - WildFly integration.
-Users should not need to change anything in them.
-
-
-
While users are of course allowed to provide their own modules for their
-custom needs, below is a brief collection of suggestions and hints
-around modules and webservices development on WildFly.
-
-
-
17.6.1. Setting module dependencies
-
-
On WildFly the user deployment classloader does not have any visibility
-over JBoss internals; so for instance you can’t directly use JBossWS
-implementation classes unless you explicitly set a dependency to the
-corresponding module. As a consequence, users need to declare the module
-dependencies they want to be added to their deployment.
-
-
-
-
-
-
-
-
-The JBoss Web Services APIs are always available by default whenever the
-webservices subsystem is available on AS7. So users just use them, no
-need for explicit dependencies declaration for those modules.
-
-
-
-
-
-
Using MANIFEST.MF
-
-
The convenient method for configuring deployment dependencies is adding
-them into the MANIFEST.MF file:
Here above org.jboss.ws.cxf.jbossws-cxf-client and foo.bar are the
-modules you want to set dependencies to; services tells the modules
-framework that you want to also import META-INF/services/..
-declarations from the dependency, while export exports the classes
-from the module to any other module that might be depending on the
-module implicitly created for your deployment.
-
-
-
-
-
-
-
-
-When using annotations on your endpoints / handlers such as the Apache
-CXF ones (@InInterceptor, @GZIP, …) remember to add the proper module
-dependency in your manifest. Otherwise your annotations are not picked
-up and added to the annotation index by WildFly, resulting in them being
-completely and silently ignored.
-
-
-
-
-
-
Using Jakarta XML Binding
-
-
In order for successfully directly using Jakarta XML Binding contexts, etc. in your
-client or endpoint running in-container, you need to properly setup a
-Jakarta XML Binding implementation; that is performed setting the following dependency:
-
-
-
-
Dependencies: com.sun.xml.bind services export
-
-
-
-
-
Using Apache CXF
-
-
In order for using Apache CXF APIs and implementation classes you need
-to add a dependency to the org.apache.cxf (API) module and / or
-org.apache.cxf.impl (implementation) module:
-
-
-
-
Dependencies: org.apache.cxf services
-
-
-
-
However, please note that would not come with any JBossWS-CXF
-customizations nor additional extensions. For this reason, and generally
-speaking for simplifying user configuration, a client side aggregation
-module is available with all the WS dependencies users might need.
-
-
-
-
Client side WS aggregation module
-
-
Whenever you simply want to use all the JBoss Web Services
-feature/functionalities, you can set a dependency to the convenient
-client module.
Please note the services option above: that’s strictly required in
-order for you to get the JBossWS-CXF version of classes that are
-retrieved using the Service API, the org.apache.cxf.Bus for
-instance.
-
-
-
-
-
-
-
-
-Be careful as issues because of misconfiguration here can be quite hard
-to track down, because the Apache CXF behaviour would be sensibly
-different.
-
-
-
-
-
-
-
-
-
-
-
-The services option is almost always needed when declaring
-dependencies on org.jboss.ws.cxf.jbossws-cxf-client and
-org.apache.cxf modules. The reason for this is in it affecting the
-loading of classes through the Service API, which is what is used to
-wire most of the JBossWS components as well as all Apache CXF Bus
-extensions.
-
-
-
-
-
-
-
Annotation scanning
-
-
The application server uses an annotation index for detecting Jakarta XML Web Services
-endpoints in user deployments. When declaring WS endpoints whose class
-belongs to a different module (for instance referring that in the
-web.xml descriptor), be sure to have an annotations type dependency
-in place. Without that, your endpoints would simply be ignored as they
-won’t appear as annotated classes to the webservices subsystem.
-
-
-
-
Dependencies: org.foo annotations
-
-
-
-
-
-
Using jboss-deployment-descriptor.xml
-
-
In some circumstances, the convenient approach of setting module
-dependencies in MANIFEST.MF might not work. An example is the need for
-importing/exporting specific resources from a given module dependency.
-Users should hence add a jboss-deployment-structure.xml descriptor to
-their deployment and set module dependencies in it.
-
-
-
-
-
-
-
-
18. Scoped EJB client contexts
-
-
-
-WildFly 29 introduced the EJB client API for managing remote EJB
-invocations. The EJB client API works off EJBClientContext(s). An
-EJBClientContext can potentially contain any number of EJB receivers. An
-EJB receiver is a component which knows how to communicate with a server
-which is capable of handling the EJB invocation. Typically EJB remote
-applications can be classified into:
-
-
-
-
-
-
A remote client which runs as a standalone Java application
-
-
-
A remote client which runs within another WildFly 29 instance
-
-
-
-
-
Depending on the kind of remote client, from an EJB client API point of
-view, there can potentially be more than 1 EJBClientContext(s) within a
-JVM.
-
-
-
In case of standalone applications, typically a single EJBClientContext
-(backed by any number of EJB receivers) exists. However this isn’t
-mandatory. Certain standalone applications can potentially have more
-than one EJBClientContext(s) and an EJB client context selector will be
-responsible for returning the appropriate context.
-
-
-
In case of remote clients which run within another WildFly 29 instance,
-each deployed application will have a corresponding EJB client context.
-Whenever that application invokes on another EJB, the corresponding EJB
-client context will be used for finding the right EJB receiver and
-letting it handle the invocation.
-
-
-
18.1. Potential shortcomings of a single EJB client context
-
-
In the Overview section we briefly looked at the different types of
-remote clients. Let’s focus on the standalone remote clients (the ones
-that don’t run within another WildFly 29 instance) for some of the next
-sections. Like mentioned earlier, typically a remote standalone client
-has just one EJB client context backed by any number of EJB receivers.
-Consider this example:
-
-
-
-
publicclassMyApplication {
-
- publicstaticvoid main(String args[]) {
-
- final javax.naming.Context ctxOne = new javax.naming.InitialContext();
- final MyBeanInterface beanOne = ctxOne.lookup("ejb:app/module/distinct/bean!interface");
- beanOne.doSomething();
- ...
- }
-}
-
-
-
-
Now, we have seen in this other chapter
-EJB
-invocations from a remote client using JNDI that the JNDI lookups are
-(typically) backed by jboss-ejb-client.properties file which is used to
-setup the EJB client context and the EJB receivers. Let’s assume we have
-a jboss-ejb-client.properties with the relevant receivers
-configurations. These configurations include the security credentials
-that will be used to create an EJB receiver which connects to the AS7
-server. Now when the above code is invoked, the EJB client API looks for
-the EJB client context to pick an EJB receiver, to pass on the EJB
-invocation request. Since we just have a single EJB client context, that
-context is used by the above code to invoke the bean.
-
-
-
Now let’s consider a case where the user application wants to invoke on
-the bean more than once, but wants to connect to the WildFly 29 server
-using different security credentials. Let’s take a look at the following
-code:
-
-
-
-
publicclassMyApplication {
-
- publicstaticvoid main(String args[]) {
-
- // let's say we want to use "foo" security credential while connecting to the AS7 server for invoking on this bean instance
- final javax.naming.Context ctxOne = new javax.naming.InitialContext();
- final MyBeanInterface beanOne = ctxOne.lookup("ejb:app/module/distinct/bean!interface");
- beanOne.doSomething();
- ...
-
- // let's say we want to use "bar" security credential while connecting to the AS7 server for invoking on this bean instance
- final javax.naming.Context ctxTwo = new javax.naming.InitialContext();
- final MyBeanInterface beanTwo = ctxTwo.lookup("ejb:app/module/distinct/bean!interface");
- beanTwo.doSomething();
- ...
-
- }
-}
-
-
-
-
So we have the same application, which wants to connect to the same
-server instance for invoking the EJB(s) hosted on that server, but wants
-to use two different credentials while connecting to the server.
-Remember, the client application has a single EJB client context which
-can have atmost 1 EJB receiver for each server instance. Which
-effectively means that the above code will end up using just one
-credential to connect to the server. So there was no easy way to have
-the above code working.
-
-
-
That was one of the use cases which prompted the
-https://issues.redhat.com/browse/EJBCLIENT-34 feature request. The
-proposal was to introduce a way, where you can have more control over
-the EJB client contexts and their association with JNDI contexts which
-are typically used for EJB invocations.
-
-
-
-
18.2. Scoped EJB client contexts
-
-
Developers familiar with earlier versions of JBoss AS would remember
-that for invoking an EJB, you would typically create a JNDI context
-passing it the PROVIDER_URL which would point to the target server. That
-way any invocation is done on EJB proxies looked up using that JNDI
-context, would end up on that server. If we look back at the example
-above, we’ll realize that, we are ultimately aiming for a similar
-functionality through https://issues.redhat.com/browse/EJBCLIENT-34. We
-want the user applications to have more control over which EJB receiver
-gets used for a specific invocation.
publicclassMyApplication {
-
- publicstaticvoid main(String args[]) {
-
- // let's say we want to use "foo" security credential while connecting to the AS7 server for invoking on this bean instance
- finalProperties ejbClientContextPropsOne = getPropsForEJBClientContextOne():
- final javax.naming.Context ctxOne = new javax.naming.InitialContext(ejbClientContextPropsOne);
- final MyBeanInterface beanOne = ctxOne.lookup("ejb:app/module/distinct/bean!interface");
- beanOne.doSomething();
- ...
- closeContext(ctxOne); // read on the entire article to understand more about closing scoped EJB client contexts
-
- // let's say we want to use "bar" security credential while connecting to the AS7 server for invoking on this bean instance
- finalProperties ejbClientContextPropsTwo = getPropsForEJBClientContextTwo():
- final javax.naming.Context ctxTwo = new javax.naming.InitialContext(ejbClientContextPropsTwo);
- final MyBeanInterface beanTwo = ctxTwo.lookup("ejb:app/module/distinct/bean!interface");
- beanTwo.doSomething();
- ...
- closeContext(ctxTwo); // read on the entire article to understand more about closing scoped EJB client contexts
- }
-}
-
-
-
-
Notice any difference between this code and the earlier one? We now
-create and pass EJB client context specific properties to the JNDI
-context. So what do the EJB client context properties look like? The
-properties are the same that you would pass through the
-jboss-ejb-client.properties file, except for one additional property
-which is required to scope the EJB client context to the JNDI context.
-The name of the property is:
-
-
-
org.jboss.ejb.client.scoped.context
-
-
-
which is expected to have a value true. This property lets the EJB
-client API know that it has to created an EJB client context (backed by
-EJB receiver(s)) and that created context is then scoped/visible to only
-that JNDI context which created it. Lookup and invocation on any EJB
-proxies looked up using this JNDI context will only know of the EJB
-client context associated with this JNDI context. This effectively means
-that the other JNDI contexts which the application uses to lookup and
-invoke on EJBs will not know about the other scoped EJB client
-contexts at all.
-
-
-
JNDI contexts which aren’t scoped to a EJB client context (for example,
-not passing the org.jboss.ejb.client.scoped.context property) will
-fallback to the default behaviour of using the "current" EJB client
-context which typically is the one tied to the entire application.
-
-
-
This scoping of the EJB client context helps the user applications to
-have more control over which JNDI context "talks to" which server and
-connects to that server in "what way". This gives the user applications
-the flexibility that was associated with the JNP based JNDI invocations
-prior to WildFly 29 versions.
-
-
-
-
-
-
-
-
-IMPORTANT:It is very important to remember that scoped EJB client
-contexts which are scoped to the JNDI contexts are NOT fire and forget
-kind of contexts. What that means is the application program which is
-using these contexts is solely responsible for managing their lifecycle
-and the application itself is responsible for closing the context at the
-right moment. After closing the context the proxies which are bound to
-this context are no longer valid and any invocation will throw an
-Exception. Not closing the context will end in resource problems as the
-underlying physical connection will stay open.
-
-
-
-
-
-
Read the rest of the sections in this article to understand more about
-the lifecycle management of such scoped contexts.
-
-
-
-
18.3. Lifecycle management of scoped EJB client contexts
-
-
Like you saw in the previous sections, in case of scoped EJB client
-contexts, the EJB client context is tied to the JNDI context. It’s very
-important to understand how the lifecycle of the EJB client context
-works in such cases. Especially since any EJB client context is almost
-always backed by connections to the server. Not managing the EJB client
-context lifecycle correctly can lead to connection leaks in some cases.
-
-
-
When you create a scoped EJB client context, the EJB client context
-connects to the server(s) listed in the JNDI properties. An internal
-implementation detail of this logic includes the ability of the EJB
-client context to cache connections based on certain internal algorithm
-it uses. The algorithm itself isn’t publicly documented (yet) since the
-chances of it changing or even removal shouldn’t really affect the
-client application and instead it’s supposed to be transparent to the
-client application.
-
-
-
The connections thus created for an EJB client context are kept open as
-long as the EJB client context is open. This allows the EJB client
-context to be usable for EJB invocations. The connections associated
-with the EJB client context are closed when the EJB client context
-itself is closed.
-
-
-
-
-
-
-
-
-The connections that were manually added by the application to the EJB
-client context are not managed by the EJB client context. i.e. they
-won’t be opened (obviously) nor closed by the EJB client API when the
-EJB client context is closed.
-
-
-
-
-
-
18.3.1. How to close EJB client contexts?
-
-
The answer to that is simple. Use the close() method on the appropriate
-EJB client context.
-
-
-
-
18.3.2. How to close scoped EJB client contexts?
-
-
The answer is the same, use the close() method on the EJB client
-context. But the real question is how do you get the relevant scoped EJB
-client context which is associated with a JNDI context. Before we get to
-that, it’s important to understand how the ejb: JNDI namespace that’s
-used for EJB lookups and how the JNDI context (typically the
-InitialContext that you see in the client code) are related. The JNDI
-API provided by Java language allows "URL context factory" to be
-registered in the JNDI framework (see this for details
-http://docs.oracle.com/javase/jndi/tutorial/provider/url/factory.html).
-Like that documentation states, the URL context factory can be used to
-resolve URL strings during JNDI lookup. That’s what the ejb: prefix is
-when you do a remote EJB lookup. The ejb: URL string is backed by a URL
-context factory.
-
-
-
Internally, when a lookup happens for a ejb: URL string, a relevant
-javax.naming.Context is created for that ejb: lookup. Let’s see some
-code for better understanding:
-
-
-
-
// JNDI context "A"
-Context jndiCtx = newInitialContext(props);
-// Now let's lookup a EJB
-MyBean bean = jndiCtx.lookup("ejb:app/module/distinct/bean!interface");
-
-
-
-
So we first create a JNDI context and then use it to lookup an EJB. The
-bean lookup using the ejb: JNDI name, although, is just one statement,
-involves a few more things under the hood. What’s actually happening
-when you lookup that string is that a separate javax.naming.Context gets
-created for the ejb: URL string. This new javax.naming.Context is then
-used to lookup the rest of the string in that JNDI name.
-
-
-
Let’s break up that one line into multiple statements to understand
-better:
-
-
-
-
// Remember, the ejb: is backed by a URL context factory which returns a Context for the ejb: URL (that's why it's called a context factory)
-finalContext ejbNamingContext = (Context) jndiCtx.lookup("ejb:");
-// Use the returned EJB naming context to lookup the rest of the JNDI string for EJB
-final MyBean bean = ejbNamingContext.lookup("app/module/distinct/bean!interface");
-
-
-
-
As you see above, we split up that single statement into a couple of
-statements for explaining the details better. So as you can see when the
-ejb: URL string is parsed in a JNDI name, it gets hold of a
-javax.naming.Context instance. This instance is different from the one
-which was used to do the lookup (jndiCtx in this example). This is an
-important detail to understand (for reasons explained later). Now this
-returned instance is used to lookup the rest of the JNDI string
-("app/module/distinct/bean!interface"), which then returns the EJB
-proxy. Irrespective of whether the lookup is done in a single statement
-or multiple parts, the code works the same. i.e. an instance of
-javax.naming.Context gets created for the ejb: URL string.
-
-
-
So why am I explaining all this when the section is titled
-"How to close scoped EJB client contexts"? The reason is because
-client applications dealing with scoped EJB client contexts which are
-associated with a JNDI context would expect the following code to close
-the associated EJB client context, but will be surprised that it won’t:
-
-
-
-
finalProperties props = newProperties();
-// mark it for scoped EJB client context
-props.put("org.jboss.ejb.client.scoped.context","true");
-// add other properties
-props.put(....);
-...
-Context jndiCtx = newInitialContext(props);
-try {
- final MyBean bean = jndiCtx.lookup("ejb:app/module/distinct/bean!interface");
- bean.doSomething();
-} finally {
- jndiCtx.close();
-}
-
-
-
-
Applications expect that the call to jndiCtx.close() will effectively
-close the EJB client context associated with the JNDI context. That
-doesn’t happen because as explained previously, the javax.naming.Context
-backing the ejb: URL string is a different instance than the one the
-code is closing. The JNDI implementation in Java, only just closes the
-context on which the close was called. As a result, the other
-javax.naming.Context that backs the ejb: URL string is still not closed,
-which effectively means that the scoped EJB client context is not closed
-too which then ultimately means that the connection to the server(s) in
-the EJB client context are not closed too.
-
-
-
So now let’s see how this can be done properly. We know that the ejb:
-URL string lookup returns us a javax.naming.Context. All we have to do
-is keep a reference to this instance and close it when we are done with
-the EJB invocations. So here’s how it’s going to look:
-
-
-
-
finalProperties props = newProperties();
-// mark it for scoped EJB client context
-props.put("org.jboss.ejb.client.scoped.context","true");
-// add other properties
-props.put(....);
-...
-Context jndiCtx = newInitialContext(props);
-Context ejbRootNamingContext = (Context) jndiCtx.lookup("ejb:");
-try {
- final MyBean bean = ejbRootNamingContext.lookup("app/module/distinct/bean!interface"); // the rest of the EJB jndi string
- bean.doSomething();
-} finally {
- try {
- // close the EJB naming JNDI context
- ejbRootNamingContext.close();
- } catch (Throwable t) {
- // log and ignore
- }
- try {
- // also close our other JNDI context since we are done with it too
- jndiCtx.close();
- } catch (Throwable t) {
- // log and ignore
- }
-
-}
-
-
-
-
As you see, we changed the code to first do a lookup on just the "ejb:"
-string to get hold of the EJB naming context and then used that
-ejbRootNamingContext instance to lookup the rest of the EJB JNDI name to
-get hold of the EJB proxy. Then when it was time to close the context,
-we closed the ejbRootNamingContext (as well as the other JNDI context).
-Closing the ejbRootNamingContext ensures that the scoped EJB client
-context associated with that JNDI context is closed too. Effectively,
-this closes the connection(s) to the server(s) within that EJB client
-context.
-
-
-
Can that code be simplified a bit?
-
-
If you are using that JNDI context only for EJB invocations, then yes
-you can get rid of some instances and code from the above code. You can
-change that code to:
-
-
-
-
finalProperties props = newProperties();
-// mark it for scoped EJB client context
-props.put("org.jboss.ejb.client.scoped.context","true");
-// add other properties
-props.put(....);
-...
-Context ejbRootNamingContext = (Context) newInitialContext(props).lookup("ejb:");
-try {
- final MyBean bean = ejbRootNamingContext.lookup("app/module/distinct/bean!interface"); // the rest of the EJB jndi string
- bean.doSomething();
-} finally {
- try {
- // close the EJB naming JNDI context
- ejbRootNamingContext.close();
- } catch (Throwable t) {
- // log and ignore
- }
-}
-
-
-
-
Notice that we no longer hold a reference to 2 JNDI contexts and instead
-just keep track of the ejbRootNamingContext which is actually the root
-JNDI context for our "ejb:" URL string. Of course, this means that you
-can only use this context for EJB lookups or any other EJB related JNDI
-lookups. So it depends on your application and how it’s coded.
-
-
-
-
-
18.3.3. Can’t the scoped EJB client context be automatically closed by the
-
-
EJB client API when the JNDI context is no longer in scope (i.e. on GC)?
-
-
-
That’s one of the common questions that gets asked. No, the EJB client
-API can’t take that decision. i.e. it cannot automatically go ahead and
-close the scoped EJB client context by itself when the associated JNDI
-context is eligible for GC. The reason is simple as illustrated by the
-following code:
-
-
-
-
void doEJBInvocation() {
- final MyBean bean = lookupEJB();
- bean.doSomething();
- bean.doSomeOtherThing();
- ... // do some other work
- bean.keepDoingSomething();
-}
-
-MyBean lookupEJB() {
- finalProperties props = newProperties();
- // mark it for scoped EJB client context
- props.put("org.jboss.ejb.client.scoped.context","true");
- // add other properties
- props.put(....);
- ...
- Context ejbRootNamingContext = (Context) newInitialContext(props).lookup("ejb:");
- final MyBean bean = ejbRootNamingContext.lookup("app/module/distinct/bean!interface"); // rest of the EJB jndi string
- return bean;
-}
-
-
-
-
As you can see, the doEJBInvocation() method first calls a lookupEJB()
-method which does a lookup of the bean using a JNDI context and then
-returns the bean (proxy). The doEJBInvocation() then uses that returned
-proxy and keeps doing the invocations on the bean. As you might have
-noticed, the JNDI context that was used for lookup (i.e. the
-ejbRootNamingContext) is eligible for GC. If the EJB client API had
-closed the scoped EJB client context associated with that JNDI context,
-when that JNDI context was garbage collected, then the subsequent EJB
-invocations on the returned EJB (proxy) would start failing in
-doEJBInvocation() since the EJB client context is no longer available.
-
-
-
That’s the reason why the EJB client API doesn’t automatically close the
-EJB client context.
-
-
-
-
-
-
-
-
-References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
-
-
-
-
-
-
-
-
-
-
19. EJB invocations from a remote client using JNDI
-
-
-
This chapter explains how to invoke EJBs from a remote client by using
-the JNDI API to first lookup the bean proxy and then invoke on that
-proxy.
Before getting into the details, we would like the users to know that we
-have introduced a new EJB client API, which is a WildFly-specific API
-and allows invocation on remote EJBs. This client API isn’t based on
-JNDI. So remote clients need not rely on JNDI API to invoke on EJBs. A
-separate document covering the EJB remote client API will be made
-available. For now, you can refer to the javadocs of the EJB client
-project at http://docs.jboss.org/ejbclient/. In this document, we’ll
-just concentrate on the traditional JNDI based invocation on EJBs. So
-let’s get started:
-
-
-
19.1. Deploying your EJBs on the server side:
-
-
-
-
-
-
-
-Users who already have EJBs deployed on the server side can just skip to
-the next section.
-
-
-
-
-
-
As a first step, you’ll have to deploy your application containing the
-EJBs on the WildFly server. If you want those EJBs to be remotely
-invocable, then you’ll have to expose at least one remote view for that
-bean. In this example, let’s consider a simple Calculator stateless bean
-which exposes a RemoteCalculator remote business interface. We’ll also
-have a simple stateful CounterBean which exposes a RemoteCounter remote
-business interface. Here’s the code:
-
-
-
-
packageorg.jboss.as.quickstarts.ejb.remote.stateless;
-
-/**
- * @author Jaikiran Pai
- */
-publicinterfaceRemoteCalculator {
-
- int add(int a, int b);
-
- int subtract(int a, int b);
-}
-
-
-
-
-
packageorg.jboss.as.quickstarts.ejb.remote.stateless;
-
-importjakarta.ejb.Remote;
-importjakarta.ejb.Stateless;
-
-/**
- * @author Jaikiran Pai
- */
-@Stateless
-@Remote(RemoteCalculator.class)
-publicclassCalculatorBeanimplements RemoteCalculator {
-
- @Override
- publicint add(int a, int b) {
- return a + b;
- }
-
- @Override
- publicint subtract(int a, int b) {
- return a - b;
- }
-}
Let’s package this in a jar (how you package it in a jar is out of scope
-of this chapter) named "jboss-as-ejb-remote-app.jar" and deploy it to
-the server. Make sure that your deployment has been processed
-successfully and there aren’t any errors.
-
-
-
-
19.2. Writing a remote client application for accessing and invoking the
-
-
EJBs deployed on the server
-
-
-
The next step is to write an application which will invoke the EJBs that
-you deployed on the server. In WildFly, you can either choose to use the
-WildFly specific EJB client API to do the invocation or use JNDI to
-lookup a proxy for your bean and invoke on that returned proxy. In this
-chapter we will concentrate on the JNDI lookup and invocation and will
-leave the EJB client API for a separate chapter.
-
-
-
So let’s take a look at what the client code looks like for looking up
-the JNDI proxy and invoking on it. Here’s the entire client code which
-invokes on a stateless bean:
-
-
-
-
packageorg.jboss.as.quickstarts.ejb.remote.client;
-
-importjavax.naming.Context;
-importjavax.naming.InitialContext;
-importjavax.naming.NamingException;
-importjava.security.Security;
-importjava.util.Hashtable;
-
-importorg.jboss.as.quickstarts.ejb.remote.stateful.CounterBean;
-importorg.jboss.as.quickstarts.ejb.remote.stateful.RemoteCounter;
-importorg.jboss.as.quickstarts.ejb.remote.stateless.CalculatorBean;
-importorg.jboss.as.quickstarts.ejb.remote.stateless.RemoteCalculator;
-importorg.jboss.sasl.JBossSaslProvider;
-
-/**
- * A sample program which acts a remote client for a EJB deployed on WildFly 10 server.
- * This program shows how to lookup stateful and stateless beans via JNDI and then invoke on them
- *
- * @author Jaikiran Pai
- */
-publicclassRemoteEJBClient {
-
- publicstaticvoid main(String[] args) throwsException {
- // Invoke a stateless bean
- invokeStatelessBean();
-
- // Invoke a stateful bean
- invokeStatefulBean();
- }
-
- /**
- * Looks up a stateless bean and invokes on it
- *
- * @throws NamingException
- */
- privatestaticvoid invokeStatelessBean() throwsNamingException {
- // Let's lookup the remote stateless calculator
- final RemoteCalculator statelessRemoteCalculator = lookupRemoteStatelessCalculator();
- System.out.println("Obtained a remote stateless calculator for invocation");
- // invoke on the remote calculator
- int a = 204;
- int b = 340;
- System.out.println("Adding " + a + " and " + b + " via the remote stateless calculator deployed on the server");
- int sum = statelessRemoteCalculator.add(a, b);
- System.out.println("Remote calculator returned sum = " + sum);
- if (sum != a + b) {
- thrownewRuntimeException("Remote stateless calculator returned an incorrect sum " + sum + " ,expected sum was " + (a + b));
- }
- // try one more invocation, this time for subtraction
- int num1 = 3434;
- int num2 = 2332;
- System.out.println("Subtracting " + num2 + " from " + num1 + " via the remote stateless calculator deployed on the server");
- int difference = statelessRemoteCalculator.subtract(num1, num2);
- System.out.println("Remote calculator returned difference = " + difference);
- if (difference != num1 - num2) {
- thrownewRuntimeException("Remote stateless calculator returned an incorrect difference " + difference + " ,expected difference was " + (num1 - num2));
- }
- }
-
- /**
- * Looks up a stateful bean and invokes on it
- *
- * @throws NamingException
- */
- privatestaticvoid invokeStatefulBean() throwsNamingException {
- // Let's lookup the remote stateful counter
- final RemoteCounter statefulRemoteCounter = lookupRemoteStatefulCounter();
- System.out.println("Obtained a remote stateful counter for invocation");
- // invoke on the remote counter bean
- finalint NUM_TIMES = 20;
- System.out.println("Counter will now be incremented " + NUM_TIMES + " times");
- for (int i = 0; i < NUM_TIMES; i++) {
- System.out.println("Incrementing counter");
- statefulRemoteCounter.increment();
- System.out.println("Count after increment is " + statefulRemoteCounter.getCount());
- }
- // now decrementing
- System.out.println("Counter will now be decremented " + NUM_TIMES + " times");
- for (int i = NUM_TIMES; i > 0; i--) {
- System.out.println("Decrementing counter");
- statefulRemoteCounter.decrement();
- System.out.println("Count after decrement is " + statefulRemoteCounter.getCount());
- }
- }
-
- /**
- * Looks up and returns the proxy to remote stateless calculator bean
- *
- * @return
- * @throws NamingException
- */
- privatestatic RemoteCalculator lookupRemoteStatelessCalculator() throwsNamingException {
- finalHashtable jndiProperties = newHashtable();
- jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
- finalContext context = newInitialContext(jndiProperties);
- // The app name is the application name of the deployed EJBs. This is typically the ear name
- // without the .ear suffix. However, the application name could be overridden in the application.xml of the
- // EJB deployment on the server.
- // Since we haven't deployed the application as a .ear, the app name for us will be an empty string
- finalString appName = "";
- // This is the module name of the deployed EJBs on the server. This is typically the jar name of the
- // EJB deployment, without the .jar suffix, but can be overridden via the ejb-jar.xml
- // In this example, we have deployed the EJBs in a jboss-as-ejb-remote-app.jar, so the module name is
- // jboss-as-ejb-remote-app
- finalString moduleName = "jboss-as-ejb-remote-app";
- // AS7 allows each deployment to have an (optional) distinct name. We haven't specified a distinct name for
- // our EJB deployment, so this is an empty string
- finalString distinctName = "";
- // The EJB name which by default is the simple class name of the bean implementation class
- finalString beanName = CalculatorBean.class.getSimpleName();
- // the remote view fully qualified class name
- finalString viewClassName = RemoteCalculator.class.getName();
- // let's do the lookup
- return (RemoteCalculator) context.lookup("ejb:" + appName + "/" + moduleName + "/" + distinctName + "/" + beanName + "!" + viewClassName);
- }
-
- /**
- * Looks up and returns the proxy to remote stateful counter bean
- *
- * @return
- * @throws NamingException
- */
- privatestatic RemoteCounter lookupRemoteStatefulCounter() throwsNamingException {
- finalHashtable jndiProperties = newHashtable();
- jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
- finalContext context = newInitialContext(jndiProperties);
- // The app name is the application name of the deployed EJBs. This is typically the ear name
- // without the .ear suffix. However, the application name could be overridden in the application.xml of the
- // EJB deployment on the server.
- // Since we haven't deployed the application as a .ear, the app name for us will be an empty string
- finalString appName = "";
- // This is the module name of the deployed EJBs on the server. This is typically the jar name of the
- // EJB deployment, without the .jar suffix, but can be overridden via the ejb-jar.xml
- // In this example, we have deployed the EJBs in a jboss-as-ejb-remote-app.jar, so the module name is
- // jboss-as-ejb-remote-app
- finalString moduleName = "jboss-as-ejb-remote-app";
- // AS7 allows each deployment to have an (optional) distinct name. We haven't specified a distinct name for
- // our EJB deployment, so this is an empty string
- finalString distinctName = "";
- // The EJB name which by default is the simple class name of the bean implementation class
- finalString beanName = CounterBean.class.getSimpleName();
- // the remote view fully qualified class name
- finalString viewClassName = RemoteCounter.class.getName();
- // let's do the lookup (notice the ?stateful string as the last part of the jndi name for stateful bean lookup)
- return (RemoteCounter) context.lookup("ejb:" + appName + "/" + moduleName + "/" + distinctName + "/" + beanName + "!" + viewClassName + "?stateful");
- }
-}
-
-
-
-
-
-
-
-
-
-The entire server side and client side code is hosted at the github repo
-here
-ejb-remote
-
-
-
-
-
-
The code has some comments which will help you understand each of those
-lines. But we’ll explain here in more detail what the code does. As a
-first step in the client code, we’ll do a lookup of the EJB using a JNDI
-name. In AS7, for remote access to EJBs, you use the ejb: namespace with
-the following syntax:
The ejb: namespace identifies it as a EJB lookup and is a constant (i.e.
-doesn’t change) for doing EJB lookups. The rest of the parts in the jndi
-name are as follows:
-
-
-
app-name : This is the name of the .ear (without the .ear suffix) that
-you have deployed on the server and contains your EJBs.
-
-
-
-
-
Jakarta EE allows you to override the application name, to a name of
-your choice by setting it in the application.xml. If the deployment uses
-uses such an override then the app-name used in the JNDI name should
-match that name.
-
-
-
EJBs can also be deployed in a .war or a plain .jar (like we did in
-step 1). In such cases where the deployment isn’t an .ear file, then the
-app-name must be an empty string, while doing the lookup.
-
-
-
-
-
module-name : This is the name of the .jar (without the .jar suffix)
-that you have deployed on the server and the contains your EJBs. If the
-EJBs are deployed in a .war then the module name is the .war name
-(without the .war suffix).
-
-
-
-
-
Jakarta EE allows you to override the module name, by setting it in the
-ejb-jar.xml/web.xml of your deployment. If the deployment uses such an
-override then the module-name used in the JNDI name should match that
-name.
-
-
-
Module name part cannot be an empty string in the JNDI name
-
-
-
-
-
distinct-name : This is a WildFly-specific name which can be
-optionally assigned to the deployments that are deployed on the server.
-More about the purpose and usage of this will be explained in a separate
-chapter. If a deployment doesn’t use distinct-name then, use an empty
-string in the JNDI name, for distinct-name
-
-
-
bean-name : This is the name of the bean for which you are doing the
-lookup. The bean name is typically the unqualified classname of the bean
-implementation class, but can be overriden through either ejb-jar.xml or
-via annotations. The bean name part cannot be an empty string in the
-JNDI name.
-
-
-
fully-qualified-classname-of-the-remote-interface : This is the fully
-qualified class name of the interface for which you are doing the
-lookup. The interface should be one of the remote interfaces exposed by
-the bean on the server. The fully qualified class name part cannot be an
-empty string in the JNDI name.
-
-
-
For stateful beans, the JNDI name expects an additional "?stateful" to
-be appended after the fully qualified interface name part. This is
-because for stateful beans, a new session gets created on JNDI lookup
-and the EJB client API implementation doesn’t contact the server during
-the JNDI lookup to know what kind of a bean the JNDI name represents
-(we’ll come to this in a while). So the JNDI name itself is expected to
-indicate that the client is looking up a stateful bean, so that an
-appropriate session can be created.
-
-
-
Now that we know the syntax, let’s see our code and check what JNDI name
-it uses. Since our stateless EJB named CalculatorBean is deployed in a
-jboss-as-ejb-remote-app.jar (without any ear) and since we are looking
-up the org.jboss.as.quickstarts.ejb.remote.stateless.RemoteCalculator
-remote interface, our JNDI name will be:
That’s what the lookupRemoteStatelessCalculator() method in the above
-client code uses.
-
-
-
For the stateful EJB named CounterBean which is deployed in hte same
-jboss-as-ejb-remote-app.jar and which exposes the
-org.jboss.as.quickstarts.ejb.remote.stateful.RemoteCounter, the JNDI
-name will be:
Here we are creating a JNDI InitialContext object by passing it some
-JNDI properties. The Context.URL_PKG_PREFIXES is set to
-org.jboss.ejb.client.naming. This is necessary because we should let the
-JNDI API know what handles the ejb: namespace that we use in our JNDI
-names for lookup. The "org.jboss.ejb.client.naming" has a
-URLContextFactory implementation which will be used by the JNDI APIs to
-parse and return an object for ejb: namespace lookups. You can either
-pass these properties to the constructor of the InitialContext class or
-have a jndi.properites file in the classpath of the client application,
-which (atleast) contains the following property:
So at this point, we have setup the InitialContext and also have the
-JNDI name ready to do the lookup. You can now do the lookup and the
-appropriate proxy which will be castable to the remote interface that
-you used as the fully qualified class name in the JNDI name, will be
-returned. Some of you might be wondering, how the JNDI implementation
-knew which server address to look, for your deployed EJBs. The answer is
-in AS7, the proxies returned via JNDI name lookup for ejb: namespace do
-not connect to the server unless an invocation on those proxies is done.
-
-
-
Now let’s get to the point where we invoke on this returned proxy:
-
-
-
-
// Let's lookup the remote stateless calculator
- final RemoteCalculator statelessRemoteCalculator = lookupRemoteStatelessCalculator();
- System.out.println("Obtained a remote stateless calculator for invocation");
- // invoke on the remote calculator
- int a = 204;
- int b = 340;
- System.out.println("Adding " + a + " and " + b + " via the remote stateless calculator deployed on the server");
- int sum = statelessRemoteCalculator.add(a, b);
-
-
-
-
We can see here that the proxy returned after the lookup is used to
-invoke the add(…) method of the bean. It’s at this point that the JNDI
-implementation (which is backed by the EJB client API) needs to know the
-server details. So let’s now get to the important part of setting up the
-EJB client context properties.
-
-
-
-
19.3. Setting up EJB client context properties
-
-
A EJB client context is a context which contains contextual information
-for carrying out remote invocations on EJBs. This is a WildFly-specific
-API. The EJB client context can be associated with multiple EJB
-receivers. Each EJB receiver is capable of handling invocations on
-different EJBs. For example, an EJB receiver "Foo" might be able to
-handle invocation on a bean identified by
-app-A/module-A/distinctinctName-A/Bar!RemoteBar, whereas a EJB receiver
-named "Blah" might be able to handle invocation on a bean identified by
-app-B/module-B/distinctName-B/BeanB!RemoteBean. Each such EJB receiver
-knows about what set of EJBs it can handle and each of the EJB receiver
-knows which server target to use for handling the invocations on the
-bean. For example, if you have a AS7 server at 10.20.30.40 IP address
-which has its remoting port opened at 4447 and if that’s the server on
-which you deployed that CalculatorBean, then you can setup a EJB
-receiver which knows its target address is 10.20.30.40:4447. Such an EJB
-receiver will be capable enough to communicate to the server via the
-JBoss specific EJB remote client protocol (details of which will be
-explained in-depth in a separate chapter).
-
-
-
Now that we know what a EJB client context is and what a EJB receiver
-is, let’s see how we can setup a client context with 1 EJB receiver
-which can connect to 10.20.30.40 IP address at port 4447. That EJB
-client context will then be used (internally) by the JNDI implementation
-to handle invocations on the bean proxy.
-
-
-
The client will have to place a jboss-ejb-client.properties file in the
-classpath of the application. The jboss-ejb-client.properties can
-contain the following properties:
-This file includes a reference to a default password. Be sure to change
-this as soon as possible.
-
-
-
-
-
-
-
-
-
-
-
-We’ll see what each of it means.
-
-
-
-
-
-
First the endpoint.name property. We mentioned earlier that the EJB
-receivers will communicate with the server for EJB invocations.
-Internally, they use JBoss Remoting project to carry out the
-communication. The endpoint.name property represents the name that will
-be used to create the client side of the enpdoint. The endpoint.name
-property is optional and if not specified in the
-jboss-ejb-client.properties file, it will default to
-"config-based-ejb-client-endpoint" name.
-
-
-
Next is the remote.connectionprovider.create.options.<….> properties:
The "remote.connectionprovider.create.options." property prefix can be
-used to pass the options that will be used while create the connection
-provider which will handle the "remote:" protocol. In this example we
-use the "remote.connectionprovider.create.options." property prefix to
-pass the "org.xnio.Options.SSL_ENABLED" property value as false. That
-property will then be used during the connection provider creation.
-Similarly other properties can be passed too, just append it to the
-"remote.connectionprovider.create.options." prefix
-
-
-
Next we’ll see:
-
-
-
-
remote.connections=default
-
-
-
-
This is where you define the connections that you want to setup for
-communication with the remote server. The "remote.connections" property
-uses a comma separated value of connection "names". The connection names
-are just logical and are used grouping together the connection
-configuration properties later on in the properties file. The example
-above sets up a single remote connection named "default". There can be
-more than one connections that are configured. For example:
-
-
-
-
remote.connections=one, two
-
-
-
-
Here we are listing 2 connections named "one" and "two". Ultimately,
-each of the connections will map to a EJB receiver. So if you have 2
-connections, that will setup 2 EJB receivers that will be added to the
-EJB client context. Each of these connections will be configured with
-the connection specific properties as follows:
As you can see we are using the "remote.connection.<connection-name>."
-prefix for specifying the connection specific property. The connection
-name here is "default" and we are setting the "host" property of that
-connection to point to 10.20.30.40. Similarly we set the "port" for that
-connection to 4447.
-
-
-
By default WildFly uses 8080 as the remoting port. The EJB client API
-uses the http port, with the http-upgrade functionality, for
-communicating with the server for remote invocations, so that’s the port
-we use in our client programs (unless the server is configured for some
-other http port)
The given user/password must be set by using the command bin/add-user.sh
-(or.bat).
-The user and password must be set because the security-realm is enabled
-for the subsystem remoting (see standalone*.xml or domain.xml) by
-default.
-If you do not need the security for remoting you might remove the
-attribute security-realm in the configuration.
-
-
-
security-realm is enabled by default.
-
-
-
-
-
-
-
-
-We then use the "remote.connection.<connection-name>.connect.options."
-property prefix to setup options that will be used during the connection
-creation.
-
-
-
-
-
-
Here’s an example of setting up multiple connections with different
-properties for each of those:
As you can see we setup 2 connections "one" and "two" which both point
-to "localhost" as the "host" but different ports. Each of these
-connections will internally be used to create the EJB receivers in the
-EJB client context.
-
-
-
So that’s how the jboss-ejb-client.properties file can be setup and
-placed in the classpath.
-
-
-
-
-
The EJB client code will by default look for jboss-ejb-client.properties
-in the classpath. However, you can specify a different file of your
-choice by setting the "jboss.ejb.client.properties.file.path" system
-property which points to a properties file on your filesystem,
-containing the client context configurations. An example for that would
-be
-"-Djboss.ejb.client.properties.file.path=/home/me/my-client/custom-jboss-ejb-client.properties"
-
-
-
-
-
A jboss-client jar is shipped in the distribution. It’s available at
-WILDFLY_HOME/bin/client/jboss-client.jar. Place this jar in the
-classpath of your client application.
-
-
-
If you are using Maven to build the client application, then please
-follow the instructions in the WILDFLY_HOME/bin/client/README.txt to add
-this jar as a Maven dependency.
-
-
-
-
Summary
-
-
In the above examples, we saw what it takes to invoke a EJB from a
-remote client. To summarize:
-
-
-
-
-
On the server side you need to deploy EJBs which expose the remote
-views.
-
-
-
On the client side you need a client program which:
-
-
-
-
Has a jboss-ejb-client.properties in its classpath to setup the
-server connection information
-
-
-
Either has a jndi.properties to specify the
-java.naming.factory.url.pkgs property or passes that as a property to
-the InitialContext constructor
-
-
-
Setup the client classpath to include the jboss-client jar that’s
-required for remote invocation of the EJBs. The location of the jar is
-mentioned above. You’ll also need to have your application’s bean
-interface jars and other jars that are required by your application, in
-the client classpath
-
-
-
-
-
-
-
-
-
-
-
-
-
-References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
-
-
-
-
-
-
-
-
-
20. EJB invocations from a remote server instance
-
-
-
The purpose of this chapter is to demonstrate how to lookup and invoke
-on EJBs deployed on an WildFly server instance from another WildFly
-server instance. This is different from invoking the EJBs
-from
-a remote standalone client
-
-
-
Let’s call the server, from which the invocation happens to the EJB, as
-"Client Server" and the server on which the bean is deployed as the
-"Destination Server".
-
-
-
-
-
-
-
-
-Note that this chapter deals with the case where the bean is deployed on
-the "Destination Server" but not on the "Client Server".
-
-
-
-
-
-
20.1. Application packaging
-
-
In this example, we’ll consider a EJB which is packaged in a myejb.jar
-which is within a myapp.ear. Here’s how it would look like:
-Note that packaging itself isn’t really important in the context of this
-article. You can deploy the EJBs in any standard way (.ear, .war or
-.jar).
-
-
-
-
-
-
-
20.2. Beans
-
-
In our example, we’ll consider a simple stateless session bean which is
-as follows:
packageorg.myapp.ejb;
-
-importjakarta.ejb.Remote;
-importjakarta.ejb.Stateless;
-
-@Stateless
-@Remote (Greeter.class)
-publicclassGreeterBeanimplements Greeter {
-
-@Override
-publicString greet(String user) {
-return"Hello " + user + ", have a pleasant day!";
- }
-}
-
-
-
-
-
20.3. Security
-
-
WildFly 29 is secure by default. What this means is that no communication
-can happen with an WildFly instance from a remote client (irrespective
-of whether it is a standalone client or another server instance) without
-passing the appropriate credentials. Remember that in this example, our
-"client server" will be communicating with the "destination server". So
-in order to allow this communication to happen successfully, we’ll have
-to configure user credentials which we will be using during this
-communication. So let’s start with the necessary configurations for
-this.
-
-
-
-
20.4. Configuring a user on the "Destination Server"
-
-
As a first step we’ll configure a user on the destination server who
-will be allowed to access the destination server. We create the user
-using the add-user script that’s available in the JBOSS_HOME/bin
-folder. In this example, we’ll be configuring a Application User named
-ejb and with a password test in the ApplicationRealm. Running the
-add-user script is an interactive process and you will see
-questions/output as follows:
-
-
-
add-user
-
-
jpai@jpai-laptop:bin$ ./add-user.sh
-
-What type of user do you wish to add?
- a) Management User (mgmt-users.properties)
- b) Application User (application-users.properties)
-(a): b
-
-Enter the details of the new user to add.
-Realm (ApplicationRealm) :
-Username : ejb
-Password :
-Re-enter Password :
-What roles do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)\[ \]:
-About to add user 'ejb' for realm 'ApplicationRealm'
-Is this correct yes/no? yes
-Added user 'ejb' to file '/jboss-as-7.1.1.Final/standalone/configuration/application-users.properties'
-Added user 'ejb' to file '/jboss-as-7.1.1.Final/domain/configuration/application-users.properties'
-Added user 'ejb' with roles to file '/jboss-as-7.1.1.Final/standalone/configuration/application-roles.properties'
-Added user 'ejb' with roles to file '/jboss-as-7.1.1.Final/domain/configuration/application-roles.properties'
-
-
-
-
As you can see in the output above we have now configured a user on the
-destination server who’ll be allowed to access this server. We’ll use
-this user credentials later on in the client server for communicating
-with this server. The important bits to remember are the user we have
-created in this example is ejb and the password is test.
-
-
-
-
-
-
-
-
-Note that you can use any username and password combination you want to.
-
-
-
-
-
-
-
-
-
-
-
-You do not require the server to be started to add a user using the
-add-user script.
-
-
-
-
-
-
-
20.5. Start the "Destination Server"
-
-
As a next step towards running this example, we’ll start the
-"Destination Server". In this example, we’ll use the standalone server
-and use the standalone-full.xml configuration. The startup command
-will look like:
Ensure that the server has started without any errors.
-
-
-
-
-
-
-
-
-It’s very important to note that if you are starting both the server
-instances on the same machine, then each of those server instances
-must have a unique jboss.node.name system property. You can do that
-by passing an appropriate value for -Djboss.node.name system property
-to the startup script:
-
-
-
-
-
-
-
./standalone.sh -server-config=standalone-full.xml -Djboss.node.name=<add appropriate value here>
-
-
-
-
-
20.6. Deploying the application
-
-
The application ( myapp.ear in our case) will be deployed to
-"Destination Server". The process of deploying the application is out of
-scope of this chapter. You can either use the Command Line Interface or
-the Admin console or any IDE or manually copy it to
-JBOSS_HOME/standalone/deployments folder (for standalone server). Just
-ensure that the application has been deployed successfully.
-
-
-
So far, we have built a EJB application and deployed it on the
-"Destination Server". Now let’s move to the "Client Server" which acts
-as the client for the deployed EJBs on the "Destination Server".
-
-
-
-
20.7. Configuring the "Client Server" to point to the EJB remoting connector
-
-
on the "Destination Server"
-
-
-
As a first step on the "Client Server", we need to let the server know
-about the "Destination Server"'s EJB remoting connector, over which it
-can communicate during the EJB invocations. To do that, we’ll have to
-add a " remote-outbound-connection" to the remoting subsystem on the
-"Client Server". The " remote-outbound-connection" configuration
-indicates that a outbound connection will be created to a remote server
-instance from that server. The " remote-outbound-connection" will be
-backed by a " outbound-socket-binding" which will point to a remote
-host and a remote port (of the "Destination Server"). So let’s see how
-we create these configurations.
-
-
-
-
20.8. Start the "Client Server"
-
-
In this example, we’ll start the "Client Server" on the same machine as
-the "Destination Server". We have copied the entire server installation
-to a different folder and while starting the "Client Server" we’ll use a
-port-offset (of 100 in this example) to avoid port conflicts:
The above command will create a outbound-socket-binding named "
-remote-ejb" (we can name it anything) which points to "localhost" as
-the host and port 8080 as the destination port. Note that the host
-information should match the host/IP of the "Destination Server" (in
-this example we are running on the same machine so we use "localhost")
-and the port information should match the http-remoting connector port
-used by the EJB subsystem (by default it’s 8080). When this command is
-run successfully, we’ll see that the standalone-full.xml (the file which
-we used to start the server) was updated with the following
-outbound-socket-binding in the socket-binding-group:
20.11. Create a "remote-outbound-connection" which uses this newly created
-
-
"outbound-socket-binding"
-
-
-
Now let’s create a " remote-outbound-connection" which will use the
-newly created outbound-socket-binding (pointing to the EJB remoting
-connector of the "Destination Server"). We’ll continue to use the CLI to
-create this configuration:
The above command creates a remote-outbound-connection, named "
-remote-ejb-connection" (we can name it anything), in the remoting
-subsystem and uses the previously created " remote-ejb"
-outbound-socket-binding (notice the outbound-socket-binding-ref in that
-command) with the http-remoting protocol. Furthermore, we also set the
-authentication-context attribute to point to the authentication-context that we created
-in the previous step.
-
-
-
What this step does is, it creates a outbound connection, on the client
-server, to the remote destination server and sets up the authentication-context which
-will be used for authentication. This way when a connection has to be established
-from the client server to the destination server, the connection creation logic will
-have the necessary security credentials to pass along and setup a successful
-secured connection.
-
-
-
Now let’s run the following two operations to set some default
-connection creation options for the outbound connection:
From a server configuration point of view, that’s all we need on the
-"Client Server". Our next step is to deploy an application on the
-"Client Server" which will invoke on the bean deployed on the
-"Destination Server".
-
-
-
-
20.12. Packaging the client application on the "Client Server"
-
-
Like on the "Destination Server", we’ll use .ear packaging for the
-client application too. But like previously mentioned, that’s not
-mandatory. You can even use a .war or .jar deployments. Here’s how our
-client application packaging will look like:
-
-
-
-
client-app.ear
-|
-|--- META-INF
-| |
-| |--- jboss-ejb-client.xml
-|
-|--- web.war
-| |
-| |--- WEB-INF/classes
-| | |
-| | |---- <org.myapp.FooServlet> // classes in the web app
-
-
-
-
In the client application we’ll use a servlet which invokes on the bean
-deployed on the "Destination Server". We can even invoke the bean on the
-"Destination Server" from a EJB on the "Client Server". The code remains
-the same (JNDI lookup, followed by invocation on the proxy). The
-important part to notice in this client application is the file
-jboss-ejb-client.xml which is packaged in the META-INF folder of a top
-level deployment (in this case our client-app.ear). This
-jboss-ejb-client.xml contains the EJB client configurations which will
-be used during the EJB invocations for finding the appropriate
-destinations (also known as, EJB receivers). The contents of the
-jboss-ejb-client.xml are explained next.
-
-
-
-
-
-
-
-
-If your application is deployed as a top level .war deployment, then the
-jboss-ejb-client.xml is expected to be placed in .war/WEB-INF/ folder
-(i.e. the same location where you place any web.xml file).
-
You’ll notice that we have configured the EJB client context (for this
-application) to use a remoting-ejb-receiver which points to our earlier
-created " remote-outbound-connection" named "
-remote-ejb-connection". This links the EJB client context to use the "
-remote-ejb-connection" which ultimately points to the EJB remoting
-connector on the "Destination Server".
-
-
-
-
20.14. Deploy the client application
-
-
Let’s deploy the client application on the "Client Server". The process
-of deploying the application is out of scope, of this chapter. You can
-use either the CLI or the admin console or a IDE or deploy manually to
-JBOSS_HOME/standalone/deployments folder. Just ensure that the
-application is deployed successfully.
-
-
-
-
20.15. Client code invoking the bean
-
-
We mentioned that we’ll be using a servlet to invoke on the bean, but
-the code to invoke the bean isn’t servlet specific and can be used in
-other components (like EJB) too. So let’s see how it looks like:
-
-
-
-
importjavax.naming.Context;
-importjava.util.Hashtable;
-importjavax.naming.InitialContext;
-
-...
-public void invokeOnBean() {
- try {
- finalHashtable props = newHashtable();
- // setup the ejb: namespace URL factory
- props.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
- // create the InitialContext
- finalContext context = new javax.naming.InitialContext(props);
-
- // Lookup the Greeter bean using the ejb: namespace syntax which is explained here https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+client+using+JNDI
- final Greeter bean = (Greeter) context.lookup("ejb:" + "myapp" + "/" + "myejb" + "/" + "" + "/" + "GreeterBean" + "!" + org.myapp.ejb.Greeter.class.getName());
-
- // invoke on the bean
- finalString greeting = bean.greet("Tom");
-
- System.out.println("Received greeting: " + greeting);
-
- } catch (Exception e) {
- thrownewRuntimeException(e);
- }
-}
-
-
-
-
That’s it! The above code will invoke on the bean deployed on the
-"Destination Server" and return the result.
-
-
-
-
-
-
-
-
-References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
-
-
-
-
-
-
-
-
-
21. Remote Jakarta Enterprise Beans invocations via JNDI - Jakarta Enterprise Beans client API or wildfly-naming-client project
-
-
-
21.1. Purpose
-
-
WildFly provides EJB client API project as well as wildfly-naming-client project(https://github.com/wildfly/wildfly-naming-client)
-for invoking on remote objects exposed via JNDI. This article explains
-which approach to use when and what the differences and scope of each of
-these projects is.
-
-
-
-
21.2. Overview
-
-
Now that we know that for remote client JNDI communication with WildFly
-requires wildfly-naming-client project, let’s quickly see what the code
-looks like.
-
-
-
21.2.1. Client code relying on jndi.properties in classpath
-
-
-
// Create an InitialContext using the javax.naming.* API
-InitialContext ctx = newInitialContext();
-Blah blah = (Blah) ctx.lookup("foo:blah");
-
-
-
-
As you can see, there’s not much here in terms of code. We first create
-a InitialContext which as per the API will look for a jndi.properties in
-the classpath of the application. We’ll see what our jndi.properties looks like, later.
-Once the InitialContext is created, we just use it to do a lookup on a
-JNDI name which we know is bound on the server side. We’ll come back to
-the details of this lookup string in a while.
-
-
-
Let’s now see what the jndi.properties in our client classpath looks
-like:
Those two properties are important for wildfly-naming-client project to be
-used for communicating with the WildFly server. The first property tells
-the JNDI API which initial context factory to use. In this case we are
-pointing it to the WildFlyInitailContextFactory class supplied by the
-wildfly-naming-client project. The other property is the PROVIDER_URL.
-which is remote+http:// for wildfly-naming-client. The rest
-of the PROVIDER_URL part is the server hostname or IP and the port on
-which the remoting connector is exposed on the server side. By default
-the http-remoting connector port in WildFly 29 is 8080. That’s what we
-have used in our example. The hostname we have used is localhost but
-that should point to the server IP or hostname where the server is
-running.
-
-
-
So we saw how to setup the JNDI properties in the jndi.properties file.
-The JNDI API also allows you to pass these properties to the constructor
-of the InitialContext class (please check the javadoc of that class for
-more details). Let’s quickly see what the code would look like:
That’s it! You can see that the values that we pass to those properties
-are the same as what we did via the jndi.properties. It’s upto the
-client application to decide which approach they want to follow.
-
-
-
-
21.2.2. Using the wildfly-config.xml
-
-
The wildfly-config.xml can be used to specify a static configuration for a
-standalone client to use. Below is a simple example specifying plaintext
-username / password and the remote server connection (host/port).
-The wildfly-config.xml goes in the META-INF directory.
Using the wildfly-config.xml, the InitialContext creation does not specify
-the host/port/user/pass since it is already defined in the wildfly-config.xml.
-The EJB lookup
We have so far had an overview of how the client code looks like when
-using the wildfly-naming-client project. Let’s now have a brief look at how the wildfly-naming-client project
-internally establishes the communication with the server and allows JNDI
-operations from the client side.
-
-
-
When the client code creates an InitialContext backed by the
-org.wildfly.naming.client.WildFlyInitialContextFactory class, the
-org.wildfly.naming.client.WildFlyInitialContextFactory internally looks
-for the PROVIDER_URL (and other) properties that are applicable for that
-context ( doesn’t matter whether it comes from the jndi.properties
-file or whether passed explicitly to the constructor of the
-InitialContext). Once it identifies the server and port to connect to,
-the wildfly-naming-client project internally sets up a connection using the
-remoting APIs with the remoting connector which is exposed on that
-port.
-
-
-
It has also increased its support for security configurations.
-Every service including the http+remote connector (which
-listens by default on port 8080), is secured.
-This means that when trying to do JNDI operations like a
-lookup, the client has to pass appropriate user credentials. In our
-examples so far we haven’t passed any username/pass or any other
-credentials while creating the InitialContext. That was just to keep the
-examples simple. But let’s now check and use one
-of the ways how we pass the user credentials. Let’s at the moment just
-assume that the remoting connector on port 8080 is accessible to a user
-named " `ranabir`" whose password is expected to be " `redhat1!`".
-
-
-
-
void doLookup() {
- Properties props = newProperties();
- props.put(Context.INITIAL_CONTEXT_FACTORY, "org.wildfly.naming.client.WildFlyInitialContextFactory");
- props.put(Context.PROVIDER_URL, "remote+https://localhost:8080");
- // provide an username
- props.put(Context.SECURITY_PRINCIPAL, "ranabir");
- // provide a password
- props.put(Context.SECURITY_CREDENTIALS, "redhat1!");
- // create a context passing these properties
- InitialContext ctx = newInitialContext(props);
- Blah blah = (Blah) ctx.lookup("foo:blah");
- ...
-}
-
-
-
-
The code is similar to our previous example, except that we now have
-added 2 additional properties that are passed to the InitialContext
-constructor. The first is Context.SECURITY_PRINCIPAL
-which passes the username (ranabir in this case)
-and the second is Context.SECURITY_CREDENTIALS
-which passes the password (redhat1! in this case). Of course the same
-properties can be configured in the jndi.properties file (read the
-javadoc of the Context class for appropriate properties to be used in
-the jndi.properties) and as well as in wildfly-config.xml.
-This is one way of passing the security credentials for JNDI communication with WildFly.
-There are some other ways to do this too.
-
-
-
Moreover In order to manage Lookup High Availability, you can provide a list of remote servers
-that will be checked for the Initial Lookup of the remote+http call. Here is the updated
-PROVIDER_URL format, supposing you were to contact two servers located at localhost:8080 and localhost:8180
21.2.4. JNDI operations allowed using wildfly-naming-client project
-
-
So far we have mainly concentrated on how the naming context is created
-and what it internally does when an instance is created. Let’s now take
-this one step further and see what kind of operations are allowed for a
-JNDI context backed by the wildfly-naming-client project.
-
-
-
The JNDI Context has various methods that
-are exposed for JNDI operations. One important thing to note in case of
-wildfly-naming-client project is that, the project’s scope is to allow a client
-to communicate with the JNDI backend exposed by the server. As such, the
-wildfly-naming-client project does not support many of the methods that are
-exposed by the javax.naming.Context class. The wildfly-naming-client project
-only supports the read-only kind of methods (like the lookup() method)
-and does not support any write kind of methods (like the bind() method).
-The client applications are expected to use the wildfly-naming-client project
-mainly for lookups of JNDI objects. Neither WildFly nor wildfly-naming-client
-project allows writing/binding to the JNDI server from a remote
-application.
-
-
-
-
21.2.5. Pre-requisites of remotely accessible JNDI objects
-
-
On the server side, the JNDI can contain numerous objects that are bound
-to it. However, not all of those are exposed remotely. The two
-conditions that are to be satisfied by the objects bound to JNDI, to be
-remotely accessible are:
-
-
-
1) Such objects should be bound under the java:jboss/exported/
-namespace. For example, java:jboss/exported/foo/bar
-2) Objects bound to the java:jboss/exported/ namespace are expected to
-be serializable. This allows the objects to be sent over the wire to the
-remote clients
-
-
-
Both these conditions are important and are required for the objects to
-be remotely accessible via JNDI.
-
-
-
-
21.2.6. JNDI lookup strings for remote clients backed by the wildfly-naming-client project
-
-
In our examples, so far, we have been consistently using " `foo/bar`" as
-the JNDI name to lookup from a remote client using the wildfly-naming-client
-project. There’s a bit more to understand about the JNDI name and how it
-maps to the JNDI name that’s bound on the server side.
-
-
-
First of all, the JNDI names used while using the wildfly-naming-client project
-are always relative to the java:jboss/exported/ namespace. So in our
-examples, we are using " `foo/bar`" JNDI name for the lookup, that
-actually is (internally) " `java:jboss/exported/foo/bar`". The
-wildfly-naming-client project expects it to always be relative to the "
-`java:jboss/exported/`" namespace. Once connected with the server side,
-the wildfly-naming-client project will lookup for "foo/bar" JNDI name under the
-" `java:jboss/exported/`" namespace of the server.
-
-
-
-
-
-
-
-
-Note: Since the JNDI name that you use on the client side is always
-relative to java:jboss/exported namespace, you shouldn’t be prefixing
-the java:jboss/exported/ string to the JNDI name. For example, if you
-use the following JNDI name:
-
The wildfly-naming-client implementation perhaps should be smart enough to strip
-off the java:jboss/exported/ namespace prefix if supplied. But let’s not
-go into that here.
-
-
-
-
21.2.7. How does wildfly-naming-client project implementation transfer the JNDI
-
-
objects to the clients
-
-
-
When a lookup is done on a JNDI string, the wildfly-naming-client implementation
-internally uses the connection to the remoting connector (which it has
-established based on the properties that were passed to the
-InitialContext) to communicate with the server. On the server side, the
-implementation then looks for the JNDI name under the
-java:jboss/exported/ namespace. Assuming that the JNDI name is
-available, under that namespace, the wildfly-naming-client implementation then
-passes over the object bound at that address to the client. This is
-where the requirement about the JNDI object being serializable comes
-into picture. wildfly-naming-client project internally uses jboss-marshalling
-project to marshal the JNDI object over to the client. On the client
-side the wildfly-naming-client implementation then unmarshalles the object and
-returns it to the client application.
-
-
-
So literally, each lookup backed by the wildfly-naming-client project entails a
-server side communication/interaction and then marshalling/unmarshalling
-of the object graph. This is very important to remember. We’ll come back
-to this later, to see why this is important when it comes to using EJB
-client API project for doing EJB lookups ( EJB
-invocations from a remote client using JNDI) as against using
-wildfly-naming-client project for doing the same thing.
-
-
-
-
21.2.8. Few more things
-
-
Unlike the previous jboss-remote-naming project, the connection to
-the peer is not requested. Until an operation is performed on the connection,
-and all consumers of the same remote URL will share a connection.
-The connection lifecycle is independent of any Context instances which reference it.
-
-
-
Multiple services can be looked up via the same context. To register providers,
-implement the org.wildfly.naming.client.NamingProvider interface and register the
-implementation using the approach described in the java.util.ServiceLoader documentation.
-
-
-
-
-
-
-
-
-Note: One important thing is that jndi.properties should not be packaged in an
-app running in Wildfly though you can put it in a standalone java app.
-The reason is, when you run in Wildfly , if you do new InitialContext() and
-you have jndi.properties in your classpath, it will read those settings
-and change the default configuration for the whole wildfly JVM.
-
-
-
-
-
-
-
-
21.3. Summary
-
-
That pretty much covers whatever is important to know, in the
-wildfly-naming-client project, for a typical client application.
-This simple JNDI/naming client library abstracts away some of the
-pain of JNDI by providing the following features:
-Federation support, Class loader based provider extensibility,
-A replacement implementation of the jboss-remote-naming protocol,
-Abstract context implementations for supporting relative contexts and
-federation in custom naming providers.
-
-
-
Those of you who don’t have client applications doing remote EJB
-invocations, can just skip the rest of this article if you aren’t
-interested in those details.
-
-
-
-
21.4. Remote EJB invocations backed by the wildfly-naming-client project
-
-
In previous sections of this article we saw that whatever is exposed in
-the java:jboss/exported/ namespace is accessible remotely to the client
-applications under the relative JNDI name. Some of you might already
-have started thinking about exposing remote views of EJBs under that
-namespace.
-
-
-
It’s important to note that WildFly server side already by default
-exposes the remote views of a EJB under the java:jboss/exported/
-namespace (although it isn’t logged in the server logs). So assuming
-your server side application has the following stateless bean:
Then the " Foo`" remote view is exposed under the
-`java:jboss/exported/ namespace under the following JNDI name scheme
-(which is similar to that mandated by Jakarta Enterprise Beans 3.2 spec for java:global/
-namespace)
-
-
-
app-name/module-name/bean-name!bean-interface
-
-
-
where,
-
-
-
app-name = the name of the .ear (without the .ear suffix) or the
-application name configured via application.xml deployment descriptor.
-If the application isn’t packaged in a .ear then there will be no
-app-name part to the JNDI string.
-module-name = the name of the .jar or .war (without the .jar/.war
-suffix) in which the bean is deployed or the module-name configured in
-web.xml/ejb-jar.xml of the deployment. The module name is mandatory part
-in the JNDI string.
-bean-name = the name of the bean which by default is the simple name
-of the bean implementation class. Of course it can be overridden either
-by using the "name" attribute of the bean definining annotation
-(@Stateless(name="blah") in this case) or even the ejb-jar.xml
-deployment descriptor.
-bean-interface = the fully qualified class name of the interface being
-exposed by the bean.
-
-
-
So in our example above, let’s assume the bean is packaged in a
-myejbmodule.jar which is within a myapp.ear. So the JNDI name for the
-Foo remote view under the java:jboss/exported/ namespace would be:
That’s where WildFly will automatically expose the remote views of the
-EJBs under the java:jboss/exported/ namespace, in addition to the
-java:global/ java:app/ java:module/ namespaces mandated by the EJB 3.1
-spec.
-
-
-
-
-
-
-
-
-Note that only the java:jboss/exported/ namespace is available to remote
-clients.
-
-
-
-
-
-
So the next logical question would be, are these remote views of EJBs
-accessible and invokable using the wildfly-naming-client project on the client
-application. The answer is yes! Let’s quickly see the client code for
-invoking our FooBean. Again, let’s just use " `ranabir`" and " `redhat1!`"
-as username/password for connecting to the remoting connector.
-
-
-
-
void doBeanLookup() {
- ...
- Properties props = newProperties();
- props.put(Context.INITIAL_CONTEXT_FACTORY, "org.wildfly.naming.client.WildFlyInitialContextFactory");
- props.put(Context.PROVIDER_URL,"remote+https://localhost:8080");
- // username
- props.put(Context.SECURITY_PRINCIPAL, "ranabir");
- // password
- props.put(Context.SECURITY_CREDENTIALS, "redhat1!");
- // This is an important property to set if you want to do EJB invocations via the wildfly-naming-client project
- props.put("wildfly.naming.client.ejb.context", true);
- // create a context passing these properties
- InitialContext ctx = newInitialContext(props);
- // lookup the bean Foo
- beanRemoteInterface = (Foo) ctx.lookup("myapp/myejbmodule/FooBean!org.myapp.ejb.Foo");
- String bar = beanRemoteInterface.sayBar();
- System.out.println("Remote Foo bean returned " + bar);
- ctx.close();
- // after this point the beanRemoteInterface is not longer valid!
-}
-
-
-
-
As you can see, most of the code is similar to what we have been seeing
-so far for setting up a JNDI context backed by the wildfly-naming-client
-project. The only parts that change are:
-
-
-
\1) An additional " `wildfly.naming.client.ejb.context`" property that is
-added to the properties passed to the InitialContext constructor.
-2) The JNDI name used for the lookup
-3) And subsequently the invocation on the bean interface returned by the
-lookup.
-
-
-
Let’s see what the " wildfly.naming.client.ejb.context`" does. In
-WildFly, remote access/invocations on EJBs is facilitated by the JBoss
-specific EJB client API, which is a project on its own
-https://github.com/wildfly/jboss-ejb-client. So no matter, what
-mechanism you use (wildfly-naming-client or core EJB client API), the
-invocations are ultimately routed through the EJB client API project. In
-this case too, the wildfly-naming-client internally uses EJB client API to
-handle EJB invocations. From a EJB client API project perspective, for
-successful communication with the server, the project expects a
-`EJBClientContext backed by (atleast one) EJBReceiver(s). The
-EJBReceiver is responsible for handling the EJB invocations. One type
-of a EJBReceiver is a RemotingConnectionEJBReceiver which internally
-uses jboss-remoting project to communicate with the remote server to
-handle the EJB invocations. Such a EJBReceiver expects a connection
-backed by the jboss-remoting project. Of course to be able to connect to
-the server, such a EJBReceiver would have to know the server address,
-port, security credentials and other similar parameters. If you were
-using the core EJB client API, then you would have configured all these
-properties via the jboss-ejb-client.properties or via programatic API
-usage as explained here EJB invocations from a remote
-client using JNDI. But in the example above, we are using wildfly-naming-client
-project and are not directly interacting with the EJB client API
-project.
-
-
-
If you look closely at what’s being passed, via the JNDI properties, to
-the wildfly-naming-client project and if you remember the details that we
-explained in a previous section about how the wildfly-naming-client project
-establishes a connection to the remote server, you’ll realize that these
-properties are indeed the same as what the
-RemotingConnectionEJBReceiver would expect to be able to establish the
-connection to the server. Now this is where the "
-wildfly.naming.client.ejb.context`" property comes into picture. When
-this is set to true and passed to the InitialContext creation (either
-via jndi.properties or via the constructor of that class), the
-wildfly-naming-client project internally will do whatever is necessary to setup
-a `EJBClientContext, containing a RemotingConnectionEJBReceiver which
-is created using the same remoting connection that is created by and
-being used by wildfly-naming-client project for its own JNDI communication
-usage. So effectively, the InitialContext creation via the wildfly-naming-client
-project has now internally triggered the creation of a
-EJBClientContext containing a EJBReceiver capable of handling the
-EJB invocations (remember, no remote EJB invocations are possible
-without the presence of a EJBClientContext containing a EJBReceiver
-which can handle the EJB).
-
-
-
So we now know the importance of the "
-wildfly.naming.client.ejb.context`" property and its usage. Let’s move on
-the next part in that code, the JNDI name. Notice that we have used the
-JNDI name relative to the `java:jboss/exported/ namespace while doing
-the lookup. And since we know that the Foo view is exposed on that JNDI
-name, we cast the returned object back to the Foo interface. Remember
-that we earlier explained how each lookup via wildfly-naming-client triggers a
-server side communication and a marshalling/unmarshalling process. This
-applies for EJB views too. In fact, the wildfly-naming-client project has no
-clue (since that’s not in the scope of that project to know) whether
-it’s an EJB or some random object.
-
-
-
Once the unmarshalled object is returned (which actually is a proxy to
-the bean), the rest is straightforward, we just invoke on that returned
-object. Now since the wildfly-naming-client implementation has done the
-necessary setup for the EJBClientContext (due to the presence of "
-wildfly.naming.client.ejb.context`" property), the invocation on that
-proxy will internally use the `EJBClientContext (the proxy is smart
-enough to do that) to interact with the server and return back the
-result. We won’t go into the details of how the EJB client API handles
-the communication/invocation.
-
-
-
Long story short, using the wildfly-naming-client project for doing remote EJB
-invocations against WildFly is possible!
-
-
-
-
21.5. Why use the EJB client API approach then?
-
-
I can guess that some of you might already question why/when would one
-use the EJB client API style lookups as explained in the
-EJB invocations from a remote client using JNDI
-article instead of just using (what appears to be a simpler)
-wildfly-naming-client style lookups.
-
-
-
Before we answer that, let’s understand a bit about the EJB client
-project. The EJB client project was implemented keeping in mind various
-optimizations and features that would be possible for handling remote
-invocations. One such optimization was to avoid doing unnecessary server
-side communication(s) which would typically involve network calls,
-marshalling/unmarshalling etc… The easiest place where this
-optimization can be applied, is to the EJB lookup. Consider the
-following code (let’s ignore how the context is created):
-
-
-
-
ctx.lookup("foo/bar");
-
-
-
-
Now foo/bar JNDI name could potentially point to any type of object
-on the server side. The jndi name itself won’t have the type/semantic
-information of the object bound to that name on the server side. If the
-context was setup using the wildfly-naming-client project (like we have seen
-earlier in our examples), then the only way for wildfly-naming-client to return
-an object for that lookup operation is to communicate with the server
-and marshal/unmarshal the object bound on the server side. And that’s
-exactly what it does (remember, we explained this earlier).
-
-
-
21.5.1. Is the lookup optimization applicable for all bean types?
-
-
In the previous section we have mentioned that the lookup
-optimization by the EJB client API project happens for stateless beans.
-This kind of optimization is not possible for stateful beans because
-in case of stateful beans, a lookup is expected to create a session for
-that stateful bean and for session creation we do have to communicate
-with the server since the server is responsible for creating that
-session.
-
-
-
That’s exactly why the EJB client API project expects the JNDI name
-lookup string for stateful beans to include the " `?stateful`" string at
-the end of the JNDI name:
The presence of " ?stateful`" in the JNDI name lookup string is a
-directive to the EJB client API to let it know that a stateful bean is
-being looked up and it’s necessary to communicate with the server and
-create a session during that lookup. Though `?stateful is optional now.
-
-
-
So as you can see, we have managed to optimize certain operations by
-using the EJB client API for EJB lookup/invocation as against using the
-wildfly-naming-client project. There are other EJB client API implementation
-details (and probably more might be added) which are superior when it is
-used for remote EJB invocations in client applications as against
-wildfly-naming-client project which doesn’t have the intelligence to carry out
-such optimizations for EJB invocations. That’s why the wildfly-naming-client
-projectfor remote EJB invocationsis considered "deprecated
-". Note that if you want to use wildfly-naming-client for looking up and
-invoking on non-EJB remote objects then you are free to do so. In fact,
-that’s why that project has been provided. You can even use the
-wildfly-naming-client project for EJB invocations (like we just saw), if you are
-fine with not wanting the optimizations that the EJB client API can do
-for you or if you have other restrictions that force you to use that
-project.
-
-
-
-
-
-
-
-
-References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
-
-
-
-
-
-
-
-
-
-
22. H2 Web Console Integration
-
-
-
The H2 database library provided by WildFly’s com.h2database.h2 module includes an implementation of the Jakarta Servlet HttpServlet interface (org.h2.server.web.JakartaWebServlet) that can be used to expose the H2 project’s web console tool. WildFly users could utilize this servlet in their own application by adding a dependency on the com.h2database.h2 module to their application’s deployment and then adding the servlet to the application’s web.xml. This is certainly not recommended for production use — no use of H2 is recommended in production applications — but developers may find use of the H2 console useful.
-
-
-
WildFly has historically integrated H2 in such a way that this is possible. But beginning with the 26 release, this no longer works out of the box, as the com.h2database.h2 module no longer has out-of-the-box access to the module that exposes the Jakarta Servlet API.
-
-
-
However it is possible for users of WildFly to restore this integration by adding a JBoss Modules module named javax.servlet.api.h2 to their server installation. The steps to do this are as follows:
-
-
-
-
-
cd $WILDFLY_HOME
-
-
-
mkdir -p modules/javax/servlet/api/h2
-
-
-
In that dir create a module.xml file with the following content:
The com.h2database.h2 module optionally depends on the javax.servlet.api.h2 module, so if one exists and it exposes the Jakarta Servlet API, then H2 JakartaWebServlet integration will work.
-
-
-
-
-
-
-
-
-The relevant servlet implementation class is org.h2.server.web.JakartaWebServlet, and not org.h2.server.web.WebServlet. The latter relies on older versions of the Servlet API no longer provided by WildFly.
-
-
-
-
-
-
-
-
23. Example Applications - Migrated to WildFly
-
-
-
23.1. Example Applications Migrated from Previous Releases
-
-
The applications in this section were written for a previous version of
-the server but have been modified to run on WildFly or JBoss AS 7,
-which was based on the same core architecture WildFly uses. Changes were made
-to resolve issues that arose during deployment and runtime or to fix
-problems with application behaviour. Each example below documents the
-changes that were made to get the application to run successfully.
A step by step work through of issues, and their solutions, that might
-crop up when migrating applications to WildFly 29. See the following
-github project for details.
-
-
-
-
-
23.2. Example Applications Based on EE6
-
-
Applications in this section were designed and written specifically to
-use the features and functions of EE6.
-
-
-
-
-
Quickstarts: A number of quickstart applications were written to
-demonstrate Jakarta EE and a few additional technologies. They provide
-small, specific, working examples that can be used as a reference for
-your own project. For more information about the quickstarts, see
-Get Started Developing Applications
-
-
-
-
-
-
-
-
24. Porting the Order Application from EAP 5.1 to JBoss AS 7
-
-
-
Andy Miller ported an example Order application that was used for
-performance testing from EAP 5.1 to JBoss AS 7. These are the notes he
-made during the migration process.
-
-
-
24.1. Overview of the application
-
-
The application is relatively simple. it contains three servlets, some
-stateless session beans, a stateful session bean, and some entities.
-
-
-
In addition to application code changes, modifications were made to the
-way the EAR was packaged. This is because WildFly removed support of
-some proprietary features that were available in EAP 5.1.
-
-
-
-
24.2. Summary of changes
-
-
24.2.1. Code Changes
-
-
Modify JNDI lookup code
-
-
Since this application was first written for EAP 4.2/4.3, which did not
-support EJB reference injection, the servlets were using pre-EE 5
-methods for looking up stateless and stateful session bean interfaces.
-While migrating to WildFly, it seemed a good time to change the code to
-use the @EJB annotation, although this was not a required change.
-
-
-
The real difference is in the lookup name. WildFly only supports the new
-EE 6 portable JNDI names rather than the old EAR structure based names.
-The JNDI lookup code changed as follows:
All the other beans were changed in a similar manner. They are now based
-on the portable JNDI names described in EE 6.
-
-
-
-
-
24.2.2. Modify logging code
-
-
The next major change was to logging within the application. The old
-version was using the commons logging infrastructure and Log4J that is
-bundled in the application server. Rather than bundling third-party
-logging, the application was modified to use the new WildFly Logging
-infrastructure.
-
-
-
The code changes themselves are rather trivial, as this example
-illustrates:
Most of the properties are removed since they will default to the
-correct values for the second level cache. See
-"Using
-the Infinispan second level cache" for more details.
-
-
-
That was the extent of the code changes required to migrate the
-application to AS7.
-
-
-
-
24.2.4. EAR Packaging Changes
-
-
Due to modular class loading changes, the structure of the existing EAR
-failed to deploy successfully in WildFly.
-
-
-
The old structure of the EAR was as follows:
-
-
-
-
$ jar tf OrderManagerApp.ear
-META-INF/MANIFEST.MF
-META-INF/application.xml
-OrderManagerWeb.war
-OrderManagerEntities.jar
-OrderManagerEJB.jar
-META-INF/
-
-
-
-
In this structure, the entities and the persistence.xml were in one
-jar file, OrderManagerEntities.jar, and the stateless and stateful
-session beans were in another jar file, OrderManagerEJB.jar. This did
-not work due to modular class loading changes in WildFly. There are a
-couple of ways to resolve this issue:
-
-
-
-
-
Modify the class path in the MANIFEST.MF
-
-
-
Flatten the code and put all the beans in one JAR file.
-
-
-
-
-
The second approach was selected because it simplified the EAR
-structure:
-
-
-
-
$ jar tf OrderManagerApp.ear
-META-INF/application.xml
-OrderManagerWeb.war
-OrderManagerEJB.jar
-META-INF/
-
-
-
-
Since there is no longer an OrderManagerEntities.jar file, the
-applcation.xml file was modified to remove the entry.
-
-
-
An entry was added to the MANIFEST.MF file in the
-OrderManagerWeb.war to resolve another class loading issue resulting
-from the modification to use EJB reference injection in the servlets.
The Class-Path entry tells the application to look in the
-OrderManagerEJB.jar file for the injected beans.
-
-
-
-
24.2.5. Summary
-
-
Although the existing EAR structure could have worked with additional
-modifications to the MANIFEST.MF file, this approach seemed more
-appealing because it simplified the structure while maintaining the web
-tier in its own WAR.
-
-
-
The source files for both versions is attached so you can view the
-changes that were made to the application.
-
-
-
-
-
-
-
-
-References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
-
-
-
-
-
-
-
-
-
-
25. Spring applications development and migration guide
-
-
-
This document details the main points that need to be considered by
-Spring developers that wish to develop new applications or to migrate
-existing applications to be run into WildFly 29.
-
-
-
25.1. Dependencies and Modularity
-
-
WildFly 29 has a modular class loading strategy, different from previous
-versions of JBoss AS, which enforces a better class loading isolation
-between deployments and the application server itself. A detailed
-description can be found in the documentation dedicated to
-class
-loading in WildFly 29.
-
-
-
This reduces significantly the risk of running into a class loading
-conflict and allows applications to package their own dependencies if
-they choose to do so. This makes it easier for Spring applications that
-package their own dependencies - such as logging frameworks or
-persistence providers to run on WildFly 29.
-
-
-
At the same time, this does not mean that duplications and conflicts
-cannot exist on the classpath. Some module dependencies are implicit,
-depending on the type of deployment as shown
-here.
-
-
-
-
25.2. Persistence usage guide
-
-
Depending on the strategy being used, Spring applications can be:
-
-
-
-
-
native Hibernate applications;
-
-
-
Jakarta Persistence based applications;
-
-
-
native JDBC applications;
-
-
-
-
-
-
25.3. Native Spring/Hibernate applications
-
-
Applications that use the Hibernate API directly with Spring (i.e.
-through either one of LocalSessionFactoryBean or
-AnnotationSessionFactoryBean) may need to use a different version of Hibernate than is provided by WildFly.
-
-
-
-
25.4. Jakarta Persistence based applications
-
-
Spring applications using Jakarta Persistence may choose between:
-
-
-
-
-
using a server-deployed persistence unit;
-
-
-
using a Spring-managed persistence unit.
-
-
-
-
-
25.4.1. Using server-deployed persistence units
-
-
Applications that use a server-deployed persistence unit must observe
-the typical Jakarta EE rules in what concerns dependency management, i.e.
-the jakarta.persistence classes and persistence provider (Hibernate) are
-contained in modules which are added automatically by the application
-when the persistence unit is deployed.
-
-
-
In order to use the server-deployed persistence units from within
-Spring, either the persistence context or the persistence unit need to
-be registered in JNDI via web.xml as follows:
-JNDI binding via persistence.xml properties is not supported in WildFly
-8.
-
-
-
-
-
-
-
25.4.2. Using Spring-managed persistence units
-
-
Spring applications running in WildFly 29 may also create persistence
-units on their own, using the LocalContainerEntityManagerFactoryBean.
-This is what these applications need to consider:
-
-
-
Placement of the persistence unit definitions
-
-
When the application server encounters a deployment that has a file
-named META-INF/persistence.xml (or, for that matter,
-WEB-INF/classes/META-INF/persistence.xml), it will attempt to create a
-persistence unit based on what is provided in the file. In most cases,
-such definition files are not compliant with the Jakarta EE requirements,
-mostly because required elements such as the datasource of the
-persistence unit are supposed to be provided by the Spring context
-definitions, which will fail the deployment of the persistence unit, and
-consequently of the entire deployment.
-
-
-
Spring applications can easily avoid this type of conflict, by using a
-feature of the LocalContainerEntityManagerFactoryBean which is designed
-for this purpose. Persistence unit definition files can exist in other
-locations than META-INF/persistence.xml and the location can be
-indicated through the persistenceXmlLocation property of the factory
-bean class.
-
-
-
Assuming that the persistence unit is in the
-META-INF/jpa-persistence.xml, the corresponding definition can be:
-
-
-
-
<beanid="entityManagerFactory"class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
- <propertyname="persistenceXmlLocation"value="classpath*:META-INF/jpa-persistence.xml"/>
- <!-- other definitions -->
-</bean>
-
-
-
-
-
-
25.4.3. Managing dependencies
-
-
To ensure that Spring applications can use a specific version of Hibernate ORM, exclude the WildFly provided Hibernate ORM version,
-instruct the server to exclude the module from
-the deployment’s list of dependencies. In order to do so, include a
-META-INF/jboss-deployment-structure.xml or, for web applications,
-WEB-INF/jboss-deployment-structure.xml with the following content:
26. How do I migrate my application from JBoss AS 7 to WildFly 10
-
-
-
26.1. About this Document
-
-
The purpose of this guide is to document changes that are needed to successfully run and deploy JBoss AS 7 applications on WildFly 10. It provides information on to resolve deployment and runtime problems and how to prevent changes in application behavior. This is the first step in moving to the new platform. Once the application is successfully deployed and running on the new platform, plans can be made to upgrade individual components to use the new functions and features of WildFly.
-
-
-
-
26.2. Overview of WildFly
-
-
The list of WildFly new functionality is extensive, being the most relevant, with respect to server and application migrations:
-
-
-
-
-
Jakarta EE - WildFly is a certified implementation of Jakarta EE, meeting both the Web and the Full Platform, and already includes support for the latest iterations of CDI (1.2) and Web Sockets (1.1).
-
-
-
Undertow - A new cutting-edge web server in WildFly, designed for maximum throughput and scalability, including environments with over a million connections. And the latest web technologies, such as the new HTTP/2 standard, are already onboard.
-
-
-
Apache ActiveMQ Artemis - WildFly’s new Jakarta Messaging broker. Based on an code donation from HornetQ, this Apache subproject provides outstanding performance based on a proven non-blocking architecture.
-
-
-
IronJacamar 1.2 - The latest IronJacamar provides a stable and feature rich Jakarta Connectors & Datasources support.
-
-
-
JBossWS 5 - The fifth generation of JBossWS, a major leap forward, brings new features and performances improvements to WildFly Web Services
-
-
-
RESTEasy - WildFly which goes beyond the standard Jakarta EE REST APIs (Jakarta RESTful Web Services 2.1), by also providing a number of useful extensions, such as JSON Web Encryption, Jackson, Yaml, Jakarta JSON Processing, and reactive facilities.
-
-
-
OpenJDK ORB - WildFly switched the IIOP implementation from JacORB, to a downstream branch of the OpenJDK Orb, leading to better interoperability with the JVM ORB and the Jakarta EE RI.
-
-
-
Feature Rich Clustering - Clustering support was heavily refactored in WildFly, and includes several APIs for applications
-
-
-
Port Reduction - By utilizing HTTP upgrade, WildFly has moved nearly all of its protocols to be multiplexed over just two HTTP ports: a management port (9990), and an application port (8080).
-
-
-
Enhanced Logging - The management API now supports the ability to list and view the available log files on a server, or even define custom formatters other than the default pattern formatter. Deployment’s logging setup is also greatly enhanced.
-
-
-
-
-
The support for some technologies was removed, due to the high maintenance cost, low community interest, and much better alternative solutions:
-
-
-
-
-
CMP EJB - Jakarta Persistence offers a much more performant and flexible API
-
-
-
Jakarta XML RPC - Jakarta XML Web Services offer a much more accurate and complete solution
-
-
-
JSR-88 - With very little adoption, the more complete deployment APIs provided by vendors are preferred
-
-
-
-
-
-
26.3. Server Migration
-
-
Migrating a JBoss AS 7 server to WildFly consists of migrating custom configuration files, and some persisted data that may exist.
-
-
-
26.3.1. JacORB Subsystem
-
-
WildFly ORB support is provided by the JDK itself, instead of relying on JacORB. A subsystem configuration migration is required.
-
-
-
JacORB Subsystem Configuration
-
-
The extension’s module org.jboss.as.jacorb is replaced by module org.wildfly.iiop-openjdk, while the subsystem configuration namespace urn:jboss:domain:jacorb:2.0 is replaced by
-urn:jboss:domain:iiop-openjdk:1.0.
-
-
-
The XML configuration of the new subsystem accepts only a subset of the legacy elements and attributes. Consider the following example of the JacORB subsystem configuration, containing all valid elements and attributes:
In case the legacy subsystem configuration is available, such configuration may be migrated to the new subsystem by invoking its migrate operation, using the management CLI:
-
-
-
-
/subsystem=jacorb:migrate
-
-
-
-
There is also a describe-migration operation that returns a list of all the management operations that are performed to migrate from the legacy subsystem to the new one:
-
-
-
-
/subsystem=jacorb:describe-migration
-
-
-
-
Both migrate and describe-migration will also display a list of migration-warnings if there are some resource or attributes that can not be migrated automatically. The following is a list of these warnings:
-
-
-
-
-
Properties X cannot be emulated using OpenJDK ORB and are not supported
-
-
This warning means that mentioned properties are not supported and won’t be included in the new subsystem configuration. As a result of that admin must be aware that any behavior implied by those properties would be nonexistent. Admin has to check whether subsystem is able to operate
-correctly without that behavior on the new server.Unsupported properties: cache-poa-names, cache-typecodes, chunk-custom-rmi-valuetypes, client-timeout, comet, indirection-encoding-disable, iona, lax-boolean-encoding, max-managed-buf-size, max-server-connections, max-threads, outbuf-cache-timeout, outbuf-size, queue-max, queue-min, poa-monitoring, print-version, retries, retry-interval, queue-wait, server-timeout, strict-check-on-tc-creation, use-bom, use-imr.
-
-
-
-
The properties X use expressions. Configuration properties that are used to resolve those expressions should be transformed manually to the new iiop-openjdk subsystem format.
-
-
Admin has to transform all the configuration files to work correctly with the jacorb subsystem. For example, jacorb has a property giop-minor-version whereas iiop-openjdk uses the property giop-version. Let’s suppose we use 1 minor version in jacorb and have it configured in standalone.conf file as system variable: -Diiop-giop-minor-version=1. Admin is responsible for changing this variable to 1.1 after the migration to make sure that the new subsystem will work correctly.
-
-
-
-
-
-
-
-
26.3.2. JBoss Web Subsystem
-
-
JBoss Web is replaced by Undertow in WildFly, which means that the legacy subsystem configuration should be migrated to WildFly’s Undertow subsystem configuration.
-
-
-
JBoss Web Subsystem Configuration
-
-
The extension’s module org.jboss.as.web is replaced by module org.wildfly.extension.undertow, while the subsystem configuration namespace urn:jboss:domain:web: is replaced by
-urn:jboss:domain:undertow:.
-
-
-
The XML configuration of the new subsystem is relatively different. Consider the following example of the JBoss Web subsystem configuration, containing all valid elements and attributes:
It is possible to do a migration of the legacy subsystem configuration and related persisted data by invoking the legacy subsystem’s migrate operation, using the management CLI:
-
-
-
-
/subsystem=web:migrate
-
-
-
-
There is also a describe-migration operation that returns a list of all the management operations that are performed to migrate from the legacy subsystem to the new one:
-
-
-
-
/subsystem=web:describe-migration
-
-
-
-
Both migrate and describe-migration will also display a list of migration-warnings if there are some resource or attributes that can not be migrated automatically. The following is a list of these warnings:
-
-
-
-
-
Could not migrate resource X
-
-
This warning means that mentioned resource configuration is not supported and won’t be included in the new subsystem configuration. As a result of that admin must be aware that any behavior implied by those resources would be nonexistent. Admin has to check whether subsystem is able to operate correctly without that behavior on the new server.
-
-
-
-
Could not migrate attribute X from resource Y.
-
-
This warning means that mentioned resource configuration property is not supported and won’t be included in the new subsystem configuration. As a result of that admin must be aware that any behavior implied by those properties would be nonexistent. Admin has to check whether subsystem is
-able to operate correctly without that behavior on the new server.
-
-
-
-
Could not migrate SSL connector as no SSL config is defined
-
-
-
Could not migrate verify-client attribute %s to the Undertow equivalent
-
-
-
Could not migrate verify-client expression %s
-
-
-
Could not migrate valve X
-
-
This warning means that mentioned valve configuration is not supported and won’t be included in the new subsystem configuration. As a result of that admin must be aware that any behavior implied by those resources would be nonexistent. Admin has to check whether subsystem is able to operate correctly without that behavior on the new server. This warning may happen for:
-
-
-
-
-
org.apache.catalina.valves.RemoteAddrValve : must have at least one
-allowed or denied value.
-
-
-
org.apache.catalina.valves.RemoteHostValve : must have at least one
-allowed or denied value.
This warning means that mentioned valve configuration property is not supported and won’t be included in the new subsystem configuration. As a result of that admin must be aware that any behavior implied by those properties would be nonexistent. Admin has to check whether subsystem is
-able to operate correctly without that behavior on the new server. This warning may happen for :
-
-
-
-
-
org.apache.catalina.valves.AccessLogValve : if you use the following parameters resolveHosts, fileDateFormat, renameOnRotate,
-encoding, locale, requestAttributesEnabled, buffered.
-
-
-
org.apache.catalina.valves.ExtendedAccessLogValve : if you use the following parameters resolveHosts, fileDateFormat, renameOnRotate, encoding, locale, requestAttributesEnabled, buffered.
-
-
-
org.apache.catalina.valves.RemoteIpValve:
-
-
-
-
if remoteIpHeader is defined and isn’t set to "x-forwarded-for".
-
-
-
if protocolHeader is defined and isn’t set to "x-forwarded-proto".
-
-
-
if you use the following parameters httpServerPort and httpsServerPort .
-
-
-
-
-
-
-
-
-
-
-
Also, note that Undertow doesn’t support JBoss Web valves, but some of these may be migrated to Undertow handlers, and JBoss Web subsystem’s migrate operation do that too.
-
-
-
Here is a list of those valves and their corresponding Undertow handler:
The org.apache.catalina.valves.JDBCAccessLogValve can’t be automatically migrated to io.undertow.server.handlers.JDBCLogHandler as the expectations differ.
-
-
-
The migration can be done manually though :
-
-
-
-
-
Create the driver module and add the driver to the list of available drivers
-
-
-
Create a datasource pointing to the database where the log entries are going to be stored
-
-
-
Add an expression-filter definition with the following expression: "jdbc-access-log(datasource='datasource-jndi-name")
Note that any custom valve won’t be migrated at all and will just be removed from the configuration.
-
-
-
Also the authentication related valves are to be replaced by Undertow authentication mechanisms, and this have to be done manually.
-
-
-
-
WebSockets
-
-
In JBoss AS 7, to use WebSockets, you had to configure the 'http' connector in the web subsystem of the server configuration file to use the NIO2 protocol. The following is an example of the management CLI command to configure WebSockets in the previous releases.
WebSockets are a requirement of the Jakarta EE specification and the default configuration is included in WildFly. More complex WebSocket configuration is done in the servlet-container of the undertow subsystem of the server configuration file.
-
-
-
You no longer need to configure the server for default WebSocket support.
-
-
-
-
-
26.3.3. Messaging Subsystem
-
-
WildFly JMS support is provided by ActiveMQ Artemis, instead of HornetQ. It’s possible to do a migration of the legacy subsystem configuration, and related persisted data.
-
-
-
Messaging Subsystem Configuration
-
-
The extension’s module org.jboss.as.messaging is replaced by module org.wildfly.extension.messaging-activemq, while the subsystem configuration namespace urn:jboss:domain:messaging:3.0 is replaced by urn:jboss:domain:messaging-activemq:1.0.
-
-
-
Management model
-
-
In most cases, an effort was made to keep resource and attribute names as similar as possible to those used in previous releases. The following table lists some of the changes.
-
-
-
-
-
-
-
-
-
HornetQ name
-
ActiveMQ name
-
-
-
-
-
hornetq-server
-
server
-
-
-
hornetq-serverType
-
serverType
-
-
-
connectors
-
connector
-
-
-
discovery-group-name
-
discovery-group
-
-
-
-
-
The management operations invoked on the new messaging-subsystem starts with /subsystem=messaging-activemq/server=X while the legacy messaging subsystem was at /subsystem=messaging/hornetq-server=X.
-
-
-
In case the legacy subsystem configuration is available, such configuration may be migrated to the new subsystem by invoking its migrate operation, using the management CLI:
-
-
-
-
/subsystem=messaging:migrate
-
-
-
-
There is also a describe-migration operation that returns a list of all the management operations that are performed to migrate from the legacy subsystem to the new one:
-
-
-
-
/subsystem=messaging:describe-migration
-
-
-
-
Both migrate and describe-migration will also display a list of migration-warnings if there are some resource or attributes that can not be migrated automatically. The following is a list of these warnings:
-
-
-
-
-
The migrate operation can not be performed: the server must be in admin-only mode
-
-
The migrate operation requires starting the server in admin-only mode, which is done by adding parameter --admin-only to the server start command, e.g.
-
-
-
-
./standalone.sh --admin-only
-
-
-
-
-
Can not migrate attribute local-bind-address from resource X. Use instead the socket-attribute to configure this broadcast-group.
-
-
-
Can not migrate attribute local-bind-port from resource X. Use instead the socket-binding attribute to configure this broadcast-group.
-
-
-
Can not migrate attribute group-address from resource X. Use instead the socket-binding attribute to configure this broadcast-group.
-
-
-
Can not migrate attribute group-port from resource X. Use instead the socket-binding attribute to configure this broadcast-group.
-
-
Broadcast-group resources no longer accept local-bind-address, local-bind-port, group-address, group-port attributes. It only accepts a socket-binding. The warning notifies that resource X has an unsupported attribute. The user will have to set the socket-binding attribute on the resource and ensures it corresponds to a defined socket-binding
-resource.
-
-
-
-
Classes providing the %s are discarded during the migration. To use them in the new messaging-activemq subsystem, you will have to extend the Artemis-based Interceptor.
-
-
Messaging interceptors support is significantly different in WildFly 10, any interceptors configured in the legacy subsystem are discarded during migration. See the Messaging Interceptors section to learn how to migrate legacy Messaging interceptors.
-
-
-
-
Can not migrate the HA configuration of X. Its shared-store and backup attributes holds expressions and it is not possible to determine unambiguously how to create the corresponding ha-policy for the messaging-activemq server.
-
-
If the hornetq-server X’s shared-store or backup attributes hold an expression, such as ${xxx}, then it’s not possible to determine the actual ha-policy of the migrated server. In that case, we discard it and the user will have to add the correct ha-policy afterwards. The ha-policy is a single resource underneath the messaging-activemq server resource.
-
-
-
-
Can not migrate attribute local-bind-address from resource X. Use instead the socket-binding attribute to configure this discovery-group.Can not migrate attribute local-bind-port from resource X. Use instead the socket-binding attribute to configure this discovery-group.
-
-
-
Can not migrate attribute group-address from resource X. Use instead the socket-binding attribute to configure this discovery-group.
-
-
-
Can not migrate attribute group-port from resource X. Use instead the socket-binding attribute to configure this discovery-group.
-
-
The discovery-group resources no longer accept local-bind-address, local-bind-port, group-address, group-port attributes. It only accepts a socket-binding. The warning notifies that resource X has an unsupported attribute.
-
-
-
The user will have to set the socket-binding attribute on the resource and ensures it corresponds to a defined socket-binding resource.
-
-
-
-
Can not create a legacy-connection-factory based on connection-factory X. It uses a HornetQ in-vm connector that is not compatible with Artemis in-vm connector
-
-
Legacy subsystem’s remote connection-factory resources are migrated into legacy-connection-factory resources, to allow old EAP6 clients to connect to EAP7. However a connection-factory using in-vm will not be migrated, because a in-vm client will be based on EAP7, not EAP 6. In other words, legacy-connection-factory are created only when the CF is using remote connectors, and this warning notifies about in-vm connection-factory X not migrated.
-
-
-
-
Can not migrate attribute X from resource Y. The attribute uses an expression that can be resolved differently depending on system properties. After migration, this attribute must be added back with an actual value instead of the expression.
-
-
This warning appears when the migration logic needs to know the concrete value of attribute X during migration, but instead such value includes an expression that’s can’t be resolved, so the actual value can not be determined, and the attribute is discarded. It happens in several cases,
-for instance:
-
-
-
-
-
cluster-connection forward-when-no-consumers. This boolean attribute has been replaced by the message-load-balancing-type attribute (which is an enum of OFF, STRICT, ON_DEMAND)
-
-
-
broadcast-group and discovery-group’s jgroups-stack and jgroups-channel attributes. They reference other resources and we no longer accept expressions for them.
-
-
-
-
-
-
Can not migrate attribute X from resource Y. This attribute is not supported by the new messaging-activemq subsystem.
-
-
Some attributes are no longer supported in the new messaging-activemq subsystem and are simply discarded:
-
-
-
-
-
hornetq-server’s failback-delay
-
-
-
http-connector’s use-nio attribute
-
-
-
http-acceptor’s use-nio attribute
-
-
-
remote-connector’s use-nio attribute
-
-
-
remote-acceptor’s use-nio attribute
-
-
-
-
-
-
-
-
-
XML Configuration
-
-
The XML configuration has changed significantly with the new messaging-activemq subsystem to provide a XML scheme more consistent with other WildFly subsystems.
-
-
-
It is not advised to change the XML configuration of the legacy messaging subsystem to conform to the new messaging-activemq subsystem. Instead, invoke the legacy subsystem migrate operation. This operation will write the XML configuration of the new messaging-activemq subsystem as a part of its execution.
-
-
-
-
Messaging Interceptors
-
-
Messaging Interceptors are significantly different in WildFly 10, requiring both code and configuration changes by the user. In concrete the interceptor base Java class is now org.apache.artemis.activemq.api.core.interceptor.Interceptor, and the user interceptor implementation classes may now be loaded by any server module. Note that prior to WildFly 10 the interceptor classes could only be installed by adding these to the HornetQ module, thus requiring the user to change such module XML descriptor, its module.xml.
-
-
-
With respect to the server XML configuration, the user must now specify the module to load its interceptors in the new messaging-activemq subsystem XML config, e.g:
In previous releases, Jakarta Messaging destination queues were configured in the <jms-destinations> element under the hornetq-server section of the messaging subsystem.
The prefix of messaging log messages in WildFly is WFLYMSGAMQ, instead of WFLYMSG.
-
-
-
-
Messaging Data
-
-
The location of the messaging data has been changed in the new messaging-activemq subsystem:
-
-
-
-
-
messagingbindings/ → activemq/bindings/
-
-
-
messagingjournal/ → activemq/journal/
-
-
-
messaginglargemessages/ → activemq/largemessages/
-
-
-
messagingpaging/ → activemq/paging/
-
-
-
-
-
To migrate legacy messaging data, you will have to export the directories used by the legacy messaging subsystem and import them into the new subsystem’s server by using its import-journal operation:
-
-
-
-
/subsystem=messaging-activemq/server=default:import-journal(file=<path to XML dump>)
-
-
-
-
The XML dump is a XML file generated by HornetQ XmlDataExporter util class.
-
-
-
-
-
-
26.4. Application Migration
-
-
Before you migrate your application, you should be aware that some features that were available in previous releases are now deprecated or missing.
-
-
-
26.4.1. EJBs
-
-
CMP Entity EJBs
-
-
Container-Managed Persistence entity beans support is optional in Jakarta EE, and WildFly does not provide support for these.
-
-
-
CMP entity beans are defined in the ejb-jar.xml descriptor, in concrete an entity bean is CMP only if the <entity/> child element named persistence-type is included and has a value of Container. An example:
In WildFly, the default connector has changed from remoting to http-remoting. This change impacts clients that use libraries from one release of JBoss and to connect to server in a different release.
-
-
-
-
-
If a client application uses the EJB client library from JBoss AS 7 and wants to connect to WildFly 10 server, the server must be configured to expose a remoting connector on a port other than 8080. The client must then connect using that newly configured connector.
-
-
-
A client application that uses the EJB client library from WildFly 10 and wants to connect to a JBoss AS 7 server must be aware that the server instance does not use the http-remoting connector and instead uses a remoting connector. This is achieved by defining a new client-side connection property.
-
-
-
remote.connection.default.protocol=remote
-
-
-
-
-
-
-
External applications using JNDI, to remotely lookup up EJBs in a WildFly 10 server, may also need to be migrated, see #Remote JNDI Clients section for further information.
-
-
-
-
-
-
26.4.2. Jakarta Messaging
-
-
Proprietary Jakarta Messaging Resource Definitions
-
-
The proprietary XML descriptors, previously used to setup Jakarta Messaging resources, are deprecated in WildFly. Jakarta EE (section EE.5.18) standardized such functionality.
-
-
-
The deprecated descriptors are files bundled in the application package, which name ends with -jms.xml. Their namespace has been changed to urn:jboss:messaging-activemq-deployment:1.0.
-
-
-
-
External Jakarta Messaging Clients
-
-
Jakarta Messaging Resources are remotely looked up using JNDI, and looking up resources in a WildFly 10 server may require changes in the application code, see #Remote JNDI Clients section for further information.
-
-
-
-
-
26.4.3. Jakarta Persistence (and Hibernate)
-
-
Applications That Plan to Use Hibernate ORM 5.3.x
-
-
WildFly ships with Hibernate ORM 5.3.x and those libraries are implicitly added to the application classpath when a persistence.xml is detected during deployment. If your application uses Jakarta Persistence, it will default to using the Hibernate ORM 5.3.x libraries.
-
-
-
Hibernate ORM 5.3.x introduces:
-
-
-
-
-
Jakarta Persistence 2.2 support
-
-
-
Redesigned metamodel - Complete replacement for the current org.hibernate.mapping code
-
-
-
Query parser - Improved query parser based on Antlr 3/4
Undertow does not support the JBoss Web Valve functionality. This can be replaced by Undertow Handlers. See the Undertow Handler Authors Guide for more information.
-
-
-
List of valves that were provided with JBoss Web, together with a corresponding Undertow handler, is provided above, in the section on the JBoss Web subsystem.
-
-
-
JBoss Web Valves are specified in the proprietary jboss-web.xml descriptor, through <valve /> element(s). These can be replaced using the <http-handler /> element(s). For example:
The setup of web service’s endpoints and clients, through a Spring XML descriptor, driving a CXF bus creation, is no longer supported in WildFly.
-
-
-
Any application containing a jbossws-cxf.xml must migrate all functionality specified in such XML descriptor, mostly already supported by the Jakarta XML Web Services specification, included in Jakarta EE. It is still possible to rely on direct Apache CXF API usage, loosing the Jakarta EE portability of the application, for instance when specific Apache CXF functionalities are needed. See the Apache CXF Integration document for further information.
-
-
-
-
Jakarta XML RPC
-
-
Jakarta XML RPC is an API for building Web services and clients that used remote procedure calls (RPC) and XML, which was deprecated in Jakarta EE, and is no longer supported by WildFly.
-
-
-
Jakarta XML RPC Web Services may be identified by the presence of the XML descriptor named webservices.xml, containing a <webservice-description/> element that includes a child element named <jaxrpc-mapping-file/>. An example:
Some changes to the MessageBodyWriter interface may represent a backward incompatible change with respect to JAX-RS 1.X.
-
-
-
Be sure to define a @Produces or @Consumes for your endpoints. Failure to do so may result in an error similar to the following.
-
-
-
-
org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: <OBJECT> of media type: <CONTENT_TYPE>
-
-
-
-
-
REST Client API
-
-
Some REST Client API classes and methods are deprecated or removed, for example: org.jboss.resteasy.client.ClientRequest and org.jboss.resteasy.client.ClientResponse have been removed. Instead, use
-jakarta.ws.rs.client.Client and jakarta.ws.rs.core.Response. See the resteasy-jaxrs-client quickstart for an example of an external Jakarta RESTful Web Services RESTEasy client that interacts with a Jakarta RESTful Web Services.
-
-
-
-
-
26.4.6. Application Clustering
-
-
HA Singleton
-
-
JBoss AS 7 introduced singleton services - a mechanism for installing an service such that it would only start on one node in the cluster at a time, a HA Singleton. Such mechanism required usage of a private WildFly Clustering API, designed around the class org.jboss.as.clustering.singleton.SingletonService, and was documented in detail at
-https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html/Development_Guide/Implement_an_HA_Singleton.html, and while not difficult to implement, the installation process suffered from a couple shortcomings:
-
-
-
-
-
Installing multiple singleton services within a single deployment caused the deployer to hang.
-
-
-
Installing a singleton service required the user to specify several private module dependencies in /META-INF/MANIFEST.MF
-
-
-
-
-
WildFly 10 introduces a new public API for building such services, which significantly simplifies the process, and solves the issues found in the legacy solution. The WildFly 10 Quickstart application named cluster-ha-singleton examples a HA Singleton implementation using the new API, and may be found at https://github.com/jboss-developer/jboss-eap-quickstarts/tree/7.0.x-develop/cluster-ha-singleton
-.
-
-
-
-
Stateful Session EJB Clustering
-
-
WildFly 10 no longer requires Stateful Session EJBs to use the org.jboss.ejb3.annotation.Clustered annotation to enable clustering behavior. By default, if the server is started using an HA profile, the state of your SFSBs will be replicated automatically. Disabling this behavior is achievable on a per-EJB basis, by annotating your bean using @Stateful(passivationCapable=false), which is new to the EJB 3.2 specification; or globally through the configuration of the EJB3 subsystem, in the server configuration.
-
-
-
Note that the @Clustered annotation, if used by an application, is simply ignored, the application deployment will not fail.
-
-
-
-
Web Session Clustering
-
-
WildFly 10 introduces a new web session clustering implementation, replacing the one found in JBoss AS 7, which has been around for ages (since JBoss AS 3.2!), and was tightly coupled to the legacy JBoss Web subsystem source code. The most relevant changes in the new implementation are:
-
-
-
-
-
Introduction of a proper session manager SPI, and an Infinispan implementation of it, decoupled from the web subsystem implementation
-
-
-
Sessions are implemented as a facade over one or more cache entries, which means that the container’s session manager itself does not retain a separate reference to each HttpSession
-
-
-
Pessimistic locking of cache entries effectively ensures that only a single client on a single node ever accesses a given session at any given time
-
-
-
Usage of cache entry grouping, instead of atomic maps, to ensure that multiple cache entries belonging to the same session are co-located.
-
-
-
Session operations within a request only ever use a single batch/transaction. This results in fewer RPCs per request.
-
-
-
Support for write-through cache stores, as well as passivation-only cache stores.
-
-
-
-
-
With respect to applications, the new web session clustering implementation deprecates/reinterprets much of the related configuration, which is included in JBoss’s proprietary web application
-XML descriptor, jboss-web.xml:
-
-
-
-
-
<max-active-sessions/>
-
-
Previously, session creation would fail if an additional session would cause the number of active sessions to exceed the value specified by <max-active-sessions/>.
-
-
-
In the new implementation, <max-active-sessions/> is used to enable session passivation. If session creation would cause the number of active sessions to exceed <max-active-sessions/>, then the oldest session known to the session manager will passivate to make room for the new session.
-
-
-
-
<passivation-config/>
-
-
This configuration element and its sub-elements are no longer used in WildFly.
-
-
-
-
<use-session-passivation/>
-
-
Previously, passivation was enabled via this attribute, yet in the new implementation, passivation is enabled by specifying a non-negative value for <max-active-sessions/>.
-
-
-
-
<passivation-min-idle-time/>
-
-
Previously, sessions needed to be active for at least a specific amount of time before becoming a candidate for passivation. This could cause session creation to fail, even when passivation was enabled.
-
-
-
The new implementation does not support this logic and thus avoids this DoS vulnerability.
-
-
-
-
<passivation-max-idle-time/>
-
-
Previously, a session would be passivated after it was idle for a specific amount of time.
-
-
-
The new implementation does not support eager passivation - only lazy passivation. Sessions are only passivated when necessary to comply with <max-active-sessions/>.
-
-
-
-
<replication-config/>
-
-
The new implementation deprecates a number of sub-elements.
-
-
-
-
<replication-trigger/>
-
-
Previously, session attributes could be treated as either mutable or immutable depending on the values specified by <replication-trigger/>:
-
-
-
-
-
SET treated all attributes as immutable, requiring a separate HttpSession.setAttribute(…) to indicate that the value changed.
-
-
-
SET_AND_GET treated all session attributes as mutable.
-
-
-
SET_AND_NON_PRIMITIVE_GET recognized a small set of types, for example strings and boxed primitives, as immutable, and assumed that any other attribute was mutable.
-
-
The new implementation replaces this configuration option with a single, robust strategy. Session attributes are assumed to be mutable unless one of the following is true:
The value type is or implements a known immutable type:
-
-
-
-
Boolean, Byte, Character, Double, Float, Integer, Long, Short
-
-
-
java.lang.Enum, StackTraceElement, String
-
-
-
java.io.File, java.nio.file.Path
-
-
-
java.math.BigDecimal, BigInteger, MathContext
-
-
-
java.net.InetAddress, InetSocketAddress, URI, URL
-
-
-
java.security.Permission
-
-
-
java.util.Currency, Locale, TimeZone, UUID
-
-
-
-
-
-
The value type is annotated with @org.wildfly.clustering.web.annotation.Immutable
-
-
-
-
-
-
<use-jk/>
-
-
Previously, the instance-id of the node handling a given request was appended to the jsessionid, for use by load balancers such as mod_jk, mod_proxy_balancer, mod_cluster, etc., depending on the value specified for <use-jk/>. In the new implementation, the instance-id, if defined, is always appended to the jsessionid.
-
-
-
-
<max-unreplicated-interval/>
-
-
Previously, this configuration option was an optimization that would prevent the replicate of a session’s timestamp if no session attribute was changed. While this sounds nice, in practice it doesn’t prevent any RPCs, since session access requires cache transaction RPCs regardless of
-whether any session attributes changed. In the new implementation, the timestamp of a session is replicated on every request. This prevents stale session meta data following failover.
-
-
-
-
<snapshot-mode/>
-
-
Previously, one could configure <snapshot-mode/> as INSTANT or INTERVAL. Infinispan’s replication queue renders this configuration option obsolete.
-
-
-
-
<snapshot-interval/>
-
-
Only relevant for <snapshot-mode>INTERVAL</snapshot-mode>. See above.
-
-
-
-
<session-notification-policy/>
-
-
Previously, the value defined by this attribute defined a policy for triggering session events. In the new implementation, this behavior is spec-driven and not configurable.
-
-
-
-
-
-
-
-
26.4.7. Other Specifications and Frameworks
-
-
Remote JNDI Clients
-
-
WildFly 10’s default JNDI Provider URL has changed, which means that external applications, using JNDI to lookup remote resources, for instance an EJB or a Jakarta Messaging Queue, may need to change the value for the JNDI InitialContext environment’s property named
-java.naming.provider.url. The default URL scheme is now
-http-remoting, and the default URL port is now 8080.
-
-
-
As an example, considering the application server host is localhost,
-then clients previously accessing WildFly 10 would use
The specification which aimed to standardize deployment tasks got very little adoption, due to much more "feature rich" proprietary solutions already included in every vendor application server. It was no surprise that JSR-88 support was dropped from Jakarta EE, and WildFly followed that and dropped support too.
-
-
-
A JSR-88 deployment plan is identified by a XML descriptor named deployment-plan.xml, bundled in a zip/jar archive.
-
-
-
-
Module Dependencies
-
-
Applications defining dependencies to WildFly modules, through the application’s package MANIFEST.MF or jboss-deployment-structure.xml, may be referencing missing modules. When migrating an application, relying on such functionality, the presence of the referenced modules should be validated in advance.
-
-
-
-
-
-
-
-
-References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
-
-
-
-
-
-
-
-
-
-
-
27. How do I migrate my application from WebLogic to WildFly
-
-
-
The purpose of this guide is to document the application changes that
-are needed to successfully run and deploy WebLogic applications on
-WildFly.
-
-
-
-
-
-
-
-
-Feel free to add content in any way you prefer. You do not need to
-follow the template below. This is a work in progress.
-
-
-
-
-
-
27.1. Introduction
-
-
27.1.1. About this Guide
-
-
The purpose of this document is to guide you through the planning
-process and migration of fairly simple and standard Oracle WebLogic
-applications to WildFly. O
-
-
-
-
-
-
-
28. How do I migrate my application from WebSphere to WildFly
-
-
-
The purpose of this guide is to document the application changes that
-are needed to successfully run and deploy WebLogic applications on
-WildFly.
-
-
-
-
-
-
-
-
-Feel free to add content in any way you prefer. You do not need to
-follow the template below. This is a work in progress.
-
-
-
-
-
-
28.1. Introduction
-
-
28.1.1. About this Guide
-
-
The purpose of this document is to guide you through the planning
-process and migration of fairly simple and standard Oracle WebLogic
-applications to WildFly.
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
Redirecting to the latest version. If the page doesn't open, click the following link: /latest/Developer_Guide.html
+
\ No newline at end of file
diff --git a/29/Extending_WildFly.html b/29/Extending_WildFly.html
index 023d5e471..9fc3e6381 100644
--- a/29/Extending_WildFly.html
+++ b/29/Extending_WildFly.html
@@ -1,8758 +1,11 @@
-
-
-
-
-
-
-Extending WildFly
-
-
-
-
-
-
-
-
Extending WildFly
-
-WildFly code development team
-version 29.0.0.Final,
-2023-07-20T17:19:12Z
-
In this document we provide an example of how to extend the kernel
-functionality of WildFly via an extension and the subsystem it installs.
-The WildFly kernel is very simple and lightweight; most of the
-capabilities people associate with an application server are provided
-via extensions and their subsystems. The WildFly distribution includes
-many extensions and subsystems; the webserver integration is via a
-subsystem; the transaction manager integration is via a subsystem, the
-Jakarta Enterprise Beans container integration is via a subsystem, etc.
-
-
-
This document is divided into two main sections. The
-first is focused on learning by doing. This
-section will walk you through the steps needed to create your own
-subsystem, and will touch on most of the concepts discussed elsewhere in
-this guide. The
-second
-focuses on a conceptual overview of the key interfaces and classes
-described in the example. Readers should feel free to start with the
-second section if that better fits their learning style. Jumping back
-and forth between the sections is also a good strategy.
-
-
-
-
-
-
1. Target Audience
-
-
-
1.1. Prerequisites
-
-
You should know how to download, install and run WildFly. If not please
-consult the Getting Started Guide. You
-should also be familiar with the management concepts from the
-Admin Guide, particularly the
-Core management concepts section and
-you need Java development experience to follow the example in this
-guide.
-
-
-
-
1.2. Examples in this guide
-
-
Most of the examples in this guide are being expressed as excerpts of
-the XML configuration files or by using a representation of the de-typed
-management model.
-
-
-
-
-
-
2. Example subsystem
-
-
-
Our example subsystem will keep track of all deployments of certain
-types containing a special marker file, and expose operations to see how
-long these deployments have been deployed.
-
-
-
2.1. Create the skeleton project
-
-
To make your life easier we have provided a maven archetype which will
-create a skeleton project for implementing subsystems.
Maven will download the archetype and it’s dependencies, and ask you
-some questions:
-
-
-
-
$ mvn archetype:generate \
- -DarchetypeArtifactId=wildfly-subsystem \
- -DarchetypeGroupId=org.wildfly.archetype \
- -DarchetypeVersion=26.1.0.Final \
- -DarchetypeRepository=https://repository.jboss.org/nexus/content/groups/public
-[INFO] Scanning for projects...
-[INFO]
-[INFO] ------------------------------------------------------------------------
-[INFO] Building Maven Stub Project (No POM) 1
-[INFO] ------------------------------------------------------------------------
-[INFO]
-
-.........
-
-Define value for property 'module': com.acme.corp.tracker
-Define value for property 'groupId': com.acme.corp
-Define value for property 'artifactId': acme-subsystem
-Define value for property 'version': 1.0-SNAPSHOT: :
-Define value for property 'package': com.acme.corp: : com.acme.corp.tracker
-[INFO] Using property: name = WildFly subsystem project
-Confirm properties configuration:
-groupId: com.acme.corp
-artifactId: acme-subsystem
-version: 1.0-SNAPSHOT
-package: com.acme.corp.tracker
-module: com.acme.corp.tracker
-name: WildFly subsystem project
- Y: : Y
-[INFO] ------------------------------------------------------------------------
-[INFO] BUILD SUCCESS
-[INFO] ------------------------------------------------------------------------
-[INFO] Total time: 1:42.563s
-[INFO] Finished at: Fri Jul 08 14:30:09 BST 2011
-[INFO] Final Memory: 7M/81M
-[INFO] ------------------------------------------------------------------------
-$
-
-
-
-
-
-
-
-
-
-
-
Instruction
-
-
-
-
-
1
-
Enter the module name you wish to use for your extension.
-
-
-
2
-
Enter the groupId you wish to use
-
-
-
3
-
Enter the artifactId you wish to use
-
-
-
4
-
Enter the version you wish to use, or just hit Enter if you wish to
-accept the default 1.0-SNAPSHOT
-
-
-
5
-
Enter the java package you wish to use, or just hit Enter if you
-wish to accept the default (which is copied from groupId ).
-
-
-
6
-
Finally, if you are happy with your choices, hit Enter and Maven
-will generate the project for you.
-
-
-
-
-
We now have a skeleton project that you can use to
-implement a subsystem. Import the acme-subsystem project into your
-favourite IDE. A nice side-effect of running this in the IDE is that you
-can see the javadoc of WildFly classes and interfaces imported by the
-skeleton code. If you do a mvn install in the project it will work if
-we plug it into WildFly, but before doing that we will change it to do
-something more useful.
-
-
-
The rest of this section modifies the skeleton project created by the
-archetype to do something more useful, and the full code can be found in
-acme-subsystem.zip.
-
-
-
If you do a mvn install in the created project, you will see some
-tests being run
-
-
-
-
$mvn install
-[INFO] Scanning for projects...
-[...]
-[INFO] Surefire report directory: /Users/kabir/sourcecontrol/temp/archetype-test/acme-subsystem/target/surefire-reports
-
--------------------------------------------------------
- T E S T S
--------------------------------------------------------
-Running com.acme.corp.tracker.extension.SubsystemBaseParsingTestCase
-Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.424 sec
-Running com.acme.corp.tracker.extension.SubsystemParsingTestCase
-Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.074 sec
-
-Results :
-
-Tests run: 3, Failures: 0, Errors: 0, Skipped: 0
-[...]
First, let us define the schema for our subsystem. Rename
-src/main/resources/schema/mysubsystem.xsd to
-src/main/resources/schema/acme.xsd. Then open acme.xsd and modify it
-to the following
Note that we modified the xmlns and targetNamespace values to
-urn.com.acme.corp.tracker:1.0. Our new subsystem element has a child
-called deployment-types, which in turn can have zero or more children
-called deployment-type. Each deployment-type has a required suffix
-attribute, and a tick attribute which defaults to true.
-
-
-
Now modify the com.acme.corp.tracker.extension.SubsystemExtension
-class to contain the new namespace.
-
-
-
-
publicclassSubsystemExtensionimplements Extension {
-
- /** The name space used for the {@code substystem} element */
- publicstaticfinalString NAMESPACE = "urn:com.acme.corp.tracker:1.0";
- ...
-
-
-
-
-
2.3. Design and define the model structure
-
-
The following example xml contains a valid subsystem configuration, we
-will see how to plug this in to WildFly later in this tutorial.
Now when designing our model, we can either do a one to one mapping
-between the schema and the model or come up with something slightly or
-very different. To keep things simple, let us stay pretty true to the
-schema so that when executing a :read-resource(recursive=true) against
-our subsystem we’ll see something like:
Each deployment-type in the xml becomes in the model a child resource
-of the subsystem’s root resource. The child resource’s child-type is
-type, and it is indexed by its suffix. Each type resource then
-contains the tick attribute.
-
-
-
We also need a name for our subsystem, to do that change
-com.acme.corp.tracker.extension.SubsystemExtension:
-
-
-
-
publicclassSubsystemExtensionimplements Extension {
- ...
- /** The name of our subsystem within the model. */
- public staticfinalString SUBSYSTEM_NAME = "tracker";
- ...
-
-
-
-
Modify the src/main/resources/com/acme/corp/tracker/LocalDescriptions.properties
-with the new extension name, too
-
-
-
-
tracker=My Tracker subsystem
-tracker.add=Operation Adds subsystem
-tracker.remove=Operation Removes subsystem
-tracker.type=The type of file
-tracker.type.add=Operation Adds type child
-tracker.type.remove=Operation Removes type child
-tracker.type.tick=The tick time in millis
-
-
-
-
Once we are finished our subsystem will be available under
-/subsystem=tracker.
-
-
-
The SubsystemExtension.initialize() method defines the model,
-currently it sets up the basics to add our subsystem to the model:
-
-
-
-
@Override
-publicvoid initialize(ExtensionContext context) {
- //register subsystem with its model version
-final SubsystemRegistration subsystem = context.registerSubsystem(SUBSYSTEM_NAME, ModelVersion.create(1, 0));
- //register subsystem model with subsystem definition that defines all attributes and operations
-final ManagementResourceRegistration registration = subsystem.registerSubsystemModel(SubsystemDefinition.INSTANCE);
- //register describe operation, note that this can be also registered in SubsystemDefinition
- registration.registerOperationHandler(GenericSubsystemDescribeHandler.DEFINITION, GenericSubsystemDescribeHandler.INSTANCE);
-//we can register additional submodels here
- //
- subsystem.registerXMLElementWriter(parser);
-}
-
-
-
-
The registerSubsystem() call registers our subsystem with the
-extension context. At the end of the method we register our parser with
-the returned SubsystemRegistration to be able to marshal our
-subsystem’s model back to the main configuration file when it is
-modified. We will add more functionality to this method later.
-
-
-
2.3.1. Registering the core subsystem model
-
-
Next we obtain a ManagementResourceRegistration by registering the
-subsystem model. This is a compulsory step for every new subsystem.
-
-
-
-
final ManagementResourceRegistration registration = subsystem.registerSubsystemModel(SubsystemDefinition.INSTANCE);
-
-
-
-
Its parameter is an implementation of the ResourceDefinition
-interface, which means that when you call
-/subsystem=tracker:read-resource-description the information you see
-comes from model that is defined by SubsystemDefinition.INSTANCE.
-
-
-
-
publicclassSubsystemDefinitionextends PersistentResourceDefinition {
-
- staticfinal AttributeDefinition[] ATTRIBUTES = { /* you can include attributes here */ };
-
- staticfinal SubsystemDefinition INSTANCE = new SubsystemDefinition();
-
- private SubsystemDefinition() {
- super(SubsystemExtension.SUBSYSTEM_PATH,
- SubsystemExtension.getResourceDescriptionResolver(null),
- //We always need to add an 'add' operation
- SubsystemAdd.INSTANCE,
- //Every resource that is added, normally needs a remove operation
- SubsystemRemove.INSTANCE);
- }
-
- @Override
- publicvoid registerOperations(ManagementResourceRegistration resourceRegistration) {
- super.registerOperations(resourceRegistration);
- //you can register additional operations here
- }
-
- @Override
- publicCollection<AttributeDefinition> getAttributes() {
- returnArrays.asList(ATTRIBUTES);
- }
-}
-
-
-
-
Since we need child resource type we need to add new
-ResourceDefinition,
-
-
-
The ManagementResourceRegistration obtained in
-SubsystemExtension.initialize() is then used to add additional
-operations or to register submodels to the /subsystem=tracker address.
-Every subsystem and resource must have an ADD method which can be
-achieved by providing it in constructor of your ResourceDefinition
-just as we did in example above.
-
-
-
Let us first look at the description provider which is quite simple,
-it provides information (description, list of attributes, list of children)
-describing the structure of an addressable model node or operation.
-
-
-
There are three way to define DescriptionProvider, one is by defining it
-by hand using ModelNode, but as this has show to be very error prone
-there are lots of helper methods to help you automatically describe the
-model. Following example is done by manually defining Description
-provider for ADD operation handler
-
-
-
-
/**
- * Used to create the description of the subsystem add method
- */
- publicstatic DescriptionProvider SUBSYSTEM_ADD = new DescriptionProvider() {
- public ModelNode getModelDescription(Locale locale) {
- //The locale is passed in so you can internationalize the strings used in the descriptions
-
- final ModelNode subsystem = new ModelNode();
- subsystem.get(OPERATION_NAME).set(ADD);
- subsystem.get(DESCRIPTION).set("Adds the tracker subsystem");
-
- return subsystem;
- }
- };
-
-
-
-
You can also use API that helps you do that for you. SimpleOperationDefinitionBuilder
-is the class for the case. With a set of fields to build operation’s definitions.
-In case you use PersistentResourceDefinition even that part is hidden from you.
-
-
-
-
// Registration of an add operation
-resourceRegistration.registerOperationHandler(new SimpleOperationDefinitionBuilder(ModelDescriptionConstants.ADD, SubsystemExtension.getResourceDescriptionResolver(null)).build(), SubsystemAdd.INSTANCE);
-// Registration of a remove operation
-resourceRegistration.registerOperationHandler(new SimpleOperationDefinitionBuilder(ModelDescriptionConstants.REMOVE, SubsystemExtension.getResourceDescriptionResolver(null)).build(), SubsystemAdd.INSTANCE);
-// Registration of a custom operation
-resourceRegistration.registerOperationHandler(new SimpleOperationDefinitionBuilder("mime-type", SubsystemExtension.getResourceDescriptionResolver("container.mime-mapping")).build(), new MimeTypeStepOperationHandler());
-
-
-
-
The last one is implicit used when you pass the operation handler through the
-SimpleResourceDefinition class constructor. A DefaultResourceAddDescriptionProvider
-will be create under the hood. For this reason, you don’t need to add a description
-provider explicit in this example
-
-
-
-
// The framework will take care to handle a default `DescriptionProvider`
-private SubsystemDefinition() {
- super(SubsystemExtension.SUBSYSTEM_PATH,
- SubsystemExtension.getResourceDescriptionResolver(null),
- //We always need to add an 'add' operation
- SubsystemAdd.INSTANCE,
- //Every resource that is added, normally needs a remove operation
- SubsystemRemove.INSTANCE);
-}
-
-
-
-
Next we have the actual operation handler instance, note that we have
-changed its populateModel() method to initialize the type child of
-the model.
SubsystemAdd also has a performBoottime() method which is used for
-initializing the deployer chain associated with this subsystem. We will
-talk about the deployers later on. However, the basic idea for all
-operation handlers is that we do any model updates before changing the
-actual runtime state.
-
-
-
SubsystemRemove extends AbstractRemoveStepHandler which takes care
-of removing the resource from the model so we don’t need to override its
-performRemove() operation, also the add handler did not install any
-services (services will be discussed later) so we can delete the methods
-performRuntime() and recoverServices() generated by the archetype.
Now, we need an add operation to add the type child. Create a class
-called com.acme.corp.tracker.extension.TypeAddHandler. In this case we
-extend the org.jboss.as.controller.AbstractAddStepHandler.
-org.jboss.as.controller.OperationStepHandler is the main
-interface for the operation handlers, and AbstractAddStepHandler is an
-implementation of that which does the plumbing work for adding a
-resource to the model.
Which will take care of describing the model for us. As you can see in
-example above we define SimpleAttributeDefinition named TICK, this
-is a mechanism to define Attributes in more type safe way and to add
-more common API to manipulate attributes. As you can see here we define
-default value of 1000 as also other constraints and capabilities. There
-could be other properties set such as validators, alternate names, xml
-name, flags for marking it attribute allows expressions and more.
-
-
-
Then we do the work of updating the model by implementing the
-populateModel() method from the AbstractAddStepHandler, which
-populates the model’s attribute from the operation parameters. First we
-get hold of the model relative to the address of this operation (we will
-see later that we will register it against /subsystem=tracker/type=*),
-so we just specify an empty relative address, and we then populate our
-model with the parameters from the operation. There is operation
-validateAndSet on AttributeDefinition that helps us validate and set
-the model based on definition of the attribute.
We then override the performRuntime() method to perform our runtime
-changes, which in this case involves installing a service into the
-controller at the heart of WildFly. (
-AbstractAddStepHandler.performRuntime() is similar to
-AbstractBoottimeAddStepHandler.performBoottime() in that the model is
-updated before runtime changes are made.
Since the add methods will be of the format
-/subsystem=tracker/suffix=war:add(tick=1234), we look for the last
-element of the operation address, which is war in the example just
-given and use that as our suffix. We then create an instance of
-TrackerService and install that into the service target of the context
-and add the created service controller to the newControllers list.
-
-
-
The tracker service is quite simple. All services installed into WildFly
-must implement the org.jboss.msc.Service interface.
-
-
-
-
publicclassTrackerServiceimplements Service {
-
-
-
-
We then have some fields to keep the tick count and a thread which when
-run outputs all the deployments registered with our service.
Next we have three methods which come from the Service interface.
-getValue() returns this service, start() is called when the service
-is started by the controller, stop is called when the service is
-stopped by the controller, and they start and stop the thread outputting
-the deployments.
Since we are able to add type children, we need a way to be able to
-remove them, so we create a
-com.acme.corp.tracker.extension.TypeRemoveHandler. In this case we
-extend AbstractRemoveStepHandler which takes care of removing the
-resource from the model so we don’t need to override its
-performRemove() operation. Once the add handler installs the TrackerService,
-we need to remove that in the performRuntime() method.
So far TypeDefinition is just a simple Java class, however, it must be an
-addressable management resource. Modify this class to extend SimpleResourceDefinition,
-register the Add and Remove handlers created before and register the TICK attribute:
Then finally we need to specify that our new type child and associated
-handlers go under /subsystem=tracker/type=* in the model by adding
-registering it with the model in SubsystemExtension.initialize(). So
-we add the following just before the end of the method.
-
-
-
-
@Override
-publicvoid initialize(ExtensionContext context){
- final SubsystemRegistration subsystem = context.registerSubsystem(SUBSYSTEM_NAME, ModelVersion.create(1, 0));
- final ManagementResourceRegistration registration = subsystem.registerSubsystemModel(SubsystemExtension.INSTANCE);
- registration.registerOperationHandler(GenericSubsystemDescribeHandler.DEFINITION, GenericSubsystemDescribeHandler.INSTANCE);
- //Add the type child
- ManagementResourceRegistration typeChild = registration.registerSubModel(TypeDefinition.INSTANCE);
- subsystem.registerXMLElementWriter(parser);
-}
-
-
-
-
The above first creates a child of our main subsystem registration for
-the relative address type=*, and gets the typeChild registration.
-To this we add the TypeAddHandler and TypeRemoveHandler.
-The add variety is added under the name add and the remove handler
-under the name remove, and for each registered operation handler we
-use the handler singleton instance as both the handler parameter and as
-the DescriptionProvider.
-
-
-
Finally, we register tick as a read/write attribute, the null
-parameter means we don’t do anything special with regards to reading it,
-for the write handler we supply it with an operation handler called
-TrackerTickHandler.
-Registering it as a read/write attribute means we can use the
-:write-attribute operation to modify the value of the parameter, and
-it will be handled by TrackerTickHandler.
-
-
-
Not registering a write attribute handler makes the attribute read only.
-
-
-
TrackerTickHandler extends AbstractWriteAttributeHandler
-directly, and so must implement its applyUpdateToRuntime and
-revertUpdateToRuntime method.
-This takes care of model manipulation (validation, setting) but leaves
-us to do just to deal with what we need to do.
The operation used to execute this will be of the form
-/subsystem=tracker/type=war:write-attribute(name=tick,value=12345) so
-we first get the suffix from the operation address, and the tick
-value from the operation parameter’s resolvedValue parameter, and use
-that to update the model.
-
-
-
-
-
2.4. Parsing and marshalling of the subsystem xml
-
-
WildFly uses the Stax API to parse the xml files. This is initialized in
-SubsystemExtension by mapping our parser onto our namespace:
-
-
-
-
publicclassSubsystemExtensionimplements Extension {
-
- /** The name space used for the {@code subsystem} element */
- publicstaticfinalString NAMESPACE = "urn:com.acme.corp.tracker:1.0";
- ...
- protected staticfinal PathElement SUBSYSTEM_PATH = PathElement.pathElement(SUBSYSTEM, SUBSYSTEM_NAME);
-protectedstaticfinal PathElement TYPE_PATH = PathElement.pathElement(TYPE);
-
- /** The parser used for parsing our subsystem */
- privatefinal SubsystemParser parser = new SubsystemParser();
-
- @Override
- publicvoid initializeParsers(ExtensionParsingContext context) {
- context.setSubsystemXmlMapping(NAMESPACE, parser);
- }
- ...
-
-
-
-
We then need to write the parser. The contract is that we read our
-subsystem’s xml and create the operations that will populate the model
-with the state contained in the xml. These operations will then be
-executed on our behalf as part of the parsing process. The entry point
-is the readElement() method.
-
-
-
-
publicclassSubsystemExtensionimplements Extension {
-
- /**
- * The subsystem parser, which uses stax to read and write to and from xml
- */
- privatestaticclassSubsystemParserimplements XMLStreamConstants, XMLElementReader<List<ModelNode>>, XMLElementWriter<SubsystemMarshallingContext> {
-
- /** {@inheritDoc} */
- @Override
- publicvoid readElement(XMLExtendedStreamReader reader, List<ModelNode> list) throws XMLStreamException {
- // Require no attributes
- ParseUtils.requireNoAttributes(reader);
-
- //Add the main subsystem 'add' operation
- final ModelNode subsystem = new ModelNode();
- subsystem.get(OP).set(ADD);
- subsystem.get(OP_ADDR).set(PathAddress.pathAddress(SUBSYSTEM_PATH).toModelNode());
- list.add(subsystem);
-
- //Read the children
- while (reader.hasNext() && reader.nextTag() != END_ELEMENT) {
- if (!reader.getLocalName().equals("deployment-types")) {
- throw ParseUtils.unexpectedElement(reader);
- }
- while (reader.hasNext() && reader.nextTag() != END_ELEMENT) {
- if (reader.isStartElement()) {
- readDeploymentType(reader, list);
- }
- }
- }
- }
-
- privatevoid readDeploymentType(XMLExtendedStreamReader reader, List<ModelNode> list) throws XMLStreamException {
-if (!reader.getLocalName().equals("deployment-type")) {
-throw ParseUtils.unexpectedElement(reader);
- }
- ModelNode addTypeOperation = new ModelNode();
- addTypeOperation.get(OP).set(ModelDescriptionConstants.ADD);
-
-String suffix = null;
-for (int i = 0; i < reader.getAttributeCount(); i++) {
-String attr = reader.getAttributeLocalName(i);
-String value = reader.getAttributeValue(i);
-if (attr.equals("tick")) {
- TypeDefinition.TICK.parseAndSetParameter(value, addTypeOperation, reader);
- } elseif (attr.equals("suffix")) {
- suffix = value;
- } else {
-throw ParseUtils.unexpectedAttribute(reader, i);
- }
- }
- ParseUtils.requireNoContent(reader);
-if (suffix == null) {
-throw ParseUtils.missingRequiredElement(reader, Collections.singleton("suffix"));
- }
-
-//Add the 'add' operation for each 'type' child
- PathAddress addr = PathAddress.pathAddress(SUBSYSTEM_PATH, PathElement.pathElement(TYPE, suffix));
- addTypeOperation.get(OP_ADDR).set(addr.toModelNode());
- list.add(addTypeOperation);
- }
- ...
-
-
-
-
So in the above we always create the add operation for our subsystem.
-Due to its address /subsystem=tracker defined by SUBSYSTEM_PATH this
-will trigger the SubsystemAdd we created earlier when we invoke
-/subsystem=tracker:add. We then parse the child elements and create an
-add operation for the child address for each type child. Since the
-address will for example be /subsystem=tracker/type=sar (defined by
-TYPE_PATH ) and TypeAddHandler is registered for all type
-subaddresses the TypeAddHandler will get invoked for those operations.
-Note that when we are parsing attribute tick we are using definition
-of attribute that we defined in TypeDefintion to parse attribute value
-and apply all rules that we specified for this attribute, this also
-enables us to property support expressions on attributes.
-
-
-
The parser is also used to marshal the model to xml whenever something
-modifies the model, for which the entry point is the writeContent()
-method:
-
-
-
-
privatestaticclassSubsystemParserimplements XMLStreamConstants, XMLElementReader<List<ModelNode>>, XMLElementWriter<SubsystemMarshallingContext> {
- ...
- /** {@inheritDoc} */
- @Override
- publicvoid writeContent(final XMLExtendedStreamWriter writer, final SubsystemMarshallingContext context) throws XMLStreamException {
-//Write out the main subsystem element
- context.startSubsystemElement(SubsystemExtension.NAMESPACE, false);
- writer.writeStartElement("deployment-types");
- ModelNode node = context.getModelNode();
- ModelNode type = node.get(TYPE);
-for (Property property : type.asPropertyList()) {
-
-//write each child element to xml
- writer.writeStartElement("deployment-type");
- writer.writeAttribute("suffix", property.getName());
- ModelNode entry = property.getValue();
- TypeDefinition.TICK.marshallAsAttribute(entry, true, writer);
- writer.writeEndElement();
- }
-//End deployment-types
- writer.writeEndElement();
-//End subsystem
- writer.writeEndElement();
- }
- }
-
-
-
-
Then we have to implement the SubsystemDescribeHandler which
-translates the current state of the model into operations similar to the
-ones created by the parser. The SubsystemDescribeHandler is only used
-when running in a managed domain, and is used when the host controller
-queries the domain controller for the configuration of the profile used
-to start up each server. In our case the SubsystemDescribeHandler adds
-the operation to add the subsystem and then adds the operation to add
-each type child. Since we are using ResourceDefinitinon for defining
-subsystem all that is generated for us, but if you want to customize
-that you can do it by implementing it like this.
-
-
-
-
privatestaticclassSubsystemDescribeHandlerimplements OperationStepHandler, DescriptionProvider {
- staticfinal SubsystemDescribeHandler INSTANCE = new SubsystemDescribeHandler();
-
- publicvoid execute(OperationContext context, ModelNode operation) throws OperationFailedException {
- //Add the main operation
- context.getResult().add(createAddSubsystemOperation());
-
- //Add the operations to create each child
-
- ModelNode node = context.readModel(PathAddress.EMPTY_ADDRESS);
- for (Property property : node.get("type").asPropertyList()) {
-
- ModelNode addType = new ModelNode();
- addType.get(OP).set(ModelDescriptionConstants.ADD);
- PathAddress addr = PathAddress.pathAddress(SUBSYSTEM_PATH, PathElement.pathElement("type", property.getName()));
- addType.get(OP_ADDR).set(addr.toModelNode());
- if (property.getValue().hasDefined("tick")) {
- TypeDefinition.TICK.validateAndSet(property,addType);
- }
- context.getResult().add(addType);
- }
- context.completeStep();
- }
-
-
-}
-
-
-
-
2.4.1. Testing the parsers
-
-
From 7.0.1 the testing framework is now brought in via the
-org.jboss.as:jboss-as-subsystem-test maven artifact, and the test’s
-superclass is org.jboss.as.subsystem.test.AbstractSubsystemTest. The
-concepts are the same but more and more functionality will be available
-as JBoss AS 7 is developed.
-
-
-
Now that we have modified our parsers we need to update our tests to
-reflect the new model. There are currently three tests testing the basic
-functionality, something which is a lot easier to debug from your IDE
-before you plug it into the application server. We will talk about these
-tests in turn and they all live in
-com.acme.corp.tracker.extension.SubsystemParsingTestCase.
-SubsystemParsingTestCase extends AbstractSubsystemTest which does a
-lot of the setup for you and contains utility methods for verifying
-things from your test. See the javadoc of that class for more
-information about the functionality available to you. And by all means
-feel free to add more tests for your subsystem, here we are only testing
-for the best case scenario while you will probably want to throw in a
-few tests for edge cases.
-
-
-
The first test we need to modify is testParseSubsystem(). It tests
-that the parsed xml becomes the expected operations that will be parsed
-into the server, so let us tweak this test to match our subsystem. First
-we tell the test to parse the xml into operations
There should be one operation for adding the subsystem itself and an
-operation for adding the deployment-type, so check we got two
-operations
-
-
-
-
///Check that we have the expected number of operations
-Assert.assertEquals(2, operations.size());
-
-
-
-
Now check that the first operation is add for the address
-/subsystem=tracker:
-
-
-
-
//Check that each operation has the correct content
-//The add subsystem operation will happen first
-ModelNode addSubsystem = operations.get(0);
-Assert.assertEquals(ADD, addSubsystem.get(OP).asString());
-PathAddress addr = PathAddress.pathAddress(addSubsystem.get(OP_ADDR));
-Assert.assertEquals(1, addr.size());
-PathElement element = addr.getElement(0);
-Assert.assertEquals(SUBSYSTEM, element.getKey());
-Assert.assertEquals(SubsystemExtension.SUBSYSTEM_NAME, element.getValue());
-
-
-
-
Then check that the second operation is add for the address
-/subsystem=tracker, and that 12345 was picked up for the value of
-the tick parameter:
-
-
-
-
//Then we will get the add type operation
- ModelNode addType = operations.get(1);
- Assert.assertEquals(ADD, addType.get(OP).asString());
- Assert.assertEquals(12345, addType.get("tick").asLong());
- addr = PathAddress.pathAddress(addType.get(OP_ADDR));
- Assert.assertEquals(2, addr.size());
- element = addr.getElement(0);
- Assert.assertEquals(SUBSYSTEM, element.getKey());
- Assert.assertEquals(SubsystemExtension.SUBSYSTEM_NAME, element.getValue());
- element = addr.getElement(1);
- Assert.assertEquals("type", element.getKey());
- Assert.assertEquals("tst", element.getValue());
-}
-
-
-
-
The second test we need to modify is testInstallIntoController() which
-tests that the xml installs properly into the controller. In other words
-we are making sure that the add operations we created earlier work
-properly. First we create the xml and install it into the controller.
-Behind the scenes this will parse the xml into operations as we saw in
-the last test, but it will also create a new controller and boot that up
-using the created operations
-
-
-
-
@Test
-publicvoid testInstallIntoController() throwsException {
- //Parse the subsystem xml and install into the controller
- String subsystemXml =
- "<subsystem xmlns=\"" + SubsystemExtension.NAMESPACE + "\">" +
- " <deployment-types>" +
- " <deployment-type suffix=\"tst\" tick=\"12345\"/>" +
- " </deployment-types>" +
- "</subsystem>";
- KernelServices services = super.createKernelServicesBuilder(null).setSubsystemXml(subsystemXml).build();
-
-
-
-
The returned KernelServices allow us to execute operations on the
-controller, and to read the whole model.
-
-
-
-
//Read the whole model and make sure it looks as expected
-ModelNode model = services.readWholeModel();
-//Useful for debugging :-)
-//System.out.println(model);
-
-
-
-
Now we make sure that the structure of the model within the controller
-has the expected format and values
The last test provided is called testParseAndMarshalModel(). It’s main
-purpose is to make sure that our SubsystemParser.writeContent() works
-as expected. This is achieved by starting a controller in the same way
-as before
-
-
-
-
@Test
-publicvoid testParseAndMarshalModel() throwsException {
- //Parse the subsystem xml and install into the first controller
- String subsystemXml =
- "<subsystem xmlns=\"" + SubsystemExtension.NAMESPACE + "\">" +
- " <deployment-types>" +
- " <deployment-type suffix=\"tst\" tick=\"12345\"/>" +
- " </deployment-types>" +
- "</subsystem>";
- KernelServices servicesA = super.createKernelServicesBuilder(null).setSubsystemXml(subsystemXml).build();
-
-
-
-
Now we read the model and the xml that was persisted from the first
-controller, and use that xml to start a second controller
-
-
-
-
//Get the model and the persisted xml from the first controller
-ModelNode modelA = servicesA.readWholeModel();
-String marshalled = servicesA.getPersistedSubsystemXml();
-
-//Install the persisted xml from the first controller into a second controller
-KernelServices servicesB = super.createKernelServicesBuilder(null).setSubsystemXml(marshalled).build();
-
-
-
-
Finally we read the model from the second controller, and make sure that
-the models are identical by calling compare() on the test superclass.
-
-
-
-
ModelNode modelB = servicesB.readWholeModel();
-
- //Make sure the models from the two controllers are identical
- super.compare(modelA, modelB);
-}
-
-
-
-
To test the removal of the the subsystem and child resources we modify
-the testSubsystemRemoval() test provided by the archetype:
-
-
-
-
/**
- * Tests that the subsystem can be removed
- */
- @Test
- publicvoid testSubsystemRemoval() throwsException {
- //Parse the subsystem xml and install into the first controller
-
-
-
-
We provide xml for the subsystem installing a child, which in turn
-installs a TrackerService
Having installed the xml into the controller we make sure the
-TrackerService is there
-
-
-
-
//Sanity check to test the service for 'tst' was there
-services.getContainer().getRequiredService(TrackerService.createServiceName("tst"));
-
-
-
-
This call from the subsystem test harness will call remove for each
-level in our subsystem, children first and validate
-that the subsystem model is empty at the end.
-
-
-
-
//Checks that the subsystem was removed from the model
-super.assertRemoveSubsystemResources(services);
-
-
-
-
Finally we check that all the services were removed by the remove
-handlers
-
-
-
-
//Check that any services that were installed were removed here
- try {
- services.getContainer().getRequiredService(TrackerService.createServiceName("tst"));
- Assert.fail("Should have removed services");
- } catch (Exception expected) {
- }
-}
-
-
-
-
For good measure let us throw in another test which adds a
-deployment-type and also changes its attribute at runtime. So first of
-all boot up the controller with the same xml we have been using so far
To give you exposure to other ways of doing things, now instead of
-reading the whole model to check the attribute, we call read-attribute
-instead, and make sure it has the value we set it to.
-
-
-
-
//Check that write attribute took effect, this time by calling read-attribute instead of reading the whole model
-ModelNode readOp = new ModelNode();
-readOp.get(OP).set(READ_ATTRIBUTE_OPERATION);
-readOp.get(OP_ADDR).set(fooTypeAddr.toModelNode());
-readOp.get(NAME).set("tick");
-result = services.executeOperation(readOp);
-Assert.assertEquals(3456, checkResultAndGetContents(result).asLong());
-
-
-
-
Since each type installs its own copy of TrackerService, we get the
-TrackerService for type=foo from the service container exposed by
-the kernel services and make sure it has the right value
-
-
-
-
TrackerService service = (TrackerService)services.getContainer().getService(TrackerService.createServiceName("foo")).getValue();
- Assert.assertEquals(3456, service.getTick());
-}
-
-
-
-
TypeDefinition.TICK.
-
-
-
-
-
2.5. Add the deployers
-
-
When discussing SubsystemAdd we did not mention the work done
-to install the deployers, which is done in the following method:
-
-
-
-
@Override
- publicvoid performBoottime(OperationContext context, ModelNode operation, ModelNode model,
- ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers)
- throws OperationFailedException {
-
- log.info("Populating the model");
-
- //Add deployment processors here
- //Remove this if you don't need to hook into the deployers, or you can add as many as you like
- //see SubDeploymentProcessor for explanation of the phases
- context.addStep(new AbstractDeploymentChainStep() {
- publicvoid execute(DeploymentProcessorTarget processorTarget) {
- processorTarget.addDeploymentProcessor(SubsystemExtension.SUBSYSTEM_NAME, SubsystemDeploymentProcessor.PHASE, SubsystemDeploymentProcessor.PRIORITY, new SubsystemDeploymentProcessor());
-
- }
- }, OperationContext.Stage.RUNTIME);
-
- }
-
-
-
-
This adds an extra step which is responsible for installing deployment
-processors. You can add as many as you like, or avoid adding any all
-together depending on your needs. Each processor has a Phase and a
-priority. Phases are sequential, and a deployment passes through each
-phases deployment processors. The priority specifies where within a
-phase the processor appears. See org.jboss.as.server.deployment.Phase
-for more information about phases.
-
-
-
In our case we are keeping it simple and staying with one deployment
-processor with the phase and priority created for us by the maven
-archetype. The phases will be explained in the next section. The
-deployment processor is as follows:
The deploy() method is called when a deployment is being deployed. In
-this case we look for the TrackerService instance for the service name
-created from the deployment’s suffix. If there is one it means that we
-are meant to be tracking deployments with this suffix (i.e.
-TypeAddHandler was called for this suffix), and if we find one we add
-the deployment’s name to it. Similarly undeploy() is called when a
-deployment is being undeployed, and if there is a TrackerService
-instance for the deployment’s suffix, we remove the deployment’s name
-from it.
-
-
-
2.5.1. Deployment phases and attachments
-
-
The code in the SubsystemDeploymentProcessor uses an attachment, which
-is the means of communication between the individual deployment
-processors. A deployment processor belonging to a phase may create an
-attachment which is then read further along the chain of deployment unit
-processors. In the above example we look for the
-Attachments.DEPLOYMENT_ROOT attachment, which is a view of the file
-structure of the deployment unit put in place before the chain of
-deployment unit processors is invoked.
-
-
-
As mentioned above, the deployment unit processors are organized in
-phases, and have a relative order within each phase. A deployment unit
-passes through all the deployment unit processors in that order. A
-deployment unit processor may choose to take action or not depending on
-what attachments are available. Let’s take a quick look at what the
-deployment unit processors for in the phases described in
-org.jboss.as.server.deployment.Phase.
-
-
-
STRUCTURE
-
-
The deployment unit processors in this phase determine the structure of
-a deployment, and looks for sub deployments and metadata files.
-
-
-
-
PARSE
-
-
In this phase the deployment unit processors parse the deployment
-descriptors and build up the annotation index. Class-Path entries from
-the META-INF/MANIFEST.MF are added.
-
-
-
-
DEPENDENCIES
-
-
Extra class path dependencies are added. For example if deploying a
-war file, the commonly needed dependencies for a web application are
-added.
-
-
-
-
CONFIGURE_MODULE
-
-
In this phase the modular class loader for the deployment is created. No
-attempt should be made loading classes from the deployment until after
-this phase.
-
-
-
-
POST_MODULE
-
-
Now that our class loader has been constructed we have access to the
-classes. In this stage deployment processors may use the
-Attachments.REFLECTION_INDEX attachment which is a deployment index
-used to obtain members of classes in the deployment, and to invoke upon
-them, bypassing the inefficiencies of using java.lang.reflect
-directly.
-
-
-
-
INSTALL
-
-
Install new services coming from the deployment.
-
-
-
-
CLEANUP
-
-
Attachments put in place earlier in the deployment unit processor chain
-may be removed here.
-
-
-
-
-
-
2.6. Integrate with WildFly
-
-
Now that we have all the code needed for our subsystem, we can build our
-project by running mvn install
-
-
-
-
[kabir ~/sourcecontrol/temp/archetype-test/acme-subsystem]
-$mvn install
-[INFO] Scanning for projects...
-[...]
-main:
- [delete] Deleting: /Users/kabir/sourcecontrol/temp/archetype-test/acme-subsystem/null1004283288
- [delete] Deleting directory /Users/kabir/sourcecontrol/temp/archetype-test/acme-subsystem/target/module
- [copy] Copying 1 file to /Users/kabir/sourcecontrol/temp/archetype-test/acme-subsystem/target/module/com/acme/corp/tracker/main
- [copy] Copying 1 file to /Users/kabir/sourcecontrol/temp/archetype-test/acme-subsystem/target/module/com/acme/corp/tracker/main
- [echo] Module com.acme.corp.tracker has been created in the target/module directory. Copy to your JBoss AS 7 installation.
-[INFO] Executed tasks
-[INFO]
-[INFO] --- maven-install-plugin:2.3.1:install (default-install) @ acme-subsystem ---
-[INFO] Installing /Users/kabir/sourcecontrol/temp/archetype-test/acme-subsystem/target/acme-subsystem.jar to /Users/kabir/.m2/repository/com/acme/corp/acme-subsystem/1.0-SNAPSHOT/acme-subsystem-1.0-SNAPSHOT.jar
-[INFO] Installing /Users/kabir/sourcecontrol/temp/archetype-test/acme-subsystem/pom.xml to /Users/kabir/.m2/repository/com/acme/corp/acme-subsystem/1.0-SNAPSHOT/acme-subsystem-1.0-SNAPSHOT.pom
-[INFO] ------------------------------------------------------------------------
-[INFO] BUILD SUCCESS
-[INFO] ------------------------------------------------------------------------
-[INFO] Total time: 5.851s
-[INFO] Finished at: Mon Jul 11 23:24:58 BST 2011
-[INFO] Final Memory: 7M/81M
-[INFO] ------------------------------------------------------------------------
-
-
-
-
This will have built our project and assembled a module for us that can
-be used for installing it into WildFly. If you go to the target/module
-folder where you built the project you will see the module
The module.xml comes from src/main/resources/module/main/module.xml
-and is used to define your module. It says that it contains the
-acme-subsystem.jar:
And has a default set of dependencies needed by every subsystem created.
-If your subsystem requires additional module dependencies you can add
-them here before building and installing.
Note that the name of the module corresponds to the directory structure
-containing it. Now copy the target/module/com/acme/corp/tracker/main/
-directory and its contents to
-$WFLY/modules/com/acme/corp/tracker/main/ (where $WFLY is the root
-of your WildFly install).
-
-
-
Next we need to modify $WFLY/standalone/configuration/standalone.xml.
-First we need to add our new module to the <extensions> section:
Adding this to a managed domain works exactly the same apart from in
-this case you need to modify $WFLY/domain/configuration/domain.xml.
-
-
-
Now start up WildFly by running $WFLY/bin/standalone.sh and you should
-see messages like these after the server has started, which means our
-subsystem has been added and our TrackerService is working:
-
-
-
-
15:27:33,838 INFO [org.jboss.as] (Controller Boot Thread) JBoss AS 7.0.0.Final "Lightning" started in 2861ms - Started 94 of 149 services (55 services are passive or on-demand)
-15:27:42,966 INFO [stdout] (Thread-8) Current deployments deployed while sar tracking active:
-15:27:42,966 INFO [stdout] (Thread-8) []
-15:27:42,967 INFO [stdout] (Thread-8) Cool: 0
-15:27:42,967 INFO [stdout] (Thread-9) Current deployments deployed while war tracking active:
-15:27:42,967 INFO [stdout] (Thread-9) []
-15:27:42,967 INFO [stdout] (Thread-9) Cool: 0
-15:27:52,967 INFO [stdout] (Thread-8) Current deployments deployed while sar tracking active:
-15:27:52,967 INFO [stdout] (Thread-8) []
-15:27:52,967 INFO [stdout] (Thread-8) Cool: 0
-
-
-
-
If you run the command line interface you can execute some commands to
-see more about the subsystem. For example
and the WildFly console should show the messages coming from the war
-TrackerService again.
-
-
-
Now let us deploy something. You can find two maven projects for test
-wars already built at test1.zip and
-test2.zip. If you download them and
-extract them to /Downloads/test1 and /Downloads/test2, you can see
-that /Downloads/test1/target/test1.war contains a META-INF/cool.txt
-while /Downloads/test2/target/test2.war does not contain that file.
-From CLI deploy test1.war first:
And you should now see the output from the war TrackerService list the
-deployments:
-
-
-
-
15:35:03,712 INFO [org.jboss.as.server.deployment] (MSC service thread 1-2) Starting deployment of "test1.war"
-15:35:03,988 INFO [org.jboss.web] (MSC service thread 1-1) registering web context: /test1
-15:35:03,996 INFO [org.jboss.as.server.controller] (pool-2-thread-9) Deployed "test1.war"
-15:35:13,056 INFO [stdout] (Thread-9) Current deployments deployed while war tracking active:
-15:35:13,056 INFO [stdout] (Thread-9) [test1.war]
-15:35:13,057 INFO [stdout] (Thread-9) Cool: 1
-
-
-
-
So our test1.war got picked up as a 'cool' deployment. Now if we
-deploy test2.war
You will see that deployment get picked up as well but since there is no
-META-INF/cool.txt it is not marked as a 'cool' deployment:
-
-
-
-
15:37:05,634 INFO [org.jboss.as.server.deployment] (MSC service thread 1-4) Starting deployment of "test2.war"
-15:37:05,699 INFO [org.jboss.web] (MSC service thread 1-1) registering web context: /test2
-15:37:05,982 INFO [org.jboss.as.server.controller] (pool-2-thread-15) Deployed "test2.war"
-15:37:13,075 INFO [stdout] (Thread-9) Current deployments deployed while war tracking active:
-15:37:13,075 INFO [stdout] (Thread-9) [test1.war, test2.war]
-15:37:13,076 INFO [stdout] (Thread-9) Cool: 1
15:38:47,901 INFO [org.jboss.as.server.controller] (pool-2-thread-21) Undeployed "test1.war"
-15:38:47,934 INFO [org.jboss.as.server.deployment] (MSC service thread 1-3) Stopped deployment test1.war in 40ms
-15:38:53,091 INFO [stdout] (Thread-9) Current deployments deployed while war tracking active:
-15:38:53,092 INFO [stdout] (Thread-9) [test2.war]
-15:38:53,092 INFO [stdout] (Thread-9) Cool: 0
-
-
-
-
Finally, we registered a write attribute handler for the tick property
-of the type so we can change the frequency
You should now see the output from the TrackerService happen every
-second
-
-
-
-
15:39:43,100 INFO [stdout] (Thread-9) Current deployments deployed while war tracking active:
-15:39:43,100 INFO [stdout] (Thread-9) [test2.war]
-15:39:43,101 INFO [stdout] (Thread-9) Cool: 0
-15:39:44,101 INFO [stdout] (Thread-9) Current deployments deployed while war tracking active:
-15:39:44,102 INFO [stdout] (Thread-9) [test2.war]
-15:39:44,105 INFO [stdout] (Thread-9) Cool: 0
-15:39:45,106 INFO [stdout] (Thread-9) Current deployments deployed while war tracking active:
-15:39:45,106 INFO [stdout] (Thread-9) [test2.war]
-
-
-
-
If you open $WFLY/standalone/configuration/standalone.xml you can see
-that our subsystem entry reflects the current state of the subsystem:
Expressions are mechanism that enables you to support variables in your
-attributes, for instance when you want the value of attribute to be
-resolved using system / environment properties.
-
-
-
An example expression is
-
-
-
-
${jboss.bind.address.management:127.0.0.1}
-
-
-
-
which means that the value should be taken from a system property named
-jboss.bind.address.management and if it is not defined use
-127.0.0.1.
-
-
-
2.7.1. What expression types are supported
-
-
-
-
System properties, which are resolved using
-java.lang.System.getProperty(String key)
-
-
-
Environment properties, which are resolved using
-java.lang.System.getEnv(String name).
-
-
-
Encrypted expressions, resolved against the expression
-resolver in the elytron subsystem.
-
-
-
-
-
In all cases, the syntax for the expression is
-
-
-
-
${expression_to_resolve}
-
-
-
-
For an expression meant to be resolved against environment properties,
-the expression_to_resolve must be prefixed with env.. The portion
-after env. will be the name passed to
-java.lang.System.getEnv(String name).
-
-
-
Encrypted expressions do not support default values (i.e. the
-127.0.0.1 in the jboss.bind.address.management:127.0.0.1 example
-above.)
-
-
-
-
2.7.2. How to support expressions in subsystems
-
-
The easiest way is by using AttributeDefinition, which provides support
-for expressions just by using it correctly.
-
-
-
When we create an AttributeDefinition all we need to do is mark that is
-allows expressions. Here is an example how to define an attribute that
-allows expressions to be used.
Then later when you are parsing the xml configuration you should use the
-MY_ATTRIBUTE attribute definition to set the value to the management
-operation ModelNode you are creating.
Note that this just helps you to properly set the value to the model
-node you are working on, so no need to additionally set anything to the
-model for this attribute. Method parseAndSetParameter parses the value
-that was read from xml for possible expressions in it and if it finds
-any it creates special model node that defines that node is of type
-ModelType.EXPRESSION.
-
-
-
Later in your operation handlers where you implement populateModel and
-have to store the value from the operation to the configuration model
-you also use this MY_ATTRIBUTE attribute definition.
This will make sure that the attribute that is stored from the operation
-to the model is valid and nothing is lost. It also checks the value
-stored in the operation ModelNode, and if it isn’t already
-ModelType.EXPRESSION, it checks if the value is a string that contains
-the expression syntax. If so, the value stored in the model will be of
-type ModelType.EXPRESSION. Doing this ensures that expressions are
-properly handled when they appear in operations that weren’t created by
-the subsystem parser, but are instead passed in from CLI or admin
-console users.
-
-
-
As last step we need to use the value of the attribute. This is usually
-needed inside of the performRuntime method
As you can see resolving of attribute’s value is not done until it is
-needed for use in the subsystem’s runtime services. The resolved value
-is not stored in the configuration model, the unresolved expression is.
-That way we do not lose any information in the model and can assure that
-also marshalling is done properly, where we must marshall back the
-unresolved value.
An extension to WildFly will likely want to make use of services
-provided by the WildFly kernel, may want to make use of services
-provided by other subsystems, and may wish to make functionality
-available to other extensions. Each of these cases involves integration
-between different parts of the system. In releases prior to WildFly 10,
-this kind of integration was done on an ad-hoc basis, resulting in
-overly tight coupling between different parts of the system and overly
-weak integration contracts. For example, a service installed by
-subsystem A might depend on a service installed by subsystem B, and to
-record that dependency A’s authors copy a ServiceName from B’s code, or
-even refer to a constant or static method from B’s code. The result is
-B’s code cannot evolve without risking breaking A. And the authors of B
-may not even intend for other subsystems to use its services. There is
-no proper integration contract between the two subsystems.
-
-
-
Beginning with WildFly Core 2 and WildFly 10 the WildFly kernel’s
-management layer provides a mechanism for allowing different parts of
-the system to integrate with each other in a loosely coupled manner.
-This is done via WildFly Capabilities. Use of capabilities provides the
-following benefits:
-
-
-
-
-
A standard way for system components to define integration contracts
-for their use by other system components.
-
-
-
A standard way for system components to access integration contracts
-provided by other system components.
-
-
-
A mechanism for configuration model referential integrity checking,
-such that if one component’s configuration has an attribute that refers
-to an other component (e.g. a socket-binding attribute in a subsystem
-that opens a socket referring to that socket’s configuration), the
-validity of that reference can be checked when validating the
-configuration model.
-
-
-
-
-
3.1. Capabilities
-
-
A capability is a piece of functionality used in a WildFly Core based
-process that is exposed via the WildFly Core management layer.
-Capabilities may depend on other capabilities, and this interaction
-between capabilities is mediated by the WildFly Core management layer.
-
-
-
Some capabilities are automatically part of a WildFly Core based
-process, but in most cases the configuration provided by the end user
-(i.e. in standalone.xml, domain.xml and host.xml) determines what
-capabilities are present at runtime. It is the responsibility of the
-handlers for management operations to register capabilities and to
-register any requirements those capabilities may have for the presence
-of other capabilities. This registration is done during the MODEL stage
-of operation execution
-
-
-
A capability has the following basic characteristics:
-
-
-
-
-
It has a name.
-
-
-
It may install an MSC service that can be depended upon by services
-installed by other capabilities. If it does, it provides a mechanism for
-discovering the name of that service.
-
-
-
It may expose some other API not based on service dependencies
-allowing other capabilities to integrate with it at runtime.
-
-
-
It may depend on, or require other capabilities.
-
-
-
-
-
During boot of the process, and thereafter whenever a management
-operation makes a change to the process' configuration, at the end of
-the MODEL stage of operation execution the kernel management layer will
-validate that all capabilities required by other capabilities are
-present, and will fail any management operation step that introduced an
-unresolvable requirement. This will be done before execution of the
-management operation proceeds to the RUNTIME stage, where interaction
-with the process' MSC Service Container is done. As a result, in the
-RUNTIME stage the handler for an operation can safely assume that the
-runtime services provided by a capability for which it has registered a
-requirement are available.
-
-
-
3.1.1. Comparison to other concepts
-
-
Capabilities vs modules
-
-
A JBoss Modules module is the means of making resources available to the
-classloading system of a WildFly Core based process. To make a
-capability available, you must package its resources in one or more
-modules and make them available to the classloading system. But a module
-is not a capability in and of itself, and simply copying a module to a
-WildFly installation does not mean a capability is available. Modules
-can include resources completely unrelated to management capabilities.
-
-
-
-
Capabilities vs Extensions
-
-
An extension is the means by which the WildFly Core management layer is
-made aware of manageable functionality that is not part of the WildFly
-Core kernel. The extension registers with the kernel new management
-resource types and handlers for operations on those resources. One of
-the things a handler can do is register or unregister a capability and
-its requirements. An extension may register a single capability,
-multiple capabilities, or possibly none at all. Further, not all
-capabilities are registered by extensions; the WildFly Core kernel
-itself may register a number of different capabilities.
-
-
-
-
-
3.1.2. Capability Names
-
-
Capability names are simple strings, with the dot character serving as a
-separator to allow namespacing.
-
-
-
The 'org.wildfly' namespace is reserved for projects associated with the
-WildFly organization on github ( https://github.com/wildfly).
-
-
-
-
3.1.3. Statically vs Dynamically Named Capabilities
-
-
The full name of a capability is either statically known, or it may
-include a statically known base element and then a dynamic element. The
-dynamic part of the name is determined at runtime based on the address
-of the management resource that registers the capability. For example,
-the management resource at the address
-'/socket-binding-group=standard-sockets/socket-binding=web' will
-register a dynamically named capability named
-'org.wildfly.network.socket-binding.web'. The
-'org.wildfly.network.socket-binding' portion is the static part of the
-name.
-
-
-
All dynamically named capabilities that have the same static portion of
-their name should provide a consistent feature set and set of
-requirements.
-
-
-
-
3.1.4. Service provided by a capability
-
-
Typically a capability functions by registering a service with the
-WildFly process' MSC ServiceContainer, and then dependent capabilities
-depend on that service. The WildFly Core management layer orchestrates
-registration of those services and service dependencies by providing a
-means to discover service names.
-
-
-
-
3.1.5. Custom integration APIs provided by a capability
-
-
Instead of or in addition to providing MSC services, a capability may
-expose some other API to dependent capabilities. This API must be
-encapsulated in a single class (although that class can use other
-non-JRE classes as method parameters or return types).
-
-
-
-
3.1.6. Capability Requirements
-
-
A capability may rely on other capabilities in order to provide its
-functionality at runtime. The management operation handlers that
-register capabilities are also required to register their requirements.
-
-
-
There are three basic types of requirements a capability may have:
-
-
-
-
-
Hard requirements. The required capability must always be present for
-the dependent capability to function.
-
-
-
Optional requirements. Some aspect of the configuration of the
-dependent capability controls whether the depended on capability is
-actually necessary. So the requirement cannot be known until the running
-configuration is analyzed.
-
-
-
Runtime-only requirements. The dependent capability will check for the
-presence of the depended upon capability at runtime, and if present it
-will utilize it, but if it is not present it will function properly
-without the capability. There is nothing in the dependent capability’s
-configuration that controls whether the depended on capability must be
-present. Only capabilities that declare themselves as being suitable for
-use as a runtime-only requirement should be depended upon in this
-manner.
-
-
-
-
-
Hard and optional requirements may be for either statically named or
-dynamically named capabilities. Runtime-only requirements can only be
-for statically named capabilities, as such a requirement cannot be
-specified via configuration, and without configuration the dynamic part
-of the required capability name is unknown.
-
-
-
Supporting runtime-only requirements
-
-
Not all capabilities are usable as a runtime-only requirement.
-
-
-
Any dynamically named capability is not usable as a runtime-only
-requirement.
-
-
-
For a capability to support use as a runtime-only requirement, it must
-guarantee that a configuration change to a running process that removes
-the capability will not impact currently running capabilities that have
-a runtime-only requirement for it. This means:
-
-
-
-
-
A capability that supports runtime-only usage must ensure that it
-never removes its runtime service except via a full process reload.
-
-
-
A capability that exposes a custom integration API generally is not
-usable as a runtime-only requirement. If such a capability does support
-use as a runtime-only requirement, it must ensure that any functionality
-provided via its integration API remains available as long as a full
-process reload has not occurred.
-
-
-
-
-
-
-
-
3.2. Capability Contract
-
-
A capability provides a stable contract to users of the capability. The
-contract includes the following:
-
-
-
-
-
The name of the capability (including whether it is dynamically
-named).
-
-
-
Whether it installs an MSC Service, and if it does, the value type of
-the service. That value type then becomes a stable API users of the
-capability can rely upon.
-
-
-
Whether it provides a custom integration API, and if it does, the type
-that represents that API. That type then becomes a stable API users of
-the capability can rely upon.
-
-
-
Whether the capability supports use as a runtime-only requirement.
-
-
-
-
-
Developers can learn about available capabilities and the contracts they
-provide by reading the WildFly capabilty registry.
-
-
-
-
3.3. Capability Registry
-
-
The WildFly organization on github maintains a git repo where
-information about available capabilities is published.
Developers can learn about available capabilities and the contracts they
-provide by reading the WildFly capabilty registry.
-
-
-
The README.md file at the root of that repo explains the how to find out
-information about the registry.
-
-
-
Developers of new capabilities are strongly encouraged to document and
-register their capability by submitting a pull request to the
-wildfly-capabilities github repo. This both allows others to learn about
-your capability and helps prevent capability name collisions.
-Capabilities that are used in the WildFly or WildFly Core code base
-itself must have a registry entry before the code referencing them
-will be merged.
-
-
-
External organizations that create capabilities should include an
-organization-specific namespace as part their capability names to avoid
-name collisions.
-
-
-
-
3.4. Using Capabilities
-
-
Now that all the background information is presented, here are some
-specifics about how to use WildFly capabilities in your code.
-
-
-
3.4.1. Basics of Using Your Own Capability
-
-
Creating your capability
-
-
A capability is an instance of the immutable
-org.jboss.as.controller.capability.RuntimeCapability class. A
-capability is usually registered by a resource, so the usual way to use
-one is to store it in constant in the resource’s ResourceDefinition.
-Use a RuntimeCapability.Builder to create one.
Most capabilities install a service that requiring capabilities can
-depend on. If your capability does this, you need to declare the
-service’s value type (the type of the object returned by
-org.jboss.msc.Service.getValue()). For example, if FOO_CAPABILITY
-provides a Service<javax.sql.DataSource>:
If the capability provides a custom integration API, you need to
-instantiate an instance of that API:
-
-
-
-
publicclassJTSCapability {
-
- staticfinal JTSCapability INSTANCE = new JTSCapability();
-
- private JTSCapability() {}
-
- /**
- * Gets the names of the {@link org.omg.PortableInterceptor.ORBInitializer} implementations that should be included
- * as part of the {@link org.omg.CORBA.ORB#init(String[], java.util.Properties) initialization of an ORB}.
- *
- * @return the names of the classes implementing {@code ORBInitializer}. Will not be {@code null}.
- */
- publicList<String> getORBInitializerClasses() {
- returnCollections.unmodifiableList(Arrays.asList(
- "com.arjuna.ats.jts.orbspecific.jacorb.interceptors.interposition.InterpositionORBInitializerImpl",
- "com.arjuna.ats.jbossatx.jts.InboundTransactionCurrentInitializer"));
- }
-}
Once you have your capability, you need to ensure it gets registered
-with the WildFly Core kernel when your resource is added. This is easily
-done simply by providing a reference to the capability to the resource’s
-ResourceDefinition. This assumes your resource definition is a
-subclass of the standard
-org.jboss.as.controller.SimpleResourceDefinition.
-SimpleResourceDefinition provides a Parameters class that provides a
-builder-style API for setting up all the data needed by your definition.
-This includes a setCapabilities method that can be used to declare the
-capabilities provided by resources of this type.
`AbstractRemoveStepHandler’s logic will deregister the capability when
-it executes.
-
-
-
If for some reason you cannot base your ResourceDefinition on
-SimpleResourceDefinition or your handlers on AbstractAddStepHandler
-and AbstractRemoveStepHandler then you will need to take
-responsibility for registering the capability yourself. This is not
-expected to be a common situation. See the implementation of those
-classes to see how to do it.
-
-
-
-
Installing, accessing and removing the service provided by your
-
-
capability
-
-
-
If your capability installs a service, you should use the
-RuntimeCapability when you need to determine the service’s name. For
-example in the Stage.RUNTIME handling of your "add" step handler.
-Here’s an example for a statically named capability:
The same patterns should be used when accessing or removing the service
-in handlers for remove, write-attribute and custom operations.
-
-
-
If you use ServiceRemoveStepHandler for the remove operation, simply
-provide your RuntimeCapability to the ServiceRemoveStepHandler
-constructor and it will automatically remove your capability’s service
-when it executes.
-
-
-
-
-
3.4.2. Basics of Using Other Capabilities
-
-
When a capability needs another capability, it only refers to it by its
-string name. A capability should not reference the RuntimeCapability
-object of another capability.
-
-
-
Before a capability can look up the service name for a required
-capability’s service, or access its custom integration API, it must
-first register a requirement for the capability. This must be done in
-Stage.MODEL, while service name lookups and accessing the custom
-integration API is done in Stage.RUNTIME.
-
-
-
Registering a requirement for a capability is simple.
-
-
-
Registering a hard requirement for a static capability
-
-
If your capability has a hard requirement for a statically named
-capability, simply declare that to the builder for your
-RuntimeCapability. For example, WildFly’s JTS capability requires both
-a basic transaction support capability and IIOP capabilities:
When your capability is registered with the system, the WildFly Core
-kernel will automatically register any static hard requirements declared
-this way.
-
-
-
-
Registering a requirement for a dynamically named capability
-
-
If the capability you require is dynamically named, usually your
-capability’s resource will include an attribute whose value is the
-dynamic part of the required capability’s name. You should declare this
-fact in the AttributeDefinition for the attribute using the
-SimpleAttributeDefinitionBuilder.setCapabilityReference method.
-
-
-
For example, the WildFly "remoting" subsystem’s
-"org.wildfly.remoting.connector" capability has a requirement for a
-dynamically named socket-binding capability:
If the "add" operation handler for your resource extends
-AbstractAddStepHandler and the handler for write-attribute extends
-AbstractWriteAttributeHandler, the declaration above is sufficient to
-ensure that the appropriate capability requirement will be registered
-when the attribute is modified.
-
-
-
-
Depending upon a service provided by another capability
-
-
Once the requirement for the capability is registered, your
-OperationStepHandler can use the OperationContext to discover the
-name of the service provided by the required capability.
-
-
-
For example, the "add" handler for a remoting connector uses the
-OperationContext to find the name of the needed \{{SocketBinding}
-service:
That service name is then used to add a dependency on the
-SocketBinding service to the remoting connector service.
-
-
-
If the required capability isn’t dynamically named, OperationContext
-exposes an overloaded getCapabilityServiceName variant. For example,
-if a capability requires a remoting Endpoint:
Using a custom integration API provided by another capability
-
-
In your Stage.RUNTIME handler, use
-OperationContext.getCapabilityRuntimeAPI to get a reference to the
-required capability’s custom integration API. Then use it as necessary.
If your capability has a runtime-only requirement for another
-capability, that means that if that capability is present in
-Stage.RUNTIME you’ll use it, and if not you won’t. There is nothing
-about the configuration of your capability that triggers the need for
-the other capability; you’ll just use it if it’s there.
-
-
-
In this case, use OperationContext.hasOptionalCapability in your
-Stage.RUNTIME handler to check if the capability is present:
-
-
-
-
protectedvoid performRuntime(final OperationContext context, final ModelNode operation, final ModelNode model) throws OperationFailedException {
-
- ServiceName myServiceName = MyResource.FOO_CAPABILITY.getCapabilityServiceName();
- Service<DataSource> myService = createService(context, model);
- ServiceBuilder<DataSource> builder = context.getTarget().addService(myServiceName, myService);
-
- // Inject a "Bar" into our "Foo" if bar capability is present
- if (context.hasOptionalCapability("com.example.bar", MyResource.FOO_CAPABILITY.getName(), null) {
- ServiceName barServiceName = context.getCapabilityServiceName("com.example.bar", Bar.class);
- builder.addDependency(barServiceName, Bar.class, myService.getBarInjector());
- }
-
- builder.install();
- }
-
-
-
-
The WildFly Core kernel will not register a requirement for the
-"com.example.bar" capability, so if a configuration change occurs that
-means that capability will no longer be present, that change will not be
-rolled back. Because of this, runtime-only requirements can only be used
-with capabilities that declare in their contract that they support such
-use.
-
-
-
-
Using a capability in a DeploymentUnitProcessor
-
-
A DeploymentUnitProcessor is likely to have a need to interact with
-capabilities, in order to create service dependencies from a deployment
-service to a capability provided service or to access some aspect of a
-capability’s custom integration API that relates to deployments.
-
-
-
If a DeploymentUnitProcessor associated with a capability
-implementation needs to utilize its own capability object, the
-DeploymentUnitProcessor authors should simply provide it with a
-reference to the RuntimeCapability instance. Service name lookups or
-access to the capabilities custom integration API can then be performed
-by invoking the methods on the RuntimeCapability.
-
-
-
If you need to access service names or a custom integration API
-associated with a different capability, you will need to use the
-org.jboss.as.controller.capability.CapabilityServiceSupport object
-associated with the deployment unit. This can be found as an attachment
-to the DeploymentPhaseContext:
Once you have the CapabilityServiceSupport you can use it to look up
-service names:
-
-
-
-
ServiceName barSvcName = capSvcSupport.getCapabilityServiceName("com.example.bar");
- // Determine what 'baz' the user specified in the deployment descriptor
- String bazDynamicName = getSelectedBaz(phaseContext);
- ServiceName bazSvcName = capSvcSupport.getCapabilityServiceName("com.example.baz", bazDynamicName);
-
-
-
-
-
-
-
-
-
-It’s important to note that when you request a service name associated
-with a capability, the CapabilityServiceSupport will give you one
-regardless of whether the capability is actually registered with the
-kernel. If the capability isn’t present, any service dependency your DUP
-creates using that service name will eventually result in a service
-start failure, due to the missing dependency. This behavior of not
-failing immediately when the capability service name is requested is
-deliberate. It allows deployment operations that use the
-rollback-on-runtime-failure=false header to successfully install (but
-not start) all of the services related to a deployment. If a subsequent
-operation adds the missing capability, the missing service dependency
-problem will then be resolved and the MSC service container will
-automatically start the deployment services.
-
-
-
-
-
-
You can also use the CapabilityServiceSupport to obtain a reference to
-the capability’s custom integration API:
-
-
-
-
// We need custom integration with the baz capability beyond service injection
- BazIntegrator bazIntegrator;
- try {
- bazIntegrator = capSvcSupport.getCapabilityRuntimeAPI("com.example.baz", bazDynamicName, BazIntegrator.class);
- } catch (NoSuchCapabilityException e) {
- //
- String msg = String.format("Deployment %s requires use of the 'bar' capability but it is not currently registered",
- phaseContext.getDeploymentUnit().getName());
- thrownew DeploymentUnitProcessingException(msg);
- }
-
-
-
-
Note that here, unlike the case with service name lookups, the
-CapabilityServiceSupport will throw a checked exception if the desired
-capability is not installed. This is because the kernel has no way to
-satisfy the request for a custom integration API if the capability is
-not installed. The DeploymentUnitProcessor will need to catch and
-handle the exception.
Many of the methods in OperationContext related to capabilities have
-to do with registering capabilities or registering requirements for
-capabilities. Typically non-kernel developers won’t need to worry about
-these, as the abstract OperationStepHandler implementations provided
-by the kernel take care of this for you, as described in the preceding
-sections. If you do find yourself in a situation where you need to use
-these in an extension, please read the javadoc thoroughly.
-
-
-
-
-
-
-
4. Domain Mode Subsystem Transformers
-
-
-
-A WildFly domain may consist of a new Domain Controller (DC) controlling
-secondary Host Controllers (HC) running older versions. Each secondary HC
-maintains a copy of the centralized domain configuration, which they use
-for controlling their own servers. In order for the secondary HCs to
-understand the configuration from the DC, transformation is needed,
-whereby the DC translates the configuration and operations into
-something the secondary HCs can understand.
-
-
-
-
4.1. Background
-
-
WildFly comes with a domain mode which allows
-you to have one Host Controller acting as the Domain Controller. The
-Domain Controller’s job is to maintain the centralized domain
-configuration. Another term for the DC is 'Primary Host Controller'.
-Before explaining why transformers are important and when they should be
-used, we will revisit how the domain configuration is used in domain
-mode.
-
-
-
The centralized domain configuration is stored in domain.xml. This is
-only ever parsed on the DC, and it has the following structure:
-
-
-
-
-
extensions - contains:
-
-
-
-
extension - a references to a module that bootstraps the
-org.jboss.as.controller.Extension implementation used to bootstrap
-your subsystem parsers and initialize the resource definitions for your
-subsystems.
-
-
-
-
-
-
profiles - contains:
-
-
-
-
profile - a named set of:
-
-
-
-
subsystem - contains the configuration for a subsystem, using the
-parser initialized by the subsystem’s extension.
-
-
-
-
-
-
-
-
-
socket-binding-groups - contains:
-
-
-
-
socket-binding-group - a named set of:
-
-
-
-
socket-binding - A named port on an interface which can be
-referenced from the subsystem configurations for subsystems opening
-sockets.
-
-
-
-
-
-
-
-
-
server-groups - contains
-
-
-
-
server-group - this has a name and references a profile and a
-socket-binding-group. The HCs then reference the server-group name
-from their <servers> section in host.xml.
-
-
-
-
-
-
-
-
When the DC parses domain.xml, it is transformed into add (and in
-some cases write-attribute) operations just as explained in
-Parsing and
-marshalling of the subsystem xml. These operations build up the model
-on the DC.
-
-
-
A HC wishing to join the domain and use the DC’s centralized
-configuration is known as a 'secondary HC'. A secondary HC maintains a copy of
-the DC’s centralized domain configuration. This copy of the domain
-configuration is used to start its servers. This is done by asking the
-domain model to describe itself, which in turn asks the subsystems to
-describe themselves. The describe operation for a subsystem looks at
-the state of the subsystem model and produces the add operations
-necessary to create the subsystem on the server. The same mechanism also
-takes place on the DC (bear in mind that the DC is also a HC, which can
-have its own servers), although of course its copy of the domain
-configuration is the centralized one.
-
-
-
There are two steps involved in keeping the secondary HC’s
-domain configuration in sync with the centralized domain configuration.
-
-
-
-
-
getting the initial domain model
-
-
-
an operation changes something in the domain configuration
-
-
-
-
-
Let’s look a bit closer at what happens in each of these steps.
-
-
-
4.1.1. Getting the initial domain model
-
-
When a secondary HC connects to the DC it obtains a copy of the domain model
-from the DC. This is done in a simpler serialized format, different from
-the operations that built up the model on the DC, or the operations
-resulting from the describe step used to bootstrap the servers. They
-describe each address that exists in the DC’s model, and contain the
-attributes set for the resource at that address. This serialized form
-looks like this:
The secondary HC then applies these one at a time and builds up the initial
-domain model. It needs to do this before it can start any of its
-servers.
-
-
-
-
4.1.2. An operation changes something in the domain configuration
-
-
Once a domain is up and running we can still change things in the domain
-configuration. These changes must happen when connected to the DC, and
-are then propagated to the secondary HCs, which then in turn propagate the
-changes to any servers running in a server group affected by the changes
-made. In this example:
the DC propagates the changes to itself host=primary, which in turn
-propagates it to its two servers belonging to main-server-group which
-uses the full profile. More interestingly, it also propagates it to
-host=secondary which updates its local copy of the domain model, and then
-propagates the change to its server-one which belongs to
-main-server-group which uses the full profile.
-
-
-
-
-
4.2. Versions and backward compatibility
-
-
A HC and its servers will always be the same version of WildFly (they
-use the same module path and jars). However, the DC and the secondary HCs do
-not necessarily need to be the same version. One of the points in the
-original specification for WildFly is that
-
-
-
Important
-
-
-
-
-
-
-
-
-A Domain Controller should be able to manage secondary Host Controllers
-older than itself.
-
-
-
-
-
-
This means that for example a WildFly 10.1 DC should be able to work
-with secondary HCs running WildFly 10. The opposite is not true, the DC must
-be the same or the newest version in the domain.
-
-
-
4.2.1. Versioning of subsystems
-
-
To help with being able to know what is compatible we have versions
-within the subsystems, this is stored in the subsystem’s extension. When
-registering the subsystem you will typically see something like:
-
-
-
-
publicclassSomeExtensionimplements Extension {
-
- privatestaticfinalString SUBSYSTEM_NAME = "my-subsystem"'
-
- private static final int MANAGEMENT_API_MAJOR_VERSION = 2;
- private static final int MANAGEMENT_API_MINOR_VERSION = 0;
- private static final int MANAGEMENT_API_MICRO_VERSION = 0;
-
- /**
- * {@inheritDoc}
- * @see org.jboss.as.controller.Extension#initialize(org.jboss.as.controller.ExtensionContext)
- */
- @Override
- public void initialize(ExtensionContext context) {
-
- // IMPORTANT: Management API version != xsd version! Not all Management API changes result in XSD changes
- SubsystemRegistration registration = context.registerSubsystem(SUBSYSTEM_NAME, MANAGEMENT_API_MAJOR_VERSION,
- MANAGEMENT_API_MINOR_VERSION, MANAGEMENT_API_MICRO_VERSION);
-
- //Register the resource definitions
- ....
- }
- ....
-}
-
-
-
-
Which sets the ModelVersion of the subsystem.
-
-
-
Important
-
-
-
-
-
-
-
-
-Whenever something changes in the subsystem, such as:
-
-
-
-
-
-
-
-
an attribute is added or removed from a resource
-
-
-
a attribute is renamed in a resource
-
-
-
an attribute has its type changed
-
-
-
an attribute or operation parameter’s nillable or allows expressions
-is changed
-
-
-
an attribute or operation parameter’s default value changes
-
-
-
a child resource type is added or removed
-
-
-
an operation is added or removed
-
-
-
an operation has its parameters changed
-
-
-
-
-
and the current version of the subsystem has been part of a Final
-release of WildFly, we must bump the version of the subsystem.
-
-
-
Once it has been increased you can of course make more changes until the
-next Final release without more version bumps. It is also worth noting
-that a new WildFly release does not automatically mean a new version for
-the subsystem, the new version is only needed if something was changed.
-For example the jaxrs subsystem remained on 1.0.0 for all versions
-of WildFly and JBoss AS 7 through Wildfly 18.
-
-
-
You can find the ModelVersion of a subsystem by querying its
-extension:
Now that we have mentioned the secondary HCs registration process with the
-DC, and know about ModelVersions, it is time to mention that when
-registering with the DC, the secondary HC will send across a list of all its
-subsystem ModelVersions. The DC maintains this information in a registry
-for each secondary HC, so that it knows which transformers (if any) to
-invoke for a legacy secondary. We will see how to write and register
-transformers later on in
-#How
-do I write a transformer. secondary HCs from version 7.2.0 onwards will
-also include a list of resources that they ignore (see
-#Ignoring
-resources on legacy hosts), and the DC will maintain this information
-in its registry. The DC will not send across any resources that it knows
-a secondary ignores during the initial domain model transfer. When
-forwarding operations onto the secondary HCs, the DC will skip forwarding
-those to secondary HCs ignoring those resources.
-
-
-
There are two kinds of transformers:
-
-
-
-
-
resource transformers
-
-
-
operation transformers
-
-
-
-
-
The main function of transformers is to transform a subsystem to
-something that the legacy secondary HC can understand, or to aggressively
-reject things that the legacy secondary HC will not understand. Rejection,
-in this context, essentially means, that the resource or operation
-cannot safely be transformed to something valid on the secondary HC, so the
-transformation fails. We will see later how to reject attributes in
-#Rejecting
-attributes, and child resources in
-#Reject
-child resource.
-
-
-
Both resource and operation transformers are needed, but take effect at
-different times. Let us use the weld subsystem, which is relatively
-simple, as an example. In JBoss AS 7.2.0 and lower it had a ModelVersion
-of 1.0.0, and its resource description was as follows:
In WildFly 29, it has a ModelVersion of 2.0.0 and has added two
-attributes, require-bean-descriptor and non-portable mode:
-
-
-
-
{
- "description" => "The configuration of the weld subsystem.",
- "attributes" => {
- "require-bean-descriptor" => {
- "type" => BOOLEAN,
- "description" => "If true then implicit bean archives without bean descriptor file (beans.xml) are ignored by Weld",
- "expressions-allowed" => true,
- "nillable" => true,
- "default" => false,
- "access-type" => "read-write",
- "storage" => "configuration",
- "restart-required" => "no-services"
- },
- "non-portable-mode" => {
- "type" => BOOLEAN,
- "description" => "If true then the non-portable mode is enabled. The non-portable mode is suggested by the specification to overcome problems with legacy applications that do not use CDI SPI properly and may be rejected by more strict validation in CDI 1.1.",
- "expressions-allowed" => true,
- "nillable" => true,
- "default" => false,
- "access-type" => "read-write",
- "storage" => "configuration",
- "restart-required" => "no-services"
- }
- },
- "operations" => {
- "remove" => {
- "operation-name" => "remove",
- "description" => "Operation removing the weld subsystem.",
- "request-properties" => {},
- "reply-properties" => {}
- },
- "add" => {
- "operation-name" => "add",
- "description" => "Operation creating the weld subsystem.",
- "request-properties" => {
- "require-bean-descriptor" => {
- "type" => BOOLEAN,
- "description" => "If true then implicit bean archives without bean descriptor file (beans.xml) are ignored by Weld",
- "expressions-allowed" => true,
- "required" => false,
- "nillable" => true,
- "default" => false
- },
- "non-portable-mode" => {
- "type" => BOOLEAN,
- "description" => "If true then the non-portable mode is enabled. The non-portable mode is suggested by the specification to overcome problems with legacy applications that do not use CDI SPI properly and may be rejected by more strict validation in CDI 1.1.",
- "expressions-allowed" => true,
- "required" => false,
- "nillable" => true,
- "default" => false
- }
- },
- "reply-properties" => {}
- }
- },
- "children" => {}
- }
-
-
-
-
In the rest of this section we will assume that we are running a DC
-running WildFly 29 so it will have ModelVersion 2.0.0 of the weld
-subsystem, and that we are running a secondary HC using ModelVersion 1.0.0 of
-the weld subsystem.
-
-
-
Important
-
-
-
-
-
-
-
-
-Transformation always takes place on the Domain Controller, and is done
-when sending across the initial domain model AND forwarding on
-operations to legacy secondary HCs.
-
-
-
-
-
-
4.3.1. Resource transformers
-
-
When copying over the centralized domain configuration as mentioned in
-#Getting
-the initial domain model, we need to make sure that the copy of the
-domain model is something that the servers running on the legacy secondary
-HC understand. So if the centralized domain configuration had any of the
-two new attributes set, we would need to reject the transformation in
-the transformers. One reason for this is to keep things consistent, it
-doesn’t look good if you connect to the secondary HC and find attributes
-and/or child resources when doing :read-resource which are not there
-when you do :read-resource-description. Also, to make life easier for
-subsystem writers, most instances of the describe operation use a
-standard implementation which would include these attributes when
-creating the add operation for the server, which could cause problems
-there.
-
-
-
Another, more concrete example from the logging subsystem is that it
-allows a ' %K{…}' in the pattern formatter which makes the formatter
-use color:
This ' %K{…}' however was introduced in JBoss AS < 7.1.3
-(ModelVersion 1.2.0), so if that makes it across to a secondary HC running
-an older version, the servers will fail to start up. So the logging
-extension registers transformers to strip out the ' %K{…}' from the
-attribute value (leaving ' %-5p%c `(%t) %s%E%n"’) so that the old
-secondary HC’s servers can understand it.
-
-
-
Rejection in resource transformers
-
-
Only secondary HCs from JBoss AS 7.2.0 and newer inform the DC about their
-ignored resources (see
-#Ignoring
-resources on legacy hosts). This means that if a transformer on the DC
-rejects transformation for a legacy secondary HC, exactly what happens to
-the secondary HC depends on the version of the secondary HC. If the secondary HC is:
-
-
-
-
-
older than 7.2.0 - the DC has no means of knowing if the secondary HC
-has ignored the resource being rejected or not. So we log a warning on
-the DC, and send over the serialized part of that model anyway. If the
-secondary HC has ignored the resource in question, it does not apply it. If
-the secondary HC has not ignored the resource in question, it will apply it,
-but no failure will happen until it tries to start a server which
-references this bad configuration.
-
-
-
7.2.0 or newer - If a resource is ignored on the secondary HC, the DC
-knows about this, and will not attempt to transform or send the resource
-across to the secondary HC. If the resource transformation is rejected, we
-know the resource was not ignored on the secondary HC and so we can
-aggressively fail the transformation, which in turn will cause the secondary
-HC to fail to start up.
-
-
-
-
-
-
-
4.3.2. Operation transformers
-
-
When
-#An
-operation changes something in the domain configuration the operation
-gets sent across to the secondary HCs to update their copies of the domain
-model. The secondary HCs then forward this operation onto the affected
-servers. The same considerations as in
-#Resource
-transformers are true, although operation transformers give you quicker
-'feedback' if something is not valid. If you try to execute:
This will fail on the legacy secondary HC since its version of the subsystem
-does not contain any such attribute. However, it is best to aggressively
-reject in such cases.
-
-
-
Rejection in operation transformers
-
-
For transformed operations we can always know if the operation is on an
-ignored resource in the legacy secondary HC. In 7.2.0 onwards, we know this
-through the DC’s registry of ignored resources on the secondary HC. In older
-versions of secondary HCs, we send the operation across to the secondary HC, which
-tries to invoke the operation. If the operation is against an ignored
-resource we inform the DC about this fact. So as part of the
-transformation process, if something gets rejected we can (and do!) fail
-the transformation aggressively. If the operation invoked on the DC
-results in the operation being sent across to 10 secondary HCs and one of
-them has a legacy version which ends up rejecting the transformation, we
-rollback the operation across the whole domain.
-
-
-
-
-
4.3.3. Different profiles for different versions
-
-
Now for the weld example we have been using there is a slight twist.
-We have the new require-bean-descriptor and non-portable-mode
-attributes. These have been added in WildFly 29 which supports Jakarta EE,
-and thus CDI.
-In CDI 1.1 the values of these attributes are tweakable, so they can be set
-to either true or false. The default behaviour for these in CDI 1.1,
-if not set, is that they are false. However, for CDI 1.0 these were
-not tweakable, and with the way the subsystem in JBoss AS 7.x worked is
-similar to if they are set to true.
-
-
-
The above discussion implies that to use the weld subsystem on a legacy
-secondary HC, the domain.xml configuration for it must look like:
We will see the exact mechanics for how this is actually done later but
-in short when pushing this to a legacy secondary HC we register transformers
-which reject the transformation if these attributes are not set to
-true since that implies some behavior not supported on the legacy
-secondary HC. If they are true, all is well, and the transformers discard,
-or remove, these attributes since they don’t exist in the legacy model.
-This removal is fine since they have the values which would result in
-the behavior assumed on the legacy secondary HC.
-
-
-
That way the older secondary HCs will work fine. However, we might also have
-WildFly 29 secondary HCs in our domain, and they are missing out on the new
-features introduced by the attributes introduced in ModelVersion 2.0.0.
-If we do
Then have the HCs using WildFly 29 make their servers reference the
-main-server-group server group, and the HCs using older versions of
-WildFly 29 make their servers reference the main-server-group-legacy
-server group.
-
-
-
Ignoring resources on legacy hosts
-
-
Booting the above configuration will still cause problems on legacy
-secondary HCs, especially if they are JBoss AS 7.2.0 or later. The reason
-for this is that when they register themselves with the DC it lets the
-DC know which ignored resources they have. If the DC comes to
-transform something it should reject for a secondary HC and it is not part
-of its ignored resources it will aggressively fail the transformation.
-Versions of JBoss AS older than 7.2.0 still have this ignored resources
-mechanism, but don’t let the DC know about what they have ignored so the
-DC cannot reject aggressively - instead it will log some warnings.
-However, it is still good practice to ignore resources you are not
-interested in regardless of which legacy version the secondary HC is
-running.
-
-
-
To ignore the profile we cannot understand we do the following in the
-legacy secondary HC’s host.xml
-Any top-level resource type can be ignored profile, extension,
-server-group etc. Ignoring a resource instance ignores that resource,
-and all its children.
-
Start the old version of WildFly/JBoss AS 7 using
---server-config=standalone-full-ha.xml
-
-
-
Run org.wildfly.legacy.util.GrabModelVersionsUtil, which will
-output the subsystem versions to
-target/standalone-model-versions-running.dmr
-
-
-
Run org.wildfly.legacy.util.DumpStandaloneResourceDefinitionUtil
-which will output the full resource definition to
-target/standalone-resource-definition-running.dmr
-
-
-
Stop the running version of WildFly/JBoss AS 7
-
-
-
-
-
-
4.4.2. See what changed
-
-
To do this follow the following steps
-
-
-
-
-
Start the new version of WildFly using
---server-config=standalone-full-ha.xml
-
-
-
Run org.wildfly.legacy.util.CompareModelVersionsUtil and answer
-the following questions"
-
-
-
-
Enter Legacy AS version:
-
-
-
-
If it is known version in the tools/src/test/resources/legacy-models
-folder, enter the version number.
-
-
-
If it is a not known version, and you got the data yourself in the
-last step, enter ' `running’
-
-
-
-
-
-
Enter type:
-
-
-
-
Answer ' `S’
-
-
-
-
-
-
-
-
-
Read from target directory or from the legacy-models directory:
-
-
-
-
If it is known version in the
-controller/src/test/resources/legacy-models folder, enter ' `l’.
-
-
-
If it is a not known version, and you got the data yourself in the
-last step, enter ' `t’
-
-
-
-
-
-
Report on differences in the model when the management versions are
-different?:
-
-
-
-
Answer ' `y’
-
-
-
-
-
-
-
-
Here is some example output, as a subsystem developer you can ignore
-everything down to ======= Comparing subsystem models ======:
-
-
-
-
Enter legacy AS version: 7.2.0.Final
-Using target model: 7.2.0.Final
-Enter type [S](standalone)/H(host)/D(domain)/F(domain + host):S
-Read from target directory or from the legacy-models directory - t/[l]:
-Report on differences in the model when the management versions are different? y/[n]: y
-Reporting on differences in the model when the management versions are different
-Loading legacy model versions for 7.2.0.Final....
-Loaded legacy model versions
-Loading model versions for currently running server...
-Oct 01, 2013 6:26:03 PM org.xnio.Xnio <clinit>
-INFO: XNIO version 3.1.0.CR7
-Oct 01, 2013 6:26:03 PM org.xnio.nio.NioXnio <clinit>
-INFO: XNIO NIO Implementation Version 3.1.0.CR7
-Oct 01, 2013 6:26:03 PM org.jboss.remoting3.EndpointImpl <clinit>
-INFO: JBoss Remoting version 4.0.0.Beta1
-Loaded current model versions
-Loading legacy resource descriptions for 7.2.0.Final....
-Loaded legacy resource descriptions
-Loading resource descriptions for currently running STANDALONE...
-Loaded current resource descriptions
-Starting comparison of the current....
-
-======= Comparing core models ======
--- SNIP --
-
-======= Comparing subsystem models ======
--- SNIP --
-======= Resource root address: ["subsystem" => "remoting"] - Current version: 2.0.0; legacy version: 1.2.0 =======
---- Problems for relative address to root []:
-Missing child types in current: []; missing in legacy [http-connector]
---- Problems for relative address to root ["remote-outbound-connection" => "*"]:
-Missing attributes in current: []; missing in legacy [protocol]
-Missing parameters for operation 'add' in current: []; missing in legacy [protocol]
--- SNIP --
-======= Resource root address: ["subsystem" => "weld"] - Current version: 2.0.0; legacy version: 1.0.0 =======
---- Problems for relative address to root []:
-Missing attributes in current: []; missing in legacy [require-bean-descriptor, non-portable-mode]
-Missing parameters for operation 'add' in current: []; missing in legacy [require-bean-descriptor, non-portable-mode]
-
-Done comparison of STANDALONE!
-
-
-
-
So we can see that for the remoting subsystem, we have added a child
-type called http-connector, and we have added an attribute called
-protocol (they are missing in legacy).
-in the weld subsystem, we have added the require-bean-descriptor and
-non-portable-mode attributes in the current version. It will also
-point out other issues like changed attribute types, changed defaults
-etc.
-
-
-
Warning
-
-
-
-
-
-
-
-
-Note that CompareModelVersionsUtil simply inspects the raw resource
-descriptions of the specified legacy and current models. Its results
-show the differences between the two. They do not take into account
-whether one or more transformers have already been written for those
-versions differences. You will need to check that transformers are not
-already in place for those versions.
-
-
-
-
-
-
One final point to consider are that some subsystems register
-runtime-only resources and operations. For example the modcluster
-subsystem has a stop method. These do not get registered on the DC,
-e.g. there is no /profile=full-ha/subsystem=modcluster:stop operation,
-it only exists on the servers, for example
-/host=xxx/server=server-one/subsystem=modcluster:stop. What this means
-is that you don’t have to transform such operations and resources. The
-reason is they are not callable on the DC, and so do not need
-propagation to the servers in the domain, which in turn means no
-transformation is needed.
-
-
-
-
-
4.5. How do I write a transformer?
-
-
There are two APIs available to write transformers for a resource. There
-is the original low-level API where you register transformers directly,
-the general idea is that you get hold of a TransformersSubRegistration
-for each level and implement the ResourceTransformer,
-OperationTransformer and PathAddressTransformer interfaces directly.
-It is, however, a pretty complex thing to do, so we recommend the other
-approach. For completeness here is the entry point to handling
-transformation in this way.
-
-
-
-
publicclassSomeExtensionimplements Extension {
-
- privatestaticfinalString SUBSYSTEM_NAME = "my-subsystem"'
-
- private static final int MANAGEMENT_API_MAJOR_VERSION = 2;
- private static final int MANAGEMENT_API_MINOR_VERSION = 0;
- private static final int MANAGEMENT_API_MICRO_VERSION = 0;
-
- @Override
- public void initialize(ExtensionContext context) {
- SubsystemRegistration registration = context.registerSubsystem(SUBSYSTEM_NAME, MANAGEMENT_API_MAJOR_VERSION,
- MANAGEMENT_API_MINOR_VERSION, MANAGEMENT_API_MICRO_VERSION);
- //Register the resource definitions
- ....
- }
-
- static void registerTransformers(final SubsystemRegistration subsystem) {
- registerTransformers_1_1_0(subsystem);
- registerTransformers_1_2_0(subsystem);
- }
-
- /**
- * Registers transformers from the current version to ModelVersion 1.1.0
- */
- private static void registerTransformers_1_1_0(final SubsystemRegistration subsystem) {
- final ModelVersion version = ModelVersion.create(1, 1, 0);
-
- //The default resource transformer forwards all operations
- final TransformersSubRegistration registration = subsystem.registerModelTransformers(version, ResourceTransformer.DEFAULT);
- final TransformersSubRegistration child = registration.registerSubResource(PathElement.pathElement("child"));
- //We can do more things on the TransformersSubRegistation instances
-
-
- registerRelayTransformers(stack);
- }
-
-
-
-
Having implemented a number of transformers using the above approach, we
-decided to simplify things, so we introduced the
-org.jboss.as.controller.transform.description.ResourceTransformationDescriptionBuilder
-API. It is a lot simpler and avoids a lot of the duplication of
-functionality required by the low-level API approach. While it doesn’t
-give you the full power that the low-level API does, we found that there
-are very few places in the WildFly codebase where this does not work, so
-we will focus on the ResourceTransformationDescriptionBuilder API
-here. (If you come across a problem where this does not work, get in
-touch with someone from the WildFly Domain Management Team and we should
-be able to help). The builder API makes all the nasty calls to
-TransformersSubRegistration for you under the hood. It also allows you
-to fall back to the low-level API in places, although that will not be
-covered in the current version of this guide. The entry point for using
-the builder API here is taken from the WeldExtension (in current WildFly
-this has ModelVersion 2.0.0).
-
-
-
-
privatevoid registerTransformers(SubsystemRegistration subsystem) {
- ResourceTransformationDescriptionBuilder builder = TransformationDescriptionBuilder.Factory.createSubsystemInstance();
- //These new attributes are assumed to be 'true' in the old version but default to false in the current version. So discard if 'true' and reject if 'undefined'.
- builder.getAttributeBuilder()
- .setDiscard(new DiscardAttributeChecker.DiscardAttributeValueChecker(false, false, new ModelNode(true)),
- WeldResourceDefinition.NON_PORTABLE_MODE_ATTRIBUTE, WeldResourceDefinition.REQUIRE_BEAN_DESCRIPTOR_ATTRIBUTE)
- .addRejectCheck(new RejectAttributeChecker.DefaultRejectAttributeChecker() {
-
- @Override
- publicString getRejectionLogMessage(Map<String, ModelNode> attributes) {
- return WeldMessages.MESSAGES.rejectAttributesMustBeTrue(attributes.keySet());
- }
-
- @Override
- protectedboolean rejectAttribute(PathAddress address, String attributeName, ModelNode attributeValue,
- TransformationContext context) {
- //This will not get called if it was discarded, so reject if it is undefined (default==false) or if defined and != 'true'
- return !attributeValue.isDefined() || !attributeValue.asString().equals("true");
- }
- }, WeldResourceDefinition.NON_PORTABLE_MODE_ATTRIBUTE, WeldResourceDefinition.REQUIRE_BEAN_DESCRIPTOR_ATTRIBUTE)
- .end();
- TransformationDescription.Tools.register(builder.build(), subsystem, ModelVersion.create(1, 0, 0));
- }
-
-
-
-
Here we register a discard check and a reject check. As mentioned in
-#Attribute
-transformation lifecycle all attributes are inspected for whether they
-should be discarded first. Then all attributes which were not discarded
-are checked for if they should be rejected. We will dig more into what
-this code means in the next few sections, but in short it means that we
-discard the require-bean-descriptor and non-portable attributes on
-the weld subsystem resource if they have the value true. If they
-have any other value, they will not get discarded and so reach the
-reject check, which will reject the transformation of the attributes if
-they have any other value.
-
-
-
Here we are saying that we should discard the require-bean-descriptor
-and non-portable-mode attributes on the weld subsystem resource if
-they are undefined, and reject them if they are defined. So that means
-that if the weld subsystem looks like
or any other combination (the default values for these attributes if
-undefined is false) we will reject the transformation for the secondary
-legacy HC.
they both get discarded (i.e. removed), so they will not get inspected
-for rejection, and an empty model not containing these attributes gets
-sent to the legacy HC.
-
-
-
Here we will discuss this API a bit more, to outline the most important
-features/most commonly needed tasks.
-
-
-
4.5.1. ResourceTransformationDescriptionBuilder
-
-
The ResourceTransformationDescriptionBuilder contains transformations
-for a resource type. The initial one is for the subsystem, obtained by
-the following call:
The ResourceTransformationDescriptionBuilder contains functionality
-for how to handle child resources, which we will look at in this
-section. It is also the entry point to how to handle transformation of
-attributes as we will see in
-#AttributeTransformationDescriptionBuilder.
-Also, it allows you to further override operation transformation as
-discussed in
-#OperationTransformationOverrideBuilder.
-When we have finished with our builder, we register it with the
-SubsystemRegistration against the target ModelVersion.
-If you have several old ModelVersions you could be transforming to, you
-need a separate builder for each of those.
-
-
-
-
-
-
Silently discard child resources
-
-
To make the ResourceTransformationDescriptionBuilder do something, we
-need to call some of its methods. For example, if we want to silently
-discard a child resource, we can do
This means that any usage of /subsystem=my-subsystem/child=discarded
-never make it to the legacy secondary HC running ModelVersion 1.0.0. During
-the initial domain model transfer, that part of the serialized domain
-model is stripped out, and any operations on this address are not
-forwarded on to the legacy secondary HCs running that version of the
-subsystem. (For brevity this section will leave out the leading
-/profile=xxx part used in domain mode, and use
-/subsystem=my-subsystem as the 'top-level' address).
-
-
-
Warning
-
-
-
-
-
-
-
-
-Note that discarding, although the simplest option in theory, is rarely
-the right thing to do.
-
-
-
-
-
-
The presence of the defined child normally implies some behaviour on the
-DC, and that behaviour is not available on the legacy secondary HC, so
-normally rejection is a better policy for those cases. Remember we can
-have different profiles targeting different groups of versions of legacy
-secondary HCs.
-
-
-
-
Reject child resource
-
-
If we want to reject transformation if a child resource exists, we can
-do
Now, if there are any legacy secondary HCs running ModelVersion 1.0.0, any
-usage of /subsystem=my-subsystem/child=reject will get rejected for
-those secondary HCs. Both during the initial domain model transfer, and if any
-operations are invoked on that address. For example the remoting
-subsystem did not have a http-connector=* child until ModelVersion
-2.0.0, so it is set up to reject that child when transforming to legacy
-HCs for all previous ModelVersions (1.1.0, 1.2.0 and 1.3.0). (See
-#Rejection
-in resource transformers and
-#Rejection
-in operation transformers for exactly what happens when something is
-rejected).
-
-
-
-
Redirect address for child resource
-
-
Sometimes we rename the addresses for a child resource between model
-versions. To do that we use one of the addChildRedirection() methods,
-note that these also return a builder for the child resource (since we
-are not rejecting or discarding it), we can do this for all children of
-a given type:
Now, in the initial domain transfer
-/subsystem=my-subsystem/newChild=test becomes
-/subsystem=my-subsystem/oldChild=test. Similarly all operations
-against the former address get mapped to the latter when executing
-operations on the DC before sending them to the legacy secondary HC running
-ModelVersion 1.1.0 of the subsystem.
Now, /subsystem=my-subsystem/newChild=newName becomes
-/subsystem=my-subsystem/oldChild=oldName both in the initial domain
-transfer, and when mapping operations to the legacy secondary HC. For example,
-under the web subsystem ssl=configuration got renamed to
-configuration=ssl in later versions, meaning we need a redirect from
-configuration=ssl to ssl=configuration in its transformers.
-
-
-
-
Getting a child resource builder
-
-
Sometimes we don’t want to transform the subsystem resource, but we want
-to transform something in one of its child resources. Again, since we
-are not discarding or rejecting, we get a reference to the builder for
-the child resource.
-
-
-
-
ResourceTransformationDescriptionBuilder childBuilder =
- subsystemBuilder.addChildResource(PathElement.pathElement("some-child"));
- //We don't actually want to transform anything in /subsystem-my-subsystem/some-child=* either :-)
- //We are interested in /subsystem-my-subsystem/some-child=*/another-level
- ResourceTransformationDescriptionBuilder anotherBuilder =
- childBuilder.addChildResource(PathElement.pathElement("another-level"));
-
- //Use anotherBuilder to add child-resource and/or attribute transformation
- ....
-
-
-
-
-
-
4.5.2. AttributeTransformationDescriptionBuilder
-
-
To transform attributes you call
-ResourceTransformationDescriptionBuilder.getAttributeBuilder() which
-returns you a AttributeTransformationDescriptionBuilder which is used
-to define transformation for the resource’s attributes. For example this
-gets the attribute builder for the subsystem resource:
The attribute transformations defined by the
-AttributeTransformationDescriptionBuilder will also impact the
-parameters to all operations defined on the resource. This means that if
-you have defined the example attribute of
-/subsystem=my-subsystem/some-child=* to reject transformation if its
-value is true, the inital domain transfer will reject if it is true,
-also the transformation of the following operations will reject:
The following operations will pass in this example, since the example
-attribute is not getting set to true
-
-
-
-
/subsystem=my-subsystem/some-child=test:add(example=false)
- /subsystem=my-subsystem/some-child=test:add() //Here it 'example' is simply left undefined
- /subsystem=my-subsystem:write-attribute(name=example, value=false)
- /subsystem=my-subsystem:undefine-attribute(name=example) //Again this makes 'example' undefined
- /subsystem=my-subsystem:custom-operation(example=false)
-
-
-
-
For the rest of the examples in this section we assume that the
-attributeBuilder is for /subsystem=my-subsystem
-
-
-
Attribute transformation lifecycle
-
-
There is a well defined lifecycle used for attribute transformation that
-is worth explaining before jumping into specifics. Transformation is
-done in the following phases, in the following order:
-
-
-
-
-
discard - All attributes in the domain model transfer or invoked
-operation that have been registered for a discard check, are checked to
-see if the attribute should be discarded. If an attribute should be
-discarded, it is removed from the resource’s attributes/operation’s
-parameters and it does not get passed to the next phases. Once discarded
-it does not get sent to the legacy secondary HC.
-
-
-
reject - All attributes that have been registered for a reject
-check (and which not have been discarded) are checked to see if the
-attribute should be rejected. As explained in
-#Rejection
-in resource transformers and
-#Rejection
-in operation transformers exactly what happens when something is
-rejected varies depending on whether we are transforming a resource or
-an operation, and the version of the legacy secondary HC we are transforming
-for. If a transformer rejects an attribute, all other reject
-transformers still get invoked, and the next phases also get invoked.
-This is because we don’t know in all cases what will happen if a reject
-happens. Although this might sound cumbersome, in practice it actually
-makes it easier to write transformers since you only need one kind
-regardless of if it is a resource, an operation, and legacy secondary HC
-version. However, as we will see in
-Common
-transformation use-cases, it means some extra checks are needed when
-writing reject and convert transformers.
-
-
-
convert - All attributes that have been registered for conversion
-are checked to see if the attribute should be converted. If the
-attribute does not exist in the original operation/resource it may be
-introduced. This is useful for setting default values for the target
-legacy secondary HC.
-
-
-
rename - All attributes registered for renaming are renamed.
-
-
-
-
-
Next, let us have a look at how to register attributes for each of these
-phases.
-
-
-
-
Discarding attributes
-
-
The general idea behind a discard is that we remove attributes which do
-not exist in the legacy secondary HC’s model. However, as hopefully
-described below, we normally can’t simply discard everything, we need to
-check the values first.
-
-
-
To discard an attribute we need an instance of
-org.jboss.as.controller.transform.description.DiscardAttributeChecker,
-and call the following method on the
-AttributeTransformationDescriptionBuilder:
As shown, you can register the DiscardAttributeChecker for several
-attributes at once, in the above example both attr1 and attr2 get
-checked for if they should be discarded. You can also register different
-DiscardAttributeChecker instances for different attributes:
Note that you can only have one DiscardAttributeChecker per attribute,
-so the following would cause an error (if running with assertions
-enabled, otherwise discardCheckerB will overwrite discardCheckerA):
org.jboss.as.controller.transform.description.DiscardAttributeChecker
-contains both the DiscardAttributeChecker and some helper
-implementations. The implementations of this interface get called for
-each attribute they are registered against. The interface itself is
-quite simple:
-
-
-
-
publicinterfaceDiscardAttributeChecker {
-
- /**
- * Returns {@code true} if the attribute should be discarded if expressions are used
- *
- * @return whether to discard if expressions are used
- */
- boolean isDiscardExpressions();
-
-
-
-
Return true here to discard the attribute if it is an expression. If
-it is an expression, and this method returns true, the
-isOperationParameterDiscardable and isResourceAttributeDiscardable
-methods will not get called.
-
-
-
-
/**
- * Returns {@code true} if the attribute should be discarded if it is undefined
- *
- * @return whether to discard if the attribute is undefined
- */
- boolean isDiscardUndefined();
-
-
-
-
Return true here to discard the attribute if it is undefined. If it
-is undefined, and this method returns true, the
-isDiscardExpressions, isOperationParameterDiscardable and
-isResourceAttributeDiscardable methods will not get called.
-
-
-
-
/**
- * Gets whether the given operation parameter can be discarded
- *
- * @param address the address of the operation
- * @param attributeName the name of the operation parameter.
- * @param attributeValue the value of the operation parameter.
- * @param operation the operation executed. This is unmodifiable.
- * @param context the context of the transformation
- *
- * @return {@code true} if the operation parameter value should be discarded, {@code false} otherwise.
- */
- boolean isOperationParameterDiscardable(PathAddress address, String attributeName, ModelNode attributeValue, ModelNode operation, TransformationContext context);
-
-
-
-
If we are transforming an operation, this method gets called for each
-operation parameter. We have access to the address of the operation, the
-name and value of the operation parameter, an unmodifiable copy of the
-original operation and the TransformationContext. The
-TransformationContext allows you access to the original resource the
-operation is working on before any transformation happened, which is
-useful if you want to check other values in the resource if this is, say
-a write-attribute operation. Return true to discard the operation.
-
-
-
-
/**
- * Gets whether the given attribute can be discarded
- *
- * @param address the address of the resource
- * @param attributeName the name of the attribute
- * @param attributeValue the value of the attribute
- * @param context the context of the transformation
- *
- * @return {@code true} if the attribute value should be discarded, {@code false} otherwise.
- */
- boolean isResourceAttributeDiscardable(PathAddress address, String attributeName, ModelNode attributeValue, TransformationContext context);
-
-
-
-
If we are transforming a resource, this method gets called for each
-attribute in the resource. We have access to the address of the
-resource, the name and value of the attribute, and the
-TransformationContext. Return true to discard the operation.
DiscardAttributeChecker.DefaultDiscardAttributeChecker is an abstract
-convenience class. In most cases you don’t need a separate check for if
-an operation or a resource is being transformed, so it makes both the
-isResourceAttributeDiscardable() and
-isOperationParameterDiscardable() methods call the following method.
All you lose, in the case of an operation transformation, is the name of
-the transformed operation. The constructor of
-DiscardAttributeChecker.DefaultDiscardAttributeChecker also allows you
-to define values for isDiscardExpressions() and
-isDiscardUndefined().
This is another convenience class, which allows you to discard an
-attribute if it has one or more values. Here is a real-world example
-from the jpa subsystem:
We will come back to the reject checks in the
-#Rejecting
-attributes section. We are saying that we should discard the
-JPADefinition.DEFAULT_EXTENDEDPERSISTENCE_INHERITANCE attribute if it
-has the value deep. The reasoning here is that this attribute did not
-exist in the old model, but the legacy secondary HCs implied behaviour is
-that this was deep. In the current version we added the possibility to
-toggle this setting, but only deep is consistent with what is
-available in the legacy secondary HC. In this case we are using the
-constructor for DiscardAttributeChecker.DiscardAttributeValueChecker
-which says don’t discard if it uses expressions, and discard if it is
-undefined. If it is undefined in the current model, looking at the
-default value of
-JPADefinition.DEFAULT_EXTENDEDPERSISTENCE_INHERITANCE, it is deep,
-so a discard is in line with the implied legacy behaviour. If an
-expression is used, we cannot discard since we have no idea what the
-expression will resolve to on the secondary HC.
-
-
-
-DiscardAttributeChecker.ALWAYS
-
-
DiscardAttributeChecker.ALWAYS will always discard an attribute. Use
-this sparingly, since normally the presence of an attribute in the
-current model implies some behaviour should be turned on, and if that
-does not exist in the legacy model it implies that that behaviour does
-not exist in the legacy secondary HC and its servers. Normally the legacy
-secondary HC’s subsystem has some implied behaviour which is better checked
-for by using a DiscardAttributeChecker.DiscardAttributeValueChecker.
-One valid use for DiscardAttributeChecker.ALWAYS can be found in the
-ejb3 subsystem:
-
-
-
-
privatestaticvoid registerTransformers_1_1_0(SubsystemRegistration subsystemRegistration) {
- ResourceTransformationDescriptionBuilder builder = TransformationDescriptionBuilder.Factory.createSubsystemInstance()
- .getAttributeBuilder()
- ...
- // We can always discard this attribute, because it's meaningless without the security-manager subsystem, and
- // a legacy secondary HC can't have that subsystem in its profile.
- .setDiscard(DiscardAttributeChecker.ALWAYS, EJB3SubsystemRootResourceDefinition.DISABLE_DEFAULT_EJB_PERMISSIONS)
- ...
-
-
-
-
As the comment says, this attribute only makes sense with the
-security-manager susbsystem, which does not exist on legacy secondary HCs
-running ModelVersion 1.1.0 of the ejb3 subsystem.
-
-
-
-DiscardAttributeChecker.UNDEFINED
-
-
DiscardAttributeChecker.UNDEFINED will discard an attribute if it is
-undefined. This is normally safer than
-DiscardAttributeChecker.ALWAYS since the attribute is not set in the
-current model, we don’t need to send it to the legacy model. However,
-you should check that this attribute not existing in the legacy secondary
-HC, implies the same functionality as being undefined in the current DC.
-
-
-
-
-
-
Rejecting attributes
-
-
The next step is to check attributes and values which we know for sure
-will not work on the target legacy secondary HC.
-
-
-
To reject an attribute we need an instance of
-org.jboss.as.controller.transform.description.RejectAttributeChecker,
-and call the following method on the
-AttributeTransformationDescriptionBuilder:
As shown you can register the RejectAttributeChecker for several
-attributes at once, in the above example both attr1 and attr2 get
-checked for if they should be discarded. You can also register different
-RejectAttributeChecker instances for different attributes:
In this case attr1 gets both rejectCheckerA and rejectCheckerB.
-For attributes with several RejectAttributeChecker registered, they
-get processed in the order that they have been added. So when checking
-attr1 for rejection, rejectCheckerA gets run before
-rejectCheckerB. As mentioned in
-#Attribute
-transformation lifecycle, if an attribute is rejected, we still invoke
-the rest of the reject checkers.
-
-
-
The RejectAttributeChecker interface
-
-
org.jboss.as.controller.transform.description.RejectAttributeChecker
-contains both the RejectAttributeChecker and some helper
-implementations. The implementations of this interface get called for
-each attribute they are registered against. The interface itself is
-quite simple, and its main methods are similar to
-DiscardAttributeChecker:
-
-
-
-
publicinterfaceRejectAttributeChecker {
- /**
- * Determines whether the given operation parameter value is not understandable by the target process and needs
- * to be rejected.
- *
- * @param address the address of the operation
- * @param attributeName the name of the attribute
- * @param attributeValue the value of the attribute
- * @param operation the operation executed. This is unmodifiable.
- * @param context the context of the transformation
- * @return {@code true} if the parameter value is not understandable by the target process and so needs to be rejected, {@code false} otherwise.
- */
- boolean rejectOperationParameter(PathAddress address, String attributeName, ModelNode attributeValue, ModelNode operation, TransformationContext context);
-
-
-
-
If we are transforming an operation, this method gets called for each
-operation parameter. We have access to the address of the operation, the
-name and value of the operation parameter, an unmodifiable copy of the
-original operation and the TransformationContext. The
-TransformationContext allows you access to the original resource the
-operation is working on before any transformation happened, which is
-useful if you want to check other values in the resource if this is, say
-a write-attribute operation. Return true to reject the operation.
-
-
-
-
/**
- * Gets whether the given resource attribute value is not understandable by the target process and needs
- * to be rejected.
- *
- * @param address the address of the resource
- * @param attributeName the name of the attribute
- * @param attributeValue the value of the attribute
- * @param context the context of the transformation
- * @return {@code true} if the attribute value is not understandable by the target process and so needs to be rejected, {@code false} otherwise.
- */
- boolean rejectResourceAttribute(PathAddress address, String attributeName, ModelNode attributeValue, TransformationContext context);
-
-
-
-
If we are transforming a resource, this method gets called for each
-attribute in the resource. We have access to the address of the
-resource, the name and value of the attribute, and the
-TransformationContext. Return true to discard the operation.
-
-
-
-
/**
- * Returns the log message id used by this checker. This is used to group it so that all attributes failing a type of rejection
- * end up in the same error message
- *
- * @return the log message id
- */
- String getRejectionLogMessageId();
-
-
-
-
Here we need a unique id for the log message from the
-RejectAttributeChecker. It is used to group rejected attributes by
-their log message. A typical implementation will contain \{\{return
-getRejectionLogMessage(Collections.<String, ModelNode>emptyMap());}
-
-
-
-
/**
- * Gets the log message if the attribute failed rejection
- *
- * @param attributes a map of all attributes failed in this checker and their values
- * @return the formatted log message
- */
- String getRejectionLogMessage(Map<String, ModelNode> attributes);
-
-
-
-
Here we return a message saying why the attributes were rejected, with
-the possibility to format the message to include the names of all the
-rejected attributes and the values they had.
RejectAttributeChecker.DefaultRejectAttributeChecker is an abstract
-convenience class. In most cases you don’t need a separate check for if
-an operation or a resource is being transformed, so it makes both the
-rejectOperationParameter() and rejectResourceAttribute() methods
-call the following method.
Like DefaultDiscardAttributeChecker, all you loose is the name of the
-transformed operation, in the case of operation transformation.
-
-
-
-RejectAttributeChecker.DEFINED
-
-
RejectAttributeChecker.DEFINED is used to reject any attribute that
-has a defined value. Normally this is because the attribute does not
-exist on the target legacy secondary HC. A typical use case for these is for
-the implied behavior example we looked at in the jpa subsystem in
-#DiscardAttributeChecker.DiscardAttributeValueChecker
So we discard the
-JPADefinition.DEFAULT_EXTENDEDPERSISTENCE_INHERITANCE value if it is
-not an expression, and also has the value deep. Now if it was not
-discarded, it would will still be defined so we reject it.
-
-
-
Important
-
-
-
-
-
-
-
-
-Reject and discard often work in pairs.
-
-
-
-
-
-
-RejectAttributeChecker.SIMPLE_EXPRESSIONS
-
-
RejectAttributeChecker.SIMPLE_EXPRESSIONS can be used to reject an
-attribute that contains expressions. This was used a lot for
-transformations to subsystems in JBoss AS 7.1.x, since we had not fully
-realized the importance of where to support expressions until JBoss AS
-7.2.0 was released, so a lot of attributes in earlier versions were
-missing expressions support.
The
-RejectAttributeChecker}}s we have seen so far work on simple attributes, i.e. where the attribute has a ModelType which is one of the primitives. We also have a {{RejectAttributeChecker.ListRejectAttributeChecker
-which allows you to define a checker for the elements of a list, when
-the type of an attribute is ModelType.LIST.
For attr1 it will check each element of the list and run
-RejectAttributeChecker.EXPRESSIONS to check that each element is not
-an expression. You can of course pass in another kind of
-RejectAttributeChecker to check the elements as well.
For attributes where the type is ModelType.OBJECT we have
-RejectAttributeChecker.ObjectFieldsRejectAttributeChecker which allows
-you to register different reject checkers for the different fields of
-the registered object.
Now if attr1 is a complex type where
-attr1.get("time").getType() == ModelType.EXPRESSION or
-attr1.get("unit").asString().equals("Lunar Month") we reject the
-attribute.
-
-
-
-
-
-
Converting attributes
-
-
To convert an attribute you register an
-org.jboss.as.controller.transform.description.AttributeConverter
-instance against the attributes you want to convert:
Now if attr1 and attr2 get converted with converterA, while
-attr3 gets converted with converterB.
-
-
-
The AttributeConverter interface
-
-
The AttributeConverter interface gets called for each attribute for
-which the AttributeConverter has been registered
-
-
-
-
publicinterfaceAttributeConverter {
-
- /**
- * Converts an operation parameter
- *
- * @param address the address of the operation
- * @param attributeName the name of the operation parameter
- * @param attributeValue the value of the operation parameter to be converted
- * @param operation the operation executed. This is unmodifiable.
- * @param context the context of the transformation
- */
- void convertOperationParameter(PathAddress address, String attributeName, ModelNode attributeValue, ModelNode operation, TransformationContext context);
-
-
-
-
If we are transforming an operation, this method gets called for each
-operation parameter for which the con. We have access to the address of
-the operation, the name and value of the operation parameter, an
-unmodifiable copy of the original operation and the
-TransformationContext. The TransformationContext allows you access
-to the original resource the operation is working on before any
-transformation happened, which is useful if you want to check other
-values in the resource if this is, say a write-attribute operation. To
-change the attribute value, you modify the attributeValue.
-
-
-
-
/**
- * Converts a resource attribute
- *
- * @param address the address of the operation
- * @param attributeName the name of the attribute
- * @param attributeValue the value of the attribute to be converted
- * @param context the context of the transformation
- */
- void convertResourceAttribute(PathAddress address, String attributeName, ModelNode attributeValue, TransformationContext context);
-
-
-
-
If we are transforming a resource, this method gets called for each
-attribute in the resource. We have access to the address of the
-resource, the name and value of the attribute, and the
-TransformationContext. To change the attribute value, you modify the
-attributeValue.
-
-
-
-
}
-
-
-
-
A hypothetical example is if the current and legacy subsystems both
-contain an attribute called timeout. In the legacy model this was
-specified to be milliseconds, however in the current model it has been
-changed to be seconds, hence we need to convert the value when sending
-it to secondary HCs using the legacy model:
We need to be a bit careful here. If the timeout attribute is an
-expression our nice conversion will not work, so we need to add a reject
-check to make sure it is not an expression as well:
AttributeConverter.DefaultAttributeConverter is is an abstract
-convenience class. In most cases you don’t need a separate check for if
-an operation or a resource is being transformed, so it makes both the
-convertOperationParameter() and convertResourceAttribute() methods call
-the following method.
Like DefaultDiscardAttributeChecker and
-DefaultRejectAttributeChecker, all you loose is the name of the
-transformed operation, in the case of operation transformation.
-
-
-Introducing attributes during transformation
-
-
Say both the current and the legacy models have an attribute called
-port. In the legacy version this attribute had to be specified, and
-the default xml configuration had 1234 for its value. In the current
-version this attribute has been made optional with a default value of
-1234 so that it does not need to be specified. When transforming to a
-secondary HC using the old version we will need to introduce this attribute
-if the new model does not contain it:
So what this factory method does is to create an implementation of
-AttributeConverter.DefaultAttributeConverter where in
-convertAttribute() we set attributeValue to have the value 1234 if
-it is undefined. As long as attributeValue gets set in that method
-it will get set in the model, regardless of if it existed already or
-not.
Now, in the initial domain transfer to the legacy secondary HC, we rename
-/subsystem=my-subsystem’s `my-name attribute to legacy-name. Also,
-the operations involving this attribute are affected, so
All operations on a resource automatically get the same transformations
-on their parameters as set up by the
-AttributeTransformationDescriptionBuilder. In some cases you might
-want to change this, so you can use the
-OperationTransformationOverrideBuilder, which is got from:
In this case the operation will now no longer inherit the
-attribute/operation parameter transformations, so they are effectively
-turned off. In other cases you might want to include them by calling
-inheritResourceAttributeDefinitions(), and to include some more checks
-(the OperationTransformationBuilder interface has all the methods
-found in AttributeTransformationBuilder:
You can also rename operations, in this case the operation
-some-operation gets renamed to legacy-operation before getting sent
-to the legacy secondary HC.
4.6. Evolving transformers with subsystem ModelVersions
-
-
Say you have a subsystem with ModelVersions 1.0.0 and 1.1.0. There will
-(hopefully!) already be transformers in place for 1.1.0 to 1.0.0
-transformations. Let’s say that the transformers registration looks
-like:
-
-
-
-
publicclassSomeExtensionimplements Extension {
-
- privatestaticfinalString SUBSYSTEM_NAME = "my-subsystem"'
-
- private static final int MANAGEMENT_API_MAJOR_VERSION = 1;
- private static final int MANAGEMENT_API_MINOR_VERSION = 1;
- private static final int MANAGEMENT_API_MICRO_VERSION = 0;
-
- @Override
- public void initialize(ExtensionContext context) {
- SubsystemRegistration registration = context.registerSubsystem(SUBSYSTEM_NAME, MANAGEMENT_API_MAJOR_VERSION,
- MANAGEMENT_API_MINOR_VERSION, MANAGEMENT_API_MICRO_VERSION);
- //Register the resource definitions
- ....
- }
-
- private void registerTransformers(final SubsystemRegistration subsystem) {
- registerTransformers_1_0_0(subsystem);
- }
-
- /**
- * Registers transformers from the current version to ModelVersion 1.0.0
- */
- private void registerTransformers_1_0_0(SubsystemRegistration subsystem) {
- ResourceTransformationDescriptionBuilder builder = TransformationDescriptionBuilder.Factory.createSubsystemInstance();
- builder.getAttributeBuilder()
- .addRejectCheck(RejectAttributeChecker.DEFINED, "attr1")
- .end();
- TransformationDescription.Tools.register(builder.build(), subsystem, ModelVersion.create(1, 0, 0));
- }
-}
-
-
-
-
Now say we want to do a new version of the model. This new version
-contains a new attribute called 'new-attr' which cannot be defined when
-transforming to 1.1.0, we bump the model version to 2.0.0:
-
-
-
-
publicclassSomeExtensionimplements Extension {
-
- privatestaticfinalString SUBSYSTEM_NAME = "my-subsystem"'
-
- private static final int MANAGEMENT_API_MAJOR_VERSION = 2;
- private static final int MANAGEMENT_API_MINOR_VERSION = 0;
- private static final int MANAGEMENT_API_MICRO_VERSION = 0;
-
- @Override
- public void initialize(ExtensionContext context) {
- SubsystemRegistration registration = context.registerSubsystem(SUBSYSTEM_NAME, MANAGEMENT_API_MAJOR_VERSION,
- MANAGEMENT_API_MINOR_VERSION, MANAGEMENT_API_MICRO_VERSION);
- //Register the resource definitions
- ....
- }
This is the way that has been used up to WildFly 29.x. However, in
-WildFly 9 and later, it is strongly recommended to migrate to what is
-mentioned in
-#Chained
-transformers
-
-
-
Now we need some new transformers from the current ModelVersion to 1.1.0
-where we reject any defined occurrances of our new attribute new-attr:
So that is all well and good, however we also need to take into account
-that new-attrdoes not exist in ModelVersion 1.0.0 either, so we
-need to extend our transformer for 1.0.0 to reject it there as well. As
-you can see 1.0.0 also rejects a defined 'attr1' in addition to the
-'new-attr'(which is rejected in both versions).
-
-
-
-
/**
- * Registers transformers from the current version to ModelVersion 1.0.0
- */
- privatevoid registerTransformers_1_0_0(SubsystemRegistration subsystem) {
- ResourceTransformationDescriptionBuilder builder = TransformationDescriptionBuilder.Factory.createSubsystemInstance();
- builder.getAttributeBuilder()
- .addRejectCheck(RejectAttributeChecker.DEFINED, "attr1", "new-attr")
- .end();
- TransformationDescription.Tools.register(builder.build(), subsystem, ModelVersion.create(1, 0, 0));
- }
-}
-
-
-
-
Now new-attr will be rejected if defined for all previous model
-versions.
-
-
-
-
4.6.2. Chained transformers
-
-
Since 'The old way' had a lot of duplication of code, since WildFly 9 we
-now have chained transformers. You obtain a
-ChainedTransformationDescriptionBuilder which is a different entry
-point to the ResourceTransformationDescriptionBuilder we have seen
-earlier. Each ResourceTransformationDescriptionBuilder deals with
-transformation across one version delta.
-
-
-
-
privatevoid registerTransformers(SubsystemRegistration subsystem) {
- ModelVersion version1_1_0 = ModelVersion.create(1, 1, 0);
- ModelVersion version1_0_0 = ModelVersion.create(1, 0, 0);
-
- ChainedTransformationDescriptionBuilder chainedBuilder =
- TransformationDescriptionBuilder.Factory.createChainedSubystemInstance(subsystem.getSubsystemVersion());
-
- //Differences between the current version and 1.1.0
- ResourceTransformationDescriptionBuilder builder110 =
- chainedBuilder.create(subsystem.getSubsystemVersion(), version1_1_0);
- builder110.getAttributeBuilder()
- .addRejectCheck(RejectAttributeChecker.DEFINED, "new-attr")
- .end();
-
- //Differences between the 1.1.0 and 1.0.0
- ResourceTransformationDescriptionBuilder builder100 =
- chainedBuilder.create(subsystem.getSubsystemVersion(), version1_0_0);
- builder110.getAttributeBuilder()
- .addRejectCheck(RejectAttributeChecker.DEFINED, "attr1")
- .end();
-
- chainedBuilder.buildAndRegister(subsystem, new ModelVersion[]{version1_0_0, version1_1_0});
-
-
-
-
The buildAndRegister(ModelVersion[]… chains) method registers a
-chain consisting of the built builder110 and builder100 for
-transformation to 1.0.0, and a chain consisting of the built
-builder110 for transformation to 1.1.0. It allows you to specify more
-than one chain.
-
-
-
Now when transforming from the current version to 1.0.0, the resource is
-first transformed from the current version to 1.1.0 (which rejects a
-defined new-attr) and then it is transformed from 1.1.0 to 1.0.0
-(which rejects a defined attr1). So when evolving transformers you
-should normally only need to add things to the last version delta. The
-full current-to-1.1.0 transformation is run before the 1.1.0-to-1.0.0
-transformation is run.
-
-
-
One thing worth pointing out that the value returned by
-TransformationContext.readResource(PathAddress address) and
-TransformationContext.readResourceFromRoot(PathAddress address) which
-you can use from your custom RejectAttributeChecker,
-DiscardAttributeChecker and AttributeConverter behaves slightly
-differently depending on if you are transforming an operation or a
-resource.
-
-
-
During resource transformation this will be the latest model, so in
-our above example, in the current-to-1.1.0 transformation it will be the
-original model. In the 1.1.0-to-1.0.0 transformation, it will be the
-result of the current-to-1.1.0 transformation.
-
-
-
During operation transformation these methods will always return the
-original model (we are transforming operations, not resources!).
-
-
-
In WildFly 9 we are now less aggressive about transforming to all
-previous versions of WildFly, however we still have a lot of good tests
-for running against 7.1.x, 8. Also, for Red Hat employees we have tests
-against EAP versions. These tests no longer get run by default, to run
-them you need to specify some system properties when invoking maven.
-They are:
-
-
-
-
-
-Djboss.test.transformers.subsystem.old - enables the non-default
-subsystem tests.
-
-
-
-Djboss.test.transformers.eap - (Red Hat developers only), enables the
-eap tests, but only the ones run by default. If run in conjunction with
--Djboss.test.transformers.subsystem.old you get all the possible
-subsystem tests run.
-
-
-
-Djboss.test.transformers.core.old - enables the non-default core
-model tests.
-
-
-
-
-
-
-
4.7. Testing transformers
-
-
To test transformation you need to extend
-org.jboss.as.subsystem.test.AbstractSubsystemTest or
-org.jboss.as.subsystem.test.AbstractSubsystemBaseTest. Then, in order
-to have the best test coverage possible, you should test the fullest
-configuration that will work, and you should also test configurations
-that don’t work if you have rejecting transformers registered. The
-following example is from the threads subsystem, and I have only
-included the tests against 7.1.2 - there are more! First we need to set
-up our test:
So we say that this test is for the threads subsystem, and that it is
-implemented by ThreadsExtension. This is the same test framework as we
-use in
-Example
-subsystem#Testing the parsers, but we will only talk about the parts
-relevant to transformers here.
-
-
-
4.7.1. Testing a configuration that works
-
-
To test a configuration xxx
-
-
-
-
@Test
- publicvoid testTransformerAS712() throwsException {
- testTransformer_1_0(ModelTestControllerVersion.V7_1_2_FINAL);
- }
- /**
- * Tests transformation of model from 1.1.0 version into 1.0.0 version.
- *
- * @throws Exception
- */
- privatevoid testTransformer_1_0(ModelTestControllerVersion controllerVersion) throwsException {
- String subsystemXml = "threads-transform-1_0.xml"; //This has no expressions not understood by 1.0
- ModelVersion modelVersion = ModelVersion.create(1, 0, 0); //The old model version
- //Use the non-runtime version of the extension which will happen on the HC
- KernelServicesBuilder builder = createKernelServicesBuilder(AdditionalInitialization.MANAGEMENT)
- .setSubsystemXmlResource(subsystemXml);
-
- final PathAddress subsystemAddress = PathAddress.pathAddress(PathElement.pathElement(SUBSYSTEM, mainSubsystemName));
-
- // Add legacy subsystems
- builder.createLegacyKernelServicesBuilder(null, controllerVersion, modelVersion)
- .addOperationValidationResolve("add", subsystemAddress.append(PathElement.pathElement("thread-factory")))
- .addMavenResourceURL("org.jboss.as:jboss-as-threads:" + controllerVersion.getMavenGavVersion())
- .excludeFromParent(SingleClassFilter.createFilter(ThreadsLogger.class));
-
- KernelServices mainServices = builder.build();
- KernelServices legacyServices = mainServices.getLegacyServices(modelVersion);
- Assert.assertNotNull(legacyServices);
- checkSubsystemModelTransformation(mainServices, modelVersion);
- }
-
-
-
-
What this test does is get the builder to configure the test controller
-using threads-transform-1_0.xml. This main builder works with the
-current subsystem version, and the jars in the WildFly checkout.
-
-
-
Next we configure a 'legacy' controller. This will run the version of
-the core libraries (e.g the controller module) as found in the
-targeted legacy version of JBoss AS/WildFly), and the subsystem. We need
-to pass in that it is using the core AS version 7.1.2.Final (i.e. the
-ModelTestControllerVersion.V7_1_2_FINAL part) and that that version is
-ModelVersion 1.0.0. Next we have some addMavenResourceURL() calls
-passing in the Maven GAVs of the old version of the subsystem and any
-dependencies it has needed to boot up. Normally, specifying just the
-Maven GAV of the old version of the subsystem is enough, but that
-depends on your subsystem. In this case the old subsystem GAV is enough.
-When booting up the legacy controller the framework uses the parsed
-operations from the main controller and transforms them using the 1.0.0
-transformer in the threads subsystem. The
-addOperationValidationResolve() and excludeFromParent() calls are
-not normally necessary, see the javadoc for more examples.
-
-
-
The call to KernelServicesBuilder.build() will build both the main
-controller and the legacy controller. As part of that it also boots up a
-second copy of the main controller using the transformed operations to
-make sure that the 'old' ops to boot our subsystem will still work on
-the current controller, which is important for backwards compatibility
-of CLI scripts. To tweak how that is done if you see failures there, see
-LegacyKernelServicesInitializer.skipReverseControllerCheck() and
-LegacyKernelServicesInitializer.configureReverseControllerCheck(). The
-LegacyKernelServicesInitializer is what gets returned by
-KernelServicesBuilder.createLegacyKernelServicesBuilder().
-
-
-
Finally we call checkSubsystemModelTransformation() which reads the
-full legacy subsystem model. The legacy subsystem model will have been
-built up from the transformed boot operations from the parsed xml. The
-operations get transformed by the operation transformers. Then it takes
-the model of the current subsystem and transforms that using the
-resource transformers. Then it compares the two models, which should be
-the same. In some rare cases it is not possible to get those two models
-exactly the same, so there is a version of this method that takes a
-ModelFixer to make adjustments. The
-checkSubsystemModelTransformation() method also makes sure that the
-legacy model is valid according to the legacy subsystem’s resource
-definition.
-
-
-
The legacy subsystem resource definitions are read on demand from the
-legacy controller when the tests run. In some older versions of
-subsystems (before we converted everything to use ResourceDefinition,
-and DescriptionProvider implementations were coded by hand) there were
-occasional problems with the resource definitions and they needed to be
-touched up. In this case you can generate a new one, touch it up and
-store the result in a file in the test resources under
-/same/package/as/the/test/class/{{subsystem-name- model-version.
-This will then prefer the file read from the file system to the one read
-at runtime. To generate the .dmr file, you need to generate it by adding
-a temporary test (make sure that you adjust controllerVersion and
-modelVersion to what you want to generate):
Now run the test and delete it. The legacy .dmr file should be in
-target/test-classes/org/jboss/as/subsystem/test/<your-subsystem-name>-<your-version>.dmr.
-Copy this .dmr file to the correct location in your project’s test
-resources.
-
-
-
-
4.7.2. Testing a configuration that does not work
-
-
The threads subsystem (like several others) did not support the use of
-expression values in the version that came with JBoss AS 7.1.2.Final. So
-we have a test that attempts to use expressions, and then fixes each
-resource and attribute where expressions were not allowed.
Again we boot up a current and a legacy controller. However, note in
-this case that they are both empty, no xml was parsed on boot so there
-are no operations to boot up the model. Instead once the controllers
-have been booted, we call KernelServicesBuilder.parseXmlResource()
-which gets the operations from expressions.xml. expressions.xml uses
-expressions in all the places they were not allowed in 7.1.2.Final. For
-each resource ModelTestUtils.checkFailedTransformedBootOperations()
-will check that the add operation gets rejected, and then correct one
-attribute at a time until the resource has been totally corrected. Once
-the add operation is totally correct, it will check that the add
-operation no longer is rejected. The configuration for this is the
-FailedOperationTransformationConfig returned by the getConfig()
-method:
So what this means is that we expect the allow-core-timeout and
-keepalive-time attributes for the
-blocking-bounded-queue-thread-pool= and bounded-queue-thread-pool=
-add operations to use expressions in the parsed xml. We then expect them
-to fail since there should be transformers in place to reject
-expressions, and correct them one at a time until the add operation
-should pass. As well as doing the add operations the
-ModelTestUtils.checkFailedTransformedBootOperations() method will also
-try calling write-attribute for each attribute, correcting as it goes
-along. As well as allowing you to test rejection of expressions
-FailedOperationTransformationConfig also has some helper classes to
-help testing rejection of other scenarios.
-
-
-
-
-
4.8. Common transformation use-cases
-
-
Most transformations are quite similar, so this section covers some of
-the actual transformation patterns found in the WildFly codebase. We
-will look at the output of CompareModelVersionsUtil, and see what can be
-done to transform for the older secondary HCs. The examples come from the
-WildFly codebase but are stripped down to focus solely on the use-case
-being explained in an attempt to keep things as clear/simple as
-possible.
-
-
-
4.8.1. Child resource type does not exist in legacy model
-
-
Looking at the model comparison between WildFly and JBoss AS 7.2.0,
-there is a change to the remoting subsystem. The relevant part of the
-output is:
-
-
-
-
======= Resource root address: ["subsystem" => "remoting"] - Current version: 2.0.0; legacy version: 1.2.0 =======
---- Problems for relative address to root []:
-Missing child types in current: []; missing in legacy [http-connector]
-
-
-
-
So our current model has added a child type called http-connector
-which was not there in 7.2.0. This is configurable, and adds new
-behavior, so it can not be part of a configuration sent across to a
-legacy secondary HC running version 1.2.0. So we add the following to
-RemotingExtension to reject all instances of that child type against
-ModelVersion 1.2.0.
Since this child resource type also does not exist in ModelVersion 1.1.0
-we need to reject it there as well using a similar mechanism.
-
-
-
-
4.8.2. Attribute does not exist in the legacy subsystem
-
-
Default value of the attribute is the same as legacy implied
-
-
behavior
-
-
-
This example also comes from the remoting subsystem, and is probably
-the most common type of transformation. The comparison tells us that
-there is now an attribute under
-/subsystem=remoting/remote-outbound-connection=* called protocol
-which did not exist in the older version:
-
-
-
-
======= Resource root address: ["subsystem" => "remoting"] - Current version: 2.0.0; legacy version: 1.2.0 =======
---- Problems for relative address to root []:
-....
---- Problems for relative address to root ["remote-outbound-connection" => "*"]:
-Missing attributes in current: []; missing in legacy [protocol]
-Missing parameters for operation 'add' in current: []; missing in legacy [protocol]
-
-
-
-
This difference also affects the add operation. Looking at the current
-model the valid values for the protocol attribute are remote,
-http-remoting and https-remoting. The last two are new protocols
-introduced in WildFly 29, meaning that the implied behaviour in JBoss
-7.2.0 and earlier is the remote protocol. Since this attribute does
-not exist in the legacy model we want to discard this attribute if it is
-undefined or if it has the value remote, both of which are in line
-with what the legacy secondary HC is hardwired to use. Also we want to
-reject it if it has a value different from remote. So what we need to
-do when registering transformers against ModelVersion 1.2.0 to handle
-this attribute:
So the first thing to happens is that we register a
-DiscardAttributeChecker.DiscardAttributeValueChecker which discards
-the attribute if it is either undefined (the default value in the
-current model is remote), or defined and has the value remote.
-Remembering that the discard phase always happens before the reject
-phase, the reject checker checks that the protocol attribute is
-defined, and rejects it if it is. The only reason it would be defined
-in the reject check, is if it was not discarded by the discard check.
-Hopefully this example shows that the discard and reject checkers often
-work in pairs.
-
-
-
An alternative way to write the protocolTransform() method would be:
The reject check remains the same, but we have implemented the discard
-check by using DiscardAttributeChecker.DefaultDiscardAttributeChecker
-instead. However, the effect of the discard check is exactly the same as
-when we used DiscardAttributeChecker.DiscardAttributeValueChecker.
-
-
-
-
Default value of the attribute is different from legacy implied
-
-
behaviour
-
-
-
We touched on this in the weld subsystem example we used earlier in this
-guide, but let’s take a more thorough look. Our comparison tells us that
-we have two new attributes require-bean-descriptor and
-non-portable-mode:
-
-
-
-
====== Resource root address: ["subsystem" => "weld"] - Current version: 2.0.0; legacy version: 1.0.0 =======
---- Problems for relative address to root []:
-Missing attributes in current: []; missing in legacy [require-bean-descriptor, non-portable-mode]
-Missing parameters for operation 'add' in current: []; missing in legacy [require-bean-descriptor, non-portable-mode]
-
-
-
-
Now when we look at this we see that the default value for both of the
-attributes in the current model is false, which allows us more
-flexible behavior introduced in CDI 1.1 (which was introduced with this
-version of the subsystem). The old model does not have these attributes,
-and implements CDI 1.0, which under the hood (using our weld subsystem
-expertise knowledge) implies the values true for both of these. So our
-transformer must reject anything that is not true for these
-attributes. Let us look at the transformer registered by the
-WeldExtension:
-
-
-
-
privatevoid registerTransformers(SubsystemRegistration subsystem) {
- ResourceTransformationDescriptionBuilder builder = TransformationDescriptionBuilder.Factory.createSubsystemInstance();
- //These new attributes are assumed to be 'true' in the old version but default to false in the current version. So discard if 'true' and reject if 'undefined'.
- builder.getAttributeBuilder()
- .setDiscard(new DiscardAttributeChecker.DiscardAttributeValueChecker(false, false, new ModelNode(true)),
- WeldResourceDefinition.NON_PORTABLE_MODE_ATTRIBUTE, WeldResourceDefinition.REQUIRE_BEAN_DESCRIPTOR_ATTRIBUTE)
- .addRejectCheck(new RejectAttributeChecker.DefaultRejectAttributeChecker() {
-
- @Override
- publicString getRejectionLogMessage(Map<String, ModelNode> attributes) {
- return WeldMessages.MESSAGES.rejectAttributesMustBeTrue(attributes.keySet());
- }
-
- @Override
- protectedboolean rejectAttribute(PathAddress address, String attributeName, ModelNode attributeValue,
- TransformationContext context) {
- //This will not get called if it was discarded, so reject if it is undefined (default==false) or if defined and != 'true'
- return !attributeValue.isDefined() || !attributeValue.asString().equals("true");
- }
- }, WeldResourceDefinition.NON_PORTABLE_MODE_ATTRIBUTE, WeldResourceDefinition.REQUIRE_BEAN_DESCRIPTOR_ATTRIBUTE)
- .end();
- TransformationDescription.Tools.register(builder.build(), subsystem, ModelVersion.create(1, 0, 0));
- }
-
-
-
-
This looks a bit more scary than the previous transformer we have seen,
-but isn’t actually too bad. The first thing we do is register a
-DiscardAttributeChecker.DiscardAttributeValueChecker which will
-discard the attribute if it has the value true. It will not discard if
-it is undefined since that defaults to false. This is registered for
-both attributes.
-
-
-
If the attributes had the value true they will get discarded we will
-not hit the reject checker since discarded attributes never get checked
-for rejection. If on the other hand they were an expression (since we
-are interested in the actual value, but cannot evaluate what value an
-expression will resolve to on the target from the DC running the
-transformers), false, or undefined (which will then default to
-false) they will not get discarded and will need to be rejected. So
-our
-RejectAttributeChecker.DefaultRejectAttributeChecker.rejectAttribute()
-method will return true (i.e. reject) if the attribute value is
-undefined (since that defaults to false) or if it is defined and
-'not equal to `true’. It is better to check for 'not equal to `true’
-than to check for 'equal to `false’ since if an expression was used we
-still want to reject, and only the 'not equal to `true’ check would
-actually kick in in that case.
-
-
-
The other thing we need in our
-DiscardAttributeChecker.DiscardAttributeValueChecker is to override
-the getRejectionLogMessage() method to get the message to be displayed
-when rejecting the transformation. In this case it says something along
-the lines "These attributes must be 'true' for use with CDI 1.0 '%s'",
-with the names of the attributes having been rejected substituting the
-%s.
-
-
-
-
-
4.8.3. Attribute has a different default value
-
-
– TODO
-
-
-
(The gist of this is to use a value converter, such that if the
-attribute is undefined, and hence the default value will take effect,
-then the value gets converted to the current version’s default value.
-This ensures that the legacy HC will use the same effective setting as
-current version HCs.
-
-
-
Note however that a change in default values is a form of incompatible
-API change, since CLI scripts written assuming the old defaults will now
-produce a configuration that behaves differently. Transformers make it
-possible to have a consistently configured domain even in the presence
-of this kind of incompatible change, but that doesn’t mean such changes
-are good practice. They are generally unacceptable in WildFly’s own
-subsystems.
-
-
-
One trick to ameliorate the impact of a default value change is to
-modify the xml parser for the old schema version such that if the xml
-attribute is not configured, the parser sets the old default value for
-the attribute, instead of undefined. This approach allows the parsing
-of old config documents to produce results consistent with what happened
-when they were created. It does not help with CLI scripts though.)
-
-
-
-
4.8.4. Attribute has a different type
-
-
Here the example comes from the capacity parameter some way into the
-modcluster subsystem, and the legacy version is AS 7.1.2.Final. There
-are quite a few differences, so I am only showing the ones relevant for
-this example:
-
-
-
-
====== Resource root address: ["subsystem" => "modcluster"] - Current version: 2.0.0; legacy version: 1.2.0 =======
-...
---- Problems for relative address to root ["mod-cluster-config" => "configuration","dynamic-load-provider" => "configuration","custom-load-m
-etric" => "*"]:
-Different 'type' for attribute 'capacity'. Current: DOUBLE; legacy: INT
-Different 'expressions-allowed' for attribute 'capacity'. Current: true; legacy: false
-...
-Different 'type' for parameter 'capacity' of operation 'add'. Current: DOUBLE; legacy: INT
-Different 'expressions-allowed' for parameter 'capacity' of operation 'add'. Current: true; legacy: false
-
-
-
-
So as we can see expressions are not allowed for the capacity
-attribute, and the current type is double while the legacy subsystem
-is int. So this means that if the value is for example 2.0 we can
-convert this to 2, but 2.5 cannot be converted. The way this is
-solved in the ModClusterExtension is to register the following some
-other attributes are registered here, but hopefully it is clear anyway:
So we register that we should reject expressions, and we also register
-the CapacityCheckerAndConverter for capacity.
-CapacityCheckerAndConverter extends the convenience class
-DefaultCheckersAndConverter which implements the
-DiscardAttributeChecker, RejectAttributeChecker, and
-AttributeConverter interfaces. We have seen DiscardAttributeChecker
-and RejectAttributeChecker in previous examples. Since we now need to
-convert a value we need an instance of AttributeConverter.
Now we check to see if we can convert the attribute to an int and
-reject if not. Note that if it is an expression, we have no idea what
-its value will resolve to on the target host, so we need to reject it.
-Then we try to change it into an int, and reject if that was not
-possible:
-References in this document to Java Persistence API (JPA) refer to the Jakarta Persistence unless otherwise noted.
-
-
-
-
-
-
-
-
-
-
5. Key Interfaces and Classes Relevant to Extension Developers
-
-
-
In the first major section of this guide, we provided an example of how
-to implement an extension to the AS. The emphasis there was learning by
-doing. In this section, we’ll focus a bit more on the major WildFly
-interfaces and classes that most are relevant to extension developers.
-The best way to learn about these interfaces and classes in detail is to
-look at their javadoc. What we’ll try to do here is provide a brief
-introduction of the key items and how they relate to each other.
-
-
-
Before digging into this section, readers are encouraged to read the
-"Core Management Concepts" section of the Admin Guide.
-
-
-
5.1. Extension Interface
-
-
The org.jboss.as.controller.Extension interface is the hook by which
-your extension to the AS kernel is able to integrate with the AS. During
-boot of the AS, when the <extension> element in the AS’s xml
-configuration file naming your extension is parsed, the JBoss Modules
-module named in the element’s name attribute is loaded. The standard JDK
-java.lang.ServiceLoader mechanism is then used to load your module’s
-implementation of this interface.
-
-
-
The function of an Extension implementation is to register with the
-core AS the management API, xml parsers and xml marshallers associated
-with the extension module’s subsystems. An Extension can register
-multiple subsystems, although the usual practice is to register just one
-per extension.
-
-
-
Once the Extension is loaded, the core AS will make two invocations
-upon it:
When this is invoked, it is the Extension implementation’s
-responsibility to initialize the XML parsers for this extension’s
-subsystems and register them with the given ExtensionParsingContext.
-The parser’s job when it is later called is to create
-org.jboss.dmr.ModelNode objects representing WildFly management API
-operations needed make the AS’s running configuration match what is
-described in the xml. Those management operation ModelNode s are added
-to a list passed in to the parser.
-
-
-
A parser for each version of the xml schema used by a subsystem should
-be registered. A well behaved subsystem should be able to parse any
-version of its schema that it has ever published in a final release.
-
-
-
-
-
void initialize(ExtensionContext context)
-
-
-
-
-
When this is invoked, it is the Extension implementation’s
-responsibility to register with the core AS the management API for its
-subsystems, and to register the object that is capable of marshalling
-the subsystem’s in-memory configuration back to XML. Only one XML
-marshaller is registered per subsystem, even though multiple XML parsers
-can be registered. The subsystem should always write documents that
-conform to the latest version of its XML schema.
-
-
-
The registration of a subsystem’s management API is done via the
-ManagementResourceRegistration interface. Before discussing that
-interface in detail, let’s describe how it (and the related Resource
-interface) relate to the notion of managed resources in the AS.
-
-
-
-
5.2. WildFly Managed Resources
-
-
Each subsystem is responsible for managing one or more management
-resources. The conceptual characteristics of a management resource are
-covered in some detail in the Admin
-Guide; here we’ll just summarize the main points. A management resource
-has
-
-
-
-
-
An address consisting of a list of key/value pairs that uniquely
-identifies a resource
-
-
-
Zero or more attributes , the value of which is some sort of
-org.jboss.dmr.ModelNode
-
-
-
Zero or more supported operations . An operation has a string name
-and zero or more parameters, each of which is a key/value pair where the
-key is a string naming the parameter and the value is some sort of
-ModelNode
-
-
-
Zero or more children , each of which in turn is a managed
-resource
-
-
-
-
-
The implementation of a managed resource is somewhat analogous to the
-implementation of a Java object. A managed resource will have a "type",
-which encapsulates API information about that resource and logic used to
-implement that API. And then there are actual instances of the resource,
-which primarily store data representing the current state of a
-particular resource. This is somewhat analogous to the "class" and
-"object" notions in Java.
-
-
-
A managed resource’s type is encapsulated by the
-org.jboss.as.controller.registry.ManagementResourceRegistration the
-core AS creates when the type is registered. The data for a particular
-instance is encapsulated in an implementation of the
-org.jboss.as.controller.registry.Resource interface.
-
-
-
-
5.3. ManagementResourceRegistration Interface
-
-
In the Java analogy used above, the ManagementResourceRegistration is
-analogous to the "class", while the Resource discussed below is
-analogous to an instance of that class.
-
-
-
A ManagementResourceRegistration represents the specification for a
-particular managed resource type. All resources whose address matches
-the same pattern will be of the same type, specified by the type’s
-ManagementResourceRegistration. The MRR encapsulates:
-
-
-
-
-
A PathAddress showing the address pattern that matches resources of
-that type. This PathAddress can and typically does involve wildcards
-in the value of one or more elements of the address. In this case there
-can be more than one instance of the type, i.e. different Resource
-instances.
-
-
-
Definition of the various attributes exposed by resources of this
-type, including the OperationStepHandler implementations used for
-reading and writing the attribute values.
-
-
-
Definition of the various operations exposed by resources of this
-type, including the OperationStepHandler implementations used for
-handling user invocations of those operations.
-
-
-
Definition of child resource types. ManagementResourceRegistration
-instances form a tree.
-
-
-
Definition of management notifications emitted by resources of this
-type.
-
-
-
Definition of
-capabilities provided by
-resources of this type.
-
-
-
Definition of RBAC access constraints that should be
-applied by the management kernel when authorizing operations against
-resources of this type.
-
-
-
Whether the resource type is an alias to another resource type, and if
-so information about that relationship. Aliases are primarily used to
-preserve backwards compatibility of the management API when the location
-of a given type of resources is moved in a newer release.
-
-
-
-
-
The ManagementResourceRegistration interface is a subinterface of
-ImmutableManagementResourceRegistration, which provides a read-only
-view of the information encapsulated by the MRR. The MRR subinterface
-adds the methods needed for registering the attributes, operations,
-children, etc.
-
-
-
Extension developers do not directly instantiate an MRR. Instead they
-create a ResourceDefinition for the root resource type for each
-subsystem, and register it with the ExtensionContext passed in to
-their Extension implementation’s initialize method:
The kernel uses the provided ResourceDefinition to construct a
-ManagementResourceRegistration and then passes that MRR to the various
-registerXXX methods implemented by the ResourceDefinition, giving it
-the change to record the resource type’s attributes, operations and
-children.
-
-
-
-
5.4. ResourceDefinition Interface
-
-
An implementation of ResourceDefinition is the primary class used by
-an extension developer when defining a managed resource type. It
-provides basic information about the type, exposes a
-DescriptionProvider used to generate a DMR description of the type,
-and implements callbacks the kernel can invoke when building up the
-ManagementResourceRegistration to ask for registration of definitions
-of attributes, operations, children, notifications and capabilities.
-
-
-
Almost always an extension author will create their ResourceDefinition
-by creating a subclass of the
-org.jboss.as.controller.SimpleResourceDefinition class or of its
-PersistentResourceDefinition subclass. Both of these classes have
-constructors that take a Parameters object, which is a simple builder
-class to use to provide most of the key information about the resource
-type. The extension-specific subclass would then take responsibility for
-any additional behavior needed by overriding the registerAttributes,
-registerOperations, registerNotifications and registerChildren
-callbacks to do whatever is needed beyond what is provided by the
-superclasses.
-
-
-
For example, to add a writable attribute:
-
-
-
-
@Override
- publicvoid registerAttributes(ManagementResourceRegistration resourceRegistration) {
- super.registerAttributes(resourceRegistration);
- // Now we register the 'foo' attribute
- AttributeDefinition ad = FOO; // constant declared elsewhere
- OperationStepHandler writeHandler = new FooWriteAttributeHandler();
- resourceRegistration.registerReadWriteHandler(ad, null, writeHandler); // null read handler means use default read handling
- }
-
-
-
-
To register a custom operation:
-
-
-
-
@Override
- publicvoid registerOperations(ManagementResourceRegistration resourceRegistration) {
- super.registerOperations(resourceRegistration);
- // Now we register the 'foo-bar' custom operation
- OperationDefinition od = FooBarOperationStepHandler.getDefinition();
- OperationStepHandler osh = new FooBarOperationStepHandler();
- resourceRegistration.registerOperationHandler(od, osh);
- }
-
-
-
-
To register a child resource type:
-
-
-
-
@Override
- publicvoid registerChildren(ManagementResourceRegistration resourceRegistration) {
- super.registerChildren(resourceRegistration);
- // Now we register the 'baz=*' child type
- ResourceDefinition rd = new BazResourceDefinition();
- resourceRegistration.registerSubmodel(rd);
- }
-
-
-
-
5.4.1. ResourceDescriptionResolver
-
-
One of the things a ResourceDefinition must be able to do is provide a
-DescriptionProvider that provides a proper DMR description of the
-resource to use as the output for the standard
-read-resource-description management operation. Since you are almost
-certainly going to be using one of the standard ResourceDefinition
-implementations like SimpleResourceDefinition, the creation of this
-DescriptionProvider is largely handled for you. The one thing that is
-not handled for you is providing the localized free form text
-descriptions of the various attributes, operations, operation
-parameters, child types, etc used in creating the resource description.
-
-
-
For this you must provide an implementation of the
-ResourceDescriptionResolver interface, typically passed to the
-Parameters object provided to the SimpleResourceDefinition
-constructor. This interface has various methods that are invoked when a
-piece of localized text description is needed.
-
-
-
Almost certainly you’ll satisfy this requirement by providing an
-instance of the StandardResourceDescriptionResolver class.
-
-
-
StandardResourceDescriptionResolver uses a ResourceBundle to load
-text from a properties file available on the classpath. The keys in the
-properties file must follow patterns expected by
-StandardResourceDescriptionResolver. See the
-StandardResourceDescriptionResolver javadoc for further details.
-
-
-
The biggest task here is to create the properties file and add the text
-descriptions. A text description must be provided for everything. The
-typical thing to do is to store this properties file in the same package
-as your Extension implementation, in a file named
-LocalDescriptions.properties.
-
-
-
-
-
5.5. AttributeDefinition Class
-
-
The AttributeDefinition class is used to create the static definition
-of one of a managed resource’s attributes. It’s a bit poorly named
-though, because the same interface is used to define the details of
-parameters to operations, and to define fields in the result of of
-operations.
-
-
-
The definition includes all the static information about the
-attribute/operation parameter/result field, e.g. the DMR ModelType of
-its value, whether its presence is required, whether it supports
-expressions, etc. See
-Description of the
-Management Model for a description of the metadata available. Almost
-all of this comes from the AttributeDefinition.
-
-
-
Besides basic metadata, the AttributeDefinition can also hold custom
-logic the kernel should use when dealing with the attribute/operation
-parameter/result field. For example, a ParameterValidator to use to
-perform special validation of values (beyond basic things like DMR type
-checks and defined/undefined checks), or an AttributeParser or
-AttributeMarshaller to use to perform customized parsing from and
-marshaling to XML.
-
-
-
WildFly Core’s controller module provides a number of subclasses of
-AttributeDefinition used for the usual kinds of attributes. For each
-there is an associated builder class which you should use to build the
-AttributeDefinition. Most commonly used are
-SimpleAttributeDefinition, built by the associated
-SimpleAttributeDefinitionBuilder. This is used for attributes whose
-values are analogous to java primitives, String or byte[]. For
-collections, there are various subclasses of ListAttributeDefinition
-and MapAttributeDefinition. All have a Builder inner class. For
-complex attributes, i.e. those with a fixed set of fully defined fields,
-use ObjectTypeAttributeDefinition. (Each field in the complex type is
-itself specified by an AttributeDefinition.) Finally there’s
-ObjectListAttributeDefinition and ObjectMapAttributeDefinition for
-lists whose elements are complex types and maps whose values are complex
-types respectively.
-
-
-
Here’s an example of creating a simple attribute definition with extra
-validation of the range of allowed values:
-
-
-
-
staticfinal AttributeDefinition QUEUE_LENGTH = new SimpleAttributeDefinitionBuilder("queue-length", ModelType.INT)
- .setRequired(true)
- .setAllowExpression(true)
- .setValidator(new IntRangeValidator(1, Integer.MAX_VALUE))
- .setRestartAllServices() // means modification after resource add puts the server in reload-required
- .build();
-
-
-
-
Via a bit of dark magic, the kernel knows that the IntRangeValidator
-defined here is a reliable source of information on min and max values
-for the attribute, so when creating the read-resource-description
-output for the attribute it will use it and output min and max
-metadata. For STRING attributes, StringLengthValidator can also be
-used, and the kernel will see this and provide min-length and
-max-length metadata. In both cases the kernel is checking for the
-presence of a MinMaxValidator and if found it provides the appropriate
-metadata based on the type of the attribute.
-
-
-
Use EnumValidator to restrict a STRING attribute’s values to a set of
-legal values:
EnumValidator is an implementation of AllowedValuesValidator that
-works with Java enums. You can use other implementations or write your
-own to do other types of restriction to certain values.
-
-
-
Via a bit of dark magic similar to what is done with MinMaxValidator,
-the kernel recognizes the presence of an AllowedValuesValidator and
-uses it to seed the allowed-values metadata in
-read-resource-description output.
-
-
-
5.5.1. Key Uses of AttributeDefinition
-
-
Your AttributeDefinition instances will be some of the most commonly
-used objects in your extension code. Following are the most typical
-uses. In each of these examples assume there is a
-SimpleAttributeDefinition stored in a constant FOO_AD that is
-available to the code. Typically FOO_AD would be a constant in the
-relevant ResourceDefinition implementation class. Assume FOO_AD
-represents an INT attribute.
-
-
-
Note that for all of these cases except for "Use in Extracting Data from
-the Configuration Model for Use in Runtime Services" there may be
-utility code that handles this for you. For example
-PersistentResourceXMLParser can handle the XML cases, and
-AbstractAddStepHandler can handle the "Use in Storing Data Provided by
-the User to the Configuration Model" case.
-
-
-
Use in XML Parsing
-
-
Here we have your extension’s implementation of
-XMLElementReader<List<ModelNode>> that is being used to parse the xml
-for your subsystem and add ModelNode operations to the list that will
-be used to boot the server.
-
-
-
-
@Override
- publicvoid readElement(final XMLExtendedStreamReader reader, finalList<ModelNode> operationList) throws XMLStreamException {
- // Create a node for the op to add our subsystem
- ModelNode addOp = new ModelNode();
- addOp.get("address").add("subsystem", "mysubsystem");
- addOp.get("operation").set("add");
- operationList.add(addOp);
-
- for (int i = 0; i < reader.getAttributeCount(); i++) {
- finalString value = reader.getAttributeValue(i);
- finalString attribute = reader.getAttributeLocalName(i);
- if (FOO_AD.getXmlName().equals(attribute) {
- FOO_AD.parseAndSetParameter(value, addOp, reader);
- } else ....
- }
-
- ... more parsing
- }
-
-
-
-
Note that the parsing code has deliberately been abbreviated. The key
-point is the parseAndSetParameter call. FOO_AD will validate the
-value read from XML, throwing an XMLStreamException with a useful
-message if invalid, including a reference to the current location of the
-reader. If valid, value will be converted to a DMR ModelNode of
-the appropriate type and stored as a parameter field of addOp. The
-name of the parameter will be what FOO_AD.getName() returns.
-
-
-
If you use PersistentResourceXMLParser this parsing logic is handled
-for you and you don’t need to write it yourself.
-
-
-
-
Use in Storing Data Provided by the User to the Configuration Model
-
-
Here we illustrate code in an OperationStepHandler that extracts a
-value from a user-provided operation and stores it in the internal
-model:
-
-
-
-
@Override
- publicvoid execute(OperationContext context, ModelNode operation) throws OperationFailedException {
- // Get the Resource targeted by this operation
- Resource resource = context.readResourceForUpdate(PathAddress.EMPTY_ADDRESS);
- ModelNode model = resource.getModel();
- // Store the value of any 'foo' param to the model's 'foo' attribute
- FOO_AD.validateAndSet(operation, model);
-
- ... do other stuff
- }
-
-
-
-
As the name implies validateAndSet will validate the value in
-operation before setting it. A validation failure will result in an
-OperationFailedException with an appropriate message, which the kernel
-will use to provide a failure response to the user.
-
-
-
Note that validateAndSet will not perform expression resolution.
-Expression resolution is not appropriate at this stage, when we are just
-trying to store data to the persistent configuration model. However, it
-will check for expressions and fail validation if found and FOO_AD
-wasn’t built with setAllowExpressions(true).
-
-
-
This work of storing data to the configuration model is usually done in
-handlers for the add and write-attribute operations. If you base
-your handler implementations on the standard classes provided by WildFly
-Core, this part of the work will be handled for you.
-
-
-
-
Use in Extracting Data from the Configuration Model for Use in
-
-
Runtime Services
-
-
-
This is the example you are most likely to use in your code, as this is
-where data needs to be extracted from the configuration model and passed
-to your runtime services. What your services need is custom, so there’s
-no utility code we provide.
-
-
-
Assume as part of … do other stuff in the last example that your
-handler adds a step to do further work once operation execution proceeds
-to RUNTIME state (see Operation Execution and the OperationContext for
-more on what this means):
-
-
-
-
context.addStep(new OperationStepHandler() {
- @Override
- publicvoid execute(OperationContext context, ModelNode operation) throws OperationFailedException {
-
- // Get the Resource targetted by this operation
- Resource resource = context.readResource(PathAddress.EMPTY_ADDRESS);
- ModelNode model = resource.getModel();
- // Extract the value of the 'foo' attribute from the model
- int foo = FOO_AD.resolveModelAttribute(context, model).asInt();
-
- Service<XyZ> service = new MyService(foo);
-
- ... do other stuff, like install 'service' with MSC
- }
- }, Stage.RUNTIME);
-
-
-
-
Use resolveModelAttribute to extract data from the model. It does a
-number of things:
-
-
-
-
-
reads the value from the model
-
-
-
if it’s an expression and expressions are supported, resolves it
-
-
-
if it’s undefined and undefined is allowed but FOO_AD was configured
-with a default value, uses the default value
-
-
-
validates the result of that (which is how we check that expressions
-resolve to legal values), throwing OperationFailedException with a
-useful message if invalid
-
-
-
returns that as a ModelNode
-
-
-
-
-
If when you built FOO_AD you configured it such that the user must
-provide a value, or if you configured it with a default value, then you
-know the return value of resolveModelAttribute will be a defined
-ModelNode. Hence you can safely perform type conversions with it, as
-we do in the example above with the call to asInt(). If FOO_AD was
-configured such that it’s possible that the attribute won’t have a
-defined value, you need to guard against that, e.g.:
Your Extension must register an
-XMLElementWriter<SubsystemMarshallingContext> for each subsystem. This
-is used to marshal the subsystem’s configuration to XML. If you don’t
-use PersistentResourceXMLParser for this you’ll need to write your own
-marshaling code, and AttributeDefinition will be used.
-
-
-
-
@Override
- publicvoid writeContent(XMLExtendedStreamWriter writer, SubsystemMarshallingContext context) throws XMLStreamException {
- context.startSubsystemElement(Namespace.CURRENT.getUriString(), false);
-
- ModelNode subsystemModel = context.getModelNode();
- // we persist foo as an xml attribute
- FOO_AD.marshalAsAttribute(subsystemModel, writer);
- // We also have a different attribute that we marshal as an element
- BAR_AD.marshalAsElement(subsystemModel, writer);
- }
-
-
-
-
The SubsystemMarshallingContext provides a ModelNode that represents
-the entire resource tree for the subsystem (including child resources).
-Your XMLElementWriter should walk through that model, using
-marshalAsAttribute or marshalAsElement to write the attributes in
-each resource. If the model includes child node trees that represent
-child resources, create child xml elements for those and continue down
-the tree.
-
-
-
-
-
-
5.6. OperationDefinition and OperationStepHandler Interfaces
-
-
OperationDefinition defines an operation, particularly its name, its
-parameters and the details of any result value, with
-AttributeDefinition instances used to define the parameters and result
-details. The OperationDefinition is used to generate the
-read-operation-description output for the operation, and in some cases
-is also used by the kernel to decide details as to how to execute the
-operation.
-
-
-
Typically SimpleOperationDefinitionBuilder is used to create an
-OperationDefinition. Usually you only need to create an
-OperationDefinition for custom operations. For the common add and
-remove operations, if you provide minimal information about your
-handlers to your SimpleResourceDefinition implementation via the
-Parameters object passed to its constructor, then
-SimpleResourceDefinition can generate a correct OperationDefinition
-for those operations.
-
-
-
The OperationStepHandler is what contains the actual logic for doing
-what the user requests when they invoke an operation. As its name
-implies, each OSH is responsible for doing one step in the overall
-sequence of things necessary to give effect to what the user requested.
-One of the things an OSH can do is add other steps, with the result that
-an overall operation can involve a great number of OSHs executing. (See
-Operation Execution and the OperationContext for more on this.)
-
-
-
Each OSH is provided in its execute method with a reference to the
-OperationContext that is controlling the overall operation, plus an
-operationModelNode that represents the operation that particular
-OSH is being asked to deal with. The operation node will be of
-ModelType.OBJECT with the following key/value pairs:
-
-
-
-
-
a key named operation with a value of ModelType.STRING that
-represents the name of the operation. Typically an OSH doesn’t care
-about this information as it is written for an operation with a
-particular name and will only be invoked for that operation.
-
-
-
a key named address with a value of ModelType.LIST with list
-elements of ModelType.PROPERTY. This value represents the address of
-the resource the operation targets. If this key is not present or the
-value is undefined or an empty list, the target is the root resource.
-Typically an OSH doesn’t care about this information as it can more
-efficiently get the address from the OperationContext via its
-getCurrentAddress() method.
-
-
-
other key/value pairs that represent parameters to the operation, with
-the key the name of the parameter. This is the main information an OSH
-would want from the operation node.
-
-
-
-
-
There are a variety of situations where extension code will instantiate
-an OperationStepHandler
-
-
-
-
-
When registering a writable attribute with a
-ManagementResourceRegistration (typically in an implementation of
-ResourceDefinition.registerAttributes), an OSH must be provided to
-handle the write-attribute operation.
-
-
-
When registering a read-only or read-write attribute that needs
-special handling of the read-attribute operation, an OSH must be
-provided.
-
-
-
When registering a metric attribute, an OSH must be provided to handle
-the read-attribute operation.
-
-
-
Most resources need OSHs created for the add and remove
-operations. These are passed to the Parameters object given to the
-SimpleResourceDefinition constructor, for use by the
-SimpleResourceDefinition in its implementation of the
-registerOperations method.
-
-
-
If your resource has custom operations, you will instantiate them to
-register with a ManagementResourceRegistration, typically in an
-implementation of ResourceDefinition.registerOperations
-
-
-
If an OSH needs to tell the OperationContext to add additional steps
-to do further handling, the OSH will create another OSH to execute that
-step. This second OSH is typically an inner class of the first OSH.
-
-
-
-
-
-
5.7. Operation Execution and the OperationContext
-
-
When the ModelController at the heart of the WildFly Core management
-layer handles a request to execute an operation, it instantiates an
-implementation of the OperationContext interface to do the work. The
-OperationContext is configured with an initial list of operation steps
-it must execute. This is done in one of two ways:
-
-
-
-
-
During boot, multiple steps are configured, one for each operation in
-the list generated by the parser of the xml configuration file. For each
-operation, the ModelController finds the
-ManagementResourceRegistration that matches the address of the
-operation and finds the OperationStepHandler registered with that MRR
-for the operation’s name. A step is added to the OperationContext for
-each operation by providing the operation ModelNode itself, plus the
-OperationStepHandler.
-
-
-
After boot, any management request involves only a single operation,
-so only a single step is added. (Note that a composite operation is
-still a single operation; it’s just one that internally executes via
-multiple steps.)
-
-
-
-
-
The ModelController then asks the OperationContext to execute the
-operation.
-
-
-
The OperationContext acts as both the engine for operation execution,
-and as the interface provided to OperationStepHandler implementations
-to let them interact with the rest of the system.
-
-
-
5.7.1. Execution Process
-
-
Operation execution proceeds via execution by the OperationContext of
-a series of "steps" with an OperationStepHandler doing the key work
-for each step. As mentioned above, during boot the OC is initially
-configured with a number of steps, but post boot operations involve only
-a single step initially. But even a post-boot operation can end up
-involving numerous steps before completion. In the case of a
-/:read-resource(recursive=true) operation, thousands of steps might
-execute. This is possible because one of the key things an
-OperationStepHandler can do is ask the OperationContext to add
-additional steps to execute later.
-
-
-
Execution proceeds via a series of "stages", with a queue of steps
-maintained for each stage. An OperationStepHandler can tell the
-OperationContext to add a step for any stage equal to or later than
-the currently executing stage. The instruction can either be to add the
-step to the head of the queue for the stage or to place it at the end of
-the stage’s queue.
-
-
-
Execution of a stage continues until there are no longer any steps in
-the stage’s queue. Then an internal transition task can execute, and the
-processing of the next stage’s steps begins.
-
-
-
Here is some brief information about each stage:
-
-
-
Stage.MODEL
-
-
This stage is concerned with interacting with the persistent
-configuration model, either making changes to it or reading information
-from it. Handlers for this stage should not make changes to the runtime,
-and handlers running after this stage should not make changes to the
-persistent configuration model.
-
-
-
If any step fails during this stage, the operation will automatically
-roll back. Rollback of MODEL stage failures cannot be turned off.
-Rollback during boot results in abort of the process start.
-
-
-
The initial step or steps added to the OperationContext by the
-ModelController all execute in Stage.MODEL. This means that all
-OperationStepHandler instances your extension registers with a
-ManagementResourceRegistration must be designed for execution in
-Stage.MODEL. If you need work done in later stages your Stage.MODEL
-handler must add a step for that work.
-
-
-
When this stage completes, the OperationContext internally performs
-model validation work before proceeding on to the next stage. Validation
-failures will result in rollback.
-
-
-
-
Stage.RUNTIME
-
-
This stage is concerned with interacting with the server runtime, either
-reading from it or modifying it (e.g. installing or removing services or
-updating their configuration.) By the time this stage begins, all model
-changes are complete and model validity has been checked. So typically
-handlers in this stage read their inputs from the model, not from the
-original operationModelNode provided by the user.
-
-
-
Most OperationStepHandler logic written by extension authors will be
-for Stage.RUNTIME. The vast majority of Stage.MODEL handling can best be
-performed by the base handler classes WildFly Core provides in its
-controller module. (See below for more on those.)
-
-
-
During boot failures in Stage.RUNTIME will not trigger rollback and
-abort of the server boot. After boot, by default failures here will
-trigger rollback, but users can prevent that by using the
-rollback-on-runtime-failure header. However, a RuntimeException thrown
-by a handler will trigger rollback.
-
-
-
At the end of Stage.RUNTIME, the OperationContext blocks waiting for
-the MSC service container to stabilize (i.e. for all services to have
-reached a rest state) before moving on to the next stage.
-
-
-
-
Stage.VERIFY
-
-
Service container verification work is performed in this stage, checking
-that any MSC changes made in Stage.RUNTIME had the expected effect.
-Typically extension authors do not add any steps in this stage, as the
-steps automatically added by the OperationContext itself are all that
-are needed. You can add a step here though if you have an unusual use
-case where you need to verify something after MSC has stabilized.
-
-
-
Handlers in this stage should not make any further runtime changes;
-their purpose is simply to do verification work and fail the operation
-if verification is unsuccessful.
-
-
-
During boot failures in Stage.VERIFY will not trigger rollback and
-abort of the server boot. After boot, by default failures here will
-trigger rollback, but users can prevent that by using the
-rollback-on-runtime-failure header. However, a RuntimeException thrown
-by a handler will trigger rollback.
-
-
-
There is no special transition work at the end of this stage.
-
-
-
-
Stage.DOMAIN
-
-
Extension authors should not add steps in this stage; it is only for use
-by the kernel.
-
-
-
Steps needed to execute rollout across the domain of an operation that
-affects multiple processes in a managed domain run here. This stage is
-only run on Host Contoller processes, never on servers.
-
-
-
-
Stage.DONE and ResultHandler / RollbackHandler Execution
-
-
This stage doesn’t maintain a queue of steps; no OperationStepHandler
-executes here. What does happen here is persistence of any configuration
-changes to the xml file and commit or rollback of changes affecting
-multiple processes in a managed domain.
-
-
-
While no OperationStepHandler executes in this stage, following
-persistence and transaction commit all ResultHandler or
-RollbackHandler callbacks registered with the OperationContext by
-the steps that executed are invoked. This is done in the reverse order
-of step execution, so the callback for the last step to run is the first
-to be executed. The most common thing for a callback to do is to respond
-to a rollback by doing whatever is necessary to reverse changes made in
-Stage.RUNTIME. (No reversal of Stage.MODEL changes is needed,
-because if an operation rolls back the updated model produced by the
-operation is simply never published and is discarded.)
-
-
-
-
Tips About Adding Steps
-
-
Here are some useful tips about how to add steps:
-
-
-
-
-
Add a step to the head of the current stage’s queue if you want it to
-execute next, prior to any other steps. Typically you would use this
-technique if you are trying to decompose some complex work into pieces,
-with reusable logic handling each piece. There would be an
-OperationStepHandler for each part of the work, added to the head of
-the queue in the correct sequence. This would be a pretty advanced use
-case for an extension author but is quite common in the handlers
-provided by the kernel.
-
-
-
Add a step to the end of the queue if either you don’t care when it
-executes or if you do care and want to be sure it executes after any
-already registered steps.
-
-
-
-
A very common example of this is a Stage.MODEL handler adding a
-step for its associated Stage.RUNTIME work. If there are multiple
-model steps that will execute (e.g. at boot or as part of handling a
-composite), each will want to add a runtime step, and likely the best
-order for those runtime steps is the same as the order of the model
-steps. So if each adds its runtime step at the end, the desired result
-will be achieved.
-
-
-
A more sophisticated but important scenario is when a step may or may
-not be executing as part of a larger set of steps, i.e. it may be one
-step in a composite or it may not. There is no way for the handler to
-know. But it can assume that if it is part of a composite, the steps for
-the other operations in the composite are already registered in the
-queue. (The handler for the composite op guarantees this.) So, if it
-wants to do some work (say validation of the relationship between
-different attributes or resources) the input to which may be affected by
-possible other already registered steps, instead of doing that work
-itself, it should register a different step at the end of the queue
-and have that step do the work. This will ensure that when the
-validation step runs, the other steps in the composite will have had a
-chance to do their work. Rule of thumb: always doing any extra
-validation work in an added step.
-
-
-
-
-
-
-
-
Passing Data to an Added Step
-
-
Often a handler author will want to share state between the handler for
-a step it adds and the handler that added it. There are a number of ways
-this can be done:
-
-
-
-
-
Very often the OperationStepHandler for the added class is an inner
-class of the handler that adds it. So here sharing state is easily done
-using final variables in the outer class.
-
-
-
The handler for the added step can accept values passed to its
-constructor which can serve as shared state.
-
-
-
The OperationContext includes an Attachment API which allows
-arbitary data to be attached to the context and retrieved by any handler
-that has access to the attachment key.
-
-
-
The OperationContext.addStep methods include overloaded variants
-where the caller can pass in an operationModelNode that will in
-turn be passed to the execute method of the handler for the added
-step. So, state can be passed via this ModelNode. It’s important to
-remember though that the address field of the operation will govern
-what the OperationContext sees as the target of operation when that
-added step’s handler executes.
-
-
-
-
-
-
Controlling Output from an Added Step
-
-
When an OperationStepHandler wants to report an operation result, it
-calls the OperationContext.getResult() method and manipulates the
-returned ModelNode. Similarly for failure messages it can call
-OperationContext.getFailureDescription(). The usual assumption when
-such a call is made is that the result or failure description being
-modified is the one at the root of the response to the end user. But
-this is not necessarily the case.
-
-
-
When an OperationStepHandler adds a step it can use one of the
-overloaded OperationContext.addStep variants that takes a response
-ModelNode parameter. If it does, whatever ModelNode it passes in
-will be what is updated as a result of OperationContext.getResult()
-and OperationContext.getFailureDescription() calls by the step’s
-handler. This node does not need to be one that is directly associated
-with the response to the user.
-
-
-
How then does the handler that adds a step in this manner make use of
-whatever results the added step produces, since the added step will not
-run until the adding step completes execution? There are a couple of
-ways this can be done.
-
-
-
The first is to add yet another step, and provide it a reference to the
-response node used by the second step. It will execute after the
-second step and can read its response and use it in formulating its own
-response.
-
-
-
The second way involves using a ResultHandler. The ResultHandler for
-a step will execute after any step that it adds executes. And, it is
-legal for a ResultHandler to manipulate the "result" value for an
-operation, or its "failure-description" in case of failure. So, the
-handler that adds a step can provide to its ResultHandler a reference
-to the response node it passed to addStep, and the ResultHandler
-can in turn and use its contents to manipulate its own response.
-
-
-
This kind of handling wouldn’t commonly be done by extension authors and
-great care needs to be taken if it is done. It is often done in some of
-the kernel handlers.
-
-
-
-
-
-
5.7.2. OperationStepHandler use of the OperationContext
-
-
All useful work an OperationStepHandler performs is done by invoking
-methods on the OperationContext. The OperationContext interface is
-extensively javadoced, so this section will just provide a brief partial
-overview. The OSH can use the OperationContext to:
-
-
-
-
-
Learn about the environment in which it is executing (
-getProcessType, getRunningMode, isBooting, getCurrentStage,
-getCallEnvironment, getSecurityIdentity, isDefaultRequiresRuntime,
-isNormalServer)
-
-
-
Learn about the operation ( getCurrentAddress,
-getCurrentAddressValue, getAttachmentStream,
-getAttachmentStreamCount)
-
-
-
Read the Resource tree ( readResource, readResourceFromRoot,
-getOriginalRootResource)
-
-
-
Manipulate the Resource tree ( createResource, addResource,
-readResourceForUpdate, removeResource)
-
-
-
Read the resource type information ( getResourceRegistration,
-getRootResourceRegistration)
-
-
-
Manipulate the resource type information (
-getResourceRegistrationForUpdate)
-
-
-
Read the MSC service container ( getServiceRegistry(false))
-
-
-
Manipulate the MSC service container ( getServiceTarget,
-getServiceRegistry(true), removeService)
-
-
-
Manipulate the process state ( reloadRequired,
-revertReloadRequired, restartRequired, revertRestartRequired
-
-
-
Resolve expressions ( resolveExpressions)
-
-
-
Manipulate the operation response ( getResult,
-getFailureDescription, attachResultStream, runtimeUpdateSkipped)
-
-
-
Force operation rollback ( setRollbackOnly)
-
-
-
Add other steps ( addStep)
-
-
-
Share data with other steps ( attach, attachIfAbsent,
-getAttachment, detach)
-
-
-
Work with capabilities (numerous methods)
-
-
-
Emit notifications ( emit)
-
-
-
Request a callback to a ResultHandler or RollbackHandler (
-completeStep)
-
-
-
-
-
-
5.7.3. Locking and Change Visibility
-
-
The ModelController and OperationContext work together to ensure
-that only one operation at a time is modifying the state of the system.
-This is done via an exclusive lock maintained by the ModelController.
-Any operation that does not need to write never requests the lock and is
-able to proceed without being blocked by an operation that holds the
-lock (i.e. writes do not block reads.) If two operations wish to
-concurrently write, one or the other will get the lock and the loser
-will block waiting for the winner to complete and release the lock.
-
-
-
The OperationContext requests the exclusive lock the first time any of
-the following occur:
-
-
-
-
-
A step calls one of its methods that indicates a wish to modify the
-resource tree ( createResource, addResource,
-readResourceForUpdate, removeResource)
-
-
-
A step calls one of its methods that indicates a wish to modify the
-ManagementResourceRegistration tree (
-getResourceRegistrationForUpdate)
-
-
-
A step calls one of its methods that indicates a desire to change MSC
-services ( getServiceTarget, removeService or getServiceRegistry
-with the modify param set to true)
-
-
-
A step calls one of its methods that manipulates the capability
-registry (various)
-
-
-
A step explicitly requests the lock by calling the
-acquireControllerLock method (doing this is discouraged)
-
-
-
-
-
The step that acquired the lock is tracked, and the lock is released
-when the ResultHandler added by that step has executed. (If the step
-doesn’t add a result handler, a default no-op one is automatically
-added).
-
-
-
When an operation first expresses a desire to manipulate the Resource
-tree or the capability registry, a private copy of the tree or registry
-is created and thereafter the OperationContext works with that copy.
-The copy is published back to the ModelController in Stage.DONE if
-the operation commits. Until that happens any changes to the tree or
-capability registry made by the operation are invisible to other
-threads. If the operation does not commit, the private copies are simply
-discarded.
-
-
-
However, the OperationContext does not make a private copy of the
-ManagementResourceRegistration tree before manipulating it, nor is
-there a private copy of the MSC service container. So, any changes made
-by an operation to either of those are immediately visible to other
-threads.
-
-
-
-
-
5.8. Resource Interface
-
-
An instance of the Resource interface holds the state for a particular
-instance of a type defined by a ManagementResourceRegistration.
-Referring back to the analogy mentioned earlier the
-ManagementResourceRegistration is analogous to a Java class while the
-Resource is analogous to an instance of that class.
-
-
-
The Resource makes available state information, primarily
-
-
-
-
-
Some descriptive metadata, such as its address, whether it is
-runtime-only and whether it represents a proxy to a another primary
-resource that resides on another process in a managed domain
-
-
-
A ModelNode of ModelType.OBJECT whose keys are the resource’s
-attributes and whose values are the attribute values
-
-
-
Links to child resources such that the resources form a tree
-
-
-
-
-
5.8.1. Creating Resources
-
-
Typically extensions create resources via OperationStepHandler calls
-to the OperationContext.createResource method. However it is allowed
-for handlers to use their own Resource implementations by
-instantiating the resource and invoking OperationContext.addResource.
-The AbstractModelResource class can be used as a base class.
-
-
-
-
5.8.2. Runtime-Only and Synthetic Resources and the PlaceholderResourceEntry Class
-
-
A runtime-only resource is one whose state is not persisted to the xml
-configuration file. Many runtime-only resources are also "synthetic"
-meaning they are not added or removed as a result of user initiated
-management operations. Rather these resources are "synthesized" in order
-to allow users to use the management API to examine some aspect of the
-internal state of the process. A good example of synthetic resources are
-the resources in the /core-service=platform-mbeans branch of the
-resource tree. There are resources there that represent various aspects
-of the JVM (classloaders, memory pools, etc) but which resources are
-present entirely depends on what the JVM is doing, not on any management
-action. Another example are resources representing "core queues" in the
-WildFly messaging and messaging-artemismq subsystems. Queues are created
-as a result of activity in the message broker which may not involve
-calls to the management API. But for each such queue a management
-resource is available to allow management users to perform management
-operations against the queue.
-
-
-
It is a requirement of execution of a management operation that the
-OperationContext can navigate through the resource tree to a
-Resource object located at the address specified. This requirement
-holds true even for synthetic resources. How can this be handled, given
-the fact these resources are not created in response to management
-operations?
-
-
-
The trick involves using special implementations of Resource. Let’s
-imagine a simple case where we have a parent resource which is fairly
-normal (i.e. it holds persistent configuration and is added via a user’s
-add operation) except for the fact that one of its child types
-represents synthetic resources (e.g. message queues). How would this be
-handled?
-
-
-
First, the parent resource would require a custom implementation of the
-Resource interface. The OperationStepHandler for the add operation
-would instantiate it, providing it with access to whatever API is needed
-for it to work out what items exist for which a synthetic resource
-should be made available (e.g. an API provided by the message broker
-that provides access to its queues). The add handler would use the
-OperationContext.addResource method to tie this custom resource into
-the overall resource tree.
-
-
-
The custom Resource implementation would use special implementations
-of the various methods that relate to accessing children. For all calls
-that relate to the synthetic child type (e.g. core-queue) the custom
-implementation would use whatever API call is needed to provide the
-correct data for that child type (e.g. ask the message broker for the
-names of queues).
-
-
-
A nice strategy for creating such a custom resource is to use
-delegation. Use Resource.Factory.create}() to create a standard
-resource. Then pass it to the constructor of your custom resource type
-for use as a delegate. The custom resource type’s logic is focused on
-the synthetic children; all other work it passes on to the delegate.
-
-
-
What about the synthetic resources themselves, i.e. the leaf nodes in
-this part of the tree? These are created on the fly by the parent
-resource in response to getChild, requireChild, getChildren and
-navigate calls that target the synthetic resource type. These
-created-on-the-fly resources can be very lightweight, since they store
-no configuration model and have no children. The
-PlaceholderResourceEntry class is perfect for this. It’s a very
-lightweight Resource implementation with minimal logic that only
-stores the final element of the resource’s address as state.
-
-
-
See LoggingResource in the WildFly Core logging subsystem for an
-example of this kind of thing. Searching for other uses of
-PlaceholderResourceEntry will show other examples.
-
-
-
-
-
5.9. DeploymentUnitProcessor Interface
-
-
TODO
-
-
-
-
5.10. Useful classes for implementing OperationStepHandler
-
-
The WildFly Core controller module includes a number of
-OperationStepHandler implementations that in some cases you can use
-directly, and that in other cases can serve as the base class for your
-own handler implementation. In all of these a general goal is to
-eliminate the need for your code to do anything in Stage.MODEL while
-providing support for whatever is appropriate for Stage.RUNTIME.
-
-
-
5.10.1. Add Handlers
-
-
AbstractAddStepHandler is a base class for handlers for add
-operations. There are a number of ways you can configure its behavior,
-the most commonly used of which are to:
-
-
-
-
-
Configure its behavior in Stage.MODEL by passing to its constructor
-AttributeDefinition and RuntimeCapability instances for the
-attributes and capabilities provided by the resource. The handler will
-automatically validate the operation parameters whose names match the
-provided attributes and store their values in the model of the newly
-added Resource. It will also record the presence of the given
-capabilities.
-
-
-
Control whether a Stage.RUNTIME step for the operation needs to be
-added, by overriding the
-protected boolean requiresRuntime(OperationContext context) method.
-Doing this is atypical; the standard behavior in the base class is
-appropriate for most cases.
-
-
-
Implement the primary logic of the Stage.RUNTIME step by overriding
-the
-protected void performRuntime(final OperationContext context, final ModelNode operation, final Resource resource)
-method. This is typically the bulk of the code in an
-AbstractAddStepHandler subclass. This is where you read data from the
-Resource model and use it to do things like configure and install MSC
-services.
-
-
-
Handle any unusual needs of any rollback of the Stage.RUNTIME step
-by overriding
-protected void rollbackRuntime(OperationContext context, final ModelNode operation, final Resource resource).
-Doing this is not typically needed, since if the rollback behavior
-needed is simply to remove any MSC services installed in
-performRuntime, the OperationContext will do this for you
-automatically.
-
-
-
-
-
AbstractBoottimeAddStepHandler is a subclass of
-AbstractAddStepHandler meant for use by add operations that should
-only do their normal Stage.RUNTIME work in server, boot, with the
-server being put in reload-required if executed later. Primarily this
-is used for add operations that register DeploymentUnitProcessor
-implementations, as this can only be done at boot.
-
-
-
Usage of AbstractBoottimeAddStepHandler is the same as for
-AbstractAddStepHandler except that instead of overriding
-performRuntime you override
-protected void performBoottime(OperationContext context, ModelNode operation, Resource resource).
-
-
-
A typical thing to do in performBoottime is to add a special step that
-registers one or more DeploymentUnitProcessor s.
-
-
-
-
@Override
- publicvoid performBoottime(OperationContext context, ModelNode operation, final Resource resource)
- throws OperationFailedException {
-
- context.addStep(new AbstractDeploymentChainStep() {
- @Override
- protectedvoid execute(DeploymentProcessorTarget processorTarget) {
-
- processorTarget.addDeploymentProcessor(RequestControllerExtension.SUBSYSTEM_NAME, Phase.STRUCTURE, Phase.STRUCTURE_GLOBAL_REQUEST_CONTROLLER, new RequestControllerDeploymentUnitProcessor());
- }
- }, OperationContext.Stage.RUNTIME);
-
- ... do other things
-
-
-
-
-
5.10.2. Remove Handlers
-
-
TODO AbstractRemoveStepHandlerServiceRemoveStepHandler
Use these for cases where, post-boot, the change to the configuration
-model made by the operation cannot be reflected in the runtime until the
-process is reloaded. These handle the mechanics of recording the need
-for reload and reverting it if the operation rolls back.
Use these in cases where a management resource doesn’t directly control
-any runtime services, but instead simply represents a chunk of
-configuration that a parent resource uses to configure services it
-installs. (Really, this kind of situation is now considered to be a poor
-management API design and is discouraged. Instead of using child
-resources for configuration chunks, complex attributes on the parent
-resource should be used.)
-
-
-
These handlers help you deal with the mechanics of the fact that,
-post-boot, any change to the child resource likely requires a restart of
-the service provided by the parent.
Use these for cases where the operation never affects the runtime, even
-at boot. All it does is update the configuration model. In most cases
-such a thing would be odd. These are primarily useful for legacy
-subsystems that are no longer usable on current version servers and thus
-will never do anything in the runtime. However, current version Domain
-Controllers must be able to understand the subsystem’s configuration
-model to allow them to manage older Host Controllers running previous
-versions where the subsystem is still usable by servers. So these
-handlers allow the DC to maintain the configuration model for the
-subsystem.
-
-
-
-
5.10.7. Misc
-
-
AbstractRuntimeOnlyHandler is used for custom operations that don’t
-involve the configuration model. Create a subclass and implement the
-protected abstract void executeRuntimeStep(OperationContext context, ModelNode operation)
-method. The superclass takes care of adding a Stage.RUNTIME step that
-calls your method.
-
-
-
ReadResourceNameOperationStepHandler is for cases where a resource
-type includes a 'name' attribute whose value is simply the value of the
-last element in the resource’s address. There is no need to store the
-value of such an attribute in the resource’s model, since it can always
-be determined from the resource address. But, if the value is not stored
-in the resource model, when the attribute is registered with
-ManagementResourceRegistration.registerReadAttribute an
-OperationStepHandler to handle the read-attribute operation must be
-provided. Use ReadResourceNameOperationStepHandler for this. (Note
-that including such an attribute in your management API is considered to
-be poor practice as it’s just redundant data.)
-
-
-
-
-
-
-
6. WildFly JNDI Implementation
-
-
-
6.1. Introduction
-
-
This page proposes a reworked WildFly JNDI implementation, and
-new/updated APIs for WildFly subsystem and EE deployment processors
-developers to bind new resources easier.
-
-
-
To support discussion in the community, the content includes a big focus
-on comparing WildFly 29 JNDI implementation with the new proposal, and
-should later evolve to the prime guide for WildFly developers needing to
-interact with JNDI at subsystem level.
-
-
-
-
6.2. Architecture
-
-
WildFly relies on MSC to provide the data source for the JNDI tree. Each
-resource bound in JNDI is stored in a MSC service (BinderService), and
-such services are installed as children of subsystem/deployment
-services, for an automatically unbound as consequence of uninstall of
-the parent services.
-
-
-
Since there is the need to know what entries are bound, and MSC does not
-provides that, there is also the (ServiceBased)NamingStore concept,
-which internally manage the set of service names bound. There are
-multiple naming stores in every WildFly instance, serving different JNDI
-namespaces:
-
-
-
-
-
java:comp - the standard EE namespace for entries scoped to a specific
-component, such as an Jakarta Enterprise Beans
-
-
-
java:module - the standard EE namespace for entries scoped to specific
-module, such as an Jakarta Enterprise Beans jar, and shared by all components in it
-
-
-
java:app - the standard EE namespace for entries scoped to a specific
-application, i.e. EAR, and shared by all modules in it
-
-
-
java:global - the standard EE namespace for entries shared by all
-deployments
-
-
-
java:jboss - a proprietary namespace "global" namespace
-
-
-
java:jboss/exported - a proprietary "global" namespace which entries
-are exposed to remote JNDI
-
-
-
java: - any entries not in the other namespaces
-
-
-
-
-
One particular implementation choice, to save resources, is that JNDI
-contexts by default are not bound, the naming stores will search for any
-entry bound with a name that is a child of the context name, if found
-then its assumed the context exists.
-
-
-
The reworked implementation introduces shared/global java:comp,
-java:module and java:app namespaces. Any entry bound on these will
-automatically be available to every EE deployment scoped instance of
-these namespaces, what should result in a significant reduction of
-binder services, and also of EE deployment processors. Also, the Naming
-subsystem may now configure bind on these shared contexts, and these
-contexts will be available when there is no EE component in the
-invocation, which means that entries such as java:comp/DefaultDatasource
-will always be available.
-
-
-
-
6.3. Binding APIs
-
-
WildFly Naming subsystem exposes high level APIs to bind new JNDI
-resources, there is no need to deal with the low level BinderService
-type anymore.
-
-
-
6.3.1. Subsystem
-
-
At the lowest level a JNDI entry is bound by installing a BinderService
-to a ServiceTarget:
-
-
-
-
- /**
- * Binds a new entry to JNDI.
- * @param serviceTarget the binder service's target
- * @param name the new JNDI entry's name
- * @param value the new JNDI entry's value
- */
- private ServiceController<?> bind(ServiceTarget serviceTarget, String name, Object value) {
-
- // the bind info object provides MSC service names to use when creating the binder service
- final ContextNames.BindInfo bindInfo = ContextNames.bindInfoFor(name);
- final BinderService binderService = new BinderService(bindInfo.getBindName());
-
- // the entry's value is provided by a managed reference factory,
- // since the value may need to be obtained on lookup (e.g. EJB reference)
- final ManagedReferenceFactory managedReferenceFactory = new ImmediateManagedReferenceFactory(value);
-
- return serviceTarget
- // add binder service to specified target
- .addService(bindInfo.getBinderServiceName(), binderService)
- // when started the service will be injected with the factory
- .addInjection(binderService.getManagedObjectInjector(), managedReferenceFactory)
- // the binder service depends on the related naming store service,
- // and on start/stop will add/remove its service name
- .addDependency(bindInfo.getParentContextServiceName(),
- ServiceBasedNamingStore.class,
- binderService.getNamingStoreInjector())
- .install();
- }
-
-
-
-
But the example above is the simplest usage possible, it may become
-quite complicated if the entry’s value is not immediately available, for
-instance it is a value in another MSC service, or is a value in another
-JNDI entry. It’s also quite easy to introduce bugs when working with the
-service names, or incorrectly assume that other MSC functionality, such
-as alias names, may be used.
-
-
-
Using the new high level API, it’s as simple as:
-
-
-
-
// bind an immediate value
-ContextNames.bindInfoFor("java:comp/ORB").bind(serviceTarget, this.orb);
-
-
-// bind value from another JNDI entry (an alias/linkref)
-ContextNames.bindInfoFor("java:global/x").bind(serviceTarget, new JndiName("java:jboss/x"));
-
-
-// bind value obtained from a MSC service
-ContextNames.bindInfoFor("java:global/z").bind(serviceTarget, serviceName);
-
-
-
-
If there is the need to access the binder’s service builder, perhaps to
-add a service verification handler or simply not install the binder
-service right away:
With respect to EE deployments, the subsystem API should not be used,
-since bindings may need to be discarded/overridden, thus a EE deployment
-processor should add a new binding in the form of a
-BindingConfiguration, to the EeModuleDescription or
-ComponentDescription, depending if the bind is specific to a component
-or not. An example of a deployment processor adding a binding:
-
-
-
-
publicclassModuleNameBindingProcessorimplements DeploymentUnitProcessor {
-
- // jndi name objects are immutable
- privatestaticfinal JndiName JNDI_NAME_java_module_ModuleName = new JndiName("java:module/ModuleName");
-
- @Override
- publicvoid deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
-
- final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
- // skip deployment unit if it's the top level EAR
- if (DeploymentTypeMarker.isType(DeploymentType.EAR, deploymentUnit)) {
- return;
- }
-
- // the module's description is in the DUs attachments
- final EEModuleDescription moduleDescription = deploymentUnit
- .getAttachment(org.jboss.as.ee.component.Attachments.EE_MODULE_DESCRIPTION);
- if (moduleDescription == null) {
- return;
- }
-
- // add the java:module/ModuleName binding
- // the value's injection source for an immediate available value
- final InjectionSource injectionSource = new ImmediateInjectionSource(moduleDescription.getModuleName());
-
- // add the binding configuration to the module's description bindings configurations
- moduleDescription.getBindingConfigurations()
- .addDeploymentBinding(new BindingConfiguration(JNDI_NAME_java_module_ModuleName, injectionSource));
- }
-
- //...
-}
-
-
-
-
-
-
-
-
-
-When adding the binding configuration use:
-
-
-
-
-
-
-
-
addDeploymentBinding() for a binding that may not be overriden, such
-as the ones found in xml descriptors
-
-
-
addPlatformBinding() for a binding which may be overriden by a
-deployment descriptor bind or annotation, for instance
-java:comp/DefaultDatasource
-
-
-
-
-
A deployment processor may now also add a binding configuration to all
-components in a module:
-In the reworked implementation there is now no need to behave
-differently considering the deployment type, for instance if deployment
-is a WAR or app client, the Module/Component BindingConfigurations
-objects handle all of that. The processor should simply go for the 3 use
-cases: module binding, component binding or binding shared by all
-components.
-
-
-
-
-
-
-
-
-
-
-
-All deployment binding configurations MUST be added before INSTALL
-phase, this is needed because on such phase, when the bindings are
-actually done, there must be a final set of deployment binding names
-known, such information is need to understand if a resource injection
-targets entries in the global or scoped EE namespaces.
-
-
-
-
-
-
Most cases for adding bindings to EE deployments are in the context of a
-processor deploying a XML descriptor, or scanning deployment classes for
-annotations, and there abstract types, such as the
-AbstractDeploymentDescriptorBindingsProcessor, which simplifies greatly
-the processor code for such use cases.
-
-
-
One particular use case is the parsing of EE Resource Definitions, and
-the reworked implementation provides high level abstract deployment
-processors for both XML descriptor and annotations, an example for each:
-The abstract processors with respect to Resource Definitions are already
-submitted through WFLY-3292’s PR.
-
-
-
-
-
-
-
-
6.4. Resource Ref Processing
-
-
TODO for now no changes on this in the reworked WildFly Naming.
-
-
-
-
-
-
7. CLI extensibility for layered products
-
-
-
In addition to supporting the ServiceLoader extension mechanism to load
-command handlers coming from outside of the CLI codebase, starting from
-the wildfly-core-1.0.0.Beta1 release the CLI running in a modular
-classloading environment can be extended with commands exposed in server
-extension modules. The CLI will look for and register extension commands
-when it (re-)connects to the controller by iterating through the
-registered by that time extensions and using the ServiceLoader mechanism
-on the extension modules. (Note, that this mechanism will work only for
-extensions available in the server installation the CLI is launched
-from.)
-
-
-
Here is an example of a simple command handler and its integration.
The final step is to include
-META-INF/services/org.jboss.as.cli.CommandHandlerProvider entry into
-the JAR file containing the classes above with value
-org.jboss.as.test.cli.extensions.ExtCommandHandlerProvider.
As opposed to a using traditional WildFly zip installation that installs it all (all default
-server configurations and all JBoss modules), using Galleon tooling
-you can choose to install a complete or customized WildFly server.
-
-
-
More information on Galleon features and tooling can be found in the Galleon docs.
WildFly provides a Galleon feature-pack maven artifact (a zipped file that contains
-everything needed to dynamically provision a server).
-This feature-pack, as well as the feature-packs on which its depends,
-are deployed in public maven repositories.
-
-
-
When Galleon is used to install WildFly, WildFly feature-packs are retrieved and
-their content is assembled to create an installation.
The Galleon maven plugin or Galleon CLI are used to install WildFly. The latest CLI and documentation can be downloaded
-from the Galleon releases page.
-
-
-
To install the latest final version of WildFly into the directory my-wildfly-server call:
Once installed, the directory my-wildfly-server contains all that is expected to run a complete WildFly server.
-By default, all standalone and domain configurations are installed.
-
-
-
-
-
-
-
-
-
-
Append the release version to install an identified release, for example:
A default configuration is identified by <configuration model>/<configuration name>. WildFly defines standalone and domain models.
-The configuration name is the XML configuration file name (e.g.: standalone.xml, domain.xml, standalone-ha.xml).
WildFly Galleon feature-packs expose some Galleon layers.
-A layer identifies one or more server capabilities that can be installed on its own or
-in combination with other layers. For example, if your application (e.g. a microservice)
-is only making use of Jakarta-RESTful-Web-Services, MicroProfile Config and CDI server capabilities, you can choose to only install
-the jaxrs, microprofile-config and cdi layers. The standalone.xml configuration would then only contain the
-required subsystems and their dependencies.
-
-
-
The benefit to installing WildFly using Galleon layers, in addition to configuration
-trim down, is that Galleon only installs the needed content (JBoss Modules modules, scripts, etc.)
-
-
-
To install a server only configured with the Jakarta-RESTful-Web-Services and CDI capabilities call:
Once installed, the directory my-wildfly-server contains all that is expected to deploy an application
-that depends on Jakarta-RESTful-Web-Services and CDI.
-
-
-
Some layers optionally depend on other layers; i.e. the features provided by layer can and by default do make use
-of those from another layer, but if those are not present things will still work fine. In such a case if you do not
-want the optional capabilities you can exclude the optional layer by prefixing its name with a '-'. For example
-to exclude the optional CDI dependency on Jakarta Bean Validation:
Tools (jboss-cli, add-user, …) are not always installed when installing WildFly using layers.
-In some cases, depending on what layers you use, only server launcher scripts are installed into the bin directory.
-To include these tools include the core-tools layer.
A Galleon layer is a name that identifies a server capability (e.g.: jaxrs,
-ejb, microprofile-config, jpa) or an aggregation of such capabilities. A layer captures a server capability in the form of:
-
-
-
-
-
A piece of server XML configuration (e.g.: extension, configured subsystem, interfaces) that describes the capability.
-
-
-
A set of modules and other filesystem content that implements the capability.
-
-
-
-
-
When you are using a layer, it delivers these pieces of information in order for
-Galleon to assemble a server containing only the required configuration and modules.
-
-
-
In the tables below we provide basic information about all of the layers WildFly provides.
-
-
-
Besides the layer names and a brief description of each, the tables below detail the various dependency relationships
-between layers. If the capabilities provided by a layer A require capabilities provided by another layer B, then layer A will depend on layer B.
-If you ask for layer A, then Galleon will automatically provide B as well. In some cases A’s dependency on B can be optional; that
-is A typically comes with B, but can function without it. In this case if you ask for A by default Galleon will provide B as well,
-but you can tell Galleon to exclude B.
-
-
-
Some layers are logical alternatives to other layers. If two layers are alternatives to each other they both provide the same general
-capabilities, but with different implementation characteristics. For example a number of layers provide the capability to cache different
-types of objects. These layers typically come in pairs of alternatives, where one alternative provides local caching, while the other provides
-distributed caching. If a layer you want has an optional dependency on a layer that has an alternative, you can exclude that dependency
-and instead specify the alternative. If a layer has an alternative the Description column in the tables below will identify it.
-
-
-
-
-
-
-
-
-
-
If the elytron layer is present, security will be handled by the elytron subsystem.
-The undertow and ejb subsystems are configured with an otherapplication-security-domain that references the Elytron ApplicationDomain security domain.
A single Galleon layer can provide a relatively small set of capabilities, but most users will want to start with a broader set
-of capabilities without having to spell out all the details. To help with this WildFly provides a few foundational layers
-all of which provide typical core WildFly capabilities like the logging subsystem and a secure remote management interface.
-
-
-
You don’t have to base your WildFly installation on one of these foundational layers, but doing so may be more convenient.
A typical manageable server core. This layer could serve as a base for a more
-specialized WildFly that doesn’t need the capabilities provided by the other foundational layers.
Support for the Undertow HTTP server. Provides servlet support but does not provide typical EE integration like resource injection.
-Use web-server for a servlet container with EE integration.
Support for distributable web applications. Configures a non-local Infinispan-based container web cache for data session handling suitable to clustering environments.
Support for loading the HAL web console from the /console context on the HTTP
-management interface. Not required to use a HAL console obtained independently
-and configured to connect to the server.
Support for distributable web applications. Configures a local Infinispan-based container web cache for data session handling suitable to single node environments.
-References in this document to Java Persistence API (JPA) refer to the Jakarta Persistence unless otherwise noted.
- References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
-
This guide will walk you through installing and starting up JBoss WildFly. It will then introduce key features of the Jakarta EE (Web Profile) programming model, of which JBoss WildFly is a certified implementation.
-
-
-
-
-
-
-
-
-
Jakarta EE
-
-
The Jakarta EE platform offers developers the ability to write
-distributed, transactional and portable applications quickly and easily.
-We class applications that require these capabilities "enterprise
-applications". These applications must be fast, secure and reliable.
-
-
-
Jakarta EE has always offered strong messaging (JMS), transactional (JTA)
-and resource (JCA) capabilities as well as exposing web services via
-SOAP (JAX-WS).
-
-
-
-
-
-
-
JBoss WildFly depart from the familiar structure of previous JBoss AS versions, so we recommend all developers follow the steps in Getting Started with JBoss WildFly to install and start up the application server for the first time.
-
-
-
JBoss WildFly come with a series of quickstarts aimed to get you up to writing applications with minimal fuss. We recommend to start by working through the quickstarts in this guide, in the order they are presented. If you have previous experience with Jakarta EE 6, you may wish to skip some or all of the quickstarts.
-
-
-
Core
-
-
-
-
-
Helloworld Quickstart. If you have previously developed applications using technologies such as JSF or Wicket, and EJB or Spring, you may wish to skip this quickstart.
-
-
-
Numberguess Quickstart. If you have previously developed applications using technologies such as JSF or Wicket, EJB or Spring, and JPA or Hibernate you may wish to skip this quickstart.
-
-
-
Greeter Quickstart. If you are a Jakarta EE wizard you may wish to skip this quickstart.
Follow the official Maven installation guide if you don’t already have Maven 3 installed. You can check which version of Maven you have installed (if any) by running mvn --version . If you see a version newer than 3.0.0, you are ready to go.
Download JBoss Tools from http://jboss.org/tools. Make sure you install m2eclipse as well.
-
-
-
-
-
-
-
-
-
-
-
-
JBoss WildFly offer the
-ability to manage multiple AS instances from a single control point.
-A collection of such servers are referred to as members of a "domain",
-with a single Domain Controller process acting as the management control
-point. Domains can span multiple physical (or virtual) machines, with
-all AS instances on a given host under the control of a Host Controller
-process. The Host Controllers interact with the Domain Controller to
-control the lifecycle of the AS instances running on that host and to
-assist the Domain Controller in managing them.
-
-
-
JBoss WildFly also offers a standalone mode, which is perfect for a single
-server. We use this throughout the quickstarts.
-
-
-
-
-
-
-
2.1. Installing and starting the JBoss server on Linux, Unix or Mac OS X
-
-
First, let’s verify that both Java and Maven are correctly
-installed. In a console, type:
-
-
-
-
java -version
-
-
-
-
You should see a version string (at least 1.8.0) printed. If not, contact your provider of Java for assistance. Next, type:
-
-
-
-
mvn --version
-
-
-
-
You should see a version string (at least 3.3.0) printed. If not, contact the Maven community for assistance.
-
-
-
Next, we need to choose a location for WildFly to live. By default, WildFly will be extracted into wildfly-11.x.x.x (where 11.x.x.x matches the version you downloaded):
-
-
-
-
unzip wildfly-11.x.x.x.zip
-
-
-
-
Now, let’s start WildFly in standalone mode:
-
-
-
-
wildfly-11.x.x.x/bin/standalone.sh
-
-
-
-
-
-
-
-
-
-
-
If you want to stop WildFly, simply press Crtl-C whilst the terminal
-has focus.
-
-
-
-
-
-
-
That’s it, WildFly is installed and running! Visit http://localhost:8080/ to check the server has started properly.
2.2. Installing and starting the JBoss server on Windows
-
-
First, let’s verify that both Java and Maven are correctly installed. In a Command Prompt, type:
-
-
-
-
java -version
-
-
-
-
You should see a version string (at least 1.8.0) printed. If not, contact your provider of Java for assistance. Next, type:
-
-
-
-
mvn --version
-
-
-
-
You should see a version string (at least 3.3.0) printed. If not, contact the Maven community for assistance.
-
-
-
Next, we need to choose a location for JBoss WildFly to live. By default, JBoss WildFly will be extracted into wildfly-11.x.x.x (where 11.x.x.x matches the version you downloaded). Unzip JBoss Enterprise Application Platform or JBoss WildFly using your tool of choice.
-
-
-
Finally, let’s start JBoss WildFly in standalone mode. Locate your installation and run standalone.bat located in bin.
-
-
-
-
-
-
-
-
-
-
If you want to stop the server, simply press Crtl-C whilst the terminal
-has focus.
-
-
-
-
-
-
-
That’s it, JBoss WildFly is installed and running! Visit http://localhost:8080/ to check the server has started properly.
2.3. Starting the JBoss server from CodeReady Studio or Eclipse with JBoss Tools
-
-
You may choose to use CodeReady Studio, or Eclipse with JBoss Tools, rather than the command line to run JBoss WildFly, and to deploy the quickstarts. If you don’t wish to use Eclipse, you should skip this section.
-
-
-
Make sure you have installed and started CodeReady Studio or Eclipse. First, we need to add our WildFly instance to it. First, navigate to Preferences:
-
-
-
-
-
-
Now, locate the JBoss Tools Runtime Detection preferences:
-
-
-
-
-
-
Click Add and locate where you put servers on your disk:
-
-
-
-
-
-
Any available servers will be located, now all you need to do is click OK, and then OK on the preferences dialog:
-
-
-
-
-
-
Now, let’s start the server from Eclipse. If you previously started a server from the command line, you should stop it there first.
-
-
-
First, we need to make sure the Server tab is on view. Open the Window → Show View → Other… dialog:
-
-
-
-
-
-
And select the Server view:
-
-
-
-
-
-
You should see the Server View appear with the detected servers:
-
-
-
-
-
-
Now, we can start the server. Right click on the server in the Server view, and select Start :
-
-
-
-
-
-
-
-
-
-
-
-
-
If you want to debug your application, you can simply select Debug
-rather than Start . This will start the server in debug mode, and
-automatically attach the Eclipse debugger.
-
-
-
-
-
-
-
You’ll see the server output in the Console :
-
-
-
-
-
-
That’s it, we now have the server up and running in Eclipse!
-
-
-
-
2.4. Importing the quickstarts into Eclipse
-
-
In order to import the quickstarts into Eclipse, you will need m2eclipse installed. If you have CodeReady Studio, then m2eclipse is already installed.
-
-
-
First, choose File → Import…:
-
-
-
-
-
-
Select Existing Maven Projects:
-
-
-
-
-
-
Click on Browse, and navigate to the quickstarts/ directory:
-
-
-
-
-
-
Finally, make sure all 4 quickstarts are found and selected, and click Finish:
-
-
-
-
-
-
Eclipse should now successfully import 4 projects:
-
-
-
-
-
-
It will take a short time to import the projects, as Maven needs to download the project’s dependencies from remote repositories.
When the server is running, the web management interface can be accessed at http://localhost:9990/console. You can use the web management interface to create datasources, manage deployments and configure the server.
-
-
-
JBoss WildFly also comes with a command line interface. To run it on Linux, Unix or Mac, execute:
-
-
-
-
wildfly-11.x.x.x/bin/jboss-admin.sh --connect
-
-
-
-
Or, on Windows:
-
-
-
-
wildfly-11.x.x.x/bin/jboss-admin.bat --connect
-
-
-
-
Once started, type help to discover the commands available to you.
-
-
-
Throughout this guide we use the wildfly maven plugin to deploy and undeploy applications. This plugin uses the Native Java Detyped Management API to communicate with the server. The Detyped API is used by management tools to control an entire domain of servers, and exposes only a small number of types, allowing for backwards and forwards compatibility.
-
-
-
-
-
-
3. CDI + Servlet: Helloworld quickstart
-
-
-
This quickstart shows you how to deploy a simple servlet to JBoss WildFly. The business logic is encapsulated in a service, which is provided as a CDI bean, and injected into the Servlet.
-
-
-
-
-
-
-
-
-
Contexts and Dependency Injection for Jakarta EE
-
-
CDI is a specification in Jakarta EE, inspired by JBoss Seam and
-Google Guice, and also drawing on lessons learned from frameworks such
-as Spring. It allows application developers to concentrate on developing
-their application logic by providing the ability to wire services
-together, and abstract out orthogonal concerns, all in a type safe
-manner.
-
-
-
-
-
-
-
Switch to the quickstarts/helloworld directory and instruct Maven to build and deploy the application:
Should you wish to undeploy the quickstart, or redeploy after making
-some changes, it’s pretty easy:
-
-
-
-
-
mvn wildfly:deploy - deploy any changes to the application to the
-application server
-
-
-
mvn wildfly:undeploy - undeploy the quickstart
-
-
-
-
-
-
-
-
-
It’s time to pull the covers back and dive into the internals of the quickstart.
-
-
-
Deploying the Helloworld quickstart using CodeReady Studio, or Eclipse with JBoss Tools
-
-
-
-
You may choose to deploy the quickstart using CodeReady Studio, or Eclipse with JBoss Tools. You'll need to have JBoss WildFly started in the IDE (as described in <<GettingStarted-with_jboss_tools, Starting the JBoss server from JBDS or Eclipse with JBoss Tools>>) and to have imported the quickstarts into Eclipse (as described in <<GettingStarted-importing_quickstarts_into_eclipse,Importing the quickstarts into Eclipse>>).
-
-With the quickstarts imported, you can deploy the quickstart by right clicking on the `wildfly-helloworld` project, and choosing _Run As -> Run On Server_:
-
-image:gfx/Eclipse_Helloworld_Deploy_1.jpg[]
-
-Make sure the correct server is selected, and hit Finish:
-
-image:gfx/Eclipse_Deploy_2.jpg[]
-
-You should see the server start up (unless you already started it in <<GettingStarted-with_jboss_tools, Starting the JBoss server from JBDS or Eclipse with JBoss Tools>>) and the application deploy in the Console log
-
-image:gfx/Eclipse_Helloworld_Deploy_3.jpg[]
-
-
-The helloworld quickstart in depth
-----------------------------------
-
-The quickstart is very simple - all it does is print "Hello World" onto a web page.
-
-The helloworld quickstart is comprised of a servlet and a CDI bean. We also include an empty `beans.xml` file, which tells JBoss WildFly to look for beans in this application and to activate the CDI. `beans.xml` is located in `WEB-INF/`, which can be found in the `src/main/webapp` directory. Also in this directory we include `index.html` which uses a simple meta refresh to send the users browser to the Servlet, which is located at http://localhost:8080/wildfly-helloworld/HelloWorld.
-
-All the configuration files for this quickstart are located in `WEB-INF/`, which can be found in the `src/main/webapp` directory.
-
-Notice that we don't even need a `web.xml`!
-
-Let's start by taking a look at the servlet:
-
-.src/main/java/org/jboss/as/quickstarts/helloworld/HelloWorldServlet.java
-[source,java]
-------------------------------------------------------------------------
-@SuppressWarnings("serial")
-@WebServlet("/HelloWorld") (1)
-public class HelloWorldServlet extends HttpServlet {
-
- static String PAGE_HEADER =
- "<html><head><title>helloworld</title></head><body>"; (2)
-
- static String PAGE_FOOTER = "</body></html>";
-
- @Inject
- HelloService helloService; (3)
-
- @Override
- protected void doGet(HttpServletRequest req,
- HttpServletResponse resp)
- throws ServletException, IOException {
- resp.setContentType("text/html");
- PrintWriter writer = resp.getWriter();
- writer.println(PAGE_HEADER);
- writer.println("<h1>" +
- helloService.createHelloMessage("World") + (4)
- "</h1>");
- writer.println(PAGE_FOOTER);
- writer.close();
- }
-
-}
-------------------------------------------------------------------------
-<1> If you've used Servlet before, then you'll remember having to use xml to register your servlets. Fortunately, this is a thing of the past. Now all you need to do is add the @WebServlet annotation, and provide a mapping to a URL used to access the servlet. Much cleaner!
-<2> Every web page needs to be correctly formed HTML. We've created static Strings to hold the minimum header and footer to write out.
-<3> We inject the HelloService (a CDI bean) which generates the actual message. This allows to alter the implementation of HelloService at a later date without changing the view layer at all (assuming we don't alter the API of HelloService ).
-<4> We call into the service to generate the message "Hello World", and write it out to the HTTP request.
-
-[TIP]
-========================================================================
-The package declaration and imports have been excluded from these
-listings. The complete listing is available in the quickstart source.
-========================================================================
-
-Now we understand how the information is sent to the browser, let's take a look at the service.
-
-.src/main/java/org/jboss/as/quickstarts/helloworld/HelloService.java
-------------------------------------------------------------------------
-public class HelloService {
-
- String createHelloMessage(String name) {
- return "Hello " + name + "!";
- }
-
-}
-------------------------------------------------------------------------
-
-The service is very simple - no registration (XML or annotation) is required!
-
-
-CDI + JSF: Numberguess quickstart
-=================================
-:Author: Pete Muir
-
-[[NumberguessQuickstart-]]
-
-This quickstart shows you how to create and deploy a simple application to JBoss WildFly; the application does not persist any information. Information is displayed using a JSF view, and business logic is encapsulated in two CDI beans.
-
-Switch to the `quickstarts/numberguess` directory and instruct Maven to build and deploy the application:
-
- mvn package wildfly:deploy
-
-The quickstart uses a Maven plugin to deploy the application. The plugin requires JBoss WildFly to be running (you can find out how to start the server in <<GettingStarted-on_linux, Installing and starting the JBoss server on Linux, Unix or Mac OS X>> or <<GettingStarted-on_windows, Installing and starting the JBoss server on Windows>>).
-
-Or you can start the server using an IDE, like CodeReady Studio.
-
-Now, see if you can determine the most efficient approach to pinpoint the random number at the URL http://localhost:8080/wildfly-numberguess.
-
-[TIP]
-========================================================================
-Should you wish to undeploy the quickstart, or redeploy after making
-some changes, it's pretty easy:
-
-* `mvn wildfly:deploy` - deploy any changes to the application to the
- application server
-* `mvn wildfly:undeploy` - undeploy the quickstart
-========================================================================
-
-It's time to pull the covers back and dive into the internals of the quickstart.
-
-
-Deploying the Numberguess quickstart using Eclipse
---------------------------------------------------
-
-You may choose to deploy the quickstart using Eclipse. You'll need to have JBoss WildFly started in Eclipse as described in <<GettingStarted-with_jboss_tools, Starting the JBoss server from JBDS or Eclipse with JBoss Tools>>) and to have imported the quickstarts into Eclipse (as described in <<GettingStarted-importing_quickstarts_into_eclipse, Importing the quickstarts into Eclipse>>).
-
-With the quickstarts imported, you can deploy the quickstart by right clicking on the `wildfly-numberguess` project, and choosing _Run As -> Run On Server_:
-
-image:gfx/Eclipse_Numberguess_Deploy_1.jpg[]
-
-Make sure the correct server is selected, and hit Finish:
-
-image:gfx/Eclipse_Deploy_2.jpg[]
-
-You should see the server start up (unless you already started it in <<GettingStarted-with_jboss_tools, Starting the JBoss server from JBDS or Eclipse with JBoss Tools>>) and the application deploy in the Console log:
-
-image:gfx/Eclipse_Numberguess_Deploy_3.jpg[]
-
-
-The numberguess quickstart in depth
------------------------------------
-
-In the numberguess application you get 10 attempts to guess a number between 1 and 100. After each attempt, you're told whether your guess was too high or too low.
-
-The quickstart is comprised of a number of beans, configuration files and Facelets (JSF) views, packaged as a war module. Let's start by examining the configuration files.
-
-All the configuration files for this quickstart are located in `WEB-INF/`, which can be found in the `src/main/webapp` directory. First, we have the JSF 2.0 version of `faces-config.xml`. A standardized version of Facelets is the default view handler in JSF 2.0, so there's really nothing that we have to configure. WildFly goes above and beyond Jakarta EE here, and will automatically configure JSF for you if you include this file. Thus, the configuration consists of only the root element.
-
-.src/main/webapp/WEB-INF/faces-config.xml
-[source,xml]
-------------------------------------------------------------------------
-<faces-config version="2.0"
- xmlns="http://java.sun.com/xml/ns/javaee"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="
- http://java.sun.com/xml/ns/javaee
- http://java.sun.com/xml/ns/javaee/web-facesconfig_2_0.xsd">
-
-</faces-config>
-------------------------------------------------------------------------
-
-There's also an empty `beans.xml` file, which tells WildFly to look for beans in this application and to activate the CDI.
-
-Notice that we don't even need a `web.xml`!
-
-Let's take a look at the main JSF view, `src/main/webapp/home.xhtml`.
-
-
-[TIP]
-========================================================================
-JSF uses the .xhtml extension for source files, but serves up the
-rendered views with the .jsf extension.
-========================================================================
-
-.src/main/webapp/WEB-INF/home.xhtml
-[source,html]
-------------------------------------------------------------------------
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"
- xmlns:ui="http://java.sun.com/jsf/facelets"
- xmlns:h="http://java.sun.com/jsf/html"
- xmlns:f="http://java.sun.com/jsf/core">
-
-<head>
-<meta http-equiv="Content-Type" content="text/html;
- charset=iso-8859-1" />
-<title>numberguess</title>
-</head>
-
-<body>
- <div id="content">
- <h1>Guess a number...</h1>
- <h:form id="numberGuess">
-
- <!-- Feedback for the user on their guess -->
- <div style="color: red"> (1)
- <h:messages id="messages" globalOnly="false" />
- <h:outputText id="Higher" value="Higher!"
- rendered="#{game.number gt game.guess and game.guess ne 0}" />
- <h:outputText id="Lower" value="Lower!"
- rendered="#{game.number lt game.guess and game.guess ne 0}" />
- </div>
-
- <!-- Instructions for the user -->
- <div> (2)
- I'm thinking of a number between <span
- id="numberGuess:smallest">#{game.smallest}</span> and <span
- id="numberGuess:biggest">#{game.biggest}</span>. You have
- #{game.remainingGuesses} guesses remaining.
- </div>
-
- <!-- Input box for the users guess, plus a button to submit, and reset -->
- <!-- These are bound using EL to our CDI beans -->
- <div>
- Your guess: (3)
- <h:inputText id="inputGuess" value="#{game.guess}"
- required="true" size="3"
- disabled="#{game.number eq game.guess}"
- validator="#{game.validateNumberRange}" /> (4)
- <h:commandButton id="guessButton" value="Guess"
- action="#{game.check}"
- disabled="#{game.number eq game.guess}" />
- </div>
- <div> (5)
- <h:commandButton id="restartButton" value="Reset"
- action="#{game.reset}" immediate="true" />
- </div>
- </h:form>
-
- </div>
-
- <br style="clear: both" />
-
-</body>
-</html>
-------------------------------------------------------------------------
-
-<1> There are a number of messages which can be sent to the user, "Higher!" and "Lower!"
-<2> As the user guesses, the range of numbers they can guess gets smaller - this sentence changes to make sure they know the number range of a valid guess.
-<3> This input field is bound to a bean property using a value expression.
-<4> A validator binding is used to make sure the user doesn't accidentally input a number outside of the range in which they can guess - if the validator wasn't here, the user might use up a guess on an out of bounds number.
-<5> There must be a way for the user to send their guess to the server. Here we bind to an action method on the bean.
-
-The quickstart consists of 4 classes, the first two of which are qualifiers. First, there is the `@Random` qualifier, used for injecting a random number:
-
-[TIP]
-========================================================================
-A _qualifier_ is used to disambiguate between two beans both of which
-are eligible for injection based on their type. For more, see the
-link:http://docs.jboss.org/weld/reference/latest/en-US/html/[Weld Reference Guide].
-========================================================================
-
-.src/main/java/org/jboss/as/quickstarts/numberguess/Random.java
-[source,java]
-------------------------------------------------------------------------
-@Target({ TYPE, METHOD, PARAMETER, FIELD })
-@Retention(RUNTIME)
-@Documented
-@Qualifier
-public @interface Random {
-
-}
-------------------------------------------------------------------------
-
-There is also the `@MaxNumber` qualifier, used for injecting the maximum number that can be injected:
-
-.src/main/java/org/jboss/as/quickstarts/numberguess/MaxNumber.java
-[source,java]
-------------------------------------------------------------------------
-@Retention(RUNTIME)
-@Documented
-@Qualifier
-public @interface MaxNumber {
-
-}
-------------------------------------------------------------------------
-
-The application-scoped `Generator` class is responsible for creating the random number, via a producer method. It also exposes the maximum possible number via a producer method:
-
-.src/main/java/org/jboss/as/quickstarts/numberguess/Generator.java
-[source,java]
-------------------------------------------------------------------------
-@SuppressWarnings("serial")
-@ApplicationScoped
-public class Generator implements Serializable {
-
- private java.util.Random random = new java.util.Random(System.currentTimeMillis());
-
- private int maxNumber = 100;
-
- java.util.Random getRandom() {
- return random;
- }
-
- @Produces
- @Random
- int next() {
- // a number between 1 and 100
- return getRandom().nextInt(maxNumber - 1) + 1;
- }
-
- @Produces
- @MaxNumber
- int getMaxNumber() {
- return maxNumber;
- }
-}
-------------------------------------------------------------------------
-
-The `Generator` is application scoped, so we don't get a different random each time.
-
-The final bean in the application is the session-scoped `Game` class. This is the primary entry point of the application. It's responsible for setting up or resetting the game, capturing and validating the user's guess and providing feedback to the user with a `FacesMessage`. We've used the post-construct lifecycle method to initialize the game by retrieving a random number from the `@RandomInstance<Integer>` bean.
-
-You'll notice that we've also added the `@Named` annotation to this class. This annotation is only required when you want to make the bean accessible to a JSF view via EL (i.e. `#{game}`)
-
-.src/main/java/org/jboss/as/quickstarts/numberguess/Game.java
-[source,java]
-------------------------------------------------------------------------
-@SuppressWarnings("serial")
-@Named
-@SessionScoped
-public class Game implements Serializable {
-
- /**
- * The number that the user needs to guess
- */
- private int number;
-
- /**
- * The users latest guess
- */
- private int guess;
-
- /**
- * The smallest number guessed so far (so we can track the valid guess range).
- */
- private int smallest;
-
- /**
- * The largest number guessed so far
- */
- private int biggest;
-
- /**
- * The number of guesses remaining
- */
- private int remainingGuesses;
-
- /**
- * The maximum number we should ask them to guess
- */
- @Inject
- @MaxNumber
- private int maxNumber;
-
- /**
- * The random number to guess
- */
- @Inject
- @Random
- Instance<Integer> randomNumber;
-
- public Game() {
- }
-
- public int getNumber() {
- return number;
- }
-
- public int getGuess() {
- return guess;
- }
-
- public void setGuess(int guess) {
- this.guess = guess;
- }
-
- public int getSmallest() {
- return smallest;
- }
-
- public int getBiggest() {
- return biggest;
- }
-
- public int getRemainingGuesses() {
- return remainingGuesses;
- }
-
- /**
- * Check whether the current guess is correct, and update the biggest/smallest guesses as needed.
- * Give feedback to the user if they are correct.
- */
- public void check() {
- if (guess > number) {
- biggest = guess - 1;
- } else if (guess < number) {
- smallest = guess + 1;
- } else if (guess == number) {
- FacesContext.getCurrentInstance().addMessage(null, new FacesMessage("Correct!"));
- }
- remainingGuesses--;
- }
-
- /**
- * Reset the game, by putting all values back to their defaults, and getting a new random number.
- * We also call this method when the user starts playing for the first time using
- * {@linkplain PostConstruct @PostConstruct} to set the initial values.
- */
- @PostConstruct
- public void reset() {
- this.smallest = 0;
- this.guess = 0;
- this.remainingGuesses = 10;
- this.biggest = maxNumber;
- this.number = randomNumber.get();
- }
-
- /**
- * A JSF validation method which checks whether the guess is valid. It might not be valid because
- * there are no guesses left, or because the guess is not in range.
- *
- */
- public void validateNumberRange(FacesContext context, UIComponent toValidate, Object value) {
- if (remainingGuesses <= 0) {
- FacesMessage message = new FacesMessage("No guesses left!");
- context.addMessage(toValidate.getClientId(context), message);
- ((UIInput) toValidate).setValid(false);
- return;
- }
- int input = (Integer) value;
-
- if (input < smallest || input > biggest) {
- ((UIInput) toValidate).setValid(false);
-
- FacesMessage message = new FacesMessage("Invalid guess");
- context.addMessage(toValidate.getClientId(context), message);
- }
- }
-}
-
-------------------------------------------------------------------------
-
-
-CDI + JPA + EJB + JTA + JSF: Greeter quickstart
-===============================================
-:Author: Pete Muir
-
-[[GreeterQuickstart-]]
-
-This quickstart shows you how to create and deploy an application which persists information to a database to JBoss WildFly. Information is displayed using JSF views, business logic is encapsulated in CDI beans, information is persisted using JPA, and transactions can be controlled manually or using EJB.
-
-Switch to the `quickstarts/greeter` directory and instruct Maven to build and deploy the application:
-
- mvn package wildfly:deploy
-
-
-The quickstart uses a Maven plugin to deploy the application. The plugin requires JBoss WildFly to be running (you can find out how to start the server in <<GettingStarted-on_linux, Installing and starting the JBoss server on Linux, Unix or Mac OS X>> or <<GettingStarted-on_windows, Installing and starting the JBoss server on Windows>>).
-
-Or you can start the server using an IDE, like CodeReady Studio. If you are using CodeReady Studio, you can deploy the quickstart by right clicking on the `greeter` project, and choosing _Run As -> Run On Server_:
-
-image:gfx/Eclipse_Greeter_Deploy_1.png[]
-
-Make sure the server is selected, and hit Finish:
-
-image:gfx/Eclipse_Deploy_2.jpg[]
-
-You should see the server start up (unless you already started it in <<GettingStarted-with_jboss_tools,Starting the JBoss server from JBDS or Eclipse with JBoss Tools>>) and the application deploy in the Console log:
-
-image:gfx/Eclipse_Greeter_Deploy_3.png[]
-
-To use the application, visit http://localhost:8080/greeter/.
-
-[[greeter_in_depth]]
-The greeter quickstart in depth
--------------------------------
-
-In the quickstart, all users are stored in an H2 database (an in-memory, embedded database provided out of the box in JBoss WildFly). Each user is stored as an entity, and entities are mapped to the database using JPA. By default, transactions are managed manually, using the JTA API. Optionally, you can use EJB to manage transactions (we'll look at how to enable that later). We need a transaction in progress in order to read and write any entities.
-
-The quickstart is comprised of two JSF views, an entity, and a number of CDI beans. Additionally, there are the usual configuration files in `WEB-INF/` (which can be found in the `src/main/webapp` directory). Here we find `beans.xml` and `faces-config.xml` which tell JBoss WildFly to enable CDI and JSF for the application. Notice that we don't need a `web.xml`. There are two new configuration files in `WEB-INF/classes/META-INF` (which can be found in the `src/main/resources` directory of the quickstart) — `persistence.xml`, which sets up JPA, and `import.sql` which Hibernate, the JPA provider in JBoss WildFly, will use to load the initial users into the application when the application starts.
-
-`persistence.xml` is pretty straight forward, and links JPA to a datasource:
-
-.src/main/resources/META-INF/persistence.xml
-[source, xml]
-------------------------------------------------------------------------
-<persistence version="2.0"
- xmlns="http://java.sun.com/xml/ns/persistence"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="
- http://java.sun.com/xml/ns/persistence
- http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd">
- <persistence-unit name="primary"> (1)
- <!-- If you are running in a production environment, add a
- managed data source, this example data source is just
- for development and testing! -->
- <!-- The datasource is deployed as
- WEB-INF/greeter-quickstart-ds.xml, you can find it in
- the source at
- src/main/webapp/WEB-INF/greeter-quickstart-ds.xml -->
- <jta-data-source>java:jboss/datasources/GreeterQuickstartDS</jta-data-source> (2)
- <properties>
- <!-- Properties for Hibernate --> (3)
- <property name="hibernate.hbm2ddl.auto"
- value="create-drop" />
- <property name="hibernate.show_sql"
- value="false" />
- </properties>
- </persistence-unit>
-</persistence>
-------------------------------------------------------------------------
-
-<1> The persistence unit is given a name, so that the application can use multiple if needed. If only one is defined, JPA will automatically use it.
-<2> The persistence unit references a data source. Here we are using the built in, sample, data source.
-<3> JPA allows us to configure the JPA provider specific properties. Here we tell Hibernate to automatically create any needed tables when the application starts (and drop them when the application is stopped).
-
-[TIP]
-========================================================================
-JBoss WildFly ships with a
-sample datasource `java:jboss/datasources/ExampleDS`. This data source
-is backed by H2, an in-memory database. Whilst this datasource is great
-for quickstarts, you will probably want to use a different datasource in
-your application. The link:http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/6/html/Administration_and_Configuration_Guide/index.html[Administration and Configuration Guide for JBoss Enterprise Application Platform 6] or the
-link:https://docs.jboss.org/author/display/WFLY/Getting+Started+Guide[Getting Started Guide for JBoss WildFly]
-tells you how to create a new datasource.
-========================================================================
-
-Let's take a look at the JSF views. First up is `src/main/webapp/greet.xhtml`:
-
-.src/main/webapp/greet.xhtml
-[source,html]
-------------------------------------------------------------------------
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"
- xmlns:ui="http://java.sun.com/jsf/facelets"
- xmlns:h="http://java.sun.com/jsf/html"
- xmlns:f="http://java.sun.com/jsf/core">
-
-<ui:composition template="template.xhtml"> (1)
- <ui:define name="content">
- <h:messages /> (2)
- <h:form id="greetForm">
- <h:panelGrid columns="3">
- <h:outputLabel for="username">Enter username:</h:outputLabel>
- <h:inputText id="username"
- value="#{greetController.username}" />
- <h:message for="username" />
- </h:panelGrid>
- <h:commandButton id="greet" value="Greet!"
- action="#{greetController.greet}" />
- </h:form>
- <h:outputText value="#{greetController.greeting}"
- rendered="#{not empty greetController.greeting}" /> (3)
- <br />
- <h:link outcome="/create.xhtml" value="Add a new user" /> (4)
- </ui:define>
-</ui:composition>
-</html>
-------------------------------------------------------------------------
-
-<1> As we have multiple views in this application, we've created a template that defines the common elements. We'll examine this next. Here we define the "content" section of the page, which will be inserted into the template.
-<2> We output any messages for the user at the top of the form, e.g. when a new user is created.
-<3> The greeting message is only rendered if there is a message.
-<4> We also a link to the page which allows a user to be added.
-
-Now let's take a look at the template. It defines common elements for the page, and allows pages which use it to insert content in various places.
-
-.src/main/webapp/template.xhtml
-[source,html]
-------------------------------------------------------------------------
-<!-- The template for our app, defines some regions -->
-
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
-<title>greeter</title>
-<ui:insert name="head" /> (1)
-</head>
-
-<body>
-
- <div id="container">
- <div id="header"></div>
-
- <div id="sidebar"></div>
-
- <div id="content">
- <ui:insert name="content" /> (2)
- </div>
-
- <br style="clear: both" />
- </div>
-
-</body>
-</html>
-------------------------------------------------------------------------
-
-<1> The head, defined in case a page wants to add some content to the head of the page.
-<2> The content, defined by a page using this template, will be inserted here
-
-Finally, let's take a look at the user management page. It provides a form to add users:
-
-.src/main/webapp/create.xhtml
-[source,html]
-------------------------------------------------------------------------
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"
- xmlns:ui="http://java.sun.com/jsf/facelets"
- xmlns:h="http://java.sun.com/jsf/html"
- xmlns:f="http://java.sun.com/jsf/core">
-
-<ui:composition template="template.xhtml">
- <ui:define name="content">
- <h:messages />
- <h:form>
- <h:panelGrid columns="3">
- <h:outputLabel for="username">Enter username:</h:outputLabel>
- <h:inputText id="username" value="#{newUser.username}" />
- <h:message for="username" />
-
- <h:outputLabel for="firstName">Enter first name:</h:outputLabel>
- <h:inputText id="firstName" value="#{newUser.firstName}" />
- <h:message for="firstName" />
-
- <h:outputLabel for="lastName">Enter last name:</h:outputLabel>
- <h:inputText id="lastName" value="#{newUser.lastName}" />
- <h:message for="lastName" />
-
- </h:panelGrid>
- <h:commandButton action="#{createController.create}"
- value="Add User" />
- </h:form>
- <h:link outcome="/greet.xhtml">Greet a user!</h:link>
- </ui:define>
-</ui:composition>
-</html>
-------------------------------------------------------------------------
-
-The quickstart has one entity, which is mapped via JPA to the relational database:
-
-.src/main/java/org/jboss/as/quickstarts/greeter/domain/User.java
-[source,java]
-------------------------------------------------------------------------
-@Entity (1)
-public class User {
-
- @Id (2)
- @GeneratedValue
- private Long id;
-
- @Column(unique = true)
- private String username;
-
- private String firstName; (3)
-
- private String lastName;
-
- public Long getId() { (4)
- return id;
- }
-
- public String getUsername() {
- return username;
- }
-
- public void setUsername(String username) {
- this.username = username;
- }
-
- public String getFirstName() {
- return firstName;
- }
-
- public void setFirstName(String firstName) {
- this.firstName = firstName;
- }
-
- public String getLastName() {
- return lastName;
- }
-
- public void setLastName(String lastName) {
- this.lastName = lastName;
- }
-
-}
-------------------------------------------------------------------------
-<1> The `@Entity` annotation used on the class tells JPA that this class should be mapped as a table in the database.
-<2> Every entity requires an id, the `@Id` annotation placed on a field (or a JavaBean mutator/accessor) tells JPA that this property is the id. You can use a synthetic id, or a natural id (as we do here).
-<3> The entity also stores the real name of the user
-<4> As this is Java, every property needs an accessor/mutator!
-
-We use a couple of controller classes to back the JSF pages. First up is `GreetController` which is responsible for getting the user's real name from persistence layer, and then constructing the message.
-
-.src/main/java/org/jboss/as/quickstarts/greeter/web/GreetController.java
-[source,java]
-------------------------------------------------------------------------
-@Named (1)
-@RequestScoped (2)
-public class GreetController {
-
- @Inject
- private UserDao userDao; (3)
-
- private String username;
-
- private String greeting;
-
- public void greet() {
- User user = userDao.getForUsername(username);
- if (user != null) {
- greeting = "Hello, " +
- user.getFirstName() +
- " " +
- user.getLastName() +
- "!";
- } else {
- greeting =
- "No such user exists! Use 'emuster' or 'jdoe'";
- }
- }
-
- public String getUsername() { (4)
- return username;
- }
-
- public void setUsername(String username) {
- this.username = username;
- }
-
- public String getGreeting() {
- return greeting;
- }
-
-}
-------------------------------------------------------------------------
-<1> The bean is given a name, so we can access it from JSF
-<2> The bean is request scoped, a different greeting can be made in each request
-<3> We inject the `UserDao`, which handles database abstraction
-<4> We need to expose JavaBean style mutators and accessors for every property the JSF page needs to access to
-
-The second controller class is responsible for adding a new user:
-
-.src/main/java/org/jboss/as/quickstarts/greeter/web/CreateController.java
-[source,java]
-------------------------------------------------------------------------
-@Named (1)
-@RequestScoped (2)
-public class CreateController {
-
- @Inject (3)
- private FacesContext facesContext;
-
- @Inject (4)
- private UserDao userDao;
-
- @Named (5)
- @Produces
- @RequestScoped
- private User newUser = new User();
-
- public void create() {
- try {
- userDao.createUser(newUser);
- String message = "A new user with id " +
- newUser.getId() +
- " has been created successfully";
- facesContext.addMessage(null, new FacesMessage(message));
- } catch (Exception e) {
- String message = "An error has occured while creating" +
- " the user (see log for details)";
- facesContext.addMessage(null, new FacesMessage(message));
- }
- }
-}
-------------------------------------------------------------------------
-<1> The bean is given a name, so we can access it from JSF
-<2> The bean is request scoped, a different user can be added in each request
-<3> We inject the `FacesContext`, to allow us to send messages to the user when the user is created, or if an error occurs
-<4> We inject the `UserDao`, which handles database abstraction
-<5> We expose a prototype user using a named producer, which allows us to access it from a JSF page
-
-Now that we have the controllers in place, let's look at the most interesting part of the application, how we interact with the database. As we mentioned earlier, by default the application uses the JTA API to manually control transactions. To implement both approaches, we've defined a `UserDao` interface, with two implementations, one of which (the EJB variant) is as an alternative which can be enabled via a deployment descriptor. If you were wondering why we "hid" the persistence logic in the `UserDao`, rather than placing it directly in the controller classes, this is why!
-
-Let's first look at the interface, and the manual transaction control variant.
-
-.src/main/java/org/jboss/as/quickstarts/greeter/domain/UserDao.java
-[source,java]
-------------------------------------------------------------------------
-public interface UserDao {
- User getForUsername(String username);
-
- void createUser(User user);
-}
-------------------------------------------------------------------------
-
-The methods are fairly self explanatory, so let's move on quickly to the implementation, `ManagedBeanUserDao`:
-
-.src/main/java/org/jboss/as/quickstarts/greeter/domain/ManagedBeanUserDao.java
-[source,java]
-------------------------------------------------------------------------
-public class ManagedBeanUserDao implements UserDao {
-
- @Inject
- private EntityManager entityManager; (1)
-
- @Inject
- private UserTransaction utx; (2)
-
- public User getForUsername(String username) { (3)
- try {
- User user;
- try {
- utx.begin();
- Query query = entityManager.createQuery("select u from User u where u.username = :username");
- query.setParameter("username", username);
- user = (User) query.getSingleResult();
- } catch (NoResultException e) {
- user = null;
- }
- utx.commit();
- return user;
- } catch (Exception e) {
- try {
- utx.rollback();
- } catch (SystemException se) {
- throw new RuntimeException(se);
- }
- throw new RuntimeException(e);
- }
- }
-
- public void createUser(User user) { (4)
- try {
- try {
- utx.begin();
- entityManager.persist(user);
- } finally {
- utx.commit();
- }
- } catch (Exception e) {
- try {
- utx.rollback();
- } catch (SystemException se) {
- throw new RuntimeException(se);
- }
- throw new RuntimeException(e);
- }
- }
-}
-------------------------------------------------------------------------
-<1> We inject the entity manager. This was set up in `persistence.xml`.
-<2> We inject the `UserTransaction`, to allow us to programmatically control the transaction
-<3> The `getUserForUsername` method can check whether a user with a matching username and password exists, and return it if it does.
-<4> `createUser` persists a new user to the database.
-
-You've probably noticed two things as you've read through this. Firstly, that manually managing transactions is a real pain. Secondly, you may be wondering how the entity manager and the logger are injected. First, let's tidy up the transaction manager, and use EJB to provide us with declarative transaction support.
-
-The class `EJBUserDao` provides this, and is defined as an alternative. Alternatives are disabled by default, and when enabled replace the original implementation. In order to enable this variant of `UserDao`, edit `beans.xml` and uncomment the alternative. Your `beans.xml` should now look like:
-
-.src/main/webapp/WEB-INF/beans.xml
-[source,xml]
-------------------------------------------------------------------------
-<beans xmlns="http://java.sun.com/xml/ns/javaee"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="
- http://java.sun.com/xml/ns/javaee
- http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
-
- <!-- Uncomment this alternative to see EJB declarative transactions in use -->
- <alternatives>
- <class>org.jboss.as.quickstarts.greeter.domain.EJBUserDao</class>
- </alternatives>
-</beans>
-------------------------------------------------------------------------
-
-Now, let's look at `EJBUserDao`:
-
-.src/main/java/org/jboss/as/quickstarts/greeter/domain/EJBUserDao.java
-[source,java]
-------------------------------------------------------------------------
-@Stateful
-@Alternative
-public class EJBUserDao implements UserDao {
-
- @Inject
- private EntityManager entityManager;
-
- public User getForUsername(String username) {
- try {
- Query query = entityManager.createQuery("select u from User u where u.username = ?");
- query.setParameter(1, username);
- return (User) query.getSingleResult();
- } catch (NoResultException e) {
- return null;
- }
- }
-
- public void createUser(User user) {
- entityManager.persist(user);
- }
-
-}
-------------------------------------------------------------------------
-
-Using declarative transaction management has allowed us to remove a third of the lines of code from the class, but more importantly emphasizes the functionality of the class. Much better!
-
-
-[NOTE]
-========================================================================
-Sharp eyed developers who are used to Jakarta EE will have noticed that we
-have added this EJB to a war. This is the key improvement offered in
-EJB 3.1.
-========================================================================
-
-Finally, let's take a look at the `Resources` class, which provides resources such as the entity manager. CDI recommends using "resource producers", as we do in this quickstart, to alias resources to CDI beans, allowing for a consistent style throughout our application:
-
-.src/main/java/org/jboss/as/quickstarts/greeter/Resources.java
-[source,java]
-------------------------------------------------------------------------
-public class Resources {
-
- // Expose an entity manager using the resource producer pattern
- @SuppressWarnings("unused")
- @PersistenceContext
- @Produces
- private EntityManager em; (1)
-
- @Produces
- Logger getLogger(InjectionPoint ip) { (2)
- String category = ip.getMember()
- .getDeclaringClass()
- .getName();
- return Logger.getLogger(category);
- }
-
- @Produces
- FacesContext getFacesContext() { (3)
- return FacesContext.getCurrentInstance();
- }
-
-}
-------------------------------------------------------------------------
-<1> We use the "resource producer" pattern, from CDI, to "alias" the old fashioned `@PersistenceContext` injection of the entity manager to a CDI style injection. This allows us to use a consistent injection style (`@Inject`) throughout the application.
-<2> We expose a JDK logger for injection. In order to save a bit more boiler plate, we automatically set the logger category as the class name!
-<3> We expose the `FacesContext` via a producer method, which allows it to be injected. If we were adding tests, we could also then mock it out.
-
-
-That concludes our tour of the greeter application!
-
-
-CDI + JSF + EJB + JTA + Bean Validation + JAX-RS + Arquillian: Kitchensink quickstart
-=====================================================================================
-:Author: Pete Muir
-
-[[KitchensinkQuickstart-]]
-
-This quickstart shows off all the new features of Jakarta EE, and makes a great starting point for your project.
-
-[TIP]
-.Bean Validation
-========================================================================
-Bean Validation is a specification in Jakarta EE, inspired by
-Hibernate Validator. It allows application developers to specify
-constraints once (often in their domain model), and have them applied in
-all layers of the application, protecting data and giving useful
-feedback to users.
-========================================================================
-
-[TIP]
-.JAX-RS: The Java API for RESTful Web Services
-========================================================================
-JAX-RS is a specification in Jakarta EE. It allows application
-developers to easily expose Java services as RESTful web services.
-========================================================================
-
-Switch to the `quickstarts/kitchensink` directory and instruct Maven to build and deploy the application:
-
- mvn package wildfly:deploy
-
-The quickstart uses a Maven plugin to deploy the application. The plugin requires JBoss WildFly to be running (you can find out how to start the server in <<GettingStarted-on_linux, Installing and starting the JBoss server on Linux, Unix or Mac OS X>> or <<GettingStarted-on_windows, Installing and starting the JBoss server on Windows>>).
-
-Or you can start the server using an IDE, like Eclipse.
-
-Now, check if the application has deployed properly by clicking http://localhost:8080/wildfly-kitchensink. If you see a splash page it's all working!
-
-
-[TIP]
-========================================================================
-Should you wish to undeploy the quickstart, or redeploy after making
-some changes, it's pretty easy:
-
-* `mvn wildfly:deploy` - deploy any changes to the application to the
- application server
-* `mvn wildfly:undeploy` - undeploy the quickstart
-========================================================================
-
-It's time to pull the covers back and dive into the internals of the application.
-
-Deploying the Kitchensink quickstart using CodeReady Studio, or Eclipse with JBoss Tools
-----------------------------------------------------------------------------------------------
-
-You may choose to deploy the quickstart using CodeReady Studio, or Eclipse with JBoss Tools. You'll need to have JBoss WildFly started in the IDE (as described in <<GettingStarted-with_jboss_tools, Starting the JBoss server from JBDS or Eclipse with JBoss Tools>>) and to have imported the quickstarts into Eclipse (as described in <<GettingStarted-importing_quickstarts_into_eclipse,Importing the quickstarts into Eclipse>>).
-
-With the quickstarts imported, you can deploy the quickstart by right clicking on the `wildfly-kitchensink` project, and choosing _Run As -> Run On Server_:
-
-image:gfx/Eclipse_KitchenSink_Deploy_1.jpg[]
-
-Make sure the server is selected, and hit Finish:
-
-image:gfx/Eclipse_Deploy_2.jpg[]
-
-You should see the server start up (unless you already started it in <<GettingStarted-with_jboss_tools, Starting the JBoss server from JBDS or Eclipse with JBoss Tools>>) and the application deploy in the Console log:
-
-image:gfx/Eclipse_KitchenSink_Deploy_3.jpg[]
-
-
-The kitchensink quickstart in depth
------------------------------------
-
-The kitchensink application shows off a number of Jakarta EE technologies such as CDI, JSF, EJB, JTA, JAX-RS and Arquillian. It does this by providing a member registration database, available via JSF and JAX-RS.
-
-As usual, let's start by looking at the necessary deployment descriptors. By now, we're very used to seeing `beans.xml` and `faces-config.xml` in `WEB-INF/` (which can be found in the `src/main/webapp` directory). Notice that, once again, we don't need a `web.xml`. There are two configuration files in `WEB-INF/classes/META-INF` (which can be found in the `src/main/resources` directory) — `persistence.xml`, which sets up JPA, and `import.sql` which Hibernate, the JPA provider in JBoss WildFly, will use to load the initial users into the application when the application starts. We discussed both of these files in detail in <<GreeterQuickstart-,the Greeter Quickstart>>, and these are largely the same.
-
-Next, let's take a look at the JSF view the user sees. As usual, we use a template to provide the sidebar and footer. This one lives in `src/main/webapp/WEB-INF/templates/default.xhtml`:
-
-.src/main/webapp/WEB-INF/templates/default.xhtml
-[source,html]
-------------------------------------------------------------------------
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"
- xmlns:h="http://java.sun.com/jsf/html"
- xmlns:ui="http://java.sun.com/jsf/facelets">
-<h:head> (1)
- <title>kitchensink</title>
- <meta http-equiv="Content-Type"
- content="text/html; charset=utf-8" />
- <h:outputStylesheet name="css/screen.css" />
-</h:head>
-<h:body>
- <div id="container">
- <div class="dualbrand">
- <img src="resources/gfx/dualbrand_logo.png" />
- </div>
- <div id="content">
- <ui:insert name="content"> (2)
- [Template content will be inserted here]
- </ui:insert>
- </div>
- <div id="aside"> (3)
- <p>Learn more about JBoss Enterprise Application
- Platform 6.</p>
- <ul>
- <li>
- <a href="http://red.ht/jbeap-6-docs">
- Documentation
- </a>
- </li>
- <li>
- <a href="http://red.ht/jbeap-6">
- Product Information
- </a>
- </li>
- </ul>
- <p>Learn more about JBoss WildFly.</p>
- <ul>
- <li>
- <a href="http://jboss.org/jdf/quickstarts/wildfly-quickstart/guide">
- Getting Started Developing Applications Guide
- </a>
- </li>
- <li>
- <a href="http://jboss.org/jbossas">
- Community Project Information
- </a>
- </li>
- </ul>
- </div>
- <div id="footer">
- <p>
- This project was generated from a Maven archetype from
- JBoss.<br />
- </p>
- </div>
- </div>
-</h:body>
-</html>
-------------------------------------------------------------------------
-<1> We have a common `<head>` element, where we define styles and more
-<2> The content is inserted here, and defined by views using this template
-<3> This application defines a common sidebar and footer, putting them in the template means we only have to define them once
-
-That leaves the main page, index.xhtml , in which we place the content unique to the main page:
-
-.src/main/webapp/index.xhtml
-[source,html]
-------------------------------------------------------------------------
-<?xml version="1.0" encoding="UTF-8"?>
-<ui:composition xmlns="http://www.w3.org/1999/xhtml"
- xmlns:ui="http://java.sun.com/jsf/facelets"
- xmlns:f="http://java.sun.com/jsf/core"
- xmlns:h="http://java.sun.com/jsf/html"
- template="/WEB-INF/templates/default.xhtml">
- <ui:define name="content">
- <h1>Welcome to JBoss!</h1>
-
- <h:form id="reg"> (1)
- <h2>Member Registration</h2>
- <p>Enforces annotation-based constraints defined on the
- model class.</p>
- <h:panelGrid columns="3" columnClasses="titleCell">
- <h:outputLabel for="name" value="Name:" />
- <h:inputText id="name" value="#{newMember.name}" /> (2)
- <h:message for="name" errorClass="invalid" />
-
- <h:outputLabel for="email" value="Email:" />
- <h:inputText id="email"
- value="#{newMember.email}" /> (2)
- <h:message for="email" errorClass="invalid" />
-
- <h:outputLabel for="phoneNumber" value="Phone #:" />
- <h:inputText id="phoneNumber"
- value="#{newMember.phoneNumber}" /> (2)
- <h:message for="phoneNumber" errorClass="invalid" />
- </h:panelGrid>
-
- <p>
- <h:panelGrid columns="2">
- <h:commandButton id="register"
- action="#{memberController.register}"
- value="Register" styleClass="register" />
- <h:messages styleClass="messages"
- errorClass="invalid" infoClass="valid"
- warnClass="warning" globalOnly="true" />
- </h:panelGrid>
- </p>
- </h:form>
- <h2>Members</h2>
- <h:panelGroup rendered="#{empty members}">
- <em>No registered members.</em>
- </h:panelGroup>
- <h:dataTable var="_member" value="#{members}"
- rendered="#{not empty members}"
- styleClass="simpletablestyle"> (3)
- <h:column>
- <f:facet name="header">Id</f:facet>
- #{_member.id}
- </h:column>
- <h:column>
- <f:facet name="header">Name</f:facet>
- #{_member.name}
- </h:column>
- <h:column>
- <f:facet name="header">Email</f:facet>
- #{_member.email}
- </h:column>
- <h:column>
- <f:facet name="header">Phone #</f:facet>
- #{_member.phoneNumber}
- </h:column>
- <h:column>
- <f:facet name="header">REST URL</f:facet>
- <a href="#{request.contextPath}/rest/members/#{_member.id}">
- /rest/members/#{_member.id}
- </a>
- </h:column>
- <f:facet name="footer">
- REST URL for all members:
- <a href="#{request.contextPath}/rest/members">
- /rest/members
- </a>
- </f:facet>
- </h:dataTable>
- </ui:define>
-</ui:composition>
-
-------------------------------------------------------------------------
-<1> The JSF form allows us to register new users. There should be one already created when the application started.
-<2> The application uses Bean Validation to validate data entry. The error messages from Bean Validation are automatically attached to the relevant field by JSF, and adding a messages JSF component will display them.
-<3> This application exposes REST endpoints for each registered member. The application helpfully displays the URL to the REST endpoint on this page.
-
-Next, let's take a look at the Member entity, before we look at how the application is wired together:
-
-.src/main/java/org/jboss/as/quickstarts/kitchensink/model/Member.java
-[source,java]
-------------------------------------------------------------------------
-SuppressWarnings("serial")
-@Entity (1)
-@XmlRootElement (2)
-@Table(uniqueConstraints = @UniqueConstraint(columnNames = "email"))
-public class Member implements Serializable {
-
- @Id
- @GeneratedValue
- private Long id;
-
- @NotNull
- @Size(min = 1, max = 25)
- @Pattern(regexp = "[A-Za-z ]*",
- message = "must contain only letters and spaces") (3)
- private String name;
-
- @NotNull
- @NotEmpty
- @Email (4)
- private String email;
-
- @NotNull
- @Size(min = 10, max = 12)
- @Digits(fraction = 0, integer = 12) (5)
- @Column(name = "phone_number")
- private String phoneNumber;
-
- public Long getId() {
- return id;
- }
-
- public void setId(Long id) {
- this.id = id;
- }
-
- public String getName() {
- return name;
- }
-
- public void setName(String name) {
- this.name = name;
- }
-
- public String getEmail() {
- return email;
- }
-
- public void setEmail(String email) {
- this.email = email;
- }
-
- public String getPhoneNumber() {
- return phoneNumber;
- }
-
- public void setPhoneNumber(String phoneNumber) {
- this.phoneNumber = phoneNumber;
- }
-}
-------------------------------------------------------------------------
-<1> As usual with JPA, we define that the class is an entity by adding @Entity
-<2> Members are exposed as a RESTful service using JAX-RS. We can use JAXB to map the object to XML and to do this we need to add @XmlRootElement
-<3> Bean Validation allows constraints to be defined once (on the entity) and applied everywhere. Here we constrain the person's name to a certain size and regular expression
-<4> Hibernate Validator also offers some extra validations such as @Email
-<5> @Digits , @NotNull and @Size are further examples of constraints
-
-Let's take a look at `MemberRepository`, which is responsible for interactions with the persistence layer:
-
-.src/main/java/org/jboss/as/quickstarts/kitchensink/data/MemberRepository.java
-[source,java]
-------------------------------------------------------------------------
-@ApplicationScoped (1)
-public class MemberRepository {
-
- @Inject (2)
- private EntityManager em;
-
- public Member findById(Long id) {
- return em.find(Member.class, id);
- }
-
- public Member findByEmail(String email) {
- CriteriaBuilder cb = em.getCriteriaBuilder(); (3)
- CriteriaQuery<Member> c = cb.createQuery(Member.class);
- Root<Member> member = c.from(Member.class);
- c.select(member).where(cb.equal(member.get("email"), email));
- return em.createQuery(c).getSingleResult();
- }
-
- public List<Member> findAllOrderedByName() {
- CriteriaBuilder cb = em.getCriteriaBuilder();
- CriteriaQuery<Member> criteria = cb.createQuery(Member.class);
- Root<Member> member = criteria.from(Member.class);
- criteria.select(member).orderBy(cb.asc(member.get("name")));
- return em.createQuery(criteria).getResultList(); (4)
- }
-}
-------------------------------------------------------------------------
-<1> The bean is application scoped, as it is a singleton
-<2> The entity manager is injected, to allow interaction with JPA
-<3> The JPA criteria api is used to load a member by their unique identifier, their email address
-<4> The criteria api can also be used to load lists of entities
-
-Let's take a look at `MemberListProducer`, which is responsible for managing the list of registered members.
-
-.src/main/java/org/jboss/as/quickstarts/kitchensink/data/MemberListProducer.java
-[source,java]
-------------------------------------------------------------------------
-@RequestScoped (1)
-public class MemberListProducer {
-
- @Inject (2)
- private MemberRepository memberRepository;
-
- private List<Member> members;
-
- // @Named provides access the return value via the EL variable
- // name "members" in the UI (e.g. Facelets or JSP view)
- @Produces (3)
- @Named
- public List<Member> getMembers() {
- return members;
- }
-
- public void onMemberListChanged( (4)
- @Observes(notifyObserver = Reception.IF_EXISTS)
- final Member member) {
- retrieveAllMembersOrderedByName();
- }
-
- @PostConstruct
- public void retrieveAllMembersOrderedByName() {
- members = memberRepository.findAllOrderedByName();
- }
-}
-------------------------------------------------------------------------
-<1> This bean is request scoped, meaning that any fields (such as members ) will be stored for the entire request
-<2> The `MemberRepository` is responsible or interactions with the persistence layer
-<3> The list of members is exposed as a producer method, it's also available via EL
-<4> The observer method is notified whenever a member is created, removed, or updated. This allows us to refresh the list of members whenever they are needed. This is a good approach as it allows us to cache the list of members, but keep it up to date at the same time
-
-Let's now look at MemberRegistration, the service that allows us to create new members:
-
-.src/main/java/org/jboss/as/quickstarts/kitchensink/service/MemberRegistration.java
-[source,java]
-------------------------------------------------------------------------
-@Stateless (1)
-public class MemberRegistration {
-
- @Inject (2)
- private Logger log;
-
- @Inject
- private EntityManager em;
-
- @Inject
- private Event<Member> memberEventSrc;
-
- public void register(Member member) throws Exception {
- log.info("Registering " + member.getName());
- em.persist(member);
- memberEventSrc.fire(member); (3)
- }
-}
-------------------------------------------------------------------------
-<1> This bean requires transactions as it needs to write to the database. Making this an EJB gives us access to declarative transactions - much simpler than manual transaction control!
-<2> Here we inject a JDK logger, defined in the `Resources` class
-<3> An event is sent every time a member is updated. This allows other pieces of code (in this quickstart the member list is refreshed) to react to changes in the member list without any coupling to this class.
-
-Now, let's take a look at the `Resources` class, which provides resources such as the entity manager. CDI recommends using "resource producers", as we do in this quickstart, to alias resources to CDI beans, allowing for a consistent style throughout our application:
-
-.src/main/java/org/jboss/as/quickstarts/kitchensink/util/Resources.java
-[source,java]
-------------------------------------------------------------------------
-public class Resources {
- // use @SuppressWarnings to tell IDE to ignore warnings about
- // field not being referenced directly
- @SuppressWarnings("unused") (1)
- @Produces
- @PersistenceContext
- private EntityManager em;
-
- @Produces (2)
- public Logger produceLog(InjectionPoint injectionPoint) {
- return Logger.getLogger(injectionPoint.getMember()
- .getDeclaringClass()
- .getName());
- }
-
- @Produces (3)
- @RequestScoped
- public FacesContext produceFacesContext() {
- return FacesContext.getCurrentInstance();
- }
-
-}
-------------------------------------------------------------------------
-<1> We use the "resource producer" pattern, from CDI, to "alias" the old fashioned `@PersistenceContext` injection of the entity manager to a CDI style injection. This allows us to use a consistent injection style (`@Inject`) throughout the application.
-<2> We expose a JDK logger for injection. In order to save a bit more boiler plate, we automatically set the logger category as the class name!
-<3> We expose the `FacesContext` via a producer method, which allows it to be injected. If we were adding tests, we could also then mock it out.
-
-If you want to define your own datasource, take a look at the link:http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/6/html/Administration_and_Configuration_Guide/index.html[Administration and Configuration Guide for JBoss Enterprise Application Platform 6] or the link:https://docs.jboss.org/author/display/AS71/Getting+Started+Guide[Getting Started Guide].
-
-Of course, we need to allow JSF to interact with the services. The `MemberController` class is responsible for this:
-
-.src/main/java/org/jboss/as/quickstarts/kitchensink/controller/MemberController.java
-[source,java]
-------------------------------------------------------------------------
-@Model (1)
-public class MemberController {
-
- @Inject (2)
- private FacesContext facesContext;
-
- @Inject (3)
- private MemberRegistration memberRegistration;
-
- @Produces (4)
- @Named
- private Member newMember;
-
- @PostConstruct (5)
- public void initNewMember() {
- newMember = new Member();
- }
-
- public void register() throws Exception {
- try {
- memberRegistration.register(newMember); (6)
- FacesMessage m =
- new FacesMessage(FacesMessage.SEVERITY_INFO,
- "Registered!",
- "Registration successful");
- facesContext.addMessage(null, m); (7)
- initNewMember(); (8)
- } catch (Exception e) {
- String errorMessage = getRootErrorMessage(e);
- FacesMessage m =
- new FacesMessage(FacesMessage.SEVERITY_ERROR,
- errorMessage,
- "Registration unsuccessful");
- facesContext.addMessage(null, m);
- }
- }
-
- private String getRootErrorMessage(Exception e) {
- // Default to general error message that registration failed.
- String errorMessage = "Registration failed. See server log for more information";
- if (e == null) {
- // This shouldn't happen, but return the default messages
- return errorMessage;
- }
-
- // Start with the exception and recurse to find the root cause
- Throwable t = e;
- while (t != null) {
- // Get the message from the Throwable class instance
- errorMessage = t.getLocalizedMessage();
- t = t.getCause();
- }
- // This is the root cause message
- return errorMessage;
- }
-
-}
-------------------------------------------------------------------------
-<1> The `MemberController` class uses the `@Model` stereotype, which adds `@Named` and `@RequestScoped` to the class
-<2> The `FacesContext` is injected, so that messages can be sent to the user
-<3> The `MemberRegistration` bean is injected, to allow the controller to interact with the database
-<4> The `Member` class is exposed using a named producer field, which allows access from JSF. Note that that the named producer field has dependent scope, so every time it is injected, the field will be read
-<5> The `@PostConstruct` annotation causes a new member object to be placed in the `newMember` field when the bean is instantiated
-<6> When the register method is called, the `newMember` object is passed to the persistence service
-<7> We also send a message to the user, to give them feedback on their actions
-<8> Finally, we replace the `newMember` with a new object, thus blanking out the data the user has added so far. This works as the producer field is dependent scoped
-
-Before we wrap up our tour of the kitchensink application, let's take a look at how the JAX-RS endpoints are created. Firstly, `JaxRSActivator`, which extends `Application` and is annotated with `@ApplicationPath`, is the Jakarta EE "no XML" approach to activating JAX-RS.
-
-.src/main/java/org/jboss/as/quickstarts/kitchensink/rest/JaxRsActivator.java
-[source,java]
-------------------------------------------------------------------------
-@ApplicationPath("/rest")
-public class JaxRsActivator extends Application {
- /* class body intentionally left blank */
-}
-------------------------------------------------------------------------
-
-The real work goes in `MemberResourceRESTService`, which produces the endpoint:
-
-.src/main/java/org/jboss/as/quickstarts/kitchensink/rest/MemberResourceRESTService.java
-[source,java]
-------------------------------------------------------------------------
-@Path("/members") (1)
-@RequestScoped (2)
-public class MemberResourceRESTService {
-
- @Inject (3)
- private Logger log;
-
- @Inject (4)
- private Validator validator;
-
- @Inject (5)
- private MemberRepository repository;
-
- @Inject (6)
- private MemberRegistration registration;
-
- @GET (7)
- @Produces(MediaType.APPLICATION_JSON)
- public List<Member> listAllMembers() {
- return repository.findAllOrderedByName();
- }
-
- @GET (8)
- @Path("/{id:[0-9][0-9]*}")
- @Produces(MediaType.APPLICATION_JSON)
- public Member lookupMemberById(@PathParam("id") long id) {
- Member member = repository.findById(id);
- if (member == null) {
- throw new
- WebApplicationException(Response.Status.NOT_FOUND);
- }
- return member;
- }
-
- /**
- * Creates a new member from the values provided. Performs
- * validation, and will return a JAX-RS response with either
- * 200 ok, or with a map of fields, and related errors.
- */
- @POST
- @Consumes(MediaType.APPLICATION_JSON)
- @Produces(MediaType.APPLICATION_JSON)
- public Response createMember(Member member) { (9)
- Response.ResponseBuilder builder = null;
-
- try {
- // Validates member using bean validation
- validateMember(member); (10)
-
- registration.register(member); (11)
-
- //Create an "ok" response
- builder = Response.ok();
- } catch (ConstraintViolationException ce) { (12)
- //Handle bean validation issues
- builder = createViolationResponse(
- ce.getConstraintViolations());
- } catch (ValidationException e) {
- //Handle the unique constrain violation
- Map<String, String> responseObj =
- new HashMap<String, String>();
- responseObj.put("email", "Email taken");
- builder = Response.status(Response.Status.CONFLICT)
- .entity(responseObj);
- } catch (Exception e) {
- // Handle generic exceptions
- Map<String, String> responseObj
- = new HashMap<String, String>();
- responseObj.put("error", e.getMessage());
- builder = Response.status(Response.Status.BAD_REQUEST)
- .entity(responseObj);
- }
-
- return builder.build();
- }
-
-
- /**
- * <p>
- * Validates the given Member variable and throws validation
- * exceptions based on the type of error. If the error is
- * standard bean validation errors then it will throw a
- * ConstraintValidationException with the set of the
- * constraints violated.
- * </p>
- * <p>
- * If the error is caused because an existing member with the
- * same email is registered it throws a regular validation
- * exception so that it can be interpreted separately.
- * </p>
- *
- * @param member Member to be validated
- * @throws ConstraintViolationException
- * If Bean Validation errors exist
- * @throws ValidationException
- * If member with the same email already exists
- */
- private void validateMember(Member member)
- throws ConstraintViolationException,
- ValidationException {
- //Create a bean validator and check for issues.
- Set<ConstraintViolation<Member>> violations =
- validator.validate(member);
-
- if (!violations.isEmpty()) {
- throw new ConstraintViolationException(
- new HashSet<ConstraintViolation<?>>(violations));
- }
-
- //Check the uniqueness of the email address
- if (emailAlreadyExists(member.getEmail())) {
- throw new ValidationException("Unique Email Violation");
- }
- }
-
- /**
- * Creates a JAX-RS "Bad Request" response including a map of
- * all violation fields, and their message. This can then be
- * used by clients to show violations.
- *
- * @param violations A set of violations that needs to be
- * reported
- * @return JAX-RS response containing all violations
- */
- private Response.ResponseBuilder createViolationResponse
- (Set<ConstraintViolation<?>> violations) {
- log.fine("Validation completed. violations found: "
- + violations.size());
-
- Map<String, String> responseObj =
- new HashMap<String, String>();
-
- for (ConstraintViolation<?> violation : violations) {
- responseObj.put(violation.getPropertyPath().toString(),
- violation.getMessage());
- }
-
- return Response.status(Response.Status.BAD_REQUEST)
- .entity(responseObj);
- }
-
- /**
- * Checks if a member with the same email address is already
- * registered. This is the only way to easily capture the
- * "@UniqueConstraint(columnNames = "email")" constraint from
- * the Member class.
- *
- * @param email The email to check
- * @return True if the email already exists, and false
- otherwise
- */
- public boolean emailAlreadyExists(String email) {
- Member member = null;
- try {
- member = repository.findByEmail(email);
- } catch (NoResultException e) {
- // ignore
- }
- return member != null;
- }
-}
-------------------------------------------------------------------------
-<1> The `@Path` annotation tells JAX-RS that this class provides a REST endpoint mapped to `rest/members` (concatenating the path from the activator with the path for this endpoint).
-<2> The bean is request scoped, as JAX-RS interactions typically don't hold state between requests
-<3> JAX-RS endpoints are CDI enabled, and can use CDI-style injection.
-<4> CDI allows us to inject a Bean Validation `Validator` instance, which is used to validate the POSTed member before it is persisted
-<5> `MemberRegistration` is injected to allow us to alter the member database
-<6> `MemberRepository` is injected to allow us to query the member database
-<7> The `listAllMembers()` method is called when the raw endpoint is accessed and offers up a list of endpoints. Notice that the object is automatically marshalled to JSON by RESTEasy (the JAX-RS implementation included in JBoss WildFly).
-<8> The `lookupMemberById()` method is called when the endpoint is accessed with a member id parameter appended (for example `rest/members/1)`. Again, the object is automatically marshalled to JSON by RESTEasy.
-<9> `createMember()` is called when a POST is performed on the URL. Once again, the object is automatically unmarshalled from JSON.
-<10> In order to ensure that the member is valid, we call the `validateMember` method, which validates the object, and adds any constraint violations to the response. These can then be handled on the client side, and displayed to the user
-<11> The object is then passed to the `MemberRegistration` service to be persisted
-<12> We then handle any remaining issues with validating the object, which are raised when the object is persisted
-
-
-Arquillian
-~~~~~~~~~~
-
-If you've been following along with the Test Driven Development craze of the past few years, you're probably getting a bit nervous by now, wondering how on earth you are going to test your application. Lucky for you, the Arquillian project is here to help!
-
-Arquillian provides all the boiler plate for running your test inside JBoss WildFly, allowing you to concentrate on testing your application. In order to do that, it utilizes Shrinkwrap, a fluent API for defining packaging, to create an archive to deploy. We'll go through the testcase, and how you configure Arquillian in just a moment, but first let's run the test.
-
-Before we start, we need to let Arquillian know the path to our server. Open up `src/test/resources/arquillian.xml`, uncomment the `<configuration>` elements, and set the `jbossHome` property to the path to the server:
-
-image:gfx/eclipse_arquillian_0.png[]
-
-Now, make sure the server is not running (so that the instance started for running the test does not interfere), and then run the tests from the command line by typing:
-
- mvn clean test -Parq-managed
-
-You should see the server start up, a `test.war` deployed, test executed, and then the results displayed to you on the console:
-
-------------------------------------------------------------------------
-$ > mvn clean test -Parq-managed
-
-
-[INFO] Scanning for projects...
-[INFO]
-[INFO] ------------------------------------------------------------------------
-[INFO] Building WildFly Quickstarts: Kitchensink 7.0.0-SNAPSHOT
-[INFO] ------------------------------------------------------------------------
-[INFO]
-[INFO] --- maven-clean-plugin:2.4.1:clean (default-clean) @ wildfly-kitchensink ---
-[INFO] Deleting /Users/pmuir/workspace/wildfly-docs/quickstarts/kitchensink/target
-[INFO]
-[INFO] --- maven-resources-plugin:2.4.3:resources (default-resources) @ wildfly-kitchensink ---
-[INFO] Using 'UTF-8' encoding to copy filtered resources.
-[INFO] Copying 2 resources
-[INFO]
-[INFO] --- maven-compiler-plugin:2.3.1:compile (default-compile) @ wildfly-kitchensink ---
-[INFO] Compiling 6 source files to /Users/pmuir/workspace/wildfly-docs/quickstarts/kitchensink/target/classes
-[INFO]
-[INFO] --- maven-resources-plugin:2.4.3:testResources (default-testResources) @ wildfly-kitchensink ---
-[INFO] Using 'UTF-8' encoding to copy filtered resources.
-[INFO] Copying 1 resource
-[INFO]
-[INFO] --- maven-compiler-plugin:2.3.1:testCompile (default-testCompile) @ wildfly-kitchensink ---
-[INFO] Compiling 1 source file to /Users/pmuir/workspace/wildfly-docs/quickstarts/kitchensink/target/test-classes
-[INFO]
-[INFO] --- maven-surefire-plugin:2.7.2:test (default-test) @ wildfly-kitchensink ---
-[INFO] Surefire report directory: /Users/pmuir/workspace/wildfly-docs/quickstarts/kitchensink/target/surefire-reports
-
--------------------------------------------------------
- T E S T S
--------------------------------------------------------
-Running org.jboss.as.quickstarts.kitchensink.test.MemberRegistrationTest
-Jun 25, 2011 7:17:49 PM org.jboss.arquillian.container.impl.client.container.ContainerRegistryCreator getActivatedConfiguration
-INFO: Could not read active container configuration: null
-log4j:WARN No appenders could be found for logger (org.jboss.remoting).
-log4j:WARN Please initialize the log4j system properly.
-Jun 25, 2011 7:17:54 PM org.jboss.as.arquillian.container.managed.ManagedDeployableContainer startInternal
-INFO: Starting container with: [java, -Djboss.home.dir=/Users/pmuir/development/jboss, -Dorg.jboss.boot.log.file=/Users/pmuir/development/jboss/standalone/log/boot.log, -Dlogging.configuration=file:/Users/pmuir/development/jboss/standalone/configuration/logging.properties, -jar, /Users/pmuir/development/jboss/jboss-modules.jar, -mp, /Users/pmuir/development/jboss/modules, -logmodule, org.jboss.logmanager, -jaxpmodule, javax.xml.jaxp-provider, org.jboss.as.standalone, -server-config, standalone.xml]
-19:17:55,107 INFO [org.jboss.modules] JBoss Modules version 1.0.0.CR4
-19:17:55,329 INFO [org.jboss.msc] JBoss MSC version 1.0.0.CR2
-19:17:55,386 INFO [org.jboss.as] JBoss WildFly.0.0.Beta4-SNAPSHOT "(TBD)" starting
-19:17:56,159 INFO [org.jboss.as] creating http management service using network interface (management) port (9990) securePort (-1)
-19:17:56,181 INFO [org.jboss.as.logging] Removing bootstrap log handlers
-19:17:56,189 INFO [org.jboss.as.naming] (Controller Boot Thread) Activating Naming Subsystem
-19:17:56,203 INFO [org.jboss.as.naming] (MSC service thread 1-4) Starting Naming Service
-19:17:56,269 INFO [org.jboss.as.security] (Controller Boot Thread) Activating Security Subsystem
-19:17:56,305 INFO [org.jboss.remoting] (MSC service thread 1-1) JBoss Remoting version 3.2.0.Beta2
-19:17:56,317 INFO [org.xnio] (MSC service thread 1-1) XNIO Version 3.0.0.Beta3
-19:17:56,331 INFO [org.xnio.nio] (MSC service thread 1-1) XNIO NIO Implementation Version 3.0.0.Beta3
-19:17:56,522 INFO [org.jboss.as.connector.subsystems.datasources] (Controller Boot Thread) Deploying JDBC-compliant driver class org.h2.Driver (version 1.2)
-19:17:56,572 INFO [org.apache.catalina.core.AprLifecycleListener] (MSC service thread 1-7) The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: .:/Library/Java/Extensions:/System/Library/Java/Extensions:/usr/lib/java
-19:17:56,627 INFO [org.jboss.as.remoting] (MSC service thread 1-3) Listening on /127.0.0.1:9999
-19:17:56,641 INFO [org.jboss.as.jmx.JMXConnectorService] (MSC service thread 1-2) Starting remote JMX connector
-19:17:56,705 INFO [org.jboss.as.ee] (Controller Boot Thread) Activating EE subsystem
-19:17:56,761 INFO [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-7) Starting Coyote HTTP/1.1 on http--127.0.0.1-8080
-19:17:56,793 INFO [org.jboss.as.connector] (MSC service thread 1-3) Starting JCA Subsystem (JBoss IronJacamar 1.0.0.CR2)
-19:17:56,837 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-2) Bound data source [java:jboss/datasources/ExampleDS]
-19:17:57,335 INFO [org.jboss.as.server.deployment] (MSC service thread 1-1) Starting deployment of "arquillian-service"
-19:17:57,348 INFO [org.jboss.as.deployment] (MSC service thread 1-7) Started FileSystemDeploymentService for directory /Users/pmuir/development/jboss/standalone/deployments
-19:17:57,693 INFO [org.jboss.as] (Controller Boot Thread) JBoss WildFly.0.0.Beta4-SNAPSHOT "(TBD)" started in 2806ms - Started 111 of 138 services (27 services are passive or on-demand)
-19:18:00,596 INFO [org.jboss.as.server.deployment] (MSC service thread 1-6) Stopped deployment arquillian-service in 8ms
-19:18:01,394 INFO [org.jboss.as.server.deployment] (pool-2-thread-7) Content added at location /Users/pmuir/development/jboss/standalone/data/content/0a/9e20b7bc978fd2778b89c7c06e4d3e1f308dfe/content
-19:18:01,403 INFO [org.jboss.as.server.deployment] (MSC service thread 1-7) Starting deployment of "arquillian-service"
-19:18:01,650 INFO [org.jboss.as.server.deployment] (pool-2-thread-6) Content added at location /Users/pmuir/development/jboss/standalone/data/content/94/8324ab8f5a693c67fa57b59323304d3947bbf6/content
-19:18:01,659 INFO [org.jboss.as.server.deployment] (MSC service thread 1-5) Starting deployment of "test.war"
-19:18:01,741 INFO [org.jboss.jpa] (MSC service thread 1-7) read persistence.xml for primary
-19:18:01,764 INFO [org.jboss.weld] (MSC service thread 1-3) Processing CDI deployment: test.war
-19:18:01,774 INFO [org.jboss.as.ejb3.deployment.processors.EjbJndiBindingsDeploymentUnitProcessor] (MSC service thread 1-3) JNDI bindings for session bean named MemberRegistration in deployment unit deployment "test.war" are as follows:
-
- java:global/test/MemberRegistration!org.jboss.as.quickstarts.kitchensink.controller.MemberRegistration
- java:app/test/MemberRegistration!org.jboss.as.quickstarts.kitchensink.controller.MemberRegistration
- java:module/MemberRegistration!org.jboss.as.quickstarts.kitchensink.controller.MemberRegistration
- java:global/test/MemberRegistration
- java:app/test/MemberRegistration
- java:module/MemberRegistration
-
-19:18:01,908 INFO [org.jboss.weld] (MSC service thread 1-5) Starting Services for CDI deployment: test.war
-19:18:02,131 INFO [org.jboss.weld.Version] (MSC service thread 1-5) WELD-000900 1.1.1 (Final)
-19:18:02,169 INFO [org.jboss.weld] (MSC service thread 1-2) Starting weld service
-19:18:02,174 INFO [org.jboss.as.arquillian] (MSC service thread 1-3) Arquillian deployment detected: ArquillianConfig[service=jboss.arquillian.config."test.war",unit=test.war,tests=[org.jboss.as.quickstarts.kitchensink.test.MemberRegistrationTest]]
-19:18:02,179 INFO [org.jboss.jpa] (MSC service thread 1-6) starting Persistence Unit Service 'test.war#primary'
-19:18:02,322 INFO [org.hibernate.annotations.common.Version] (MSC service thread 1-6) Hibernate Commons Annotations 3.2.0.Final
-19:18:02,328 INFO [org.hibernate.cfg.Environment] (MSC service thread 1-6) HHH00412:Hibernate [WORKING]
-19:18:02,330 INFO [org.hibernate.cfg.Environment] (MSC service thread 1-6) HHH00206:hibernate.properties not found
-19:18:02,332 INFO [org.hibernate.cfg.Environment] (MSC service thread 1-6) HHH00021:Bytecode provider name : javassist
-19:18:02,354 INFO [org.hibernate.ejb.Ejb3Configuration] (MSC service thread 1-6) HHH00204:Processing PersistenceUnitInfo [
- name: primary
- ...]
-19:18:02,400 WARN [org.hibernate.cfg.AnnotationBinder] (MSC service thread 1-6) HHH00194:Package not found or wo package-info.java: org.jboss.as.quickstarts.kitchensink.test
-19:18:02,400 WARN [org.hibernate.cfg.AnnotationBinder] (MSC service thread 1-6) HHH00194:Package not found or wo package-info.java: org.jboss.as.quickstarts.kitchensink.controller
-19:18:02,401 WARN [org.hibernate.cfg.AnnotationBinder] (MSC service thread 1-6) HHH00194:Package not found or wo package-info.java: org.jboss.as.quickstarts.kitchensink.util
-19:18:02,401 WARN [org.hibernate.cfg.AnnotationBinder] (MSC service thread 1-6) HHH00194:Package not found or wo package-info.java: org.jboss.as.quickstarts.kitchensink.model
-19:18:02,592 INFO [org.hibernate.service.jdbc.connections.internal.ConnectionProviderInitiator] (MSC service thread 1-6) HHH00130:Instantiating explicit connection provider: org.hibernate.ejb.connection.InjectedDataSourceConnectionProvider
-19:18:02,852 INFO [org.hibernate.dialect.Dialect] (MSC service thread 1-6) HHH00400:Using dialect: org.hibernate.dialect.H2Dialect
-19:18:02,858 WARN [org.hibernate.dialect.H2Dialect] (MSC service thread 1-6) HHH00431:Unable to determine H2 database version, certain features may not work
-19:18:02,862 INFO [org.hibernate.engine.jdbc.internal.LobCreatorBuilder] (MSC service thread 1-6) HHH00423:Disabling contextual LOB creation as JDBC driver reported JDBC version [3] less than 4
-19:18:02,870 INFO [org.hibernate.engine.transaction.internal.TransactionFactoryInitiator] (MSC service thread 1-6) HHH00268:Transaction strategy: org.hibernate.engine.transaction.internal.jta.CMTTransactionFactory
-19:18:02,874 INFO [org.hibernate.hql.internal.ast.ASTQueryTranslatorFactory] (MSC service thread 1-6) HHH00397:Using ASTQueryTranslatorFactory
-19:18:02,911 INFO [org.hibernate.validator.util.Version] (MSC service thread 1-6) Hibernate Validator 4.1.0.Final
-19:18:02,917 INFO [org.hibernate.validator.engine.resolver.DefaultTraversableResolver] (MSC service thread 1-6) Instantiated an instance of org.hibernate.validator.engine.resolver.JPATraversableResolver.
-19:18:03,079 INFO [org.hibernate.tool.hbm2ddl.SchemaExport] (MSC service thread 1-6) HHH00227:Running hbm2ddl schema export
-19:18:03,093 INFO [org.hibernate.tool.hbm2ddl.SchemaExport] (MSC service thread 1-6) HHH00230:Schema export complete
-19:18:03,217 INFO [org.jboss.web] (MSC service thread 1-5) registering web context: /test
-19:18:03,407 WARN [org.jboss.weld.Bean] (RMI TCP Connection(3)-127.0.0.1) WELD-000018 Executing producer field or method [method] @Produces public org.jboss.as.quickstarts.kitchensink.test.MemberRegistrationTest.produceLog(InjectionPoint) on incomplete declaring bean Managed Bean [class org.jboss.as.quickstarts.kitchensink.test.MemberRegistrationTest] with qualifiers [@Any @Default] due to circular injection
-19:18:03,427 WARN [org.jboss.weld.Bean] (RMI TCP Connection(3)-127.0.0.1) WELD-000018 Executing producer field or method [method] @Produces public org.jboss.as.quickstarts.kitchensink.test.MemberRegistrationTest.produceLog(InjectionPoint) on incomplete declaring bean Managed Bean [class org.jboss.as.quickstarts.kitchensink.test.MemberRegistrationTest] with qualifiers [@Any @Default] due to circular injection
-19:18:03,450 WARN [org.jboss.as.ejb3.component.EJBComponent] (RMI TCP Connection(3)-127.0.0.1) EJBTHREE-2120: deprecated getTransactionAttributeType method called (dev problem)
-19:18:03,459 INFO [org.jboss.as.quickstarts.kitchensink.controller.MemberRegistration] (RMI TCP Connection(3)-127.0.0.1) Registering Jane Doe
-19:18:03,616 INFO [org.jboss.as.quickstarts.kitchensink.test.MemberRegistrationTest] (RMI TCP Connection(3)-127.0.0.1) Jane Doe was persisted with id 1
-19:18:03,686 INFO [org.jboss.jpa] (MSC service thread 1-1) stopping Persistence Unit Service 'test.war#primary'
-19:18:03,687 INFO [org.hibernate.tool.hbm2ddl.SchemaExport] (MSC service thread 1-1) HHH00227:Running hbm2ddl schema export
-19:18:03,690 INFO [org.jboss.weld] (MSC service thread 1-3) Stopping weld service
-19:18:03,692 INFO [org.hibernate.tool.hbm2ddl.SchemaExport] (MSC service thread 1-1) HHH00230:Schema export complete
-19:18:03,704 INFO [org.jboss.as.server.deployment] (MSC service thread 1-8) Stopped deployment test.war in 52ms
-Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 14.859 sec
-
-Results :
-
-Tests run: 1, Failures: 0, Errors: 0, Skipped: 0
-
-[INFO] ------------------------------------------------------------------------
-[INFO] BUILD SUCCESS
-[INFO] ------------------------------------------------------------------------
-[INFO] Total time: 22.305s
-[INFO] Finished at: Sat Jun 25 19:18:04 BST 2011
-[INFO] Final Memory: 17M/125M
-[INFO] ------------------------------------------------------------------------
-
-------------------------------------------------------------------------
-
-As you can see, that didn't take too long (approximately 15s), and is great for running in your QA environment, but if you running locally, you might prefer to connect to a running server. To do that, start up JBoss WildFly (as described in <<GettingStarted-, Getting Started with JBoss Enterprise Application Platform of WildFly>>. Now, run your test, but use the `arq-wildfly-remote` profile:
-
- mvn clean test -Parq-remote
-
-------------------------------------------------------------------------
-$ > mvn clean test -Parq-remote
-
-
-[INFO] Scanning for projects...
-[INFO]
-[INFO] ------------------------------------------------------------------------
-[INFO] Building WildFly Quickstarts: Kitchensink 7.0.0-SNAPSHOT
-[INFO] ------------------------------------------------------------------------
-[INFO]
-[INFO] --- maven-clean-plugin:2.4.1:clean (default-clean) @ wildfly-kitchensink ---
-[INFO] Deleting /Users/pmuir/workspace/wildfly-docs/quickstarts/kitchensink/target
-[INFO]
-[INFO] --- maven-resources-plugin:2.4.3:resources (default-resources) @ wildfly-kitchensink ---
-[INFO] Using 'UTF-8' encoding to copy filtered resources.
-[INFO] Copying 2 resources
-[INFO]
-[INFO] --- maven-compiler-plugin:2.3.1:compile (default-compile) @ wildfly-kitchensink ---
-[INFO] Compiling 6 source files to /Users/pmuir/workspace/wildfly-docs/quickstarts/kitchensink/target/classes
-[INFO]
-[INFO] --- maven-resources-plugin:2.4.3:testResources (default-testResources) @ wildfly-kitchensink ---
-[INFO] Using 'UTF-8' encoding to copy filtered resources.
-[INFO] Copying 1 resource
-[INFO]
-[INFO] --- maven-compiler-plugin:2.3.1:testCompile (default-testCompile) @ wildfly-kitchensink ---
-[INFO] Compiling 1 source file to /Users/pmuir/workspace/wildfly-docs/quickstarts/kitchensink/target/test-classes
-[INFO]
-[INFO] --- maven-surefire-plugin:2.7.2:test (default-test) @ wildfly-kitchensink ---
-[INFO] Surefire report directory: /Users/pmuir/workspace/wildfly-docs/quickstarts/kitchensink/target/surefire-reports
-
-------------------------------------------------------
- T E S T S
--------------------------------------------------------
-Running org.jboss.as.quickstarts.kitchensink.test.MemberRegistrationTest
-Jun 25, 2011 7:22:28 PM org.jboss.arquillian.container.impl.client.container.ContainerRegistryCreator getActivatedConfiguration
-INFO: Could not read active container configuration: null
-log4j:WARN No appenders could be found for logger (org.jboss.as.arquillian.container.MBeanServerConnectionProvider).
-log4j:WARN Please initialize the log4j system properly.
-Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 4.13 sec
-
-Results :
-
-Tests run: 1, Failures: 0, Errors: 0, Skipped: 0
-
-[INFO] ------------------------------------------------------------------------
-[INFO] BUILD SUCCESS
-[INFO] ------------------------------------------------------------------------
-[INFO] Total time: 10.474s
-[INFO] Finished at: Sat Jun 25 19:22:33 BST 2011
-[INFO] Final Memory: 17M/125M
-[INFO] ------------------------------------------------------------------------
-$ >
-------------------------------------------------------------------------
-
-
-[IMPORTANT]
-========================================================================
-Arquillian defines two modes, _managed_ and _remote_ . The _managed_
-mode will take care of starting and stopping the server for you, whilst
-the _remote_ mode connects to an already running server.
-========================================================================
-
-This time you can see the test didn't start the server (if you check the instance you started, you will see the application was deployed there), and the test ran a lot faster (approximately 4s).
-
-We can also run the test from Eclipse, in both managed and remote modes. First, we'll run in in managed mode. In order to set up the correct dependencies on your classpath, right click on the project, and select Properties :
-
-image:gfx/eclipse_arquillian_1.png[]
-
-Now, locate the Maven panel:
-
-image:gfx/eclipse_arquillian_2.png[]
-
-And activate the `arq-managed` profile:
-
-image:gfx/eclipse_arquillian_3.png[]
-
-Finally, hit _Ok_, and then confirm you want to update the project configuration:
-
-image:gfx/eclipse_arquillian_4.png[]
-
-Once the project has built, locate the `MemberRegistrationTest` in `src/test/java`, right click on the test, and choose _Run As -> JUnit Test...`_:
-
-image:gfx/eclipse_arquillian_12.png[]
-
-You should see the server start in the Eclipse Console, the test be deployed, and finally the JUnit View pop up with the result (a pass of course!).
-
-We can also run the test in an already running instance of Eclipse. Simply change the active profile to `arq-remote`:
-
-image:gfx/eclipse_arquillian_11.png[]
-
-Now, make sure the server is running, right click on the test case and choose _Run As -> JUnit Test..._:
-
-image:gfx/eclipse_arquillian_12.png[]
-
-Again, you'll see the test run in the server, and the JUnit View pop up, with the test passing.
-
-So far so good, the test is running in both Eclipse and from the command line. But what does the test look like?
-
-.src/test/java/org/jboss/as/quickstarts/kitchensink/test/MemberRegistrationTest.java
-[source,java]
-------------------------------------------------------------------------
-@RunWith(Arquillian.class) (1)
-public class MemberRegistrationTest {
- @Deployment (2)
- public static Archive<?> createTestArchive() {
- return ShrinkWrap.create(WebArchive.class, "test.war")
- .addClasses(Member.class,
- MemberRegistration.class,
- Resources.class) (3)
- .addAsResource("META-INF/test-persistence.xml",
- "META-INF/persistence.xml") (4)
- .addAsWebInfResource(EmptyAsset.INSTANCE,
- "beans.xml") (5)
- // Deploy our test datasource
- .addAsWebInfResource("test-ds.xml"); (6)
- }
-
- @Inject (7)
- MemberRegistration memberRegistration;
-
- @Inject
- Logger log;
-
- @Test
- public void testRegister() throws Exception { (8)
- Member newMember = new Member();
- newMember.setName("Jane Doe");
- newMember.setEmail("jane@mailinator.com");
- newMember.setPhoneNumber("2125551234");
- memberRegistration.register(newMember);
- assertNotNull(newMember.getId());
- log.info(newMember.getName() +
- " was persisted with id " +
- newMember.getId());
- }
-
-}
-------------------------------------------------------------------------
-<1> `@RunWith(Arquillian.class)` tells JUnit to hand control over to Arquillian when executing tests
-<2> The `@Deployment` annotation identifies the `createTestArchive()` static method to Arquillian as the one to use to determine which resources and classes to deploy
-<3> We add just the classes needed for the test, no more
-<4> We also add persistence.xml as our test is going to use the database
-<5> Of course, we must add beans.xml to enable CDI
-<6> Finally, we add a test datasource, so that test data doesn't overwrite production data
-<7> Arquillian allows us to inject beans into the test case
-<8> The test method works as you would expect - creates a new member, registers them, and then verifies that the member was created
-
-As you can see, Arquillian has lived up to the promise - the test case is focused on _what_ to test (the `@Deployment` method) and _how_ to test (the `@Test` method). It's also worth noting that this isn't a simplistic unit test - this is a fully fledged integration test that uses the database.
-
-Now, let's look at how we configure Arquillian. First of all, let's take a look at `arquillian.xml` in `src/test/resources`.
-
-
-.src/test/resources/META-INF/arquillian.xml
-[source,xml]
-------------------------------------------------------------------------
-<arquillian xmlns="http://jboss.org/schema/arquillian"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://jboss.org/schema/arquillian
- http://jboss.org/schema/arquillian/arquillian_1_0.xsd">
-
- <!-- Uncomment to have test archives exported to the
- file system for inspection -->
-<!-- <engine> --> (1)
-<!-- <property name="deploymentExportPath">
- target/
- </property> -->
-<!-- </engine> -->
-
- <!-- Force the use of the Servlet 3.0 protocol with all
- containers, as it is the most mature -->
- <defaultProtocol type="Servlet 3.0" /> (2)
-
- <!-- Example configuration for a remote JBoss WildFly instance -->
- <container qualifier="jboss" default="true">
- <!-- If you want to use the JBOSS_HOME environment variable,
- just delete the jbossHome property -->
- <configuration>
- <property name="jbossHome">/path/to/wildfly</property>
- </configuration>
- </container>
-
-</arquillian>
-------------------------------------------------------------------------
-<1> Arquillian deploys the test war, and doesn't write it to disk. For debugging, it can be very useful to see exactly what is in your war, so Arquillian allows you to export the war when the tests runs
-<2> Arquillian currently needs configuring to use the Servlet protocol to connect to the server
-
-Now, we need to look at how we select between containers in the `pom.xml`:
-
-.pom.xml
-[source,xml]
-------------------------------------------------------------------------
-<profile>
- <!-- An optional Arquillian testing profile that executes tests
- in your WildFly instance -->
- <!-- This profile will start a new WildFly instance, and
- execute the test, shutting it down when done -->
- <!-- Run with: mvn clean test -Parq-managed -->
- <id>arq-wildfly-managed</id> (1)
- <dependencies>
- <dependency>
- <groupId>org.jboss.as</groupId>
- <artifactId> (2)
- wildfly-arquillian-container-managed
- </artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
-</profile>
-
-<profile>
- <!-- An optional Arquillian testing profile that executes
- tests in a remote WildFly instance -->
- <!-- Run with: mvn clean test -Parq-remote -->
- <id>arq-wildfly-remote</id>
- <dependencies>
- <dependency>
- <groupId>org.jboss.as</groupId>
- <artifactId> (3)
- wildfly-arquillian-container-remote
- </artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
-</profile>
-------------------------------------------------------------------------
-<1> The profile needs an id so we can activate from Eclipse or the command line
-<2> Arquillian decides which container to use depending on your classpath. Here we define the managed container
-<3> Arquillian decides which container to use depending on your classpath. Here we define the remote container
-
-And that's it! As you can see Arquillian delivers simple and true testing. You can concentrate on writing your test functionality, and run your tests in the same environment in which you will run your application.
-
-
-[TIP]
-========================================================================
-Arquillian also offers other containers, allowing you to run your tests
-against Weld Embedded (super fast, but your enterprise services are
-mocked), GlassFish, and more
-========================================================================
-
-That concludes our tour of the kitchensink quickstart. If you would like to use this project as a basis for your own application, you can of course copy this application sources and modify it.
-
-
-= Creating your own application
-:Author: Pete Muir
-
-[[Archetype-]]
-
-What we didn't tell you about the kitchensink quickstart is that it is generated from a Maven archetype. Using this archetype offers you the perfect opportunity to generate your own project.
-
-You can create a project from the archetype using Red Hat CodeReady Studio, or Eclipse with JBoss Tools. First, open up _JBoss Central_, if it isn't already open. Hit _Cmd-3_ (Mac) or _Ctrl-3_ (Windows, Linux) and type _JBoss Central_:
-
-image:gfx/Eclipse_JBoss_Central_1.png[]
-
-You will now be shown _JBoss Central_, an excellent place to find about all things JBoss!
-
-image:gfx/Eclipse_JBoss_Central_2.png[]
-
-To create a new project, based on the kitchensink quickstart, click on _Create Projects | Jakarta EE Web Project_:
-
-image:gfx/Eclipse_JavaEEWebProject_1.png[]
-
-Red Hat CodeReady Studio will then check that you have the necessary pre-requisites to create the project. If you are using CodeReady, then you should, otherwise, JBoss Tools will help you install the necessary pre-requisites. See link:http://jboss.org/tools[JBoss Tools] for more information.
-
-Hit _Next >_. On the next screen you can enter a project name, package for sample code, and finally select a target runtime:
-
-image:gfx/Eclipse_JavaEEWebProject_2.png[]
-
-Finally, hit _Finish_. You'll be presented with the _New Project Example_ dialog, in which you can simply hit _Finish_:
-
-image:gfx/Eclipse_JavaEEWebProject_3.png[]
-
-You should now have a brand new project:
-
-image:gfx/Eclipse_JavaEEWebProject_4.png[]
-
-Enjoy!
-
-
-To use the archetype to generate a new project, you should run:
-
- mvn archetype:generate \
- -DarchetypeArtifactId=jboss-javaee7-webapp-archetype \
- -DarchetypeGroupId=org.jboss.spec.archetypes \
- -DarchetypeVersion=7.1.1.CR2 \
-
-Maven will download the archetype and it's dependencies, and ask you some questions:
-
-------------------------------------------------------------------------
-$ > mvn archetype:generate \
- -DarchetypeArtifactId=jboss-javaee7-webapp-archetype \
- -DarchetypeGroupId=org.jboss.spec.archetypes \
- -DarchetypeVersion=7.1.1.CR2
-[INFO] Scanning for projects...
-[INFO]
-[INFO] ------------------------------------------------------------------------
-[INFO] Building Maven Stub Project (No POM) 1
-[INFO] ------------------------------------------------------------------------
-[INFO]
-
-.........
-
-Define value for property 'groupId': : com.acme.corp (1)
-Define value for property 'artifactId': : acme-sales (2)
-Define value for property 'version': 1.0-SNAPSHOT: : (3)
-Define value for property 'package': com.acme.corp: : (4)
-[INFO] Using property: name = Jakarta EE webapp project (5)
-Confirm properties configuration:
-groupId: com.acme.corp
-artifactId: acme-sales
-version: 1.0-SNAPSHOT
-package: com.acme.corp
-name: Jakarta EE webapp project
- Y: :
-[WARNING] CP Don't override file /Users/pmuir/tmp/acme-sales/.settings/org.eclipse.jdt.apt.core.prefs
-[INFO] ------------------------------------------------------------------------
-[INFO] BUILD SUCCESS
-[INFO] ------------------------------------------------------------------------
-[INFO] Total time: 14.774s
-[INFO] Finished at: Mon Jun 06 18:53:38 BST 2011
-[INFO] Final Memory: 7M/125M
-[INFO] ------------------------------------------------------------------------
-$ >
-------------------------------------------------------------------------
-<1> Enter the groupId you wish to use
-<2> Enter the artifactId you wish to use
-<3> Enter the version you wish to use, or just hit Enter if you wish to accept the default 1.0-SNAPSHOT
-<4> Enter the java package you wish to use, or just hit Enter if you wish to accept the default (which is copied from groupId ).
-<5> Finally, if you are happy with your choices, hit Enter and Maven will generate the project for you.
-
-And that's it, you now have a brand new project with the same functionality as `kitchensink`, but customized with your details.
-
-[IMPORTANT]
-========================================================================
-The archetype contains some sample code to get you started. If you
-would prefer a blank canvas, with only a project skeleton, then use
-`jboss-javaee7-webapp-blank-archetype` as your archetype id.
-========================================================================
-
-[IMPORTANT]
-.Prefer Enterprise Applications (EARs)?
-========================================================================
-The archetype generates a WAR project. With Jakarta EE, you can include
-EJBs in your WAR, meaning you won't need an EAR until you need to divide
-your code into modules. If you would like to create an EAR based project
-then use `jboss-javaee7-webapp-ear-archetype`
-as your archetype id (or if you want a blank EAR, then
-`jboss-javaee7-webapp-ear-blank-archetype`).
-========================================================================
-
-
-
-
-= More Resources
-
-[cols=","]
-|=======================================================================
-| link:Getting_Started_Guide{outfilesuffix}[Getting Started Guide] |The Getting Started Guide covers topics such as
-server layout (what you can configure where), data source definition,
-and using the web management interface.
-
-|=======================================================================
-
-:leveloffset: +1
-
-[[Developing_Jakarta_Faces_Project_Using,_Maven_and_IntelliJ]]
-= Developing Jakarta Faces Project Using JBoss AS7, Maven and IntelliJ
-
-
-JBoss AS7 is a very 'modern' application server that has very fast
-startup speed. So it's an excellent container to test your Jakarta Faces project.
-In this article, I'd like to show you how to use AS7, maven and IntelliJ
-together to develop your Jakarta Faces project.
-
-In this article I'd like to introduce the following things:
-
-* Create a project using Maven
-* Add Jakarta Faces into project
-* Writing Code
-* Add JBoss AS 7 deploy plugin into project
-* Deploy project to JBoss AS 7
-* Import project into IntelliJ
-* Add IntelliJ Jakarta Faces support to project
-* Add JBoss AS7 to IntelliJ
-* Debugging project with IntelliJ and AS7
-
-I won't explain many basic concepts about AS7, maven and IntelliJ in
-this article because there are already many good introductions on these
-topics. So before doing the real work, there some preparations should be
-done firstly:
-
-*Download JBoss AS7*
-
-It could be downloaded from here:
-https://www.jboss.org/jbossas/downloads/
-
-Using the latest release would be fine. When I'm writing this article
-the latest version is 7.1.1.Final.
-
-*Install Maven*
-
-Please make sure you have maven installed on your machine. Here is my
-environment:
-
-[source,options="nowrap"]
-----
-weli@power:~$ mvn -version
-Apache Maven 3.0.3 (r1075438; 2011-03-01 01:31:09+0800)
-Maven home: /usr/share/maven
-Java version: 1.6.0_33, vendor: Apple Inc.
-Java home: /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home
-Default locale: en_US, platform encoding: MacRoman
-OS name: "mac os x", version: "10.8", arch: "x86_64", family: "mac"
-----
-
-*Get IntelliJ*
-
-In this article I'd like to use IntelliJ Ultimate Edition as the IDE for
-development, it's a commercial software and can be downloaded from:
-https://www.jetbrains.com/idea/
-
-The version I'm using is IntelliJ IDEA Ultimate 11.1
-
-After all of these prepared, we can dive into the real work:
-
-[[create-a-project-using-maven]]
-== Create a project using Maven
-
-Use the following maven command to create a web project:
-
-[source,options="nowrap"]
-----
-mvn archetype:create -DarchetypeGroupId=org.apache.maven.archetypes \
--DarchetypeArtifactId=maven-archetype-webapp \
--DarchetypeVersion=1.0 \
--DgroupId=net.bluedash \
--DartifactId=jsfdemo \
--Dversion=1.0-SNAPSHOT
-----
-
-If everything goes fine maven will generate the project for us:
-
-image:images/jsf/8108c4f111aab2c3465472eb84cf1d9b7cf912d0.jpg[alt=jsf/8108c4f111aab2c3465472eb84cf1d9b7cf912d0.jpg]
-
-The contents of the project is shown as above.
-
-[[add-Jakarta-Faces-into-project]]
-== Add Jakarta Faces into project
-
-The Jakarta Faces library is now included in maven repo, so we can let maven to
-manage the download for us. First is to add repository into our pom.xml:
-
-[source,java,options="nowrap"]
-----
-<repository>
- <id>jvnet-nexus-releases</id>
- <name>jvnet-nexus-releases</name>
- <url>https://maven.java.net/content/repositories/releases/</url>
-</repository>
-----
-
-Then we add Jakarta Faces dependency into pom.xml:
-
-[source,xml,options="nowrap"]
-----
-<dependency>
- <groupId>jakarta.faces</groupId>
- <artifactId>jakarta.faces-api</artifactId>
- <version>4.0.1</version>
- <scope>provided</scope>
-</dependency>
-----
-
-Please note the 'scope' is 'provided', because we don't want to bundle
-the jsf.jar into the war produced by our project later, as JBoss AS7
-already have Jakarta Faces bundled in.
-
-Then we run 'mvn install' to update the project, and maven will download
-jsf-api for us automatically.
-
-[[writing-code]]
-== Writing Code
-
-Writing Jakarta Faces code in this article is trivial, so I've put written a
-project called 'jsfdemo' onto github:
-
-https://github.com/liweinan/jsfdemo
-
-Please clone this project into your local machine, and import it into
-IntelliJ following the steps described as above.
-
-[[add-jboss-as-7-deploy-plugin-into-project]]
-== Add JBoss AS 7 deploy plugin into project
-
-JBoss AS7 has provide a set of convenient maven plugins to perform daily
-tasks such as deploying project into AS7. In this step let's see how to
-use it in our project.
-
-We should put AS7's repository into pom.xml:
-
-[source,xml,options="nowrap"]
-----
-<repository>
- <id>jboss-public-repository-group</id>
- <name>JBoss Public Repository Group</name>
- <url>https://repository.jboss.org/nexus/content/groups/public/</url>
- <layout>default</layout>
- <releases>
- <enabled>true</enabled>
- <updatePolicy>never</updatePolicy>
- </releases>
- <snapshots>
- <enabled>true</enabled>
- <updatePolicy>never</updatePolicy>
- </snapshots>
-</repository>
-----
-
-And also the plugin repository:
-
-[source,java,options="nowrap"]
-----
-<pluginRepository>
- <id>jboss-public-repository-group</id>
- <name>JBoss Public Repository Group</name>
- <url>https://repository.jboss.org/nexus/content/groups/public/</url>
- <releases>
- <enabled>true</enabled>
- </releases>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
-</pluginRepository>
-----
-
-And put jboss deploy plugin into 'build' section:
-
-[source,java,options="nowrap"]
-----
-<plugin>
- <groupId>org.jboss.as.plugins</groupId>
- <artifactId>jboss-as-maven-plugin</artifactId>
- <executions>
- <execution>
- <phase>package</phase>
- <goals>
- <goal>deploy</goal>
- </goals>
- </execution>
- </executions>
-</plugin>
-----
-
-I've put the final version pom.xml here to check whether your
-modification is correct:
-
-https://github.com/liweinan/jsfdemo/blob/master/pom.xml
-
-Now we have finished the setup work for maven.
-
-[[deploy-project-to-jboss-as-7]]
-== Deploy project to JBoss AS 7
-
-To deploy the project to JBoss AS7, we should start AS7 firstly. In
-JBoss AS7 directory, run following command:
-
-[source,java,options="nowrap"]
-----
-bin/standalone.sh
-----
-
-AS7 should start in a short time. Then let's go back to our project
-directory and run maven command:
-
-[source,java,options="nowrap"]
-----
-mvn -q jboss-as:deploy
-----
-
-Maven will use some time to download necessary components for a while,
-so please wait patiently. After a while, we can see the result:
-
-image:images/jsf/97d781c6be9db755aef80a110f1d9b29590610d6.jpg[alt=jsf/97d781c6be9db755aef80a110f1d9b29590610d6.jpg]
-
-And if you check the console output of AS7, you can see the project is
-deployed:
-
-image:images/jsf/2._java.jpg[alt=jsf/2._java.jpg]
-
-Now we have learnt how to create a Jakarta Faces project and deploy it to AS7
-without any help from graphical tools. Next let's see how to use
-IntelliJ IDEA to go on developing/debugging our project.
-
-[[import-project-into-intellij]]
-== Import project into IntelliJ
-
-Now it's time to import the project into IntelliJ. Now let's open
-IntelliJ, and choose 'New Project...':
-
-image:images/jsf/05222f3059e387df96ce04d2aea156c82af15096.jpg[alt=jsf/05222f3059e387df96ce04d2aea156c82af15096.jpg]
-
-The we choose 'Import project from external model':
-
-image:images/jsf/d68a0cdbc8c90db3db8af998f34616f73c7fe809.jpg[alt=jsf/d68a0cdbc8c90db3db8af998f34616f73c7fe809.jpg]
-
-Next step is choosing 'Maven':
-
-image:images/jsf/0b3d1cb5794fb54a2465da93648b5a0d1a6643f3.jpg[alt=jsf/0b3d1cb5794fb54a2465da93648b5a0d1a6643f3.jpg]
-
-Then IntelliJ will ask you the position of the project you want to
-import. In 'Root directory' input your project's directory and leave
-other options as default:
-
-image:images/jsf/2f192d02993248c97e2ac42ea8f3105d855e5cdf.jpg[alt=jsf/2f192d02993248c97e2ac42ea8f3105d855e5cdf.jpg]
-
-For next step, just click 'Next':
-
-image:images/jsf/3a3ee36eb581930822c4a66362795345f5d2f9a7.jpg[alt=jsf/3a3ee36eb581930822c4a66362795345f5d2f9a7.jpg]
-
-Finally click 'Finish':
-
-image:images/jsf/91e40cd0b1545cff4622857d6dc9959f96faf056.jpg[alt=jsf/91e40cd0b1545cff4622857d6dc9959f96faf056.jpg]
-
-Hooray! We've imported the project into IntelliJ now icon:smile-o[role="yellow"]
-
-[[adding-intellij-Jakarta-Faces-support-to-project]]
-== Adding IntelliJ Jakarta Faces support to project
-
-Let's see how to use IntelliJ and AS7 to debug the project. First we
-need to add 'Jakarta Faces' facet into project. Open project setting:
-
-image:images/jsf/8b8d0051f4f15033f17cb859c65f2d8481914678.jpg[alt=jsf/8b8d0051f4f15033f17cb859c65f2d8481914678.jpg]
-
-Click on 'Facets' section on left; Select 'Web' facet that we already
-have, and click the '+' on top, choose 'Jakarta Faces':
-
-image:images/jsf/e6947b84a56a698ca1392a440081bddfb5cae284.jpg[alt=jsf/e6947b84a56a698ca1392a440081bddfb5cae284.jpg]
-
-Select 'Web' as parent facet:
-
-image:images/jsf/6b2296be1bb2d8a81952caef0f025a139a39b381.jpg[alt=jsf/6b2296be1bb2d8a81952caef0f025a139a39b381.jpg]
-
-Click 'Ok':
-
-image:images/jsf/9988c572bad281146f405e9287f645a3da201885.jpg[alt=jsf/9988c572bad281146f405e9287f645a3da201885.jpg]
-
-Now we have enabled IntelliJ's Jakarta Faces support for project.
-
-[[add-jboss-as7-to-intellij]]
-== Add JBoss AS7 to IntelliJ
-
-Let's add JBoss AS7 into IntelliJ and use it to debug our project. First
-please choose 'Edit Configuration' in menu tab:
-
-image:images/jsf/dc0550785aae11f9d3eb439fdc0c51069affd25d.jpg[alt=jsf/dc0550785aae11f9d3eb439fdc0c51069affd25d.jpg]
-
-Click '+' and choose 'JBoss Server' -> 'Local':
-
-image:images/jsf/1231420c938f087030cb3dcd37237b5585beb154.jpg[alt=jsf/1231420c938f087030cb3dcd37237b5585beb154.jpg]
-
-Click 'configure':
-
-image:images/jsf/d7e6ab58230b2d31fdcd8fd5f14cd4eb47b05f64.jpg[alt=jsf/d7e6ab58230b2d31fdcd8fd5f14cd4eb47b05f64.jpg]
-
-and choose your JBoss AS7:
-
-image:images/jsf/f7b29ac8009f04fc7f209222ced0bcf54f4b8d9a.jpg[alt=jsf/f7b29ac8009f04fc7f209222ced0bcf54f4b8d9a.jpg]
-
-Now we need to add our project into deployment. Click the 'Deployment'
-tab:
-
-image:images/jsf/6802fb7e29283d0e064a7cc4466b918995ba5645.jpg[alt=jsf/6802fb7e29283d0e064a7cc4466b918995ba5645.jpg]
-
-Choose 'Artifact', and add our project:
-
-image:images/jsf/359484b8f6f2c655d94132e9cb6f9dbe5a058656.jpg[alt=jsf/359484b8f6f2c655d94132e9cb6f9dbe5a058656.jpg]
-
-Leave everything as default and click 'Ok', now we've added JBoss AS7
-into IntelliJ
-
-[[debugging-project-with-intellij-and-as7]]
-== Debugging project with IntelliJ and AS7
-
-Now comes the fun part. To debug our project, we cannot directly use the
-'debug' feature provided by IntelliJ right now(maybe in the future
-version this problem could be fixed). So now we should use the debugging
-config provided by AS7 itself to enable JPDA feature, and then use the
-remote debug function provided by IntelliJ to get things done. Let's
-dive into the details now:
-
-First we need to enable JPDA config inside AS7, open
-'bin/standalone.conf' and find following lines:
-
-[source,java,options="nowrap"]
-----
-# Sample JPDA settings for remote socket debugging
-#JAVA_OPTS="$JAVA_OPTS -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n"
-----
-
-Enable the above config by removing the leading hash sign:
-
-[source,java,options="nowrap"]
-----
-# Sample JPDA settings for remote socket debugging
-JAVA_OPTS="$JAVA_OPTS -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n"
-----
-
-[IMPORTANT]
-
-With WildFly you can directly start the server in debug mode:
-
-[source,java,options="nowrap"]
-----
-bin/standalone.sh --debug --server-config=standalone.xml
-----
-
-Now we start AS7 in IntelliJ:
-
-image:images/jsf/52369d67f9117c924213de24dd6642b48e47a436.png[alt=jsf/52369d67f9117c924213de24dd6642b48e47a436.png]
-
-Please note we should undeploy the existing 'jsfdemo' project in AS7 as
-we've added by maven jboss deploy plugin before. Or AS7 will tell us
-there is already existing project with same name so IntelliJ could not
-deploy the project anymore.
-
-If the project start correctly we can see from the IntelliJ console
-window, and please check the debug option is enabled:
-
-image:images/jsf/eaac5cb1a836809ab29513346b527fe051b7c7ac.png[alt=jsf/eaac5cb1a836809ab29513346b527fe051b7c7ac.png]
-
-Now we will setup the debug configuration, click 'debug' option on menu:
-
-image:images/jsf/b8323caf6980c40c3d635db5e308b03847618d06.jpg[alt=jsf/b8323caf6980c40c3d635db5e308b03847618d06.jpg]
-
-Choose 'Edit Configurations':
-
-image:images/jsf/8327bbe0e83cb7170dd84767631c98956e91c42c.jpg[alt=jsf/8327bbe0e83cb7170dd84767631c98956e91c42c.jpg]
-
-Then we click 'Add' and choose Remote:
-
-image:images/jsf/7103da6b6323e515a03a04cafe111aa7c6b3169d.jpg[alt=jsf/7103da6b6323e515a03a04cafe111aa7c6b3169d.jpg]
-
-Set the 'port' to the one you used in AS7 config file 'standalone.conf':
-
-image:images/jsf/30bbef45137c7d45ae300ba8d551423d1feefc96.png[alt=jsf/30bbef45137c7d45ae300ba8d551423d1feefc96.png]
-
-Leave other configurations as default and click 'Ok'. Now we need to set
-breakpoints in project, let's choose TimeBean.java and set a breakpoint
-on 'getNow()' method by clicking the left side of that line of code:
-
-image:images/jsf/a96b7d32e04aa67956bd00a187f09b75a5af241e.jpg[alt=jsf/a96b7d32e04aa67956bd00a187f09b75a5af241e.jpg]
-
-Now we can use the profile to do debug:
-
-image:images/jsf/5ea6987d1635c2c58d3ccdb1f5718f29d6a0fac3.png[alt=jsf/5ea6987d1635c2c58d3ccdb1f5718f29d6a0fac3.png]
-
-If everything goes fine we can see the console output:
-
-image:images/jsf/1096ebbbf2b29e694e300e02a48d0fa4207cb746.jpg[alt=jsf/1096ebbbf2b29e694e300e02a48d0fa4207cb746.jpg]
-
-Now we go to web browser and see our project's main page, try to click
-on 'Get current time':
-
-image:images/jsf/5ad5d0216d3326e9bc29705042db59f11c3c1e70.png[alt=jsf/5ad5d0216d3326e9bc29705042db59f11c3c1e70.png]
-
-Then IntelliJ will popup and the code is pausing on break point:
-
-image:images/jsf/2499d43c0dce2cab72ba472c8452a2b57999ac84.jpg[alt=jsf/2499d43c0dce2cab72ba472c8452a2b57999ac84.jpg]
-
-And we could inspect our project now.
-
-[[conclusion]]
-== Conclusion
-
-In this article I've shown to you how to use maven to create a project
-using Jakarta Faces and deploy it in JBoss AS7, and I've also talked about the
-usage of IntelliJ during project development phase. Hope the contents
-are practical and helpful to you icon:smile-o[role="yellow"]
-
-[[references]]
-== References
-
-* _https://developer.jboss.org/wiki/JBossAS7UsingJPDAToDebugTheASSourceCode[JBoss
-AS7: Using JPDA to debug the AS source code]_
-* _https://developer.jboss.org/wiki/MavenGettingStarted-Developers[Maven
-Getting Started - Developers]_
-* _https://blog.v-s-f.co.uk/2010/09/jsf-2-1-project-using-eclipse-and-maven-2/[JSF
-2.1 project using Eclipse and Maven 2:http]_
-* _https://www.amazon.com/Practical-RichFaces-Max-Katz/dp/1430234490/ref=dp_ob_title_bk[Practical
-RichFaces]_
-* _https://javaserverfaces.java.net/download.html[Oracle Mojarra
-JavaServer Faces]_
-* _https://github.com/jbossas/jboss-as-maven-plugin[JBoss AS7 Maven
-Plugin]_
-
-[[Getting_Started_Developing_Applications_Presentation_Demo]]
-= Getting Started Developing Applications Presentation & Demo
-
-
-This document is a "script" for use with the quickstarts associated with
-the link:Getting_Started_Developing_Applications_Guide.html[Getting
-Started Developing Applications Guide]. It can be used as the basis for
-demoing/explaining the Jakarta EE programming model with JBoss AS 7.
-
-There is an associated presentation – JBoss AS - Getting Started
-Developing Applications – which can be used to introduce the Jakarta EE
-ecosystem.
-
-The emphasis here is on the programming model, not on OAM/dev-ops,
-performance etc.
-
-[[prerequisites-for-using-the-script]]
-== Prerequisites for using the script
-
-* JBoss AS 7 downloaded and installed
-* Eclipse Indigo with m2eclipse and JBoss Tools installed
-* The quickstarts downloaded and imported into Eclipse
-* Make sure `$JBOSS_HOME` is set.
-* Make sure `src/test/resources/arquillian.xml` has the correct path to
-your JBoss AS install for kitchensink
-* Make sure your font size is set in Eclipse so everyone can read the
-text!
-
-[[import-examples-into-eclipse-and-set-up-jboss-as]]
-== Import examples into Eclipse and set up JBoss AS
-
-TODO
-
-[[the-helloworld-quickstart]]
-== The Helloworld Quickstart
-
-[[introduction-1]]
-=== Introduction
-
-This quickstart is extremely basic, and is really useful for nothing
-more than showing than the app server is working properly, and our
-deployment mechanism is working. We recommend you use this quickstart to
-demonstrate the various ways you can deploy apps to JBoss AS 7.
-
-[[using-maven]]
-=== Using Maven
-
-. Start JBoss AS 7 from the console
-+
-[source,options="nowrap"]
-----
-$ JBOSS_HOME/bin/standalone.sh
-----
-
-. Deploy the app using Maven
-+
-[source,options="nowrap"]
-----
-$ mvn clean package jboss-as:deploy
-----
-+
-[IMPORTANT]
-====
-The quickstarts use the jboss-as maven plugin to deploy and undeploy
-applications. This plugin uses the JBoss AS Native Java Detyped
-Management API to communicate with the server. The Detyped API is used
-by management tools to control an entire domain of servers, and exposes
-only a small number of types, allowing for backwards and forwards
-compatibility.
-====
-
-. Show the app has deployed in the terminal.
-+
-Visit http://localhost:8080/jboss-as-helloworld
-
-. Undeploy the app using Maven
-+
-[source,options="nowrap"]
-----
-$ mvn jboss-as:undeploy
-----
-
-[[using-the-command-line-interface-cli]]
-=== Using the Command Line Interface (CLI)
-
-. Start JBoss AS 7 from the console (if not already running)
-+
-[source,options="nowrap"]
-----
-$ JBOSS_HOME/bin/standalone.sh
-----
-
-. Build the war
-+
-[source,options="nowrap"]
-----
-$ mvn clean package
-----
-
-. Start the CLI
-+
-[source,options="nowrap"]
-----
-$ JBOSS_HOME/bin/jboss-admin.sh --connect
-----
-+
-[IMPORTANT]
-+
-The command line also uses the Deptyped Management API to communicate
-with the server. It's designed to be as "unixy" as possible, allowing
-you to "cd" into nodes, with full tab completion etc. The CLI allows you
-to deploy and undeploy applications, create Jakarta Messaging queues, topics etc.,
-create datasources (normal and XA). It also fully supports the domain
-node.
-
-. Deploy the app
-+
-[source,options="nowrap"]
-----
-$ deploy target/jboss-as-helloworld.war
-----
-
-. Show the app has deployed
-+
-[source,java,options="nowrap"]
-----
-$ undeploy jboss-as-helloworld.war
-----
-
-[[using-the-web-management-interface]]
-=== Using the web management interface
-
-. Start JBoss AS 7 from the console (if not already running)
-+
-[source,options="nowrap"]
-----
-$ JBOSS_HOME/bin/standalone.sh
-----
-
-. Build the war
-+
-[source,options="nowrap"]
-----
-$ mvn clean package
-----
-
-. Open up the web management interface http://localhost:9990/console
-+
-[IMPORTANT]
-====
-The web management interface offers the same functionality as the CLI
-(and again uses the Detyped Management API), but does so using a pretty
-GWT interface! You can set up virtual servers, interrogate sub systems
-and more.
-====
-
-. Navigate `Manage Deployments -> Add content`. Click on choose file and
-locate `helloworld/target/jboss-as-helloworld.war`.
-
-. Click `Next` and `Finish` to upload the war to the server.
-
-. Now click `Enable` and `Ok` to start the application
-
-. Switch to the console to show it deployed
-
-. Now click `Remove`
-
-[[using-the-filesystem]]
-=== Using the filesystem
-
-. Start JBoss AS 7 from the console (if not already running)
-+
-[source,options="nowrap"]
-----
-$ JBOSS_HOME/bin/standalone.sh
-----
-
-. Build the war
-+
-[source,options="nowrap"]
-----
-$ mvn clean package
-----
-+
-[IMPORTANT]
-====
-Of course, you can still use the good ol' file system to deploy. Just
-copy the file to `$JBOSS_HOME/standalone/deployments`.
-====
-
-. Copy the war
-+
-[source,options="nowrap"]
-----
-$ cp target/jboss-as-helloworld.war $JBOSS_HOME/standalone/deployments
-----
-
-. Show the war deployed
-+
-[IMPORTANT]
-====
-The filesystem deployment uses marker files to indicate the status of a
-deployment. As this deployment succeeded we get a
-`$JBOSS_HOME/standalone/deployments/jboss-as-helloworld.war.deployed`
-file. If the deployment failed, you would get a `.failed` file etc.
-====
-
-. Undeploy the war
-+
-[source,options="nowrap"]
-----
-rm $JBOSS_HOME/standalone/deployments/jboss-as-helloworld.war.deployed
-----
-
-. Show the deployment stopping!
-
-. Start and stop the app server, show that the deployment really is gone!
-+
-[IMPORTANT]
-====
-This gives you much more precise control over deployments than before
-====
-
-[[using-eclipse]]
-=== Using Eclipse
-
-. Add a JBoss AS server
-.. Bring up the Server view
-.. Right click in it, and choose `New -> Server`
-. Choose JBoss AS 7.0 and hit Next
-.. Locate the server on your disc
-.. Hit Finish
-. Start JBoss AS in Eclipse
-.. Select the server
-.. Click the Run button
-.. Deploy the app
-. right click on the app, choose `Run As -> Run On Server`
-.. Select the AS 7 instance you want to use
-.. Hit finish
-. Load the app at http://localhost:8080/jboss-as-helloworld
-
-[[digging-into-the-app]]
-=== Digging into the app
-
-. Open up the helloworld quickstart in Eclipse, and open up
-`src/main/webapp`.
-. Point out that we don't require a `web.xml` anymore!
-. Show `beans.xml` and explain it's a marker file used to JBoss AS to
-enable CDI (open it, show that it is empty)
-. Show `index.html`, and explain it is just used to kick the user into
-the app (open it, show the meta-refresh)
-. Open up the `pom.xm` - and emphasise that it's pretty simple.
-.. There is no parent pom, everything for the build is *here*
-.. Show that we are enabling the JBoss Maven repo - explain you can do
-this in your POM or in system wide ( `settings.xml`)
-.. Show the `dependencyManagement` section. Here we import the JBoss AS
-7 Web Profile API. Explain that this gives you all the versions for all
-of the JBoss AS 7 APIs that are in the web profile. Explain we could
-also depend on this directly, which would give us the whole set of APIs,
-but that here we've decided to go for slightly tighter control and
-specify each dependency ourselves
-.. Show the import for CDI, JSR-250 and Servlet API. Show that these
-are all provided - we are depending on build in server implementations,
-not packaging this stuff!
-.. Show the plugin sections - nothing that exciting here, the war
-plugin is out of date and requires you to provide `web.xml` icon:smile-o[role="yellow"]
-, configure the JBoss AS Maven Plugin, set the Java version to 6.
-. Open up `src/main/java` and open up the `HelloWorldServlet`.
-.. Point out the `@WebServlet` - explain this one annotation removes
-about 8 lines of XML - no need to separately map a path either. This is
-much more refactor safe
-.. Show that we can inject services into a Servlet
-.. Show that we use the service (line 41) +
-#Cmd-click on `HelloService`
-.. This is a CDI bean - very simple, no annotations required!
-.. Explain injection
-... Probably used to string based bean resolution
-... This is typesafe (refactor safe, take advantage of the compiler and
-the IDE - we just saw that!)
-... When CDI needs to inject something, the first thing it looks at is
-the type - and if the type of the injection point is assignable from a
-bean, CDI will inject that bean
-
-[[the-numberguess-quickstart]]
-== The numberguess quickstart
-
-[[introduction-2]]
-=== Introduction
-
-This quickstart adds in a "complete" view layer into the mix. Jakarta EE
-ships with a Jakarta Faces. Jakarta Faces is a server side rendering, component orientated
-framework, where you write markup using an HTML like language, adding in
-dynamic behavior by binding components to beans in the back end. The
-quickstart also makes more use of CDI to wire the application together.
-
-[[run-the-app]]
-=== Run the app
-
-. Start JBoss AS in Eclipse
-. Deploy it using Eclipse - just right click on the app, choose
-`Run As -> Run On Server`
-. Select the AS 7 instance you want to use
-. Hit finish
-. Load the app at http://localhost:8080/jboss-as-numberguess
-. Make a few guesses
-
-[[deployment-descriptors-srcmainwebappweb-inf]]
-=== Deployment descriptors src/main/webapp/WEB-INF
-
-Emphasize the lack of them!
-
-No need to open any of them, just point them out
-
-. `web.xml` - don't need it!
-. `beans.xml` - as before, marker file
-. `faces-config.xml` - nice feature from AS7 - we can just put
-`faces-config.xml` into the WEB-INF and it enables Jakarta Faces (inspiration from
-CDI)
-. `pom.xml` we saw this before, this time it's the same but adds in
-Jakarta Faces API
-
-[[views]]
-=== Views
-
-. `index.html` - same as before, just kicks us into the app
-. `home.xhtml`
-.. Lines 19 - 25 – these are messages output depending on state of
-beans (minimise coupling between controller and view layer by
-interrogating state, not pushing)
-. Line 20 – output any messages pushed out by the controller
-. Line 39 - 42 – the input field is bound to the guess field on the
-game bean. We validate the input by calling a method on the game bean.
-. Line 43 - 45 – the command button is used to submit the form, and
-calls a method on the game bean
-. Line 48, 49, The reset button again calls a method on the game bean
-
-[[beans]]
-=== Beans
-
-. `Game.java` – this is the main controller for the game. App has no
-persistence etc.
-.. `@Named` – As we discussed CDI is typesafe, (beans are injected by
-type) but sometimes need to access in a non-typesafe fashion. @Named
-exposes the Bean in EL - and allows us to access it from Jakarta Faces
-.. `@SessionScoped` – really simple app, we keep the game data in the
-session - to play two concurrent games, need two sessions. This is not a
-limitation of CDI, but simply keeps this demo very simple. CDI will
-create a bean instance the first time the game bean is accessed, and
-then always load that for you
-.. `@Inject maxNumber` – here we inject the maximum number we can
-guess. This allows us to externalize the config of the game
-.. `@Inject rnadomNumber` – here we inject the random number we need to
-guess. Two things to discuss here
-.. Instance - normally we can inject the object itself, but sometimes
-it's useful to inject a "provider" of the object (in this case so that
-we can get a new random number when the game is reset!). Instance allows
-us to `get()` a new instance when needed
-.. Qualifiers - now we have two types of Integer (CDI auto-boxes types
-when doing injection) so we need to disambiguate. Explain qualifiers and
-development time approach to disambiguation. You will want to open up
-`@MaxNumber` and `@Random` here.
-.. `@PostConstruct` – here is our reset method - we also call it on
-startup to set up initial values. Show use of `Instance.get()`.
-. `Generator.java` This bean acts as our random number generator.
-. `@ApplicationScoped` explain about other scopes available in CDI +
-extensibility.
-.. `next()` Explain about producers being useful for determining bean
-instance at runtime
-.. `getMaxNumber()` Explain about producers allowing for loose coupling
-
-[[the-login-quickstart]]
-== The login quickstart
-
-[[introduction-3]]
-=== Introduction
-
-The login quickstart builds on the knowledge of CDI and Jakarta Faces we have got
-from numberguess. New stuff we will learn about is how to use Jakarta Persistence to
-store data in a database, how to use Jakarta Transactions to control transactions, and
-how to use Jakarta Enterprise Beans for declarative TX control.
-
-[[run-the-app-1]]
-=== Run the app
-
-. Start JBoss AS in Eclipse
-. Deploy it using Eclipse - just right click on the app, choose
-`Run As -> Run On Server`
-. Select the AS 7 instance you want to use
-. Hit finish
-. Load the app at http://localhost:8080/jboss-as-login
-. Login as admin/admin
-. Create a new user
-
-[[deployment-descriptors]]
-=== Deployment Descriptors
-
-. Show that we have the same ones we are used in `src/main/webapp` –
-`beans.xml`, `faces-config.xml`
-. We have a couple of new ones in `src/main/resources`
-.. `persistence.xml`. Not too exciting. We are using a datasource that
-AS7 ships with. It's backed by the H2 database and is purely a sample
-datasource to use in sample applications. We also tell Hibernate to
-auto-create tables - as you always have.
-.. `import.sql` Again, the same old thing you are used to in Hibernate
-- auto-import data when the app starts.
-. `pom.xml` is the same again, but just adds in dependencies for Jakarta Persistence,
-Jakarta Transactions and Jakarta Enterprise Beans
-
-[[views-1]]
-=== Views
-
-. `template.xhtml` One of the updates added to Jakarta Faces was templating
-ability. We take advantage of that in this app, as we have multiple
-views
-.. Actually nothing too major here, we define the app "title" and we
-could easily define a common footer etc. (we can see this done in the
-kitchensink app)
-.. The `ui:insert` command inserts the actual content from the
-templated page. +
-# `home.xhtml`
-.. Uses the template
-.. Has some input fields for the login form, button to login and
-logout, link to add users.
-.. Binds fields to credentials bean}}
-.. Buttons link to login bean which is the controller
-. `users.xhtml`
-.. Uses the template
-.. Displays all users using a table
-.. Has a form with input fields to add users.
-.. Binds fields to the newUser bean
-.. Methods call on userManager bean
-
-[[beans-1]]
-=== Beans
-
-. `Credentials.java` Backing bean for the login form field, pretty
-trivial. It's request scoped (natural for a login field) and named so we
-can get it from Jakarta Faces.
-. `Login.java`
-.. Is session scoped (a user is logged in for the length of their
-session or until they log out}}
-.. Is accessible from EL
-.. Injects the current credentials
-.. Uses the userManager service to load the user, and sends any
-messages to Jakarta Faces as needed
-.. Uses a producer method to expose the @LoggedIn user (producer
-methods used as we don't know which user at development time)
-. `User.java` Is a pretty straightforward Jakarta Persistence entity. Mapped with
-`@Entity`, has an natural id.
-. `UserManager.java` This is an interface, and by default we use the
-ManagedBean version, which requires manual TX control
-. `ManagedBeanUserManager.java` - accessible from EL, request scoped.
-.. Injects a logger (we'll see how that is produced in a minute)
-.. Injects the entity manager (again, just a min)
-.. Inject the UserTransaction (this is provided by CDI)
-.. `getUsers()` standard Jakarta Persistence-QL that we know and love - but lots of
-ugly TX handling code.
-.. Same for `addUser()` and `findUser()` methods - very simple Jakarta Persistence
-but...
-.. Got a couple of producer methods.
-... `getUsers()` is obvious - loads all the users in the database. No
-ambiguity - CDI takes into account generic types when injecting. Also
-note that CDI names respect JavaBean naming conventions
-... `getNewUser()` is used to bind the new user form to from the view
-layer - very nice as it decreases coupling - we could completely change
-the wiring on the server side (different approach to creating the
-newUser bean) and no need to change the view layer.
-. `EJBUserManager.java`
-.. It's an alternative – explain alternatives, and that they allow
-selection of beans at deployment time
-.. Much simple now we have declarative TX control.
-.. Start to see how we can introduce Jakarta Enterprise Beans to get useful enterprise
-services such as declarative TX control
-. `Resources.java`
-.. `{EntityManager}` - explain resource producer pattern
-
-[[the-kitchensink-quickstart]]
-== The kitchensink quickstart
-
-[[introduction-4]]
-=== Introduction
-
-The kitchensink quickstart is generated from an archetype available for
-JBoss AS (tell people to check the
-link:/pages/createpage.action?spaceKey=WFLY&title=Getting+Started+Developing+Applications&linkCreation=true&fromPageId=557131[Getting
-Started Developing Applications] Guide for details). It demonstrates
-CDI, Jakarta Faces, Jakarta Enterprise Beans, Jakarta Persistence (which we've seen before) and Jakarta RESTful Web Services and Bean
-Validation as well. We add in Arquillian for testing.
-
-[[run-the-app-2]]
-=== Run the app
-
-. Start JBoss AS in Eclipse
-. Deploy it using Eclipse - just right click on the app, choose
-`Run As -> Run On Server`
-. Select the AS 7 instance you want to use
-. Hit finish
-. Load the app at http://localhost:8080/jboss-as-kitchensink
-. Register a member - make sure to enter an invalid email and phone -
-show Jakarta Bean Validation at work
-. Click on the member URL and show the output from Jakarta RESTful Web Services
-
-[[Jakarta-Bean-Validation]]
-=== Jakarta Bean Validation
-
-. Explain the benefits of Jakarta Bean Validation - need your data always
-valid (protect your data) AND good errors for your user. BV allows you
-to express once, apply often.
-. `index.xhtml`
-.. Show the input fields – no validators attached
-.. Show the message output
-. `Member.java`
-... Hightlight the various validation annotations
-. Jakarta EE automatically applies the validators in both the persistence
-layer and in your views
-
-[[Jakarta-RESTful-Web-Services]]
-=== Jakarta RESTful Web Services
-
-. `index.xhtml` - Show that URL generation is just manual
-. `JaxRsActivator.java` - simply activates Jakarta RESTful Web Services
-. `Member.java` - add Jakarta XML Binding annotation to make Jakarta XML Binding process the class properly
-. `MemberResourceRESTService.java`
-.. `@Path` sets the Jakarta RESTful Web Services resource
-.. Jakarta RESTful Web Services services can use injection
-.. `@GET` methods are auto transformed to XML using Jakarta XML Binding
-. And that is it!
-
-[[arquillian-getting-started]]
-=== Arquillian
-
-. Make sure JBoss AS is running
-+
-[source,options="nowrap"]
-----
-mvn clean test -Parq-jbossas-remote
-----
-
-. Explain the difference between managed and remote
-
-. Make sure JBoss AS is stopped
-+
-[source,options="nowrap"]
-----
-mvn clean test -Parq-jbossas-managed
-----
-
-. Start JBoss AS in Eclipse
-
-. Update the project to use the `arq-jbossas-remote` profile
-
-. Run the test from Eclipse
-+
-Right click on test, `Run As -> JUnit Test`
-+
-`MemberRegistrationTest.java`
-
-. Discuss micro deployments
-. Explain Arquilian allows you to use injection
-. Explain that Arquillian allows you to concentrate just on your test
-logic
-
-NOTE: References in this document to CDI refer to Jakarta Contexts and Dependency Injection unless otherwise noted.
WildFly 29 is the latest release in a series of JBoss open-source
-application server offerings. WildFly 29 is an exceptionally fast,
-lightweight and powerful implementation of the Jakarta
-Enterprise Edition 10 specifications. WildFly’s modular architecture built on the
-JBoss Modules and JBoss Modular Service Container projects enables services on-demand when your
-application requires them. The table below lists the technologies available in WildFly 29
-server configuration profiles.
-
-
-
-
-
-
-
-
-
-
-
-
Jakarta EE Platform Technology
-
Jakarta EE Full Platform
-
Jakarta EE Web
-Profile
-
WildFly 29 Full Configuration
-
WildFly 29 Default Configuration
-
-
-
-
-
Jakarta Activation 2.1
-
X
-
—
-
X
-
X
-
-
-
Jakarta Annotations 2.1
-
X
-
X
-
X
-
X
-
-
-
Jakarta Authentication 3.0
-
X
-
X
-
X
-
X
-
-
-
Jakarta Authorization 2.1
-
X
-
—
-
X
-
—
-
-
-
Jakarta Batch 2.1
-
X
-
—
-
X
-
—
-
-
-
Jakarta Bean Validation 3.0
-
X
-
X
-
X
-
X
-
-
-
Jakarta Concurrency 3.0
-
X
-
X
-
X
-
X
-
-
-
Jakarta Connectors 2.1
-
X
-
—
-
X
-
X
-
-
-
Jakarta Contexts and Dependency Injection 4.0
-
X
-
X
-
X
-
X
-
-
-
Jakarta Debugging Support for Other Languages 2.0
-
X
-
X
-
X
-
X
-
-
-
Jakarta Dependency Injection 2.0
-
X
-
X
-
X
-
X
-
-
-
Jakarta Enterprise Beans 4.0
-
X
-
X(Lite)
-
X
-
X(Lite)
-
-
-
Jakarta Enterprise Web Services 2.0
-
Optional
-
—
-
X
-
X
-
-
-
Jakarta Expression Language 5.0
-
X
-
X
-
X
-
X
-
-
-
Jakarta Interceptors 2.1
-
X
-
X
-
X
-
X
-
-
-
Jakarta JSON Binding 3.0
-
X
-
X
-
X
-
X
-
-
-
Jakarta JSON Processing 2.1
-
X
-
X
-
X
-
X
-
-
-
Jakarta Mail 2.1
-
X
-
—
-
X
-
X
-
-
-
Jakarta Messaging 3.1
-
X
-
—
-
X
-
—
-
-
-
Jakarta Persistence 3.1
-
X
-
X
-
X
-
X
-
-
-
Jakarta RESTful Web Services 3.1
-
X
-
X
-
X
-
X
-
-
-
Jakarta Security 3.0
-
X
-
X
-
X
-
X
-
-
-
Jakarta Faces 4.0
-
X
-
X
-
X
-
X
-
-
-
Jakarta Server Pages 3.1
-
X
-
X
-
X
-
X
-
-
-
Jakarta Servlet 6.0
-
X
-
X
-
X
-
X
-
-
-
Jakarta SOAP with Attachments 1.3
-
Optional
-
—
-
X
-
X
-
-
-
Jakarta Standard Tag Library 3.0
-
X
-
X
-
X
-
X
-
-
-
Jakarta Transactions 2.0
-
X
-
X
-
X
-
X
-
-
-
Jakarta WebSocket 2.1
-
X
-
X
-
X
-
X
-
-
-
Jakarta XML Binding 4.0
-
Optional
-
X
-
X
-
X
-
-
-
Jakarta XML Web Services 4.0
-
Optional
-
—
-
X
-
X
-
-
-
-
-
WildFly 29 also provides support for a number of MicroProfile technologies:
-
-
-
-
-
-
-
-
-
-
MicroProfile Technology
-
WildFly 29 Default Configuration
-
WildFly 29 MicroProfile Configuration
-
-
-
-
-
MicroProfile Config 3.0
-
X
-
X
-
-
-
MicroProfile Fault Tolerance 4.0
-
—
-
X
-
-
-
MicroProfile Health 4.0
-
—
-
X
-
-
-
MicroProfile JWT Authentication 2.0
-
X
-
X
-
-
-
MicroProfile Metrics 4.0 (deprecated in WildFly; will be replaced by Micrometer)
-
—
-
X
-
-
-
MicroProfile OpenAPI 3.0
-
—
-
X
-
-
-
MicroProfile Reactive Messaging 3.0
-
—
-
—
-
-
-
MicroProfile Streams Operators 3.0
-
—
-
—
-
-
-
MicroProfile Rest Client 3.0
-
X
-
X
-
-
-
-
-
Missing ActiveMQ Artemis and Jakarta Messaging?
-
-
-
-
-
-
-
-
-WildFly’s default configuration provides Jakarta EE Web Profile support and thus
-doesn’t include Jakarta Messaging (provided by ActiveMQ Artemis). As noted in the
-WildFly Configurations section, other configuration
-profiles do provide all features required by the Jakarta EE Full Platform. If you
-want to use messaging, make sure you
-start the server using an alternate configuration
-that provides the Jakarta EE Full Platform.
-
-
-
-
-
-
This document provides a quick overview on how to download and get
-started using WildFly 29 for your application development. For in-depth
-content on administrative features, refer to the WildFly 29 Admin Guide.
-
-
-
-
-
2. Requirements
-
-
-
-
-
Java SE 11 or later. We recommend that you use the latest available update
-of the current long-term support Java release.
-
-
-
-
-
-
-
3. Installation Options
-
-
-
There are a number of ways you can install WildFly, including unzipping our traditional download zip, provisioning a
-custom installation using Galleon, or building a bootable jar. There are also two variants of the server: the standard "WildFly" variant and the tech-preview "WildFly Preview" variant used to showcase things in the works for future release of standard WildFly.
-
-
-
The Installation Guide
-helps you identify the kind of WildFly installation that best fits your application’s deployment needs. In this guide
-we’ll focus on the common approach of installing the download zip of standard WildFly.
Standard WildFly 29 provides a single distribution available in zip or tar file
-formats.
-
-
-
-
-
wildfly-29.0.0.Final.zip
-
-
-
wildfly-29.0.0.Final.tar.gz
-
-
-
-
-
WildFly Preview 29 also provides a single distribution available in zip or tar file
-formats.
-
-
-
-
-
wildfly-preview-29.0.0.Final.zip
-
-
-
wildfly-preview-29.0.0.Final.tar.gz
-
-
-
-
-
-
3.2. Installation
-
-
Simply extract your chosen download to the directory of your choice. You
-can install WildFly 29 on any operating system that supports the zip or
-tar formats. Refer to the Release Notes for additional information
-related to the release.
-
-
-
-
-
-
4. WildFly - A Quick Tour
-
-
-
Now that you’ve downloaded WildFly 29, the next thing to discuss is the
-layout of the distribution and explore the server directory structure,
-key configuration files, log files, user deployments and so on. It’s
-worth familiarizing yourself with the layout so that you’ll be able to
-find your way around when it comes to deploying your own applications.
-
-
-
4.1. WildFly Directory Structure
-
-
-
-
-
-
-
-
DIRECTORY
-
DESCRIPTION
-
-
-
-
-
appclient
-
Configuration files, deployment content, and writable areas
-used by the application client container run from this installation.
-
-
-
bin
-
Start up scripts, start up configuration files and various command
-line utilities like elytron-tool, add-user and Java diagnostic report available
-for Unix and Windows environments
-
-
-
bin/client
-
Contains a client jar for use by non-maven based clients.
-
-
-
docs/schema
-
XML schema definition files
-
-
-
docs/examples/configs
-
Example configuration files representing
-specific use cases
-
-
-
domain
-
Configuration files, deployment content, and writable areas
-used by the domain mode processes run from this installation.
-
-
-
modules
-
WildFly is based on a modular classloading architecture.
-The various modules used in the server are stored here.
-
-
-
standalone
-
Configuration files, deployment content, and writable areas
-used by the single standalone server run from this installation.
-
-
-
welcome-content
-
Default Welcome Page content
-
-
-
-
-
4.1.1. Standalone Directory Structure
-
-
In " standalone " mode each WildFly 29 server instance is an
-independent process (similar to previous JBoss AS versions; e.g., 3, 4,
-5, or 6). The configuration files, deployment content and writable areas
-used by the single standalone server run from a WildFly installation are
-found in the following subdirectories under the top level "standalone"
-directory:
-
-
-
-
-
-
-
-
-
DIRECTORY
-
DESCRIPTION
-
-
-
-
-
configuration
-
Configuration files for the standalone server that runs
-off of this installation. All configuration information for the running
-server is located here and is the single place for configuration
-modifications for the standalone server.
-
-
-
data
-
Persistent information written by the server to survive a restart
-of the server
-
-
-
deployments
-
End user deployment content can be placed in this
-directory for automatic detection and deployment of that content into
-the server’s runtime.NOTE: The server’s management API is recommended
-for installing deployment content. File system based deployment scanning
-capabilities remain for developer convenience.
-
-
-
lib/ext
-
Location for installed library jars referenced by applications
-using the Extension-List mechanism
-
-
-
log
-
standalone server log files
-
-
-
tmp
-
location for temporary files written by the server
-
-
-
tmp/auth
-
Special location used to exchange authentication tokens with
-local clients so they can confirm that they are local to the running AS
-process.
-
-
-
-
-
-
4.1.2. Domain Directory Structure
-
-
A key feature of WildFly 29 is the managing multiple servers from a
-single control point. A collection of multiple servers are referred to
-as a " domain ". Domains can span multiple physical (or virtual)
-machines with all WildFly instances on a given host under the control of
-a Host Controller process. The Host Controllers interact with the Domain
-Controller to control the lifecycle of the WildFly instances running on
-that host and to assist the Domain Controller in managing them. The
-configuration files, deployment content and writeable areas used by
-domain mode processes run from a WildFly installation are found in the
-following subdirectories under the top level "domain" directory:
-
-
-
-
-
-
-
-
-
DIRECTORY
-
DESCRIPTION
-
-
-
-
-
configuration
-
Configuration files for the domain and for the Host
-Controller and any servers running off of this installation. All
-configuration information for the servers managed wtihin the domain is
-located here and is the single place for configuration information.
-
-
-
content
-
an internal working area for the Host Controller that controls
-this installation. This is where it internally stores deployment
-content. This directory is not meant to be manipulated by end users.Note
-that "domain" mode does not support deploying content based on scanning
-a file system.
-
-
-
lib/ext
-
Location for installed library jars referenced by applications
-using the Extension-List mechanism
-
-
-
log
-
Location where the Host Controller process writes its logs. The
-Process Controller, a small lightweight process that actually spawns the
-other Host Controller process and any Application Server processes also
-writes a log here.
-
-
-
servers
-
Writable area used by each Application Server instance that
-runs from this installation. Each Application Server instance will have
-its own subdirectory, created when the server is first started. In each
-server’s subdirectory there will be the following subdirectories:data — information written by the server that needs to survive a restart of the
-serverlog — the server’s log filestmp — location for temporary files
-written by the server
-
-
-
tmp
-
location for temporary files written by the server
-
-
-
tmp/auth
-
Special location used to exchange authentication tokens with
-local clients so they can confirm that they are local to the running AS
-process.
-
-
-
-
-
-
-
4.2. WildFly 29 Configurations
-
-
4.2.1. Standalone Server Configurations
-
-
-
-
standalone.xml (default)
-
-
-
-
Jakarta web profile certified configuration with
-the required technologies plus those noted in the table above.
-
-
-
-
-
-
standalone-ha.xml
-
-
-
-
Jakarta web profile certified configuration with
-high availability
-
-
-
-
-
-
standalone-full.xml
-
-
-
-
Jakarta Full Platform certified configuration
-including all the required technologies
-
-
-
-
-
-
standalone-full-ha.xml
-
-
-
-
Jakarta Full Platform certified configuration with
-high availability
-
-
-
-
-
-
standalone-microprofile.xml
-
-
-
-
A configuration oriented toward microservices, providing our
-MicroProfile platform implementations combined with Jakarta RESTful Web Services and
-technologies Jakarta RESTful Web Services applications commonly use to integrate with
-external services.
-
-
-
-
-
-
standalone-microprofile-ha.xml
-
-
-
-
A configuration oriented toward microservices, similar to
-standalone-microprofile.xml but with support for high availability
-web sessions and distributed Hibernate second level caching.
-
-
-
-
-
-
-
-
-
4.2.2. Domain Server Configurations
-
-
-
-
domain.xml
-
-
-
-
Jakarta full and web profiles available with or
-without high availability
-
-
-
-
-
-
-
-
Important to note is that the domain and standalone modes
-determine how the servers are managed not what capabilities they
-provide.
-
-
-
-
-
-
-
5. Starting WildFly 29
-
-
-
To start WildFly 29 using the default web profile configuration in "
-standalone" mode, change directory to $JBOSS_HOME/bin.
-
-
-
-
./standalone.sh
-
-
-
-
To start the default web profile configuration using domain management
-capabilities,
-
-
-
-
./domain.sh
-
-
-
-
5.1. Starting WildFly with an Alternate Configuration
-
-
If you choose to start your server with one of the other provided
-configurations, they can be accessed by passing the --server-config
-argument with the server-config file to be used.
-
-
-
To use the Full Platform with clustering capabilities, use the following
-syntax from $JBOSS_HOME/bin:
Alternatively, you can create your own selecting the additional
-subsystems you want to add, remove, or modify.
-
-
-
-
5.2. Test Your Installation
-
-
After executing one of the above commands, you should see output similar
-to what’s shown below.
-
-
-
-
=========================================================================
-
- JBoss Bootstrap Environment
-
- JBOSS_HOME: /opt/wildfly-10.0.0.Final
-
- JAVA: java
-
- JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=com.yourkit,org.jboss.byteman -Djava.awt.headless=true
-
-=========================================================================
-
-11:46:11,161 INFO [org.jboss.modules] (main) JBoss Modules version 1.5.1.Final
-11:46:11,331 INFO [org.jboss.msc] (main) JBoss MSC version 1.2.6.Final
-11:46:11,391 INFO [org.jboss.as] (MSC service thread 1-6) WFLYSRV0049: WildFly Full 10.0.0.Final (WildFly Core 2.0.10.Final) starting
-<snip>
-11:46:14,300 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: WildFly Full 10.0.0.Final (WildFly Core 2.0.10.Final) started in 1909ms - Started 267 of 553 services (371 services are lazy, passive or on-demand)
-
-
-
-
As with previous WildFly releases, you can point your browser to
-http://localhost:8080 (if using the default configured http port)
-which brings you to the Welcome Screen:
-
-
-
-
-
-
From here you can access links to the WildFly community documentation
-set, stay up-to-date on the latest project information, have a
-discussion in the user forum and access the enhanced web-based
-Administration Console. Or, if you uncover a defect while using WildFly,
-report an issue to inform us (attached patches will be reviewed). This
-landing page is recommended for convenient access to information about
-WildFly 29 but can easily be replaced with your own if desired.
-
-
-
-
-
-
6. Managing your WildFly 29
-
-
-
WildFly 29 offers two administrative mechanisms for managing your
-running instance:
-
-
-
-
-
a web-based Administration Console
-
-
-
a command-line interface
-
-
-
-
-
The Admin Guide covers the details on managing your WildFly
-installation. Here we’ll just touch on some of the basics.
-
-
-
6.1. Authentication
-
-
By default WildFly 29 is distributed with security enabled for the
-management interfaces. This means that before you connect using the
-administration console or remotely using the CLI you will need to add a
-new user. This can be achieved simply by using the add-user.sh script
-in the bin folder.
-
-
-
After starting the script you will be guided through the process to add
-a new user: -
-
-
-
-
./add-user.sh
-What type of user do you wish to add?
- a) Management User (mgmt-users.properties)
- b) Application User (application-users.properties)
-(a):
-
-
-
-
In this case a new user is being added for the purpose of managing the
-servers so select option a.
-
-
-
You will then be prompted to enter the details of the new user being
-added: -
-
-
-
-
Enter the details of the new user to add.
-Realm (ManagementRealm) :
-Username :
-Password :
-Re-enter Password :
-
-
-
-
It is important to leave the name of the realm as 'ManagementRealm' as
-this needs to match the name used in the server’s configuration. For the
-remaining fields enter the new username, password and password
-confirmation.
-
-
-
Users can be associated with arbitrary groups of your choosing, so you will be prompted if you would like
-to do this.
-
-
-
-
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]:
-
-
-
-
Groups can be useful for simplified administration of things like access permissions, but for simply getting
-started, leaving this blank is fine.
-
-
-
Provided there are no errors in the values entered you will then be
-asked to confirm that you want to add the user, the user will be written
-to the properties files used for authentication and a confirmation
-message will be displayed.
-
-
-
The modified time of the properties files are inspected at the time of
-authentication and the files reloaded if they have changed. For this
-reason you do not need to re-start the server after adding a new user.
-
-
-
Finally, you will be asked whether the account you’ve added is going to be to used
-to identify one WildFly process to another, typically in a WildFly managed domain:
-
-
-
-
Is this new user going to be used for one AS process to connect to another AS process?
-e.g. for a secondary host controller connecting to the primary or for a Remoting connection for server to server Jakarta Enterprise Beans calls.
-yes/no?
-
-
-
-
The answer for this should be no; the account you are adding here is for use by a human administrator.
-
-
-
-
6.2. Administration Console
-
-
To access the web-based Administration Console, simply follow the link
-from the Welcome Screen. To directly access the Management Console,
-point your browser at:
If you modify the management-http socket binding in your running
-configuration: adjust the above command accordingly. If such
-modifications are made, then the link from the Welcome Screen will also
-be inaccessible.
-
-
-
-
6.3. Command-Line Interface
-
-
If you prefer to manage your server from the command line (or batching),
-the jboss-cli.sh script provides the same capabilities available via
-the web-based UI. This script is accessed from $JBOSS_HOME/bin
-directory; e.g.,
-
-
-
-
$JBOSS_HOME/bin/jboss-cli.sh --connect
-Connected to standalone controller at localhost:9990
-
-
-
-
Notice if no host or port information provided, it will default to
-localhost:9990.
-
-
-
When running locally to the WildFly process the CLI will silently
-authenticate against the server by exchanging tokens on the file system,
-the purpose of this exchange is to verify that the client does have
-access to the local file system. If the CLI is connecting to a remote
-WildFly installation then you will be prompted to enter the username and
-password of a user already added to the realm.
-
-
-
Once connected you can add, modify, remove resources and deploy or
-undeploy applications. For a complete list of commands and command
-syntax, type help once connected.
-
-
-
-
6.4. Deploying an Application
-
-
WildFly provides a number of ways you can deploy your application into the server.
-These are covered in detail in the Admin Guide.
-
-
-
If you are running a standalone WildFly server, the simplest way to deploy
-your application is to copy the application archive (war/ear/jar) into the $JBOSS_HOME/standalone/deployments
-directory in the server installation. The server’s deployment-scanner subsystem will detect
-the new file and deploy it.
-
-
-
-
-
-
-
-
-If you are running a WildFly managed domain, the deployment-scanner subsystem is not
-available so you will need to use the CLI or web console to deploy your application. For more,
-see the Admin Guide.
-
-
-
-
-
-
-
6.5. Modifying the Example DataSource
-
-
As with previous JBoss application server releases, a default data
-source, ExampleDS , is configured using the embedded H2 database for
-developer convenience. There are two ways to define datasource
-configurations:
-
-
-
-
-
as a module
-
-
-
as a deployment
-
-
-
-
-
In the provided configurations, H2 is configured as a module. The module
-is located in the $JBOSS_HOME/modules/com/h2database/h2 directory. The
-H2 datasource configuration is shown below.
The datasource subsystem is provided by the
-IronJacamar project. For a detailed
-description of the available configuration properties, please consult
-the project documentation.
In the example above the org.jboss.as log category was configured. Use a different value
-for the logger key to configure a different log category.
-
-
-
By default, the server.log is configured to include all levels in its
-log output. In the above example we changed the console to also display
-debug messages.
This guide is designed to assist you through obtaining an OpenShift instance and installing WildFly, complete with a deployed application. It is not intended to cover all possible configurations, as links to more detailed documentation will be provided.
-
-
-
-
-
Obtaining an OpenShift Instance
-
-
There are many options available for running OpenShift. This guide will mention two.
-
-
-
Code-ready-containers
-
-
If you wish to run a local development environment, then CRC is likely to be a good starting point.
-
-
-
-
Developer sandbox
-
-
The Red Hat OpenShift Developer Sandbox is a hosted environment, and is free to use for development purposes.
-
-
-
This guide will focus on usage of the hosted developer sandbox environment. The sandbox should be provisioned from the page above before proceeding further.
-
-
-
-
-
OpenShift
-
-
In order to use OpenShift effectively, in addition to a running instance, you will need the OpenShift web console. To access this tool, from your OpenShift sandbox click the terminal icon (i.e. >_) at the top right of your sandbox portal. A terminal tab will pop up at the bottom of the page.
-
-
-
It is also possible to use the OpenShift command line terminal locally (oc command). This may be obtained from your package manager or downloaded from your OpenShift sandbox (in your control panel, clicking on the question mark icon at the top right of the console presents a drop-down menu where Command line tools takes you to the latest version of oc).
-
-
-
-
-
-
-
-
-If you have already installed oc on your machine, make sure that its version matches the version of the sandbox. You can use oc version to check both the version of oc and the version of the sandbox. Another way to check the version of the sandbox is by clicking on the question mark icon at the top right of the web console and then clicking on About in the drop-down menu: the OpenShift version will be listed there.
-
-
-
-
-
-
Once you have downloaded and installed/unpacked the client, you can authenticate to your running sandbox OpenShift instance by using the Copy Login Command from the upper right menu in the sandbox user-interface (your username is displayed there.)
We’ll be using the someuser-dev project for this example (someuser should be replaced with the username of the user):
-
-
-
-
oc project someuser-dev
-Already on project "someuser-dev" on server "https://api.sandbox.x8i5.p1.openshiftapps.com:6443"
-
-
-
-
In the OpenShift sandbox, it is not possible to create a new project but, in case you are running your own OpenShift, the command to create a new project is:
-
-
-
-
oc new-project <project name>
-
-
-
-
-
Helm Charts
-
-
Helm provides an easy way to manage and share applications on Kubernetes and OpenShift. We will use it to deploy our example applications to OpenShift.
-
-
-
Install Helm and Helm Charts
-
-
See the instructions for installing Helm here. Helm is installed on your local system as a command, which we will use to install the WildFly Charts. Once Helm is installed, we can proceed to use it to install the Helm Charts in our OpenShift instance:
The first example we will build and deploy to OpenShift is the todo-backend quickstart. This quickstart provides documentation for installing via Helm, so only a brief version is detailed below.
-
-
-
First, we need to provision a database instance, in this case PostgresSQL:
-Note that your Deployment will report "ErrImagePull" and "ImagePullBackOff" until the build is complete. Once the build is complete, your image will be automatically rolled out.
-
-
-
-
-
-
It is possible to use a specific quickstart tag in case the user does not want to use the main branch. To do so, add the following option to the above command:
-
-
-
-
--set build.ref={WildFlyQuickStartRepoTag}
-
-
-
-
Take a look at the bootable-jar-openshift profile configuration in the todo-backend quickstart’s pom.xml. The Maven profile named bootable-jar-openshift is used by the Helm chart to provision the server with the quickstart deployed. Notice the wildfly-jar-maven-plugin configuration defined in this profile. It specifies the layer that should be used when provisioning WildFly. For more details about this, take a look at the Architecture section in the quickstart’s README.
-
-
-
We have named this application todo-backend. This may be changed to a different name, if desired.
-
-
-
The application will now begin to build. The build can be observed via:
-
-
-
-
oc get build -w
-
-
-
-
It may take few minutes to build the application. Once the build is complete, deployment will begin and can be observed via:
-
-
-
-
oc get deployment todo-backend -w
-
-
-
-
Once deployment is complete, we need to query the route for this application to access it on the Internet. To do so, run:
-
-
-
-
oc get route todo-backend -o jsonpath="{.spec.host}"
The WildFly Helm Charts are used to build and deploy jaxrs-client. The following command installs a Helm Release from the WildFly Helm Charts into an OpenShift cluster:
-Note that your Deployment will report "ErrImagePull" and "ImagePullBackOff" until the build is complete. Once the build is complete, your image will be automatically rolled out.
-
-
-
-
-
-
This time, the name of the Helm Chart app is jaxrs-client-from-chart. (Of course, this may be changed to a different name, if desired.)
-
-
-
The application will now begin to build. The build can be observed via:
-
-
-
-
oc get build -w
-
-
-
-
It may take few minutes to build the application. Once the build is complete, to follow the deployment of the application, run:
-
-
-
-
oc get deployment jaxrs-client-from-chart -w
-
-
-
-
Once deployment is complete, we need to query the route for this application to access it on the Internet. To do so, run:
-
-
-
-
oc get route jaxrs-client-from-chart -o jsonpath="{.spec.host}"
-
-
-
-
The above command returns back a public address that points to the application deployed to the OpenShift cluster of the user (for example):
Take a look at the openshift profile configuration in the jaxrs-client quickstart’s pom.xml. The Maven profile named openshift is used by the Helm chart to provision the server with the quickstart deployed. Notice the wildfly-maven-plugin configuration defined in this profile. It specifies the layer that should be used when provisioning WildFly. For more details about this, take a look at the wildfly-maven-plugindocumentation.
-
-
-
If you wish to remove the application when you are done with it, simply run:
(--rebase will automatically move your local commits, if you have any, on top of the latest branch you pull from, you can leave it off if you do not).
-
-
-
Best practice is to never add your own commits to your local 'main' branch. Instead create a topic branch from 'main' and add commits to your topic branch. Only use your local 'main' to track the current state of the 'upstream' remote’s 'main' branch.
-
-
-
Please note that --rebase is very important if you do have commits. What happens is that when git pull can’t fast forward, it does a merge commit, and a merge commit puts the sucked in changes ON TOP of yours whereas a rebase puts them BELOW yours. In other words a merge commit makes the history a graph, and we prefer a cleaner, easier to follow linear history (hence the rebasing). Further once you do a merge commit it will be difficult to rebase the history before that commit (say you want to combine two commits to one later) as described in "Commit and push". Luckily the option set in step Safety will prevent this from happening.
-
-
-
One way to not forget --rebase the rebase option is you may want to create an alias
-
-
-
-
$ git config --global alias.up "pull --rebase"
-
-
-
-
and then just use the new alias instead of pull
-
-
-
-
$ git up upstream main
-
-
-
-
One last option, which some prefer, is to avoid using pull altogether, and just use fetch + rebase (this is of course more typing)
-For some reasons tags are not updated (e.g. not part of an active branch). Update the tags with
Assume you have a feature branch WFLY-815_upgrade_sample_dep and you have rebased the local main branch to be up to date with upstream main as described before.
-
-
-
-
git checkout -f WFLY-815_upgrade_sample_dep
-git rebase upstream/main
-
-
-
-
Do not pull the upstream main to your local feature branch! You’ll be stuck in duplicate commit hell.
Use maven. Simplest is to use the build.sh or build.bat scripts in the root of the source tree. If you don’t use those scripts and use the mvn command directly, note that WildFly’s root pom will enforce a minimum maven version.
-
-
-
Building WildFly requires Java 11 or newer. Make sure you have JAVA_HOME set to point to the JDK11 installation. Build uses Maven 3.
Getting feedback first is recommended before starting on any large-scale work. Large scale could mean many things including a complex change in a focused area, or a simple change made in many different parts of the code base.
-
-
-
Getting feedback first is strongly recommended before beginning work on a new feature. Any change that introduces new user-controllable behavior will be regarded as a new feature. Before merging new features we require a larger set of inputs than are required for other types of fixes, including a formal requirements analysis, a more formally considered plan for testing, and appropriate additions to the WildFly documentation. Before getting too far along with a feature it is best to discuss with other WildFly developers what’s needed and how best to ensure those things can be delivered.
Before importing you have to set the VM Options of the IntelliJ Maven importer. Please follow this guide https://www.jetbrains.com/help/idea/maven-importing.html and add -DallTests to the field VM options for importer.
-This is necessary because the testsuite poms do not contain all necessary modules by default.
Want to contribute to the WildFly project but aren’t quite sure where to start? Check out our issues with the good-first-issue label. These are a triaged set of issues that are great for getting started on our project.
-
-
-
Once you have selected an issue you’d like to work on, make sure it’s not already assigned to someone else. If you’ve resolved a WildFly issue before, to assign an issue to yourself, you should be able to simply click on "Start Progress" or Change the assignee by clicking on "Assign to me". This will automatically assign the issue to you. If you haven’t resolved an issue before, please start a thread expressing your interest in the issue in the wildfly-developers stream in zulip.
For component upgrades select this type for the Jira. The title must reflect the library and the new version.
-In the description please offer a links to the release notes, the git tag diff.
-
-
-
If you are aware that the component upgrade brings a fix for CVE, it’s good to note that in the JIRA title, as later that will make this information more visible in the WildFly release notes.
Take care that maintainers agree to pick up a new dependency.
-
-
-
-
-
Edit pom.xml and add a property of the form "version.groupId.artifactId" which contains the Maven version of the dependency. Add your new property in the proper alphabetical order with respect to the existing version properties. Add your dependency to the <dependencyManagement> section, and use the property for the version. If your new dependency has any transitive dependencies, be sure to <exclude> them (or if possible, update the project so that all its dependencies are of provided scope).
-
-
-
Add your dependency to any AS modules that require it, but only with group/artifact. If your dependency will be provided by an existing WildFly module, add a new artifact element to the module.xml file for the existing module, with the value of the element’s name attribute an expression of the form ${groupId:artifactId}
-
-
-
In the pom.xml file for the maven module where you added a new module.xml or updated an existing one for your new dependency, add a new dependency entry to the pom’s dependencies section.
-
-
-
If your dependency will be provided by a new WildFly module, create a directory in the relevant feature-pack maven module, e.g. ee-feature-pack/common/src/main/resources/modules/system/layers/base/ corresponding to the module’s name (which will differ from the Maven group/artifact name; look at other modules to get a feel for the naming scheme), with a version of "main", like this: modules/system/layers/base/org/jboss/foo/main. If the correct maven module to choose for your new directory is unclear, be sure to ask!
-
-
-
Create a module.xml file inside the "main" directory. Use a module.xml from another similar module as a template. JBoss Modules Reference Documentation
-
-
-
Important: Make sure you did not introduce any transitive dependencies by using "mvn dependency:tree". If you did, be sure to add <exclusion>s for each of them to your dependency as described above.
-
-
-
Important: Do not introduce a dependency on the "system" module. The JBoss Modules reference manual lists JDK packages. Please avoid deprecated packages.
-
-
-
Add license information to the license declaration file located in the maven module whose pom you just updated. For example, if you added a dependency entry to ee-feature-pack/common/pom.xml, please add an entry to ee-feature-pack/common/src/license/ee-feature-pack-common-licenses.xml. Add a new element in the appropriate spot. The elements are ordered by the maven groupId and artifactId of the entries. If the needed content for the entry is unclear, be sure to ask!
Rebase your branch against the latest main (applies your patches on top of main)
-
-
-
-
git fetch upstream
-git rebase -i upstream/main
-# if you have conflicts fix them and rerun rebase
-# The -f, forces the push, alters history, see note below
-git push -f origin WFLY-XXXX_my_cool_feature
-
-
-
-
The -i triggers an interactive update which also allows you to combine commits, alter commit messages etc. It’s a good idea to make the commit log very nice for external consumption. Note that this alters history, which while great for making a clean patch, is unfriendly to anyone who has forked your branch. Therefore you want to make sure that you either work in a branch that you don’t share, or if you do share it, tell them you are about to revise the branch history (and thus, they will then need to rebase on top of your branch once you push it out).
First try to run the tests as part of the build before sending a pull request.
-
-
-
-
$> ./build.sh clean install -DallTests
-
-
-
-
Sometimes there are test failures that are not related to your code changes. Most times it’s your code change. Try to discuss this on Zulip.
-
-
-
You can get a full run using
-
-
-
-
$> ./build.sh clean install -DallTests -fae
-
-
-
-
This additional option will allow the build to continue even when there are test failures. Doing this, you can get a stock of all the test failures and figure out how many are related to your code changes.
Make sure your repo is in sync with other unrelated changes in upstream before requesting your changes be merged into upstream by repeating Rebase topic branch on latest main.
In general, WildFly maintainers are watching the project, so they will receive a notification on each new PR.
-
-
-
As part of the review you may see an automated test run comment on your request.
-
-
-
After review a maintainer will merge your patch, update/resolve issues by request, and reply when complete
-
-
-
Don’t forget to switch back to main and pull the updates
-
-
-
-
-
-
git checkout main
-git pull --ff-only upstream main
-
-
-
-
Update the main branch of your github repository (otherwise you will see a message like 'Your branch is ahead of 'origin/main' by XXX commits.'
-if you use 'git status' on your local main branch.
The PR title should include a JIRA number directly from the project in question, whose corresponding JIRA issue will in turn have been linked to the pull request you are just now creating. The description should include a link to the JIRA. The description should also include a decent, human-readable summary of what is changing. Proper spelling and grammar is a plus!
It is highly annoying to reviewers when they find they’ve spent a great deal of time reviewing some code only to discover that it doesn’t even compile. In particular, it’s common for a patch to trip CheckStyle if it hadn’t been previously compile-tested at the least.
-
-
-
While it is tempting to rely on the automated CI/GitHub integration to do our build and test for us (and I’m guilty of having done this too), it generally just causes trouble, so please don’t do it!
This comes directly from [1], and I agree with it 100% (where the source document says "patch", think "commit"):
-
-
-
-
-
Separate each logical change into a separate patch.
-For example, if your changes include both bug fixes and performance enhancements for a single driver, separate those changes into two or more patches. If your changes include an API update, and a new driver which uses that new API, separate those into two patches.
-On the other hand, if you make a single change to numerous files, group those changes into a single patch. Thus a single logical change is contained within a single patch.
-The point to remember is that each patch should make an easily understood change that can be verified by reviewers. Each patch should be justifiable on its own merits.
-If one patch depends on another patch in order for a change to be complete, that is OK. Simply note "this patch depends on patch X" in your patch description.
-When dividing your change into a series of patches, take special care to ensure that [WildFly] builds and runs properly after each patch in the series. Developers using "git bisect" to track down a problem can end up splitting your patch series at any point; they will not thank you if you introduce bugs in the middle. If you cannot condense your patch set into a smaller set of patches, then only post say 15 or so at a time and wait for review and integration.
-
-
-
-
-
I also want to emphasize how important it is to separate functional and non-functional changes. The latter category includes reformatting (which generally should not be done without a strong justification).
If you have one logical change (for example you’re removing manual null checks and put a JDK or utility method instead) which affects more than one top-level maven module, please split them by top-level maven module.
-For the logical change description use a top level JIRA (Bug, task, enhancement) and add sub-task for each top-level maven module.
-
-
-
Reason behind: WildFly and WildFly Core have a really huge codebase with several different full-time maintainers to review and approve the code. Afterward different project leads and/or release stewards do merge and Jira management work.
-
-
-
If there is a serious reason to deviate from this rule, please ask before on Zulip.
We all know that development can sometimes be an iterative process, and we learn as we go. Nonetheless, we do not need or want a complete record of all the highs and lows in the history of every change (for example, an "add foobar" commit followed later by a "remove foobar" commit in the same PR) - particularly for large changes or in large projects (like WildFly proper). It is good practice for such change authors to go back and rearrange and/or restructure the commits of a pull request such that they incrementally introduce the change in a logical manner, as one single conceptual change per PR.
-
-
-
Note that this advice is not meant to discourage multiple commits in a single PR that are all steps on the way to an overall complex change. To the contrary, multiple well structured commits are sometimes critical to getting proper review of complex changes. For example a PR to refactor code away from an ill-fitting set of abstractions and to a new set can be difficult to review in a single commit. But doing so can be quite straightforward when broken up into, for example, four commits, one to make some small change to clean up something that would get in the way of the overall change, one introducing the new abstractions, one moving the implementation to the new abstractions, and one removing the old abstractions.
-
-
-
If a PR consists of dozens or hundreds of nontrivial commits, you will want to strongly consider dividing it up into multiple PRs, as PRs of this size simply cannot be effectively reviewed. They will either be merged without adequate review, or outright ignored or closed. Which one is worse, I leave to your imagination.
While in general it is my experience that WildFly contributors are good about this, I’m going to quote this passage from [1] regardless:
-
-
-
-
-
Your patch will almost certainly get comments from reviewers on ways in which the patch can be improved. You must respond to those comments; ignoring reviewers is a good way to get ignored in return. […]
-Be sure to tell the reviewers what changes you are making and to thank them for their time. Code review is a tiring and time-consuming process, and reviewers sometimes get grumpy. Even in that case, though, respond politely and address the problems they have pointed out.
-
-
-
-
-
In addition, when something needs to be changed, the proper manner to do so is generally to modify the original commit, not to add more commits to the chain to fix issues as they’re reported. See Avoid massive and/or "stream of consciousness" branches.
It may come to pass that you have to iterate on your pull request many times before it is considered acceptable. Don’t be discouraged by this - instead, consider that to be a sign that the reviewers care highly about the quality of the code base. At the same time though, consider that it is frustrating for reviewers to have to say the same things over and over again, so please do take care to provide as high-quality submissions as possible, and see Pay attention and respond to review comments!
You don’t have to be an official reviewer in order to review a pull request. If you see a pull request dealing with an area you are familiar with, feel free to examine it and comment as needed. In addition, all pull requests need to be reviewed for basic (non-machine-verifiable) correctness, including noticing bad code, NPE risks, and anti-patterns as well as "boring stuff" like spelling and grammar and documentation.
-
-
-
If you review a PR and you feel you understand it in total and that it is correct, it is helpful to the WildFly mergers if you use the 'Approve' option discussed in the Github pull request review documentation. Don’t worry that your approval will trigger automatic merging; it won’t. It’s just easier for others to see that you regard the PR as correct if you use the Github workflow. (Please don’t, however, use the 'Approve' option if you are not expressing an approval of the PR overall; e.g. if you only looked at one part and made some comments that were addressed. Use comments for that kind of input.)
-
-
-
If you do review a pull request and make suggestions for changes, please do pay attention to the PR and try to acknowledge if your suggestions have been resolved. This is particularly important if it won’t be quickly obvious to others if your input was addressed.
When doing major and/or long-term refactors, while rare, it is possible that the above constraints become impractical, especially with regard to grouping changes. In this case, you can use a work branch on a (GitHub) fork of WildFly, applying the above rules in micro-scale to just that branch. In this case you could possibly ask a reviewer to also review some or all of the pull requests to that branch. Merge commits would then be used to periodically synchronize with upstream.
-
-
-
In this way, when the long-term branch is ready to "come home" to the main branch, the reviewers may have a good idea that the (potentially quite numerous) changes in the work branch have been reviewed already.
WildFly’s High Availability services are used to guarantee availability
-of a deployed Jakarta EE application.
-
-
-
Deploying critical applications on a single node suffers from two
-potential problems:
-
-
-
-
-
loss of application availability when the node hosting the application
-crashes (single point of failure)
-
-
-
loss of application availability in the form of extreme delays in
-response time during high volumes of requests (overwhelmed server)
-
-
-
-
-
WildFly supports two features which ensure high availability of critical
-Jakarta EE applications:
-
-
-
-
-
fail-over: allows a client interacting with a Jakarta EE application to
-have uninterrupted access to that application, even in the presence of
-node failures
-
-
-
load balancing: allows a client to have timely responses from the
-application, even in the presence of high-volumes of requests
-
-
-
-
-
-
-
-
-
-
-These two independent high availability services can very effectively
-inter-operate when making use of mod_cluster for load balancing!
-
-
-
-
-
-
Taking advantage of WildFly’s high availability services is easy, and
-simply involves deploying WildFly on a cluster of nodes, making a small
-number of application configuration changes, and then deploying the
-application in the cluster.
-
-
-
We now take a brief look at what these services can guarantee.
-
-
-
-
1.2. High Availability through fail-over
-
-
Fail-over allows a client interacting with a Jakarta EE application to have
-uninterrupted access to that application, even in the presence of node
-failures. For example, consider a Jakarta EE application which makes use of
-the following features:
-
-
-
-
-
session-oriented servlets to provide user interaction
-
-
-
session-oriented Jakarta Enterprise Beans to perform state-dependent business computation
-
-
-
Jakarta Enterprise Beans entity beans to store critical data in a persistent store (e.g.
-database)
-
-
-
SSO login to the application
-
-
-
-
-
If the application makes use of WildFly’s fail-over services, a client
-interacting with an instance of that application will not be interrupted
-even when the node on which that instance executes crashes. Behind the
-scenes, WildFly makes sure that all of the user data that the
-application make use of (HTTP session data, Jakarta Enterprise Beans SFSB sessions,
-Jakarta Enterprise Beans entities and SSO credentials) are available at other nodes in the
-cluster, so that when a failure occurs and the client is redirected to
-that new node for continuation of processing (i.e. the client "fails
-over" to the new node), the user’s data is available and processing can
-continue.
-
-
-
The Infinispan and JGroups subsystems are instrumental in providing
-these data availability guarantees and will be discussed in detail later
-in the guide.
-
-
-
-
1.3. High Availability through load balancing
-
-
Load balancing enables the application to respond to client requests in
-a timely fashion, even when subjected to a high-volume of requests.
-Using a load balancer as a front-end, each incoming HTTP request can be
-directed to one node in the cluster for processing. In this way, the
-cluster acts as a pool of processing nodes and the load is "balanced"
-over the pool, achieving scalability and, as a consequence,
-availability. Requests involving session-oriented servlets are directed
-to the the same application instance in the pool for efficiency of
-processing (sticky sessions). Using mod_cluster has the advantage that
-changes in cluster topology (scaling the pool up or down, servers
-crashing) are communicated back to the load balancer and used to update
-in real time the load balancing activity and avoid requests being
-directed to application instances which are no longer available.
-
-
-
The mod_cluster subsystem is instrumental in providing support for this
-High Availability feature of WildFly and will be discussed in detail
-later in this guide.
-
-
-
-
1.4. Aims of the guide
-
-
This guide aims to:
-
-
-
-
-
provide a description of the high-availability features available in
-WildFly and the services they depend on
-
-
-
show how the various high availability services can be configured for
-particular application use cases
-
-
-
identify default behavior for features relating to
-high-availability/clustering
-
-
-
-
-
-
1.5. Organization of the guide
-
-
As high availability features and their configuration depend on the
-particular component they affect (e.g. HTTP sessions, Jakarta Enterprise Beans SFSB sessions,
-Hibernate), we organize the discussion around those Jakarta EE features. We
-strive to make each section as self-contained as possible. Also, when
-discussing a feature, we will introduce any WildFly subsystems upon
-which the feature depends.
-
-
-
-
-
-
2. Distributable Web Applications
-
-
-
In a standard web application, session state does not survive beyond the lifespan of the servlet container.
-A distributable web application allows session state to survive beyond the lifespan of a single server, either via persistence or by replicating state to other nodes in the cluster.
-A web application indicates its intention to be distributable via the <distributable/> element within the web application’s deployment descriptor.
The distributable-web subsystem manages a set of session management profiles that encapsulate the configuration of a distributable session manager.
-One of these profiles will be designated as the default profile (via the "default-session-management" attribute) and thus defines the default behavior of a distributable web application.
The infinispan-session-management resource configures a distributable session manager that uses an embedded Infinispan cache.
-
-
-
-
cache-container
-
-
This references a cache-container defined in the Infinispan subsystem into which session data will be stored.
-
-
cache
-
-
This references a cache within associated cache-container upon whose configuration the web application’s cache will be based.
-If undefined, the default cache of the associated cache container will be used.
-
-
granularity
-
-
This defines how the session manager will map a session into individual cache entries.
-Possible values are:
-
-
-
SESSION
-
-
Stores all session attributes within a single cache entry.
-This is generally more expensive than ATTRIBUTE granularity, but preserves any cross-attribute object references.
-
-
ATTRIBUTE
-
-
Stores each session attribute within a separate cache entry.
-This is generally more efficient than SESSION granularity, but does not preserve any cross-attribute object references.
-
-
-
-
-
affinity
-
-
This resource defines the affinity that a web request should have for a given server.
-The affinity of the associated web session determines the algorithm for generating the route to be appended onto the session ID (within the JSESSIONID cookie, or when encoding URLs).
-This annotation of the session ID is used by load balancers to advise how future requests for existing sessions should be directed.
-Routing is designed to be opaque to application code such that calls to HttpSession.getId() always return an unmodified session ID.
-This is only generated when creating/updating the JSESSIONID cookie, or when encoding URLs via HttpServletResponse.encodeURL() and encodeRedirectURL().
-Possible values are:
-
-
-
affinity=none
-
-
Web requests will have no affinity to any particular node.
-This option is intended for use cases where web session state is not maintained within the application server.
-
-
affinity=local
-
-
Web requests will have an affinity to the server that last handled a request for a given session.
-This option corresponds to traditional sticky session behavior.
-
-
affinity=primary-owner
-
-
Web requests will have an affinity to the primary owner of a given session.
-This is the default affinity for this distributed session manager.
-Behaves the same as affinity=local if the backing cache is not distributed nor replicated.
-
-
affinity=ranked
-
-
Web requests will have an affinity to the first available node in a ranked list comprised of: primary owner, backup nodes, local node (if not a primary nor backup owner).
-Only for use with load balancers that support multiple routes.
-Behaves the same as affinity=local if cache is not distributed nor replicated.
-
-
-
-
-
marshaller
-
-
Specifies the marshalling implementation used to serialize session attributes.
The hotrod-session-management resource configures a distributable session manager where session data is stored in a remote infinispan-server cluster via the HotRod protocol.
-
-
-
-
remote-cache-container
-
-
This references a remote-cache-container defined in the Infinispan subsystem into which session data will be stored.
-
-
cache-configuration
-
-
If a remote cache whose name matches the deployment name does not exist, this attribute defines a cache configuration within the remote infinispan server, from which an application-specific cache will be created.
-
-
granularity
-
-
This defines how the session manager will map a session into individual cache entries.
-Possible values are:
-
-
-
SESSION
-
-
Stores all session attributes within a single cache entry.
-This is generally more expensive than ATTRIBUTE granularity, but preserves any cross-attribute object references.
-
-
ATTRIBUTE
-
-
Stores each session attribute within a separate cache entry.
-This is generally more efficient than SESSION granularity, but does not preserve any cross-attribute object references.
-
-
-
-
-
affinity
-
-
This resource defines the affinity that a web request should have for a given server.
-The affinity of the associated web session determines the algorithm for generating the route to be appended onto the session ID (within the JSESSIONID cookie, or when encoding URLs).
-This annotation of the session ID is used by load balancers to advise how future requests for existing sessions should be directed.
-Routing is designed to be opaque to application code such that calls to HttpSession.getId() always return an unmodified session ID.
-This is only generated when creating/updating the JSESSIONID cookie, or when encoding URLs via HttpServletResponse.encodeURL() and encodeRedirectURL().
-Possible values are:
-
-
-
affinity=none
-
-
Web requests will have no affinity to any particular node.
-This option is intended for use cases where web session state is not maintained within the application server.
-
-
affinity=local
-
-
Web requests will have an affinity to the server that last handled a request for a given session.
-This option corresponds to traditional sticky session behavior.
-
-
-
-
-
marshaller
-
-
Specifies the marshalling implementation used to serialize session attributes.
e.g. Creating a new session management profile "foo" using the cache configuration "bar" defined on a remote infinispan server "datagrid" with ATTRIBUTE granularity:
A web application can override the default distributable session management behavior in 1 of 2 ways:
-
-
-
-
-
Reference a session-management profile by name
-
-
-
Provide deployment-specific session management configuration
-
-
-
-
-
2.2.1. Referencing an existing session management profile
-
-
To use an existing distributed session management profile, a web application should include a distributable-web.xml deployment descriptor located within the application’s /WEB-INF directory.
2.2.2. Using a deployment-specific session management profile
-
-
If custom session management configuration will only be used by a single web application, you may find it more convenient to define the configuration within the deployment descriptor itself.
-Ad hoc configuration looks identical to the configuration used by the distributable-web subsystem.
WildFly supports the ability to share sessions across web applications within an enterprise archive.
-In previous releases, WildFly always presumed distributable session management of shared sessions.
-Version 2.0 of the shared-session-config deployment descriptor was updated to allow an EAR to opt-in to this behavior using the familiar <distributable/> element.
-Additionally, you can customize the behavior of the distributable session manager used for session sharing via the same configuration mechanism described in the above sections.
2.4. Optimizing performance of distributed web applications
-
-
One of the primary design goals of WildFly’s distributed session manager was the parity of HttpSession semantics between distributable and non-distributable web applications.
-In order to provide predictable behavior suitable for most web applications, the default distributed session manager configuration is quite conservative, generally favoring consistency over availability.
-However, these defaults may not be appropriate for your application.
-In general, the effective performance of the distributed session manager is constrained by:
-
-
-
-
-
Replication/persistence payload size
-
-
-
Locking/isolation of a given session
-
-
-
-
-
To optimize the configuration of the distributed session manager for your application, you can address the above constraints by tuning one or more of the following:
By default, WildFly’s distributed session manager uses SESSION granularity, meaning that all session attributes are stored within a single cache entry.
-While this ensures that any object references shared between session attributes are preserved following replication/persistence, it means that a change to a single attribute results in the replication/persistence of all attributes.
-
-
-
If your application does not share any object references between attributes, users are strongly advised to use ATTRIBUTE granularity.
-Using ATTRIBUTE granularity, each session attribute is stored in a separate cache entry.
-This means that a given request is only required to replicate/persist those attributes that were added/modified/removed/mutated in a given request.
-For read-heavy applications, this can dramatically reduce the replication/persistence payload per request.
-
-
-
-
2.4.2. Session concurrency
-
-
WildFly’s default distributed session manager behavior is also conservative with respect to concurrent access to a given session.
-By default, a request acquires exclusive access to its associated session for the duration of a request, and until any async child context is complete.
-This maximizes the performance of a single request, as each request corresponds to a single cache transaction; allows for repeatable read semantics to the session; and ensures that subsequent requests are not prone to stale reads, even when handled by another cluster member.
-
-
-
However, if multiple requests attempt to access the same session concurrently, their processing will be effectively serialized. This might not be feasible, especially for heavily asynchronous web applications.
-
-
-
Relaxing transaction isolation from REPEATABLE_READ to READ_COMMITTED on the associated cache configuration will allow concurrent requests to perform lock-free (but potentially stale) reads by deferring locking to the first attempt to write to the session.
-This improves the throughput of requests for the same session for highly asynchronous web applications whose session access is read-heavy.
For asynchronous web applications whose session access is write-heavy, merely relaxing transaction isolation is not likely to be sufficient.
-These web applications will likely benefit from disabling cache transactions altogether.
-When transactions are disabled, cache entries are locked and released for every write to the session, resulting in last-write-wins semantics.
-For write-heavy applications, this typically improves the throughput of concurrent requests for the same session, at the cost of longer response times for individual requests.
-Relaxing transaction isolation currently prevents WildFly from enforcing that a given session is handled by one JVM at a time, a constraint dictated by the servlet specification.
-
-
-
-
-
-
-
2.4.3. Session attribute immutability
-
-
In WildFly, distributed session attributes are presumed to be mutable objects, unless of a known immutable type, or unless otherwise specified.
By default, WildFly replicates/persists the mutable session attributes at the end of the request, ensuring that a subsequent request will read the mutated value, not the original value.
-However, the replication/persistence of mutable session attributes at the end of the request happens whether or not these objects were actually mutated.
-To avoid redundant session writes, users are strongly encouraged to store immutable objects in the session whenever possible.
-This allows the application more control over when session attributes will replicate/persist, since immutable session attributes will only update upon explicit calls to HttpSession.setAttribute(…).
-
-
-
WildFly can determine whether most JDK types are immutable, but any unrecognized/custom types are presumed to be mutable.
-To indicate that a given session attribute of a custom type should be treated as immutable by the distributed session manager, annotate the class with one of the following annotations:
Minimizing the replication/persistence payload for individual session attributes has a direct impact on performance by reducing the number of bytes sent over the network or persisted to storage.
-See the Marshalling section for more details.
-
-
-
-
-
-
-
3. Distributable Jakarta Enterprise Beans Applications
-
-
-
Just as with standard web applications, session state of stateful session beans (SFSB) contained in a standard EJB application
-is not guaranteed to survive beyond the lifespan of the Jakarta Enterprise Beans container. And, as with standard web applications, there is a way to
-allow session state of SFSBs to survive beyond the lifespan of a single server, either through persistence or by replicating state to
-other nodes in the cluster.
-
-
-
A distributable SFSB is one whose state is made available on multiple nodes in a cluster and which supports failover of invocation attempts: if the node
-on which the SFSB was created fails, the invocation will be retried on another node in the cluster where the SFSB state is present.
-
-
-
In the case of Jakarta Enterprise Beans applications, whether or not a bean is distributable is determined globally or on a per-bean basis, rather than on
-an application-wide basis as in the case of distributed HttpSessions.
-
-
-
A stateful session bean within an Jakarta Enterprise Beans application indicates its intention to be distributable by using a passivation-capable cache
-to store its session state. Cache factories were discussed in the Jakarta Enterprise Beans section of the Wildfly Admin Guide.
-Additionally, the EJB application needs to be deployed into a server which uses an High Availability (HA) server profile, such as standalone-ha.xml
-or standalone-full-ha.xml.
-
-
-
Since Jakarta Enterprise Beans are passivation-capable by default, generally, users already using an HA profile will not need to make any configuration changes
-for their beans to be distributable and, consequently, to support failover. More fine-grained control over whether a bean is distributable can be
-achieved using the passivationCapable attribute of the @Stateful annotation (or the equivalent deployment descriptor override). A bean which is marked as
-@Stateful(passivationCapable=false) will not exhibit distributable behavior (i.e. failover), even when the application containing it is deployed in a cluster.
-
-
-
-
-
-
-
-
-More information on passivation-capable beans can be found in Section 4.6.5 of the Jakarta Enterprise Beans specification.
-
-
-
-
-
-
In the sections that follow, we discuss some aspects of configuring distributable Jakarta Enterprise Beans applications in Wildfly.
-
-
-
3.1. Distributable EJB Subsystem
-
-
The purpose of the distributable-ejb subsystem is to permit configuration of clustering abstractions
-required to support those resources of the ejb3 subsystem which support clustered operation. The key resources
-of the ejb3 subsystem which require clustering abstractions are:
-
-
-
-
-
cache factories
-Passivating cache factories depend on a bean management provider to provide passivation and persistence of SFSB
-session states in a local or distributed environment.
-
-
-
client mappings registries
-Supporting remote invocation on SFSB deployed in a cluster require storing client mappings information in a
- client mappings registry. The registry may be tailored for a local or a distributed environment.
-
-
-
-
-
These clustering abstractions are made available to the ejb3 subsystem via the specification and configuration of
-clustering abstraction 'providers'. We describe the available providers below.
-
-
-
3.1.1. Bean management providers
-
-
A bean management provider provides access to a given implementation of a bean manager,
-used by passivation-capable cache factories defined in the ejb3 subsystem to manage passivation and persistence.
-
-
-
Bean management provider elements are named, and represent different implementation and configuration choices for bean management.
-At least one named bean management provider must be defined in the distributable-ejb subsystem and of those, one
-instance must be identified as the default bean management provider, using the default-bean-management attribute of
-the distributable-ejb subsystem.
-
-
-
The available bean management provider is:
-
-
-
infinispan-bean-management
-
-
The infinispan-bean-management provider element represents a bean manager implementation based on an Infinispan cache. The
-attributes for the infinispan-bean-manager element are:
-
-
-
-
cache-container
-
-
Specifies a cache container defined in the Infinispan subsystem used to support the session state cache
-
-
cache
-
-
Specifies the session state cache and its configured properties
-
-
max-active-beans
-
-
Specifies the maximum number of non-passivated session state entries allowed in the cache
-
-
-
-
-
-
-
3.1.2. Client mappings registries
-
-
A client mappings registry provider provides access to a given implementation of a client mappings registry, used by
-the EJB client invocation mechanism to store information about client mappings for each node in the cluster. Client mappings
-are defined in the socket bindings configuration of a server and required to allow an EJB client application to connect
-to servers which are multi-homed (i.e. clients may access the same server from different networks using a different IP address
-ad port for each interface on the multi-homed server).
-
-
-
The available client mappings registry providers are:
-
-
-
infinispan-client-mappings-registry
-
-
The infinispan-client-mappings-registry provider is a provider based on an Infinispan cache and suitable for a clustered server.
-
-
-
-
cache-container
-
-
Specifies a cache container defined in the Infinispan subsystem used to support the client mappings registry
-
-
cache
-
-
Specifies the cache and its configured properties used to support the client mappings registry
-
-
-
-
-
-
local-client-mappings-registry
-
-
The client mappings registry provider suitable for a local, non-clustered server.
-
-
-
-
-
3.1.3. Timer management
-
-
The distributable-ejb subsystem defines a set of timer management resources that define behavior for persistent or non-persistent EJB timers.
This provider stores timer metadata within an embedded Infinispan cache, and utilizes consistent hashing to distribute timer execution between cluster members.
-
-
-
-
cache-container
-
-
Specifies a cache container defined in the Infinispan subsystem
-
-
cache
-
-
Specifies the a cache configuration within the specified cache-container
-
-
max-active-timers
-
-
Specifies the maximum number active timers to retain in memory at a time, after which the least recently used will passivate
-
-
marshaller
-
-
Specifies the marshalling implementation used to serialize the timeout context of a timer.
To ensure proper functioning, the associated cache configuration, regardless of type, should use:
-
-
-
-
-
BATCH transaction mode
-
-
-
REPEATABLE_READ lock isolation
-
-
-
-
-
Generally, persistent timers will leverage a distributed or replicated cache configuration if in a cluster, or a local, persistent cache configuration if on a single server;
-while transient timers will leverage a local, passivating cache configuration.
-
-
-
By default, all cluster members will be eligible for timer execution.
-A given cluster member exclude itself from timer execution by using a cache capacity-factor of 0.
-
-
-
-
-
-
3.2. Deploying clustered EJBs
-
-
Clustering support is available in the HA profiles of WildFly. In this
-chapter we’ll be using the standalone server for explaining the details.
-However, the same applies to servers in a domain mode. Starting the
-standalone server with HA capabilities enabled, involves starting it
-with the standalone-ha.xml (or even standalone-full-ha.xml):
-
-
-
-
./standalone.sh -server-config=standalone-ha.xml
-
-
-
-
This will start a single instance of the server with HA capabilities.
-Deploying the EJBs to this instance doesn’t involve anything special
-and is the same as explained in the application
-deployment chapter.
-
-
-
Obviously, to be able to see the benefits of clustering, you’ll need
-more than one instance of the server. So let’s start another server with
-HA capabilities. That another instance of the server can either be on
-the same machine or on some other machine. If it’s on the same machine,
-the two things you have to make sure is that you pass the port offset
-for the second instance and also make sure that each of the server
-instances have a unique jboss.node.name system property. You can do
-that by passing the following two system properties to the startup
-command:
-
-
-
-
./standalone.sh -server-config=standalone-ha.xml -Djboss.socket.binding.port-offset=<offset of your choice> -Djboss.node.name=<unique node name>
-
-
-
-
Follow whichever approach you feel comfortable with for deploying the
-EJB deployment to this instance too.
-
-
-
-
-
-
-
-
-Deploying the application on just one node of a standalone instance of a
-clustered server does not mean that it will be automatically deployed
-to the other clustered instance. You will have to do deploy it
-explicitly on the other standalone clustered instance too. Or you can
-start the servers in domain mode so that the deployment can be deployed
-to all the server within a server group. See the
-admin guide for
-more details on domain setup.
-
-
-
-
-
-
Now that you have deployed an application with clustered EJBs on both
-the instances, the EJBs are now capable of making use of the clustering
-features.
-
-
-
3.2.1. Failover for clustered EJBs
-
-
Clustered EJBs have failover capability. The state of the @Stateful
-@Clustered EJBs is replicated across the cluster nodes so that if one of
-the nodes in the cluster goes down, some other node will be able to take
-over the invocations. Let’s see how it’s implemented in WildFly. In
-the next few sections we’ll see how it works for remote (standalone)
-clients and for clients in another remote WildFly server instance.
-Although, there isn’t a difference in how it works in both these cases,
-we’ll still explain it separately so as to make sure there aren’t any
-unanswered questions.
-
-
-
-
3.2.2. Remote standalone clients
-
-
In this section we’ll consider a remote standalone client (i.e. a client
-which runs in a separate JVM and isn’t running within another WildFly
-8 instance). Let’s consider that we have 2 servers, server X and server
-Y which we started earlier. Each of these servers has the clustered EJB
-deployment. A standalone remote client can use either the
-JNDI approach or native JBoss EJB client APIs to
-communicate with the servers. The important thing to note is that when
-you are invoking clustered EJB deployments, you do not have to list
-all the servers within the cluster (which obviously wouldn’t have been
-feasible due the dynamic nature of cluster node additions within a
-cluster).
-
-
-
The remote client just has to list only one of the servers with the
-clustering capability. In this case, we can either list server X (in
-jboss-ejb-client.properties) or server Y. This server will act as the
-starting point for cluster topology communication between the client and
-the clustered nodes.
-
-
-
Note that you have to configure the ejb cluster in the
-jboss-ejb-client.properties configuration file, like so:
When a client connects to a server, the JBoss EJB client implementation
-(internally) communicates with the server for cluster topology
-information, if the server had clustering capability. In our example
-above, let’s assume we listed server X as the initial server to connect
-to. When the client connects to server X, the server will send back an
-(asynchronous) cluster topology message to the client. This topology
-message consists of the cluster name(s) and the information of the nodes
-that belong to the cluster. The node information includes the node
-address and port number to connect to (whenever necessary). So in this
-example, the server X will send back the cluster topology consisting of
-the other server Y which belongs to the cluster.
-
-
-
In case of stateful (clustered) EJBs, a typical invocation flow involves
-creating of a session for the stateful bean, which happens when you do a
-JNDI lookup for that bean, and then invoking on the returned proxy. The
-lookup for stateful bean, internally, triggers a (synchronous) session
-creation request from the client to the server. In this case, the
-session creation request goes to server X since that’s the initial
-connection that we have configured in our jboss-ejb-client.properties.
-Since server X is clustered, it will return back a session id and along
-with send back an "affinity" of that session. In case of clustered
-servers, the affinity equals to the name of the cluster to which the
-stateful bean belongs on the server side. For non-clustered beans, the
-affinity is just the node name on which the session was created. This
-affinity will later help the EJB client to route the invocations on
-the proxy, appropriately to either a node within a cluster (for
-clustered beans) or to a specific node (for non-clustered beans). While
-this session creation request is going on, the server X will also send
-back an asynchronous message which contains the cluster topology. The
-JBoss EJB client implementation will take note of this topology
-information and will later use it for connection creation to nodes
-within the cluster and routing invocations to those nodes, whenever
-necessary.
-
-
-
Now that we know how the cluster topology information is communicated
-from the server to the client, let see how failover works. Let’s
-continue with the example of server X being our starting point and a
-client application looking up a stateful bean and invoking on it. During
-these invocations, the client side will have collected the cluster
-topology information from the server. Now let’s assume for some reason,
-server X goes down and the client application subsequent invokes on the
-proxy. The JBoss EJB client implementation, at this stage will be aware
-of the affinity and in this case it’s a cluster affinity. Because of the
-cluster topology information it has, it knows that the cluster has two
-nodes server X and server Y. When the invocation now arrives, it sees
-that the server X is down. So it uses a selector to fetch a suitable
-node from among the cluster nodes. The selector itself is configurable,
-but we’ll leave it from discussion for now. When the selector returns a
-node from among the cluster, the JBoss EJB client implementation creates
-a connection to that node (if not already created earlier) and creates a
-EJB receiver out of it. Since in our example, the only other node in the
-cluster is server Y, the selector will return that node and the JBoss
-EJB client implementation will use it to create a EJB receiver out of it
-and use that receiver to pass on the invocation on the proxy.
-Effectively, the invocation has now failed over to a different node
-within the cluster.
-
-
-
-
3.2.4. Remote clients on another instance of WildFly
-
-
So far we discussed remote standalone clients which typically use either
-the EJB client API or the jboss-ejb-client.properties based approach to
-configure and communicate with the servers where the clustered beans are
-deployed. Now let’s consider the case where the client is an application
-deployed another AS7 instance and it wants to invoke on a clustered
-stateful bean which is deployed on another instance of WildFly. In
-this example let’s consider a case where we have 3 servers involved.
-Server X and Server Y both belong to a cluster and have clustered EJB
-deployed on them. Let’s consider another server instance Server C (which
-may or may not have clustering capability) which acts as a client on
-which there’s a deployment which wants to invoke on the clustered beans
-deployed on server X and Y and achieve failover.
-
-
-
The configurations required to achieve this are explained in
-this chapter. As you can see the configurations are
-done in a jboss-ejb-client.xml which points to a remote outbound
-connection to the other server. This jboss-ejb-client.xml goes in the
-deployment of server C (since that’s our client). As explained earlier,
-the client configuration need not point to all clustered nodes.
-Instead it just has to point to one of them which will act as a start
-point for communication. So in this case, we can create a remote
-outbound connection on server C to server X and use server X as our
-starting point for communication. Just like in the case of remote
-standalone clients, when the application on server C (client) looks up a
-stateful bean, a session creation request will be sent to server X which
-will send back a session id and the cluster affinity for it.
-Furthermore, server X asynchronously send back a message to server C
-(client) containing the cluster topology. This topology information will
-include the node information of server Y (since that belongs to the
-cluster along with server X). Subsequent invocations on the proxy will
-be routed appropriately to the nodes in the cluster. If server X goes
-down, as explained earlier, a different node from the cluster will be
-selected and the invocation will be forwarded to that node.
-
-
-
As can be seen both remote standalone client and remote clients on
-another WildFly instance act similar in terms of failover.
-
-
-
-
-
-
-
-
-References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
-
-
-
-
-
-
-
-
-
-
4. Messaging
-
-
-
This section is under development intending to describe high availability features and configuration pertaining to Jakarta Messaging (JMS).
-
-
-
-
-
5. Load Balancing
-
-
-
5.1. mod_cluster Subsystem
-
-
The mod_cluster integration is done via the mod_cluster subsystem.
-
-
-
5.1.1. Configuration
-
-
Instance ID or JVMRoute
-
-
The instance-id or JVMRoute defaults to jboss.node.name property passed
-on server startup (e.g. via -Djboss.node.name=XYZ).
By default, mod_cluster is configured for multicast-based discovery. To
-specify a static list of proxies, create a remote-socket-binding for
-each proxy and then reference them in the 'proxies' attribute. See the
-following example for configuration in the domain mode:
Since WildFly 14 mod_cluster subsystem supports multiple named proxy configurations also allowing for registering
-non-default Undertow servers with the reverse proxies. Moreover, this allows single application server node to register with
-different groups of proxy servers.
-
-
-
See the following example which adds another Undertow AJP listener, server and a host and adds a new mod_cluster configuration
-which registers this host using advertise mechanism.
The operations specific to the modcluster subsystem are divided in 3
-categories the ones that affects the configuration and require a restart
-of the subsystem, the one that just modify the behaviour temporarily and
-the ones that display information from the httpd part.
-
-
-
operations displaying httpd information
-
-
There are 2 operations that display how Apache httpd sees the node:
-
-
-
read-proxies-configuration
-
-
Send a DUMP message to all Apache httpd the node is connected to and
-display the message received from Apache httpd.
Those operations are like the context operation but they apply to all
-webapps running on the node and operation that affect the whole node.
-
-
-
refresh
-
-
Refresh the node by sending a new CONFIG message to Apache httpd.
-
-
-
-
reset
-
-
Reset the connection between Apache httpd and the node.
-
-
-
-
-
Configuration
-
-
Metric configuration
-
-
There are 4 metric operations corresponding to add and remove load
-metrics to the dynamic-load-provider. Note that when nothing is defined
-a simple-load-provider is use with a fixed load factor of one.
like the add-metric and remove-metric except they require a class
-parameter instead the type. Usually they needed additional properties
-which can be specified
-This section provides information how to configure mod_cluster
-subsystem to protect communication between mod_cluster and load balancer
-using SSL/TLS using Elytron Subsystem.
-
-
-
-
Overview
-
-
Elytron subsystem provides a powerful and flexible model to configure
-different security aspects for applications and the application server
-itself. At its core, Elytron subsystem exposes different capabilities to
-the application server in order centralize security related
-configuration in a single place and to allow other subsystems to consume
-these capabilities. One of the security capabilities exposed by Elytron
-subsystem is a Client ssl-context that can be used to configure
-mod_cluster subsystem to communicate with a load balancer using SSL/TLS.
-
-
-
When protecting the communication between the application server and the
-load balancer, you need do define a Client ssl-context in order to:
-
-
-
-
-
Define a trust store holding the certificate chain that will be used
-to validate load balancer’s certificate
-
-
-
Define a trust manager to perform validations against the load
-balancer’s certificate
-
-
-
-
-
-
Defining a Trust Store with the Trusted Certificates
-
-
To define a trust store in Elytron you can execute the following CLI
-command:
In order to successfully execute the command above you must have a
-application.truststore file inside your
-JBOSS_HOME/standalone/configuration directory. Where the trust store
-is protected by a password with a value password. The trust store must
-contain the certificates associated with the load balancer or a
-certificate chain in case the load balancer’s certificate is signed by a
-CA.
-
-
-
We strongly recommend you to avoid using self-signed certificates with
-your load balancer. Ideally, certificates should be signed by a CA and
-your trust store should contain a certificate chain representing your
-ROOT and Intermediary CAs.
-
-
-
-
Defining a Trust Manager To Validate Certificates
-
-
To define a trust manager in Elytron you can execute the following CLI
-command:
Here we are setting the default-trust-store as the source of the
-certificates that the application server trusts.
-
-
-
-
Defining a Client SSL Context and Configuring mod_cluster Subsystem
-
-
Finally, you can create the Client SSL Context that is going to be used
-by the mod_cluster subsystem when connecting to the load balancer using
-SSL/TLS:
Once you execute the last command above, reload the server:
-
-
-
-
reload
-
-
-
-
-
Using a Certificate Revocation List
-
-
In case you want to validate the load balancer certificate against a
-Certificate Revocation List (CRL), you can configure the trust-manager
-in Elytron subsystem as follows:
To use a CRL your trust store must contain the certificate chain in
-order to check validity of both CRL list and the load balancer`s
-certificate.
-
-
-
A different way to configure a CRL is using the Distribution Points
-embedded in your certificates. For that, you need to configure a
-certificate-revocation-list as follows:
It is possible to accept a REMOTE_USER already authenticated by the Apache httpd server with Elytron via the AJP protocol.
-This can be done by setting up Elytron to secure a WildFly deployment and specifying for the External HTTP mechanism to
-be used. This is done by creating a security domain and specifying the External mechanism as one of the mechanism
-configurations to be used by the http-authentication-factory:
Elytron will accept the externally authenticated user and use the specified security domain to perform role mapping to
-complete authorization.
-
-
-
-
-
5.2. Enabling ranked affinity support in load balancer
-
-
Enabling ranked affinity support in the server must be accompanied by a compatible load balancer with ranked affinity support enabled.
-When using WildFly as a load balancer ranked routing can be enabled with the following CLI command:
The default delimiter which delimiters the node routes is "." which encodes multiple routes as node1.node2.node3.
-Should the delimiter be required to be different, this is configurable by the delimiter attribute of the affinity resource.
-See the following CLI command:
5.3. Support for load-balancers relying on affinity cookie
-
-
While the Apache family of load-balancers relies on attaching session affinity (routing) information by default to a JSESSIONID cookie or a jsessionid path parameter,
-there are other load-balancers that rely on a cookie to drive session affinity.
-
-
-
In order to configure the cookie name and other properties use the following CLI script:
Notice that the proxy server defined cookie names need to correspond with the application server’s instance-id.
-
-
-
-
-
-
-
6. HA Singleton Features
-
-
-
In general, an HA or clustered singleton is a service that exists on
-multiple nodes in a cluster, but is active on just a single node at any
-given time. If the node providing the service fails or is shut down, a
-new singleton provider is chosen and started. Thus, other than a brief
-interval when one provider has stopped and another has yet to start, the
-service is always running on one node.
-
-
-
6.1. Singleton subsystem
-
-
WildFly 10 introduced a "singleton" subsystem, which defines a set of
-policies that define how an HA singleton should behave. A singleton
-policy can be used to instrument singleton deployments or to create
-singleton MSC services.
The cache-container and cache attributes of a singleton policy must
-reference a valid cache from the Infinispan subsystem. If no specific
-cache is defined, the default cache of the cache container is assumed.
-This cache is used as a registry of which nodes can provide a given
-service and will typically use a replicated-cache configuration.
-
-
-
-
Election policies
-
-
WildFly includes two singleton election policy implementations:
-
-
-
-
-
simple
-Elects the provider (a.k.a. primary provider) of a singleton service based on a
-specified position in a circular linked list of eligible nodes sorted by
-descending age. Position=0, the default value, refers to the oldest
-node, 1 is second oldest, etc. ; while position=-1 refers to the
-youngest node, -2 to the second youngest, etc.
-e.g.
Additionally, any singleton election policy may indicate a preference
-for one or more members of a cluster. Preferences may be defined either
-via node name or via outbound socket binding name. Node preferences
-always take precedent over the results of an election policy.
-e.g.
Network partitions are particularly problematic for singleton services,
-since they can trigger multiple singleton providers for the same service
-to run at the same time. To defend against this scenario, a singleton
-policy may define a quorum that requires a minimum number of nodes to be
-present before a singleton provider election can take place. A typical
-deployment scenario uses a quorum of N/2 + 1, where N is the anticipated
-cluster size. This value can be updated at runtime, and will immediately
-affect any active singleton services.
-e.g.
The singleton subsystem can be used in a non-HA profile, so long as the
-cache that it references uses a local-cache configuration. In this
-manner, an application leveraging singleton functionality (via the
-singleton API or using a singleton deployment descriptor) will continue
-function as if the server was a sole member of a cluster. For obvious
-reasons, the use of a quorum does not make sense in such a
-configuration.
-
-
-
-
-
6.2. Singleton deployments
-
-
WildFly 10 resurrected the ability to start a given deployment on a
-single node in the cluster at any given time. If that node shuts down,
-or fails, the application will automatically start on another node on
-which the given deployment exists. Long time users of JBoss AS will
-recognize this functionality as being akin to the
-HASingletonDeployer,
-a.k.a. "
-deploy-hasingleton",
-feature of AS6 and earlier.
-
-
-
6.2.1. Usage
-
-
A deployment indicates that it should be deployed as a singleton via a
-deployment descriptor. This can either be a standalone
-/META-INF/singleton-deployment.xml file or embedded within an existing
-jboss-all.xml descriptor. This descriptor may be applied to any
-deployment type, e.g. JAR, WAR, EAR, etc., with the exception of a
-subdeployment within an EAR.
-e.g.
The singleton deployment descriptor defines which
-singleton policy should be used to deploy the
-application. If undefined, the default singleton policy is used, as
-defined by the singleton subsystem.
-
-
-
Using a standalone descriptor is often preferable, since it may be
-overlaid onto an existing deployment archive.
-e.g.
The singleton service facility exposes a mechanism for installing an MSC service such that the service only starts on a single member of a cluster at a time.
-If the member providing the singleton service is shutdown or crashes, the facility automatically elects a new primary provider and starts the service on that node.
-In general, a singleton election happens in response to any change of membership, where the membership is defined as the set of cluster nodes on which the given service was installed.
-
-
-
6.3.1. Installing an MSC service using an existing singleton policy
-
-
While singleton MSC services have been around since AS7, WildFly adds the ability to leverage the singleton subsystem to create singleton MSC services from existing singleton policies.
-
-
-
The singleton subsystem exposes capabilities for each singleton policy it defines.
-
-
-
These policies, encapsulated by the org.wildfly.clustering.singleton.service.SingletonPolicy interface, can be referenced via the following capability name:
-"org.wildfly.clustering.singleton.policy" + policy-name
-
-
-
You can reference the default singleton policy of the server via the name:
-"org.wildfly.clustering.singleton.default-policy"
-e.g.
-
-
-
-
publicclassMyServiceActivatorimplements ServiceActivator {
- @Override
- publicvoid activate(ServiceActivatorContext context) {
- ServiceName name = ServiceName.parse("my.service.name");
- // Use default singleton policy
- Supplier<SingletonPolicy> policy = new ActiveServiceSupplier<>(context.getServiceTarget(), ServiceName.parse(SingletonDefaultRequirement.SINGLETON_POLICY.getName()));
- ServiceBuilder<?> builder = policy.get().createSingletonServiceConfigurator(name).build(context.getServiceTarget());
- Service service = new MyService();
- builder.setInstance(service).install();
- }
-}
-
-
-
-
-
6.3.2. Singleton MSC Service metrics
-
-
The singleton subsystem registers a set of runtime metrics for each singleton MSC service installed via a given singleton policy.
-
-
-
-
is-primary
-
-
Indicates whether the node on which the operation was performed is the primary provider of the given singleton service
-
-
primary-provider
-
-
Identifies the node currently operating as the primary provider for the given singleton service
-
-
providers
-
-
Identifies the set of nodes on which the given singleton service is installed.
6.3.3. Installing an MSC service using dynamic singleton policy
-
-
Alternatively, you can configure a singleton policy dynamically, which is particularly useful if you want to use a custom singleton election policy.
-org.wildfly.clustering.singleton.service.SingletonPolicy is a generalization of the org.wildfly.clustering.singleton.service.SingletonServiceConfiguratorFactory interface,
-which includes support for specifying an election policy, an election listener, and, optionally, a quorum.
-
-
-
The SingletonElectionPolicy is responsible for electing a member to operate as the primary singleton service provider following any change in the set of singleton service providers.
-Following the election of a new primary singleton service provider, any registered SingletonElectionListener is triggered on every member of the cluster.
-
-
-
The 'SingletonServiceConfiguratorFactory' capability may be referenced using the following capability name:
-"org.wildfly.clustering.cache.singleton-service-configurator-factory" + container-name + "." + cache-name
-
-
-
You can reference a 'SingletonServiceConfiguratorFactory' using the default cache of a given cache container via the name:
-"org.wildfly.clustering.cache.default-singleton-service-configurator-factory" + container-name
-
-
-
e.g.
-
-
-
-
publicclassMySingletonElectionPolicyimplements SingletonElectionPolicy {
- @Override
- public Node elect(List<Node> candidates) {
- // ...
- return ...;
- }
-}
-
-publicclassMySingletonElectionListenerimplements SingletonElectionListener {
- @Override
- publicvoid elected(List<Node> candidates, Node primary) {
- // ...
- }
-}
-
-publicclassMyServiceActivatorimplements ServiceActivator {
- @Override
- publicvoid activate(ServiceActivatorContext context) {
- String containerName = "foo";
- SingletonElectionPolicy policy = new MySingletonElectionPolicy();
- SingletonElectionListener listener = new MySingletonElectionListener();
- int quorum = 3;
- ServiceName name = ServiceName.parse("my.service.name");
- // Use a SingletonServiceConfiguratorFactory backed by default cache of "foo" container
- Supplier<SingletonServiceConfiguratorFactory> factory = new ActiveServiceSupplier<>(context.getServiceTarget(), ServiceName.parse(SingletonDefaultCacheRequirement.SINGLETON_SERVICE_CONFIGURATOR_FACTORY.resolve(containerName).getName()));
- ServiceBuilder<?> builder = factory.get().createSingletonServiceConfigurator(name)
- .electionListener(listener)
- .electionPolicy(policy)
- .requireQuorum(quorum)
- .build(context.getServiceTarget());
- Service service = new MyService();
- builder.setInstance(service).install();
- }
-}
-
-
-
-
-
-
-
-
7. Clustering API
-
-
-
WildFly exposes a public API to deployments for performing common clustering operations, such as:
This zero-dependency API allows an application to perform basic clustering tasks, while remaining decoupled from the libraries that implement WildFly’s clustering logic.
-
-
-
7.1. Group membership
-
-
The Group abstraction represents a logical cluster of nodes.
-The Group service provides the following capabilities:
-
-
-
-
-
View the current membership of a group.
-
-
-
Identifies a designated coordinator for a given group membership. This designated coordinator will be the same on every node for a given membership. Traditionally, the oldest member of the cluster is chosen as the coordinator.
-
-
-
Registration facility for notifications of changes to group membership.
-
-
-
-
-
WildFly creates a Group instance for every defined channel defined in the JGroups subsystem, as well as a local implementation.
-The local Group implementation is effectively a singleton membership containing only the current node.
-e.g.
-
-
-
-
@Resource(lookup = "java:jboss/clustering/group/ee") // A Group representing the cluster of the "ee" channel
-privateGroup group;
-
-@Resource(lookup = "java:jboss/clustering/group/local") // A non-clustered Group
-privateGroup localGroup;
-
-
-
-
To ensure that your application operates consistently regardless of server configuration, you are strongly recommended to reference a given Group using an alias.
-Most users should use the "default" alias, which references either:
-
-
-
-
-
A Group backed by the default channel of the server, if the JGroups subsystem is present
-
-
-
A non-clustered Group, if the JGroups subsystem is not present
Additionally, WildFly creates a Group alias for every Infinispan cache-container, which references:
-
-
-
-
-
A Group backed by the transport channel of the cache container
-
-
-
A non-clustered Group, if the cache container has no transport
-
-
-
-
-
This is useful when using a Group within the context of an Infinispan cache.
-
-
-
e.g.
-
-
-
-
@Resource(lookup = "java:jboss/clustering/group/server") // Backed by the transport of the "server" cache-container
-privateGroup group;
-
-
-
-
7.1.1. Node
-
-
A Node encapsulates a member of a group (i.e. a JGroups address).
-A Node has the following distinct characteristics, which will be unique for each member of the group:
-
-
-
-
getName
-
-
The distinct logical name of this group member.
-This value inherently defaults to the hostname of the machine, and can be overridden via the "jboss.node.name" system property.
-You must override this value if you run multiple servers on the same host.
-
-
getSocketAddress()
-
-
The distinct bind address/port used by this group member.
-This will be null if the group is non-clustered.
-
-
-
-
-
-
7.1.2. Membership
-
-
A Membership is an immutable encapsulation of a group membership (i.e. a JGroups view).
-Membership exposes the following properties:
-
-
-
-
getMembers()
-
-
Returns the list of members comprising this group membership. The order of this list will be consistent on all nodes in the cluster.
-
-
isCoordinator()
-
-
Indicates whether the current member is the coordinator of the group.
-
-
getCoordinator()
-
-
Returns the member designated as coordinator of this group. This methods will return a consistent value for all nodes in the cluster.
-
-
-
-
-
-
7.1.3. Usage
-
-
The Group abstract is effectively a volatile reference to the current membership, and provides a facility for notification of membership changes.
-It exposes the following properties and operations:
-
-
-
-
getName()
-
-
The logical name of this group.
-
-
getLocalMember()
-
-
The Node instance corresponding to the local member.
-
-
getMembership()
-
-
Returns the current membership of this group.
-
-
register(GroupListener)
-
-
Registers the specific listener to be notified of changes to group membership.
-
-
isSingleton()
-
-
Indicates whether the groups membership is non-clustered, i.e. will only ever contain a single member.
-
-
-
-
-
-
7.1.4. Example
-
-
A distributed "Hello world" example that prints joiners and leavers of a group membership:
A command dispatcher is a mechanism for dispatching commands to be executed on members of a group.
-
-
-
7.2.1. CommandDispatcherFactory
-
-
A command dispatcher is created from a CommandDispatcherFactory, an instance of which is created for every defined channel defined in the JGroups subsystem, as well as a local implementation.
-e.g.
-
-
-
-
@Resource(lookup = "java:jboss/clustering/dispatcher/ee") // A command dispatcher factory backed by the "ee" channel
-private CommandDispatcherFactory factory;
-
-@Resource(lookup = "java:jboss/clustering/dispatcher/local") // The non-clustered command dispatcher factory
-private CommandDispatcherFactory localFactory;
-
-
-
-
To ensure that your application functions consistently regardless of server configuration, we recommended that you reference the CommandDispatcherFactory using an alias.
-Most users should use the "default" alias, which references either:
-
-
-
-
-
A CommandDispatcherFactory backed by the default channel of the server, if the JGroups subsystem is present
-
-
-
A non-clustered CommandDispatcherFactory, if the JGroups subsystem is not present
Additionally, WildFly creates a CommandDispatcherFactory alias for every Infinispan cache-container, which references:
-
-
-
-
-
A CommandDispatcherFactory backed by the transport channel of the cache container
-
-
-
A non-clustered CommandDispatcherFactory, if the cache container has no transport
-
-
-
-
-
This is useful in the case where a CommandDispatcher is used to communicate with members on which a given cache is deployed.
-
-
-
e.g.
-
-
-
-
@Resource(lookup = "java:jboss/clustering/dispatcher/server") // Backed by the transport of the "server" cache-container
-private CommandDispatcherFactory factory;
-
-
-
-
-
7.2.2. Command
-
-
A Command encapsulates logic to be executed on a group member.
-A Command can leverage 2 type of parameters during execution:
-
-
-
-
Sender supplied parameters
-
-
These are member variables of the Command implementation itself, and are provided during construction of the Command object.
-As properties of a serializable object, these must also be serializable.
-
-
Receiver supplied parameters, i.e. local context
-
-
These are encapsulated in a single object, supplied during construction of the CommandDispatcher.
-The command dispatcher passes the local context as a parameter to the Command.execute(…) method.
-
-
-
-
-
-
7.2.3. CommandDispatcher
-
-
The CommandDispatcherFactory creates a CommandDispatcher using a service identifier and a local context.
-This service identifier is used to segregate commands from multiple command dispatchers.
-A CommandDispatcher will only receive commands dispatched by a CommandDispatcher with the same service identifier.
-
-
-
Once created, a CommandDispatcher will locally execute any received commands until it is closed.
-Once closed, a CommandDispatcher is no longer allowed to dispatch commands.
-
-
-
The functionality of a CommandDispatcher boils down to 2 operations:
-
-
-
-
executeOnMember(Command, Node)
-
-
Executes a given command on a specific group member.
-
-
executeOnGroup(Command, Node…)
-
-
Executes a given command on all members of the group, optionally excluding specific members
-
-
-
-
-
Both methods return responses as a CompletionStage, allowing for asynchronous processing of responses as they complete.
-
-
-
-
7.2.4. Example
-
-
To demonstrate how to use a CommandDispatcher, let’s create a distributed "hello world" application.
-
-
-
First, let’s create a simple HelloWorld interface which enables the caller to send a specific message to the entire group:
Next, we need to define a local command execution context.
-This should encapsulate any local information we need to make available to the execution of any command received by our CommandDispatcher.
-For demonstration purposes, let’s make this a separate interface:
Uses the default CommandDispatcherFactory of the server
-
-
-
2
-
Don’t forget to close your CommandDispatcher!
-
-
-
3
-
We don’t want to send the message to ourselves, so we exclude the local member
-
-
-
-
-
Now you can use the HelloWorld.send(…) operation to say hello to your cluster.
-
-
-
-
-
7.3. Service Provider Registry
-
-
A service provider registry is a specialized cache that tracks the group members that provide a given service.
-The ServiceProviderRegistry might be used in concert with a CommandDispatcher to communicate between a subset of group members on which a given service is installed.
-It includes a registration facility to receive notifications when the set of nodes providing a given service changes.
-WildFly uses this internally in its Singleton service/deployment implementation to drive the primary election process.
-
-
-
WildFly exposes a ServiceProviderRegistry (from which a ServiceProviderRegistration is created) for each cache defined by the Infinispan subsystem.
-
-
-
7.3.1. Example
-
-
The following is an example of using a ServiceProviderRegistry to publish the availability of a given singleton Jakarta Enterprise Beans.
-The getProviders() method will return the set of nodes on which the ServiceProviderRegistrationBean is deployed.
Uses the default cache of the "server" cache container.
-
-
-
2
-
Remember to close the registration!
-
-
-
-
-
-
-
7.4. Registry
-
-
A registry is a specialized cache for storing a unique key/value pair for each member of a group.
-This is useful to bridge WildFly’s Group members to an internal identification system used by an application.
-The Registry service includes a facility for notifying group members of new, updated, or obsolete registry entries.
-
-
-
WildFly exposes a RegistryFactory (from which a Registry is created) for each cache defined by the Infinispan subsystem.
-
-
-
7.4.1. Example
-
-
The following Registry example assigns a UUID to each group member, allowing each member to query the identifier of any other member:
Uses the default cache of the "server" cache container.
-
-
-
2
-
Remember to close the registry!
-
-
-
-
-
-
-
-
-
8. JGroups
-
-
-
8.1. JGroups Subsystem
-
-
8.1.1. Purpose
-
-
The JGroups subsystem provides group communication support for HA
-services in the form of JGroups channels.
-
-
-
Named channel instances permit application peers in a cluster to
-communicate as a group and in such a way that the communication
-satisfies defined properties (e.g. reliable, ordered,
-failure-sensitive). Communication properties are configurable for each
-channel and are defined by the protocol stack used to create the
-channel. Protocol stacks consist of a base transport layer (used to
-transport messages around the cluster) together with a user-defined,
-ordered stack of protocol layers, where each protocol layer supports a
-given communication property.
-
-
-
The JGroups subsystem provides the following features:
-
-
-
-
-
allows definition of named protocol stacks
-
-
-
view run-time metrics associated with channels
-
-
-
specify a default stack for general use
-
-
-
-
-
In the following sections, we describe the JGroups subsystem.
-
-
-
-
-
-
-
-
-JGroups channels are created transparently as part of the clustering
-functionality (e.g. on clustered application deployment, channels will
-be created behind the scenes to support clustered features such as
-session replication or transmission of SSO contexts around the cluster).
-
-
-
-
-
-
-
8.1.2. Configuration example
-
-
What follows is a sample JGroups subsystem configuration showing all of
-the possible elements and attributes which may be configured. We shall
-use this example to explain the meaning of the various elements and
-attributes.
-
-
-
-
-
-
-
-
-The schema for the subsystem, describing all valid elements and
-attributes, can be found in the WildFly distribution, in the docs/schema
-directory.
-
This element is used to configure the subsystem within a WildFly system
-profile.
-
-
-
-
-
xmlns This attribute specifies the XML namespace of the JGroups
-subsystem and, in particular, its version.
-
-
-
default-stack This attribute is used to specify a default stack for
-the JGroups subsystem. This default stack will be used whenever a stack
-is required but no stack is specified.
-
-
-
-
-
-
<stack>
-
-
This element is used to configure a JGroups protocol stack.
-
-
-
-
-
name This attribute is used to specify the name of the stack.
-
-
-
-
-
-
<transport>
-
-
This element is used to configure the transport layer (required) of the
-protocol stack.
-
-
-
-
-
type This attribute specifies the transport type (e.g. UDP, TCP,
-TCPGOSSIP)
-
-
-
socket-binding This attribute references a defined socket binding in
-the server profile. It is used when JGroups needs to create general
-sockets internally.
-
-
-
diagnostics-socket-binding This attribute references a defined
-socket binding in the server profile. It is used when JGroups needs to
-create sockets for use with the diagnostics program. For more about the
-use of diagnostics, see the JGroups documentation for probe.sh.
-
-
-
default-executor This attribute references a defined thread pool
-executor in the threads subsystem. It governs the allocation and
-execution of runnable tasks to handle incoming JGroups messages.
-
-
-
oob-executor This attribute references a defined thread pool
-executor in the threads subsystem. It governs the allocation and
-execution of runnable tasks to handle incoming JGroups OOB
-(out-of-bound) messages.
-
-
-
timer-executor This attribute references a defined thread pool
-executor in the threads subsystem. It governs the allocation and
-execution of runnable timer-related tasks.
-
-
-
shared This attribute indicates whether or not this transport is
-shared amongst several JGroups stacks or not.
-
-
-
thread-factory This attribute references a defined thread factory in
-the threads subsystem. It governs the allocation of threads for running
-tasks which are not handled by the executors above.
-
-
-
site This attribute defines a site (data centre) id for this node.
-
-
-
rack This attribute defines a rack (server rack) id for this node.
-
-
-
machine This attribute defines a machine (host) is for this node.
-
-
-
-
-
-
-
-
-
-
-site, rack and machine ids are used by the Infinispan topology-aware
-consistent hash function, which when using dist mode, prevents dist mode
-replicas from being stored on the same host, rack or site
-
-
-
-
-
-
.
-
-
-
<property>
-
-
This element is used to configure a transport property.
-
-
-
-
-
name This attribute specifies the name of the protocol property. The
-value is provided as text for the property element.
-
-
-
-
-
-
-
<protocol>
-
-
This element is used to configure a (non-transport) protocol layer in
-the JGroups stack. Protocol layers are ordered within the stack.
-
-
-
-
-
type This attribute specifies the name of the JGroups protocol
-implementation (e.g. MPING, pbcast.GMS), with the package prefix
-org.jgroups.protocols removed.
-
-
-
socket-binding This attribute references a defined socket binding in
-the server profile. It is used when JGroups needs to create general
-sockets internally for this protocol instance.
-
-
-
-
-
-
<relay>
-
-
This element is used to configure the RELAY protocol for a JGroups
-stack. RELAY is a protocol which provides cross-site replication between
-defined sites (data centres). In the RELAY protocol, defined sites
-specify the names of remote sites (backup sites) to which their data
-should be backed up. Channels are defined between sites to permit the
-RELAY protocol to transport the data from the current site to a backup
-site.
-
-
-
-
-
site This attribute specifies the name of the current site. Site
-names can be referenced elsewhere (e.g. in the JGroups remote-site
-configuration elements, as well as backup configuration elements in the
-Infinispan subsystem)
-
-
-
-
-
<remote-site>
-
-
This element is used to configure a remote site for the RELAY protocol.
-
-
-
-
-
name This attribute specifies the name of the remote site to which
-this configuration applies.
-
-
-
stack This attribute specifies a JGroups protocol stack to use for
-communication between this site and the remote site.
-
-
-
cluster This attribute specifies the name of the JGroups channel to
-use for communication between this site and the remote site.
-
-
-
-
-
-
-
-
8.1.3. Use Cases
-
-
In many cases, channels will be configured via XML as in the example
-above, so that the channels will be available upon server startup.
-However, channels may also be added, removed or have their
-configurations changed in a running server by making use of the WildFly
-management API command-line interface (CLI). In this section, we present
-some key use cases for the JGroups management API.
-
-
-
The key use cases covered are:
-
-
-
-
-
adding a stack
-
-
-
adding a protocol to an existing stack
-
-
-
adding a property to a protocol
-
-
-
-
-
-
-
-
-
-
-The WildFly management API command-line interface (CLI) itself can be
-used to provide extensive information on the attributes and commands
-available in the JGroups subsystem interface used in these examples.
-
KUBE_PING is a discovery protocol for JGroups cluster nodes managed by Kubernetes.
-Since Kubernetes is in charge of launching nodes, it knows the addresses of all pods it started,
-and is therefore an ideal place to ask for cluster discovery.
-Discovery is therefore done by asking Kubernetes for a list of addresses of all cluster nodes.
-Combined with bind_port / port_range, the protocol will then send a discovery request to all instances and wait for the responses.
-
-
-
To reconfigure an existing server profile with KUBE_PING use the following CLI batch replacing the namespace,
-labels and stack name (tcp) with the target stack:
The S3 client used by the protocol uses the default credential store provider.
-Refer to AWS documentation how to generate and supply appropriate credentials.
-For instance, credentials can be provided by Java system properties (aws.accessKeyId and aws.secretAccessKey),
-environmental properties (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY), etc.
-
-
-
For advanced configuration options, please visit protocol’s documentation here.
-
-
-
-
-
-
-
9. Infinispan
-
-
-
9.1. Infinispan Subsystem
-
-
The Infinispan subsystem configures a set of Infinispan cache containers and cache configurations for use by WildFly clustering services.
-
-
-
9.1.1. Cache container
-
-
A cache container manages a set of cache configurations that share the same transport and marshalling configuration.
-Cache containers returned by the Infinispan subsystem are auto-configured with the following customizations:
-
-
-
-
-
A custom transport capable of sharing a JGroups channel defined by the JGroups subsystem.
-
-
-
Uses WildFly’s mbean server, if the org.jboss.as.jmx extension is present.
-
-
-
Marshaller configured to resolve classes using JBoss Modules.
-
-
-
Marshaller configured with a set of marshalling optimizations for common JDK classes
-
-
-
Marshaller configured with additional Externalizers loadable from the configured module attribute.
-
-
-
-
-
e.g. To create a new cache container that loads marshallers from the "org.bar" module:
Note that the server will not manage the lifecycle of any caches created from the injected cache manager.
-The application is responsible for managing the lifecycle of manually created caches.
-
-
-
Transport
-
-
Configures the mechanism used by clustered caches to communicate with each other.
-It is only necessary to define a transport if the cache container contains clustered caches.
-
-
-
To create a JGroups transport using the default channel of the server:
Infinispan supports a number of cache types for use in both HA and non-HA server profiles.
-
-
-
Local
-
-
A local cache stores a given cache entry only on the local node.
-A local cache does not require a transport, as cache reads and writes are always local.
A replicated cache stores a given cache entry on every node in the cluster.
-A replicated cache requires a transport, as cache writes are replicated to all nodes in the cluster on which the associated cache is running.
A distributed cache stores a given cache entry on a configurable number of nodes in the cluster, assigned via an algorithm based on consistent hashing.
-A distributed cache requires a transport, as cache writes need to forward to each owner, and cache reads from a non-owner require a remote request.
A scattered cache is a variation of a distributed cache that maintains 2 copies of a particular cache entry.
-Consequently, it can only tolerate failure of a single node at a time.
-Primary ownership of a cache entry is determined by the same mechanism used by a distributed cache,
-while the backup copy is the node that last updated the entry.
-
-
-
This design means that a scattered cache only requires 1 remote invocation to write a given cache entry, regardless of which node initiated the cache operation.
-By comparison, a distributed cache (with 2 owners) uses 1 remote invocation to write a cache entry if and only if the primary owner initiated the cache operation, and otherwise requires 2 remote invocations.
An invalidation cache is a special type of clustered cache that does not share state, but instead ensures that remote state is invalidated any time a given entry is updated locally.
-An invalidation cache requires a transport, as cache writes trigger invalidation on remote nodes on which the associated cache is running.
The configuration of a cache is divided into several components, each defining a specific cache feature.
-Because a given cache configuration requires each component relevant to its cache type, cache add operations and cache component add operations are typically batched.
-Any undefined components are auto-created using their defaults.
An Infinispan cache can be configured to store cache entries as Java objects or as binary data (i.e. byte[]), either on or off the JVM heap.
-The type of storage used has semantic implications for the user of the cache.
-When using object storage, the cache has store-as-reference semantics, whereas when using binary storage the cache has call-by-value semantics.
-Consider the following logic:
-
-
-
-
List<String> list = newArrayList<>();
-cache.startBatch();
-cache.put("a", list);
-list.add("test");
-cache.endBatch(true);
-
-List<String> result = cache.get("a");
-System.out.println(result.size());
-
-
-
-
How many elements are in the "result" list? The answer depends on how the cache is configured.
-
-
-
When the cache is configured to use object memory, our result list has 1 element.
-When the cache is configured to use binary (or off-heap) memory, our result list is empty.
-When using binary memory, the cache value must be marshalled to a byte[] on write and unmarshalled on read, thus any mutations of the cache value in the interim are not reflected in the cache.
-
-
-Object storage
-
-
When using object storage, cache keys and values are stored as Java object references.
-Object storage may be configured with a maximum size.
-When the number of entries in the cache exceeds this threshold, the least recently used entries are evicted from memory.
-
-
-
e.g. To store a maximum of 100 objects in the Java heap:
When using binary storage, each cache entry is stored as a byte[] within the JVM heap.
-Binary storage may also be configured with a maximum size.
-This size can be specified either as a maximum number of entries (i.e. COUNT), or as a maximum number of bytes (i.e. MEMORY).
-When the number of entries in the cache exceeds this threshold, the least recently used entries are evicted from memory.
-
-
-
e.g. To store a maximum of 1 MB of binary data in the Java heap:
When using off-heap storage, each cache entry is stored as a byte[] in native memory allocated via sun.misc.Unsafe.
-Off-heap memory storage may also be configured with a maximum size, specified either as a maximum number of entries (i.e. COUNT), or as a maximum number of bytes (i.e. MEMORY).
-When the number of entries in the cache exceeds this threshold, the least recently used entries are evicted from memory.
-
-
-
e.g. To store a maximum of 1 GB of binary data in native memory outside of the Java heap:
An Infinispan cache can be configured as transactional or non-transactional.
-This behavior is determined by the mode attribute, which supports the following values:
-
-
-
-
NONE
-
-
Non-transactional cache (the default behavior).
-
-
BATCH
-
-
Transactional cache using a local Infinispan transaction manager.
-Infinispan transactions are started/committed/rolled-back using Infinispan’s batching API.
-
-
NON_XA
-
-
Transactional cache configured to use the server’s transaction manager, registering as a Synchronization to the current transaction.
-Cache commit/rollback happens after the associated transaction completes.
-
-
NON_DURABLE_XA
-
-
Transactional cache configured to use the server’s transaction manager, enlisting as an XAResource to the current transaction, but without transaction recovery support.
-
-
FULL_XA
-
-
Transactional cache configured to use the server’s transaction manager, with full transaction recovery support.
-
-
-
-
-
Within the context of a transaction, cache write operations must obtain a lock on the affected keys.
-Locks may be acquired either pessimistically (the default), i.e. before invoking the operation, or optimistically, i.e. before transaction commit.
-
-
-
e.g. To configure a transactional cache using local Infinispan transactions with OPTIMISTIC locking:
Within the context of a transaction, entries read from the cache are isolated from other concurrent transactions according to the configured isolation level.
-Infinispan supports the following transaction isolation levels:
-
-
-
-
READ_COMMITTED
-
-
A cache read may return a different value than a previous read within the same transaction, even if a concurrent transaction updated the entry.
-This is the default isolation level.
-
-
REPEATABLE_READ
-
-
A cache read will return the same value as a previous read within the same transaction, even if a concurrent transaction updated the entry.
-
-
-
-
-
-
-
-
-
-
-Cache reads are always lock-free unless invoked using Flag.FORCE_WRITE_LOCK.
-
-
-
-
-
-
e.g. To configure a cache using REPEATABLE_READ isolation:
The expiration component configures expiration defaults for cache entries.
-Cache entries may be configured to expire after some duration since creation (i.e. lifespan) or since last accessed (i.e. max-idle).
-
-
-
e.g. To configure expiration of entries older than 1 day, or that have not been accessed within the past hour:
-max-idle based expiration is not generally safe for use with clustered caches, as the meta data of a cache entry is not replicated by cache read operations
-
An Infinispan cache can optionally load/store cache entries from an external storage.
-All cache stores support the following attributes:
-
-
-
-
fetch-state
-
-
Indicates whether to refresh persistent state from cluster members on cache start.
-Does not apply to a local or invalidation cache, nor a shared store.
-Default is true.
-
-
passivation
-
-
Indicates whether cache entries should only be persisted upon eviction from memory.
-Default is true.
-
-
preload
-
-
Indicates whether cache entries should be loaded into memory on cache start.
-Default is false.
-
-
purge
-
-
Indicates whether the cache store should be purged on cache start.
-Purge should never be enabled on a shared store.
-Default is true.
-
-
shared
-
-
Indicates that the same cache store endpoint (e.g. database, data grid, etc.) is used by all members of the cluster.
-When using a shared cache store, cache entries are only persisted by the primary owner of a given cache entry.
-Default is false.
-
-
-
-
-
To remove an existing cache store, you can either use the standard resource remove operation:
A file store persists cache entries to the local filesystem.
-By default, files are stored in a file named "cache-name.dat" within a subdirectory named "infinispan/container-name" relative to the server’s data directory.
-
-
-
e.g. To persist cache entries to $HOME/foo/bar.dat:
The HotRod store uses one dedicated remote cache for each cache created by the server.
-For Infinispan Server versions supporting protocol version 2.7 and above (Infinispan Server version 9.2)
-a persistent remote cache will be automatically created based on default configuration.
-The recommended configuration for the remote cache where session data will be offloaded is transactional distribution mode cache with pessimistic locking.
-When using Infinispan Server version prior to 9.2, the caches need to be configured manually on the server where cache names correspond to the deployment file names (e.g. test.war).
-
-
-
Once a Remote Cache Container is configured a hotrod store can be configured replacing any existing store.
-The following CLI script demonstrates a typical use case for offloading sessions using an invalidation-cache with a shared, persistent infinispan-server store referencing an existing remote-cache-container:
The state transfer component defines the behavior for the initial transfer of state from remote caches on cache start.
-State transfer is only applicable to distributed and replicated caches.
-When configured with a timeout, a cache is only available after its initial state transfer completes.
-If state transfer does not complete within the configured timeout, the cache will fail to start.
-
-
-
e.g. To configure a state-transfer timeout of 1 minute:
Alternatively, state transfer can be configured to be non-blocking, by configuring a timeout of 0.
-While this prevents timeouts due to large state transfers, cache operations on the new node will require remote invocations to retrieve the requisite state until state transfer is complete.
While Infinispan project is used as a library internally by WildFly to provide data distribution, Infinispan project is also distributed in a standalone server mode.
-The Infinispan Server cluster operates as a language-independent service accessed remotely over a number of protocols (HotRod, REST, etc).
-
-
-
HotRod is Infinispan’s custom optimized binary protocol which was designed to:
-
-
-
-
-
enable faster client/server interactions compared to other existing text-based protocols,
-
-
-
allow clients to make more intelligent decisions with regards to load-balancing, failover,
-
-
-
and provide advanced cache operations.
-
-
-
-
-
To learn more about the HotRod protocol itself and how to setup and run Infinispan Server,
-refer to Infinispan documentation for the appropriate version.
-
-
-
Configuration
-
-
To configure a remote-cache-container ensure you have a list of available Infinispan Server nodes.
-The following example CLI script first adds socket bindings to two known Infinispan Server nodes,
-followed by configuration of the cluster.
Upon reload, this will register necessary services for the client.
-A HotRod client can be injected directly into Jakarta EE applications using the @Resource annotation.
Securing the store is just a matter of configuring the remote-cache-container with an SSL context.
-Please follow the Elytron security guide on how to configure new SSL context
-and Infinispan documentation on how to secure Infinispan Server instances.
-
-
-
Once the SSL Context is configured, use the following CLI script to configure remote-cache-container:
The Infinispan subsystem additionally exposes a runtime resource for each started remote cache instance.
-The runtime remote cache resource exposes usage metrics (e.g. reads, writes, removes, etc) as well as metrics for tuning near-cache sizes (e.g. hits vs misses).
If a remote-cache-container configures multiple remote-clusters (e.g. when the infinispan servers are configured with cross site replication),
-the hotrod client can toggle the remote-cluster with which it interacts via a runtime management operation.
-
-
-
For example, when the client is configured with multiple remote clusters, typically representing multiple data centers (this presumes that the infinispan servers are configured with cross-site replication),
-if connectivity to the default remote cluster fails, the client will automatically fail over to a backup remote cluster.
-Once the underlying connectivity issue is resolved, a user can manually fail back to the local site via the switch-cluster operation:
This operation returns true if the switch was successful, or false otherwise.
-See the server log for specifics in the event that the switch was unsuccessful.
-
-
-
-
-
-
-
-
-
10. Advanced Topics
-
-
-
This section aims to describe cross-cutting topics, such as marshalling.
-
-
-
10.1. Marshalling
-
-
In general, the most effective way to improve the scalability of a system with persistent or distributed state is to reduce the number of bytes needed to be sent over the network or persisted to storage.
-Marshalling is the process by which Java objects in heap space are converted to a byte buffer for replication to other JVMs or for persistence to local or shared storage.
-
-
-
WildFly generally supports 2 marshalling mechanisms for use with its clustering modules: JBoss Marshalling and ProtoStream.
-
-
-
10.1.1. JBoss Marshalling
-
-
JBoss Marshalling is a serialization library for objects implementing java.io.Serializable.
-
-
-
When configured to use JBoss Marshalling, an application can optimize the marshalling of a given object, either through custom JDK serialization logic, or by implementing a custom externalizer.
-An externalizer is an implementation of the org.wildfly.clustering.marshalling.Externalizer interface, which dictates how a given class should be marshalled.
-An externalizer reads/writes the state of an object directly from/to an input/output stream, but also:
-
-
-
-
-
Allows an application to replicate/persist an object that does not implement java.io.Serializable
-
-
-
Eliminates the need to serialize the class descriptor of an object along with its state
Externalizers are dynamically loaded during deployment via the service loader mechanism.
-Implementations should be enumerated within a file named:
-/META-INF/services/org.wildfly.clustering.marshalling.Externalizer
-
-
-
-
10.1.2. ProtoStream
-
-
ProtoStream is serialization library based on the Protobuf data format.
-The nature of the Protobuf data format makes it very easy to evolve classes without breaking serialization compatibility.
-When compared to JBoss Marshalling, ProtoStream is generally more efficient and generates smaller payloads, especially for objects containing fields that are either optional or have a default value.
-Since marshallable classes are explicitly enumerated, ProtoStream is not vulnerable to the same arbitrary code execution exploits that affect JDK serialization.
-
-
-
When configured to use ProtoStream, a web application will need to register ProtoStream marshallers/schemas for every application-specific type.
-WildFly initializes its ProtoStream marshaller using all instances of org.infinispan.protostream.SerializationContextInitializer that are visible to the deployment classpath.
-Implementations should be enumerated within a file named:
-/META-INF/services/org.infinispan.protostream.SerializationContextInitializer
Sufficiently complex objects may require a custom org.infinispan.protostream.SerializationContextInitializer implementation to register custom marshaller implementations and schemas.
-Refer to the Infinispan documentation for details.
-
-
-
-
-
-
-
11. Clustering and Domain Setup Walkthrough
-
-
-
In this article, I’d like to show you how to setup WildFly in domain
-mode and enable clustering so we could get HA and session replication
-among the nodes. It’s a step to step guide so you can follow the
-instructions in this article and build the sandbox by yourself.
-
-
-
11.1. Preparation & Scenario
-
-
11.1.1. Preparation
-
-
We need to prepare two hosts (or virtual hosts) to do the experiment. We
-will use these two hosts as following:
-
-
-
-
-
Install Fedora on them (Other linux version may also fine but I’ll
-use Fedora in this article)
-
-
-
Make sure that they are in same local network
-
-
-
Make sure that they can access each other via different TCP/UDP
-ports (better turn off firewall and disable SELinux during the experiment
-or they will cause network problems).
-
-
-
-
-
-
11.1.2. Scenario
-
-
Here are some details on what we are going to do:
-
-
-
-
-
Let’s call one host as 'primary', the other one as 'secondary'.
-
-
-
Both primary and secondary hosts will run WildFly, and the primary host
-will run as a domain controller, the secondary host will under the domain management of primary host.
-
-
-
Apache httpd will be run on the primary host, and in httpd we will enable the
-mod_cluster module. The WildFly on primary and secondary hosts will form a
-cluster and discovered by httpd.
-
-
-
-
-
-
-
-
-
-
We will deploy a demo project into the domain, and verify that the project
-is deployed into both primary and secondary Host Controllers by the domain controller.
-Thus we could see that domain management provide us a single point to manage the
-deployments across multiple hosts in a single domain.
-
-
-
We will access the cluster URL and verify that httpd has distributed
-the request to one of the WildFly hosts. So we could see the cluster is
-working properly.
-
-
-
We will try to make a request on cluster, and if the request is
-forwarded to the Domain Controller, we then kill the WildFly process on the primary host. After
-that we will go on requesting cluster and we should see the request is
-forwarded to the secondary Host Controller, but the session is not lost. Our goal is to verify
-the HA is working and sessions are replicated.
-
-
-
After previous step finished, we reconnect the Domain Controller by restarting
-it. We should see the Domain Controller is registered back into cluster, also we
-should see the secondary Host Controller sees the primary Host Controller as a domain controller again and connect to it.
-
-
-
-
-
-
-
-
Please don’t worry if you cannot digest so many details currently. Let’s
-move on and you will get the points step by step.
If everything ok we should see WildFly successfully startup in domain
-mode:
-
-
-
-
wildfly-29.0.0.Final/bin$ ./domain.sh
-=========================================================================
-
- JBoss Bootstrap Environment
-
- JBOSS_HOME: /Users/weli/Downloads/wildfly-29.0.0.Final
-
- JAVA: /Library/Java/Home/bin/java
-
- JAVA_OPTS: -Xms64m -Xmx512m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
-
-=========================================================================
-...
-
-[Server:server-two] 14:46:12,375 INFO [org.jboss.as] (Controller Boot Thread) JBAS015874: WildFly 29.0.0.Final "Kenny" started in 8860ms - Started 210 of 258 services (829 services are lazy, passive or on-demand)
-
-
-
-
Now exit from the primary host and let’s repeat the same steps on the secondary host. Finally,
-we get WildFly run on both primary and secondary hosts, then we could move on to
-next step.
-
-
-
-
11.3. Domain Configuration
-
-
11.3.1. Interface config on the Primary Host Controller
-
-
In this section we’ll setup both the primary and secondary hosts for them to run in
-domain mode. And we will configure the primary host to be the domain controller.
-
-
-
First open the host.xml in the primary host for editing:
-
-
-
-
vi domain/configuration/host.xml
-
-
-
-
The default settings for interface in this file is like:
We need to change the address to the management interface so the secondary Host Controller could
-connect to the primary Host Controller. The public interface allows the application to be
-accessed by non-local HTTP, and the unsecured interface allows remote
-RMI access. My primary host’s ip address is 10.211.55.7, so I change the
-config to:
11.3.2. Interface config on the Secondary Host Controller
-
-
Now we will setup interfaces on the secondary host. Let’s edit host.xml. Similar to
-the steps on the primary host, open host.xml first:
-
-
-
-
vi domain/configuration/host.xml
-
-
-
-
The configuration we’ll use on the secondary host is a little bit different, because
-we need to let the secondary Host Controller connect to the primary Host Controller. First we need to set the
-hostname. We change the name property from:
As we know, 10.211.55.7 is the ip address of the primary host.
-You may use discovery options to define multiple mechanisms to connect
-to the remote domain controller:
10.211.55.2 is the ip address of the secondary host. Refer to the domain
-controller configuration above for an explanation of the management,
-public, and unsecured interfaces.
-
-
-
-
-
-
-
-
-It is easier to turn off all firewalls for testing, but in production,
-you need to enable the firewall and allow access to the following ports:
-9999.
-
-
-
-
-
-
Dry Run
-
-
Now everything is set for the two hosts to run in domain mode. Let’s
-start them by running domain.sh on both hosts. If everything goes fine,
-we could see from the log on the primary Host Controller:
In this demo project we have a very simple web application. In web.xml
-we’ve enabled session replication by adding following entry:
-
-
-
-
<distributable/>
-
-
-
-
And it contains a jsp page called put.jsp which will put current time to
-a session entry called 'current.time':
-
-
-
-
<%
- session.setAttribute("current.time", new java.util.Date());
-%>
-
-
-
-
Then we could fetch this value from get.jsp:
-
-
-
-
The time is <%= session.getAttribute("current.time") %>
-
-
-
-
It’s an extremely simple project but it could help us to test the
-cluster later: We will access put.jsp from cluster and see the request
-are distributed to the primary host, then we disconnect the primary Host Controller and access get.jsp.
-We should see the request is forwarded to secondary host but the 'current.time'
-value is held by session replication. We’ll cover more details on this
-one later.
-
-
-
Let’s go back to this demo project. Now we need to create a war from it.
-In the project directory, run the following command to get the war:
-
-
-
-
mvn package
-
-
-
-
It will generate cluster-demo.war. Then we need to deploy the war into
-domain. First we should access the http management console on
-primary host (Because primary host is acting as domain controller):
-
-
-
-
http://10.211.55.7:9990
-
-
-
-
It will popup a windows ask you to input account name and password, we
-can use the 'admin' account we’ve added just now. After logging in we
-could see the 'Server Instances' window. By default there are three
-servers listed, which are:
-
-
-
-
-
server-one
-
-
-
server-two
-
-
-
server-three
-
-
-
-
-
We could see server-one and server-two are in running status and they
-belong to main-server-group; server-three is in idle status, and it
-belongs to other-server-group.
-
-
-
All these servers and server groups are set in domain.xml on the primary host.
-What we are interested in is the 'other-server-group' in domain.xml:
We could see this server-group is using 'ha' profile, which then uses
-'ha-sockets' socket binding group. It enables all the modules we need to
-establish cluster later (including infinispan, jgroup and mod_cluster
-modules). So we will deploy our demo project into a server that belongs
-to 'other-server-group', so 'server-three' is our choice.
-
-
-
-
-
-
-
-
-In newer version of WildFly, the profile 'ha' changes to 'full-ha':
-
Let’s go back to domain controller’s management console:
-
-
-
-
http://10.211.55.7:9990
-
-
-
-
Now server-three is not running, so let’s click on 'server-three' and
-then click the 'start' button at bottom right of the server list. Wait a
-moment and server-three should start now.
-
-
-
Now we should also enable 'server-three' on the secondary Host Controller: From the top of menu
-list on left side of the page, we could see now we are managing the primary Host Controller
-currently. Click on the list, and click 'secondary', then choose
-'server-three', and we are in secondary Host Controller management page now.
-
-
-
Then repeat the steps we’ve done on the primary host to start 'server-three' on
-secondary host.
-
-
-
-
-
-
-
-
-server-three on primary and secondary host are two different hosts, their names
-can be different.
-
-
-
-
-
-
After server-three on both primary and secondary hosts are started, we will add our
-cluster-demo.war for deployment. Click on the 'Manage Deployments' link
-at the bottom of left menu list.
-
-
-
-(We should ensure the server-three should be started on both primary and
-secondary hosts)
-
-
-
After enter 'Manage Deployments' page, click 'Add Content' at top right
-corner. Then we should choose our cluster-demo.war, and follow the
-instruction to add it into our content repository.
-
-
-
Now we can see cluster-demo.war is added. Next we click 'Add to Groups'
-button and add the war to 'other-server-group' and then click 'save'.
-
-
-
Wait a few seconds, management console will tell you that the project is
-deployed into 'other-server-group'.:
-
-
-
-
-
-
Please note we have two hosts participate in this server group, so the
-project should be deployed in both primary and secondary hosts now - that’s the
-power of domain management.
-
-
-
Now let’s verify this, trying to access cluster-demo from both primary
-and secondary hosts, and they should all work now:
-
-
-
-
http://10.211.55.7:8330/cluster-demo/
-
-
-
-
-
-
-
-
http://10.211.55.2:8330/cluster-demo/
-
-
-
-
-
-
-
Now that we have finished the project deployment and see the usages of
-domain controller, we will then head up for using these two hosts to
-establish a cluster
-
-
-
-
-
-
-
-
-Why is the port number 8330 instead of 8080? Please check the settings
-in host.xml on both primary and secondary hosts:
-
-
-
-
-
-
-
<servername="server-three"group="other-server-group"auto-start="false">
- <!-- server-three avoids port conflicts by incrementing the ports in
- the default socket-group declared in the server-group -->
- <socket-bindingsport-offset="250"/>
-</server>
-
-
-
-
The port-offset is set to 250, so 8080 + 250 = 8330
-
-
-
Now we quit the WildFly process on both primary and secondary hosts. We have some
-work left on host.xml configurations. Open the host.xml of primary host, and
-do some modifications the servers section from:
-
-
-
-
<servername="server-three"group="other-server-group"auto-start="false">
- <!-- server-three avoids port conflicts by incrementing the ports in
- the default socket-group declared in the server-group -->
- <socket-bindingsport-offset="250"/>
-</server>
-
-
-
-
to:
-
-
-
-
<servername="server-three"group="other-server-group"auto-start="true">
- <!-- server-three avoids port conflicts by incrementing the ports in
- the default socket-group declared in the server-group -->
- <socket-bindingsport-offset="250"/>
-</server>
-
-
-
-
We’ve set auto-start to true so we don’t need to enable it in management
-console each time WildFly restart. Now open secondary’s host.xml, and modify
-the server-three section:
-
-
-
-
<servername="server-three-secondary"group="other-server-group"auto-start="true">
- <!-- server-three avoids port conflicts by incrementing the ports in
- the default socket-group declared in the server-group -->
- <socket-bindingsport-offset="250"/>
-</server>
-
-
-
-
Besides setting auto-start to true, we’ve renamed the 'server-three' to
-'server-three-secondary'. We need to do this because mod_cluster will fail
-to register the hosts with same name in a single server group. It will
-cause name conflict.
-
-
-
After finishing the above configuration, let’s restart two as7 hosts and
-go on cluster configuration.
-
-
-
-
11.5. Cluster Configuration
-
-
We will use mod_cluster + apache httpd on primary host as our cluster
-controller here. Because WildFly has been configured to support
-mod_cluster out of box so it’s the easiest way.
-
-
-
-
-
-
-
-
-The WildFly domain controller and httpd are not necessary to be on
-same host. But in this article I just install them all on primary host for
-convenience.
-
-
-
-
-
-
First we need to ensure that httpd is installed:
-
-
-
-
sudo yum install httpd
-
-
-
-
And then we need to download newer version of mod_cluster from its
-website:
This is conflicted with cluster module. And then we need to make httpd
-to listen to public address so we could do the testing. Because we
-installed httpd on primary host so we know the ip address of it:
-
-
-
-
Listen 10.211.55.7:80
-
-
-
-
Then we do the necessary configuration at the bottom of httpd.conf:
-
-
-
-
# This Listen port is for the mod_cluster-manager, where you can see the status of mod_cluster.
-# Port 10001 is not a reserved port, so this prevents problems with SELinux.
-Listen 10.211.55.7:10001
-# This directive only applies to Red Hat Enterprise Linux. It prevents the temmporary
-# files from being written to /etc/httpd/logs/ which is not an appropriate location.
-MemManagerFile /var/cache/httpd
-
-<VirtualHost 10.211.55.7:10001>
-
- <Directory />
- Order deny,allow
- Deny from all
- Allow from 10.211.55.
- </Directory>
-
-
- # This directive allows you to view mod_cluster status at URL http://10.211.55.4:10001/mod_cluster-manager
- <Location /mod_cluster-manager>
- SetHandler mod_cluster-manager
- Order deny,allow
- Deny from all
- Allow from 10.211.55.
- </Location>
-
- KeepAliveTimeout 60
- MaxKeepAliveRequests 0
-
- ManagerBalancerName other-server-group
- AdvertiseFrequency 5
-
-</VirtualHost>
-
-
-
-
-
-
-
-
-
-For more details on mod_cluster configurations please see this document:
-
If everything goes fine we can start httpd service now:
-
-
-
-
service httpd start
-
-
-
-
Now we access the cluster:
-
-
-
-
http://10.211.55.7/cluster-demo/put.jsp
-
-
-
-
-
-
-
We should see the request is distributed to one of the hosts (primary or
-secondary) from the WildFly log. For me the request is sent to primary host:
-
-
-
-
[Server:server-three] 16:06:22,256 INFO [stdout] (http-10.211.55.7-10.211.55.7-8330-4) Putting date now
-
-
-
-
Now I disconnect the Domain Controller by using the management interface. Select
-'runtime' and the server 'primary' in the upper corners.
-
-
-
Select 'server-three' and kick the stop button, the active-icon should
-change.
-
-
-
Killing the server by using system commands will have the effect that
-the Host-Controller restart the instance immediately!
-
-
-
Then wait for a few seconds and access cluster:
-
-
-
-
http://10.211.55.7/cluster-demo/get.jsp
-
-
-
-
-
-
-
Now the request should be served by the secondary host and we should see the log from
-the secondary Host Controller:
-
-
-
-
[Server:server-three-secondary] 16:08:29,860 INFO [stdout] (http-10.211.55.2-10.211.55.2-8330-1) Getting date now
-
-
-
-
And from the get.jsp we should see that the time we get is the same
-we’ve put by 'put.jsp'. Thus it’s proven that the session is correctly
-replicated to the secondary host.
-
-
-
Now we restart the primary Host Controller and should see the host is registered back to
-cluster.
-
-
-
-
-
-
-
-
-It doesn’t matter if you found the request is distributed to the secondary host at
-first time. Then just disconnect the secondary Host Controller and do the testing, the request
-should be sent to the primary host instead. The point is we should see the request
-is redirect from one host to another and the session is held.
-
-
-
-
-
-
-
11.7. Special Thanks
-
-
Wolf-Dieter Fink has
-contributed the updated add-user.sh usages and configs in host.xml from
-7.1.0.Final.
-Jean-Frederic Clere provided
-the mod_cluster 1.2.0 usages.
-Misty Stanley-Jones has given a lot of suggestions and helps to make
-this document readable.
-
-
-
-
-
-
-
-
-References in this document to JavaServer Pages (JSP) refer to the Jakarta Server Pages unless otherwise noted
-
The WildFly project now produces two appserver variants, standard WildFly and WildFly Preview,
-so you’ll want to decide which is right for you. For most users the standard WildFly variant is the right choice,
-but if you’d like a technical preview look at what’s coming in the future, try out WildFly Preview.
-
-
-
-
-
2. Installing WildFly from a zipped distribution
-
-
-
Downloading the WildFly release zip and unzipping it is the traditional way to install
-a complete WildFly server with support for both standalone and managed domain operating modes. A WildFly distribution
-contains a large number of default configurations allowing you to select the server features and operating modes.
-
-
-
A WildFly distribution based installation is well suited when:
-
-
-
-
-
You want to rely on a traditional Jakarta EE application deployment.
-
-
-
You want a Jakarta EE or MicroProfile platform compliant server that offers all Jakarta EE or MicroProfile features.
-
-
-
You are not (yet) concerned by server installation size and memory footprint.
-
-
-
You are not yet sure of the kind of operating mode and application you are targeting.
-
-
-
Your server instances will contain one or more application deployments.
-
-
-
-
-
If that is the kind of installation you are aiming at, the guides that you should read next are:
-
-
-
-
-
The Getting Started Guide shows you
-how to install, start and configure the server.
Galleon provisioning tooling allows you to construct a customized WildFly installation according to your application needs.
-Some applications don’t need a fully featured server supporting all operating modes and containing all Jakarta EE capabilities.
-Galleon tooling allows you to select the server capabilities you want to see installed.
-
-
-
A WildFly server provisioned with Galleon is well suited when:
-
-
-
-
-
You want to rely on a traditional Jakarta EE application deployment.
-
-
-
You want to easily update an installation to the latest WildFly version.
-
-
-
Your application requires only a subset of the Jakarta EE or MicroProfile platform APIs
-(although Galleon can provision a server that supports the full set of Jakarta EE and MicroProfile platform APIs).
-
-
-
You are concerned by server installation size and memory footprint.
-
-
-
You are only using standalone operating mode (with support for High Availability or not).
-
-
-
Your server instances will contain one or more application deployments.
-
-
-
-
-
If that is the kind of installation you are aiming at, the guides that you should read next are:
A bootable JAR contains both a customized WildFly server and your deployment. Such a JAR can
-then run with a simple java command such as java -jar myapp-bootable.jar
-
-
-
A bootable JAR is built using Maven. You need to integrate the
-bootable JAR Maven plugin
-in the Maven project of your application.
-
-
-
A Bootable JAR is well suited when:
-
-
-
-
-
You want to leverage your existing WildFly applications.
-
-
-
You want to build a microservice composed of a server and a single application deployment.
-
-
-
You are concerned by JAR size and memory footprint.
-
-
-
You are only using standalone operating mode (with support for High Availability or not).
-
-
-
You are building your application using Maven.
-
-
-
-
-
If that is the kind of installation you are aiming at, the guide that you should read next is:
-
-
-
-
-
The Bootable JAR Guide shows you how to package your application and the WildFly server
-into a bootable JAR.
Since the initial development of JBoss AS7 the features added to WildFly have been continuing to
-increase, some of the older features are now being removed to make way for new features. This
-guide contains information about the removed features and their alternatives.
WildFly Elytron has made available a new credential store which replaces the PicketBox vault. The
-credential store can be used for credentials to be directly looked up for use by resources or it
-can be used to store a SecretKey which can be used by an expression resolver to decrypt
-previously encrypted expressions in the management model.
The first option is to use the Elytron command line utility to create a new store.
-
-
-
-
bin/elytron-tool.sh credential-store --create \
- --location=standalone/configuration/credentials.store
-Credential store password:
-Confirm credential store password:
-Credential Store has been successfully created
-
-
-
-
The creation process prompts for a password for the store twice and automatically creates the
-store.
However the store was created credentials can be added using either the command line utility or a
-management operation. If using the command line utility it is recommended that this is performed
-when no running server is using the store to prevent accidental overwrites.
The following command will add a new entry to the store under the alias example.
-
-
-
-
bin/elytron-tool.sh credential-store --add=example \
- --location=standalone/configuration/credentials.store
-Credential store password:
-Secret to store:
-Confirm secret to store:
-Alias "example" has been successfully stored
-
-
-
-
This command prompts for the credential store password once followed by promting for the secret to
-store twice.
The aliases in the credential store can be listed with the following command:
-
-
-
-
bin/elytron-tool.sh credential-store --aliases \
- --location=standalone/configuration/credentials.store
-Credential store password:
-Credential store contains following aliases: example
This will convert all of the contents of the vault to a new credential store. Vault entries were
-identified using a BLOCK and a NAME, the resulting alias in the credential store will be in the
-format BLOCK::NAME.
Resources in the management model which can reference credentials from the credential store use a
-credential-reference attribute, in defining the credential store previously this was used with
-a clear-password but it can also be used to reference an alias stored within a credential store.
-
-
-
The following managment operation demonstrates defining a new key-store resource using a
-credential store entry for the password.
In addition to using direct references to credentials it is also possible to use a SecretKey to
-handle previously encrypted expressions directly within the management model.
Before encrypted expressions can be used an AESSecretKey is required. The previous vault
-password making made use of a well known password for obfuscating, by using a SecretKey instead
-users can manage their own key.
The easiest way to create an encrupted expression is using a management operation as the result
-takes into account the configured expression=encryption resource.
The resulting expression ${ENC::RUxZAUMQ5Z7mXbyrCtv2kZlwHHpyJ//ma49gMAUnbmTfv2pGs30=} can now be
-used as the value for any other attribute in the management model which supports expressions.
WildFly ships with a number of quickstarts that show you how to get
-started with a variety of technologies in WildFly. You’ll find out how
-to write a web application using the latest Jakarta EE technologies like
-Jakarta Contexts and Dependency Injection and Jakarta RESTful Web Services.
-How to write client libraries to talk to WildFly using web services, Jakarta Messaging or Jakarta Enterprise Beans.
-How to set up a distributed transaction, and how to recover from a
-transaction failure. And much, much more.
-
-
-
-
-
1. Getting Started
-
-
-
Some of the quickstarts are described in great detail in the
-Getting Started
-Developing Applications Guide, which focuses on how get WildFly and
-Eclipse, with JBoss Tools set up, and how to build web applications.
-
-
-
The other quickstarts are all described in README files and code
-comments, including what to look out for, how to install and start
-WildFly, and how to deploy and test the quickstart.
-This section has not been updated for a long time and some sections are out of date. Contributions are welcome.
-
-
-
-
-
-
This document will detail the implementation of the testsuite
-integration submodule as it guides you on adding your own test cases.
-
-
-
The WildFly integration test suite has been designed with the following
-goals:
-
-
-
-
-
support execution of all identified test case use cases
-
-
-
employ a design/organization which is scalable and maintainable
-
-
-
provide support for the automated measurement of test suite quality
-(generation of feature coverage reports, code coverage reports)
-
-
-
-
-
In addition, these requirements were considered:
-
-
-
-
-
identifying distinct test case runs of the same test case with a
-different set of client side parameters and server side parameters
-
-
-
separately maintaining server side execution results (e.g. logs, the
-original server configuration) for post-execution debugging
-
-
-
running the testsuite in conjunction with a debugger
-
-
-
the execution of a single test (for debugging purposes)
-
-
-
running test cases against different container modes (managed in the
-main, but also remote and embedded)
-
-
-
configuring client and server JVMs separately (e.g., IPv6 testing)
-
-
-
-
-
1.1. Test Suite Organization
-
-
The testsuite module has a few submodules:
-
-
-
-
-
benchmark - holds all benchmark tests intended to assess relative
-performance of specific feature
-
-
-
domain - holds all domain management tests
-
-
-
integration - holds all integration tests
-
-
-
stress - holds all stress tests
-
-
-
-
-
It is expected that test contributions fit into one of these categories.
-
-
-
The pom.xml file located in the testsuite module is inherited by all
-submodules and is used to do the following:
-
-
-
-
-
set defaults for common testsuite system properties (which can then be
-overridden on the command line)
-
-
-
define dependencies common to all tests (Arquillian, junit or testng,
-and container type)
-
-
-
provide a workaround for @Resource(lookup=…) which requires
-libraries in jbossas/endorsed
-
-
-
-
-
It should not:
-
-
-
-
-
define module-specific server configuration build steps
-
-
-
define module-specific surefire executions
-
-
-
-
-
These elements should be defined in logical profiles associated with
-each logical grouping of tests; e.g., in the pom for the module which
-contains the tests. The submodule poms contain additional details of
-their function and purpose as well as expanded information as shown in
-this document.
-
-
-
-
1.2. Profiles
-
-
You should not activate the abovementioned profiles by -P, because that
-disables other profiles which are activated by default.
-
-
-
Instead, you should always use activating properties, which are in
-parentheses in the lists below.
-
-
-
Testsuite profiles are used to group tests into logical groups.
-
-
-
-
-
all-modules.module.profile (all-modules)
-
-
-
integration.module.profile (integration.module)
-
-
-
compat.module.profile (compat.module)
-
-
-
domain.module.profile (domain.module)
-
-
-
benchmark.module.profile (benchmark.module)
-
-
-
stress.module.profile (stress.module)
-
-
-
-
-
They also prepare WildFly instances and resources for respective
-testsuite submodules.
-
-
-
-
-
jpda.profile - sets surefire.jpda.args (debug)
-
-
-
ds.profile - sets database properties and prepares the datasource (ds=<db id>)
-
-
-
-
Has related database-specific profiles, like mysql51.profile etc.
Runs by default; use -Dts.noSmoke to prevent running.
-
-
-
Tests should execute quickly.
-
-
-
Divided into two Surefire executions:
-
-
-
-
-
One with full platform
-
-
-
Second with web profile (majority of tests).
-
-
-
-
-
-
1.3.2. Basic -Dts.basic
-
-
Basic integration tests - those which do not need a special configuration
-like cluster.
-
-
-
Divided into three Surefire executions:
-
-
-
-
-
One with full platform,
-
-
-
Second with web profile (majority of tests).
-
-
-
Third with web profile, but needs to be run after server restart to
-check whether persistent data are really persisted.
-
-
-
-
-
-
1.3.3. Clustering -Dts.clustering
-
-
Contains all tests relating to clustering aspects of the application server, such as:
-
-
-
-
-
web session clustering,
-
-
-
Jakarta Enterprise Beans session clustering,
-
-
-
command dispatcher,
-
-
-
web session affinity handling,
-
-
-
and other areas.
-
-
-
-
-
Tests should leverage shared testing logic by extending org.jboss.as.test.clustering.cluster.AbstractClusteringTestCase.
-The test case contract is that before executing the test method, all specified servers are started and all specified
-deployments are deployed. This allows Arquillian resource injection into the test case.
-
-
-
There are four WildFly server instances, one load-balancer (Undertow) and one datagrid (Infinispan server) available
-for the tests.
-
-
-
Maven profiles and Parallelization
-
-
There are maven profiles that might come in handy for testing:
-
-
-
-
-
ts.clustering.common.profile prepares server configurations used by test execution profiles
-
-
-
ts.clustering.cluster.ha.profile runs tests against standalone-ha.xml profile
-
-
-
ts.clustering.cluster.fullha.profile runs tests which require standalone-full-ha.xml profile; e.g. tests requiring JMS subsystem
-
-
-
ts.clustering.cluster.ha-infinispan-server.profile runs tests against standalone-ha.xml profile with Infinispan Server provisioned via @ClassRule
-
-
-
ts.clustering.single.profile runs clustering tests that are using a non-HA server profile
-
-
-
ts.clustering.byteman.profile runs clustering tests that require installation of byteman rules
-
-
-
-
-
For instance, to only run tests that run against full-ha profile, activate clustering tests with -Dts.clustering and exclude
-the other profiles with -P:
If the testsuite can be run on multiple runners in parallel, the main execution (which takes the majority of the execution time)
-can be split by packages using -Dts.surefire.clustering.ha.additionalExcludes property.
-This property feeds a regular expression to exclude sub-packages of the org.jboss.as.test.clustering.cluster package.
-The sub-packages at the time of writing are affinity, cdi, dispatcher, ejb, ejb2, group, jms, jpa,
-jsf, provider, registry, singleton, sso, web, and xsite.
-For instance, to parallelize testsuite execution on two machines (e.g. when using GitHub actions scripting or alike) the following commands
-could be used to split the clustering tests into two executions of similar execution time, the first node can run the first half of the tests in sub-packages, e.g.:
If the test packages get out of sync with the excludes this will result in a test running multiple times, rather than tests being omitted.
-
-
-
-
Running a single test
-
-
To run a single test, specifying -Dtest=foo is the standard way to do this. However, this overrides the includes/excludes
-section of the surefire maven plugin execution. So, in case of the clustering testsuite, the profile which this test belongs
-to, needs to be specified as well. For instance, to run a single test from the 'single' test execution, exclude the other
-test profiles:
1.3.4. Running Infinispan Server tests against custom distribution
-
-
To run the Infinispan Server-based tests against a custom distribution, a custom location can be specified with -Dinfinispan.server.home.override=/foo/bar
-and -Dinfinispan.server.profile.override=infinispan-13.0.xml to use a corresponding server profile.
-The distribution is then copied over to the build directories and patched with user credentials.
Target Audience: Those interested in running the testsuite or a subset
-thereof, with various configuration options.
-
-
-
2.1. Running the testsuite
-
-
The tests can be run using:
-
-
-
-
-
build.sh or build.bat, as a part of WildFly build.
-
-
-
-
By default, only smoke tests are run. To run all tests, run build.sh
-install -DallTests.
-
-
-
-
-
-
integration-tests.sh or integration-tests.bat, a convenience
-script which uses bundled Maven (currently 3.0.3), and runs all parent
-testsuite modules (which configure the AS server).
-
-
-
pure maven run, using mvn install.
-
-
-
-
-
The scripts are wrappers around Maven-based build. Their arguments are
-passed to Maven (with few exceptions described below). This means you
-can use:
-
-
-
-
-
build.sh (defaults to install)
-
-
-
build.sh install
-
-
-
build.sh clean install
-
-
-
integration-tests.sh install
-
-
-
…etc.
-
-
-
-
-
2.1.1. Supported Maven phases
-
-
Testsuite actions are bounds to various Maven phases up to verify.
-Running the build with earlier phases may fail in the submodules due to
-missed configuration steps. Therefore, the only Maven phases you may
-safely run, are:
-
-
-
-
-
clean
-
-
-
install
-
-
-
site
-
-
-
-
-
The test phase is not recommended to be used for scripted jobs as we
-are planning to switch to the failsafe plugin bound to the
-integration-test and verify phases. See
-WFLY-625 and
-WFLY-228.
Pure maven - if you prefer not to use scripts, you may achieve the
-same result with:
-
-
-
-
-
mvn … -rf testsuite
-
-
-
-
-
The -rf … parameter stands for "resume from" and causes Maven to run
-the specified module and all successive.
-
-
-
It’s possible to run only a single module (provided the ancestor modules
-were already run to create the AS copies) :
-
-
-
-
-
mvn … -pl testsuite/integration/cluster
-
-
-
-
-
The -pl … parameter stands for "project list" and causes Maven to
-run the specified module only.
-
-
-
2.2.1. Output to console
-
-
-
-DtestLogToFile
-
-
-
-
-
2.2.2. Other options
-
-
-DnoWebProfile - Run all tests with the full profile (
-standalone-full.xml). By default, most tests are run under web
-profile ( standalone.xml).
-
-
-
-Dts.skipTests - Skip testsuite’s tests. Defaults to the value of
--DskipTests, which defaults to false. To build AS, skip unit tests
-and run testsuite, use -DskipTests -Dts.skipTests=false.
-
-
-
-
2.2.3. Timeouts
-
-
Surefire execution timeout
-
-
Unfortunatelly, no math can be done in Maven, so instead of applying a
-timeout ratio, you need to specify timeout manually for Surefire.
-
-
-
-
-Dsurefire.forked.process.timeout=900
-
-
-
-
-
In-test timeout ratios
-
-
Ratio in prercent - 100 = default, 200 = two times longer timeouts for
-given category.
-
-
-
Currently we have five different ratios. Later, it could be replaced
-with just one generic, one for database and one for deployment
-operations.
cd testsuite; mvn install-Dtest='*Clustered*'
--Dts.basic
-# No need for -Dintegration.module - integration module is active by default.
-
-
-
-
-
The same shortcuts listed in "Test groups" may be used to activate the
-module and group profile.
-
-
-
Note that -Dtest= overrides <includes> and <exludes> defined in
-pom.xml, so do not rely on them when using wildcards - all compiled test
-classes matching the wildcard will be run.
-
-
-
Which Surefire execution is used?
-
-
-
Due to Surefire’s design flaw, tests run multiple times if there are
-multiple surefire executions.
-To prevent this, if -Dtest=… is specified, non-default executions
-are disabled, and standalone-full is used for all tests.
-If you need it other way, you can overcome that need:
-
-
-
-
-
basic-integration-web.surefire with standalone.xml - Configure standalone.xml to be used as server config.
-
-
-
basic-integration-non-web.surefire - For tests included here, technically nothing changes.
-
-
-
basic-integration-2nd.surefire - Simply run the second test in another invocation of Maven.
-
-
-
-
-
-
2.2.5. Running against existing AS copy (not the one from
-
-
build/target/jboss-as-*)
-
-
-
-Djboss.dist=<path/to/jboss-as> will tell the testsuite to copy that
-AS into submodules to run the tests against.
-
-
-
For example, you might want to run the testsuite against AS located in
-/opt/wildfly-8 :
jboss.dist is the location of the tested binaries. It gets copied to
-testsuite submodules.
-
-
-
jboss.home is internally used and points to those copied AS instances
-(for multinode tests, may be even different for each AS started by
-Arquillian).
-
-
-
Running against a running JBoss AS instance
-
-
Arquillian’s WildFly 29 container adapter allows specifying
-allowConnectingToRunningServer in arquillian.xml, which makes it
-check whether AS is listening at managementAddress:managementPort, and
-if so, it uses that server instead of launching a new one, and doesn’t
-shut it down at the end.
-
-
-
All arquillian.xml’s in the testsuite specify this parameter. Thus, if
-you have a server already running, it will be re-used.
-
-
-
-
Running against JBoss Enterprise Application Platform (EAP) 6.0
-
-
To run the testsuite against AS included JBoss Enterprise Application
-Platform 6.x (EAP), special steps are needed.
-
-
-
Assuming you already have the sources available, and the distributed EAP
-maven repository unzipped in e.g. /opt/jboss/eap6-maven-repo/ :
-
-
-
1) Configure maven in settings.xml to use only the EAP repository. This
-repo contains all artifacts necessary for building EAP, including maven
-plugins.
-The build (unlike running testsuite) may be done offline.
-The recommended way of configuring is to use special settings.xml, not
-your local one (typically in .m2/settings.xml).
For further information on building EAP and running the testsuite
-against it, see the official EAP documentation (link to be added)
-.
-
-
-
How-to for EAP QA can be found
-here (Red Hat internal
-only).
-
-
-
-
-
2.2.6. Running with a debugger
-
-
-
-
-
-
-
-
-
-
Argument
-
What will start with debugger
-
Default port
-
Port change arg.
-
-
-
-
-
-Ddebug
-
AS instances run by Arquillian
-
8787
-
-Das.debug.port=…
-
-
-
-Djpda
-
alias for -Ddebug
-
-
-
-
-
-DdebugClient
-
Test JVMs (currently Surefire)
-
5050
-
-Ddebug.port.surefire=…
-
-
-
-DdebugCLI
-
AS CLI
-
5051
-
-Ddebug.port.cli=…
-
-
-
-
-
Examples
-
-
-
./integration-tests.sh install -DdebugClient -Ddebug.port.surefire=4040
-
-...
-
--------------------------------------------------------
- T E S T S
--------------------------------------------------------
-Listening for transport dt_socket at address: 4040
-
-
-
-
-
./integration-tests.sh install -DdebugClient -Ddebug.port.surefire
-
-...
-
--------------------------------------------------------
- T E S T S
--------------------------------------------------------
-Listening for transport dt_socket at address: 5050
-JBoss AS is started by Arquillian, when the first test which requires
-given instance is run. Unless you pass -DtestLogToFile=false,there’s
-(currently) no challenge text in the console; it will look like the
-first test is stuck. This is being solved in
-http://jira.codehaus.org/browse/SUREFIRE-781.
-
-
-
-
-
-
-
-
-
-
-
-Depending on which test group(s) you run, multiple AS instances may be
-started. In that case, you need to attach the debugger multiple times.
-
-
-
-
-
-
-
-
2.2.7. Running tests with custom database
-
-
To run with different database, specify the -Dds and use these
-properties (with the following defaults):
The ds.db value is set depending on ds. E.g. -Dds=mssql2005 sets
-ds.db=mssql (since they have the same driver). -Dds.db may be
-overriden to use different driver.
-
-
-
In case you don’t want to use such driver, set just
--Dds.db= (empty) and provide the driver to the AS manually.
-Not supported; work in progress on parameter to provide JDBC Driver
-jar.
-
-
-
Default values
-
-
For WildFly continuous integration, there are some predefined values for
-some of databases, which can be set using:
-
-
-
-
-Dds.db=<database-identifier>
-
-
-
-
Where database-identifier is one of: h2, mysql51
-
-
-
-
-
2.2.8. Running tests with IPv6
-
-
-Dipv6 - Runs AS with
--Djava.net.preferIPv4Stack=false -Djava.net.preferIPv6Addresses=true
-
-
-
and the following defaults, overridable by respective parameter:
-
-
-
-
-
-
-
-
-
-
-
Parameter
-
IPv4 default
-
IPv6 default
-
-
-
-
-
-
-Dnode0
-
127.0.0.1
-
::1
-
Single-node tests.
-
-
-
-Dnode1
-
127.0.0.1
-
::1
-
Two-node tests (e.g. cluster) use this for the
-2nd node.
-
-
-
-Dmcast
-
230.0.0.4
-
ff01::1
-
ff01::1 is IPv6 Node-Local scope mcast
-addr.
-
-
-
-Dmcast.jgroupsDiag
-
224.0.75.75
-
ff01::2
-
JGroups diagnostics
-multicast address.
-
-
-
-Dmcast.modcluster
-
224.0.1.105
-
ff01::3
-
mod_cluster multicast
-address.
-
-
-
-
-
Values are set in AS configuration XML, replaced in resources (like
-ejb-jar.xml) and used in tests.
-
-
-
-
2.2.9. Running tests with security manager / custom security policy
-
-
-Dsecurity.manager - Run with default policy.
-
-
-
-Dsecurity.policy=<path> - Run with the given policy.
-
-
-
-Dsecurity.manager.other=<set of Java properties> - Run with the given
-properties. Whole set is included in all server startup parameters.
During the integration tests, Arquillian is passed a JVM argument which
-makes it run with JaCoCo agent, which records the executions into
-${basedir}/target/jacoco .
-
-
-
In the site phase, a HTML, XML and CSV reports are generated. That is
-done using jacoco:report Ant task in maven-ant-plugin since JaCoCo’s
-maven report goal doesn’t support getting classes outside
-target/classes.
-
-
-
Usage
-
-
-
./build.sh clean install -DskipTests
-./integration-tests.sh clean install -DallTests -Dcoverage
-./integration-tests.sh site -DallTests -Dcoverage ## Must run in separatedly.
<targetname="build-basic-integration"description="Builds server configuration for basic-integration tests">
- <build-server-configname="jbossas"/>
-
-
-
-
Which invokes
-
-
-
-
<!-- Copy the base distribution. -->
-<!-- We exclude modules and bundles as they are read-only and we locate the via sys props. -->
-<copytodir="@{output.dir}/@{name}">
- <filesetdir="@{jboss.dist}">
- <excludename="**/modules/**"/>
- <excludename="**/bundles/**"/>
- </fileset>
-</copy>
-
-<!-- overwrite with configs from test-configs and apply property filtering -->
-<copytodir="@{output.dir}/@{name}"overwrite="true"failonerror="false">
- <filesetdir="@{test.configs.dir}/@{name}"/>
- <filtersetbegintoken="${"endtoken="}">
- <filtertoken="node0"value="${node0}"/>
- <filtertoken="node1"value="${node1}"/>
- <filtertoken="udpGroup"value="${udpGroup}"/>
- <filter-elements/>
- </filterset>
-</copy>
Note to @ServerSetup annotation: It works as expected only on non-manual
-containers. In case of manual mode containers it calls setup() method
-after each server start up which is right (or actually before
-deployment), but the tearDown() method is called only at AfterClass
-event, i.e. usually after your manual shutdown of the server. Which
-limits you on the ability to revert some configuration changes on the
-server and so on. I cloned the annotation and changed it to fit the
-manual mode, but it is still in my github branch :)
-
-
-
-
7.5. Properties available in tests
-
-
7.5.1. Directories
-
-
-
-
jbosssa.project.dir - Project’s root dir (where ./build.sh is).
-
-
-
jbossas.ts.dir - Testsuite dir.
-
-
-
jbossas.ts.integ.dir - Testsuite’s integration module dir.
-
-
-
jboss.dist - Path to AS distribution, either built
-(build/target/jboss-as-…) or user-provided via -Djboss.dist
-
-
-
jboss.inst - (Arquillian in-container only) Path to the AS instance in
-which the test is running (until ARQ-650 is possibly done)
-
-
-
jboss.home - Deprecated as it’s name is unclear and
-confusing. Use jboss.dist or jboss.inst.
-
-
-
-
-
-
7.5.2. Networking
-
-
-
-
node0
-
-
-
node1
-
-
-
230.0.0.4
-
-
-
-
-
-
7.5.3. Time-related coefficients (ratios)
-
-
In case some of the following causes timeouts, you may prolong the
-timeouts by setting value >= 100:
-
-
-
100 = leave as is,
-150 = 50 % longer, etc.
-
-
-
-
-
timeout.ratio.gen - General ratio - can be used to adjust all
-timeouts.When this and specific are defined, both apply.
-
-
-
timeout.ratio.fs- Filesystem IO
-
-
-
timeout.ratio.net - Network IO
-
-
-
timeout.ratio.mem - Memory IO
-
-
-
timeout.ratio.cpu - Processor
-
-
-
timeout.ratio.db - Database
-
-
-
-
-
Time ratios will soon be provided by
-org.jboss.as.test.shared.time.TimeRatio.for*() methods.
-
-
-
-
-
7.6. Negative tests
-
-
To test invalid deployment handling: @ShouldThrowException
If any tests fail and they do not fail in main, fix it and go back
-to the "Fetch" step.
-
-
-
-
-
-
Push to a new branch in your GitHub repo:
-git push origin WFLY-1234-new-XY-tests
-
-
-
Create a pull-request on GitHub. Go to your branch and click on
-"Pull Request".
-
-
-
-
If you have a jira, start the title with it, like - WFLY-1234 New
-tests for XYZ.
-
-
-
If you don’t, write some apposite title. In the description, describe
-in detail what was done and why should it be merged. Keep in mind that
-the diff will be visible under your description.
-
-
-
-
-
-
Keep the branch rebased daily until it’s merged (see the Fetch
-step). If you don’t, you’re dramatically decreasing chance to get it
-merged.
-
-
-
There’s a mailing list, jbossas-pull-requests, which is notified of
-every pull-request.
-
-
-
You might have someone with merge privileges to cooperate with you, so
-they know what you’re doing, and expect your pull request.
-
-
-
When your pull request is reviewed and merged, you’ll be notified by
-mail from GitHub.
-
-
-
You may also check if it was merged by the following:
-git fetch upstream; git cherry<branch> ## Or git branch
---contains\{\{<branch> - see}} here
-
-
-
Your commits will appear in main. They will have the same hash as in
-your branch.
-
-
-
-
You are now safe to delete both your local and remote branches:
-git branch -D WFLY-1234-your-branch; git push origin :WFLY-1234-your-branch
-
-
-
-
-
-
-
-
-
-
-
8. How to Add a Test Case
-
-
-
(Please don’t (re)move - this is a landing page from a Jira link.)
-
-
-
Thank you for finding time to contribute to WildFly 29 quality.
-Covering corner cases found by community users with tests is very
-important to increase stability.
-If you’re providing a test case to support your bug report, it’s very
-likely that your bug will be fixed much sooner.
-
-
-
8.1. 1) Create a test case.
-
-
It’s quite easy - a simple use case may even consist of one short .java
-file.
Ask for help at WildFly 29 forum or at IRC - #wildfly @ FreeNode.
-
-
-
-
8.2. 2) Push your test case to GitHub and create a pull request.
-
-
For information on how to create a GitHub account and push your code
-therein, see Hacking
-on WildFly.
-
-
-
If you’re not into Git, send a diff file to JBoss forums, someone might
-pick it up.
-
-
-
-
8.3. 3) Wait for the outcome.
-
-
Your test case will be reviewed and eventually added. It may take few
-days.
-
-
-
When something happens, you’ll receive a notification e-mail.
-
-
-
-
-
-
9. Before you add a test
-
-
-
Every added test, whether ported or new should follow the same
-guidelines:
-
-
-
9.1. Verify the test belongs in WildFly
-
-
AS6 has a lot of tests for things that are discontinued. For example
-the
-legacy JBoss Transaction Manager which was replaced by Arjuna. Also we
-had tests for SPIs that no longer exist. None of these things should
-be
-migrated.
-
-
-
-
9.2. Only add CORRECT and UNDERSTANDABLE tests
-
-
If you don’t understand what a test is doing (perhaps too complex), or
-it’s going about things in a strange way that might not be correct,
-THEN
-DO NOT PORT IT. Instead we should have a simpler, understandable, and
-correct test. Write a new one, ping the author, or skip it altogether.
-
-
-
-
9.3. Do not add duplicate tests
-
-
Always check that the test you are adding doesn’t have coverage
-elsewhere (try using "git grep"). As mentioned above we have some
-overlap between 6 and 7. The 7 test version will likely be better.
-
-
-
-
9.4. Don’t name tests after JIRAs
-
-
A JIRA number is useless without an internet connection, and they are
-hard to read. If I get a test failure thats XDGR-843534578 I have to
-dig
-to figure out the context. It’s perfectly fine though to link to a
-JIRA
-number in the comments of the test. Also the commit log is always
-available.
-
-
-
-
9.5. Tests should contain javadoc that explains what is being tested
-
-
This is especially critical if the test is non-trivial
-
-
-
-
9.6. Prefer expanding an EXISTING test over a new test class
-
-
If you are looking at migrating or creating a test with similar
-functionality to an exiting test, it is better to
-expand upon the existing one by adding more test methods, rather than
-creating a whole new test. In general each
-new test class adds at least 300ms to execution time, so as long as it
-makes sense it is better to add it to an
-existing test case.
-
-
-
-
9.7. Organize tests by subsystem
-
-
Integration tests should be packaged in subpackages under the relevant
-subsystem (e.g org.jboss.as.test.integration.ejb.async). When a test
-impacts multiple subsystems this is a bit of a judgement call, but in
-general the tests should go into the package of
-the spec that defines the functionality (e.g. Jakarta Contexts and Dependency Injection based constructor
-injection into an Jakarta Enterprise Beans, even though this involves Jakarta Contexts and Dependency Injection and Jakarta Enterprise Beans,
-the Jakarta Contexts and Dependency Injection spec defines this behaviour)
-
-
-
-
9.8. Explain non-obvious spec behavior in comments
-
-
The EE spec is full of odd requirements. If the test is covering
-behavior that is not obvious then please add something like "Verifies
-EE
-X.T.Z - The widget can’t have a foobar if it is declared like blah"
-
-
-
-
9.9. Put integration test resources in the source directory of the test
-
-
At the moment there is not real organization of these files. It makes
-sense for most apps to have this separation, however the testsuite is
-different. e.g. most apps will have a single deployment descriptor of
-a
-given type, for the testsuite will have hundreds, and maintaining
-mirroring
-package structures is error prone.
-This also makes the tests easier to understand, as all the artifacts
-in
-the deployment are in one place, and that place tends to be small
-(only
-a handful of files).
-
-
-
-
9.10. Do not hard-code values likely to need configuration (URLs, ports, …)
-
-
URLs hardcoded to certain address (localhost) or port (like the default
-8080 for web) prevent running the test against different address or with
-IPv6 adress.
-Always use the configurable values provided by Arquillian or as a system
-property.
-If you come across a value which is not configurable but you think it
-should be, file an WildFly 29 jira issue with component "Test suite".
-See
-@ArquillianResourrce
-usage example.
-
-
-
-
9.11. Follow best committing practices
-
-
-
-
Only do changes related to the topic of the jira/pull request.
-
-
-
Do not clutter your pull request with e.g. reformatting, fixing typos
-spotted along the way - do another pull request for such.
-
-
-
Prefer smaller changes in more pull request over one big pull request
-which are difficult to merge.
-
-
-
Keep the code consistent across commits - e.g. when renaming
-something, be sure to update all references to it.
-
-
-
Describe your commits properly as they will appear in main’s linear
-history.
-
-
-
If you’re working on a jira issue, include it’s ID in the commit
-message(s).
-
-
-
-
-
-
9.12. Do not use blind timeouts
-
-
Do not use Thread.sleep() without checking for the actual condition you
-need to be fulfilled.
-You may use active waiting with a timeout, but prefer using timeouts of
-the API/SPI you test where available.
-
-
-
Make the timeouts configurable: For a group of similar test, use a
-configurable timeout value with a default if not set.
-
-
-
-
9.13. Provide messages in assert*() and fail() calls
-
-
Definitely, it’s better to see "File x/y/z.xml not found" instead of:
-
-
-
-
junit.framework.AssertionFailedError
- at junit.framework.Assert.fail(Assert.java:48) [arquillian-service:]
- at junit.framework.Assert.assertTrue(Assert.java:20) [arquillian-service:]
- at junit.framework.Assert.assertTrue(Assert.java:27) [arquillian-service:]
- at org.jboss.as.test.smoke.embedded.parse.ParseAndMarshalModelsTestCase.getOriginalStandaloneXml(ParseAndMarshalModelsTestCase.java:554) [bogus.jar:]
-
-
-
-
-
9.14. Provide configuration properties hints in exceptions
-
-
If your test uses some configuration property and it fails possibly due
-to misconfiguration, note the property and it’s value in the exception:
Don’t put much data to static fields, or clean them in a finaly {…} block.
-
-
-
Don’t alter AS config (unless you are absolutely sure that it will
-reload in a final \{…} block or an @After* method)
-
-
-
-
-
-
9.16. Keep the tests configurable
-
-
Keep these things in properties, set them at the beginning of the test:
-* Timeouts
-* Paths
-* URLs
-* Numbers (of whatever)
-
-
-
They either will be or already are provided in form of system
-properties, or a simple testsuite until API (soon to come).
-
-
-
-
-
-
10. Shared Test Classes and Resources
-
-
-
10.1. Among Testsuite Modules
-
-
Use the testsuite/shared module.
-
-
-
Classes and resources in this module are available in all testsuite
-modules - i.e. in testsuite/* .
-
-
-
Only use it if necessary - don’t put things "for future use" in there.
-
-
-
Don’t split packages across modules.Make sure the java package is
-unique in the WildFly project.
-
-
-
Document your util classes (javadoc) so they can be easily found and
-reused! A generated list will be put here.
-
-
-
-
10.2. Between Components and Testsuite Modules
-
-
To share component’s test classes with some module in testsuite, you
-don’t need to split to submodules.
-You can create a jar with classifier using this:
WildFly Elytron brings to WildFly a single unified security framework across
-the whole of the application server. As a single framework it will be usable
-both for configuring management access to the server and for applications
-deployed to the server. It will also be usable across all process types so
-there will be no need to learn a different security framework for host
-controllers in a domain compared to configuring a standalone server.
-
-
-
The project covers these main areas:
-
-
-
-
-
Authentication
-
-
-
Authorization
-
-
-
SSL / TLS
-
-
-
Secure Credential Storage
-
-
-
-
-
1.1. Authentication
-
-
One of the fundamental objectives of the project was to ensure that we
-can use stronger authentication mechanisms for both HTTP and SASL based
-authentication, in both cases the new framework also makes it possible
-to bring in new implementations opening up various integration
-opportunities with external solutions.
-
-
-
-
1.2. Authorization
-
-
The architecture of the project makes a very clear distinction between
-the raw representation of the identity as returned by a SecurityRealm
-from the repository of identities and the final representation as a
-SecurityIdentity after roles have been decoded and mapped and
-permissions have been mapped.
-
-
-
Custom implementations of the components to perform role decoding and
-mapping, and permission mapping can be provided allowing for further
-flexibility beyond the default set of components provided by the
-project.
-
-
-
-
1.3. SSL / TLS
-
-
The project becomes the centralised point within the application server
-for configuring SSL related resources meaning they can be configured in
-a central location and referenced by resources across the application
-server. The centralised configuration also covers advanced options such
-as configuration of enabled cipher suites and protocols without this
-information needing to be distributed across the management model.
-
-
-
The SSL / TLS implementation also includes an optimisation where it can
-be closely tied to authentication allowing for permissions checks to be
-performed on establishment of a connection before the first request is
-received and the eager construction of a SecurityIdentity eliminating
-the need for it to be constructed on a per-request basis.
-
-
-
-
1.4. Secure Credential Storage
-
-
The previous vault used for plain text String encryption is replaced
-with a newly designed credential store. in addition to the protection it
-offers for the credentials stored within it, the store currently
-supports storage of clear text credentials.
-
-
-
-
-
-
2. General Elytron Architecture
-
-
-
The overall architecture for WildFly Elytron is building up a full
-security policy from assembling smaller components together, by default
-we include various implementations of the components - in addition to
-this, custom implementations of many components can be provided in order
-to provide more specialised implementations.
-
-
-
Within WildFly the different Elytron components are handled as
-capabilities meaning that different implementations can be mixed and
-matched, however the different implementations are modelled using
-distinct resources. This section contains a number of diagrams to show
-the general relationships between different components to provide a high
-level view, however the different resource definitions may use different
-dependencies depending on their purpose.
-
-
-
2.1. Security Domains
-
-
Within WildFly Elytron a SecurityDomain can be considered as a security
-policy backed by one or more SecurityRealm instances. Resources that
-make authorization decisions will be associated with a SecurityDomain,
-from the SecurityDomain a SecurityIdentity can be obtained which is a
-representation of the current identity, from this the identity’s roles
-and permissions can be checked to make the authorization decision for
-the resource.
-
-
-
The SecurityDomain is the general wrapper around the policy describing a
-resulting SecurityIdentity and makes use of the following components to
-define this policy.
-
-
-
-
-
NameRewriter
-
-
-
-
-
NameRewriters are used in multiple places within the Elytron
-configuration, as their name implies, their purpose is to take a name
-and map it to another representation of the name or perform some
-normalisation or clean up of the name.
-
-
-
-
-
RealmMapper
-
-
-
-
-
As a SecurityDomain is able to reference multiple SecurityRealms the
-RealmMapper is responsible for identifying which SecurityRealm to use
-based on the supplied name for authentication.
-
-
-
-
-
SecurityRealm
-
-
-
-
-
One or more named SecurityRealms are associated with a SecurityDomain.
-A SecurityRealm provides access to the underlying repository of
-identities. It is used for obtaining credentials to allow
-authentication mechanisms to perform verification, for validation of
-Evidence, and for obtaining the raw AuthorizationIdentity performing the
-authentication.
-
-
-
Some SecurityRealm implementations are also modifiable and therefore
-expose an API that allows for updates to be made to the repository
-containing the identities.
-
-
-
-
-
RoleDecoder
-
-
-
-
-
Along with the SecurityRealm association is also a reference to a
-RoleDecoder, the RoleDecoder takes the raw AuthorizationIdentity
-returned from the SecurityRealm and converts its attributes into roles.
-
-
-
-
-
RoleMapper
-
-
-
-
-
After the roles have been decoded for an identity, further mapping can be
-applied. This could be as simple as normalising the format of role names,
-or perhaps adding or removing specific role names. If a RoleMapper is
-referenced by a SecurityRealm association, that RoleMapper is applied
-first before applying the RoleMapper associated with the SecurityDomain.
-
-
-
-
-
PrincipalDecoder
-
-
-
-
-
A PrincipalDecoder converts from a Principal to a String representation
-of a name. One example for this is the X500PrincipalDecoder, which
-is able to extract an attribute from a distinguished name.
-
-
-
-
-
PermissionMapper
-
-
-
-
-
In addition to having roles, a SecurityIdentity can also have a set of
-permissions. The PermissionMapper assigns those permissions to the
-identity.
-
-
-
Different secured resources can be associated with different
-SecurityDomains for their authorization decisions. Within WildFly
-Elytron we have the ability to configure inflow between different
-SecurityDomains. The inflow process means that a SecurityIdentity
-inflowed into a second SecurityDomain has the mappings of the new
-SecurityDomain applied to it. So although a common identity may be
-calling different resources, each of those resources could have a very
-different view of the roles and permissions associated with the
-identity.
-
-
-
-
2.2. SASL Authentication
-
-
The SaslAuthenticationFactory is an authentication policy for
-authentication using SASL authentication mechanisms. In addition to
-being a policy it is also a factory for configured authentication
-mechanisms backed by a SecurityDomain.
-
-
-
The SaslAuthenticationFactory references the following: -
-
-
-
-
-
SecurityDomain
-
-
-
-
-
This is the security domain that any mechanism authentication will be
-performed against.
-
-
-
-
-
SaslServerFactory
-
-
-
-
-
This is the general factory for server side SASL authentication
-mechanisms.
-
-
-
-
-
MechanismConfigurationSelector
-
-
-
-
-
Additional configuration can be supplied for the authentication
-mechanisms. The configuration will be described in more detail later but
-the purpose of the MechanismConfigurationSelector is to obtain
-configuration specific to the mechanism selected. This can include
-information about realm names a mechanism should present to a remote
-client plus additional NameRewriters and RealmMappers to use during the
-authentication process.
-
-
-
The reason some components referenced by the SecurityDomain are
-duplicated is so that mechanism-specific mappings can be applied.
-
-
-
-
2.3. HTTP Authentication
-
-
The HttpAuthenticationFactory is an authentication policy for
-authentication using HTTP authentication mechanisms, including the BASIC,
-DIGEST, EXTERNAL, FORM, SPNEGO, and CLIENT_CERT mechanisms. In addition to
-being a policy, it is also a factory for configured authentication
-mechanisms backed by a SecurityDomain.
-
-
-
The HttpAuthenticationFactory references the following:
-
-
-
-
-
SecurityDomain
-
-
-
-
-
This is the security domain that any mechanism authentication will be
-performed against.
-
-
-
-
-
HttpServerAuthenticationMechanismFactory
-
-
-
-
-
This is the general factory for server side HTTP authentication
-mechanisms.
-
-
-
-
-
MechanismConfigurationSelector
-
-
-
-
-
Additional configuration can be supplied for the authentication
-mechanisms. The configuration will be described in more detail later but
-the purpose of the MechanismConfigurationSelector is to obtain
-configuration specific to the mechanism selected. This can include
-information about realm names a mechanism should present to a remote
-client plus additional NameRewriters and RealmMappers to use during the
-authentication process.
-
-
-
The reason some components referenced by the SecurityDomain are
-duplicated is so that mechanism-specific mappings can be applied.
-
-
-
-
2.4. SSL / TLS
-
-
The SSLContext defined within Elytron is a javax.net.ssl.SSLContext
-meaning it can be used by anything that uses an SSLContext directly.
-
-
-
In addition to the usual configuration for an SSLContext it is possible
-to configure additional items such as cipher suites and protocols and
-the SSLContext returned will wrap any engines created to set these
-values.
-
-
-
The SSLContext within Elytron can also reference the following:
-
-
-
-
-
KeyManagers
-
-
-
-
-
An array of KeyManager instances to be used by the SSLContext, this in
-turn can reference a KeyStore to load the keys.
-
-
-
-
-
TrustManagers
-
-
-
-
-
An array of TrustManager instances to be used by the SSLContext, this in
-turn can also reference a KeyStore to load the certificates.
-
-
-
-
-
SecurityDomain
-
-
-
-
-
If an SSLContext is (optionally) configured to reference a
-SecurityDomain then verification of a client’s certificate can be
-performed as an authentication ensuring the appropriate permissions to
-Logon are assigned before even allowing the connection to be fully
-opened. Additionally, the SecurityIdentity can be established at the time
-the connection is opened and used for any invocations over the
-connection.
-
-
-
-
2.5. Passwords
-
-
One of the core features of WildFly Elytron is the ability to work with many different formats for representing passwords, WildFly Elytron also contains APIs that can be used to convert from clear text passwords to these representations that can be stored in the underlying identity stores.
-
-
-
This section will document how these APIs can be used to work with the different password types.
-
-
-
2.5.1. PasswordFactory
-
-
Working with passwords will require interaction with the org.wildfly.security.password.PasswordFactory API, this obtains access to implementations from java.security.Provider instances, there are two different ways these can be identified: -
-
-
-
-
-
By querying the globally installed Providers
-
-
-
By passing in the Provider to the getInstance method of the PasswordFactory API.
-
-
-
-
-
In both cases the WildFly Elytron implementations are provided by the org.wildfly.security.WildFlyElytronProvider provider.
-
-
-
When relying on the Provider being globally registered the PasswordFactory for a specific algorithm can be obtained as: -
A second approach is to obtain a raw representation of the ClearPassword, however this will need to be translated into the PasswordFactory if it will be used for evidence validation but if the Password is not being used for verification this can be a suitable alternative provided the parameters have been pre-verified.
The raw password can be used for other areas of the Elytron APIs however if it is used for validation an error similar to the following will be thrown.
-
-
-
-
Exception in thread "main" java.security.InvalidKeyException
- at org.wildfly.security.password.impl.PasswordFactorySpiImpl.engineVerify(PasswordFactorySpiImpl.java:762)
- at org.wildfly.security.password.PasswordFactory.verify(PasswordFactory.java:210)
-[source,java]
-
-
-
-
-
2.5.3. Simple Digest
-
-
The next type of password is the simple digest, for this password type the clear text password id digested using the specified algorithm however no salt is used.
-
-
-
The following algorithms are applicable to this type of encoding.
-
-
-
-
-
simple-digest-md2
-
-
-
simple-digest-md5
-
-
-
simple-digest-sha-1
-
-
-
simple-digest-sha-256
-
-
-
simple-digest-sha-384
-
-
-
simple-digest-sha-512
-
-
-
-
-
The following example illustrates how the Password instance can be created starting from the clear text password,from this the digested representation of the password can be obtained which could be used to store the password. The digested representation is then used to create a further Password instance.
Two variations of salted digests are supported, these can either be digested with the salt first or the password first. The following algorithms are supported: -
-
-
-
-
-
password-salt-digest-md5
-
-
-
password-salt-digest-sha-1
-
-
-
password-salt-digest-sha-256
-
-
-
password-salt-digest-sha-384
-
-
-
password-salt-digest-sha-512
-
-
-
salt-password-digest-md5
-
-
-
salt-password-digest-sha-1
-
-
-
salt-password-digest-sha-256
-
-
-
salt-password-digest-sha-384
-
-
-
salt-password-digest-sha-512
-
-
-
-
-
The following example shows how using a generated salt the password can be created from a clear text password and then subsequently how the password can be recreated from the salt and digest.
The Digest passwords are an alternative form of digest where the username, realm and password are digested together delimited with a ':', these are usable with clear text authentication mechanisms but also usable with the digest authentication mechanisms also eliminating the transmission of clear text passwords during authentication. The following algorithms are supported: -
-
-
-
-
-
digest-md5
-
-
-
digest-sha
-
-
-
digest-sha-256
-
-
-
digest-sha-384
-
-
-
digest-sha-512
-
-
-
digest-sha-512-256
-
-
-
-
-
The following example illustrates how a password can be created from the username, realm, and password and then how it can be recreated from the digest, realm, and password.
For this password type is not possible to create the password from the ClearPasswordSpec as additional information always needs to be specified and can not be dynamically or randomly generated, however the raw APIs can still be used.
Another set of passwords more tightly tied to a specific authentication mechanism are the SCRAM password types, the following algorithms are supported: -
-
-
-
-
-
scram-sha-1
-
-
-
scram-sha-256
-
-
-
scram-sha-384
-
-
-
scram-sha-512
-
-
-
-
-
The following demonstrates how a clear password can be converted to a scram password using a specified salt and iteration count and how this can be recreated from the digested value.
Alternatively instead of using the IteratedSaltedPasswordAlgorithmSpec is it also possible to use a SaltedPasswordAlgorithmSpec when converting from the clear text password and a default iteration count will be used instead, this is similar to how the conversion happens for salted digest passwords.
-
-
-
It is also possible to omit the salt and iteration count and these will be generated.
-
-
-
-
ClearPasswordSpec clearSpec = new ClearPasswordSpec(TEST_PASSWORD.toCharArray());
-
-ScramDigestPassword original = (ScramDigestPassword) passwordFactory.generatePassword(clearSpec);
-
-byte[] salt = original.getSalt();
-byte[] digest = original.getDigest();
-int iterationCount = original.getIterationCount();
-
-
-
-
Starting with a digest, salt, and iteration count the raw APIs can also be used.
One more type of mechanism specific password is the one time password type. The following algorithms are supported: -
-
-
-
-
-
otp-md5
-
-
-
otp-sha1
-
-
-
otp-sha256
-
-
-
otp-sha384
-
-
-
otp-sha512
-
-
-
-
-
The following demonstrates how a clear password can be converted to a one time password using a specified seed and iteration count and how this can be recreated from the hashed value.
This example does not include verification as that is handled by the SASL mechanism which also increments the sequence and replaces the hash, this does mean this password type needs to be used with a security realm which also supports updates.
-
-
-
Starting with the hash and sequence number the raw APIs can also be used.
The following algorithms are also supported for alternative iterated salted password types: -
-
-
-
-
-
bcrypt
-
-
-
sun-crypt-md5
-
-
-
sun-crypt-md5-bare-salt
-
-
-
crypt-sha-256
-
-
-
crypt-sha-512
-
-
-
bsd-crypt-des
-
-
-
-
-
The general pattern for working with these password types is the same as was used for Scram password types if an interaction count is specified or the same as salted digest password types if a default iteration count is to be used instead.
-
-
-
-
2.5.9. Other Salted Types
-
-
The following algorithms are also supported for salted password types: -
-
-
-
-
-
crypt-md5
-
-
-
crypt-des
-
-
-
-
-
The general pattern for working with these password types is the same as was used for salted digest password types as no iteration count is required.
-
-
-
-
2.5.10. Masked Password Types
-
-
Finally a set of masked password types are also supported to add support for legacy password types which were previously supported within PicketBox, the following algorithms are supported.
A number of password types can be encoded using modular crypt allowing information such as the password type, the hash or digest, the salt, and the iteration count to be encoded in a single String, this can make storage and retrieval of passwords easier as multiple pieces of related data can be handled as one.
-
-
-
Within the WildFly Elytron project the utility org.wildfly.security.password.util.ModularCrypt can be used to handle the encoding and decoding.
-
-
-
The following password types can be encoded and decoded: -
-
-
-
-
-
BCryptPassword
-
-
-
BSDUnixDESCryptPassword
-
-
-
UnixDESCryptPassword
-
-
-
UnixMD5CryptPassword
-
-
-
SunUnixMD5CryptPassword
-
-
-
UnixSHACryptPassword
-
-
-
-
-
The following code demonstrates this for a BSDUnixDESCryptPassword: -
-The Password returned from the call to ModularCrypt.decode(…) is a raw password so needs translating by the PasswordFactory.
-
-
-
-
-
-
-
-
-
-
3. Elytron Subsystem
-
-
-
WildFly Elytron is a security framework used to unify security across
-the entire application server. The elytron subsystem enables a single
-point of configuration for securing both applications and the management
-interfaces. WildFly Elytron also provides a set of APIs and SPIs for
-providing custom implementations of functionality and integrating with
-the elytron subsystem.
-
-
-
In addition, there are several other important features of the WildFly
-Elytron:
-
-
-
-
-
Stronger authentication mechanisms for HTTP and SASL authentication.
-
-
-
Improved architecture that allows for SecurityIdentities to be
-propagated across security domains and transparently transformed ready
-to be used for authorization. This transformation takes place using
-configurable role decoders, role mappers, and permission mappers.
-
-
-
Centralized point for SSL/TLS configuration including cipher suites
-and protocols.
-
-
-
SSL/TLS optimizations such as eager SecureIdentity construction and
-closely tying authorization to establishing an SSL/TLS connection. Eager
-SecureIdentity construction eliminates the need for a SecureIdentity
-to be constructed on a per-request basis. Closely tying authentication
-to establishing an SSL/TLS connection enables permission checks to
-happen BEFORE the first request is received.
-
-
-
A secure credential store that replaces the previous vault
-implementation to store clear text credentials.
-
-
-
-
-
The new elytron subsystem exists in parallel to the legacy security
-subsystem and legacy core management authentication. Both the legacy and
-Elytron methods may be used for securing the management interfaces as
-well as providing security for applications.
-
-
-
3.1. Get Started using the Elytron Subsystem
-
-
To get started using Elytron, refer to these topics:
-
-
-
-
-
Use the default Elytron components for
-application
-and
-management
-authentication
-
-
-
Secure an application with a new identity store stored in a
-filesystem
-or
-database.
WildFly Elytron provides a default set of implementations in the
-elytron subsystem.
-
-
-
3.2.1. Factories
-
-
-
-
-
-
-
-
Component
-
Description
-
-
-
-
-
aggregate-http-server-mechanism-factory
-
An HTTP server factory
-definition where the HTTP server factory is an aggregation of other HTTP
-server factories.
-
-
-
aggregate-sasl-server-factory
-
A SASL server factory definition where
-the SASL server factory is an aggregation of other SASL server
-factories.
-
-
-
configurable-http-server-mechanism-factory
-
A SASL server factory
-definition where the SASL server factory is an aggregation of other SASL
-server factories.
-
-
-
configurable-sasl-server-factory
-
A SASL server factory definition
-where the SASL server factory is an aggregation of other SASL server
-factories.
-
-
-
custom-credential-security-factory
-
A custom credential SecurityFactory
-definition.
-
-
-
http-authentication-factory
-
Resource containing the association of a
-security domain with a HttpServerAuthenticationMechanismFactory.
-
-
-
kerberos-security-factory
-
A security factory for obtaining a
-GSSCredential for use during authentication.
-
-
-
mechanism-provider-filtering-sasl-server-factory
-
A SASL server factory
-definition that enables filtering by provider where the factory was
-loaded using a provider.
-
-
-
provider-http-server-mechanism-factory
-
An HTTP server factory
-definition where the HTTP server factory is an aggregation of factories
-from the provider list.
-
-
-
provider-sasl-server-factory
-
A SASL server factory definition where
-the SASL server factory is an aggregation of factories from the provider
-list.
-
-
-
sasl-authentication-factory
-
Resource containing the association of a
-security domain with a SaslServerFactory.
-
-
-
service-loader-http-server-mechanism-factory
-
An HTTP server factory
-definition where the HTTP server factory is an aggregation of factories
-identified using a ServiceLoader
-
-
-
service-loader-sasl-server-factory
-
A SASL server factory definition
-where the SASL server factory is an aggregation of factories identified
-using a ServiceLoader
-
-
-
-
-
-
3.2.2. Principal Transformers
-
-
-
-
-
-
-
-
Component
-
Description
-
-
-
-
-
aggregate-principal-transformer
-
A principal transformer definition
-where the principal transformer is an aggregation of other principal
-transformers.
-
-
-
case-principal-transformer
-
A principal transformer definition where
-the principal is adjusted to upper or lower case.
-
-
-
chained-principal-transformer
-
A principal transformer definition where
-the principal transformer is a chaining of other principal transformers.
-
-
-
constant-principal-transformer
-
A principal transformer definition
-where the principal transformer always returns the same constant.
-
-
-
custom-principal-transformer
-
A custom principal transformer
-definition.
-
-
-
regex-principal-transformer
-
A regular expression based principal
-transformer
-
-
-
regex-validating-principal-transformer
-
A regular expression based
-principal transformer which uses the regular expression to validate the
-name.
-
-
-
-
-
-
3.2.3. Principal Decoders
-
-
-
-
-
-
-
-
Component
-
Description
-
-
-
-
-
aggregate-principal-decoder
-
A principal decoder definition where the
-principal decoder is an aggregation of other principal decoders.
-
-
-
concatenating-principal-decoder
-
A principal decoder definition where
-the principal decoder is a concatenation of other principal decoders.
-
-
-
constant-principal-decoder
-
Definition of a principal decoder that
-always returns the same constant.
-
-
-
custom-principal-decoder
-
Definition of a custom principal decoder.
-
-
-
x500-attribute-principal-decoder
-
Definition of a X500 attribute based
-principal decoder.
-
-
-
-
-
-
3.2.4. Evidence Decoders
-
-
-
-
-
-
-
-
Component
-
Description
-
-
-
-
-
x509-subject-alt-name-evidence-decoder
-
An evidence decoder that derives the
-principal associated with a certificate chain from an X.509 subject alternative
-name from the first certificate in the given chain.
-
-
-
x500-subject-evidence-decoder
-
An evidence decoder that derives the principal
-associated with a certificate chain from the subject from the first certificate
-in the given chain.
-
-
-
custom-evidence-decoder
-
Definition of a custom evidence decoder.
-
-
-
aggregate-evidence-decoder
-
An evidence decoder that is an aggregation of other
-evidence decoders. Given evidence, these evidence decoders will be attempted in
-order until one returns a non-null principal or until there are no more evidence
-decoders left to try.
-
-
-
-
-
-
3.2.5. Realm Mappers
-
-
-
-
-
-
-
-
Component
-
Description
-
-
-
-
-
constant-realm-mapper
-
Definition of a constant realm mapper that
-always returns the same value.
-
-
-
custom-realm-mapper
-
Definition of a custom realm mapper
-
-
-
mapped-regex-realm-mapper
-
Definition of a realm mapper implementation
-that first uses a regular expression to extract the realm name, this is
-then converted using the configured mapping of realm names.
-
-
-
simple-regex-realm-mapper
-
Definition of a simple realm mapper that
-attempts to extract the realm name using the capture group from the
-regular expression, if that does not provide a match then the delegate
-realm mapper is used instead.
A realm definition that is an aggregation of two
-or more realms, one for the authentication steps and one or more for loading the
-identity for the authorization steps and aggregating the resulting attributes.
-
-
-
caching-realm
-
A realm definition that enables caching to another
-security realm. Caching strategy is Least Recently Used where least
-accessed entries are discarded when maximum number of entries is
-reached.
-
-
-
custom-modifiable-realm
-
Custom realm configured as being modifiable
-will be expected to implement the ModifiableSecurityRealm interface. By
-configuring a realm as being modifiable management operations will be
-made available to manipulate the realm.
-
-
-
custom-realm
-
A custom realm definitions can implement either the s
-SecurityRealm interface or the ModifiableSecurityRealm interface.
-Regardless of which interface is implemented management operations will
-not be exposed to manage the realm. However other services that depend
-on the realm will still be able to perform a type check and cast to gain
-access to the modification API.
A security realm definition that uses JAAS configuration file to initialize LoginContext that is used to obtain identities.
-
-
-
-
-
-
3.2.7. Permission Mappers
-
-
-
-
-
-
-
-
Component
-
Description
-
-
-
-
-
custom-permission-mapper
-
Definition of a custom permission mapper.
-
-
-
logical-permission-mapper
-
Definition of a logical permission mapper.
-
-
-
simple-permission-mapper
-
Definition of a simple configured permission
-mapper.
-
-
-
constant-permission-mapper
-
Definition of a permission mapper that
-always returns the same constant.
-
-
-
-
-
-
3.2.8. Role Decoders
-
-
-
-
-
-
-
-
Component
-
Description
-
-
-
-
-
custom-role-decoder
-
Definition of a custom RoleDecoder
-
-
-
simple-role-decoder
-
Definition of a simple RoleDecoder that takes a
-single attribute and maps it directly to roles.
-
-
-
source-address-role-decoder
-
Definition of a RoleDecoder that maps roles
-based on the IP address of the remote client.
-
-
-
aggregate-role-decoder
-
A role decoder that is an aggregation of other
-role decoders. An aggregate role decoder combines the roles obtained using
-each role decoder.
-
-
-
-
-
-
3.2.9. Role Mappers
-
-
-
-
-
-
-
-
Component
-
Description
-
-
-
-
-
add-prefix-role-mapper
-
A role mapper definition for a role mapper that
-adds a prefix to each provided.
-
-
-
add-suffix-role-mapper
-
A role mapper definition for a role mapper that
-adds a suffix to each provided.
-
-
-
constant-role-mapper
-
A role mapper definition where a constant set of
-roles is always returned.
-
-
-
aggregate-role-mapper
-
A role mapper definition where the role mapper
-is an aggregation of other role mappers.
-
-
-
logical-role-mapper
-
A role mapper definition for a role mapper that
-performs a logical operation using two referenced role mappers.
-
-
-
custom-role-mapper
-
Definition of a custom role mapper
-
-
-
mapped-role-mapper
-
A role mapper definition for a role mapper that uses
-configured mapping of role names to map role names.
-
-
-
regex-role-mapper
-
A role mapper definition for a role mapper that
-performs a regex matching and maps matching roles with provided pattern.
-Regex can capture groups that replacement pattern can make use of.
-
-
-
-
-
-
3.2.10. SSL Components
-
-
-
-
-
-
-
-
Component
-
Description
-
-
-
-
-
client-ssl-context
-
An SSLContext for use on the client side of a
-connection.
-
-
-
filtering-key-store
-
A filtering keystore definition, which provides a
-keystore by filtering a key-store.
-
-
-
key-manager
-
A key manager definition for creating the key manager
-list as used to create an SSL context.
-
-
-
key-store
-
A keystore definition.
-
-
-
ldap-key-store
-
An LDAP keystore definition, which loads a keystore
-from an LDAP server.
-
-
-
server-ssl-context
-
An SSL context for use on the server side of a
-connection.
-
-
-
trust-manager
-
A trust manager definition for creating the
-TrustManager list as used to create an SSL context.
-
-
-
certificate-authority-account
-
A certificate authority account which can
-be used to obtain and revoke signed certificates.
-
-
-
-
-
-
3.2.11. Other
-
-
-
-
-
-
-
-
Component
-
Description
-
-
-
-
-
aggregate-providers
-
An aggregation of two or more Provider[]
-resources.
-
-
-
authentication-configuration
-
An individual authentication
-configuration definition, which is used by clients deployed to WildFly
-and other resources for authenticating when making a remote connection.
-
-
-
authentication-context
-
An individual authentication context
-definition, which is used to supply an ssl-context and
-authentication-configuration when clients deployed to WildFly and other
-resources make a remoting connection.
-
-
-
credential-store
-
Credential store to keep alias for sensitive
-information such as passwords for external services.
-
-
-
dir-context
-
The configuration to connect to a directory (LDAP) server.
-
-
-
provider-loader
-
A definition for a provider loader.
-
-
-
security-domain
-
A security domain definition.
-
-
-
security-property
-
A definition of a security property to be set.
-
-
-
-
-
-
-
3.3. Out of the Box Configuration
-
-
WildFly provides a set of components configured by default. While these
-components are ready to use, the legacy security subsystem and legacy
-core management authentication is still used by default. To configure
-WildFly to use the these configured components as well as create new
-ones, see the Using the Elytron
-Subsystem section.
-
-
-
-
-
-
-
-
-
Default Component
-
Description
-
-
-
-
-
ApplicationDomain
-
The ApplicationDomain security domain uses
-ApplicationRealm and groups-to-roles for authentication. It also uses
-default-permission-mapper to assign the login permission.
-
-
-
ManagementDomain
-
The ManagementDomain security domain uses two
-security realms for authentication: ManagementRealm with groups-to-roles
-and local with super-user-mapper. It also uses default-permission-mapper
-to assign the login permission.
-
-
-
local (security realm)
-
The local security realm does no authentication
-and sets the identity of principals to $local
-
-
-
ApplicationRealm
-
The ApplicationRealm security realm is a properties
-realm that authenticates principals using application-users.properties
-and assigns roles using application-roles.properties. These files are
-located under jboss.server.config.dir, which by default, maps to
-EAP_HOME/standalone/configuration. They are also the same files used by
-the legacy security default configuration.
-
-
-
ManagementRealm
-
The ManagementRealm security realm is a properties
-realm that authenticates principals using mgmt-users.properties and
-assigns roles using mgmt-groups.properties. These files are located
-under jboss.server.config.dir, which by default, maps to
-EAP_HOME/standalone/configuration. They are also the same files used by
-the legacy security default configuration.
-
-
-
default-permission-mapper
-
The default-permission-mapper mapper is a
-simple permission mapper that uses the default-permissions permission set
-to assign the full set of permissions that an identity would require to
-access any services on the server. For example, the default-permission-mapper
-mapper uses org.wildfly.extension.batch.jberet.deployment.BatchPermission
-specified by the default-permissions permission set to assign permission for
-batch jobs. The batch permissions are start, stop, restart, abandon, and read
-which aligns with jakarta.batch.operations.JobOperator. The default-permission-mapper
-mapper also uses org.wildfly.security.auth.permission.LoginPermission specified
-by the the login-permission permission set to assign the login permission.
-
-
-
local (mapper)
-
The local mapper is a constant role mapper that maps to
-the local security realm. This is used to map authentication to the
-local security realm.
-
-
-
groups-to-roles
-
The groups-to-roles mapper is a simple-role-decoder
-that will decode the groups information of a principal and use it for
-the role information.
-
-
-
super-user-mapper
-
The super-user-mapper mapper is a constant role
-mapper that maps the SuperUser role to a principal.
-
-
-
management-http-authentication
-
The management-http-authentication
-http-authentication-factory can be used for doing authentication over
-http. It uses the global provider-http-server-mechanism-factory to
-filter authentication mechanism and uses ManagementDomain for
-authenticating principals. It accepts the DIGEST authentication
-mechanisms and exposes it as ManagementRealm to applications.
-
-
-
global (provider-http-server-mechanism-factory)
-
This is the HTTP
-server factory mechanism definition used to list the provided
-authentication mechanisms when creating an http authentication factory.
-
-
-
management-sasl-authentication
-
The management-sasl-authentication
-sasl-authentication-factory can be used for authentication using SASL.
-It uses the configured sasl-server-factory to filter authentication
-mechanisms, which also uses the global provider-sasl-server-factory to
-filter by provider names. management-sasl-authentication uses the
-ManagementDomain security domain for authentication of principals. It
-also maps authentication using JBOSS-LOCAL-USER mechanisms using the
-local realm mapper and authentication using DIGEST-MD5 to
-ManagementRealm.
-
-
-
application-sasl-authentication
-
The application-sasl-authentication
-sasl-authentication-factory can be used for authentication using SASL.
-It uses the configured sasl-server-factory to filter authentication
-mechanisms, which also uses the global provider-sasl-server-factory to
-filter by provider names. application-sasl-authentication uses the
-ApplicationDomain security domain for authentication of principals.
-
-
-
global (provider-sasl-server-factory)
-
This is the SASL server factory
-definition used to create SASL authentication factories.
This is used
-to filter which sasl-authentication-factory is used based on the
-provider. In this case, elytron will match on the WildFlyElytron
-provider name.
-
-
-
configured (configurable-sasl-server-factory)
-
This is used to filter
-sasl-authentication-factory is used based on the mechanism name. In this
-case, configured will match on JBOSS-LOCAL-USER and DIGEST-MD5. It also
-sets the wildfly.sasl.local-user.default-user to $local.
-
-
-
applicationSSC
-
The applicationSSC server SSL context can be used
-to automatically generate a self-signed certificate the first time
-the HTTPS interface is accessed. This server SSL context should only
-be used for testing purposes. It should never be used in a production
-environment.
-
-
-
combined-providers
-
Is an aggregate provider that aggregates the elytron
-and openssl provider loaders.
By default, applications are secured using legacy security domains.
-Applications must specify a security domain in their web.xml as well
-as the authentication method. If no security domain is specified by the
-application, WildFly will use the provided other legacy security
-domain.
-
-
-
3.4.1. Update WildFly to Use the Default Elytron Components for Application
When the applicationSSC server SSL context is used by Undertow, a self-signed certificate will automatically
-be generated the first time the HTTPS interface is accessed if the file that backs the applicationKS key store
-doesn’t exist. This self-signed certificate will then be persisted to the file that backs the applicationKS key
-store. The generate-self-signed-certificate-host value, localhost, will be used as the Common Name (CN) value
-in the generated self-signed certificate. The following messages will appear in the server log file:
-
-
-
-
13:21:39,197 WARN [org.wildfly.extension.elytron] (MSC service thread 1-6) WFLYELY01083: KeyStore /wildfly/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self-signed certificate for host localhost
-...
-13:39:57,152 WARN [org.wildfly.extension.elytron] (default task-1) WFLYELY01084: Generated self-signed certificate at /wildfly/dist/target/wildfly-21.0.0.Beta1-SNAPSHOT/standalone/configuration/application.keystore. Please note that self-signed certificates are not secure and should only be used for testing purposes. Do not use this self-signed certificate in production.
-SHA-1 fingerprint of the generated key is fc:16:cf:bf:de:3a:6d:d6:fe:ec:f9:cd:9d:22:c9:3d:43:d7:e3:57
-SHA-256 fingerprint of the generated key is 38:69:00:4e:39:e2:40:e2:ef:b6:95:58:c6:ba:d0:0f:56:c5:7c:5d:fc:d5:c3:b9:b0:94:80:9c:f5:45:9d:40
-
-
-
-
NOTE To disable the automatic self-signed certificate generation, undefine the generate-self-signed-certificate-host
-attribute on the applicationKM key manager.
-
-
-
WARNING This self-signed certificate is only intended to be used for testing purposes. This self-signed certificate
-should never be used in a production environment. For more information on configuring an ssl-context,
-see Configuring a server SSLContext. For more information on how to
-easily obtain a signed certificate using the WildFly CLI, see Obtain a signed certificate from Let’s Encrypt.
When you access the management interface over HTTP, for example when
-using the web-based management console, WildFly will use the
-management-http-authentication http-authentication-factory.
By default, the management CLI ( jboss-cli.sh) is configured to
-connect over remote+http.
-
-
-
Default jboss-cli.xml
-
-
-
-
<jboss-clixmlns="urn:jboss:cli:3.3">
-
- <default-protocoluse-legacy-override="true">remote+http</default-protocol>
-
- <!-- The default controller to connect to when 'connect' command is executed w/o arguments -->
- <default-controller>
- <protocol>remote+http</protocol>
- <host>localhost</host>
- <port>9990</port>
- </default-controller>
-
-
-
-
This will establish a connection over HTTP and use HTTP upgrade to
-change the communication protocol to native. The HTTP upgrade
-connection is secured in the http-upgrade section of the
-http-interface using a sasl-authentication-factory.
Configure Authentication with an LDAP-Based Identity Store
-
-
-
Certificate, Certificate Roles Login Module
-
Configure Authentication
-with Certificates
-
-
-
Kerberos, SPNEGO Login Modules
-
Configure Authentication with a
-Kerberos-Based Identity Store
-
-
-
Kerberos, SPNEGO Login Modules with Fallback
-
Configure Authentication
-with a Form as a Fallback for Kerberos
-
-
-
RoleMapping Login Module
-
Configure Authentication
-with a Mapped Role Mapper
-
-
-
Vault
-
Create and Use a Credential Store
-
-
-
Legacy Security Realms
-
Secure the Management Interfaces with a New
-Identity Store, Silent Authentication
-
-
-
RBAC
-
Using RBAC with Elytron
-
-
-
Legacy Security Realms for One-way and Two-way SSL/TLS for Applications
-
Enable One-way SSL/TLS for Applications, Enable Two-way SSL/TLS in
-WildFly for Applications
-
-
-
Legacy Security Realms for One-way and Two-way SSL/TLS for Management
-Interfaces
-
Enable One-way for the Management Interfaces Using the
-Elytron Subsystem, Enable Two-way SSL/TLS for the Management Interfaces
-using the Elytron Subsystem
-
-
-
-
-
-
-
-
4. Using the Elytron Subsystem
-
-
-
4.1. Set Up and Configure Authentication for Applications
-
-
4.1.1. Configure Authentication with a Properties File-Based Identity Store
-
-
Create properties files:
-
-
You need to create two properties files: one that maps user to passwords
-and another that maps users to roles. Usually these files are located in
-the jboss.server.config.dir directory and follow the naming convention
-*-users.properties and *-roles.properties, but other locations and
-names may be used. The *-users.properties file must also contain a
-reference to the properties-realm, which you will create in the next
-step: #$REALM_NAME=YOUR_PROPERTIES_REALM_NAME$
-
-
-
Example user to password file: example-users.properties
Example user to roles file: example-roles.properties
-
-
-
-
user1=Admin
-user2=Guest
-
-
-
-
The Properties Realm also supports storing hashed passwords in the properties
-files, namely DIGEST passwords. Learn how to specify the encoding and character set for these passwords
-in the next section.
The name of the properties-realm is examplePropRealm, which is used
-in the previous step in the example-users.properties file. Also, if
-your properties files are located outside of jboss.server.config.dir,
-then you need to change the path and relative-to values
-appropriately.
-
-
-
Additionally, if storing hashed passwords in the properties file, you can specify the following
-attributes:
-
-
-
-
-
hash-encoding: This attribute specifies the string format for the password if it is not stored in plain
-text. It is set to hex encoding by default, but base64 is also supported.
-
-
-
hash-charset: This attribute specifies the character set to use when converting the password string to a
-byte array. It is set to UTF-8 by default.
-
-
-
-
-
For example, the following properties realm is configured to use base64 encoding and the character set
-GB2312.
Configure your application’s web.xml and jboss-web.xml.
-
-
Your application’s web.xml and jboss-web.xml must be updated to use
-the application-security-domain you configured in WildFly. An example
-of this is available in the
-Configure Applications to Use Elytron for Authentication
-section.
-
-
-
-
-
4.1.2. Configure Authentication with a Filesystem-Based Identity Store
-
-
Chose a directory for users:
-
-
You need a directory where your users will be stored. In this example,
-we are using a directory called fs-realm-users located in
-jboss.server.config.dir.
It is also possible to enable support for integrity checking on the filesystem realm by configuring the key-store and key-store-alias attributes for the realm.
-
-
-
When enabling integrity checking on a filesystem realm, you will have to specify the following 2 attributes
-
-
-
-
-
key-store: This attribute specifies the key-store that contains the key pair (private key and public key) that’s used for signing each identity file and for integrity checking.
-
-
-
key-store-alias: This attribute specifies the alias within the key-store that identifies the PrivateKeyEntry to use to sign identity files and perform filesystem integrity checks.
-
-
-
-
-
To create a key-store and a key-pair for the attributes above, you can create a key-store resource using the following commands. This will create a key-store called keystore with the alias localhost, and the password secret.
To create an integrity enabled filesystem realm with a key-store called keystore and the key-store-alias localhost, the following command would be used
Integrity and Encryption can be used in conjuction together. To create an encrypted filesystem realm with integrity enabled, the following command would be used
Configure your application’s web.xml and jboss-web.xml.
-
-
Your application’s web.xml and jboss-web.xml must be updated to use
-the application-security-domain you configured in WildFly. An example
-of this is available in the
-Configure Applications to Use Elytron for Authentication
-section.
-
-
-
Your application is now using a filesystem-based identity store for
-authentication.
-
-
-
-
-
4.1.3. Configure Authentication with a Database Identity Store
-
-
Determine your database format for usernames, passwords, and roles:
-
-
To set up authentication using a database for an identity store, you
-need to determine how your usernames, passwords, and roles are stored in
-that database. In this example, we are using a single table with the
-following sample data:
-
-
-
-
-
-
-
-
-
-
username
-
password
-
roles
-
-
-
-
-
user1
-
password123
-
Admin
-
-
-
user2
-
password123
-
Guest
-
-
-
-
-
-
Configure a datasource:
-
-
To connect to a database from WildFly, you must have the appropriate
-database driver deployed as well as a datasource configured. This
-example shows deploying the driver for postgres and configuring a
-datasource in WildFly:
/subsystem=elytron/jdbc-realm=exampleDbRealm:add(principal-query=[{sql="SELECT password,roles FROM wildfly_users WHERE username=?",data-source=examplePostgresDS,clear-password-mapper={password-index=1},attribute-mapping=[{index=2,to=groups}]}])
-
-
-
-
NOTE: The above example shows how to obtain passwords and roles from a
-single principal-query. You can also create additional
-principal-query with attribute-mapping attributes if you require
-multiple queries to obtain roles or additional authentication or
-authorization information.
Configure your application’s web.xml and jboss-web.xml.
-
-
Your application’s web.xml and jboss-web.xml must be updated to use
-the application-security-domain you configured in WildFly. An example
-of this is available in the
-Configure Applications to Use Elytron for Authentication
-section.
-
-
-
-
-
4.1.4. Configure Authentication with an LDAP-Based Identity Store
-
-
Determine your LDAP format for usernames, passwords, and roles:
-
-
To set up authentication using an LDAP server for an identity store, you
-need to determine how your usernames, passwords, and roles are stored.
-In this example, we are using the following structure:
-
-
-
-
dn: dc=wildfly,dc=org
-dc: wildfly
-objectClass: top
-objectClass: domain
-
-dn: ou=Users,dc=wildfly,dc=org
-objectClass: organizationalUnit
-objectClass: top
-ou: Users
-
-dn: uid=jsmith,ou=Users,dc=wildfly,dc=org
-objectClass: top
-objectClass: person
-objectClass: inetOrgPerson
-cn: John Smith
-sn: smith
-uid: jsmith
-userPassword: password123
-
-dn: ou=Roles,dc=wildfly,dc=org
-objectclass: top
-objectclass: organizationalUnit
-ou: Roles
-
-dn: cn=Admin,ou=Roles,dc=wildfly,dc=org
-objectClass: top
-objectClass: groupOfNames
-cn: Admin
-member: uid=jsmith,ou=Users,dc=wildfly,dc=org
-
-
-
-
-
Configure a dir-context:
-
-
To connect to the LDAP server from WildFly, you need to configure a
-dir-context that provides the URL as well as the principal used to
-connect to the server.
Additionally, if storing hashed passwords in the LDIF file, you can specify the following
-attributes:
-
-
-
-
-
hash-encoding: This attribute specifies the string format for the password if it is not stored in plain
-text. It is set to base64 encoding by default, but hex is also supported.
-
-
-
hash-charset: This attribute specifies the character set to use when converting the password string to a
-byte array. It is set to UTF-8 by default.
-
-
-
-
-
For example, the following LDAP realm is storing hexadecimal encoded strings hashed using the GB2312 character set:
Configure your application’s web.xml and jboss-web.xml.
-
-
Your application’s web.xml and jboss-web.xml must be updated to use
-the application-security-domain you configured in WildFly. An example
-of this is available in the
-Configure Applications to Use Elytron for Authentication
-section.
-
-
-
IMPORTANT: In cases where you configure an LDAP server in the
-elytron subsystem for authentication and that LDAP server then becomes
-unreachable, WildFly will return a 500, or internal server error,
-error code when attempting authentication using that unreachable LDAP
-server. This behavior differs from the legacy security subsystem,
-which will return a 401, or unauthorized, error code under the same
-conditions.
-
-
-
-
-
4.1.5. Configure Authentication with Certificates
-
-
IMPORTANT: Before you can set up certificate-based authentication, you
-must have two-way SSL configured.
You must configure this realm with a truststore that contains the
-client’s certificate. The authentication process uses the same
-certificate presented by the client during the two-way SSL handshake.
-
-
-
-
Create a Decoder.
-
-
You need to create a x500-attribute-principal-decoder to decode the
-principal you get from your certificate. The below example will decode
-the principal based on the first CN value.
For example, if the full DN was
-CN=client,CN=client-certificate,DC=example,DC=jboss,DC=org,
-CNDecoder would decode the principal as client. This decoded
-principal is used as the alias value to lookup a certificate in the
-truststore configured in ksRealm.
-
-
-
IMPORTANT: The decoded principal * MUST* must be the alias value
-you set in your server’s truststore for the client’s certificate.
-
-
-
-
Configure an evidence-decoder
-
-
By default, the principal associated with a certificate will be the subject name
-from the certificate. This subject name will then be rewritten using any configured
-principal decoders and principal transformers to obtain the name that should be used
-when locating and loading the identity from the underlying identity store.
-
-
-
To specify that a subject alternative name from a certificate should be used as the
-principal associated with that certificate, an x509-subject-alt-name-evidence-decoder
-needs to be configured. This element has two attributes:
-
-
-
-
-
alt-name-type - The subject alternative name type to decode. This attribute is
-required. Must be one of the subject alternative name types that can be represented
-as a String:
-
-
-
-
rfc822Name
-
-
-
dNSName
-
-
-
uniformResourceIdentifier
-
-
-
iPAddress
-
-
-
registeredID
-
-
-
directoryName
-
-
-
-
-
-
segment - The 0-based occurrence of the subject alternative name to map. This
-attribute is optional and only used when there is more than one subject alternative
-name of the given alt-name-type. The default value is 0.
-
-
-
-
-
For example, consider the following X.509 v3 Subject Alternative Name extension from
-the first certificate in an X.509 certificate chain:
-
-
-
-
X509v3 Subject Alternative Name:
-DNS:one.example.org, IP Address:127.0.0.1
-
-
-
-
To associate the certificate chain evidence with the principal "one.example.org", the
-following x509-subject-alt-name-evidence-decoder could be configured:
It is also possible to configure an x500-subject-evidence-decoder. This evidence decoder
-will extract the subject from the first certificate in the certificate chain, as an X500Principal.
-Example configuration:
To make use of a custom org.wildfly.security.auth.server.EvidenceDecoder implementation, a
-custom-evidence-decoder can be configured. The custom implementation class needs to first be
-packaged in a JAR. A module can then be added to WildFly that contains this JAR. See
-Custom Components for more information on how to add a custom Elytron
-component to WildFly.
Finally, it is also possible to configure an aggregate-evidence-decoder. This consists of
-two or more evidence-decoder elements where each element is reference to a configured
-evidence decoder. Given evidence, these evidence decoders will be attempted in order until
-one returns a non-null principal or until there are no more evidence decoders left to try.
If no evidence-decoder is specified for a security-domain, then the principal associated with the evidence will
-just be the default principal for the evidence type, i.e., for an X.509 certificate chain, this would continue to
-default to the subject from the first certificate in the certificate chain.
-
-
-
-
Add a constant-role-mapper for assigning roles.
-
-
This is example uses a constant-role-mapper to assign roles to a
-principal from ksRealm but other approaches may also be used.
Configure your application’s web.xml and jboss-web.xml.
-
-
Your application’s web.xml and jboss-web.xml must be updated to use
-the application-security-domain you configured in WildFly. An example
-of this is available in the
-Configure Applications to Use Elytron for Authentication
-section.
-
-
-
In addition, you need to update your web.xml to use CLIENT-CERT as
-its authentication method.
Configure an Elytron security realm for assigning roles.
-
-
The the client’s Kerberos token will provide the principal, but you need
-a way to map that principal to a role for your application. There are
-several ways to accomplish this, but this example creates a
-filesystem-realm, adds a user to the realm that matches the principal
-from the Kerberos token, and assigns roles to that user.
Configure your application’s web.xml, jboss-web.xml and
-
-
jboss-deployment-structure.xml.
-
-
-
Your application’s web.xml and jboss-web.xml must be updated to use
-the application-security-domain you configured in WildFly. An example
-of this is available in the
-Configure Applications to Use Elytron for Authentication
-section.
-
-
-
In addition, you need to update your web.xml to use SPNEGO as its
-authentication method.
4.1.7. Configure Authentication with a Form as a Fallback for Kerberos
-
-
Configure kerberos-based authentication.
-
-
Configuring kerberos-based authentication is covered in a previous
-section.
-
-
-
-
Add a mechanism for FORM authentication in the
-
-
http-authentication-factory.
-
-
-
You can use the existing http-authentication-factory you configured
-for kerberos-based authentication and and an additional mechanism for
-FORM authentication.
The existing configuration for kerberos-based authentication should
-already have a security realm configured for mapping principals from
-kerberos token to roles for the application. You can add additional
-users for fallback authentication to that realm. For example if you used
-a filesystem-realm, you can simply create a new user with the
-appropriate roles:
You need to update the web.xml to use the value SPNEGO,FORM for the
-auth-method, which will use FORM as a fallback authentication method
-if SPNEGO fails. You also need to specify the location of your login
-and error pages.
4.1.8. Configure Applications to Use Elytron for Authentication
-
-
After you have configured the elytron subsystem
-for authentication, you need to configure your application to use it.
-
-
-
Configure your application’s web.xml.
-
-
Your application’s web.xml needs to be configured to use the
-appropriate authentication method. When using elytron, this is defined
-in the http-authentication-factory you created.
-
-
-
Example web.xml with BASIC Authentication
-
-
-
-
<web-app>
- <security-constraint>
- <web-resource-collection>
- <web-resource-name>secure</web-resource-name>
- <url-pattern>/secure/*</url-pattern>
- </web-resource-collection>
- <auth-constraint>
- <role-name>Admin</role-name>
- </auth-constraint>
- </security-constraint>
- <security-role>
- <description>The role that is required to log in to /secure/*</description>
- <role-name>Admin</role-name>
- </security-role>
- <login-config>
- <auth-method>BASIC</auth-method>
- <realm-name>exampleApplicationDomain</realm-name>
- </login-config>
-</web-app>
-
-
-
-
BASIC Authentication can be configured to be silent
-
-
-
-
<auth-method>BASIC?silent=true</auth-method>
-
-
-
-
Basic authentication in silent mode will send challenge to authenticate only if the request
-contained authorization header, otherwise it is assumed another method will send the challenge.
-
-
-
-
Configure your application to use a security domain.
-
-
You can configure your application’s jboss-web.xml to specify the
-security domain you want to use for authentication. When using the
-elytron subsystem, this is defined when you created the
-application-security-domain.
Using jboss-web.xml allows you to configure the security domain for a
-single application only. Alternatively, you can specify a default
-security domain for all applications using the undertow subsystem.
-This allows you to omit using jboss-web.xml to configure a security
-domain for an individual application.
IMPORTANT: Setting default-security-domain in the undertow
-subsystem will apply to ALL applications. If default-security-domain
-is set and an application specifies a security domain in a
-jboss-web.xml file, the configuration in jboss-web.xml will override
-the default-security-domain in the undertow subsystem.
-
-
-
-
-
4.1.9. Override an Application’s Authentication Configuration
-
-
You can override the authentication configuration of an application with
-one configured in WildFly. To do this, use the
-override-deployment-configuration property in the
-application-security-domain section of the undertow subsystem:
By enabling override-deployment-configuration, you can create a new
-http-authentication-factory that specifies a different authentication
-mechanism such as BASIC.
This will override the authentication mechanism defined in the
-application’s jboss-web.xml and attempt to authenticate a user using
-BASIC instead of FORM.
By default, WildFly provides an authentication mechanism for local
-users, also know as silent authentication, through the local security
-realm.
-
-
-
Silent authentication must be used via a sasl-authentication-factory.
-
-
-
IMPORTANT: When enabling silent authentication, you must ensure the
-security domain referenced by your sasl-authentication-factory
-references a security realm that contains the $local user. By default,
-WildFly provides the local identity realm that provides this user.
RBAC can be configured to automatically assign or exclude roles for
-users that are members of groups. This is configured in the
-access-control section of the core management. When the management
-interfaces are secured with the elytron subsystem, and users are
-assigned groups when they authenticate. You can also configure roles to
-be assigned to authenticated users in a variety of ways using the
-elytron subsystem, for example using a role mapper or a role decoder.
-
-
-
-
-
4.3. Configure SSL/TLS
-
-
4.3.1. Enable One-way SSL/TLS for Applications
-
-
There are a couple ways to enable one-way SSL/TLS for deployed applications.
-
-
-
Using a security command:
-
-
The security enable-ssl-http-server command can be used to enable one-way
-SSL/TLS for deployed applications. Example of wizard usage:
-
-
-
-
security enable-ssl-http-server --interactive --override-ssl-context
-Please provide required pieces of information to enable SSL:
-Key-store file name (defaultdefault-server.keystore): keystore.pkcs12
-Password (blank generated): secret
-What is your first and last name? [Unknown]: localhost
-What is the name of your organizational unit? [Unknown]:
-What is the name of your organization? [Unknown]:
-What is the name of your City or Locality? [Unknown]:
-What is the name of your State or Province? [Unknown]:
-What is the two-letter country code forthis unit? [Unknown]:
-Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct y/n [y]?
-Validity (in days, blank default): 365
-Alias (blank generated): localhost
-Enable SSL Mutual Authentication y/n (blank n): n
-
-SSL options:
-key store file: keystore.pkcs12
-distinguished name: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
-password: secret
-validity: 365
-alias: localhost
-Server keystore file keystore.pkcs12, certificate file keystore.pem and keystore.csr file
-will be generated in server configuration directory.
-Do you confirm y/n: y
-
-
-
-
NB: Once the command is executed, the CLI will reload the server.
-
-
-
HTTPS is now enabled for applications.
-
-
-
-
Using Elytron subsystem commands:
-
-
You can also use the Elytron subsystem, along with the Undertow subsystem, to
-enable HTTPS for deployed applications.
The previous command uses an absolute path to the keystore.
-Alternatively you can use the relative-to attribute to specify the
-base directory variable and path specify a relative path.
-Also, in case of file-based keystore the type attribute can be omitted and
-the keystore type will be automatically detected.
The above command shows that the https-listener is configured to use
-the ApplicationRealm legacy security realm for its SSL configuration.
-Undertow cannot reference both a legacy security realm and an
-ssl-context in Elytron at the same time so you must remove the
-reference to the legacy security realm. Also there has to be always
-configured either ssl-context or security-realm. Thus when changing
-between those, you have to use batch operation:
-
-
-
Remove the reference to the legacy security realm and update the
-https-listenerto use thessl-contextfrom Elytron:
There are a couple ways to enable two-way SSL/TLS for deployed applications.
-
-
-
Using a security command:
-
-
The security enable-ssl-http-server command can be used to enable two-way
-SSL/TLS for the deployed applications. Example of wizard usage:
-
-
-
-
-
-
-
-
-
-
In the following example, we enter n when propmted with Validate certificate because the example uses a self-signed certificate. If you use Cretificate Authority (CA) signed certificates, enter y when prompted.
-
-
-
-
-
-
-
-
security enable-ssl-http-server --interactive --override-ssl-context
-Please provide required pieces of information to enable SSL:
-Key-store file name (defaultdefault-server.keystore): server.keystore.pkcs12
-Password (blank generated): secret
-What is your first and last name? [Unknown]: localhost
-What is the name of your organizational unit? [Unknown]:
-What is the name of your organization? [Unknown]:
-What is the name of your City or Locality? [Unknown]:
-What is the name of your State or Province? [Unknown]:
-What is the two-letter country code forthis unit? [Unknown]:
-Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct y/n [y]?
-Validity (in days, blank default): 365
-Alias (blank generated): localhost
-Enable SSL Mutual Authentication y/n (blank n): y
-Client certificate (path to pem file): /path/to/client.cer
-Validate certificate y/n (blank y): n
-Trust-store file name (management.truststore): server.truststore.pkcs12
-Password (blank generated): secret
-
-SSL options:
-key store file: server.keystore.pkcs12
-distinguished name: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
-password: secret
-validity: 365
-alias: localhost
-client certificate: /path/to/client.cer
-trust store file: server.trustore.pkcs12
-trust store password: secret
-Server keystore file server.keystore.pkcs12, certificate file server.pem and server.csr file will be generated in server configuration directory.
-Server truststore file server.trustore.pkcs12 will be generated in server configuration directory.
-Do you confirm y/n: y
-
-
-
-
NB: Once the command is executed, the CLI will reload the server. To complete
-the two-way SSL/TLS authentication, you need to
-import the server certificate
-into the client truststore and
-configure your client
-to present the client certificate.
-
-
-
-
Using Elytron subsystem commands:
-
-
You can also use the Elytron subsystem, along with the Undertow subsystem,
-to enable two-way SSL/TLS for deployed applications.
-
-
-
Obtain or generate your key stores:
-
-
Before enabling HTTPS in WildFly, you must obtain or generate the server key
-store and trust store you plan on using. To generate an example key store and
-trust store, use the following commands.
NOTE
-The first command above uses an absolute path to the keystore.
-Alternatively you can use the relative-to attribute to specify the
-base directory variable and path specify a relative path.
Create a key-store for the server truststore and import the client certificate
-into the server truststore:
-
-
-
-
-
-
-
-
-
-
In the following example, we enter validate=false in the import-certificate command because the example uses a self-signed certificate. If you use Certificate Authority (CA) signed certificates, omit validate=false.
The above command shows that the https-listener is configured to use
-the ApplicationRealm legacy security realm for its SSL configuration.
-Undertow cannot reference both a legacy security realm and an
-ssl-context in Elytron at the same time so you must remove the
-reference to the legacy security realm. Also there has to be always
-configured either ssl-context or security-realm. Thus when changing
-between those, you have to use batch operation:
-
-
-
-
Remove the reference to the legacy security realm and update the https-listener to use the ssl-context from Elytron:
Configure your client to use the client certificate
-
-
You need to configure your client to present the trusted client
-certificate to the server to complete the two-way SSL/TLS
-authentication. For example, if using a browser, you need to import the
-trusted certificate into the browser’s truststore.
-
-
-
Two-Way HTTPS is now enabled for applications.
-
-
-
-
-
4.3.3. Configure certificate revocation in trust-manager
-
-
Configure Certificate Revocation List:
-
-
You can configure your trust-manager to use certificate-revocation-list (CRL) to check revocation status of obtained certificates.
-
-
-
The supported attributes for a certificate-revocation-list include:
-
-
-
-
-
path: The path to the configuration file that is used to initialize the certificate revocation list.
-
-
-
relative-to: The base path of the certificate revocation list file.
-
-
-
maximum-cert-path: The maximum number of non-self-issued intermediate certificates that can exist in a certification path.
-The default value is 5. (Deprecated. Use maximum-cert-path in trust-manager).
Alternatively, you can configure multiple certificate revocation lists in your trust-manager using
-the certificate-revocation-lists attribute as follows:
This will enable OCSP certificate revocation by using OCSP responder inside the certificate. In case the responder is known but OCSP revocation status is unknown, the verification will fail.
-
-
-
Override OCSP responder URI extracted from certificate:
4.3.4. Enable One-way SSL/TLS for the Management Interfaces
-
-
There are a couple ways to enable one-way SSL/TLS for the management interfaces.
-
-
-
Using a security command:
-
-
The security enable-ssl-management command can be used to enable one-way
-SSL/TLS for the management interfaces. Example of wizard usage:
-
-
-
-
security enable-ssl-management --interactive
-Please provide required pieces of information to enable SSL:
-Key-store file name (default management.keystore): keystore.pkcs12
-Password (blank generated): secret
-What is your first and last name? [Unknown]: localhost
-What is the name of your organizational unit? [Unknown]:
-What is the name of your organization? [Unknown]:
-What is the name of your City or Locality? [Unknown]:
-What is the name of your State or Province? [Unknown]:
-What is the two-letter country code forthis unit? [Unknown]:
-Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct y/n [y]?
-Validity (in days, blank default): 365
-Alias (blank generated): localhost
-Enable SSL Mutual Authentication y/n (blank n): n
-
-SSL options:
-key store file: keystore.pkcs12
-distinguished name: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
-password: secret
-validity: 365
-alias: localhost
-Server keystore file keystore.pkcs12, certificate file keystore.pem and keystore.csr file
-will be generated in server configuration directory.
-Do you confirm y/n :y
-
-
-
-
NB: Once the command is executed, the CLI will reload the server and reconnect to it.
-
-
-
HTTPS is now enabled for the management interfaces.
-
-
-
-
Using Elytron subsystem commands:
-
-
Elytron subsystem commands can also be used to enable one-way SSL/TLS for the
-management interfaces.
NOTE: The above command uses relative-to to reference the location
-of the keystore file. Alternatively, you can specify the full path to
-the keystore in path and omit relative-to.
-
-
-
If the keystore file does not exist yet, the following commands can be used to
-generate an example key pair:
There are a couple ways to enable two-way SSL/TLS for the management interfaces.
-
-
-
Using a security command:
-
-
The security enable-ssl-management command can be used to enable two-way
-SSL/TLS for the management interfaces. Example of wizard usage:
-
-
-
-
-
-
-
-
-
-
In the following example, we enter n when propmted with Validate certificate because the example uses a self-signed certificate. If you use Certificate Authority (CA) signed certificates, enter y when prompted.
-
-
-
-
-
-
-
-
security enable-ssl-management --interactive
-Please provide required pieces of information to enable SSL:
-Key-store file name (default management.keystore): server.keystore.pkcs12
-Password (blank generated): secret
-What is your first and last name? [Unknown]: localhost
-What is the name of your organizational unit? [Unknown]:
-What is the name of your organization? [Unknown]:
-What is the name of your City or Locality? [Unknown]:
-What is the name of your State or Province? [Unknown]:
-What is the two-letter country code forthis unit? [Unknown]:
-Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct y/n [y]?
-Validity (in days, blank default): 365
-Alias (blank generated): localhost
-Enable SSL Mutual Authentication y/n (blank n): y
-Client certificate (path to pem file): /path/to/client.cer
-Validate certificate y/n (blank y): n
-Trust-store file name (management.truststore): server.truststore.pkcs12
-Password (blank generated): secret
-
-SSL options:
-key store file: server.keystore.pkcs12
-distinguished name: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
-password: secret
-validity: 365
-alias: localhost
-client certificate: /path/to/client.cer
-trust store file: server.trustore.pkcs12
-trust store password: secret
-Server keystore file server.keystore.pkcs12, certificate file server.pem and server.csr file will be generated in server configuration directory.
-Server truststore file server.trustore.pkcs12 will be generated in server configuration directory.
-Do you confirm y/n: y
-
-
-
-
NB: Once the command is executed, the CLI will reload the server and
-attempt to reconnect to it. To complete the two-way SSL/TLS authentication,
-you need to import the server certificate
-into the client truststore and
-configure your client
-to present the client certificate.
-
-
-
-
Using Elytron subsystem commands:
-
-
Elytron subsystem commands can also be used to enable two-way SSL/TLS for the
-management interfaces.
-
-
-
Obtain or generate your key stores.
-
-
Before enabling HTTPS in WildFly, you must obtain or generate the server
-key store and trust store you plan on using. To generate an example key
-store and trust store, use the following commands.
NOTE: The above command uses relative-to to reference the location
-of the keystore file. Alternatively, you can specify the full path to
-the keystore in path and omit relative-to.
Create a key-store for the server trust store and import the client certificate
-into the server trust store.
-
-
-
-
-
-
-
-
-
-
In the following example, we enter validate=false in the import-certificate command because the example uses a self-signed certificate. If you use Certificate Authority (CA) signed certificates, omit validate=false.
Configure your client to use the client certificate.
-
-
You need to configure your client to present the trusted client
-certificate to the server to complete the two-way SSL/TLS
-authentication. For example, if using a browser, you need to import the
-trusted certificate into the browser’s trust store.
-
-
-
Two-way SSL/TLS is now enabled for the management interfaces.
-
-
-
-
-
4.3.6. KeyStore manipulation operations
-
-
It is possible to perform various KeyStore manipulation operations on an
-Elytron key-store resource using the management CLI.
-
-
-
Generate a key pair
-
-
The generate-key-pair command generates a key pair and wraps the resulting
-public key in a self-signed X.509 certificate. The generated private key and
-self-signed certificate will be added to the KeyStore.
The generate-certificate-signing-request command generates a PKCS #10
-certificate signing request using a PrivateKeyEntry from the KeyStore. The
-generated certificate signing request will be output to a file.
Note: Let’s Encrypt is the default certificate authority and therefore the certificate-authority attribute can be omitted when creating a certificate-authority-account.
-It is also possible to configure an account with different certificate authority than Let’s Encrypt by adding custom certificate-authority resource and passing it to certificate-authority-account.
The obtain-certificate command creates an account with Let’s Encrypt, if such an account does not already exist,
-obtains a signed certificate from Let’s Encrypt, and stores it in the KeyStore.
The should-renew-certificate command checks if a certificate is due for renewal. In particular, it will return true if the certificate expires in less than the given number of days and false otherwise.
The get-metadata command retrieves the metadata (e.g., terms of service URL, website URL, CAA identities,
-and whether or not an external account is required), if any, associated with the certificate authority.
An ldap-key-store allows you to use a keystore stored in an LDAP
-server. You can use an ldap-key-store in same way you can use a
-key-store.
-
-
-
To create and use an ldap-key-store:
-
-
-
Configure a dir-context.
-
-
To connect to the LDAP server from WildFly, you need to configure a
-dir-context that provides the URL as well as the principal used to
-connect to the server.
When configure an ldap-key-store, you need to specify both the
-dir-context used to connect to the LDAP server as well as how to
-locate the keystore stored in the LDAP server. At a minimum, this
-requires you specify a search-path.
Once you have defined your ldap-key-store, you can use it in the same
-places where a key-store could be used. For example, you could use an
-ldap-key-store when configuring HTTPS and Two-Way HTTPS for
-applications.
-
-
-
-
-
4.3.9. Using a filtering-key-store
-
-
A filtering-key-store allows you to expose a subset of aliases from an
-existing key-store, and use it in the same places you could use a
-key-store. For example, if a keystore contained alias1, alias2,
-and alias3, but you only wanted to expose alias1 and alias3, a
-filtering-key-store provides you several ways to do that.
When you configure a filtering-key-store, you specify which
-key-store you want to filter and the alias-filter for filtering
-aliases from the key-store. The filter can be specified in one of the
-following formats:
-
-
-
-
-
alias1,alias3, which is a comma-delimited list of aliases to expose.
-
-
-
ALL:-alias2, which exposes all aliases in the keystore except the
-ones listed.
-
-
-
NONE:+alias1:+alias3, which exposes no aliases in the keystore
-except the ones listed.
-
-
-
-
-
This example uses a comma-delimted list to expose alias1 and alias3.
Once you have defined your filtering-key-store, you can use it in the
-same places where a key-store could be used. For example, you could
-use a filtering-key-store when configuring HTTPS and Two-Way HTTPS for
-applications.
-
-
-
-
-
4.3.10. Reload a Keystore
-
-
You can reload a keystore configured in WildFly from the management CLI.
-This is useful in cases where you have made changes to certificates
-referenced by a keystore.
-
-
-
To reload a keystore.
-
-
-
-
/subsystem=elytron/key-store=httpsKS:load
-
-
-
-
-
4.3.11. Reinitialize a Key Manager
-
-
You can reinitialize a key-manager configured in WildFly from the management CLI.
-This is useful in cases where you have made changes in certificates provided by keystore
-resource and you want to apply this change to new SSL connections without restarting the server.
-
-
-
If the key-store is file based then it must be loaded first.
-
-
-
-
/subsystem=elytron/key-store=httpsKS:load()
-
-
-
-
To reinitialize a key-manager.
-
-
-
-
/subsystem=elytron/key-manager=httpsKM:init()
-
-
-
-
-
4.3.12. Reinitialize a Trust Manager
-
-
You can reinitialize a trust-manager configured in WildFly from the management CLI.
-This is useful in cases where you have made changes to certificates provided by keystore
-resource and you want to apply this change to new SSL connections without restarting the server.
-
-
-
If the key-store is file based then it must be loaded first.
-
-
-
-
/subsystem=elytron/key-store=httpsKS:load()
-
-
-
-
To reinitialize a trust-manager.
-
-
-
-
/subsystem=elytron/trust-manager=httpsTM:init()
-
-
-
-
-
4.3.13. Check the Content of a Keystore by Alias
-
-
If you add a keystore to the elytron subsystem using the key-store
-component, you can check the keystore’s contents using the alias child
-element and reading its attributes.
The certificate associated with the alias. If the alias
-has a certificate chain this will always be undefined.
-
-
-
certificate-chain
-
The certificate chain associated with the alias.
-
-
-
creation-date
-
The creation date of the entry represented by this
-alias.
-
-
-
entry-type
-
The type of the entry for this alias. Available types:
-PasswordEntry, PrivateKeyEntry, SecretKeyEntry, TrustedCertificateEntry,
-and Other. Unrecognized types will be reported as Other.
-
-
-
-
-
-
4.3.14. Custom Components
-
-
When configuring SSL/TLS in the elytron subsystem, you can provide and
-use custom implementations of the following components:
-
-
-
-
-
key-store
-
-
-
key-manager
-
-
-
trust-manager
-
-
-
client-ssl-context
-
-
-
server-ssl-context
-
-
-
certificate-authority-account
-
-
-
-
-
When creating custom implementations of Elytron components, they must
-present the appropriate capabilities and requirements.
-
-
-
-
4.3.15. Configuring a server SSLContext
-
-
Using the Elytron subsystem, it is possible to configure an SSLContext for use on the server side of a connection.
-
-
-
Adding a server SSLContext takes the general form:
The following attributes can be specified when creating a server-ssl-context:
-
-
-
-
security-domain
-
-
(Optional) A reference to the security-domain to use for authentication during SSL session
-establishment.
-
-
key-manager
-
-
(Optional) A reference to the KeyManager to be used by this SSLContext.
-
-
trust-manager
-
-
(Optional) A reference to the TrustManager to be used by this SSLContext.
-
-
cipher-suite-filter
-
-
(Optional) The filter to be applied to the cipher suites for TLSv1.2 and below made available
-by this SSLContext. The format of this attribute is described in detail in
-org.wildfly.security.ssl.CipherSuiteSelector.fromString(selector).
-The default value is DEFAULT, which corresponds to all known cipher suites that do not have NULL encryption and
-excludes any cipher suites that have no authentication.
-
-
cipher-suite-names
-
-
(Optional) The enabled cipher suites for TLSv1.3. The format of this attribute is a simple colon
-(":") separated list of TLSv1.3 cipher suite names (e.g., TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256).
-This attribute must be specified in order for TLSv1.3 to be enabled.
-
-
protocols
-
-
(Optional) A space separated list of the protocols to be supported by this SSLContext. The default value
-is TLSv1 TLSv1.1 TLSv1.2 TLSv1.3. Note that the TLSv1.3 protocol will only be usable when running against JDK 11 or
-higher.
-
-
want-client-auth
-
-
(Optional) To request (but not to require) a client certificate on SSL handshake. If a
-security-domain is configured and supports X509 evidence, this will be set to true automatically. Ignored when
-need-client-auth is set. The default value is false.
-
-
need-client-auth
-
-
(Optional) If true, a client certificate is required on SSL handshake. A connection without a
-trusted client certificate will be rejected. The default value is false.
-
-
authentication-optional
-
-
(Optional) Rejection of the client certificate by the configured security-domain will not
-prevent the connection. This allows a fall through to use other authentication mechanisms (like form login) when the
-client certificate is rejected by the
-security-domain. This has an effect only when the security-domain is configured. The default value is false.
-
-
use-cipher-suites-order
-
-
(Optional) If true, the cipher suites order defined on the server will be used. If false,
-the cipher suites order presented by the client will be used. The default value is true.
-
-
provider-name
-
-
(Optional) The name of the provider to use. If not specified, all providers from providers will be
-passed to the SSLContext.
-
-
providers
-
-
(Optional) The name of the providers to obtain the Provider[] to use to load the SSLContext.
-
-
maximum-session-cache-size
-
-
(Optional) The maximum number of SSL sessions to be cached. The default value -1
-indicates that the JVM default value should be used. A value of 0 means there is no limit.
-
-
session-timeout
-
-
(Optional) The timeout for SSL sessions. The default value -1 indicates that the JVM default value
-should be used. A value of 0 means there is no limit.
-
-
wrap
-
-
(Optional) If true, the returned SSLEngine, SSLSocket, and SSLServerSocket instances will be wrapped to
-protect against further modification. The default value is false.
-
-
pre-realm-principal-transformer
-
-
(Optional) A principal transformer to apply before the realm is selected.
-
-
post-realm-principal-transformer
-
-
(Optional) A principal transformer to apply after the realm is selected.
-
-
final-principal-transformer
-
-
(Optional) A final principal transformer to apply for this mechanism realm.
-
-
realm-mapper
-
-
(Optional) The realm mapper to be used for SSL authentication.
-
-
-
-
-
-
4.3.16. Configuring a client SSLContext
-
-
Using the Elytron subsystem, it is possible to configure an SSLContext for use on the client side of a connection.
-
-
-
Adding a client SSLContext takes the general form:
The following attributes can be specified when creating a client-ssl-context:
-
-
-
-
key-manager
-
-
(Optional) A reference to the KeyManager to be used by this SSLContext.
-
-
trust-manager
-
-
(Optional) A reference to the TrustManager to be used by this SSLContext.
-
-
cipher-suite-filter
-
-
(Optional) The filter to be applied to the cipher suites for TLSv1.2 and below made available
-by this SSLContext. The format of this attribute is described in detail in
-org.wildfly.security.ssl.CipherSuiteSelector.fromString(selector).
-The default value is DEFAULT, which corresponds to all known cipher suites that do not have NULL encryption and
-excludes any cipher suites that have no authentication.
-
-
cipher-suite-names
-
-
(Optional) The enabled cipher suites for TLSv1.3. The format of this attribute is a simple colon
-(":") separated list of TLSv1.3 cipher suite names (e.g., TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256).
-This attribute must be specified in order for TLSv1.3 to be enabled.
-
-
protocols
-
-
(Optional) A space separated list of the protocols to be supported by this SSLContext. The default value
-is TLSv1 TLSv1.1 TLSv1.2 TLSv1.3. Note that the TLSv1.3 protocol will only be usable when running against JDK 11 or higher.
-
-
provider-name
-
-
(Optional) The name of the provider to use. If not specified, all providers from providers will be
-passed to the SSLContext.
-
-
providers
-
-
(Optional) The name of the providers to obtain the Provider[] to use to load the SSLContext.
-
-
-
-
-
WARNING It is possible to use TLSv1.3 with WildFly when running against JDK 11 or higher. However, if JDK 11
-is in use and if there is a very large number of TLSv1.3 requests being made, it is possible that a drop in
-performance (throughput and response time) will occur compared to TLSv1.2. Upgrading to newer JDK versions
-should improve performance. For this reason, the use of TLSv1.3 is currently disabled by default. TLSv1.3 can
-be enabled by configuring the new cipher-suite-names attribute in the SSL Context resource definition in the
-Elytron subsystem as described in the previous two sections. It is recommended to test for performance
-degradation prior to enabling TLSv1.3 in a production environment. See WFWIP-160
-for more details.
-
-
-
Note: When using TLSv1.3, it is important to keep in mind that session IDs have become essentially obsolete.
-This means that the session ID can no longer reliably be used to test if a session was resumed. Instead,
-creation time can be used to test if a session was resumed. Currently, clients need to read from the server after
-the first handshake in order to receive the NewSessionTicket that can be used for resumption. However, this may
-change once JDK-8209953 is resolved.
-
-
-
-
4.3.17. Configuring SSLv2Hello
-
-
Older JDK versions use SSLv2Hello during the initial SSL handshake message
-where the SSL/TLS version that will be used for the rest of the communication is
-negotiated.
-
-
-
Using SSLv2Hello is discouraged, therefore newer JDK versions disable this protocol
-on the client by default. However, they do provide the ability to re-enable it if necessary.
-
-
-
SSLv2Hello can be configured as a supported protocol for the server SSL context as follows:
SSLv2Hello cannot be configured by itself, as its purpose is to determine
-which encryption protocols are supported by the server it connects to. It always
-needs to be configured along side another encryption protocol.
-
-
-
Additionally, IBM JDK does not support specifying SSLv2Hello in its client, although a
-server side connection always accepts this protocol.
-
-
-
-
-
-
-
4.3.18. Default SSLContext
-
-
Many libraries that can be used within deployments may require SSL configuration for any connections they establish, these libraries tend to be configurable by the caller or if no configuration is provided fall back to using the default SSLContext for the process available from: -
-
-
-
-
javax.net.ssl.SSLContext.getDefault();
-
-
-
-
By default this SSLContext is configured using system properties, however within the WildFly Elytron subsystem it is possible to specify that one of the configured contexts should be associated and used as the default.
-
-
-
To make use of this feature configure your SSLContext as normal, the following command can then be used to specify which SSLContext should be used as the default.
As existing services and deployments could have cached the default SSLContext prior to this being set a reload is required to ensure the default gets set before the deployments are activated.
-
-
-
-
:reload
-
-
-
-
Note: If the default-ssl-context attribute is subsequently 'undefined' the standard APIs do not provide us with a mechanism to revert the default so in this situation the Java process would need be restarted.
Using the WildFly Elytron subsystem it is possible to configure an SSL context which supports SNI. By supporting SNI if an SNI host name is available whilst the SSLSession is being negotiated a host specific SSLContext will be selected. If no host specific SSLContext is identified either because no host name was received or because there is no match a default SSLContext will be used instead. By identifying a host specific SSLContext it means that a certificate appropriate for that host can be used.
-
-
-
The following command demonstrates how an SNI aware SSLContext can be added: -
This example assumes that three SSLContexts have been previously defined following the steps available previously in this document, those contexts are jboss, localhost, and wildfly.
-
-
-
During negotiation of the SSLSession if the SNI host name received is localhost then the localhost SSLContext will be used, if the SNI host name is wildfly.org then the wildfly SSLContext will be used. If no SNI host name is received or if we receive a name that does not match this will fallback and use the jboss SSLContext.
Within the host-context-map it is also possible to define wildcard mappings such as * and *.wildfly.org.
-
-
-
-
4.3.20. Use the Elytron Subsystem
-
-
For authentication in applications, you can use the
-application-security-domain property in the undertow subsystem to
-configure a security domain in the elytron subsystem.
Security realms in the Elytron subsystem, when used in conjunction with
-security domains, are use for both core management authentication as
-well as for authentication with applications. Security realms are also
-specifically typed based on their identity store, for example
-jdbc-realm, filesystem-realm, properties-realm, etc.
Examples of adding specific realms, such as jdbc-realm,
-filesystem-realm, and properties-realm can be found in previous
-sections.
-
-
-
-
4.4.2. Create an Elytron Role Decoder
-
-
A role decoder converts attributes from the identity provided by the
-security realm into roles. Role decoders are also specifically typed
-based on their functionality, for example empty-role-decoder,
-simple-role-decoder, custom-role-decoder, and aggregate-role-decoder.
Create an Elytron Role Decoder that makes use of the IP Address of the Remote Client
-
-
A role decoder that is configured on a security realm assigns roles to
-an identity based on attributes provided by the security realm. It is
-also possible to configure a role decoder that makes use of the IP
-address of the remote client when determining the roles associated
-with an identity. As an example, we might want to make use of the IP
-address of the remote client in order to assign a user a particular
-role when establishing a connection to the server from a corporate
-network and a different role when establishing a connection to the
-server from a different network.
-
-
-
Adding a role decoder that makes use of the remote client’s IP
-address takes the general form:
In particular, a source-address-role-decoder has the following attributes:
-
-
-
-
-
source-address - The IP address of the remote client.
-
-
-
pattern - A regular expression that specifies the IP address to match.
-
-
-
roles - The list of roles to assign if the source IP address matches the given address.
-
-
-
-
-
Only one of source-address and pattern should be specified.
-
-
-
For example, the following source-address-role-decoder could be configured to specify
-that a user should be assigned the "Administrator" role when establishing a connection
-to the server from the 10.10.10.10 IP address:
The above example configures a security domain with a source address role decoder that
-will assign the "Administrator" role when the IP address of the remote client matches
-the configured address and a simple permission mapper that only assigns the
-"LoginPermission" if the identity has the "Administrator" role. Thus, authentication
-will succeed if the IP address of the remote client matches the configured address.
-
-
-
It is also possible to configure an aggregate-role-decoder. This consists of
-two or more role-decoder elements where each element is a reference to a configured
-role decoder. Each role decoder will be applied and the returned value will be a union of
-the roles returned by each decoder.
where permissions consists of a set of permissions, where each permission has the following attributes:
-
-
-
-
-
class-name is the fully qualified class name of the permission. This is the only permission attribute that is required.
-
-
-
module is the optional module to use to load the permission.
-
-
-
target-name is the optional target name to pass to the permission as it is constructed.
-
-
-
action is the optional action to pass to the permission as it is constructed.
-
-
-
-
-
-
4.4.4. Create an Elytron Permission Mapper
-
-
In addition to roles being assigned to a identity, permissions may also
-be assigned. A permission mapper assigns permissions to an identity.
-Permission mappers are also specifically typed based on their
-functionality, for example logical-permission-mapper,
-simple-permission-mapper, and custom-permission-mapper.
-
-
-
Adding a permission mapper takes the general form:
A role mapper maps roles after they have been decoded to other roles.
-Examples include normalizing role names or adding and removing specific
-roles from principals after they have been decoded. Role mappers are
-also specifically typed based on their functionality, for example
-add-prefix-role-mapper, add-suffix-role-mapper, and
-constant-role-mapper.
Security domains in the Elytron subsystem, when used in conjunction with
-security realms, are use for both core management authentication as well
-as for authentication with applications.
An authentication factory is an authentication policy used for specific
-authentication mechanisms. Authentication factories are specifically
-based on the authentication mechanism, for example
-http-authentication-factory and
-sasl-authentication-factory and kerberos-security-factory.
-
-
-
Adding an authentication factory takes the general form:
Elytron subsystem provides a specific resource definition that can be
-used to configure a default ruby Policy provider. The subsystem allows
-you to define multiple policy providers but select a single one as the
-default:
4.4.9. Create an Elytron Case Principal Transformer
-
-
Principal transformers can take a name and map it to another representation of the name or perform
-some normalisation. A case-principal-transformer converts a principal to upper or lower case.
-As an example, we might want to convert our principal to upper case if the identities in our realm
-are stored in upper case.
-
-
-
Adding a case-principal-transformer that converts a principal to upper/lower case takes the
-general form:
In particular, a case-principal-transformer has the following attribute:
-
-
-
-
-
upper-case - A boolean value to indicate whether the principal should be converted to upper case.
-Indicating false for this attribute converts the principal to lower case.
-
-
-
-
-
For example, the following case-principal-transformer could be configured to specify that
-a principal should be transformed to lower case:
The primary responsibility of a security realm is the ability to load identities with associated attributes, these identities are then used within the authentication process for credential validation and subsequently wrapped to represent the SecurityIdentity instances using within applications for authorization.
-
-
-
Generally a security realm operates in one of three modes, in the first mode on loading an identity from its store the security realm also loads one or more credential representations from the store and holds these within the identity. During authentication the credentials within the identity can be used to verify the connection attempt. The reason multiple credentials are loaded is because specific types may be applicable to specific mechanisms so an appropriate credential representation can be selected at the time of authentication.
-
-
-
In the second mode the identity is loaded as in the first mode however no credentials are loaded, in this mode evidence can be passed in to the identity for verification. This mode is sometimes the only mode available where it is not possible to load the representation of a credential from its store.
-
-
-
In the third mode evidence is passed to the security realm and used to construct the resulting identity, this mode is predominantly used with certificate and token based authentication mechanisms where the verified certificate or token can be used to construct the resulting identity.
-
-
-
Once an identity has been loaded for authorization decisions the identity will have a set of associated attributes, these will subsequent be mapped using role decoders, role mappers, and permission mappers as required for identity specific authorization decisions.
-
-
-
-
4.5.2. Aggregate Security Realm
-
-
The aggregate security realm allows for two or more security realms to be aggregated into a single security realm allowing one to be used during the authentication steps and one or more to be used to assemble the identity used for authorization decisions and aggregating any associated attributes.
-
-
-
The aggregate-realm resource contains the following attributes: -
-
-
-
-
-
authentication-realm - This realm use used to load the credentials of the identity or perform evidence verification.
-
-
-
authorization-realm - The realm to use to load the identities attributes used for authorization.
-
-
-
authorization-realms - A list of one or more realms to use to load the identities attributes and aggregate into a single set of attributes.
-
-
-
principal-transformer - A principal transformer that can be used to transform the principal after loading the credentials
-for authentication but before loading the identities attributes for authorization. This attribute is optional.
-
-
-
-
-
-
-
-
-
-
-authorization-realm and authorization-realms are mutually exclusive so exactly one of these must be specified.
-
-
-
-
-
-
Defining a Simple Aggregation
-
-
Assuming two realms properties-realm and jdbc-realm already exist an aggregate-realm combining these two can be created with the following command.
Where this realm is used the properties-realm will be used to load an identity’s credentials and the jdbc-realm will be used to load the attributes for the identity.
-
-
-
The following command is exactly the same except the authorization-realms attribute is used instead.
The following command will reference a principal transformer defined in the mappers configuration to be used to transform the principal
-after authentication.
If a third realm ldap-realm also exists that shoud also be used for the loading of attributes an aggregate-realm can be defined using the following command: -
As before the properties-realm will be used to load the identity’s credentials or perform evidence verification but the attributes for the identity will be loaded both from the jdbc-realm and ldap-realm then combined together.
-
-
-
The approach taken to combine attributes makes use of the first instance of each attribute, if the same attribute is loaded by multiple realms only the first occurrence will be used. Later occurrences of an existing attribtue will be ignored.
-
-
-
As an example if the following attributes were loaded from the jdbc-realm: -
The filesystem security realm is a security realm developed to support storing of identities in a filesystem with the option of associating multiple credentials and multiple attributes with each identity. Both credentials and attributes can contain multiple values.
-
-
-
Create and Populate Filesystem Security Realm
-
-
Every identity is stored in an XML file where the name of the file is the name of the identity. It is sufficient to just specify the path to the directory where identity files will be stored. There are other optional attributes.
-
-
-
-
-
path The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path.
-
-
-
relative-to If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.
-
-
-
levels The number of levels of directory hashing to apply. When this attribute is set to positive value, filesystem realm will store identities in directory structure where the name of subdirectories will be derived from first characters of identity name. For example, location of identity named "alex" could be a/l/alex.xml. This is useful not only because some filesystems can limit the amount of files that can be stored in a single directory, but also for performance reasons, because that might be influenced by the number of entries in a single directory as well. Default value is 2.
-
-
-
encoded When encoding is set to true, the identity names will be BASE32 encoded before they are used as filenames. This is beneficial, because some filesystems are case-insensitive or might restrict set of characters allowed in a filename. Default value is true.
-
-
-
hash-encoding specifies the string format for the password if it is not stored in plain text. Set to BASE64 bt default, but HEX is also supported.
-
-
-
hash-charset specifies the character set to use when converting the password string to a byte array. Set to UTF-8 by default.
-
-
-
credential-store specifies the credential store where the secret key is stored if the filesystem realm is to be encrypted. This attribute is optional.
-
-
-
secret-key specifies the alias of the secret key that is stored in the previously specified credential store. This attribute is optional.
-
-
-
key-store specifies the key store where the key pair is stored if the integrity is to be enabled on the filesystem realm. This attribute is optional.
-
-
-
key-store-alias specifies the alias of the key pair that is stored in the previously specified key store. This attribute is optional.
-
-
-
-
-
Filesystem security realm can be added with WildFly management CLI or with Elytron API.
-
-
-
WildFly management CLI
-
-
The following command creates realm with name fsRealm that resides in directory fs-realm-users inside the base configuration directory defined by jboss.server.config.dir property. The levels number is 2 and encoded value is true.
-The charset is UTF-8 and the string encoding is BASE64.
-
-
-
The credential-store being referenced is called mycredstore and the alias of the secret-key in that credential-store is key. The secret key will be used to encrypt and decrypt the filesystem realm.
-
-
-
The key-store being referenced is called keystore and the alias of the key pair in that key-store is localhost. The localhost key pair will be used to sign identity files and verify the pre-existing signatures to ensure that the filesystem realm has not been tampered with.
-Although identities stored within the same realm can be hashed using different algorithms, they are all
-hashed using the same character set and stored using the same string encoding across the whole realm.
-
-
-
-
-
-
To add identity with the name "alex" to this filesystem realm:
It’s possible to update the key-store or key-store-alias to use for integrity checking using the update-key-pair command as shown below. These commands will also update the signature in any existing identity files.
When creating filesystem realm with Elytron API, you can specify name rewriter in the constructor. The name rewriter will be applied to identity names to transform them from one form to another. It can be used to normalize the case, trim extra whitespaces, map one naming scheme to another, remove realm component from identity name (e.g. "user@realm" to "user") or to perform validation step on the syntax of the name.
-
-
-
To enable encryption for a filesystem realm programmatically, you can specify a SecretKey when instantiating the realm.
-
-
-
To enable integrity for the filesystem realm programmatically, you can specify a PublicKey and PrivateKey when instantiating the realm.
-
-
-
A org.wildfly.security.auth.realm.FileSystemSecurityRealm can be instantiated using a builder() method as shown in the example below.
org.wildfly.security.auth.server.NameRewriter.IDENTITY_REWRITER is a simple identity name rewriter that does no rewriting. You can implement the NameRewriter interface and use your own rewriter.
-
-
-
Class org.wildfly.security.auth.principal.NamePrincipal represents principal comprised of a simple name. Handle for the identity can be obtained by passing the NamePrincipal instance to the getRealmIdentity or getRealmIdentityForUpdate method. Received identity for the given principal might or might not exist in the filesystem realm. Method exists can be called to check whether the received identity exists. If it does not, you cannot modify its credentials or attributes.
-
-
-
To add non existent identity to the filesystem realm, create method must be called. After this call, credentials and roles of this identity are empty. The exception will be thrown if method create is called on an existing identity.
Note: Operation set-password` replaces any existing credential(s) with the new value.
-
-
-
-
Programmatic approach
-
-
When using Elytron API, working with passwords require interaction with the org.wildfly.security.password.PasswordFactory API. Here is the simplest example that will store password in clear text in identity’s file. Examples on how to work with other types of passwords can be found in Passwords section of this documentation.
To update attributes you can use ModifiableRealmIdentity instance. Class org.wildfly.security.authz.MapAttributes represents collection of attributes backed by java.util.Map:
Converting legacy properties file into Filesystem realm
-
-
WildFly can use authentication with a properties file based identity store. One properties file maps users to passwords and another maps users to roles. You can use Elytron Tool to convert these properties files into a filesystem realm. Below is an example of how to run this tool from the command line:
This command creates new filesystem realm with users taken from users.properties file and roles taken from roles.properties file. Script example-fs-realm.sh that contains the commands for WildFly CLI is generated as well. The script adds this filesystem realm to the Elytron subsystem and also adds new security domain that uses this filesystem realm as a default realm.
-
-
-
-
Converting an unencrypted filesystem realm into an encrypted filesystem realm
-
-
It is possible to convert an unencrypted filesystem realm into an encrypted one using the Elytron Tool. In particular, the filesystem-realm-encrypt command can be used as shown below:
This command creates a new filesystem realm by taking the existing filesystem realm from the specified input location, ./standalone/configuration/fs-realm-plain, and encrypting its contents using the secret key with alias key from the specified credential store, ./mycredstore.cs. The new filesystem realm is stored in the specified output location, ./standalone/configuration/fs-realm-enc.
-
-
-
A .cli script will also be generated at the root of the filesystem realm. The script contains WildFly CLI commands that can be used to configure a secret-key-credential-store resource and a filesystem-realm resource in the Elytron subsystem that makes use of the newly encrypted realm content.
-
-
-
-
-
4.5.4. JDBC Security Realm
-
-
The JDBC security realm is a security realm developed to support loading identities from a database with the option of multiple credentials and multiple attributes each with the option of containing multiple values.
-
-
-
When defining the JDBC security realm one or more principal queries can be defined, each of these can load a credential and / or attributes for the resulting identity. Each defined principal query is associated with it’s own datasource, this means quite a complex configuration can be created loading the different aspects of an identity from multiple locations.
-
-
-
Each of the examples documented within this section will be making use of pre-configured datasources, please refer to the datasources subsystem documentation for more information relating to how to define datasources.
-
-
-
Loading a Single Clear Text Password
-
-
The simplest configuration is to load a clear text password for an identity. This approach would not be recommended at all in a production set up, however it does make a suitable starting point to illustrate how the JDBC security realm can be configured.
-
-
-
Table 4. Example Table
-
-
-
-
-
-
-
NAME
-
PASSWORD
-
-
-
-
-
test
-
myPassword
-
-
-
-
-
A JDBC security realm can be defined as: -
-
-
-
-
/subsystem=elytron/jdbc-realm=demo-realm:add(
- principal-query=[{data-source=Identities,
- sql="select PASSWORD from IDENTITIES where NAME = ?",
- clear-password-mapper={password-index=1}}])
-
-
-
-
This realm is defined within a single principal-query against the Identities datasource. For the user test the result of the query would be: -
-
-
-
Table 5. Query Results
-
-
-
-
-
-
1
-
-
-
-
-
myPassword
-
-
-
-
-
The principal query can be defined with password mappers which define which columns should be used to construct the password for the identity being loaded, in this example a clear-password-mapper is used: -
-
-
-
-
clear-password-mapper={password-index=1}
-
-
-
-
-
-
-
-
-
-The index of the first column is 1
-
-
-
-
-
-
-
Alternative Password Mappers
-
-
The WildFly Elytron project supports a variety of password types as described within Passwords, some of these password types require multiple values to be loaded from the database to reconstruct the password so alternative password mappers are made available. More than one password mapper can be defined on a single principal-query to support loading multiple passwords simultaneously.
-
-
-
-
-
-
-
-
-Where the various password mappers load encoded representations of passwords and salts from the database these can either be encoded using Base64 or Hexadecimal, by default unless specified Base64 is assumed.
-
-
-
-
-
-
clear-password-mapper
-
-
This mapper is used to load a clear text password directly from the database.
-
-
-
The following attribute is supported for this password mapper: -
-
-
-
-
-
password-index - The index of the column containing the clear text password.
-
-
-
-
-
-
bcrypt-password-mapper
-
-
The bcrypt-password-mapper can be used for passwords to be loaded using the bcrypt algorithm, as an iterated salted password type the iteration count and salt are also loaded from the database query.
-
-
-
-
-
password-index - The index of the column containing the encoded password.
-
-
-
hash-encoding - The encoding of the hash, either base64 or hex.
-
-
-
salt-index - The index of the column containing the encoded salt.
-
-
-
salt-encoding - The encoding of the salt, either base64 or hex.
-
-
-
iteration-count-index - The index of the column containing the iteration count.
-
-
-
-
-
-
modular-crypt-mapper
-
-
The modular-crypt-mapper can be used for passwords encoded using modular crypt, this encoding allows for multiple pieces of information to be encoded in single String such as the password type, the hash or digest, the salt, and the iteraction count.
-
-
-
Information on how to encode and decode modular crypt representations can be seen in Modular Crypt Encoding.
-
-
-
The following attribute is supported for this password mapper: -
-
-
-
-
-
password-index - The index of the column containing the modular crypt encoded password.
-
-
-
-
-
-
salted-simple-digest-mapper
-
-
The salted-simple-digest-mapper supports the password types hashed with a salt as described in Salted Digest, for this type of password the encoded form of the password is loaded in addition to the salt.
-
-
-
-
-
algorithm - The algorithm of the password type, the supported values are listed at Salted Digest.
-
-
-
password-index - The index of the column containing the encoded password.
-
-
-
hash-encoding - The encoding of the hash, either base64 or hex.
-
-
-
salt-index - The index of the column containing the encoded salt.
-
-
-
salt-encoding - The encoding of the salt, either base64 or hex.
-
-
-
-
-
-
simple-digest-mapper
-
-
The simple-digest-mapper supports the loading of passwords which have been simply hashed without any salt as described in Simple Digest.
-
-
-
-
-
algorithm - The algorithm of the password type, the supported values are listed at Simple Digest.
-
-
-
password-index - The index of the column containing the encoded password.
-
-
-
hash-encoding - The encoding of the hash, either base64 or hex.
-
-
-
-
-
-
scram-mapper
-
-
The scram-mapper supports the loading of SCRAM passwords which use both a salt and an interation count as described in Scram.
-
-
-
-
-
algorithm - The algorithm of the password type, the supported values are listed at Scram.
-
-
-
password-index - The index of the column containing the encoded password.
-
-
-
hash-encoding - The encoding of the hash, either base64 or hex.
-
-
-
salt-index - The index of the column containing the encoded salt.
-
-
-
salt-encoding - The encoding of the salt, either base64 or hex.
-
-
-
iteration-count-index - The index of the column containing the iteration count.
-
-
-
-
-
-
-
Hash Character Sets
-
-
The various password mappers allow loading multiples values from the database to hash the client provided password in order
-to compare against the password stored in the database.
-
-
-
The JDBC realm supports specifying the character set via the attribute hash-charset to use when converting
-the client provided password string to a byte array. This is useful when our database is storing
-hashed passwords using a charset other than UTF-8, as the JDBC realm assumes that is the charset being used by default.
-
-
-
-
-
-
-
-
-Although more than one password mapper can be defined on a single principal-query, only one hash-charset
-can be defined across the whole realm.
-
-
-
-
-
-
For example, the following JDBC realm is configured using the GB2312 charset:
-
-
-
-
/subsystem=elytron/jdbc-realm=exampleDbRealm:add(principal-query=[{sql="SELECT password FROM all_users WHERE user=?",data-source=exampleDS,simple-digest-mapper={algorithm=password-salt-digest-md5,password-index=1}}])
-
-
-
-
-
Using a Hashed Password Representation
-
-
The same approach can be taken for all hashed password representations, for illustration purposes this section will illustrate how a bcrypt password can be prepared to be stored in a database and the subsequent realm configuration to make use of it. Examples uising the APIs for the different password types can be found in the Passwords section of this documentation.
-
-
-
The following example takes the password myPassword, generates a random salt an produces a bcrypt representation of the password.
-It is worth noting that as the hash-encoding and salt-encoding are specified separately one could use Base64 whilst the other uses hexadecimal.
-
-
-
-
-
-
-
Loading Passwords from Different Queries / Datasources
-
-
It is also possible to combine both of the example so far and define two separate principal-query instances to attempt to load both password types from different locations.
-
-
-
Here is an example configuration loading a clear text password from one datasource / table and loading a bcrypt password from a second datasource / table.
-
-
-
-
/subsystem=elytron/jdbc-realm=demo-realm:add(
- principal-query=[
- {data-source=LegacyIdentities,
- sql="select PASSWORD from LEGACY_IDENTITIES where NAME = ?",
- clear-password-mapper={password-index=1}},
- {data-source=NewIdentities,
- sql="select PASSWORD, SALT, ITERATION_COUNT from NEW_IDENTITIES where NAME = ?",
- bcrypt-mapper={password-index=1, salt-index=2, iteration-count-index=3}}
- ])
-
-
-
-
-
-
-
-
-
-It is not required that the identity is found from both of the queries, this can be useful in situations where identities are being migrated from one location to another or for aggregating two together.
-
-
-
-
-
-
-
Loading Attributes
-
-
The examples so far have focussed on the loading of passwords from the database, the principal queries can also be used to load attributes for the resulting identities.
-
-
-
The loading of attributes can either be defined to happen within the principal queries being used to load the passwords or attribute specific principal queries can be defined, as each principal-query can be defined with it’s own datasource reference this means attributes can also be loaded from alternative locations.
-
-
-
The loaded attributes can then be used for mapping to roles and permissions which should be granted to the identity or they can be obtained programatically within the deployment to identify information about the currently authenticated identity.
-
-
-
Loading Attributes with Passwords
-
-
For single valued attributes these can often be loaded using the same principal-query used to load an identities password, as an example if an identities e-mail address or department is to be loaded from the database these can be loaded at the same time as the password.
This means the contents of column 2 will be mapped to the email attribute and the contents of column 3 will be mapped to the department attribute.
-
-
-
-
Loading Attributes Separately.
-
-
For multi-valued attributes such as a list of groups it can often make sense to define a separate principal query.
-
-
-
A list of groups could be represented as follows in a table.
-
-
-
Table 10. Example Table
-
-
-
-
-
-
-
NAME
-
TEAM
-
-
-
-
-
test
-
Users
-
-
-
test
-
Supervisors
-
-
-
-
-
A realm can now be defined with a second principal query to load the groups into an attribute.
-
-
-
-
/subsystem=elytron/jdbc-realm=demo-realm:add(
- principal-query=[
- {data-source=Identities,
- sql="select PASSWORD from IDENTITIES where NAME = ?",
- clear-password-mapper={password-index=1}
- },{data-source=Identities,
- sql="select TEAM from MEMBERSHIP where NAME = ?",
- attribute-mapping=[{index=1, to=groups}]
- }])
-
-
-
-
Within this definition the second principal-query will load the attribute groups: -
-
-
-
-
{data-source=Identities,
- sql="select TEAM from MEMBERSHIP where NAME = ?",
- attribute-mapping=[{index=1, to=groups}]
-}
-
-
-
-
For the user test the results would be: -
-
-
-
Table 11. Query Results
-
-
-
-
-
-
1
-
-
-
-
-
Users
-
-
-
Supervisors
-
-
-
-
-
The end result would be that the identity contains the attribute groups with the values Users, and Supervisors
The jaas-realm resource contains the following attributes: -
-
-
-
-
-
entry JAAS configuration file entry name
-
-
-
path Path to the JAAS configuration file. You can also specify the location of the configuration with java system property "java.security.auth.login.config" or with java security property "login.config.url"
-
-
-
relative-to Optional base folder for the path.
-
-
-
module The WildFly module with Login Module implementations and Callback Handler implementation.
-
-
-
callback-handler Callback handler to use with the Login Context. Security property "auth.login.defaultCallbackHandler" can be used instead. The default callback handler of the realm will be used if none of these are defined.
-
-
-
-
-
All attributes but entry are optional.
-
-
-
Example of jaas-realm configuration via WildFly CLI:
Login Modules use Subjects to represent the user currently being authenticated. Subject’s
-principals are mapped to user’s attributes with the following rule:
-
-
-
-
-
key of the attribute is principal’s simple classname, so the value of principal.getClass().getSimpleName())
-
-
-
value is principal’s name, so the result of principal.getName() call. For principals of the same type / key, the values will be appended to the collection under this attribute key.
-
-
-
-
-
Attributes can be used to associate roles in the Elytron subsystem. Roles is the default attribute name used for this purpose. You can configure a role-decoder to use a different attribute. This means you can add roles to authenticated user by associating principals with the Subject in a Login Module imlpementations.
-
-
-
-
-
-
-
-
5. Using Elytron within WildFly
-
-
-
5.1. Using the Out of the Box Elytron Components
-
-
5.1.1. Securing Management Interfaces
-
-
You can find more details on the enabling WildFly to use the out of the
-box Elytron components for securing the management interfaces in the
-Default
-Management Authentication Configuration section.
-
-
-
-
5.1.2. Securing Applications
-
-
The elytron subsystem provides application-security-domain by
-default which can be used to secure applications. For more details on
-how application-security-domain is configured, see the
-Default
-Application Authentication Configuration section.
WildFly does provide a default one-way SSL/TLS configuration using the
-legacy core management authentication but does not provide one in the
-elytron subsystem. You can find more details on configuring SSL/TLS
-using the elytron subsystem for both the management interfaces as well
-as for applications in
-Configure
-SSL/TLS
-
-
-
-
5.1.4. Using Elytron with Other Subsystems
-
-
In addition to securing applications and management interfaces, Elytron
-also integrates with other subsystems in WildFly.
-
-
-
-
-
-
-
-
-
Subsystem
-
Details
-
-
-
-
-
batch-jberet
-
You can configure the batch-jberet to run batch jobs
-using an Elytron security domain.
-
-
-
datasources
-
You can use a credential store or an Elytron security
-domain to provide authentication information in a datasource definition.
-
-
-
messaging-activemq
-
You can secure remote connections to the remote
-connections used by the messaging-activemq subsystem.
-
-
-
iiop-openjdk
-
You can use the elytron subsystem to configure SSL/TLS
-between clients and servers using the iiop-openjdk subsystem.
-
-
-
mail
-
You can use a credential store to provide authentication
-information in a server definition in the mail subsystem.
-
-
-
undertow
-
You can use the elytron subsystem to configure both SSL/TLS
-and application authentication.
-
-
-
-
-
-
-
5.2. Undertow Subsystem
-
-
As a web application is deployed the name of the security domain required by that application will be identified, this will either be from within the deployment or if the deployment does not have a security domain the default-security-domain as defined on the Undertow subsystem will be assumed. An application-security-domain resource can be added to the Undertow subsystem which maps from the name of the security domain required by the application to the appropriate WildFly Elytron configuration.
-
-
-
As an example in it’s simplest form a mapping can be added as: -
Note: If the deployment was already deployed at this point the
-application server should be reloaded or the deployment redeployed for
-the application security domain mapping to take effect.
-
-
-
Here we are mapping from the applications security domain MyAppSecurity to the WildFly Elytron defined domain ApplicationDomain.
-
-
-
This simple form is suitable where a deployment is using the standard HTTP mechanisms as defined within the Servlet specification i.e. BASIC, CLIENT_CERT, DIGEST, FORM and authentication will be performed against the ApplicationDomain security domain. This form is also suitable where an application is not using any authentication mechanisms and instead is using programatic authentication or even wishes to obtain the SecurityDomain associated with the deployment and use it directly.
-
-
-
An advanced form of the mapping can be added as: -
In this form of the configuration instead of referencing a security domain a http-authentication-factory is referenced instead, this is the factory that will be used to obtain the instances of the authentication mechansisms and is in turn associated with the security domain. The standard mechanisms as defined in the Servlet specification can be used in this way but this approach also allows for other mechanisms to be used such as SPNEGO which requires additional configuration or even plug-in custom mechanism implementations.
-
-
-
When the advanced form of the mapping is used a further configuration option is available: -
-
-
-
-
-
override-deployment-config
-
-
-
-
-
The referenced http-authentication-factory can return a complete set of authentication mechanisms, by default these are filtered to just match the mechanisms requested by the application - if this option is set to true then the mechanisms offered by the factory will override the mechanisms requested by the application. One example of where this could be useful is say an application has been developed to support FORM authentication, by overriding the mechanisms the application could be updated to support SPNEGO, and FORM authentication without any modifications to the deployment.
-
-
-
The application-security-domain resource also has one additional option enable-jacc, if this is set to true JACC will be enabled for any deployments matching against this mapping.
-
-
-
5.2.1. Runtime Information
-
-
Where an application-security-domain mapping is in use it can be useful to double check that deployments did match against it as expected, if the resource is read with include-runtime=true the deployments that are associated with the mapping will also be shown: -
In this output the referencing-deployments attribute shows that the deployment simple-webapp.war has been deployed using this mapping.
-
-
-
-
-
5.3. Jakarta Enterprise Beans Subsystem
-
-
Configuration can be added to the Jakarta Enterprise Beans subsystem to map a security domain
-name referenced in a deployment to an Elytron security domain:
Note: If the deployment was already deployed at this point the
-application server should be reloaded or the deployment redeployed for
-the application security domain mapping to take effect.
-
-
-
An application-security-domain has two main attributes:
-
-
-
-
-
name - the name of the security domain as specified in a deployment
-
-
-
security-domain - a reference to the Elytron security domain that
-should be used
-
-
-
-
-
There is another attribute called legacy-compliant-principal-propagation.
-If it is set to true and there is no incoming run-as identity,
-then the principal of the local unsecured bean is the current authenticated identity. This was the case
-for legacy PicketBox security. If this attribute is set to false, the behaviour will comply with the Elytron’s previous
-behaviour and if there is no incoming run-as identity then the principal of the local unsecured bean is anonymous.
-This attribute is optional and the default value is true.
-
-
-
When an application security domain mapping is configured for a bean in
-a deployment, this indicates that security should be handled by Elytron.
-
-
-
-
5.4. WebServices Subsystem
-
-
There is adapter in webservices subsystem to make authentication works
-for elytron security domain automatically. Like configure with legacy
-security domain, you can configure elytron security domain in deployment
-descriptor or annotation to secure webservice endpoint.
-
-
-
When Elytron security is enabled, JAAS subject or principal can be pushed
-to jbossws-cxf endpoint’s SecurityContext to propagate authenticated
-identity to Jakarta Enterprise Beans container. Here is a CXF interceptor example to
-propagate authenticated information to Jakarta Enterprise Beans container :
-
-
-
-
publicclassPropagateSecurityInterceptorextends WSS4JInInterceptor {
-
- public PropagateSecurityInterceptor() {
- super();
- getAfter().add(PolicyBasedWSS4JInInterceptor.class.getName());
- }
-
- @Override
- publicvoid handleMessage(SoapMessage message) throws Fault {
- ...
- final Endpoint endpoint = message.getExchange().get(Endpoint.class);
- final SecurityDomainContext securityDomainContext = endpoint.getSecurityDomainContext();
- //push subject principal retrieved from CXF to ElytronSecurityDomainContext
- securityDomainContext.pushSubjectContext(subject, principal, null)
- }
-
-}
-
-
-
-
-
-
-
6. Client Authentication with Elytron Client
-
-
-
WildFly Elytron uses the Elytron Client project to enable remote clients
-to authenticate using Elytron. Elytron Client has the following
-components:
-
-
-
-
-
-
-
-
-
Component
-
Description
-
-
-
-
-
Authentication Configuration
-
Contains authentication information such
-as usernames, passwords, allowed SASL mechanisms, and the security realm
-to use during digest authentication.
-
-
-
MatchRule
-
Rule used for deciding which authentication configuration to
-use.
-
-
-
Authentication Context
-
Set of rules and authentication configurations
-to use with a client for establishing a connection.
-
-
-
-
-
When a connection is established, the client makes use of an
-authentication context, which gives rules that match which
-authentication configuration is used with an outbound connection. For
-example, you could have a rule that use one authentication
-configuration when connecting to server1 and another authentication
-configuration when connecting with server2. The authentication context
-is comprised of a set of authentication configurations and a set of
-rules that define how they are selected when establishing a connection.
-An authentication context can also reference ssl-context and can be
-matched with rules.
-
-
-
To create a client that uses security information when establishing a
-connection:
-
-
-
-
-
Create one or more authentication configurations.
-
-
-
Create an authentication context by creating rule and authentication
-configuration pairs.
-
-
-
Create a runnable for establishing your connection.
-
-
-
Use your authentication context to run your runnable.
-
-
-
-
-
When you establish your connection, Elytron Client will use the set of
-rules provided by the authentication context to match the correct
-authentication configuration to use during authentication.
-
-
-
You can use one of the following approaches to use security information
-when establishing a client connection.
-
-
-
IMPORTANT: When using Elytron Client to make Jakarta Enterprise Beans calls, any hard-coded
-programatic authentication information, such as setting
-Context.SECURITY_PRINCIPAL in the javax.naming.InitialContext, will
-override the Elytron Client configuration.
-
-
-
6.1. The Configuration File Approach
-
-
The configuration file approach involves creating an XML file with your
-authentication configuration, authentication context, and match rules.
The above example shows how the password for authentication can be specified in the clear. However, it’s also possible
-to use a masked password instead.
IMPORTANT: If you use the
-The
-Programmatic Approach, it will override any provided configuration
-files even if the wildfly.config.url system property is set.
-
-
-
When creating rules, you can look for matches on various parameters such
-as hostname, port, protocol, or username. A full list of options for
-MatchRule are available in the
-Javadocs.
-Rules are evaluated in the order in which they are configured.
-
-
-
Common Rules
-
-
-
-
-
-
-
-
-
Rule
-
Description
-
-
-
-
-
match-domain
-
Takes a single name attribute specifying the security
-domain to match against.
-
-
-
match-host
-
Takes a single name attribute specifying the hostname to
-match against. For example, the host 127.0.0.1 would match on
-http://127.0.0.1:9990/my/path .
-
-
-
match-no-user
-
Matches against URIs with no user.
-
-
-
match-path
-
Takes a single name attribute specifying the path to match
-against. For example, the path /my/path/ would match on
-http://127.0.0.1:9990/my/path .
-
-
-
match-port
-
Takes a single name attribute specifying the port to match
-against. For example, the port 9990 would match on
-http://127.0.0.1:9990/my/path .
-
-
-
match-protocol
-
Takes a single name attribute specifying the protocol
-to match against. For example, the protocol http would match on
-http://127.0.0.1:9990/my/path .
-
-
-
match-purpose
-
Takes a names attribute specifying the list of purposes
-to match against.
-
-
-
match-urn
-
Takes a single name attribute specifying the URN to match
-against.
-
-
-
match-user
-
Takes a single name attribute specifying the user
-to match against.
-
-
-
-
-
-
6.2. The Programmatic Approach
-
-
The programatic approach configures all the Elytron Client configuration
-in the client’s code:
-
-
-
-
//create your authentication configuration
-AuthenticationConfiguration adminConfig =
- AuthenticationConfiguration.empty()
- .useProviders(() -> newProvider[] { new WildFlyElytronProvider() })
- .allowSaslMechanisms("DIGEST-MD5")
- .useRealm("ManagementRealm")
- .useName("administrator")
- .usePassword("password1!");
-
-//create your authentication context
-AuthenticationContext context = AuthenticationContext.empty();
-context = context.with(MatchRule.ALL.matchHost("127.0.0.1"), adminConfig);
-
-
-//create your runnable for establishing a connection
-Runnable runnable =
- newRunnable() {
- publicvoid run() {
- try {
- //Establish your connection and do some work
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
- };
-
-//use your authentication context to run your client
-context.run(runnable);
-
-
-
-
The above example shows how the password for authentication can be specified in the clear. However, it’s also possible
-to use a masked password instead.
-
-
-
-
//create your authentication configuration
-AuthenticationConfiguration adminConfig =
- AuthenticationConfiguration.empty()
- .useProviders(() -> newProvider[] { new WildFlyElytronProvider() })
- .allowSaslMechanisms("DIGEST-MD5")
- .useRealm("ManagementRealm")
- .useName("administrator")
- .usePassword("/Nym2s/dssMrabfdIGsZfQ==", null, null, "100", "12345678", null);
-
-//create your authentication context
-AuthenticationContext context = AuthenticationContext.empty();
-context = context.with(MatchRule.ALL.matchHost("127.0.0.1"), adminConfig);
-
-
-//create your runnable for establishing a connection
-Runnable runnable =
- newRunnable() {
- publicvoid run() {
- try {
- //Establish your connection and do some work
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
- };
-
-//use your authentication context to run your client
-context.run(runnable);
-
-
-
-
When adding configuration details to AuthenticationConfiguration and
-AuthenticationContext, each method call returns a new instance of that
-object. For example, if you wanted separate configurations when
-connecting over different hostnames, you could do the following:
This is the same as match-domain
-in the configuration file approach.
-
-
-
matchNoUser()
-
This is the same as match-no-user in the configuration
-file approach.
-
-
-
matchPath(String pathSpec)
-
This is the same as match-path in the
-configuration file approach.
-
-
-
matchPort(int port)
-
This is the same as match-port in the
-configuration file approach.
-
-
-
matchProtocol(String protoName)
-
This is the same as match-port in the
-configuration file approach.
-
-
-
matchPurpose(String purpose)
-
Create a new rule which is the same as
-this rule, but also matches the given purpose name.
-
-
-
matchPurposes(String… purposes)
-
This is the same as match-purpose in
-the configuration file approach.
-
-
-
matchUrnName(String name)
-
This is the same as match-urn in the
-configuration file approach.
-
-
-
matchUser(String userSpec)
-
This is the same as match-user in the
-configuration file approach.
-
-
-
-
-
Also, instead of starting with an empty authentication configuration,
-you can start with the current configured one by using
-captureCurrent().
-
-
-
-
//create your authentication configuration
-AuthenticationConfiguration commonConfig = AuthenticationConfiguration.captureCurrent();
-
-
-
-
Using captureCurrent() will capture any previously established
-authentication context and use it as your new base configuration.
-An authentication context is established once it’s been activated by calling
-run(). If captureCurrent() is called and no context is currently
-active, it will try and use the default authentication if available. You
-can find more details about this in
-The
-Configuration File Approach,
-The
-Default Configuration Approach, and
-Using Elytron Client
-with Clients Deployed to WildFly sections.
-
-
-
Using AuthenticationConfiguration.empty() should only be used as a base
-to build a configuration on top of and should not be used on its own. It
-provides a configuration that uses the JVM-wide registered providers and
-enables anonymous authentication.
-
-
-
When specifying the providers on top of the
-AuthenticationConfiguration.empty() configuration, you can specify a
-custom list, but most users should use WildFlyElytronProvider()
-providers.
-
-
-
When creating an authentication context, using the context.with(…)
-will create a new context that merges the rules and authentication
-configuration from the current context with the provided rule and
-authentication configuration. The provided rule and authentication
-configuration will appear after the ones in the current context.
-
-
-
-
6.3. The Default Configuration Approach
-
-
The default configuration approach relies completely on the
-configuration provided by Elytron Client:
-
-
-
-
//create your runnable for establishing a connection
-Runnable runnable =
- newRunnable() {
- publicvoid run() {
- try {
- //Establish your connection and do some work
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
- };
-
-// run runnable directly
-runnable.run();
-
-
-
-
To provide a default configuration, Elytron Client tries to
-auto-discover a wildfly-config.xml file on the filesystem. It looks in
-the following locations:
-
-
-
-
-
Location specified by the wildfly.config.url system property set
-outside of the client code.
-
-
-
The classpath root directory.
-
-
-
The META-INF directory on the classpath.
-
-
-
-
-
If it does not find one, it will try and use the default
-wildfly-config.xml provided in the
-$WILDFLY_HOME/bin/client/jboss-client.jar.
6.4. Using Elytron Client with Clients Deployed to WildFly
-
-
Clients deployed to WildFly can also make use of Elytron Client. In
-cases where you have included a wildfly-config.xml with your
-deployment or the system property has been set, an
-AuthenticationContext is automatically parsed and created from that
-file.
-
-
-
To load a configuration file outside of the deployment, you can use the
-parseAuthenticationClientConfiguration(URI) method. This method will
-return an AuthenticationContext which you can then use in your client’s
-code using the
-The
-Programmatic Approach.
-
-
-
Additionally, clients will also automatically parse and create an
-AuthenticationContext from the client configuration provided by the
-elytron subsystem. The client configuration in the elytron subsystem
-can also take advantage of other components defined in the elytron
-subsystem such as credential stores. If client configuration is provided
-by BOTH the deployment and the elytron subsystem, the elytron
-subsystem’s configuration is used.
-
-
-
-
6.5. Client configuration using wildfly-config.xml
-
-
Prior to WildFly 11, many WildFly client libraries used different configuration strategies. WildFly 11 introduces a new wildfly-config.xml file which unifies all client configuration in a single place. In addition to being able to configure authentication using Elytron as described in the previous section, a wildfly-config.xml file can also be used to:
-
-
-
6.5.1. Configure Jakarta Enterprise Beans client connections, global interceptors, and invocation timeout
RESTEasy client will automatically load credentials, bearer token and SSL context from wildfly-config.xml. Credentials will be used for HTTP Basic authentication and bearer token for Bearer token authentication.
-Note that WildFly client libraries do have reasonable default configuration. Thus, adding configuration for these clients to wildfly-config.xml isn’t mandatory.
-
-
-
-
-
-
-
-
-
-
7. Elytron and Java Authorization Contract for Containers (JACC)
-
-
-
-This document will guide you on how to enable JACC for your deployments
-using the default policy defined in the Elytron subsystem.
-
-
-
-
7.1. Defining a JACC Policy Provider
-
-
Elytron subsystem provides a built-in policy provider based on JACC
-specification. This policy provider is active by default in the
-default configuration.
-
-
-
-
7.2. Enabling JACC to a Web Deployment
-
-
You can enable JACC to web
-deployments by executing the following command:
The command above defines a default security domain for applications if
-none is provided in jboss-web.xml. In case you already have a
-application-security-domain defined and just want to enable JACC you
-can execute a command as follows:
The command above defines a default security domain for EJBs. In case
-you already have an application-security-domain defined and just want
-to enable JACC you can execute a command as follows:
-References in this document to Java Authorization Contract for Containers (JACC) refer to Jakarta Authorization unless otherwise noted.
- References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
-
-
-
-
-
-
-
-
-
8. Elytron and Java Authentication SPI for Containers (JASPI)
-
-
-
-Starting from WildFly 15 an implementation of the Servlet profile from the Java Authentication SPI for Containers (JSR-196 / JASPI) is also provided by the WildFly Elytron subsystem allowing tighter integration with the security features provided by WildFly Elytron. This JASPI implementation is available out of the box with minimal steps required to use it for deployments, this section of the documentation describes how to make use of it and the features it provides.
-
-
-
-
8.1. Activation
-
-
Presently it is the Servlet profile from the JASPI specification which is supported by this integration, the following information applies to web applications deployed to WildFly.
-
-
-
For the JASPI integration to be enabled for a web application that web application needs to be associated with either an Elytron http-authentication-factory or a security-domain - by doing this the WildFly Elytron security handlers will be installed for the deployment and the WildFly Elytron security framework activated for the deployment. This is all that is required for a deployment to be 'securable' using a JASPI configuration.
-
-
-
Once the WildFly Elytron security framework is activate for a deployment at the time requests are being handled the globally registered AuthConfigFactory will be queried to identify if an AuthConfigProvider has been registered which should be used for that deployment - if an AuthConfigProvider is found then JASPI authentication will be used instead of the deployments authentication configuration. If no AuthConfigProvider is found then the authentication configuration for the deployment will be used instead, this could mean authentication mechanisms from a http-authentication-factory are used or mechanisms specified in the web.xml are used or it could even mean no authentication is performed if the application does not have any mechanisms defined.
-
-
-
Any updates made to the AuthConfigFactory are immediately available, this means that if an AuthConfigProvider is registered which is a match for an existing application it will start to be used immediately without requiring redeployment of the application.
-
-
-
All web applications deployed to WildFly have a security domain which will be resolved in the following order: -
-
-
-
-
-
From the deployment descriptors / annotations of the deployment being deployed.
-
-
-
The value defined on the default-security-domain attribute on the Undertow subsystem.
-
-
-
Default to 'other'.
-
-
-
-
-
We assume that this security domain is a reference to a PicketBox security domain so the final step in activation is ensuring this is mapped to WildFly Elytron using an application-security-domain resource in the Undertow subsystem. This mapping can either reference a WildFly Elytron security domain directly or it can reference a http-authentication-factory resource to obtain instances of authentication mechanisms.
Although this latter form references a http-authentication-factory that in turn will reference a security domain - for both examples the referenced security domain is associated with the deployment.
-
-
-
The minimal steps to enable the JASPI integration are: -
- . Leave the default-security-domain attribute on the Undertow subsystem undefined so it defaults to 'other'.
- . Add an application-security-domain mapping from 'other' to a WildFly Elytron security domain.
-
-
-
All deployments that do not specify their own security domain will be assigned this default mapping automatically which will activate the WildFly Elytron handlers and subsequently make JASPI available for that deployment.
-
-
-
The security domain associated with a deployment in these steps is the security domain that will be wrapped in a CallbackHandler to be passed into the ServerAuthModule instances used for authentication.
-
-
-
8.1.1. Additional Options
-
-
On the application-security-domain resource two additional attributes have been added to allow some further control of the JASPI behaviour.
-
-
-
-
-
enable-jaspi - Can be set to false to disable JASPI support for all deployments using this mapping.
-
-
-
integrated-jaspi - By default all identities are loaded from the security domain, if set to false ad-hoc identities will be created instead.
-
-
-
-
-
-
-
8.2. Subsystem Configuration
-
-
One way to register a configuration which will result in an AuthConfigProvider being returned for a deployment is to register a jaspi-configuration in the Elytron subsystem.
-
-
-
The following command demonstrates how to add a configuration containing two ServerAuthModule definitions: -
The name attribute is just a name that allows the resource to be referenced in the management model.
-
-
-
The layer and application-context attributes are used when registering this configuration with the AuthConfigFactory - both of these attributes can be omitted allowing wildcard matching. The description attribute is also optional and is used to provide a description to the AuthConfigFactory.
-
-
-
Within the configuration one or more server-auth-module instances can be defined with the following attributes.
- * class-name - The fully qualified class name of the ServerAuthModule.
- * module - The module to load the ServerAuthModule from.
- * flag - The control flag to indicate how this module operates in relation to the other modules.
- * options - Configuration options to be passed into the ServerAuthModule on initialisation.
-
-
-
Configuration defined in this way is immediately registered with the AuthConfigFactory so any existing deployments using the WildFly Elytron security framework that match against the layer and application-context will immediately start to make use of the configuration.
-
-
-
-
8.3. Programmatic Configuration
-
-
The APIs defined within the JASPI specification allow for applications to dynamically register custom AuthConfigProvider instances, however the specification does not provide the actual implementations to use or a standard way to create instances of the implementations, the WildFly Elytron project contains a simple utility that can be used by deployments to help with this: -
As an example this code could be executed within the init() method of a Servlet to register the AuthConfigProvider specific for that deployment, in this code example the application context has also been assembled by consulting the ServletContext.
-
-
-
The register method returns the resulting registration ID that can also be used to subsequently remove this registration directly from the AuthConfigFactory.
-
-
-
As with the subsystem configuration this call has an immediate effect and will be live for all web applications using the WildFly Elytron security framework immediately.
-
-
-
-
8.4. Authentication Process
-
-
8.4.1. CallbackHandler
-
-
Based on the configuration on the application-security-domain resource in the Undertow subsystem the CallbackHandler passed to the ServerAuthModule in an integrated or non-integrated mode.
-
-
-
-
8.4.2. Integrated
-
-
When operating in integrated mode although the ServerAuthModule instances will be handling the actual authentication the resulting identity will be loaded from the referenced SecurityDomain using the SecurityRealms referenced by that SecurityDomain, it is still possible in this mode to override the roles that will be assigned within the Servlet container.
-
-
-
The advantage of this mode is that ServerAuthModules are able to take advantage of the WildFly Elytron configuration for the loading of identities so identities stored in usual locations such as databases and LDAP can be loaded without the ServerAuthModule needing to be aware of these locations, additionally other WildFly Elytron configuration can be applied such as role and permission mapping. The referenced SecurityDomain can also be referenced in other places such as for SASL authentication or other non JASPI applications all backed by a common repository of identities.
-
-
-
In this mode the CallbackHandlers operate as follows: -
-
-
-
-
-
PasswordValidationCallback
-
-
-
The username and password will be used with the SecurityDomain to perform an authentication, if successful there is now an authenticated identity.
-
-
-
-
-
CallerPrincipalCallback
-
-
-
This Callback is used to establish the authorized identity / the identity that will be seen once the request reached the web application.
-
-
-
-
-
If an authenticated identity has already been established via the PasswordValidationCallback this Callback is interpreted as a run-as request and authorization checks are performed to ensure the authenticated identity is authorized to run as the identity specified in this Callback. If no authenticated identity has been established by a PasswordValidationCallback it is assumed the ServerAuthModule has handled the authentication step so this Callback will cause the specified identity to be loaded from the SecurityDomain and an authorization check to verify this identity has the LoginPermission.
-
-
-
-
-
If a Callback is received with a null Principal and name then if an authenticated identity has already been established authorization will be performed as that identity, if no identity has been established then authorization of the anonymous identity will be performed. Where authorization of the anonymous identity is performed the SecurityDomain must have been configured to grant the anonymous identity the LoginPermission otherwise authorization will fail.
-
-
-
-
-
GroupPrincipalCallback
-
-
-
By default in this mode the attribute loading, role decoding, and role mapping configured on the security domain will be used to establish the identity - if this Callback is received the groups specified will be taken as the roles that will be assigned to the identity whilst the request is in the servlet container. These roles will be visible in the servlet container only.
-
-
-
-
-
-
-
-
8.4.3. Non Integrated
-
-
When operating in non-integrated mode the ServerAuthModules are completely responsible for all authentication AND identity management, the Callbacks specified in the specification can be used to establish an identity. The resulting identity will be created on the SecurityDomain but it will be independent of any identities stored in referenced SecurityRealms.
-
-
-
The advantage of this mode is that JASPI configurations that are able to 100% handle the identities can be deployed to the application server without requiring anything beyond a simple SecurityDomain definitions, there is no need for this SecurityDomain to actually contain the identities that will be used at runtime. The disadvantage of this mode is that the ServerAuthModule is now reposible for all identity handling potenitally making the implementation much more complex.
-
-
-
In this mode the CallbackHandlers operate as follows: -
-
-
-
-
-
PasswordValidationCallback
-
-
-
The Callback is not supported in this mode, the purpose of this mode is for the ServerAuthModule to operate independently of the referenced SecurityDomain so requesting a password to be validated would not be suitable.
-
-
-
-
-
CallerPrincipalCallback
-
-
-
This Callback is used to establish the Principal for the resulting identity, as the ServerAuthModule is handling all of the identity checking requirements no checks are performed to verify if the identity exists in the security domain and no authorization checks are performed.
-
-
-
-
-
If a Callback is received with a null Principal and name then then the identity will be established as the anonymous identity, as the ServerAuthModule is making the decisions no authorizaton check will be performed with the SecurityDomain.
-
-
-
-
-
GroupPrincipalCallback
-
-
-
As the identity is created in this mode without loading from the SecurityDomain it will by default have no roles assigned, if this Callback is received the groups will be taken and assigned to the resulting identity whilst the request is in the servlet container. These roles will be visible in the servlet container only.
-
-
-
-
-
-
-
-
8.4.4. validateRequest
-
-
During the call to validateRequest on the ServerAuthContext the individual ServerAuthModule instances will be called in the order they are defined. A control flag can also be specified for each module, this defines how the response should be interpreted and if processing should continue to the next auth module or return immediately.
-
-
-
Control Flags
-
-
Where the configuration was provided either within the WildFly Elytron subsystem or using the JaspiConfigurationBuilder API it is possible to associate a control flag with each ServerAuthModule - if one is not specified we assume REQUIRED. The flags have the following meanings depending on their result.
-
-
-
-
-
-
-
-
-
-
Flag
-
AuthStatus.SEND_SUCCESS
-
AuthStatus.SEND_FAILURE, AuthStatus.SEND_CONTINUE
-
-
-
Required
-
Validation will continue to the remaining modules, provided the requirements of the remaining modules are satisfied the request will be allowed to proceed to authorization.
-
Validation will continue to the remaining modules, however regardless of their outcome the validation is not successful so control will return to the client.
-
-
-
Requisite
-
Validation will continue to the remaining modules, provided the requirements of the remaining modules are satisfied the request will be allowed to proceed to authorization.
-
The request will return immediately to the client.
-
-
-
Sufficient
-
Validation is deemed successful and complete, provided no previous Required or Requisite module has returned an AuthStatus other than AuthStatus.SUCCESS the request will proceed to authorization of the secured resource.
-
Validation will continue down the list of remaining modules, this status will only affect the decision if there are no REQUIRED or REQUISITE modules.
-
-
-
Optional
-
Validation will continue to the remaining modules, provided no 'Required' or 'Requisite' modules have not returned SUCCESS this will be sufficient for validation to be deemed successful and for the request to proceed to the authorization stage and the secured resource.
-
Validation will continue down the list of remaining modules, this status will only affect the decision if there are no REQUIRED or REQUISITE modules.
-
-
-
-
-
For all ServerAuthModule instances if they throw an AuthException an error will be immediately reported to the client without further modules being called.
-
-
-
-
-
8.4.5. secureResponse
-
-
During the call to secureResponse each ServerAuthMdoule is called but this time in reverse order. Where a module only undertakes an action in secureResponse if it undertook an action in validateResponse it is the responsibility of the module to track this.
-
-
-
The control flag has no effect on secureResponse processing, processing ends when one of the following is true: -
-. All of the ServerAuthModule instances have been called.
-. A module returns AuthStatus.SEND_FAILURE.
-. A module throws an AuthException.
-
-
-
-
8.4.6. SecurityIdentity
-
-
Once the authentication process has completed a org.wildfly.security.auth.server.SecurityIdentity for the deployments SecurityDomain will have been created as a result of the Callbacks to the CallbackHandler, depending on the Callbacks this will either be an identity loaded directly from the SecurityDomain or will be an ad-hoc identity described by the callbacks. This SecurityIdentity will be associated with the request as we do for other authentication mechanisms
-
-
-
-
-
-
-
9. Elytron and Jakarta EE Security
-
-
-
-Starting from WildFly 15 an implementation of the Servlet Profile from Java Authentication SPI for Containers (JSR-196 / JASPI) specification has been included in the application server, in addition to making JASPI available for deployments using WildFly Elytron it also makes it possible to make use of EE Security with WildFly Elytron.
-
-
-
-
9.1. Activation
-
-
EE Security with WildFly Elytron is available out of the box with just a couple of small steps required.
-
-
-
9.1.1. Define JACC Policy
-
-
The SecurityContext API makes use of JACC to access the current authenticated identity, if deployments are going to make use of this API then a JACC policy needs to be activated in the WildFly Elytron subsystem. If this API is not being used then the activation can be skipped.
As is shown in the example no specific configuration is required other than the presence of a default JACC policy, additionally after making these changes the server needs to be reloaded to ensure the new policy activates correctly.
-
-
-
-
9.1.2. Add application-security-domain mapping
-
-
As with all deployments a mapping is required from the security domain defined for the deployment to either a WildFly Elytron security domain or http authentication factory to activate security backed by WildFly Elytron.
-
-
-
All web applications deployed to WildFly have a security domain which will be resolved in the following order: -
-
-
-
-
-
From the deployment descriptors / annotations of the deployment being deployed.
-
-
-
The value defined on the default-security-domain attribute on the Undertow subsystem.
-
-
-
Default to 'other'.
-
-
-
-
-
An application-security-domain resource then needs to be added to map from the deployment’s security domain.
-
-
-
The simplest approach is to add a mapping for other, then no further configuration will be required and provided the deployment does not define it’s own security domain and provided no alternative default is specified all deployments will match this mapping.
The EE Security API is built on JASPI. Within JASPI we support two different modes of operation 'integrated', and 'non-integrated'. In integrated mode any identity being established during authentication is expected to exist in the associated security domain. With the EE Security APIs however it is quite likely an alternative store will be in use so configuration the mapping to use 'non-integrated' JASPI allows for identities to be dynamically created as required.
-
-
-
-
-
-
-
-
-References in this document to Java Authorization Contract for Containers (JACC) refer to the Jakarta Authorization unless otherwise noted
-
-
-
-
-
-
-
-
-
-
10. Using Keycloak SAML
-
-
-
To secure applications deployed to WildFly using Keycloak SAML, a Galleon feature pack provided
-by the Keycloak project needs to be used. This feature pack automatically installs the Keycloak
-SAML adapter that results in the keycloak-saml subsystem being added to WildFly.
-
-
-
There are a few ways to install the Keycloak Galleon Feature Pack that provides the SAML adapter.
-
-
-
10.1. Galleon CLI
-
-
A server installation can be provisioned using the Galleon CLI.
-
-
-
More information can be found in the Provisioning WildFly with Galleon
-documentation, but assuming you have provisioned a WildFly installation containing the web-server layer
-with a command similar to the following:
Unlike the WildFly feature pack, this Keycloak feature pack is not part of a universe and so a fully
-qualified group:artifact:version reference to the feature pack is required.
-
-
-
-
-
-
-
From this point, applications can be configured as described in the
-Keycloak documentation.
-
-
-
-
10.2. Bootable JAR
-
-
The next installation option is if you are creating a bootable JAR for your deployment and want to
-add the Keycloak SAML adapter to secure the deployment. More details about bootable JAR support can
-be found in the Bootable JAR Guide.
-
-
-
The following is an example plug-in configuration to create a bootable JAR for a web application
-using both the web-server and keycloak-client-saml layers:
As with using the CLI, the latest version of WildFly in the universe can be dynamically selected but the
-Keycloak feature pack requires the complete groupId, artifactId, and version to be specified.
-
-
-
-
-
-
-
The approaches to configure the web application are the same as described in the
-Keycloak documentation.
-In this example, a CLI script, configure-saml.cli, is executed to update the Keycloak SAML subsystem
-with relevant configuration.
Instead of adding configuration in the Keycloak SAML subsystem, configuration can be added in the deployment
-instead. In particular, the auth-method of the web application could be set to KEYCLOAK-SAML and
-adapter configuration could be provided in a keycloak-saml.json descriptor placed within the WEB-INF directory
-of the deployment.
-
-
-
-
10.3. WildFly Maven Plugin
-
-
The final installation option is to use the wildfly-maven-plugin to provision a server containing
-the Keycloak SAML subsystem.
-
-
-
The following is an example plug-in configuration to create a server for a web application
-using both the web-server and keycloak-client-saml layers:
As with the bootable JAR configuration, note that the latest version of WildFly in the universe can be dynamically
-selected but the Keycloak feature pack requires the complete groupId, artifactId, and version to be
-specified.
-
-
-
-
-
-
-
-
10.4. Propagating the Security Context to EJBs
-
-
The sample configuration in the above sections has referenced the keycloak-client-saml layer.
-If the security context for the application that is being secured with Keycloak SAML needs to
-be propagated to the EJB tier, the keycloak-client-saml-ejb layer should be used instead.
-This layer adds an application-security-domain mapping in the EJB3 subsystem to map the default
-security domain name other to the KeycloakDomain that is installed by the Keycloak feature pack.
-
-
-
-
-
-
11. Using Keycloak with WildFly Elytron
-
-
-
The ability to secure applications using OpenID Connect is provided by the elytron-oidc-client subsystem. For details about securing applications deployed on WildFly with OpenID Connect, by using Keycloak as the OpenID provider, see the Elytron OIDC Client documentation.
-
-
-
-
-
12. Bearer Token Authorization
-
-
-
Bearer Token Authorization is the process of authorizing HTTP requests based on the existence and validity of a bearer
-token representing a subject and his access context, where the token provides valuable information to determine the subject of the call as well whether or not a HTTP resource
-can be accessed.
-
-
-
Elytron supports bearer token authorization by providing a BEARER_TOKEN HTTP authentication mechanism based on RFC-6750 and
-an specific realm implementation, the token-realm, to validate tokens using the JWT format (for instance, OpenID Connect ID Tokens) or opaque tokens issued by any OAuth2 compliant
-authorization server.
-
-
-
12.1. How it Works
-
-
When a HTTP request arrives to your application, the BEARER_TOKEN mechanism will check if a bearer token was provided by checking the existence of an Authorization HTTP header with the following format:
-
-
-
-
GET /resource HTTP/1.1
-Host: server.example.com
-Authorization: Bearer mF_9.B5f-4.1JqM
-
-
-
-
If no bearer token was provided, the mechanism will respond with a 401 HTTP status code as follows:
When a bearer token is provided, the mechanism will extract the token from the request (in the example above, the token is represented by the string mF_9.B5f-4.1JqM) and pass it over
-to the token-realm in order to check if the token is valid and can be used to build a security context based on its information. Note that the BEARER_TOKEN mechanism is only responsible to
-check and extract bearer tokens from an HTTP request, whereas the token-realm is the one responsible for validating the token.
-
-
-
If validation succeeds, a security context will be created based on the information represented by the token and the application can use the newly created
-security context to obtain information about the subject making the request as well decide whether or not the request should be full filled. In case the validation fails,
-the mechanism will respond with a 403 HTTP status code as follows:
-
-
-
-
HTTP/1.1 403 Forbidden
-
-
-
-
-
12.2. Validating JWT Tokens
-
-
Elytron provides built-in support for JWT tokens, which can be enabled by defining a realm in the Elytron subsystem as follows:
-
-
-
-
<token-realmname="JwtRealm"principal-claim="sub">
- <jwtissuer="as.example.com"
- audience="api.example.com"
- public-key="-----BEGIN PUBLIC KEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB-----END PUBLIC KEY-----"/>
- </token-realm>
-
-
-
-
In the example above, the token-realm is defined with a principal-claim attribute. This attribute specifies which claim
-within the token should be used to identity the principal. If you have a token as follows:
Elytron will use the value associated with the sub claim as the identifier of the subject represented by the token.
-
-
-
The jwt element within the token-realm specifies that tokens should be validated as JWT and provides different configuration options on how they
-should be validated:
-
-
-
-
-
issuer
-
-
A list of strings representing the issuers supported by this configuration. During validation JWT tokens must have an "iss" claim that contains one of the values defined here
-
-
-
-
audience
-
-
A list of strings representing the audiences supported by this configuration. During validation JWT tokens must have an "aud" claim that contains one of the values defined here
-
-
-
-
public-key
-
-
A public key in PEM Format. During validation, if a public key is provided, signature will be verified based on the key you provided here. Alternatively,
-you can define a key-store and certificate attributes to configure the public key. This key will be used to verify tokens without "kid" claim.
-
-
-
-
key-store
-
-
As an alternative to public-key, you can also define a key store from where the certificate with a public key should be loaded from
-
-
-
-
certificate
-
-
The name of the certificate with a public key to load from the key store in case you defined the key-store attribute
-
-
-
-
client-ssl-context
-
-
The SSL context to be used if if you want to use remote JSON Web Keys. This enables you to use url from "jku" token claim to
-fetch public keys for token verification.
-
-
-
-
host-name-verification-policy
-
-
A policy that defines how host names should be verified when using remote JSON Web Keys. Allowed values: "ANY", "DEFAULT".
-
-
-
-
-
-
For being able to use different key pairs for signing / verification and for easier key rotation you can define key map. This will take the "kid" claim
-from the token and use corresponding public key for verification.
-
-
-
-
<token-realmname="JwtRealm"principal-claim="sub">
- <jwtissuer="as.example.com"audience="api.example.com">
- <keykid="1"public-key="-----BEGIN PUBLIC KEY-----MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANc4VlnN6oZwe1PoQQeJsTwu7LGS+eEbgYMNYXahidga4+BhdGKwzMZU54ABFQ11tUMJSENQ6o3n1YKVgMnxvcMCAwEAAQ==-----END PUBLIC KEY-----"/>
- <keykid="2"public-key="-----BEGIN PUBLIC KEY-----MFswDQYJKoZIhvcNAQEBBQADSgAwRwJAcNpXy6psxC21DdnTtAdlgsEwEuJh/earH3q7xJPjmsygmrlpC66MG4/A/J9Gai2Hp+QdCSEVpBWkIoVff3sIlwIDAQAB-----END PUBLIC KEY-----"/>
- </jwt>
- </token-realm>
-
-
-
-
This token-realm will verify tokens with "kid" claims of value "1" or "2" using corresponding key.
-
-
-
Tokens without "kid" claim will be verified using the 'public-key' attribute of 'jwt', or in this case invalidated, as there is
-no key specified.
-
-
-
The jwt validator performs different checks in order to determine the validity of a JWT:
-
-
-
-
-
Expiration checks based on the values of the exp and nbf claims
-
-
-
Signature checks based on the public key provided via public-key or certificate attributes, key map with named public keys, or by fetching remote JSON Web Key Set
-using provided client-ssl-context. You can skip token signature verification by not defining any of these.
-
-
-
-
-
It is strongly recommended that you use signed JWTs in order to guarantee authenticity of tokens and make sure they were not tampered.
-
-
-
-
12.3. Validating OAuth2 Bearer Tokens
-
-
Elytron provides built-in support for tokens issued by an OAuth2 compliant authorization server, where these tokens are validated
-using a token introspection endpoint as defined by OAuth2 specification.
The auth2-introspection element within the token-realm specifies that tokens should be validated using an OAuth2 Token Introspection Endpoint and provides different configuration options on how they
-should be validated:
-
-
-
-
-
client-id
-
-
The identifier of the client on the OAuth2 Authorization Server
-
-
-
-
client-secret
-
-
The secret of the client
-
-
-
-
introspection-url
-
-
The URL of token introspection endpoint
-
-
-
-
client-ssl-context
-
-
The SSL context to be used if the introspection endpoint is using HTTPS.
-
-
-
-
host-name-verification-policy
-
-
A policy that defines how host names should be verified when using HTTPS. Allowed values: "ANY", "DEFAULT".
13.1.2. Configure the OpenSSL TLS provider on an SSL context
-
-
Instead of configuring the Elytron subsystem to use the OpenSSL TLS provider by default,
-it is also possible to specify that the OpenSSL TLS provider should be used for a specific
-SSL context. For example, the following command can be used to create a server-ssl-context
-that will use the OpenSSL TLS provider:
WildFly will search for the OpenSSL library using the standard system library search path. If you’d like to specify a
-custom location for the OpenSSL library, the org.wildfly.openssl.path property can be specified during WildFly startup.
-
-
-
If OpenSSL was loaded successfully, a message similar to the one below will occur in the server.log file on startup:
-
-
-
-
15:37:59,814 INFO [org.wildfly.openssl.SSL] (MSC service thread 1-7) WFOPENSSL0002 OpenSSL Version OpenSSL 1.1.1d FIPS 10 Sep 2019
-
-
-
-
-
13.3. Enabling TLSv1.3
-
-
WARNING It is possible to use TLSv1.3 with the OpenSSL TLS provider when using OpenSSL 1.1.1 or higher and
-when running against JDK 11 or higher. However, if JDK 11 is in use and if there is a very large number of
-TLSv1.3 requests being made, it is possible that a drop in performance (throughput and response time) will occur
-compared to TLSv1.2. For this reason, the use of TLSv1.3 is currently disabled by default. TLSv1.3 can be enabled
-by configuring the cipher-suite-names attribute for an SSL context. See the sections on
-Configuring a server SSLContext and
-Configuring a client SSLContext for more details. It is recommended to test
-for performance degradation prior to enabling TLSv1.3 in a production environment.
-
-
-
-
13.4. Adding Additional Native Libraries
-
-
By default, WildFly includes WildFly OpenSSL native libraries for commonly used platforms (Linux x86_64, Windows x86_64,
-Mac OS X x86_64, and Linux s390). However, the WildFly OpenSSL Natives project
-contains modules that can be used to build WildFly OpenSSL native libraries for other platforms as well. The steps needed to build and make
-use of a WildFly OpenSSL native library for a different platform than the ones provided by default will be described below.
-
-
-
13.4.1. Building the Native Library
-
-
Make sure you have cloned the WildFly OpenSSL Natives project
-locally. We’ll use $WILDFLY_OPENSSL_NATIVES to denote the path to this project. Next, cd to the module that you want
-to build. In this example, we’ll use the linux-i386 module but similar steps can be used to build and make use of another
-module instead.
-
-
-
-
cd $WILDFLY_OPENSSL_NATIVES/linux-i386
-mvn clean install
-
-
-
-
Notice that this now results in a wildfly-openssl-linux-i386-VERSION.jar in the $WILDFLY_OPENSSL_NATIVES/linux-i386/target directory.
-We’ll make use of this in the next step.
-
-
-
-
13.4.2. Overriding the Existing WildFly OpenSSL Module
-
-
We’re going to add a new module that will override the existing WildFly OpenSSL module that’s found in the
-$WILDFLY_HOME/modules/system/layers/base/org/wildfly/openssl directory. Notice that the existing module
-contains a Java artifact in its main directory and native libraries for the default platforms in its
-main/lib directory.
-
-
-
First, create a new module that contains the WildFly OpenSSL Java artifact from the existing module:
You should now see a libwfssl.so file in the $WILDFLY_HOME/modules/org/wildfly/openssl/main/lib/linux-i386 directory.
-
-
-
That’s it, WildFly will now make use of the newly added WildFly OpenSSL module instead of the existing one,
-allowing it to make use of the new native library when running on the Linux i386 platform. Additional
-native libraries can be added to the $WILDFLY_HOME/modules/org/wildfly/openssl/main/lib directory
-if desired.
-
-
-
-
-
-
-
14. Web Single Sign-On
-
-
-
This document will guide on how to enable single sign-on across different applications deployed into different servers, where these applications belong to same security domain.
-
-
-
14.1. Create a Server Configuration Template
-
-
For this document, you’ll need to run at least two server instances in order to check single sign-on and how it affect usability in your applications. Users should be able to log in once and have access to any application using the same security domain.
-
-
-
All configuration described in the next sections should be done with a server instance using standalone-ha.xml (or standalone-full-ha.xml).
-
-
-
Run a server instance using the following command:
-
-
-
-
bin/standalone.sh -c standalone-ha.xml
-
-
-
-
14.1.1. Create a HTTP Authentication Factory
-
-
-
-
-
-
-
-If you already have a http-authentication-factory defined in Elytron subsystem and just want to use it to enable single sign-on to your applications, please skip this section.{info}
-First, you need a security-domain which we’ll use to authenticate users. Please, execute the following CLI commands:
-
-
-
-
-
-
-
# Creates a FileSystem Realm, an identity store where users are stored in the local filesystem
-/subsystem=elytron/filesystem-realm=example-realm:add(path=/tmp/example-realm)
-
-# Creates a Security Domain
-/subsystem=elytron/security-domain=example-domain:add(default-realm=example-realm, permission-mapper=default-permission-mapper,realms=[{realm=example-realm, role-decoder=groups-to-roles}]
-
-# Creates an user that you can use to access your applications
-/subsystem=elytron/filesystem-realm=example-realm:add-identity(identity=alice)
-/subsystem=elytron/filesystem-realm=example-realm:add-identity-attribute(identity=alice, name=groups, value=["user"])
-/subsystem=elytron/filesystem-realm=example-realm:set-password(identity=alice, clear={password=alice})
-
-
-
-
Now you can create a http-authentication-factory that you’ll use to actually protect your web applications using Undertow:
-
-
-
-
# Create a Http Authentication Factory
-/subsystem=elytron/http-authentication-factory=example-http-authentication:add(security-domain=example-domain, http-server-mechanism-factory=global, mechanism-configurations=[{mechanism-name=FORM}]
-
-
-
-
-
14.1.2. Create a Application Security Domain in Undertow
-
-
-
-
-
-
-
-If you already have a _application-security-domain_ defined in Undertow subsystem and just want to use it to enable single sign-on to your applications, please skip this section.
-
-
-
-
-
-
In order to protect applications using the configuration defined in Elytron subsystem, you should create a application-security-domain definition in Undertow subsystem as follows:
By default, if your application does not define any specific security-domain in jboss-web.xml, the application server will choose one with a name other.
-
-
-
-
14.1.3. Create a Key Store
-
-
In order to create a key-store in Elytron subsystem, first create a Java Key Store as follows:
Single Sign-On is enabled to a specific application-security-domain definition in Undertow subsystem. It is important that the servers you will be using to deploy applications are using the same configuration.
-
-
-
To enable single-sign on, just change an existing application-security-domain in Undertow subsystem as follows:
After restarting the servers, users should be able to log in once and have access to any application using the same application-security-domain.
-
-
-
-
-
14.2. Create Two Server Instances
-
-
All configuration you did so far should be reflected in $JBOSS_HOME/standalone/standalone-ha.xml. You can now create two distinct server configuration directories_:\_
-Make sure you have at least a welcome file (e.g.: index.html\|jsp).
-
-
-
-
-
-
-
-
Deploy your application into both server instances and try to log in using the user you created at the beginning of this document:
-
-
-
-
-
Username: alice
-
-
-
Password: alice
-
-
-
-
-
-
-
-
-
-
15. Audit
-
-
-
WildFly Elytron supports audit using security event listeners - components
-which captures security events, like successful or unsuccessful login attempts.
-
-
-
15.1. File audit log
-
-
File audit log logs security events into a local file.
-It requires to define path to the log file, which can be relative-to a system property.
-It also allows to set the file format - human readable SIMPLE or JSON.
-The encoding used by the audit file can be set using encoding. The default value is UTF-8. Possible values: UTF-8, UTF-16BE, UTF-16LE, UTF-16, US-ASCII or ISO-8859-1.
-While in WildFly 14 there was only one attribute synchronized, which had influence on data reliability, now there is possible more fine grained performance and reliability tunning:
-* autoflush defines whether should be output stream flushed after every audit event (guarantees that the log message is passed to the operating system immediately)
-* synchonized defines whether should be file descriptor synchronized after every audit event (guarantees that all system buffers are synchronized with the underlying device)
-
-
-
-
15.2. Syslog Audit Logging
-
-
Syslog audit logging logs security events to a syslog server using a transmission protocol.
-WildFly Elytron supports using UDP, TCP, or TCP with SSL, with the latter protocol requiring
-a SSLContext to be defined. When syslog audit logging is first defined, Elytron will send
-an INFORMATIONAL priority event to the defined syslog server containing the message
-"Elytron audit logging enabled with RFC format: <format>", where <format> is the
-RFC format that the audit logging handler has been defined with, defaulting to RFC5424.
-If the given syslog server is not defined, resulting in Elytron being unable to send the
-message, then Elytron will keep track of the amount of attempts that sending a message has
-failed, up to a maximum defined by the reconnect-attempts parameter, before
-closing the endpoint and reporting an error. It is possible to define this value
-as infinite, by specifying -1, in which case Elytron will never close the
-endpoint and so will always attempt to send audit messages despite previous failures.
-
-
-
15.2.1. Required Parameters
-
-
-
-
-
-
-
-
Parameter
-
Value
-
-
-
-
-
server-address
-
String consisting of the IP address, or a name recognized by Java’s InetAddress.getByName(), of the syslog server
-
-
-
port
-
int of the listening port on the syslog server
-
-
-
host-name
-
String of the host name that will be embedded into all events sent to the syslog server
-
-
-
ssl-context
-
The SSLContext used to connect to the syslog server, only required if transport is set to SSL_TCP
-
-
-
-
-
-
15.2.2. Optional Parameters
-
-
-
-
-
-
-
-
-
-
Parameter
-
Description
-
Possible Values
-
Default Value
-
-
-
-
-
transport
-
The transport protocol to be used to connect to the syslog server
-
String of: UDP, TCP, or SSL_TCP
-
TCP
-
-
-
format
-
The format that audit events should be recorded in
-
String of SIMPLE or JSON
-
SIMPLE
-
-
-
syslog-format
-
The RFC format to be used for describing the audit event
-
String of RFC5424 or RFC3164
-
RFC5424
-
-
-
reconnect-attempts
-
The maximum number of times that elytron will attempt to send successive messages to a syslog server before closing the endpoint to disallow further attempts to send messages.
-
int of -1 (infinite attempts) or higher
-
0
-
-
-
-
-
-
15.2.3. Defining Syslog Audit Logging
-
-
Syslog audit logging can be defined under the elytron subsystem resource. Some
-examples syslog audit logging resources can be created with the following commands:
-
-
-
Minimum Resource Definition
-
-
Using the following command will generate a syslog audit logging resource that connects with
-TCP, records audit events in a simple format, and uses RFC5424 to describe the audit event.
Default Format and Reconnect Attempts with UDP and RFC3164
-
-
Using the following command will generate a syslog audit logging resource that connects with
-UDP, does not send any further messages to the syslog server if there is an error sending,
-records audit events in a simple format, and uses RFC3164 to describe the audit event.
Full UDP Definition with RFC5424 Explicitly Set and 10 Reconnect Attempts
-
-
Using the following command will generate a syslog audit logging resource that connects with
-UDP, attempts to send messages 10 times if there is an error sending before no longer sending messages,
-records audit events in a simple format, and uses RFC5424 to describe the audit event.
Full UDP Definition with Infinite Reconnect Attempts and JSON Format
-
-
Using the following command will generate a syslog audit logging resource that connects with
-UDP, always attempts to send messages despite previous failures sending messages, records audit
-events in a JSON format, and uses RFC5424 to describe the audit event.
One new component included with WildFly Elytron for the secure storage of credentials is the Credential Store. Previous versions of the application server made use of the Vault which was used for the secure storage of clear text strings; the credential store moves forward a step to focus on the secure storage of credentials. As with the Vault the stored credentials could be clear text passwords however other formats are also supported.
-
-
-
WildFly Elytron contains two default credential store implementations. The first implementation is the KeyStoreCredentialStore which is an
-implementation backed by a KeyStore. The KeyStoreCredentialStore implementation supports the storage of various credential types,
-PasswordCredential, KeyPairCredential, and SecretKeyCredential. The second implementation is the PropertiesCredentialStore. This credential
-store is dedicated to the storage of SecretKeyCredential instances using a properties file. The PropertiesCredentialStore does not offer any protection
-of the credentials it stores so its primary purpose is to provide an initial key to a server environment.
-
-
-
This documentation is primarily focused on the KeyStoreCredentialStore and PropertiesCredentialStore; however the section Custom CredentialStore describes the SPIs for implementing a custom credential store and the section Migrating Existing Vaults describes how to convert a vault to a credential store.
-
-
-
It is possible to operate on credential stores using either a standalone command line tool elytron-tool.sh which is included with WildFly or by using management operations through the jboss-cli.sh, management console or other management client calling the management interface directly.
-
-
-
The elytron-tool.sh script to execute the command line tool can be found within the bin folder of the application server installation.
-
-
-
The WildFly Elytron tool supports a number of commands, one of which being credential-store which operates on a credential store. The commands in this documentation are making use of the .sh script on linux; the elytron-tool.bat and elytron-tools.ps1 scripts can be used on Microsoft Windows.
-
-
-
The following command provides a summary of the command line arguments which can be used with the credential-store command:
The KeyStoreCredentialStore supports the largest number of credential types which can be stored within a credential store, additionally as the implementation is backed by a Java KeyStore the storage is protected using the mechanisms provided by the KeyStore implementations.
-
-
-
Command Line
-
-
When using the credential-store command of the elytron-tool.sh script by default, this command assumes the type of the store is a KeyStoreCredentialStore backed by a JCEKSKeyStore.
-
-
-
A new credential store can be created using the following command: -
-
-
-
-
]$ bin/elytron-tool.sh credential-store --create --location=standalone/configuration/mycredstore.cs
-Credential store password:
-Confirm credential store password:
-Credential Store has been successfully created
-
-
-
-
This command prompts twice for the password that should be used to secure the store. Alternatively the password can be passed in using the --password argument however that may mean the password is cached in the local command history or visible to other users viewing the list of running processes.
-
-
-
-
-
-
-
-
-The command line tool only creates the instance of the credential store on the underlying file system; the management operation is still required to define the credential store in the elytron subsystem.
-
-
-
-
-
-
-
Management Operation
-
-
It is also possible to operate on a credential store using management operations against a running server using the application server’s CLI.
-
-
-
The following operation can be used to add a credential-store resource to the elytron subsystem referencing this newly created credential store.
In this example the resource was added to reference an existing credential store, however with a small change this command can also automatically create the store if it does not exist.
-The file representing the credential store is not created immediately, it will instead be created the first time a credential is added.
-
-
-
-
-
-
Previous versions of the application server supported a single vault definition only; credential stores however are cross-referenced by name so multiple credential stores can be defined simultaneously.
This is a simple credential store implementation which can only be used to store SecretKey instances. This credential store also does not offer any protection of the contents.
-Within an application server environment it is always possible to get into a cycle of how is an initial secret provided to unlock further resources, this is primarily the purpose
-of this credential store. The strategy in the past had been to use masking of a password using password based encryption, the down side of this approach was the password used for
-the masking was stored in the source code and being an open source project this means the password is well known. By using the PropertiesCredentialStore installations are back
-in control of the initial secret. Although this credential store does not offer its own protection filesystem level access control can still be used to restrict access ideally to
-just the application server process.
-
-
-
Command Line
-
-
A new credential store can be created using the following command: -
-
-
-
-
]$ bin/elytron-tool.sh credential-store --create --location=standalone/configuration/propcredstore.cs --type PropertiesCredentialStore
-Credential Store has been successfully created
-
-
-
-
-
Management Operation
-
-
It is also possible to operate on a credential store using management operations against a running server using the application server’s CLI.
-
-
-
The following operation can be used to add a secret-key-credential-store resource to the elytron subsystem referencing this newly created credential store.
In this example the resource was added to reference an existing credential store, however with a small change this command can also automatically create the store if it does not exist, and
-populate it with a generated SecretKey under the alias key if it does not already exist.
-If you rely on automatic generation of a SecretKey be sure to create a backup of the key as soon as possible. If you were to loose the key we do not have a mechanism to decrypt anything
-encrypted with the lost key.
-
-
-
-
-
-
-
-
-
16.2. Credential Manipulation
-
-
The contents of the credential stores can be manipulated using either the command line tool or by using management operations. Unlike key stores the credential store APIs allow for multiple entries to be stored under a single alias provided each entry is of a different credential type.
-
-
-
16.2.1. Adding Credentials
-
-
The different credential store implementations support different credential types as illustrated in this table.
-
-
-
-
-
-
-
-
-
-
Credential Type
-
KeyStoreCredentialStore
-
PropertiesCredentialStore
-
-
-
-
-
PasswordCredential
-
Supported
-
Unsupported
-
-
-
KeyPairCredential
-
Supported
-
Unsupported
-
-
-
SecretKeyCredential
-
Supported
-
Supported
-
-
-
-
-
As with all the manipulation options it is possible to use either the command line tool or management operations against a running server to modify the contents of the store.
-
-
-
-
-
-
-
-
-Care should be taken when using the command line tool to ensure the store is not currently in use by any other processes. If the store is in use by another process which updates the contents of the store changes made by the tool could be lost.
-
-
-
-
-
-
PasswordCredential
-
-
Using the tooling it is possible to add a clear text password as a credential.
-
-
-
Command Line
-
-
The following command adds a new credential with an alias of example to the store using the command line tool: -
-
-
-
-
]$ bin/elytron-tool.sh credential-store --add=example --location=standalone/configuration/mycredstore.cs
-Credential store password:
-Secret to store:
-Confirm secret to store:
-Alias "example" has been successfully stored
-
-
-
-
-
Management Operation
-
-
Using a management operation the following command can be used to add a new alias of example to the credential store.
The following command allows you to import a key pair credential with an alias of example from a file containing
-a private key in OpenSSH format:
-
-
-
-
]$ bin/elytron-tool.sh credential-store --import-key-pair example --private-key-location /home/user/.ssh/id_rsa --location=standalone/configuration/mycredstore.cs
-Credential store password:
-Confirm credential store password:
-Passphrase to be used to decrypt private key (can be nothing if no passphrase was used to encrypt the key): secret
-Confirm passphrase to be used to decrypt private key (can be nothing if no passphrase was used to encrypt the key): secret
-Alias "example" has been successfully stored
-
-
-
-
The following command allows you to import a key pair credential with an alias of example by specifying a private key in OpenSSH format :
-
-
-
-
]$ bin/elytron-tool.sh credential-store --import-key-pair example --private-key-string="-----BEGIN OPENSSH PRIVATE KEY-----
- b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCdRswttV
- UNQ6nKb6ojozTGAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
- dHAyNTYAAABBBAKxnsRT7n6qJLKoD3mFfAvcH5ZFUyTzJVW8t60pNgNaXO4q5S4qL9yCCZ
- cKyg6QtVgRuVxkUSseuR3fiubyTnkAAADQq3vrkvuSfm4n345STr/i/29FZEFUd0qD++B2
- ZoWGPKU/xzvxH7S2GxREb5oXcIYO889jY6mdZT8LZm6ZZig3rqoEAqdPyllHmEadb7hY+y
- jwcQ4Wr1ekGgVwNHCNu2in3cYXxbrYGMHc33WmdNrbGRDUzK+EEUM2cwUiM7Pkrw5s88Ff
- IWI0V+567Ob9LxxIUO/QvSbKMJGbMM4jZ1V9V2Ti/GziGJ107CBudZr/7wNwxIK86BBAEg
- hfnrhYBIaOLrtP8R+96i8iu4iZAvcIbQ==
- -----END OPENSSH PRIVATE KEY-----"
- --location=standalone/configuration/mycredstore.cs
-Credential store password:
-Confirm credential store password:
-Passphrase to be used to decrypt private key (can be nothing if no passphrase was used to encrypt the key): secret
-Confirm passphrase to be used to decrypt private key (can be nothing if no passphrase was used to encrypt the key): secret
-Alias "example" has been successfully stored
-
-
-
-
-
-
-
-
-
-If specifying your key in PKCS format rather than OpenSSH format, you must specify both the private and public key. The
-PKCS private key must also not be encrypted with a passphrase.
-
-
-
-
-
-
Alternatively to importing, you may use the command line tool to generate and store a key pair credential in a credential store.
-The following command allows you to generate and store a key pair credential under the alias example using the ecdsa algorithm:
-
-
-
-
]$ bin/elytron-tool.sh credential-store --generate-key-pair example --algorithm EC --location=standalone/configuration/mycredstore.cs
-Credential store password:
-Confirm credential store password:
-Alias "example" has been successfully stored
-
-
-
-
You can then export the public key generated in OpenSSH format using the following command:
-
-
-
-
]$ bin/elytron-tool.sh credential-store --export-key-pair-public-key example
-Credential store password:
-Confirm credential store password:
-ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMfncZuHmR7uglb0M96ieArRFtp42xPn9+ugukbY8dyjOXoi
-cZrYRyy9+X68fylEWBMzyg+nhjWkxJlJ2M2LAGY=
-
-
-
-
-
-
SecretKeyCredential
-
-
Command Line
-
-
Each of the examples in this section uses the KeyStoreCredentialStore to use the PropertiesCredentialStore this can be specified on the command line by adding the --type PropertiesCredentialStore parameter to the command line.
-
-
-
A new secret key can be generated with the following command.
-
-
-
-
]$ bin/elytron-tool.sh credential-store --generate-secret-key=example --location=standalone/configuration/mycredstore.cs
-Credential store password:
-Alias "example" has been successfully stored
-
-
-
-
By default this will create a 256 bit secret key, if either a 128 bit or 192 bit secret key is desired this can be specified with the --size=128 or --size=192 parameters respectively.
-
-
-
An existing secret key can be exported with the following command.
-
-
-
-
]$ bin/elytron-tool.sh credential-store --export-secret-key=example --location=standalone/configuration/mycredstore.cs
-Credential store password:
-Exported SecretKey for alias example=RUxZAUucgH8RSMNvoUj/rMz+pBZddttGCuT9of4TgfYLnN5Z1w==
-
-
-
-
-
-
-
-
-
-The exported key uses a custom representation to allow Elytron to recognise exported keys.
-
-
-
-
-
-
Finally a previously exported secret key can be imported with the following command.
-
-
-
-
]$ bin/elytron-tool.sh credential-store --import-secret-key=imported --location=standalone/configuration/mycredstore.cs
-Credential store password:
-SecretKey to import: RUxZAUucgH8RSMNvoUj/rMz+pBZddttGCuT9of4TgfYLnN5Z1w==
-Alias "imported" has been successfully stored
-
-
-
-
It is possible to also specify the key to import on the command line e.g. --key=RUxZAUucgH8RSMNvoUj/rMz+pBZddttGCuT9of4TgfYLnN5Z1w== but this would be vieweable by others users that can consult running processes and might also be cached in the history of the shell executing the commands.
-
-
-
-
Management Operations
-
-
For secret key manipulation the same set of command are available for both the credential-store resource and the secret-key-credential-store resource.
-
-
-
A new secret key can be generated with the following command.
Finally a previously exported secret key can be imported with the following commands.
-
-[standalone@localhost:9990 /] history --disable
-[standalone@localhost:9990 /] /subsystem=elytron/credential-store=mycredstore:import-secret-key(alias=imported, key="RUxZAUs+Y1CzEPw0g2AHHOZ+oTKhT9osSabWQtoxR+O+42o11g==")
-{"outcome" => "success"}
-[standalone@localhost:9990 /] history --enable
-
-
-
-
In this last example we also temporarily disable the history in the CLI to prevent the key from being cached in the CLI hisory.
-
-
-
-
-
-
16.2.2. Listing Aliases
-
-
It is possible to list the aliases contained within the credential store, however it is not possible to list the actual values stored.
-
-
-
Command Line
-
-
Using the command line tool will show a list of aliases stored within the credential store:
-
-
-
-
]$ bin/elytron-tool.sh credential-store --aliases --location=standalone/configuration/mycredstore.cs
-Credential store password:
-Credential store contains following aliases: example
-
-
-
-
-
Management Operation
-
-
The following management operation will also show the aliases contained within the credential store.
Finally, it is also possible to remove an alias from the credential store.
-
-
-
Command Line
-
-
Using the WildFly Elytron Tool the following command will remove an alias from the store.
-
-
-
-
]$ bin/elytron-tool.sh credential-store --remove=example --location=standalone/configuration/mycredstore.cs
-Credential store password:
-Confirm credential store password:
-Alias "example" has been successfully removed
-
-
-
-
-
Management Operation
-
-
The following management operation can be used to remove an alias from the credential store.
By default the credential-store resource assumes the type to be removed is PasswordCredential. If a different type is to be removed it can be specified with the entry-type=SecretKeyCredential parameter. The secret-key-credential-store only holds secret keys so the entry type never needs to be specified.
-
-
-
-
-
-
16.3. Referencing Credentials
-
-
After being able to populate and manipulate a credential store the next step is being able to reference the stored credential so that it can be used.
-
-
-
16.3.1. Management Model References
-
-
Various resources that make use of credentials across the application server’s management model contain credential-reference attributes that can be used either to specify a clear-password or to cross-reference a credential from within a configured credential store.
-
-
-
The following is an example of how to define a key-store within the Elytron subsystem specifying a clear text password to access the store.
The above command assumes that the referenced credential already exists in the previously defined credential store.
-The next section will describe how credentials can automatically be added to the previously defined credential store.
-
-
-
-
16.3.2. Automatic Updates of Credential Stores
-
-
Instead of needing to add a credential to a previously defined credential store in order to reference it from a credential-reference,
-it is possible to have the credential get added automatically to the previously defined credential store by specifying both
-the store and clear-text attributes for the credential-reference. In particular, when adding a new credential-reference
-with both the store and clear-text attributes specified:
-
-
-
-
-
If the alias attribute is also specified, then one of the following will occur:
-
-
-
-
If the previously defined credential store does not contain an entry for the given alias, a new entry will be added
-to the credential store to hold the clear text password that was specified. The clear-text attribute will then be
-removed from the management model.
-
-
-
If the credential store does contain an entry for the given alias, the existing credential will be replaced with the
-clear text password that was specified. The clear-text attribute will then be removed from the management model.
-
-
-
-
-
-
If the alias attribute is not specified, an alias will be generated and a new entry will be added to the credential
-store to hold the clear text password that was specified. The clear-text attribute will then be removed from the
-management model.
-
-
-
-
-
As an example, the following CLI command will result in a new entry being added to the previously defined credential
-store, mycredstore, with alias myNewAlias and credential myNewPassword:
When updating an existing credential-reference that contains both the alias and store attributes to also specify
-the clear-text attribute:
-
-
-
-
-
The existing credential in the previously defined credential store will be replaced with the clear text password that
-was specified. The clear-text attribute will then be removed from the management model.
-
-
-
-
-
As an example, the following CLI command will result in updating the credential for the myNewAlias entry that was just
-added to the previously defined credential store:
-If an operation that includes a credential-reference parameter fails for any reason,
- no automatic credential store update will take place, i.e., any credential store that was
- specified via the credential-reference attribute will contain the same contents as it
- did before the operation was executed.
-
-
-
-
-
-
-
16.3.3. wildfly-config.xml
-
-
If you are making use of the wildfly-config.xml descriptor it is also possible to define a credential store within this descriptor to obtain credentials without requiring them to be in-lined within the configuration.
-
-
-
As an example the CLI can be executed with a configuration:
Within this second example the key changes being the addition of the <credential-stores /> section and updating the <credentials/> section to use a <credential-store-reference/> to specify which credential store should be used and which alias from that credential store should be used.
-
-
-
In the above example, the credential store’s protection parameter is specified as a clear password, but it is also possible
-to specify it as a masked password.
It is also possible to make use of the CredentialStore APIs directly. This could be useful for applications that require access to securely stored credentials. This could also be an option for an application to populate a credential store for use elsewhere.
-
-
-
The following code demonstrates how to obtain an initialised instance of KeyStoreCredentialStore so it can be used to store and retrieve credentials.
-As the type is specified when retrieving a credential it is possible to store multiple credentials under the same alias.
-
-
-
-
-
-
Please use the published javadoc for more information in relation to the APIs and the credential types supported within WildFly Elytron.
-
-
-
-
16.5. Migrating Existing Vaults
-
-
If migrating from a prior version of the application server it is possible that you already are making use of a PicketBox vault for the storage of clear text passwords. The tooling provided can be used to convert the vault to the format used by the KeyStoreCredentialStore.
-
-
-
Within the WildFly Elytron command line tool an additional command vault is available specifically for the conversion of legacy vaults to a credential store. A complete vault can be converted to a credential store with the following command: -
When executing this command the destination credential store must not already exist. The password used for the credential store will be the password originally used for the vault.
-
-
-
Entries stored within the vault would have been stored specifying a "block" and "alias" value; within the credential store the new alias will be block::alias.
-
-
-
-
16.6. Custom Credential Store
-
-
It is also possible to provide custom credential store implementations. Overall the pattern to implementing a custom credential store is very similar to the pattern that would be followed to implement a custom key store.
-
-
-
-
-
Extend the SPI
-
-
-
Implement a java.security.Provider to register the implementation.
-
-
-
-
-
The SPI to be extended is org.wildfly.security.credential.store.CredentialStoreSpi. The custom implementation will be required to implement the following methods.
This method is required to perform the initialisation of the credential store, by taking in a Map of attributes it allows for custom configuration to be provided as required by the store.
-
-
-
-
publicabstractboolean isModifiable();
-
-
-
-
A credential store needs to advertise if it supports modifications so clients can determine if the modification APIs can be used.
A default implementation of exists already is implemented which checks if a call to retrieve returns a credential as requested. However it could be optimal to check the existence of a credential without actually loading it. The getAliases method is optional as some implementations may only be able to retrieve a credential by name rather than query all available credentials.
-
-
-
The next set of methods to implement are the methods needed for updates to be applied to the underlying credential store.
The store and remove methods either add credentials to a credential store or remove them. Implementing the flush method is optional but this method can be used as a trigger for a store to persist its state.
-
-
-
The final stage is to provide an implementation of java.security.Provider which can return an instance of the SPI for the CredentialStore service type. The WildFly Elytron provider which makes the Elytron implementations available is org.wildfly.security.credential.store.WildFlyElytronCredentialStoreProvider. The source code for this provider can be used as an example.
-
-
-
-
16.7. Reference
-
-
The previous sections have made use of either the WildFly Elytron Tool or the management operations and specified the arguments and configuration options required for the action being performed. These operations and tools however support a variety of other options so this section provides some additional detail.
-
-
-
16.7.1. Elytron Tool - credential-store Command
-
-
Examples of how to structure calling the credential-store command were provided earlier. When using the credential-store command the following actions are possible: -
-
-
-
Table 12. credential-store Actions
-
-
-
-
-
-
-
Action
-
Description
-
-
-
-
-
-a,--add <alias>
-
Add a new entry to the credential store using the specified alias.
-
-
-
-c,--create
-
Create a new credential store instance.
-
-
-
-e,--exists <alias>
-
Test if the specified alias already exists in the credential store.
-
-
-
-r,--remove <alias>
-
Remove the alias specified from the credential store.
-
-
-
-g,--generate-key-pair <alias>
-
Generate a new key pair credential and add it as an entry to the credential store using the specified alias.
-
-
-
--generate-secret-key <alias>
-
Generate a new secret key credential and add it as an entry to the credential store using the specified alias.
-
-
-
--export-secret-key <alias>
-
Export a secret key credential identified using the specified alias.
-
-
-
-xp,--export-key-pair-public-key <alias>
-
Display the public key of a key pair credential entry under the specified alias in OpenSSH format.
-
-
-
--import-secret-key <alias>
-
Import a secret key credential and add it as an entry to the credential store using the specified alias.
-
-
-
-ikp,--import-key-pair <alias>
-
Add a new key pair credential entry to the credential store using the specified alias.
-
-
-
--encrypt <alias>
-
Encrypt a clear text string using the secret key stored under the specified alias.
-
-
-
-v,--aliases
-
Display all aliases
-
-
-
-f,--summary
-
Print summary, especially command how to create this credential store
-
-
-
-h,--help
-
Get help with usage of this command
-
-
-
-
-
The following parameters can be provided for each action to specify how to load the store.
-
-
-
Table 13. credential-store Parameters
-
-
-
-
-
-
-
Parameter
-
Description
-
-
-
-
-
-d,--debug
-
Print stack trace when error occurs.
-
-
-
-i,--iteration <arg>
-
Iteration count for final masked password of the credential store
-
-
-
-l,--location <loc>
-
Location of credential store storage file
-
-
-
-n,--entry-type <type>
-
Type of entry in credential store
-
-
-
-o,--other-providers <providers>
-
Comma separated list of Jakarta Connectors provider names. Providers will be supplied to the credential store instance. Each provider must be installed through java.security file or through service loader from properly packaged jar file on classpath.
-
-
-
-p,--password <pwd>
-
Password for credential store
-
-
-
-q,--credential-store-provider <cs-provider>
-
Provider name containing CredentialStoreSpi implementation. Provider must be installed through java.security file or through service loader from properly packaged jar file on classpath.
-
-
-
-s,--salt <arg>
-
Salt to apply for final masked password of the credential store
-
-
-
-t,--type <type>
-
Credential store type
-
-
-
-u,--properties <arg>
-
Implementation properties for credential store type in form of "prop1=value1; … ;propN=valueN"
-
-
-
-x,--secret <secret to store>
-
Password credential value
-
-
-
-
-
The following parameters can be provided for the generate-key-pair command:
-
-
-
Table 14. generate-key-pair Parameters
-
-
-
-
-
-
-
-
Parameter
-
Description
-
Default Value
-
-
-
-
-
-k, --algorithm <algorithm name>
-
The encryption algorithm to be used. One of: RSA, DSA, or EC
-
RSA
-
-
-
-j,--size <size in bytes>
-
Size of the private key in bytes
-
RSA: 2048, DSA: 2048, EC: 256
-
-
-
-
-
The following parameter can be provided for the generate-secret-key command:
-
-
-
Table 15. generate-secret-key Parameter
-
-
-
-
-
-
-
-
Parameter
-
Description
-
Default Value
-
-
-
-
-
--size
-
Size of the secret key in bits, can be one of 128, 192, or 256.
-
256
-
-
-
-
-
The following parameters can be provided for the import-key-pair command:
-
-
-
Table 16. import-key-pair Parameters
-
-
-
-
-
-
-
Parameter
-
Description
-
-
-
-
-
-pvk, --private-key-string <private key to store>
-
The private key as a string. Alternative to private-key-location
-
-
-
-pvl, --private-key-location <path>
-
The path to a file containing a private key. Alternative to private-key-string
-
-
-
-pbk, --public-key-string <public key to store>
-
The public key as a string. Alternative to public-key-location
-
-
-
-pbl, --public-key-location <path>
-
The path to a file containing a public key. Alternative to public-key-string
-
-
-
-kp, --key-passphrase <passphrase>
-
The passphrase used to decrypt the private key if needed. Can also be specified via prompt
-
-
-
-
-
The following parameter can be provided for the import-secret-key command:
-
-
-
Table 17. import-secret-key Parameter
-
-
-
-
-
-
-
-
Parameter
-
Description
-
Default Value
-
-
-
-
-
--key
-
The secret key to be imported, if not specified the key will be prompted for.
-
N/A
-
-
-
-
-
The following parameters can be provided for the encrypt command:
-
-
-
Table 18. encrypt Parameters
-
-
-
-
-
-
-
-
Parameter
-
Description
-
Default Value
-
-
-
-
-
--clear-text <clear text>
-
The clear text string to encrypt, if omitted this wil be prompted for.
-
N/AThe following parameters can be provided for the generate-key-pair command:
-
.generate-key-pair Parameters
-
-
-
-
-
|Parameter |Description |Default Value
-
-
-
|-k, --algorithm <algorithm name>
-|The encryption algorithm to be used. One of: RSA, DSA, or EC
-|RSA
-
-
-
-
16.7.2. Elytron Tool - vault Command
-
-
The vault command is used to convert a legacy vault to a credential store and supports the following parameters.
-
-
-
Table 19. vault Parameters
-
-
-
-
-
-
-
Parameter
-
Description
-
-
-
-
-
-b,--bulk-convert <description file>
-
Bulk conversion with options listed in description file.
-
-
-
-d,--debug
-
Print stack trace when error occurs.
-
-
-
-e,--enc-dir <dir>
-
Vault directory containing encrypted files (defaults to "vault")
-
-
-
-f,--summary
-
Print summary of conversion
-
-
-
-h,--help
-
Get help with usage of this command
-
-
-
-i,--iteration <arg>
-
Iteration count (defaults to "23")
-
-
-
-k,--keystore <keystore>
-
Vault keystore URL (defaults to "vault.keystore")
-
-
-
-l,--location <loc>
-
Location of credential store storage file (defaults to "converted-vault.cr-store" in vault encryption directory)
-
-
-
-o,--other-providers <providers>
-
Comma separated list of Jakarta Connectors provider names. Providers will be supplied to the credential store instance. Each provider must be installed through java.security file or through service loader from properly packaged jar file on classpath.
-
-
-
-p,--keystore-password <pwd>
-
Vault keystore password, used to open original vault key store, and used as password for new converted credential store
-
-
-
-q,--credential-store-provider <cs-provider>
-
Provider name containing CredentialStoreSpi implementation. Provider must be installed through java.security file or through service loader from properly packaged jar file on classpath.
-
-
-
-s,--salt <salt>
-
8 character salt (defaults to "12345678")
-
-
-
-t,--type <type>
-
Converted credential store type (defaults to "KeyStoreCredentialStore")
-
-
-
-u,--properties <arg>
-
Configuration parameters for credential store in form of: "parameter1=value1; … ;parameterN=valueN"
-
-
-
-v,--alias <arg>
-
Vault key alias within key store (defaults to "vault")
-
-
-
-
-
-
16.7.3. KeyStoreCredentialStore
-
-
When configuring the KeyStoreCredentialStore the following configuration options are supported.
-
-
-
Table 20. KeyStoreCredentialStore Configuration
-
-
-
-
-
-
-
-
Name
-
Default
-
Description
-
-
-
-
-
create
-
false
-
If the credential store does not exist should it be created?
-
-
-
cryptographicAlgorithm
-
AES/CBC/NoPadding
-
The algorithm to use when using an external store.
-
-
-
external
-
false
-
Should external storage be used?
-
-
-
externalPath
-
N/A
-
Path to external storage.
-
-
-
keyAlias
-
cs_key
-
The alias to use from the KeyStore when working with external storage.
-
-
-
keyStoreType
-
KeyStore.getDefault()
-
The type of the key store used for the credential store.
-
-
-
location
-
N/A
-
The location of the credential store.
-
-
-
modifiable
-
true
-
Should the store be modifiable via the exposed API.
-
-
-
-
-
-
-
-
-
17. Encrypted Expressions
-
-
-
WildFly Elytron provides support for handling encrypted expressions in the management model using a SecretKey from a CredentialStore to decrypt the expression at runtime.
-
-
-
For information regarding how to create, configure, and populate credential stores including the manipulation of secret keys please refer to the Credential Store chapter.
-
-
-
Within the elytron subsystem one or more resolvers can be defined to handle the decryption of a previously encrypted expression. Each resolver will reference a single secret key in a
-single credential store which it will use to decrypt the expressions. Encrypted expressions can take one of two forms:
In both cases the ENC prefix is used to identify the expression is an encrypted expression. This prefix is the default however it is possible to define an alternative prefix for use
-across the configuration.
-
-
-
Within the first example the ResolverName is the name of an individual resolver definition. The name of the resolver has been omitted in the second example as it is also possible
-to define a default resolver which will be used if no resolver is specified within the expression.
-
-
-
17.1. expression=encryption resource
-
-
Support for decrypting expressions is enabled by defining a singleton expression=encryption resource within the elytron subsystem.
-
-
-
This resource can be defined with the following attributes.
-
-
-
-
-
prefix (Default ENC) - The prefix used within the encrypted expressions.
-
-
-
default-resolver (Optional) - For expressions that do not define a resolver, the default resolver to use.
-
-
-
resolvers - A lit of one more named resolver definitions.
-
-
-
-
-
An individual resolver is defined with three attributes:
-
-
-
-
-
name - The name of the individual configuration used to reference it.
-
-
-
credential-store - Reference to the credential store instance that contains the secret key this resolver will use.
-
-
-
secret-key - The alias of the secret key within the credential store to use.
-
-
-
-
-
The following is an example CLI command to define an expression=encryption resource in the elytron subsystem with two resolver definitions one if which is a
-default and an alternative prefix.
-The following section illustrates how to create an encrypted expression. If you repeat the same command for the same clear text it is normal that a different
-result is returned for the same key. This is because a unique initialisation vector is used for each call.
-
-
-
-
-
-
17.2.1. Management Operation
-
-
Once the expression=encryption resource has been defined the create-expression management operation can be called to generate an expression using the referenced
-secret key.
-
-
-
-
-
-
-
-
-When using management operations to create expressions from a clear-text string remember to disable the history in the CLI first otherwise the clear text string will be cached.
-
-
-
-
-
-
In these examples the expression=encryption resource has been configured to use the default prefix.
In both cases the resulting expression can be used on any attribute of a resource which supports the use of expressions.
-
-
-
-
17.2.2. Command Line Tool
-
-
Once a credential store has been populated with a secret key the credential-store command of the elytron-tool can also be used to create the encrypted string to include in an expression.
-
-
-
-
]$ bin/elytron-tool.sh credential-store --location standalone/configuration/store-one.cs --type PropertiesCredentialStore --encrypt key
-Clear text value:
-Confirm clear text value:
-Clear text encrypted to token 'RUxZAUMQvGzk6Vaadp2cahhZ6rlPhHOZcWyjXALlAthrENvRTvQ=' using alias 'key'.
-
-
-
-
The --encrypt action is used with the credential-store command, the argument to this action is the alias of the secret key to use. In this form the tool will prompt
-twice for the clear text which is being encrypted. When using the command line tool the output is just the Base64 encoded encrypted ciphertext. To use this in the management model
-it will need to be included in an expression as described earlier i.e. using the appropriate prefix and if required resolver name.
-
-
-
When using the --encrypt action it is also possible to pass in --clear-text parameter to pass in the clear text directly but this may be visible to other users and may also
-be cached in the command history of your shell.
-
-
-
-
-
17.3. Domain Mode
-
-
When using encrypted expressions in domain mode things are slightly different to how the legacy vault may have been used in the past.
-
-
-
To make use of encrypted expressions in the host controller configuration the expression=encryption resource and relevant *credential-store definitions must be defined
-within the elytron subsystem definition of the host controller i.e. in the same host.xml configuration.
-
-
-
For expressions within a domain profile being used to configure one or more servers the expression=encryption resource and relevant *credential-store definitions must be defined within the elytron subsystem
-definition of the same profile.
-
-
-
The runtime management operations are not supported against the expression=encryption or *credential-store when defined within a domain profile so for these environments the credential store and relevant
-expressions should be created offline before defining in the model. It is possible to reference a common credential store file shared between the host controller management model and the domain profile but after making
-any updates to the credential store from the host controller the application server processes will need to be restarted to force them to reload the credential store.
-
-
-
-
-
-
18. Custom Components
-
-
-
WildFly Elytron subsystem allows adding custom implementation of different
-components in form of WildFly modules into the WildFly instance and use them
-by the same way as built-in Elytron subsystem components.
-For example, you can create custom security event listener to develop custom
-audit mechanisms and store information about user authentication attempts in
-custom storage structure. Or you can create custom security realm to
-authenticate users against your own identities storage.
-
-
-
To find what types of custom components you can implement you can use Tab
-completion:
This section describes how to add a custom security event listener. Similar steps can be followed to add another
-custom component type.
-
-
-
To create custom security event listener you need to implement java.util.function.Consumer<org.wildfly.security.auth.server.event.SecurityEvent> interface.
-Resulting class needs to be packed into JAR and WildFly module created.
-You can create appropriate directory structure and module descriptor manually, or you can use following command of WildFly CLI:
The Java Enterprise Edition (EE) 7 specification introduced a new feature which allows application developers to specify a Java Security Manager (JSM) policy for their Java EE applications, when deployed to a compliant Java EE Application Server such as WildFly. Until now, writing JSM policies has been pretty tedious. Now a new tool has been developed which allows the generation of a JSM policy for deployments running on WildFly. It is possible that running with JSM enabled may affect performance, JEP 232 indicates the performance impact would be 10-15%, but it is still recommended to test the impact per application.
-
-
-
Elytron WildFly Java Security Manager basic enhancements are
Running a JSM will not fully protect the server from malicious attackers exploiting security vulnerabilities. It does, however, offer another layer of protection which can help reduce the impact of serious security vulnerabilities, such as deserialization attacks. For example, most of the recent attacks against Jackson Databind rely on making a Socket connection to an attacker-controlled JNDI Server to load malicious code. This article provides information on how this issue potentially affects an application written for JBoss EAP, which would be same for WildFly. The Security Manager could block the socket creation, and potentially thwart the attack.
-
-
-
-
JavaSE 17 Deprecate the Security Manager for Removal
-
-
The community decided to deprecate the Java Security Manager with Java 17. The full details are described in JEP 411: Deprecate the Security Manager for Removal. WildFly 29 still tests and actively supports the Security Manager. Used in conjunction with other tools such as Serialization Filtering the JSM is still a good defense in depth measure.
You can still utilize a custom security policy file with the -Djava.security.policy option. This is useful for special cases, for example a java agent. The default is the JVM provided policy.
-Djava.security.policy= with one equal sign (=) utilizes the default policy plus the custom policy.
--Djava.security.policy== with two equal signs (==) utilizes only the custom policy, take care for the necessary rights of the JVM in this case.
-
-
-
Property replacement in security policies
-
-
You can use variables in custom security policies which are resolved at runtime. You have to specify them on the command line or in the $JBOSS_HOME/bin/standalone.conf file. Properties in the server configuration are not available at the time of variable resolution on startup for the JSM.
-
-
-
-
-
19.2.3. Log-only mode
-
-
The log-only mode could be described as JSM simulation mode: Every permission check will be done but the result will not be propagated to the system - no SecurityException will be thrown. It is NOT about enabling or disabling log entries, which is solely driven by the logging configuration. The log-only mode is controlled with the -Dorg.wildfly.security.manager.log-only option. The default is false.
Do NOT use this option in production environments.
-
-
-
-
19.2.4. Logging Debug and trace
-
-
You can find a detailed description and how to about the command line interface and the logging configuration in the Admin Guide. The logger name to configure for the Elytron WildFly Security Manager is org.wildfly.security.access.
DEBUG [org.wildfly.security.access] (Batch Thread - 1) Permission check failed (permission "("java.util.PropertyPermission" "java.io.tmpdir" "read")" in code source "(vfs:/content/batch-processing.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.batch-processing.war" from Service Module Loader")
-
-
-
-
-
WildFly Security Manager Trace logging
-
-
You might have a case where you need to find out what exactly caused a certain permission request. Or you have an error case with an null classloader or null codesource. To get a stacktrace you can enable org.wildfly.security.access on log level TRACE.
Attention: This generates a lot of log output and has a severe performance impact. It’s not intended for permanent activation in development or testing but for special cases only.
-
-
-
-
Logging Profiles
-
-
If you are using one or more logging profiles it is strongly recommended to configure the org.wildfly.security.access logger for the server AND all logging profiles. If not, you might miss a relevant output.
-
-
-
-
-
19.2.5. Minimum and maximum permissions
-
-
The security-manager subsystem configures a maximum-set with the AllPermission by default:
If you cannot configure a third-party blackbox deployment unit or you want to share a common set of permissions across multiple deployments you can add a minimum-set of permissions.
-You could modify the maximum-set, remove the AllPermission and setup further restrictions to permissions you are willing to grant to deployments.
The permissions.xml file has to be placed below META-INF of deployment unit. The following example shows some entries, including
-property replacement. This is especially useful for immutable artifacts.
-
-
-
-
<?xml version="1.0" encoding="UTF-8"?>
-<permissionsxmlns="https://jakarta.ee/xml/ns/jakartaee"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee
- https://jakarta.ee/xml/ns/jakartaee/permissions_10.xsd"
- version="10">
- <permission>
- <class-name>java.util.PropertyPermission</class-name>
- <name>*</name><!-- many 3rd party APIs cache and require access to all properties -->
- <actions>read, write</actions>
- </permission>
- <permission>
- <class-name>java.lang.RuntimePermission</class-name>
- <name>getClassLoader</name>
- </permission>
- <permission>
- <class-name>java.io.FilePermission</class-name>
- <name>${install.app.home}/a/folder/-</name><!-- recursive in and below folder -->
- <actions>read</actions><!-- but not write, delete, execute -->
- </permission>
- <permission>
- <class-name>java.io.FilePermission</class-name>
- <name>${install.app.home}/b/folder</name><!-- folder itself -->
- <actions>read, write, delete</actions><!-- but not execute -->
- </permission>
- <permission>
- <class-name>java.io.FilePermission</class-name>
- <name>${install.app.home}/b/folder/*</name><!-- all IN the folder -->
- <actions>read, write, delete</actions><!-- but not execute -->
- </permission>
- <permission>
- <class-name>java.net.URLPermission</class-name>
- <name>${myserver.prot}://${myserver.hostname}:${myserver.port}/c/path/-</name><!-- recursive in and below path -->
- <actions>POST,GET,DELETE:*</actions><!-- refer to JavaDoc for more samples -->
- </permission>
-</permissions>
-
-
-
-
-
-
19.3. How to generate a Java Security Manager Policy
Comprehensive test plan which exercises every "normal" function of the application.
-
-
-
-
-
If a comprehensive test plan isn’t available, a policy could be generated in a production environment, as long as some extra disk space for logging is available and there is confidence the security of the application is not going to be compromised while generating policies.
-
-
-
-
19.3.2. Setup 'Log Only' mode and 'debug' logging for the Security Manager
19.3.3. Test the application to generate policy violations
-
-
For this example we’ll use the batch-processing quickstart. Follow the README to deploy the application and access it running on the application server at http://localhost:8080/batch-processing. Click the 'Generate a new file and start import job' button in the Web UI and notice some policy violations are logged to the $JBOSS_HOME/standalone/log/server.log file, for example:
-
-
-
-
DEBUG [org.wildfly.security.access] (Batch Thread - 1) Permission check failed (permission "("java.util.PropertyPermission" "java.io.tmpdir" "read")" in code source "(vfs:/content/batch-processing.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.batch-processing.war" from Service Module Loader")
-
-
-
-
-
19.3.4. Generate a policy file for the application
-
-
Checkout the source code for the wildfly-policygen project written by Red Hat Product Security.
A permissions.xml file should be generated in the current directory. Using the example application, the file is called batch-processing.war.permissions.xml. Copy that file to src/main/webapp/META-INF/permissions.xml, build, and redeploy the application, for example:
Where APP_HOME is an environment variable pointing to the batch-processing application’s home directory.
-
-
-
-
19.3.5. Run with the security manager in enforcing mode
-
-
Recall that we set the org.wildfly.security.manager.log-only system property in order to log permission violations. Remove that system property or set it to false in order to enforce the JSM policy that’s been added to the deployment. Once that line has been changed or removed from bin/standalone.conf, restart the application server, build, and redeploy the application.
-
-
-
Also go ahead and remove the extra logging category that was added previously using the CLI, e.g.:
This time there shouldn’t be any permission violations logged in the server.log file.
-
-
-
-
-
19.4. Conclusion
-
-
While the Java Security Manager will not prevent all security vulnerabilities possible against an application deployed to WildFly, it will add another layer of protection, which could mitigate the impact of serious security vulnerabilities such as deserialization attacks. If running with Security Manager enabled, be sure to check the impact on the performance of the application to make sure it’s within acceptable limits. Finally, use of the wildfly-policygen tool is not officially supported by Red Hat, however issues can be raised for the project in Github or in the WildFly User Forum.
-
-
-
-
19.5. Further background
-
-
Additionally to the documentation of JBoss Modules and the Security Manager the following explanations have been extracted from an WildFly developer conversation.
-
-
-
19.5.1. Elytron WildFly Security Manager and Protection Domains
-
-
Within WildFly there are two types of ProtectionDomain:
-
-
-
-
-
Server module (everything under the modules folder).
-
-
-
Deployment.
-
-
-
-
-
Server modules automatically have the AllPermission granted.
-Deployments have a combination of their permission.xml as well as possibly the minimal permission set from the security manager subsystem.
-
-
-
Permission checks
-
-
As a call progresses from class to class, module to module, deployment to module a list of all of the protection domains of each of these builds up.
-When a permission check is performed it will only succeed if each and every protection domain on the call stack has been granted the permission.
-
-
-
This is where doPrivileged comes in, this is effectively saying "At this point in the callstack it is verified safe, forget the protection domains that called me."
-So when a deployment calls into a server module and that server module calls doPrivileged then the deployments module will not longer be a part of the permission check.
-
-
-
Adding a doPrivileged seems an obvious solution but when added one also need to think about how deployments could abuse this to get their protection domain dropped from the permissions check.
-
-
-
-
Privileged blocks in dependencies
-
-
Adding the privileged block in a dependency used by WildFly works because the protection domain of the server modules has all the permissions. It is important to understand how module all permissions and doPrivileged checks work combined for a deployment.
-
-
-
One point to start with there is nothing special about a PrivilegedAction: PrivilegedAction is an interface which allows a Runnable class to be passed in and also has a return type. If this was added later it could have been implemented with the functional interfaces. The special part is the doPrivileged call.
-Under normal circumstances every jar would be represented by it’s own protection domain and each jar could be assigned it’s own permissions. When the security manager performs it’s permissions check it would make sure every protection domain in the call stack has been granted that permission.
-
-
-
The WildFly modules case is slightly special as all the modules just get granted AllPermission, so we end up in a situation where deployments have a defined set of permissions and the WildFly modules have all - by default the security manager checks the permissions of both of these during a permission check that spans them - the WildFly module will of course always pass.
-
-
-
Because of WildFly’s model it is easy to get into the assumption that it is the doPrivileged call which is doing something special to bypass the security manager permissions check, it is not - all it is doing is dropping the protection domains from the call stack prior to that point, so we just end up with the protection domains for WildFly modules on the call stack which have the all permission.
-
-
-
So where you say the current protection domain where the dependency is has all permissions granted - yes that is it - the remaining protections domains on the call stack have the appropriate permissions granted.
-
-
-
The documentation might lead to the view the doPriviledge does some magical things that allowed your code run as trusted code that can bypass the permissions, for example at What It Means to Have Privileged Code, with sentences as:
-
-
-
-
-
Marking code as "privileged" enables a piece of trusted code to temporarily enable access to more resources than are available directly to the code that called it. This is necessary in some situations. For example, an application may not be allowed direct access to files that contain fonts, but the system utility to display a document must obtain those fonts, on behalf of the user. In order to do this, the system utility becomes privileged while obtaining the fonts.
-
-
-
-
-
This is all part of the argument for removing it, the confusion around how to apply the APIs - one could say the following sentence is correct but hides the important detail. "Marking code as "privileged" enables a piece of trusted code to temporarily enable access to more resources than are available directly to the code that called it."
-
-
-
If we have module A calling module B - by default the permissions check checks both.
-If module B contains a doPrivileged before the permission check then only module B’s protection domain will be checked.
-
-
-
The reason for using the doPrivileged is the assumption module B has the greater (or more appropriate permissions) and just want these compared without those from A.
-
-
-
But it is also possible that A actually had the required permissions and B does not do even though one adds a doPrivileged it still fails as B does not have sufficient permissions anyway.
-
-
-
The reason for using the doPrivileged is the assumption module B has the greater (or more appropriate permissions) and just want these compared without those from A.
-
-
-
-
Privileged blocks implications for third party libraries
-
-
It is not a requirement for a developer of a third-party library to add a doProviledge block and configure the corresponding protection domain with the permissions the library requires for doing the work.
-
-
-
A third-party developer of a library could add a doPrivileged block to allow the consumers of the library to have the freedom to not require all the permissions needed available on all the protection domains. However, consumers have to at least give the required permissions to the protection domain where the third-party library is. This is just to add a possibility for the consumers of the library.
-
-
-
-
Privileged blocks implications for WildFly modules
-
-
Without WildFly’s special AllPermission assignment each module should specify the permissions that it needs.
-
-
-
But this is where the permissions get even more complex. Let’s say in that example module B needs to read a file, the developer of module B may not know where that file will exist as it is not until the module is used in another project (like an app server we know file locations).
-
-
-
One way is avoiding doPrivileged:
-
-
-
-
-
Module B has the permission to access all files.
-
-
-
Module A has the permission to access just a specific file.
-
-
-
-
-
Combined a permission check would pass.
-
-
-
Second is module B contains a doPrivileged.
-
-
-
If module B still has the permission to access all files but module A has no file permission. If module A can pass the path of the file to module B one now has the problem that modules can potentially use this to bypass permissions and get access to all files.
-
-
-
The next variation is the permissions for module B need adjusting in context, i.e. it now needs to specify which file module B can access so there is no way for A to abuse it.
-
-
-
WildFly developers should not need to specify permissions for all modules in the app server, and if they need context that would be even more difficult.
-
-
-
The first example would be the equivalent of all deployments now needing the permissions granted but deployments are not supposed to need to be aware of the inner workings of the application server to decide what permissions they need.
-
-
-
So it ends up in that middle ground where if WildFly developers are not careful it could be open to abuse from deployments.
-
-
-
-
-
-
-
-
20. Migrate Legacy Security to Elytron Security
-
-
-
20.1. Authentication Configuration
-
-
-
-
20.2. Properties Based Authentication / Authorization
-
-
20.2.1. PicketBox Based Configuration
-
-
This migration example assumes a deployed web application is configured
-to require authentication using FORM based authentication and is
-referencing a PicketBox based security domain using the
-UsersRolesLoginModule to load user information from a pair or properties
-files.
-
-
-
Original Configuration
-
-
A security domain can be defined in the legacy security subsystem using
-the following management operations: -
It is possible to take a previously defined PicketBox security domain
-and expose it as an Elytron security realm so it can be wired into a
-complete Elytron based configuration, if only properties based
-authentication was to be migrated it would be recommended to jump to the
-fully migration configuration and avoid the unnecessary dependency on
-the legacy security subsystem but for situations where that is not
-immediately possible these commands illustrate an intermediate solution.
-
-
-
These steps assume the original configuration is already in place.
-
-
-
The first step is to add a mapping to an Elytron security realm within
-the legacy security subsystem.
Within the Elytron subsystem a security domain can be defined which
-references the exported security realm and also a http authentication
-factory which supports FORM based authentication.
Finally configuration needs to be added to the Undertow subsystem to map
-the security domain referenced by the deployment to the newly defined
-http authentication factory.
Note: If the deployment was already deployed at this point the
-application server should be reloaded or the deployment redeployed for
-the application security domain mapping to take effect.
-
-
-
The following command can then be used to verify the mapping was applied
-to the deployment.
The deployment being tested here is 'HelloWorld.war' and the output from
-the previous command shows this deployment is referencing the mapping.
-
-
-
At this stage the previously defined security domain is used for it’s
-LoginModule configuration but this is wrapped by Elytron components
-which take over authentication.
-
-
-
-
Fully Migrated Configuration
-
-
Alternatively the configuration can be completely defined within the
-Elytron subsystem, in this case it is assumed none of the previous
-commands have been executed and this is started from a clean
-configuration - however if the security domain definition does exist in
-the legacy security subsystem that will remain completely independent.
-
-
-
First a new security realm can be defined within the Elytron subsystem
-referencing the files referenced previously: -
As before the application-security-domain mapping should be added to the
-Undertow subsystem and the server reloaded or the deployment redeployed
-as required.
At this stage the authentication is the equivalent of the original
-configuration however now Elytron components are used exclusively.
-
-
-
-
-
20.2.2. Migrating to FileSystemRealm Based Authentication
-
-
An alternative to using a legacy properties-realm in Elytron is to use
-the new filesystem-realm. An Elytron filesystem-realm will use file-backed
-authentication methods to secure the server. It is now easy to migrate from a
-legacy properties-realm to an Elytron filesystem-realm by using the
-Elytron Tool. The new Elytron Tool command, FileSystemRealmCommand, will convert
-the given properties files and create an Elytron FileSystemRealm, along with a script
-with the WildFly CLI commands for registering the FileSystemRealm and Security Domain
-on the WildFly server. After using the tool, it will still be necessary to configure
-an authentication-factory and an application-security-domain, as in the steps
-above.
-
-
-
Single User-Roles Conversion
-
-
To convert a single user-roles properties files combination, the parameters
-can be passed directly into the command:
This will then configure a filesystem-realm in filesystem_realm_dir and
-will create a script converted-properties-filesystem-realm.sh in
-filesystem_realm_dir with the WildFly CLI commands to register the filesystem-realm
-and the security-domain, with the security-domain named
-converted-properties-security-domain. To customize the filesystem-realm name
-and the security-domain name, the --filesystem-realm-name and
---security-domain-name parameters can be used.
-
-
-
Use elytron-tool.sh filesystem-realm --help to get description of all parameters.
-
-
-
Notes:
-
-
-
-
The short form options, as shown in the --help option, can be used, such as
--u in place of --users-file.
-
-
-
When the --summary parameter is specified, an output of operations performed
-during conversion, including warnings and errors, will be shown once the
-command finishes conversion.
-
-
-
When the --silent parameter is specified, Elytron Tool will not give no
-information output, as compared to normal operation where warnings are shown.
-The --silent command will not override --summary, resulting in the ability to
-hide output until the command finishes conversion.
-
-
-
Elytron Tool will not configure the filesystem-realm and security-domain
-within WildFly itself, it will just provide the necessary commands in the
-output script file.
-
-
-
-
-
-
-
Bulk User-Roles Conversion
-
-
It is possible to convert multiple users-roles files combinations at once
-by using --bulk-convert parameter with a descriptor file.
Each blank line starts a new conversion operation. As with a single conversion,
-the users-file, roles-file, and output-location are required parameters while
-the filesystem-realm-name and security-domain-name are optional parameters.
-
-
-
Execute the following command to convert with the descriptor file:
For bulk conversion, only the long form option can be used, unlike the CLI
-mode where both long and short form options can be used.
-
-
-
The --summary and --silent parameters can be used here too. However, they
-must be specified while executing the command and apply to all conversions
-specified in the descriptor file.
-
-
-
If the --summary parameter is used, then a summary will be provided
-after each execution as opposed to after the command finishes all conversions.
-
-
-
As with the single conversion, absolute or relative paths can be used for
-users-file, roles-file, and output-location.
-
-
-
Each execution of the command will produce a separate script in the given
-output-location directory.
-
-
-
Repeated output-location paths can result in an error
-
-
-
If there is an error in one users-roles files combination then Elytron Tool
-will report the issue, such as a missing required parameter, and continue
-with the conversion of all remaining combinations.
-
-
-
-
-
-
-
-
20.2.3. Legacy Security Realm
-
-
Original Configuration
-
-
A legacy security realm can be defined using the following commands to
-load users passwords and group information from properties files.
A legacy security realm would typically be used to secure either the
-management interfaces or remoting connectors.
-
-
-
-
Migrated Configuration
-
-
One of the motivations for adding the Elytron based security to the
-application server is to allow a consistent security solution to be used
-across the server, to replace the security realm the same steps as
-described in the previous 'Fully Migrated' section can be followed again
-up until the http-authentication-factory is defined.
-
-
-
A legacy security realm can also be used for SASL based authentication
-so a sasl-authentication-factory should also be defined.
If this new configuration was to be used to secure the management
-interfaces more suitable names should be chosen but the following
-commands illustrate how to set the two authentication factories and
-clear the existing security realm reference.
The section describing how to migrate from properties based
-authentication using either PicketBox or legacy security realms to
-Elytron also contained a lot of additional information regarding
-defining security domains, authentication factories, and how these are
-mapped to be used for authentication. This section will illustrate some
-equivalent LDAP configuration using legacy security realms and PicketBox
-security domains and show the equivalent configuration using Elytron but
-will not repeat the steps to wire it all together covered in the
-previous section.
-
-
-
These configuration examples are developed against a test LDAP sever
-with user entries like: -
-
-
-
-
dn: uid=TestUserOne,ou=users,dc=group-to-principal,dc=wildfly,dc=org
-objectClass: top
-objectClass: inetOrgPerson
-objectClass: uidObject
-objectClass: person
-objectClass: organizationalPerson
-cn: Test User One
-sn: Test User One
-uid: TestUserOne
-userPassword: {SSHA}UG8ov2rnrnBKakcARVvraZHqTa7mFWJZlWt2HA==
-
-
-
-
The group entries then look like: -
-
-
-
-
dn: uid=GroupOne,ou=groups,dc=group-to-principal,dc=wildfly,dc=org
-objectClass: top
-objectClass: groupOfUniqueNames
-objectClass: uidObject
-cn: Group One
-uid: GroupOne
-uniqueMember: uid=TestUserOne,ou=users,dc=group-to-principal,dc=wildfly,dc=org
-
-
-
-
For authentication purposes the username will be matched against the
-'uid' attribute, also the resulting group name will be taken from the
-'uid' attribute of the group entry.
-
-
-
20.3.1. Legacy Security Realm
-
-
A connection to the LDAP server and related security realm can be
-created with the following commands: -
In the prior two examples information is loaded from LDAP to use
-directly as groups or roles, in the Elytron case information can be
-loaded from LDAP to associate with the identity as attributes - these
-can subsequently be mapped to roles but attributes can be loaded for
-other purposes as well.
-
-
-
-
-
-
-
-
-By default, if no role-decoder is defined for given security-domain,
-identity attribute " `Roles`" is mapped to the identity roles.
-
When using either PicketBox or the legacy security realms it is possible to define a configuration where authentication is performed against one identity store whilst the information used for authorization is loaded from a different store, when using WildFly Elytron this can be achieved by using an aggregate security realm.
-
-
-
The example here makes use of a properties file for authentication and then searches LDAP to load group / role information. Both of these are based on the previous examples within this document so the environmental information is not repeated here.
During an authentication attempt the 'UsersRoles' login module will first be called to perform authentication based on the supplied credential, then the 'LdapExtLoginModule' will be called which will proceed to query LDAP to load the roles for the identity.
Within the WildFly Elytron example a new security realm 'aggregate-realm' has been defined, this definition specifies which of the defined security realms should be used for the authentication step and which of the security realms should be used for the loading of the identity used for subsequent authorization decisions.
-
-
-
-
-
20.5. Database Authentication
-
-
The section describing how to migrate from database accessible via JDBC
-datasource based authentication using PicketBox to Elytron. This section
-will illustrate some equivalent configuration using PicketBox security
-domains and show the equivalent configuration using Elytron but will not
-repeat the steps to wire it all together covered in the previous
-sections.
-
-
-
These configuration examples are developed against a test database with
-users table like:
-
-
-
-
CREATETABLE User (
- id BIGINTNOTNULL,
- username VARCHAR(255),
- password VARCHAR(255),
- role ENUM('admin', 'manager', 'user'),
- PRIMARYKEY (id),
- UNIQUE (username)
-)
-
-
-
-
For authentication purposes the username will be matched against the '
-`username’ column, password will be expected in hex-encoded MD5 hash in
-' `password’ column. User role for authorization purposes will be taken
-from ' `role’ column.
-
-
-
20.5.1. PicketBox Database LoginModule
-
-
The following commands can create a PicketBox security domain configured
-to use database accessible via JDBC datasource to verify a username and
-password and to assign roles.
-
-
-
-
./subsystem=security/security-domain=application-security/:add
-./subsystem=security/security-domain=application-security/authentication=classic:add(login-modules=[{code=Database, flag=Required, module-options={ \
- dsJndiName="java:jboss/datasources/ExampleDS", \
- principalsQuery="SELECT password FROM User WHERE username = ?", \
- rolesQuery="SELECT role, 'Roles' FROM User WHERE username = ?", \
- hashAlgorithm=MD5, \
- hashEncoding=base64 \
-}}])
-
-
-
-
This results in the following configuration.
-
-
-
-
<subsystemxmlns="urn:jboss:domain:security:2.0">
- <security-domains>
- ...
- <security-domainname="application-security">
- <authentication>
- <login-modulecode="Database"flag="required">
- <module-optionname="dsJndiName"value="java:jboss/datasources/ExampleDS"/>
- <module-optionname="principalsQuery"value="SELECT password FROM User WHERE username = ?"/>
- <module-optionname="rolesQuery"value="SELECT role, 'Roles' FROM User WHERE username = ?"/>
- <module-optionname="hashAlgorithm"value="MD5"/>
- <module-optionname="hashEncoding"value="base64"/>
- </login-module>
- </authentication>
- </security-domain>
- </security-domains>
- </subsystem>
-
-
-
-
-
20.5.2. Migrated
-
-
Within the Elytron subsystem to use database accesible via JDBC you need
-to define jdbc-realm:
-
-
-
-
./subsystem=elytron/jdbc-realm=jdbc-realm:add(principal-query=[{ \
- data-source=ExampleDS, \
- sql="SELECT role, password FROM User WHERE username = ?", \
- attribute-mapping=[{index=1, to=Roles}] \
- simple-digest-mapper={algorithm=simple-digest-md5, password-index=2}, \
-}])
-
-
-
-
This results in the following overall configuration:
In comparison with PicketBox solution, Elytron jdbc-realm use one SQL
-query to obtain all user attributes and credentials. Their extraction
-from SQL result specifies mappers.
-
-
-
-
20.5.3. N-M relation beetween user and roles
-
-
When using a n:m-relation beetween user and roles (which means: the user has multiple roles), the previous configuration does not work.
Here you need two configure two principal queries:
-
-
-
-
<jdbc-realmname="jdbc-realm">
- <principal-querysql="SELECT PASSWORD FROM USER WHERE USERNAME = ?"data-source="ExampleDS">
- <clear-password-mapperpassword-index="1"/>
- </principal-query>
- <principal-querysql="SELECT R.ROLENAME from ROLE AS R, USERROLE AS UR, USER AS U WHERE U.USERNAME=? AND UR.ROLEID = R.ID AND UR.USERID = U.ID"data-source="ExampleDS">
- <attribute-mapping>
- <attributeto="roles"index="1"/>
- </attribute-mapping>
- </principal-query>
-</jdbc-realm>
-
-
-
-
The second query needs an attribute mapping to decode the selected rolename column (index 1):
When working with Kerberos configuration it is possible for the
-application server to rely on configuration from the environment or the
-key configuration can be specified using system properties, for the
-purpose of these examples I define system properties - these properties
-are applicable to both the legacy configuration and the migrated Elytron
-configuration.
An application can now be deployed referencing the SPNEGO security
-domain and secured with SPNEGO mechanism.
-
-
-
-
Migrated SPNEGO
-
-
The equivalent configuration can be achieved with WildFly Elytron by
-first defining a security realm which will be used to load identity
-information.
As with the previous examples we define a security realm to pull
-together the policy as well as a HTTP authentication factory for the
-authentication policy.
Now, to enable SPNEGO authentication for the HTTP management interface,
-update this interface to reference the http-authentication-factory
-defined above, as described in the
-properties
-authentication section.
-
-
-
Alternatively, to secure an application using SPNEGO authentication, an
-application security domain can be defined in the Undertow subsystem to
-map security domains to the http-authentication-factory defined above,
-as described in the
-properties
-authentication section.
-
-
-
-
-
20.6.2. Remoting / SASL Authentication
-
-
Legacy Security Realm
-
-
It is also possible to define a legacy security realm for Kerberos /
-GSSAPI SASL authenticatio for Remoting authentication such as the native
-management interface.
The management interface or Remoting connectors can now be updated to
-reference the SASL authentication factory.
-
-
-
The two Elytron examples defined here could also be combined into one to
-use a shared security domain and security realm and just use protocol
-specific authentication factories each referencing their own Kerberos
-security factory.
-
-
-
-
-
-
20.7. Caching Migration
-
-
Where a PicketBox based security domain is defined it is possible to enable caching for that security domain, this enables subsequent hits to the identity store to be avoided as an in memory cache can be used instead, this example demonstrates how caching can be used with a WildFly Elytron based configuration.
-
-
-
The purpose of this chapter is to highlight the migration of a configuration with caching enabled, this example is based in the previous LDAP example but with caching enabled.
-
-
-
20.7.1. PicketBox Example
-
-
A PicketBox based security domain can be defined with the following commands.
When using WildFly Elytron where caching is required the individual security realm is wrapped using a cache, a migrated configuration can be defined with the following commands:
This migration example assumes a client application performs a remote
-JNDI lookup using an InitialContext backed by the
-org.wildfly.naming.client.WildFlyInitialContextFactory class.
-
-
-
Original Configuration
-
-
An InitialContext backed by the
-org.wildfly.naming.client.WildFlyInitialContextFactory class can be
-created by specifying properties that contain the URL of the naming
-provider to connect to along with appropriate user credentials:
An InitialContext backed by the
-org.wildfly.naming.client.WildFlyInitialContextFactory class can be
-created by specifying a property that contains the URL of the naming
-provider to connect to. The user credentials can be specified using a
-WildFly client configuration file or programmatically.
-
-
-
Configuration File Approach
-
-
A wildfly-config.xml file that contains the user credentials to use
-when establishing a connection to the naming provider can be added to
-the client application’s META-INF directory:
The user credentials to use when establishing a connection to the naming
-provider can be specified directly in the client application’s code:
-
-
-
-
// create your authentication configuration
-AuthenticationConfiguration namingConfig = AuthenticationConfiguration.empty().useName("bob").usePassword("secret");
-
-// create your authentication context
-AuthenticationContext context = AuthenticationContext.empty().with(MatchRule.ALL.matchHost("127.0.0.1"), namingConfig);
-
-// create a callable that creates and uses an InitialContext
-Callable<Void> callable = () -> {
- Properties properties = newProperties();
- properties.put(Context.INITIAL_CONTEXT_FACTORY, "org.wildfly.naming.client.WildFlyInitialContextFactory");
- properties.put(Context.PROVIDER_URL, "remote+http://127.0.0.1:8080");
- InitialContext context = newInitialContext(properties);
- Bar bar = (Bar) context.lookup("foo/bar");
- ...
- return null;
-};
-
-// use your authentication context to run your callable
-context.runCallable(callable);
-
-
-
-
-
-
-
20.9.2. EJB Client
-
-
This migration example assumes a client application is configured to
-invoke an EJB deployed on a remote server using a
-jboss-ejb-client.properties file.
-
-
-
Original Configuration
-
-
A jboss-ejb-client.properties file that contains the information
-needed to connect to the remote server can be specified in a client
-application’s META-INF directory:
An EJB can then be looked up and a method can be invoked on it as
-follows:
-
-
-
-
// create an InitialContext
-Properties properties = newProperties();
-properties.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
-properties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
-InitialContext context = newInitialContext(properties);
-
-// look up an EJB and invoke one of its methods
-RemoteCalculator statelessRemoteCalculator = (RemoteCalculator) context.lookup(
- "ejb:/ejb-remote-server-side//CalculatorBean!" + RemoteCalculator.class.getName());
-int sum = statelessRemoteCalculator.add(101, 202);
-
-
-
-
-
Migrated Configuration
-
-
The information needed to connect to the remote server can be specified
-using a WildFly client configuration file or programmatically.
-
-
-
Configuration File Approach
-
-
A wildfly-config.xml file that contains the information needed to
-connect to the remote server can be added to the client application’s
-META-INF directory:
An EJB can then be looked up and a method can be invoked on it as
-follows:
-
-
-
-
// create an InitialContext
-Properties properties = newProperties();
-properties.put(Context.INITIAL_CONTEXT_FACTORY, "org.wildfly.naming.client.WildFlyInitialContextFactory");
-InitialContext context = newInitialContext(properties);
-
-// look up an EJB and invoke one of its methods (same as before)
-RemoteCalculator statelessRemoteCalculator = (RemoteCalculator) context.lookup(
- "ejb:/ejb-remote-server-side//CalculatorBean!" + RemoteCalculator.class.getName());
-int sum = statelessRemoteCalculator.add(101, 202);
-
-
-
-
-
Programmatic Approach
-
-
The information needed to connect to the remote server can be specified
-directly in the client application’s code:
-
-
-
-
// create your authentication configuration
-AuthenticationConfiguration ejbConfig = AuthenticationConfiguration.empty().useName("bob").usePassword("secret");
-
-// create your authentication context
-AuthenticationContext context = AuthenticationContext.empty().with(MatchRule.ALL.matchHost("127.0.0.1"), ejbConfig);
-
-// create a callable that invokes an EJB
-Callable<Void> callable = () -> {
-
- // create an InitialContext
- Properties properties = newProperties();
- properties.put(Context.INITIAL_CONTEXT_FACTORY, "org.wildfly.naming.client.WildFlyInitialContextFactory");
- properties.put(Context.PROVIDER_URL, "remote+http://127.0.0.1:8080");
- InitialContext context = newInitialContext(properties);
-
- // look up an EJB and invoke one of its methods (same as before)
- RemoteCalculator statelessRemoteCalculator = (RemoteCalculator) context.lookup(
- "ejb:/ejb-remote-server-side//CalculatorBean!" + RemoteCalculator.class.getName());
- int sum = statelessRemoteCalculator.add(101, 202);
- ...
- return null;
-};
-
-// use your authentication context to run your callable
-context.runCallable(callable);
-
-
-
-
-
-
-
-
-
-References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
-:leveloffset: -1
-
-
-
-
-
-
-
-
-
20.9.3. General Utilities
-
-
-
-
20.9.4. Security Vault Migration
-
-
Security Vault is primarily used in legacy configurations, a vault is
-used to store sensitive strings outside of the configuration files.
-WildFly server may only contain a single security vault.
-
-
-
Credential Store introduced in WildFly 11 is meant to expand Security
-Vault in terms of storing different credential types and introduce easy
-to implemnent SPI which allows to deploy custom implemenations of
-CredentialStore SPI. Credentials are stored safely encrypted in storage
-file outside WildFly configuration files. Each WildFly server may
-contain multiple credential stores.
-
-
-
To easily migrate vault content into credential store we have added
-"vault" command into WildFly Elytron Tool. The tool could be found at
-$JBOSS_HOME/bin directory. It has several scripts named "elytron-tool.*"
-dependent on your platform of choice.
-
-
-
Single Security Vault Conversion
-
-
To convert single security vault credential store use following
-example:
-
-
-
-
-
to get sample vault use testing resources of Elytron Tool project from
-GitHub
Vault (enc-dir="vault_data/";keystore="vault-jceks.keystore") converted to credential store "cs-v1.store"
-Vault Conversion summary:
---------------------------------------
-Vault Conversion Successful
-CLI command to add new credential store:
-/subsystem=elytron/credential-store=test:add(relative-to=jboss.server.data.dir,create=true,modifiable=true,location="cs-v1.store",implementation-properties={"keyStoreType"⇒"JCEKS"},credential-reference={clear-text="MASK-2hKo56F1a3jYGnJwhPmiF5;12345678;34"})
-
-
-
-
-
Use elytron-tool.sh vault --help to get description of all parameters.
-
-
-
Notes:
-
-
-
-
Elytron Tool cannot handle very first version of Security Vault data
-file.
-
-
-
--keystore-password can come in two forms (1) masked as shown in the
-example or (2) clear text. Parameter --salt and --iteration are there to
-supply information to decrypt the masked password or to generate masked
-password in output. In case --salt and --iteration are omitted default
-values are used.
-
-
-
When --summary parameter is specified, one can see nice output with
-CLI command to be used in WildFly console to add converted credential
-store to the configuration.
-
-
-
-
-
-
-
Bulk Security Vault Conversion
-
-
There is possibility to convert multiple vaults to credential store
-using --bulk-convert parameter with description file.
-Example of description file from our tests:
This section describe securing HTTP connections to the server using SSL
-using Elytron.
-It suppose you have already configured SSL using legacy
-security-realm, for example by
-Admin Guide#Enable
-SSL, and your configuration looks like:
Create Elytron key-store - specifying where is the keystore file stored and password by which it is encrypted. Default type of keystore generated using keytool is PKCS12:
This suppose you have already configured Client-Cert SSL authentication
-using truststore in legacy security-realm, for example by
-Admin
-Guide#Add Client-Cert to SSL, and your configuration looks like:
-Following configuration is sufficient to prevent users without valid
-certificate and private key to access the server, but it does not
-provide user identity to the application. That require to define
-CLIENT_CERT HTTP mechanism / EXTERNAL SASL mechanism, which will be
-described later.)
-
-
-
-
-
-
At first use steps above to migrate basic part of the configuration.
-Then continue by following:
-
-
-
-
-
Create key-store of truststore - like for keystore above:
As this documentation is primarily intended for users migrating to WildFly Elytron I am going to jump straight into the configuration required with WildFly Elytron.
-
-
-
This section will cover how to create the various resources required to achieve CLIENT_CERT authentication with fallback to username / password authentication for both HTTP and SASL (i.e. Remoting) - both are being covered at the same time as predominantly they require the same core configuration, it is not until the definition of the authentication factories that the configuration becomes really specific.
-
-
-
This suppose you have configured legacy Client-Cert SSL authentication using truststore in legacy security-realm, for example by Admin Guide#Add Client-Cert to SSL, and your configuration looks like:
The security realm will be used in two situations:
-* Authentication in password fallback case, when certificate authentication fails
-* Authorization in both - password and certificate auth - cases - the realm will provide roles of individual users
-
-
-
This mean, for any client certificate there have to exists user in the security realm.
-
-
-
-
Principal decoder
-
-
When certificate authentication is used and the security realm accepts usernames to resolve an identity, there have to be defined way to obtain username from a client certificate.
-In this case we will use first CN attribute in certificate subject:
For the HTTP connections we now define a HTTP authentication factory using the previously defined resources and it is configured to support CLIENT_CERT and DIGEST authentication.
-
-
-
Because our security realm is not able to verify client certificates (properties realm verifies passwords only), we need to add configuring mechanism factory first, which will disable certificate verification against the security realm:
The architecture of the two authentication factories if very similar so a SASL authentication factory can be defined in the same way as the HTTP equivalent.
-However, as EXTERNAL SASL mechanism does not do any certificate verification, there is no need for configuring SASL server factory.
There is used the same principal transformer as defined for HTTP.
-
-
-
-
SSL Context
-
-
The SSL context was already defined, but we need to modify it to not fail on client certificate authentication failure, but to fallback to password authentication.
As we will be supporting fallback to username/password authentication need-client-auth is set to false. This allows connections to be established but an alternative form of authentication will be required.
-
-
-
-
Using for Management
-
-
At this point the management interfaces can be updated to use the newly defined resources, we need to add references to the two new authentication factories and the SSL context, we can also remove the existing reference to the legacy security realm. As this is modifying existing interfaces a server reload will also be required.
At this stage assuming the same files have been used as in this example it should be possible to connect to the management interface of the server either using a web browser or the JBoss CLI with username and password from your original mgmt-users.properties file.
-
-
-
For certificate based authentication certificates signed by your CA, whose subject DN resolves to username existing in properties realm will be accepted.
-
-
-CLI Client Configuration
-
-
This suppose you have used following configuration in bin/jboss-cli.xml:
You can stay using this configuration, but since the integration of WildFly Elytron it is possible with the CLI to use a configuration file wildfly-config.xml to define the security settings including the settings for the client side SSL context.
-
-
-
In such case, following wildfly-config.xml can be created in the location the JBoss CLI is being started from: -
Beginning with the WildFly 22 release, the WildFly project began producing two variants of
-its landmark application server — the standard "WildFly" variant and the new "WildFly Preview".
-
-
-
The standard "WildFly" variant is the classic server that users have been familiar with for many
-years now. It’s a very mature server, with a lot of care taken to ensure new features are fully
-realized and to limit the number of incompatible changes between releases.
-
-
-
WildFly Preview is a tech preview variant of the server. The goal of WildFly Preview is to give
-the WildFly community a look at changes that are likely to appear in future releases of the standard
-WildFly server. The aim is to get feedback on in-progress work, so it is more likely that features
-will not be fully realized, and a greater number of incompatible changes may appear from release
-to release. The amount of testing WildFly Preview undergoes will generally not be as high as the
-standard WildFly variant.
-
-
-
The expectation is on any given release date, both standard WildFly and WildFly Preview will be released.
-
-
-
-
-
-
-
-
-
-
A WildFly Preview release will have the same version number and suffix (Beta, Final, etc) as the
-main WildFly release, but regardless of the suffix, a WildFly Preview release should be treated
-as a Technical Preview release.
-
-
-
-
-
-
-
-
-
1. Getting WildFly Preview
-
-
-
The zip or tar.gz file for WildFly Preview is available at https://wildfly.org/downloads
-right next to the main WildFly release files for the same version.
-
-
-
For bootable jar users and Galleon CLI users, we provide a Galleon feature pack for WildFly Preview. The
-Galleon feature pack location for the feature pack is wildfly-preview@maven(org.jboss.universe:community-universe).
-This feature pack is the WildFly Preview analogue to main WildFly’s wildfly@maven(org.jboss.universe:community-universe).
-
-
-
-
-
2. WildFly Preview and Jakarta EE
-
-
-
Prior to WildFly 27, the primary difference between standard WildFly and WildFly Preview was that standard WildFly
-supported Jakarta EE 8, while WildFly Preview supported Jakarta EE 9. However, beginning with the 27 release both
-standard WildFly and WildFly Preview support Jakarta EE 10, so this is no longer a difference between the two variants.
-
-
-
Note that formally certifying WildFly Preview as compatible implementation of Jakarta EE is not a priority
-for the WildFly project and may not happen at the time of a release, or ever. Users interested in formal EE
-compliance of WildFly Preview should check the WildFly Certifications repository.
-
-
-
2.1. WildFly Preview Support for EE 8 Deployments
-
-
The APIs that WildFly Preview exposes to deployments are the EE 10 APIs, so all the classes and interfaces are in the
-jakarta.* packages. But you may be able to run an existing EE 8 application on WildFly Preview.
-
-
-
What we’ve done is we’ve added to the server’s handling of managed deployments a bytecode and text file transformation
-process to convert EE 8 content into EE 9. It bytecode transforms deployment jars to alter
-references to EE 8 packages in the class file constant tables to change from javax.* to jakarta.*. The transformation
-goes beyond simple package renames; a number of other known differences between EE 8 and EE 9 are handled. We owe a
-great deal of thanks to the community behind the Eclipse Transformer
-project for their work on the underlying transformation tool.
-
-
-
As noted above, this handling is only applied to managed deployments. A managed deployment is one where a management
-client (the CLI, HAL console or the deployment scanner) presents deployment content to the server and the server makes
-a copy of it in its internal deployment content repository. The content that gets installed into the runtime is that internal copy.
-Unmanaged deployments that use EE 8 APIs will not work. We transform managed deployments when we copy the deployment
-content into the internal content repo. For unmanaged deployments we use the original content file(s) the user provides,
-and WildFly Preview won’t modify those files as we don’t regard them as being 'owned' by the server.
-
-
-
Note that the deployment transformation feature will not update the deployment to adapt to any API differences between
-Jakarta EE 9 and EE 10. It only covers the javax to jakarta name changes that came with EE 9.
-
-
-
In the long run it’s better for users if they either convert their application source to EE 10 APIs, or use build-time
-tooling that we expect the Jakarta ecosystem to provide over time to do transformation at build time. But some
-applications just can’t be changed, so the server-side solution WildFly Preview provides can handle those cases.
-
-
-
This deployment transformation feature will be removed from WildFly Preview in a future release. However it is likely
-that the WildFly developers will offer a separate Galleon feature pack that can be used to add this behavior into both
-standard WildFly and WildFly Preview.
-
-
-
-
-
-
3. Other Differences in WildFly Preview
-
-
-
WildFly Preview is intended to help get community exposure for other changes we plan to
-make in the server. Here are the key differencs between standard WildFly and WildFly Preview:
-
-
-
-
-
WildFly Preview is not a Jakarta EE 10 compatible implementation. It also is not a MicroProfile platform compatible
-implementation. Most EE 10 and MicroProfile applications are expected to run well on WildFly Preview, but it is not
-certified compatible.
-
-
-
The standard configuration files do not configure an embedded messaging broker. Instead they configure the
-messaging-activemq subsystem to provide connections to a remote ActiveMQ Artemis broker. (It’s a task for the user to
-run such a broker or to update the config to integrate with a different broker.) We want WildFly out-of-the-box to be
-more of a cloud native appserver and having an embedded messaging broker in the default configuration is not cloud native.
-A WildFly container in the cloud running an embedded broker is not scalable, as multiple broker instances need separate
-configuration to act as a primary or backup. An embedded messaging broker also has more advanced persistent storage
-requirements than a server primarily dedicated to handling HTTP requests would have. Note however that running an
-embedded broker is still supported. We’ve added to the $WILDFLY_HOME/docs/examples/configs folder an example
-standalone-activemq-embedded.xml configuration showing its use.
The Hibernate ORM integration used by the JPA subsystem’s Hibernate Search feature supports using outbox polling as coordination strategy for automatic indexing.
-
-
-
The jaxrs Galleon layer depends on (and thus brings in) the microprofile-rest-client layer. This dependency is optional, so it can be excluded when provisioning a custom WildFly Preview installation.
-
-
-
RESTEasy Spring support only comes with WildFly Preview. Typically standard WildFly provides RESTEasy Spring support, but at the time of the WildFly 27 release the Spring libraries it integrates with had not yet
-produced final releases. So to avoid possible incompatible changes in a future standard WildFly release, support
-for RESTEasy Spring was moved to WildFly Preview only.
-
-
-
The extensions providing the legacy subsystems 'cmp', 'config-admin', 'jacorb', 'jaxr', 'jsr-77', 'messaging' (HornetQ based),
-'security' (not 'elytron'), and 'web' (not 'undertow') are removed. These were only used for domain mode to allow a Domain Controller to control
-hosts running much earlier WildFly versions where servers using these subsystems were supported.
-
-
-
Alternate JPA and JSF providers that you can install with standard WildFly are not supported.
Welcome to the WildFly documentation. The documentation for WildFly is
-split into multiple categories:
-
-
-
-
-
Installation Guides for those wanting to understand the flexibility
-that WildFly offers when it comes to server installation and application deployment.
-
-
-
Administrator Guides for those wanting to understand how to install
-and configure the server.
-
-
-
Developer Guides for those wanting to understand how to develop
-applications for the server.
-
-
-
Migration Guide for information related to migrating away from removed features.
-
-
-
Model Reference for those wanting information about all
-of configuration options available via the WildFly management model.
-
-
-
Security Guide for those wanting to understand how to secure the WildFly server and applications.
-
-
-
Client Guide for those wanting to understand configuration of WildFly clients.
-
-
-
Quickstarts for those wanting to jump into code and start using WildFly.
-
-
-
-
-
-
-
Installation Guides
-
-
-
-
-
The WildFly and WildFly Preview document introduces the different
-appserver variants produced by the WildFly project: the standard WildFly variant and the early-look tech preview
-WildFly Preview variant.
-
-
-
The Installation Guide helps you identify
-the kind of WildFly installation that best fits your application’s deployment needs:
-a WildFly zip installation, a WildFly server provisioned with Galleon or a WildFly bootable JAR.
-
-
-
The Bootable JAR Guide shows you how to package your application and the WildFly server
-into a bootable JAR.
The Getting Started Guide shows you
-how to install and start the server, how to configure logging, how to
-deploy an application, how to deploy a datasource, and how to get
-started using the command line interface and web management interface.
-
-
-
The Admin Guide provides detailed information
-on using the CLI and web management interface, shows you how to administer a WildFly managed
-domain, and shows you how to configure key subsystems.
-
-
-
The High Availability Guide shows
-you how to create a cluster, how to configure the web container and Jakarta Enterprise Beans
-container for clustering and how to configure load balancing
-and failover.
-
-
-
-
-
-
-
Developer Guides
-
-
-
-
-
The Getting
-Started Developing Applications Guide shows you how to build Jakarta EE
-applications and deploy them to WildFly. The guide starts by showing you
-the simplest helloworld application using just Servlet and Jakarta Contexts and Dependency Injection, and
-then adds in Jakarta Faces, persistence and transactions, Jakarta Enterprise Beans, Bean Validation,
-RESTful web services and more. Finally, you’ll get the opportunity to create
-your own skeleton project. Each tutorial is accompanied by a quickstart,
-which contains the source code, deployment descriptors and a Maven based
-build.
-
-
-
The Developer Guide ( in progress) takes
-you through every deployment descriptor and every annotation offered by
-WildFly.
-
-
-
The Extending WildFly guide walks you
-through creating a new WildFly subsystem extension, in order to add more
-functionality to WildFly, and shows how to test it before plugging it
-into WildFly.
The Migration Guide describes alternative options for
-features which have been removed from WildFly.
-
-
-
-
-
-
-
Model Reference
-
-
-
-
-
The WildFly model reference provides information about all standalone server and managed domain
-configuration options, using information generated directly from the WildFly management model.
Redirecting to the latest version. If the page doesn't open, click the following link: /latest/index.html
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/capability-registry/index.html b/29/wildscribe/core-service/capability-registry/index.html
index d120e90fb..866708a27 100644
--- a/29/wildscribe/core-service/capability-registry/index.html
+++ b/29/wildscribe/core-service/capability-registry/index.html
@@ -1,37 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/audit/file-handler/index.html b/29/wildscribe/core-service/management/access/audit/file-handler/index.html
index bc3d9407b..2d16cbd19 100644
--- a/29/wildscribe/core-service/management/access/audit/file-handler/index.html
+++ b/29/wildscribe/core-service/management/access/audit/file-handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
rotate-at-startup Whether the old log file should be rotated at server startup.
The maximum number of logging failures before disabling this handler.
path
STRING
true
true
The path of the audit log file.
relative-to
STRING
false
false
The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.
rotate-at-startup
BOOLEAN
false
false
true
Whether the old log file should be rotated at server startup.
recycle Resets the file handler failure count, and backs up the current log file.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/audit/in-memory-handler/index.html b/29/wildscribe/core-service/management/access/audit/in-memory-handler/index.html
index 87df1b8ce..557b7e622 100644
--- a/29/wildscribe/core-service/management/access/audit/in-memory-handler/index.html
+++ b/29/wildscribe/core-service/management/access/audit/in-memory-handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/audit/index.html b/29/wildscribe/core-service/management/access/audit/index.html
index 810fb1be8..583f961b4 100644
--- a/29/wildscribe/core-service/management/access/audit/index.html
+++ b/29/wildscribe/core-service/management/access/audit/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/audit/json-formatter/index.html b/29/wildscribe/core-service/management/access/audit/json-formatter/index.html
index 81a1c6bce..d105d86b9 100644
--- a/29/wildscribe/core-service/management/access/audit/json-formatter/index.html
+++ b/29/wildscribe/core-service/management/access/audit/json-formatter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The management audit log configuration is deprecated and may be removed or moved in future versions.
A json formatter for audit log messages.
Attributes (6)
compact If true will format the JSON on one line. There may still be values containing new lines, so if having the whole record on one line is important, set escape-new-line or escape-control-characters to true.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
date-format The date format to use as understood by java.text.SimpleDateFormat. Will be ignored if include-date="false".
Attribute
Value
Default Value
yyyy-MM-dd HH:mm:ss
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
date-separator The separator between the date and the rest of the formatted log message. Will be ignored if include-date="false".
Attribute
Value
Default Value
-
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
escape-control-characters If true will escape all control characters (ascii entries with a decimal value < 32) with the ascii code in octal, e.g.' becomes '#012'. If this is true, it will override escape-new-line="false".
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
escape-new-line If true will escape all new lines with the ascii code in octal, e.g. "#012".
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
include-date Whether or not to include the date in the formatted log record.
If true will format the JSON on one line. There may still be values containing new lines, so if having the whole record on one line is important, set escape-new-line or escape-control-characters to true.
date-format
STRING
false
true
yyyy-MM-dd HH:mm:ss
The date format to use as understood by java.text.SimpleDateFormat. Will be ignored if include-date="false".
date-separator
STRING
false
true
-
The separator between the date and the rest of the formatted log message. Will be ignored if include-date="false".
escape-control-characters
BOOLEAN
false
true
false
If true will escape all control characters (ascii entries with a decimal value < 32) with the ascii code in octal, e.g.' becomes '#012'. If this is true, it will override escape-new-line="false".
escape-new-line
BOOLEAN
false
true
false
If true will escape all new lines with the ascii code in octal, e.g. "#012".
include-date
BOOLEAN
false
true
true
Whether or not to include the date in the formatted log record.
remove Removes a json formatter for the audit logging.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/audit/logger/audit-log/handler/index.html b/29/wildscribe/core-service/management/access/audit/logger/audit-log/handler/index.html
index 2d0d1b205..9746be111 100644
--- a/29/wildscribe/core-service/management/access/audit/logger/audit-log/handler/index.html
+++ b/29/wildscribe/core-service/management/access/audit/logger/audit-log/handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/audit/logger/audit-log/index.html b/29/wildscribe/core-service/management/access/audit/logger/audit-log/index.html
index 7da3f4044..f3fb83866 100644
--- a/29/wildscribe/core-service/management/access/audit/logger/audit-log/index.html
+++ b/29/wildscribe/core-service/management/access/audit/logger/audit-log/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/audit/periodic-rotating-file-handler/index.html b/29/wildscribe/core-service/management/access/audit/periodic-rotating-file-handler/index.html
index 6d18e08ae..a7cbc9492 100644
--- a/29/wildscribe/core-service/management/access/audit/periodic-rotating-file-handler/index.html
+++ b/29/wildscribe/core-service/management/access/audit/periodic-rotating-file-handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A management audit log handler which writes to a file, rotating the log after a time period derived from the given suffix string, which should be in a format understood by java.text.SimpleDateFormat.
relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
suffix The suffix string in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (3)
add Adds an audit log periodic-rotating file handler.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
formatter
STRING
true
false
The formatter used to format the log messages.
max-failure-count
INT
false
true
10
The maximum number of logging failures before disabling this handler.
path
STRING
true
true
The path of the audit log file.
relative-to
STRING
false
false
The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.
suffix
STRING
true
true
The suffix string in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
recycle Resets the file handler failure count, and backs up the current log file.
remove Removes an audit log periodic-rotating file handler.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/audit/size-rotating-file-handler/index.html b/29/wildscribe/core-service/management/access/audit/size-rotating-file-handler/index.html
index fe96dc4a9..a1a374205 100644
--- a/29/wildscribe/core-service/management/access/audit/size-rotating-file-handler/index.html
+++ b/29/wildscribe/core-service/management/access/audit/size-rotating-file-handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A management audit log handler which writes to a file, rotating the log after the size of the file grows beyond a certain point and keeping a fixed number of backups.
relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
rotate-size The size at which to rotate the log file.
The maximum number of logging failures before disabling this handler.
path
STRING
true
true
The path of the audit log file.
relative-to
STRING
false
false
The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.
rotate-size
STRING
false
true
10m
The size at which to rotate the log file.
recycle Resets the file handler failure count, and backs up the current log file.
remove Removes an audit log size-rotating file handler.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/audit/syslog-handler/index.html b/29/wildscribe/core-service/management/access/audit/syslog-handler/index.html
index b76d8ade0..78e5b5eb2 100644
--- a/29/wildscribe/core-service/management/access/audit/syslog-handler/index.html
+++ b/29/wildscribe/core-service/management/access/audit/syslog-handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The management audit log configuration is deprecated and may be removed or moved in future versions.
A syslog handler for use with the management audit logging service.
Children (1)
protocol The protocol to use for the syslog handler. Must be one and only one of 'udp', 'tcp' or 'tls'.
tcp Configuration to append to syslog over tcp/ip.
tls Configuration to append to syslog over tls over tcp/ip.
udp Configuration to append to syslog over udp/ip.
Attributes (9)
app-name The application name to add to the syslog records as defined in section 6.2.5 of RFC-5424. If not specified it will default to the name of the product.
failure-count The number of logging failures since the handler was initialized.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
formatter The formatter used to format the log messages.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-failure-count The maximum number of logging failures before disabling this handler.
Attribute
Value
Default Value
10
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-length The maximum length in bytes a log message, including the header, is allowed to be. If undefined, it will default to 1024 bytes if the syslog-format is RFC3164, or 2048 bytes if the syslog-format is RFC5424.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
syslog-format Whether to set the syslog format to the one specified in RFC-5424 or RFC-3164.
Attribute
Value
Default Value
RFC5424
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
RFC5424 RFC3164
truncate Whether or not a message, including the header, should truncate the message if the length in bytes is greater than the maximum length. If set to false messages will be split and sent with the same header values.
The application name to add to the syslog records as defined in section 6.2.5 of RFC-5424. If not specified it will default to the name of the product.
facility
STRING
false
true
USER_LEVEL
The facility to use for syslog logging as defined in section 6.2.1 of RFC-5424, and section 4.1.1 of RFC-3164.
formatter
STRING
true
false
The formatter used to format the log messages.
max-failure-count
INT
false
true
10
The maximum number of logging failures before disabling this handler.
max-length
INT
false
true
The maximum length in bytes a log message, including the header, is allowed to be. If undefined, it will default to 1024 bytes if the syslog-format is RFC3164, or 2048 bytes if the syslog-format is RFC5424.
syslog-format
STRING
false
true
RFC5424
Whether to set the syslog format to the one specified in RFC-5424 or RFC-3164.
truncate
BOOLEAN
false
true
false
Whether or not a message, including the header, should truncate the message if the length in bytes is greater than the maximum length. If set to false messages will be split and sent with the same header values.
recycle Resets the syslog handler failure count, disconnects and reconnects to the syslog server.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tcp/index.html b/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tcp/index.html
index 9ed6518fb..de7b74b3e 100644
--- a/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tcp/index.html
+++ b/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tcp/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The management audit log configuration is deprecated and may be removed or moved in future versions.
Configuration to append to syslog over tcp/ip.
Attributes (4)
host The host of the syslog server for the tcp requests.
Attribute
Value
Default Value
localhost
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
message-transfer The message transfer setting as described in section 3.4 of RFC-6587. This can either be OCTET_COUNTING as described in section 3.4.1 of RFC-6587, or NON_TRANSPARENT_FRAMING as described in section 3.4.1 of RFC-6587. See your syslog provider's documentation for what is supported.
Attribute
Value
Default Value
NON_TRANSPARENT_FRAMING
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
port The port of the syslog server for the tcp requests.
Attribute
Value
Default Value
514
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
reconnect-timeout If a connection drop is detected, the number of seconds to wait before reconnecting. A negative number means don't reconnect automatically.
The host of the syslog server for the tcp requests.
message-transfer
STRING
false
true
NON_TRANSPARENT_FRAMING
The message transfer setting as described in section 3.4 of RFC-6587. This can either be OCTET_COUNTING as described in section 3.4.1 of RFC-6587, or NON_TRANSPARENT_FRAMING as described in section 3.4.1 of RFC-6587. See your syslog provider's documentation for what is supported.
port
INT
false
true
514
The port of the syslog server for the tcp requests.
reconnect-timeout
INT
false
true
-1
If a connection drop is detected, the number of seconds to wait before reconnecting. A negative number means don't reconnect automatically.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/authentication/client-certificate-store/index.html b/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/authentication/client-certificate-store/index.html
index fac349b50..82baaa415 100644
--- a/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/authentication/client-certificate-store/index.html
+++ b/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/authentication/client-certificate-store/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
key-password-credential-reference The reference to credential for the keystore key stored in CredentialStore under defined alias or clear text password.
keystore-password-credential-reference The reference to credential for the keystore password stored in CredentialStore under defined alias or clear text password.
keystore-relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'keystore-relative-to' is provided, the value of the 'keystore-path' attribute is treated as relative to the path specified by this attribute.
The reference to credential for the keystore key stored in CredentialStore under defined alias or clear text password.
keystore-password
STRING
false
true
The password for the keystore.
keystore-password-credential-reference
OBJECT
true
false
The reference to credential for the keystore password stored in CredentialStore under defined alias or clear text password.
keystore-path
STRING
false
true
The path of the keystore.
keystore-relative-to
STRING
false
false
The name of another previously named path, or of one of the standard paths provided by the system. If 'keystore-relative-to' is provided, the value of the 'keystore-path' attribute is treated as relative to the path specified by this attribute.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/authentication/truststore/index.html b/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/authentication/truststore/index.html
index 488478e0b..4f0fcb755 100644
--- a/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/authentication/truststore/index.html
+++ b/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/authentication/truststore/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
keystore-password-credential-reference The reference to credential for the truststore password stored in CredentialStore under defined alias or clear text password.
keystore-relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'keystore-relative-to' is provided, the value of the 'keystore-path' attribute is treated as relative to the path specified by this attribute.
The reference to credential for the truststore password stored in CredentialStore under defined alias or clear text password.
keystore-path
STRING
false
true
The path of the truststore.
keystore-relative-to
STRING
false
false
The name of another previously named path, or of one of the standard paths provided by the system. If 'keystore-relative-to' is provided, the value of the 'keystore-path' attribute is treated as relative to the path specified by this attribute.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/index.html b/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/index.html
index 071017250..3c52e9b28 100644
--- a/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/index.html
+++ b/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The management audit log configuration is deprecated and may be removed or moved in future versions.
Configuration to append to syslog over tls over tcp/ip.
Children (1)
authentication Configuration for the truststore for the server certificate if not signed by an authority, and the keystore containing the client certificate if the syslog server is set up to require client authentication.
client-certificate-store Configuration for the keystore containing the client certificate if the syslog server requires authentication.
truststore Configuration for the truststore for the server certificate, if not signed by an authority.
Attributes (4)
host The host of the syslog server for the tls over tcp requests.
Attribute
Value
Default Value
localhost
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
message-transfer The message transfer setting as described in section 3.4 of RFC-6587. This can either be OCTET_COUNTING as described in section 3.4.1 of RFC-6587, or NON_TRANSPARENT_FRAMING as described in section 3.4.1 of RFC-6587. See your syslog provider's documentation for what is supported.
Attribute
Value
Default Value
NON_TRANSPARENT_FRAMING
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
port The port of the syslog server for the tls over tcp requests.
Attribute
Value
Default Value
514
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
reconnect-timeout If a connection drop is detected, the number of seconds to wait before reconnecting. A negative number means don't reconnect automatically.
The host of the syslog server for the tls over tcp requests.
message-transfer
STRING
false
true
NON_TRANSPARENT_FRAMING
The message transfer setting as described in section 3.4 of RFC-6587. This can either be OCTET_COUNTING as described in section 3.4.1 of RFC-6587, or NON_TRANSPARENT_FRAMING as described in section 3.4.1 of RFC-6587. See your syslog provider's documentation for what is supported.
port
INT
false
true
514
The port of the syslog server for the tls over tcp requests.
reconnect-timeout
INT
false
true
-1
If a connection drop is detected, the number of seconds to wait before reconnecting. A negative number means don't reconnect automatically.
remove Remove the syslog tls over tcp/ip protocol.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/udp/index.html b/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/udp/index.html
index 53b48cc68..c73a7c4ca 100644
--- a/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/udp/index.html
+++ b/29/wildscribe/core-service/management/access/audit/syslog-handler/protocol/udp/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/authorization/constraint/application-classification/index.html b/29/wildscribe/core-service/management/access/authorization/constraint/application-classification/index.html
index 6f5f43b55..ee95a4b26 100644
--- a/29/wildscribe/core-service/management/access/authorization/constraint/application-classification/index.html
+++ b/29/wildscribe/core-service/management/access/authorization/constraint/application-classification/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/classification/applies-to/index.html b/29/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/classification/applies-to/index.html
index abfe7e883..a6145199c 100644
--- a/29/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/classification/applies-to/index.html
+++ b/29/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/classification/applies-to/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/classification/index.html b/29/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/classification/index.html
index 5c09a956b..fa29f8f65 100644
--- a/29/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/classification/index.html
+++ b/29/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/classification/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/index.html b/29/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/index.html
index 06ead99eb..574baa71a 100644
--- a/29/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/index.html
+++ b/29/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/index.html b/29/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/index.html
index f9ebda911..41472486b 100644
--- a/29/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/index.html
+++ b/29/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/classification/applies-to/index.html b/29/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/classification/applies-to/index.html
index 7e6629345..227914f08 100644
--- a/29/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/classification/applies-to/index.html
+++ b/29/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/classification/applies-to/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/classification/index.html b/29/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/classification/index.html
index 8b12ff632..f4c93915f 100644
--- a/29/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/classification/index.html
+++ b/29/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/classification/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
applies-to Information about the resources, attributes and operations to which this sensitivity classification constraint applies.
Attributes (6)
configured-requires-addressable Set to override the default as to whether the visibility of resources annotated with this sensitivity constraint should be considered sensitive.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
configured-requires-read Set to override the default as to whether reading attributes annotated with this sensitivity constraint should be considered sensitive.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
configured-requires-write Set to override the default as to whether writing attributes annotated with this sensitivity constraint should be considered sensitive.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
default-requires-addressable Whether the visibility of resources annotated with this sensitivity constraint should be considered sensitive.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
default-requires-read Whether reading attributes annotated with this sensitivity constraint should be considered sensitive.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
default-requires-write Whether writing attributes annotated with this sensitivity constraint should be considered sensitive.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/index.html b/29/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/index.html
index 6d14d70ae..f39d75c5a 100644
--- a/29/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/index.html
+++ b/29/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/authorization/constraint/vault-expression/index.html b/29/wildscribe/core-service/management/access/authorization/constraint/vault-expression/index.html
index c2fbd69fd..79bd0cce3 100644
--- a/29/wildscribe/core-service/management/access/authorization/constraint/vault-expression/index.html
+++ b/29/wildscribe/core-service/management/access/authorization/constraint/vault-expression/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/authorization/index.html b/29/wildscribe/core-service/management/access/authorization/index.html
index ac790e5aa..481c12e94 100644
--- a/29/wildscribe/core-service/management/access/authorization/index.html
+++ b/29/wildscribe/core-service/management/access/authorization/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
vault-expression Configuration of whether vault expressions should be considered sensitive.
role-mapping A mapping of users and groups to a specific role.
Attributes (5)
all-role-names The official names of all roles supported by the current management access control provider. This includes any standard roles as well as any user-defined roles.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
permission-combination-policy The policy for combining access control permissions when the authorization policy grants the user more than one type of permission for a given action. In the standard role based authorization policy, this would occur when a user maps to multiple roles. The 'permissive' policy means if any of the permissions allow the action, the action is allowed. The 'rejecting' policy means the existence of multiple permissions should result in an error.
Attribute
Value
Default Value
permissive
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
permissive rejecting
provider The provider to use for management access control decisions.
Attribute
Value
Default Value
simple
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
simple rbac
standard-role-names The official names of the standard roles supported by the current management access control provider.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
use-identity-roles Should the raw roles obtained from the underlying security identity be used directly?
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/authorization/role-mapping/exclude/index.html b/29/wildscribe/core-service/management/access/authorization/role-mapping/exclude/index.html
index a35c84a6d..73e14b02c 100644
--- a/29/wildscribe/core-service/management/access/authorization/role-mapping/exclude/index.html
+++ b/29/wildscribe/core-service/management/access/authorization/role-mapping/exclude/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/authorization/role-mapping/include/index.html b/29/wildscribe/core-service/management/access/authorization/role-mapping/include/index.html
index 9b47ca3ed..751671c3a 100644
--- a/29/wildscribe/core-service/management/access/authorization/role-mapping/include/index.html
+++ b/29/wildscribe/core-service/management/access/authorization/role-mapping/include/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/authorization/role-mapping/index.html b/29/wildscribe/core-service/management/access/authorization/role-mapping/index.html
index 62dd5e554..efe785283 100644
--- a/29/wildscribe/core-service/management/access/authorization/role-mapping/index.html
+++ b/29/wildscribe/core-service/management/access/authorization/role-mapping/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/access/identity/index.html b/29/wildscribe/core-service/management/access/identity/index.html
index 983a5d8db..5ae4d507e 100644
--- a/29/wildscribe/core-service/management/access/identity/index.html
+++ b/29/wildscribe/core-service/management/access/identity/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/index.html b/29/wildscribe/core-service/management/index.html
index b62468f50..d46f4c1b7 100644
--- a/29/wildscribe/core-service/management/index.html
+++ b/29/wildscribe/core-service/management/index.html
@@ -1,88 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/management-interface/http-interface/index.html b/29/wildscribe/core-service/management/management-interface/http-interface/index.html
index ad9221e2b..73899b52c 100644
--- a/29/wildscribe/core-service/management/management-interface/http-interface/index.html
+++ b/29/wildscribe/core-service/management/management-interface/http-interface/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allowed-origins Comma separated list of trusted Origins for sending Cross-Origin Resource Sharing requests on the management API once the user is authenticated.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
console-enabled Flag that indicates admin console is enabled
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
constant-headers The set of constant HTTP headers to apply to response messages.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
resource-services
http-authentication-factory The authentication policy to use to secure the interface for normal HTTP requests.
http-upgrade-enabled Flag that indicates HTTP Upgrade is enabled, which allows HTTP requests to be upgraded to native remoting connections
Deprecated Since 5.0.0
Instead use http-upgrade.enabled
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
sasl-protocol The name of the protocol to be passed to the SASL mechanisms used for authentication.
Deprecated Since 5.0.0
Only for use with the legacy security realms.
Attribute
Value
Default Value
remote
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
secure-socket-binding The name of the socket binding configuration to use for the HTTPS management interface's socket. When defined at least one of ssl-context or security-realm must also be defined.
add Adds the configuration of the server's HTTP management interface
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
allowed-origins
LIST
false
true
Comma separated list of trusted Origins for sending Cross-Origin Resource Sharing requests on the management API once the user is authenticated.
console-enabled
BOOLEAN
false
true
true
Flag that indicates admin console is enabled
constant-headers
LIST
false
false
The set of constant HTTP headers to apply to response messages.
http-authentication-factory
STRING
false
false
The authentication policy to use to secure the interface for normal HTTP requests.
http-upgrade
OBJECT
false
false
HTTP Upgrade specific configuration
http-upgrade-enabled
BOOLEAN
false
false
Flag that indicates HTTP Upgrade is enabled, which allows HTTP requests to be upgraded to native remoting connections
sasl-protocol
STRING
false
true
remote
The name of the protocol to be passed to the SASL mechanisms used for authentication.
secure-socket-binding
STRING
false
false
The name of the socket binding configuration to use for the HTTPS management interface's socket. When defined at least one of ssl-context or security-realm must also be defined.
server-name
STRING
false
true
The name of the server used in the initial Remoting exchange and within the SASL mechanisms.
socket-binding
STRING
false
false
The name of the socket binding configuration to use for the HTTP management interface's socket.
ssl-context
STRING
false
false
Reference to the SSLContext to use for this management interface.
remove Adds the configuration of the server's HTTP management interface
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/management-interface/native-interface/index.html b/29/wildscribe/core-service/management/management-interface/native-interface/index.html
index c3dbbfc63..15ba90f55 100644
--- a/29/wildscribe/core-service/management/management-interface/native-interface/index.html
+++ b/29/wildscribe/core-service/management/management-interface/native-interface/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/management-interface/native-remoting-interface/index.html b/29/wildscribe/core-service/management/management-interface/native-remoting-interface/index.html
index 4401243fe..22904f119 100644
--- a/29/wildscribe/core-service/management/management-interface/native-remoting-interface/index.html
+++ b/29/wildscribe/core-service/management/management-interface/native-remoting-interface/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/service/configuration-changes/index.html b/29/wildscribe/core-service/management/service/configuration-changes/index.html
index a0a2143b5..fa4610572 100644
--- a/29/wildscribe/core-service/management/service/configuration-changes/index.html
+++ b/29/wildscribe/core-service/management/service/configuration-changes/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/service/management-operations/active-operation/index.html b/29/wildscribe/core-service/management/service/management-operations/active-operation/index.html
index a9ee30204..ffad8b438 100644
--- a/29/wildscribe/core-service/management/service/management-operations/active-operation/index.html
+++ b/29/wildscribe/core-service/management/service/management-operations/active-operation/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (10)
access-mechanism The mechanism used to submit a request to the server.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
Allowed Values
NATIVE HTTP JMX IN_VM_USER
address The address of the resource targeted by the operation. The value in the final element of the address will be '' if the caller is not authorized to address the operation's target resource.
Attribute
Value
Type
OBJECT
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
caller-thread The name of the thread that is executing the operation.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
cancelled Whether the operation has been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
domain-rollout True if the operation is a subsidiary request on a domain process other than the one directly handling the original operation, executing locally as part of the rollout of the original operation across the domain.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
domain-uuid Identifier of an overall multi-process domain operation of which this operation is a part, or undefined if this operation is not associated with such a domain operation.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
exclusive-running-time Amount of time the operation has been executing with the exclusive operation execution lock held, or -1 if the operation does not hold the exclusive execution lock.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/management/service/management-operations/index.html b/29/wildscribe/core-service/management/service/management-operations/index.html
index bcf4cb4b4..1cfac2473 100644
--- a/29/wildscribe/core-service/management/service/management-operations/index.html
+++ b/29/wildscribe/core-service/management/service/management-operations/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
cancel-non-progressing-operation Check for an operation that has been holding the exclusive operation execution lock for greater than the provided timeout period, and if found cancel it.
Reply properties
type
STRING
find-non-progressing-operation Check for an operation that has been holding the exclusive operation execution lock for greater than the provided timeout period, and if found return its id.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/module-loading/index.html b/29/wildscribe/core-service/module-loading/index.html
index 5d9986bbd..61857701c 100644
--- a/29/wildscribe/core-service/module-loading/index.html
+++ b/29/wildscribe/core-service/module-loading/index.html
@@ -1,132 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/platform-mbean/index.html b/29/wildscribe/core-service/platform-mbean/index.html
index d7082f828..b51ead58b 100644
--- a/29/wildscribe/core-service/platform-mbean/index.html
+++ b/29/wildscribe/core-service/platform-mbean/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Provides the management interface for monitoring and management of the Java virtual machine as well as the operating system on which the Java virtual machine is running. Exposes the JDK-provided JMX MBeans in the java.lang and java.nio JMX domains.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
type The platform MBeans, organized by the value of the 'type' property in the MBean's ObjectName.
buffer-pool The management interface for a buffer pool, for example a pool of direct or mapped buffers.
class-loading The management interface for the class loading system of the Java virtual machine.
compilation The management interface for the compilation system of the Java virtual machine
garbage-collector Parent resource for the resources providing the management interface for the garbage collection of the Java virtual machine.
memory The management interface for the memory system of the Java virtual machine.
memory-manager The management interface for a memory manager. A memory manager manages one or more memory pools of the Java virtual machine.
memory-pool The management interface for a memory pool. A memory pool represents the memory resource managed by the Java virtual machine and is managed by one or more memory managers.
operating-system The management interface for the operating system on which the Java virtual machine is running.
runtime The management interface for the runtime system of the Java virtual machine.
threading The management interface for the thread system of the Java virtual machine.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/platform-mbean/type/buffer-pool/index.html b/29/wildscribe/core-service/platform-mbean/type/buffer-pool/index.html
index fae510b08..087ca2c03 100644
--- a/29/wildscribe/core-service/platform-mbean/type/buffer-pool/index.html
+++ b/29/wildscribe/core-service/platform-mbean/type/buffer-pool/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/platform-mbean/type/buffer-pool/name/index.html b/29/wildscribe/core-service/platform-mbean/type/buffer-pool/name/index.html
index c230dc5b0..3bfe307c0 100644
--- a/29/wildscribe/core-service/platform-mbean/type/buffer-pool/name/index.html
+++ b/29/wildscribe/core-service/platform-mbean/type/buffer-pool/name/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The management interface for a buffer pool, for example a pool of direct or mapped buffers.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (5)
count An estimate of the number of buffers in the pool.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
memory-used An estimate of the memory that the Java virtual machine is using for this buffer pool in bytes, or -1 if an estimate of the memory usage is not available.
object-name String representation the object name of this platform managed object.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
total-capacity An estimate of the total capacity of the buffers in this pool. A buffer's capacity is the number of elements it contains and the value of this attribute is an estimate of the total capacity of buffers in the pool in bytes.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/platform-mbean/type/class-loading/index.html b/29/wildscribe/core-service/platform-mbean/type/class-loading/index.html
index 70bb67621..959981553 100644
--- a/29/wildscribe/core-service/platform-mbean/type/class-loading/index.html
+++ b/29/wildscribe/core-service/platform-mbean/type/class-loading/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/platform-mbean/type/compilation/index.html b/29/wildscribe/core-service/platform-mbean/type/compilation/index.html
index 15a8de7e3..d88a2929f 100644
--- a/29/wildscribe/core-service/platform-mbean/type/compilation/index.html
+++ b/29/wildscribe/core-service/platform-mbean/type/compilation/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
object-name String representation the object name of this platform managed object.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
total-compilation-time The approximate accumulated elapsed time (in milliseconds) spent in compilation. A Java virtual machine implementation may not support compilation time monitoring. If "compilation-time-monitoring-supported", is "false" trying to read this attribute via the "read-attribute" operation will result in failure, and the value of this attribute in the result of a "read-resource" operation will be "undefined".
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Unit
MILLISECONDS
Storage
runtime
Access Type
metric
Operations (1)
read-resource Reads a model resource's attribute values along with either basic or complete information about any child resources
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
recursive
BOOLEAN
false
false
Whether to include complete information about child resources, recursively. If absent, false is the default
recursive-depth
INT
false
false
The depth to which information about child resources should be included.
proxies
BOOLEAN
false
false
false
Whether to include remote resources in a recursive query (i.e. host level resources in a query of the domain root; running server resources in a query of a host). If absent, false is the default.
include-runtime
BOOLEAN
false
false
false
Whether to include runtime attributes (i.e. those whose value does not come from the persistent configuration) in the response. If absent, false is the default.
include-defaults
BOOLEAN
false
false
true
Boolean to enable/disable default reading. In case it is set to false only attribute set by user are returned ignoring undefined.
attributes-only
BOOLEAN
false
false
false
Whether or not to only read the attributes on the specified resource. Cannot be used in conjunction with 'recursive' or 'recursive-depth'.
include-aliases
BOOLEAN
false
false
false
If 'true' and recursive, include children which are aliases.
include-undefined-metric-values
BOOLEAN
false
false
false
Whether to include undefined metric values. If the underlying metric value can not be computed, this flag ensures that the value will remain undefined (without being replaced by a possible 'undefined metric value' from the attribute definition.
Reply properties
The resource's attribute values along with information about any child resources
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/platform-mbean/type/garbage-collector/index.html b/29/wildscribe/core-service/platform-mbean/type/garbage-collector/index.html
index 597cc937c..d50915e30 100644
--- a/29/wildscribe/core-service/platform-mbean/type/garbage-collector/index.html
+++ b/29/wildscribe/core-service/platform-mbean/type/garbage-collector/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/platform-mbean/type/garbage-collector/name/index.html b/29/wildscribe/core-service/platform-mbean/type/garbage-collector/name/index.html
index fa5a7789d..501035759 100644
--- a/29/wildscribe/core-service/platform-mbean/type/garbage-collector/name/index.html
+++ b/29/wildscribe/core-service/platform-mbean/type/garbage-collector/name/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/platform-mbean/type/memory-manager/index.html b/29/wildscribe/core-service/platform-mbean/type/memory-manager/index.html
index 0c84b7a78..cef3894a6 100644
--- a/29/wildscribe/core-service/platform-mbean/type/memory-manager/index.html
+++ b/29/wildscribe/core-service/platform-mbean/type/memory-manager/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/platform-mbean/type/memory-manager/name/index.html b/29/wildscribe/core-service/platform-mbean/type/memory-manager/name/index.html
index 849372453..0746b7cce 100644
--- a/29/wildscribe/core-service/platform-mbean/type/memory-manager/name/index.html
+++ b/29/wildscribe/core-service/platform-mbean/type/memory-manager/name/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/platform-mbean/type/memory-pool/index.html b/29/wildscribe/core-service/platform-mbean/type/memory-pool/index.html
index 158f312ad..1fed126c9 100644
--- a/29/wildscribe/core-service/platform-mbean/type/memory-pool/index.html
+++ b/29/wildscribe/core-service/platform-mbean/type/memory-pool/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The management interface for a memory pool. A memory pool represents the memory resource managed by the Java virtual machine and is managed by one or more memory managers.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/platform-mbean/type/memory-pool/name/index.html b/29/wildscribe/core-service/platform-mbean/type/memory-pool/name/index.html
index 3a371bacb..166c590af 100644
--- a/29/wildscribe/core-service/platform-mbean/type/memory-pool/name/index.html
+++ b/29/wildscribe/core-service/platform-mbean/type/memory-pool/name/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The management interface for a memory pool. A memory pool represents the memory resource managed by the Java virtual machine and is managed by one or more memory managers.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (16)
collection-usage The memory usage after the Java virtual machine most recently expended effort in recycling unused objects in this memory pool, or "undefined" if this attribute is not supported.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
collection-usage-threshold The collection usage threshold value of this memory pool in bytes. A memory pool may not support a collection usage threshold. If "collection-usage-threshold-supported", is "false" trying to read this attribute via the "read-attribute" operation will result in failure, and the value of this attribute in the result of a "read-resource" operation will be "undefined".
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Min
0
Max
2,147,483,647
Unit
BYTES
Storage
runtime
Access Type
read-write
Restart Required
no-services
collection-usage-threshold-count The number of times that the Java virtual machine has detected that the memory usage has reached or exceeded the collection usage threshold. A memory pool may not support a collection usage threshold. If "collection-usage-threshold-supported", is "false" trying to read this attribute via the "read-attribute" operation will result in failure, and the value of this attribute in the result of a "read-resource" operation will be "undefined".
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
collection-usage-threshold-exceeded Whether the memory usage of this memory pool after the most recent collection on which the Java virtual machine has expended effort has reached or exceeded its collection usage threshold. A memory pool may not support a collection usage threshold. If "collection-usage-threshold-supported", is "false" trying to read this attribute via the "read-attribute" operation will result in failure, and the value of this attribute in the result of a "read-resource" operation will be "undefined".
object-name String representation the object name of this platform managed object.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
peak-usage The peak memory usage of this memory pool since the Java virtual machine was started or since the peak was reset. May be "undefined" if attribute "valid" is "false".
usage An estimate of the memory usage of this memory pool. May be "undefined" if attribute "valid" is "false".
Attribute
Value
Type
OBJECT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
usage-threshold The usage threshold value of this memory pool in bytes. A memory pool may not support a usage threshold. If "usage-threshold-supported", is "false" trying to read this attribute via the "read-attribute" operation will result in failure, and the value of this attribute in the result of a "read-resource" operation will be "undefined".
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Min
0
Max
2,147,483,647
Unit
BYTES
Storage
runtime
Access Type
read-write
Restart Required
no-services
usage-threshold-count The number of times that the memory usage has crossed the usage threshold. A memory pool may not support a usage threshold. If "usage-threshold-supported", is "false" trying to read this attribute via the "read-attribute" operation will result in failure, and the value of this attribute in the result of a "read-resource" operation will be "undefined".
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
usage-threshold-exceeded Whether the memory usage of this memory pool reaches or exceeds its usage threshold value. A memory pool may not support a usage threshold. If "usage-threshold-supported", is "false" trying to read this attribute via the "read-attribute" operation will result in failure, and the value of this attribute in the result of a "read-resource" operation will be "undefined".
valid Whether this memory pool is valid in the Java virtual machine. A memory pool becomes invalid once the Java virtual machine removes it from the memory system.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (2)
read-resource Reads a model resource's attribute values along with either basic or complete information about any child resources
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
recursive
BOOLEAN
false
false
Whether to include complete information about child resources, recursively. If absent, false is the default
recursive-depth
INT
false
false
The depth to which information about child resources should be included.
proxies
BOOLEAN
false
false
false
Whether to include remote resources in a recursive query (i.e. host level resources in a query of the domain root; running server resources in a query of a host). If absent, false is the default.
include-runtime
BOOLEAN
false
false
false
Whether to include runtime attributes (i.e. those whose value does not come from the persistent configuration) in the response. If absent, false is the default.
include-defaults
BOOLEAN
false
false
true
Boolean to enable/disable default reading. In case it is set to false only attribute set by user are returned ignoring undefined.
attributes-only
BOOLEAN
false
false
false
Whether or not to only read the attributes on the specified resource. Cannot be used in conjunction with 'recursive' or 'recursive-depth'.
include-aliases
BOOLEAN
false
false
false
If 'true' and recursive, include children which are aliases.
include-undefined-metric-values
BOOLEAN
false
false
false
Whether to include undefined metric values. If the underlying metric value can not be computed, this flag ensures that the value will remain undefined (without being replaced by a possible 'undefined metric value' from the attribute definition.
Reply properties
The resource's attribute values along with information about any child resources
type
OBJECT
reset-peak-usage Resets the peak memory usage statistic of this memory pool to the current memory usage.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/platform-mbean/type/memory/index.html b/29/wildscribe/core-service/platform-mbean/type/memory/index.html
index 5b900e186..1254b83b5 100644
--- a/29/wildscribe/core-service/platform-mbean/type/memory/index.html
+++ b/29/wildscribe/core-service/platform-mbean/type/memory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/platform-mbean/type/operating-system/index.html b/29/wildscribe/core-service/platform-mbean/type/operating-system/index.html
index 7c293704e..b9b2d5943 100644
--- a/29/wildscribe/core-service/platform-mbean/type/operating-system/index.html
+++ b/29/wildscribe/core-service/platform-mbean/type/operating-system/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The management interface for the operating system on which the Java virtual machine is running.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (6)
arch The operating system architecture. If a security manager is installed and it does not allow access to system property "os.arch", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
available-processors The number of processors available to the Java virtual machine.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
name The operating system name. If a security manager is installed and it does not allow access to system property "os.name", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
object-name String representation the object name of this platform managed object.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
system-load-average The system load average for the last minute. The load average may not be available on some platforms; if the load average is not available, a negative value is returned.
Attribute
Value
Type
DOUBLE
Nillable
false
Expressions Allowed
false
Unit
PERCENTAGE
Storage
runtime
Access Type
metric
version The operating system version. If a security manager is installed and it does not allow access to system property "os.version", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (1)
read-resource Reads a model resource's attribute values along with either basic or complete information about any child resources
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
recursive
BOOLEAN
false
false
Whether to include complete information about child resources, recursively. If absent, false is the default
recursive-depth
INT
false
false
The depth to which information about child resources should be included.
proxies
BOOLEAN
false
false
false
Whether to include remote resources in a recursive query (i.e. host level resources in a query of the domain root; running server resources in a query of a host). If absent, false is the default.
include-runtime
BOOLEAN
false
false
false
Whether to include runtime attributes (i.e. those whose value does not come from the persistent configuration) in the response. If absent, false is the default.
include-defaults
BOOLEAN
false
false
true
Boolean to enable/disable default reading. In case it is set to false only attribute set by user are returned ignoring undefined.
attributes-only
BOOLEAN
false
false
false
Whether or not to only read the attributes on the specified resource. Cannot be used in conjunction with 'recursive' or 'recursive-depth'.
include-aliases
BOOLEAN
false
false
false
If 'true' and recursive, include children which are aliases.
include-undefined-metric-values
BOOLEAN
false
false
false
Whether to include undefined metric values. If the underlying metric value can not be computed, this flag ensures that the value will remain undefined (without being replaced by a possible 'undefined metric value' from the attribute definition.
Reply properties
The resource's attribute values along with information about any child resources
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/platform-mbean/type/runtime/index.html b/29/wildscribe/core-service/platform-mbean/type/runtime/index.html
index c7a134d2b..95e2839d2 100644
--- a/29/wildscribe/core-service/platform-mbean/type/runtime/index.html
+++ b/29/wildscribe/core-service/platform-mbean/type/runtime/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The management interface for the runtime system of the Java virtual machine.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (17)
boot-class-path The boot class path that is used by the bootstrap class loader to search for class files. If attribute "boot-class-path-supported" is "false" or if a security manager is installed and the caller does not have ManagementPermission("monitor"), then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
boot-class-path-supported Whether the Java virtual machine supports the boot class path mechanism used by the bootstrap class loader to search for class files.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
class-path The Java class path that is used by the system class loader to search for class files. If a security manager is installed and it does not allow access to system property "java.class.path", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
input-arguments The input arguments passed to the Java virtual machine which does not include the arguments to the main method. If a security manager is installed and the caller does not have ManagementPermission("monitor"), then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
library-path The Java library path. If a security manager is installed and it does not allow access to system property "java.library.path", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
management-spec-version The version of the specification for the management interface implemented by the running Java virtual machine.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
name The name representing the running Java virtual machine.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
object-name String representation the object name of this platform managed object.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
spec-name The Java virtual machine specification name. If a security manager is installed and it does not allow access to system property "java.vm.specification.name", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
spec-vendor The Java virtual machine specification vendor. If a security manager is installed and it does not allow access to system property "java.vm.specification.vendor", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
spec-version The Java virtual machine specification version. If a security manager is installed and it does not allow access to system property "java.vm.specification.version", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
start-time The start time of the Java virtual machine in milliseconds.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
MILLISECONDS
Storage
runtime
Access Type
read-only
system-properties A map of names and values of all system properties. If a security manager is installed and its "checkPropertiesAccess" method does not allow access to system properties, then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
uptime The uptime of the Java virtual machine in milliseconds.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
MILLISECONDS
Storage
runtime
Access Type
metric
vm-name The Java virtual machine implementation name. If a security manager is installed and it does not allow access to system property "java.vm.name", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
vm-vendor The Java virtual machine implementation vendor. If a security manager is installed and it does not allow access to system property "java.vm.vendor", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
vm-version The Java virtual machine implementation version. If a security manager is installed and it does not allow access to system property "java.vm.version", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (1)
read-resource Reads a model resource's attribute values along with either basic or complete information about any child resources
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
recursive
BOOLEAN
false
false
Whether to include complete information about child resources, recursively. If absent, false is the default
recursive-depth
INT
false
false
The depth to which information about child resources should be included.
proxies
BOOLEAN
false
false
false
Whether to include remote resources in a recursive query (i.e. host level resources in a query of the domain root; running server resources in a query of a host). If absent, false is the default.
include-runtime
BOOLEAN
false
false
false
Whether to include runtime attributes (i.e. those whose value does not come from the persistent configuration) in the response. If absent, false is the default.
include-defaults
BOOLEAN
false
false
true
Boolean to enable/disable default reading. In case it is set to false only attribute set by user are returned ignoring undefined.
attributes-only
BOOLEAN
false
false
false
Whether or not to only read the attributes on the specified resource. Cannot be used in conjunction with 'recursive' or 'recursive-depth'.
include-aliases
BOOLEAN
false
false
false
If 'true' and recursive, include children which are aliases.
include-undefined-metric-values
BOOLEAN
false
false
false
Whether to include undefined metric values. If the underlying metric value can not be computed, this flag ensures that the value will remain undefined (without being replaced by a possible 'undefined metric value' from the attribute definition.
Reply properties
The resource's attribute values along with information about any child resources
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/platform-mbean/type/threading/index.html b/29/wildscribe/core-service/platform-mbean/type/threading/index.html
index 90d63d266..c42d25cd0 100644
--- a/29/wildscribe/core-service/platform-mbean/type/threading/index.html
+++ b/29/wildscribe/core-service/platform-mbean/type/threading/index.html
@@ -1,808 +1,11 @@
- WildFly Full 29 Model Reference
The management interface for the thread system of the Java virtual machine.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (15)
all-thread-ids All live thread IDs. If a security manager is installed and the caller does not have ManagementPermission("monitor"), then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
current-thread-cpu-time The total CPU time for the current thread in nanoseconds, or -1 if "thread-cpu-time-enabled" is "false". A Java virtual machine implementation may not support CPU time measurement. If "thread-cpu-time-supported", is "false" trying to read this attribute via the "read-attribute" operation will result in failure, and the value of this attribute in the result of a "read-resource" operation will be "undefined".
current-thread-user-time The CPU time that the current thread has executed in user mode in nanoseconds, or -1 if "thread-cpu-time-enabled" is "false". A Java virtual machine implementation may not support CPU time measurement. If "thread-cpu-time-supported", is "false" trying to read this attribute via the "read-attribute" operation will result in failure, and the value of this attribute in the result of a "read-resource" operation will be "undefined".
thread-cpu-time-supported Whether the Java virtual machine implementation supports CPU time measurement for any thread.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
total-started-thread-count The total number of threads created and also started since the Java virtual machine started.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
Operations (9)
dump-all-threads Returns the thread info for all live threads with stack trace and synchronization information.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
locked-monitors
BOOLEAN
false
false
false
A list of detyped representations java.lang.management.MonitorInfo objects, each of which represents an object monitor currently locked by the thread.
locked-synchronizers
BOOLEAN
false
false
false
A list of detyped representations java.lang.management.LockInfo objects, each of which represents an ownable synchronizer currently locked by the thread.
Reply properties
type
LIST
Value Type
{
- "thread-id" => {
- "type" => LONG,
- "description" => "The ID of the thread.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "thread-name" => {
- "type" => STRING,
- "description" => "The name of the thread.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "thread-state" => {
- "type" => STRING,
- "description" => "The state of the thread.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "blocked-time" => {
- "type" => LONG,
- "description" => "The approximate accumulated elapsed time (in milliseconds) that the thread has blocked to enter or reenter a monitor since thread contention monitoring is enabled, or -1 if thread contention monitoring is not enabled.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "unit" => "MILLISECONDS"
- },
- "blocked-count" => {
- "type" => LONG,
- "description" => "The total number of times that the thread blocked to enter or reenter a monitor.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "waited-time" => {
- "type" => LONG,
- "description" => "The approximate accumulated elapsed time (in milliseconds) that the thread has waited for notification since thread contention monitoring was enabled.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "unit" => "MILLISECONDS"
- },
- "waited-count" => {
- "type" => LONG,
- "description" => "The total number of times that the thread has waited for notification.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "lock-info" => {
- "type" => OBJECT,
- "description" => "A detyped representation of the java.lang.management.LockInfo of an object for which the thread is blocked waiting.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "value-type" => {
- "class-name" => {
- "type" => STRING,
- "description" => "The fully qualified name of the class of the lock object.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "identity-hash-code" => {
- "type" => INT,
- "description" => "The identity hash code of the lock object returned from the System.identityHashCode(java.lang.Object) method.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- }
- }
- },
- "lock-name" => {
- "type" => STRING,
- "description" => "The string representation of an object for which the thread is blocked waiting.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "lock-owner-id" => {
- "type" => LONG,
- "description" => "The ID of the thread which owns the object for which the thread is blocked waiting.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "lock-owner-name" => {
- "type" => STRING,
- "description" => "The name of the thread which owns the object for which the thread is blocked waiting.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "stack-trace" => {
- "type" => LIST,
- "description" => "The stack trace of the thread.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 0L,
- "max-length" => 2147483647L,
- "value-type" => {
- "file-name" => {
- "type" => STRING,
- "description" => "The name of the source file containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "line-number" => {
- "type" => INT,
- "description" => "The line number of the source line containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "class-name" => {
- "type" => STRING,
- "description" => "The fully qualified name of the class containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "method-name" => {
- "type" => STRING,
- "description" => "The name of the method containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "native-method" => {
- "type" => STRING,
- "description" => "Whether the method containing the execution point represented by this stack trace element is a native method.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- }
- }
- },
- "suspended" => {
- "type" => BOOLEAN,
- "description" => "Whether the thread is suspended.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "in-native" => {
- "type" => BOOLEAN,
- "description" => "Whether the thread associated is executing native code via the Java Native Interface (JNI).",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "locked-monitors" => {
- "type" => LIST,
- "description" => "A list of detyped representations java.lang.management.MonitorInfo objects, each of which represents an object monitor currently locked by the thread.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 0L,
- "max-length" => 2147483647L,
- "value-type" => {
- "locked-stack-depth" => {
- "type" => INT,
- "description" => "The depth in the stack trace where the object monitor was locked.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "locked-stack-frame" => {
- "type" => OBJECT,
- "description" => "The stack frame that locked the object monitor.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "value-type" => {
- "file-name" => {
- "type" => STRING,
- "description" => "The name of the source file containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "line-number" => {
- "type" => INT,
- "description" => "The line number of the source line containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "class-name" => {
- "type" => STRING,
- "description" => "The fully qualified name of the class containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "method-name" => {
- "type" => STRING,
- "description" => "The name of the method containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "native-method" => {
- "type" => STRING,
- "description" => "Whether the method containing the execution point represented by this stack trace element is a native method.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- }
- }
- }
- }
- },
- "locked-synchronizers" => {
- "type" => LIST,
- "description" => "A list of detyped representations java.lang.management.LockInfo objects, each of which represents an ownable synchronizer currently locked by the thread.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 0L,
- "max-length" => 2147483647L,
- "value-type" => {
- "class-name" => {
- "type" => STRING,
- "description" => "The fully qualified name of the class of the lock object.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "identity-hash-code" => {
- "type" => INT,
- "description" => "The identity hash code of the lock object returned from the System.identityHashCode(java.lang.Object) method.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- }
- }
- }
-}
find-deadlocked-threads Finds cycles of threads that are in deadlock waiting to acquire object monitors or ownable synchronizers.
get-thread-cpu-time Returns the total CPU time for a thread of the specified ID in nanoseconds.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
id
LONG
true
false
The thread ID of the thread. Must be positive.
Reply properties
type
LONG
get-thread-info Returns the thread info for a thread of the specified id. The stack trace, locked monitors, and locked synchronizers in the returned reply object will be empty.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
id
LONG
true
false
The thread ID of the thread. Must be positive.
max-depth
INT
false
false
0
The maximum number of entries in the stack trace to be dumped. Integer.MAX_VALUE could be used to request the entire stack to be dumped.
Reply properties
Detyped representation of a java.lang.management.ThreadInfo object for the thread of the given ID; "undefined" if the thread of the given ID is not alive or it does not exist.
type
OBJECT
Value Type
{
- "thread-id" => {
- "type" => LONG,
- "description" => "The ID of the thread.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "thread-name" => {
- "type" => STRING,
- "description" => "The name of the thread.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "thread-state" => {
- "type" => STRING,
- "description" => "The state of the thread.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "blocked-time" => {
- "type" => LONG,
- "description" => "The approximate accumulated elapsed time (in milliseconds) that the thread has blocked to enter or reenter a monitor since thread contention monitoring is enabled, or -1 if thread contention monitoring is not enabled.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "unit" => "MILLISECONDS"
- },
- "blocked-count" => {
- "type" => LONG,
- "description" => "The total number of times that the thread blocked to enter or reenter a monitor.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "waited-time" => {
- "type" => LONG,
- "description" => "The approximate accumulated elapsed time (in milliseconds) that the thread has waited for notification since thread contention monitoring was enabled.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "unit" => "MILLISECONDS"
- },
- "waited-count" => {
- "type" => LONG,
- "description" => "The total number of times that the thread has waited for notification.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "lock-info" => {
- "type" => OBJECT,
- "description" => "A detyped representation of the java.lang.management.LockInfo of an object for which the thread is blocked waiting.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "value-type" => {
- "class-name" => {
- "type" => STRING,
- "description" => "The fully qualified name of the class of the lock object.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "identity-hash-code" => {
- "type" => INT,
- "description" => "The identity hash code of the lock object returned from the System.identityHashCode(java.lang.Object) method.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- }
- }
- },
- "lock-name" => {
- "type" => STRING,
- "description" => "The string representation of an object for which the thread is blocked waiting.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "lock-owner-id" => {
- "type" => LONG,
- "description" => "The ID of the thread which owns the object for which the thread is blocked waiting.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "lock-owner-name" => {
- "type" => STRING,
- "description" => "The name of the thread which owns the object for which the thread is blocked waiting.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "stack-trace" => {
- "type" => LIST,
- "description" => "The stack trace of the thread.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 0L,
- "max-length" => 2147483647L,
- "value-type" => {
- "file-name" => {
- "type" => STRING,
- "description" => "The name of the source file containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "line-number" => {
- "type" => INT,
- "description" => "The line number of the source line containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "class-name" => {
- "type" => STRING,
- "description" => "The fully qualified name of the class containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "method-name" => {
- "type" => STRING,
- "description" => "The name of the method containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "native-method" => {
- "type" => STRING,
- "description" => "Whether the method containing the execution point represented by this stack trace element is a native method.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- }
- }
- },
- "suspended" => {
- "type" => BOOLEAN,
- "description" => "Whether the thread is suspended.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "in-native" => {
- "type" => BOOLEAN,
- "description" => "Whether the thread associated is executing native code via the Java Native Interface (JNI).",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "locked-monitors" => {
- "type" => LIST,
- "description" => "A list of detyped representations java.lang.management.MonitorInfo objects, each of which represents an object monitor currently locked by the thread.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 0L,
- "max-length" => 2147483647L,
- "value-type" => {
- "locked-stack-depth" => {
- "type" => INT,
- "description" => "The depth in the stack trace where the object monitor was locked.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "locked-stack-frame" => {
- "type" => OBJECT,
- "description" => "The stack frame that locked the object monitor.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "value-type" => {
- "file-name" => {
- "type" => STRING,
- "description" => "The name of the source file containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "line-number" => {
- "type" => INT,
- "description" => "The line number of the source line containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "class-name" => {
- "type" => STRING,
- "description" => "The fully qualified name of the class containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "method-name" => {
- "type" => STRING,
- "description" => "The name of the method containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "native-method" => {
- "type" => STRING,
- "description" => "Whether the method containing the execution point represented by this stack trace element is a native method.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- }
- }
- }
- }
- },
- "locked-synchronizers" => {
- "type" => LIST,
- "description" => "A list of detyped representations java.lang.management.LockInfo objects, each of which represents an ownable synchronizer currently locked by the thread.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 0L,
- "max-length" => 2147483647L,
- "value-type" => {
- "class-name" => {
- "type" => STRING,
- "description" => "The fully qualified name of the class of the lock object.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "identity-hash-code" => {
- "type" => INT,
- "description" => "The identity hash code of the lock object returned from the System.identityHashCode(java.lang.Object) method.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- }
- }
- }
-}
get-thread-infos Returns the thread info for each thread whose ID is in the input list.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
ids
LIST
true
false
A list of thread ids.
max-depth
INT
false
false
0
The maximum number of entries in the stack trace to be dumped. Integer.MAX_VALUE could be used to request the entire stack to be dumped.
locked-monitors
BOOLEAN
false
false
false
A list of detyped representations java.lang.management.MonitorInfo objects, each of which represents an object monitor currently locked by the thread.
locked-synchronizers
BOOLEAN
false
false
false
A list of detyped representations java.lang.management.LockInfo objects, each of which represents an ownable synchronizer currently locked by the thread.
Reply properties
A list of detyped representations of java.lang.management.ThreadInfo objects, each containing information about a thread whose ID is in the corresponding element of the input list of IDs. An element will be "undefined" if the thread of the given ID is not alive or it does not exist.
type
LIST
Value Type
{
- "thread-id" => {
- "type" => LONG,
- "description" => "The ID of the thread.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "thread-name" => {
- "type" => STRING,
- "description" => "The name of the thread.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "thread-state" => {
- "type" => STRING,
- "description" => "The state of the thread.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "blocked-time" => {
- "type" => LONG,
- "description" => "The approximate accumulated elapsed time (in milliseconds) that the thread has blocked to enter or reenter a monitor since thread contention monitoring is enabled, or -1 if thread contention monitoring is not enabled.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "unit" => "MILLISECONDS"
- },
- "blocked-count" => {
- "type" => LONG,
- "description" => "The total number of times that the thread blocked to enter or reenter a monitor.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "waited-time" => {
- "type" => LONG,
- "description" => "The approximate accumulated elapsed time (in milliseconds) that the thread has waited for notification since thread contention monitoring was enabled.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "unit" => "MILLISECONDS"
- },
- "waited-count" => {
- "type" => LONG,
- "description" => "The total number of times that the thread has waited for notification.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "lock-info" => {
- "type" => OBJECT,
- "description" => "A detyped representation of the java.lang.management.LockInfo of an object for which the thread is blocked waiting.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "value-type" => {
- "class-name" => {
- "type" => STRING,
- "description" => "The fully qualified name of the class of the lock object.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "identity-hash-code" => {
- "type" => INT,
- "description" => "The identity hash code of the lock object returned from the System.identityHashCode(java.lang.Object) method.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- }
- }
- },
- "lock-name" => {
- "type" => STRING,
- "description" => "The string representation of an object for which the thread is blocked waiting.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "lock-owner-id" => {
- "type" => LONG,
- "description" => "The ID of the thread which owns the object for which the thread is blocked waiting.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "lock-owner-name" => {
- "type" => STRING,
- "description" => "The name of the thread which owns the object for which the thread is blocked waiting.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "stack-trace" => {
- "type" => LIST,
- "description" => "The stack trace of the thread.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 0L,
- "max-length" => 2147483647L,
- "value-type" => {
- "file-name" => {
- "type" => STRING,
- "description" => "The name of the source file containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "line-number" => {
- "type" => INT,
- "description" => "The line number of the source line containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "class-name" => {
- "type" => STRING,
- "description" => "The fully qualified name of the class containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "method-name" => {
- "type" => STRING,
- "description" => "The name of the method containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "native-method" => {
- "type" => STRING,
- "description" => "Whether the method containing the execution point represented by this stack trace element is a native method.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- }
- }
- },
- "suspended" => {
- "type" => BOOLEAN,
- "description" => "Whether the thread is suspended.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "in-native" => {
- "type" => BOOLEAN,
- "description" => "Whether the thread associated is executing native code via the Java Native Interface (JNI).",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "locked-monitors" => {
- "type" => LIST,
- "description" => "A list of detyped representations java.lang.management.MonitorInfo objects, each of which represents an object monitor currently locked by the thread.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 0L,
- "max-length" => 2147483647L,
- "value-type" => {
- "locked-stack-depth" => {
- "type" => INT,
- "description" => "The depth in the stack trace where the object monitor was locked.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "locked-stack-frame" => {
- "type" => OBJECT,
- "description" => "The stack frame that locked the object monitor.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "value-type" => {
- "file-name" => {
- "type" => STRING,
- "description" => "The name of the source file containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "line-number" => {
- "type" => INT,
- "description" => "The line number of the source line containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- },
- "class-name" => {
- "type" => STRING,
- "description" => "The fully qualified name of the class containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "method-name" => {
- "type" => STRING,
- "description" => "The name of the method containing the execution point represented by this stack trace element.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "native-method" => {
- "type" => STRING,
- "description" => "Whether the method containing the execution point represented by this stack trace element is a native method.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- }
- }
- }
- }
- },
- "locked-synchronizers" => {
- "type" => LIST,
- "description" => "A list of detyped representations java.lang.management.LockInfo objects, each of which represents an ownable synchronizer currently locked by the thread.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 0L,
- "max-length" => 2147483647L,
- "value-type" => {
- "class-name" => {
- "type" => STRING,
- "description" => "The fully qualified name of the class of the lock object.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "identity-hash-code" => {
- "type" => INT,
- "description" => "The identity hash code of the lock object returned from the System.identityHashCode(java.lang.Object) method.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true
- }
- }
- }
-}
get-thread-user-time Returns the CPU time that a thread of the specified ID has executed in user mode in nanoseconds.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
id
LONG
true
false
The thread ID of the thread. Must be positive.
Reply properties
type
LONG
read-resource Reads a model resource's attribute values along with either basic or complete information about any child resources
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
recursive
BOOLEAN
false
false
Whether to include complete information about child resources, recursively. If absent, false is the default
recursive-depth
INT
false
false
The depth to which information about child resources should be included.
proxies
BOOLEAN
false
false
false
Whether to include remote resources in a recursive query (i.e. host level resources in a query of the domain root; running server resources in a query of a host). If absent, false is the default.
include-runtime
BOOLEAN
false
false
false
Whether to include runtime attributes (i.e. those whose value does not come from the persistent configuration) in the response. If absent, false is the default.
include-defaults
BOOLEAN
false
false
true
Boolean to enable/disable default reading. In case it is set to false only attribute set by user are returned ignoring undefined.
attributes-only
BOOLEAN
false
false
false
Whether or not to only read the attributes on the specified resource. Cannot be used in conjunction with 'recursive' or 'recursive-depth'.
include-aliases
BOOLEAN
false
false
false
If 'true' and recursive, include children which are aliases.
include-undefined-metric-values
BOOLEAN
false
false
false
Whether to include undefined metric values. If the underlying metric value can not be computed, this flag ensures that the value will remain undefined (without being replaced by a possible 'undefined metric value' from the attribute definition.
Reply properties
The resource's attribute values along with information about any child resources
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/server-environment/index.html b/29/wildscribe/core-service/server-environment/index.html
index 005b94a86..364d84141 100644
--- a/29/wildscribe/core-service/server-environment/index.html
+++ b/29/wildscribe/core-service/server-environment/index.html
@@ -1,210 +1,11 @@
- WildFly Full 29 Model Reference
initial-running-mode The initial running mode of the server, when the server process was launched. Either NORMAL or ADMIN_ONLY. An ADMIN_ONLY server will start any configured management interfaces and accept management requests, but will not start services used for handling end user requests.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/core-service/service-container/index.html b/29/wildscribe/core-service/service-container/index.html
index 259a6b53b..55d01bdf3 100644
--- a/29/wildscribe/core-service/service-container/index.html
+++ b/29/wildscribe/core-service/service-container/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment-overlay/content/index.html b/29/wildscribe/deployment-overlay/content/index.html
index 1aed8c5aa..3e9d95d67 100644
--- a/29/wildscribe/deployment-overlay/content/index.html
+++ b/29/wildscribe/deployment-overlay/content/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment-overlay/deployment/index.html b/29/wildscribe/deployment-overlay/deployment/index.html
index 2c16ce1d2..4251c2016 100644
--- a/29/wildscribe/deployment-overlay/deployment/index.html
+++ b/29/wildscribe/deployment-overlay/deployment/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment-overlay/index.html b/29/wildscribe/deployment-overlay/index.html
index d9ac65db0..2736bd4d9 100644
--- a/29/wildscribe/deployment-overlay/index.html
+++ b/29/wildscribe/deployment-overlay/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/index.html b/29/wildscribe/deployment/index.html
index c8c87aaae..ad2ba7122 100644
--- a/29/wildscribe/deployment/index.html
+++ b/29/wildscribe/deployment/index.html
@@ -1,26 +1,11 @@
- WildFly Full 29 Model Reference
A deployment represents anything that can be deployed (e.g. an application such as Jakarta Enterprise Beans-JAR, WAR, EAR, any kind of standard archive such as RAR or JBoss-specific deployment) into a server.
Children (2)
subdeployment Runtime resources associated with a child deployment packaged inside another deployment; for example a war packaged inside an ear.
subsystem Runtime resources created when the deployment is deployed, organized by the subsystem responsible for the runtime resource.
batch-jberet Information about the batch subsystem for the deployment.
datasources The data-sources subsystem, used to declare JDBC data-sources
ejb3 Runtime resources exposed by Jakarta Enterprise Beans components included in this deployment.
jaxrs The configuration of the Jakarta RESTful Web Services subsystem.
jpa The configuration of the Jakarta Persistence subsystem.
logging Information about the logging configuration for this deployment. Note that this may not be accurate if the deployment is using some other means of configuring a log manager such as logback. The resolved configuration is what loggers not covered by the deployments specific log manager would use.
messaging-activemq Runtime resources exposed by messaging resources included in this deployment.
resource-adapters Runtime statistics provided by the resource adapter.
undertow Information about the web container handling of this deployment
webservices Runtime resources exposed by web service components in the deployment.
Attributes (12)
content List of pieces of content that comprise the deployment.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
disabled-time Last time the application was disabled
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Unit
MILLISECONDS
Storage
runtime
Access Type
read-only
disabled-timestamp Last timestamp the application was disabled. Format is yyyy-MM-dd HH:mm:ss,SSS zzz.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
enabled Boolean indicating whether the deployment content is currently deployed in the runtime (or should be deployed in the runtime the next time the server starts.)
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
enabled-time Last time the application was enabled
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Unit
MILLISECONDS
Storage
runtime
Access Type
read-only
enabled-timestamp Last timestamp the application was enabled. Format is yyyy-MM-dd HH:mm:ss,SSS zzz.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
managed Indicates if the deployment is managed (aka uses the ContentRepository).
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
name Unique identifier of the deployment. Must be unique across all deployments.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
owner Address of a resource that has indicated it controls the lifecycle of this deployment (e.g. a deployment scanner resource.) Will be undefined if no resource claimed ownership when the deployment was added.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
persistent Boolean indicating whether the existence of the deployment should be recorded in the persistent server configuration. Only relevant to a standalone mode server. Default is 'true'. A deployment managed by a deployment scanner would have this set to 'false' to ensure the deployment is only deployed at server start if the scanner again detects the deployment.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
runtime-name Name by which the deployment should be known within a server's runtime. This would be equivalent to the file name of a deployment file, and would form the basis for such things as default Java Enterprise Edition application and module names. This would typically be the same as 'name', but in some cases users may wish to have two deployments with the same 'runtime-name' (e.g. two versions of "foo.war") both available in the deployment content repository, in which case the deployments would need to have distinct 'name' values but would have the same 'runtime-name'.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
status The current runtime status of a deployment. Possible status modes are OK, FAILED, and STOPPED. FAILED indicates a dependency is missing or a service could not start. STOPPED indicates that the deployment was not enabled or was manually stopped.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
Operations (11)
add Adds previously uploaded content to the list of content available for use. Does not actually deploy the content unless the 'enabled' parameter is 'true'.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
runtime-name
STRING
false
false
Name by which the deployment should be known within a server's runtime. This would be equivalent to the file name of a deployment file, and would form the basis for such things as default Java Enterprise Edition application and module names. This would typically be the same as 'name', but in some cases users may wish to have two deployments with the same 'runtime-name' (e.g. two versions of "foo.war") both available in the deployment content repository, in which case the deployments would need to have distinct 'name' values but would have the same 'runtime-name'.
content
LIST
true
false
List of pieces of content that comprise the deployment.
enabled
BOOLEAN
false
false
false
Boolean indicating whether the deployment content is currently deployed in the runtime (or should be deployed in the runtime the next time the server starts.)
add-content Add contents to an existing deployment.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
content
LIST
true
false
List of pieces of content to be added to the deployment.
overwrite
BOOLEAN
false
false
true
Indicates if added content should overwrite existing content.
browse-content List the pieces of content of a deployment.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
path
STRING
false
false
The relative path from a deployment to list the contents of.
archive
BOOLEAN
false
false
false
If set to true, only the relative paths to archive files will be returned.
depth
INT
false
false
-1
The depth to browse.
Reply properties
The pieces of content of a deployment and some information about them.
type
OBJECT
Value Type
{
- "directory" => {
- "type" => BOOLEAN,
- "description" => "Indicates if the content is a folder or not.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false
- },
- "path" => {
- "type" => STRING,
- "description" => "Path (relative or absolute) to unmanaged content that is part of the deployment.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "file-size" => {
- "type" => LONG,
- "description" => "The size of the content if it is a file.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "unit" => "BYTES"
- }
-}
deploy Deploy the specified deployment content into the runtime, optionally replacing existing content.
explode Convert zip format managed deployment content to exploded format.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
path
STRING
false
false
Relative path to an archive in a deployment to be exploded.
list-modules List all module dependencies of the current deployment.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
verbose
BOOLEAN
false
false
false
Optional, default is false and results in brief info about the module dependencies, true to include detailed information about the module dependencies added to the current deployment.
read-content Read the content of an existing deployment.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
path
STRING
false
false
The relative path of the content to be read from an existing deployment.
Reply properties
The uuid of the attached stream.
type
STRING
redeploy Undeploy existing content from the runtime and deploy it again.
remove Remove a deployment from the list of content available for use. If the deployment is currently deployed in the runtime it will first be undeployed.
remove-content Remove contents from an existing deployment.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
paths
LIST
true
true
List of paths of content to be removed from the deployment.
undeploy Undeploy content from the runtime. The content remains in the list of content available for use.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/index.html b/29/wildscribe/deployment/subdeployment/index.html
index 7e1595b82..32d40dfac 100644
--- a/29/wildscribe/deployment/subdeployment/index.html
+++ b/29/wildscribe/deployment/subdeployment/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A deployment represents anything that can be deployed (e.g. an application such as Jakarta Enterprise Beans-JAR, WAR, EAR, any kind of standard archive such as RAR or JBoss-specific deployment) into a server.
Children (1)
subsystem Runtime resources created when the deployment is deployed, organized by the subsystem responsible for the runtime resource.
batch-jberet Information about the batch subsystem for the deployment.
datasources The data-sources subsystem, used to declare JDBC data-sources
ejb3 Runtime resources exposed by Jakarta Enterprise Beans components included in this deployment.
jaxrs The configuration of the Jakarta RESTful Web Services subsystem.
jpa The configuration of the Jakarta Persistence subsystem.
logging Information about the logging configuration for this deployment. Note that this may not be accurate if the deployment is using some other means of configuring a log manager such as logback. The resolved configuration is what loggers not covered by the deployments specific log manager would use.
messaging-activemq Runtime resources exposed by messaging resources included in this deployment.
resource-adapters Runtime statistics provided by the resource adapter.
undertow Information about the web container handling of this deployment
webservices Runtime resources exposed by web service components in the deployment.
Operations (1)
list-modules List all module dependencies of the current deployment.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
verbose
BOOLEAN
false
false
false
Optional, default is false and results in brief info about the module dependencies, true to include detailed information about the module dependencies added to the current deployment.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/batch-jberet/index.html b/29/wildscribe/deployment/subdeployment/subsystem/batch-jberet/index.html
index 999ec6597..b2e6759ae 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/batch-jberet/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/batch-jberet/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/batch-jberet/job/execution/index.html b/29/wildscribe/deployment/subdeployment/subsystem/batch-jberet/job/execution/index.html
index 413cecd89..1a0d9bf8e 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/batch-jberet/job/execution/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/batch-jberet/job/execution/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/batch-jberet/job/index.html b/29/wildscribe/deployment/subdeployment/subsystem/batch-jberet/job/index.html
index 09cc65e57..1f4db3e14 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/batch-jberet/job/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/batch-jberet/job/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/datasources/data-source/connection-properties/index.html b/29/wildscribe/deployment/subdeployment/subsystem/datasources/data-source/connection-properties/index.html
index 77b383da8..b11b0b42e 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/datasources/data-source/connection-properties/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/datasources/data-source/connection-properties/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The connection-properties element allows you to pass in arbitrary connection properties to the Driver.connect(url, props) method
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (1)
value Each connection-property specifies a string name/value pair with the property name coming from the name attribute and the value coming from the element content
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/datasources/data-source/index.html b/29/wildscribe/deployment/subdeployment/subsystem/datasources/data-source/index.html
index c2e1c0fc1..97308c173 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/datasources/data-source/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/datasources/data-source/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
connection-properties The connection-properties element allows you to pass in arbitrary connection properties to the Driver.connect(url, props) method
Attributes (65)
allocation-retry The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
allocation-retry-wait-millis The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
allow-multiple-users Specifies if multiple users will access the datasource through the getConnection(user, password) method and hence if the internal pool type should account for that
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
background-validation An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
background-validation-millis The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value can be done only on disabled datasource, requires a server restart otherwise
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
MILLISECONDS
Storage
runtime
Access Type
read-only
blocking-timeout-wait-millis The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time
capacity-incrementer-properties Properties to be injected in class defining the policy for incrementing connections in the pool
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
check-valid-connection-sql Specify an SQL statement to check validity of a pool connection. This may be called when managed connection is obtained from the pool
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
connectable Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
connection-listener-class Speciefies class name extending org.jboss.jca.adapters.jdbc.spi.listener.ConnectionListener that provides a possible to listen for connection activation and passivation in order to perform actions before the connection is returned to the application or returned to the pool.
credential-reference Credential (from Credential Store) to authenticate on data source
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
datasource-class The fully qualified name of the JDBC datasource class
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
driver-class The fully qualified name of the JDBC driver class
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
driver-name Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
runtime
Access Type
read-only
elytron-enabled Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
enabled Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Deprecated Since 3.0.0
Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
enlistment-trace Defines if WildFly/IronJacamar should record enlistment traces
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
exception-sorter-class-name An org.jboss.jca.adapters.jdbc.ExceptionSorter that provides an isExceptionFatal(SQLException) method to validate if an exception should broadcast an error
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
exception-sorter-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ExceptionSorter available
idle-timeout-minutes The idle-timeout-minutes elements specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
MINUTES
Storage
runtime
Access Type
read-only
initial-pool-size The initial-pool-size element indicates the initial number of connections a pool should hold.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
jndi-name Specifies the JNDI name for the datasource
security-domain Specifies the PicketBox security domain which defines the PicketBox javax.security.auth.Subject that are used to distinguish connections in the pool
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
set-tx-query-timeout Whether to set the query timeout based on the time remaining until transaction timeout. Any configured query timeout will be used if there is no transaction
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
share-prepared-statements Whether to share prepared statements, i.e. whether asking for same statement twice without closing uses the same underlying prepared statement
stale-connection-checker-class-name An org.jboss.jca.adapters.jdbc.StaleConnectionChecker that provides an isStaleConnection(SQLException) method which if it returns true will wrap the exception in an org.jboss.jca.adapters.jdbc.StaleConnectionException
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
stale-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.StaleConnectionChecker available
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
track-statements Whether to check for unclosed statements when a connection is returned to the pool, result sets are closed, a statement is closed or return to the prepared statement cache. Valid values are: "false" - do not track statements, "true" - track statements and result sets and warn when they are not closed, "nowarn" - track statements but do not warn about them being unclosed
Attribute
Value
Default Value
NOWARN
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
tracking Defines if IronJacamar should track connection handles across transaction boundaries
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
transaction-isolation Set the java.sql.Connection transaction isolation level. Valid values are: TRANSACTION_READ_UNCOMMITTED, TRANSACTION_READ_COMMITTED, TRANSACTION_REPEATABLE_READ, TRANSACTION_SERIALIZABLE and TRANSACTION_NONE. Different values are used to set customLevel using TransactionIsolation#customLevel
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
url-delimiter Specifies the delimiter for URLs in connection-url for HA datasources
use-ccm Enable the use of a cached connection manager
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-fast-fail Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false)
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-java-context Setting this to false will bind the datasource into global JNDI
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-try-lock Any configured timeout for internal locks on the resource adapter objects in seconds
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
user-name Specify the user name used when creating a new connection
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
valid-connection-checker-class-name An org.jboss.jca.adapters.jdbc.ValidConnectionChecker that provides an isValidConnection(Connection) method to validate a connection. If an exception is returned that means the connection is invalid. This overrides the check-valid-connection-sql element
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
valid-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ValidConnectionChecker available
validate-on-match The validate-on-match element specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/datasources/index.html b/29/wildscribe/deployment/subdeployment/subsystem/datasources/index.html
index c0bb2b7c1..74d4e3b37 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/datasources/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/datasources/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/datasources/xa-data-source/index.html b/29/wildscribe/deployment/subdeployment/subsystem/datasources/xa-data-source/index.html
index f42b152ef..0bf1dac9d 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/datasources/xa-data-source/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/datasources/xa-data-source/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allocation-retry The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
allocation-retry-wait-millis The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
allow-multiple-users Specifies if multiple users will access the datasource through the getConnection(user, password) method and hence if the internal pool type should account for that
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
background-validation An element to specify that connections should be validated on a background thread versus being validated prior to use.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
background-validation-millis The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
MILLISECONDS
Storage
runtime
Access Type
read-only
blocking-timeout-wait-millis The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time
check-valid-connection-sql Specify an SQL statement to check validity of a pool connection. This may be called when managed connection is obtained from the pool
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
connectable Enable the use of CMR for this datasource. This feature means that a local resource can reliably participate in an XA transaction.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
connection-listener-class Speciefies class name extending org.jboss.jca.adapters.jdbc.spi.listener.ConnectionListener that provides a possible to listen for connection activation and passivation in order to perform actions before the connection is returned to the application or returned to the pool.
credential-reference Credential (from Credential Store) to authenticate on data source
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
driver-name Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
runtime
Access Type
read-only
elytron-enabled Enables Elytron security for handling authentication of connections for recovery. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
enabled Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Deprecated Since 3.0.0
Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
enlistment-trace Defines if WildFly/IronJacamar should record enlistment traces
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
exception-sorter-class-name An org.jboss.jca.adapters.jdbc.ExceptionSorter that provides an isExceptionFatal(SQLException) method to validate if an exception should broadcast an error
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
exception-sorter-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ExceptionSorter available
idle-timeout-minutes The idle-timeout-minutes elements specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
MINUTES
Storage
runtime
Access Type
read-only
initial-pool-size The initial-pool-size element indicates the initial number of connections a pool should hold.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
interleaving An element to enable interleaving for XA connections
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
jndi-name Specifies the JNDI name for the datasource
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
runtime
Access Type
read-only
max-pool-size The max-pool-size element specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool
Attribute
Value
Default Value
20
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
mcp Defines the ManagedConnectionPool implementation, f.ex. org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool
min-pool-size The min-pool-size element specifies the minimum number of connections for a pool
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
new-connection-sql Specifies an SQL statement to execute whenever a connection is added to the connection pool
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
no-recovery Specifies if the connection pool should be excluded from recovery
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
no-tx-separate-pool Oracle does not like XA connections getting used both inside and outside a Jakarta Transactions transaction. To workaround the problem you can create separate sub-pools for the different contexts
recovery-authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
recovery-elytron-enabled Enables Elytron security for handling authentication of connections for recovery. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
same-rm-override The is-same-rm-override element allows one to unconditionally set whether the javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
security-domain Specifies the PicketBox security domain which defines the javax.security.auth.Subject that are used to distinguish connections in the pool
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
set-tx-query-timeout Whether to set the query timeout based on the time remaining until transaction timeout. Any configured query timeout will be used if there is no transaction
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
share-prepared-statements Whether to share prepared statements, i.e. whether asking for same statement twice without closing uses the same underlying prepared statement
stale-connection-checker-class-name An org.jboss.jca.adapters.jdbc.StaleConnectionChecker that provides an isStaleConnection(SQLException) method which if it returns true will wrap the exception in an org.jboss.jca.adapters.jdbc.StaleConnectionException
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
stale-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.StaleConnectionChecker available
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
track-statements Whether to check for unclosed statements when a connection is returned to the pool, result sets are closed, a statement is closed or return to the prepared statement cache. Valid values are: "false" - do not track statements, "true" - track statements and result sets and warn when they are not closed, "nowarn" - track statements but do not warn about them being unclosed
Attribute
Value
Default Value
NOWARN
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
tracking Defines if IronJacamar should track connection handles across transaction boundaries
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
transaction-isolation Set the java.sql.Connection transaction isolation level. Valid values are: TRANSACTION_READ_UNCOMMITTED, TRANSACTION_READ_COMMITTED, TRANSACTION_REPEATABLE_READ, TRANSACTION_SERIALIZABLE and TRANSACTION_NONE. Different values are used to set customLevel using TransactionIsolation#customLevel.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
url-delimiter Specifies the delimiter for URLs in connection-url for HA datasources
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
url-property Specifies the property for the URL property in the xa-datasource-property values
use-ccm Enable the use of a cached connection manager
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-fast-fail Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false)
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-java-context Setting this to false will bind the datasource into global JNDI
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-try-lock Any configured timeout for internal locks on the resource adapter objects in seconds
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
user-name Specify the user name used when creating a new connection
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
valid-connection-checker-class-name An org.jboss.jca.adapters.jdbc.ValidConnectionChecker that provides an isValidConnection(Connection) method to validate a connection. If an exception is returned that means the connection is invalid. This overrides the check-valid-connection-sql element
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
valid-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ValidConnectionChecker available
validate-on-match The validate-on-match element specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
wrap-xa-resource Should the XAResource instances be wrapped in an org.jboss.tm.XAResourceWrapper instance
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
xa-datasource-class The fully qualified name of the javax.sql.XADataSource implementation
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
xa-resource-timeout The value is passed to XAResource.setTransactionTimeout(), in seconds. Default is zero
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html b/29/wildscribe/deployment/subdeployment/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html
index 7060abd5c..fdfa4c9af 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (1)
value Specifies a property value to assign to the XADataSource implementation class. Each property is identified by the name attribute and the property value is given by the xa-datasource-property element content. The property is mapped onto the XADataSource implementation by looking for a JavaBeans style getter method for the property name. If found, the value of the property is set using the JavaBeans setter with the element text translated to the true property type using the java.beans.PropertyEditor
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/index.html b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/index.html
index 683d77bfd..06697dfc0 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/index.html b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/index.html
index a0a4d4baa..514c32f71 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/service/timer-service/index.html b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/service/timer-service/index.html
index cdc03e039..546a041a5 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/service/timer-service/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/service/timer-service/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/service/timer-service/timer/index.html b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/service/timer-service/timer/index.html
index ec83d23ea..3d746e2f5 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/service/timer-service/timer/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/service/timer-service/timer/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (8)
active Indicates whether this timer is active or suspended.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
calendar-timer Whether this timer is a calendar-based timer, or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
info Serializable information associated with timer.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
next-timeout The point in time (in ms since the epoch) at which the next timer expiration is scheduled to occur, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
persistent Whether this timer has persistent semantics or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
primary-key Primary key of Jakarta Enterprise Beans instance which started the timer.
Deprecated Since 9.0.0
Deprecated since entity beans are no longer supported.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
schedule The schedule expression corresponding to this timer or "undefined" if the timer was not created using a schedule expression, is expired, or has been cancelled.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
time-remaining The number of milliseconds that will elapse before the next scheduled timer expiration, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (4)
activate Activates timer after it has been suspended.
cancel Cancels timer and removes it from container.
suspend Suspends timer. No timeout will occur after this operation has been invoked. To reanimate timer, 'activate' operation is present.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/index.html b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/index.html
index 9d57b548f..65e63fd22 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/service/timer-service/index.html b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/service/timer-service/index.html
index d12b97469..70152e3ab 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/service/timer-service/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/service/timer-service/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/service/timer-service/timer/index.html b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/service/timer-service/timer/index.html
index 1379d9e76..97cf638cc 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/service/timer-service/timer/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/service/timer-service/timer/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (8)
active Indicates whether this timer is active or suspended.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
calendar-timer Whether this timer is a calendar-based timer, or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
info Serializable information associated with timer.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
next-timeout The point in time (in ms since the epoch) at which the next timer expiration is scheduled to occur, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
persistent Whether this timer has persistent semantics or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
primary-key Primary key of Jakarta Enterprise Beans instance which started the timer.
Deprecated Since 9.0.0
Deprecated since entity beans are no longer supported.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
schedule The schedule expression corresponding to this timer or "undefined" if the timer was not created using a schedule expression, is expired, or has been cancelled.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
time-remaining The number of milliseconds that will elapse before the next scheduled timer expiration, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (4)
activate Activates timer after it has been suspended.
cancel Cancels timer and removes it from container.
suspend Suspends timer. No timeout will occur after this operation has been invoked. To reanimate timer, 'activate' operation is present.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/stateful-session-bean/index.html b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/stateful-session-bean/index.html
index ab6345eb9..bcffa3518 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/stateful-session-bean/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/stateful-session-bean/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
remove-methods The business methods of the stateful session bean indicating that the bean instance is to be removed after the completion of this method.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
run-as-role The run-as role (if any) for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
security-domain The security domain for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
stateful-timeout The amount of time a stateful session bean can be idle before it is eligible for removal by the container.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/index.html b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/index.html
index ebbf0c897..20e3aac49 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/service/timer-service/index.html b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/service/timer-service/index.html
index 16e1df1cc..8ba441db9 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/service/timer-service/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/service/timer-service/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/service/timer-service/timer/index.html b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/service/timer-service/timer/index.html
index 6a67426f5..e63d67d24 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/service/timer-service/timer/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/service/timer-service/timer/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (8)
active Indicates whether this timer is active or suspended.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
calendar-timer Whether this timer is a calendar-based timer, or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
info Serializable information associated with timer.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
next-timeout The point in time (in ms since the epoch) at which the next timer expiration is scheduled to occur, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
persistent Whether this timer has persistent semantics or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
primary-key Primary key of Jakarta Enterprise Beans instance which started the timer.
Deprecated Since 9.0.0
Deprecated since entity beans are no longer supported.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
schedule The schedule expression corresponding to this timer or "undefined" if the timer was not created using a schedule expression, is expired, or has been cancelled.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
time-remaining The number of milliseconds that will elapse before the next scheduled timer expiration, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (4)
activate Activates timer after it has been suspended.
cancel Cancels timer and removes it from container.
suspend Suspends timer. No timeout will occur after this operation has been invoked. To reanimate timer, 'activate' operation is present.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/jaxrs/index.html b/29/wildscribe/deployment/subdeployment/subsystem/jaxrs/index.html
index b422de235..2cb3c1d53 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/jaxrs/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/jaxrs/index.html
@@ -1,37 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/jaxrs/rest-resource/index.html b/29/wildscribe/deployment/subdeployment/subsystem/jaxrs/rest-resource/index.html
index 93e56428e..6d2cffd91 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/jaxrs/rest-resource/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/jaxrs/rest-resource/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/jpa/index.html b/29/wildscribe/deployment/subdeployment/subsystem/jpa/index.html
index 3dc12ab46..f42927cbe 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/jpa/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/jpa/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
default-extended-persistence-inheritance Controls how Jakarta Persistence extended persistence context (XPC) inheritance is performed. 'DEEP' shares the extended persistence context at top bean level. 'SHALLOW' the extended persistece context is only shared with the parent bean (never with sibling beans).
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/error-manager/index.html b/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/error-manager/index.html
index 119004c14..5d57f8087 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/error-manager/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/error-manager/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/filter/index.html b/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/filter/index.html
index 6af901110..6dd5729c1 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/filter/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/filter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/formatter/index.html b/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/formatter/index.html
index de58040a6..08f78e1ca 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/formatter/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/formatter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/handler/index.html b/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/handler/index.html
index 9e73f4121..98480ad8f 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/handler/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/index.html b/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/index.html
index 307d3c844..a1040fd69 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Information about the logging configuration for this deployment. Note that this may not be accurate if the deployment is using some other means of configuring a log manager such as logback. The resolved configuration is what loggers not covered by the deployments specific log manager would use.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (6)
error-manager Describes the configured error managers being used on a deployment.
filter Describes the configured filters being used on a deployment.
formatter Describes the configured formatters being used on a deployment.
handler Describes the configured handlers being used on a deployment.
logger Describes the configured loggers being used on a deployment.
pojo Describes the configured POJO's being used on a deployment.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/logger/index.html b/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/logger/index.html
index 2b505ee97..e360e485f 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/logger/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/logger/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/pojo/index.html b/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/pojo/index.html
index 6f17dae04..645ae404d 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/pojo/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/logging/configuration/pojo/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/logging/index.html b/29/wildscribe/deployment/subdeployment/subsystem/logging/index.html
index 55e4caed0..6d67f97a3 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/logging/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/logging/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Information about the logging configuration for this deployment. Note that this may not be accurate if the deployment is using some other means of configuring a log manager such as logback. The resolved configuration is what loggers not covered by the deployments specific log manager would use.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
configuration The configuration being used for the deployment. For configurations within the deployment this is the path to the configuration file used. For logging profiles it's "profile-" followed by the name of the profile. Otherwise the value will be "default" to indicate it's using the logging configuration as defined by the logging subsystem.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/connection-factory/index.html b/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/connection-factory/index.html
index cf2fe725b..a4c758379 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/connection-factory/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/connection-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
protocol-manager-factory The protocol manager factory used by this connection factory (it must implement org.apache.activemq.artemis.spi.core.remoting.ClientProtocolManagerFactory).
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
false
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
true
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
enable-amq1-prefix
BOOLEAN
false
true
true
Enable the use of ActiveMQ 1.5.x prefixes in the addresses.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
factory-type
STRING
false
true
GENERIC
The type of connection factory.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
false
Whether the connection factory supports High Availability.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this connection factory (it must implement org.apache.activemq.artemis.spi.core.remoting.ClientProtocolManagerFactory).
reconnect-attempts
INT
false
true
0
The reconnect attempts.
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/external-jms-queue/index.html b/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/external-jms-queue/index.html
index 4b75b1665..5f83dd225 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/external-jms-queue/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/external-jms-queue/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/external-jms-topic/index.html b/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/external-jms-topic/index.html
index ed7a4abd1..81b7c8649 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/external-jms-topic/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/external-jms-topic/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/index.html b/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/index.html
index 3fb034b60..d566d5f83 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/pooled-connection-factory/index.html b/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/pooled-connection-factory/index.html
index 7edffd093..044369daa 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/pooled-connection-factory/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/pooled-connection-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allow-local-transactions Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
credential-reference Credential (from Credential Store) to authenticate the pooled connection factory
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
enable-amq1-prefix Enable the use of ActiveMQ 1.5.x prefixes in the addresses.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
enlistment-trace Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
entries The jndi names the connection factory should be bound to.
use-jndi Use JNDI to locate the destination for incoming connections
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
use-local-tx Use a local transaction for incoming sessions
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
user The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
true
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate the pooled connection factory
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
false
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
enable-amq1-prefix
BOOLEAN
false
true
true
Enable the use of ActiveMQ 1.5.x prefixes in the addresses.
enlistment-trace
BOOLEAN
false
true
Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
true
Whether the connection factory supports High Availability.
initial-connect-attempts
INT
false
true
-1
The number of attempts to connect initially with this factory.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
managed-connection-pool
STRING
false
true
The class name of the managed connection pool used by this pooled-connection-factory.
max-pool-size
INT
false
true
20
The maximum size for the pool
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
min-pool-size
INT
false
true
0
The minimum size for the pool
password
STRING
false
true
The default password to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this pooled connection factory.
reconnect-attempts
INT
false
true
-1
The reconnect attempts. By default, a pooled connection factory will try to reconnect infinitely to the messaging server(s).
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction
STRING
false
true
xa
The type of transaction supported by this pooled connection factory (can be LOCAL, NONE or XA, default is XA).
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-auto-recovery
BOOLEAN
false
true
true
True to use auto recovery.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
user
STRING
false
true
The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
jndi-params
STRING
false
true
The JNDI params to use for locating the destination for incoming connections.
rebalance-connections
BOOLEAN
false
true
false
Rebalance inbound connections when cluster topology changes.
setup-attempts
INT
false
true
The number of times to set up an MDB endpoint
setup-interval
LONG
false
true
The interval between attempts at setting up an MDB endpoint.
use-jndi
BOOLEAN
false
true
Use JNDI to locate the destination for incoming connections
use-local-tx
BOOLEAN
false
true
Use a local transaction for incoming sessions
allow-local-transactions
BOOLEAN
false
true
false
Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/index.html b/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/index.html
index a132c17bd..358a3cb87 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/jms-queue/index.html b/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/jms-queue/index.html
index 20baf634a..288a606c8 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/jms-queue/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/jms-queue/index.html
@@ -1,159 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/jms-topic/index.html b/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/jms-topic/index.html
index 93bdb31b9..c10bcbbe0 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/jms-topic/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/jms-topic/index.html
@@ -1,377 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/pooled-connection-factory/index.html b/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/pooled-connection-factory/index.html
index b9ee3c36a..b207c7e5b 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/pooled-connection-factory/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/pooled-connection-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allow-local-transactions Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
credential-reference Credential (from Credential Store) to authenticate the pooled connection factory
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
enlistment-trace Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
entries The jndi names the connection factory should be bound to.
use-jndi Use JNDI to locate the destination for incoming connections
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
use-local-tx Use a local transaction for incoming sessions
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
user The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
true
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate the pooled connection factory
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
false
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
enlistment-trace
BOOLEAN
false
true
Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
false
Whether the connection factory supports High Availability.
initial-connect-attempts
INT
false
true
1
The number of attempts to connect initially with this factory.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
managed-connection-pool
STRING
false
true
The class name of the managed connection pool used by this pooled-connection-factory.
max-pool-size
INT
false
true
20
The maximum size for the pool
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
min-pool-size
INT
false
true
0
The minimum size for the pool
password
STRING
false
true
The default password to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this pooled connection factory.
reconnect-attempts
INT
false
true
-1
The reconnect attempts. By default, a pooled connection factory will try to reconnect infinitely to the messaging server(s).
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction
STRING
false
true
xa
The type of transaction supported by this pooled connection factory (can be LOCAL, NONE or XA, default is XA).
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-auto-recovery
BOOLEAN
false
true
true
True to use auto recovery.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
user
STRING
false
true
The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
jndi-params
STRING
false
true
The JNDI params to use for locating the destination for incoming connections.
rebalance-connections
BOOLEAN
false
true
false
Rebalance inbound connections when cluster topology changes.
setup-attempts
INT
false
true
The number of times to set up an MDB endpoint
setup-interval
LONG
false
true
The interval between attempts at setting up an MDB endpoint.
use-jndi
BOOLEAN
false
true
Use JNDI to locate the destination for incoming connections
use-local-tx
BOOLEAN
false
true
Use a local transaction for incoming sessions
allow-local-transactions
BOOLEAN
false
true
false
Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/index.html b/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/index.html
index 14384dcd7..08c818cc5 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/index.html b/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/index.html
index ed8bc5682..5edc74af8 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/config-properties/index.html b/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/config-properties/index.html
index 5cee86f61..9ba3e6503 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/config-properties/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/config-properties/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/index.html b/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/index.html
index a2fdf5ccc..7d470d935 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/config-properties/index.html b/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/config-properties/index.html
index 636979ec4..49bed34ae 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/config-properties/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/config-properties/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/config-properties/index.html b/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/config-properties/index.html
index 6ee798745..4aabf7b96 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/config-properties/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/config-properties/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/index.html b/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/index.html
index f40df83f2..41c83703b 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allocation-retry The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
allocation-retry-wait-millis The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-context-and-application Indicates that either application-supplied parameters, such as from getConnection(user, pw), or Subject (provided by Elytron after authenticating using configured authentication-context), are used to distinguish connections in the pool.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
background-validation An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value requires a server restart.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
background-validation-millis The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value requires a server restart.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
blocking-timeout-wait-millis The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time.
class-name Specifies the fully qualified class name of a managed connection factory or admin object.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
connectable Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
elytron-enabled Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enabled Specifies if the resource adapter should be enabled.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enlistment Defines if lazy enlistment should be used if supported by the resource adapter.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enlistment-trace Defines if WildFly/IronJacamar should record enlistment traces.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
flush-strategy Specifies how the pool should be flushed in case of an error.
idle-timeout-minutes Specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value requires a server restart.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
MINUTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
initial-pool-size Specifies the initial number of connections a pool should hold.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
interleaving An element to enable interleaving for XA connections.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
jndi-name Specifies the JNDI name for the connection factory.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-pool-size Specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool.
Attribute
Value
Default Value
20
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
mcp Defines the ManagedConnectionPool implementation. For example: org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
min-pool-size Specifies the minimum number of connections for a pool.
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
no-recovery Specifies if the connection pool should be excluded from recovery.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
no-tx-separate-pool Oracle does not like XA connections getting used both inside and outside a JTA transaction. To workaround the problem you can create separate sub-pools for the different contexts.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
pad-xid Specifies whether the Xid should be padded.
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
same-rm-override Using this attribute, you can unconditionally set whether javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-application Indicates that application-supplied parameters, such as from getConnection(user, pw), are used to distinguish connections in the pool.
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-domain Specifies the PicketBox security domain which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-domain-and-application Indicates that either application-supplied parameters, such as from getConnection(user, pw) are used to distinguish connections in the pool.
Deprecated Since 6.1.0
PicketBox is no longer supported. Use Elytron configuration instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
sharable Enable the use of sharable connections, which allows lazy association to be enabled if supported.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
tracking Defines if IronJacamar should track connection handles across transaction boundaries.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-ccm Enable the use of a cached connection manager.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-fast-fail Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false).
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-java-context Setting this to false will bind the object into global JNDI.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
validate-on-match This specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
wrap-xa-resource Specifies whether XAResource instances should be wrapped in an org.jboss.tm.XAResourceWrapper instance.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
xa-resource-timeout The value is passed to XAResource.setTransactionTimeout(), in seconds.
The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception.
allocation-retry-wait-millis
LONG
false
true
The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection.
authentication-context
STRING
false
false
The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
authentication-context-and-application
STRING
false
false
Indicates that either application-supplied parameters, such as from getConnection(user, pw), or Subject (provided by Elytron after authenticating using configured authentication-context), are used to distinguish connections in the pool.
background-validation
BOOLEAN
false
true
An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value requires a server restart.
background-validation-millis
LONG
false
true
The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value requires a server restart.
blocking-timeout-wait-millis
LONG
false
true
The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time.
capacity-decrementer-class
STRING
false
true
Class defining the policy for decrementing connections in the pool.
capacity-decrementer-properties
OBJECT
false
true
Properties to inject in class defining the policy for decrementing connections in the pool.
capacity-incrementer-class
STRING
false
true
Class defining the policy for incrementing connections in the pool.
capacity-incrementer-properties
OBJECT
false
true
Properties to inject in class defining the policy for incrementing connections in the pool.
class-name
STRING
true
true
Specifies the fully qualified class name of a managed connection factory or admin object.
connectable
BOOLEAN
false
true
false
Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
elytron-enabled
BOOLEAN
false
true
false
Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
enabled
BOOLEAN
false
true
true
Specifies if the resource adapter should be enabled.
enlistment
BOOLEAN
false
true
true
Defines if lazy enlistment should be used if supported by the resource adapter.
enlistment-trace
BOOLEAN
false
true
false
Defines if WildFly/IronJacamar should record enlistment traces.
flush-strategy
STRING
false
true
FailingConnectionOnly
Specifies how the pool should be flushed in case of an error.
idle-timeout-minutes
LONG
false
true
Specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value requires a server restart.
initial-pool-size
INT
false
true
Specifies the initial number of connections a pool should hold.
interleaving
BOOLEAN
false
true
false
An element to enable interleaving for XA connections.
jndi-name
STRING
true
true
Specifies the JNDI name for the connection factory.
max-pool-size
INT
false
true
20
Specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool.
mcp
STRING
false
true
Defines the ManagedConnectionPool implementation. For example: org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.
min-pool-size
INT
false
true
0
Specifies the minimum number of connections for a pool.
no-recovery
BOOLEAN
false
true
false
Specifies if the connection pool should be excluded from recovery.
no-tx-separate-pool
BOOLEAN
false
true
false
Oracle does not like XA connections getting used both inside and outside a JTA transaction. To workaround the problem you can create separate sub-pools for the different contexts.
pad-xid
BOOLEAN
false
true
false
Specifies whether the Xid should be padded.
pool-fair
BOOLEAN
false
true
true
Defines if pool use should be fair.
pool-prefill
BOOLEAN
false
true
false
Specifies if the pool should be prefilled. Changing this value requires a server restart.
pool-use-strict-min
BOOLEAN
false
true
false
Specifies if the min-pool-size should be considered strict.
recovery-authentication-context
STRING
false
false
The Elytron authentication context used for recovery (current authentication-context will be used if unspecified).
recovery-credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate on recovery connection
recovery-elytron-enabled
BOOLEAN
false
true
false
Indicates that an Elytron authentication context will be used for recovery.
recovery-password
STRING
false
true
The password used for recovery.
recovery-plugin-class-name
STRING
false
true
The fully qualified class name of the recovery plugin implementation.
recovery-plugin-properties
OBJECT
false
true
The properties for the recovery plugin.
recovery-security-domain
STRING
false
true
The PicketBox security domain used for recovery.
recovery-username
STRING
false
true
The user name used for recovery.
same-rm-override
BOOLEAN
false
true
Using this attribute, you can unconditionally set whether javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false.
security-application
BOOLEAN
false
true
false
Indicates that application-supplied parameters, such as from getConnection(user, pw), are used to distinguish connections in the pool.
security-domain
STRING
false
true
Specifies the PicketBox security domain which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
security-domain-and-application
STRING
false
true
Indicates that either application-supplied parameters, such as from getConnection(user, pw) are used to distinguish connections in the pool.
sharable
BOOLEAN
false
true
true
Enable the use of sharable connections, which allows lazy association to be enabled if supported.
tracking
BOOLEAN
false
true
Defines if IronJacamar should track connection handles across transaction boundaries.
use-ccm
BOOLEAN
false
true
true
Enable the use of a cached connection manager.
use-fast-fail
BOOLEAN
false
true
false
Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false).
use-java-context
BOOLEAN
false
true
true
Setting this to false will bind the object into global JNDI.
validate-on-match
BOOLEAN
false
true
This specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation.
wrap-xa-resource
BOOLEAN
false
true
true
Specifies whether XAResource instances should be wrapped in an org.jboss.tm.XAResourceWrapper instance.
xa-resource-timeout
INT
false
true
The value is passed to XAResource.setTransactionTimeout(), in seconds.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/index.html b/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/index.html
index adc722042..d66600a9d 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
beanvalidationgroups Specifies the Jakarta Bean Validation groups that should be used.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
bootstrap-context Specifies the unique name of the bootstrap context that should be used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
module Specifies the module from which resource adapter will be loaded
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
transaction-support Specifies the transaction support level of the resource adapter. This attribute allows expressions, but only simple expressions resolved from environment variables or system properties are supported. Nested expressions and resolution from vaults or credential stores are not supported.
wm-security-domain Defines the name of the PicketBox security domain that should be used.
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security
activate Force the resource adapter config activation without server reload.
add Add a new resource adapter. At least one of ARCHIVE or MODULE is required.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
archive
STRING
false
false
Specifies the resource adapter archive.
beanvalidationgroups
LIST
false
true
Specifies the Jakarta Bean Validation groups that should be used.
bootstrap-context
STRING
false
true
Specifies the unique name of the bootstrap context that should be used.
module
STRING
false
false
Specifies the module from which resource adapter will be loaded
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled or not.
transaction-support
STRING
false
true
Specifies the transaction support level of the resource adapter. This attribute allows expressions, but only simple expressions resolved from environment variables or system properties are supported. Nested expressions and resolution from vaults or credential stores are not supported.
wm-elytron-security-domain
STRING
false
true
Defines the name of the Elytron security domain that should be used.
wm-security
BOOLEAN
false
true
false
Toggle on/off wm.security for this resource adapter. In case of false all wm-security-* parameters are ignored, even the defaults.
wm-security-default-groups
LIST
false
true
Defines a default groups list that should be added to the used Subject instance.
wm-security-default-principal
STRING
false
true
Defines a default principal name that should be added to the used Subject instance.
wm-security-domain
STRING
false
true
other
Defines the name of the PicketBox security domain that should be used.
wm-security-mapping-groups
LIST
false
false
List of groups mappings.
wm-security-mapping-required
BOOLEAN
false
true
false
Defines if a mapping is required for security credentials.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/undertow/index.html b/29/wildscribe/deployment/subdeployment/subsystem/undertow/index.html
index 589992046..2a9f21182 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/undertow/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/undertow/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/undertow/servlet/index.html b/29/wildscribe/deployment/subdeployment/subsystem/undertow/servlet/index.html
index c460b1b0a..ee61d954c 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/undertow/servlet/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/undertow/servlet/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/undertow/websocket/index.html b/29/wildscribe/deployment/subdeployment/subsystem/undertow/websocket/index.html
index a5bf9abb0..d9c553949 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/undertow/websocket/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/undertow/websocket/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/webservices/endpoint/index.html b/29/wildscribe/deployment/subdeployment/subsystem/webservices/endpoint/index.html
index ba7da7947..31dfe9b15 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/webservices/endpoint/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/webservices/endpoint/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subdeployment/subsystem/webservices/index.html b/29/wildscribe/deployment/subdeployment/subsystem/webservices/index.html
index 5f97c63a2..3e456c0c0 100644
--- a/29/wildscribe/deployment/subdeployment/subsystem/webservices/index.html
+++ b/29/wildscribe/deployment/subdeployment/subsystem/webservices/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/batch-jberet/index.html b/29/wildscribe/deployment/subsystem/batch-jberet/index.html
index 928aabd0b..bb979cd4c 100644
--- a/29/wildscribe/deployment/subsystem/batch-jberet/index.html
+++ b/29/wildscribe/deployment/subsystem/batch-jberet/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/batch-jberet/job/execution/index.html b/29/wildscribe/deployment/subsystem/batch-jberet/job/execution/index.html
index 7eb57ab56..257ef1131 100644
--- a/29/wildscribe/deployment/subsystem/batch-jberet/job/execution/index.html
+++ b/29/wildscribe/deployment/subsystem/batch-jberet/job/execution/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/batch-jberet/job/index.html b/29/wildscribe/deployment/subsystem/batch-jberet/job/index.html
index bbc7f179f..968bd8274 100644
--- a/29/wildscribe/deployment/subsystem/batch-jberet/job/index.html
+++ b/29/wildscribe/deployment/subsystem/batch-jberet/job/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/datasources/data-source/connection-properties/index.html b/29/wildscribe/deployment/subsystem/datasources/data-source/connection-properties/index.html
index d7f0e60da..df6a5952b 100644
--- a/29/wildscribe/deployment/subsystem/datasources/data-source/connection-properties/index.html
+++ b/29/wildscribe/deployment/subsystem/datasources/data-source/connection-properties/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The connection-properties element allows you to pass in arbitrary connection properties to the Driver.connect(url, props) method
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (1)
value Each connection-property specifies a string name/value pair with the property name coming from the name attribute and the value coming from the element content
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/datasources/data-source/index.html b/29/wildscribe/deployment/subsystem/datasources/data-source/index.html
index 3fccedb5b..fc99de9a0 100644
--- a/29/wildscribe/deployment/subsystem/datasources/data-source/index.html
+++ b/29/wildscribe/deployment/subsystem/datasources/data-source/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
connection-properties The connection-properties element allows you to pass in arbitrary connection properties to the Driver.connect(url, props) method
Attributes (65)
allocation-retry The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
allocation-retry-wait-millis The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
allow-multiple-users Specifies if multiple users will access the datasource through the getConnection(user, password) method and hence if the internal pool type should account for that
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
background-validation An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
background-validation-millis The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value can be done only on disabled datasource, requires a server restart otherwise
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
MILLISECONDS
Storage
runtime
Access Type
read-only
blocking-timeout-wait-millis The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time
capacity-incrementer-properties Properties to be injected in class defining the policy for incrementing connections in the pool
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
check-valid-connection-sql Specify an SQL statement to check validity of a pool connection. This may be called when managed connection is obtained from the pool
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
connectable Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
connection-listener-class Speciefies class name extending org.jboss.jca.adapters.jdbc.spi.listener.ConnectionListener that provides a possible to listen for connection activation and passivation in order to perform actions before the connection is returned to the application or returned to the pool.
credential-reference Credential (from Credential Store) to authenticate on data source
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
datasource-class The fully qualified name of the JDBC datasource class
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
driver-class The fully qualified name of the JDBC driver class
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
driver-name Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
runtime
Access Type
read-only
elytron-enabled Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
enabled Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Deprecated Since 3.0.0
Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
enlistment-trace Defines if WildFly/IronJacamar should record enlistment traces
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
exception-sorter-class-name An org.jboss.jca.adapters.jdbc.ExceptionSorter that provides an isExceptionFatal(SQLException) method to validate if an exception should broadcast an error
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
exception-sorter-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ExceptionSorter available
idle-timeout-minutes The idle-timeout-minutes elements specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
MINUTES
Storage
runtime
Access Type
read-only
initial-pool-size The initial-pool-size element indicates the initial number of connections a pool should hold.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
jndi-name Specifies the JNDI name for the datasource
security-domain Specifies the PicketBox security domain which defines the PicketBox javax.security.auth.Subject that are used to distinguish connections in the pool
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
set-tx-query-timeout Whether to set the query timeout based on the time remaining until transaction timeout. Any configured query timeout will be used if there is no transaction
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
share-prepared-statements Whether to share prepared statements, i.e. whether asking for same statement twice without closing uses the same underlying prepared statement
stale-connection-checker-class-name An org.jboss.jca.adapters.jdbc.StaleConnectionChecker that provides an isStaleConnection(SQLException) method which if it returns true will wrap the exception in an org.jboss.jca.adapters.jdbc.StaleConnectionException
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
stale-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.StaleConnectionChecker available
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
track-statements Whether to check for unclosed statements when a connection is returned to the pool, result sets are closed, a statement is closed or return to the prepared statement cache. Valid values are: "false" - do not track statements, "true" - track statements and result sets and warn when they are not closed, "nowarn" - track statements but do not warn about them being unclosed
Attribute
Value
Default Value
NOWARN
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
tracking Defines if IronJacamar should track connection handles across transaction boundaries
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
transaction-isolation Set the java.sql.Connection transaction isolation level. Valid values are: TRANSACTION_READ_UNCOMMITTED, TRANSACTION_READ_COMMITTED, TRANSACTION_REPEATABLE_READ, TRANSACTION_SERIALIZABLE and TRANSACTION_NONE. Different values are used to set customLevel using TransactionIsolation#customLevel
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
url-delimiter Specifies the delimiter for URLs in connection-url for HA datasources
use-ccm Enable the use of a cached connection manager
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-fast-fail Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false)
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-java-context Setting this to false will bind the datasource into global JNDI
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-try-lock Any configured timeout for internal locks on the resource adapter objects in seconds
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
user-name Specify the user name used when creating a new connection
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
valid-connection-checker-class-name An org.jboss.jca.adapters.jdbc.ValidConnectionChecker that provides an isValidConnection(Connection) method to validate a connection. If an exception is returned that means the connection is invalid. This overrides the check-valid-connection-sql element
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
valid-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ValidConnectionChecker available
validate-on-match The validate-on-match element specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/datasources/index.html b/29/wildscribe/deployment/subsystem/datasources/index.html
index 96b05d851..63281e527 100644
--- a/29/wildscribe/deployment/subsystem/datasources/index.html
+++ b/29/wildscribe/deployment/subsystem/datasources/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/datasources/xa-data-source/index.html b/29/wildscribe/deployment/subsystem/datasources/xa-data-source/index.html
index de3ea999a..f3fed5ec6 100644
--- a/29/wildscribe/deployment/subsystem/datasources/xa-data-source/index.html
+++ b/29/wildscribe/deployment/subsystem/datasources/xa-data-source/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allocation-retry The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
allocation-retry-wait-millis The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
allow-multiple-users Specifies if multiple users will access the datasource through the getConnection(user, password) method and hence if the internal pool type should account for that
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
background-validation An element to specify that connections should be validated on a background thread versus being validated prior to use.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
background-validation-millis The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
MILLISECONDS
Storage
runtime
Access Type
read-only
blocking-timeout-wait-millis The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time
check-valid-connection-sql Specify an SQL statement to check validity of a pool connection. This may be called when managed connection is obtained from the pool
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
connectable Enable the use of CMR for this datasource. This feature means that a local resource can reliably participate in an XA transaction.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
connection-listener-class Speciefies class name extending org.jboss.jca.adapters.jdbc.spi.listener.ConnectionListener that provides a possible to listen for connection activation and passivation in order to perform actions before the connection is returned to the application or returned to the pool.
credential-reference Credential (from Credential Store) to authenticate on data source
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
driver-name Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
runtime
Access Type
read-only
elytron-enabled Enables Elytron security for handling authentication of connections for recovery. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
enabled Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Deprecated Since 3.0.0
Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
enlistment-trace Defines if WildFly/IronJacamar should record enlistment traces
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
exception-sorter-class-name An org.jboss.jca.adapters.jdbc.ExceptionSorter that provides an isExceptionFatal(SQLException) method to validate if an exception should broadcast an error
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
exception-sorter-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ExceptionSorter available
idle-timeout-minutes The idle-timeout-minutes elements specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
MINUTES
Storage
runtime
Access Type
read-only
initial-pool-size The initial-pool-size element indicates the initial number of connections a pool should hold.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
interleaving An element to enable interleaving for XA connections
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
jndi-name Specifies the JNDI name for the datasource
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
runtime
Access Type
read-only
max-pool-size The max-pool-size element specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool
Attribute
Value
Default Value
20
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
mcp Defines the ManagedConnectionPool implementation, f.ex. org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool
min-pool-size The min-pool-size element specifies the minimum number of connections for a pool
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
new-connection-sql Specifies an SQL statement to execute whenever a connection is added to the connection pool
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
no-recovery Specifies if the connection pool should be excluded from recovery
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
no-tx-separate-pool Oracle does not like XA connections getting used both inside and outside a Jakarta Transactions transaction. To workaround the problem you can create separate sub-pools for the different contexts
recovery-authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
recovery-elytron-enabled Enables Elytron security for handling authentication of connections for recovery. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
same-rm-override The is-same-rm-override element allows one to unconditionally set whether the javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
security-domain Specifies the PicketBox security domain which defines the javax.security.auth.Subject that are used to distinguish connections in the pool
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
set-tx-query-timeout Whether to set the query timeout based on the time remaining until transaction timeout. Any configured query timeout will be used if there is no transaction
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
share-prepared-statements Whether to share prepared statements, i.e. whether asking for same statement twice without closing uses the same underlying prepared statement
stale-connection-checker-class-name An org.jboss.jca.adapters.jdbc.StaleConnectionChecker that provides an isStaleConnection(SQLException) method which if it returns true will wrap the exception in an org.jboss.jca.adapters.jdbc.StaleConnectionException
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
stale-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.StaleConnectionChecker available
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
track-statements Whether to check for unclosed statements when a connection is returned to the pool, result sets are closed, a statement is closed or return to the prepared statement cache. Valid values are: "false" - do not track statements, "true" - track statements and result sets and warn when they are not closed, "nowarn" - track statements but do not warn about them being unclosed
Attribute
Value
Default Value
NOWARN
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
tracking Defines if IronJacamar should track connection handles across transaction boundaries
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
transaction-isolation Set the java.sql.Connection transaction isolation level. Valid values are: TRANSACTION_READ_UNCOMMITTED, TRANSACTION_READ_COMMITTED, TRANSACTION_REPEATABLE_READ, TRANSACTION_SERIALIZABLE and TRANSACTION_NONE. Different values are used to set customLevel using TransactionIsolation#customLevel.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
url-delimiter Specifies the delimiter for URLs in connection-url for HA datasources
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
url-property Specifies the property for the URL property in the xa-datasource-property values
use-ccm Enable the use of a cached connection manager
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-fast-fail Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false)
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-java-context Setting this to false will bind the datasource into global JNDI
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-try-lock Any configured timeout for internal locks on the resource adapter objects in seconds
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
user-name Specify the user name used when creating a new connection
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
valid-connection-checker-class-name An org.jboss.jca.adapters.jdbc.ValidConnectionChecker that provides an isValidConnection(Connection) method to validate a connection. If an exception is returned that means the connection is invalid. This overrides the check-valid-connection-sql element
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
valid-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ValidConnectionChecker available
validate-on-match The validate-on-match element specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
wrap-xa-resource Should the XAResource instances be wrapped in an org.jboss.tm.XAResourceWrapper instance
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
xa-datasource-class The fully qualified name of the javax.sql.XADataSource implementation
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
xa-resource-timeout The value is passed to XAResource.setTransactionTimeout(), in seconds. Default is zero
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html b/29/wildscribe/deployment/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html
index 81892aa26..98d808116 100644
--- a/29/wildscribe/deployment/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html
+++ b/29/wildscribe/deployment/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (1)
value Specifies a property value to assign to the XADataSource implementation class. Each property is identified by the name attribute and the property value is given by the xa-datasource-property element content. The property is mapped onto the XADataSource implementation by looking for a JavaBeans style getter method for the property name. If found, the value of the property is set using the JavaBeans setter with the element text translated to the true property type using the java.beans.PropertyEditor
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/ejb3/index.html b/29/wildscribe/deployment/subsystem/ejb3/index.html
index 407be74cd..1c99da12d 100644
--- a/29/wildscribe/deployment/subsystem/ejb3/index.html
+++ b/29/wildscribe/deployment/subsystem/ejb3/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/ejb3/message-driven-bean/index.html b/29/wildscribe/deployment/subsystem/ejb3/message-driven-bean/index.html
index 0344306dd..d6f4ac990 100644
--- a/29/wildscribe/deployment/subsystem/ejb3/message-driven-bean/index.html
+++ b/29/wildscribe/deployment/subsystem/ejb3/message-driven-bean/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/ejb3/message-driven-bean/service/timer-service/index.html b/29/wildscribe/deployment/subsystem/ejb3/message-driven-bean/service/timer-service/index.html
index 1a701cb7e..97e357c18 100644
--- a/29/wildscribe/deployment/subsystem/ejb3/message-driven-bean/service/timer-service/index.html
+++ b/29/wildscribe/deployment/subsystem/ejb3/message-driven-bean/service/timer-service/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/ejb3/message-driven-bean/service/timer-service/timer/index.html b/29/wildscribe/deployment/subsystem/ejb3/message-driven-bean/service/timer-service/timer/index.html
index 4c86f08f0..a940e8298 100644
--- a/29/wildscribe/deployment/subsystem/ejb3/message-driven-bean/service/timer-service/timer/index.html
+++ b/29/wildscribe/deployment/subsystem/ejb3/message-driven-bean/service/timer-service/timer/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (8)
active Indicates whether this timer is active or suspended.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
calendar-timer Whether this timer is a calendar-based timer, or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
info Serializable information associated with timer.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
next-timeout The point in time (in ms since the epoch) at which the next timer expiration is scheduled to occur, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
persistent Whether this timer has persistent semantics or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
primary-key Primary key of Jakarta Enterprise Beans instance which started the timer.
Deprecated Since 9.0.0
Deprecated since entity beans are no longer supported.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
schedule The schedule expression corresponding to this timer or "undefined" if the timer was not created using a schedule expression, is expired, or has been cancelled.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
time-remaining The number of milliseconds that will elapse before the next scheduled timer expiration, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (4)
activate Activates timer after it has been suspended.
cancel Cancels timer and removes it from container.
suspend Suspends timer. No timeout will occur after this operation has been invoked. To reanimate timer, 'activate' operation is present.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/ejb3/singleton-bean/index.html b/29/wildscribe/deployment/subsystem/ejb3/singleton-bean/index.html
index dcc1baceb..15fac9dee 100644
--- a/29/wildscribe/deployment/subsystem/ejb3/singleton-bean/index.html
+++ b/29/wildscribe/deployment/subsystem/ejb3/singleton-bean/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/ejb3/singleton-bean/service/timer-service/index.html b/29/wildscribe/deployment/subsystem/ejb3/singleton-bean/service/timer-service/index.html
index 69d679d30..1055cd30a 100644
--- a/29/wildscribe/deployment/subsystem/ejb3/singleton-bean/service/timer-service/index.html
+++ b/29/wildscribe/deployment/subsystem/ejb3/singleton-bean/service/timer-service/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/ejb3/singleton-bean/service/timer-service/timer/index.html b/29/wildscribe/deployment/subsystem/ejb3/singleton-bean/service/timer-service/timer/index.html
index c08462335..1af321bad 100644
--- a/29/wildscribe/deployment/subsystem/ejb3/singleton-bean/service/timer-service/timer/index.html
+++ b/29/wildscribe/deployment/subsystem/ejb3/singleton-bean/service/timer-service/timer/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (8)
active Indicates whether this timer is active or suspended.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
calendar-timer Whether this timer is a calendar-based timer, or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
info Serializable information associated with timer.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
next-timeout The point in time (in ms since the epoch) at which the next timer expiration is scheduled to occur, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
persistent Whether this timer has persistent semantics or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
primary-key Primary key of Jakarta Enterprise Beans instance which started the timer.
Deprecated Since 9.0.0
Deprecated since entity beans are no longer supported.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
schedule The schedule expression corresponding to this timer or "undefined" if the timer was not created using a schedule expression, is expired, or has been cancelled.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
time-remaining The number of milliseconds that will elapse before the next scheduled timer expiration, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (4)
activate Activates timer after it has been suspended.
cancel Cancels timer and removes it from container.
suspend Suspends timer. No timeout will occur after this operation has been invoked. To reanimate timer, 'activate' operation is present.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/ejb3/stateful-session-bean/index.html b/29/wildscribe/deployment/subsystem/ejb3/stateful-session-bean/index.html
index 09164d352..6ccecf290 100644
--- a/29/wildscribe/deployment/subsystem/ejb3/stateful-session-bean/index.html
+++ b/29/wildscribe/deployment/subsystem/ejb3/stateful-session-bean/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
remove-methods The business methods of the stateful session bean indicating that the bean instance is to be removed after the completion of this method.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
run-as-role The run-as role (if any) for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
security-domain The security domain for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
stateful-timeout The amount of time a stateful session bean can be idle before it is eligible for removal by the container.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/index.html b/29/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/index.html
index 9d5e0f825..0fb5f2bd1 100644
--- a/29/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/index.html
+++ b/29/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/service/timer-service/index.html b/29/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/service/timer-service/index.html
index 0e5527893..2f71f5c15 100644
--- a/29/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/service/timer-service/index.html
+++ b/29/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/service/timer-service/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/service/timer-service/timer/index.html b/29/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/service/timer-service/timer/index.html
index aa0dd66b7..a2023bfd2 100644
--- a/29/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/service/timer-service/timer/index.html
+++ b/29/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/service/timer-service/timer/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (8)
active Indicates whether this timer is active or suspended.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
calendar-timer Whether this timer is a calendar-based timer, or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
info Serializable information associated with timer.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
next-timeout The point in time (in ms since the epoch) at which the next timer expiration is scheduled to occur, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
persistent Whether this timer has persistent semantics or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
primary-key Primary key of Jakarta Enterprise Beans instance which started the timer.
Deprecated Since 9.0.0
Deprecated since entity beans are no longer supported.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
schedule The schedule expression corresponding to this timer or "undefined" if the timer was not created using a schedule expression, is expired, or has been cancelled.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
time-remaining The number of milliseconds that will elapse before the next scheduled timer expiration, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (4)
activate Activates timer after it has been suspended.
cancel Cancels timer and removes it from container.
suspend Suspends timer. No timeout will occur after this operation has been invoked. To reanimate timer, 'activate' operation is present.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/jaxrs/index.html b/29/wildscribe/deployment/subsystem/jaxrs/index.html
index 05062c727..77b72f740 100644
--- a/29/wildscribe/deployment/subsystem/jaxrs/index.html
+++ b/29/wildscribe/deployment/subsystem/jaxrs/index.html
@@ -1,37 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/jaxrs/rest-resource/index.html b/29/wildscribe/deployment/subsystem/jaxrs/rest-resource/index.html
index b4e8d7fa5..c9b51c476 100644
--- a/29/wildscribe/deployment/subsystem/jaxrs/rest-resource/index.html
+++ b/29/wildscribe/deployment/subsystem/jaxrs/rest-resource/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/jpa/index.html b/29/wildscribe/deployment/subsystem/jpa/index.html
index 2a3bede6f..9a1d80d45 100644
--- a/29/wildscribe/deployment/subsystem/jpa/index.html
+++ b/29/wildscribe/deployment/subsystem/jpa/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
default-extended-persistence-inheritance Controls how Jakarta Persistence extended persistence context (XPC) inheritance is performed. 'DEEP' shares the extended persistence context at top bean level. 'SHALLOW' the extended persistece context is only shared with the parent bean (never with sibling beans).
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/logging/configuration/error-manager/index.html b/29/wildscribe/deployment/subsystem/logging/configuration/error-manager/index.html
index dfa021d4d..459bc11fe 100644
--- a/29/wildscribe/deployment/subsystem/logging/configuration/error-manager/index.html
+++ b/29/wildscribe/deployment/subsystem/logging/configuration/error-manager/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/logging/configuration/filter/index.html b/29/wildscribe/deployment/subsystem/logging/configuration/filter/index.html
index e923048eb..ce12219d7 100644
--- a/29/wildscribe/deployment/subsystem/logging/configuration/filter/index.html
+++ b/29/wildscribe/deployment/subsystem/logging/configuration/filter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/logging/configuration/formatter/index.html b/29/wildscribe/deployment/subsystem/logging/configuration/formatter/index.html
index 8ef12e6a5..d87c0c4df 100644
--- a/29/wildscribe/deployment/subsystem/logging/configuration/formatter/index.html
+++ b/29/wildscribe/deployment/subsystem/logging/configuration/formatter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/logging/configuration/handler/index.html b/29/wildscribe/deployment/subsystem/logging/configuration/handler/index.html
index 91b456556..5fd25c4d2 100644
--- a/29/wildscribe/deployment/subsystem/logging/configuration/handler/index.html
+++ b/29/wildscribe/deployment/subsystem/logging/configuration/handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/logging/configuration/index.html b/29/wildscribe/deployment/subsystem/logging/configuration/index.html
index 18db31319..936cf9035 100644
--- a/29/wildscribe/deployment/subsystem/logging/configuration/index.html
+++ b/29/wildscribe/deployment/subsystem/logging/configuration/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Information about the logging configuration for this deployment. Note that this may not be accurate if the deployment is using some other means of configuring a log manager such as logback. The resolved configuration is what loggers not covered by the deployments specific log manager would use.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (6)
error-manager Describes the configured error managers being used on a deployment.
filter Describes the configured filters being used on a deployment.
formatter Describes the configured formatters being used on a deployment.
handler Describes the configured handlers being used on a deployment.
logger Describes the configured loggers being used on a deployment.
pojo Describes the configured POJO's being used on a deployment.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/logging/configuration/logger/index.html b/29/wildscribe/deployment/subsystem/logging/configuration/logger/index.html
index 8302a87f7..68f669621 100644
--- a/29/wildscribe/deployment/subsystem/logging/configuration/logger/index.html
+++ b/29/wildscribe/deployment/subsystem/logging/configuration/logger/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/logging/configuration/pojo/index.html b/29/wildscribe/deployment/subsystem/logging/configuration/pojo/index.html
index 443a450c3..3a3883c64 100644
--- a/29/wildscribe/deployment/subsystem/logging/configuration/pojo/index.html
+++ b/29/wildscribe/deployment/subsystem/logging/configuration/pojo/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/logging/index.html b/29/wildscribe/deployment/subsystem/logging/index.html
index 13a5d9b57..9d7d54af6 100644
--- a/29/wildscribe/deployment/subsystem/logging/index.html
+++ b/29/wildscribe/deployment/subsystem/logging/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Information about the logging configuration for this deployment. Note that this may not be accurate if the deployment is using some other means of configuring a log manager such as logback. The resolved configuration is what loggers not covered by the deployments specific log manager would use.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
configuration The configuration being used for the deployment. For configurations within the deployment this is the path to the configuration file used. For logging profiles it's "profile-" followed by the name of the profile. Otherwise the value will be "default" to indicate it's using the logging configuration as defined by the logging subsystem.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/messaging-activemq/connection-factory/index.html b/29/wildscribe/deployment/subsystem/messaging-activemq/connection-factory/index.html
index 8d144cbf2..026e82ffd 100644
--- a/29/wildscribe/deployment/subsystem/messaging-activemq/connection-factory/index.html
+++ b/29/wildscribe/deployment/subsystem/messaging-activemq/connection-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
protocol-manager-factory The protocol manager factory used by this connection factory (it must implement org.apache.activemq.artemis.spi.core.remoting.ClientProtocolManagerFactory).
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
false
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
true
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
enable-amq1-prefix
BOOLEAN
false
true
true
Enable the use of ActiveMQ 1.5.x prefixes in the addresses.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
factory-type
STRING
false
true
GENERIC
The type of connection factory.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
false
Whether the connection factory supports High Availability.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this connection factory (it must implement org.apache.activemq.artemis.spi.core.remoting.ClientProtocolManagerFactory).
reconnect-attempts
INT
false
true
0
The reconnect attempts.
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/messaging-activemq/external-jms-queue/index.html b/29/wildscribe/deployment/subsystem/messaging-activemq/external-jms-queue/index.html
index c063ef652..7b5ba598a 100644
--- a/29/wildscribe/deployment/subsystem/messaging-activemq/external-jms-queue/index.html
+++ b/29/wildscribe/deployment/subsystem/messaging-activemq/external-jms-queue/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/messaging-activemq/external-jms-topic/index.html b/29/wildscribe/deployment/subsystem/messaging-activemq/external-jms-topic/index.html
index f035d5b8c..7e036b042 100644
--- a/29/wildscribe/deployment/subsystem/messaging-activemq/external-jms-topic/index.html
+++ b/29/wildscribe/deployment/subsystem/messaging-activemq/external-jms-topic/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/messaging-activemq/index.html b/29/wildscribe/deployment/subsystem/messaging-activemq/index.html
index 6e5daad68..01d83caa4 100644
--- a/29/wildscribe/deployment/subsystem/messaging-activemq/index.html
+++ b/29/wildscribe/deployment/subsystem/messaging-activemq/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/messaging-activemq/pooled-connection-factory/index.html b/29/wildscribe/deployment/subsystem/messaging-activemq/pooled-connection-factory/index.html
index b65611bf2..76f629518 100644
--- a/29/wildscribe/deployment/subsystem/messaging-activemq/pooled-connection-factory/index.html
+++ b/29/wildscribe/deployment/subsystem/messaging-activemq/pooled-connection-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allow-local-transactions Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
credential-reference Credential (from Credential Store) to authenticate the pooled connection factory
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
enable-amq1-prefix Enable the use of ActiveMQ 1.5.x prefixes in the addresses.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
enlistment-trace Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
entries The jndi names the connection factory should be bound to.
use-jndi Use JNDI to locate the destination for incoming connections
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
use-local-tx Use a local transaction for incoming sessions
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
user The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
true
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate the pooled connection factory
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
false
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
enable-amq1-prefix
BOOLEAN
false
true
true
Enable the use of ActiveMQ 1.5.x prefixes in the addresses.
enlistment-trace
BOOLEAN
false
true
Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
true
Whether the connection factory supports High Availability.
initial-connect-attempts
INT
false
true
-1
The number of attempts to connect initially with this factory.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
managed-connection-pool
STRING
false
true
The class name of the managed connection pool used by this pooled-connection-factory.
max-pool-size
INT
false
true
20
The maximum size for the pool
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
min-pool-size
INT
false
true
0
The minimum size for the pool
password
STRING
false
true
The default password to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this pooled connection factory.
reconnect-attempts
INT
false
true
-1
The reconnect attempts. By default, a pooled connection factory will try to reconnect infinitely to the messaging server(s).
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction
STRING
false
true
xa
The type of transaction supported by this pooled connection factory (can be LOCAL, NONE or XA, default is XA).
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-auto-recovery
BOOLEAN
false
true
true
True to use auto recovery.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
user
STRING
false
true
The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
jndi-params
STRING
false
true
The JNDI params to use for locating the destination for incoming connections.
rebalance-connections
BOOLEAN
false
true
false
Rebalance inbound connections when cluster topology changes.
setup-attempts
INT
false
true
The number of times to set up an MDB endpoint
setup-interval
LONG
false
true
The interval between attempts at setting up an MDB endpoint.
use-jndi
BOOLEAN
false
true
Use JNDI to locate the destination for incoming connections
use-local-tx
BOOLEAN
false
true
Use a local transaction for incoming sessions
allow-local-transactions
BOOLEAN
false
true
false
Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/messaging-activemq/server/index.html b/29/wildscribe/deployment/subsystem/messaging-activemq/server/index.html
index 77d13f947..4793bbb46 100644
--- a/29/wildscribe/deployment/subsystem/messaging-activemq/server/index.html
+++ b/29/wildscribe/deployment/subsystem/messaging-activemq/server/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/messaging-activemq/server/jms-queue/index.html b/29/wildscribe/deployment/subsystem/messaging-activemq/server/jms-queue/index.html
index 2898569bf..dcd54a357 100644
--- a/29/wildscribe/deployment/subsystem/messaging-activemq/server/jms-queue/index.html
+++ b/29/wildscribe/deployment/subsystem/messaging-activemq/server/jms-queue/index.html
@@ -1,159 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/messaging-activemq/server/jms-topic/index.html b/29/wildscribe/deployment/subsystem/messaging-activemq/server/jms-topic/index.html
index 62e921a61..50805fb4a 100644
--- a/29/wildscribe/deployment/subsystem/messaging-activemq/server/jms-topic/index.html
+++ b/29/wildscribe/deployment/subsystem/messaging-activemq/server/jms-topic/index.html
@@ -1,377 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/messaging-activemq/server/pooled-connection-factory/index.html b/29/wildscribe/deployment/subsystem/messaging-activemq/server/pooled-connection-factory/index.html
index 70bf35df4..057c41602 100644
--- a/29/wildscribe/deployment/subsystem/messaging-activemq/server/pooled-connection-factory/index.html
+++ b/29/wildscribe/deployment/subsystem/messaging-activemq/server/pooled-connection-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allow-local-transactions Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
credential-reference Credential (from Credential Store) to authenticate the pooled connection factory
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
enlistment-trace Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
entries The jndi names the connection factory should be bound to.
use-jndi Use JNDI to locate the destination for incoming connections
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
use-local-tx Use a local transaction for incoming sessions
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
user The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
true
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate the pooled connection factory
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
false
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
enlistment-trace
BOOLEAN
false
true
Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
false
Whether the connection factory supports High Availability.
initial-connect-attempts
INT
false
true
1
The number of attempts to connect initially with this factory.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
managed-connection-pool
STRING
false
true
The class name of the managed connection pool used by this pooled-connection-factory.
max-pool-size
INT
false
true
20
The maximum size for the pool
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
min-pool-size
INT
false
true
0
The minimum size for the pool
password
STRING
false
true
The default password to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this pooled connection factory.
reconnect-attempts
INT
false
true
-1
The reconnect attempts. By default, a pooled connection factory will try to reconnect infinitely to the messaging server(s).
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction
STRING
false
true
xa
The type of transaction supported by this pooled connection factory (can be LOCAL, NONE or XA, default is XA).
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-auto-recovery
BOOLEAN
false
true
true
True to use auto recovery.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
user
STRING
false
true
The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
jndi-params
STRING
false
true
The JNDI params to use for locating the destination for incoming connections.
rebalance-connections
BOOLEAN
false
true
false
Rebalance inbound connections when cluster topology changes.
setup-attempts
INT
false
true
The number of times to set up an MDB endpoint
setup-interval
LONG
false
true
The interval between attempts at setting up an MDB endpoint.
use-jndi
BOOLEAN
false
true
Use JNDI to locate the destination for incoming connections
use-local-tx
BOOLEAN
false
true
Use a local transaction for incoming sessions
allow-local-transactions
BOOLEAN
false
true
false
Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/resource-adapters/index.html b/29/wildscribe/deployment/subsystem/resource-adapters/index.html
index c7a60909b..6296e2e6a 100644
--- a/29/wildscribe/deployment/subsystem/resource-adapters/index.html
+++ b/29/wildscribe/deployment/subsystem/resource-adapters/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/index.html b/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/index.html
index 51e63969f..a501fe7f7 100644
--- a/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/index.html
+++ b/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/config-properties/index.html b/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/config-properties/index.html
index 4989c8508..5b6b85370 100644
--- a/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/config-properties/index.html
+++ b/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/config-properties/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/index.html b/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/index.html
index 99e7f17ce..926448229 100644
--- a/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/index.html
+++ b/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/config-properties/index.html b/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/config-properties/index.html
index 9348e5255..4e8bb70bc 100644
--- a/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/config-properties/index.html
+++ b/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/config-properties/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/config-properties/index.html b/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/config-properties/index.html
index 93922ad5c..32650cb85 100644
--- a/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/config-properties/index.html
+++ b/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/config-properties/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/index.html b/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/index.html
index 635422a64..158b85e7f 100644
--- a/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/index.html
+++ b/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allocation-retry The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
allocation-retry-wait-millis The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-context-and-application Indicates that either application-supplied parameters, such as from getConnection(user, pw), or Subject (provided by Elytron after authenticating using configured authentication-context), are used to distinguish connections in the pool.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
background-validation An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value requires a server restart.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
background-validation-millis The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value requires a server restart.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
blocking-timeout-wait-millis The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time.
class-name Specifies the fully qualified class name of a managed connection factory or admin object.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
connectable Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
elytron-enabled Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enabled Specifies if the resource adapter should be enabled.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enlistment Defines if lazy enlistment should be used if supported by the resource adapter.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enlistment-trace Defines if WildFly/IronJacamar should record enlistment traces.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
flush-strategy Specifies how the pool should be flushed in case of an error.
idle-timeout-minutes Specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value requires a server restart.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
MINUTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
initial-pool-size Specifies the initial number of connections a pool should hold.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
interleaving An element to enable interleaving for XA connections.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
jndi-name Specifies the JNDI name for the connection factory.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-pool-size Specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool.
Attribute
Value
Default Value
20
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
mcp Defines the ManagedConnectionPool implementation. For example: org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
min-pool-size Specifies the minimum number of connections for a pool.
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
no-recovery Specifies if the connection pool should be excluded from recovery.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
no-tx-separate-pool Oracle does not like XA connections getting used both inside and outside a JTA transaction. To workaround the problem you can create separate sub-pools for the different contexts.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
pad-xid Specifies whether the Xid should be padded.
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
same-rm-override Using this attribute, you can unconditionally set whether javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-application Indicates that application-supplied parameters, such as from getConnection(user, pw), are used to distinguish connections in the pool.
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-domain Specifies the PicketBox security domain which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-domain-and-application Indicates that either application-supplied parameters, such as from getConnection(user, pw) are used to distinguish connections in the pool.
Deprecated Since 6.1.0
PicketBox is no longer supported. Use Elytron configuration instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
sharable Enable the use of sharable connections, which allows lazy association to be enabled if supported.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
tracking Defines if IronJacamar should track connection handles across transaction boundaries.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-ccm Enable the use of a cached connection manager.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-fast-fail Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false).
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-java-context Setting this to false will bind the object into global JNDI.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
validate-on-match This specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
wrap-xa-resource Specifies whether XAResource instances should be wrapped in an org.jboss.tm.XAResourceWrapper instance.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
xa-resource-timeout The value is passed to XAResource.setTransactionTimeout(), in seconds.
The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception.
allocation-retry-wait-millis
LONG
false
true
The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection.
authentication-context
STRING
false
false
The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
authentication-context-and-application
STRING
false
false
Indicates that either application-supplied parameters, such as from getConnection(user, pw), or Subject (provided by Elytron after authenticating using configured authentication-context), are used to distinguish connections in the pool.
background-validation
BOOLEAN
false
true
An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value requires a server restart.
background-validation-millis
LONG
false
true
The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value requires a server restart.
blocking-timeout-wait-millis
LONG
false
true
The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time.
capacity-decrementer-class
STRING
false
true
Class defining the policy for decrementing connections in the pool.
capacity-decrementer-properties
OBJECT
false
true
Properties to inject in class defining the policy for decrementing connections in the pool.
capacity-incrementer-class
STRING
false
true
Class defining the policy for incrementing connections in the pool.
capacity-incrementer-properties
OBJECT
false
true
Properties to inject in class defining the policy for incrementing connections in the pool.
class-name
STRING
true
true
Specifies the fully qualified class name of a managed connection factory or admin object.
connectable
BOOLEAN
false
true
false
Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
elytron-enabled
BOOLEAN
false
true
false
Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
enabled
BOOLEAN
false
true
true
Specifies if the resource adapter should be enabled.
enlistment
BOOLEAN
false
true
true
Defines if lazy enlistment should be used if supported by the resource adapter.
enlistment-trace
BOOLEAN
false
true
false
Defines if WildFly/IronJacamar should record enlistment traces.
flush-strategy
STRING
false
true
FailingConnectionOnly
Specifies how the pool should be flushed in case of an error.
idle-timeout-minutes
LONG
false
true
Specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value requires a server restart.
initial-pool-size
INT
false
true
Specifies the initial number of connections a pool should hold.
interleaving
BOOLEAN
false
true
false
An element to enable interleaving for XA connections.
jndi-name
STRING
true
true
Specifies the JNDI name for the connection factory.
max-pool-size
INT
false
true
20
Specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool.
mcp
STRING
false
true
Defines the ManagedConnectionPool implementation. For example: org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.
min-pool-size
INT
false
true
0
Specifies the minimum number of connections for a pool.
no-recovery
BOOLEAN
false
true
false
Specifies if the connection pool should be excluded from recovery.
no-tx-separate-pool
BOOLEAN
false
true
false
Oracle does not like XA connections getting used both inside and outside a JTA transaction. To workaround the problem you can create separate sub-pools for the different contexts.
pad-xid
BOOLEAN
false
true
false
Specifies whether the Xid should be padded.
pool-fair
BOOLEAN
false
true
true
Defines if pool use should be fair.
pool-prefill
BOOLEAN
false
true
false
Specifies if the pool should be prefilled. Changing this value requires a server restart.
pool-use-strict-min
BOOLEAN
false
true
false
Specifies if the min-pool-size should be considered strict.
recovery-authentication-context
STRING
false
false
The Elytron authentication context used for recovery (current authentication-context will be used if unspecified).
recovery-credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate on recovery connection
recovery-elytron-enabled
BOOLEAN
false
true
false
Indicates that an Elytron authentication context will be used for recovery.
recovery-password
STRING
false
true
The password used for recovery.
recovery-plugin-class-name
STRING
false
true
The fully qualified class name of the recovery plugin implementation.
recovery-plugin-properties
OBJECT
false
true
The properties for the recovery plugin.
recovery-security-domain
STRING
false
true
The PicketBox security domain used for recovery.
recovery-username
STRING
false
true
The user name used for recovery.
same-rm-override
BOOLEAN
false
true
Using this attribute, you can unconditionally set whether javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false.
security-application
BOOLEAN
false
true
false
Indicates that application-supplied parameters, such as from getConnection(user, pw), are used to distinguish connections in the pool.
security-domain
STRING
false
true
Specifies the PicketBox security domain which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
security-domain-and-application
STRING
false
true
Indicates that either application-supplied parameters, such as from getConnection(user, pw) are used to distinguish connections in the pool.
sharable
BOOLEAN
false
true
true
Enable the use of sharable connections, which allows lazy association to be enabled if supported.
tracking
BOOLEAN
false
true
Defines if IronJacamar should track connection handles across transaction boundaries.
use-ccm
BOOLEAN
false
true
true
Enable the use of a cached connection manager.
use-fast-fail
BOOLEAN
false
true
false
Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false).
use-java-context
BOOLEAN
false
true
true
Setting this to false will bind the object into global JNDI.
validate-on-match
BOOLEAN
false
true
This specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation.
wrap-xa-resource
BOOLEAN
false
true
true
Specifies whether XAResource instances should be wrapped in an org.jboss.tm.XAResourceWrapper instance.
xa-resource-timeout
INT
false
true
The value is passed to XAResource.setTransactionTimeout(), in seconds.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/index.html b/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/index.html
index d1c003613..f4b1433dc 100644
--- a/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/index.html
+++ b/29/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
beanvalidationgroups Specifies the Jakarta Bean Validation groups that should be used.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
bootstrap-context Specifies the unique name of the bootstrap context that should be used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
module Specifies the module from which resource adapter will be loaded
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
transaction-support Specifies the transaction support level of the resource adapter. This attribute allows expressions, but only simple expressions resolved from environment variables or system properties are supported. Nested expressions and resolution from vaults or credential stores are not supported.
wm-security-domain Defines the name of the PicketBox security domain that should be used.
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security
activate Force the resource adapter config activation without server reload.
add Add a new resource adapter. At least one of ARCHIVE or MODULE is required.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
archive
STRING
false
false
Specifies the resource adapter archive.
beanvalidationgroups
LIST
false
true
Specifies the Jakarta Bean Validation groups that should be used.
bootstrap-context
STRING
false
true
Specifies the unique name of the bootstrap context that should be used.
module
STRING
false
false
Specifies the module from which resource adapter will be loaded
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled or not.
transaction-support
STRING
false
true
Specifies the transaction support level of the resource adapter. This attribute allows expressions, but only simple expressions resolved from environment variables or system properties are supported. Nested expressions and resolution from vaults or credential stores are not supported.
wm-elytron-security-domain
STRING
false
true
Defines the name of the Elytron security domain that should be used.
wm-security
BOOLEAN
false
true
false
Toggle on/off wm.security for this resource adapter. In case of false all wm-security-* parameters are ignored, even the defaults.
wm-security-default-groups
LIST
false
true
Defines a default groups list that should be added to the used Subject instance.
wm-security-default-principal
STRING
false
true
Defines a default principal name that should be added to the used Subject instance.
wm-security-domain
STRING
false
true
other
Defines the name of the PicketBox security domain that should be used.
wm-security-mapping-groups
LIST
false
false
List of groups mappings.
wm-security-mapping-required
BOOLEAN
false
true
false
Defines if a mapping is required for security credentials.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/undertow/index.html b/29/wildscribe/deployment/subsystem/undertow/index.html
index 218342c12..be6d67048 100644
--- a/29/wildscribe/deployment/subsystem/undertow/index.html
+++ b/29/wildscribe/deployment/subsystem/undertow/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/undertow/servlet/index.html b/29/wildscribe/deployment/subsystem/undertow/servlet/index.html
index 0f2bfec4a..1174248b7 100644
--- a/29/wildscribe/deployment/subsystem/undertow/servlet/index.html
+++ b/29/wildscribe/deployment/subsystem/undertow/servlet/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/undertow/websocket/index.html b/29/wildscribe/deployment/subsystem/undertow/websocket/index.html
index b96be7927..e8fe85719 100644
--- a/29/wildscribe/deployment/subsystem/undertow/websocket/index.html
+++ b/29/wildscribe/deployment/subsystem/undertow/websocket/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/webservices/endpoint/index.html b/29/wildscribe/deployment/subsystem/webservices/endpoint/index.html
index 9800dfee7..a818529b1 100644
--- a/29/wildscribe/deployment/subsystem/webservices/endpoint/index.html
+++ b/29/wildscribe/deployment/subsystem/webservices/endpoint/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/deployment/subsystem/webservices/index.html b/29/wildscribe/deployment/subsystem/webservices/index.html
index 8a5c4defa..03a861076 100644
--- a/29/wildscribe/deployment/subsystem/webservices/index.html
+++ b/29/wildscribe/deployment/subsystem/webservices/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/extension/index.html b/29/wildscribe/extension/index.html
index 89ad29ef6..88314b093 100644
--- a/29/wildscribe/extension/index.html
+++ b/29/wildscribe/extension/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A module that extends the standard capabilities of a domain or a standalone server.
Children (1)
subsystem A subsystem provided by the extension. What is provided here is information about the xml schema and management interface provided by the subsystem, not the configuration of the subsystem itself.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/extension/subsystem/index.html b/29/wildscribe/extension/subsystem/index.html
index fdb9bd851..2e30f8054 100644
--- a/29/wildscribe/extension/subsystem/index.html
+++ b/29/wildscribe/extension/subsystem/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A subsystem provided by the extension. What is provided here is information about the xml schema and management interface provided by the subsystem, not the configuration of the subsystem itself.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (4)
management-major-version Major version of the subsystem's management interface. May be undefined if the subsystem does not currently provide a versioned management interface.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
management-micro-version Micro version of the subsystem's management interface. May be undefined if the subsystem does not currently provide a versioned management interface.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Min
0
Max
2,147,483,647
Storage
runtime
Access Type
read-only
management-minor-version Minor version of the subsystem's management interface. May be undefined if the subsystem does not currently provide a versioned management interface.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Min
0
Max
2,147,483,647
Storage
runtime
Access Type
read-only
xml-namespaces A list of URIs for the XML namespaces supported by the subsystem's XML parser. May be empty if the extension did not clearly associate an XML namespace with a particular subsystem.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/index.html b/29/wildscribe/index.html
index 7dad92891..2363e7688 100644
--- a/29/wildscribe/index.html
+++ b/29/wildscribe/index.html
@@ -1,232 +1,11 @@
- WildFly Full 29 Model Reference
WildFly Full 29 Model Reference
home
The root node of the server-level management model.
Children (9)
core-service Core services provided by the server.
platform-mbean Provides the management interface for monitoring and management of the Java virtual machine as well as the operating system on which the Java virtual machine is running. Exposes the JDK-provided JMX MBeans in the java.lang and java.nio JMX domains.
launch-type The manner in which the server process was launched. Either "DOMAIN" for a domain mode server launched by a Host Controller, "STANDALONE" for a standalone server launched from the command line, or "EMBEDDED" for a standalone server launched as an embedded part of an application running in the same virtual machine.
management-major-version The major version of the WildFly Core kernel management interface that is provided by this server.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-only
management-micro-version The micro version of the WildFly Core kernel management interface that is provided by this server.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-only
management-minor-version The minor version of the WildFly Core kernel management interface that is provided by this server.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-only
name The name of this server. If not set, defaults to the runtime value of InetAddress.getLocalHost().getHostName().
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
namespaces Map of namespaces used in the configuration XML document, where keys are namespace prefixes and values are schema URIs.
Attribute
Value
Type
OBJECT
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
organization Identification of the current organization running this server.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
process-type The type of process represented by this root resource. Always has a value of "Server" for a server resource.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
product-name The name of the WildFly Core based product that is being run by this server.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
product-version The version of the WildFly Core based product release that is being run by this server.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
profile-name The name of the server's configuration profile.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
release-codename The codename of the WildFly Core release this server is running.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
release-version The version of the WildFly Core release this server is running.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
running-mode The current running mode of the server. Either NORMAL (normal operations) or ADMIN_ONLY. An ADMIN_ONLY server will start any configured management interfaces and accept management requests, but will not start services used for handling end user requests.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Allowed Values
NORMAL ADMIN_ONLY
runtime-configuration-state The current persistent configuration state, one of starting, ok, reload-required, restart-required, stopping or stopped.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
schema-locations Map of locations of XML schemas used in the configuration XML document, where keys are schema URIs and values are locations where the schema can be found.
Attribute
Value
Type
OBJECT
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
server-state The current state of the server controller; either STARTING, RUNNING, RESTART_REQUIRED, RELOAD_REQUIRED or STOPPING.
add-namespace Adds a namespace prefix mapping to the namespaces attribute's map.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
namespace
STRING
true
false
The prefix of the namespace to add
uri
STRING
true
false
The schema uri of the namespace to add.
add-schema-location Adds a schema location mapping to the schema-locations attribute's map.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
schema-location
STRING
true
false
The location where the added schema can be found.
uri
STRING
true
false
The uri of the schema location to add
clean-obsolete-content Clean contents that are not referenced anymore from the content repository.
Reply properties
Two lists of hashes of content items: those that were marked as obsolete and those that were removed from the repository.
type
OBJECT
Value Type
{
- "marked-contents" => {
- "type" => LIST,
- "description" => "List of hashes of content items that were marked as obsolete, making the eligible for future removal from the content repository",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 0L,
- "max-length" => 2147483647L,
- "value-type" => STRING
- },
- "deleted-contents" => {
- "type" => LIST,
- "description" => "List of hashes of content items that were removed from the content repository",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 0L,
- "max-length" => 2147483647L,
- "value-type" => STRING
- }
-}
composite An operation that groups multiple operation requests into a single operation request.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
steps
LIST
true
false
A list of the operation requests that constitute the composite request.
Reply properties
A composite operation response that consists of all the step results.
type
OBJECT
Value Type
OBJECT
delete-snapshot Deletes a snapshot from the snapshots directory
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
name
STRING
true
false
The name of the snapshot to delete. The whole name is not needed, as long as what is passed in uniquely identifies a snapshot within the snapshots directory. If 'all' is used, all snapshots in the snapshot directory will be deleted.
full-replace-deployment Add previously uploaded deployment content to the list of content available for use, replace existing content of the same name in the runtime, and remove the replaced content from the list of content available for use. This is equivalent to an 'add', 'undeploy', 'deploy', 'remove' sequence where the new content has the same name as the content being replaced. Precisely one of 'runtime-name', 'hash', 'input-stream-index', 'bytes' or 'url' must be specified.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
name
STRING
true
false
Unique identifier of the deployment. Must be unique across all deployments.
runtime-name
STRING
false
false
Name by which the deployment should be known within a server's runtime. This would be equivalent to the file name of a deployment file, and would form the basis for such things as default Java Enterprise Edition application and module names. This would typically be the same as 'name', but in some cases users may wish to have two deployments with the same 'runtime-name' (e.g. two versions of "foo.war") both available in the deployment content repository, in which case the deployments would need to have distinct 'name' values but would have the same 'runtime-name'.
content
LIST
true
false
List of pieces of content that comprise the deployment.
enabled
BOOLEAN
false
false
false
Boolean indicating whether the replacement deployment content should be deployed in the runtime (or should be deployed in the runtime the next time the server starts.) An undefined value indicates the state of the existing deployment should be retained.
a list of filter criteria tuples (i.e. 'running=true')
Reply properties
type
LIST
Value Type
OBJECT
read-attribute Gets the value of an attribute for the selected resource
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
resolve-expressions
BOOLEAN
false
false
false
Resolves expressions to current runtime values. Will only resolve against basic resolution sources like system properties and environment variables; expressions requiring resolution using other sources will not be resolved.
name
STRING
true
false
The name of the attribute to get the value for under the selected resource
include-defaults
BOOLEAN
false
false
true
Boolean to enable/disable default reading. In case it is set to false only attribute set by user are returned ignoring undefined.
Reply properties
The value of the attribute. The type will be that of the attribute found
Whether to include runtime attributes (i.e. those whose value does not come from the persistent configuration) in the response. If absent, false is the default.
include-defaults
BOOLEAN
false
false
true
Boolean to enable/disable default reading. In case it is set to false only attribute set by user are returned ignoring undefined.
read-children-names Gets the names of all children under the selected resource with the given type
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
child-type
STRING
true
false
The name of the node under which to get the children names
include-singletons
BOOLEAN
false
false
false
If 'true' include the allowed values for any singleton registration, even if no resource currently exists with that name.
Reply properties
The children names
type
LIST
Value Type
STRING
read-children-resources Reads information about all of a resource's children that are of a given type
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
child-type
STRING
true
false
The name of the resource under which to get the child resources
recursive
BOOLEAN
false
false
Whether to get the children recursively. If absent, false is the default
recursive-depth
INT
false
false
The depth to which information about child resources should be included.
proxies
BOOLEAN
false
false
false
Whether to include remote resources in a recursive query (i.e. host level resources in a query of the domain root; running server resources in a query of a host). If absent, false is the default
include-runtime
BOOLEAN
false
false
false
Whether to include runtime attributes (i.e. those whose value does not come from the persistent configuration) in the response. If absent, false is the default. Ignored if the 'recursive' parameter is set to 'true'; i.e. runtime attributes can only be read in non-recursive queries.
include-defaults
BOOLEAN
false
false
true
Boolean to enable/disable default reading. In case it is set to false only attribute set by user are returned ignoring undefined.
Reply properties
The children resources
type
LIST
Value Type
OBJECT
read-children-types Gets the type names of all the children under the selected resource
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
include-aliases
BOOLEAN
false
false
false
If 'true' include children which are aliases.
include-singletons
BOOLEAN
false
false
false
If 'true' include the full key/value pair for any singleton registration.
Reply properties
The children types
type
LIST
Value Type
STRING
read-config-as-xml Reads the current configuration and returns it in XML format.
Whether or not to include information about what rights the current user has on the operation.
Reply properties
type
OBJECT
read-operation-names Gets the names of all the operations for the given resource
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
access-control
BOOLEAN
false
false
false
If 'true' only operations the user is allowed to see are returned, and filtered operations are listed in the 'access-control' response header.
Reply properties
The operation names
type
LIST
Value Type
STRING
read-resource Reads a model resource's attribute values along with either basic or complete information about any child resources
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
resolve-expressions
BOOLEAN
false
false
false
Resolves expressions to current runtime values. Will only resolve against basic resolution sources like system properties and environment variables; expressions requiring resolution using other sources will not be resolved.
recursive
BOOLEAN
false
false
Whether to include complete information about child resources, recursively. If absent, false is the default
recursive-depth
INT
false
false
The depth to which information about child resources should be included.
proxies
BOOLEAN
false
false
false
Whether to include remote resources in a recursive query (i.e. host level resources in a query of the domain root; running server resources in a query of a host). If absent, false is the default.
include-runtime
BOOLEAN
false
false
false
Whether to include runtime attributes (i.e. those whose value does not come from the persistent configuration) in the response. If absent, false is the default.
include-defaults
BOOLEAN
false
false
true
Boolean to enable/disable default reading. In case it is set to false only attribute set by user are returned ignoring undefined.
attributes-only
BOOLEAN
false
false
false
Whether or not to only read the attributes on the specified resource. Cannot be used in conjunction with 'recursive' or 'recursive-depth'.
include-aliases
BOOLEAN
false
false
false
If 'true' and recursive, include children which are aliases.
Reply properties
The resource's attribute values along with information about any child resources
type
OBJECT
read-resource-description Gets the description of a resource's attributes, types of children and, optionally, operations
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
operations
BOOLEAN
false
false
false
Whether to include descriptions of the resource's operations. Default is false
notifications
BOOLEAN
false
false
false
Whether to include descriptions of the resource's notifications. Default is false
inherited
BOOLEAN
false
false
true
If 'operations' is true, whether to include descriptions of the resource's inherited operations. Default is true.
recursive
BOOLEAN
false
false
Whether to include recursively descriptions of child resources. Default is false.
recursive-depth
INT
false
false
The depth to which information about child resources should be included.
proxies
BOOLEAN
false
false
false
Whether to include remote resources in a recursive query (i.e. host level resources in a query of the domain root; running server resources in a query of a host). If absent, false is the default
include-aliases
BOOLEAN
false
false
false
If 'true' and recursive, include children which are aliases.
access-control
STRING
false
false
none
Include information about what rights the current user has on the actual resources, attributes and operations.
locale
STRING
false
false
The locale to get the resource description in. If null, the default locale will be used
Reply properties
The description of the resource
type
OBJECT
reload Reloads the server by shutting down all its services and starting again. The JVM itself is not restarted.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
admin-only
BOOLEAN
false
false
false
Whether the server should start in running mode ADMIN_ONLY when it restarts. An ADMIN_ONLY server will start any configured management interfaces and accept management requests, but will not start services used for handling end user requests.
use-current-server-config
BOOLEAN
false
false
true
Only has an effect if --read-only-server-config was specified when starting the server. In that case, if this parameter is set to false the reloaded server loads the original configuration version; if null or true the current runtime version of the model is used.
server-config
STRING
false
false
Use to override the name of the server config to use for the reloaded server. When making changes to the model after the reload, the changes will still be persisted to the original server configuration file that was first used to boot up the server. This parameter is resolved the same way as the --server-config command-line option.
start-mode
STRING
false
false
normal
Can be either normal, suspend or admin-only. If it is suspend the server will be started in suspended mode, if it is admin only the server will be started in admin-only mode.
remove-namespace Removes a namespace prefix mapping from the namespaces attribute's map.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
namespace
STRING
true
false
The prefix of the namespace to remove.
remove-schema-location Removes a schema location mapping from the schema-locations attribute's map.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
uri
STRING
true
false
The URI of the schema location to remove.
replace-deployment Replace existing content in the runtime with new content. The new content must have been previously uploaded to the deployment content repository.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
to-replace
STRING
true
false
The name of the content that is to be replaced.
name
STRING
true
false
The name of the new content.
runtime-name
STRING
false
false
Name by which the deployment should be known within a server's runtime. This would be equivalent to the file name of a deployment file, and would form the basis for such things as default Java Enterprise Edition application and module names. This would typically be the same as 'name', but in some cases users may wish to have two deployments with the same 'runtime-name' (e.g. two versions of "foo.war") both available in the deployment content repository, in which case the deployments would need to have distinct 'name' values but would have the same 'runtime-name'.
content
LIST
false
false
List of pieces of content that comprise the deployment.
resolve-expression Operation that accepts an expression as input (or a string that can be parsed into an expression) and resolves it against the local system properties and environment variables. Expressions requiring resolution using other sources will not be resolved.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
expression
STRING
false
true
The expression to resolve.
Reply properties
The resolved expression, or the string form of the original input value if it did not represent an expression that could be resolved against the local system properties and environment variables.
type
STRING
resolve-internet-address Takes a set of interface resolution criteria and finds an IP address on the local machine that matches the criteria, or fails if no matching IP address can be found.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
any-address
BOOLEAN
false
false
Any address
inet-address
STRING
false
true
Inet address
link-local-address
BOOLEAN
false
false
Link local address
loopback
BOOLEAN
false
false
Loopback
loopback-address
STRING
false
true
Loopback address
multicast
BOOLEAN
false
false
Multicast
nic
STRING
false
true
NIC
nic-match
STRING
false
true
NIC match
point-to-point
BOOLEAN
false
false
Point to point
public-address
BOOLEAN
false
false
Public address
site-local-address
BOOLEAN
false
false
Site local address
subnet-match
STRING
false
true
Subnet match
up
BOOLEAN
false
false
Up
virtual
BOOLEAN
false
false
Virtual
any
OBJECT
false
false
any
not
OBJECT
false
false
Not
Reply properties
type
STRING
resume Resumes normal operations on a suspended server.
shutdown Shuts down the server via a call to System.exit(0)
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
restart
BOOLEAN
false
false
false
If true, once shutdown the server will be restarted again
timeout
INT
false
false
0
If this timeout is set a graceful shutdown will be attempted. If this is zero (the default) then the server will shutdown immediately. A value larger than zero means the server will wait up to this many seconds for all active requests to finish. A value smaller than zero means that the server will wait indefinitely for all active requests to finish.
suspend-timeout
INT
false
false
0
The graceful shutdown timeout in seconds. If this is zero (the default) then the server will shutdown immediately. A value larger than zero means the server will wait up to this many seconds for all active requests to finish. A value smaller than zero means that the server will wait indefinitely for all active requests to finish.
perform-installation
BOOLEAN
false
false
false
Restart the server and perform any pending installation.
suspend Suspends server operations gracefully. All current requests will complete normally, however no new requests will be accepted.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
timeout
INT
false
false
0
The timeout that a suspend operation will wait for the suspend operation to complete before returning. If this is zero the operation will return immediately, -1 means that it will wait indefinitely. Note that the operation will not roll back if the timeout is exceeded, it just means that not all current requests completed in the specified timeout.
suspend-timeout
INT
false
false
0
The suspend operation timeout in seconds. If this is zero (the default) the operation will return immediately. A value larger than zero means the operation will wait up to this many seconds to complete before returning. A value smaller than zero means that the operation will wait indefinitely for all active requests to finish. Note that the operation will not roll back if the timeout is exceeded, it just means that not all current requests completed in the specified timeout.
take-snapshot Takes a snapshot of the current configuration
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
comment
STRING
false
false
Comment on the snapshot being taken.
name
STRING
false
false
The name of the snapshot being taken.
Reply properties
The location of the file on the machine the configuration belongs
type
STRING
undefine-attribute Sets the value of an attribute of the selected resource to 'undefined'
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
name
STRING
true
false
The name of the attribute which should be set to 'undefined'
upload-deployment-bytes Indicates that the deployment content in the included byte array should be added to the deployment content repository. Note that this operation does not indicate the content should be deployed into the runtime.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
bytes
BYTES
true
false
Byte array containing the deployment content that should uploaded to the domain's or standalone server's deployment content repository.
Reply properties
The hash of managed deployment content that has been uploaded to the domain's or standalone server's deployment content repository.
type
BYTES
upload-deployment-stream Indicates that the deployment content available at the included input stream index should be added to the deployment content repository. Note that this operation does not indicate the content should be deployed into the runtime.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
input-stream-index
INT
true
false
The index into the operation's attached input streams of the input stream that contains deployment content that should be uploaded to the domain's or standalone server's deployment content repository.
Reply properties
The hash of managed deployment content that has been uploaded to the domain's or standalone server's deployment content repository.
type
BYTES
upload-deployment-url Indicates that the deployment content available at the included URL should be added to the deployment content repository. Note that this operation does not indicate the content should be deployed into the runtime.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
url
STRING
true
false
The URL at which the deployment content is available for upload to the domain's or standalone server's deployment content repository.. Note that the URL must be accessible from the target of the operation (i.e. the Domain Controller or standalone server).
Reply properties
The hash of managed deployment content that has been uploaded to the domain's or standalone server's deployment content repository.
type
BYTES
validate-address Checks whether a resource with the address passed in as the argument exists.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
value
OBJECT
true
false
The address to check.
Reply properties
Report of checking the address.
type
OBJECT
Value Type
{
- "valid" => {
- "type" => BOOLEAN,
- "description" => "Indicates whether a resource with the address passed in as the argument exists.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false
- },
- "problem" => {
- "type" => STRING,
- "description" => "Is included only if the address is not valid and describes what's wrong with the address.",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- }
-}
validate-operation Validates that an operation is valid according to its description. Any errors present will be shown in the operation's failure-description.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
value
OBJECT
true
false
The operation to validate.
whoami Returns the identity of the currently authenticated user.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
verbose
BOOLEAN
false
false
false
If set to true whoami also returns the users roles.
Reply properties
The identify of the authenticated user and their roles if requested.
type
STRING
write-attribute Sets the value of an attribute for the selected resource
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
name
STRING
true
false
The name of the attribute to set the value for under the selected resource
value
STRING
false
false
The value of the attribute to set the value for under the selected resource. May be null if the underlying model supports null values.
write-config An operation to force the server to write its config file, without making any actual config change.
Redirecting to the latest version. If the page doesn't open, click the following link: /latest/wildscribe/index.html
+
+
\ No newline at end of file
diff --git a/29/wildscribe/interface/index.html b/29/wildscribe/interface/index.html
index 3a1e20b18..a9731b59f 100644
--- a/29/wildscribe/interface/index.html
+++ b/29/wildscribe/interface/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
any Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be that the IP address meets at least one of a nested set of criteria, but not necessarily all of the nested criteria. The value of the attribute is a set of criteria. An 'undefined' value means this attribute is not relevant to the IP address selection.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
any-address Attribute indicating that sockets using this interface should be bound to a wildcard address. The IPv6 wildcard address (::) will be used unless the java.net.preferIpV4Stack system property is set to true, in which case the IPv4 wildcard address (0.0.0.0) will be used. If a socket is bound to an IPv6 anylocal address on a dual-stack machine, it can accept both IPv6 and IPv4 traffic; if it is bound to an IPv4 (IPv4-mapped) anylocal address, it can only accept IPv4 traffic.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
inet-address Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not the address matches the given value. Value is either an IP address in IPv6 or IPv4 dotted decimal notation, or a hostname that can be resolved to an IP address. An 'undefined' value means this attribute is not relevant to the IP address selection.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
link-local-address Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not the address is link-local. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
loopback Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not it is a loopback address. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
loopback-address Attribute indicating that the IP address for this interface should be the given value, if a loopback interface exists on the machine. A 'loopback address' may not actually be configured on the machine's loopback interface. Differs from inet-address in that the given value will be used even if no NIC can be found that has the IP specified address associated with it. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
multicast Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not its network interface supports multicast. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection.
nic Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether its network interface has the given name. The name of a network interface (e.g. eth0, eth1, lo). An 'undefined' value means this attribute is not relevant to the IP address selection.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
nic-match Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether its network interface has a name that matches the given regular expression. Value is a regular expression against which the names of the network interfaces available on the machine can be matched to find an acceptable interface. An 'undefined' value means this attribute is not relevant to the IP address selection.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
not Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be that the IP address *does not* meet any of a nested set of criteria. The value of the attribute is a set of criteria (e.g. 'loopback') whose normal meaning is reversed. An 'undefined' value means this attribute is not relevant to the IP address selection.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
point-to-point Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not its network interface is a point-to-point interface. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
public-address Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not it is a publicly routable address. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
resolved-address Attribute showing the resolved ip address for this interface.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
site-local-address Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or it is a site-local address. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
subnet-match Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or it the address fits in the given subnet definition. Value is a network IP address and the number of bits in the address' network prefix, written in "slash notation"; e.g. "192.168.0.0/16". An 'undefined' value means this attribute is not relevant to the IP address selection.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
up Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether its network interface is currently up. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
virtual Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether its network interface is a virtual interface. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be that the IP address meets at least one of a nested set of criteria, but not necessarily all of the nested criteria. The value of the attribute is a set of criteria. An 'undefined' value means this attribute is not relevant to the IP address selection.
any-address
BOOLEAN
false
false
Attribute indicating that sockets using this interface should be bound to a wildcard address. The IPv6 wildcard address (::) will be used unless the java.net.preferIpV4Stack system property is set to true, in which case the IPv4 wildcard address (0.0.0.0) will be used. If a socket is bound to an IPv6 anylocal address on a dual-stack machine, it can accept both IPv6 and IPv4 traffic; if it is bound to an IPv4 (IPv4-mapped) anylocal address, it can only accept IPv4 traffic.
inet-address
STRING
false
true
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not the address matches the given value. Value is either an IP address in IPv6 or IPv4 dotted decimal notation, or a hostname that can be resolved to an IP address. An 'undefined' value means this attribute is not relevant to the IP address selection.
link-local-address
BOOLEAN
false
false
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not the address is link-local. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection.
loopback
BOOLEAN
false
false
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not it is a loopback address. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection.
loopback-address
STRING
false
true
Attribute indicating that the IP address for this interface should be the given value, if a loopback interface exists on the machine. A 'loopback address' may not actually be configured on the machine's loopback interface. Differs from inet-address in that the given value will be used even if no NIC can be found that has the IP specified address associated with it. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection.
multicast
BOOLEAN
false
false
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not its network interface supports multicast. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection.
nic
STRING
false
true
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether its network interface has the given name. The name of a network interface (e.g. eth0, eth1, lo). An 'undefined' value means this attribute is not relevant to the IP address selection.
nic-match
STRING
false
true
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether its network interface has a name that matches the given regular expression. Value is a regular expression against which the names of the network interfaces available on the machine can be matched to find an acceptable interface. An 'undefined' value means this attribute is not relevant to the IP address selection.
not
OBJECT
false
false
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be that the IP address *does not* meet any of a nested set of criteria. The value of the attribute is a set of criteria (e.g. 'loopback') whose normal meaning is reversed. An 'undefined' value means this attribute is not relevant to the IP address selection.
point-to-point
BOOLEAN
false
false
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not its network interface is a point-to-point interface. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
public-address
BOOLEAN
false
false
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not it is a publicly routable address. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
site-local-address
BOOLEAN
false
false
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or it is a site-local address. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
subnet-match
STRING
false
true
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or it the address fits in the given subnet definition. Value is a network IP address and the number of bits in the address' network prefix, written in "slash notation"; e.g. "192.168.0.0/16". An 'undefined' value means this attribute is not relevant to the IP address selection.
up
BOOLEAN
false
false
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether its network interface is currently up. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
virtual
BOOLEAN
false
false
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether its network interface is a virtual interface. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
resolve-internet-address Takes a set of interface resolution criteria and finds an IP address on the local machine that matches the criteria, or fails if no matching IP address can be found.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/log-message-reference.html b/29/wildscribe/log-message-reference.html
index adf21b8c3..d36812741 100644
--- a/29/wildscribe/log-message-reference.html
+++ b/29/wildscribe/log-message-reference.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Message ack in prepared tx for queue {0} which does not exist. This ack will be ignored.
AMQ022273
WARN
Address "{0}" is full. Bridge {1} will disconnect
AMQ101000
INFO
Starting ActiveMQ Artemis Server
AMQ101001
INFO
Stopping ActiveMQ Artemis Server
AMQ101002
INFO
Starting Naming server on {0}:{1,number,#} (rmi {2}:{3,number,#})
AMQ101003
INFO
Halting ActiveMQ Artemis Server after user request
AMQ101005
DEBUG
Using broker configuration: {0}
AMQ102000
WARN
Error during undeployment: {0}
AMQ104000
ERROR
Failed to delete file {0}
AMQ104001
ERROR
Failed to start server
AMQ104002
ERROR
The print data operation failed: {0}
AMQ111000
WARN
Scheduled task can't be removed from scheduledPool.
AMQ111001
WARN
******************************************************************************************************************************* Could not re-establish AMQP Server Connection {0} on {1} after {2} retries *******************************************************************************************************************************
AMQ111002
INFO
******************************************************************************************************************************* Retrying Server AMQP Connection {0} on {1} retry {2} of {3} *******************************************************************************************************************************
AMQ111003
INFO
******************************************************************************************************************************* Connected on Server AMQP Connection {0} on {1} after {2} retries *******************************************************************************************************************************
AMQ111004
WARN
AddressFullPolicy clash on an anonymous producer between destinations {0}(addressFullPolicy={1}) and {2}(addressFullPolicy={3}). This could lead to semantic inconsistencies on your clients. Notice you could have other instances of this scenario however this message will only be logged once. log.debug output would show all instances of this event.
AMQ121003
INFO
JMS Server Manager Running cached command for {0}
AMQ121004
INFO
JMS Server Manager Caching command for {0} since the JMS Server is not active yet
AMQ121004
INFO
JMS Server Manager Caching command for {0} since the JMS Server is not active.
AMQ121005
INFO
Invalid "host" value "0.0.0.0" detected for "{0}" connector. Switching to "{1}". If this new address is incorrect please manually configure the connector to use the proper one.
AMQ122005
WARN
Invalid "host" value "0.0.0.0" detected for "{0}" connector. Switching to "{1}". If this new address is incorrect please manually configure the connector to use the proper one.
AMQ122007
WARN
Queue {0} does not exist on the topic {1}. It was deleted manually probably.
AMQ122007
WARN
Queue {0} does not exist on the topic {1}. It was deleted manually probably.
AMQ122008
WARN
XA Recovery can not connect to any ActiveMQ server on recovery {0}
AMQ122008
WARN
XA Recovery can not connect to any broker on recovery {0}
AMQ122011
WARN
error unbinding {0} from JNDI
AMQ122011
WARN
error unbinding {0} from Registry
AMQ122012
WARN
JMS Server Manager error
AMQ122012
WARN
JMS Server Manager error
AMQ122013
WARN
Error in XA Recovery recover
AMQ122013
WARN
Error in XA Recovery recover
AMQ122014
WARN
Notified of connection failure in xa recovery connectionFactory for provider {0} will attempt reconnect on next pass
AMQ122014
WARN
Notified of connection failure in xa recovery connectionFactory for provider {0} will attempt reconnect on next pass
AMQ122015
WARN
Can not connect to {0} on auto-generated resource recovery
AMQ122016
DEBUG
Error in XA Recovery
AMQ122016
DEBUG
Error in XA Recovery
AMQ122017
WARN
Tried to correct invalid "host" value "0.0.0.0" for "{0}" connector, but received an exception.
AMQ122017
WARN
Tried to correct invalid "host" value "0.0.0.0" for "{0}" connector, but received an exception.
AMQ122018
WARN
Could not start recovery discovery on {0}, we will retry every recovery scan until the server is available
AMQ122018
WARN
Failed to send notification: {0}
AMQ122019
WARN
Unable to deactivate server
AMQ123000
DEBUG
JMS Server Manager Running cached command for {0}.(In the event of failover after failback has occurred, this message may be output multiple times.)
AMQ124000
ERROR
key attribute missing for JMS configuration {0}
AMQ124000
ERROR
key attribute missing for JMS configuration {0}
AMQ124002
ERROR
Failed to start JMS deployer
AMQ124002
ERROR
Failed to start JMS deployer
AMQ131001
INFO
Security Context Setting Subject = {0}
AMQ132000
WARN
I''m closing a JMS connection you left open. Please make sure you close all JMS connections explicitly before letting them go out of scope! see stacktrace to find out where it was created
AMQ132001
WARN
An error happened while setting the context
AMQ132001
WARN
Unhandled exception thrown from onMessage
AMQ134000
ERROR
Failed to call JMS exception listener
AMQ134002
ERROR
Queue Browser failed to create message {0}
AMQ134003
ERROR
Message Listener failed to prepare message for receipt, message={0}
AMQ134004
ERROR
Message Listener failed to process message
AMQ134005
ERROR
Message Listener failed to recover session
AMQ134006
ERROR
Failed to call Failover listener
AMQ141000
INFO
*** running direct journal blast: {0}
AMQ141002
INFO
starting thread for sync speed test
AMQ141003
INFO
Write rate = {0} bytes / sec or {1} MiB / sec
AMQ141004
INFO
Flush rate = {0} flushes / sec
AMQ141005
INFO
Check Data Files:
AMQ141006
INFO
Sequence out of order on journal
AMQ141007
INFO
Current File on the journal is <= the sequence file.getFileID={0} on the dataFiles Currentfile.getFileId={1} while the file.getFileID()={2} Is same = ({3})
AMQ141008
INFO
Free File ID out of order
AMQ141009
INFO
A Free File is less than the maximum data
AMQ141010
INFO
Initialising JDBC data source {0} with properties {1}
AMQ142000
WARN
You have a native library with a different version than expected
AMQ142001
WARN
Could not get lock after 60 seconds on closing Asynchronous File: {0}
AMQ142002
WARN
Asynchronous File: {0} being finalized with opened state
AMQ142003
WARN
AIO Callback Error: {0}
AMQ142004
WARN
Inconsistency during compacting: CommitRecord ID = {0} for an already committed transaction during compacting
AMQ142005
WARN
Inconsistency during compacting: Delete record being read on an existent record (id={0})
AMQ142006
WARN
Could not find add Record information for record {0} during compacting
AMQ142007
WARN
Can not find record {0} during compact replay
AMQ142008
WARN
Could not remove file {0} from the list of data files
AMQ142009
WARN
******************************************************************************************************************************* The File Storage Attic is full, as the file {0} does not have the configured size, and the file will be removed *******************************************************************************************************************************
AMQ142010
WARN
Failed to add file to opened files queue: {0}. This should NOT happen!
AMQ142011
WARN
Error on reading compacting for {0}
AMQ142012
WARN
Couldn''t find tx={0} to merge after compacting
AMQ142013
WARN
Prepared transaction {0} was not considered completed, it will be ignored
AMQ142014
WARN
Transaction {0} is missing elements so the transaction is being ignored
AMQ142015
WARN
Uncommitted transaction with id {0} found and discarded
AMQ142016
WARN
Could not stop compactor executor after 120 seconds
AMQ142017
WARN
Could not stop journal executor after 60 seconds
AMQ142018
WARN
Temporary files were left unattended after a crash on journal directory, deleting invalid files now
AMQ142019
WARN
Deleting orphaned file {0}
AMQ142020
WARN
Could not get lock after 60 seconds on closing Asynchronous File: {0}
AMQ142021
WARN
Error on IO callback, {0}
AMQ142022
WARN
Timed out on AIO poller shutdown
AMQ142023
WARN
Executor on file {0} couldn''t complete its tasks in 60 seconds.
AMQ142024
WARN
Error completing callback
AMQ142025
WARN
Error calling onError callback
AMQ142026
WARN
Timed out on AIO writer shutdown
AMQ142027
WARN
Error on writing data! {0} code - {1}
AMQ142028
WARN
Error replaying pending commands after compacting
AMQ142029
WARN
Error closing file
AMQ142030
WARN
Could not open a file in 60 Seconds
AMQ142031
WARN
Error retrieving ID part of the file name {0}
AMQ142032
WARN
Error reading journal file
AMQ142033
WARN
Error reinitializing file {0}
AMQ142034
WARN
Exception on submitting write
AMQ142035
WARN
Could not stop journal append executor after 60 seconds
AMQ144000
ERROR
Failed to delete file {0}
AMQ144001
ERROR
Error starting poller
AMQ144002
ERROR
Error pushing opened file
AMQ144003
ERROR
Error compacting
AMQ144004
ERROR
Error scheduling compacting
AMQ144005
ERROR
Failed to performance blast
AMQ144006
ERROR
IOError code {0}, {1}
AMQ144007
WARN
Ignoring journal file {0}: file is shorter then minimum header size. This file is being removed.
AMQ144008
WARN
******************************************************************************************************************************* File {0}: was moved under attic, please review it and remove it. *******************************************************************************************************************************
AMQ144009
WARN
Could not get a file in {0} seconds, System will retry the open but you may see increased latency in your system
AMQ144010
WARN
Critical IO Exception happened: {0}
AMQ151000
INFO
awaiting topic/queue creation {0}
AMQ151001
INFO
Attempting to reconnect {0}
AMQ151002
INFO
Reconnected with broker
AMQ151003
INFO
resource adaptor stopped
AMQ151004
INFO
Instantiating {0} "{1}" directly since UseJNDI=false.
AMQ151005
INFO
awaiting server availability
AMQ151006
INFO
Cluster topology change detected. Re-balancing connections on even {0}.
AMQ151007
INFO
Resource adaptor started
AMQ152001
WARN
problem resetting xa session after failure
AMQ152002
WARN
Unable to roll local transaction back
AMQ152003
WARN
unable to reset session after failure, we will place the MDB Inflow now in setup mode for activation={0}
AMQ152004
WARN
Handling JMS exception failure
AMQ152005
WARN
Failure in broker activation {0}
AMQ152006
WARN
Unable to call after delivery
AMQ152007
WARN
Thread {0} could not be finished
AMQ152008
WARN
Error interrupting handler on endpoint {0} handler = {1}
AMQ152009
WARN
Unable to validate properties
AMQ152010
WARN
Unable to clear the transaction
AMQ152011
WARN
Unable to close the factory
AMQ153001
DEBUG
using different ActiveMQRAConnectionFactory
AMQ153002
jakarta.jms.IllegalStateException
Cannot create a subscriber on the durable subscription since it already has subscriber(s)
AMQ153003
WARN
Unsupported acknowledgement mode {0}
AMQ153004
WARN
Invalid number of session (negative) {0}, defaulting to {1}.
AMQ153005
WARN
Unable to retrieve "{0}" from JNDI. Creating a new "{1}" named "{2}" to be used by the MDB.
AMQ154000
ERROR
Error while creating object Reference.
AMQ154001
ERROR
Unable to stop resource adapter.
AMQ154003
ERROR
Unable to reconnect {0}
AMQ154004
ERROR
Failed to deliver message
AMQ171003
INFO
JMS Server Manager Running cached command for {0}
AMQ171004
INFO
JMS Server Manager Caching command for {0} since the JMS Server is not active.
AMQ172005
WARN
Invalid "host" value "0.0.0.0" detected for "{0}" connector. Switching to "{1}". If this new address is incorrect please manually configure the connector to use the proper one.
AMQ172007
WARN
Queue {0} does not exist on the topic {1}. It was deleted manually probably.
AMQ172008
WARN
XA Recovery can not connect to any broker on recovery {0}
AMQ172011
WARN
error unbinding {0} from JNDI
AMQ172012
WARN
JMS Server Manager error
AMQ172013
WARN
Error in XA Recovery recover
AMQ172014
WARN
Notified of connection failure in xa recovery connectionFactory for provider {0} will attempt reconnect on next pass
AMQ172015
WARN
Can not connect to {0} on auto-generated resource recovery
AMQ172016
DEBUG
Error in XA Recovery
AMQ172017
WARN
Tried to correct invalid "host" value "0.0.0.0" for "{0}" connector, but received an exception.
AMQ172018
WARN
Could not start recovery discovery on {0}, we will retry every recovery scan until the server is available
AMQ174000
ERROR
key attribute missing for JMS configuration {0}
AMQ174002
ERROR
Failed to start JMS deployer
AMQ201000
INFO
Network is healthy, starting service {0}
AMQ201001
INFO
Network is unhealthy, stopping service {0}
AMQ202000
WARN
Missing privileges to set Thread Context Class Loader on Thread Factory. Using current Thread Context Class Loader
AMQ202001
WARN
{0} is a loopback address and will be discarded.
AMQ202002
WARN
Ping Address {0} wasn't reacheable.
AMQ202003
WARN
Ping Url {0} wasn't reacheable.
AMQ202004
WARN
Error starting component {0}
AMQ202005
WARN
Error stopping component {0}
AMQ202006
WARN
Failed to check Url {0}.
AMQ202007
WARN
Failed to check Address {0}.
AMQ202008
WARN
Failed to check Address list {0}.
AMQ202009
WARN
Failed to check Url list {0}.
AMQ202010
WARN
Failed to set NIC {0}.
AMQ202011
WARN
Failed to read from stream {0}.
AMQ202012
WARN
Object cannot be serialized.
AMQ202013
WARN
Unable to deserialize object.
AMQ202014
WARN
Unable to encode byte array into Base64 notation.
AMQ202015
WARN
Failed to clean up file {0}
AMQ202016
WARN
Could not list files to clean up in {0}
AMQ211000
INFO
**** Dumping session creation stacks ****
AMQ211001
INFO
session created
AMQ211002
DEBUG
Started {0} Netty Connector version {1} to {2}:{3,number,#}
AMQ211003
DEBUG
Started InVM Connector
AMQ212000
WARN
{0}
AMQ212001
WARN
Error on clearing messages
AMQ212002
WARN
Timed out waiting for handler to complete processing
AMQ212003
WARN
Unable to close session
AMQ212004
WARN
Failed to connect to server.
AMQ212005
WARN
Tried {0} times to connect. Now giving up on reconnecting it.
AMQ212007
WARN
connector.create or connectorFactory.createConnector should never throw an exception, implementation is badly behaved, but we will deal with it anyway.
AMQ212008
WARN
I am closing a core ClientSessionFactory you left open. Please make sure you close all ClientSessionFactories explicitly before letting them go out of scope! {0}
AMQ212009
WARN
resetting session after failure
AMQ212010
WARN
Server is starting, retry to create the session {0}
AMQ212011
WARN
committing transaction after failover occurred, any non persistent messages may be lost
AMQ212012
WARN
failure occurred during commit throwing XAException
AMQ212014
WARN
failover occurred during prepare rolling back
AMQ212015
WARN
failover occurred during prepare rolling back
AMQ212016
WARN
I am closing a core ClientSession you left open. Please make sure you close all ClientSessions explicitly before letting them go out of scope! {0}
AMQ212017
WARN
error adding packet
AMQ212018
WARN
error calling cancel
AMQ212019
WARN
error reading index
AMQ212020
WARN
error setting index
AMQ212021
WARN
error resetting index
AMQ212022
WARN
error reading LargeMessage file cache
AMQ212023
WARN
error closing LargeMessage file cache
AMQ212024
WARN
Exception during finalization for LargeMessage file cache
AMQ212025
WARN
did not connect the cluster connection to other nodes
AMQ212026
WARN
Timed out waiting for pool to terminate
AMQ212027
WARN
Timed out waiting for scheduled pool to terminate
AMQ212028
WARN
error starting server locator
AMQ212029
DEBUG
Closing a Server Locator left open. Please make sure you close all Server Locators explicitly before letting them go out of scope! {0}
AMQ212030
WARN
error sending topology
AMQ212031
WARN
error sending topology
AMQ212032
WARN
Timed out waiting to stop discovery thread
AMQ212033
WARN
unable to send notification when discovery group is stopped
AMQ212034
WARN
There are more than one servers on the network broadcasting the same node id. You will see this message exactly once (per node) if a node is restarted, in which case it can be safely ignored. But if it is logged continuously it means you really do have more than one node on the same network active concurrently with the same node id. This could occur if you have a backup node active at the same time as its live node. nodeID={0}
AMQ212035
WARN
error receiving packet in discovery
AMQ212036
WARN
Can not find packet to clear: {0} last received command id first stored command id {1}
AMQ212037
WARN
Connection failure to {0} has been detected: {1} [code={2}]
AMQ212038
WARN
Failure in calling interceptor: {0}
AMQ212040
WARN
Timed out waiting for netty ssl close future to complete
AMQ212041
WARN
Timed out waiting for netty channel to close
AMQ212042
WARN
Timed out waiting for packet to be flushed
AMQ212043
WARN
Property {0} must be an Integer, it is {1}
AMQ212044
WARN
Property {0} must be a Long, it is {1}
AMQ212045
WARN
Property {0} must be a Boolean, it is {1}
AMQ212046
WARN
Cannot find activemq-version.properties on classpath: {0}
AMQ212047
WARN
Warning: JVM allocated more data what would make results invalid {0}:{1}
AMQ212048
WARN
Random address ({0}) was already in use, trying another time
AMQ212049
WARN
Could not bind to {0} ({1} address); make sure your discovery group-address is of the same type as the IP stack (IPv4 or IPv6). Ignoring discovery group-address, but this may lead to cross talking.
AMQ212050
WARN
Compressed large message tried to read {0} bytes from stream {1}
AMQ212051
WARN
Invalid concurrent session usage. Sessions are not supposed to be used by more than one thread concurrently.
AMQ212052
WARN
Packet {0} was answered out of sequence due to a previous server timeout and it''s being ignored
AMQ212053
WARN
CompletionListener/SendAcknowledgementHandler used with confirmationWindowSize=-1. Enable confirmationWindowSize to receive acks from server!
AMQ212054
WARN
Destination address={0} is blocked. If the system is configured to block make sure you consume messages on this configuration.
AMQ212055
WARN
Unable to close consumer
AMQ212056
WARN
local-bind-address specified for broadcast group but no local-bind-port. Using random port for UDP Broadcast ({0})
AMQ212057
WARN
Large Message Streaming is taking too long to flush on back pressure.
AMQ212058
WARN
Unable to get a message.
AMQ212059
WARN
Failed to clean up: {0}
AMQ212060
WARN
Unexpected null data received from DiscoveryEndpoint
AMQ212061
WARN
Failed to perform force close
AMQ212062
WARN
Failed to perform post actions on message processing
AMQ212063
WARN
Unable to handle connection failure
AMQ212064
WARN
Unable to receive cluster topology
AMQ212065
WARN
{0} getting exception when receiving broadcasting
AMQ212066
WARN
failed to parse int property
AMQ212067
WARN
failed to get system property
AMQ212068
WARN
Couldn't finish the client globalThreadPool in less than 10 seconds, interrupting it now
AMQ212069
WARN
Couldn't finish the client scheduled in less than 10 seconds, interrupting it now
AMQ212070
WARN
Unable to initialize VersionLoader
AMQ212071
WARN
Unable to check Epoll availability
AMQ212072
WARN
Failed to change channel state to ReadyForWriting
AMQ212073
WARN
Unable to check KQueue availability
AMQ212074
WARN
SendAcknowledgementHandler will not be asynchronous without setting up confirmation window size
AMQ212074
WARN
channel group did not completely close
AMQ212075
WARN
KQueue is not available, please add to the classpath or configure useKQueue=false to remove this warning
AMQ212076
WARN
Epoll is not available, please add to the classpath or configure useEpoll=false to remove this warning
AMQ212077
WARN
Timed out waiting to receive initial broadcast from cluster. Retry {0} of {1}
AMQ212079
WARN
The upstream connector from the downstream federation will ignore url parameter {0}
AMQ212080
WARN
Using legacy SSL store provider value: {0}. Please use either ''keyStoreType'' or ''trustStoreType'' instead as appropriate.
AMQ214000
ERROR
Failed to call onMessage
AMQ214001
ERROR
failed to cleanup session
AMQ214002
ERROR
Failed to execute failure listener
AMQ214003
ERROR
Failed to handle failover
AMQ214004
ERROR
XA end operation failed
AMQ214005
ERROR
XA start operation failed {0} code:{1}
AMQ214006
ERROR
Session is not XA
AMQ214007
ERROR
Received exception asynchronously from server
AMQ214008
ERROR
Failed to handle packet
AMQ214009
ERROR
Failed to stop discovery group
AMQ214010
ERROR
Failed to receive datagram
AMQ214011
ERROR
Failed to call discovery listener
AMQ214012
ERROR
Unexpected error handling packet {0}
AMQ214013
ERROR
Failed to decode packet
AMQ214014
ERROR
Failed to execute failure listener
AMQ214015
ERROR
Failed to execute connection life cycle listener
AMQ214016
ERROR
Failed to create netty connection
AMQ214017
ERROR
Caught unexpected Throwable
AMQ214018
ERROR
Failed to invoke getTextContent() on node {0}
AMQ214019
ERROR
Invalid configuration
AMQ214020
ERROR
Exception happened while stopping Discovery BroadcastEndpoint {0}
AMQ214021
ERROR
Invalid cipher suite specified. Supported cipher suites are: {0}
Deleting pending large message as it was not completed: {0}
AMQ221006
INFO
Waiting to obtain live lock
AMQ221007
INFO
Server is now live
AMQ221008
INFO
live server wants to restart, restarting server in backup
AMQ221010
INFO
Backup Server is now live
AMQ221011
INFO
Server {0} is now live
AMQ221012
INFO
Using AIO Journal
AMQ221013
INFO
Using NIO Journal
AMQ221014
INFO
{0}% loaded
AMQ221015
INFO
Can not find queue {0} while reloading ACKNOWLEDGE_CURSOR, deleting record now
AMQ221016
INFO
Can not find queue {0} while reloading PAGE_CURSOR_COUNTER_VALUE, deleting record now
AMQ221017
INFO
Can not find queue {0} while reloading PAGE_CURSOR_COUNTER_INC, deleting record now
AMQ221018
INFO
Large message: {0} did not have any associated reference, file will be deleted
AMQ221019
INFO
Deleting unreferenced message id={0} from the journal
AMQ221020
INFO
Started {0} Acceptor at {1}:{2,number,#} for protocols [{3}]
AMQ221021
INFO
failed to remove connection
AMQ221022
INFO
unable to start connector service: {0}
AMQ221023
INFO
unable to stop connector service: {0}
AMQ221024
INFO
Backup server {0} is synchronized with live server, nodeID={1}.
AMQ221025
INFO
Replication: sending {0} (size={1}) to replica.
AMQ221026
INFO
Bridge {0} connected to forwardingAddress={1}. {2} does not have any bindings. Messages will be ignored until a binding is created.
AMQ221027
INFO
Bridge {0} is connected
AMQ221028
INFO
Bridge is stopping, will not retry
AMQ221029
INFO
stopped bridge {0}
AMQ221030
INFO
paused bridge {0}
AMQ221031
INFO
backup announced
AMQ221032
INFO
Waiting to become backup node
AMQ221033
INFO
** got backup lock
AMQ221034
INFO
Waiting {0} to obtain live lock
AMQ221035
INFO
Live Server Obtained live lock
AMQ221036
INFO
Message with duplicate ID {0} was already set at {1}. Move from {2} being ignored and message removed from {3}
AMQ221037
INFO
{0} to become ''live''
AMQ221038
INFO
Configuration option ''{0}'' is deprecated. Consult the manual for details.
AMQ221039
INFO
Restarting as Replicating backup server after live restart
AMQ221040
INFO
Remote group coordinators has not started.
AMQ221041
INFO
Cannot find queue {0} while reloading PAGE_CURSOR_COMPLETE, deleting record now
AMQ221042
INFO
Bridge {0} timed out waiting for the completion of {1} messages, we will just shutdown the bridge after 10 seconds wait
AMQ221043
INFO
Protocol module found: [{1}]. Adding protocol support for: {0}
AMQ221045
INFO
libaio is not available, switching the configuration into NIO
AMQ221046
INFO
Unblocking message production on address ''{0}''; {1}
AMQ221047
INFO
Backup Server has scaled down to live server
AMQ221048
INFO
Consumer {0}:{1} attached to queue ''{2}'' from {3} identified as ''slow.'' Expected consumption rate: {4} msgs/second; actual consumption rate: {5} msgs/second.
AMQ221049
INFO
Activating Replica for node: {0}
AMQ221050
INFO
Activating Shared Store Slave
AMQ221051
INFO
Populating security roles from LDAP at: {0}
AMQ221052
INFO
Deploying topic {0}
AMQ221053
INFO
Disallowing use of vulnerable protocol ''{0}'' on acceptor ''{1}''. See http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html for more details.
AMQ221054
INFO
libaio was found but the filesystem does not support AIO. Switching the configuration into NIO. Journal path: {0}
AMQ221055
INFO
There were too many old replicated folders upon startup, removing {0}
AMQ221056
INFO
Reloading configuration: {0}
AMQ221057
INFO
Global Max Size is being adjusted to 1/2 of the JVM max size (-Xmx). being defined as {0}
AMQ221058
INFO
resetting Journal File size from {0} to {1} to fit with alignment of {2}
AMQ221059
INFO
Deleting old data directory {0} as the max folders is set to 0
AMQ221060
INFO
Sending quorum vote request to {0}: {1}
AMQ221061
INFO
Received quorum vote response from {0}: {1}
AMQ221062
INFO
Received quorum vote request: {0}
AMQ221063
INFO
Sending quorum vote response: {0}
AMQ221064
INFO
Node {0} found in cluster topology
AMQ221065
INFO
Node {0} not found in cluster topology
AMQ221066
INFO
Initiating quorum vote: {0}
AMQ221067
INFO
Waiting {0} {1} for quorum vote results.
AMQ221068
INFO
Received all quorum votes.
AMQ221069
INFO
Timeout waiting for quorum vote responses.
AMQ221070
INFO
Restarting as backup based on quorum vote results.
AMQ221071
INFO
Failing over based on quorum vote results.
AMQ221072
INFO
Can't find roles for the subject.
AMQ221073
INFO
Can't add role principal.
AMQ221074
INFO
Debug started : size = {0} bytes, messages = {1}
AMQ221075
INFO
Usage of wildcardRoutingEnabled configuration property is deprecated, please use wildCardConfiguration.enabled instead
AMQ221076
INFO
{0}
AMQ221077
INFO
There is no queue with ID {0}, deleting record {1}
AMQ221078
INFO
Scaled down {0} messages total.
AMQ221079
INFO
Ignoring prepare on xid as already called : {0}
AMQ221080
INFO
Deploying address {0} supporting {1}
AMQ221081
INFO
There is no address with ID {0}, deleting record {1}
AMQ221082
INFO
Initializing metrics plugin {0} with properties: {1}
AMQ221083
INFO
ignoring quorum vote as max cluster size is {0}.
AMQ221084
INFO
Requested {0} quorum votes
AMQ221085
INFO
Route {0} to {1}
AMQ221086
INFO
Cannot route {0}
AMQ221109
INFO
Apache ActiveMQ Artemis Backup Server version {0} [{1}] started, waiting live to fail before it gets active
AMQ222000
WARN
ActiveMQServer is being finalized and has not been stopped. Please remember to stop the server before letting it go out of scope
AMQ222001
WARN
Error closing sessions while stopping server
AMQ222002
WARN
Timed out waiting for pool to terminate {0}. Interrupting all its threads!
AMQ222004
WARN
Must specify an address for each divert. This one will not be deployed.
AMQ222005
WARN
Must specify a forwarding address for each divert. This one will not be deployed.
AMQ222006
WARN
Binding already exists with name {0}, divert will not be deployed
AMQ222007
WARN
Security risk! Apache ActiveMQ Artemis is running with the default cluster admin user and default password. Please see the cluster chapter in the ActiveMQ Artemis User Guide for instructions on how to change this.
AMQ222008
WARN
unable to restart server, please kill and restart manually
AMQ222009
WARN
Unable to announce backup for replication. Trying to stop the server.
AMQ222010
ERROR
Critical IO Error, shutting down the server. file={1}, message={0}
AMQ222011
WARN
Error stopping server
AMQ222012
WARN
Timed out waiting for backup activation to exit
AMQ222013
WARN
Error when trying to start replication
AMQ222014
WARN
Error when trying to stop replication
AMQ222016
WARN
Cannot deploy a connector with no name specified.
AMQ222017
WARN
There is already a connector with name {0} deployed. This one will not be deployed.
AMQ222018
WARN
AIO was not located on this platform, it will fall back to using pure Java NIO. If your platform is Linux, install LibAIO to enable the AIO journal
AMQ222019
WARN
There is already a discovery group with name {0} deployed. This one will not be deployed.
AMQ222020
WARN
error scanning for URL''s
AMQ222021
WARN
problem undeploying {0}
AMQ222022
WARN
Timed out waiting for paging cursor to stop {0}
AMQ222023
WARN
problem cleaning page address {0}
AMQ222024
WARN
Could not complete operations on IO context {0}
AMQ222025
WARN
Problem cleaning page subscription counter
AMQ222026
WARN
Error on cleaning up cursor pages
AMQ222027
WARN
Timed out flushing executors for paging cursor to stop {0}
AMQ222028
WARN
Could not find page cache for page {0}, on queue {1}/{2} removing it from the journal
AMQ222029
WARN
Could not locate page transaction {0}, ignoring message on position {1} on address={2} queue={3}
AMQ222030
WARN
File {0} being renamed to {1}.invalidPage as it was loaded partially. Please verify your data.
AMQ222031
WARN
Error while deleting page file
AMQ222032
WARN
page finalise error
AMQ222033
WARN
Page file {0} had incomplete records at position {1} at record number {2}
AMQ222034
WARN
Can not delete page transaction id={0}
AMQ222035
WARN
Directory {0} did not have an identification file {1}
AMQ222036
WARN
Timed out on waiting PagingStore {0} to shutdown
AMQ222037
WARN
IO Error, impossible to start paging
AMQ222038
INFO
Starting paging on address ''{0}''; {1}
AMQ222039
WARN
Messages sent to address ''{0}'' are being dropped; {1}
AMQ222040
WARN
Server is stopped
AMQ222041
WARN
Cannot find queue {0} to update delivery count
AMQ222042
WARN
Cannot find message {0} to update delivery count
AMQ222043
WARN
Message for queue {0} which does not exist. This message will be ignored.
AMQ222044
WARN
It was not possible to delete message {0}
AMQ222045
WARN
Message in prepared tx for queue {0} which does not exist. This message will be ignored.
AMQ222046
WARN
Failed to remove reference for {0}
AMQ222047
WARN
Can not find queue {0} while reloading ACKNOWLEDGE_CURSOR
AMQ222048
WARN
PAGE_CURSOR_COUNTER_VALUE record used on a prepared statement, invalid state
AMQ222049
WARN
InternalError: Record type {0} not recognized. Maybe you are using journal files created on a different version
AMQ222050
WARN
Can not locate recordType={0} on loadPreparedTransaction//deleteRecords
AMQ222051
WARN
Journal Error
AMQ222052
WARN
error incrementing delay detection
AMQ222053
WARN
Error on copying large message {0} for DLA or Expiry
AMQ222054
WARN
Error on executing IOCallback
AMQ222055
WARN
Error on deleting duplicate cache
AMQ222056
WARN
Did not route to any bindings for address {0} and sendToDLAOnNoRoute is true but there is no DLA configured for the address, the message will be ignored.
AMQ222057
WARN
It was not possible to add references due to an IO error code {0} message = {1}
AMQ222059
WARN
Duplicate message detected - message will not be routed. Message information: {0}
AMQ222060
WARN
Error while confirming large message completion on rollback for recordID={0}
AMQ222061
WARN
Client connection failed, clearing up resources for session {0}
On ManagementService stop, there are {0} unexpected registered MBeans: {1}
AMQ222114
WARN
Unable to delete group binding info {0}
AMQ222115
WARN
Error closing serverLocator={0}
AMQ222116
WARN
unable to start broadcast group {0}
AMQ222117
WARN
unable to start cluster connection {0}
AMQ222118
WARN
unable to start Bridge {0}
AMQ222119
WARN
No connector with name {0}. backup cannot be announced.
AMQ222120
WARN
no cluster connections defined, unable to announce backup
AMQ222121
WARN
Must specify a unique name for each bridge. This one will not be deployed.
AMQ222122
WARN
Must specify a queue name for each bridge. This one {0} will not be deployed.
AMQ222123
WARN
Forward address is not specified on bridge {0}. Will use original message address instead
AMQ222124
WARN
There is already a bridge with name {0} deployed. This one will not be deployed.
AMQ222125
WARN
No queue found with name {0} bridge {1} will not be deployed.
AMQ222126
WARN
No discovery group found with name {0} bridge will not be deployed.
AMQ222127
WARN
Must specify a unique name for each cluster connection. This one will not be deployed.
AMQ222128
WARN
Must specify an address for each cluster connection. This one will not be deployed.
AMQ222129
WARN
No connector with name {0}. The cluster connection will not be deployed.
AMQ222130
WARN
Cluster Configuration {0} already exists. The cluster connection will not be deployed.
AMQ222131
WARN
No discovery group with name {0}. The cluster connection will not be deployed.
AMQ222132
WARN
There is already a broadcast-group with name {0} deployed. This one will not be deployed.
AMQ222133
WARN
There is no connector deployed with name {0}. The broadcast group with name {1} will not be deployed.
AMQ222134
WARN
No connector defined with name {0}. The bridge will not be deployed.
AMQ222135
WARN
Stopping Redistributor, Timed out waiting for tasks to complete
AMQ222136
WARN
IO Error during redistribution, errorCode = {0} message = {1}
AMQ222137
WARN
Unable to announce backup, retrying
AMQ222138
WARN
Local Member is not set at on ClusterConnection {0}
AMQ222139
WARN
{0}::Remote queue binding {1} has already been bound in the post office. Most likely cause for this is you have a loop in your cluster due to cluster max-hops being too large or you have multiple cluster connections to the same nodes using overlapping addresses
AMQ222141
WARN
Node Manager can not open file {0}
AMQ222142
WARN
Error on resetting large message deliver - {0}
AMQ222143
WARN
Timed out waiting for executor to complete
AMQ222144
WARN
Queue could not finish waiting executors. Try increasing the thread pool size
AMQ222145
WARN
Error expiring reference {0} on queue
AMQ222146
WARN
Message has expired. No bindings for Expiry Address {0} so dropping it
AMQ222147
WARN
Messages are being expired on queue {0}, but there is no Expiry Address configured so messages will be dropped.
AMQ222148
WARN
Message {0} has exceeded max delivery attempts. No bindings for Dead Letter Address {1} so dropping it
AMQ222149
WARN
Message {0} has reached maximum delivery attempts, sending it to Dead Letter Address {1} from {2}
AMQ222150
WARN
Message {0} has exceeded max delivery attempts. No Dead Letter Address configured for queue {1} so dropping it
AMQ222151
WARN
removing consumer which did not handle a message, consumer={0}, message={1}
AMQ222152
WARN
Unable to decrement reference counting on queue
AMQ222153
WARN
Cannot locate record for message id = {0} on Journal
AMQ222154
WARN
Error checking DLQ
AMQ222155
WARN
Failed to register as backup. Stopping the server.
AMQ222156
WARN
Less than {0}% {1} You are in danger of running out of RAM. Have you set paging parameters on your addresses? (See user manual "Paging" chapter)
AMQ222157
WARN
Error completing callback on replication manager
AMQ222158
WARN
{0} activation thread did not finish.
AMQ222159
WARN
unable to send notification when broadcast group is stopped
AMQ222160
WARN
unable to send notification when broadcast group is stopped
AMQ222161
WARN
Group Handler timed-out waiting for sendCondition
AMQ222162
INFO
Moving data directory {0} to {1}
AMQ222163
WARN
Server is being completely stopped, since this was a replicated backup there may be journal files that need cleaning up. The Apache ActiveMQ Artemis broker will have to be manually restarted.
AMQ222164
WARN
Error when trying to start replication {0}
AMQ222165
WARN
No Dead Letter Address configured for queue {0} in AddressSettings
AMQ222166
WARN
No Expiry Address configured for queue {0} in AddressSettings
AMQ222167
WARN
Group Binding not available so deleting {0} groups from {1}, groups will be bound to another node
AMQ222168
WARN
The ''protocol'' property is deprecated. If you want this Acceptor to support multiple protocols, use the ''protocols'' property, e.g. with value ''CORE,AMQP,STOMP''
AMQ222169
WARN
You have old legacy clients connected to the queue {0} and we can''t disconnect them, these clients may just hang
AMQ222170
WARN
Bridge {0} forwarding address {1} has confirmation-window-size ({2}) greater than address'' max-size-bytes'' ({3})
AMQ222171
WARN
Bridge {0} forwarding address {1} could not be resolved on address-settings configuration
AMQ222172
WARN
Queue {0} was busy for more than {1} milliseconds. There are possibly consumers hanging on a network operation
AMQ222173
WARN
Queue {0} is duplicated during reload. This queue will be renamed as {1}
AMQ222174
WARN
Queue {0}, on address={1}, is taking too long to flush deliveries. Watch out for frozen clients.
AMQ222175
WARN
Bridge {0} could not find configured connectors
AMQ222176
WARN
A session that was already doing XA work on {0} is replacing the xid by {1} . This was most likely caused from a previous communication timeout
AMQ222177
WARN
Wrong configuration for role, {0} is not a valid permission
AMQ222178
WARN
Error during recovery of page counters
AMQ222181
WARN
Unable to scaleDown messages
AMQ222182
WARN
Missing cluster-configuration for scale-down-clustername {0}
AMQ222183
WARN
Blocking message production on address ''{0}''; {1}
AMQ222184
WARN
Unable to recover group bindings in SCALE_DOWN mode, only FULL backup server can do this
AMQ222185
WARN
no cluster connection for specified replication cluster
AMQ222186
WARN
unable to authorise cluster control: {0}
AMQ222187
WARN
Failed to activate replicated backup
AMQ222188
WARN
Unable to find target queue for node {0}
AMQ222189
WARN
Failed to activate shared store slave
AMQ222191
WARN
Could not find any configured role for user {0}.
AMQ222192
WARN
Could not delete: {0}
AMQ222193
WARN
Memory Limit reached. Producer ({0}) stopped to prevent flooding {1} (blocking for {2}s). See http://activemq.apache.org/producer-flow-control.html for more info.
Large message {0} wasn''t found when dealing with add pending large message
AMQ222196
WARN
Could not find binding with id={0} on routeFromCluster for message={1} binding = {2}
AMQ222197
WARN
Internal error! Delivery logic has identified a non delivery and still handled a consumer!
AMQ222198
WARN
Could not flush ClusterManager executor ({0}) in 10 seconds, verify your thread pool size
AMQ222199
WARN
Thread dump: {0}
AMQ222200
WARN
Could not finish executor on {0}
AMQ222201
WARN
Timed out waiting for activation to exit
AMQ222202
WARN
{0}: <{1}> should not be set to the same value as <{2}>. If a system is under high load, or there is a minor network delay, there is a high probability of a cluster split/failure due to connection timeout.
AMQ222203
WARN
Classpath lacks a protocol-manager for protocol {0}, Protocol being ignored on acceptor {1}
AMQ222204
WARN
Duplicated Acceptor {0} with parameters {1} classFactory={2} duplicated on the configuration
AMQ222205
WARN
OutOfMemoryError possible! There are currently {0} addresses with a total max-size-bytes of {1} bytes, but the maximum memory available is {2} bytes.
AMQ222206
WARN
Connection limit of {0} reached. Refusing connection from {1}.
AMQ222207
WARN
The backup server is not responding promptly introducing latency beyond the limit. Replication server being disconnected now.
AMQ222208
WARN
SSL handshake failed for client from {0}: {1}.
AMQ222209
WARN
Could not contact group handler coordinator after 10 retries, message being routed without grouping information
AMQ222210
WARN
Free storage space is at {0} of {1} total. Usage rate is {2} which is beyond the configured . System will start blocking producers.
AMQ222211
INFO
Free storage space is at {0} of {1} total. Usage rate is {2} which is below the configured .
AMQ222212
WARN
Disk Full! Blocking message production on address ''{0}''. Clients will report blocked.
AMQ222213
WARN
There was an issue on the network, server is isolated!
AMQ222214
WARN
Destination {1} has an inconsistent and negative address size={0}.
AMQ222215
WARN
Global Address Size has negative and inconsistent value as {0}
AMQ222216
WARN
Security problem while authenticating: {0}
AMQ222217
WARN
Cannot find connector-ref {0}. The cluster-connection {1} will not be deployed.
AMQ222218
WARN
Server disconnecting: {0}
AMQ222219
WARN
File {0} does not exist
AMQ222220
WARN
Error while cleaning paging on queue {0}
AMQ222221
WARN
Error while cleaning page, during the commit
AMQ222222
WARN
Error while deleting page-complete-record
AMQ222223
WARN
Failed to calculate message memory estimate
AMQ222224
WARN
Failed to calculate scheduled delivery time
AMQ222225
WARN
Sending unexpected exception to the client
AMQ222226
WARN
Connection configuration is null for connectorName {0}
AMQ222227
WARN
Failed to process an event
AMQ222228
WARN
Missing replication token on queue
AMQ222229
WARN
Failed to perform rollback
AMQ222230
WARN
Failed to send notification
AMQ222231
WARN
Failed to flush outstanding data from the connection
AMQ222232
WARN
Unable to acquire lock
AMQ222233
WARN
Unable to destroy connection with session metadata
AMQ222234
WARN
Unable to invoke a callback
AMQ222235
WARN
Unable to inject a monitor
AMQ222236
WARN
Unable to flush deliveries
AMQ222237
WARN
Unable to stop redistributor
AMQ222238
WARN
Unable to commit transaction
AMQ222239
WARN
Unable to delete Queue status
AMQ222240
WARN
Unable to pause a Queue
AMQ222241
WARN
Unable to resume a Queue
AMQ222242
WARN
Unable to obtain message priority, using default
AMQ222243
WARN
Unable to extract GroupID from message
AMQ222244
WARN
Unable to check if message expired
AMQ222245
WARN
Unable to perform post acknowledge
AMQ222246
WARN
Unable to rollback on close
AMQ222247
WARN
Unable to close consumer
AMQ222248
WARN
Unable to remove consumer
AMQ222249
WARN
Unable to rollback on TX timed out
AMQ222250
WARN
Unable to delete heuristic completion from storage manager
AMQ222251
WARN
Unable to start replication
AMQ222252
WARN
Unable to calculate file size
AMQ222253
WARN
Error while syncing data on largeMessageInSync:: {0}
AMQ222254
WARN
Invalid record type {0}
AMQ222255
WARN
Unable to calculate file store usage
AMQ222256
WARN
Failed to unregister acceptors
AMQ222257
WARN
Failed to decrement message reference count
AMQ222258
WARN
Error on deleting queue {0}
AMQ222259
WARN
Failed to flush the executor
AMQ222260
WARN
Failed to perform rollback
AMQ222261
WARN
Failed to activate a backup
AMQ222262
WARN
Failed to stop cluster manager
AMQ222263
WARN
Failed to stop cluster connection
AMQ222264
WARN
Failed to process message reference after rollback
AMQ222265
WARN
Failed to finish delivery, unable to lock delivery
AMQ222266
WARN
Failed to send request to the node
AMQ222267
WARN
Failed to disconnect bindings
AMQ222268
WARN
Failed to remove a record
AMQ222269
WARN
Please use a fixed value for "journal-pool-files". Default changed per https://issues.apache.org/jira/browse/ARTEMIS-1628
AMQ222270
WARN
Unable to create management notification address: {0}
AMQ222274
WARN
Failed to deploy address {0}: {1}
AMQ222275
WARN
Failed to deploy queue {0}: {1}
AMQ222276
WARN
Failed to process changes to the logging configuration file: {0}
AMQ222277
WARN
Problem initializing automatic logging configuration reload for {0}
AMQ222278
WARN
Unable to extract GroupSequence from message
AMQ222279
WARN
Federation upstream {0} policy ref {1} could not be resolved in federation configuration
AMQ222280
WARN
Federation upstream {0} policy ref {1} is of unknown type in federation configuration
AMQ222281
WARN
Federation upstream {0} policy ref {1} are too self referential, avoiding stack overflow ,
AMQ222282
WARN
Federation downstream {0} upstream transport configuration ref {1} could not be resolved in federation configuration
AMQ222283
INFO
Federation downstream {0} has been deployed
AMQ222284
INFO
Federation downstream {0} has been undeployed
AMQ222285
WARN
File {0} at {1} is empty. Delete the empty file to stop this message.
AMQ222286
WARN
Error executing {0} federation plugin method.
AMQ222287
WARN
Error looking up bindings for address {}.
AMQ222288
WARN
Page {0}, message {1} could not be found on offset {2}, with starting message {3}. This represents a logic error or inconsistency on the data, and the system will try once again from the beggining of the page file.
AMQ222289
WARN
Did not route to any matching bindings on dead-letter-address {0} and auto-create-dead-letter-resources is true; dropping message: {1}
AMQ222290
WARN
Failed to find cluster-connection when handling cluster-connect packet. Ignoring: {0}
AMQ222291
WARN
The metrics-plugin element is deprecated and replaced by the metrics element
AMQ222292
WARN
The metrics-plugin element is ignored because the metrics element is defined
AMQ222294
WARN
There is a possible split brain on nodeID {0}, coming from connectors {1}. Topology update ignored.
AMQ222295
WARN
There is a possible split brain on nodeID {0}. Topology update ignored
AMQ222296
WARN
Unable to deploy Hawtio MBeam, console client side RBAC not available
AMQ222297
WARN
Unable to start Management Context, RBAC not available
AMQ222298
WARN
Failed to create bootstrap user "{0}". User management may not function.
AMQ222299
WARN
No bootstrap credentials found. User management may not function.
AMQ222300
WARN
Getting SSL handler failed when serving client from {0}: {1}.
AMQ222301
WARN
Duplicate address-setting match found: {0}. These settings will be ignored! Please review your broker.xml and consolidate any duplicate address-setting elements.
AMQ222302
WARN
Failed to deal with property {0} when converting message from core to OpenWire: {1}
AMQ222303
WARN
Redistribution by {0} of messageID = {1} failed
AMQ222304
WARN
Unable to load message from journal
AMQ222305
WARN
Error federating message {0}.
AMQ222306
WARN
Failed to load prepared TX and it will be rolled back: {0}
AMQ222307
WARN
The queues element is deprecated and replaced by the addresses element
AMQ222308
WARN
Unable to listen for incoming fail-back request because {0} is null. Ensure the broker has the proper cluster-connection configuration.
AMQ223000
DEBUG
Received Interrupt Exception whilst waiting for component to shutdown: {0}
AMQ223001
DEBUG
Ignored quorum vote due to quorum reached or vote casted: {0}
AMQ224000
ERROR
Failure in initialisation
AMQ224001
ERROR
Error deploying URI {0}
AMQ224002
ERROR
Error deploying URI
AMQ224003
ERROR
Error undeploying URI {0}
AMQ224005
ERROR
Unable to deploy node {0}
AMQ224006
ERROR
Invalid filter: {0}
AMQ224007
ERROR
page subscription = {0} error={1}
AMQ224008
ERROR
Failed to store id
AMQ224009
ERROR
Cannot find message {0}
AMQ224010
ERROR
Cannot find queue messages for queueID={0} on ack for messageID={1}
AMQ224011
ERROR
Cannot find queue messages {0} for message {1} while processing scheduled messages
AMQ224012
ERROR
error releasing resources
AMQ224014
ERROR
Failed to close session
AMQ224015
ERROR
Caught XA exception
AMQ224016
ERROR
Caught exception
AMQ224017
ERROR
Invalid packet {0}
AMQ224018
ERROR
Failed to create session
AMQ224019
ERROR
Failed to reattach session
AMQ224020
ERROR
Failed to handle create queue
AMQ224021
ERROR
Failed to decode packet
AMQ224022
ERROR
Failed to execute failure listener
AMQ224024
ERROR
Stomp Error, tx already exist! {0}
AMQ224027
ERROR
Failed to write to handler on invm connector {0}
AMQ224028
ERROR
Failed to stop acceptor {0}
AMQ224029
ERROR
large message sync: largeMessage instance is incompatible with it, ignoring data
AMQ224030
ERROR
Could not cancel reference {0}
AMQ224032
ERROR
Failed to pause bridge
AMQ224033
ERROR
Failed to broadcast connector configs
AMQ224034
ERROR
Failed to close consumer
AMQ224035
ERROR
Failed to close cluster connection flow record
AMQ224036
ERROR
Failed to update cluster connection topology
AMQ224037
ERROR
cluster connection Failed to handle message
AMQ224038
ERROR
Failed to ack old reference
AMQ224039
ERROR
Failed to expire message reference
AMQ224040
ERROR
Failed to remove consumer
AMQ224041
ERROR
Failed to deliver
AMQ224042
ERROR
Error while restarting the backup server: {0}
AMQ224043
ERROR
Failed to send forced delivery message
AMQ224044
ERROR
error acknowledging message
AMQ224045
ERROR
Failed to run large message deliverer
AMQ224046
ERROR
Exception while browser handled from {0}
AMQ224047
ERROR
Failed to delete large message file
AMQ224048
ERROR
Failed to remove temporary queue {0}
AMQ224049
ERROR
Cannot find consumer with id {0}
AMQ224050
ERROR
Failed to close connection {0}
AMQ224051
ERROR
Failed to call notification listener
AMQ224052
ERROR
Unable to call Hierarchical Repository Change Listener
AMQ224053
ERROR
failed to timeout transaction, xid:{0}
AMQ224054
ERROR
exception while stopping the replication manager
AMQ224055
ERROR
Bridge Failed to ack
AMQ224056
ERROR
Live server will not fail-back automatically
AMQ224057
ERROR
Backup server that requested fail-back was not announced. Server will not stop for fail-back.
AMQ224058
ERROR
Stopping ClusterManager. As it failed to authenticate with the cluster: {0}
AMQ224059
ERROR
Invalid cipher suite specified. Supported cipher suites are: {0}
Setting both <{0}> and is invalid. Please use exclusively as <{0}> is deprecated. Ignoring <{0}> value.
AMQ224062
ERROR
Failed to send SLOW_CONSUMER notification: {0}
AMQ224063
ERROR
Failed to close consumer connections for address {0}
AMQ224064
ERROR
Setting <{0}> is invalid with this HA Policy Configuration. Please use exclusively or remove. Ignoring <{0}> value.
AMQ224065
ERROR
Failed to remove auto-created {1} {0}
AMQ224066
ERROR
Error opening context for LDAP
AMQ224067
ERROR
Error populating security roles from LDAP
AMQ224068
ERROR
Unable to stop component: {0}
AMQ224069
ERROR
Change detected in broker configuration file, but reload failed
AMQ224072
WARN
Message Counter Sample Period too short: {0}
AMQ224073
INFO
Using MAPPED Journal
AMQ224074
ERROR
Failed to purge queue {0} on no consumers
AMQ224075
ERROR
Cannot find pageTX id = {0}
AMQ224076
INFO
Undeploying address {0}
AMQ224077
INFO
Undeploying queue {0}
AMQ224078
WARN
The size of duplicate cache detection () appears to be too large {0}. It should be no greater than the number of messages that can be squeezed into confirmation window buffer () {1}.
AMQ224079
ERROR
The process for the virtual machine will be killed, as component {0} is not responsive
AMQ224080
ERROR
The server process will now be stopped, as component {0} is not responsive
AMQ224081
WARN
The component {0} is not responsive
AMQ224082
ERROR
Failed to invoke an interceptor
AMQ224083
ERROR
Failed to close context
AMQ224084
ERROR
Failed to open context
AMQ224085
ERROR
Failed to load property {0}, reason: {1}
AMQ224086
ERROR
Caught unexpected exception
AMQ224087
ERROR
Error announcing backup: backupServerLocator is null. {0}
AMQ224088
ERROR
Timeout ({0} seconds) on acceptor "{1}" during protocol handshake with {2} has occurred.
AMQ224089
WARN
Failed to calculate persistent size
AMQ224090
WARN
This node is not configured for Quorum Voting, all nodes must be configured for HA
AMQ224091
WARN
Bridge {0} is unable to connect to destination. Retrying
AMQ224092
INFO
Despite disabled persistence, page files will be persisted.
AMQ224093
ERROR
Reference to message is null
AMQ224094
TRACE
Quorum vote result await is interrupted
AMQ224095
ERROR
Error updating Consumer Count: {0}
AMQ224096
ERROR
Error setting up connection from {0} to {1}; protocol {2} not found in map: {3}
AMQ224097
ERROR
Failed to start server
AMQ224098
INFO
Received a vote saying the backup is live with connector: {0}
AMQ224099
WARN
Message with ID {0} has a header too large. More information available on debug level for class {1}
AMQ224100
INFO
Timed out waiting for large messages deletion with IDs {0}, might not be deleted if broker crashes atm
AMQ224101
WARN
Apache ActiveMQ Artemis is using a scheduled pool without remove on cancel policy, so a cancelled task could be not automatically removed from the work queue, it may also cause unbounded retention of cancelled tasks.
AMQ224102
INFO
unable to undeploy address {0} : reason {1}
AMQ224103
INFO
unable to undeploy queue {0} : reason {1}
AMQ224104
ERROR
Error starting the Acceptor {0} {1}
AMQ224105
WARN
Connecting to cluster failed
AMQ224106
ERROR
failed to remove transaction, xid:{0}
AMQ224107
INFO
The Critical Analyzer detected slow paths on the broker. It is recommended that you enable trace logs on org.apache.activemq.artemis.utils.critical while you troubleshoot this issue. You should disable the trace logs when you have finished troubleshooting.
AMQ224108
INFO
Stopped paging on address ''{0}''; {1}
AMQ224109
WARN
ConnectionRouter {0} not found
AMQ224110
WARN
Configuration 'whitelist' is deprecated, please use the 'allowlist' configuration
AMQ224111
WARN
Both 'whitelist' and 'allowlist' detected. Configuration 'whitelist' is deprecated, please use only the 'allowlist' configuration
AMQ224112
INFO
Auto removing Queue {0} with queueID={1} on address={2}
AMQ224113
INFO
Auto removing Address {0}
AMQ224114
INFO
Address control block, blocking message production on address ''{0}''. Clients will not get further credit.
AMQ224115
INFO
Address control unblock of address ''{0}''. Clients will be granted credit as normal.
AMQ224116
WARN
The component {0} is not responsive during start up. The Server may be taking too long to start
AMQ224117
INFO
"page-max-cache-size" being used on broker.xml. This configuration attribute is no longer used and it will be ignored.
AMQ332068
WARN
connection closed {0}
AMQ332069
WARN
Sent ERROR frame to STOMP client {0}: {1}
AMQ334023
ERROR
Unable to send frame {0}
AMQ341000
INFO
Failed to set up JMS bridge {1} connections. Most probably the source or target servers are unavailable. Will retry after a pause of {0} ms
AMQ341001
INFO
JMS Bridge {0} succeeded in reconnecting to servers
AMQ341002
INFO
JMSBridge {0} succeeded in connecting to servers
AMQ342000
WARN
Attempt to start JMS Bridge {0}, but is already started
AMQ342001
WARN
Failed to start JMS Bridge {0}
AMQ342002
WARN
Failed to unregisted JMS Bridge {0} - {1}
AMQ342003
WARN
JMS Bridge {0} unable to set up connections, bridge will be stopped
AMQ342004
WARN
JMS Bridge {1}, will retry after a pause of {0} ms
AMQ342005
WARN
JMS Bridge {0} unable to set up connections, bridge will not be started
AMQ342006
WARN
JMS Bridge {0}, detected failure on bridge connection
beforeMessageRoute called with message: {0}, context: {1}, direct: {2}, rejectDuplicates: {3}
AMQ843011
DEBUG
afterMessageRoute message: {0}, with context: {1}, direct: {2}, rejectDuplicates: {3}
AMQ843012
DEBUG
beforeDeliver called with consumer: {0}, reference: {1}
AMQ843013
DEBUG
delivered message with message ID: {0} to consumer on address: {1}, queue: {2}, consumer sessionID: {3}, consumerID: {4}, full message reference: {5}, full consumer: {6}
TransactionReaper::check worker {0} not responding to interrupt when cancelling TX {1} -- worker marked as zombie and TX scheduled for mark-as-rollback
TwoPhaseCoordinator.beforeCompletion - failed for {0}
ARJUNA012126
WARN
TwoPhaseCoordinator.beforeCompletion TwoPhaseCoordinator.afterCompletion called on still running transaction!
ARJUNA012127
WARN
TwoPhaseCoordinator.afterCompletion - returned failure for {0}
ARJUNA012128
WARN
TwoPhaseCoordinator.afterCompletion - failed for {0} with exception
ARJUNA012129
WARN
TwoPhaseCoordinator.afterCompletion - failed for {0} with error
ARJUNA012130
WARN
Name of XA node not defined. Using {0}
ARJUNA012131
WARN
Supplied name of node is too long. Using {0}
ARJUNA012132
WARN
Supplied name of node contains reserved character ''-''. Using {0}
ARJUNA012135
java.lang.String
Could not create Store type:
ARJUNA012136
WARN
Could not recreate abstract record {0}
ARJUNA012137
WARN
Cannot begin new transaction as TM is disabled. Marking as rollback-only.
ARJUNA012138
WARN
Node name cannot exceed {0} bytes!
ARJUNA012139
WARN
You have chosen to disable the Multiple Last Resources warning. You will see it only once.
ARJUNA012140
WARN
Adding multiple last resources is disallowed. Trying to add {0}, but already have {1}
ARJUNA012141
WARN
Multiple last resources have been added to the current transaction. This is transactionally unsafe and should not be relied upon. Current resource is {0}
ARJUNA012142
WARN
You have chosen to enable multiple last resources in the transaction manager. This is transactionally unsafe and should not be relied upon.
invalid number of hash directories: {0}. Will use default.
ARJUNA012237
java.lang.String
HashedStore.allObjUids - could not pack Uid.
ARJUNA012238
java.lang.String
HashedStore.allObjUids - could not pack end of list Uid.
ARJUNA012239
WARN
hide_state caught exception
ARJUNA012240
WARN
remove_state - type() operation of object with uid {0} returns NULL
ARJUNA012241
WARN
invalid initial pool size: {0}
ARJUNA012242
WARN
invalid maximum pool size: {0}
ARJUNA012243
WARN
initialise caught exceptionatorLoader_3
ARJUNA012244
WARN
getState caught exception
ARJUNA012245
WARN
removeFromCache - no entry for {0}
ARJUNA012246
WARN
getPool caught exception
ARJUNA012247
INFO
getPool - interrupted while waiting for a free connection
ARJUNA012248
WARN
freePool - freeing a connection which is already free!
ARJUNA012249
WARN
reveal_state caught exception
ARJUNA012250
WARN
currentState caught exception
ARJUNA012251
WARN
allObjUids caught exception
ARJUNA012252
WARN
allObjUids - pack of Uid failed
ARJUNA012253
WARN
allTypes caught exception
ARJUNA012254
WARN
allTypes - pack of Uid failed
ARJUNA012255
WARN
remove_state caught exception
ARJUNA012256
WARN
remove_state() attempted removal of {0} state for object with uid {1}
ARJUNA012257
WARN
JDBCImple:read_state failed
ARJUNA012258
WARN
JDBCImple:write_state caught exception
ARJUNA012259
FATAL
JDBCStore could not setup store < {0} , {1}>
ARJUNA012260
FATAL
Received exception for {0}
ARJUNA012261
WARN
JDBCStore.setupStore failed to initialise!
ARJUNA012263
java.lang.String
No JDBCAccess implementation provided!
ARJUNA012265
WARN
ShadowingStore::remove_state() - state {0} does not exist for type {1}
ARJUNA012266
WARN
ShadowingStore::remove_state() - unlink failed on {0}
ARJUNA012267
WARN
ShadowingStore.remove_state() - fd error for {0}
ARJUNA012269
INFO
UNKNOWN state for object with uid {0} , type {1}
ARJUNA012270
INFO
HIDDEN state for object with uid {0} , type {1}
ARJUNA012272
WARN
ShadowingStore.remove_state - type() operation of object with uid {0} returns NULL
ARJUNA012273
WARN
ShadowingStore::write_state() - openAndLock failed for {0}
ARJUNA012274
WARN
ShadowingStore::write_state - unlock or close of {0} failed.
ARJUNA012275
WARN
ShadowStore::commit_state - failed to rename {0} to {1}
ARJUNA012278
WARN
ShadowStore::hide_state - failed to rename {0} to {1}
ARJUNA012279
WARN
ShadowStore::reveal_state - failed to rename {0} to {1}
ARJUNA012280
WARN
ShadowingStore::read_state() - openAndLock failed for {0}
ARJUNA012282
WARN
ShadowingStore::read_state() failed
ARJUNA012283
WARN
ShadowingStore::read_state - unlock or close of {0} failed
ARJUNA012284
WARN
ShadowingStore::remove_state() - access problems on {0} and {1}
ARJUNA012285
WARN
oracle:read_state failed
ARJUNA012286
WARN
oracle:write_state caught exception
ARJUNA012287
java.lang.String
No typename for object:
ARJUNA012288
java.lang.String
allTypes - could not pack end of list string.
ARJUNA012289
WARN
RecoveryManagerStatusModule: Object store exception
ARJUNA012290
WARN
failed to recover Transaction {0}
ARJUNA012291
WARN
failed to access transaction store {0}
ARJUNA012292
WARN
Connection error on running a work on the socket. IOException: {0}
ARJUNA012293
WARN
Setting timeout exception.
ARJUNA012297
INFO
ExpiredEntryMonitor - no scans on first iteration
ARJUNA012301
WARN
ExpiredTransactionScanner - exception during attempted move {0}
ARJUNA012303
INFO
ExpiredTransactionScanner - log {0} is assumed complete and will be moved.
ARJUNA012310
INFO
Recovery manager listening on endpoint {0}:{1}
ARJUNA012318
WARN
Could not create recovery listener
ARJUNA012326
WARN
socket I/O exception
ARJUNA012327
WARN
TransactionStatusConnector.delete called erroneously
ARJUNA012328
WARN
Connection lost to TransactionStatusManagers'' process
ARJUNA012329
WARN
Connection lost to TransactionStatusManagers'' process
ARJUNA012330
INFO
TransactionStatusManager process for uid {0} is ALIVE. connected to host: {1}, port: {2} on socket: {3}
ARJUNA012331
INFO
TransactionStatusManager process for uid {0} is DEAD.
ARJUNA012332
INFO
Failed to establish connection to server
ARJUNA012333
WARN
Problem with removing host/port item
ARJUNA012334
WARN
Problem with storing host/port
ARJUNA012335
WARN
Problem retrieving host/port
ARJUNA012336
WARN
Failed to obtain host
ARJUNA012338
WARN
Other Exception:
ARJUNA012339
WARN
Cannot read line from the socket. IOException: {0}
ARJUNA012340
INFO
RecoveryManager scan scheduled to begin.
ARJUNA012341
INFO
RecoveryManager scan completed.
ARJUNA012342
FATAL
RecoveryManagerImple: cannot bind to socket on address {0} and port {1}
ARJUNA012344
INFO
RecoveryManagerImple is ready on port {0}
ARJUNA012345
WARN
Transaction {0} and {1} not activate.
ARJUNA012346
WARN
Error - could not get resource to forget heuristic. Left on Heuristic List.
ARJUNA012347
java.lang.String
Could not get back a valid pid.
ARJUNA012348
java.lang.String
Problem executing getpids utility:
ARJUNA012349
java.lang.String
Problem executing command:
ARJUNA012350
java.lang.String
Problem getting pid information from stream:
ARJUNA012351
WARN
Encountered a problem when closing the data stream
ARJUNA012352
java.lang.String
FileProcessId.getpid - could not locate temporary directory.
ARJUNA012353
java.lang.String
FileProcessId.getpid could not create unique file.
ARJUNA012354
java.lang.String
Could not get back a valid pid.
ARJUNA012355
java.lang.String
getName returned unrecognized format:
ARJUNA012356
java.lang.String
Could not get back a valid pid.
ARJUNA012359
java.lang.String
SocketProcessId.getpid could not get unique port.
ARJUNA012361
INFO
Error constructing mbean
ARJUNA012362
INFO
Failed to create StateManagerWrapper
ARJUNA012363
java.lang.String
Invalid rootName. Expected {0} but was {1}
ARJUNA012364
java.lang.String
RecoveryActivator init failed for {0}
ARJUNA012365
java.lang.String
Method not implemented
ARJUNA012366
WARN
Unexpected data read from journal - file may be corrupt.
ARJUNA012367
java.lang.String
Failed to create store dir {0}
ARJUNA012368
java.lang.String
Node identifiers must be an integer and must be 1 or greater: {0}
ARJUNA012369
java.lang.String
The node identifier was already set
ARJUNA012370
TRACE
Previously committed row(s) deleted {0}
ARJUNA012371
WARN
Image size {0} is greater than max allowed {1}
ARJUNA012372
FATAL
The node identifier {0} was too long {1}, aborting initialization
ARJUNA012373
java.lang.String
The node identifier {0} was too long {1}, aborting initialization
ARJUNA012374
FATAL
The node identifier cannot be null, aborting initialization
ARJUNA012375
java.lang.String
The node identifier cannot be null, aborting initialization
ARJUNA012376
WARN
ObjectStore remove_state caught exception:
ARJUNA012377
WARN
HornetqObjectStore remove_state caught exception:
ARJUNA012378
WARN
ReaperElement appears to be wedged: {0}
ARJUNA012379
WARN
ExpiredTransactionScanner - {0} is assumed complete and will be moved.
ARJUNA012380
INFO
OSB: Error constructing record header reader
ARJUNA012381
WARN
Action id {0} completed with multiple threads - thread {1} was in progress with {2}
ARJUNA012382
WARN
Action id {0} could not be transitioned to committed
ARJUNA012383
WARN
Action id {0} could not be updated during write_state
ARJUNA012384
WARN
Action id {0} could not be inserted during write_state
ARJUNA012385
java.lang.String
Could not read from object store
ARJUNA012386
java.lang.String
Unexpected state type {0}
ARJUNA012387
FATAL
Encoding {0} is not supported
ARJUNA012388
java.lang.String
Encoding {0} is not supported
ARJUNA012389
INFO
OSB: Error constructing record header reader: {0}
ARJUNA012390
WARN
Error constructing mbean
ARJUNA012391
java.lang.String
Could not initialize object store ''{0}'' of type ''{1}''
ARJUNA012392
WARN
AbstractRecord.create {0} failed to create record class {1}.
ARJUNA012393
WARN
The Artemis journal was requested to be AIO version but this is not available on your machine
ARJUNA012394
WARN
Could not close transaction listener server socket ''{0}''
ARJUNA012395
WARN
Could not close transaction listener socket connection ''{0}''
ARJUNA012396
WARN
Cannot activate type ''{0}'' at object store ''{1}''
ARJUNA012397
WARN
Could not extract elements from the cache store list
ARJUNA012398
WARN
ObjectStoreException in doWork of CacheStore trying to perform state management
ARJUNA012399
WARN
Problem in doWork of CacheStore trying to perform state management
ARJUNA012400
java.lang.String
Cannot terminate the recovery manager as the implementation is not known. Could be the recovery manager was not started yet?
ARJUNA012401
java.lang.String
There is already started a recovery manager in mode ''{0}'' which is different from the requested mode ''{1}''.If you consider starting in a different mode then first terminate the currently running recovery manager.
ARJUNA012402
java.lang.String
PMemSlots instance already initialized, can't call init again
ARJUNA012403
java.lang.String
Can't create pmem store in ''{0}'' - may not be an fs-dax location
ARJUNA012404
INFO
Action id {0} - thread {1} at time {2} had stackTrace {3}
ARJUNA012405
INFO
The asyncIO mode for the Artemis journal does not support maxIO=1, using the nearest value which is 2
ARJUNA012406
WARN
Invalid class type in system property ObjStoreBrowserHandlers: ''{0}''
ARJUNA015001
WARN
LockManagerFriend.getLink
ARJUNA015002
WARN
LockManagerFriend.setLink
ARJUNA015004
WARN
Object store exception on committing {0}
ARJUNA015009
WARN
RecoveredTransactionalObject tried to access object store
LockManager::setlock() cannot load existing lock states
ARJUNA015034
WARN
LockManager::setlock() cannot activate object
ARJUNA015035
WARN
LockManager::setlock() cannot save new lock states
ARJUNA015036
WARN
Lockmanager::releaselock() could not load old lock states
ARJUNA015037
WARN
Lockmanager::releaselock() could not unload new lock states
ARJUNA015038
WARN
LockRecord::set_value() called illegally
ARJUNA015039
WARN
LockRecord - release failed for action {0}
ARJUNA015040
WARN
LockRecord::nestedAbort - no current action
ARJUNA015041
WARN
LockRecord::nestedCommit - no current action
ARJUNA015042
WARN
LockRecord - release failed for action {0}
ARJUNA015043
WARN
LockRecord::topLevelCommit - no current action
ARJUNA015044
WARN
Invocation of LockRecord::restore_state for {0} inappropriate - ignored for {1}
ARJUNA015050
WARN
OptimisticLockRecord.topLevelPrepare state check failed for {0} will force rollback.
ARJUNA015051
WARN
OptimisticLockRecord.topLevelCommit state check failed for {0} will force rollback.
ARJUNA015052
WARN
LockManager::initialise() could not initialise lock store
ARJUNA016001
WARN
could not get all object Uids.
ARJUNA016002
WARN
Cannot add resource to table: no XID value available.
ARJUNA016004
WARN
XARecoveryModule setup failed
ARJUNA016005
WARN
{0} - failed to recover XAResource. status is {1}
ARJUNA016006
WARN
{0} - forget threw exception
ARJUNA016008
WARN
{0} - caught exception
ARJUNA016009
WARN
Caught:
ARJUNA016013
INFO
Rolling back {0}
ARJUNA016016
INFO
{0} not an Arjuna XID
ARJUNA016017
INFO
No XA recovery nodes specified. May not recover orphans.
ARJUNA016018
WARN
XARecoveryModule periodicWork failed
ARJUNA016019
WARN
{0} exception
ARJUNA016020
WARN
{0} exception
ARJUNA016021
INFO
JTA recovery delayed for {0}; got status {1} so waiting for coordinator driven recovery
ARJUNA016022
WARN
Recovery threw:
ARJUNA016023
WARN
JTA failed to recovery {0}; got status {1}
ARJUNA016025
WARN
Unexpected recovery error
ARJUNA016027
WARN
{0} got XA exception {1}
ARJUNA016028
WARN
{0} got exception
ARJUNA016029
WARN
SynchronizationImple.afterCompletion - failed for {0} with exception
ARJUNA016030
java.lang.String
XAOnePhaseResource.pack failed to serialise resource
ARJUNA016031
WARN
XAOnePhaseResource.rollback for {0} failed with exception
ARJUNA016032
java.lang.String
failed to deserialise resource
ARJUNA016033
java.lang.String
Unknown recovery type {0}
ARJUNA016034
INFO
Being told to assume complete on Xid {0}
ARJUNA016035
WARN
{0} - null transaction!
ARJUNA016036
WARN
commit on {0} ({1}) failed with exception ${2}
ARJUNA016037
WARN
Could not find new XAResource to use for recovering non-serializable XAResource {0}
ARJUNA016038
WARN
No XAResource to recover {0}
ARJUNA016039
WARN
onePhaseCommit on {0} ({1}) failed with exception {2}
ARJUNA016040
WARN
{0} - null transaction!
ARJUNA016041
WARN
prepare on {0} ({1}) failed with exception {2}
ARJUNA016042
WARN
{0} - null transaction!
ARJUNA016043
WARN
Exception on attempting to restore XAResource
ARJUNA016044
WARN
An error occurred during restore_state for XAResource {0} and transaction {1}
ARJUNA016045
WARN
attempted rollback of {0} ({1}) failed with exception code {2}
ARJUNA016046
WARN
{0} - null transaction!
ARJUNA016047
WARN
Could not serialize a Serializable XAResource!
ARJUNA016048
WARN
An error occurred during save_state for XAResource {0} and transaction {1}
ARJUNA016049
WARN
{0} called illegally.
ARJUNA016051
java.lang.String
thread is already associated with a transaction!
ARJUNA016053
java.lang.String
Could not commit transaction.
ARJUNA016054
java.lang.String
could not register transaction
ARJUNA016055
WARN
{0} caught exception
ARJUNA016056
WARN
{0} - caught exception during delist : {1}
ARJUNA016058
WARN
Ending suspended RMs failed when rolling back the transaction!
ARJUNA016059
java.lang.String
Ending suspended RMs failed when rolling back the transaction, but transaction rolled back.
ARJUNA016060
WARN
{0} - caught: {1}
ARJUNA016061
WARN
{0} - XAResource.start returned: {2} for {1}
ARJUNA016062
java.lang.String
illegal resource state
ARJUNA016063
java.lang.String
The transaction is not active!
ARJUNA016064
java.lang.String
The transaction is in an invalid state!
ARJUNA016066
ERROR
Failed to create instance of TransactionImporter
ARJUNA016067
ERROR
Failed to create instance of XATerminator
ARJUNA016068
java.lang.String
Work already active!
ARJUNA016069
WARN
failed to load Last Resource Optimisation Interface {0}
ARJUNA016070
WARN
{0} - could not mark {1} as rollback only
ARJUNA016071
WARN
{0} caught XAException: {1}
ARJUNA016072
java.lang.String
No such transaction!
ARJUNA016073
WARN
Current transaction is not an AtomicAction!
ARJUNA016074
java.lang.String
no transaction!
ARJUNA016075
java.lang.String
null synchronization parameter!
ARJUNA016076
java.lang.String
Resource paramater is null!
ARJUNA016078
java.lang.String
resource already suspended.
ARJUNA016079
java.lang.String
Transaction rollback status is:
ARJUNA016080
java.lang.String
Not allowed to terminate subordinate transaction directly.
ARJUNA016081
java.lang.String
The transaction implementation threw a RollbackException
ARJUNA016082
java.lang.String
Synchronizations are not allowed! Transaction status is
ARJUNA016083
java.lang.String
Cannot register synchronization because the transaction is in aborted state
ARJUNA016084
java.lang.String
The transaction implementation threw a SystemException
ARJUNA016085
WARN
Caught the following error
ARJUNA016086
WARN
{0} setTransactionTimeout on XAResource {1} threw: {2}
ARJUNA016087
WARN
{0} - unknown resource
ARJUNA016088
WARN
Could not call end on a suspended resource!
ARJUNA016089
WARN
{0} - caught: {2} for {1}
ARJUNA016091
WARN
Failed to lookup transaction manager in JNDI context
ARJUNA016093
WARN
Failed to lookup user transaction in JNDI context
ARJUNA016096
java.lang.String
Unable to instantiate TransactionSynchronizationRegistry implementation class!
ARJUNA016098
java.lang.String
Null exception!
ARJUNA016099
java.lang.String
Unknown error code:
ARJUNA016100
java.lang.String
Xid unset
ARJUNA016101
java.lang.String
Could not pack XidImple {0}
ARJUNA016102
java.lang.String
The transaction is not active! Uid is {0}
ARJUNA016103
java.lang.String
Error getting the status of the current transaction
ARJUNA016104
java.lang.String
Error getting the current transaction
ARJUNA016105
java.lang.String
Could not lookup the TransactionManager
ARJUNA016106
java.lang.String
Could not lookup the TransactionSynchronizationRegistry
ARJUNA016107
java.lang.String
Expected an @Transactional annotation at class and/or method level
ARJUNA016108
java.lang.String
Wrong transaction on thread
ARJUNA016109
java.lang.String
Contextual is null
ARJUNA016110
java.lang.String
Transaction is required for invocation
ARJUNA016111
java.lang.String
The node identifier cannot be null
ARJUNA016112
WARN
Could not determine commit status of CMR resource {0} and transaction {1}
ARJUNA016113
INFO
Xid {0} was committed by resource manager
ARJUNA016114
WARN
Could not load {0} will try to get XAResource from the recovery helpers
ARJUNA016115
WARN
Could not access object store to check for log so will leave record alone
ARJUNA016116
WARN
Failed to create JMS connection
ARJUNA016117
WARN
Failed to close JMS connection {0}
ARJUNA016118
WARN
Failed to close JMS session {0}
ARJUNA016119
java.lang.String
Failed to get transaction
ARJUNA016120
WARN
Failed to get transaction
ARJUNA016121
java.lang.String
Failed to get transaction status
ARJUNA016122
WARN
Failed to get transaction status
ARJUNA016123
java.lang.String
Failed to register synchronization
ARJUNA016124
WARN
Failed to register synchronization
ARJUNA016125
java.lang.String
Failed to enlist XA resource
ARJUNA016126
WARN
Failed to enlist XA resource
ARJUNA016127
java.lang.String
Failed to delist XA resource
ARJUNA016128
WARN
Failed to delist XA resource
ARJUNA016129
WARN
Could not end XA resource {0}
ARJUNA016130
FATAL
Subordinate transaction was committed during prepare, this will look like a rollback {0}
ARJUNA016131
FATAL
Subordinate transaction was not recovered successfully {0}
ARJUNA016132
WARN
Cannot packt into output object state {0}
ARJUNA016133
WARN
Cannot create a new instance of Xid of uid {0}, is branch: {1}, eisname: {2}
ARJUNA016134
WARN
Cannot create a new instance of Xid of base xid {0}, is branch: {1}, eisname: {2}
ARJUNA016135
WARN
Cannot read object {0} store for xid {1}
ARJUNA016136
WARN
Cannot unpact state of the xid {0} loaded from recovery store {1} of txn type {2}
ARJUNA016137
ERROR
Failed to get transaction status of {0}
ARJUNA016138
WARN
Failed to enlist XA resource {0}
ARJUNA016139
ERROR
Fail to cast class of transaction action {0}
ARJUNA016140
java.lang.String
No subordinate transaction to drive for commit with xid: {0}
ARJUNA016141
java.lang.String
Error committing transaction ''{0}'' for xid: {1}
ARJUNA016142
java.lang.String
Not actived transaction ''{0}'' for xid: {1}
ARJUNA016143
WARN
Problem during waiting for lock ''{0}'' whilst in state {1}
ARJUNA016144
java.lang.String
No subordinate transaction to drive {0}, xid: {1}
ARJUNA016145
java.lang.String
One phase commit for transaction ''{0}'' does not store data in the object store. Recovery is won''t able to decide about outcome. Transaction is marked as heuristic to be decided by administrator.
ARJUNA016146
java.lang.String
Cannot work with the imported transaction as UID is null.
ARJUNA016147
java.lang.String
Cannot recover imported transaction of UID ''{0}'' of transaction ''{1}'' as transaction base Xid is null.
ARJUNA016148
java.lang.String
Cannot work further as the argument Xid is null.
ARJUNA016149
WARN
Returned global transaction identifier and branch qualifier are null but format id is not -1. {0}
ARJUNA016150
INFO
Returned global transaction identifier or branch qualifier is null. {0}
ARJUNA016151
java.lang.String
Not supported for interception factory with non-weld CDI implementation for bean {0}.
ARJUNA016152
java.lang.String
TransactionScoped context is not active as there is no active transaction on the thread
ARJUNA016153
java.lang.String
Transaction is not allowed for invocation
ARJUNA017001
java.lang.String
Rollback not allowed by transaction service.
ARJUNA017002
java.lang.String
Connection is already associated with a different transaction! Obtain a new connection for this transaction.
ARJUNA017003
java.lang.String
Checking transaction and found that this connection is already associated with a different transaction! Obtain a new connection for this transaction.
ARJUNA017004
java.lang.String
AutoCommit is not allowed by the transaction service.
ARJUNA017005
java.lang.String
An error occurred during close:
ARJUNA017006
java.lang.String
Invalid transaction during close {0}
ARJUNA017007
DEBUG
Connection will be closed now. Indications are that this db does not allow multiple connections in the same transaction {0}
ARJUNA017008
INFO
No modifier information found for db. Connection will be closed immediately {0}
ARJUNA017009
java.lang.String
Commit not allowed by transaction service.
ARJUNA017010
java.lang.String
JDBC2 connection initialisation problem
ARJUNA017011
java.lang.String
Delist of resource failed.
ARJUNA017013
WARN
Caught exception
ARJUNA017016
java.lang.String
Failed to load dynamic class
ARJUNA017017
java.lang.String
enlist of resource failed
ARJUNA017018
WARN
Failed to get modifier for driver:
ARJUNA017020
java.lang.String
Transaction is not active on the thread!
ARJUNA017021
java.lang.String
Could not get transaction information.
ARJUNA017024
WARN
{0} - failed to set isolation level
ARJUNA017025
java.lang.String
Could not resolve JNDI XADataSource
ARJUNA017027
WARN
An exception occurred during initialisation.
ARJUNA017028
WARN
{0} could not find information for connection!
ARJUNA017029
WARN
An exception occurred during initialisation.
ARJUNA017031
java.lang.String
rollback(Savepoint) not allowed inside distributed tx.
ARJUNA017032
WARN
{0} - could not mark transaction rollback
ARJUNA017033
java.lang.String
rollback(Savepoint) not allowed inside distributed tx.
ARJUNA017034
java.lang.String
Cannot set readonly when within a transaction!
ARJUNA017035
java.lang.String
setSavepoint not allowed inside distributed tx.
ARJUNA017037
java.lang.String
Could not resolve JNDI XADataSource
ARJUNA017038
WARN
ConnectionSynchronization could not close connection
ARJUNA017039
java.lang.String
BasicXARecovery did not have enough connection configuration
ARJUNA017040
ERROR
Cannot create JDBCXARecovery datasource of jndi name ''{0}''
TransactionRecoveryModule: transaction type not set
ARJUNA022217
WARN
TransactionRecoveryModule: Object store exception
ARJUNA022219
INFO
Transaction {0} still in ActionStore
ARJUNA022223
WARN
{0} caught exception
ARJUNA022224
WARN
{0} - no parent!
ARJUNA022225
WARN
{0} called without a resource reference!
ARJUNA022226
WARN
{0} failed. Returning default value: {1}
ARJUNA022227
WARN
{0} called illegally!
ARJUNA022228
WARN
{0} failed. Returning default value: {1}
ARJUNA022229
WARN
{0} has no parent transaction!
ARJUNA022230
WARN
{0} caught exception
ARJUNA022231
WARN
{0} called illegally.
ARJUNA022232
WARN
{0} called without a resource!
ARJUNA022233
WARN
{0} caught unexpected exception
ARJUNA022234
WARN
{0} called multiple times.
ARJUNA022235
WARN
Could not rollback transaction {0}
ARJUNA022236
WARN
Could not rollback transaction {0} as it does not exist!
ARJUNA022237
WARN
{0} - cannot rollback {1}
ARJUNA022239
WARN
{0} caught unexpected exception
ARJUNA022240
WARN
{0} - no transaction!
ARJUNA022241
WARN
{0} - terminated out of sequence {1}
ARJUNA022242
WARN
{0} - running atomic transaction going out of scope. Will roll back. {1}
ARJUNA022243
WARN
{0} - transaction unavailable.
ARJUNA022244
WARN
Will roll back. Current transaction is {0}
ARJUNA022245
WARN
Cannot determine transaction name!
ARJUNA022246
WARN
{0} caught exception
ARJUNA022247
WARN
Top-level transaction going out of scope with nested transaction {0} still set.
ARJUNA022248
WARN
{0} - could not unregister from transaction!
ARJUNA022249
WARN
{0} - could not resume transaction
ARJUNA022250
java.lang.String
could not resume transaction:
ARJUNA022251
INFO
The ORBManager is already associated with an ORB/OA.
ARJUNA022252
WARN
Failed to remove old ObjectStore entry
ARJUNA022255
java.lang.String
A client-side request interceptor already exists with that name.
ARJUNA022256
java.lang.String
A client-side request interceptor already exists with that name.
ARJUNA022257
WARN
{0} - unknown interposition type: {1}
ARJUNA022258
java.lang.String
Transaction was inactive
ARJUNA022259
WARN
ExtendedResourceRecord detected that the remote side had cleaned up, assuming 1PC resource
ARJUNA022260
DEBUG
{0} caught exception
ARJUNA022261
WARN
ServerTopLevelAction detected that the transaction was inactive
ARJUNA022262
java.lang.String
The node identifier cannot be null
ARJUNA022263
INFO
rollback for {0} was already rolled back
ARJUNA022264
INFO
cannot read subordinate uid from object store {0} on input object state {1}
ARJUNA022265
INFO
failure on processing doRecover for xid {0} and parent node name {1}
ARJUNA022266
WARN
topLevelCommit of resource {0} failed
ARJUNA024001
INFO
XA recovery committing {0}
ARJUNA024002
INFO
XA recovery rolling back {0}
ARJUNA024004
WARN
Caught the following error while trying to single phase complete resource
ARJUNA024005
WARN
Committing of resource state failed.
ARJUNA024006
WARN
{0} caused an error from resource {1} in transaction {2}
ARJUNA024007
WARN
You have chosen to disable the Multiple Last Resources warning. You will see it only once.
ARJUNA024008
WARN
Adding multiple last resources is disallowed. Current resource is {0}
ARJUNA024009
WARN
Multiple last resources have been added to the current transaction. This is transactionally unsafe and should not be relied upon. Current resource is {0}
ARJUNA024010
WARN
You have chosen to enable multiple last resources in the transaction manager. This is transactionally unsafe and should not be relied upon.
ARJUNA024011
WARN
Reading state caught exception
ARJUNA024012
WARN
Could not find new XAResource to use for recovering non-serializable XAResource {0}
ARJUNA024013
WARN
{0} caught NotPrepared exception during recovery phase!
ARJUNA024014
WARN
{0} - null or invalid transaction!
ARJUNA024015
WARN
XAResource prepare failed on resource {0} for transaction {1} with: {2}
ARJUNA024016
WARN
Recovery of resource failed when trying to call {0} got exception
ARJUNA024017
WARN
Attempted shutdown of resource failed with exception
ARJUNA024018
WARN
Exception on attempting to resource XAResource
ARJUNA024019
WARN
Unexpected exception on attempting to resource XAResource
ARJUNA024020
WARN
Could not serialize a serializable XAResource!
ARJUNA024021
WARN
{0} caught unexpected exception during recovery phase!
ARJUNA024022
WARN
Updating of resource state failed.
ARJUNA024023
WARN
{0} caused an XA error: {1} from resource {2} in transaction {3}
ARJUNA024024
java.lang.String
thread is already associated with a transaction and subtransaction support is not enabled!
ARJUNA024025
WARN
Delist of resource failed with exception
ARJUNA024026
WARN
Ending suspended RMs failed when rolling back the transaction!
ARJUNA024027
java.lang.String
Ending suspended RMs failed when rolling back the transaction, but transaction rolled back.
ARJUNA024028
java.lang.String
illegal resource state:
ARJUNA024029
java.lang.String
Transaction is not active.
ARJUNA024031
java.lang.String
Invalid transaction.
ARJUNA024032
java.lang.String
Work already active!
ARJUNA024033
WARN
failed to load Last Resource Optimisation Interface {0}
ARJUNA024034
java.lang.String
Could not enlist resource because the transaction is marked for rollback.
ARJUNA024035
java.lang.String
No such transaction!
ARJUNA024036
WARN
Current transaction is not a TransactionImple
ARJUNA024037
java.lang.String
no transaction!
ARJUNA024038
java.lang.String
no transaction! Caught:
ARJUNA024040
java.lang.String
paramater is null!
ARJUNA024042
java.lang.String
is already suspended!
ARJUNA024043
WARN
An error occurred while checking if this is a new resource manager:
ARJUNA024044
WARN
{0} could not mark the transaction as rollback only
ARJUNA024046
WARN
{0} returned XA error {1} for transaction {2}
ARJUNA024048
java.lang.String
Synchronizations are not allowed!
ARJUNA024049
WARN
cleanup synchronization failed to register:
ARJUNA024050
java.lang.String
The transaction implementation threw a RollbackException
ARJUNA024051
java.lang.String
The transaction implementation threw a SystemException
ARJUNA024052
WARN
Active thread error:
ARJUNA024053
WARN
{0} attempt to delist unknown resource!
ARJUNA024054
java.lang.String
The current transaction does not match this transaction!
ARJUNA024055
WARN
Could not call end on a suspended resource!
ARJUNA024056
WARN
{0} caught XA exception: {1}
ARJUNA024057
WARN
{0} setTransactionTimeout on XAResource {2} threw: {1}
ARJUNA024058
WARN
Could not deserialize class. Will wait for bottom up recovery
ARJUNA024059
java.lang.String
Inflow recovery is not supported for JTS mode
ARJUNA024060
WARN
Could not end XA resource {0}
ARJUNA024061
WARN
Could not enlist XA resource {0} with params {1}
ARJUNA024062
WARN
ORB ''{0}'' occured on one phase commit for xid {1}
ARJUNA024063
WARN
Cannot save state of xid {0}
ARJUNA024064
java.lang.String
The current transaction {0} does not match this transaction
ARJUNA024065
WARN
Cannot save state of output object state {0} of object type {1}
ARJUNA024066
WARN
Cannot restore state of input object state {0} of object type {1}
ARJUNA032001
ERROR
createConnection got exception
ARJUNA032002
ERROR
createDataSource got exception during getXADataSource call
ARJUNA032003
WARN
InstanceNotFound. Datasource {0} not deployed, or wrong name?
ARJUNA032004
ERROR
createDataSource {0} got exception
ARJUNA032005
ERROR
Unexpected exception occurred
ARJUNA032006
ERROR
unknown Tx PropagationContext
ARJUNA032007
ERROR
getCurrentTransaction() failed
ARJUNA032008
ERROR
unknown Tx PropagationContext
ARJUNA032009
ERROR
Unexpected exception occurred
ARJUNA032010
INFO
JBossTS Recovery Service (tag: {0}) - JBoss Inc.
ARJUNA032011
java.lang.String
No suitable recovery module in which to register XAResourceRecovery instance
ARJUNA032012
java.lang.String
No recovery system in which to register XAResourceRecovery instance
ARJUNA032013
INFO
Starting transaction recovery manager
ARJUNA032014
INFO
Stopping transaction recovery manager
ARJUNA032015
java.lang.String
Transaction has or will rollback.
ARJUNA032016
java.lang.String
Unexpected error retrieving transaction status
ARJUNA032017
INFO
JBossTS Transaction Service ({0} version - tag: {1}) - JBoss Inc.
ARJUNA032018
INFO
Destroying TransactionManagerService
ARJUNA032019
WARN
XAExceptionFormatters are not supported by the JBossTS Transaction Service - this warning can safely be ignored
ARJUNA032020
java.lang.String
Transaction is completing!
ARJUNA032021
java.lang.String
Transaction is inactive!
ARJUNA032022
java.lang.String
Unexpected error!
ARJUNA032023
java.lang.String
Work not registered!
ARJUNA032024
INFO
JTS transaction recovery manager
ARJUNA032025
java.lang.String
Transaction has or will rollback.
ARJUNA032026
java.lang.String
Unexpected error retrieving transaction status
ARJUNA032027
java.lang.String
Problem encountered while trying to register transaction manager with ORB!
ARJUNA032028
INFO
registering transaction manager
ARJUNA032029
java.lang.String
Transaction is completing!
ARJUNA032030
java.lang.String
Transaction is inactive!
ARJUNA032031
java.lang.String
Unexpected error!
ARJUNA032032
java.lang.String
Work not registered!
ARJUNA032033
WARN
AppServerJDBCXARecovery should no longer be used. See jira.jboss.org/browse/JBTM-756
ARJUNA032034
INFO
Suspending transaction recovery manager
ARJUNA032035
INFO
Resuming transaction recovery manager
ARJUNA032036
java.lang.String
Unsupported transaction type. Transaction type is {0}
ARJUNA032037
java.lang.String
Transaction listeners are disabled and should not be used. If you need them they can be enabled via -D{0}=true
ARJUNA032038
java.lang.String
Invalid transaction local resource [{0}] associated with key {1}.
ARJUNA032039
java.lang.String
Cannot lock a TransactionLocal after the Transaction [{0}] has ended
ARJUNA032040
java.lang.String
Cannot store value in a TransactionLocal after the Transaction [{0}] has ended
ARJUNA032041
java.lang.String
Unlock called from wrong thread. Locking thread: {0}, current thread: {1}
ARJUNA033001
ERROR
Unable to get subordinate transaction id
ARJUNA033002
ERROR
Unable to recover subordinate transaction id {0}
ARJUNA033003
WARN
prepare on Xid={0} returning Aborted
ARJUNA033004
ERROR
commit on Xid={0} failed
ARJUNA033005
ERROR
rollback on Xid={0} failed
ARJUNA033006
INFO
InboundBridgeRecoveryManager starting
ARJUNA033007
INFO
InboundBridgeRecoveryManager stopping
ARJUNA033008
ERROR
problem rolling back orphaned subordinate tx {0}
ARJUNA033009
ERROR
Problem whilst scanning for in-doubt subordinate transactions
ARJUNA033010
WARN
prepare on Xid={0} failed, setting RollbackOnly
ARJUNA033011
WARN
setRollbackOnly failed
ARJUNA033012
WARN
stop failed for Xid {0}
ARJUNA033013
INFO
OutboundBridgeRecoveryManager starting
ARJUNA033014
INFO
OutboundBridgeRecoveryManager stopping
ARJUNA033015
WARN
unexpected Status {0}, treating as ROLLEDBACK
ARJUNA033016
ERROR
Unable to recover subordinate transaction id={0},
ARJUNA033017
ERROR
Unable to enlist BridgeXAResource or register BridgeSynchronization
ARJUNA033018
ERROR
Error on prepareVolatile of bridge wrapper {0}
ARJUNA041001
WARN
allHighLevelServices threw exception
ARJUNA041002
WARN
assembling contexts and received exception
ARJUNA041004
java.lang.String
Failed to create doc
ARJUNA041005
WARN
Activity.start caught exception
ARJUNA041006
WARN
currentActivity.end threw:
ARJUNA041007
WARN
Activity.completed caught exception
ARJUNA041008
WARN
Activity.suspended caught:
ARJUNA041009
WARN
Activity.resumed caught exception
ARJUNA041010
java.lang.String
Unknown activity implementation!
ARJUNA041011
java.lang.String
State incompatible to start activity:
ARJUNA041012
java.lang.String
Cannot remove child activity from parent as parent''s status is:
ARJUNA041013
java.lang.String
Activity cannot complete as it has active children:
ARJUNA041014
java.lang.String
Cannot complete activity in status:
ARJUNA041015
java.lang.String
Cannot set completion status on activity as the status is incompatible:
ARJUNA041016
java.lang.String
Cannot change completion status, value is incompatible:
ARJUNA041017
java.lang.String
Cannot enlist null child!
ARJUNA041018
java.lang.String
Cannot enlist child activity with parent as parent''s status is:
ARJUNA041019
java.lang.String
Cannot remove null child!
ARJUNA041020
java.lang.String
The following child activity is unknown to the parent:
ARJUNA041021
WARN
ActivityReaper: could not terminate.
ARJUNA041022
java.lang.String
HLS not found!
ARJUNA042001
ERROR
Unhandled error executing task
ARJUNA042002
java.lang.String
Invalid fault type enumeration: {0}
ARJUNA042003
java.lang.String
setNamespaceContext unsupported
ARJUNA042004
java.lang.String
writeEndDocument unsupported
ARJUNA042005
java.lang.String
close unsupported
ARJUNA042006
java.lang.String
writeComment unsupported
ARJUNA042007
java.lang.String
writeProcessingInstruction unsupported
ARJUNA042008
java.lang.String
writeProcessingInstruction unsupported
ARJUNA042009
java.lang.String
writeEntityRef unsupported
ARJUNA042010
java.lang.String
writeDTD unsupported
ARJUNA042011
java.lang.String
writeStartDocument unsupported
ARJUNA042012
java.lang.String
writeStartDocument unsupported
ARJUNA042013
java.lang.String
writeStartDocument unsupported
ARJUNA042014
java.lang.String
End of stream
ARJUNA042015
java.lang.String
Unexpected child node: {0}
ARJUNA042016
java.lang.String
Unexpected type: {0}
ARJUNA042017
java.lang.String
Unexpected type: {0}
ARJUNA042018
java.lang.String
Unexpected event type
ARJUNA042019
java.lang.String
Unsupported operation
ARJUNA042020
java.lang.String
Unsupported operation
ARJUNA042021
java.lang.String
CData sections not currently supported.
ARJUNA042022
WARN
Service {0} received unexpected fault: {1}
ARJUNA042023
java.lang.String
Unexpected start element: {0}
ARJUNA042024
java.lang.String
Unexpected start element: {0}
ARJUNA042025
java.lang.String
NotUnderstood elements cannot have embedded elements.
ARJUNA042026
java.lang.String
Unexpected element: {0}
ARJUNA042027
java.lang.String
Unexpected body element: {0}
ARJUNA042028
java.lang.String
Did not understand header: {0}
ARJUNA042029
java.lang.String
Encountered unexpected event type: {0}
ARJUNA042030
java.lang.String
Text elements cannot have embedded elements.
ARJUNA042031
java.lang.String
No response from RPC request
ARJUNA042032
java.lang.String
Invalid destination URL
ARJUNA042033
java.lang.String
Unsupported URL type, not HTTP or HTTPS
ARJUNA042034
java.lang.String
Invalid response code returned: {0}
ARJUNA042035
java.lang.String
Unexpected end element: {0}
ARJUNA042036
java.lang.String
Unexpected end of document reached
ARJUNA042037
java.lang.String
Unexpected start element: {0}
ARJUNA042038
java.lang.String
Addressing context is not valid
ARJUNA042039
java.lang.String
Unexpected element name: {0}
ARJUNA042040
java.lang.String
Invalid QName value for attributed QName
ARJUNA042041
java.lang.String
Unexpected element name: {0}
ARJUNA042043
java.lang.String
Unexpected element name: {0}
ARJUNA042044
java.lang.String
Unexpected second element name: {0}
ARJUNA042045
java.lang.String
Invalid QName value for attributed QName
ARJUNA042046
java.lang.String
Unexpected element name: {0}
ARJUNA042047
java.lang.String
Unexpected element name: {0}
ARJUNA042048
java.lang.String
Addressing context does not specify destination.
ARJUNA042049
java.lang.String
Invalid destination specified in addressing context.
ARJUNA042050
java.lang.String
No SOAP client registered for scheme: {0}.
ARJUNA042051
java.lang.String
Invalid replyTo specified in addressing context.
ARJUNA042052
java.lang.String
Unexpected SOAP message type returned.
ARJUNA042053
ERROR
Unhandled SOAP fault {0} during asynchronous execution of service.
ARJUNA042054
java.lang.String
Arjuna context is not valid
ARJUNA042055
java.lang.String
Unexpected element name: {0}
ARJUNA042056
java.lang.String
InstanceIdentifier elements cannot have embedded elements.
ARJUNA042057
java.lang.String
non numerical value: {0}
ARJUNA042058
java.lang.String
Coordination Context is not valid
ARJUNA042059
java.lang.String
Unexpected element name: {0}
ARJUNA042060
java.lang.String
Create Coordination Context Response is not valid
ARJUNA042061
java.lang.String
Unexpected element name: {0}
ARJUNA042062
java.lang.String
Create Coordination Context is not valid
ARJUNA042063
java.lang.String
Unexpected element name: {0}
ARJUNA042064
java.lang.String
Register is not valid
ARJUNA042065
java.lang.String
Unexpected element name: {0}
ARJUNA042066
java.lang.String
Register is not valid
ARJUNA042067
java.lang.String
Unexpected element name: {0}
ARJUNA042071
java.lang.String
Callback execution failed
ARJUNA042072
java.lang.String
Callback was not triggered
ARJUNA042073
java.lang.String
Callback execution failed
ARJUNA042074
java.lang.String
Callback was not triggered
ARJUNA042075
java.lang.String
Invalid create coordination context parameters
ARJUNA042076
java.lang.String
Participant already registered
ARJUNA042077
java.lang.String
Invalid protocol identifier
ARJUNA042078
java.lang.String
Invalid coordination context state
ARJUNA042079
java.lang.String
Unknown activity identifier
ARJUNA042080
java.lang.String
Invalid create coordination context parameters
ARJUNA042081
java.lang.String
Participant already registered for this protocol identifier
ARJUNA042082
java.lang.String
Invalid protocol identifier
ARJUNA042083
java.lang.String
Invalid coordination context state
ARJUNA042084
java.lang.String
Unknown activity identifier
ARJUNA042085
WARN
Failed to create service instance: {0}
ARJUNA042086
ERROR
Empty messageId received by an async endpoint
ARJUNA042087
ERROR
Failure to register protocol {0} and instance {1}
ARJUNA042088
ERROR
Failure to create coordination context of type {0}
ARJUNA043001
java.lang.String
Invalid outcome enumeration: {0}
ARJUNA043002
java.lang.String
PrepareResponse elements cannot have embedded elements.
ARJUNA043003
java.lang.String
ReplayResponse elements cannot have embedded elements.
ARJUNA043004
java.lang.String
Invalid fault type enumeration: {0}
ARJUNA043005
java.lang.String
Invalid vote enumeration: {0}
ARJUNA043006
java.lang.String
State elements cannot have embedded elements.
ARJUNA043007
java.lang.String
Invalid state enumeration: {0}
ARJUNA043008
java.lang.String
Invalid soap fault type
ARJUNA043009
java.lang.String
Invalid fault type enumeration: {0}
ARJUNA043010
java.lang.String
Invalid state enumeration: {0}
ARJUNA043011
java.lang.String
Unknown transaction
ARJUNA043012
java.lang.String
Unknown participant
ARJUNA043013
java.lang.String
Unknown error
ARJUNA043014
java.lang.String
Unknown participant
ARJUNA043015
java.lang.String
Unknown transaction
ARJUNA043016
java.lang.String
Unknown error
ARJUNA043017
INFO
Unexpected exception while sending InvalidStateFault to participant {0}
ARJUNA043018
java.lang.String
GetStatus requested for unknown coordinator completion participant
ARJUNA043020
java.lang.String
Complete called on unknown participant
ARJUNA043021
INFO
Unexpected exception while sending InvalidStateFault to coordinator for participant {0}
ARJUNA043022
java.lang.String
GetStatus requested for unknown coordinator completion participant
ARJUNA043023
WARN
Unexpected exception thrown from aborted:
ARJUNA043024
WARN
Aborted called on unknown coordinator: {0}
ARJUNA043025
WARN
Unexpected exception thrown from committed:
ARJUNA043026
WARN
Committed called on unknown coordinator: {0}
ARJUNA043027
WARN
Unexpected exception thrown from prepared
ARJUNA043028
WARN
Prepared called on unknown coordinator: {0}
ARJUNA043029
WARN
Ignoring prepared called on unidentified coordinator until recovery pass is complete: {0}
ARJUNA043030
WARN
Unexpected exception thrown from readOnly
ARJUNA043031
WARN
ReadOnly called on unknown coordinator: {0}
ARJUNA043032
WARN
Unexpected exception thrown from replay
ARJUNA043033
WARN
Replay called on unknown coordinator: {0}
ARJUNA043034
java.lang.String
Unknown Transaction.
ARJUNA043035
WARN
Unexpected exception thrown from soapFault
ARJUNA043036
WARN
SoapFault called on unknown coordinator: {0}
ARJUNA043038
INFO
Unexpected exception while sending InvalidStateFault to participant {0}
ARJUNA043039
java.lang.String
GetStatus requested for unknown coordinator completion participant
ARJUNA043041
INFO
Unexpected exception while sending InvalidStateFault to coordinator for participant {0}
ARJUNA043042
java.lang.String
GetStatus requested for unknown coordinator completion participant
Unable to instantiate XTS initialisation class {0}
ARJUNA047004
ERROR
Unable to access XTS initialisation class {0}
ARJUNA048001
WARN
Could not find manifest {0}
ARJUNA048002
WARN
Could not find configuration file, URL was: {0}
ARJUNA048003
WARN
className is null
ARJUNA048004
WARN
attempt to load {0} threw ClassNotFound. Wrong classloader?
ARJUNA048005
WARN
class {0} does not implement {1}
ARJUNA048006
WARN
cannot create new instance of {0}
ARJUNA048007
WARN
cannot access {0}
ARJUNA048008
WARN
cannot initialize from string {0}
AT
Code
Level
Return Type
Message
AT027001
WARN
Failure while removing participant information from the object store. '%s'
AT027002
WARN
Failure while synchronizing participant url with RecoveryManager. '%s'
AT027003
WARN
Failed to start the bridge. '%s'
AT027004
WARN
Failed to stop the bridge. '%s'
AT027005
WARN
Failed to enlist inbound bridge to the transaction '%s'
AT027006
WARN
Failed to import transaction. '%s'
AT027007
ERROR
FATAL System Exception '%s'
AT027008
WARN
Exception while verifying/loading id isInStore InboundBridgeOrphanFilter.
AT027009
WARN
Exception while verifying id isInStore InboundBridgeOrphanFilter.
AT027010
WARN
XAException occured while subordinate rollback. '%s'
AT027011
WARN
XAException occured while subordinate commit. '%s'
AT027012
WARN
XAException occured while subordinate vote. '%s'
AT027013
WARN
XAException occured while InboundBridgeRecoveryModule periodicWorkSecondPass. '%s'
AT027014
WARN
XAException occured while InboundBridgeRecoveryModule addBridgesToMapping. '%s'
AT027015
WARN
Exception occured while InboundBridgeRecoveryModule getUidsToRecover. '%s'
AT027016
WARN
Exception occured while Tx Support getIntValue. '%s'
AT027017
DEBUG
Exception occured while Tx Support HttpRequest. '%s'
AT027018
WARN
Exception occured while Tx Support AddLocationHeader. '%s'
AT027019
WARN
Exception occured while InboundBridgeParticipantDeserializer Participant deserialize. '%s'
AT027020
WARN
Exception while recovering participant in Recovery Manager. '%s'
AT027021
WARN
Exception while recovering participant in Recovery Manager. '%s'
AT027022
WARN
Heuristic Exception while recreateParticipantInformation in Recovery Manager. '%s'
AT027023
WARN
Participant Exception while recreateParticipantInformation in Recovery Manager. '%s'
AT027024
WARN
Failure while persisting participant information. '%s'
AT027025
WARN
Participant Exception while participant rollback in ParticipantResource. '%s'
AT027026
WARN
Exception while participant rollback in ParticipantResource. '%s'
AT027027
WARN
Exception while readOnly participant info in ParticipantResource. '%s'
AT027028
WARN
ParticipantException while commitOnePhase in ParticipantResource. '%s'
AT027029
WARN
ParticipantException while prepare in ParticipantResource. '%s'
AT027030
WARN
Exception Before completion failed in VolatileParticipantResource. '%s'
AT027031
WARN
Exception After completion failed in VolatileParticipantResource. '%s'
AT027032
WARN
Exception while getUids in VolatileParticipantResource. '%s'
AT027033
WARN
Exception could not reactivate pending transaction.'%s','%s'
AT027034
WARN
Exception TM JAX-RS application failed to start.'%s'
AT027035
DEBUG
Exception TM JAX-RS application failed to start.
COM
Code
Level
Return Type
Message
COM03000
DEBUG
Reaping a reference failed
COM03100
WARN
Property or feature %s not supported by %s
EJBCLIENT
Code
Level
Return Type
Message
EJBCLIENT-00001
INFO
JBoss EJB Client version %s
EJBCLIENT-00001
java.lang.String
No such EJB: %s
EJBCLIENT-00001
java.lang.String
EJB is not stateful: %s
EJBCLIENT-00001
java.lang.String
No such EJB method %s found on %s
EJBCLIENT-00001
java.lang.String
Session is not active for invocation of method %s on %s
EJBCLIENT-00001
java.lang.String
EJB view is not remote: %s
EJBCLIENT-00001
java.lang.IllegalStateException
Context data under org.jboss.private.data was not of type Set
EJBCLIENT-00001
jakarta.ejb.EJBException
IO channel timed out or closed. Check server endpoint read or write timeout settings
EJBCLIENT000000
java.lang.IllegalArgumentException
Module name cannot be null or empty
EJBCLIENT000001
java.lang.IllegalArgumentException
Bean name cannot be null or empty
EJBCLIENT000002
java.lang.IllegalArgumentException
Bean interface type cannot be null
EJBCLIENT000003
INFO
Incorrect max-allowed-connected-nodes value %s specified for cluster named %s. Defaulting to %s
EJBCLIENT000004
INFO
Incorrect connection timeout value %s specified for cluster named %s. Defaulting to %s
EJBCLIENT000005
INFO
Incorrect connection timeout value %s specified for node %s in cluster named %s. Defaulting to %s
EJBCLIENT000006
INFO
No host/port configured for connection named %s. Skipping connection creation
EJBCLIENT000007
INFO
Incorrect port value %s specified for connection named %s. Skipping connection creation
EJBCLIENT000008
INFO
Incorrect connection timeout value %s specified for connection named %s. Defaulting to %s
EJBCLIENT000009
INFO
Incorrect invocation timeout value %s specified. Defaulting to %s
EJBCLIENT000010
INFO
Incorrect reconnect tasks timeout value %s specified. Defaulting to %s
EJBCLIENT000011
INFO
Discarding result for invocation id %s since no waiting context found
EJBCLIENT000012
INFO
Cannot create a EJB receiver for %s since there was no match for a target destination
EJBCLIENT000015
INFO
Initial module availability report for %s wasn't received during the receiver context association
EJBCLIENT000016
INFO
Channel %s can no longer process messages
EJBCLIENT000017
INFO
Received server version %d and marshalling strategies %s
EJBCLIENT000022
java.lang.IllegalStateException
No EJB client context is available
EJBCLIENT000024
jakarta.ejb.NoSuchEJBException
No EJB receiver available for handling destination "%s"
EJBCLIENT000027
java.lang.IllegalStateException
No EJBReceiver available for node name %s
EJBCLIENT000028
java.lang.IllegalStateException
No EJB receiver contexts available in cluster %s
EJBCLIENT000029
java.lang.IllegalStateException
No cluster context available for cluster named %s
EJBCLIENT000030
java.lang.IllegalStateException
sendRequest() called during wrong phase
EJBCLIENT000031
java.lang.IllegalStateException
No receiver associated with invocation
EJBCLIENT000032
java.lang.IllegalStateException
Cannot retry a request which hasn't previously been completed
EJBCLIENT000033
java.lang.IllegalStateException
getResult() called during wrong phase
EJBCLIENT000034
java.lang.IllegalStateException
discardResult() called during wrong phase
EJBCLIENT000035
javax.naming.NamingException
Not supported
EJBCLIENT000036
javax.naming.NamingException
Read only naming context, operation not supported
EJBCLIENT000037
javax.naming.NamingException
Could not load ejb proxy class %s
EJBCLIENT000038
java.lang.IllegalStateException
Transaction enlistment did not yield a transaction ID
EJBCLIENT000039
java.lang.IllegalStateException
Cannot enlist transaction
EJBCLIENT000041
java.lang.RuntimeException
A session bean does not have a primary key class
EJBCLIENT000042
WARN
Failed to load EJB client configuration file specified in %s system property: %s
EJBCLIENT000043
java.lang.RuntimeException
Error reading EJB client properties file %s
EJBCLIENT000044
java.lang.IllegalStateException
No transaction context available
EJBCLIENT000045
java.lang.IllegalStateException
User transactions not supported by this context
EJBCLIENT000046
jakarta.transaction.NotSupportedException
A transaction is already associated with this thread
EJBCLIENT000047
java.lang.IllegalStateException
A transaction is not associated with this thread
EJBCLIENT000048
java.lang.IllegalStateException
Transaction for this thread is not active
EJBCLIENT000049
java.lang.IllegalStateException
Cannot proceed with invocation since transaction is pinned to node %s which has been excluded from handling invocation for the current invocation context %s
EJBCLIENT000050
java.lang.IllegalStateException
Node of the current transaction %s does not accept %s
EJBCLIENT000051
java.lang.IllegalStateException
Cannot proceed with invocation since the locator %s has an affinity on node %s which has been excluded from current invocation context %s
EJBCLIENT000052
java.lang.RuntimeException
%s for cluster %s is not of type org.jboss.ejb.client.ClusterNodeSelector
EJBCLIENT000053
java.lang.RuntimeException
Could not create the cluster node selector for cluster %s
EJBCLIENT000054
java.lang.IllegalStateException
Cannot specify both a callback handler and a username/password
EJBCLIENT000055
java.lang.RuntimeException
Could not decode base64 encoded password
EJBCLIENT000056
java.lang.IllegalStateException
Cannot specify both a plain text and base64 encoded password
EJBCLIENT000058
java.lang.IllegalArgumentException
Failed to instantiate deployment node selector class "%s"
EJBCLIENT000059
WARN
Could not send a message over remoting channel, to cancel invocation for invocation id %s
EJBCLIENT000060
java.lang.RuntimeException
Failed to create scoped EJB client context
EJBCLIENT000061
WARN
Cannot send a transaction recovery message to the server since the protocol version of EJBReceiver %s doesn't support it
EJBCLIENT000062
javax.naming.CommunicationException
Failed to look up "%s"
EJBCLIENT000063
java.lang.IllegalArgumentException
EJB proxy is already stateful
EJBCLIENT000064
INFO
org.jboss.ejb.client.naming.ejb.ejbURLContextFactory is deprecated; new applications should use org.wildfly.naming.client.WildFlyInitialContextFactory instead
EJBCLIENT000065
javax.naming.CommunicationException
Null session was created for "%s", affinity %s, identifier %s
EJBCLIENT000066
jakarta.ejb.EJBException
Operation interrupted
EJBCLIENT000067
java.lang.IllegalArgumentException
Cannot convert %s to stateful
EJBCLIENT000068
java.lang.IllegalArgumentException
Failed to instantiate callback handler class "%s"
EJBCLIENT000069
INFO
Using legacy jboss-ejb-client.properties security configuration
EJBCLIENT000070
INFO
Using legacy jboss-ejb-client.properties Remoting configuration
EJBCLIENT000071
INFO
Using legacy jboss-ejb-client.properties discovery configuration
EJBCLIENT000072
INFO
Using legacy jboss-ejb-client.properties EJB client configuration
EJBCLIENT000073
java.lang.IllegalStateException
Failed to construct Remoting endpoint
EJBCLIENT000074
java.lang.IllegalStateException
Configured selector "%s" returned null
EJBCLIENT000075
jakarta.ejb.NoSuchEJBException
No transport provider available for URI scheme %2$s for locator %1$s
EJBCLIENT000076
java.lang.IllegalStateException
Configured selector "%s" returned unknown node "%s"
EJBCLIENT000077
java.lang.IllegalArgumentException
EJB receiver "%s" returned a null session ID for EJB "%s"
EJBCLIENT000078
java.lang.IllegalArgumentException
EJB receiver "%s" returned a stateful locator with the wrong view type (expected %s, but actual was %s)
EJBCLIENT000079
jakarta.ejb.NoSuchEJBException
Unable to discover destination for request for EJB %s
EJBCLIENT000080
java.lang.IllegalStateException
Request not sent
EJBCLIENT000081
java.lang.IllegalArgumentException
Failed to instantiate cluster node selector class "%s"
EJBCLIENT000082
jakarta.transaction.SystemException
Cannot outflow the remote transaction "%s" as its timeout elapsed
EJBCLIENT000100
java.lang.IllegalArgumentException
Object '%s' is not a valid proxy object
EJBCLIENT000101
java.lang.IllegalArgumentException
Proxy object '%s' was not generated by %s
EJBCLIENT000102
java.lang.IllegalStateException
No asynchronous operation in progress
EJBCLIENT000200
org.wildfly.client.config.ConfigXMLParseException
Cannot load from a module when jboss-modules is not available
EJBCLIENT000300
java.lang.IllegalArgumentException
No valid no-argument constructor on interceptor %s
EJBCLIENT000301
java.lang.IllegalArgumentException
Constructor is not accessible on interceptor %s
EJBCLIENT000302
java.lang.IllegalStateException
Construction of interceptor %s failed
EJBCLIENT000400
java.util.concurrent.ExecutionException
Remote invocation failed due to an exception
EJBCLIENT000401
java.lang.IllegalStateException
Result was discarded (one-way invocation)
EJBCLIENT000402
java.util.concurrent.CancellationException
Remote invocation request was cancelled
EJBCLIENT000403
java.util.concurrent.TimeoutException
Timed out
EJBCLIENT000408
jakarta.transaction.SystemException
Inflowed transaction is no longer active
EJBCLIENT000409
org.jboss.ejb.client.RequestSendFailedException
No more destinations are available
EJBCLIENT000500
java.io.InvalidObjectException
Protocol error: mismatched method location
EJBCLIENT000501
DEBUG
Protocol error: invalid message ID %02x received
EJBCLIENT000502
java.io.IOException
Protocol error: invalid transaction type %02x received
EJBCLIENT000503
java.io.IOException
Protocol error: unable to inflow remote transaction
EJBCLIENT000504
java.lang.IllegalStateException
Server error: no session was created
EJBCLIENT000505
java.lang.IllegalStateException
No remote transport is present on the current EJB client context
EJBCLIENT000506
jakarta.ejb.EJBException
Server error (invalid view): %s
EJBCLIENT000507
jakarta.transaction.SystemException
Internal server error occurred while processing a transaction
EJBCLIENT000508
ERROR
Failed to execute Runnable %s
EJBCLIENT000509
ERROR
Unexpected exception processing EJB request
EJBCLIENT000510
java.io.IOException
Failed to configure SSL context
EJBCLIENT000511
java.lang.IllegalArgumentException
Cannot automatically convert stateless EJB to stateful with this protocol version
EJBCLIENT000512
jakarta.ejb.EJBException
Server error (remote EJB is not stateful): %s
EJBCLIENT000513
ERROR
Exception occurred when trying to close the transport provider
EJBCLIENT000514
INFO
No URI configured for HTTP connection named %s. Skipping connection creation
EJBCLIENT000515
INFO
HTTP connection was configured with invalid URI: %s .
EJBCLIENT000516
java.io.InvalidClassException
Exception resolving class %s for unmarshalling; it has either been blocklisted or not allowlisted
EJBCLIENT000517
WARN
Exception occurred when writing EJB transaction response to invocation %s over channel %s
EJBCLIENT000518
WARN
Exception occurred when writing EJB transaction recovery response for invocation %s over channel %s
EJBCLIENT000519
WARN
Exception occurred when writing EJB response to invocation %s over channel %s
EJBCLIENT000520
WARN
Exception occurred when writing EJB session open response to invocation %s over channel %s
EJBCLIENT000521
WARN
Exception occurred when writing proceed async response to invocation %s over channel %s
EJBCLIENT000522
WARN
Exception occurred when writing EJB cluster message to channel %s
EJBCLIENT000523
WARN
Exception occurred when writing module availability message, closing channel %s
EJBCLIENT000524
DEBUG
JavaEE to JakartaEE backward compatibility layer have been installed
ELY
Code
Level
Return Type
Message
ELY00000
java.lang.String
Unexpected value for azp (issued for) claim
ELY00001
INFO
WildFly Elytron version %s
ELY00002
java.lang.IllegalArgumentException
Parameter %s is empty
ELY00002
java.lang.IllegalArgumentException
Parameter %s is empty
ELY00002
java.lang.IllegalArgumentException
Parameter %s is empty
ELY00003
java.lang.IllegalStateException
This builder has already been built
ELY00003
java.lang.IllegalStateException
This builder has already been built
ELY00003
java.lang.IllegalStateException
This builder has already been built
ELY00003
java.lang.IllegalStateException
This builder has already been built
ELY00004
java.lang.IllegalArgumentException
Unrecognized algorithm "%s"
ELY00004
java.lang.IllegalArgumentException
Unrecognized algorithm "%s"
ELY00004
java.lang.IllegalArgumentException
Unrecognized algorithm "%s"
ELY00005
java.lang.IllegalStateException
Cannot instantiate self-referential factory
ELY00006
java.lang.IllegalArgumentException
Unexpected trailing garbage in X.500 principal
ELY00007
WARN
Credential destroying failed
ELY00007
WARN
Credential destroying failed
ELY00008
java.lang.IllegalArgumentException
The given credential is not supported here
ELY00009
java.lang.IllegalArgumentException
Invalid name "%s"
ELY00011
java.security.NoSuchAlgorithmException
Unable to create service for '%s.%s'
ELY00012
java.lang.IllegalStateException
Unable to load OIDs database from properties file
ELY01000
java.lang.IllegalStateException
Authentication name was already set on this context
ELY01001
org.wildfly.client.config.ConfigXMLParseException
No module found for identifier "%s"
ELY01002
org.wildfly.client.config.ConfigXMLParseException
Invalid port number "%s" specified for attribute "%s" of element "%s"; expected a numerical value between 1 and 65535 (inclusive)
ELY01003
java.lang.IllegalStateException
No authentication is in progress
ELY01005
java.lang.IllegalArgumentException
Realm map does not contain mapping for default realm '%s'
Changing the session ID has been disabled, ensure session tracking uses cookies only to avoid session fixation.
ELY22500
WARN
Changing the session ID has been disabled, ensure session tracking uses cookies only to avoid session fixation.
ELY23000
org.wildfly.security.http.oidc.OidcException
Unexpected HTTP status code in response from OIDC provider "%d"
ELY23001
org.wildfly.security.http.oidc.OidcException
No entity in response from OIDC provider
ELY23002
org.wildfly.security.http.oidc.OidcException
Unexpected error sending request to OIDC provider
ELY23003
java.lang.IllegalArgumentException
Either provider-url or auth-server-url needs to be configured
ELY23004
INFO
Loaded OpenID provider metadata from '%s'
ELY23005
WARN
Unable to load OpenID provider metadata from %s
ELY23006
java.lang.RuntimeException
Failed to decode request URI
ELY23007
java.lang.RuntimeException
Failed to write to response output stream
ELY23008
java.lang.IllegalArgumentException
Unable to parse token
ELY23009
java.lang.RuntimeException
OIDC client configuration file not found
ELY23010
ERROR
Failed to invoke remote logout
ELY23011
ERROR
Refresh token failure
ELY23012
ERROR
Refresh token failure status: %d %s
ELY23013
ERROR
Failed verification of token: %s
ELY23014
ERROR
Failed to refresh the token with a longer time-to-live than the minimum
ELY23015
java.lang.IllegalArgumentException
No expected issuer given
ELY23016
java.lang.IllegalArgumentException
No client ID given
ELY23017
java.lang.IllegalArgumentException
No expected JWS algorithm given
ELY23018
java.lang.IllegalArgumentException
No JWKS public key or client secret key given
ELY23019
org.wildfly.security.http.oidc.OidcException
Invalid ID token
ELY23020
java.lang.IllegalArgumentException
Invalid token claim value
ELY23021
org.wildfly.security.http.oidc.OidcException
Invalid ID token claims
ELY23022
java.lang.RuntimeException
Must set 'realm' in config
ELY23023
java.lang.RuntimeException
Must set 'resource' or 'client-id'
ELY23024
java.lang.IllegalArgumentException
For bearer auth, you must set the 'realm-public-key' or one of 'auth-server-url' and 'provider-url'
ELY23025
java.lang.RuntimeException
Must set 'auth-server-url' or 'provider-url'
ELY23026
WARN
Client '%s' does not have a secret configured
ELY23027
java.lang.IllegalArgumentException
Unsupported public key
ELY23028
java.lang.IllegalArgumentException
Unable to create signed token
ELY23029
java.lang.RuntimeException
Configuration of jwt credentials is missing or incorrect for client '%s'
ELY23030
java.lang.RuntimeException
Missing parameter '%s' in jwt credentials for client %s
ELY23031
java.lang.IllegalArgumentException
Unable to parse key '%s' with value '%s'
ELY23032
java.lang.RuntimeException
Unable to load key with alias '%s' from keystore
ELY23033
java.lang.RuntimeException
Unable to load private key from keystore
ELY23034
java.lang.RuntimeException
Unable to find keystore file '%s'
ELY23035
java.lang.RuntimeException
Configuration of secret jwt client credentials is missing or incorrect for client '%s'
ELY23036
java.lang.RuntimeException
Invalid value for 'algorithm' in secret jwt client credentials configuration for client '%s'
ELY23037
java.lang.RuntimeException
Unable to determine client credentials provider type for client '%s'
ELY23038
java.lang.RuntimeException
Unable to find client credentials provider '%s'
ELY23039
java.lang.RuntimeException
Unable to load keystore
ELY23040
java.lang.RuntimeException
Unable to load truststore
ELY23041
java.lang.RuntimeException
Unable to find truststore file '%s'
ELY23042
java.lang.String
Unexpected value for at_hash claim
ELY23043
java.lang.IllegalArgumentException
Uknown algorithm: '%s'
ELY23044
WARN
Failed to parse token from cookie
ELY23045
java.lang.IllegalArgumentException
Unable to create redirect response
ELY23046
java.lang.RuntimeException
Unable to set auth server URL
ELY23047
java.lang.RuntimeException
Unable resolve a relative URL
ELY23048
java.lang.RuntimeException
Invalid URI: '%s'
ELY23049
WARN
Invalid 'auth-server-url' or 'provider-url': '%s'
ELY23050
org.wildfly.security.http.oidc.OidcException
Invalid bearer token claims
ELY23051
org.wildfly.security.http.oidc.OidcException
Invalid bearer token
ELY23052
WARN
No trusted certificates in token
ELY23053
WARN
No peer certificates established on the connection
ELY23054
java.lang.String
Unexpected value for typ claim
ELY23055
java.io.IOException
Unable to obtain token: %d
ELY23056
java.io.IOException
No message entity
ELY24000
java.lang.IllegalArgumentException
Unable to parse string JWK
ELY24001
java.lang.IllegalArgumentException
Unsupported key type for JWK: "%s"
ELY24002
java.lang.IllegalArgumentException
Unsupported curve
ELY24003
java.lang.RuntimeException
Unable to create public key from JWK
ELY24004
java.lang.RuntimeException
Unable to generate thumbprint for the certificate
ELY26000
java.lang.RuntimeException
JsonNode ["%s"] is not a object.
ELY40000
java.lang.IllegalArgumentException
Malformed OpenSSH Private Key: %s
ELY40001
java.lang.IllegalArgumentException
Unable to Generate Key: %s
ELY40002
java.lang.IllegalArgumentException
Malformed PEM content when parsing SSH at offset %d
ELYEE
Code
Level
Return Type
Message
ELYEE00001
java.lang.IllegalStateException
No ThreadLocal CallbackHandler available.
ELYEE00002
java.lang.IllegalStateException
Unrecognised context type '%s'.
ELYEE00003
java.lang.IllegalStateException
No registration for '%s'.
ELYTOOL
Code
Level
Return Type
Message
ELYTOOL00000
java.lang.String
Command or alias "%s" not found.
ELYTOOL00000
java.lang.String
Input data not confirmed. Exiting.
ELYTOOL00000
java.lang.String
%s %s
ELYTOOL00000
java.lang.String
Exception encountered executing the command:
ELYTOOL00000
java.lang.String
Printing general help message:
ELYTOOL00000
java.lang.String
Location of credential store storage file
ELYTOOL00000
java.lang.String
"credential-store" command is used to perform various operations on credential store.
ELYTOOL00000
java.lang.String
Implementation properties for credential store type in form of "prop1=value1; ... ;propN=valueN" .%nSupported properties are dependent on credential store type%nKeyStoreCredentialStore (default implementation) supports following additional properties (all are optional):%nkeyStoreType - specifies the key store type to use (defaults to "JCEKS")%nkeyAlias - specifies the secret key alias within the key store to use for encrypt/decrypt of data in external storage (defaults to "cs_key")%nexternal - specifies whether to store data to external storage and encrypted by keyAlias key (defaults to "false")%ncryptoAlg - cryptographic algorithm name to be used to encrypt/decrypt entries at external storage "external" has to be set to "true"
ELYTOOL00000
java.lang.String
Password for credential store
ELYTOOL00000
java.lang.String
Password for KeyStore. Can also be provided by console prompt.
ELYTOOL00000
java.lang.String
Name of an environment variable from which to resolve the KeyStore password.
ELYTOOL00000
java.lang.String
Salt to apply for final masked password of the credential store
ELYTOOL00000
java.lang.String
Iteration count for final masked password of the credential store
ELYTOOL00000
java.lang.String
Password credential value
ELYTOOL00000
java.lang.String
The alias of the existing password entry to encrypt
ELYTOOL00000
java.lang.String
Type of entry in credential store
ELYTOOL00000
java.lang.String
Comma separated list of JCA provider names. Providers will be supplied to the credential store instance.%nEach provider must be installed through java.security file or through service loader from properly packaged jar file on classpath.
ELYTOOL00000
java.lang.String
Provider name containing CredentialStoreSpi implementation.%nProvider must be installed through java.security file or through service loader from properly packaged jar file on classpath.
ELYTOOL00000
java.lang.String
Create credential store (Action)
ELYTOOL00000
java.lang.String
Credential store type
ELYTOOL00000
java.lang.String
Add new alias to the credential store (Action)
ELYTOOL00000
java.lang.String
Remove alias from the credential store (Action)
ELYTOOL00000
java.lang.String
Check if alias exists within the credential store (Action)
ELYTOOL00000
java.lang.String
Display all aliases (Action)
ELYTOOL00000
java.lang.String
Display all types of stored credentials for given alias (Action)
ELYTOOL00000
java.lang.String
Generate private and public key pair and store them as a KeyPairCredential
ELYTOOL00000
java.lang.String
Size (number of bytes) of the keys when generating a KeyPairCredential.
ELYTOOL00000
java.lang.String
Encryption algorithm to be used when generating a KeyPairCredential: RSA, DSA, or EC. Default RSA
ELYTOOL00000
java.lang.String
Prints the public key stored under a KeyPairCredential as Base64 encoded String, in OpenSSH format.
ELYTOOL00000
java.lang.String
Import a KeyPairCredential into the credential store.
ELYTOOL00000
java.lang.String
The location of a file containing a private key.
ELYTOOL00000
java.lang.String
The location of a file containing a public key.
ELYTOOL00000
java.lang.String
The passphrase used to decrypt the private key.
ELYTOOL00000
java.lang.String
A private key specified as a String.
ELYTOOL00000
java.lang.String
A public key specified as a String.
ELYTOOL00000
java.lang.String
Print summary, especially command how to create this credential store
ELYTOOL00000
java.lang.String
Get help with usage of this command (Action)
ELYTOOL00000
java.lang.String
Alias "%s" exists
ELYTOOL00000
java.lang.String
Alias "%s" does not exist
ELYTOOL00000
java.lang.String
Alias "%s" of type "%s" does not exist
ELYTOOL00000
java.lang.String
Alias "%s" has been successfully stored
ELYTOOL00000
java.lang.String
Alias "%s" of type "%s" has been successfully stored
ELYTOOL00000
java.lang.String
Alias "%s" has been successfully removed
ELYTOOL00000
java.lang.String
Alias "%s" of type "%s" has been successfully removed
ELYTOOL00000
java.lang.String
Credential store command summary:%n--------------------------------------%n%s
ELYTOOL00000
java.lang.String
Credential store contains following aliases: %s
ELYTOOL00000
java.lang.String
Credential store contains no aliases
ELYTOOL00000
java.lang.Exception
Action to perform on the credential store is not defined
ELYTOOL00000
java.lang.String
Credential store password:
ELYTOOL00000
java.lang.String
Confirm credential store password:
ELYTOOL00000
java.lang.String
Passphrase to be used to decrypt private key (can be nothing if no passphrase was used to encrypt the key):
ELYTOOL00000
java.lang.String
Confirm passphrase to be used to decrypt private key (can be nothing if no passphrase was used to encrypt the key):
ELYTOOL00000
java.lang.String
Secret to store:
ELYTOOL00000
java.lang.String
Confirm secret to store:
ELYTOOL00000
java.lang.String
The retrieved PasswordCredential does not contain a ClearTextPassword
ELYTOOL00000
java.lang.String
"mask" command is used to get MASK- string encrypted using PBEWithMD5AndDES in PicketBox compatible way.
ELYTOOL00000
java.lang.String
Salt to apply to masked string
ELYTOOL00000
java.lang.String
Iteration count for masked string
ELYTOOL00000
java.lang.String
Secret to be encrypted
ELYTOOL00000
org.apache.commons.cli.MissingArgumentException
Secret not specified.
ELYTOOL00000
java.lang.String
"vault" command is used convert PicketBox Security Vault to credential store using default implementation (KeyStoreCredentialStore) or custom implementation set with the "type" option.
ELYTOOL00000
java.lang.String
Vault keystore URL (defaults to "vault.keystore")
ELYTOOL00000
java.lang.String
Vault keystore password:%n- used to open original vault key store%n- used as password for new converted credential store
ELYTOOL00000
java.lang.String
Vault directory containing encrypted files (defaults to "vault")
ELYTOOL00000
java.lang.String
8 character salt (defaults to "12345678")
ELYTOOL00000
java.lang.String
Iteration count (defaults to "23")
ELYTOOL00000
java.lang.String
Vault key alias within key store (defaults to "vault")
ELYTOOL00000
java.lang.String
Configuration parameters for credential store in form of: "parameter1=value1; ... ;parameterN=valueN"%nSupported parameters are dependent on credential store type%nGenerally supported parameters for default credential store implementation (all are optional):%ncreate - automatically creates credential store file (true/false)%nmodifiable - is the credential modifiable (true/false)%nlocation - file location of credential store%nkeyStoreType - specify the key store type to use
Bulk conversion with options listed in description file. All options have no default value and should be set in the file. (Action)%nAll options are required with the exceptions:%n - "properties" option%n - "type" option (defaults to "KeyStoreCredentialStore")%n - "credential-store-provider" option%n - "other-providers" option%n - "salt" and "iteration" options can be omitted when plain-text password is used%nEach set of options must start with the "keystore" option in the following format:%n keystore:%nkeystore-password:%nenc-dir:%nsalt:%niteration:%nlocation:%nalias:%nproperties:=; ... ;=%ntype:%ncredential-store-provider:%nother-providers:
ELYTOOL00000
java.lang.String
Print summary of conversion
ELYTOOL00000
java.lang.String
Converted credential store type (defaults to "KeyStoreCredentialStore")
ELYTOOL00000
java.lang.String
Location of credential store storage file (defaults to "converted-vault.cr-store" in vault encryption directory)
ELYTOOL00000
java.lang.String
Vault (enc-dir="%s";keystore="%s") converted to credential store "%s"
ELYTOOL00000
java.lang.String
Credential Store has been successfully created
ELYTOOL00000
java.lang.String
Vault password:
ELYTOOL00000
java.lang.String
Mask secret:
ELYTOOL00000
java.lang.String
Confirm mask secret:
ELYTOOL00000
java.lang.String
Print stack trace when error occurs.
ELYTOOL00000
java.lang.String
Exception encountered executing the command. Use option "--debug" for complete exception stack trace.
ELYTOOL00000
java.lang.String
In the message below, option '%s' refers to long option '%s'.
ELYTOOL00000
java.lang.String
'FileSystemRealm' command is used to convert legacy properties files and scripts to an Elytron FileSystemRealm.
ELYTOOL00000
java.lang.String
The relative or absolute path to the users file.
ELYTOOL00000
java.lang.String
The relative or absolute path to the credential store file that contains the secret key.
ELYTOOL00000
java.lang.String
The alias of the secret key stored in the credential store file. Set to key by default
ELYTOOL00000
java.lang.String
Whether or not the credential store should be populated with a Secret Key. Set to true by default.
ELYTOOL00000
java.lang.String
Whether or not the credential store should be dynamically created if it doesn't exist. Set to true by default.
ELYTOOL00000
java.lang.String
The relative or absolute path to the KeyStore file that contains the key pair. Only %napplicable if the filesystem realm has integrity verification enabled.
ELYTOOL00000
java.lang.String
The type of KeyStore to be used. Optional, only applicable if the filesystem %nrealm has integrity verification enabled.
ELYTOOL00000
java.lang.String
The alias of the key pair to be used, within the KeyStore. Set to integrity-key by default, only %napplicable if the filesystem realm has integrity verification enabled.
ELYTOOL00000
java.lang.String
Password for KeyStore. Can also be provided by console prompt. Only applicable if %nthe filesystem realm has integrity verification enabled.
ELYTOOL00000
java.lang.String
Name of an environment variable from which to resolve the KeyStore password. Only %napplicable if the filesystem realm has integrity verification enabled.
ELYTOOL00000
org.apache.commons.cli.MissingArgumentException
Input Realm location not specified.
ELYTOOL00000
org.apache.commons.cli.MissingArgumentException
Input Realm location directory does not exist.
ELYTOOL00000
org.apache.commons.cli.MissingArgumentException
Output Realm location not specified.
ELYTOOL00000
org.apache.commons.cli.MissingArgumentException
Credential Store location not specified.
ELYTOOL00000
java.lang.String
A required parameter is not specified.
ELYTOOL00000
java.lang.String
The hash encoding to be used in the filesystem realm. Set to BASE64 by default.
ELYTOOL00000
java.lang.String
If the original realm has encoded set to true. Set to true by default.
ELYTOOL00000
java.lang.String
The levels to be used in the filesystem realm. Set to 2 by default.
ELYTOOL00000
java.lang.String
The absolute or relative location of the original filesystem realm.
ELYTOOL00000
java.lang.String
The directory where the new filesystem realm resides.
ELYTOOL00000
java.lang.String
The name of the new filesystem-realm.
ELYTOOL00000
java.lang.String
The relative or absolute path to the roles file.
ELYTOOL00000
java.lang.String
The relative or absolute path to the output directory.
ELYTOOL00000
java.lang.String
Name of the filesystem-realm to be configured.
ELYTOOL00000
java.lang.String
Name of the security-domain to be configured.
ELYTOOL00000
java.lang.String
Bulk conversion with options listed in description file. Optional options have default values, required options do not. (Action) %nThe options fileSystemRealmName and securityDomainName are optional. %nThese optional options have default values of: converted-properties-filesystem-realm and converted-properties-security-domain. %nValues are required for the following options: users-file, roles-file, and output-location. %nIf one or more these required values are not set, the corresponding block is skipped. %nEach option must be specified in the following format:
ELYTOOL00000
java.lang.String
Bulk conversion with options listed in description file. Optional options have default values, required options do not. (Action) %nThe options realm-name, hash-encoding, levels, secret-key, create, populate, keystore, type, password, password-env, and key-pair are optional. %nValues are required for the following options: input-location, output-location, and credential-store. %nThe default values of realm-name, hash-encoding, hash-charset, levels, secret-key, create, and populate are encrypted-filesystem-realm, BASE64, UTF-8, 2, key, true, and true respectively. %nIf one or more these required values are not set, the corresponding block is skipped. %nIf keystore is provided, then either password or password-env are required. %nEach option must be specified in the following format:
ELYTOOL00000
java.lang.String
Bulk conversion with options listed in description file. (Action)Optional options have defaults and can be skipped ([type, default_or_NULL]), required options do not (). %nOne of either password or password-env is required. %nBlocks of options must be separated by a blank line; order is not important. Syntax: %ninput-location:%noutput-location:[directory,NULL]%nrealm-name:[name,filesystem-realm-with-integrity]%nkeystore:%ntype:[name,NULL]%npassword:[password,NULL]%npassword-env:[name,NULL]%nkey-pair:[name,integrity-key]%ncredential-store:[file,NULL]%nsecret-key:[name,NULL]%nlevels:[number,2]%nhash-encoding:[name,BASE64]%nhash-charset:[name,UTF-8]%nencoded:[bool,true]
ELYTOOL00000
java.lang.String
'FileSystemRealmEncrypt' command is used to convert non-empty, un-encrypted FileSystemSecurityRealm(s) to encrypted FileSystemSecurityRealm(s) with a SecretKey.
ELYTOOL00000
java.lang.String
Secret Key was not found in the Credential Store at %s, and populate option was not set. Skipping descriptor file block number %d.
ELYTOOL00000
java.lang.String
The directory where the new filesystem realm resides. If not provided, realm will be upgraded in-place (with backup), %nand realm-name option will not be used in file path.
ELYTOOL00000
java.lang.String
The name of the new filesystem-realm. Will be appended to output-location path (if output-location is provided). %nWhen not set, nothing is appended to the path, and `filesystem-realm-with-integrity` is used for the WildFly resource name.%n
ELYTOOL00000
java.lang.String
The relative or absolute path to the KeyStore file that contains the key pair.
ELYTOOL00000
java.lang.String
The type of KeyStore to be used. Optional.
ELYTOOL00000
java.lang.String
The alias of the key pair to be used, within the KeyStore. Set to integrity-key by default.
ELYTOOL00000
java.lang.String
The relative or absolute path to the secret-key-credential-store file. Only %napplicable if the filesystem realm is encrypted.
ELYTOOL00000
java.lang.String
The alias of the secret key stored in the credential store file. Set to key by default, only %napplicable if the filesystem realm is encrypted.
ELYTOOL00000
java.lang.String
The number of levels used in the input filesystem realm. Set to 2 by default.
ELYTOOL00000
java.lang.String
The hash encoding used in the input filesystem realm. Set to BASE64 by default.%nRegardless of setting, the output realm will always be BASE64-encoded.
ELYTOOL00000
java.lang.String
The character set used to convert the password string to a byte array. Defaults to UTF-8.
ELYTOOL00000
java.lang.String
Indicates if the original realm used Base32-encoded identities as file names.%nSet to true by default. Regardless of setting, the output realm will always use Base32-encoding in file names.
ELYTOOL00000
org.apache.commons.cli.MissingOptionException
Both --bulk-convert and at least one other realm configuration option was specified. %nThe bulk-convert option may only be used with --help, --debug, --silent, and --summary options.
ELYTOOL00000
java.lang.String
'FileSystem Realm Integrity' command is used to sign existing, non-empty FileSystem Security Realms with a key pair, for future integrity validation.
ELYTOOL00000
java.lang.String
KeyStore password:
ELYTOOL00000
org.apache.commons.cli.MissingArgumentException
KeyStore path not specified.
ELYTOOL00000
org.apache.commons.cli.MissingArgumentException
KeyStore does not exist.
ELYTOOL00000
java.lang.IllegalArgumentException
Encoded option must be set to 'true' or 'false'.
ELYTOOL00000
java.lang.String
Suppresses all output except errors and prompts.
ELYTOOL00000
java.lang.String
Provides a detailed summary of all operations performed, once the command finishes.
ELYTOOL00000
org.apache.commons.cli.MissingOptionException
No users file specified. Please use either --bulk-convert or specify a users file using --users-file
ELYTOOL00000
org.apache.commons.cli.MissingOptionException
No roles file specified. Please use either --bulk-convert or specify a roles file using --roles-file
ELYTOOL00000
org.apache.commons.cli.MissingOptionException
No output location specified. Please use either --bulk-convert or specify an output location using --output-location
ELYTOOL00000
org.apache.commons.cli.MissingOptionException
Both --bulk-convert and one or more of --users-file, --roles-file, and/or --output-location were specified. Please only use --bulk-convert or all of --users-file, --roles-file, and --output-location.
ELYTOOL00000
org.apache.commons.cli.MissingOptionException
Both --bulk-convert and one or more of --old-realm-name, --new-realm-name, --input-location, --output-location, --credential-store, --secret-key, --keystore, --type, --key-pair, --password and/or --password-env were specified. Please only use --bulk-convert or all of the other others.
ELYTOOL00000
java.lang.String
No value found for %s.
ELYTOOL00000
java.io.FileNotFoundException
Could not find the specified file %s.
ELYTOOL00000
java.lang.String
Could not copy input filesystem realm at %s for in-place upgrade.%nOutput filesystem will be placed at %s
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to %s.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to missing input realm location.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to missing credential store location.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to missing output realm location.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to missing KeyStore path.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to missing KeyStore password.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to invalid KeyStore path.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to failure to load KeyStore.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to failure to load key pair.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to missing private key.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to missing public key.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to missing new filesystem realm name.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to no identities present in filesystem realm.%nKeys for this realm can be added via the management client.
ELYTOOL00000
java.lang.String
Creating encrypted realm for: %s
ELYTOOL00000
java.lang.String
Creating filesystem realm with integrity verification for: %s
ELYTOOL00000
java.lang.String
In-place upgrade for descriptor block %d: filesystem realm backed up at %s%nRealm name will not be used in output realm path.
ELYTOOL00000
java.lang.String
Should file %s be overwritten? (y/n)
ELYTOOL00000
java.lang.String
Some of the parameters below are mutually exclusive actions which are marked with (Action) in the description.
ELYTOOL00000
java.lang.String
Key size (bits).
ELYTOOL00000
java.lang.String
Generate a new SecretKey and store it in the credential store.
ELYTOOL00000
java.lang.String
Export existing SecretKey stored in the credential store.
ELYTOOL00000
java.lang.String
Exported SecretKey for alias %s=%s
ELYTOOL00000
java.lang.String
The encoded Key to import.
ELYTOOL00000
java.lang.String
Import an existing encoded SecretKey to the credential store.
ELYTOOL00000
java.lang.String
SecretKey to import:
ELYTOOL00000
java.lang.String
Encrypt a clear text string using the SecretKey specified by .
ELYTOOL00000
java.lang.String
The clear text to encrypt.
ELYTOOL00000
java.lang.String
Clear text value:
ELYTOOL00000
java.lang.String
Confirm clear text value:
ELYTOOL00000
java.lang.String
Clear text encrypted to token '%s' using alias '%s'.
ELYTOOL00000
java.lang.IllegalArgumentException
Location that has been specified '%s' does not exist and automatic storage creation for the Credential Store is disabled.
ELYTOOL00000
java.lang.String
Credential store contains credentials of types:%s for alias '%s'
ELYTOOL00000
java.lang.String
Invalid "%s" parameter. Default value "%s" will be used.
ELYTOOL00000
java.lang.String
Invalid "%s" parameter. Generated value "%s" will be used.
ELYTOOL00000
java.lang.String
Mask password operation is not allowed in FIPS mode.
ELYTOOL00000
java.lang.String
Found credential store and alias, using pre-existing key
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to failure to load Credential Store.
ELYTOOL00000
java.lang.String
Credential Store at %s does not support SecretKey. Skipping descriptor file block number %d.
ELYTOOL00000
java.lang.String
Exception was thrown while populating Credential Store at %s. Skipping descriptor file block number %d.
ELYTOOL00000
org.apache.commons.cli.MissingOptionException
No Credential Store location or Secret Key Alias specified.
ELYTOOL00006
org.apache.commons.cli.MissingArgumentException
Salt not specified.
ELYTOOL00007
java.lang.IllegalArgumentException
Invalid "%s" value. Must be an integer between %d and %d, inclusive
ELYTOOL00008
java.lang.RuntimeException
Cannot locate admin key with alias "%s" or it is of improper type
ELYTOOL00009
java.lang.RuntimeException
Cannot parse credential store implementation properties from supplied parameter
ELYTOOL00010
java.io.IOException
Cannot parse conversion descriptor file "%s" missing colon at line %s
ELYTOOL00011
java.io.IOException
Unrecognized descriptor attribute at line %s
ELYTOOL00012
java.lang.Exception
Problem converting vault (enc-dir="%s";keystore="%s")
ELYTOOL00013
java.lang.Exception
Invalid option "%s" when performing bulk conversion. Use bulk conversion descriptor file.
ELYTOOL00014
java.lang.IllegalArgumentException
Unknown entry-type "%s"
ELYTOOL00015
java.lang.IllegalArgumentException
Unknown provider "%s"
ELYTOOL00016
org.apache.commons.cli.MissingArgumentException
Option "%s" is not specified.
ELYTOOL00017
java.lang.String
Option "%s" specified more than once. Only the first occurrence will be used.
ELYTOOL00018
org.apache.commons.cli.MissingArgumentException
Option "%s" does not expect any arguments.
ELYTOOL00019
java.lang.IllegalArgumentException
Encryption directory "%s" does not contain "VAULT.dat" file.
ELYTOOL00020
org.apache.commons.cli.MissingArgumentException
Alias was not defined.
ELYTOOL00021
org.apache.commons.cli.MissingArgumentException
Location of the output file was not defined.
ELYTOOL00022
org.apache.commons.cli.MissingArgumentException
Encryption directory was not defined.
ELYTOOL00023
org.apache.commons.cli.MissingArgumentException
Vault password was not defined
ELYTOOL00024
java.io.IOException
Cannot parse conversion descriptor file "%s". No keystore specified.
ELYTOOL00025
java.lang.IllegalArgumentException
Credential store storage file "%s" does not exist.
ELYTOOL00026
java.lang.IllegalArgumentException
Credential store storage file "%s" already exists.
ELYTOOL00027
java.lang.IllegalArgumentException
Wrong masked password format. Expected format is "MASK-;;"
ELYTOOL00028
org.apache.commons.cli.MissingArgumentException
Location parameter is not specified for filebased keystore type '%s'
ELYTOOL00029
java.security.NoSuchAlgorithmException
Key Pair Algorithm: '%s' is not supported.
ELYTOOL00030
java.lang.IllegalArgumentException
Key file '%s' does not exist.
ELYTOOL00031
org.apache.commons.cli.MissingArgumentException
No private key specified for importing.
ELYTOOL00032
org.apache.commons.cli.MissingArgumentException
No public key specified for importing.
ELYTOOL00033
org.apache.commons.cli.MissingArgumentException
No PEM content found
ELYTOOL00034
java.security.InvalidParameterException
Invalid keysize provided: %s
ELYTOOL00035
java.lang.IllegalArgumentException
Only one of '%s' and '%s' can be specified at the same time
HHH
Code
Level
Return Type
Message
HHH000002
WARN
Already session bound on call to bind(); make sure you clean up your sessions
HHH000006
INFO
Autocommit mode: %s
HHH000008
WARN
JTASessionContext being used with JDBC transactions; auto-flush will not operate correctly with getCurrentSession()
HHH000010
INFO
On release of batch it still contained JDBC statements
HHH000021
INFO
Bytecode provider name : %s
HHH000022
WARN
c3p0 properties were encountered, but the %s provider class was not found on the classpath; these properties are going to be ignored.
HHH000023
WARN
I/O reported cached file could not be found : %s : %s
HHH000024
INFO
Cache provider: %s
HHH000027
WARN
Calling joinTransaction() on a non JTA EntityManager
HHH000031
DEBUG
Closing
HHH000032
INFO
Collections fetched (minimize this): %s
HHH000033
INFO
Collections loaded: %s
HHH000034
INFO
Collections recreated: %s
HHH000035
INFO
Collections removed: %s
HHH000036
INFO
Collections updated: %s
HHH000037
INFO
Columns: %s
HHH000038
WARN
Composite-id class does not override equals(): %s
HHH000039
WARN
Composite-id class does not override hashCode(): %s
HHH000040
INFO
Configuration resource: %s
HHH000041
INFO
Configured SessionFactory: %s
HHH000042
INFO
Configuring from file: %s
HHH000043
INFO
Configuring from resource: %s
HHH000044
INFO
Configuring from URL: %s
HHH000045
INFO
Configuring from XML document
HHH000048
INFO
Connections obtained: %s
HHH000050
ERROR
Container is providing a null PersistenceUnitRootUrl: discovery impossible
HHH000051
WARN
Ignoring bag join fetch [%s] due to prior collection join fetch
HHH000053
INFO
Creating subcontext: %s
HHH000059
WARN
Defining %s=true ignored in HEM
HHH000065
WARN
DEPRECATED : use [%s] instead with custom [%s] implementation
HHH000067
INFO
Disallowing insert statement comment for select-identity due to Oracle driver bug
HHH000069
WARN
Duplicate generator name %s
HHH000070
WARN
Duplicate generator table: %s
HHH000071
INFO
Duplicate import: %s -> %s
HHH000072
WARN
Duplicate joins for class: %s
HHH000073
INFO
entity-listener duplication, first event definition will be used: %s
HHH000074
WARN
Found more than one , subsequent ignored
HHH000076
INFO
Entities deleted: %s
HHH000077
INFO
Entities fetched (minimize this): %s
HHH000078
INFO
Entities inserted: %s
HHH000079
INFO
Entities loaded: %s
HHH000080
INFO
Entities updated: %s
HHH000082
WARN
Entity Manager closed by someone else (%s must not be used)
HHH000084
WARN
Entity [%s] is abstract-class/interface explicitly mapped as non-abstract; be sure to supply entity-names
HHH000085
INFO
%s %s found
HHH000086
INFO
%s No %s found
HHH000087
ERROR
Exception in interceptor afterTransactionCompletion()
HHH000088
ERROR
Exception in interceptor beforeTransactionCompletion()
HHH000089
INFO
Sub-resolver threw unexpected exception, continuing to next : %s
HHH000091
ERROR
Expected type: %s, actual value: %s
HHH000092
WARN
An item was expired by the cache while it was locked (increase your cache timeout): %s
HHH000094
INFO
Bound factory to JNDI name: %s
HHH000096
INFO
A factory was renamed from [%s] to [%s] in JNDI
HHH000097
INFO
Unbound factory from JNDI name: %s
HHH000098
INFO
A factory was unbound from name: %s
HHH000099
ERROR
an assertion failure occurred (this may indicate a bug in Hibernate, but is more likely due to unsafe use of the session): %s
HHH000102
INFO
Fetching database metadata
HHH000105
INFO
Flushes: %s
HHH000106
INFO
Forcing container resource cleanup on transaction completion
HHH000107
INFO
Forcing table use for sequence-style generator due to pooled optimizer selection where db does not support pooled sequences
HHH000108
INFO
Foreign keys: %s
HHH000109
INFO
Found mapping document in jar: %s
HHH000113
WARN
GUID identifier generated: %s
HHH000114
INFO
Handling transient entity in delete processing
HHH000116
WARN
Config specified explicit optimizer of [%s], but [%s=%s]; using optimizer [%s] increment default of [%s].
HHH000117
DEBUG
HQL: %s, time: %sms, rows: %s
HHH000118
WARN
HSQLDB supports only READ_UNCOMMITTED isolation
HHH000119
WARN
On EntityLoadContext#clear, hydratingEntities contained [%s] entries
HHH000120
WARN
Ignoring unique constraints specified on table generator [%s]
HHH000122
ERROR
IllegalArgumentException in class: %s, getter method of property: %s
HHH000123
ERROR
IllegalArgumentException in class: %s, setter method of property: %s
HHH000124
WARN
@Immutable used on a non root entity: ignored for %s
HHH000125
WARN
Mapping metadata cache was not completely processed
HHH000126
INFO
Indexes: %s
HHH000127
DEBUG
Could not bind JNDI listener
HHH000130
INFO
Instantiating explicit connection provider: %s
HHH000132
ERROR
Array element type error %s
HHH000133
WARN
Discriminator column has to be defined in the root entity, it will be ignored in subclass: %s
HHH000134
ERROR
Application attempted to edit read only item: %s
HHH000135
ERROR
Invalid JNDI name: %s
HHH000136
WARN
Inapropriate use of @OnDelete on entity, annotation ignored: %s
HHH000137
WARN
Root entity should not hold a PrimaryKeyJoinColum(s), will be ignored: %s
HHH000138
WARN
Mixing inheritance strategy in a entity hierarchy is not allowed, ignoring sub strategy in: %s
HHH000139
WARN
Illegal use of @Table in a subclass of a SINGLE_TABLE hierarchy: %s
HHH000140
INFO
JACC contextID: %s
HHH000141
INFO
java.sql.Types mapped the same code [%s] multiple times; was [%s]; now [%s]
HHH000142
java.lang.String
Bytecode enhancement failed: %s
HHH000143
java.lang.String
Bytecode enhancement failed because no public, protected or package-private default constructor was found for entity: %s. Private constructors don't work with runtime proxies
HHH000144
WARN
%s = false breaks the EJB3 specification
HHH000151
java.lang.String
JDBC rollback failed
HHH000154
INFO
JNDI InitialContext properties:%s
HHH000155
ERROR
JNDI name %s does not handle a session factory reference
HHH000157
INFO
Lazy property fetching available for: %s
HHH000159
WARN
In CollectionLoadContext#endLoadingCollections, localLoadingCollectionKeys contained [%s], but no LoadingCollectionEntry was found in loadContexts
HHH000160
WARN
On CollectionLoadContext#cleanup, localLoadingCollectionKeys contained [%s] entries
HHH000161
INFO
Logging statistics....
HHH000162
DEBUG
*** Logical connection closed ***
HHH000163
DEBUG
Logical connection releasing its physical connection
HHH000173
INFO
Max query time: %sms
HHH000174
WARN
Function template anticipated %s arguments, but %s arguments encountered
HHH000177
ERROR
Error in named query: %s
HHH000178
WARN
Naming exception occurred accessing factory: %s
HHH000179
WARN
Narrowing proxy to %s - this operation breaks ==
HHH000180
WARN
FirstResult/maxResults specified on polymorphic query; applying in memory
HHH000181
WARN
No appropriate connection provider encountered, assuming application will be supplying connections
HHH000182
INFO
No default (no-argument) constructor for class: %s (class must be instantiated by Interceptor)
HHH000183
WARN
no persistent classes found for query class: %s
HHH000184
ERROR
No session factory with JNDI name %s
HHH000187
INFO
Optimistic lock failures: %s
HHH000189
WARN
@OrderBy not allowed for an indexed collection, annotation ignored.
HHH000193
WARN
Overriding %s is dangerous, this might break the EJB3 specification implementation
HHH000194
DEBUG
Package not found or wo package-info.java: %s
HHH000196
ERROR
Error parsing XML (%s) : %s
HHH000197
ERROR
Error parsing XML: %s(%s) %s
HHH000198
ERROR
Warning parsing XML (%s) : %s
HHH000199
WARN
Warning parsing XML: %s(%s) %s
HHH000200
WARN
Persistence provider caller does not implement the EJB3 spec correctly.PersistenceUnitInfo.getNewTempClassLoader() is null.
HHH000201
INFO
Pooled optimizer source reported [%s] as the initial value; use of 1 or greater highly recommended
HHH000202
ERROR
PreparedStatement was already in the batch, [%s].
HHH000203
WARN
processEqualityExpression() : No expression to process
HHH000204
INFO
Processing PersistenceUnitInfo [name: %s]
HHH000205
INFO
Loaded properties from resource hibernate.properties: %s
HHH000206
DEBUG
hibernate.properties not found
HHH000207
WARN
Property %s not found in class but described in (possible typo error)
HHH000209
WARN
proxool properties were encountered, but the %s provider class was not found on the classpath; these properties are going to be ignored.
HHH000210
INFO
Queries executed to database: %s
HHH000213
INFO
Query cache hits: %s
HHH000214
INFO
Query cache misses: %s
HHH000215
INFO
Query cache puts: %s
HHH000218
INFO
RDMSOS2200Dialect version: 1.0
HHH000219
INFO
Reading mappings from cache file: %s
HHH000220
INFO
Reading mappings from file: %s
HHH000221
INFO
Reading mappings from resource: %s
HHH000222
WARN
read-only cache configured for mutable collection [%s]
HHH000223
WARN
Recognized obsolete hibernate namespace %s. Use namespace %s instead. Refer to Hibernate 3.6 Migration Guide
HHH000225
WARN
Property [%s] has been renamed to [%s]; update your properties appropriately
HHH000226
INFO
Required a different provider: %s
HHH000227
INFO
Running hbm2ddl schema export
HHH000228
INFO
Running hbm2ddl schema update
HHH000229
INFO
Running schema validator
HHH000230
INFO
Schema export complete
HHH000231
ERROR
Schema export unsuccessful
HHH000232
INFO
Schema update complete
HHH000233
WARN
Scoping types to session factory %s after already scoped %s
HHH000235
INFO
Searching for mapping documents in jar: %s
HHH000237
INFO
Second level cache hits: %s
HHH000238
INFO
Second level cache misses: %s
HHH000239
INFO
Second level cache puts: %s
HHH000240
INFO
Service properties: %s
HHH000241
INFO
Sessions closed: %s
HHH000242
INFO
Sessions opened: %s
HHH000244
WARN
@Sort not allowed for an indexed collection, annotation ignored.
HHH000245
WARN
Manipulation query [%s] resulted in [%s] split queries
HHH000247
WARN
SQL Error: %s, SQLState: %s
HHH000248
INFO
Starting query cache at region: %s
HHH000249
INFO
Starting service at JNDI name: %s
HHH000250
INFO
Starting update timestamps cache at region: %s
HHH000251
INFO
Start time: %s
HHH000252
INFO
Statements closed: %s
HHH000253
INFO
Statements prepared: %s
HHH000255
INFO
Stopping service
HHH000257
INFO
sub-resolver threw unexpected exception, continuing to next : %s
HHH000258
INFO
Successful transactions: %s
HHH000259
INFO
Synchronization [%s] was already registered
HHH000260
ERROR
Exception calling user Synchronization [%s] : %s
HHH000261
INFO
Table found: %s
HHH000262
INFO
Table not found: %s
HHH000263
INFO
More than one table found: %s
HHH000266
INFO
Transactions: %s
HHH000267
WARN
Transaction started on non-root session
HHH000268
INFO
Transaction strategy: %s
HHH000269
WARN
Type [%s] defined no registration keys; ignoring
HHH000270
DEBUG
Type registration key [%s] overrode previous key : %s
Error while accessing session factory with JNDI name %s
HHH000273
WARN
Error accessing type info result set : %s
HHH000274
WARN
Unable to apply constraints on DDL for %s
HHH000276
WARN
Could not bind Ejb3Configuration to JNDI
HHH000277
WARN
Could not bind factory to JNDI
HHH000278
INFO
Could not bind value '%s' to parameter: %s; %s
HHH000279
ERROR
Unable to build enhancement metamodel for %s
HHH000280
INFO
Could not build SessionFactory using the MBean classpath - will try again using client classpath: %s
HHH000281
WARN
Unable to clean up callable statement
HHH000282
WARN
Unable to clean up prepared statement
HHH000283
WARN
Unable to cleanup temporary id table after use [%s]
HHH000285
INFO
Error closing InitialContext [%s]
HHH000286
ERROR
Error closing input files: %s
HHH000287
WARN
Could not close input stream
HHH000288
WARN
Could not close input stream for %s
HHH000289
INFO
Unable to close iterator
HHH000290
ERROR
Could not close jar: %s
HHH000291
ERROR
Error closing output file: %s
HHH000292
WARN
IOException occurred closing output stream
HHH000294
ERROR
Could not close session
HHH000295
ERROR
Could not close session during rollback
HHH000296
WARN
IOException occurred closing stream
HHH000297
ERROR
Could not close stream on hibernate.properties: %s
HHH000298
java.lang.String
JTA commit failed
HHH000299
ERROR
Could not complete schema update
HHH000300
ERROR
Could not complete schema validation
HHH000301
WARN
Unable to configure SQLExceptionConverter : %s
HHH000302
ERROR
Unable to construct current session context [%s]
HHH000303
WARN
Unable to construct instance of specified SQLExceptionConverter : %s
HHH000304
WARN
Could not copy system properties, system properties will be ignored
HHH000305
WARN
Could not create proxy factory for:%s
HHH000306
ERROR
Error creating schema
HHH000307
WARN
Could not deserialize cache file: %s : %s
HHH000308
WARN
Unable to destroy cache: %s
HHH000309
WARN
Unable to destroy query cache: %s: %s
HHH000310
WARN
Unable to destroy update timestamps cache: %s: %s
HHH000312
java.lang.String
Could not determine transaction status
HHH000313
java.lang.String
Could not determine transaction status after commit
HHH000314
WARN
Unable to evictData temporary id table after use [%s]
HHH000315
ERROR
Exception executing batch [%s], SQL: %s
HHH000316
WARN
Error executing resolver [%s] : %s
HHH000318
INFO
Could not find any META-INF/persistence.xml file in the classpath
HHH000319
ERROR
Could not get database metadata
HHH000320
WARN
Unable to instantiate configured schema name resolver [%s] %s
HHH000321
WARN
Unable to interpret specified optimizer [%s], falling back to noop
HHH000322
WARN
Unable to instantiate specified optimizer [%s], falling back to noop
HHH000325
WARN
Unable to instantiate UUID generation strategy class : %s
HHH000326
WARN
Cannot join transaction: do not override %s
HHH000327
INFO
Error performing load command
HHH000328
WARN
Unable to load/access derby driver class sysinfo to check versions : %s
HHH000329
ERROR
Problem loading properties from hibernate.properties
HHH000330
java.lang.String
Unable to locate config file: %s
HHH000331
WARN
Unable to locate configured schema name resolver class [%s] %s
HHH000332
WARN
Unable to locate MBeanServer on JMX service shutdown
HHH000334
WARN
Unable to locate requested UUID generation strategy class : %s
HHH000335
WARN
Unable to log SQLWarnings : %s
HHH000336
WARN
Could not log warnings
HHH000337
ERROR
Unable to mark for rollback on PersistenceException:
HHH000338
ERROR
Unable to mark for rollback on TransientObjectException:
HHH000339
WARN
Could not obtain connection metadata: %s
HHH000342
WARN
Could not obtain connection to query metadata
HHH000343
ERROR
Could not obtain initial context
HHH000344
ERROR
Could not parse the package-level metadata [%s]
HHH000345
java.lang.String
JDBC commit failed
HHH000346
ERROR
Error during managed flush [%s]
HHH000347
java.lang.String
Unable to query java.sql.DatabaseMetaData
HHH000348
ERROR
Unable to read class: %s
HHH000349
INFO
Could not read column value from result set: %s; %s
HHH000350
java.lang.String
Could not read a hi value - you need to populate the table: %s
HHH000351
ERROR
Could not read or init a hi value
HHH000352
ERROR
Unable to release batch statement...
HHH000353
ERROR
Could not release a cache lock : %s
HHH000354
INFO
Unable to release initial context: %s
HHH000355
WARN
Unable to release created MBeanServer : %s
HHH000356
INFO
Unable to release isolated connection [%s]
HHH000357
WARN
Unable to release type info result set
HHH000358
WARN
Unable to erase previously added bag join fetch
HHH000359
INFO
Could not resolve aggregate function [%s]; using standard definition
HHH000360
INFO
Unable to resolve mapping file [%s]
HHH000361
INFO
Unable to retrieve cache from JNDI [%s]: %s
HHH000362
WARN
Unable to retrieve type info result set : %s
HHH000363
INFO
Unable to rollback connection on exception [%s]
HHH000364
INFO
Unable to rollback isolated transaction on error [%s] : [%s]
HHH000365
java.lang.String
JTA rollback failed
HHH000366
ERROR
Error running schema update
HHH000367
ERROR
Could not set transaction to rollback only
HHH000368
WARN
Exception while stopping service
HHH000369
INFO
Error stopping service [%s]
HHH000370
WARN
Exception switching from method: [%s] to a method using the column index. Reverting to using: [%
HHH000371
ERROR
Could not synchronize database state with session: %s
HHH000372
ERROR
Could not toggle autocommit
HHH000373
ERROR
Unable to transform class: %s
HHH000374
WARN
Could not unbind factory from JNDI
HHH000375
java.lang.String
Could not update hi value in: %s
HHH000376
ERROR
Could not updateQuery hi value in: %s
HHH000377
INFO
Error wrapping result set
HHH000378
WARN
I/O reported error writing cached file : %s: %s
HHH000380
WARN
Unexpected literal token type [%s] passed for numeric processing
HHH000381
WARN
JDBC driver did not return the expected number of row counts
HHH000382
WARN
Unrecognized bytecode provider [%s]; using the default implementation [%s]
HHH000383
WARN
Unknown Ingres major version [%s]; using Ingres 9.2 dialect
HHH000384
WARN
Unknown Oracle major version [%s]
HHH000385
WARN
Unknown Microsoft SQL Server major version [%s] using [%s] dialect
HHH000386
WARN
ResultSet had no statement associated with it, but was not yet registered
HHH000387
DEBUG
ResultSet's statement was not registered
HHH000388
ERROR
Unsuccessful: %s
HHH000390
WARN
Overriding release mode as connection provider does not support 'after_statement'
HHH000391
WARN
Ingres 10 is not yet fully supported; using Ingres 9.3 dialect
HHH000392
WARN
Hibernate does not support SequenceGenerator.initialValue() unless '%s' set
HHH000393
WARN
The %s.%s.%s version of H2 implements temporary table creation such that it commits current transaction; multi-table, bulk hql/jpaql will not work properly
HHH000394
WARN
Oracle 11g is not yet fully supported; using Oracle 10g dialect
HHH000396
INFO
Updating schema
HHH000398
INFO
Explicit segment value for id generator [%s.%s] suggested; using default [%s]
HHH000399
INFO
Using default transaction strategy (direct JDBC transactions)
HHH000400
DEBUG
Using dialect: %s
HHH000404
ERROR
Don't use old DTDs, read the Hibernate 3.x Migration Guide
HHH000406
INFO
Using bytecode reflection optimizer
HHH000409
WARN
Using %s which does not generate IETF RFC 4122 compliant UUID values; consider using %s instead
HHH000410
INFO
Hibernate Validator not found: ignoring
HHH000412
INFO
Hibernate ORM core version %s
HHH000413
WARN
Warnings creating temp table : %s
HHH000414
INFO
Property hibernate.search.autoregister_listeners is set to false. No attempt will be made to register Hibernate Search event listeners.
HHH000416
WARN
Write locks via update not supported for non-versioned entities [%s]
HHH000417
INFO
Writing generated schema to file: %s
HHH000418
INFO
Adding override for %s: %s
HHH000419
WARN
Resolved SqlTypeDescriptor is for a different SQL code. %s has sqlCode=%s; type override %s has sqlCode=%s
HHH000420
DEBUG
Closing un-released batch
HHH000421
DEBUG
Disabling contextual LOB creation as %s is true
HHH000422
DEBUG
Disabling contextual LOB creation as connection was null
HHH000423
DEBUG
Disabling contextual LOB creation as JDBC driver reported JDBC version [%s] less than 4
Could not close session; swallowing exception[%s] as transaction completed
HHH000426
WARN
You should set hibernate.transaction.jta.platform if cache is enabled
HHH000428
INFO
Encountered legacy TransactionManagerLookup specified; convert to newer %s contract specified via %s setting
HHH000429
WARN
Setting entity-identifier value binding where one already existed : %s.
HHH000432
WARN
There were not column names specified for index %s on table %s
HHH000433
INFO
update timestamps cache puts: %s
HHH000434
INFO
update timestamps cache hits: %s
HHH000435
INFO
update timestamps cache misses: %s
HHH000436
WARN
Entity manager factory name (%s) is already registered. If entity manager will be clustered or passivated, specify a unique value for property '%s'
HHH000437
WARN
Attempting to save one or more entities that have a non-nullable association with an unsaved transient entity. The unsaved transient entity must be saved in an operation prior to saving these dependent entities. Unsaved transient entity: (%s) Dependent entities: (%s) Non-nullable association(s): (%s)
HHH000438
INFO
NaturalId cache puts: %s
HHH000439
INFO
NaturalId cache hits: %s
HHH000440
INFO
NaturalId cache misses: %s
HHH000441
INFO
Max NaturalId query time: %sms
HHH000442
INFO
NaturalId queries executed to database: %s
HHH000443
WARN
Dialect [%s] limits the number of elements in an IN predicate to %s entries. However, the given parameter list [%s] contained %s entries, which will likely cause failures to execute the query in the database
HHH000444
WARN
Encountered request for locking however dialect reports that database prefers locking be done in a separate select (follow-on locking); results will be locked after initial query executes
HHH000445
WARN
Alias-specific lock modes requested, which is not currently supported with follow-on locking; all acquired locks will be [%s]
HHH000446
WARN
embed-xml attributes were intended to be used for DOM4J entity mode. Since that entity mode has been removed, embed-xml attributes are no longer supported and should be removed from mappings.
HHH000447
WARN
Explicit use of UPGRADE_SKIPLOCKED in lock() calls is not recommended; use normal UPGRADE locking instead
HHH000448
INFO
'jakarta.persistence.validation.mode' named multiple values : %s
HHH000449
WARN
@Convert annotation applied to Map attribute [%s] did not explicitly specify attributeName using 'key'/'value' as required by spec; attempting to DoTheRightThing
HHH000450
WARN
Encountered request for Service by non-primary service role [%s -> %s]; please update usage
HHH000451
WARN
Transaction afterCompletion called by a background thread; delaying afterCompletion processing until the original thread can handle it. [status=%s]
HHH000452
WARN
Exception while loading a class or resource found during scanning
HHH000453
WARN
Exception while discovering OSGi service implementations : %s
HHH000456
WARN
Named parameters are used for a callable statement, but database metadata indicates named parameters are not supported.
HHH000457
WARN
Joined inheritance hierarchy [%1$s] defined explicit @DiscriminatorColumn. Legacy Hibernate behavior was to ignore the @DiscriminatorColumn. However, as part of issue HHH-6911 we now apply the explicit @DiscriminatorColumn. If you would prefer the legacy behavior, enable the `%2$s` setting (%2$s=true)
HHH000467
DEBUG
Creating pooled optimizer (lo) with [incrementSize=%s; returnClass=%s]
HHH000468
WARN
Unable to interpret type [%s] as an AttributeConverter due to an exception : %s
HHH000469
org.hibernate.HibernateException
The ClassLoaderService can not be reused. This instance was stopped already.
HHH000470
WARN
An unexpected session is defined for a collection, but the collection is not connected to that session. A persistent collection may only be associated with one session at a time. Overwriting session. %s
HHH000471
WARN
Cannot unset session in a collection because an unexpected session is defined. A persistent collection may only be associated with one session at a time. %s
HHH000472
WARN
Hikari properties were encountered, but the Hikari ConnectionProvider was not found on the classpath; these properties are going to be ignored.
HHH000473
INFO
Omitting cached file [%s] as the mapping file is newer
HHH000474
java.lang.String
Ambiguous persistent property methods detected on %s; mark one as @Transient : [%s] and [%s]
HHH000475
INFO
Cannot locate column information using identifier [%s]; ignoring index [%s]
HHH000476
DEBUG
Executing script '%s'
HHH000477
DEBUG
Starting delayed evictData of schema as part of SessionFactory shut-down'
HHH000478
ERROR
Unsuccessful: %s
HHH000479
java.lang.String
Collection [%s] was not processed by flush(). This is likely due to unsafe use of the session (e.g. used in multiple threads concurrently, updates during entity lifecycle hooks).
HHH000480
WARN
A ManagedEntity was associated with a stale PersistenceContext. A ManagedEntity may only be associated with one PersistenceContext at a time; %s
HHH000481
WARN
Encountered Java type [%s] for which we could not locate a JavaType and which does not appear to implement equals and/or hashCode. This can lead to significant performance problems when performing equality/dirty checking involving this Java type. Consider registering a custom JavaType or at least implementing equals/hashCode.
HHH000482
WARN
@org.hibernate.annotations.Cache used on a non-root entity: ignored for [%s]. Please see the Hibernate documentation for proper usage.
HHH000483
WARN
An experimental - and now also deprecated - feature has been enabled (hibernate.create_empty_composites.enabled=true) that instantiates empty composite/embedded objects when all of its attribute values are null. This feature has known issues and should not be used in production. See Hibernate Jira issue HHH-11936 for details.
HHH000484
WARN
Vibur properties were encountered, but the Vibur ConnectionProvider was not found on the classpath; these properties are going to be ignored.
HHH000485
ERROR
Illegally attempted to associate a proxy for entity [%s] with id [%s] with two open sessions.
HHH000486
WARN
Agroal properties were encountered, but the Agroal ConnectionProvider was not found on the classpath; these properties are going to be ignored.
HHH000487
WARN
The query: [%s] attempts to update an immutable entity: %s
HHH000488
java.lang.String
Bytecode enhancement failed for class: %1$s. It might be due to the Java module system preventing Hibernate ORM from defining an enhanced class in the same package as class %1$s. In this case, the class should be opened and exported to Hibernate ORM.
HHH000490
INFO
Using JtaPlatform implementation: [%s]
HHH000491
WARN
'%1$s.%2$s' uses both @NotFound and FetchType.LAZY. @ManyToOne and @OneToOne associations mapped with @NotFound are forced to EAGER fetching.
HHH000492
INFO
Query plan cache hits: %s
HHH000493
INFO
Query plan cache misses: %s
HHH000494
WARN
Attempt to merge an uninitialized collection with queued operations; queued operations will be ignored: %s
HHH000495
WARN
Attaching an uninitialized collection with queued operations to a session: %s
HHH000496
INFO
Detaching an uninitialized collection with queued operations from a session: %s
HHH000497
WARN
The increment size of the [%s] sequence is set to [%d] in the entity mapping while the associated database sequence increment size is [%d]. The database sequence increment size will take precedence to avoid identifier allocation conflicts.
HHH000498
DEBUG
Detaching an uninitialized collection with queued operations from a session due to rollback: %s
HHH000499
WARN
Using @AttributeOverride or @AttributeOverrides in conjunction with entity inheritance is not supported: %s. The overriding definitions are ignored.
HHH000502
WARN
The [%s] property of the [%s] entity was modified, but it won't be updated because the property is immutable.
HHH000503
WARN
A class should not be annotated with both @Inheritance and @MappedSuperclass. @Inheritance will be ignored for: %s.
HHH000504
WARN
Multiple configuration properties defined to create schema. Choose at most one among 'jakarta.persistence.create-database-schemas' or 'hibernate.hbm2ddl.create_namespaces'.
HHH000505
WARN
Ignoring ServiceConfigurationError caught while trying to instantiate service '%s'.
HHH000506
WARN
Detaching an uninitialized collection with enabled filters from a session: %s
HHH000508
org.hibernate.HibernateException
The Javassist based BytecodeProvider has been removed: remove the `hibernate.bytecode.provider` configuration property to switch to the default provider
HHH000509
WARN
Multi-table insert is not available due to missing identity and window function support for: %s
HHH000510
WARN
Association with `fetch="join"`/`@Fetch(FetchMode.JOIN)` and `lazy="true"`/`FetchType.LAZY` found. This will be interpreted as lazy: %s
HHH000511
WARN
The %2$s version for [%s] is no longer supported, hence certain features may not work properly. The minimum supported version is %3$s. Check the community dialects project for available legacy versions.
HHH000512
WARN
The database version version for the Cockroach Dialect could not be determined. The minimum supported version (%s) has been set instead.
HHH000513
DEBUG
Unable to create the ReflectionOptimizer for [%s]
HHH000514
WARN
PostgreSQL JDBC driver classes are inaccessible and thus, certain DDL types like JSONB, JSON, GEOMETRY can not be used.
HHH000515
org.hibernate.HibernateException
Can't retrieve the generated identity value, because the dialect does not support selecting the last generated identity and 'hibernate.jdbc.use_get_generated_keys' was disabled
HHH015001
INFO
Bound Ejb3Configuration to JNDI name: %s
HHH015002
INFO
Ejb3Configuration name: %s
HHH015003
INFO
An Ejb3Configuration was renamed from name: %s
HHH015004
INFO
An Ejb3Configuration was unbound from name: %s
HHH015005
WARN
Exploded jar file does not exist (ignored): %s
HHH015006
WARN
Exploded jar file not a directory (ignored): %s
HHH015007
ERROR
Illegal argument on static metamodel field injection : %s#%s; expected type : %s; encountered type : %s
HHH015008
ERROR
Malformed URL: %s
HHH015009
WARN
Malformed URL: %s
HHH015010
WARN
Unable to find file (ignored): %s
HHH015011
WARN
Unable to locate static metamodel field : %s#%s; this may or may not indicate a problem with the static metamodel
HHH015012
INFO
Using provided datasource
HHH015013
DEBUG
Returning null (as required by JPA spec) rather than throwing EntityNotFoundException, as the entity (type=%s, id=%s) does not exist
HHH015014
WARN
DEPRECATION - attempt to refer to JPA positional parameter [?%1$s] using String name ["%1$s"] rather than int position [%1$s] (generally in Query#setParameter, Query#getParameter or Query#getParameterValue calls). Hibernate previously allowed such usage, but it is considered deprecated.
HHH015015
INFO
Encountered a MappedSuperclass [%s] not used in any entity hierarchy
HHH015016
WARN
Encountered a deprecated jakarta.persistence.spi.PersistenceProvider [%s]; [%s] will be used instead.
HHH015017
WARN
'hibernate.ejb.use_class_enhancer' property is deprecated. Use 'hibernate.enhance.enable[...]' properties instead to enable each individual feature.
HHH015018
WARN
Encountered multiple persistence-unit stanzas defining same name [%s]; persistence-unit names must be unique
HHH025001
org.hibernate.cache.CacheException
Pending-puts cache must not be clustered!
HHH025002
org.hibernate.cache.CacheException
Pending-puts cache must not be transactional!
HHH025003
WARN
Pending-puts cache configuration should be a template.
HHH025004
org.hibernate.cache.CacheException
Pending-puts cache must have expiration.max-idle set
HHH025005
WARN
Property 'hibernate.cache.infinispan.use_synchronization' is deprecated; 2LC with transactional cache must always use synchronizations.
HHH025006
ERROR
Custom cache configuration '%s' was requested for type %s but it was not found!
HHH025007
ERROR
Custom cache configuration '%s' was requested for region %s but it was not found - using configuration by type (%s).
HHH025008
org.hibernate.cache.CacheException
Timestamps cache must not use eviction!
HHH025009
org.hibernate.cache.CacheException
Unable to start region factory
HHH025010
org.hibernate.cache.CacheException
Unable to create default cache manager
HHH025011
org.hibernate.cache.CacheException
Infinispan custom cache command factory not installed (possibly because the classloader where Infinispan lives couldn't find the Hibernate Infinispan cache provider)
HHH025012
WARN
Requesting TRANSACTIONAL cache concurrency strategy but the cache is not configured as transactional.
HHH025013
WARN
Requesting READ_WRITE cache concurrency strategy but the cache was configured as transactional.
HHH025014
WARN
Setting eviction on cache using tombstones can introduce inconsistencies!
HHH025015
ERROR
Failure updating cache in afterCompletion, will retry
HHH025016
ERROR
Failed to end invalidating pending putFromLoad calls for key %s from region %s; the key won't be cached until invalidation expires.
HHH025017
org.hibernate.cache.CacheException
Unable to retrieve CacheManager from JNDI [%s]
HHH025018
WARN
Unable to release initial context
HHH025019
WARN
Use non-transactional query caches for best performance!
HHH025020
ERROR
Unable to broadcast invalidations as a part of the prepare phase. Rolling back.
HHH025021
org.hibernate.cache.CacheException
Could not suspend transaction
HHH025022
org.hibernate.cache.CacheException
Could not resume transaction
HHH025023
org.hibernate.cache.CacheException
Unable to get current transaction
HHH025024
org.hibernate.cache.CacheException
Failed to invalidate pending putFromLoad calls for key %s from region %s
HHH025025
ERROR
Failed to invalidate pending putFromLoad calls for region %s
HHH025026
org.hibernate.cache.CacheException
Property 'hibernate.cache.infinispan.cachemanager' not set
HHH025027
org.hibernate.cache.CacheException
Timestamp cache cannot be configured with invalidation
HHH025028
WARN
Ignoring deprecated property '%s'
HHH025029
WARN
Property '%s' is deprecated, please use '%s' instead
HHH025030
WARN
Transactional caches are not supported. The configuration option will be ignored; please unset.
HHH025031
WARN
Configuration for pending-puts cache '%s' is already defined - another instance of SessionFactory was not closed properly.
HHH025032
WARN
Cache configuration '%s' is present but the use has not been defined through hibernate.cache.infinispan.%s.cfg=%s
HHH025033
WARN
Configuration properties contain record for unqualified region name '%s' but it should contain qualified region name '%s'
HHH025034
WARN
Configuration for unqualified region name '%s' is defined but the cache will use qualified name '%s'
HHH025035
ERROR
Operation #%d scheduled to complete before transaction completion failed
HHH025036
ERROR
Operation #%d scheduled after transaction completion failed (transaction successful? %s)
HHH035001
DEBUG
Using dialect: %s
HHH100001
WARN
JDBC driver did not return the expected number of row counts (%s) - expected %s, but received %s
HHH100501
ERROR
Exception executing batch [%s], SQL: %s
HHH100502
ERROR
Unable to release batch statement...
HHH100503
INFO
On release of batch it still contained JDBC statements
HHH10000001
WARN
Malformed URL: %s
HHH10000002
WARN
File or directory named by URL [%s] could not be found. URL will be ignored
HHH10000003
WARN
File or directory named by URL [%s] did not exist. URL will be ignored
HHH10000004
WARN
Expecting resource named by URL [%s] to be a directory, but it was not. URL will be ignored
HHH10000005
java.lang.String
File [%s] referenced by given URL [%s] does not exist
HHH10001001
INFO
Connection properties: %s
HHH10001002
WARN
Using built-in connection pool (not intended for production use)
HHH10001003
INFO
Autocommit mode: %s
HHH10001004
java.lang.String
No JDBC URL specified by property %s
HHH10001005
INFO
Loaded JDBC driver class: %s
HHH10001006
WARN
No JDBC Driver class was specified by property %s
HHH10001007
INFO
JDBC isolation level: %s
HHH10001008
INFO
Cleaning up connection pool [%s]
HHH10001009
WARN
Problem closing pooled connection
HHH10001010
INFO
No JDBC driver class specified by %s
HHH10001011
INFO
Loaded JDBC drivers: %s
HHH10001012
INFO
Connecting with JDBC URL [%s]
HHH10001115
INFO
Connection pool size: %s (min=%s)
HHH10001284
ERROR
Error closing connection
HHH10001501
INFO
Connection obtained from JdbcConnectionAccess [%s] for (non-JTA) DDL execution was not in auto-commit mode; the Connection 'local transaction' will be committed and the Connection will be set into auto-commit mode.
HHH10005001
WARN
An explicit CDI BeanManager reference [%s] was passed to Hibernate, but CDI is not available on the Hibernate ClassLoader. This is likely going to lead to exceptions later on in bootstrap
HHH10005002
INFO
No explicit CDI BeanManager reference was passed to Hibernate, but CDI is available on the Hibernate ClassLoader.
HHH10005003
INFO
Stopping ManagedBeanRegistry : %s
HHH10005004
INFO
Stopping BeanContainer : %s
HHH10010001
DEBUG
Disabling contextual LOB creation as %s is true
HHH10010002
DEBUG
Disabling contextual LOB creation as connection was null
HHH10010003
DEBUG
Disabling contextual LOB creation as JDBC driver reported JDBC version [%s] less than 4
HHH10010004
DEBUG
Disabling contextual LOB creation as Dialect reported it is not supported
embed-xml attributes were intended to be used for DOM4J entity mode. Since that entity mode has been removed, embed-xml attributes are no longer supported and should be removed from mappings.
HHH90000005
WARN
Defining an entity [%s] with no physical id attribute is no longer supported; please map the identifier to a physical entity attribute
HHH90000007
WARN
Attempted to specify unsupported NamingStrategy via command-line argument [--naming]. NamingStrategy has been removed in favor of the split ImplicitNamingStrategy and PhysicalNamingStrategy; use [--implicit-naming] or [--physical-naming], respectively, instead.
HHH90000008
WARN
Attempted to specify unsupported NamingStrategy via Ant task argument. NamingStrategy has been removed in favor of the split ImplicitNamingStrategy and PhysicalNamingStrategy.
HHH90000009
WARN
The outer-join attribute on has been deprecated. Instead of outer-join="false", use lazy="extra" with
HHH90000010
WARN
The fetch attribute on has been deprecated. Instead of fetch="select", use lazy="extra" with
HHH90000012
WARN
Recognized obsolete hibernate namespace %s. Use namespace %s instead. Support for obsolete DTD/XSD namespaces may be removed at any time.
HHH90000013
WARN
Named ConnectionProvider [%s] has been deprecated in favor of %s; that provider will be used instead. Update your settings
HHH90000014
WARN
Found use of deprecated [%s] sequence-based id generator; use org.hibernate.id.enhanced.SequenceStyleGenerator instead. See Hibernate Domain Model Mapping Guide for details.
HHH90000015
WARN
Found use of deprecated [%s] table-based id generator; use org.hibernate.id.enhanced.TableGenerator instead. See Hibernate Domain Model Mapping Guide for details.
HHH90000018
WARN
Found use of deprecated transaction factory setting [%s]; use the new TransactionCoordinatorBuilder settings [%s] instead
HHH90000021
WARN
Encountered deprecated setting [%s], use [%s] instead
HHH90000026
WARN
%s has been deprecated
HHH90000026
WARN
%s has been deprecated; use %s instead
HHH90000027
WARN
Encountered deprecated setting [%s]; instead %s
HHH90000028
WARN
Support for `` is deprecated [%s : %s]; migrate to orm.xml or mapping.xml, or enable `hibernate.transform_hbm_xml.enabled` for on the fly transformation
HHH90000029
WARN
The [%s] configuration is deprecated and will be removed. Set the value to [%s] to get rid of this warning
HHH90000030
WARN
The [%s] configuration is deprecated and will be removed.
HHH90001001
WARN
Attempt to restart an already started RegionFactory. Use sessionFactory.close() between repeated calls to buildSessionFactory. Using previously created RegionFactory.
HHH90001002
WARN
Attempt to restop an already stopped JCacheRegionFactory.
HHH90001003
WARN
Read-only caching was requested for mutable entity [%s]
HHH90001004
WARN
Read-only caching was requested for mutable natural-id for entity [%s]
HHH90001005
INFO
Cache[%s] Key[%s] A soft-locked cache entry was expired by the underlying cache. If this happens regularly you should consider increasing the cache timeouts and/or capacity limits
HHH90001006
WARN
Missing cache[%1$s] was created on-the-fly. The created cache will use a provider-specific default configuration: make sure you defined one. You can disable this warning by setting '%2$s' to '%3$s'.
HHH90001007
WARN
Using legacy cache name [%2$s] because configuration could not be found for cache [%1$s]. Update your configuration to rename cache [%2$s] to [%1$s].
HHH90001008
WARN
Cache [%1$s] uses the [%2$s] access type, but [%3$s] does not support it natively. Make sure your cache implementation supports JTA transactions.
HHH90003001
ERROR
Error in named query: %s
HHH90003002
INFO
Unable to determine lock mode value : %s -> %s
HHH90003003
INFO
Ignoring unrecognized query hint [%s]
HHH90003004
WARN
firstResult/maxResults specified with collection fetch; applying in memory
HHH90003501
ERROR
Error in named query: %s
HHH90005601
INFO
Envers-generated HBM mapping...%n%s
HHH90005901
WARN
`%s#%s` was mapped with explicit lazy-group (`%s`). Hibernate will ignore the lazy-group - this is generally not a good idea for to-one associations as it would lead to 2 separate SQL selects to initialize the association. This is expected to be improved in future versions of Hibernate
HHH90006001
WARN
Encountered incubating setting [%s]. See javadoc on corresponding `org.hibernate.cfg.AvailableSettings` constant for details.
HSEARCH
Code
Level
Return Type
Message
HSEARCH-00001
java.lang.String
MassIndexer operation
HSEARCH-00001
java.lang.String
Indexing instance of entity '%s' during mass indexing
HSEARCH-00001
java.lang.String
Fetching identifiers of entities to index for entity '%s' during mass indexing
HSEARCH-00001
java.lang.String
Loading and extracting entity data for entity '%s' during mass indexing
This multi-valued field has a 'FLATTENED' structure, which means the structure of objects is not preserved upon indexing, making object projections impossible. Try setting the field structure to 'NESTED' and reindexing all your data.
HSEARCH-00001
java.lang.String
The default backend can be retrieved
HSEARCH-00001
java.lang.String
The default backend cannot be retrieved, because no entity is mapped to that backend
HSEARCH-00001
java.lang.String
Failed to resolve bean from Hibernate Search's internal registry with exception: %1$s
HSEARCH-00001
java.lang.String
Failed to resolve bean from bean manager with exception: %1$s
HSEARCH-00001
java.lang.String
Failed to resolve bean using reflection with exception: %1$s
HSEARCH-00001
java.lang.String
Make sure the field is marked as searchable/sortable/projectable/aggregable/highlightable (whichever is relevant). If it already is, then '%1$s' is not available for fields of this type.
HSEARCH-00001
java.lang.String
Some object field features require a nested structure; try setting the field structure to 'NESTED' and reindexing all your data. If you are trying to use another feature, it probably isn't available for this field.
HSEARCH-00001
java.lang.String
Make sure the field is marked as searchable/sortable/projectable/aggregable/highlightable (whichever is relevant) in all indexes, and that the field has the same type in all indexes.
HSEARCH-00001
java.lang.String
If you are trying to use the 'nested' predicate, set the field structure is to 'NESTED' in all indexes, then reindex all your data.
HSEARCH000017
ERROR
Work discarded, thread was interrupted while waiting for space to schedule: %1$s
HSEARCH000027
INFO
Mass indexing is going to index %d entities.
HSEARCH000028
INFO
Mass indexing complete. Indexed %1$d entities.
HSEARCH000030
INFO
Mass indexing progress: indexed %1$d entities in %2$d ms.
HSEARCH000031
INFO
Mass indexing progress: %3$.2f%%. Mass indexing speed: %1$f documents/second since last message, %2$f documents/second since start.
HSEARCH000034
INFO
Hibernate Search version %1$s
HSEARCH000036
WARN
Unable to guess the transaction status: not starting a JTA transaction.
HSEARCH000039
WARN
Unable to properly close scroll in ScrollableResults.
HSEARCH000041
INFO
Index directory does not exist, creating: '%1$s'
HSEARCH000052
WARN
An index writer operation failed. Resetting the index writer and forcing release of locks. %1$s
HSEARCH000055
WARN
Unable to close the index reader. %1$s
HSEARCH000058
ERROR
%1$s
HSEARCH000062
ERROR
Mass indexing received interrupt signal: aborting.
HSEARCH000075
WARN
Missing value for configuration property '%1$s': using LATEST (currently '%2$s'). %3$s
HSEARCH000114
org.hibernate.search.util.common.SearchException
Resource does not exist in classpath: '%1$s'
HSEARCH000135
org.hibernate.search.util.common.SearchException
No default value bridge implementation for type '%1$s'. Use a custom bridge.
HSEARCH000159
org.hibernate.search.util.common.SearchException
No property annotated with %1$s(markerSet = "%3$s"). There must be exactly one such property in order to map it to geo-point field '%2$s'.
HSEARCH000160
org.hibernate.search.util.common.SearchException
Multiple properties annotated with %1$s(markerSet = "%3$s"). There must be exactly one such property in order to map it to geo-point field '%2$s'.
HSEARCH000177
org.hibernate.search.util.common.SearchException
Unable to define a document identifier for indexed type '%1$s', The property representing the entity identifier is unknown. Define the document identifier explicitly by annotating a property whose values are unique with @DocumentId.
HSEARCH000216
org.hibernate.search.util.common.SearchException
%1$s defines includePaths filters that do not match anything. Non-matching includePaths filters: %2$s. Encountered field paths: %3$s. Check the filters for typos, or remove them if they are not useful.
HSEARCH000221
org.hibernate.search.util.common.SearchException
Infinite embedded recursion involving path '%2$s' on type '%1$s'
HSEARCH000225
WARN
Unable to acquire lock on the index while initializing directory '%s'. Either the directory wasn't properly closed last time it was used due to a critical failure, or another instance of Hibernate Search is using it concurrently (which is not supported). If you experience indexing failures on this index you will need to remove the lock, and might need to rebuild the index.
HSEARCH000226
TRACE
%s: %s
HSEARCH000228
org.hibernate.search.util.common.SearchException
Unable to parse '%1$ss' into a Lucene version: %2$s
HSEARCH000230
DEBUG
Starting executor '%1$s'
HSEARCH000231
DEBUG
Stopping executor '%1$s'
HSEARCH000234
org.hibernate.search.util.common.SearchException
No matching indexed entity types for types: %1$s These types are not indexed entity types, nor is any of their subtypes. Valid indexed entity classes, superclasses and superinterfaces are: %2$s.
HSEARCH000237
org.hibernate.search.util.common.SearchException
Invalid range: at least one bound in range predicates must be non-null.
HSEARCH000242
org.hibernate.search.util.common.SearchException
Invalid type '%1$s': missing constructor. The type must expose a public, no-arguments constructor.
HSEARCH000274
TRACE
Executing Lucene query: %s
HSEARCH000276
org.hibernate.search.util.common.SearchException
No transaction active. Consider increasing the connection time-out.
HSEARCH000284
org.hibernate.search.util.common.SearchException
Unable to open index readers: %1$s
HSEARCH000295
org.hibernate.search.util.common.SearchException
Invalid value for type '$2%s': '$1%s'. %3$s
HSEARCH000297
org.hibernate.search.util.common.SearchException
Unable to convert '%2$s' into type '%1$s': value is too large.
HSEARCH000329
org.hibernate.search.util.common.SearchException
Unable to apply analysis configuration: %1$s
HSEARCH000337
org.hibernate.search.util.common.SearchException
Conflicting usage of @Param annotation for parameter name: '%1$s'. Can't assign both value '%2$s' and '%3$s'
HSEARCH000337
org.hibernate.search.util.common.SearchException
Ambiguous value for parameter '%1$s': this parameter is set to two different values '%2$s' and '%3$s'.
HSEARCH000342
org.hibernate.search.util.common.SearchException
Invalid index field type: both analyzer '%1$s' and normalizer '%2$s' are assigned to this type. Either an analyzer or a normalizer can be assigned, but not both.
HSEARCH000344
WARN
Invalid normalizer implementation: the normalizer for definition '%s' produced %d tokens. Normalizers should never produce more than one token. The tokens have been concatenated by Hibernate Search, but you should fix your normalizer definition.
HSEARCH000345
org.hibernate.search.util.common.SearchException
Invalid index field type: both analyzer '%1$s' and sorts are enabled. Sorts are not supported on analyzed fields. If you need an analyzer simply to transform the text (lowercasing, ...) without splitting it into tokens, use a normalizer instead. If you need an actual analyzer (with tokenization), define two separate fields: one with an analyzer that is not sortable, and one with a normalizer that is sortable.
HSEARCH000353
org.hibernate.search.util.common.SearchException
Unknown analyzer: '%1$s'. Make sure you defined this analyzer.
HSEARCH000501
org.hibernate.search.util.common.SearchException
Invalid value for configuration property '%1$s': '%2$s'. %3$s
HSEARCH000502
org.hibernate.search.util.common.SearchException
Invalid value: expected either an instance of '%1$s' or a String that can be parsed into that type. %2$s
HSEARCH000503
org.hibernate.search.util.common.SearchException
Invalid Boolean value: expected either a Boolean, the String 'true' or the String 'false'. %1$s
HSEARCH000504
org.hibernate.search.util.common.SearchException
Invalid Integer value: expected either a Number or a String that can be parsed into an Integer. %1$s
HSEARCH000505
org.hibernate.search.util.common.SearchException
Invalid Long value: expected either a Number or a String that can be parsed into a Long. %1$s
HSEARCH000506
org.hibernate.search.util.common.SearchException
Invalid multi value: expected either a single value of the correct type, a Collection, or a String, and interpreting as a single value failed with the following exception. %1$s
HSEARCH000514
org.hibernate.search.util.common.SearchException
Invalid index field name '%1$s': field names cannot be null or empty.
HSEARCH000515
org.hibernate.search.util.common.SearchException
Invalid index field name '%1$s': field names cannot contain a dot ('.'). Remove the dot from your field name, or if you are declaring the field in a bridge and want a tree of fields, declare an object field using the objectField() method.
HSEARCH000516
java.lang.IllegalArgumentException
Invalid polygon: the first point '%1$s' should be identical to the last point '%2$s' to properly close the polygon.
HSEARCH000519
java.lang.String
Hibernate Search encountered %3$s failures during %1$s. Only the first %2$s failures are displayed here. See the logs for extra failures.
HSEARCH000520
org.hibernate.search.util.common.SearchException
Hibernate Search encountered failures during %1$s. Failures: %2$s
HSEARCH000521
ERROR
Hibernate Search encountered a failure during %1$s; continuing for now to list all problems, but the process will ultimately be aborted. Context: %2$s Failure:
HSEARCH000522
WARN
Exception while collecting a failure -- this may indicate a bug or a missing test in Hibernate Search. Please report it: https://hibernate.org/community/ Nested exception: %1$s
HSEARCH000525
org.hibernate.search.util.common.SearchException
Invalid call of ifSupported(...) after orElse(...). Use a separate extension() context, or move the orElse(...) call last.
HSEARCH000526
org.hibernate.search.util.common.SearchException
None of the provided extensions can be applied to the current context. Attempted extensions: %1$s. If you want to ignore this, use .extension().ifSupported(...).orElse(ignored -> { }).
HSEARCH000528
org.hibernate.search.util.common.SearchException
Security manager does not allow access to the constructor of type '%1$s': %2$s
No backend with name '%1$s'. Check that at least one entity is configured to target that backend. The following backends can be retrieved by name: %2$s. %3$s
HSEARCH000534
org.hibernate.search.util.common.SearchException
No index manager with name '%1$s'. Check that at least one entity is configured to target that index. The following indexes can be retrieved by name: %2$s.
HSEARCH000540
org.hibernate.search.util.common.SearchException
Unable to instantiate class '%1$s': %2$s
HSEARCH000542
org.hibernate.search.util.common.SearchException
Invalid type '%1$s': this type cannot be assigned to type '%2$s'.
HSEARCH000543
org.hibernate.search.util.common.SearchException
Invalid type '%1$s': this type is an interface. An implementation class is required.
HSEARCH000544
org.hibernate.search.util.common.SearchException
Invalid type '%1$s': missing constructor. The type must expose a public constructor with a single parameter of type Map.
HSEARCH000546
org.hibernate.search.util.common.SearchException
Cyclic recursion starting from '%1$s' on %2$s. Index field path starting from that location and ending with a cycle: '%3$s'. A type cannot declare an unrestricted @IndexedEmbedded to itself, even indirectly. To break the cycle, you should consider adding filters to your @IndexedEmbedded: includePaths, includeDepth, excludePaths, ...
HSEARCH000547
org.hibernate.search.util.common.SearchException
Invalid BeanReference value: expected an instance of '%1$s', BeanReference, String or Class. %2$s
HSEARCH000551
org.hibernate.search.util.common.SearchException
Invalid use of per-field boost: the predicate score is constant. Cannot assign a different boost to each field when the predicate score is constant.
HSEARCH000553
org.hibernate.search.util.common.SearchException
Invalid slop: %1$d. The slop must be positive or zero.
HSEARCH000554
org.hibernate.search.util.common.SearchException
Invalid maximum edit distance: %1$d. The value must be 0, 1 or 2.
HSEARCH000555
org.hibernate.search.util.common.SearchException
Invalid exact prefix length: %1$d. The value must be positive or zero.
HSEARCH000557
org.hibernate.search.util.common.SearchException
Invalid value for type '%1$s': '%2$s'. The expected format is '%3$s'.
HSEARCH000558
org.hibernate.search.util.common.SearchException
Invalid %1$s value: expected either a Number or a String that can be parsed into a %1$s. %2$s
HSEARCH000559
org.hibernate.search.util.common.SearchException
Invalid string for type '%2$s': '%1$s'. %3$s
HSEARCH000560
org.hibernate.search.util.common.SearchException
Invalid value for enum '%2$s': '%1$s'.
HSEARCH000561
org.hibernate.search.util.common.SearchException
Multiple hits when a single hit was expected.
HSEARCH000562
org.hibernate.search.util.common.SearchException
Unable to submit work to '%1$s': thread received interrupt signal. The work has been discarded.
HSEARCH000563
org.hibernate.search.util.common.SearchException
Unable to submit work to '%1$s': this orchestrator is stopped. The work has been discarded.
HSEARCH000564
org.hibernate.search.util.common.SearchException
Invalid geo-point value: '%1$s'. The expected format is ', '.
HSEARCH000565
org.hibernate.search.util.common.SearchException
Unknown aggregation key '%1$s'. This key was not used when building the search query.
Configuration property tracking is disabled; unused properties will not be logged.
HSEARCH000568
WARN
Invalid configuration passed to Hibernate Search: some properties in the given configuration are not used. There might be misspelled property keys in your configuration. Unused properties: %1$s. To disable this warning, set the property '%2$s' to '%3$s'.
HSEARCH000569
ERROR
The background failure handler threw an exception while handling a previous failure. The failure may not have been reported.
HSEARCH000570
org.hibernate.search.util.common.SearchException
Invalid index field template name '%1$s': field template names cannot be null or empty.
HSEARCH000571
org.hibernate.search.util.common.SearchException
Invalid index field template name '%1$s': field template names cannot contain a dot ('.').
HSEARCH000572
org.hibernate.search.util.common.SearchException
Inconsistent index data: a supposedly single-valued field returned multiple values. Values: [%1$s, %2$s].
HSEARCH000573
org.hibernate.search.util.common.SearchException
Invalid configuration passed to Hibernate Search: some properties in the given configuration are obsolete.Configuration properties changed between Hibernate Search 5 and Hibernate Search 6 Check out the reference documentation and upgrade your configuration. Obsolete properties: %1$s.
HSEARCH000575
org.hibernate.search.util.common.SearchException
No default backend. Check that at least one entity is configured to target the default backend. The following backends can be retrieved by name: %1$s.
Ambiguous bean reference to type '%1$s': multiple beans are explicitly defined for this type in Hibernate Search's internal registry. Explicitly defined beans: %2$s.
Unable to resolve bean reference to type '%1$s'. %2$s
HSEARCH000581
org.hibernate.search.util.common.SearchException
Unable to resolve backend type: configuration property '%1$s' is not set, and there isn't any backend in the classpath. Check that you added the desired backend to your project's dependencies.
HSEARCH000582
org.hibernate.search.util.common.SearchException
Ambiguous backend type: configuration property '%1$s' is not set, and multiple backend types are present in the classpath. Set property '%1$s' to one of the following to select the backend type: %2$s
HSEARCH000583
org.hibernate.search.util.common.SearchException
Invalid type for DSL arguments: '%1$s'. Expected '%2$s' or a subtype.
HSEARCH000584
org.hibernate.search.util.common.SearchException
Invalid type for returned values: '%1$s'. Expected '%2$s' or a supertype.
Unable to provide the exact total hit count: only a lower-bound approximation is available. This is generally the result of setting query options such as a timeout or the total hit count threshold. Either unset these options, or retrieve the lower-bound hit count approximation through '.total().hitCountLowerBound()'.
HSEARCH000588
org.hibernate.search.util.common.SearchException
Multiple entity types mapped to index '%1$s': '%2$s', '%3$s'. Each indexed type must be mapped to its own, dedicated index.
Invalid bean reference: '%1$s'. The reference is prefixed with '%2$s', which is not a valid bean retrieval prefix. If you want to reference a bean by name, and the name contains a colon, use 'bean:%1$s'. Otherwise, use a valid bean retrieval prefix among the following: %3$s.
HSEARCH000593
org.hibernate.search.util.common.SearchException
Named predicate name '%1$s' is invalid: field names cannot be null or empty.
HSEARCH000594
org.hibernate.search.util.common.SearchException
Named predicate name '%1$s' is invalid: field names cannot contain a dot ('.'). Remove the dot from your named predicate name.
HSEARCH000596
org.hibernate.search.util.common.SearchException
Different mappings trying to define two backends with the same name '%1$s' but having different expectations on multi-tenancy.
HSEARCH000597
org.hibernate.search.util.common.SearchException
Different mappings trying to define default backends having different expectations on multi-tenancy.
HSEARCH000598
org.hibernate.search.util.common.SearchException
Invalid type: %1$s is not composite.
HSEARCH000599
org.hibernate.search.util.common.SearchException
Invalid type: %1$s is not an object field.
HSEARCH000600
org.hibernate.search.util.common.SearchException
Invalid type: %1$s is not a value field.
HSEARCH000601
org.hibernate.search.util.common.SearchException
Inconsistent configuration for %1$s in a search query across multiple indexes: %2$s
HSEARCH000602
org.hibernate.search.util.common.SearchException
Inconsistent support for '%1$s': %2$s
HSEARCH000603
org.hibernate.search.util.common.SearchException
Attribute '%1$s' differs: '%2$s' vs. '%3$s'.
HSEARCH000604
org.hibernate.search.util.common.SearchException
Cannot use '%2$s' on %1$s: %3$s
HSEARCH000606
org.hibernate.search.util.common.SearchException
'%1$s' can be used in some of the targeted indexes, but not all of them. %2$s
HSEARCH000609
org.hibernate.search.util.common.SearchException
This field is a value field in some indexes, but an object field in other indexes.
HSEARCH000610
org.hibernate.search.util.common.SearchException
Unknown field '%1$s'.
HSEARCH000611
org.hibernate.search.util.common.SearchException
Invalid target fields: fields [%1$s, %3$s] are in different nested documents (%2$s vs. %4$s). All target fields must be in the same document.
HSEARCH000612
org.hibernate.search.util.common.SearchException
Unable to close saved value for key %1$s: %2$s
HSEARCH000613
org.hibernate.search.util.common.SearchException
Unable to access the Search integration: initialization hasn't completed yet.
HSEARCH000614
org.hibernate.search.util.common.SearchException
Cannot project on entity type '%1$s': this type cannot be loaded from an external datasource, and the documents from the index cannot be projected to its Java class '%2$s'. %3$s
HSEARCH000615
org.hibernate.search.util.common.SearchException
Unable to resolve field '%1$s': %2$s
HSEARCH000616
DEBUG
Ignoring ServiceConfigurationError caught while trying to instantiate service '%s'.
HSEARCH000617
org.hibernate.search.util.common.SearchException
Parameter with name '%1$s' was not defined on projection definition '%2$s'.
HSEARCH000618
org.hibernate.search.util.common.SearchException
Invalid type for entity projection on type '%1$s': the entity type's Java class '%2$s' does not extend the requested projection type '%3$s'.
HSEARCH000619
org.hibernate.search.util.common.SearchException
'includePaths' and 'excludePaths' cannot be used together in the same filter. Use either `includePaths` or `excludePaths` leaving the other one empty. Included paths are: '%1$s', excluded paths are: '%2$s'.
Elasticsearch response indicates a timeout (HTTP status 408)
HSEARCH400020
org.hibernate.search.util.common.SearchException
Unable to update mapping for index '%1$s': %2$s
HSEARCH400022
org.hibernate.search.util.common.SearchException
Invalid index status: '%1$s'. Valid statuses are: %2$s.
HSEARCH400024
org.hibernate.search.util.common.SearchException
Index '%1$s' failed to reach status '%2$s' after %3$sms.
HSEARCH400034
org.hibernate.search.util.common.SearchException
Unable to retrieve index metadata from Elasticsearch: %1$s
HSEARCH400035
org.hibernate.search.util.common.SearchException
Unable to update schema for index '%1$s': %2$s
HSEARCH400050
org.hibernate.search.util.common.SearchException
Missing index: index names [%1$s, %2$s] do not point to any index in the Elasticsearch cluster.
HSEARCH400053
TRACE
Executing Elasticsearch query on '%s' with parameters '%s': <%s>
HSEARCH400055
org.hibernate.search.util.common.SearchException
Duplicate tokenizer definitions: '%1$s'. Tokenizer names must be unique.
HSEARCH400056
org.hibernate.search.util.common.SearchException
Duplicate char filter definitions: '%1$s'. Char filter names must be unique.
HSEARCH400057
org.hibernate.search.util.common.SearchException
Duplicate token filter definitions: '%1$s'. Token filter names must be unique.
HSEARCH400067
org.hibernate.search.util.common.SearchException
Unable to update settings for index '%1$s': %2$s
HSEARCH400069
INFO
Closed Elasticsearch index '%1$s' automatically.
HSEARCH400070
INFO
Opened Elasticsearch index '%1$s' automatically.
HSEARCH400073
WARN
Hibernate Search will connect to Elasticsearch with authentication over plain HTTP (not HTTPS). The password will be sent in clear text over the network.
HSEARCH400075
org.hibernate.search.util.common.SearchException
Unable to apply analysis configuration: %1$s
HSEARCH400076
org.hibernate.search.util.common.SearchException
Invalid analyzer definition for name '%1$s'. Analyzer definitions must at least define the tokenizer.
HSEARCH400077
org.hibernate.search.util.common.SearchException
Invalid tokenizer definition for name '%1$s'. Tokenizer definitions must at least define the tokenizer type.
HSEARCH400078
org.hibernate.search.util.common.SearchException
Invalid char filter definition for name '%1$s'. Char filter definitions must at least define the char filter type.
HSEARCH400079
org.hibernate.search.util.common.SearchException
Invalid token filter definition for name '%1$s'. Token filter definitions must at least define the token filter type.
HSEARCH400080
org.hibernate.search.util.common.SearchException
Unable to detect the Elasticsearch version running on the cluster: %s
HSEARCH400081
org.hibernate.search.util.common.SearchException
Incompatible Elasticsearch version running on the cluster: '%s'. Refer to the documentation to know which versions of Elasticsearch are compatible with Hibernate Search.
HSEARCH400082
DEBUG
Executed Elasticsearch HTTP %s request to '%s' with path '%s', query parameters %s and %d objects in payload in %dms. Response had status %d '%s'. Request body: <%s>. Response body: <%s>
HSEARCH400085
WARN
Unknown Elasticsearch version running on the cluster: '%s'. Hibernate Search may not work correctly. Consider updating to a newer version of Hibernate Search, if any.
HSEARCH400089
org.hibernate.search.util.common.SearchException
Unable to parse Elasticsearch response. Status code was '%1$d', status phrase was '%2$s'. Nested exception: %3$s
HSEARCH400090
org.hibernate.search.util.common.SearchException
Elasticsearch response indicates a failure.
HSEARCH400093
TRACE
Executed Elasticsearch HTTP %s request to '%s' with path '%s', query parameters %s and %d objects in payload in %dms. Response had status %d '%s'. Request body: <%s>. Response body: <%s>
HSEARCH400502
org.hibernate.search.util.common.SearchException
Invalid multi-index scope: a scope cannot span both a Elasticsearch index and another type of index. Base scope: '%1$s', incompatible (Elasticsearch) index: '%2$s'.
HSEARCH400503
org.hibernate.search.util.common.SearchException
Invalid multi-index scope: a scope cannot span multiple Elasticsearch backends. Base scope: '%1$s', incompatible index (from another backend): '%2$s'.
HSEARCH400506
org.hibernate.search.util.common.SearchException
Invalid target for Elasticsearch extension: '%1$s'. This extension can only be applied to components created by an Elasticsearch backend.
HSEARCH400508
org.hibernate.search.util.common.SearchException
Invalid search predicate: '%1$s'. You must build the predicate from an Elasticsearch search scope.
HSEARCH400511
org.hibernate.search.util.common.SearchException
Invalid search sort: '%1$s'. You must build the sort from an Elasticsearch search scope.
Invalid tenant identifiers: '%1$s'. No tenant identifier is expected, because multi-tenancy is disabled for this backend.
HSEARCH400517
org.hibernate.search.util.common.SearchException
Missing tenant identifier. A tenant identifier is expected, because multi-tenancy is enabled for this backend.
HSEARCH400518
org.hibernate.search.util.common.SearchException
Invalid requested type for client: '%1$s'. The Elasticsearch low-level client can only be unwrapped to '%2$s'.
HSEARCH400519
org.hibernate.search.util.common.SearchException
Invalid requested type for this backend: '%1$s'. Elasticsearch backends can only be unwrapped to '%2$s'.
HSEARCH400520
org.hibernate.search.util.common.SearchException
Duplicate index field definition: '%1$s'. Index field names must be unique. Look for two property mappings with the same field name, or two indexed-embeddeds with prefixes that lead to conflicting index field names, or two custom bridges declaring index fields with the same name.
HSEARCH400525
org.hibernate.search.util.common.SearchException
Invalid field reference for this document element: this document element has path '%1$s', but the referenced field has a parent with path '%2$s'.
HSEARCH400526
org.hibernate.search.util.common.AssertionFailure
Missing data in the Elasticsearch response.
HSEARCH400529
org.hibernate.search.util.common.SearchException
Multiple conflicting minimumShouldMatch constraints for ceiling '%1$s'
HSEARCH400530
org.hibernate.search.util.common.SearchException
Conflicting index names: Hibernate Search indexes '%1$s' and '%2$s' both target the Elasticsearch index name or alias '%3$s'
HSEARCH400531
org.hibernate.search.util.common.SearchException
Unable to resolve index name '%1$s' to an entity type: %2$s
HSEARCH400532
org.hibernate.search.util.common.SearchException
Unable to convert DSL argument: %1$s
HSEARCH400533
org.hibernate.search.util.common.SearchException
Invalid requested type for this index manager: '%1$s'. Elasticsearch index managers can only be unwrapped to '%2$s'.
HSEARCH400534
org.hibernate.search.util.common.SearchException
Invalid typed analyzer definition for name '%1$s'. Typed analyzer definitions must at least define the analyzer type.
HSEARCH400535
org.hibernate.search.util.common.SearchException
Invalid index field type: both analyzer '%1$s' and normalizer '%2$s' are assigned to this type. Either an analyzer or a normalizer can be assigned, but not both.
HSEARCH400536
org.hibernate.search.util.common.SearchException
Invalid index field type: both analyzer '%1$s' and sorts are enabled. Sorts are not supported on analyzed fields. If you need an analyzer simply to transform the text (lowercasing, ...) without splitting it into tokens, use a normalizer instead. If you need an actual analyzer (with tokenization), define two separate fields: one with an analyzer that is not sortable, and one with a normalizer that is sortable.
HSEARCH400537
org.hibernate.search.util.common.SearchException
Ambiguous value for parameter '%1$s': this parameter is set to two different values '%2$s' and '%3$s'.
HSEARCH400538
org.hibernate.search.util.common.SearchException
Invalid search projection: '%1$s'. You must build the projection from an Elasticsearch search scope.
HSEARCH400544
org.hibernate.search.util.common.SearchException
Unable to shut down the Elasticsearch client: %1$s
HSEARCH400545
org.hibernate.search.util.common.SearchException
No built-in index field type for class: '%1$s'.
HSEARCH400553
org.hibernate.search.util.common.SearchException
Full-text features (analysis, fuzziness) are not supported for fields of this type.
HSEARCH400554
org.hibernate.search.util.common.SearchException
Incomplete field definition. You must call toReference() to complete the field definition.
HSEARCH400555
org.hibernate.search.util.common.SearchException
Multiple calls to toReference() for the same field definition. You must call toReference() exactly once.
HSEARCH400556
org.hibernate.search.util.common.SearchException
Invalid Elasticsearch version: '%1$s'. Expected format is 'x.y.z-qualifier', where 'x', 'y' and 'z' are integers, and 'qualifier' is an string of word characters (alphanumeric or '_'). Incomplete versions are allowed, for example '7.0' or just '7'.
HSEARCH400557
org.hibernate.search.util.common.SearchException
Invalid Elasticsearch version: '%1$s'. Expected format is 'x.y.z-qualifier' or ':x.y.z-qualifier', where '' is one of %2$s (defaults to '%3$s'), 'x', 'y' and 'z' are integers, and 'qualifier' is an string of word characters (alphanumeric or '_'). Incomplete versions are allowed, for example 'elastic:7.0', '7.0' or just '7'.
HSEARCH400558
org.hibernate.search.util.common.SearchException
Invalid Elasticsearch distribution name: '%1$s'. Valid names are: %2$s.
HSEARCH400559
org.hibernate.search.util.common.SearchException
Unexpected Elasticsearch version running on the cluster: '%2$s'. Hibernate Search was configured for Elasticsearch '%1$s'.
HSEARCH400560
org.hibernate.search.util.common.SearchException
Cannot skip analysis on field '%1$s': the Elasticsearch backend will always normalize arguments before attempting matches on normalized fields.
HSEARCH400561
org.hibernate.search.util.common.SearchException
Ambiguous Elasticsearch version: '%s'. This version matches multiple dialects. Please use a more precise version to remove the ambiguity.
HSEARCH400562
org.hibernate.search.util.common.SearchException
Invalid index field type: both null token '%2$s' ('indexNullAs') and analyzer '%1$s' are assigned to this type. 'indexNullAs' is not supported on analyzed fields.
HSEARCH400563
org.hibernate.search.util.common.SearchException
Multiple values assigned to field '%1$s': this field is single-valued. Declare the field as multi-valued in order to allow this.
HSEARCH400564
org.hibernate.search.util.common.SearchException
Invalid use of explain(Object id) on a query targeting multiple types. Use explain(String typeName, Object id) and pass one of %1$s as the type name.
HSEARCH400565
org.hibernate.search.util.common.SearchException
Invalid mapped type name: '%2$s'. This type is not among the mapped types targeted by this query: %1$s.
HSEARCH400566
org.hibernate.search.util.common.SearchException
Invalid document identifier: '%2$s'. No such document in index '%1$s'.
HSEARCH400567
org.hibernate.search.util.common.SearchException
Invalid index field type: missing decimal scale. Define the decimal scale explicitly. %1$s
HSEARCH400569
org.hibernate.search.util.common.SearchException
Unable to encode value '%1$s': this field type only supports values ranging from '%2$s' to '%3$s'. If you want to encode values that are outside this range, change the decimal scale for this field. Do not forget to reindex all your data after changing the decimal scale.
HSEARCH400570
org.hibernate.search.util.common.SearchException
Invalid index field type: decimal scale '%1$s' is positive. The decimal scale of BigInteger fields must be zero or negative.
HSEARCH400572
org.hibernate.search.util.common.SearchException
Invalid search predicate: '%1$s'. You must build the predicate from a scope targeting indexes %3$s, but the given predicate was built from a scope targeting indexes %2$s.
HSEARCH400573
org.hibernate.search.util.common.SearchException
Invalid search sort: '%1$s'. You must build the sort from a scope targeting indexes %3$s, but the given sort was built from a scope targeting indexes %2$s.
HSEARCH400574
org.hibernate.search.util.common.SearchException
Invalid search projection: '%1$s'. You must build the projection from a scope targeting indexes %3$s, but the given projection was built from a scope targeting indexes %2$s.
HSEARCH400576
org.hibernate.search.util.common.SearchException
Invalid index field type: both analyzer '%1$s' and aggregations are enabled. Aggregations are not supported on analyzed fields. If you need an analyzer simply to transform the text (lowercasing, ...) without splitting it into tokens, use a normalizer instead. If you need an actual analyzer (with tokenization), define two separate fields: one with an analyzer that is not aggregable, and one with a normalizer that is aggregable.
HSEARCH400580
org.hibernate.search.util.common.SearchException
Invalid range: '%1$s'. Elasticsearch range aggregations only accept ranges in the canonical form: (-Infinity, ) or [, ) or [, +Infinity). Call Range.canonical(...) to be sure to create such a range.
HSEARCH400581
org.hibernate.search.util.common.SearchException
Invalid search aggregation: '%1$s'. You must build the aggregation from an Elasticsearch search scope.
HSEARCH400582
org.hibernate.search.util.common.SearchException
Invalid search aggregation: '%1$s'. You must build the aggregation from a scope targeting indexes %3$s, but the given aggregation was built from a scope targeting indexes %2$s.
HSEARCH400585
org.hibernate.search.util.common.SearchException
Duplicate aggregation definitions for key: '%1$s'
HSEARCH400587
org.hibernate.search.util.common.SearchException
Invalid index field type: search analyzer '%1$s' is assigned to this type, but the indexing analyzer is missing. Assign an indexing analyzer and a search analyzer, or remove the search analyzer.
HSEARCH400588
org.hibernate.search.util.common.SearchException
Call to the bulk REST API failed: %1$s
HSEARCH400589
org.hibernate.search.util.common.SearchException
Invalid host/port: '%1$s'. The host/port string must use the format 'host:port', for example 'mycompany.com:9200' The URI scheme ('http://', 'https://') must not be included.
Request execution exceeded the timeout of %1$s. Request was %2$s
HSEARCH400591
org.hibernate.search.util.common.SearchException
Invalid name for the type-name mapping strategy: '%1$s'. Valid names are: %2$s.
HSEARCH400592
org.hibernate.search.util.common.SearchException
Missing field '%1$s' for one of the search hits. The document was probably indexed with a different configuration: full reindexing is necessary.
HSEARCH400593
org.hibernate.search.util.common.SearchException
Invalid Elasticsearch index layout: index names [%1$s, %2$s] resolve to multiple distinct indexes %3$s. These names must resolve to a single index.
HSEARCH400594
org.hibernate.search.util.common.SearchException
Invalid Elasticsearch index layout: primary (non-alias) name for existing Elasticsearch index '%1$s' does not match the expected pattern '%2$s'.
HSEARCH400595
org.hibernate.search.util.common.SearchException
Invalid Elasticsearch index layout: unique key '%1$s' extracted from the index name does not match any of %2$s.
HSEARCH400596
org.hibernate.search.util.common.SearchException
Invalid Elasticsearch index layout: the write alias and read alias are set to the same value: '%1$s'. The write alias and read alias must be different.
HSEARCH400597
org.hibernate.search.util.common.SearchException
Missing or imprecise Elasticsearch version: when configuration property '%1$s' is set to 'false', the version is mandatory and must be at least as precise as 'x.y', where 'x' and 'y' are integers.
HSEARCH400598
org.hibernate.search.util.common.SearchException
The lifecycle strategy cannot be set at the index level anymore. Set the schema management strategy via the property 'hibernate.search.schema_management.strategy' instead.
HSEARCH400600
org.hibernate.search.util.common.SearchException
Invalid sort mode: %1$s. This sort mode is not supported for fields in nested documents.
HSEARCH400601
org.hibernate.search.util.common.SearchException
Invalid sort mode: %1$s. This sort mode is not supported for String fields. Only MIN and MAX are supported.
HSEARCH400602
org.hibernate.search.util.common.SearchException
Invalid sort mode: %1$s. This sort mode is not supported for temporal fields. Only MIN, MAX, AVG and MEDIAN are supported.
HSEARCH400603
org.hibernate.search.util.common.SearchException
Invalid sort mode: %1$s. This sort mode is not supported for a distance sort. Only MIN, MAX, AVG and MEDIAN are supported.
HSEARCH400604
org.hibernate.search.util.common.SearchException
Invalid sort filter: field '%1$s' is not contained in a nested object. Sort filters are only available if the field to sort on is contained in a nested object.
HSEARCH400605
org.hibernate.search.util.common.SearchException
Invalid search predicate: %1$s. This predicate targets fields %3$s, but only fields that are contained in the nested object with path '%2$s' are allowed here.
HSEARCH400606
org.hibernate.search.util.common.SearchException
Invalid aggregation filter: field '%1$s' is not contained in a nested object. Aggregation filters are only available if the field to aggregate on is contained in a nested object.
HSEARCH400607
org.hibernate.search.util.common.SearchException
Duplicate index field template definition: '%1$s'. Multiple bridges may be trying to access the same index field template, or two indexed-embeddeds may have prefixes that lead to conflicting field names, or you may have declared multiple conflicting mappings. In any case, there is something wrong with your mapping and you should fix it.
HSEARCH400608
org.hibernate.search.util.common.SearchException
Invalid value type. This field's values are of type '%1$s', which is not assignable from '%2$s'.
HSEARCH400609
org.hibernate.search.util.common.SearchException
Unknown field '%1$s'.
HSEARCH400613
org.hibernate.search.util.common.SearchException
Invalid cardinality for projection on field '%1$s': the projection is single-valued, but this field is multi-valued. Make sure to call '.multi()' when you create the projection.
Invalid target hosts configuration: both the 'uris' property and the 'protocol' property are set. Uris: '%1$s'. Protocol: '%2$s'. Either set the protocol and hosts simultaneously using the 'uris' property, or set them separately using the 'protocol' property and the 'hosts' property.
HSEARCH400627
org.hibernate.search.util.common.SearchException
Invalid target hosts configuration: both the 'uris' property and the 'hosts' property are set. Uris: '%1$s'. Hosts: '%2$s'. Either set the protocol and hosts simultaneously using the 'uris' property, or set them separately using the 'protocol' property and the 'hosts' property.
HSEARCH400628
org.hibernate.search.util.common.SearchException
Invalid target hosts configuration: the 'uris' use different protocols (http, https). All URIs must use the same protocol. Uris: '%1$s'.
HSEARCH400629
org.hibernate.search.util.common.SearchException
Invalid target hosts configuration: the list of hosts must not be empty.
HSEARCH400630
org.hibernate.search.util.common.SearchException
Invalid target hosts configuration: the list of URIs must not be empty.
HSEARCH400631
org.hibernate.search.util.common.SearchException
Unable to find the given custom index settings file: '%1$s'.
HSEARCH400632
org.hibernate.search.util.common.SearchException
Error on loading the given custom index settings file '%1$s': %2$s
HSEARCH400633
org.hibernate.search.util.common.SearchException
There are some JSON syntax errors on the given custom index settings file '%1$s': %2$s
HSEARCH400634
org.hibernate.search.util.common.SearchException
Invalid use of 'missing().first()' for an ascending distance sort. Elasticsearch always assumes missing values have a distance of '+Infinity', and this behavior cannot be customized.
HSEARCH400635
org.hibernate.search.util.common.SearchException
Invalid use of 'missing().last()' for a descending distance sort. Elasticsearch always assumes missing values have a distance of '+Infinity', and this behavior cannot be customized.
HSEARCH400636
org.hibernate.search.util.common.SearchException
Invalid use of 'missing().use(...)' for a distance sort. Elasticsearch always assumes missing values have a distance of '+Infinity', and this behavior cannot be customized.
HSEARCH400637
org.hibernate.search.util.common.SearchException
The index schema named predicate '%1$s' was added twice.
HSEARCH400638
org.hibernate.search.util.common.SearchException
Predicate definition differs: '%1$s' vs. '%2$s'.
HSEARCH400640
WARN
A search query fetching all hits was requested, but only '%2$s' hits were retrieved because the maximum result window size forces a limit of '%1$s' hits. Refer to Elasticsearch's 'max_result_window_size' setting for more information.
HSEARCH400641
org.hibernate.search.util.common.SearchException
Incompatible Elasticsearch version: version '%2$s' does not match version '%1$s' that was provided when the backend was created. You can provide a more precise version on startup, but you cannot override the version that was provided when the backend was created.
HSEARCH400648
org.hibernate.search.util.common.SearchException
Invalid backend configuration: mapping requires multi-tenancy but no multi-tenancy strategy is set.
HSEARCH400649
org.hibernate.search.util.common.SearchException
Invalid backend configuration: mapping requires single-tenancy but multi-tenancy strategy is set.
HSEARCH400650
org.hibernate.search.util.common.SearchException
Param with name '%1$s' has not been defined for the named predicate '%2$s'.
HSEARCH400651
org.hibernate.search.util.common.SearchException
Unable to find the given custom index mapping file: '%1$s'.
HSEARCH400652
org.hibernate.search.util.common.SearchException
Error on loading the given custom index mapping file '%1$s': %2$s
HSEARCH400653
org.hibernate.search.util.common.SearchException
There are some JSON syntax errors on the given custom index mapping file '%1$s': %2$s
HSEARCH400654
org.hibernate.search.util.common.SearchException
Invalid context for projection on field '%1$s': the surrounding projection is executed for each object in field '%2$s', which is not a parent of field '%1$s'. Check the structure of your projections.
HSEARCH400655
org.hibernate.search.util.common.SearchException
Invalid cardinality for projection on field '%1$s': the projection is single-valued, but this field is effectively multi-valued in this context, because parent object field '%2$s' is multi-valued. Either call '.multi()' when you create the projection on field '%1$s', or wrap that projection in an object projection like this: 'f.object("%2$s").from().as(...).multi()'.
HSEARCH400656
org.hibernate.search.util.common.SearchException
Unexpected mapped type name extracted from hits: '%1$s'. Expected one of: %2$s. The document was probably indexed with a different configuration: full reindexing is necessary.
HSEARCH400657
org.hibernate.search.util.common.SearchException
Unable to export the schema for '%1$s' index: %2$s
HSEARCH400658
org.hibernate.search.util.common.SearchException
Invalid use of 'missing().lowest()' for an ascending distance sort. Elasticsearch always assumes missing values have a distance of '+Infinity', and this behavior cannot be customized.
HSEARCH400659
org.hibernate.search.util.common.SearchException
Invalid use of 'missing().lowest()' for a descending distance sort. Elasticsearch always assumes missing values have a distance of '+Infinity', and this behavior cannot be customized.
HSEARCH400660
org.hibernate.search.util.common.SearchException
Invalid highlighter: '%1$s'. You must build the highlighter from an Elasticsearch search scope.
HSEARCH400661
org.hibernate.search.util.common.SearchException
Invalid highlighter: '%1$s'. You must build the highlighter from a scope targeting indexes %3$s, but the given highlighter was built from a scope targeting indexes %2$s.
HSEARCH400662
WARN
No fields were added to be highlighted, but some query level highlighters were provided. These highlighters will be ignored.
HSEARCH400663
org.hibernate.search.util.common.SearchException
Cannot find a highlighter with name '%1$s'. Available highlighters are: %2$s. Was it configured with `highlighter("%1$s", highlighterContributor)`?
HSEARCH400664
org.hibernate.search.util.common.SearchException
Named highlighters cannot use a blank string as name.
HSEARCH400665
org.hibernate.search.util.common.SearchException
Highlighter with name '%1$s' is already defined. Use a different name to add another highlighter.
HSEARCH400666
org.hibernate.search.util.common.SearchException
'%1$s' highlighter type cannot be applied to '%2$s' field. '%2$s' must have either 'ANY' or '%1$s' among the configured highlightable values.
HSEARCH400667
org.hibernate.search.util.common.SearchException
Cannot use 'NO' in combination with other highlightable values. Applied values are: '%1$s'
HSEARCH400668
org.hibernate.search.util.common.SearchException
The '%1$s' term vector storage strategy is not compatible with the fast vector highlighter. Either change the strategy to one of `WITH_POSITIONS_PAYLOADS`/`WITH_POSITIONS_OFFSETS_PAYLOADS` or remove the requirement for the fast vector highlighter support.
HSEARCH400669
org.hibernate.search.util.common.SearchException
Setting the `highlightable` attribute to an empty array is not supported. Set the value to `NO` if the field does not require the highlight projection.
HSEARCH400670
org.hibernate.search.util.common.SearchException
Highlight projection cannot be applied within nested context of '%1$s'.
HSEARCH400671
org.hibernate.search.util.common.SearchException
The highlight projection cannot be applied to a field from an object using `ObjectStructure.NESTED` structure.
HSEARCH400672
org.hibernate.search.util.common.SearchException
'%1$s' cannot be nested in an object projection. %2$s
HSEARCH600001
org.hibernate.search.util.common.SearchException
Path '%1$s' exists but does not point to a writable directory.
HSEARCH600005
org.hibernate.search.util.common.SearchException
Invalid target for Lucene extension: '%1$s'. This extension can only be applied to components created by a Lucene backend.
HSEARCH600010
org.hibernate.search.util.common.SearchException
Invalid search predicate: '%1$s'. You must build the predicate from a Lucene search scope.
HSEARCH600014
org.hibernate.search.util.common.SearchException
Invalid search sort: '%1$s'. You must build the sort from a Lucene search scope.
HSEARCH600015
org.hibernate.search.util.common.SearchException
Unable to initialize index directory: %1$s
HSEARCH600016
org.hibernate.search.util.common.SearchException
Unable to index entity of type '%2$s' with identifier '%3$s' and tenant identifier '%1$s': %4$s
HSEARCH600017
org.hibernate.search.util.common.SearchException
Unable to delete entity of type '%2$s' with identifier '%3$s' and tenant identifier '%1$s': %4$s
HSEARCH600019
org.hibernate.search.util.common.SearchException
Unable to commit: %1$s
HSEARCH600024
org.hibernate.search.util.common.SearchException
Invalid multi-index scope: a scope cannot span both a Lucene index and another type of index. Base scope: '%1$s', incompatible (Lucene) index: '%2$s'.
HSEARCH600025
org.hibernate.search.util.common.SearchException
Invalid multi-index scope: a scope cannot span multiple Lucene backends. Base scope: '%1$s', incompatible index (from another backend): '%2$s'.
Invalid tenant identifiers: '%1$s'. No tenant identifier is expected, because multi-tenancy is disabled for this backend.
HSEARCH600032
org.hibernate.search.util.common.SearchException
Missing tenant identifier. A tenant identifier is expected, because multi-tenancy is enabled for this backend.
HSEARCH600033
org.hibernate.search.util.common.SearchException
Invalid requested type for this backend: '%1$s'. Lucene backends can only be unwrapped to '%2$s'.
HSEARCH600034
org.hibernate.search.util.common.SearchException
Duplicate index field definition: '%1$s'. Index field names must be unique. Look for two property mappings with the same field name, or two indexed-embeddeds with prefixes that lead to conflicting index field names, or two custom bridges declaring index fields with the same name.
HSEARCH600039
org.hibernate.search.util.common.SearchException
Invalid field reference for this document element: this document element has path '%1$s', but the referenced field has a parent with path '%2$s'.
HSEARCH600044
org.hibernate.search.util.common.SearchException
Computed minimum for minimumShouldMatch constraint is out of bounds: expected a number between '1' and '%1$s', got '%2$s'.
HSEARCH600045
org.hibernate.search.util.common.SearchException
Multiple conflicting minimumShouldMatch constraints for ceiling '%1$s'
HSEARCH600049
org.hibernate.search.util.common.SearchException
Invalid field path; expected path '%1$s', got '%2$s'.
HSEARCH600050
org.hibernate.search.util.common.SearchException
Unable to convert DSL argument: %1$s
HSEARCH600051
org.hibernate.search.util.common.SearchException
Invalid requested type for this index manager: '%1$s'. Lucene index managers can only be unwrapped to '%2$s'.
HSEARCH600052
org.hibernate.search.util.common.SearchException
Unable to create analyzer for name '%1$s': %2$s
HSEARCH600053
org.hibernate.search.util.common.SearchException
Unable to create normalizer for name '%1$s': %2$s
HSEARCH600054
org.hibernate.search.util.common.SearchException
Unknown normalizer: '%1$s'. Make sure you defined this normalizer.
HSEARCH600055
org.hibernate.search.util.common.SearchException
Invalid search projection: '%1$s'. You must build the projection from a Lucene search scope.
HSEARCH600061
org.hibernate.search.util.common.SearchException
Unable to shut down index: %1$s
HSEARCH600062
org.hibernate.search.util.common.SearchException
No built-in index field type for class: '%1$s'.
HSEARCH600067
org.hibernate.search.util.common.SearchException
Unable to delete all entries matching query '%1$s': %2$s
HSEARCH600070
org.hibernate.search.util.common.SearchException
Full-text features (analysis, fuzziness) are not supported for fields of this type.
HSEARCH600071
org.hibernate.search.util.common.SearchException
Incomplete field definition. You must call toReference() to complete the field definition.
HSEARCH600072
org.hibernate.search.util.common.SearchException
Multiple calls to toReference() for the same field definition. You must call toReference() exactly once.
HSEARCH600073
org.hibernate.search.util.common.SearchException
Invalid index field type: both null token '%2$s' ('indexNullAs') and analyzer '%1$s' are assigned to this type. 'indexNullAs' is not supported on analyzed fields.
HSEARCH600074
org.hibernate.search.util.common.SearchException
Multiple values assigned to field '%1$s': this field is single-valued. Declare the field as multi-valued in order to allow this.
HSEARCH600075
org.hibernate.search.util.common.SearchException
Invalid use of explain(Object id) on a query targeting multiple types. Use explain(String typeName, Object id) and pass one of %1$s as the type name.
HSEARCH600076
org.hibernate.search.util.common.SearchException
Invalid mapped type name: '%2$s'. This type is not among the mapped types targeted by this query: %1$s.
HSEARCH600077
org.hibernate.search.util.common.SearchException
Invalid document identifier: '%2$s'. No such document for type '%1$s'.
HSEARCH600078
org.hibernate.search.util.common.SearchException
Unable to merge index segments: %1$s
HSEARCH600079
org.hibernate.search.util.common.SearchException
Unable to close the index writer after write failures: %1$s
HSEARCH600080
org.hibernate.search.util.common.SearchException
Invalid index field type: missing decimal scale. Define the decimal scale explicitly. %1$s
HSEARCH600081
org.hibernate.search.util.common.SearchException
Unable to encode value '%1$s': this field type only supports values ranging from '%2$s' to '%3$s'. If you want to encode values that are outside this range, change the decimal scale for this field. Do not forget to reindex all your data after changing the decimal scale.
HSEARCH600082
org.hibernate.search.util.common.SearchException
Invalid index field type: decimal scale '%1$s' is positive. The decimal scale of BigInteger fields must be zero or negative.
HSEARCH600084
org.hibernate.search.util.common.SearchException
Invalid search predicate: '%1$s'. You must build the predicate from a scope targeting indexes %3$s, but the given predicate was built from a scope targeting indexes %2$s.
HSEARCH600085
org.hibernate.search.util.common.SearchException
Invalid search sort: '%1$s'. You must build the sort from a scope targeting indexes %3$s, but the given sort was built from a scope targeting indexes %2$s.
HSEARCH600086
org.hibernate.search.util.common.SearchException
Invalid search projection: '%1$s'. You must build the projection from a scope targeting indexes %3$s, but the given projection was built from a scope targeting indexes %2$s.
Incorrect sharding strategy implementation: strategy '%1$s' did not declare any shard identifiers during initialization. Declare shard identifiers using context.shardIdentifiers(...) or, if sharding is disabled, call context.disableSharding().
HSEARCH600090
org.hibernate.search.util.common.SearchException
When using sharding strategy '%1$s', this configuration property must be set.
Invalid index field type: both analyzer '%1$s' and aggregations are enabled. Aggregations are not supported on analyzed fields. If you need an analyzer simply to transform the text (lowercasing, ...) without splitting it into tokens, use a normalizer instead. If you need an actual analyzer (with tokenization), define two separate fields: one with an analyzer that is not aggregable, and one with a normalizer that is aggregable.
HSEARCH600098
org.hibernate.search.util.common.SearchException
Invalid search aggregation: '%1$s'. You must build the aggregation from a Lucene search scope.
HSEARCH600099
org.hibernate.search.util.common.SearchException
Invalid search aggregation: '%1$s'. You must build the aggregation from a scope targeting indexes %3$s, but the given aggregation was built from a scope targeting indexes %2$s.
HSEARCH600102
org.hibernate.search.util.common.SearchException
Duplicate aggregation definitions for key: '%1$s'
HSEARCH600104
org.hibernate.search.util.common.SearchException
Invalid index field type: search analyzer '%1$s' is assigned to this type, but the indexing analyzer is missing. Assign an indexing analyzer and a search analyzer, or remove the search analyzer.
Invalid sort mode: %1$s. This sort mode is not supported for fields in nested documents.
HSEARCH600115
org.hibernate.search.util.common.SearchException
Invalid sort mode: %1$s. This sort mode is not supported for String fields. Only MIN and MAX are supported.
HSEARCH600116
org.hibernate.search.util.common.SearchException
Invalid sort mode: %1$s. This sort mode is not supported for temporal fields. Only MIN, MAX, AVG and MEDIAN are supported.
HSEARCH600117
org.hibernate.search.util.common.SearchException
Invalid sort mode: %1$s. This sort mode is not supported for a distance sort. Only MIN, MAX, AVG and MEDIAN are supported.
HSEARCH600118
org.hibernate.search.util.common.SearchException
A failure occurred during a low-level write operation and the index writer had to be reset. Some write operations may have been lost as a result. Failure: %1$s
HSEARCH600120
org.hibernate.search.util.common.SearchException
Invalid sort filter: field '%1$s' is not contained in a nested object. Sort filters are only available if the field to sort on is contained in a nested object.
HSEARCH600121
org.hibernate.search.util.common.SearchException
Invalid search predicate: %1$s. This predicate targets fields %3$s, but only fields that are contained in the nested object with path '%2$s' are allowed here.
HSEARCH600122
org.hibernate.search.util.common.SearchException
Invalid aggregation filter: field '%1$s' is not contained in a nested object. Aggregation filters are only available if the field to aggregate on is contained in a nested object.
HSEARCH600123
org.hibernate.search.util.common.SearchException
Invalid value for IndexWriter setting '%1$s': '%2$s'. %3$s
HSEARCH600124
org.hibernate.search.util.common.SearchException
Invalid value for merge policy setting '%1$s': '%2$s'. %3$s
HSEARCH600125
org.hibernate.search.util.common.SearchException
Duplicate index field template definition: '%1$s'. Multiple bridges may be trying to access the same index field template, or two indexed-embeddeds may have prefixes that lead to conflicting field names, or you may have declared multiple conflicting mappings. In any case, there is something wrong with your mapping and you should fix it.
HSEARCH600126
org.hibernate.search.util.common.SearchException
Invalid value type. This field's values are of type '%1$s', which is not assignable from '%2$s'.
HSEARCH600127
org.hibernate.search.util.common.SearchException
Unknown field '%1$s'.
HSEARCH600131
org.hibernate.search.util.common.SearchException
Invalid cardinality for projection on field '%1$s': the projection is single-valued, but this field is multi-valued. Make sure to call '.multi()' when you create the projection.
HSEARCH600135
org.hibernate.search.util.common.SearchException
Implementation class differs: '%1$s' vs. '%2$s'.
HSEARCH600136
org.hibernate.search.util.common.SearchException
Field codec differs: '%1$s' vs. '%2$s'.
HSEARCH600138
WARN
Using deprecated filesystem access strategy '%1$s', which will be removed in a future version of Lucene. %2$s
HSEARCH600141
org.hibernate.search.util.common.SearchException
Unable to compute size of index: %1$s
HSEARCH600142
org.hibernate.search.util.common.SearchException
Unable to create instance of analysis component '%1$s': %2$s
HSEARCH600143
org.hibernate.search.util.common.SearchException
The index schema named predicate '%1$s' was added twice.
HSEARCH600144
org.hibernate.search.util.common.SearchException
Predicate definition differs: '%1$s' vs. '%2$s'.
HSEARCH600146
org.hibernate.search.util.common.SearchException
Unable to apply query caching configuration: %1$s
HSEARCH600148
org.hibernate.search.util.common.SearchException
Invalid backend configuration: mapping requires multi-tenancy but no multi-tenancy strategy is set.
HSEARCH600149
org.hibernate.search.util.common.SearchException
Invalid backend configuration: mapping requires single-tenancy but multi-tenancy strategy is set.
HSEARCH600150
org.hibernate.search.util.common.SearchException
Param with name '%1$s' has not been defined for the named predicate '%2$s'.
HSEARCH600151
java.io.IOException
Offset + limit should be lower than Integer.MAX_VALUE, offset: '%1$s', limit: '%2$s'.
HSEARCH600152
org.hibernate.search.util.common.SearchException
Invalid context for projection on field '%1$s': the surrounding projection is executed for each object in field '%2$s', which is not a parent of field '%1$s'. Check the structure of your projections.
HSEARCH600153
org.hibernate.search.util.common.SearchException
Invalid cardinality for projection on field '%1$s': the projection is single-valued, but this field is effectively multi-valued in this context, because parent object field '%2$s' is multi-valued. Either call '.multi()' when you create the projection on field '%1$s', or wrap that projection in an object projection like this: 'f.object("%2$s").from().as(...).multi()'.
HSEARCH600154
org.hibernate.search.util.common.SearchException
Unable to start index: %1$s
HSEARCH600155
org.hibernate.search.util.common.SearchException
Unexpected mapped type name extracted from hits: '%1$s'. Expected one of: %2$s. The document was probably indexed with a different configuration: full reindexing is necessary.
HSEARCH600156
org.hibernate.search.util.common.SearchException
Nonblocking operation submitter is not supported.
HSEARCH600157
org.hibernate.search.util.common.SearchException
Unable to export the schema for '%1$s' index: %2$s
HSEARCH600158
org.hibernate.search.util.common.SearchException
Invalid highlighter: '%1$s'. You must build the highlighter from a Lucene search scope.
HSEARCH600159
org.hibernate.search.util.common.SearchException
Invalid highlighter: '%1$s'. You must build the highlighter from a scope targeting indexes %3$s, but the given highlighter was built from a scope targeting indexes %2$s.
HSEARCH600160
org.hibernate.search.util.common.SearchException
Overriding a '%2$s' highlighter with a '%1$s' is not supported. Overriding highlighters should be of the same type as the global is if the global highlighter was configured.
HSEARCH600161
org.hibernate.search.util.common.SearchException
Cannot find a highlighter with name '%1$s'. Available highlighters are: %2$s. Was it configured with `highlighter("%1$s", highlighterContributor)`?
HSEARCH600162
org.hibernate.search.util.common.SearchException
'%1$s' highlighter does not support '%2$s' boundary scanner type.
HSEARCH600163
org.hibernate.search.util.common.SearchException
Named highlighters cannot use a blank string as name.
HSEARCH600164
org.hibernate.search.util.common.SearchException
Highlighter with name '%1$s' is already defined. Use a different name to add another highlighter.
HSEARCH600165
org.hibernate.search.util.common.SearchException
'%1$s' highlighter type cannot be applied to '%2$s' field. '%2$s' must have either 'ANY' or '%1$s' among the configured highlightable values.
HSEARCH600166
org.hibernate.search.util.common.SearchException
Cannot use 'NO' in combination with other highlightable values. Applied values are: '%1$s'
HSEARCH600167
org.hibernate.search.util.common.SearchException
The '%1$s' term vector storage strategy is not compatible with the fast vector highlighter. Either change the strategy to one of `WITH_POSITIONS_PAYLOADS`/`WITH_POSITIONS_OFFSETS_PAYLOADS` or remove the requirement for the fast vector highlighter support.
HSEARCH600168
org.hibernate.search.util.common.SearchException
Setting the `highlightable` attribute to an empty array is not supported. Set the value to `NO` if the field does not require the highlight projection.
HSEARCH600169
WARN
Lucene's unified highlighter cannot limit the size of a fragment returned when no match is found. Instead if no match size was set to any positive integer - all text will be returned. Configured value '%1$s' will be ignored, and the fragment will not be limited. If you don't want to see this warning set the value to Integer.MAX_VALUE.
HSEARCH600170
org.hibernate.search.util.common.SearchException
Lucene's unified highlighter does not support the size fragment setting. Either use a plain or fast vector highlighters, or do not set this setting.
HSEARCH600171
org.hibernate.search.util.common.SearchException
Highlight projection cannot be applied within nested context of '%1$s'.
HSEARCH600172
org.hibernate.search.util.common.SearchException
The highlight projection cannot be applied to a field from an object using `ObjectStructure.NESTED` structure.
HSEARCH600173
org.hibernate.search.util.common.SearchException
'%1$s' cannot be nested in an object projection. %2$s
No default identifier bridge implementation for type '%1$s'. Implement a custom bridge and assign it to the identifier property with @DocumentId(identifierBridge = ...). See the reference documentation for more information about bridges.
HSEARCH700003
org.hibernate.search.util.common.SearchException
Empty binder reference.
HSEARCH700005
org.hibernate.search.util.common.SearchException
Ambiguous value bridge reference: both 'valueBridge' and 'valueBinder' are set. Only one can be set.
HSEARCH700006
org.hibernate.search.util.common.SearchException
Ambiguous identifier bridge reference: both 'identifierBridge' and 'identifierBinder' are set. Only one can be set.
HSEARCH700007
org.hibernate.search.util.common.SearchException
Empty scope. If you want to target all indexes, pass 'Object.class' as the target type.
HSEARCH700010
org.hibernate.search.util.common.SearchException
Invalid bridge for input type '%2$s': '%1$s'. This bridge expects an input of type '%3$s'.
HSEARCH700011
org.hibernate.search.util.common.SearchException
Missing field name for @GeoPointBinding on type %1$s. The field name is mandatory when the bridge is applied to a type, optional when applied to a property.
HSEARCH700015
org.hibernate.search.util.common.SearchException
Unable to interpret the type arguments to the ContainerExtractor interface in implementation '%1$s'. Only the following implementations of ContainerExtractor are valid: 1) implementations setting both type parameters to *raw* types, e.g. class MyExtractor implements ContainerExtractor; 2) implementations setting the first type parameter to an array of an unbounded type variable, and setting the second parameter to the same type variable, e.g. MyExtractor implements ContainerExtractor 3) implementations setting the first type parameter to a parameterized type with one argument set to an unbounded type variable and the other to unbounded wildcards, and setting the second type parameter to the same type variable, e.g. MyExtractor implements ContainerExtractor, T>
HSEARCH700016
org.hibernate.search.util.common.SearchException
Invalid container extractor for type '%3$s': '%1$s' (implementation class: '%2$s')
Unable to find the inverse side of the association on type '%2$s' at path '%3$s'. Hibernate Search needs this information in order to reindex '%2$s' when '%1$s' is modified. You can solve this error by defining the inverse side of this association, either with annotations specific to your integration (@OneToMany(mappedBy = ...) in Hibernate ORM) or with the Hibernate Search @AssociationInverseSide annotation. Alternatively, if you do not need to reindex '%2$s' when '%1$s' is modified, you can disable automatic reindexing with @IndexingDependency(reindexOnUpdate = ReindexOnUpdate.SHALLOW).
HSEARCH700021
org.hibernate.search.util.common.SearchException
Unable to apply path '%2$s' to type '%1$s'. This path was resolved as the inverse side of the association '%4$s' on type '%3$s'. Hibernate Search needs to apply this path in order to reindex '%3$s' when '%1$s' is modified. Nested exception: %5$s
HSEARCH700022
org.hibernate.search.util.common.SearchException
The inverse association targets type '%1$s', but a supertype or subtype of '%2$s' was expected.
HSEARCH700023
org.hibernate.search.util.common.SearchException
@AssociationInverseSide.inversePath is empty.
HSEARCH700027
org.hibernate.search.util.common.SearchException
Unable to index type '%1$s': this type is not an entity type. If you only expect subtypes to be instantiated, make this type abstract. If you expect this exact type to be instantiated and want it to be indexed, make it an entity type. Otherwise, ensure this type and its subtypes are never indexed by removing the @Indexed annotation or by annotating the type with @Indexed(enabled = false).
HSEARCH700029
org.hibernate.search.util.common.SearchException
@IndexingDependency.derivedFrom contains an empty path.
HSEARCH700030
org.hibernate.search.util.common.SearchException
Unable to resolve dependencies of a derived property: there is a cyclic dependency starting from type '%1$s'. Derivation chain starting from that type and ending with a cycle:%2$s A derived property cannot be marked as derived from itself, even indirectly through other derived properties. If your model actually contains such cyclic dependency, you should consider disabling automatic reindexing, at least partially using @IndexingDependency(reindexOnUpdate = ReindexOnUpdate.NO) on one of the properties in the cycle.
HSEARCH700031
org.hibernate.search.util.common.SearchException
Unable to apply property mapping: this property mapping must target an index field of standard String type, but the resolved field type is non-standard or non-String. This generally means you need to use a different field annotation or to convert property values using a custom ValueBridge or ValueBinder. If you are already using a custom ValueBridge or ValueBinder, check its field type. Details: encountered type DSL step '%1$s', which does not extend the expected interface '%2$s'.
HSEARCH700037
org.hibernate.search.util.common.SearchException
No matching entity type for type identifier '%1$s'. Either this type is not an entity type, or the entity type is not mapped in Hibernate Search. Valid identifiers for mapped entity types are: %2$s
HSEARCH700038
org.hibernate.search.util.common.SearchException
The entity identifier must not be null.
HSEARCH700039
org.hibernate.search.util.common.SearchException
'%1$s' cannot be assigned to '%2$s'
HSEARCH700040
org.hibernate.search.util.common.SearchException
No matching indexed entity type for type identifier '%1$s'. Either this type is not an entity type, or the entity type is not indexed in Hibernate Search. Valid identifiers for indexed entity types are: %2$s
HSEARCH700041
org.hibernate.search.util.common.SearchException
Invalid reference to default extractors: a chain of multiple container extractors must not include the default extractors. Either use only the default extractors, or explicitly reference every single extractor to be applied.
HSEARCH700042
org.hibernate.search.util.common.SearchException
%1$s failure(s) occurred during mass indexing. See the logs for details. First failure: %2$s
HSEARCH700043
org.hibernate.search.util.common.SearchException
Exception creating URL from String '%1$s'.
HSEARCH700044
org.hibernate.search.util.common.SearchException
Exception creating URI from String '%1$s'.
HSEARCH700045
org.hibernate.search.util.common.SearchException
A PojoModelPath must include at least one property.
HSEARCH700046
org.hibernate.search.util.common.SearchException
Unable to apply path '%2$s' to type '%1$s'. This path was declared as a path to collect entities of type '%3$s' to be reindexed. Hibernate Search needs to apply this path in order to reindex '%3$s' when '%1$s' is modified. Nested exception: %4$s
HSEARCH700047
org.hibernate.search.util.common.SearchException
Invalid use of 'fromOtherEntity': this method can only be used when the bridged element has an entity type, but the bridged element has type '%1$s', which is not an entity type.
HSEARCH700048
org.hibernate.search.util.common.SearchException
Invalid type passed to 'fromOtherEntity': the type must be an entity type. Type '%1$s' is not an entity type.
HSEARCH700049
org.hibernate.search.util.common.SearchException
Incorrect binder implementation: the binder did not declare any dependency to the entity model during binding. Declare dependencies using context.dependencies().use(...) or, if the bridge really does not depend on the entity model, context.dependencies().useRootOnly().
HSEARCH700050
org.hibernate.search.util.common.SearchException
Incorrect binder implementation: the binder called context.dependencies().useRootOnly() during binding, but also declared extra dependencies to the entity model.
HSEARCH700051
org.hibernate.search.util.common.SearchException
Unable to apply property mapping: this property mapping must target an index field of standard, scaled-number type (BigDecimal or BigInteger), but the resolved field type is non-standard or non-scaled. This generally means you need to use a different field annotation or to convert property values using a custom ValueBridge or ValueBinder. If you are already using a custom ValueBridge or ValueBinder, check its field type. Details: encountered type DSL step '%1$s', which does not extend the expected interface '%2$s'.
HSEARCH700052
org.hibernate.search.util.common.SearchException
Unexpected extractor references: extractors cannot be defined explicitly when extract = ContainerExtract.NO. Either leave 'extract' to its default value to define extractors explicitly or leave the 'extractor' list to its default, empty value to disable extraction.
HSEARCH700053
org.hibernate.search.util.common.SearchException
No container extractor with name '%1$s'. Check that this name matches a container extractor, either a builtin one whose name is a constant in '%2$s' or a custom one that was properly registered.
HSEARCH700058
org.hibernate.search.util.common.SearchException
Incorrect binder implementation: binder '%1$s' did not call context.bridge(...).
HSEARCH700059
org.hibernate.search.util.common.SearchException
Incorrect binder implementation: binder '%1$s' did not call context.marker(...).
HSEARCH700060
org.hibernate.search.util.common.SearchException
Unable to trigger entity processing while already processing entities. Make sure you do not change entities within an entity getter or a custom bridge used for indexing, and avoid any event that could trigger entity processing. Hibernate ORM flushes, in particular, must be avoided in entity getters and bridges.
HSEARCH700061
org.hibernate.search.util.common.SearchException
Unable to index-embed type '%1$s': no index mapping (@GenericField, @FullTextField, custom bridges, ...) is defined for that type.
HSEARCH700064
org.hibernate.search.util.common.SearchException
Multiple entity names assigned to the same type: '%1$s', '%2$s'.
HSEARCH700065
org.hibernate.search.util.common.SearchException
Unable to apply property mapping: this property mapping must target an index field of standard type, but the resolved field type is non-standard. This generally means you need to use a different field annotation or to convert property values using a custom ValueBridge or ValueBinder. If you are already using a custom ValueBridge or ValueBinder, check its field type. Details: encountered type DSL step '%1$s', which does not extend the expected interface '%2$s'.
HSEARCH700066
org.hibernate.search.util.common.SearchException
Unable to apply property mapping: this property mapping must target an index field of non-standard type, but the resolved field type is standard. Switch to a standard field annotation such as @GenericField. Details: encountered type DSL step '%1$s', which does extend the interface '%2$s'.
HSEARCH700067
org.hibernate.search.util.common.SearchException
Invalid annotation processor: '%1$s'. This processor expects annotations of a different type: '%2$s'.
HSEARCH700068
org.hibernate.search.util.common.SearchException
Empty annotation processor reference in meta-annotation '%1$s'.
HSEARCH700069
org.hibernate.search.util.common.SearchException
Ambiguous @IndexedEmbedded name: both 'name' and 'prefix' are set. Only one can be set. Name is '%1$s', prefix is '%2$s'.
HSEARCH700070
org.hibernate.search.util.common.SearchException
Invalid index field name '%1$s': field names cannot contain a dot ('.').
HSEARCH700071
org.hibernate.search.util.common.SearchException
No property annotated with @Alternative(id = %1$s). There must be exactly one such property in order to map property '%2$s' to multi-alternative fields.
HSEARCH700072
org.hibernate.search.util.common.SearchException
Multiple properties annotated with @Alternative(id = %1$s). There must be exactly one such property in order to map property '%2$s' to multi-alternative fields.
HSEARCH700073
org.hibernate.search.util.common.SearchException
Invalid routing bridge for entity type '%2$s': '%1$s' This bridge expects an entity type extending '%3$s'.
HSEARCH700075
org.hibernate.search.util.common.SearchException
Incorrect routing bridge implementation: routing bridge '%1$s' did not define any current route. In the implementation of RoutingBridge.route(...), define exactly one current route by calling 'routes.addRoute()', or explicitly indicate indexing is not required by calling 'routes.notIndexed()'.
HSEARCH700076
org.hibernate.search.util.common.SearchException
Incorrect routing bridge implementation: routing bridge '%1$s' defined multiple current routes. In the implementation of RoutingBridge.route(...), define at most one current route by calling 'routes.addRoute()' at most once.
HSEARCH700077
org.hibernate.search.util.common.SearchException
Incorrect routing bridge implementation: routing bridge '%1$s' did not define any previous route. In the implementation of RoutingBridge.previousRoutes(...), define at least one previous route by calling 'routes.addRoute()' at least once, or explicitly indicate no prior indexing was performed by calling 'routes.notIndexed()'.
HSEARCH700078
org.hibernate.search.util.common.SearchException
No readable property named '%2$s' on type '%1$s'.
HSEARCH700079
org.hibernate.search.util.common.SearchException
Exception while retrieving property type model for '%1$s' on '%2$s'.
HSEARCH700080
org.hibernate.search.util.common.SearchException
Unable to infer index field type for value bridge '%1$s': this bridge implements ValueBridge, but sets the generic type parameter F to '%2$s'. The index field type can only be inferred automatically when this type parameter is set to a raw class. Use a ValueBinder to set the index field type explicitly, or set the type parameter F to a definite, raw type.
HSEARCH700081
org.hibernate.search.util.common.SearchException
Unable to infer expected identifier type for identifier bridge '%1$s': this bridge implements IdentifierBridge, but sets the generic type parameter I to '%2$s'. The expected identifier type can only be inferred automatically when this type parameter is set to a raw class. Use an IdentifierBinder to set the expected identifier type explicitly, or set the type parameter I to a definite, raw type.
HSEARCH700082
org.hibernate.search.util.common.SearchException
Unable to infer expected value type for value bridge '%1$s': this bridge implements ValueBridge, but sets the generic type parameter V to '%2$s'. The expected value type can only be inferred automatically when this type parameter is set to a raw class. Use a ValueBinder to set the expected value type explicitly, or set the type parameter V to a definite, raw type.
HSEARCH700083
org.hibernate.search.util.common.SearchException
Exception while building document for entity '%1$s': %2$s
HSEARCH700084
org.hibernate.search.util.common.SearchException
Exception while resolving other entities to reindex as a result of changes on entity '%1$s': %2$s
HSEARCH700085
WARN
Multiple getters exist for property named '%2$s' on type '%1$s'. Hibernate Search will use '%3$s' and ignore %4$s. The selected getter may change from one startup to the next. To get rid of this warning, either remove the extra getters or configure the access type for this property to 'FIELD'.
HSEARCH700086
org.hibernate.search.util.common.SearchException
Unexpected entity name for entity loading: '%1$s'. Expected one of %2$s.
HSEARCH700087
org.hibernate.search.util.common.SearchException
Invalid indexing request: if the entity is null, the identifier must be provided explicitly.
HSEARCH700088
org.hibernate.search.util.common.SearchException
Invalid indexing request: the add and update operations require a non-null entity.
HSEARCH700089
org.hibernate.search.util.common.SearchException
No matching entity type for name '%1$s'. Either this is not the name of an entity type, or the entity type is not mapped in Hibernate Search. Valid names for mapped entity types are: %2$s
HSEARCH700090
org.hibernate.search.util.common.SearchException
The required identifier type '%1$s' does not match the actual identifier type '%2$s': the required identifier must be a superclass of the actual identifier.
HSEARCH700101
org.hibernate.search.util.common.SearchException
%1$s failure(s) occurred during mass indexing. See the logs for details. First failure on entity '%2$s': %3$s
HSEARCH700102
ERROR
The mass indexing failure handler threw an exception while handling a previous failure. The failure may not have been reported.
HSEARCH700103
org.hibernate.search.util.common.SearchException
Mass indexing received interrupt signal. The index is left in an unknown state!
HSEARCH700104
org.hibernate.search.util.common.SearchException
Param with name '%1$s' has not been defined for the binder.
HSEARCH700105
org.hibernate.search.util.common.SearchException
Cannot work with the identifier of entities of type '%1$s': identifier mapping (@DocumentId, ...) is not configured for this type.
HSEARCH700107
org.hibernate.search.util.common.SearchException
No main constructor for type '%1$s': this type does not declare exactly one constructor.
HSEARCH700109
org.hibernate.search.util.common.SearchException
No constructor with parameter types %2$s on type '%1$s'. Available constructors: %3$s
HSEARCH700110
org.hibernate.search.util.common.SearchException
Exception while retrieving parameter type model for parameter #%1$s of '%2$s'.
HSEARCH700111
org.hibernate.search.util.common.SearchException
Exception while retrieving constructor handle for '%1$s' on '%2$s'.
HSEARCH700112
org.hibernate.search.util.common.SearchException
Invalid object class for projection: %1$s. Make sure that this class is mapped correctly, either through annotations (@ProjectionConstructor) or programmatic mapping. If it is, make sure the class is included in a Jandex index made available to Hibernate Search.
HSEARCH700113
org.hibernate.search.util.common.SearchException
Invalid declaring type for projection constructor: type '%1$s' is abstract. Projection constructors can only be declared on concrete types.
HSEARCH700114
org.hibernate.search.util.common.SearchException
Missing parameter names in Java metadata for projection constructor. When inferring inner projections from constructor parameters, constructor parameter names must be known. Either make sure this class was compiled with the '-parameters' compiler flag, or set the path explicitly with '@FieldProjection(path = ...)' or '@ObjectProjection(path = ...)'.
HSEARCH700115
org.hibernate.search.util.common.SearchException
Invalid parameter type for projection constructor: %1$s. When inferring the cardinality of inner projections from constructor parameters, multi-valued constructor parameters must be lists (java.util.List<...>) or list supertypes (java.lang.Iterable<...>, java.util.Collection<...>)
HSEARCH700116
org.hibernate.search.util.common.SearchException
Multiple projection constructor are mapped for type '%1$s'. At most one projection constructor is allowed for each type.
HSEARCH700117
DEBUG
Constructor projection for type '%1$s': %2$s
HSEARCH700118
org.hibernate.search.util.common.SearchException
Cyclic recursion starting from '%1$s' on %2$s. Index field path starting from that location and ending with a cycle: '%3$s'. A projection constructor cannot declare an unrestricted @ObjectProjection to itself, even indirectly. To break the cycle, you should consider adding filters to your @ObjectProjection: includePaths, includeDepth, excludePaths, ...
HSEARCH700119
org.hibernate.search.util.common.SearchException
Exception while retrieving the Jandex index for code source location '%1$s': %2$s
HSEARCH700120
WARN
Both "dropAndCreateSchemaOnStart()" and "purgeAllOnStart()" are enabled. Consider having just one setting enabled as after the index is recreated there is nothing to purge.
HSEARCH700121
org.hibernate.search.util.common.SearchException
Invalid ObjectPath encountered '%1$s': %2$s
HSEARCH700122
WARN
An unexpected failure occurred while configuring resolution of association inverse side for reindexing. This may lead to incomplete reindexing and thus out-of-sync indexes. The exception is being ignored to preserve backwards compatibility with earlier versions of Hibernate Search. Failure: %3$s %2$s Association inverse side: %1$s.
Indexing failure: %1$s. The following entities may not have been updated correctly in the index: %2$s.
HSEARCH700125
org.hibernate.search.util.common.SearchException
%1$s failures went unreported for this operation to avoid flooding. To disable flooding protection, use 'massIndexer.failureFloodingThreshold(Long.MAX_VALUE)'.
HSEARCH700126
org.hibernate.search.util.common.SearchException
Target path '%1$s' already exists and is not an empty directory. Use a path to an empty or non-existing directory.
HSEARCH700127
org.hibernate.search.util.common.SearchException
Unable to export the schema: %1$s
HSEARCH700128
org.hibernate.search.util.common.SearchException
Indexing plan for '%1$s' cannot be created as this type is excluded by the indexing plan filter.
HSEARCH700129
org.hibernate.search.util.common.SearchException
'%1$s' cannot be included and excluded at the same time within one filter. Already included types: '%2$s'. Already excluded types: '%3$s'.
HSEARCH700130
org.hibernate.search.util.common.SearchException
No matching entity type for class '%1$s'. This class is neither an entity type mapped in Hibernate Search nor a superclass of such entity type. Note interfaces are not considered superclasses and are not permitted here. Valid classes are: %2$s
HSEARCH700131
org.hibernate.search.util.common.SearchException
No matching entity type for the name '%1$s'. This name represents neither an entity type mapped in Hibernate Search nor a superclass of such entity type. Valid entity type names are: %2$s
HSEARCH700132
org.hibernate.search.util.common.SearchException
No matching supertype type for type identifier '%1$s'. Valid identifiers for indexed entity types are: %2$s
HSEARCH700133
org.hibernate.search.util.common.SearchException
No parameter at index '%2$s' for constructor '%1$s'.
HSEARCH700134
org.hibernate.search.util.common.SearchException
Multiple projections are mapped for this parameter. At most one projection is allowed for each parameter.
HSEARCH700135
org.hibernate.search.util.common.SearchException
Incorrect binder implementation: binder '%1$s' did not call context.definition(...).
HSEARCH700136
org.hibernate.search.util.common.SearchException
Invalid projection definition for constructor parameter type '%2$s': '%1$s'. This projection results in values of type '%3$s'.
HSEARCH700137
org.hibernate.search.util.common.SearchException
Invalid multi-valued projection definition for constructor parameter type '%2$s': '%1$s'. This projection results in values of type '%3$s'.
HSEARCH700138
org.hibernate.search.util.common.SearchException
Missing parameter names in Java metadata for projection constructor. When mapping a projection constructor parameter to a field projection without providing a field path, constructor parameter names must be known. Either make sure this class was compiled with the '-parameters' compiler flag, or set the path explicitly with '@FieldProjection(path = ...)'.
HSEARCH700139
org.hibernate.search.util.common.SearchException
Missing parameter names in Java metadata for projection constructor. When mapping a projection constructor parameter to an object projection without providing a field path, constructor parameter names must be known. Either make sure this class was compiled with the '-parameters' compiler flag, or set the path explicitly with '@ObjectProjection(path = ...)'.
HSEARCH700140
org.hibernate.search.util.common.SearchException
Missing parameter names in Java metadata for projection constructor. When mapping a projection constructor parameter to a highlight projection without providing a field path, constructor parameter names must be known. Either make sure this class was compiled with the '-parameters' compiler flag, or set the path explicitly with '@HighlightProjection(path = ...)'.
HSEARCH700141
org.hibernate.search.util.common.SearchException
Invalid constructor parameter type: '%1$s'. The highlight projection results in values of type 'List'.
HSEARCH700142
org.hibernate.search.util.common.SearchException
%1$s defines excludePaths filters that do not match anything. Non-matching excludePaths filters: %2$s. Encountered field paths: %3$s. Check the filters for typos, or remove them if they are not useful.
Unable to resolve path '%1$s' to a persisted attribute in Hibernate ORM metadata. If this path points to a transient attribute, use @IndexingDependency(derivedFrom = ...) to specify which persisted attributes it is derived from. See the reference documentation for more information.
HSEARCH800008
org.hibernate.search.util.common.SearchException
Path '%1$s' points to attribute '%2$s' that will never be reported as dirty by Hibernate ORM. Check that you didn't declare an invalid indexing dependency.
HSEARCH800009
org.hibernate.search.util.common.SearchException
Unable to apply container value extractor with name '%2$s' to Hibernate ORM metadata node of type '%1$s'.
HSEARCH800011
org.hibernate.search.util.common.SearchException
Unable to create a SearchSession for sessions created using a different session factory. Expected: '%1$s'. In use: '%2$s'.
HSEARCH800012
org.hibernate.search.util.common.SearchException
Unable to retrieve property type model for '%1$s' on '%2$s': %3$s
The entity loader for '%1$s' is ignoring the cache lookup strategy '%2$s', because document IDs are distinct from entity IDs and thus cannot be used for persistence context or second level cache lookups.
HSEARCH800020
DEBUG
The entity loader for '%1$s' is ignoring the second-level cache even though it was instructed to use it, because caching is not enabled for this entity type.
HSEARCH800021
org.hibernate.search.util.common.SearchException
Unable to access Hibernate ORM session factory: %1$s
HSEARCH800022
org.hibernate.search.util.common.SearchException
Indexing failure: %1$s. The following entities may not have been updated correctly in the index: %2$s.
HSEARCH800023
org.hibernate.search.util.common.SearchException
Unable to process entities for indexing before transaction completion: %1$s
HSEARCH800024
org.hibernate.search.util.common.SearchException
Unable to index documents for indexing after transaction completion: %1$s
HSEARCH800025
org.hibernate.search.util.common.SearchException
Unable to handle transaction: %1$s
HSEARCH800027
org.hibernate.search.util.common.SearchException
Unknown type: '%1$s'. Available named types: %2$s. For entity types, the correct type name is the entity name. For component types (embeddeds, ...) in dynamic-map entities, the correct type name is name of the owner entity followed by a dot ('.') followed by the dot-separated path to the component, e.g. 'MyEntity.myEmbedded' or 'MyEntity.myEmbedded.myNestedEmbedded'.
HSEARCH800028
org.hibernate.search.util.common.SearchException
No matching entity type for name '%1$s'. This is not the name of a Hibernate ORM entity type. Valid names for Hibernate ORM entity types are: %2$s
HSEARCH800029
org.hibernate.search.util.common.SearchException
Invalid type for '%1$s': the entity type must extend '%2$s', but entity type '%3$s' does not.
No matching indexed entity type for class '%1$s'. Either this class is not an entity type, or the entity type is not indexed in Hibernate Search. Valid classes for indexed entity types are: %2$s
HSEARCH800034
org.hibernate.search.util.common.SearchException
No matching indexed entity type for name '%1$s'. Either this is not the name of an entity type, or the entity type is not indexed in Hibernate Search. Valid names for indexed entity types are: %2$s
HSEARCH800035
ERROR
Unable to shut down Hibernate Search: %1$s
HSEARCH800036
org.hibernate.search.util.common.SearchException
Cannot use scroll() with scroll mode '%1$s' with Hibernate Search queries: only ScrollMode.FORWARDS_ONLY is supported.
HSEARCH800037
org.hibernate.search.util.common.SearchException
Cannot scroll backwards with Hibernate Search scrolls: they are forwards-only. Ensure you always increment the scroll position, and never decrement it.
HSEARCH800038
org.hibernate.search.util.common.SearchException
Cannot set the scroll position relative to the end with Hibernate Search scrolls. Ensure you always pass a positive number to setRowNumber().
HSEARCH800039
org.hibernate.search.util.common.SearchException
Cannot use this ScrollableResults instance: it is closed.
HSEARCH800040
org.hibernate.search.util.common.SearchException
Multiple instances of entity type '%1$s' have their property '%2$s' set to '%3$s'. '%2$s' is the document ID and must be assigned unique values.
Cannot customize the indexing plan synchronization strategy: the selected coordination strategy always processes events asynchronously, through a queue.
HSEARCH800053
WARN
Configuration property '%1$s' is deprecated; use '%2$s' instead.
HSEARCH800054
org.hibernate.search.util.common.SearchException
Cannot determine the set of all possible tenant identifiers. You must provide this information by setting configuration property '%1$s' to a comma-separated string containing all possible tenant identifiers.
HSEARCH800055
org.hibernate.search.util.common.SearchException
Cannot target tenant '%1$s' because this tenant identifier was not listed in the configuration provided on startup. To target this tenant, you must provide the tenant identifier through configuration property '%3$s', which should be set to a comma-separated string containing all possible tenant identifiers. Currently configured tenant identifiers: %2$s.
HSEARCH800056
INFO
Ignoring unrecognized query hint [%s]
HSEARCH800057
org.hibernate.search.util.common.SearchException
Cannot set the fetch size of Hibernate Search ScrollableResults after having created them. If you want to define the size of batches for entity loading, set loading options when defining the query instead, for example with .loading(o -> o.fetchSize(50)). See the reference documentation for more information.
HSEARCH800058
org.hibernate.search.util.common.SearchException
No matching entity type for type identifier '%1$s'. Either this type is not an entity type, or the entity type is not mapped in Hibernate Search. Valid identifiers for mapped entity types are: %2$s
HSEARCH800059
org.hibernate.search.util.common.SearchException
No matching indexed entity type for type identifier '%1$s'. Either this type is not an entity type, or the entity type is not indexed in Hibernate Search. Valid identifiers for indexed entity types are: %2$s
HSEARCH800060
org.hibernate.search.util.common.SearchException
No matching entity type for class '%1$s'. Either this class is not an entity type, or the entity type is not mapped in Hibernate Search. Valid classes for mapped entity types are: %2$s
HSEARCH800061
org.hibernate.search.util.common.SearchException
No matching entity type for name '%1$s'. Either this is not the name of an entity type, or the entity type is not mapped in Hibernate Search. Valid names for mapped entity types are: %2$s
HSEARCH800062
org.hibernate.search.util.common.SearchException
No matching entity type for name '%1$s'. Either this is not the JPA name of an entity type, or the entity type is not mapped in Hibernate Search. Valid JPA names for mapped entities are: %2$s
HSEARCH800063
org.hibernate.search.util.common.SearchException
No matching indexed entity type for name '%1$s'. Either this is not the JPA name of an entity type, or the entity type is not indexed in Hibernate Search. Valid JPA names for indexed entities are: %2$s
HSEARCH800064
org.hibernate.search.util.common.SearchException
No matching entity type for name '%1$s'. Either this is not the Hibernate ORM name of an entity type, or the entity type is not mapped in Hibernate Search. Valid Hibernate ORM names for mapped entities are: %2$s
HSEARCH800121
WARN
An unexpected failure occurred while resolving the representation of path '%1$s' in the entity state array, which is necessary to configure resolution of association inverse side for reindexing. This may lead to incomplete reindexing and thus out-of-sync indexes. The exception is being ignored to preserve backwards compatibility with earlier versions of Hibernate Search. Failure: %3$s %2$s
HSEARCH800122
org.hibernate.search.util.common.SearchException
Both '%1$s' and '%2$s' are configured. Use only '%1$s' to set the indexing plan synchronization strategy.
HSEARCH800123
WARN
Configuration property '%1$s' is deprecated; use '%2$s' instead.
HSEARCH800124
org.hibernate.search.util.common.SearchException
Unable to apply the given filter at the session level with the outbox polling coordination strategy. With this coordination strategy, applying a session-level indexing plan filter is only allowed if it excludes all types.
HSEARCH800125
WARN
Configuration property '%1$s' is deprecated. This setting will be removed in a future version. There will be no alternative provided to replace it. A dirty check will always be performed when considering triggering the reindexing.
HSEARCH800126
org.hibernate.search.util.common.SearchException
Both '%1$s' and '%2$s' are configured. Use only '%2$s' to enable indexing listeners.
HSEARCH900000
java.lang.IllegalArgumentException
'%1$s' must not be null.
HSEARCH900001
java.lang.IllegalArgumentException
'%1$s' must not be null or empty.
HSEARCH900002
java.lang.IllegalArgumentException
'%1$s' must be positive or zero.
HSEARCH900003
java.lang.IllegalArgumentException
'%1$s' must not be null or empty.
HSEARCH900004
java.lang.IllegalArgumentException
'%1$s' must not be null or empty.
HSEARCH900005
org.hibernate.search.util.common.SearchException
Exception while invoking '%1$s' on '%2$s': %3$s.
HSEARCH900006
java.lang.IllegalArgumentException
Requested type argument %3$s to type %2$s in implementing type %1$s, but %2$s doesn't declare any type parameter.
HSEARCH900007
java.lang.IllegalArgumentException
Requested type argument %3$s to type %2$s in implementing type %1$s, but %2$s only declares %4$s type parameter(s).
HSEARCH900008
java.lang.IllegalArgumentException
Requested type argument index %3$s to type %2$s in implementing type %1$s should be 0 or greater.
HSEARCH900009
INFO
Unable to access the value of containing annotation '%1$s'. Ignoring annotation.
HSEARCH900010
java.lang.IllegalArgumentException
'%1$s' must be strictly positive.
HSEARCH900011
java.lang.IllegalArgumentException
'%1$s' must not contain any null element.
HSEARCH900012
org.hibernate.search.util.common.SearchException
Exception while invoking '%1$s' with arguments %2$s: %3$s
HSEARCH900013
org.hibernate.search.util.common.SearchException
Exception while accessing Jandex index for '%1$s': %2$s
HSEARCH900014
org.hibernate.search.util.common.SearchException
Exception while building Jandex index for '%1$s': %2$s
HSEARCH900015
java.lang.IllegalArgumentException
Property name '%1$s' cannot contain dots.
HSEARCH900016
java.io.IOException
Cannot open filesystem for code source at '%1$s': %2$s
HSEARCH900017
java.io.IOException
Cannot interpret '%1$s' as a local directory or JAR.
HSEARCH900018
java.io.IOException
Cannot open a ZIP filesystem for code source at '%1$s', because the URI points to content inside a nested JAR.
HV
Code
Level
Return Type
Message
HV000001
INFO
Hibernate Validator %s
HV000002
DEBUG
Ignoring XML configuration.
HV000003
DEBUG
Using %s as constraint validator factory.
HV000004
DEBUG
Using %s as message interpolator.
HV000005
DEBUG
Using %s as traversable resolver.
HV000006
DEBUG
Using %s as validation provider.
HV000007
DEBUG
%s found. Parsing XML based configuration.
HV000008
WARN
Unable to close input stream.
HV000010
WARN
Unable to close input stream for %s.
HV000011
WARN
Unable to create schema for %1$s: %2$s
HV000012
jakarta.validation.ValidationException
Unable to create annotation for configured constraint
HV000013
jakarta.validation.ValidationException
The class %1$s does not have a property '%2$s' with access %3$s.
HV000016
java.lang.IllegalArgumentException
%s does not represent a valid BigDecimal format.
HV000017
java.lang.IllegalArgumentException
The length of the integer part cannot be negative.
HV000018
java.lang.IllegalArgumentException
The length of the fraction part cannot be negative.
HV000019
java.lang.IllegalArgumentException
The min parameter cannot be negative.
HV000020
java.lang.IllegalArgumentException
The max parameter cannot be negative.
HV000021
java.lang.IllegalArgumentException
The length cannot be negative.
HV000022
java.lang.IllegalArgumentException
Invalid regular expression.
HV000023
jakarta.validation.ConstraintDeclarationException
Error during execution of script "%s" occurred.
HV000024
jakarta.validation.ConstraintDeclarationException
Script "%s" returned null, but must return either true or false.
HV000025
jakarta.validation.ConstraintDeclarationException
Script "%1$s" returned %2$s (of type %3$s), but must return either true or false.
Constraint factory returned null when trying to create instance of %s.
HV000030
jakarta.validation.UnexpectedTypeException
No validator could be found for constraint '%s' validating type '%s'. Check configuration for '%s'
HV000031
jakarta.validation.UnexpectedTypeException
There are multiple validator classes which could validate the type %1$s. The validator classes are: %2$s.
HV000032
jakarta.validation.ValidationException
Unable to initialize %s.
HV000033
jakarta.validation.ValidationException
At least one custom message must be created if the default error message gets disabled.
HV000034
java.lang.IllegalArgumentException
%s is not a valid Java Identifier.
HV000035
java.lang.IllegalArgumentException
Unable to parse property path %s.
HV000036
jakarta.validation.ValidationException
Type %s not supported for unwrapping.
HV000037
jakarta.validation.ValidationException
Inconsistent fail fast configuration. Fail fast enabled via programmatic API, but explicitly disabled via properties.
HV000038
java.lang.IllegalArgumentException
Invalid property path.
HV000039
java.lang.IllegalArgumentException
Invalid property path. Either there is no property %2$s in entity %1$s or it is not possible to cascade to the property.
HV000040
java.lang.IllegalArgumentException
Property path must provide index or map key.
HV000041
jakarta.validation.ValidationException
Call to TraversableResolver.isReachable() threw an exception.
HV000042
jakarta.validation.ValidationException
Call to TraversableResolver.isCascadable() threw an exception.
HV000043
jakarta.validation.GroupDefinitionException
Unable to expand default group list %1$s into sequence %2$s.
HV000044
java.lang.IllegalArgumentException
At least one group has to be specified.
HV000045
jakarta.validation.ValidationException
A group has to be an interface. %s is not.
HV000046
jakarta.validation.GroupDefinitionException
Sequence definitions are not allowed as composing parts of a sequence.
HV000047
jakarta.validation.GroupDefinitionException
Cyclic dependency in groups definition
HV000048
jakarta.validation.GroupDefinitionException
Unable to expand group sequence.
HV000052
jakarta.validation.GroupDefinitionException
Default group sequence and default group sequence provider cannot be defined at the same time.
HV000053
jakarta.validation.GroupDefinitionException
'Default.class' cannot appear in default group sequence list.
HV000054
jakarta.validation.GroupDefinitionException
%s must be part of the redefined default group sequence.
HV000055
jakarta.validation.GroupDefinitionException
The default group sequence provider defined for %s has the wrong type
HV000056
java.lang.IllegalArgumentException
Method or constructor %1$s doesn't have a parameter with index %2$d.
HV000059
jakarta.validation.ValidationException
Unable to retrieve annotation parameter value.
HV000062
java.lang.IllegalArgumentException
Method or constructor %1$s has %2$s parameters, but the passed list of parameter meta data has a size of %3$s.
HV000063
jakarta.validation.ValidationException
Unable to instantiate %s.
HV000064
jakarta.validation.ValidationException
Unable to instantiate %1$s: %2$s.
HV000065
jakarta.validation.ValidationException
Unable to load class: %s from %s.
HV000068
java.lang.IllegalArgumentException
Start index cannot be negative: %d.
HV000069
java.lang.IllegalArgumentException
End index cannot be negative: %d.
HV000070
java.lang.IllegalArgumentException
Invalid Range: %1$d > %2$d.
HV000071
java.lang.IllegalArgumentException
A explicitly specified check digit must lie outside the interval: [%1$d, %2$d].
HV000072
java.lang.NumberFormatException
'%c' is not a digit.
HV000073
jakarta.validation.ConstraintDefinitionException
Parameters starting with 'valid' are not allowed in a constraint.
HV000074
jakarta.validation.ConstraintDefinitionException
%2$s contains Constraint annotation, but does not contain a %1$s parameter.
HV000075
jakarta.validation.ConstraintDefinitionException
%s contains Constraint annotation, but the payload parameter default value is not the empty array.
HV000076
jakarta.validation.ConstraintDefinitionException
%s contains Constraint annotation, but the payload parameter is of wrong type.
HV000077
jakarta.validation.ConstraintDefinitionException
%s contains Constraint annotation, but the groups parameter default value is not the empty array.
HV000078
jakarta.validation.ConstraintDefinitionException
%s contains Constraint annotation, but the groups parameter is of wrong type.
HV000079
jakarta.validation.ConstraintDefinitionException
%s contains Constraint annotation, but the message parameter is not of type java.lang.String.
HV000080
jakarta.validation.ConstraintDefinitionException
Overridden constraint does not define an attribute with name %s.
HV000081
jakarta.validation.ConstraintDefinitionException
The overriding type of a composite constraint must be identical to the overridden one. Expected %1$s found %2$s.
HV000082
jakarta.validation.ValidationException
Wrong type for attribute '%2$s' of annotation %1$s. Expected: %3$s. Actual: %4$s.
HV000083
jakarta.validation.ValidationException
The specified annotation %1$s defines no attribute '%2$s'.
HV000084
jakarta.validation.ValidationException
Unable to get attribute '%2$s' from annotation %1$s.
HV000085
java.lang.IllegalArgumentException
No value provided for attribute '%1$s' of annotation @%2$s.
HV000086
java.lang.RuntimeException
Trying to instantiate annotation %1$s with unknown attribute(s): %2$s.
HV000087
java.lang.IllegalArgumentException
Property name cannot be null or empty.
HV000088
java.lang.IllegalArgumentException
Element type has to be FIELD or METHOD.
HV000089
java.lang.IllegalArgumentException
Member %s is neither a field nor a method.
HV000090
jakarta.validation.ValidationException
Unable to access %s.
HV000091
java.lang.IllegalArgumentException
%s has to be a primitive type.
HV000093
jakarta.validation.ValidationException
null is an invalid type for a constraint validator.
HV000094
java.lang.IllegalArgumentException
Missing actual type argument for type parameter: %s.
HV000095
jakarta.validation.ValidationException
Unable to instantiate constraint factory class %s.
HV000096
jakarta.validation.ValidationException
Unable to open input stream for mapping file %s.
HV000097
jakarta.validation.ValidationException
Unable to instantiate message interpolator class %s.
HV000098
jakarta.validation.ValidationException
Unable to instantiate traversable resolver class %s.
HV000099
jakarta.validation.ValidationException
Unable to instantiate validation provider class %s.
HV000100
jakarta.validation.ValidationException
Unable to parse %s.
HV000101
jakarta.validation.ValidationException
%s is not an annotation.
HV000102
jakarta.validation.ValidationException
%s is not a constraint validator class.
HV000103
jakarta.validation.ValidationException
%s is configured at least twice in xml.
HV000104
jakarta.validation.ValidationException
%1$s is defined twice in mapping xml for bean %2$s.
HV000105
jakarta.validation.ValidationException
%1$s does not contain the fieldType %2$s.
HV000106
jakarta.validation.ValidationException
%1$s does not contain the property %2$s.
HV000107
jakarta.validation.ValidationException
Annotation of type %1$s does not contain a parameter %2$s.
HV000108
jakarta.validation.ValidationException
Attempt to specify an array where single value is expected.
HV000109
jakarta.validation.ValidationException
Unexpected parameter value.
HV000110
jakarta.validation.ValidationException
Invalid %s format.
HV000111
jakarta.validation.ValidationException
Invalid char value: %s.
HV000112
jakarta.validation.ValidationException
Invalid return type: %s. Should be a enumeration type.
HV000113
jakarta.validation.ValidationException
%s, %s, %s are reserved parameter names.
HV000114
jakarta.validation.ValidationException
Specified payload class %s does not implement jakarta.validation.Payload
HV000115
jakarta.validation.ValidationException
Error parsing mapping file.
HV000116
java.lang.IllegalArgumentException
%s
HV000118
java.lang.ClassCastException
Unable to cast %s (with element kind %s) to %s
HV000119
DEBUG
Using %s as parameter name provider.
HV000120
jakarta.validation.ValidationException
Unable to instantiate parameter name provider class %s.
HV000121
jakarta.validation.ValidationException
Unable to parse %s.
HV000122
jakarta.validation.ValidationException
Unsupported schema version for %s: %s.
HV000124
jakarta.validation.ConstraintDeclarationException
Found multiple group conversions for source group %s: %s.
HV000125
jakarta.validation.ConstraintDeclarationException
Found group conversions for non-cascading element at: %s.
HV000127
jakarta.validation.ConstraintDeclarationException
Found group conversion using a group sequence as source at: %s.
HV000129
WARN
EL expression '%s' references an unknown property
HV000130
WARN
Error in EL expression '%s'
HV000131
jakarta.validation.ConstraintDeclarationException
A method return value must not be marked for cascaded validation more than once in a class hierarchy, but the following two methods are marked as such: %s, %s.
HV000132
jakarta.validation.ConstraintDeclarationException
Void methods must not be constrained or marked for cascaded validation, but method %s is.
HV000133
jakarta.validation.ValidationException
%1$s does not contain a constructor with the parameter types %2$s.
HV000134
jakarta.validation.ValidationException
Unable to load parameter of type '%1$s' in %2$s.
HV000135
jakarta.validation.ValidationException
%1$s does not contain a method with the name '%2$s' and parameter types %3$s.
HV000136
jakarta.validation.ValidationException
The specified constraint annotation class %1$s cannot be loaded.
HV000137
jakarta.validation.ValidationException
The method '%1$s' is defined twice in the mapping xml for bean %2$s.
HV000138
jakarta.validation.ValidationException
The constructor '%1$s' is defined twice in the mapping xml for bean %2$s.
HV000139
jakarta.validation.ConstraintDefinitionException
The constraint '%1$s' defines multiple cross parameter validators. Only one is allowed.
HV000141
jakarta.validation.ConstraintDeclarationException
The constraint %1$s used ConstraintTarget#IMPLICIT where the target cannot be inferred.
HV000142
jakarta.validation.ConstraintDeclarationException
Cross parameter constraint %1$s is illegally placed on a parameterless method or constructor '%2$s'.
HV000143
jakarta.validation.ConstraintDeclarationException
Cross parameter constraint %1$s is illegally placed on class level.
HV000144
jakarta.validation.ConstraintDeclarationException
Cross parameter constraint %1$s is illegally placed on field '%2$s'.
HV000146
java.lang.IllegalStateException
No parameter nodes may be added since path %s doesn't refer to a cross-parameter constraint.
HV000147
jakarta.validation.ValidationException
%1$s is configured multiple times (note, and nodes for the same method are not allowed)
HV000148
WARN
An exception occurred during evaluation of EL expression '%s'
HV000149
jakarta.validation.ValidationException
An exception occurred during message interpolation
HV000150
jakarta.validation.UnexpectedTypeException
The constraint %1$s defines multiple validators for the type %2$s: %3$s, %4$s. Only one is allowed.
HV000151
jakarta.validation.ConstraintDeclarationException
A method overriding another method must not redefine the parameter constraint configuration, but method %2$s redefines the configuration of %1$s.
HV000152
jakarta.validation.ConstraintDeclarationException
Two methods defined in parallel types must not declare parameter constraints, if they are overridden by the same method, but methods %s and %s both define parameter constraints.
HV000153
jakarta.validation.ConstraintDeclarationException
The constraint %1$s used ConstraintTarget#%2$s but is not specified on a method or constructor.
HV000154
jakarta.validation.ConstraintDefinitionException
Cross parameter constraint %1$s has no cross-parameter validator.
HV000155
jakarta.validation.ConstraintDefinitionException
Composed and composing constraints must have the same constraint type, but composed constraint %1$s has type %3$s, while composing constraint %2$s has type %4$s.
HV000156
jakarta.validation.ConstraintDefinitionException
Constraints with generic as well as cross-parameter validators must define an attribute validationAppliesTo(), but constraint %s doesn't.
HV000157
jakarta.validation.ConstraintDefinitionException
Return type of the attribute validationAppliesTo() of the constraint %s must be jakarta.validation.ConstraintTarget.
HV000158
jakarta.validation.ConstraintDefinitionException
Default value of the attribute validationAppliesTo() of the constraint %s must be ConstraintTarget#IMPLICIT.
HV000159
jakarta.validation.ConstraintDefinitionException
Only constraints with generic as well as cross-parameter validators must define an attribute validationAppliesTo(), but constraint %s does.
HV000160
jakarta.validation.ConstraintDefinitionException
Validator for cross-parameter constraint %s does not validate Object nor Object[].
HV000161
jakarta.validation.ConstraintDeclarationException
Two methods defined in parallel types must not define group conversions for a cascaded method return value, if they are overridden by the same method, but methods %s and %s both define parameter constraints.
HV000162
java.lang.IllegalArgumentException
The validated type %1$s does not specify the constructor/method: %2$s
HV000163
java.lang.IllegalArgumentException
The actual parameter type '%1$s' is not assignable to the expected one '%2$s' for parameter %3$d of '%4$s'
HV000164
java.lang.IllegalArgumentException
%s has to be a auto-boxed type.
HV000165
java.lang.IllegalArgumentException
Mixing IMPLICIT and other executable types is not allowed.
HV000166
jakarta.validation.ValidationException
@ValidateOnExecution is not allowed on methods overriding a superclass method or implementing an interface. Check configuration for %1$s
HV000167
jakarta.validation.ValidationException
A given constraint definition can only be overridden in one mapping file. %1$s is overridden in multiple files
The message descriptor '%1$s' has nested parameters.
HV000170
jakarta.validation.ConstraintDeclarationException
No JSR-223 scripting engine could be bootstrapped for language "%s".
HV000171
jakarta.validation.ValidationException
%s is configured more than once via the programmatic constraint declaration API.
HV000172
jakarta.validation.ValidationException
Property "%2$s" of type %1$s is configured more than once via the programmatic constraint declaration API.
HV000173
jakarta.validation.ValidationException
Method %2$s of type %1$s is configured more than once via the programmatic constraint declaration API.
HV000174
jakarta.validation.ValidationException
Parameter %3$s of method or constructor %2$s of type %1$s is configured more than once via the programmatic constraint declaration API.
HV000175
jakarta.validation.ValidationException
The return value of method or constructor %2$s of type %1$s is configured more than once via the programmatic constraint declaration API.
HV000176
jakarta.validation.ValidationException
Constructor %2$s of type %1$s is configured more than once via the programmatic constraint declaration API.
HV000177
jakarta.validation.ValidationException
Cross-parameter constraints for the method or constructor %2$s of type %1$s are declared more than once via the programmatic constraint declaration API.
HV000178
java.lang.IllegalArgumentException
Multiplier cannot be negative: %d.
HV000179
java.lang.IllegalArgumentException
Weight cannot be negative: %d.
HV000180
java.lang.IllegalArgumentException
'%c' is not a digit nor a letter.
HV000181
java.lang.IllegalArgumentException
Wrong number of parameters. Method or constructor %1$s expects %2$d parameters, but got %3$d.
HV000182
jakarta.validation.ValidationException
No validation value unwrapper is registered for type '%1$s'.
HV000183
jakarta.validation.ValidationException
Unable to initialize 'jakarta.el.ExpressionFactory'. Check that you have the EL dependencies on the classpath, or use ParameterMessageInterpolator instead
HV000185
WARN
Message contains EL expression: %1s, which is not supported by the selected message interpolator
HV000189
jakarta.validation.ConstraintDeclarationException
The configuration of value unwrapping for property '%s' of bean '%s' is inconsistent between the field and its getter.
HV000190
jakarta.validation.ValidationException
Unable to parse %s.
HV000192
WARN
Couldn't determine Java version from value %1s; Not enabling features requiring Java 8
HV000193
jakarta.validation.ValidationException
%s is configured more than once via the programmatic constraint definition API.
HV000194
jakarta.validation.ValidationException
An empty element is only supported when a CharSequence is expected.
HV000195
jakarta.validation.ValidationException
Unable to reach the property to validate for the bean %s and the property path %s. A property is null along the way.
HV000196
jakarta.validation.ValidationException
Unable to convert the Type %s to a Class.
HV000197
jakarta.validation.ConstraintDeclarationException
No value extractor found for type parameter '%2$s' of type %1$s.
HV000198
jakarta.validation.ConstraintDeclarationException
No suitable value extractor found for type %1$s.
HV000200
DEBUG
Using %s as clock provider.
HV000201
jakarta.validation.ValidationException
Unable to instantiate clock provider class %s.
HV000202
jakarta.validation.ValidationException
Unable to get the current time from the clock provider
Given value extractor %2$s handles the same type and type use as previously given value extractor %1$s.
HV000209
jakarta.validation.ConstraintDeclarationException
A composing constraint (%2$s) must not be given directly on the composed constraint (%1$s) and using the corresponding List annotation at the same time.
HV000210
java.lang.IllegalArgumentException
Unable to find the type parameter %2$s in class %1$s.
HV000211
jakarta.validation.ValidationException
Given type is neither a parameterized nor an array type: %s.
HV000212
jakarta.validation.ValidationException
Given type has no type argument with index %2$s: %1$s.
HV000213
jakarta.validation.ValidationException
Given type has more than one type argument, hence an argument index must be specified: %s.
HV000214
jakarta.validation.ValidationException
The same container element type of type %1$s is configured more than once via the programmatic constraint declaration API.
HV000215
jakarta.validation.ValidationException
Calling parameter() is not allowed for the current element.
HV000216
jakarta.validation.ValidationException
Calling returnValue() is not allowed for the current element.
HV000217
jakarta.validation.ValidationException
The same container element type %2$s is configured more than once for location %1$s via the XML mapping configuration.
An error occurred while executing the script: "%s".
HV000234
DEBUG
Using %1$s as ValidatorFactory-scoped %2$s.
HV000235
jakarta.validation.ValidationException
Unable to create an annotation descriptor for %1$s.
HV000236
jakarta.validation.ValidationException
Unable to find the method required to create the constraint annotation descriptor.
HV000237
jakarta.validation.ValidationException
Unable to access method %3$s of class %2$s with parameters %4$s using lookup %1$s.
HV000238
DEBUG
Temporal validation tolerance set to %1$s.
HV000239
jakarta.validation.ValidationException
Unable to parse the temporal validation tolerance property %s. It should be a duration represented in milliseconds.
HV000240
DEBUG
Constraint validator payload set to %1$s.
HV000241
jakarta.validation.ValidationException
Encountered unsupported element %1$s while parsing the XML configuration.
HV000242
WARN
Unable to load or instantiate JPA aware resolver %1$s. All properties will per default be traversable.
HV000243
jakarta.validation.ConstraintDefinitionException
Constraint %2$s references constraint validator type %1$s, but this validator is defined for constraint type %3$s.
HV000244
java.lang.AssertionError
ConstrainedElement expected class was %1$s, but instead received %2$s.
HV000245
java.lang.AssertionError
Allowed constraint element types are FIELD and GETTER, but instead received %1$s.
HV000246
DEBUG
Using %s as getter property selection strategy.
HV000247
jakarta.validation.ValidationException
Unable to instantiate getter property selection strategy class %s.
HV000248
jakarta.validation.ValidationException
Unable to get an XML schema named %s.
HV000250
jakarta.validation.ValidationException
Uninitialized locale: %s. Please register your locale as a locale to initialize when initializing your ValidatorFactory.
HV000251
ERROR
An error occurred while loading an instance of service %s.
HV000252
DEBUG
Using %s as property node name provider.
HV000253
jakarta.validation.ValidationException
Unable to instantiate property node name provider class %s.
HV000254
WARN
Missing parameter metadata for %s, which declares implicit or synthetic parameters. Automatic resolution of generic type information for method parameters may yield incorrect results if multiple parameters have the same erasure. To solve this, compile your code with the '-parameters' flag.
HV000255
DEBUG
Using %s as locale resolver.
HV000256
jakarta.validation.ValidationException
Unable to instantiate locale resolver class %s.
HV000257
WARN
Expression variables have been defined for constraint %1$s while Expression Language is not enabled.
HV000258
java.lang.IllegalStateException
Expressions should not be resolved when Expression Language features are disabled.
HV000259
java.lang.IllegalStateException
Provided Expression Language feature level is not supported.
HV000260
DEBUG
Expression Language feature level for constraints set to %1$s.
HV000261
DEBUG
Expression Language feature level for custom violations set to %1$s.
HV000262
jakarta.validation.ValidationException
Unable to find an expression language feature level for value %s.
HV000263
WARN
EL expression '%s' references an unknown method.
HV000264
ERROR
Unable to interpolate EL expression '%s' as it uses a disabled feature.
HV000265
jakarta.validation.ValidationException
Inconsistent show validation value in trace logs configuration. It is enabled via programmatic API, but explicitly disabled via properties.
IJ
Code
Level
Return Type
Message
IJ000100
INFO
Closing a connection for you. Please close them yourself: %s
IJ000102
INFO
Throwable trying to close a connection for you, please close it yourself
IJ000103
INFO
Could not find a close method on alleged connection object (%s). Please close your own connections
IJ000201
ERROR
SecurityContext setup failed: %s
IJ000202
ERROR
SecurityContext setup failed since CallbackSecurity was null
IJ000301
INFO
Registered a null handle for managed connection: %s
IJ000302
INFO
Unregistered handle that was not registered: %s for managed connection: %s
IJ000303
INFO
Unregistered a null handle for managed connection: %s
IJ000305
WARN
Connection error occured: %s
IJ000306
WARN
Unknown connection error occured: %s
IJ000307
WARN
Notified of error on a different managed connection
IJ000311
INFO
Throwable from unregister connection
IJ000312
ERROR
Error while closing connection handle
IJ000313
ERROR
There is something wrong with the pooling
IJ000314
WARN
Error during beforeCompletion: %s
IJ000315
ERROR
Pool %s has %d active handles
IJ000316
ERROR
Handle allocation: %s
IJ000317
ERROR
Transaction boundary
IJ000318
ERROR
Delisting resource in pool %s failed
IJ000401
WARN
Error during tidy up connection: %s
IJ000402
WARN
ResourceException in returning connection: %s
IJ000403
WARN
Reconnecting a connection handle that still has a managed connection: %s %s
IJ000404
WARN
Unchecked throwable in managedConnectionDisconnected() cl=%s
IJ000405
WARN
Multiple LocalTransaction connection listeners enlisted for %s, cl=%s
Throwable while attempting to get a new connection: %s
IJ000605
WARN
Destroying connection that could not be successfully matched %s for %s
IJ000606
WARN
Throwable while trying to match managed connection, destroying connection: %s
IJ000607
WARN
ResourceException cleaning up managed connection: %s
IJ000608
WARN
Destroying returned connection, maximum pool size exceeded %s
IJ000609
WARN
Attempt to return connection twice: %s
IJ000610
WARN
Unable to fill pool: %s
IJ000611
WARN
Warning: Background validation was specified with a non compliant ManagedConnectionFactory interface
IJ000612
WARN
Destroying connection that could not be successfully matched: %s
IJ000613
WARN
Throwable while trying to match managed connection, destroying connection: %s
IJ000614
ERROR
Exception during createSubject() for %s: %s
IJ000615
WARN
Destroying active connection in pool: %s (%s)
IJ000616
ERROR
Leak detected in pool: %s (%s) (%d)
IJ000617
WARN
Invalid incrementer capacity policy: %s
IJ000618
WARN
Invalid decrementer capacity policy: %s
IJ000619
WARN
Invalid property '%s' with value '%s' for %s
IJ000620
WARN
Warning: ValidateOnMatch validation was specified with a non compliant ManagedConnectionFactory: %s
IJ000621
WARN
Destroying connection that could not be validated: %s
IJ000622
WARN
Unsupported pool implementation: %s
IJ000701
WARN
Exception during unbind
IJ000901
WARN
Error during connection close
IJ000902
ERROR
Error during inflow crash recovery for '%s' (%s)
IJ000903
ERROR
Error creating Subject for crash recovery: %s (%s)
IJ000904
WARN
No security domain defined for crash recovery: %s
IJ000905
WARN
Subject for crash recovery was null: %s
IJ000906
ERROR
Error during crash recovery: %s (%s)
IJ001001
WARN
No users.properties were found
IJ001002
ERROR
Error while loading users.properties
IJ001003
WARN
No roles.properties were found
IJ001004
ERROR
Error while loading roles.properties
IJ001005
WARN
No callback.properties were found
IJ001006
ERROR
Error while loading callback.properties
IJ001101
WARN
Prepare called on a local tx. Use of local transactions on a JTA transaction with more than one branch may result in inconsistent data in some cases of failure
IJ010001
ERROR
Parsing error of ra.xml file: %s
IJ010002
ERROR
Parsing error of ironjacamar.xml file: %s
IJ010003
ERROR
No @Connector was found and no definition in the ra.xml metadata either
IJ010004
ERROR
More than one @Connector was found but the correct one wasn't defined in the ra.xml metadata
IJ010005
WARN
Datasource pools with allow-multiple-users cannot be prefilled. Prefill setting will be ignored.
IJ020001
INFO
Required license terms for %s
IJ020002
INFO
Deployed: %s
IJ020003
WARN
Failure during validation report generation: %s
IJ020004
WARN
Only one connection definition found with a mismatch in class-name: %s
IJ020005
WARN
Only one admin object found with a mismatch in class-name: %s
IJ020006
ERROR
ConnectionFactory is null
IJ020007
ERROR
Exception during createSubject(): %s
IJ020008
WARN
Invalid config-property: %s
IJ020009
WARN
Invalid connection definition with class-name: %s
IJ020010
ERROR
Connection definition with missing class-name
IJ020011
ERROR
Admin object with missing class-name
IJ020012
WARN
Admin object not bound: %s
IJ020013
WARN
Connection factory not bound: %s
IJ020014
INFO
Admin object not specification compliant. See 13.4.2.3 for additional details: %s
IJ020015
INFO
Connection factory not specification compliant. See 6.5.1.3 for additional details: %s
IJ020016
WARN
Missing element. XA recovery disabled for: %s
IJ020017
WARN
Invalid archive: %s
IJ020018
INFO
Enabling for %s
IJ020019
INFO
Changed TransactionSupport for %s
IJ020020
WARN
Connection Properties for DataSource: '%s' is empty, try to use driver-class: '%s' and connection-url: '%s' to connect database
IJ030000
WARN
Unable to load connection listener: %s
IJ030001
WARN
Disabling exception sorter for: %s
IJ030002
WARN
Disabling exception sorter for: %s
IJ030003
WARN
Error checking exception fatality for: %s
IJ030004
WARN
Disabling validation connection checker for: %s
IJ030005
WARN
Disabling validation connection checker for: %s
IJ030006
WARN
Disabling stale connection checker for: %s
IJ030007
WARN
Disabling stale connection checker for: %s
IJ030008
WARN
HA setup detected for %s
IJ030020
WARN
Detected queued threads during cleanup from: %s
IJ030021
WARN
Queued thread: %s
IJ030022
WARN
Lock owned during cleanup: %s
IJ030023
WARN
Lock is locked during cleanup without an owner
IJ030024
WARN
Error resetting transaction isolation for: %s
IJ030025
WARN
Error during connection listener activation for: %s
IJ030026
WARN
Error during connection listener passivation for: %s
IJ030027
WARN
Destroying connection that is not valid, due to the following exception: %s
IJ030028
WARN
Error notifying of connection error for listener: %s
IJ030040
WARN
Closing a statement you left open, please do your own housekeeping for: %s
IJ030041
WARN
Error during closing a statement for: %s
IJ030042
WARN
Closing a result set you left open, please do your own housekeeping for: %s
IJ030043
WARN
Error during closing a result set for: %s
IJ030050
WARN
Error creating connection for: %s
IJ030051
ERROR
Unable to load undefined URLSelectStrategy for: %s
IJ030052
ERROR
Unable to load %s URLSelectStrategy for: %s
IJ030053
ERROR
Unable to load %s URLSelectStrategy for: %s
IJ030054
WARN
Error creating XA connection for: %s
IJ030055
ERROR
Unable to load undefined URLXASelectStrategy for: %s
IJ030056
ERROR
Unable to load %s URLXASelectStrategy for: %s
IJ030057
ERROR
Unable to load %s URLXASelectStrategy for: %s
IJ030060
WARN
Error checking state
IJ030061
WARN
Error resetting auto-commit for: %s
IPROTO
Code
Level
Return Type
Message
IPROTO000001
WARN
Field %s was read out of sequence leading to sub-optimal performance
IPROTO000002
WARN
Field %s was written out of sequence and will lead to sub-optimal read performance
The nested message depth appears to be larger than the configured limit of '%s'.It is possible that the entity to marshall with type '%s' can have some circular dependencies.
Directory %s does not exist and cannot be created!
ISPN000242
org.infinispan.commons.CacheException
Missing foreign externalizer with id=%s, either externalizer was not configured by client, or module lifecycle implementation adding externalizer was not loaded properly
ISPN000243
org.infinispan.commons.CacheException
Type of data read is unknown. Id=%d is not amongst known reader indexes.
%s is in 'STOPPING' state and this is an invocation not belonging to an on-going transaction, so it does not accept new invocations. Either restart it or recreate the cache container.
ISPN000325
java.lang.RuntimeException
Creating tmp cache %s timed out waiting for rebalancing to complete on node %s
ISPN000326
WARN
Remote transaction %s timed out. Rolling back after %d ms
Cannot find a parser for element '%s' in namespace '%s' at %s. Check that your configuration is up-to-date for Infinispan '%s' and you have the proper dependency in the classpath
ISPN000328
DEBUG
Rebalance phase %s confirmed for cache %s on node %s, topology id = %d
ISPN000329
WARN
Unable to read rebalancing status from coordinator %s
Transaction notifications are disabled. This prevents cluster listeners from working properly!
ISPN000396
DEBUG
Received unsolicited state from node %s for segment %d of cache %s
ISPN000397
org.infinispan.commons.CacheException
Could not migrate data for cache %s, check remote store config in the target cluster. Make sure only one remote store is present and is pointing to the source cluster
ISPN000398
java.lang.IllegalStateException
CH Factory '%s' cannot restore a persisted CH of class '%s'
ISPN000399
org.infinispan.util.concurrent.TimeoutException
Timeout while waiting for %d members in cluster. Last view had %s
Invalidation mode only supports when-split=ALLOW_READ_WRITES
ISPN000551
WARN
The custom interceptors configuration has been deprecated and will be ignored in the future
ISPN000553
WARN
Ignoring 'marshaller' attribute. Common marshallers are already available at runtime, and to deploy a custom marshaller, consult the 'Encoding' section in the user guide
ISPN000554
WARN
jboss-marshalling is deprecated and planned for removal
RELAY2 not found in the protocol stack. Cannot perform cross-site operations.
ISPN000572
WARN
index mode attribute is deprecated and should no longer be specified because its value is automatically detected. Most previously supported values are no longer supported. Please check the upgrade guide.
A single indexing directory provider is allowed per cache configuration. Setting multiple individual providers for the indexes belonging to a cache is not allowed.
Store '%s' must specify the '%s' attribute when global state is disabled
ISPN000599
WARN
Configuration for cache '%s' does not define the encoding for keys or values. If you use operations that require data conversion or queries, you should configure the cache with a specific MediaType for keys or values.
Store %s cannot be configured to be segmented as it does not contain the SEGMENTABLE characteristic
ISPN000602
WARN
Conversions between JSON and Java Objects are deprecated and will be removed in a future version. To read/write values as JSON, it is recommended to define a protobuf schema and store data in the cache using 'application/x-protostream' as MediaType
Indexing configuration using properties has been deprecated and will be removed in a future version, please consult the docs for the replacements. The following properties have been found: '%s'
ISPN000613
WARN
Indexing configuration using properties has been deprecated and will be removed in a future version, please use the and elements to configure indexing behavior.
Cleanup failed for cross-site state transfer. Invoke the cancel-push-state(%s) command if any nodes indicate pending operations to push state.
ISPN000619
WARN
Cleanup failed for cross-site state transfer. Invoke the cancel-receive(%s) command in site %s if any nodes indicate pending operations to receive state.
Cannot specify both template name and configuration for '%s'
ISPN004095
java.lang.IllegalArgumentException
Not a Hot Rod URI: %s
ISPN004096
java.lang.IllegalArgumentException
Invalid property format in URI: %s
ISPN004097
java.lang.IllegalArgumentException
Illegal attempt to redefine an already existing cache configuration: %s
ISPN004098
WARN
Closing connection %s due to transport error
ISPN004099
WARN
Remote iteration over the entire result set of query '%s' without using pagination options is inefficient for large result sets. Please consider using 'startOffset' and 'maxResults' options.
Near cache with bloom filter requires pool max active to be 1, was %s, and exhausted action to be WAIT, was %s
ISPN004104
WARN
Failed to load and create an optional ProtoStream serialization context initializer: %s
ISPN004105
WARN
Reverting to the initial server list for caches %s
ISPN004106
WARN
Invalid active count after closing channel %s
ISPN004107
WARN
Invalid created count after closing channel %s
ISPN004108
INFO
Native IOUring transport not available, using NIO instead: %s
ISPN004109
DEBUG
OpenTelemetry API is not present in the classpath. Client context tracing will not be propagated.
ISPN004110
DEBUG
OpenTelemetry API is present in the classpath and the tracing propagation is enabled. Client context tracing will be propagated.
ISPN004111
DEBUG
OpenTelemetry API is present in the classpath, but the tracing propagation is not enabled. Client context tracing will not be propagated.
ISPN008001
ERROR
Failed clearing cache store
ISPN008003
ERROR
SQL failure while integrating state into store
ISPN008009
ERROR
I/O error while unmarshalling from stream
ISPN008010
ERROR
*UNEXPECTED* ClassNotFoundException.
ISPN008011
ERROR
Error while creating table; used DDL statement: '%s'
ISPN008015
ERROR
Could not find a connection in jndi under the name '%s'
ISPN008016
ERROR
Could not lookup connection with datasource %s
ISPN008017
WARN
Failed to close naming context.
ISPN008018
ERROR
Sql failure retrieving connection from datasource
ISPN008019
ERROR
Issues while closing connection %s
ISPN008022
WARN
Unexpected sql failure
ISPN008023
WARN
Failure while closing the connection to the database
ISPN008024
ERROR
Error while storing string key to database; key: '%s'
ISPN008025
ERROR
Error while removing string keys from database
ISPN008026
ERROR
In order for JdbcStringBasedStore to support %s, the Key2StringMapper needs to implement TwoWayKey2StringMapper. You should either make %s implement TwoWayKey2StringMapper or disable the sql. See [https://jira.jboss.org/browse/ISPN-579] for more details.
ISPN008027
ERROR
SQL error while fetching stored entry with key: %s, lockingKey: %s
Unable to detect database dialect from JDBC driver name or connection metadata. Please provide this manually using the 'dialect' property in your configuration. Supported database dialect strings are %s
Cannot execute query: cluster is operating in degraded mode and partition handling configuration doesn't allow reads and writes.
ISPN014043
org.infinispan.commons.CacheException
Cannot find an appropriate Transformer for key type %s. Indexing only works with entries keyed on Strings, primitives, byte[], UUID, classes that have the @Transformable annotation or classes for which you have defined a suitable Transformer in the indexing configuration. Alternatively, see org.infinispan.query.spi.SearchManagerImplementor.registerKeyTransformer.
ISPN014044
ERROR
Failed to parse system property %s
ISPN014046
INFO
Setting org.apache.lucene.search.BooleanQuery.setMaxClauseCount from system property %s to value %d
ISPN014047
WARN
Ignoring system property %s because the value %d is smaller than the current value (%d) of org.apache.lucene.search.BooleanQuery.getMaxClauseCount()
ISPN014050
org.infinispan.commons.CacheException
Interrupted while waiting for completions of some batch indexing operations.
ISPN014051
org.hibernate.search.util.common.SearchException
%1$s entities could not be indexed. See the logs for details. First failure on entity '%2$s': %3$s
ISPN014052
java.lang.String
Indexing instance of entity '%s' during mass indexing
ISPN014053
org.infinispan.commons.CacheException
Invalid property key '%1$s`, it's not a string.
ISPN014054
org.infinispan.commons.CacheException
Trying to execute query `%1$s`, but no type is indexed on cache.
ISPN014055
org.infinispan.commons.CacheException
Cannot index entry since the search mapping failed to initialize.
ISPN014056
org.infinispan.commons.CacheException
Only DELETE statements are supported by executeStatement
ISPN014057
org.infinispan.commons.CacheException
DELETE statements cannot use paging (firstResult/maxResults)
ISPN014058
org.infinispan.commons.CacheException
Projections are not supported with entryIterator()
ISPN014059
WARN
The indexing engine is restarting, index updates will be skipped for the current data changes.
ISPN014060
INFO
We're getting some errors from Hibernate Search or Lucene while we compute the index count/size for statistics. There is probably a concurrent reindexing ongoing.
ISPN014062
DEBUG
Search engine is reloaded before the reindexing.
ISPN014063
INFO
Reindexing starting.
ISPN014501
org.hibernate.search.util.common.SearchException
Exception while retrieving the type model for '%1$s'.
ISPN014502
org.hibernate.search.util.common.SearchException
Multiple entity types configured with the same name '%1$s': '%2$s', '%3$s'
ISPN014503
org.hibernate.search.util.common.SearchException
Infinispan Search Mapper does not support named types. The type with name '%1$s' does not exist.
Class %s is not assignable from %s due to conflicting classloaders: %s and %s
JBWS022011
TRACE
Could not clear blacklist for classloader %s
JBWS022012
DEBUG
Could not load %s
JBWS022013
ERROR
Cannot parse: %s
JBWS022021
ERROR
Cannot read resource: %s
JBWS022022
WARN
Cannot load ID '%s' as URL (protocol = %s)
JBWS022025
DEBUG
WSDL import published to %s
JBWS022026
DEBUG
XMLSchema import published to %s
JBWS022027
WARN
Cannot delete published wsdl document: %s
JBWS022042
DEBUG
Cannot register processor %s with JMX server, will be trying using the default managed implementation.
JBWS022043
ERROR
Cannot register processor %s with JMX server
JBWS022044
ERROR
Cannot unregister processor %s with JMX server
JBWS022052
INFO
Starting %s %s
JBWS022053
DEBUG
Unable to calculate webservices port, using default %s
JBWS022054
DEBUG
Unable to calculate webservices secure port, using default %s
JBWS022055
DEBUG
Using undefined webservices host: %s
JBWS022056
DEBUG
Setting webservices host to localhost: %s
JBWS022057
DEBUG
Could not get address for host: %s
JBWS022058
WARN
Could not get port for webservices configuration from configured HTTP connector
JBWS022059
WARN
Unable to read from the http servlet request
JBWS022060
ERROR
Cannot trace SOAP message
JBWS022061
WARN
Method invocation failed with exception
JBWS022090
TRACE
Cannot get %s from root file, trying with additional metadata files
JBWS022098
TRACE
Cannot get %s from %s
JBWS022099
DEBUG
Error during deployment: %s
JBWS022100
ERROR
Error while destroying deployment %s due to previous exception
JBWS022102
ERROR
Cannot stop endpoint in state %s: %s
JBWS022103
ERROR
Cannot start endpoint in state %s: %s
JBWS022110
WARN
Could not add handler %s as part of client or endpoint configuration
JBWS022111
WARN
PortNamePattern and ServiceNamePattern filters not supported; adding handlers anyway
JBWS022112
WARN
Init params not supported; adding handler anyway
JBWS022113
ERROR
Error closing JAXBIntro configuration stream: %s
JBWS022114
TRACE
%s doesn't work on %s
JBWS022115
TRACE
Cannot get URL for %s
JBWS022116
TRACE
Could not find %s in the additional metadatafiles
JBWS022118
WARN
Cannot obtain host for vituralHost %s, use default host
JBWS022119
WARN
Cannot obtain port for vituralHost %s, use default port
JBWS024015
INFO
Cannot use the bus associated to the current deployment for starting a new endpoint, creating a new bus...
JBWS024016
TRACE
Unable to retrieve server config; this is an expected condition for jboss-modules enabled client.
JBWS024018
WARN
Unable to retrieve port QName from %s, trying matching port using endpoint interface name only.
JBWS024033
DEBUG
Setting new service endpoint address in wsdl: %s
JBWS024034
DEBUG
WSDL service endpoint address rewrite required because of server configuration: %s
JBWS024035
DEBUG
WSDL service endpoint address rewrite required because of invalid URL: %s
JBWS024036
DEBUG
WSDL service endpoint address rewrite not required: %s
JBWS024037
DEBUG
Rewritten new candidate WSDL service endpoint address '%s' to '%s'
JBWS024038
DEBUG
Invalid url '%s' provided, using original one without rewriting: %s
JBWS024040
TRACE
About to authenticate, using security domain %s
JBWS024041
TRACE
Authenticated, principal=%s
JBWS024042
TRACE
Security context propagated for principal %s
JBWS024054
ERROR
User principal is not available on the current message
JBWS024059
WARN
%s cannot open stream for resource: %s
JBWS024060
DEBUG
%s cannot resolve resource: %s
JBWS024061
INFO
Adding service endpoint metadata: %s
JBWS024062
DEBUG
id %s, overriding portName %s with %s
JBWS024063
DEBUG
id %s, overriding portName %s with %s
JBWS024064
DEBUG
id %s, enabling MTOM...
JBWS024065
DEBUG
id %s, enabling Addressing...
JBWS024066
DEBUG
id %s, enabling RespectBinding...
JBWS024067
DEBUG
id %s, overriding wsdlFile location with %s
JBWS024068
WARN
Handler chain deployment descriptor contribution: PortNamePattern, ServiceNamePattern and ProtocolBindings filters not supported; adding handlers anyway.
JBWS024069
WARN
Init params not supported, handler: %s
JBWS024073
ERROR
Error registering bus for management: %s
JBWS024074
INFO
WSDL published to: %s
JBWS024077
WARN
Cannot get wsdl publish location for null wsdl location and serviceName
JBWS024078
WARN
WSDL publisher not configured, unable to publish contract for endpoint class %s
JBWS024080
DEBUG
Actual configuration from file: %s
JBWS024086
TRACE
Error while getting default WSSConfig
JBWS024087
WARN
Could not early initialize security engine
JBWS024089
TRACE
Unable to load additional configuration from %s
JBWS024091
DEBUG
Could not get WSDL from %s, aborting soap:address rewrite.
JBWS024092
INFO
Adding %s policy attachment with id='%s' to honor requirement from %s.
JBWS024095
WARN
Unknown strategy '%s' requested for selecting the Apache CXF Bus to be used for building JAXWS clients; default strategy will be used.
JBWS024097
WARN
Could not delete wsdl file %s
JBWS024098
DEBUG
Deleted wsdl file %s
JBWS024099
WARN
Could not create wsdl data path.
JBWS024100
WARN
Could not delete wsdl directory %s
JBWS024102
DEBUG
JASPI authentication isn't enabled, can not find JASPI modules and classes
JBWS024103
DEBUG
Could not load BouncyCastle security provider; either setup your classpath properly or prevent loading by using the '%s' system property.
JBWS024105
WARN
Could not create instance of specified ClientBusSelector: %s
JBWS024106
WARN
Could not remove previuosly set features on client: %s
JBWS024110
ERROR
Unable to process handler element: %s
JBWS024112
WARN
Could not construct reference for config: %s
JBWS024114
ERROR
No security domain associated
JBWS024115
ERROR
Failed to compute UsernameToken profile digest from expected password
JIPI
Code
Level
Return Type
Message
JIPI020200
WARN
Could not load entity class '%s', ignoring this error and continuing with application deployment
JIPI020201
java.lang.IllegalArgumentException
Cannot change input stream reference.
JIPI020202
java.lang.IllegalArgumentException
Parameter %s is empty
JIPI020203
java.lang.RuntimeException
Missing PersistenceUnitMetadata (thread local wasn't set)
JIPI020204
java.lang.RuntimeException
Not yet implemented
JIPI020205
java.lang.IllegalArgumentException
Parameter %s is null
JIPI020250
java.lang.RuntimeException
Unable to open VirtualFile-based InputStream %s
JIPI020251
java.lang.IllegalArgumentException
URI syntax error
JIPI020252
WARN
second level cache not integrated - %s
JIPIORMV6
Code
Level
Return Type
Message
JIPIORMV6020260
INFO
Second level cache enabled for %s
JIPIORMV6020261
java.lang.IllegalStateException
Hibernate ORM did not register LifeCycleListener
JIPIORMV6020263
java.lang.IllegalStateException
hibernate.id.new_generator_mappings set to false is not supported, remove the setting or set to true. Refer to Hibernate ORM migration documentation for how to update the next id state in the application database.
JIPISEARCH
Code
Level
Return Type
Message
JIPISEARCH020290
java.lang.IllegalStateException
Failed to parse property '%2$s' while integrating Hibernate Search into persistence unit '%1$s
JNDIWFHTTP
Code
Level
Return Type
Message
JNDIWFHTTP000001
javax.naming.NamingException
Unexpected data in response
JNDIWFHTTP000002
javax.naming.NamingException
At least one URI must be provided
JNDIWFHTTP000003
java.io.InvalidClassException
Exception resolving class %s for unmarshalling; it has either been blocklisted or not allowlisted
KEYCLOAK
Code
Level
Return Type
Message
KEYCLOAK000001
org.jboss.as.controller.OperationFailedException
The migrate operation can not be performed: the server must be in admin-only mode
KEYCLOAK000002
java.lang.String
Migration failed, see results for more details.
LITE-EXTENSION-TRANSLATOR-
Code
Level
Return Type
Message
LITE-EXTENSION-TRANSLATOR-000000
org.jboss.weld.exceptions.IllegalStateException
Unable to instantiate object from class {0} via no-args constructor. The exception was: {1}
Provided type {0} is illegal because it doesn't match an of known annotation member types.
LITE-EXTENSION-TRANSLATOR-000016
WARN
AnnotationBuilderFactoryImpl wasn't initialized properly before using it. This can be caused by attempted usage outside of build compatible extension cycle. The init process will use a fallback method.
LITE-EXTENSION-TRANSLATOR-000017
org.jboss.weld.exceptions.DeploymentException
There was a problem executing Build Compatible Extension method {0} during phase {1}. The exception was: {2}
LRA
Code
Level
Return Type
Message
LRA025001
java.lang.String
LRA created with an unexpected status code: %d, coordinator response '%s'
LRA025001
java.lang.String
LRA created with an unexpected status code: %d, coordinator response '%s'
LRA025002
java.lang.String
Leaving LRA: %s, ends with an unexpected status code: %d, coordinator response '%s'
LRA025002
java.lang.String
Leaving LRA: %s, ends with an unexpected status code: %d, coordinator response '%s'
LRA025003
java.lang.String
LRA participant class '%s' with asynchronous temination but no @Status or @Forget annotations
LRA025003
java.lang.String
LRA participant class '%s' with asynchronous temination but no @Status or @Forget annotations
LRA025004
java.lang.String
LRA finished with an unexpected status code: %d, coordinator response '%s'
LRA025004
java.lang.String
LRA finished with an unexpected status code: %d, coordinator response '%s'
LRA025005
java.lang.String
LRA coordinator '%s' returned an invalid status code '%s' for LRA '%s'
LRA025005
java.lang.String
LRA coordinator '%s' returned an invalid status code '%s' for LRA '%s'
LRA025006
java.lang.String
LRA coordinator '%s' returned no content on #getStatus call for LRA '%s'
LRA025006
java.lang.String
LRA coordinator '%s' returned no content on #getStatus call for LRA '%s'
LRA025007
java.lang.String
LRA coordinator '%s' returned an invalid status for LRA '%s'
LRA025007
java.lang.String
LRA coordinator '%s' returned an invalid status for LRA '%s'
LRA025008
java.lang.String
Too late to join with the LRA '%s', coordinator response: '%s'
LRA025008
java.lang.String
Too late to join with the LRA '%s', coordinator response: '%s'
LRA025009
java.lang.String
Failed enlisting to LRA '%s', coordinator '%s' responded with status '%s'
LRA025009
java.lang.String
Failed enlisting to LRA '%s', coordinator '%s' responded with status '%s'
LRA025010
java.lang.String
Error when converting String '%s' to URL
LRA025010
java.lang.String
Error when converting String '%s' to URL
LRA025011
java.lang.String
Invalid LRA id format to create LRA record from LRA id '%s', link URI '%s' (reason: %s)
LRA025011
java.lang.String
Invalid LRA id format to create LRA record from LRA id '%s', link URI '%s' (reason: %s)
LRA025012
java.lang.String
Cannot found compensator url '%s' for lra '%s'
LRA025012
java.lang.String
Cannot found compensator url '%s' for lra '%s'
LRA025013
WARN
Could not recreate abstract record '%s'
LRA025013
WARN
Could not recreate abstract record '%s'
LRA025014
WARN
reason '%s': container request for method '%s': lra: '%s'
LRA025014
WARN
reason '%s': container request for method '%s': lra: '%s'
LRA025015
WARN
LRA participant completion for asynchronous method %s#%s should return %d and not %d
LRA025015
WARN
LRA participant completion for asynchronous method %s#%s should return %d and not %d
LRA025016
java.lang.String
Cannot get status of nested lra '%s' as outer one '%s' is still active
LRA025016
java.lang.String
Cannot get status of nested lra '%s' as outer one '%s' is still active
LRA025017
java.lang.String
Invalid recovery url '%s' to join lra '%s'
LRA025017
java.lang.String
Invalid recovery url '%s' to join lra '%s'
LRA025018
ERROR
Invalid format of lra id '%s' to replace compensator '%s'
LRA025018
ERROR
Invalid format of lra id '%s' to replace compensator '%s'
LRA025019
WARN
LRA participant `%s` returned immediate state (Compensating/Completing) from CompletionStage. LRA id: %s
LRA025019
WARN
LRA participant `%s` returned immediate state (Compensating/Completing) from CompletionStage. LRA id: %s
LRA025020
ERROR
Cannot process non JAX-RS LRA participant
LRA025020
ERROR
Cannot process non JAX-RS LRA participant
LRA025021
java.lang.String
Invalid format of LRA id to be converted to LRA coordinator url, was '%s'
LRA025021
java.lang.String
Invalid format of LRA id to be converted to LRA coordinator url, was '%s'
LRA025022
java.lang.String
Failed enlisting to LRA '%s', coordinator '%s' responded with status '%d (%s)'. Returning '%d (%s)'.
LRA025022
java.lang.String
Failed enlisting to LRA '%s', coordinator '%s' responded with status '%d (%s)'. Returning '%d (%s)'.
LRA025023
java.lang.String
Could not %s LRA '%s': coordinator '%s' responded with status '%s'
LRA025023
java.lang.String
Could not %s LRA '%s': coordinator '%s' responded with status '%s'
LRA025024
java.lang.String
Error when encoding parent LRA id URL '%s' to String
LRA025024
java.lang.String
Error when encoding parent LRA id URL '%s' to String
LRA025025
java.lang.String
Unable to process LRA annotations: %s'
LRA025025
java.lang.String
Unable to process LRA annotations: %s'
LRA025026
WARN
Unable to remove the failed duplicate failed LRA record (Uid: '%s') (which is already present in the failedLRA record location type: '%s'.) from LRA Record location: '%s'
LRA025026
WARN
Unable to remove the failed duplicate failed LRA record (Uid: '%s') (which is already present in the failedLRA record location type: '%s'.) from LRA Record location: '%s'
LRA025027
WARN
An exception was thrown while moving failed LRA record (Uid: '%s'). Reason: '%s'
LRA025027
WARN
An exception was thrown while moving failed LRA record (Uid: '%s'). Reason: '%s'
LRA025028
java.lang.String
Demanded API version '%s' is not in the list of the supported versions '%s'. Please, provide the right version for the API.
LRA025028
java.lang.String
Demanded API version '%s' is not in the list of the supported versions '%s'. Please, provide the right version for the API.
LRA025029
WARN
Cannot notify AfterLRA URL at %s
LRA025029
WARN
Cannot notify AfterLRA URL at %s
LRA025030
java.lang.String
%s: Invalid link URI (%s): %s
LRA025030
java.lang.String
%s: Invalid link URI (%s): %s
LRA025031
java.lang.String
%s: Invalid link URI (%s): missing compensator or after LRA callback
LRA025031
java.lang.String
%s: Invalid link URI (%s): missing compensator or after LRA callback
LRA025032
WARN
LRA Record: Cannot save state (reason: %s
LRA025032
WARN
LRA Record: Cannot save state (reason: %s
LRA025033
WARN
LRA Record: Cannot restore state (reason: %s)
LRA025033
WARN
LRA Record: Cannot restore state (reason: %s)
LRA025034
WARN
LRA Recovery cannot remove LRA id %s from the object store. The uid segment '%s' is probably invalid.
LRA025034
WARN
LRA Recovery cannot remove LRA id %s from the object store. The uid segment '%s' is probably invalid.
LRA025035
WARN
The start LRA call failed with cause: %s
LRA025035
WARN
The start LRA call failed with cause: %s
LRA025036
java.lang.String
CDI Context not available: %s
LRA025036
java.lang.String
CDI Context not available: %s
LRA025037
WARN
Participant `%s` is not registered
LRA025037
WARN
Participant `%s` is not registered
LRA025038
java.lang.String
Invalid participant enlistment with LRA %s: participant data is disabled
LRA025038
java.lang.String
Invalid participant enlistment with LRA %s: participant data is disabled
LRAPROXY
Code
Level
Return Type
Message
LRAPROXY025001
ERROR
Participant '%s' serialization problem
LRAPROXY025002
ERROR
Participant '%s' exception during completion
LRAPROXY025003
java.lang.String
Cannot get status of participant '%s' of lra id '%s'
MODCLUSTER
Code
Level
Return Type
Message
MODCLUSTER000000
DEBUG
Catching
MODCLUSTER000001
INFO
Initializing mod_cluster version %s
MODCLUSTER000002
INFO
Initiating mod_cluster shutdown
MODCLUSTER000003
DEBUG
Received server start event
MODCLUSTER000004
DEBUG
Received server stop event
MODCLUSTER000005
DEBUG
Received add context event for %s:%s
MODCLUSTER000006
DEBUG
Received remove context event for %s:%s
MODCLUSTER000007
DEBUG
Received start context event for %s:%s
MODCLUSTER000008
DEBUG
Received stop context event for %s:%s
MODCLUSTER000009
DEBUG
Sending %s for %s
MODCLUSTER000010
DEBUG
Sending %s for %s:%s
MODCLUSTER000011
INFO
%s will use %s as jvm-route
MODCLUSTER000012
INFO
%s connector will use %s
MODCLUSTER000020
DEBUG
Waiting to drain %d pending requests from %s:%s
MODCLUSTER000021
INFO
All pending requests drained from %s:%s in %.1f seconds
MODCLUSTER000022
WARN
Failed to drain %d remaining pending requests from %s:%s within %.1f seconds
MODCLUSTER000023
DEBUG
Waiting to drain %d active sessions from %s:%s
MODCLUSTER000024
INFO
All active sessions drained from %s:%s in %.1f seconds
MODCLUSTER000025
WARN
Failed to drain %d remaining active sessions from %s:%s within %.1f seconds
MODCLUSTER000031
WARN
Could not bind multicast socket to %s (%s address): %s; make sure your multicast address is of the same type as the IP stack (IPv4 or IPv6). Multicast socket will not be bound to an address, but this may lead to cross talking (see https://developer.jboss.org/docs/DOC-9469 for details).
MODCLUSTER000032
INFO
Listening to proxy advertisements on %s
MODCLUSTER000034
ERROR
Failed to start advertise listener
MODCLUSTER000040
ERROR
Failed to parse response header from %2$s for %1$s command
MODCLUSTER000041
ERROR
Unrecoverable syntax error %s sending %s command to %s: %s
MODCLUSTER000042
ERROR
Error %s sending %s command to %s, configuration will be reset: %s
MODCLUSTER000043
ERROR
Failed to send %s command to %s: %s
MODCLUSTER000045
WARN
%s is not supported on this system and will be disabled.
MODCLUSTER000046
INFO
Starting to drain %d active sessions from %s:%s in %d seconds.
MODCLUSTER000048
java.lang.RuntimeException
Multiple connectors match specified host:port (%s)! Ensure connectorPort and/or connectorAddress are configured.
MODCLUSTER000049
java.lang.RuntimeException
Could not resolve configured connector address (%d)!
MODCLUSTER000050
java.lang.RuntimeException
Initial load must be within the range [0..100] or -1 to not prepopulate with initial load, but was: %d
MODCLUSTER000051
java.lang.RuntimeException
No valid advertise interface configured! Disabling multicast advertise mechanism.
MODCLUSTER000052
java.lang.RuntimeException
Attempted to create multicast socket without multicast address specified! Disabling multicast advertise mechanism.
MODCLUSTER000053
java.lang.RuntimeException
Attempted to create multicast socket with unicast address (%s)! Disabling multicast advertise mechanism.
MODCLUSTER000054
INFO
Starting to drain %d active sessions from %s:%s waiting indefinitely until all remaining sessions are drained or expired.
MODCLUSTER000055
WARN
No configured connector for engine %s. If this engine should be used with mod_cluster check connector, connectorPort and/or connectorAddress configuration.
MSC
Code
Level
Return Type
Message
MSC-00001
INFO
JBoss MSC version %s
MSC000001
ERROR
Failed to start %s
MSC000002
ERROR
Invocation of listener "%s" failed
MSC000003
WARN
Exception thrown after start was already completed in %s
MSC000004
WARN
Failure during stop of %s
MSC000005
WARN
Unexpected disappearance of %s during stop
MSC000006
WARN
Uninjection "%2$s" of %1$s failed unexpectedly
MSC000007
WARN
An internal service error has occurred while processing an operation on %s
MSC000008
ERROR
Worker thread %s threw an uncaught exception
MSC000009
WARN
An error occurred while trying to close the profile output file: %s
MSC000010
ERROR
Failed to register MBean with MBeanServer
MSC000011
java.lang.IllegalStateException
Service not started
MSC000012
ERROR
Injection failed for service %s
MSC000013
WARN
Failed to retrieve platform MBeanServer
RESTEASY
Code
Level
Return Type
Message
RESTEASY-00001
DEBUG
Unable to extract parameter from http request: %s value is '%s' for %s
RESTEASY-00001
ERROR
Error processing request %s
RESTEASY002000
ERROR
Error resuming failed async operation
RESTEASY002005
ERROR
Failed executing {0} {1}
RESTEASY002010
ERROR
Failed to execute
RESTEASY002015
ERROR
Failed to invoke asynchronously
RESTEASY002020
ERROR
Unhandled asynchronous exception, sending back 500
RESTEASY002025
ERROR
Unknown exception while executing {0} {1}
RESTEASY002030
DEBUG
Failed to write event {0}
RESTEASY002035
ERROR
Cannot register {0} as HeaderDelegate: it has no type parameter
RESTEASY002040
ERROR
GET method returns the patch/merge json object target for request {0} not found
RESTEASY002041
ERROR
Failed to get the patch/merge target for request {0}
RESTEASY002050
ERROR
The set instance of %s for property %s is not a valid %s.
RESTEASY002100
WARN
Accept extensions not supported.
RESTEASY002105
WARN
Ambiguity constructors are found in %s. More details please refer to http://jsr311.java.net/nonav/releases/1.1/spec/spec.html
RESTEASY002110
WARN
Attempting to register empty contracts for %s
RESTEASY002115
WARN
Attempting to register unassignable contract for %s
RESTEASY002117
WARN
Charset %s unavailable.
RESTEASY002120
WARN
ClassNotFoundException: Unable to load builtin provider {0} from {1}
RESTEASY002123
WARN
Could not bind to specified download directory %s so will use temp dir.
RESTEASY002125
WARN
Marking file '%s' to be deleted, as it could not be deleted while processing request:
RESTEASY002130
WARN
Failed to parse request.
RESTEASY002135
WARN
Ignoring unsupported locale: %s
RESTEASY002137
WARN
Invalid format for {0}, using default value {1}
RESTEASY002138
WARN
Invalid regex for {0}: {2}
RESTEASY002140
WARN
Qualifying annotations found at non-public method: {0}.{1}(); Only public methods may be exposed as resource methods.
Neither mpJwtPublicKey nor mpJwtLocation properties are configured, JWTAuthContextInfo will not be available
SRJWT03002
DEBUG
mpJwtPublicKey parsed as JWK(S)
SRJWT03003
DEBUG
mpJwtPublicKey failed as JWK(S), %s
SRJWT03004
DEBUG
mpJwtPublicKey parsed as PEM
SRJWT03005
DEBUG
Unsupported key format
SRJWT03006
WARN
'%s' property is deprecated and will be removed in a future version. Use '%s ' property instead
SRJWT06000
DEBUG
tokenHeaderName = %s
SRJWT06001
DEBUG
Header %s was null
SRJWT06002
DEBUG
tokenCookieName = %s
SRJWT06003
DEBUG
Cookie %s was null
SRJWT06004
DEBUG
Authorization header does not contain a Bearer prefix
SRJWT06005
DEBUG
Authorization header was null
SRJWT08000
DEBUG
getAudience failure
SRJWT08001
WARN
getGroups failure:
SRJWT08002
WARN
getClaimValue failure for: %s
SRJWT08003
WARN
replaceClaimValueWithJsonValue failure for: %s
SRJWT08004
DEBUG
Token is invalid
SRJWT08005
DEBUG
Verification key is unresolvable
SRJWT08006
DEBUG
Claim value at the path %s is not a String
SRJWT08007
DEBUG
Claim value at the path %s is not an array of strings
SRJWT08008
DEBUG
Claim value at the path %s is neither an array of strings nor string
SRJWT08009
TRACE
Updated groups to: %s
SRJWT08010
DEBUG
Failed to access rolesMapping claim
SRJWT08011
DEBUG
No claim exists at the path %s at segment %s
SRJWT08012
DEBUG
Claim value at the path %s is not a json object
SRJWT08014
DEBUG
Required claims %s are not present in the JWT
SRJWT08015
DEBUG
loadSpi, cl=%s, u=%s, sl=%s
SRJWT08016
WARN
Multiple JWTCallerPrincipalFactory implementations found: %s and %s
SRJWT08017
DEBUG
sl=%s, loaded=%s
SRJWT08018
WARN
Failed to locate JWTCallerPrincipalFactory provider
SRJWT08019
DEBUG
AuthContextInfo is: %s
SRJWT08020
DEBUG
Failed to create a key from the HTTPS JWK Set
SRJWT08021
DEBUG
JWK with a matching 'kid' is not available, refreshing HTTPS JWK Set
SRJWT08022
DEBUG
Failed to refresh HTTPS JWK Set
SRJWT08023
DEBUG
JWK with a matching 'kid' is not available but HTTPS JWK Set has been refreshed less than %d minutes ago, trying to create a key from the HTTPS JWK Set one more time
SRJWT08024
DEBUG
Trying to create a key from the HTTPS JWK Set after the refresh
SRJWT08025
DEBUG
Failed to create a key from the HTTPS JWK Set after the refresh
SRJWT08026
DEBUG
Trying to create a key from the JWK(S)
SRJWT08027
DEBUG
Failed to create a key from the JWK(S)
SRJWT08028
DEBUG
Invalid token 'kid' header: %s, expected: %s
SRJWT08029
DEBUG
Trying to load the keys from the HTTPS JWK(S)
SRJWT08030
DEBUG
Checking if the key content is a JWK key or JWK key set
SRJWT08031
DEBUG
Checking if the key content is a Base64URL encoded JWK key or JWK key set
SRJWT08032
DEBUG
Unable to decode content using Base64 decoder
SRJWT08033
DEBUG
Key has been created from the encoded JWK key or JWK key set
SRJWT08034
DEBUG
Key has been created from the JWK key or JWK key set
SRJWT08035
DEBUG
Checking if the key content is a Base64 encoded PEM key
SRJWT08036
DEBUG
Key has been created from the encoded PEM key
SRJWT08037
DEBUG
The key content is not a valid encoded PEM key
SRJWT08038
DEBUG
Checking if the key content is a Base64 encoded PEM certificate
SRJWT08039
DEBUG
PublicKey has been created from the encoded PEM certificate
SRJWT08040
DEBUG
The key content is not a valid encoded PEM certificate
SRJWT08041
DEBUG
Decryption key is unresolvable
SRJWT08042
DEBUG
Encrypted token sequence is invalid
SRJWT08043
DEBUG
Trying to create a key from the HTTPS JWK(S)
SRJWT08044
DEBUG
Encrypted token headers must contain a content type header
SRJWT11000
DEBUG
Success
SRJWT11001
DEBUG
Unable to validate bearer token
SRJWT11002
DEBUG
No usable bearer token was found in the request, continuing unauthenticated
SRJWT11003
DEBUG
Failed to resolve the key. Either corrupt or unavailable.
SRJWT12000
DEBUG
getValue(%s), null JsonWebToken
SRJWT12001
DEBUG
Failed to find Claim for: %s
SRJWT12002
DEBUG
getValue(%s), isOptional=%s, claimValue=%s
SRJWT12003
DEBUG
JsonValueProducer(%s).produce
SRJWT12004
DEBUG
getOptionalString(%s)
SRJWT12005
DEBUG
getOptionalStringSet(%s)
SRJWT12006
DEBUG
getOptionalLong(%s)
SRJWT12007
DEBUG
getOptionalBoolean(%s)
SRJWT12008
DEBUG
addTypeToClaimProducer(%s)
SRJWT12009
DEBUG
Checking Provider Claim(%s), ip: %s
SRJWT12010
DEBUG
pip: %s
SRJWT12011
DEBUG
getClaimAsSet(%s)
SRJWT12012
DEBUG
getClaimAsString(%s)
SRJWT12013
DEBUG
getClaimAsLong(%s)
SRJWT12014
DEBUG
getClaimAsDouble(%s)
SRJWT12015
DEBUG
getClaimAsBoolean(%s)
SRJWT12016
DEBUG
getOptionalValue(%s)
SRJWT12017
DEBUG
beforeBeanDiscovery(%s)
SRJWT12018
DEBUG
EE Security is available, JWTHttpAuthenticationMechanism has been registered
SRJWT12019
INFO
EE Security is NOT available, JWTAuthenticationFilter has been registered
SRJWT12020
DEBUG
Added type: %s
SRMSG
Code
Level
Return Type
Message
SRMSG00200
ERROR
The method %s has thrown an exception
SRMSG00201
ERROR
Error caught while processing a message in method %s
SRMSG00202
INFO
Created new Vertx instance
SRMSG00203
INFO
Created worker pool named %s with concurrency of %d
SRMSG00204
WARN
Multiple publisher found for %s, using the merge policy `ONE` takes the first found
SRMSG00205
DEBUG
Strict mode enabled
SRMSG00206
DEBUG
Scanning Type: %s
SRMSG00207
WARN
%s
SRMSG00208
WARN
The connector '%s' has no downstreams
SRMSG00209
DEBUG
Beginning graph resolution, number of components detected: %d
SRMSG00210
DEBUG
Graph resolution completed in %d ns
SRMSG00211
ERROR
Unable to create invoker instance of %s
SRMSG00212
ERROR
Unable to initialize mediator: %s
SRMSG00224
INFO
Analyzing mediator bean: %s
SRMSG00226
DEBUG
Found incoming connectors: %s
SRMSG00227
DEBUG
Found outgoing connectors: %s
SRMSG00228
INFO
No MicroProfile Config found, skipping
SRMSG00229
DEBUG
Channel manager initializing...
SRMSG00230
ERROR
Unable to create the publisher or subscriber during initialization
SRMSG00231
INFO
Incoming channel `%s` disabled by configuration
SRMSG00232
INFO
Outgoing channel `%s` disabled by configuration
SRMSG00233
WARN
Unable to extract the ingested payload type for method `%s`, the reason is: %s
SRMSG00234
WARN
Failed to emit a Message to the channel
SRMSG00235
DEBUG
Beginning materialization
SRMSG00236
DEBUG
Materialization completed in %d ns
SRMSG00237
WARN
Use of @jakarta.inject.Named in Reactive Messaging is deprecated, use @io.smallrye.common.annotation.Identifier instead
SRMSG00238
INFO
No ExecutionHolder, disabling @Blocking support
SRMSG00239
java.lang.IllegalStateException
Cannot specify both client-options-name and client-ssl-context-name
SRMSG00240
java.lang.IllegalStateException
Could not find an SSLContext bean with the @Identifier=%s
SRMSG18201
DEBUG
Dead queue letter configured with: topic: `%s`, key serializer: `%s`, value serializer: `%s`
SRMSG18202
INFO
A message sent to channel `%s` has been nacked, sending the record to a dead letter topic %s
SRMSG18203
ERROR
A message sent to channel `%s` has been nacked, fail-stop
SRMSG18204
WARN
A message sent to channel `%s` has been nacked, ignored failure is: %s.
SRMSG18205
DEBUG
The full ignored failure is
SRMSG18206
ERROR
Unable to write to Kafka from channel %s (topic: %s)
SRMSG18206
ERROR
Unable to write to Kafka from channel %s (no topic set)
SRMSG18207
ERROR
Unable to dispatch message to Kafka
SRMSG18209
DEBUG
Sending message %s to Kafka topic '%s'
SRMSG18210
ERROR
Unable to send a record to Kafka
SRMSG18211
DEBUG
Message %s sent successfully to Kafka topic-partition '%s-%d', with offset %d
SRMSG18212
ERROR
Message %s was not sent to Kafka topic '%s' - nacking message
SRMSG18213
INFO
Setting %s to %s
SRMSG18214
INFO
Key deserializer omitted, using String as default
SRMSG18215
DEBUG
An error has been caught while closing the Kafka Write Stream
SRMSG18216
WARN
No `group.id` set in the configuration, generate a random id: %s
SRMSG18217
ERROR
Unable to read a record from Kafka topics '%s'
SRMSG18218
DEBUG
An exception has been caught while closing the Kafka consumer
SRMSG18219
INFO
Loading KafkaConsumerRebalanceListener from configured name '%s'
SRMSG18220
INFO
Loading KafkaConsumerRebalanceListener from group id '%s'
SRMSG18222
ERROR
Unable to execute consumer revoked re-balance listener for group '%s'
SRMSG18224
INFO
Executing consumer revoked re-balance listener for group '%s'
SRMSG18225
INFO
Executed consumer assigned re-balance listener for group '%s'
SRMSG18226
INFO
Executed consumer revoked re-balance listener for group '%s'
SRMSG18227
WARN
Re-enabling consumer for group '%s'. This consumer was paused because of a re-balance failure.
SRMSG18228
WARN
A failure has been reported for Kafka topics '%s'
SRMSG18229
INFO
Configured topics for channel '%s': %s
SRMSG18230
INFO
Configured topics matching pattern for channel '%s': %s
SRMSG18231
WARN
The record %d from topic-partition '%s' has waited for %s seconds to be acknowledged. This waiting time is greater than the configured threshold (%d ms). At the moment %d messages from this partition are awaiting acknowledgement. The last committed offset for this partition was %d. This error is due to a potential issue in the application which does not acknowledged the records in a timely fashion. The connector cannot commit as a record processing has not completed.
SRMSG18232
DEBUG
Will commit for group '%s' every %d milliseconds.
SRMSG18233
ERROR
Invalid value serializer to write a structured Cloud Event. Found %s, expected the org.apache.kafka.common.serialization.StringSerializer
SRMSG18234
DEBUG
Auto-commit disabled for channel %s
SRMSG18235
WARN
Will not health check throttled commit strategy for group '%s'.
SRMSG18236
DEBUG
Will mark throttled commit strategy for group '%s' as unhealthy if records go more than %d milliseconds without being processed.
SRMSG18237
DEBUG
Setting client.id for Kafka producer to %s
SRMSG18239
DEBUG
Received acknowledgement for record %d on '%s' (consumer group: '%s'). Ignoring it because the partition is not assigned to the consume anymore. Record will likely be processed again. Current assignments are %s.
SRMSG18240
DEBUG
'%s' commit strategy used for channel '%s'
SRMSG18241
FATAL
The deserialization failure handler `%s` throws an exception
SRMSG18242
WARN
A failure has been reported during a rebalance - the operation will be retried: '%s'
SRMSG18243
DEBUG
Shutting down - Pausing all topic-partitions
SRMSG18244
DEBUG
Shutting down - Waiting for message processing to complete, %d messages still in processing
SRMSG18245
WARN
There are still %d unprocessed messages after the closing timeout
Unable to recover from the deserialization failure (topic: %s), configure a DeserializationFailureHandler to recover from errors.
SRMSG18250
WARN
The configuration property '%s' is deprecated and is replaced by '%s'.
SRMSG18251
DEBUG
Committed %s
SRMSG18252
WARN
Failed to commit %s, it will be re-attempted
SRMSG18253
DEBUG
Removing topic-partition '%s' from the store - the partition is not assigned to the consumer anymore. Current assignments are: %s
SRMSG18254
DEBUG
Topic-partition '%s' has been revoked - going to commit offset %d
SRMSG18255
DEBUG
Received a record from topic-partition '%s' at offset %d, while the last committed offset is %d - Ignoring record
SRMSG18256
INFO
Initialize record store for topic-partition '%s' at position %d.
SRMSG18257
INFO
Kafka consumer %s, connected to Kafka brokers '%s', belongs to the '%s' consumer group and is configured to poll records from %s
SRMSG18258
INFO
Kafka producer %s, connected to Kafka brokers '%s', is configured to write records to '%s'
SRMSG18259
WARN
Kafka latest commit strategy failed to commit record from topic-partition '%s' at offset %d
SRMSG18260
ERROR
Unable to recover from the serialization failure (topic: %s), configure a SerializationFailureHandler to recover from errors.
SRMSG18261
ERROR
Unable to initialize producer from channel %s.
SRMSG18262
WARN
Aborting transaction for producer id %s in channel %s.
SRMSG18263
FATAL
The serialization failure handler `%s` throws an exception
SRMSG18264
WARN
No `checkpoint.state-store` given to use with checkpoint commit strategy. `file` will be used.
SRMSG18265
WARN
Will not health check checkpoint commit strategy for consumer '%s'.
SRMSG18266
DEBUG
Will mark checkpoint commit strategy for consumer '%s' as unhealthy if processing state go more than %d milliseconds without being persisted.
SRMSG18267
DEBUG
Partitions assigned to client %s : %s with initial state %s
SRMSG18268
ERROR
Failed fetching state on partitions assigned to client %s : %s
SRMSG18269
DEBUG
Partitions revoked from client %s: %s with state to persist %s
SRMSG18270
DEBUG
Persisted state for client %s : %s
SRMSG18271
WARN
Failed persisting state for %s : %s
SRMSG18272
DEBUG
Failed persisting state but can be retried for %s : %s
SRMSG18273
WARN
Checkpoint commit strategy processing state type not found for channel %s : %s
SRMSG18274
INFO
Error caught in producer interceptor `onSend` for channel %s
SRMSG18275
TRACE
Error caught in producer interceptor `onAcknowledge` for channel %s
SRMSG18276
TRACE
Error caught in producer interceptor `close` for channel %s
SRMSG18277
INFO
Delayed retry topics configured for channel `%s` with topics `%s`, max retries, `%d`, timeout `%d`ms, dlq topic `%s`
SRMSG18278
INFO
A message sent to channel `%s` has been nacked, sending the record to topic %s
SRMSG18279
WARN
A message sent to channel `%s` reached delayed retry timeout `%s` milliseconds reached for record `%s`
SRMSG18280
WARN
A message sent to channel `%s` has been nacked and won't be retried again. Configure `dead-letter-queue.topic` for sending the record to a dead letter topic
SROAP
Code
Level
Return Type
Message
SROAP01000
ERROR
Failed to introspect BeanInfo for: %s
SROAP01001
INFO
Schema with zero references removed from #/components/schemas: %s
SROAP01002
INFO
Cyclic object reference detected in OpenAPI model, skipping current node
SROAP01003
WARN
Merge of property would result in cyclic object reference in OpenAPI model, skipping property '%s' in type %s
SROAP02000
DEBUG
Processing a map of %s annotations.
SROAP02001
DEBUG
Processing a json map of %s nodes.
SROAP02002
DEBUG
Processing a list of %s annotations.
SROAP02003
DEBUG
Processing a json list of %s.
SROAP02004
DEBUG
Processing a single %s annotation.
SROAP02005
DEBUG
Processing an %s annotation.
SROAP02006
DEBUG
Processing a single %s annotation as a %s.
SROAP02007
DEBUG
Processing a single %s json node.
SROAP02008
DEBUG
Processing an %s json node.
SROAP02009
DEBUG
Processing a single %s json object.
SROAP02010
DEBUG
Processing a json map of %s.
SROAP02011
ERROR
Error reading a CallbackOperation annotation.
SROAP02012
DEBUG
Processing a list of %s annotations into an %s.
SROAP02013
DEBUG
Processing an enum %s
SROAP02014
DEBUG
Processing an array of %s annotations.
SROAP02015
DEBUG
Processing a json array of %s json nodes.
SROAP02016
WARN
Failed to read enumeration values from enum %s method %s with `@JsonValue`: %s
SROAP04000
DEBUG
Scanning deployment for %s Annotations.
SROAP04001
DEBUG
Starting processing with root: %s
SROAP04002
DEBUG
Getting all fields for: %s in class: %s
SROAP04003
WARN
Configured schema for %s could not be parsed
SROAP04004
INFO
Configured schema for %s has been registered
SROAP04005
WARN
Could not find schema class in index: %s
SROAP06000
DEBUG
Processing @Schema annotation %s on a field %s
SROAP06001
DEBUG
Annotation value has invalid format: %s
SROAP06002
DEBUG
Possible cycle was detected at: %s. Will not search further.
Could not bind multicast socket to %s (%s address): %s; make sure your multicast address is of the same type as the IP stack (IPv4 or IPv6). Multicast socket will not be bound to an address, but this may lead to cross talking (see http://www.jboss.org/community/docs/DOC-9469 for details).
UT005060
WARN
Predicate %s uses old style square braces to define predicates, which will be removed in a future release. predicate[value] should be changed to predicate(value)
UT005061
java.lang.IllegalStateException
More than %s restarts detected, breaking assumed infinite loop
UT005062
ERROR
Pattern parse error
UT005063
ERROR
Unable to decode with rest of chars starting: %s
UT005064
ERROR
No closing ) found for in decode
UT005065
ERROR
The next characters couldn't be decoded: %s
UT005066
ERROR
X param for servlet request, couldn't decode value: %s
UT005067
ERROR
X param in wrong format. Needs to be 'x-#(...)'
UT005068
INFO
Pattern was just empty or whitespace
UT005069
ERROR
Failed to write JDBC access log
UT005070
ERROR
Failed to write pre-cached file
UT005071
ERROR
Undertow request failed %s
UT005072
WARN
Thread %s (id=%s) has been active for %s milliseconds (since %s) to serve the same request for %s and may be stuck (configured threshold for this StuckThreadDetectionValve is %s seconds). There is/are %s thread(s) in total that are monitored by this Valve and may be stuck.
UT005073
WARN
Thread %s (id=%s) was previously reported to be stuck but has completed. It was active for approximately %s milliseconds. There is/are still %s thread(s) that are monitored by this Valve and may be stuck.
UT005074
ERROR
Failed to invoke error callback %s for SSE task
UT005075
java.lang.IllegalStateException
Unable to resolve mod_cluster management host's address for '%s'
UT005076
ERROR
SSL read loop detected. This should not happen, please report this to the Undertow developers. Current state %s
UT005077
ERROR
SSL unwrap buffer overflow detected. This should not happen, please report this to the Undertow developers. Current state %s
UT005079
ERROR
ALPN negotiation on %s failed
UT005080
ERROR
HttpServerExchange cannot have both async IO resumed and dispatch() called in the same cycle
UT005081
ERROR
Response has already been started, cannot proxy request %s
UT005082
java.lang.IllegalArgumentException
Configured mod_cluster management host address cannot be a wildcard address (%s)!
UT005083
java.io.IOException
Unexpected end of compressed input
UT005084
java.io.IOException
Attempted to write %s bytes however content-length has been set to %s
UT005085
DEBUG
Connection %s for exchange %s was not closed cleanly, forcibly closing connection
UT005086
ERROR
Failed to accept SSL request
UT005088
ERROR
Failed to execute ServletOutputStream.closeAsync() on IO thread
UT005089
java.lang.IllegalArgumentException
Method parameter '%s' cannot be null
UT005090
ERROR
Unexpected failure
UT005091
ERROR
Failed to initialize DirectByteBufferDeallocator
UT005092
DEBUG
Failed to free direct buffer
UT005093
DEBUG
Blocking read timed out
UT005094
DEBUG
Blocking write timed out
UT005095
DEBUG
SSLEngine delegated task was rejected
UT005096
DEBUG
Authentication failed for digest header %s in %s
UT005097
DEBUG
Failed to obtain subject for %s
UT005098
DEBUG
GSSAPI negotiation failed for %s
UT005099
WARN
Failed to create SSO for session '%s'
UT005100
DEBUG
Failed to list paths for '%s'
UT005101
DEBUG
No source to list resources from
UT005102
WARN
Flushing waiting in a frame more than %s miliseconds. The framed channel will be forcibly closed.
UT015002
ERROR
Stopping servlet %s due to permanent unavailability
UT015003
ERROR
Stopping servlet %s till %s due to temporary unavailability
UT015005
ERROR
Error invoking method %s on listener %s
UT015006
ERROR
IOException dispatching async event
UT015007
WARN
Stack trace on error enabled for deployment %s, please do not enable for production use
UT015008
WARN
Failed to load development mode persistent sessions
UT015009
WARN
Failed to persist session attribute %s with value %s for session %s
UT015010
WARN
Failed to persist sessions
UT015012
ERROR
Failed to generate error page %s for original exception: %s. Generating error page resulted in a %s.
UT015014
ERROR
Error reading rewrite configuration
UT015015
java.lang.IllegalArgumentException
Error reading rewrite configuration: %s
UT015016
java.lang.IllegalArgumentException
Invalid rewrite map class: %s
UT015017
java.lang.IllegalArgumentException
Error reading rewrite flags in line %s as %s
UT015018
java.lang.IllegalArgumentException
Error reading rewrite flags in line %s
UT015019
ERROR
Failed to destroy %s
UT015020
WARN
Path %s is secured for some HTTP methods, however it is not secured for %s
UT015021
ERROR
Failure dispatching async event
UT015022
WARN
Requested resource at %s does not exist for include method
UT015023
java.lang.IllegalStateException
This Context has been already destroyed
UT015024
ERROR
Servlet %s init() method in web application %s threw exception
UT025003
DEBUG
Decoding WebSocket Frame with opCode %s
UT025007
ERROR
Unhandled exception for annotated endpoint %s
UT025008
WARN
Incorrect parameter %s for extension
UT026001
ERROR
Unable to instantiate endpoint
UT026002
ERROR
Unable to instantiate server configuration %s
UT026003
INFO
Adding annotated server endpoint %s for path %s
UT026004
INFO
Adding annotated client endpoint %s
UT026005
INFO
Adding programmatic server endpoint %s for path %s
UT026006
ERROR
Exception running web socket method
UT026007
WARN
On Endpoint class %s path param %s on method %s does not reference a valid parameter, valid parameters are %s.
UT026008
ERROR
Could not close endpoint on undeploy.
UT026009
WARN
XNIO worker was not set on WebSocketDeploymentInfo, the default worker will be used
UT026010
WARN
Buffer pool was not set on WebSocketDeploymentInfo, the default pool will be used
UT026011
java.lang.IllegalArgumentException
XNIO worker was not set on WebSocketDeploymentInfo, and there is no default to use
UT026012
java.lang.IllegalArgumentException
Buffer pool was not set on WebSocketDeploymentInfo, and there is no default to use
VFS
Code
Level
Return Type
Message
VFS000001
WARN
A VFS mount (%s) was leaked!
VFS000002
INFO
Failed to clean existing content for temp file provider of type %s. Enable DEBUG level log to find what caused this
WELD-
Code
Level
Return Type
Message
WELD-000000
DEBUG
Catching
WELD-000000
TRACE
No PAT observers resolved for {0}. Skipping.
WELD-000000
TRACE
Sending PAT using the default event resolver: {0}
WELD-000000
TRACE
Sending PAT using the fast event resolver: {0}
WELD-000001
TRACE
Exactly one constructor ({0}) annotated with @Inject defined, using it as the bean constructor for {1}
WELD-000002
TRACE
Exactly one constructor ({0}) defined, using it as the bean constructor for {1}
WELD-000004
TRACE
Exactly one post construct method ({0}) for {1}
WELD-000006
TRACE
Exactly one pre destroy method ({0}) for {1}
WELD-000007
TRACE
Created session bean proxy for {0}
WELD-000008
TRACE
Called {0} on {1} with parameters {2} which returned {3}
A bean class that is not a decorator has an injection point annotated @Delegate at injection point {0} at {1} StackTrace:
WELD-000039
org.jboss.weld.exceptions.DefinitionException
@Typed class {0} not present in the set of bean types of {1} [{2}]
WELD-000040
org.jboss.weld.exceptions.DefinitionException
All stereotypes must specify the same scope or the bean must declare a scope - declared on {0}, declared stereotypes [{1}], possible scopes {2}{3}
WELD-000041
org.jboss.weld.exceptions.DefinitionException
Specializing bean may not declare a bean name if it is declared by specialized bean specializing: {0} specialized: {1}
WELD-000042
org.jboss.weld.exceptions.IllegalStateException
Cannot operate on non container provided decorator {0}
WELD-000043
org.jboss.weld.exceptions.IllegalStateException
The following bean is not an EE resource producer: {0}
WELD-000044
org.jboss.weld.exceptions.NullInstanceException
Unable to obtain instance from {0}
WELD-000045
org.jboss.weld.exceptions.InvalidObjectException
Unable to deserialize object - serialization proxy is required
WELD-000046
org.jboss.weld.exceptions.DefinitionException
At most one scope may be specified on {0}
WELD-000047
org.jboss.weld.exceptions.DefinitionException
Specializing bean must extend another bean: {0}
WELD-000048
java.lang.String
Conflicting interceptor bindings found on {0}
WELD-000049
org.jboss.weld.exceptions.WeldException
Unable to invoke {0} on {1}
WELD-000050
org.jboss.weld.exceptions.WeldException
Cannot cast producer type {0} to bean type {1}
WELD-000052
org.jboss.weld.exceptions.IllegalProductException
Cannot return null from a non-dependent producer method: {0} at {1} StackTrace:
WELD-000053
org.jboss.weld.exceptions.IllegalProductException
Producers cannot declare passivating scope and return a non-serializable class: {0} at {1} StackTrace:
WELD-000054
org.jboss.weld.exceptions.IllegalProductException
Producers cannot produce unserializable instances for injection into an injection point that requires a passivation capable dependency Producer: {0} at {1} Injection Point: {2} at {3} StackTrace:
WELD-000059
org.jboss.weld.exceptions.DefinitionException
No delegate injection point defined for {0}
WELD-000060
org.jboss.weld.exceptions.DefinitionException
Too many delegate injection points defined for {0}
WELD-000061
org.jboss.weld.exceptions.DefinitionException
The delegate type does not extend or implement the decorated type. Decorated type: {0} Decorator: {1}
WELD-000064
org.jboss.weld.exceptions.IllegalStateException
Unable to process decorated type: {0}
WELD-000066
org.jboss.weld.exceptions.DefinitionException
{0} has more than one @Dispose parameter at {1} StackTrace:
WELD-000067
org.jboss.weld.exceptions.DefinitionException
{0} is not allowed on same method as {1}, see {2} at {3} StackTrace:
WELD-000068
org.jboss.weld.exceptions.DefinitionException
{0} method {1} is not a business method of {2} at {3} StackTrace:
WELD-000070
org.jboss.weld.exceptions.DefinitionException
Simple bean {0} cannot be a non-static inner class
WELD-000071
org.jboss.weld.exceptions.DefinitionException
Managed bean with a parameterized bean class must be @Dependent: {0}
WELD-000072
org.jboss.weld.exceptions.DeploymentException
Bean declaring a passivating scope must be passivation capable. Bean: {0}
WELD-000073
org.jboss.weld.exceptions.DeploymentException
Bean class which has decorators cannot be declared final: {0}
WELD-000075
org.jboss.weld.exceptions.DefinitionException
Normal scoped managed bean implementation class has a public field: {0}
WELD-000076
org.jboss.weld.exceptions.DefinitionException
Bean constructor must not have a parameter annotated with {0}: {1} at {2} StackTrace:
WELD-000077
org.jboss.weld.exceptions.DefinitionException
Cannot declare multiple disposal methods for this producer method. Producer method: {0} Disposal methods: {1}
WELD-000078
org.jboss.weld.exceptions.DefinitionException
Specialized producer method does not override another producer method: {0} at {1} StackTrace:
WELD-000079
org.jboss.weld.exceptions.CreationException
Could not instantiate a proxy for a session bean: {0} Proxy: {1}
WELD-000080
org.jboss.weld.exceptions.DefinitionException
Enterprise beans cannot be interceptors: {0}
WELD-000081
org.jboss.weld.exceptions.DefinitionException
Enterprise beans cannot be decorators: {0}
WELD-000082
org.jboss.weld.exceptions.DefinitionException
Scope {0} is not allowed on stateless session beans for {1}. Only @Dependent is allowed.
WELD-000083
org.jboss.weld.exceptions.DefinitionException
Scope {0} is not allowed on singleton session beans for {1}. Only @Dependent and @ApplicationScoped is allowed.
WELD-000084
org.jboss.weld.exceptions.DefinitionException
Specializing enterprise bean must extend another enterprise bean: {0}
Required service {0} has not been specified for {1}
WELD-000118
org.jboss.weld.exceptions.DeploymentException
Only normal scopes can be passivating. Scope {0}
WELD-000119
INFO
Not generating any bean definitions from {0} because of underlying class loading error: Type {1} not found. If this is unexpected, enable DEBUG logging to see the full error.
ProcessBeanAttributes.veto() called by {0} for {1}
WELD-000166
DEBUG
AfterTypeDiscovery.{3} modified by {0} {2} {1}
WELD-000167
WARN
Class {0} is annotated with @{1} but it does not declare an appropriate constructor therefore is not registered as a bean!
WELD-000168
DEBUG
Extension bean deployed: {0}
WELD-000169
INFO
Jandex cannot distinguish inner and static nested classes! Update Jandex to 2.0.3.Final version or newer to improve scanning performance.
WELD-000170
org.jboss.weld.exceptions.IllegalStateException
{0} observer cannot call both the configurator and set methods. Extension {1} StackTrace:
WELD-000171
DEBUG
BeforeBeanDiscovery.configureQualifier() called by {0} for {1}
WELD-000172
DEBUG
BeforeBeanDiscovery.configureInterceptorBinding() called by {0} for {1}
WELD-000173
DEBUG
ProcessProducer.configureProducer() called by {0} for {1}
WELD-000174
DEBUG
ProcessBeanAttributes.configureBeanAttributes() called by {0} for {1}
WELD-000175
DEBUG
ProcessBeanAttributes.isIgnoreFinalMethods() called by {0} for {1}
WELD-000176
DEBUG
ProcessAnnotatedType.configureAnnotatedType() called by {0} for {1}
WELD-000177
DEBUG
ProcessObserverMethod.configureObserverMethod() called by {0} for {1}
WELD-000178
DEBUG
ProcessInjectionPoint.configureInjectionPoint() called by {0} for {1}
WELD-000179
org.jboss.weld.exceptions.DeploymentException
{0} created by {1} cannot be processed
WELD-000180
DEBUG
Drop unused bean metadata: {0}
WELD-000181
WARN
org.jboss.weld.executor.threadPoolType=COMMON detected but ForkJoinPool.commonPool() does not work with SecurityManager enabled, switching to {0} thread pool
WELD-000183
org.jboss.weld.exceptions.DefinitionException
Multiple different @Priority values derived from stereotype annotations for annotated type - {0}
Updating underlying store with contextual {0} under ID {1}
WELD-000217
TRACE
Adding detached contextual {0} under ID {1}
WELD-000218
TRACE
Removed {0} from session {1}
WELD-000219
TRACE
Unable to remove {0} from non-existent session
WELD-000220
TRACE
Added {0} to session {1}
WELD-000221
TRACE
Unable to add {0} to session as no session could be obtained
WELD-000222
TRACE
Loading bean store {0} map from session {1}
WELD-000223
org.jboss.weld.exceptions.DefinitionException
Context.getScope() returned null for {0}
WELD-000224
WARN
Unable to clear the bean store {0}.
WELD-000225
WARN
Bean store leak detected during {0} association: {1}
WELD-000226
org.jboss.weld.exceptions.DeploymentException
Cannot register additional context for scope: {0}, {1}
WELD-000227
org.jboss.weld.exceptions.IllegalStateException
Bean identifier index inconsistency detected - the distributed container probably does not work with identical applications Expected hash: {0} Current index: {1}
WELD-000228
DEBUG
Bean store leak detected during {0} association - instances of beans with the following identifiers might not be destroyed correctly: {1}
WELD-000229
org.jboss.weld.exceptions.IllegalStateException
Contextual reference of {0} is not valid after container {1} shutdown
WELD-000304
TRACE
Cleaning up conversation {0}
WELD-000313
TRACE
Lock acquired on conversation {0}
WELD-000314
TRACE
Lock released on conversation {0}
WELD-000315
WARN
Failed to acquire conversation lock in {0} ms for {1}
WELD-000316
WARN
Attempt to release lock on conversation {0} failed because {1}
WELD-000317
DEBUG
Promoted conversation {0} to long-running
WELD-000318
DEBUG
Returned long-running conversation {0} to transient
{0} is not a valid notification mode for asynchronous observers
WELD-000420
java.lang.UnsupportedOperationException
Asynchronous observer notification with timeout option requires an implementation of ExecutorServices which provides an instance of ScheduledExecutorServices.
Invalid input value for asynchronous observer notification timeout. Has to be parseable String, java.lang.Long or long. Original exception: {0}
WELD-000422
java.lang.IllegalStateException
WeldEvent.select(Type subtype, Annotation... qualifiers) can be invoked only on an instance of WeldEvent
WELD-000600
DEBUG
{0} is missing @Retention(RUNTIME). Weld will use this annotation, however this may make the application unportable.
WELD-000601
DEBUG
{0} is missing @Target. Weld will use this annotation, however this may make the application unportable.
WELD-000602
DEBUG
{0} is not declared @Target(TYPE, METHOD) or @Target(TYPE). Weld will use this annotation, however this may make the application unportable.
WELD-000604
DEBUG
{0} is not declared @Target(METHOD, FIELD, TYPE). Weld will use this annotation, however this may make the application unportable.
WELD-000605
DEBUG
{0} is not declared @Target(METHOD, FIELD, TYPE, PARAMETER), @Target(METHOD, TYPE), @Target(METHOD), @Target(TYPE) or @Target(FIELD). Weld will use this annotation, however this may make the application unportable.
Context activation pattern {0} ignored as it is overriden by the integrator.
WELD-000712
WARN
Unable to dissociate context {0} from the storage {1}
WELD-000713
org.jboss.weld.exceptions.IllegalStateException
Unable to inject ServletContext. None is associated with {0}, {1}
WELD-000714
WARN
HttpContextLifecycle guard leak detected. The Servlet container is not fully compliant. The value was {0}
WELD-000715
WARN
HttpContextLifecycle guard not set. The Servlet container is not fully compliant.
WELD-000716
INFO
Running in Servlet 2.x environment. Asynchronous request support is disabled.
WELD-000717
WARN
Unable to deactivate context {0} when destroying request {1}
WELD-000718
WARN
No EEModuleDescriptor defined for bean archive with ID: {0}. @Initialized and @Destroyed events for ApplicationScoped may be fired twice.
WELD-000719
DEBUG
An active HttpSessionDestructionContext detected. This is likely a leftover from previous sessions that ended exceptionally. This context will be terminated.
The bean {0} declares a passivating scope but has a non-passivation-capable dependency {1}
WELD-001414
org.jboss.weld.exceptions.DeploymentException
Bean name is ambiguous. Name {0} resolves to beans: {1}
WELD-001415
org.jboss.weld.exceptions.DeploymentException
Bean name is identical to a bean name prefix used elsewhere. Name {0}
WELD-001416
org.jboss.weld.exceptions.DeploymentException
Enabled interceptor class {0} specified twice: - {1}, - {2}
WELD-001417
org.jboss.weld.exceptions.DeploymentException
Enabled interceptor class {0} ({1}) does not match an interceptor bean: the class is not found, or not annotated with @Interceptor and still not registered through a portable extension, or not annotated with @Dependent inside an implicit bean archive
WELD-001418
org.jboss.weld.exceptions.DeploymentException
Enabled decorator class {0} specified twice: - {1}, - {2}
WELD-001419
org.jboss.weld.exceptions.DeploymentException
Enabled decorator class {0} is not the bean class of at least one decorator bean (detected decorator beans: {1})
WELD-001420
org.jboss.weld.exceptions.DeploymentException
Enabled alternative {0} is not a stereotype
WELD-001421
org.jboss.weld.exceptions.DeploymentException
Cannot enable the same alternative stereotype {0} in beans.xml: - {1}, - {2}
WELD-001422
org.jboss.weld.exceptions.DeploymentException
Enabled alternative class {0} ({1}) does not match any bean, or is not annotated with @Alternative or an @Alternative stereotype, or does not declare a producer annotated with @Alternative or an @Alternative stereotype
WELD-001424
org.jboss.weld.exceptions.DefinitionException
The following disposal methods were declared but did not resolve to a producer method: {0}
WELD-001425
org.jboss.weld.exceptions.DefinitionException
An injection point cannot have a wildcard type parameter: {0} at {1} StackTrace
WELD-001426
org.jboss.weld.exceptions.DefinitionException
An injection point must have a type parameter: {0} at {1} StackTrace
WELD-001427
org.jboss.weld.exceptions.DefinitionException
Only field injection points can use the @Named qualifier with no value: {0} at {1} StackTrace
WELD-001428
org.jboss.weld.exceptions.DefinitionException
A decorator cannot have producer methods, but at least one was found on {0}.
WELD-001429
org.jboss.weld.exceptions.DefinitionException
A decorator cannot have producer fields, but at least one was found on {0}.
WELD-001430
org.jboss.weld.exceptions.DefinitionException
A decorator cannot have disposer methods, but at least one was found on {0}.
WELD-001431
org.jboss.weld.exceptions.DefinitionException
An interceptor cannot have producer methods, but at least one was found on {0}.
WELD-001432
org.jboss.weld.exceptions.DefinitionException
An interceptor cannot have producer fields, but at least one was found on {0}.
WELD-001433
org.jboss.weld.exceptions.DefinitionException
An interceptor cannot have disposer methods, but at least one was found on {0}.
Bean type {0} is not proxyable because it is an array type - {1}.
WELD-001440
WARN
Scope type {0} used on injection point {1} at {2} StackTrace
WELD-001441
org.jboss.weld.exceptions.DeploymentException
Enabled alternative {0} is not a class
WELD-001442
org.jboss.weld.exceptions.DeploymentException
Enabled alternative {0} is not annotated @Alternative
WELD-001443
org.jboss.weld.exceptions.DeploymentException
Pseudo scoped bean has circular dependencies. Dependency path: {0}
WELD-001445
org.jboss.weld.exceptions.DefinitionException
An interceptor cannot have observer methods, but at least one was found on {0}.
WELD-001446
org.jboss.weld.exceptions.DefinitionException
A decorator cannot have observer methods, but at least one was found on {0}.
WELD-001447
org.jboss.weld.exceptions.DefinitionException
Method {0} defined on class {1} is not defined according to the specification. It is annotated with @{2} but it does not return {3} at {4} StackTrace
WELD-001448
org.jboss.weld.exceptions.DefinitionException
Method {0} defined on class {1} is not defined according to the specification. It is annotated with @{2} but it does not have exactly one parameter at {3} StackTrace
WELD-001449
org.jboss.weld.exceptions.DefinitionException
Method {0} defined on class {1} is not defined according to the specification. It is annotated with @{2} but its single parameter is not a {3} at {4} StackTrace
WELD-001451
org.jboss.weld.exceptions.DefinitionException
jakarta.transaction.UserTransaction cannot be injected into an enterprise bean with container-managed transactions: {0} at {1} StackTrace
WELD-001452
org.jboss.weld.exceptions.DefinitionException
{0} is not a valid type for a Bean metadata injection point {1} at {2} StackTrace
WELD-001453
org.jboss.weld.exceptions.DefinitionException
{0} is not a valid type argument for a Bean metadata injection point {1} at {2} StackTrace
WELD-001454
org.jboss.weld.exceptions.DefinitionException
{0} cannot be used at a Bean metadata injection point of a bean which is not {1}, {2} at {3} StackTrace
{0} for a built-in bean {1} must be passivation capable.
WELD-001466
org.jboss.weld.exceptions.DefinitionException
Invalid injection point found in a disposer method: {0} at {1} StackTrace
WELD-001467
org.jboss.weld.exceptions.DefinitionException
Method {0} defined on class {1} is not defined according to the specification. It is annotated with @{2} but it does not return {3} or {4}. at {5} StackTrace
WELD-001468
org.jboss.weld.exceptions.DefinitionException
Method {0} defined on class {1} is not defined according to the specification. It is annotated with @{2} but it does not have a {3} return type. at {4} StackTrace
WELD-001469
WARN
Method {0} defined on class {1} is not defined according to the specification. It is annotated with @{2} but it does not have zero parameters.
WELD-001471
WARN
Interceptor method {0} defined on class {1} is not defined according to the specification. It should not throw {2}, which is a checked exception. at {3} StackTrace
WELD-001472
org.jboss.weld.exceptions.DefinitionException
EventMetadata can only be injected into an observer method: {0} at {1} StackTrace
WELD-001473
WARN
jakarta.enterprise.inject.spi.Bean implementation {0} declared a normal scope but does not implementjakarta.enterprise.inject.spi.PassivationCapable. It won'''t be possible to inject this bean into a bean with a passivating scope (@SessionScoped, @ConversationScoped). This can be fixed by assigning the Bean implementation a unique id by implementing the PassivationCapable interface.
WELD-001474
java.lang.String
Class {0} is on the classpath, but was ignored because a class it references was not found: {1}.
WELD-001475
java.lang.String
The following beans match by type, but none have matching qualifiers:{0}
Method {0} defined on class {1} is not defined according to the specification. It is annotated with @{2} and it declares more than one parameter. at {3} StackTrace
WELD-001500
org.jboss.weld.exceptions.WeldException
Failed to deserialize proxy object with beanId {0}
WELD-001501
org.jboss.weld.exceptions.WeldException
Method call requires a BeanInstance which has not been set for this proxy {0}
WELD-001502
org.jboss.weld.exceptions.DefinitionException
Resource producer field [{0}] must be @Dependent scoped
WELD-001503
org.jboss.weld.exceptions.DeploymentException
Bean class which has interceptors cannot be declared final: {0}
WELD-001504
org.jboss.weld.exceptions.DeploymentException
Intercepted bean method {0} (intercepted by {1}) cannot be declared final
WELD-001505
WARN
Method {0} cannot be intercepted by {1} - will be ignored by interceptors and should never be invoked upon the proxy instance!
WELD-001506
TRACE
Created new client proxy of type {0} for bean {1} with ID {2}
WELD-001507
TRACE
Located client proxy of type {0} for bean {1}
WELD-001508
org.jboss.weld.exceptions.DefinitionException
Cannot create an InjectionTarget from {0} as it is an interface
WELD-001510
org.jboss.weld.exceptions.WeldException
Non passivation capable bean serialized with ProxyMethodHandler
WELD-001511
org.jboss.weld.exceptions.DefinitionException
Specializing bean {0} does not have bean type {1} of specialized bean {2}
Cannot inject injection point metadata in a non @Dependent bean: {0}
WELD-001570
org.jboss.weld.exceptions.IllegalStateException
Invalid BeanConfigurator setup - no callback was specified for {0}
WELD-001571
INFO
Proxy for {0} created in {1} because {2}.
WELD-001572
org.jboss.weld.exceptions.CreationException
Cannot create instance of session bean from Annotated Type {0} before AfterDeploymentValidation phase.
WELD-001573
org.jboss.weld.exceptions.IllegalStateException
Cannot obtain contextual reference for {0} - producing WeldInstance does not exist anymore
WELD-001574
WARN
Cannot destroy contextual instance for {0} - producing WeldInstance does not exist anymore
WELD-001575
org.jboss.weld.exceptions.IllegalStateException
WeldInstance.select(Type subtype, Annotation... qualifiers) can be invoked only on an instance of WeldInstance
WELD-001576
DEBUG
Using {1} to instantiate a shared proxy class {0}; the deployment implementation [{2}] does not match the instantiator the proxy was created with
WELD-001577
INFO
Detected private final method: {1} on an intercepted bean: {0} Weld will ignore this method during interception.
WELD-001578
org.jboss.weld.exceptions.IllegalStateException
WeldDefaultProxyServices failed to load/define a class with name {0} whose original class was {1} because all attempts to determine a class loader ended with null.
The service JobOperatorService has been stopped and cannot execute operations.
WFLYBATCH000005
jakarta.batch.operations.NoSuchJobException
The job name '%s' was not found for the deployment.
WFLYBATCH000006
jakarta.batch.operations.JobStartException
Could not find the job XML file in the deployment: %s
WFLYBATCH000007
WARN
Failed processing the job XML file %s. Attempting to execute this job may result in errors.
WFLYBATCH000008
WARN
Empty job-repository element found in deployment descriptor. Using the default job repository for deployment %s.
WFLYBATCH000009
java.lang.IllegalStateException
Indexed child resources can only be registered if the parent resource supports ordered children. The parent of '%s' is not indexed
WFLYBATCH000011
org.jboss.msc.service.StartException
Failed to create %s job repository.
WFLYBATCH000013
ERROR
Only one job repository can be defined in the jboss-all.xml deployment descriptor. The first job repository will be used.
WFLYBATCH000014
WARN
Stopping execution %d of %s for deployment %s
WFLYBATCH000015
ERROR
Failed to stop execution %d for job %s on deployment %s
WFLYBATCH000016
ERROR
Failed to restart execution %d for job %s on deployment %s
WFLYBATCH000017
INFO
Restarting previously stopped batch job %s. Previous execution id %d. New execution id %d.
WFLYBATCH000019
jakarta.batch.operations.BatchRuntimeException
No batch environment was found for class loader: %s
WFLYBATCH000020
jakarta.batch.operations.JobSecurityException
Permission denied. User %s does not have %s permissions.
WFLYCC
Code
Level
Return Type
Message
WFLYCC0001
java.lang.IllegalStateException
Cannot add deployment actions after starting creation of a rollout plan
WFLYCC0002
java.lang.IllegalStateException
Cannot add deployment actions after starting creation of a rollout plan
WFLYCC0003
java.lang.String
Cannot convert %s to %s
WFLYCC0004
java.lang.IllegalArgumentException
Cannot derive a deployment name from %s -- use an overloaded method variant that takes a 'name' parameter
WFLYCC0005
java.lang.IllegalArgumentException
Cannot use a DeploymentPlan not created by this manager
WFLYCC0007
java.lang.String
Deployment with name %s already present in the domain
WFLYCC0008
java.lang.String
failed
WFLYCC0009
java.lang.IllegalStateException
Global rollback is not compatible with a server restart
WFLYCC0010
java.lang.IllegalStateException
Graceful shutdown already configured with a timeout of %d ms
WFLYCC0011
java.lang.String
Only one version of deployment with a given unique name can exist in the domain. The deployment plan specified that a new version of deployment %s replace an existing deployment with the same unique name, but did not apply the replacement to all server groups. Missing server groups were: %s
WFLYCC0012
java.lang.IllegalStateException
Invalid action type %s
WFLYCC0013
java.lang.IllegalStateException
Preceding action was not a %s
WFLYCC0014
java.lang.IllegalArgumentException
%s is not a valid URI
WFLYCC0015
java.lang.IllegalArgumentException
Illegal %s value %d -- must be greater than %d
WFLYCC0016
java.lang.IllegalArgumentException
Illegal %s value %d -- must be greater than %d and less than %d
WFLYCC0017
java.lang.RuntimeException
Screen real estate is expensive; displayUnits must be 5 characters or less
WFLYCC0019
java.lang.String
No failure details provided
WFLYCC0020
java.lang.IllegalStateException
No %s is configured
WFLYCC0022
java.lang.IllegalStateException
%s is closed
WFLYCC0023
java.lang.RuntimeException
Operation outcome is %s
WFLYCC0024
java.lang.IllegalStateException
%s operations are not allowed after content and deployment modifications
Specified HotRod protocol version %s does not support creating caches automatically. Cache named '%s' must be already created on the Infinispan Server!
WFLYCLINF0033
WARN
Attribute '%s' is configured to use a deprecated value: %s; use one of the following values instead: %s
WFLYCLJG
Code
Level
Return Type
Message
WFLYCLJG0001
INFO
Activating JGroups subsystem. JGroups version %s
WFLYCLJG0007
java.lang.String
Failed to parse %s
WFLYCLJG0008
java.lang.String
Failed to locate %s
WFLYCLJG0010
org.jboss.as.controller.OperationFailedException
Transport for stack %s is not defined. Please specify both a transport and protocol list, either as optional parameters to add() or via batching.
WFLYCLJG0015
java.lang.String
Unknown metric %s
WFLYCLJG0016
org.jboss.as.controller.OperationFailedException
Unable to load protocol class %s
WFLYCLJG0022
java.lang.IllegalArgumentException
%s entry not found in configured key store
WFLYCLJG0023
java.lang.IllegalArgumentException
%s key store entry is not of the expected type: %s
WFLYCLJG0025
java.lang.IllegalArgumentException
Configured credential source does not reference a clear-text password credential
WFLYCLJG0028
java.lang.IllegalArgumentException
Could not resolve destination address for outbound socket binding named '%s'
WFLYCLJG0030
WARN
Protocol %s is obsolete and will be auto-updated to %s
WFLYCLJG0031
WARN
Ignoring unrecognized %s property: %s
WFLYCLJG0032
INFO
Connecting '%s' channel. '%s' joining cluster '%s' via %s
WFLYCLJG0033
INFO
Connected '%s' channel. '%s' joined cluster '%s' with view: %s
WFLYCLJG0034
INFO
Disconnecting '%s' channel. '%s' leaving cluster '%s' with view: %s
WFLYCLJG0035
INFO
Disconnected '%s' channel. '%s' left cluster '%s'
WFLYCLSN
Code
Level
Return Type
Message
WFLYCLSN0001
INFO
This node will now operate as the singleton provider of the %s service
WFLYCLSN0002
INFO
This node will no longer operate as the singleton provider of the %s service
WFLYCLSN0003
INFO
%s elected as the singleton provider of the %s service
WFLYCLSN0004
java.lang.IllegalStateException
No response received from primary provider of the %s service, retrying...
WFLYCLSN0005
ERROR
Failed to start %s service
WFLYCLSN0006
WARN
Failed to reach quorum of %2$d for %1$s service. No primary singleton provider will be elected.
WFLYCLSN0007
INFO
Just reached required quorum of %2$d for %1$s service. If this cluster loses another member, no node will be chosen to provide this service.
WFLYCLSN0008
java.lang.IllegalArgumentException
Detected multiple primary providers for %s service: %s
WFLYCLSN0009
java.lang.IllegalStateException
Singleton service %s is not started.
WFLYCLSN0010
WARN
No node was elected as the singleton provider of the %s service
WFLYCLSN0011
java.lang.IllegalArgumentException
Specified quorum %d must be greater than zero
WFLYCLSNG
Code
Level
Return Type
Message
WFLYCLSNG0001
INFO
Singleton deployment detected. Deployment will reset using %s policy.
WFLYCLSV
Code
Level
Return Type
Message
WFLYCLSV0001
java.lang.IllegalArgumentException
A command dispatcher already exists for %s
WFLYCLSV0020
WARN
Failed to purge %s/%s registry of old registry entries for: %s
WFLYCLSV0021
WARN
Failed to notify %s/%s registry listener of %s(%s) event
WFLYCLSV0022
WARN
Failed to restore local %s/%s registry entry following network partititon merge
WFLYCLSV0030
WARN
Failed to notify %s/%s service provider registration listener of new providers: %s
WFLYCLWEB
Code
Level
Return Type
Message
WFLYCLWEB0001
java.lang.IllegalStateException
Session %s is not valid
WFLYCLWEBHR
Code
Level
Return Type
Message
WFLYCLWEBHR0001
WARN
Failed to expire session %s
WFLYCLWEBHR0007
WARN
Failed to activate attributes of session %s
WFLYCLWEBHR0008
WARN
Failed to activate attribute %2$s of session %1$s
WFLYCLWEBHR0009
java.lang.IllegalStateException
Failed to read attribute %2$s of session %1$s
WFLYCLWEBHR0010
WARN
Failed to activate authentication for single sign on %s
WFLYCLWEBHR0011
WARN
Session %s is missing cache entry for attribute %s
WFLYCLWEBINF
Code
Level
Return Type
Message
WFLYCLWEBINF0001
WARN
Failed to passivate attributes of session %s
WFLYCLWEBINF0002
WARN
Failed to passivate attribute %2$s of session %1$s
WFLYCLWEBINF0003
java.lang.IllegalStateException
Session %s is not valid
WFLYCLWEBINF0004
WARN
Failed to expire session %s
WFLYCLWEBINF0005
DEBUG
Failed to cancel expiration/passivation of session %s on primary owner.
WFLYCLWEBINF0006
DEBUG
Failed to schedule expiration/passivation of session %s on primary owner.
WFLYCLWEBINF0007
WARN
Failed to activate attributes of session %s
WFLYCLWEBINF0008
WARN
Failed to activate attribute %2$s of session %1$s
WFLYCLWEBINF0009
java.lang.IllegalStateException
Failed to read attribute %2$s of session %1$s
WFLYCLWEBINF0010
WARN
Failed to activate authentication for single sign on %s
WFLYCLWEBINF0011
WARN
Session %s is missing cache entry for attribute %s
WFLYCLWEBINF0012
WARN
Disabling eviction for cache '%s'. Web session passivation should be configured via in jboss-web.xml.
WFLYCLWEBINF0013
WARN
Disabling expiration for cache '%s'. Web session expiration should be configured per §7.5 of the servlet specification.
WFLYCLWEBUT
Code
Level
Return Type
Message
WFLYCLWEBUT0001
java.lang.IllegalStateException
Session %s is invalid
WFLYCLWEBUT0002
java.lang.IllegalStateException
Session %s already exists
WFLYCLWEBUT0003
java.lang.IllegalStateException
Session manager was stopped
WFLYCLWEBUT0004
WARN
Legacy overriding attached distributable session management provider for %s
WFLYCLWEBUT0005
WARN
No distributable session management provider found for %s; using legacy provider based on
WFLYCLWEBUT0007
WARN
No routing provider found for %s; using legacy provider based on static configuration
WFLYCLWEBUT0008
WARN
No distributable single sign-on management provider found for %s; using legacy provider based on static configuration
WFLYCLWEBUT0009
java.lang.IllegalStateException
Invalidation attempted for session %s after the response was committed (e.g. after HttpServletResponse.sendRedirect or sendError)
WFLYCM
Code
Level
Return Type
Message
WFLYCM0002
java.lang.String
Error initializing the process state listener %s
WFLYCM0003
ERROR
Error invoking the process state listener %s
WFLYCM0004
ERROR
The process state listener %s took to much time to complete.
WFLYCM0005
ERROR
Error cleaning up for the process state listener %s
WFLYCM0006
org.jboss.as.controller.OperationFailedException
Error to load module %s
WFLYCM0007
org.jboss.as.controller.OperationFailedException
Error to load class %s from module %s
WFLYCM0008
org.jboss.as.controller.OperationFailedException
Error to instantiate instance of class %s from module %s
WFLYCNT
Code
Level
Return Type
Message
WFLYCNT0001
org.jboss.as.controller.OperationFailedException
Invalid hash '%s' for content at address %s; current hash is '%s' -- perhaps the content has been updated by another caller?
WFLYCNT0002
java.lang.IllegalStateException
Cannot obtain Message Digest algorithm SHA-1
WFLYCNT0003
java.lang.IllegalArgumentException
Illegal child type %s -- must be %s
WFLYCNT0004
java.lang.IllegalArgumentException
Illegal child resource class %s
WFLYCNT0005
java.lang.IllegalStateException
No content found with hash %s
WFLYCNT0006
java.lang.IllegalStateException
null parent
WFLYCONF
Code
Level
Return Type
Message
WFLYCONF0001
INFO
Activating MicroProfile Config Subsystem
WFLYCONF0002
org.jboss.as.controller.OperationFailedException
Unable to load class %s from module %s
WFLYCONF0003
DEBUG
Use directory for MicroProfile Config Source: %s
WFLYCONF0004
DEBUG
Use class for MicroProfile Config Source: %s
WFLYCONF0009
DEBUG
Use directory for MicroProfile Config Source Root: %s
WFLYCONF0010
INFO
The MicroProfile Config Source root directory '%s' contains the following directories which will be used as MicroProfile Config Sources: %s
capability '%s' requires it for attribute '%s' at address '%s'
WFLYCTL0000
java.lang.String
%s
WFLYCTL0000
java.lang.String
%s in context '%s'
WFLYCTL0000
java.lang.String
; Possible registration points for this capability: %s
WFLYCTL0000
java.lang.String
; There are no known registration points which can provide this capability.
WFLYCTL0000
java.lang.String
; This unresolvable capability likely is due to the use of an expression string in a configuration attribute that does not support expressions.
WFLYCTL0000
java.lang.String
Couldn't convert %s to %s
WFLYCTL0000
java.lang.String
While constructing a mapping; %s; expected a mapping for merging, but found %s
WFLYCTL0000
java.lang.String
The yaml configuration files for customizing the configuration. Paths can be absolute, relative to the current execution directory or relative to the standalone configuration directory.
WFLYCTL0001
WARN
Cannot resolve address %s, so cannot match it to any InetAddress
WFLYCTL0002
ERROR
Error booting the container
WFLYCTL0003
ERROR
Error booting the container due to insufficient stack space for the thread used to execute boot operations. The thread was configured with a stack size of [%1$d]. Setting system property %2$s to a value higher than [%1$d] may resolve this problem.
WFLYCTL0004
ERROR
%s caught exception attempting to revert operation %s at address %s
WFLYCTL0005
ERROR
Failed executing operation %s at address %s
WFLYCTL0006
ERROR
Failed executing subsystem %s boot operations
WFLYCTL0007
ERROR
Failed to close resource %s
WFLYCTL0008
ERROR
Failed to persist configuration change
WFLYCTL0009
ERROR
Failed to store configuration to %s
WFLYCTL0010
ERROR
Invalid value %s for system property %s -- using default value [%d]
WFLYCTL0011
WARN
Address %1$s is a wildcard address, which will not match against any specific address. Do not use the '%2$s' configuration element to specify that an interface should use a wildcard address; use '%3$s'
WFLYCTL0013
ERROR
Operation (%s) failed - address: (%s)
WFLYCTL0015
WARN
Wildcard address detected - will ignore other interface criteria.
WFLYCTL0016
ERROR
Received no final outcome response for operation %s with address %s from remote process at address %s. The result of this operation will only include the remote process' preliminary response to the request.
Graceful shutdown of the handler used for native management requests did not complete within [%d] ms but shutdown of the underlying communication channel is proceeding
WFLYCTL0020
WARN
Graceful shutdown of the handler used for native management requests failed but shutdown of the underlying communication channel is proceeding
WFLYCTL0021
WARN
Invalid value '%s' for system property '%s' -- value must be convertible into an int
WFLYCTL0022
WARN
Multiple addresses or network interfaces matched the selection criteria for interface '%s'. Matching addresses: %s. Matching network interfaces: %s. The interface will use address %s and network interface %s.
WFLYCTL0023
WARN
Value '%s' for interface selection criteria 'inet-address' is ambiguous, as more than one address or network interface available on the machine matches it. Because of this ambiguity, no address will be selected as a match. Matching addresses: %s. Matching network interfaces: %s.
WFLYCTL0024
ERROR
Could not read target definition!
WFLYCTL0027
ERROR
Operation was interrupted before service container stability could be reached. Process should be restarted. Step that first updated the service container was '%s' at address '%s'
WFLYCTL0028
INFO
Attribute '%s' in the resource at address '%s' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
WFLYCTL0029
WARN
Cannot delete temp file %s, will be deleted on exit
WFLYCTL0030
java.lang.String
No resource definition is registered for address %s
WFLYCTL0031
java.lang.String
No operation named '%s' exists at address %s
WFLYCTL0032
WARN
There were problems during the transformation process for target host: '%s' %nProblems found: %n%s
WFLYCTL0033
INFO
Extension '%s' is deprecated and may not be supported in future versions
WFLYCTL0034
INFO
Subsystems %s provided by legacy extension '%s' are not supported on servers running this version. The extension is only supported for use by hosts running a previous release in a mixed-version managed domain. On this server the extension will not register any subsystems, and future attempts to create or address subsystem resources on this server will result in failure.
WFLYCTL0035
ERROR
Update of the management operation audit log failed
Could not load configuration file: %s. The configuration file argument must specify the path to a file located in the configuration directory. The path must be a relative path, and must be relative to the configuration directory %s.
WFLYCTL0215
java.lang.IllegalStateException
Could not load configuration file: %s. The configuration file argument must specify one of the following: 1) an absolute path to an existing file; 2) a relative path to an existing file, relative to the current working directory; or 3) a relative path to a file located in the configuration directory. In the latter case, it must be a path relative to the configuration directory %s.
Operation '%s' targeted at resource '%s' was directly invoked by a user. User operations are not permitted to directly update the persistent configuration of a server in a managed domain.
WFLYCTL0250
java.lang.IllegalStateException
An operation handler attempted to access the operation response server results object on a process type other than '%s'. The current process type is '%s'
WFLYCTL0251
java.lang.String
Can't have both loopback and inet-address criteria
WFLYCTL0253
java.lang.String
Can't have same criteria for both not and inclusion %s
WFLYCTL0254
org.jboss.as.controller.OperationFailedException
Invalid value '%s' for attribute '%s' -- no interface configuration with that name exists
WFLYCTL0256
java.lang.IllegalArgumentException
Could not find a path called '%s'
WFLYCTL0257
java.lang.IllegalArgumentException
Path entry is read-only: '%s'
WFLYCTL0258
java.lang.IllegalArgumentException
There is already a path entry called: '%s'
WFLYCTL0260
java.lang.IllegalArgumentException
Invalid relativePath value '%s'
WFLYCTL0261
java.lang.IllegalArgumentException
'%s' is a Windows absolute path
WFLYCTL0262
org.jboss.as.controller.OperationFailedException
Path '%s' is read-only; it cannot be removed
WFLYCTL0263
org.jboss.as.controller.OperationFailedException
Path '%s' is read-only; it cannot be modified
WFLYCTL0264
org.jboss.as.controller.OperationFailedException
%s may not be ModelType.EXPRESSION
WFLYCTL0265
java.lang.IllegalStateException
PathManager not available on processes of type '%s'
WFLYCTL0266
org.jboss.as.controller.OperationFailedException
Value %s for attribute %s is not a valid multicast address
WFLYCTL0267
org.jboss.as.controller.OperationFailedException
Path '%s' cannot be removed, since the following paths depend on it: %s
No operation called '%s' found for alias address '%s' which maps to '%s'
WFLYCTL0281
java.lang.IllegalStateException
Resource registration is not an alias
WFLYCTL0282
java.lang.RuntimeException
Model contains fields that are not known in definition, fields: %s, path: %s
WFLYCTL0283
java.lang.UnsupportedOperationException
Could not marshal attribute as element: %s
WFLYCTL0284
java.lang.UnsupportedOperationException
Could not marshal attribute as attribute: %s
WFLYCTL0285
java.lang.String
Operation %s invoked against multiple target addresses failed at address %s with failure description %s
WFLYCTL0286
java.lang.String
Operation %s invoked against multiple target addresses failed at address %s. See the operation result for details.
WFLYCTL0287
java.lang.String
Operation %s invoked against multiple target addresses failed at addresses %s. See the operation result for details.
WFLYCTL0288
java.lang.String
One or more services were unable to start due to one or more indirect dependencies not being available.
WFLYCTL0289
java.lang.String
No operation entry called '%s' registered at '%s'
WFLYCTL0290
java.lang.String
No operation handler called '%s' registered at '%s'
WFLYCTL0291
java.lang.IllegalStateException
There is no registered path to resolve with path attribute '%s' and/or relative-to attribute '%s on: %s
WFLYCTL0292
java.lang.String
Attributes do not support expressions in the target model version and this resource will need to be ignored on the target host.
WFLYCTL0293
java.lang.String
Attributes are not understood in the target model version and this resource will need to be ignored on the target host.
WFLYCTL0294
java.lang.String
Transforming resource %s to core model version '%s' -- %s %s
WFLYCTL0295
java.lang.String
Transforming operation %s at resource %s to core model version '%s' -- %s %s
WFLYCTL0296
java.lang.String
Transforming resource %s to subsystem '%s' model version '%s' -- %s %s
WFLYCTL0297
java.lang.String
Transforming operation %s at resource %s to subsystem '%s' model version '%s' -- %s %s
WFLYCTL0298
org.jboss.as.controller.OperationFailedException
Node contains an unresolved expression %s -- a resolved model is required
WFLYCTL0299
org.jboss.as.controller.OperationFailedException
Transforming resource %s for host controller '%s' to core model version '%s' -- there were problems with some of the attributes and this resource will need to be ignored on that host. Details of the problems: %s
WFLYCTL0300
org.jboss.as.controller.OperationFailedException
Transforming resource %s for host controller '%s' to subsystem '%s' model version '%s' --there were problems with some of the attributes and this resource will need to be ignored on that host. Details of problems: %s
WFLYCTL0301
java.lang.String
The following attributes do not support expressions: %s
WFLYCTL0302
java.lang.String
The following attributes are not understood in the target model version and this resource will need to be ignored on the target host: %s
WFLYCTL0303
java.lang.String
Resource %s is rejected on the target host, and will need to be ignored on the host
WFLYCTL0304
java.lang.String
Operation %2$s at %1s is rejected on the target host and will need to be ignored on the host
WFLYCTL0305
javax.xml.stream.XMLStreamException
Unless the Host Controller is started with command line option %s and the %s attribute is not set to %s, %s must be declared or the %s and the %s need to be provided.
WFLYCTL0306
java.lang.IllegalStateException
read only context
WFLYCTL0307
java.lang.String
We are trying to read data from the domain controller, which is currently busy executing another set of operations. This is a temporary situation, please retry
WFLYCTL0309
java.lang.String
Legacy extension '%s' is not supported on servers running this version. The extension is only supported for use by hosts running a previous release in a mixed-version managed domain
Can only create child audit logger for main audit logger
WFLYCTL0332
java.lang.String
Permission denied
WFLYCTL0333
java.lang.SecurityException
Cannot add a Permission to a readonly PermissionCollection
WFLYCTL0334
java.lang.IllegalArgumentException
Incompatible permission type %s
WFLYCTL0335
java.lang.String
Management resource '%s' not found
WFLYCTL0336
java.lang.String
The following attributes are nillable in the current model but must be defined in the target model version: %s
WFLYCTL0337
java.io.IOException
Unsupported Identity type '%X' received.
WFLYCTL0338
java.io.IOException
Unsupported Identity parameter '%X' received parsing identity type '%X'.
WFLYCTL0339
java.lang.String
The following attributes must be defined as %s in the current model: %s
WFLYCTL0340
java.lang.String
The following attributes must NOT be defined as %s in the current model: %s
WFLYCTL0341
org.jboss.as.controller.OperationFailedException
A uri with bad syntax '%s' was passed for validation.
WFLYCTL0342
org.jboss.as.controller.OperationFailedException
Illegal value %d for operation header %s; value must be greater than zero
WFLYCTL0343
java.lang.String
The service container has been destabilized by a previous operation and further runtime updates cannot be processed. Restart is required.
WFLYCTL0344
java.lang.String
Operation timed out awaiting service container stability
WFLYCTL0345
java.lang.IllegalStateException
Timeout after %d seconds waiting for existing service %s to be removed so a new instance can be installed.
WFLYCTL0346
ERROR
Invalid value %s for property %s; must be a numeric value greater than zero. Default value of %d will be used.
WFLYCTL0347
DEBUG
Timeout after [%d] seconds waiting for initial service container stability before allowing runtime changes for operation '%s' at address '%s'. Operation will roll back; process restart is required.
WFLYCTL0348
ERROR
Timeout after [%d] seconds waiting for service container stability. Operation will roll back. Step that first updated the service container was '%s' at address '%s'
WFLYCTL0349
ERROR
Timeout after [%d] seconds waiting for service container stability while finalizing an operation. Process must be restarted. Step that first updated the service container was '%s' at address '%s'
WFLYCTL0350
INFO
Execution of operation '%s' on remote process at address '%s' interrupted while awaiting initial response; remote process has been notified to cancel operation
WFLYCTL0351
INFO
Execution of operation '%s' on remote process at address '%s' interrupted while awaiting final response; remote process has been notified to terminate operation
WFLYCTL0352
INFO
Cancelling operation '%s' with id '%d' running on thread '%s'
WFLYCTL0353
java.io.IOException
No response handler for request %s
WFLYCTL0354
INFO
Attempting reconnect to syslog handler '%s; after timeout of %d seconds
WFLYCTL0355
INFO
Reconnecting to syslog handler '%s failed
WFLYCTL0356
WARN
Failed to emit notification %s
WFLYCTL0357
java.lang.String
Notification of type %s is not described for the resource at the address %s
WFLYCTL0358
java.lang.String
The resource was added at the address %s.
WFLYCTL0359
java.lang.String
The resource was removed at the address %s.
WFLYCTL0360
java.lang.String
The attribute %s value has been changed from %s to %s.
WFLYCTL0361
java.lang.IllegalStateException
Capabilities cannot be queried in stage '%s'; they are not available until stage '%s'.
WFLYCTL0362
java.lang.String
Capabilities required by resource '%s' are not available:
WFLYCTL0363
java.lang.IllegalStateException
Capability '%s' is already registered in context '%s'.
WFLYCTL0364
java.lang.IllegalStateException
Capability '%s' is unknown.
WFLYCTL0365
java.lang.IllegalStateException
Capability '%s' is unknown in context '%s'.
WFLYCTL0366
java.lang.IllegalArgumentException
Capability '%s' does not expose a runtime API.
WFLYCTL0367
java.lang.String
Cannot remove capability '%s' as it is required by other capabilities:
WFLYCTL0368
java.lang.String
Cannot remove capability '%s' from context '%s' as it is required by other capabilities:
Unexpected element '%s' encountered. Valid elements are: '%s'
WFLYCTL0378
org.jboss.as.controller.OperationFailedException
Attribute '%s' is not of type '%s', it is type '%s'
WFLYCTL0379
java.lang.String
System boot is in process; execution of remote management operations is not currently available
WFLYCTL0380
org.jboss.as.controller.OperationFailedException
Attribute '%s' needs to be set or passed before attribute '%s' can be correctly set
WFLYCTL0381
java.lang.IllegalArgumentException
Illegal permission name '%s'
WFLYCTL0382
java.lang.IllegalArgumentException
Illegal permission actions '%s'
WFLYCTL0383
java.lang.String
No operation is defined %s
WFLYCTL0385
java.lang.IllegalStateException
An attempt was made to register the non-host capable subsystem '%s' from extension module '%s' in the host model.
WFLYCTL0386
org.jboss.as.controller.OperationFailedException
The host controller info can only be accessed after the model stage on boot
WFLYCTL0387
java.lang.IllegalArgumentException
Illegal path address '%s' , it is not in a correct CLI format
WFLYCTL0388
java.lang.IllegalStateException
Could not create empty configuration file %s
WFLYCTL0389
java.lang.IllegalStateException
Could not create an empty configuration at file %s as there is an existing non-empty configuration there
WFLYCTL0391
org.jboss.as.controller.OperationFailedException
Could not resolve attribute expression: '%s', invalid index '%d'
WFLYCTL0392
org.jboss.as.controller.OperationFailedException
Could not resolve attribute expression: '%s', type is not a list
WFLYCTL0393
org.jboss.as.controller.OperationFailedException
Could not resolve attribute expression: '%s'
WFLYCTL0394
java.lang.IllegalArgumentException
Capability '%s' does not provide services of type '%s'
WFLYCTL0395
INFO
Operation %s against the resource at address %s is deprecated, and it might be removed in future version. See the the output of the read-operation-description operation to learn more about the deprecation.
WFLYCTL0396
java.lang.String
Resource %s is discarded on the target host %s
WFLYCTL0397
java.lang.IllegalStateException
Indexed child resources can only be registered if the parent resource supports ordered children. The parent of '%s' is not indexed
An attempt was made to rename the resource found at %s to %s. However, '%s' is one of the resource types defined to be ordered on the parent resource %s
WFLYCTL0399
java.lang.String
The capability '%s' required by capability '%s' in context '%s' is available in one or more socket binding groups, but not all socket binding capabilities required by '%s' can be resolved from a single socket binding group, so this configuration is invalid
WFLYCTL0400
ERROR
Capability '%s' in context '%s' associated with resource '%s' requires capability '%s'. It is available in one or more socket binding groups, but not all socket binding capabilities required by '%s' can be resolved from a single socket binding group, so this configuration is invalid
WFLYCTL0401
java.lang.RuntimeException
Couldn't build the report
WFLYCTL0402
ERROR
Subsystems %s provided by legacy extension '%s' are not supported on servers running this version. Both the subsystem and the extension must be removed or migrated before the server will function.
WFLYCTL0403
ERROR
Unexpected failure during execution of the following operation(s): %s
WFLYCTL0404
java.lang.String
Unexpected exception during execution: %s
WFLYCTL0405
WARN
Couldn't find a transformer to %s, falling back to %s
WFLYCTL0406
org.jboss.as.controller.OperationFailedException
Could not convert the attribute '%s' to a %s
WFLYCTL0407
ERROR
Failed sending completed response %s for %d
WFLYCTL0408
ERROR
Failed sending failure response %s for %d
WFLYCTL0409
java.lang.String
Execution of operation '%s' on remote process at address '%s' timed out after %d ms while awaiting initial response; remote process has been notified to terminate operation
WFLYCTL0410
INFO
Execution of operation '%s' on remote process at address '%s' timed out after %d ms while awaiting final response; remote process has been notified to terminate operation
WFLYCTL0411
WARN
Failed to parse element '%s', ignoring ...
WFLYCTL0412
java.lang.String
Required services that are not installed:
WFLYCTL0413
org.jboss.as.controller.OperationFailedException
The deprecated parameter %s has been set in addition to the current parameter %s but with different values
WFLYCTL0414
WARN
Could not create a timestamped backup of current history dir %s, so it may still include versions from the previous boot.
WFLYCTL0415
java.lang.String
Modification of the runtime service container by a management operation has begun
WFLYCTL0416
java.lang.String
Modification of the runtime service container by a management operation has completed
WFLYCTL0417
org.jboss.as.controller.OperationFailedException
Cannot add more than one jvm. Add of '%s' attempted, but '%s' already exists
Cannot register capability '%s' at location '%s' as it is already registered in context '%s' at location(s) '%s'
WFLYCTL0437
javax.xml.stream.XMLStreamException
Duplicate extension: an %s element with %s attribute value '%s' has already been parsed
WFLYCTL0438
java.lang.String
Couldn't convert '%s' into proper warning level, threshold falling back to 'ALL'. Possible values: SEVERE,WARNING,INFO,CONFIG,FINE,FINER,FINEST,ALL,OFF
WFLYCTL0439
org.jboss.as.controller.OperationFailedException
Value %s for attribute %s is not a valid subnet format
WFLYCTL0440
WARN
Cannot delete file or directory %s
WFLYCTL0441
java.lang.String
Operation has resulted in failed or missing services %n
WFLYCTL0442
WARN
Error stopping server
WFLYCTL0443
WARN
Error getting the password from the supplier %s
WFLYCTL0444
INFO
The handler for operation '%s' at address '%s' attempted to add a stage %s step. This is not valid for a 'profile' resource on process type %s so this step will not be executed.
WFLYCTL0445
org.jboss.as.controller.OperationFailedException
%s with value '%s' in attribute %s is already defined
WFLYCTL0446
org.jboss.as.controller.OperationFailedException
%s or alternative(s) %s is required
WFLYCTL0447
WARN
Attribute '%s' in the resource at address '%s' has been configured with an expression, but support for use of expressions in this attribute's value may be removed in a future version. This attribute configures whether a capability that can be required by other parts of the configuration is present or itself configures a requirement for a capability provided by another part of the configuration. Full support for this kind of configuration cannot be provided when an expression is used.
WFLYCTL0448
java.lang.String
%s additional services are down due to their dependencies being missing or failed
WFLYCTL0449
java.lang.String
Operation %s against the resource at address %s is deprecated, and it might be removed in future version. See the the output of the read-operation-description operation to learn more about the deprecation.
System property "%s" is already set in the section of the configuration file. The value set in the command line will be overridden by that value.
WFLYCTL0457
org.jboss.as.controller.OperationFailedException
Invalid HTTP Header name '%s'
WFLYCTL0458
org.jboss.as.controller.OperationFailedException
Disallowed HTTP Header name '%s'
WFLYCTL0459
ERROR
Triggering roll back due to missing management services.
WFLYCTL0460
java.lang.IllegalStateException
The system property '%s' can only be used with a standalone or embedded server
WFLYCTL0461
java.lang.IllegalStateException
The system property '%s' can only be used with an admin-only server
WFLYCTL0462
java.lang.IllegalStateException
Could not find the directory '%s' specified by the system property '%s'. Please make sure it exists
WFLYCTL0463
java.lang.IllegalStateException
More than one instance of AdditionalBootCliScriptInvoker found. Have: '%s'; found: '%s
WFLYCTL0464
java.lang.IllegalStateException
If using %s=true, when you use -D%s you need to set -D%s
WFLYCTL0465
INFO
Initialised the additional boot CLI script functionality. The CLI commands will be read from %s. The server will remain running in admin-only mode after these have been executed, and the result of the cli operations will be written to %s
WFLYCTL0466
INFO
Initialised the additional boot CLI script functionality. The CLI commands will be read from %s. The server will be rebooted to normal mode after these have been executed
WFLYCTL0467
INFO
Running the additional commands from the CLI script %s against the server which is running in admin-only mode
WFLYCTL0468
INFO
Completed running the commands from the CLI script
WFLYCTL0469
INFO
Restarting the server since the additional commands from the CLI script requires a restart. This will record that the restart has been initiated in the marker file %s since the restart mechanism will preserve all properties pertaining to the additional boot CLI script functionality (%s, %s, %s). The restart maintains the admin-only running mode, so a subsequent reload will happen
WFLYCTL0470
INFO
Reloading the server to normal mode after execution of the additional commands from the CLI script. This will clear the properties triggering the additional boot cli script functionality if they were set (%s, %s, %s), and delete the marker file indicating the server was restarted
WFLYCTL0471
INFO
Reloading the server to normal mode after restart follwoing execution of the additional commands from the CLI script. This will clear the properties triggering the additional boot cli script functionality if they were set (%s, %s, %s)
WFLYCTL0472
INFO
Checking for presence of marker file indicating that the server has been restarted following execution of the additional commands from the CLI script
WFLYCTL0473
INFO
Marker file indicating that the server has been restarted following execution of the additional commands from the CLI script found at %s
WFLYCTL0474
INFO
No marker file found indicating that the server has been restarted following execution of the additional commands from the CLI script
WFLYCTL0475
org.jboss.as.controller.OperationFailedException
Value for attribute '%s' is invalid.
WFLYCTL0476
org.jboss.as.controller.OperationFailedException
Value for attribute '%s' is invalid: either '%s' must be specified on its own or '%s' needs to be specified with at least one of '%s' or '%s'
WFLYCTL0477
java.lang.IllegalArgumentException
Parameter name '%s' is invalid.
WFLYCTL0478
org.jboss.as.controller.OperationFailedException
Unable to create command based CredentialSource for credential reference.
WFLYCTL0479
java.lang.String
Attribute '%s' at resource '%s' with unresolved value '%s' cannot be resolved using the non-security-sensitive sources resolution supported by the 'resolve' parameter. Response will report the unresolved value.
WFLYCTL0480
java.lang.String
Expression '%s' cannot be resolved using the non-security-sensitive sources resolution supported by the '%s' operation. Response will report the unresolved value.
WFLYCTL0481
WARN
The runtime dependency package '%s' is already registered at location '%s'
WFLYCTL0482
org.jboss.as.controller.OperationFailedException
Value '%s' is not a legal charset name
WFLYCTL0483
org.jboss.as.controller.OperationFailedException
Charset '%s' is not supported in this instance of the Java Virtual Machine
WFLYCTL0484
java.lang.IllegalArgumentException
Attribute definition of attribute '%s' is null
WFLYCTL0485
java.lang.IllegalArgumentException
Error parsing yaml file %s
WFLYCTL0486
java.lang.IllegalArgumentException
Missing yaml file %s
WFLYCTL0487
DEBUG
It took %s ms to load and parse the yaml files
WFLYCTL0488
WARN
No registration found for address %s - Ignoring the subtree
WFLYCTL0489
java.lang.IllegalArgumentException
Can't undefine attribute %s since there is no resource at %s
WFLYCTL0490
WARN
You have defined a resource for address %s without any attributes, doing nothing
WFLYCTL0491
WARN
We have an unexpected value %s for address %s and name %s
WFLYCTL0492
WARN
Couldn't find a resource registration for address %s with current registration %s
WFLYCTL0493
java.lang.UnsupportedOperationException
The attribute %s hasn't a valueType properly defined.
Resolution of extension expression '%s' is not allowed at this point.
WFLYCTL0495
INFO
"fetch-from-master" is a deprecated value for "domain-controller.remote.admin-only-policy", "fetch-from-domain-controller" will be used instead.
WFLYCTL0496
WARN
Thread dump: ******************************************************************************* {0} =============================================================================== End Thread dump *******************************************************************************
WFLYCTL0497
WARN
Deadlock detected! ******************************************************************************* {0} =============================================================================== End Deadlock *******************************************************************************
WFLYCTL0498
WARN
Exception thrown during generation of thread dump
WFLYCTL0499
java.lang.IllegalStateException
There is no satisfactory capability '%s' available to resources with capability scope '%s'. This capability is registered at address(es) '%s', and are not accessible to resources with scope '%s'.
WFLYCTL0500
WARN
There is no UUID string at '%s'. A new value will be generated.
WFLYCTL0501
WARN
An invalid UUID string '%s' was found at '%s'. A new value will be generated.
WFLYCTL0502
java.lang.IllegalArgumentException
No child resource called %s could be found at address %s'.
Failed to publish configuration, because the remote name %s is not valid.
WFLYDC
Code
Level
Return Type
Message
WFLYDC0001
WARN
Ignoring 'include' child of 'socket-binding-group' %s
WFLYDC0002
WARN
Ignoring 'include' child of 'profile' %s
WFLYDC0003
INFO
Interrupted awaiting final response from server %s on host %s; remote process has been notified to cancel operation
WFLYDC0004
WARN
Caught exception awaiting final response from server %s on host %s
WFLYDC0005
INFO
Interrupted awaiting final response from host %s; remote process has been notified to cancel operation
WFLYDC0006
WARN
Caught exception awaiting final response from host %s
WFLYDC0007
WARN
Caught exception closing input stream
WFLYDC0008
INFO
Domain model has changed on re-connect. The following servers will need to be restarted for changes to take affect: %s
WFLYDC0009
ERROR
%s caught %s waiting for task %s. Cancelling task
WFLYDC0011
ERROR
No deployment content with hash %s is available in the deployment content repository for deployment %s. Because this Host Controller is booting in ADMIN-ONLY mode, boot will be allowed to proceed to provide administrators an opportunity to correct this problem. If this Host Controller were not in ADMIN-ONLY mode this would be a fatal boot failure.
WFLYDC0012
WARN
failed to set server (%s) into a restart required state
WFLYDC0013
java.lang.String
Registration of remote hosts is not supported on secondary host controllers
WFLYDC0014
java.lang.String
The primary host controller cannot register secondary host controllers as its current running mode is '%s'
WFLYDC0015
java.lang.String
There is already a registered host named '%s'
WFLYDC0016
java.lang.String
%s is missing %s: %s
WFLYDC0017
java.lang.String
%s recognizes only %s as children: %s
WFLYDC0018
java.lang.String
in-series is missing groups: %s
WFLYDC0019
java.lang.String
server-group expects one and only one child: %s
WFLYDC0020
java.lang.String
One of the groups does not define neither server-group nor concurrent-groups: %s
WFLYDC0021
java.lang.String
Unexplained failure
WFLYDC0022
java.lang.String
Operation failed or was rolled back on all servers.
WFLYDC0023
java.lang.String
Interrupted waiting for result from server %s
WFLYDC0024
java.lang.String
Exception getting result from server %s: %s
WFLYDC0025
java.lang.String
Invalid rollout plan. %s is not a valid child of node %s
WFLYDC0026
java.lang.String
Invalid rollout plan. Plan operations affect server groups %s that are not reflected in the rollout plan
WFLYDC0027
java.lang.String
Invalid rollout plan. Server group %s appears more than once in the plan.
WFLYDC0028
java.lang.String
Invalid rollout plan. Server group %s has a %s value of %s; must be between 0 and 100.
WFLYDC0029
java.lang.String
Invalid rollout plan. Server group %s has a %s value of %s; cannot be less than 0.
WFLYDC0030
java.lang.String
Interrupted waiting for result from host %s
WFLYDC0032
java.lang.String
Operation %s for address %s can only be handled by the Domain Controller; this host is not the Domain Controller
WFLYDC0033
org.jboss.as.controller.OperationFailedException
Operation targets host %s but that host is not registered
WFLYDC0034
org.jboss.as.controller.OperationFailedException
Caught %s storing deployment content -- %s
WFLYDC0035
java.lang.IllegalStateException
Unexpected initial path key %s
WFLYDC0036
java.lang.String
Null stream at index %d
WFLYDC0037
java.lang.String
Invalid byte stream.
WFLYDC0038
java.lang.String
Invalid url stream.
WFLYDC0039
java.lang.String
Only 1 piece of content is currently supported (AS7-431)
WFLYDC0040
java.lang.String
No deployment content with hash %s is available in the deployment content repository.
WFLYDC0041
java.lang.String
A secondary Host Controller cannot accept deployment content uploads
WFLYDC0042
java.lang.String
No deployment with name %s found
WFLYDC0043
java.lang.String
Cannot remove deployment %s from the domain as it is still used by server groups %s
WFLYDC0044
java.lang.String
Invalid '%s' value: %d, the maximum index is %d
WFLYDC0045
java.lang.String
%s is not a valid URL -- %s
WFLYDC0046
java.lang.String
Error obtaining input stream from URL %s -- %s
WFLYDC0047
java.lang.String
Invalid content declaration
WFLYDC0049
java.lang.String
Cannot use %s with the same value for parameters %s and %s. Use %s to redeploy the same content or %s to replace content with a new version with the same name.
WFLYDC0050
java.lang.String
Deployment %s is already started
WFLYDC0051
java.lang.String
Unknown %s %s
WFLYDC0052
java.lang.IllegalStateException
Unknown server group %s
WFLYDC0053
java.lang.IllegalStateException
Unknown server %s
WFLYDC0054
java.lang.IllegalArgumentException
Invalid code %d
WFLYDC0055
java.lang.IllegalStateException
Repository does not contain any deployment with hash %s
WFLYDC0056
java.lang.IllegalStateException
Expected only one deployment, found %d
WFLYDC0057
org.jboss.as.controller.OperationFailedException
No profile called: %s
WFLYDC0058
java.lang.String
No deployment content with hash %s is available in the deployment content repository for deployment '%s'. This is a fatal boot error. To correct the problem, either restart with the --admin-only switch set and use the CLI to install the missing content or remove it from the configuration, or remove the deployment from the xml configuraiton file and restart.
WFLYDC0059
org.jboss.as.controller.OperationFailedException
Failed to load module '%s'.
WFLYDC0060
java.lang.String
Invalid Jakarta Server Faces slot value: '%s'. The host controller is not able to use a Jakarta Server Faces slot value different from its default. This resource will be ignored on that host
WFLYDC0061
java.lang.String
Operation '%s' fails because the attributes are not known from the subsytem '%s' model version '%s': %s
WFLYDC0062
org.jboss.as.controller.OperationFailedException
No socket-binding-group named: %s
WFLYDC0063
org.jboss.as.controller.OperationFailedException
There is already a deployment called %s with the same runtime name %s on server group %s
WFLYDC0064
org.jboss.as.controller.OperationFailedException
Cannot remove server-group '%s' since it's still in use by servers %s
WFLYDC0065
org.jboss.as.controller.OperationFailedException
Wildcard operations are not supported as part of composite operations
WFLYDC0066
java.lang.String
Failed to send message: %s
WFLYDC0067
java.lang.String
Failed to send response header: %s
WFLYDC0068
java.lang.String
Host registration task got interrupted
WFLYDC0069
java.lang.String
Host registration task failed: %s
WFLYDC0070
INFO
%s interrupted awaiting server prepared response(s) -- cancelling updates for servers %s
%s deployment has been re-deployed, its content will not be removed. You will need to restart it.
WFLYDC0074
java.lang.String
Operation failed or was rolled back on all servers. Server failures:
WFLYDC0075
org.jboss.as.controller.OperationFailedException
Cannot synchronize the model due to missing extensions: %s
WFLYDC0076
javax.xml.stream.XMLStreamException
Duplicate included profile '%s'
WFLYDC0077
javax.xml.stream.XMLStreamException
Duplicate included socket binding group '%s'
WFLYDC0078
java.lang.String
The profile clone operation is not available on the host '%s'. To be able to use it in a domain containing older secondary hosts which do not support the profile clone operation, you need to either: a) Make sure that all older secondary hosts with a model version smaller than 4.0.0 ignore the cloned profile and the profile specified in the 'to-profile' parameter. b) Reload the domain controller into admin-only mode, perform the clone, then reload the domain controller into normal mode again, and check whether the secondary hosts need reloading.
WFLYDC0079
INFO
Timed out after %d ms awaiting host prepared response(s) from hosts %s -- cancelling updates for hosts %s
WFLYDC0080
java.lang.String
Timed out after %d ms awaiting host prepared response(s) -- remote host %s has been notified to cancel operation
WFLYDC0081
INFO
Timed out after %d ms awaiting final response from host %s; remote process has been notified to cancel operation
WFLYDC0082
INFO
%s timed out after %d ms awaiting server prepared response(s) -- cancelling updates for servers %s
WFLYDC0083
INFO
Timed out after %d ms awaiting final response from server %s on host %s; remote process has been notified to cancel operation
WFLYDC0084
org.jboss.as.controller.OperationFailedException
Cannot explode a deployment in a self-contained server
WFLYDC0085
org.jboss.as.controller.OperationFailedException
Cannot explode an unmanaged deployment
WFLYDC0086
org.jboss.as.controller.OperationFailedException
Cannot explode an already exploded deployment
WFLYDC0087
org.jboss.as.controller.OperationFailedException
Cannot explode an already deployed deployment
WFLYDC0088
org.jboss.as.controller.OperationFailedException
Cannot add content to a deployment in a self-contained server
WFLYDC0089
org.jboss.as.controller.OperationFailedException
Cannot add content to an unmanaged deployment
WFLYDC0090
org.jboss.as.controller.OperationFailedException
Cannot add content to an unexploded deployment
WFLYDC0091
org.jboss.as.controller.OperationFailedException
Cannot remove content from a deployment in a self-contained server
WFLYDC0092
org.jboss.as.controller.OperationFailedException
Cannot remove content from an unmanaged deployment
WFLYDC0093
org.jboss.as.controller.OperationFailedException
Cannot remove content from an unexploded deployment
WFLYDC0094
org.jboss.as.controller.OperationFailedException
Cannot read content from a deployment in a self-contained server
WFLYDC0095
org.jboss.as.controller.OperationFailedException
Cannot read content from an unmanaged deployment
WFLYDC0096
org.jboss.as.controller.OperationFailedException
Cannot read content from an unexploded deployment
WFLYDC0097
org.jboss.as.controller.OperationFailedException
Cannot explode a subdeployment of an unexploded deployment
WFLYDC0098
org.jboss.as.controller.OperationFailedException
The following servers %s are starting; execution of remote management operations is not currently available
WFLYDM
Code
Level
Return Type
Message
WFLYDM0000
java.lang.String
Enter the details of the new user to add.
WFLYDM0000
java.lang.String
Realm (%s)
WFLYDM0000
java.lang.String
Username
WFLYDM0000
java.lang.String
Username (%s)
WFLYDM0000
java.lang.String
Password
WFLYDM0000
java.lang.String
Re-enter Password
WFLYDM0000
java.lang.String
About to add user '%s' for realm '%s'
WFLYDM0000
java.lang.String
Is this correct
WFLYDM0000
java.lang.String
The username '%s' is easy to guess
WFLYDM0000
java.lang.String
Are you sure you want to add user '%s' yes/no?
WFLYDM0000
java.lang.String
Added user '%s' to file '%s'
WFLYDM0000
java.lang.String
Error
WFLYDM0000
java.lang.String
yes/no?
WFLYDM0000
java.lang.String
What type of user do you wish to add? %n a) Management User (mgmt-users.properties) %n b) Application User (application-users.properties)
WFLYDM0000
java.lang.String
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)
WFLYDM0000
java.lang.String
Added user '%s' with groups %s to file '%s'
WFLYDM0000
java.lang.String
User '%s' already exists and is enabled, would you like to... %n a) Update the existing user password and roles %n b) Disable the existing user %n c) Type a new username
WFLYDM0000
java.lang.String
User '%s' already exists and is disabled, would you like to... %n a) Update the existing user password and roles %n b) Enable the existing user %n c) Type a new username
WFLYDM0000
java.lang.String
Updated user '%s' to file '%s'
WFLYDM0000
java.lang.String
Updated user '%s' with groups %s to file '%s'
WFLYDM0000
java.lang.String
The password must be different from the username
WFLYDM0000
java.lang.String
The password should be different from the username
WFLYDM0000
java.lang.String
The password must not be one of the following restricted values {%s}
WFLYDM0000
java.lang.String
The password should not be one of the following restricted values {%s}
WFLYDM0000
java.lang.String
%s characters
WFLYDM0000
java.lang.String
%d alphabetic character(s)
WFLYDM0000
java.lang.String
%d digit(s)
WFLYDM0000
java.lang.String
%s non-alphanumeric symbol(s)
WFLYDM0000
java.lang.String
The password must contain at least %s
WFLYDM0000
java.lang.String
The password should contain at least %s
WFLYDM0000
java.lang.String
Are you sure you want to use the password entered yes/no?
WFLYDM0000
java.lang.String
The add-user script is a utility for adding new users to the properties files for out-of-the-box authentication. It can be used to manage users in ManagementRealm and ApplicationRealm.
If set add an application user instead of a management user
WFLYDM0000
java.lang.String
Define the location of the domain config directory.
WFLYDM0000
java.lang.String
Define the location of the server config directory.
WFLYDM0000
java.lang.String
The file name of the user properties file which can be an absolute path.
WFLYDM0000
java.lang.String
The file name of the group properties file which can be an absolute path. (If group properties is specified then user properties MUST also be specified).
WFLYDM0000
java.lang.String
Password of the user, this will be checked against the password requirements defined within the add-user.properties configuration
WFLYDM0000
java.lang.String
Name of the user
WFLYDM0000
java.lang.String
Name of the realm used to secure the management interfaces (default is "ManagementRealm")
WFLYDM0000
java.lang.String
Activate the silent mode (no output to the console)
WFLYDM0000
java.lang.String
Comma-separated list of roles for the user.
WFLYDM0000
java.lang.String
Comma-separated list of groups for the user.
WFLYDM0000
java.lang.String
Enable the user
WFLYDM0000
java.lang.String
Disable the user
WFLYDM0000
java.lang.String
Automatically confirm warning in interactive mode
WFLYDM0000
java.lang.String
Display this message and exit
WFLYDM0000
java.lang.String
yes
WFLYDM0000
java.lang.String
y
WFLYDM0000
java.lang.String
no
WFLYDM0000
java.lang.String
n
WFLYDM0000
java.lang.String
The realm name supplied must match the name used by the server configuration which by default would be '%s'
WFLYDM0000
java.lang.String
Are you sure you want to set the realm to '%s'
WFLYDM0000
java.lang.String
Password requirements are listed below. To modify these restrictions edit the add-user.properties configuration file.
WFLYDM0000
java.lang.String
Password recommendations are listed below. To modify these restrictions edit the add-user.properties configuration file.
WFLYDM0000
java.lang.String
Using realm '%s' as specified on the command line.
WFLYDM0000
java.lang.String
Using realm '%s' as discovered from the existing property files.
WFLYDM0000
java.io.IOException
Users properties file '%s' contains multiple realm name declarations
WFLYDM0000
java.lang.IllegalStateException
The callback handler is not initialized for domain server %s.
WFLYDM0000
java.lang.IllegalStateException
Unable to obtain credential for server %s
WFLYDM0001
WARN
Properties file defined with default user and password, this will be easy to guess.
WFLYDM0017
org.jboss.msc.service.StartException
Unable to load properties
WFLYDM0020
javax.naming.NamingException
User '%s' not found in directory.
WFLYDM0021
java.lang.IllegalStateException
No java.io.Console available to interact with user.
WFLYDM0023
java.lang.String
No %s files found.
WFLYDM0024
java.lang.String
No Username entered, exiting.
WFLYDM0025
java.lang.String
No Password entered, exiting.
WFLYDM0026
java.lang.String
The passwords do not match.
WFLYDM0028
java.lang.String
Username must be alphanumeric with the exception of the following accepted symbols (%s)
WFLYDM0029
java.lang.String
Invalid response. (Valid responses are %s and %s)
WFLYDM0030
java.lang.String
Unable to add user to %s due to error %s
WFLYDM0031
java.lang.String
Unable to add load users from %s due to error %s
WFLYDM0033
org.jboss.as.controller.OperationFailedException
Configuration for security realm '%s' includes multiple username/password based authentication mechanisms (%s). Only one is allowed
WFLYDM0034
org.jboss.as.controller.OperationFailedException
One of '%s' or '%s' required.
WFLYDM0035
org.jboss.as.controller.OperationFailedException
Only one of '%s' or '%s' is required.
WFLYDM0037
java.lang.String
No security context has been established.
WFLYDM0039
java.lang.String
Invalid response. (Valid responses are A, a, B, or b)
WFLYDM0040
java.lang.String
Unable to update user to %s due to error %s
WFLYDM0041
java.io.IOException
The user '%s' is not allowed in a local authentication.
WFLYDM0042
org.jboss.msc.service.StartException
Multiple CallbackHandlerServices for the same mechanism (%s)
WFLYDM0043
java.lang.IllegalStateException
No CallbackHandler available for mechanism %s in realm %s
WFLYDM0044
java.lang.IllegalArgumentException
No plug in providers found for module name %s
WFLYDM0045
java.lang.IllegalArgumentException
Unable to load plug-in for module %s due to error (%s)
WFLYDM0046
java.lang.IllegalArgumentException
No authentication plug-in found for name %s
WFLYDM0047
java.lang.IllegalStateException
Unable to initialise plug-in %s due to error %s
WFLYDM0048
java.lang.String
Password is not strong enough, it is '%s'. It should be at least '%s'.
Password should have at least %d alphanumeric character.
WFLYDM0101
java.lang.String
Password should have at least %d digit.
WFLYDM0102
java.lang.String
Password should have at least %s non-alphanumeric symbol.
WFLYDM0103
org.jboss.as.controller.OperationFailedException
Invalid size %s
WFLYDM0104
org.jboss.as.controller.OperationFailedException
The suffix (%s) can not contain seconds or milliseconds.
WFLYDM0105
org.jboss.as.controller.OperationFailedException
The suffix (%s) is invalid. A suffix must be a valid date format.
WFLYDM0106
java.lang.String
File permissions problems found while attempting to update %s file.
WFLYDM0107
org.jboss.as.controller.OperationFailedException
Operation '%s' has been holding the operation execution write lock for longer than [%d] seconds, but it is part of the rollout of a domain-wide operation with domain-uuid '%s' that has other operations that are alsonot progressing. Their ids are: %s. Cancellation of the operation on the domain controller is recommended.
WFLYDM0108
java.lang.IllegalStateException
Unsupported resource '%s'
WFLYDM0109
org.jboss.msc.service.StartException
The Keytab file '%s' does not exist.
WFLYDM0110
javax.naming.NamingException
Unable to load a simple name for group '%s'
WFLYDM0111
WARN
Keystore %s not found, it will be auto-generated on first use with a self-signed certificate for host %s
WFLYDM0112
java.lang.RuntimeException
Failed to generate self-signed certificate
WFLYDM0113
WARN
Generated self-signed certificate at %s. Please note that self-signed certificates are not secure, and should only be used for testing purposes. Do not use this self-signed certificate in production.%nSHA-1 fingerprint of the generated key is %s%nSHA-256 fingerprint of the generated key is %s
WFLYDM0114
java.lang.RuntimeException
Failed to lazily initialize SSL context
WFLYDM0135
java.lang.String
The resource %s wasn't working properly and has been removed.
WFLYDM0139
java.security.GeneralSecurityException
No SubjectIdentity found for %s/%s.
WFLYDM0140
org.jboss.msc.service.StartException
You shouldn't use the system property "%s" as it is deprecated. Use the management model configuration instead.
WFLYDM0142
org.jboss.msc.service.StartException
Following mechanisms configured on the server (%s) are not supported by the realm '%s'.
WFLYDM0143
java.lang.IllegalStateException
Invalid sensitive classification attribute '%s'
WFLYDM0144
org.jboss.as.controller.OperationFailedException
Sensitivity constraint %s contains imcompatible attribute value to other sensitive classification constraints.
WFLYDM0145
javax.xml.stream.XMLStreamException
Security realms are no longer supported, please remove them from the configuration.
WFLYDM0146
javax.xml.stream.XMLStreamException
Outbound connections are no longer supported, please remove them from the configuration.
Unable to load console module for slot %s, disabling console
WFLYDMHTTP0004
ERROR
Unable to load error context for slot %s, disabling error context.
WFLYDMHTTP0005
java.lang.IllegalArgumentException
Invalid operation '%s'
WFLYDMHTTP0006
java.lang.String
The security realm is not ready to process requests, see %s
WFLYDMHTTP0007
org.jboss.modules.ModuleNotFoundException
No console module available with module name %s
WFLYDMHTTP0010
java.lang.IllegalArgumentException
Invalid Credential Type '%s'
WFLYDMHTTP0011
INFO
Management interface is using different addresses for HTTP (%s) and HTTPS (%s). Redirection of HTTPS requests from HTTP socket to HTTPS socket will not be supported.
WFLYDMHTTP0012
java.lang.IllegalArgumentException
A secure socket has been defined for the HTTP interface, however the referenced security realm is not supplying a SSLContext.
WFLYDMHTTP0013
java.lang.String
Invalid useStreamIndex value '%d'. The operation response had %d streams attached.
WFLYDMHTTP0014
java.lang.IllegalStateException
The ManagementHttpServer has already been built using this Builder.
WFLYDMHTTP0015
java.lang.IllegalStateException
No SecurityRealm or SSLContext has been provided.
WFLYDMHTTP0016
java.lang.String
Your Application Server is running. However you have not yet added any users to be able to access the HTTP management interface. To add a new user execute the %s script within the bin folder of your WildFly installation and enter the requested information. By default the realm name used by WildFly is 'ManagementRealm' and this is already selected by default by the add-user tool.
WFLYDR
Code
Level
Return Type
Message
WFLYDR0001
INFO
Content added at location %s
WFLYDR0002
INFO
Content removed from location %s
WFLYDR0003
WARN
Cannot delete temp file %s, will be deleted on exit
WFLYDR0004
java.lang.IllegalStateException
Cannot create directory %s
WFLYDR0005
java.lang.IllegalStateException
Cannot obtain SHA-1 %s
WFLYDR0006
java.lang.IllegalStateException
Directory %s is not writable
WFLYDR0007
java.lang.IllegalStateException
%s is not a directory
WFLYDR0009
INFO
Content %s is obsolete and will be removed
WFLYDR0010
ERROR
Couldn't delete content %s
WFLYDR0011
INFO
Couldn't list directory files for %s
WFLYDR0012
java.lang.RuntimeException
Cannot hash current deployment content %s
WFLYDR0013
java.lang.IllegalArgumentException
Access denied to the content at %s in the deployment
WFLYDR0014
ERROR
Error deleting deployment %s
WFLYDR0015
java.lang.IllegalStateException
%s is not an archive file
WFLYDR0016
org.jboss.as.repository.ExplodedContentException
Achive file %s not found
WFLYDR0017
INFO
Content exploded at location %s
WFLYDR0018
org.jboss.as.repository.ExplodedContentException
Error exploding content for %s
WFLYDR0019
org.jboss.as.repository.ExplodedContentException
Deployment is locked by another operation
WFLYDR0020
org.jboss.as.repository.ExplodedContentException
Error accessing deployment files
WFLYDR0021
org.jboss.as.repository.ExplodedContentException
Error updating content of exploded deployment
WFLYDR0022
org.jboss.as.repository.ExplodedContentException
Error copying files of exploded deployment to %s
WFLYDR0023
ERROR
Error deleting file %s
WFLYDR0024
ERROR
Error copying file %s
WFLYDS
Code
Level
Return Type
Message
WFLYDS0000
java.lang.String
A previous version of this content was deployed and remains deployed.
Reliable deployment behaviour is not possible when auto-deployment of exploded content is enabled (i.e. deployment without use of "%s"' marker files). Configuration of auto-deployment of exploded content is not recommended in any situation where reliability is desired. Configuring the deployment scanner's %s setting to "false" is recommended.
WFLYDS0007
WARN
The deployment scanner found that the content for exploded deployment %1$s has been deleted, but auto-deploy/undeploy for exploded deployments is not enabled and the %1$s%2$s marker file for this deployment has not been removed. As a result, the deployment is not being undeployed, but resources needed by the deployment may have been deleted and application errors may occur. Deleting the %1$s%2$s marker file to trigger undeploy is recommended.
WFLYDS0008
ERROR
Failed checking whether %s was a complete zip
WFLYDS0009
ERROR
File system deployment service failed
WFLYDS0010
INFO
Scan found incompletely copied file content for deployment %s. Deployment changes will not be processed until all content is complete.
WFLYDS0011
ERROR
The deployment scanner found a directory named %1$s that was not inside a directory whose name ends with .ear, .jar, .rar, .sar or .war. This is likely the result of unzipping an archive directly inside the %2$s directory, which is a user error. The %1$s directory will not be scanned for deployments, but it is possible that the scanner may find other files from the unzipped archive and attempt to deploy them, leading to errors.
WFLYDS0012
ERROR
Scan of %s threw Exception
WFLYDS0013
INFO
Started %s for directory %s
WFLYDS0014
WARN
Scan found content configured for auto-deploy that could not be safely auto-deployed. See details above. Deployment changes will not be processed until all problematic content is either removed or whether to deploy the content or not is indicated via a %s or %s marker file. Problematic deployments are %s
WFLYDS0015
INFO
Re-attempting failed deployment %s
WFLYDS0016
ERROR
Failed checking whether %s was a complete XML
WFLYDS0017
ERROR
Initial deployment scan failed
WFLYDS0018
INFO
Deployment %s was previously deployed by this scanner but has been undeployed by another management tool. Marker file %s is being added to record this fact.
WFLYDS0019
INFO
Deployment %s was previously deployed by this scanner but has been removed from the server deployment list by another management tool. Marker file %s is being added to record this fact.
WFLYDS0021
java.lang.String
Deployment content %s appears to be incomplete and is not progressing toward completion. This content cannot be auto-deployed.%s
WFLYDS0022
java.lang.String
Did not receive a response to the deployment operation within the allowed timeout period [%d seconds]. Check the server configuration file and the server logs to find more about the status of the deployment.
WFLYDS0025
java.lang.String
File %s cannot be scanned because it does not begin with a ZIP file format local file header signature
WFLYDS0026
java.lang.String
File %s cannot be scanned because it uses the currently unsupported ZIP64 format
WFLYDS0030
java.lang.String
File %2$s was configured for auto-deploy but could not be safely auto-deployed. The reason the file could not be auto-deployed was: %1$s. To enable deployment of this file create a file called %2$s%3$s
WFLYDS0031
java.lang.IllegalStateException
Extension with module 'org.jboss.as.deployment-scanner' cannot be installed in a managed domain. Please remove it and any subsystem referencing it
WFLYDS0032
java.lang.RuntimeException
Failed to list files in directory %s. Check that the contents of the directory are readable.
WFLYDS0033
INFO
Deployment %s was previously undeployed by this scanner but has been redeployed by another management tool. Marker file %s is being removed to record this fact.
WFLYDS0034
ERROR
Failed synchronizing status of deployment %s.
WFLYDS0035
java.lang.String
Scan found %s which is not well-formed at lineNumber: %s, columnNumber: %s. Either the file was incompletely copied at the time of the scanning or it is just wrong.
WFLYDS0036
java.lang.RuntimeException
Deployment model operation failed. %s
WFLYDS0037
WARN
%s does not exist
WFLYDS0038
WARN
%s is not a directory
WFLYDS0039
WARN
%s is not writable
WFLYDS0040
org.jboss.as.controller.OperationFailedException
Could not find relative-to path entry for %s
WFLYDS0041
WARN
%s is not readable
WFLYDS0042
ERROR
Boot-time scan failed due to inaccessible deployment directory: %s
WFLYDS0043
WARN
Deployment directory scan failed due to inaccessible deployment directory: %s
WFLYEE
Code
Level
Return Type
Message
WFLYEE0002
WARN
Could not resolve %s %s
WFLYEE0006
WARN
Failed to destroy component instance %s
WFLYEE0007
WARN
Not installing optional component %s due to an exception (enable DEBUG log level to see the cause)
WFLYEE0009
WARN
[Managed Bean spec, section %s] Managed bean implementation class MUST NOT be an interface - %s is an interface, hence won't be considered as a managed bean.
WFLYEE0010
WARN
[Managed Bean spec, section %s] Managed bean implementation class MUST NOT be abstract or final - %s won't be considered as a managed bean, since it doesn't meet that requirement.
WFLYEE0011
WARN
Exception while invoking pre-destroy interceptor for component class: %s
WFLYEE0014
WARN
%s in subdeployment ignored. jboss-ejb-client.xml is only parsed for top level deployments.
WFLYEE0015
WARN
Transaction started in EE Concurrent invocation left open, starting rollback to prevent leak.
WFLYEE0016
WARN
Failed to rollback transaction.
WFLYEE0017
WARN
Failed to suspend transaction.
WFLYEE0018
WARN
System error while checking for transaction leak in EE Concurrent invocation.
A class must not declare more than one AroundInvoke method. %s has %s methods annotated.
WFLYEE0110
ERROR
Failed to run scheduled task: %s
WFLYEE0111
java.lang.IllegalStateException
Cannot run scheduled task %s as container is suspended
WFLYEE0112
org.jboss.as.controller.OperationFailedException
The core-threads value must be greater than 0 when the queue-length is %s
WFLYEE0113
org.jboss.as.controller.OperationFailedException
The max-threads value %d cannot be less than the core-threads value %d.
WFLYEE0114
java.lang.IllegalArgumentException
Class does not implement all of the provided interfaces
WFLYEE0115
java.lang.IllegalArgumentException
The name of the %s is null
WFLYEE0116
java.lang.IllegalArgumentException
%s is null in the %s %s
WFLYEE0117
java.lang.IllegalArgumentException
Field %s cannot be set - object of %s loaded by %s is not assignable to %s loaded by %s
WFLYEE0120
org.jboss.as.controller.OperationFailedException
Failed to locate executor service '%s'
WFLYEE0121
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYEE0122
org.jboss.msc.service.StartException
Directory path %s in %s global-directory resource does not point to a valid directory.
WFLYEE0123
org.jboss.as.controller.OperationFailedException
Global directory %s cannot be added, because global directory %s is already defined.
WFLYEE0124
WARN
Error deleting Jakarta Authorization Policy
WFLYEE0125
org.jboss.msc.service.StartException
Unable to start the %s service
WFLYEE0126
java.util.concurrent.RejectedExecutionException
Rejected due to maximum number of requests
WFLYEE0127
WARN
Invalid '%s' name segment for env, name can't start with '/' prefix, prefix has been removed
WFLYEE0128
WARN
Failure when terminating %s hung task %s
WFLYEE0129
INFO
%s hung task %s cancelled
WFLYEE0130
INFO
%s hung task %s not cancelled
WFLYEE0131
javax.xml.stream.XMLStreamException
The attribute %s is no longer supported.
WFLYEE0132
java.lang.RuntimeException
ManagedReference was null and injection is not optional for injection into method %s
WFLYEE0133
ERROR
A JNDI binding for component '%s' has already been installed under JNDI name '%s' in accordance with Jakarta EE specifications. The conflicting class is %s. Solutions include providing an alternate name for the component or renaming the class.
WFLYEE0134
java.lang.IllegalStateException
Multiple uses of ContextServiceDefinition.ALL_REMAINING
WFLYEE0135
WARN
Failed to resume transaction.
WFLYEE0136
java.lang.RuntimeException
Failed to run scheduled task: %s
WFLYEJB
Code
Level
Return Type
Message
WFLYEJB0004
ERROR
failed to get tx manager status; ignoring
WFLYEJB0005
ERROR
failed to set rollback only; ignoring
WFLYEJB0006
WARN
ActivationConfigProperty %s will be ignored since it is not allowed by resource adapter: %s
WFLYEJB0007
ERROR
Discarding stateful component instance: %s due to exception
WFLYEJB0010
WARN
Default interceptor class %s is not listed in the section of ejb-jar.xml and will not be applied
WFLYEJB0015
WARN
Unknown timezone id: %s found in schedule expression. Ignoring it and using server's timezone: %s
WFLYEJB0016
WARN
Timer persistence is not enabled, persistent timers will not survive JVM restarts
WFLYEJB0017
INFO
Next expiration is null. No tasks will be scheduled for timer %S
WFLYEJB0018
ERROR
Ignoring exception during setRollbackOnly
WFLYEJB0020
ERROR
Error invoking timeout for timer: %s
WFLYEJB0021
INFO
Timer: %s will be retried
WFLYEJB0022
ERROR
Error during retrying timeout for timer: %s
WFLYEJB0023
INFO
Retrying timeout for timer: %s
WFLYEJB0024
INFO
Timer is not active, skipping retry of timer: %s
WFLYEJB0026
WARN
Could not read timer information for Jakarta Enterprise Beans component %s
WFLYEJB0028
ERROR
%s is not a directory, could not restore timers
WFLYEJB0029
ERROR
Could not restore timer from %s
WFLYEJB0030
ERROR
error closing file
WFLYEJB0031
ERROR
Could not restore timers for %s
WFLYEJB0032
ERROR
Could not create directory %s to persist Jakarta Enterprise Beans timers.
WFLYEJB0034
ERROR
Jakarta Enterprise Beans Invocation failed on component %s for method %s
WFLYEJB0035
WARN
Could not find Jakarta Enterprise Beans for locator %s, Jakarta Enterprise Beans client proxy will not be replaced
WFLYEJB0036
WARN
Jakarta Enterprise Beans %s is not being replaced with a Stub as it is not exposed over IIOP
WFLYEJB0037
ERROR
Dynamic stub creation failed for class %s
WFLYEJB0042
INFO
Started message driven bean '%s' with '%s' resource adapter
WFLYEJB0043
WARN
A previous execution of timer %s is still in progress, skipping this overlapping scheduled execution at: %s.
WFLYEJB0044
java.lang.IllegalStateException
Resource adapter repository is not available
WFLYEJB0045
java.lang.IllegalArgumentException
Could not find an Endpoint for resource adapter %s
WFLYEJB0046
java.lang.IllegalStateException
Endpoint is not available for message driven component %s
WFLYEJB0047
java.lang.RuntimeException
Could not deactivate endpoint for message driven component %s
WFLYEJB0049
java.lang.RuntimeException
Could not create an instance of cluster node selector %s for cluster %s
WFLYEJB0050
WARN
Failed to parse property %s due to %s
WFLYEJB0051
java.lang.IllegalStateException
Could not find view %s for Jakarta Enterprise Beans %s
WFLYEJB0052
java.lang.RuntimeException
Cannot perform asynchronous local invocation for component that is not a session bean
WFLYEJB0053
java.lang.IllegalArgumentException
%s is not a Stateful Session bean in app: %s module: %s distinct-name: %s
WFLYEJB0054
java.lang.RuntimeException
Failed to marshal Jakarta Enterprise Beans parameters
WFLYEJB0055
jakarta.ejb.NoSuchEJBException
No matching deployment for Jakarta Enterprise Beans: %s
WFLYEJB0056
jakarta.ejb.NoSuchEJBException
Could not find Jakarta Enterprise Beans in matching deployment: %s
WFLYEJB0057
java.lang.IllegalArgumentException
%s annotation is only valid on method targets
WFLYEJB0058
java.lang.IllegalArgumentException
Method %s, on class %s, annotated with @jakarta.interceptor.AroundTimeout is expected to accept a single param of type jakarta.interceptor.InvocationContext
WFLYEJB0059
java.lang.IllegalArgumentException
Method %s, on class %s, annotated with @jakarta.interceptor.AroundTimeout must return Object type
WFLYEJB0060
java.lang.IllegalStateException
Wrong tx on thread: expected %s, actual %s
WFLYEJB0061
java.lang.IllegalStateException
Unknown transaction attribute %s on invocation %s
WFLYEJB0062
jakarta.ejb.EJBTransactionRequiredException
Transaction is required for invocation %s
WFLYEJB0063
jakarta.ejb.EJBException
Transaction present on server in Never call (Enterprise Beans 3 13.6.2.6)
WFLYEJB0064
ERROR
Failed to set transaction for rollback only
WFLYEJB0065
java.lang.IllegalArgumentException
View interface cannot be null
WFLYEJB0068
java.lang.RuntimeException
Could not load view class for component %s
WFLYEJB0073
jakarta.ejb.RemoveException
Illegal call to EJBHome.remove(Object) on a session bean
WFLYEJB0074
java.lang.IllegalStateException
Enterprise Beans 3.1 FR 13.6.2.8 setRollbackOnly is not allowed with SUPPORTS transaction attribute
WFLYEJB0075
jakarta.ejb.EJBException
Cannot call getPrimaryKey on a session bean
WFLYEJB0076
java.lang.RuntimeException
Singleton beans cannot have Enterprise Beans 2.x views
WFLYEJB0078
java.lang.IllegalStateException
Bean %s does not have an EJBLocalObject
WFLYEJB0079
java.lang.IllegalArgumentException
[Enterprise Beans 3.1 spec, section 14.1.1] Class: %s cannot be marked as an application exception because it is not of type java.lang.Exception
WFLYEJB0080
java.lang.IllegalArgumentException
[Enterprise Beans 3.1 spec, section 14.1.1] Exception class: %s cannot be marked as an application exception because it is of type java.rmi.RemoteException
WFLYEJB0081
java.lang.RuntimeException
%s annotation is allowed only on classes. %s is not a class
No jndi bindings will be created for Jakarta Enterprise Beans %s since no views are exposed
WFLYEJB0118
WARN
[Enterprise Beans 3.1 spec, section 4.9.2] Session bean implementation class MUST NOT be a interface - %s is an interface, hence won't be considered as a session bean
WFLYEJB0119
WARN
[Enterprise Beans 3.1 spec, section 4.9.2] Session bean implementation class MUST be public, not abstract and not final - %s won't be considered as a session bean, since it doesn't meet that requirement
WFLYEJB0120
WARN
[Enterprise Beans 3.1 spec, section 5.6.2] Message driven bean implementation class MUST NOT be a interface - %s is an interface, hence won't be considered as a message driven bean
WFLYEJB0121
WARN
[Enterprise Beans 3.1 spec, section 5.6.2] Message driven bean implementation class MUST be public, not abstract and not final - %s won't be considered as a message driven bean, since it doesn't meet that requirement
Could not determine type of corresponding implied Enterprise Beans 2.x local interface (see Enterprise Beans 3.1 21.4.5)%n due to multiple create* methods with different return types on home %s
Jakarta Enterprise Beans %s entity bean %s implemented TimedObject, but has a different timeout method specified either via annotations or via the deployment descriptor
WFLYEJB0273
java.lang.RuntimeException
%s does not have an Enterprise Beans 2.x local interface
Module %s containing bean %s is not deployed in ear but it specifies resource adapter name '%s' in a relative format.
WFLYEJB0460
WARN
The transaction isolation need to be equal or stricter than READ_COMMITTED to ensure that the timer run once-and-only-once
WFLYEJB0461
ERROR
Update timer failed and it was not possible to rollback the transaction!
WFLYEJB0462
WARN
Timer service database-data-store database attribute is not configured, and is not detected from connection metadata or JDBC driver name.
WFLYEJB0463
WARN
Invalid transaction attribute type %s on SFSB lifecycle method %s of class %s, valid types are REQUIRES_NEW and NOT_SUPPORTED. Method will be treated as NOT_SUPPORTED.
WFLYEJB0464
org.jboss.as.controller.OperationFailedException
The "disable-default-ejb-permissions" attribute may not be set to true
Loaded timer (%s) for Jakarta Enterprise Beans (%s) and this node that is marked as being in a timeout. The original timeout may not have been processed. Please use graceful shutdown to ensure timeout tasks are finished before shutting down.
WFLYEJB0481
INFO
Strict pool %s is using a max instance size of %d (per class), which is derived from thread worker pool sizing.
WFLYEJB0482
INFO
Strict pool %s is using a max instance size of %d (per class), which is derived from the number of CPUs on this host.
WFLYEJB0483
javax.xml.stream.XMLStreamException
Attributes are mutually exclusive: %s, %s
WFLYEJB0485
WARN
Transaction type %s is unspecified for the %s method of the %s message-driven bean. It will be handled as NOT_SUPPORTED.
WFLYEJB0486
INFO
Parameter 'default-clustered-sfsb-cache' was defined for the 'add' operation for resource '%s'. This parameter is deprecated and its previous behavior has been remapped to attribute 'default-sfsb-cache'. As a result the 'default-sfsb-cache' attribute has been set to '%s' and the 'default-sfsb-passivation-disabled-cache' attribute has been set to '%s'.
WFLYEJB0487
ERROR
Unexpected invocation state %s
WFLYEJB0489
ERROR
Timer %s not running as transaction could not be started
Could not create an instance of Jakarta Enterprise Beans client interceptor %s
WFLYEJB0497
WARN
Failed to persist timer %s on startup. This is likely due to another cluster member making the same change, and should not affect operation.
WFLYEJB0499
org.jboss.as.controller.OperationFailedException
Cannot read derived size - service %s unreachable
WFLYEJB0500
ERROR
Legacy org.jboss.security.annotation.SecurityDomain annotation is used in class: %s, please use org.jboss.ejb3.annotation.SecurityDomain instead.
WFLYEJB0501
java.lang.RuntimeException
Failed to activate MDB %s
WFLYEJB0502
ERROR
Exception checking if timer %s should run
WFLYEJB0503
WARN
[Jakarta Enterprise Beans 3.2 spec, section 5.6.4] Message Driven Bean 'onMessage' method can not be final (MDB: %s).
WFLYEJB0504
WARN
[Jakarta Enterprise Beans 3.2 spec, section 5.6.4] Message Driven Bean 'onMessage' method can not be private (MDB: %s).
WFLYEJB0505
WARN
[Jakarta Enterprise Beans 3.2 spec, section 5.6.4] Message Driven Bean 'onMessage' method can not be static (MDB: %s).
WFLYEJB0506
WARN
[Jakarta Enterprise Beans 3.2 spec, section 5.6.2] Message Driven Bean can not have a 'finalize' method. (MDB: %s)
WFLYEJB0507
ERROR
Failed to persist timer's state %s. Timer has to be restored manually
WFLYEJB0508
WARN
Failed to persist timer's state %s due to %s
WFLYEJB0509
WARN
Clustered Jakarta Enterprise Beans in Node: %s are bound to INADDR_ANY(%s). Either use a non-wildcard server bind address or add client-mapping entries to the relevant socket-binding for the Remoting connector
WFLYEJB0510
WARN
@RunAs annotation is required when using @RunAsPrincipal on class %s
WFLYEJB0511
java.lang.RuntimeException
Cannot build reflection index for server interceptor class %s
WFLYEJB0512
java.lang.RuntimeException
Server interceptor class %s does not have a no parameter constructor
WFLYEJB0513
java.lang.RuntimeException
Method %s in server interceptor %s annotated with %s has invalid signature
WFLYEJB0514
java.lang.RuntimeException
Cannot load server interceptor module %s
WFLYEJB0515
WARN
[Jakarta Enterprise Beans 3.2 spec, section 4.9.2] Singleton session beans are not allowed to implement 'jakarta.ejb.SessionBean' interface. This interface on bean '%s' is going to be ignored and should be removed.
WFLYEJB0516
INFO
IIOP bindings for session bean named '%s' in deployment unit '%s' are as follows: %s
WFLYEJB0517
ERROR
[Jakarta Enterprise Beans 3.2 spec, section 4.1] Spec violation for class %s. Session Jakarta Enterprise Beans should have only one of the following types : Stateful, Stateless, Singleton.
WFLYEJB0518
java.io.InvalidClassException
Exception resolving class %s for unmarshalling; it has either been blocklisted or not allowlisted
WFLYEJB0519
java.lang.IllegalArgumentException
Invalid unmarshalling filter specfication %s; specifications must describe class or package name matching patterns
Some classes referenced by annotation: %s in class: %s are missing.
WFLYEJB0522
WARN
The default pool name %s could not be resolved from its value: %s
WFLYEJB0523
WARN
Timer %s has not been deployed
WFLYEJB0524
java.lang.RuntimeException
Timer %s cannot be added
WFLYEJB0525
WARN
The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of '%s' for Jakarta Enterprise Beans '%s' will be ignored.
WFLYEJB0526
org.jboss.as.controller.OperationFailedException
Timer %s does not exist
WFLYEJB0527
ERROR
Remoting connector (address %s, port %s) is not correctly configured for EJB client invocations, the connector must be listed in 'connectors' attribute to receive EJB client invocations
WFLYEJB0528
DEBUG
Jakarta Enterprise Beans business method %s must be public
WFLYEJB0529
WARN
Failed to retrieve info from database for timer: %s
WFLYEJB0530
java.lang.IllegalStateException
The deployment is configured to use a legacy security domain '%s' which is no longer supported.
WFLYEJB0531
WARN
No client mappings registry provider found for %s; using legacy provider based on static configuration
WFLYEJB0532
WARN
Database detected from configuration is: '%s'. If this is incorrect, please specify the correct database.
WFLYELY
Code
Level
Return Type
Message
WFLYELY00000
java.lang.String
Reload dependent services which might already have cached the secret value
WFLYELY00000
java.lang.String
Update dependent resources as alias '%s' does not exist anymore
WFLYELY00002
org.jboss.as.controller.OperationFailedException
Can not inject the same realm '%s' in a single security domain.
WFLYELY00003
java.lang.IllegalArgumentException
The operation did not contain an address with a value for '%s'.
WFLYELY00004
org.jboss.msc.service.StartException
Unable to start the service.
WFLYELY00005
org.jboss.as.controller.OperationFailedException
Unable to access KeyStore to complete the requested operation.
WFLYELY00007
org.jboss.as.controller.OperationFailedException
The required service '%s' is not UP, it is currently '%s'.
WFLYELY00008
org.jboss.as.controller.OperationFailedException
Invalid operation name '%s', expected one of '%s'
WFLYELY00009
java.lang.RuntimeException
Unable to complete operation. '%s'
WFLYELY00010
org.jboss.as.controller.OperationFailedException
Unable to save KeyStore - KeyStore file '%s' does not exist.
WFLYELY00012
org.jboss.msc.service.StartException
No suitable provider found for type '%s'
WFLYELY00013
org.jboss.as.controller.OperationFailedException
The default-realm '%s' is not in the list of realms [%s] referenced by this domain.
WFLYELY00014
org.jboss.msc.service.StartException
Unable to load the properties files required to start the properties file backed realm: Users file: '%s' Groups file: '%s'
WFLYELY00015
org.jboss.msc.service.StartException
The custom component implementation '%s' does not implement method initialize(Map), however configuration has been supplied.
WFLYELY00016
org.jboss.as.controller.OperationFailedException
The supplied regular expression '%s' is invalid.
WFLYELY00017
org.jboss.msc.service.StartException
Property file referenced in properties-realm does not exist: %s
WFLYELY00018
org.jboss.msc.service.StartException
Unable to create %s for algorithm '%s'.
WFLYELY00019
org.jboss.msc.service.StartException
No '%s' found in injected value.
WFLYELY00020
org.jboss.as.controller.OperationFailedException
Unable to reload the properties files required to by the properties file backed realm.
WFLYELY00021
org.jboss.msc.service.StartException
Exception while creating the permission object for the permission mapping. Please check [class-name], [target-name] (name of permission) and [action] of [%s].
WFLYELY00022
org.jboss.msc.service.StartException
KeyStore file '%s' does not exist and required.
WFLYELY00023
WARN
KeyStore file '%s' does not exist. Used blank.
WFLYELY00024
WARN
Certificate [%s] in KeyStore is not valid
WFLYELY00025
org.jboss.msc.service.StartException
Referenced property file is invalid: %s
WFLYELY00027
org.jboss.as.controller.OperationFailedException
Unable to obtain OID for X.500 attribute '%s'
WFLYELY00028
org.jboss.as.controller.OperationFailedException
The X.500 attribute must be defined by name or by OID
WFLYELY00029
org.jboss.as.controller.OperationFailedException
Failed to parse URL '%s'
WFLYELY00030
org.jboss.msc.service.StartException
Realm '%s' does not support cache
WFLYELY00031
org.jboss.msc.service.StartException
Unable to access CRL file.
WFLYELY00032
java.lang.RuntimeException
Unable to reload CRL file.
WFLYELY00033
java.lang.RuntimeException
Unable to access entry [%s] from key store [%s].
WFLYELY00034
org.jboss.as.controller.OperationFailedException
A principal query can only have a single key mapper
WFLYELY00035
org.jboss.as.controller.OperationFailedException
Unable to load module '%s'.
WFLYELY00036
org.jboss.as.controller.OperationFailedException
Security realm '%s' has been referenced twice in the same security domain.
WFLYELY00037
org.jboss.msc.service.StartException
Injected value is not of '%s' type.
WFLYELY00038
org.jboss.msc.service.StartException
Could not load permission class '%s'
WFLYELY00039
org.jboss.as.controller.OperationFailedException
Unable to reload CRL file - TrustManager is not reloadable
WFLYELY00040
org.jboss.msc.service.StartException
Unable to load the permission module '%s' for the permission mapping
WFLYELY00041
java.lang.String
Unable to transform configuration to the target version - attribute '%s' is different from '%s'
WFLYELY00042
java.lang.String
Unable to transform multiple 'authorization-realms' to the single value
WFLYELY00043
org.jboss.as.controller.OperationFailedException
A cycle has been detected initialising the resources - %s
WFLYELY00044
java.lang.IllegalStateException
Unexpected name of servicename's parent - %s
WFLYELY00045
java.lang.IllegalStateException
Failed to load CallbackHandler from the provided module.
WFLYELY00046
org.jboss.msc.service.StartException
Provided path '%s' to JAAS configuration file does not exist.
WFLYELY00047
WARN
LDAP Realm is configured to use direct-verification and user-password-mapper which is invalid configuration.
WFLYELY00048
java.lang.IllegalArgumentException
A string representation of an X.500 distinguished name is required: %s
WFLYELY00909
org.jboss.as.controller.OperationFailedException
Credential store '%s' does not support given credential store entry type '%s'
WFLYELY00910
java.io.IOException
Password cannot be resolved for key-store '%s'
WFLYELY00911
java.io.IOException
Credential store '%s' protection parameter cannot be resolved
WFLYELY00913
org.jboss.as.controller.OperationFailedException
Credential alias '%s' of credential type '%s' already exists in the store
WFLYELY00914
java.security.NoSuchProviderException
Provider loader '%s' cannot supply Credential Store provider of type '%s'
WFLYELY00916
java.lang.IllegalStateException
Credential cannot be resolved
WFLYELY00917
org.jboss.msc.service.StartException
Password cannot be resolved for dir-context
WFLYELY00920
org.jboss.as.controller.OperationFailedException
Credential alias '%s' of credential type '%s' does not exist in the store
WFLYELY00921
org.jboss.as.controller.OperationFailedException
Location parameter is not specified for filebased keystore type '%s'
Unable to create immediately available credential store.
WFLYELY00925
org.jboss.as.controller.OperationFailedException
Unable to reload the credential store.
WFLYELY00926
org.jboss.as.controller.OperationFailedException
Unable to initialize the credential store.
WFLYELY00927
org.jboss.as.controller.OperationFailedException
The secret key operation '%s' failed to complete due to '%s'.
WFLYELY01000
org.jboss.as.controller.OperationFailedException
Identity with name [%s] already exists.
WFLYELY01001
java.lang.RuntimeException
Could not create identity with name [%s].
WFLYELY01002
java.lang.String
Identity with name [%s] not found.
WFLYELY01003
java.lang.RuntimeException
Could not delete identity with name [%s].
WFLYELY01004
java.lang.String
Identity with name [%s] not authorized.
WFLYELY01005
java.lang.RuntimeException
Could not read identity [%s] from security domain [%s].
WFLYELY01007
java.lang.RuntimeException
Could not read identity with name [%s].
WFLYELY01008
java.lang.RuntimeException
Failed to obtain the authorization identity.
WFLYELY01009
java.lang.RuntimeException
Failed to add attribute.
WFLYELY01010
java.lang.RuntimeException
Failed to remove attribute.
WFLYELY01011
java.lang.RuntimeException
Could not create password.
WFLYELY01012
org.jboss.as.controller.OperationFailedException
Unexpected password type [%s].
WFLYELY01013
org.jboss.as.controller.OperationFailedException
Pattern [%s] requires a capture group
WFLYELY01014
org.jboss.as.controller.OperationFailedException
Invalid [%s] definition. Only one of '%s' or '%s' can be set in one Object in the list of filters.
WFLYELY01015
java.lang.IllegalStateException
Unable to perform automatic outflow for '%s'
WFLYELY01016
org.jboss.as.controller.OperationFailedException
Server '%s' not known
WFLYELY01017
org.jboss.as.controller.OperationFailedException
Invalid value for cipher-suite-filter. %s
WFLYELY01018
org.jboss.as.controller.OperationFailedException
Invalid size %s
WFLYELY01019
org.jboss.as.controller.OperationFailedException
The suffix (%s) can not contain seconds or milliseconds.
WFLYELY01020
org.jboss.as.controller.OperationFailedException
The suffix (%s) is invalid. A suffix must be a valid date format.
WFLYELY01022
java.lang.RuntimeException
Failed to set policy [%s]
WFLYELY01023
javax.xml.stream.XMLStreamException
Could not find policy provider with name [%s]
WFLYELY01024
java.lang.RuntimeException
Failed to register policy context handlers
WFLYELY01025
java.lang.RuntimeException
Failed to create policy [%s]
WFLYELY01026
WARN
Element '%s' with attribute '%s' set to '%s' is unused. Since unused policy configurations can no longer be stored in the configuration model this item is being discarded.
WFLYELY01027
java.io.IOException
Key password cannot be resolved for key-store '%s'
WFLYELY01028
org.jboss.as.controller.OperationFailedException
Invalid value for not-before. %s
WFLYELY01029
org.jboss.as.controller.OperationFailedException
Alias '%s' does not exist in KeyStore
WFLYELY01030
org.jboss.as.controller.OperationFailedException
Alias '%s' does not identify a PrivateKeyEntry in KeyStore
WFLYELY01031
org.jboss.as.controller.OperationFailedException
Unable to obtain PrivateKey for alias '%s'
WFLYELY01032
org.jboss.as.controller.OperationFailedException
Unable to obtain Certificate for alias '%s'
WFLYELY01033
org.jboss.as.controller.OperationFailedException
No certificates found in certificate reply
WFLYELY01034
org.jboss.as.controller.OperationFailedException
Public key from certificate reply does not match public key from certificate in KeyStore
WFLYELY01035
org.jboss.as.controller.OperationFailedException
Certificate reply is the same as the certificate from PrivateKeyEntry in KeyStore
WFLYELY01036
org.jboss.as.controller.OperationFailedException
Alias '%s' already exists in KeyStore
WFLYELY01037
org.jboss.as.controller.OperationFailedException
Top-most certificate from certificate reply is not trusted. Inspect the certificate carefully and if it is valid, execute import-certificate again with validate set to false.
WFLYELY01038
org.jboss.as.controller.OperationFailedException
Trusted certificate is already in KeyStore under alias '%s'
WFLYELY01039
org.jboss.as.controller.OperationFailedException
Trusted certificate is already in cacerts KeyStore under alias '%s'
WFLYELY01040
org.jboss.as.controller.OperationFailedException
Unable to determine if the certificate is trusted. Inspect the certificate carefully and if it is valid, execute import-certificate again with validate set to false.
WFLYELY01041
org.jboss.as.controller.OperationFailedException
Certificate file does not exist
WFLYELY01042
org.jboss.as.controller.OperationFailedException
Unable to obtain Entry for alias '%s'
WFLYELY01043
org.jboss.as.controller.OperationFailedException
Unable to create an account with the certificate authority: %s
WFLYELY01044
org.jboss.as.controller.OperationFailedException
Unable to change the account key associated with the certificate authority: %s
WFLYELY01045
org.jboss.as.controller.OperationFailedException
Unable to deactivate the account associated with the certificate authority: %s
WFLYELY01046
org.jboss.msc.service.StartException
Unable to obtain certificate authority account Certificate for alias '%s'
WFLYELY01047
org.jboss.msc.service.StartException
Unable to obtain certificate authority account PrivateKey for alias '%s'
WFLYELY01048
org.jboss.as.controller.OperationFailedException
Unable to update certificate authority account key store: %s
WFLYELY01049
org.wildfly.security.x500.cert.acme.AcmeException
Unable to respond to challenge from certificate authority: %s
WFLYELY01050
org.wildfly.security.x500.cert.acme.AcmeException
Invalid certificate authority challenge
WFLYELY01051
org.jboss.as.controller.OperationFailedException
Invalid certificate revocation reason '%s'
WFLYELY01052
java.lang.IllegalStateException
Unable to instantiate AcmeClientSpi implementation
WFLYELY01053
org.jboss.as.controller.OperationFailedException
Unable to update the account with the certificate authority: %s
WFLYELY01054
org.jboss.as.controller.OperationFailedException
Unable to get the metadata associated with the certificate authority: %s
WFLYELY01055
org.jboss.as.controller.OperationFailedException
Invalid key size: %d
WFLYELY01056
org.jboss.as.controller.OperationFailedException
A certificate authority account with this account key already exists. To update the contact information associated with this existing account, use %s. To change the key associated with this existing account, use %s.
WFLYELY01057
java.lang.RuntimeException
Failed to create ServerAuthModule [%s] using module '%s'
WFLYELY01058
org.jboss.as.controller.OperationFailedException
Failed to parse PEM public key with kid: %s
WFLYELY01059
org.jboss.msc.service.StartException
Unable to detect KeyStore '%s'
WFLYELY01060
org.jboss.as.controller.OperationFailedException
Fileless KeyStore needs to have a defined type.
WFLYELY01061
org.jboss.as.controller.OperationFailedException
Invalid value of host context map: '%s' is not valid hostname pattern.
WFLYELY01062
org.jboss.as.controller.OperationFailedException
Value for attribute '%s' is invalid.
WFLYELY01063
org.jboss.as.controller.OperationFailedException
LetsEncrypt certificate authority is configured by default.
WFLYELY01064
org.jboss.msc.service.StartException
Failed to load OCSP responder certificate '%s'.
WFLYELY01065
org.jboss.as.controller.OperationFailedException
Multiple maximum-cert-path definitions found.
WFLYELY01066
org.jboss.as.controller.OperationFailedException
Invalid value for cipher-suite-names. %s
WFLYELY01067
org.jboss.as.controller.OperationFailedException
Value '%s' is not valid regex.
WFLYELY01068
java.lang.IllegalStateException
Duplicate PolicyContextHandler found for key '%s'.
WFLYELY01069
java.lang.IllegalStateException
Invalid %s loaded, expected %s but received %s.
WFLYELY01079
java.lang.RuntimeException
Unable to load module '%s'.
WFLYELY01080
org.jboss.as.controller.OperationFailedException
Non existing key store needs to have defined type.
WFLYELY01081
java.lang.RuntimeException
Failed to lazily initialize key manager
WFLYELY01082
java.lang.RuntimeException
Failed to store generated self-signed certificate
WFLYELY01083
java.lang.RuntimeException
No '%s' found in injected value.
WFLYELY01084
WARN
KeyStore %s not found, it will be auto-generated on first use with a self-signed certificate for host %s
WFLYELY01085
WARN
Generated self-signed certificate at %s. Please note that self-signed certificates are not secure and should only be used for testing purposes. Do not use this self-signed certificate in production. SHA-1 fingerprint of the generated key is %s SHA-256 fingerprint of the generated key is %s
WFLYELY01086
java.lang.IllegalStateException
Unable to initialize Elytron JACC support while legacy JACC support is enabled.
WFLYELY01087
org.jboss.as.controller.OperationFailedException
Hostname in SNI mapping cannot contain ^ character.
WFLYELY01088
org.wildfly.security.x500.cert.acme.AcmeException
Missing certificate authority challenge
WFLYELY01089
org.jboss.as.controller.OperationFailedException
Invalid file encoding '%s'.
WFLYELY01200
org.jboss.as.controller.OperationFailedException
The name of the resolver to use was not specified and no default-resolver has been defined.
WFLYELY01201
org.jboss.as.controller.OperationFailedException
No expression resolver has been defined with the name '%s'.
Initialisation of an %s without an active management OperationContext is not allowed.
WFLYELY01211
org.jboss.as.controller.OperationFailedException
Unable to load the credential store.
WFLYELY01212
org.jboss.msc.service.StartException
KeyStore does not contain a PrivateKey for KeyStore: [%s] and alias: [%s].
WFLYELY01213
org.jboss.msc.service.StartException
KeyStore does not contain a PublicKey for KeyStore: [%s] and alias: [%s].
WFLYELY01214
org.jboss.as.controller.OperationFailedException
Unable to verify the integrity of the filesystem realm: %s
WFLYELY01215
org.jboss.as.controller.OperationFailedException
Filesystem realm is missing key pair configuration, integrity checking is not enabled
WFLYELY01216
java.lang.RuntimeException
Filesystem realm is unable to obtain key store password
WFLYELY01217
org.jboss.as.controller.OperationFailedException
Realm verification failed, invalid signatures for the identities: %s
WFLYELY01218
java.security.KeyStoreException
Keystore used by filesystem realm does not contain the alias: %s
WFLYELY01219
org.jboss.as.controller.OperationFailedException
Integrity keypair cannot be added to non-empty filesystem realm after initialization. To upgrade a filesystem realm, use Elytron Tool command `filesystem-realm-integrity`
WFLYELY01220
org.jboss.as.controller.OperationFailedException
Encryption secret key cannot be added to non-empty filesystem realm after initialization. To upgrade a filesystem realm, use Elytron Tool command `filesystem-realm-encrypt`
The embedded server is stopping and invocations on the ModelControllerClient are not available
WFLYEMB0024
java.lang.IllegalStateException
The embedded server is reloading and invocations on the ModelControllerClient are not yet available
WFLYEMB0026
java.lang.IllegalStateException
Cannot create host controller using factory: %s
WFLYEMB0027
java.lang.IllegalStateException
The embedded server is stopped and invocations on the ModelControllerClient are not available
WFLYEMB0028
java.lang.RuntimeException
Error copying '%s' to '%s' (%s)
WFLYEMB0029
java.lang.IllegalArgumentException
-D%s=%s is not a directory
WFLYEMB0143
java.lang.IllegalArgumentException
No directory called '%s' exists under '%s'
WFLYEMB0144
java.lang.IllegalArgumentException
-D%s=%s does not exist
WFLYEMB0145
WARN
The module loader has already been configured. Changing the %s property will have no effect.
WFLYEMB0146
ERROR
Failed to restore context %s
WFLYHC
Code
Level
Return Type
Message
WFLYHC-001
WARN
Server '%s' (managed by host '%s') is unstable and should be stopped or restarted. An unstable server may not stop normally, so the 'kill' operation may be required to terminate the server process.
WFLYHC0000
java.lang.String
Use %s --help for information on valid command line arguments and their syntax.
WFLYHC0000
java.lang.String
- Host Controller configuration files in use: %s, %s
WFLYHC0000
java.lang.String
- Host Controller configuration file in use: %s
WFLYHC0001
WARN
Could not connect to remote domain controller %s
WFLYHC0002
ERROR
Could not connect to the domain controller. Error was: %s
WFLYHC0003
INFO
Creating http management service using network interface (%s) port (%d) securePort (%d)
WFLYHC0005
WARN
Existing server [%s] with status: %s
WFLYHC0008
ERROR
Failed to start server (%s)
WFLYHC0009
ERROR
Failed to stop server (%s)
WFLYHC0011
WARN
Ignoring for jvm '%s' type jvm: %s
WFLYHC0012
ERROR
No configuration was provided and the current running mode ('%s') requires access to the Domain Controller host. Startup will be aborted. Use the %s command line argument to start in %s mode if you need to start without a domain controller connection and then use the management tools to configure one.
WFLYHC0013
WARN
No security realm defined for http management service, all access will be unrestricted.
WFLYHC0014
ERROR
No server called %s available
WFLYHC0015
WARN
Connection to remote host-controller closed. Trying to reconnect.
WFLYHC0016
WARN
Ignoring
WFLYHC0018
INFO
Reconnecting server %s
WFLYHC0019
INFO
Registered remote secondary host "%s", %s
WFLYHC0020
INFO
Registering server %s
WFLYHC0021
INFO
Server [%s] connected using connection [%s]
WFLYHC0023
INFO
Starting server %s
WFLYHC0024
INFO
Stopping server %s
WFLYHC0026
INFO
Unregistered remote secondary host "%s"
WFLYHC0027
INFO
Unregistering server %s
WFLYHC0029
INFO
Unregistered at domain controller
WFLYHC0030
WARN
Connection to remote host "%s" closed unexpectedly
WFLYHC0031
WARN
Cannot load the domain model using --backup
WFLYHC0033
ERROR
Caught exception during boot
WFLYHC0034
java.lang.String
Host Controller boot has failed in an unrecoverable manner; exiting. See previous messages for details. %s
WFLYHC0035
ERROR
Installation of the domain-wide configuration has failed. Because the running mode of this Host Controller is ADMIN_ONLY boot has been allowed to proceed. If ADMIN_ONLY mode were not in effect the process would be terminated due to a critical boot failure.
WFLYHC0037
INFO
The primary Host Controller has been restarted. Re-registering this secondary Host Controller with the new primary.
WFLYHC0038
WARN
The domain controller could not be reached in the last [%d] milliseconds. Re-connecting.
WFLYHC0039
INFO
The secondary Host Controller "%s" has been restarted or is attempting to reconnect. Unregistering the current connection to this secondary.
WFLYHC0040
WARN
The secondary Host Controller "%s" could not be reached in the last [%d] milliseconds. Unregistering.
WFLYHC0041
java.lang.String
Argument expected for option %s. %s
WFLYHC0042
java.lang.IllegalArgumentException
Attempting to set '%s' when '%s' was already set
WFLYHC0043
java.lang.IllegalStateException
Unable to connect due to authentication failure.
WFLYHC0044
java.lang.IllegalStateException
Cannot access a remote file repository from the domain controller
WFLYHC0045
java.io.IOException
Unable to create local directory: %s
WFLYHC0046
java.lang.RuntimeException
Cannot obtain a valid default address for communicating with the ProcessController using either %s or InetAddress.getLocalHost(). Please check your system's network configuration or use the %s command line switch to configure a valid address
WFLYHC0047
java.lang.String
Cannot restart server %s as it is not currently started; it is %s
WFLYHC0048
java.lang.String
Cannot start servers when the Host Controller running mode is %s
WFLYHC0049
java.lang.UnsupportedOperationException
Close should be managed by the service
WFLYHC0050
java.lang.IllegalStateException
Configuration persister for domain model is already initialized
WFLYHC0051
java.lang.IllegalStateException
Interrupted while trying to connect to the domain controller
WFLYHC0052
java.lang.IllegalStateException
Could not connect to the domain controller in %d attempts within %s ms
WFLYHC0053
java.lang.RuntimeException
Could not get the server inventory in %d %s
WFLYHC0054
java.io.IOException
Did not read the entire file. Missing: %d
WFLYHC0055
java.lang.RuntimeException
Error closing down host
WFLYHC0056
java.lang.String
Failed to retrieve profile operations from domain controller
Invocations of %s after HostController boot are not allowed
WFLYHC0066
java.lang.String
Malformed URL provided for option %s. %s
WFLYHC0067
java.lang.IllegalStateException
Must call %s before checking for secondary Host Controller status
WFLYHC0068
java.lang.IllegalStateException
Must call %s before persisting the domain model
WFLYHC0071
java.lang.IllegalStateException
No server inventory
WFLYHC0077
java.lang.IllegalArgumentException
There is already a registered server named '%s'
WFLYHC0078
java.lang.String
Server (%s) still running
WFLYHC0079
javax.security.sasl.SaslException
Unable to generate hash
WFLYHC0080
java.lang.String
Unable to load properties from URL %s. %s
WFLYHC0081
java.lang.IllegalArgumentException
Undefined socket binding group for server %s
WFLYHC0082
java.lang.IllegalStateException
Included socket binding group %s is not defined
WFLYHC0084
java.lang.IllegalArgumentException
Unknown %s %s
WFLYHC0085
java.lang.String
Value for %s is not a known host -- %s. %s
WFLYHC0087
java.lang.IllegalStateException
Host-Controller is already shutdown.
WFLYHC0090
java.lang.UnsupportedOperationException
HostControllerEnvironment does not support system property updates
WFLYHC0091
org.jboss.as.controller.OperationFailedException
Resources of type %s cannot be ignored
WFLYHC0092
javax.xml.stream.XMLStreamException
An '%s' element whose 'type' attribute is '%s' has already been found
WFLYHC0093
java.lang.String
The JVM input arguments cannot be accessed so system properties passed directly to this Host Controller JVM will not be passed through to server processes. Cause of the problem: %s
WFLYHC0094
java.lang.IllegalStateException
Missing configuration value for: %s
WFLYHC0095
java.lang.IllegalStateException
Home directory does not exist: %s
WFLYHC0097
java.lang.IllegalStateException
Domain base directory does not exist: %s
WFLYHC0098
java.lang.IllegalStateException
Domain base directory is not a directory: %s
WFLYHC0099
java.lang.IllegalStateException
Configuration directory does not exist: %s
WFLYHC0100
java.lang.IllegalStateException
Domain data directory is not a directory: %s
WFLYHC0101
java.lang.IllegalStateException
Could not create domain data directory: %s
WFLYHC0102
java.lang.IllegalStateException
Domain content directory is not a directory: %s
WFLYHC0103
java.lang.IllegalStateException
Could not create domain content directory: %s
WFLYHC0104
java.lang.IllegalStateException
Log directory is not a directory: %s
WFLYHC0105
java.lang.IllegalStateException
Could not create log directory: %s
WFLYHC0106
java.lang.IllegalStateException
Servers directory is not a directory: %s
WFLYHC0107
java.lang.IllegalStateException
Could not create servers directory: %s
WFLYHC0108
java.lang.IllegalStateException
Domain temp directory does not exist: %s
WFLYHC0109
java.lang.IllegalStateException
Could not create domain temp directory: %s
WFLYHC0110
java.lang.IllegalStateException
Unable to connect due to SSL failure.
WFLYHC0111
java.lang.IllegalStateException
Option '%s' already exists
WFLYHC0113
org.jboss.as.controller.OperationFailedException
Host controller management version %s.%s is too old, Only %s.%s or higher are supported
WFLYHC0114
java.lang.IllegalStateException
Failed to add extensions used by the domain. Failure description: %s
WFLYHC0115
java.lang.String
Argument %s has no value. %s
WFLYHC0116
java.lang.IllegalStateException
Cannot access S3 file: %s
WFLYHC0117
java.lang.IllegalStateException
Failed to obtain domain controller data from S3 file
WFLYHC0118
java.io.IOException
Cannot write domain controller data to S3 file: %s
WFLYHC0119
java.lang.IllegalStateException
Cannot access S3 bucket '%s': %s
WFLYHC0120
java.lang.IllegalStateException
Tried all domain controller discovery option(s) but unable to connect
WFLYHC0121
java.lang.IllegalStateException
pre_signed_put_url and pre_signed_delete_url must have the same path
WFLYHC0122
java.lang.IllegalStateException
pre_signed_put_url and pre_signed_delete_url must both be set or both unset
WFLYHC0123
java.lang.IllegalStateException
pre-signed url %s must point to a file within a bucket
WFLYHC0124
java.lang.IllegalStateException
pre-signed url %s is not a valid url
WFLYHC0125
java.lang.IllegalStateException
pre-signed url %s may only have a subdirectory under a bucket
WFLYHC0126
java.lang.IllegalArgumentException
Creating location-constrained bucket with unsupported calling-format
WFLYHC0127
java.lang.IllegalArgumentException
Invalid location: %s
WFLYHC0128
java.lang.IllegalArgumentException
Invalid bucket name: %s
WFLYHC0129
java.io.IOException
bucket '%s' could not be accessed (rsp=%d (%s)). Maybe the bucket is owned by somebody else or the authentication failed
WFLYHC0130
java.io.IOException
Unexpected response: %s
WFLYHC0131
java.lang.RuntimeException
HTTP redirect support required
WFLYHC0132
java.lang.RuntimeException
Unexpected error parsing bucket listing(s)
WFLYHC0133
java.lang.RuntimeException
Couldn't initialize a SAX driver for the XMLReader
WFLYHC0134
java.lang.IllegalStateException
Cannot instantiate discovery option class '%s': %s
WFLYHC0137
ERROR
Could not write domain controller data to S3 file. Error was: %s
WFLYHC0138
ERROR
Could not remove S3 file. Error was: %s
WFLYHC0140
java.lang.IllegalStateException
Can't execute transactional operation '%s' from the secondary Host Controller
WFLYHC0142
ERROR
Failed to apply domain-wide configuration from the domain controller
WFLYHC0143
ERROR
Failed to apply domain-wide configuration from the Domain Controller. Operation outcome: %s. Failure description %s
WFLYHC0144
ERROR
The host cannot start because it was started in running mode '%s' with no access to a local copy of the domain wide configuration policy, the '%s' attribute was set to '%s' and the domain wide configuration policy could not be obtained from the Domain Controller host. Startup will be aborted. Use the '%s' command line argument to start if you need to start without connecting to a domain controller connection.
WFLYHC0145
ERROR
The host cannot start because it was started in running mode '%s' with no access to a local copy of the domain wide configuration policy, and the '%s' attribute was set to '%s'. Startup will be aborted. Use the '%s' command line argument to start in running mode '%s'.
WFLYHC0146
WARN
Could not discover the domain controller using discovery option %s. Error was: %s
WFLYHC0147
WARN
No domain controller discovery options remain.
WFLYHC0148
INFO
Connected to the domain controller at %s
WFLYHC0149
INFO
Option %s was set; obtaining domain-wide configuration from %s
WFLYHC0150
INFO
Trying to reconnect to the domain controller.
WFLYHC0151
ERROR
No domain controller discovery configuration was provided and the '%s' attribute was set to '%s'. Startup will be aborted. Use the %s command line argument to start in %s mode if you need to start without a domain controller connection and then use the management tools to configure one.
WFLYHC0152
INFO
Server %s will be started with JVM launch command prefix '%s'
WFLYHC0153
java.io.IOException
Channel closed
WFLYHC0157
java.lang.IllegalStateException
Could not create domain auto-start directory: %s
WFLYHC0158
INFO
Error persisting server autostart status
WFLYHC0159
java.lang.String
Invalid discovery type %s
WFLYHC0160
java.lang.IllegalStateException
Could not read or create the domain UUID in file: %s
WFLYHC0162
org.jboss.as.controller.OperationFailedException
The binding name '%s' in socket binding group '%s' is not unique. Names must be unique across socket-binding, local-destination-outbound-socket-binding and remote-destination-outbound-socket-binding
WFLYHC0163
org.jboss.as.controller.OperationFailedException
Profile '%s' is involved in a cycle
WFLYHC0164
org.jboss.as.controller.OperationFailedException
Profile '%s' defines subsystem '%s' which is also defined in its ancestor profile '%s'. Overriding subsystems is not supported
WFLYHC0165
org.jboss.as.controller.OperationFailedException
Socket binding group '%s' is involved in a cycle
WFLYHC0166
org.jboss.as.controller.OperationFailedException
Socket binding group '%s' defines socket binding '%s' which is also defined in its ancestor socket binding group '%s'. Overriding socket bindings is not supported
WFLYHC0167
org.jboss.as.controller.OperationFailedException
Profile '%s' includes profile '%s' and profile '%s'. Both these profiles define subsystem '%s', which is not supported
WFLYHC0168
org.jboss.as.controller.OperationFailedException
Socket binding group '%s' includes socket binding group '%s' and socket binding group '%s'. Both these socket binding groups define socket binding '%s', which is not supported
WFLYHC0169
org.jboss.as.controller.OperationFailedException
Reload into running mode is not supported with embedded host controller, admin-only=true must be specified.
WFLYHC0170
java.lang.String
Error releasing shared lock after host registration for operationID: %s
WFLYHC0171
ERROR
Failed getting the response from the suspend listener for server: %s
WFLYHC0172
ERROR
Failed executing the suspend operation for server: %s
WFLYHC0173
org.jboss.as.controller.OperationFailedException
It is not possible to use use-current-host-config=false while specifying a host-config
WFLYHC0174
org.jboss.as.controller.OperationFailedException
It is not possible to use use-current-domain-config=false while specifying a domain-config
WFLYHC0175
org.jboss.as.controller.OperationFailedException
domain-config '%s' specified for reload could not be found
WFLYHC0177
WARN
No security realm defined for native management service; all access will be unrestricted.
WFLYHC0178
FATAL
Aborting with exit code %d
WFLYHC0179
INFO
ProcessController has signalled to shut down; shutting down
WFLYHC0180
INFO
Shutting down in response to management operation '%s'
WFLYHC0181
INFO
Host Controller shutdown has been requested via an OS signal
WFLYHC0182
INFO
Timed out after %d ms awaiting server suspend response(s) for server: %s
WFLYHC0183
java.lang.String
Timed out after %d ms awaiting server suspend response(s) for server: %s
WFLYHC0184
INFO
%s interrupted awaiting server suspend response(s)
WFLYHC0185
java.lang.String
%s interrupted awaiting server suspend response(s)
WFLYHC0186
java.lang.String
Failed executing the suspend operation for server: %s
WFLYHC0187
java.lang.String
Failed getting the response from the suspend listener for server: %s
WFLYHC0188
INFO
Timed out after %d ms awaiting server resume response(s) for server: %s
WFLYHC0189
java.lang.String
Timed out after %d ms awaiting server resume response(s) for server: %s
WFLYHC0190
INFO
%s interrupted awaiting server resume response(s)
WFLYHC0191
java.lang.String
%s interrupted awaiting server resume response(s)
WFLYHC0192
java.lang.String
Failed executing the resume operation for server: %s
WFLYHC0193
java.lang.String
Failed getting the response from the resume listener for server: %s
WFLYHC0194
ERROR
Failed executing the resume operation for server: %s
WFLYHC0195
ERROR
Failed getting the response from the resume listener for server: %s
WFLYHC0196
ERROR
Cannot move the file %s to %s, unable to persist domain configuration changes: %s
WFLYHC0197
org.jboss.as.controller.OperationFailedException
If attribute %s is defined an ssl-context must also be defined
WFLYHC0198
WARN
Server '%s' is unstable and should be stopped or restarted. An unstable server may not stop normally, so the 'kill' operation may be required to terminate the server process.
WFLYHC0199
WARN
Server '%s' (managed by host '%s') has not responded to an operation request within the configured timeout. This may mean the server has become unstable.
WFLYHC0200
ERROR
Reporting instability of server '%s' to Domain Controller failed.
WFLYHC0201
java.lang.String
Error synchronizing the host model with the domain controller model with failure : %s.
WFLYHC0202
WARN
The domain configuration was successfully applied, but reload is required before changes become active.
WFLYHC0203
WARN
The domain configuration was successfully applied, but restart is required before changes become active.
WFLYHC0204
WARN
No logging configuration file could be found for the servers initial boot. Logging will not be configured until the logging subsystem is activated for the server %s
WFLYHC0205
ERROR
An error occurred setting the -Dlogging.configuration property for server %s. Configuration path %s
WFLYHC0206
java.lang.IllegalStateException
File %s already exists, you must use --remove-existing-domain-config to overwrite existing files.
WFLYHC0207
java.lang.IllegalStateException
File %s already exists, you must use --remove-existing-host-config to overwrite existing files.
WFLYHC0208
org.jboss.as.controller.OperationFailedException
A host (%s) has already been registered. You must shutdown this host before adding a new one.
WFLYHC0209
org.jboss.as.controller.OperationFailedException
Host name may not be null.
WFLYHC0210
org.jboss.as.controller.OperationFailedException
A secondary Host Controller may not be added using add(). Please add a host, omitting this parameter, and configure the remote domain controller using write-attribute.
WFLYHC0211
org.jboss.as.controller.OperationFailedException
Boot configuration validation failed
WFLYHC0212
org.jboss.as.controller.OperationFailedException
Fetch of missing configuration from the Domain Controller failed without explanation. Fetch operation outcome was %s
WFLYHC0213
java.lang.IllegalStateException
Java home '%s' does not exist.
WFLYHC0214
java.lang.IllegalStateException
Java home's bin '%s' does not exist. The home directory was determined to be %s.
WFLYHC0215
java.lang.IllegalStateException
Could not find java executable under %s.
WFLYHC0216
org.jboss.as.controller.OperationFailedException
The module option %s is not allowed.
WFLYHC0217
javax.xml.stream.XMLStreamException
Security realms are no longer supported, please migrate references to them from the configuration.
WFLYHC0218
org.jboss.as.controller.OperationFailedException
No %s installation has been prepared.
WFLYHC0219
java.security.GeneralSecurityException
Authorization failed for '%s' attempting to connect as a domain server.
WFLYHEALTH
Code
Level
Return Type
Message
WFLYHEALTH0001
INFO
Activating Base Health Subsystem
WFLYIIOP
Code
Level
Return Type
Message
WFLYIIOP0001
INFO
Activating IIOP Subsystem
WFLYIIOP0002
ERROR
Error fetching CSIv2Policy
WFLYIIOP0003
WARN
Caught exception while encoding GSSUPMechOID
WFLYIIOP0004
ERROR
Internal error
WFLYIIOP0005
ERROR
Failed to create CORBA naming context
WFLYIIOP0006
WARN
Unbind failed for %s
WFLYIIOP0007
ERROR
Failed to obtain JSSE security domain with name %s
WFLYIIOP0008
INFO
CORBA Naming Service started
WFLYIIOP0009
INFO
CORBA ORB Service started
WFLYIIOP0010
WARN
Compatibility problem: Class javax.rmi.CORBA.ClassDesc does not conform to the Java(TM) Language to IDL Mapping Specification (01-06-07), section 1.3.5.11
WFLYIIOP0011
WARN
Could not deactivate IR object
WFLYIIOP0012
WARN
Could not deactivate anonymous IR object
WFLYIIOP0013
org.jboss.as.controller.OperationFailedException
SSL support has been enabled but no security domain or client/server SSL contexts have been specified
WFLYIIOP0014
java.lang.RuntimeException
Unexpected exception
WFLYIIOP0015
org.omg.CORBA.NO_PERMISSION
Unexpected ContextError in SAS reply
WFLYIIOP0016
org.omg.CORBA.MARSHAL
Could not parse SAS reply: %s
WFLYIIOP0017
java.lang.RuntimeException
Could not register initial reference for SASCurrent
WFLYIIOP0018
org.omg.CORBA.NO_PERMISSION
SAS context does not exist
WFLYIIOP0019
org.omg.CORBA.NO_PERMISSION
Could not decode initial context token
WFLYIIOP0020
org.omg.CORBA.NO_PERMISSION
Could not decode target name in initial context token
WFLYIIOP0021
org.omg.CORBA.NO_PERMISSION
Could not decode incoming principal name
WFLYIIOP0022
java.lang.RuntimeException
Exception decoding context data in %s
WFLYIIOP0023
java.lang.IllegalArgumentException
Batch size not numeric: %s
WFLYIIOP0024
javax.naming.NamingException
Error getting binding list
WFLYIIOP0025
javax.naming.NamingException
Error generating object via object factory
WFLYIIOP0026
javax.naming.ConfigurationException
Error constructing context: either ORB or NamingContext must be supplied
WFLYIIOP0027
javax.naming.ConfigurationException
%s does not name a NamingContext
WFLYIIOP0028
javax.naming.ConfigurationException
Cannot convert IOR to NamingContext: %s
WFLYIIOP0029
javax.naming.ConfigurationException
ORB.resolve_initial_references("NameService") does not return a NamingContext
WFLYIIOP0030
javax.naming.NamingException
COS Name Service not registered with ORB under the name 'NameService'
WFLYIIOP0031
javax.naming.NamingException
Cannot connect to ORB
WFLYIIOP0032
javax.naming.NamingException
Invalid IOR or URL: %s
WFLYIIOP0033
javax.naming.NamingException
Invalid object reference: %s
WFLYIIOP0034
javax.naming.ConfigurationException
%s does not contain an IOR
WFLYIIOP0035
java.lang.IllegalArgumentException
Only instances of org.omg.CORBA.Object can be bound
WFLYIIOP0036
javax.naming.NamingException
No object reference bound for specified name
WFLYIIOP0037
javax.naming.InvalidNameException
Invalid empty name
WFLYIIOP0038
javax.naming.InvalidNameException
%s: unescaped \ at end of component
WFLYIIOP0039
javax.naming.InvalidNameException
%s: Invalid character being escaped
WFLYIIOP0040
java.net.MalformedURLException
Invalid %s URL: %s
WFLYIIOP0041
javax.naming.ConfigurationException
Problem with PortableRemoteObject.toStub(); object not exported or stub not found
ValueDef %s unable to resolve reference to abstract base valuetype %s
WFLYIIOP0098
org.jboss.msc.service.StartException
Failed to resolve initial reference %s
WFLYIIOP0099
org.jboss.msc.service.StartException
Failed to create POA from parent
WFLYIIOP0100
org.jboss.msc.service.StartException
Unable to instantiate POA: either the running ORB or the parent POA must be specified
WFLYIIOP0101
org.jboss.msc.service.StartException
Failed to activate POA
WFLYIIOP0102
org.omg.CORBA.INTERNAL
Caught exception destroying Iterator %s
WFLYIIOP0103
org.jboss.as.controller.OperationFailedException
IOR settings imply ssl connections usage, but secure connections have not been configured
WFLYIIOP0104
java.lang.String
Inconsistent transport-config configuration: %s is supported, please configure it to %s value
WFLYIIOP0105
java.lang.String
Inconsistent transport-config configuration: %s is not supported, please remove it or configure it to none value
WFLYIIOP0106
java.lang.String
Inconsistent transport-config configuration: %s is set to true, please configure %s as required
WFLYIIOP0109
WARN
SSL socket is required by server but secure connections have not been configured
WFLYIIOP0110
java.lang.IllegalStateException
Client requires SSL but server does not support it
WFLYIIOP0111
java.lang.String
SSL has not been configured but ssl-port property has been specified - the connection will use clear-text protocol
WFLYIIOP0113
org.jboss.as.controller.OperationFailedException
Authentication context has been defined but it is ineffective because the security initializer is not set to 'elytron'
WFLYIIOP0114
java.lang.String
Elytron security initializer not supported in previous iiop-openjdk versions and can't be converted
WFLYIIOP0115
java.lang.IllegalStateException
No IIOP socket bindings have been configured
WFLYIIOP0117
WARN
CLEARTEXT in IIOP subsystem won't be used because server-requires-ssl parameter have been set to true
WFLYIIOP0118
java.lang.IllegalStateException
Legacy security is no longer supported.
WFLYIIOP0119
org.jboss.as.controller.OperationFailedException
The use of security realms at runtime is unsupported.
WFLYIIOP0120
org.jboss.as.controller.OperationFailedException
The use of security domains at runtime is unsupported.
WFLYIM
Code
Level
Return Type
Message
WFLYIM0000
java.util.zip.ZipException
Zip entry %s is outside of the target dir %s.
WFLYIM0000
java.util.zip.ZipException
The structure of directories and files in the .zip file is invalid. The '%s' directory cannot be found as a second-level entry in the extracted .zip file.
WFLYIM0001
org.jboss.as.controller.OperationFailedException
There is an installation prepared and ready to be applied. The current prepared installation can be discarded by using the 'clean' operation.
WFLYIM0002
java.lang.RuntimeException
Invalid status change found for the artifact: '%s'
WFLYIM0003
java.lang.RuntimeException
Invalid status change found for the configuration change: '%s'
WFLYIM0004
org.jboss.as.controller.OperationFailedException
Channel name is mandatory.
WFLYIM0005
org.jboss.as.controller.OperationFailedException
No repositories have been defined in the '%s' channel.
WFLYIM0006
org.jboss.as.controller.OperationFailedException
The '%s' repository in the channel does not have its URL defined.
WFLYIM0007
org.jboss.as.controller.OperationFailedException
The repository URL '%s' for '%s' channel is invalid.
WFLYIM0008
org.jboss.as.controller.OperationFailedException
The '%s' repository in the channel does not have its ID defined.
WFLYIM0009
org.jboss.as.controller.OperationFailedException
The manifest GAV coordinate '%s' for '%s' channel is invalid.
WFLYIM0010
org.jboss.as.controller.OperationFailedException
The manifest URL '%s' for '%s' channel is invalid.
WFLYIM0011
org.jboss.as.controller.OperationFailedException
You cannot use the 'local-cache' option when the 'no-resolve-local-cache' option is enabled.
WFLYIM0012
org.jboss.as.controller.OperationFailedException
You cannot use the 'maven-repo-file' option with the 'repositories' option because they are mutually exclusive.
WFLYIM0013
org.jboss.as.controller.OperationFailedException
Invalid format for the repository URL: '%s'
WFLYIM0014
org.jboss.as.controller.OperationFailedException
You cannot use the 'work-dir' option with the 'repositories' or 'maven-repo-file' options because they are mutually exclusive.
WFLYIM0015
org.jboss.as.controller.OperationFailedException
Channel with name '%s' cannot be found.
WFLYIM0016
org.jboss.as.controller.OperationFailedException
The manifest maven coordinates for '%s' are invalid. The expected maven coordinates for this manifest are GA (GroupId:ArtifactId).
WFLYIM0017
org.jboss.as.controller.OperationFailedException
The manifest maven coordinates for '%s' are invalid. The expected maven coordinates for this manifest are GAV (GroupId:ArtifactId:Version) where Version is optional.
WFLYIM0018
java.lang.IllegalStateException
Installation Manager Service is down.
WFLYIM0019
org.jboss.as.controller.OperationFailedException
Operation has been cancelled.
WFLYIM0020
org.jboss.as.controller.OperationFailedException
No custom patches installed found for the specified manifest maven coordinates: '%s'
WFLYIO
Code
Level
Return Type
Message
WFLYIO001
INFO
Worker '%s' has auto-configured to %d IO threads with %d max task threads based on your %d available processors
WFLYIO002
INFO
Worker '%s' has auto-configured to %d IO threads based on your %d available processors
WFLYIO003
INFO
Worker '%s' has auto-configured to %d max task threads based on your %d available processors
WFLYIO004
WARN
Worker '%s' would auto-configure to %d max task threads based on %d available processors, however your system does not have enough file descriptors configured to support this configuration. It is likely you will experience application degradation unless you increase your file descriptor limit.
WFLYIO005
WARN
Your system is configured with %d file descriptors, but your current application server configuration will require a minimum of %d (and probably more than that); attempting to adjust, however you should expect stability problems unless you increase this number
WFLYIO006
java.lang.String
no metrics available
WFLYIO007
org.jboss.as.controller.OperationFailedException
Unexpected bind address conflict in resource "%s" when attempting to establish binding for destination %s to %s: a binding of %s already existed
WFLYIO008
WARN
The stack-size value of %d bytes for IO worker %s is low and may result in problems. A value of at least 150,000 is recommended.
WFLYJAR
Code
Level
Return Type
Message
WFLYJAR0000
java.lang.String
Set system property jboss.bind.address to the given value
WFLYJAR0000
java.lang.String
Set system property jboss.bind.address. to the given value
WFLYJAR0000
java.lang.String
Set a system property
WFLYJAR0000
java.lang.String
Display this message and exit
WFLYJAR0000
java.lang.String
Load system properties from the given url
WFLYJAR0000
java.lang.String
Set system property jboss.default.multicast.address to the given value
WFLYJAR0000
java.lang.String
Print version and exit
WFLYJAR0000
java.lang.String
Activate the SecurityManager
WFLYJAR0000
java.lang.String
Set a security property
WFLYJAR0000
java.lang.String
Path to deployment artifact (war,jar,ear or exploded deployment dir) to deploy in hollow jar
WFLYJAR0000
java.lang.String
Path to directory in which the server is installed. By default the server is installed in TEMP directory.
WFLYJAR0000
java.lang.String
Display the content of the Galleon configuration used to build this bootable JAR
WFLYJAR0000
java.lang.String
Path to a CLI script to execute when starting the Bootable JAR
WFLYJAR0001
DEBUG
Shutting down
WFLYJAR0002
DEBUG
Server stopped, exiting
WFLYJAR0003
DEBUG
Server not yet stopped, waiting
WFLYJAR0004
DEBUG
Null controller client, exiting
WFLYJAR0005
java.lang.RuntimeException
Unexpected exception while shutting down server
WFLYJAR0006
INFO
Deployed %s in server
WFLYJAR0007
INFO
Installed server and application in %s, took %sms
WFLYJAR0008
INFO
Server options: %s
WFLYJAR0009
DEBUG
Deleting %s dir
WFLYJAR0010
java.lang.Exception
Not an hollow jar, deployment already exists
WFLYJAR0011
java.lang.RuntimeException
Unknown argument %s
WFLYJAR0012
java.lang.RuntimeException
File %s doesn't exist
WFLYJAR0013
java.lang.RuntimeException
Invalid argument %s, no value provided
WFLYJAR0014
java.lang.IllegalStateException
The server is stopping and invocations on the ModelControllerClient are not available
WFLYJAR0015
java.lang.IllegalStateException
The server is reloading and invocations on the ModelControllerClient are not yet available
WFLYJAR0016
java.lang.IllegalStateException
The server is stopped and invocations on the ModelControllerClient are not available
WFLYJAR0017
java.lang.RuntimeException
Cannot start server
WFLYJAR0018
java.lang.RuntimeException
Cannot load module %s from: %s
WFLYJAR0019
WARN
Cannot restart server, exiting
WFLYJAR0020
WARN
Can't delete %s. Exception %s
WFLYJAR0021
WARN
Cannot register JBoss Modules MBeans, %s
WFLYJAR0022
java.lang.IllegalStateException
The PID file %s already exists. This may result in the install directory "%s" not being properly deleted.
WFLYJAR0023
WARN
Failed to start the cleanup processor. This may result in the install directory "%s" not being properly deleted.
WFLYJAR0024
WARN
The container has not properly shutdown within %ds. This may result in the install directory "%s" not being properly deleted.
WFLYJAR0025
DEBUG
Failed to initialize a security provider. Reason: %s
Admin object class (%s) is incorrect for resource adapter '%s' while deploying %s
WFLYJCA0086
WARN
Unable to find driver class name in "%s" jar
WFLYJCA0087
ERROR
Unable to register recovery: %s (%s)
WFLYJCA0088
java.lang.String
Attributes %s rejected. Must be true
WFLYJCA0089
WARN
Exception during unregistering deployment
WFLYJCA0090
org.jboss.as.controller.OperationFailedException
Jndi name shouldn't include '//' or end with '/'
WFLYJCA0091
WARN
-ds.xml file deployments are deprecated. Support may be removed in a future version.
WFLYJCA0092
java.lang.IllegalStateException
Indexed child resources can only be registered if the parent resource supports ordered children. The parent of '%s' is not indexed
WFLYJCA0093
INFO
The '%s' operation is deprecated. Use of the 'add' or 'remove' operations is preferred, or if required the 'write-attribute' operation can used to set the deprecated 'enabled' attribute
WFLYJCA0096
ERROR
Error during recovery shutdown
WFLYJCA0097
WARN
Exception while stopping resource adapter
WFLYJCA0098
INFO
Bound non-transactional data source: %s
WFLYJCA0099
INFO
Unbound non-transactional data source: %s
WFLYJCA0100
java.lang.UnsupportedOperationException
Operation %s is not supported
WFLYJCA0101
org.jboss.as.controller.OperationFailedException
Thread pool: %s(type: %s) can not be added for workmanager: %s, only one thread pool is allowed for each type.
WFLYJCA0102
org.jboss.as.controller.OperationFailedException
Attribute %s can only be defined if %s is true
WFLYJCA0103
org.jboss.as.controller.OperationFailedException
Attribute %s can only be defined if %s is undefined or false
WFLYJCA0104
java.lang.String
Subject=%s Subject identity=%s
WFLYJCA0106
INFO
Elytron handler handle: %s
WFLYJCA0107
java.lang.SecurityException
Execution subject was not provided to the callback handler
WFLYJCA0108
java.lang.IllegalArgumentException
Supplied callback doesn't contain a security domain reference
WFLYJCA0109
java.lang.UnsupportedOperationException
Callback with security domain is required - use createCallbackHandler(Callback callback) instead
WFLYJCA0110
java.lang.IllegalStateException
CredentialSourceSupplier is invalid for DSSecurity
WFLYJCA0111
java.lang.IllegalStateException
WorkManager hasn't elytron-enabled flag set accordingly with RA one
WFLYJCA0112
java.lang.IllegalArgumentException
Datasource %s is disabled
WFLYJCA0113
ERROR
Unexcepted error during worker execution : %s
WFLYJCA0114
org.jboss.as.controller.OperationFailedException
Failed to load datasource class: %s
WFLYJCA0115
java.lang.String
Module for driver [%s] or one of it dependencies is missing: [%s]
WFLYJCA0116
java.lang.String
Failed to load module for RA [%s] - the module or one of its dependencies is missing [%s]
WFLYJCA0117
org.jboss.as.controller.OperationFailedException
%s is not a valid %s implementation
WFLYJCA0118
INFO
Binding connection factory named %s to alias %s
WFLYJCA0119
INFO
Unbinding connection factory named %s to alias %s
WFLYJCA0120
org.jboss.msc.service.StartException
Unable to start the data source '%s' because there are no connection factories, either not defined or failed, please check log.
WFLYJCA0121
org.jboss.msc.service.StartException
Unable to start the data source '%s' because there is more than one(%s) connection factory defined.
WFLYJCA0122
org.jboss.as.controller.OperationFailedException
Thread pool name %s(type: %s) must match the workmanager name %s.
WFLYJCA0123
org.jboss.as.controller.OperationFailedException
Connection definition %s from resource adapter %s is configured to require the legacy security subsystem, which is not present
WFLYJCA0124
org.jboss.as.controller.OperationFailedException
Datasource %s is configured to require the legacy security subsystem, which is not present
Connection definition for %s is configured to require the legacy security subsystem, which is not present
WFLYJCA0127
java.lang.IllegalStateException
Connection factory %s is configured to require the legacy security subsystem, which is not present
WFLYJCA0128
java.lang.IllegalStateException
Legacy security is not available
WFLYJCA0129
org.jboss.as.controller.OperationFailedException
Wrong module name %s
WFLYJCA0130
org.jboss.as.controller.OperationFailedException
Report directory %s does not exist
WFLYJCA0131
org.jboss.as.controller.OperationFailedException
Legacy security attribute %s is no longer supported. Please use Elytron configuration instead
WFLYJCA0132
java.lang.String
Legacy security is no longer supported. Please use Elytron configuration instead
WFLYJDR
Code
Level
Return Type
Message
WFLYJDR0000
java.lang.String
Display this message and exit
WFLYJDR0000
java.lang.String
hostname that the management api is bound to. (default: localhost)
WFLYJDR0000
java.lang.String
port that the management api is bound to. (default: 9990)
WFLYJDR0000
java.lang.String
Protocol that is used to connect. Can be remote, http or https (default: http)
WFLYJDR0000
java.lang.String
Configuration file of the server if it is not running.
WFLYJDR0000
java.lang.String
JBoss Diagnostic Reporter (JDR) is a subsystem built to collect information to aid in troubleshooting. The jdr script is a utility for generating JDR reports.
WFLYJDR0007
java.lang.String
Could not create zipfile.
WFLYJDR0008
java.lang.String
Could not configure JDR. At least one configuration step failed.
WFLYJDR0009
java.lang.String
No JDR commands were loaded. Be sure that a valid Plugin class is specified in plugins.properties.
WFLYJDR0011
ERROR
Could not find JDR properties file.
WFLYJDR0012
ERROR
Could not create JDR properties file at %s
WFLYJMX
Code
Level
Return Type
Message
WFLYJMX-001
java.lang.Error
Invalid ObjectName: %s,%s; %s
WFLYJMX-001
java.lang.Error
Invalid ObjectName: %s,%s,%s; %s
WFLYJMX0000
java.lang.String
entry
WFLYJMX0000
java.lang.String
An entry
WFLYJMX0000
java.lang.String
The key
WFLYJMX0000
java.lang.String
The value
WFLYJMX0000
java.lang.String
A map
WFLYJMX0000
java.lang.String
The map is indexed by 'key'
WFLYJMX0000
java.lang.String
Complex type
WFLYJMX0000
java.lang.String
A complex type
WFLYJMX0000
java.lang.String
This mbean does not support expressions for attributes or operation parameters, even when supported by the underlying model. Instead the resolved attribute is returned, and the real typed value must be used when writing attributes/invoking operations.
WFLYJMX0000
java.lang.String
This mbean supports raw expressions for attributes and operation parameters where supported by the underlying model. If no expression is used, the string representation is converted into the real attribute value.
WFLYJMX0000
java.lang.String
To be able to set and read expressions go to %s
WFLYJMX0000
java.lang.String
To read resolved values and to write typed attributes and use typed operation parameters go to %s
WFLYJMX0000
java.lang.String
This attribute supports expressions
WFLYJMX0000
java.lang.String
This attribute does not support expressions
WFLYJMX0000
java.lang.String
A composite type representing a property
WFLYJMX0000
java.lang.String
The property name
WFLYJMX0000
java.lang.String
The property value
WFLYJMX0004
WARN
No ObjectName available to unregister
WFLYJMX0005
ERROR
Failed to unregister [%s]
WFLYJMX0006
WARN
is no longer supporting. should be used instead to allow remote connections via JBoss Remoting.
WFLYJMX0007
javax.management.AttributeNotFoundException
Could not find any attribute matching: %s
WFLYJMX0008
javax.management.AttributeNotFoundException
Attribute %s is not writable
WFLYJMX0009
java.lang.RuntimeException
Could not create ObjectName for address %s from string %s
WFLYJMX0010
javax.management.ReflectionException
Could not set %s
WFLYJMX0012
java.lang.IllegalArgumentException
%s and %s have different lengths
WFLYJMX0013
javax.management.InvalidAttributeValueException
Bad type for '%s'
WFLYJMX0014
java.lang.IllegalArgumentException
Invalid key %s for %s
WFLYJMX0015
java.lang.Error
Invalid ObjectName: %s; %s
WFLYJMX0017
javax.management.InstanceNotFoundException
No MBean found with name %s
WFLYJMX0018
org.jboss.msc.service.StartException
Failed to register mbean [%s]
WFLYJMX0019
javax.management.InstanceNotFoundException
No operation called '%s'
WFLYJMX0020
javax.management.MBeanException
No operation called '%s' at %s
WFLYJMX0022
javax.management.InstanceNotFoundException
No registration found for path address %s
WFLYJMX0024
java.lang.RuntimeException
Unknown type %s
WFLYJMX0025
java.lang.IllegalArgumentException
Unknown value %s
WFLYJMX0026
java.lang.IllegalStateException
Need the name parameter for wildcard add
WFLYJMX0029
java.lang.IllegalArgumentException
Unknown domain: %s
WFLYJMX0030
java.lang.IllegalArgumentException
Expression can not be converted into target type %s
WFLYJMX0031
java.lang.IllegalArgumentException
Unknown child %s
WFLYJMX0032
java.lang.IllegalArgumentException
ObjectName cannot be null
WFLYJMX0036
java.lang.IllegalStateException
There is no handler called '%s'
WFLYJMX0037
javax.management.JMRuntimeException
Unauthorized access
WFLYJMX0038
javax.management.JMRuntimeException
Not authorized to write attribute: '%s'
WFLYJMX0039
javax.management.JMRuntimeException
Not authorized to read attribute: '%s'
WFLYJMX0040
javax.management.JMRuntimeException
Not authorized to invoke operation: '%s'
WFLYJMX0041
javax.management.NotCompliantMBeanException
You can't create mbeans under the reserved domain '%s'
WFLYJMX0042
javax.management.OperationsException
Don't know how to deserialize
WFLYJMX0043
java.lang.UnsupportedOperationException
%s is not supported
WFLYJMX0044
java.lang.String
You can't register mbeans under the reserved domain '%s'
WFLYJMX0045
java.lang.String
You can't unregister mbeans under the reserved domain '%s'
WFLYJMX0046
javax.management.RuntimeOperationsException
The ObjectName coming from MBeanRegistration.preRegister() '%s' is in a reserved JMX domain
WFLYJMX0047
ERROR
An error happened unregistering the '%s' MBean registered in a reserved JMX domain
WFLYJMX0048
java.lang.UnsupportedOperationException
Add notification listener using ObjectName %s is not supported
WFLYJMX0049
java.lang.UnsupportedOperationException
Remove notification listener using ObjectName %s is not supported
WFLYJMX0050
java.lang.UnsupportedOperationException
Add notification listener using ObjectName %s is not supported
WFLYJMX0051
java.lang.UnsupportedOperationException
Remove notification listener using ObjectName %s is not supported
WFLYJPA
Code
Level
Return Type
Message
WFLYJPA0001
WARN
Duplicate Persistence Unit definition for %s in application. One of the duplicate persistence.xml should be removed from the application. Application deployment will continue with the persistence.xml definitions from %s used. The persistence.xml definitions from %s will be ignored.
WFLYJPA0002
INFO
Read persistence.xml for %s
WFLYJPA0003
INFO
Starting %s Service '%s'
WFLYJPA0004
INFO
Stopping %s Service '%s'
WFLYJPA0006
ERROR
Could not load default persistence provider module.
WFLYJPA0007
ERROR
Failed to stop persistence unit service %s
WFLYJPA0010
INFO
Starting Persistence Unit (phase %d of 2) Service '%s'
WFLYJPA0011
INFO
Stopping Persistence Unit (phase %d of 2) Service '%s'
WFLYJPA0012
WARN
Unexpected problem gathering statistics
WFLYJPA0015
java.lang.IllegalStateException
Container managed entity manager can only be closed by the container (will happen when @remove method is invoked on containing SFSB)
WFLYJPA0017
java.lang.IllegalStateException
Container managed entity manager can only be closed by the container (auto-cleared at tx/invocation end and closed when owning component is closed.)
Cannot specify both %s (%s) and %s (%s) in %s for %s
WFLYJPA0030
jakarta.ejb.EJBException
Found extended persistence context in SFSB invocation call stack but that cannot be used because the transaction already has a transactional context associated with it. This can be avoided by changing application code, either eliminate the extended persistence context or the transactional context. See JPA spec 2.0 section 7.6.3.1. Scoped persistence unit name=%s, persistence context already in transaction =%s, extended persistence context =%s.
WFLYJPA0031
java.lang.RuntimeException
Could not find child '%s' on '%s'
WFLYJPA0032
java.lang.String
Class level %s annotation on class %s must provide a %s
WFLYJPA0033
java.lang.String
Can't find a persistence unit named %s in %s
WFLYJPA0034
java.lang.IllegalArgumentException
Can't find a persistence unit named %s#%s at %s
WFLYJPA0036
java.lang.IllegalStateException
An error occurred while getting the transaction associated with the current thread: %s
Can only inject from a Hibernate EntityManagerFactoryImpl
WFLYJPA0043
java.lang.IllegalArgumentException
Persistence unit name (%s) contains illegal '%s' character
WFLYJPA0044
java.lang.IllegalArgumentException
jboss.as.jpa.scopedname hint (%s) contains illegal '%s' character
WFLYJPA0048
java.lang.RuntimeException
Persistence provider adapter module (%s) has more than one adapter
WFLYJPA0053
java.lang.RuntimeException
Internal %s error, null %s passed in
WFLYJPA0057
jakarta.persistence.PersistenceException
PersistenceProvider '%s' not found
WFLYJPA0058
java.lang.RuntimeException
Could not find relative path: %s
WFLYJPA0059
java.lang.String
%s injection target is invalid. Only setter methods are allowed: %s
WFLYJPA0060
jakarta.persistence.TransactionRequiredException
Transaction is required to perform this operation (either use a transaction or extended persistence context)
WFLYJPA0061
java.lang.IllegalArgumentException
Persistence unitName was not specified and there are %d persistence unit definitions in application deployment %s. Either change the application deployment to have only one persistence unit definition or specify the unitName for each reference to a persistence unit.
WFLYJPA0062
java.lang.RuntimeException
Could not create instance of persistence provider class %s
WFLYJPA0063
java.lang.RuntimeException
internal error, the number of stateful session beans (%d) associated with an extended persistence context (%s) cannot be a negative number.
WFLYJPA0064
java.lang.IllegalStateException
Jakarta Transactions transaction already has a 'SynchronizationType.UNSYNCHRONIZED' persistence context (EntityManager) joined to it but a component with a 'SynchronizationType.SYNCHRONIZED' is now being used. Change the calling component code to join the persistence context (EntityManager) to the transaction or change the called component code to also use 'SynchronizationType.UNSYNCHRONIZED'. See JPA spec 2.1 section 7.6.4.1. Scoped persistence unit name=%s.
WFLYJPA0065
java.lang.UnsupportedOperationException
Resources of type %s cannot be registered
WFLYJPA0066
java.lang.UnsupportedOperationException
Resources of type %s cannot be removed
WFLYJPA0067
java.lang.RuntimeException
Classloader '%s' has more than one Persistence provider adapter
Error occurred while searching for logging configuration files.
WFLYLOG0044
org.jboss.as.controller.OperationFailedException
Handler %s is attached to the following handlers and cannot be removed; %s
WFLYLOG0045
org.jboss.as.controller.OperationFailedException
Handler %s is attached to the following loggers and cannot be removed; %s
WFLYLOG0046
java.lang.String
Cannot add handler (%s) to itself
WFLYLOG0047
java.lang.IllegalStateException
The handler is closed, cannot publish to a closed handler
WFLYLOG0048
java.lang.String
Configuration for handler '%s' could not be found.
WFLYLOG0049
java.lang.String
Configuration for logger '%s' could not be found.
WFLYLOG0050
java.lang.UnsupportedOperationException
Method %s on class %s is not supported
WFLYLOG0051
java.lang.RuntimeException
Failed to write configuration file %s
WFLYLOG0061
java.lang.String
Formatter '%s' is not found
WFLYLOG0070
java.lang.IllegalArgumentException
Truncated filter expression string
WFLYLOG0071
java.lang.IllegalArgumentException
Invalid escape found in filter expression string
WFLYLOG0072
org.jboss.as.controller.OperationFailedException
Filter '%s' is not found
WFLYLOG0073
java.lang.IllegalArgumentException
Expected identifier next in filter expression
WFLYLOG0074
java.lang.IllegalArgumentException
Expected string next in filter expression
WFLYLOG0075
java.lang.IllegalArgumentException
Expected '%s' next in filter expression
WFLYLOG0076
java.lang.IllegalArgumentException
Unexpected end of filter expression
WFLYLOG0078
java.lang.IllegalStateException
The logging subsystem requires the log manager to be org.jboss.logmanager.LogManager. The subsystem has not be initialized and cannot be used. To use JBoss Log Manager you must add the system property "java.util.logging.manager" and set it to "org.jboss.logmanager.LogManager"
File '%s' was not found and cannot be found in the %s directory.
WFLYLOG0081
org.jboss.as.controller.OperationFailedException
File '%s' is not allowed to be read.
WFLYLOG0082
java.lang.String
The suffix (%s) can not contain seconds or milliseconds.
WFLYLOG0083
org.jboss.as.controller.OperationFailedException
Path '%s' is a directory and cannot be used as a log file.
WFLYLOG0084
java.lang.UnsupportedOperationException
Resources of type %s cannot be registered
WFLYLOG0085
java.lang.UnsupportedOperationException
Resources of type %s cannot be removed
WFLYLOG0086
java.lang.IllegalArgumentException
Could not determine deployment name from the address %s.
WFLYLOG0087
ERROR
Failed to process logging directory %s. Log files cannot be listed.
WFLYLOG0088
ERROR
Could not determine %s had any children resources.
WFLYLOG0089
WARN
The log manager check was skipped and the log manager system property, "java.util.logging.manager", does not appear to be set to "org.jboss.logmanager.LogManager". The current value is "%s". Some behavior of the logged output such as MDC and NDC may not work as expected.
WFLYLOG0090
WARN
The following path expressions could not be resolved while attempting to determine which log files are available to be read: %s
WFLYLOG0091
org.jboss.as.controller.OperationFailedException
Exception output type %s is invalid.
WFLYLOG0092
org.jboss.as.controller.OperationFailedException
Invalid type found. Expected %s but found %s.
WFLYLOG0093
org.jboss.as.controller.OperationFailedException
Failed to configure SSL context for %s %s.
WFLYLOG0094
org.jboss.as.controller.OperationFailedException
Formatter name cannot end with '-wfcore-pattern-formatter'
WFLYLOG0095
org.jboss.as.controller.OperationFailedException
The name %s cannot be used as a filter name as it is a reserved filter name. Reserved names are: %s
WFLYLOG0096
org.jboss.as.controller.OperationFailedException
The name %s cannot be used as a filter name as it starts with an invalid character %s
WFLYLOG0097
org.jboss.as.controller.OperationFailedException
The name %s cannot be used as a filter name as it contains an invalid character %s
WFLYLOG0099
WARN
Usage of a log4j appender (%s) found in a custom-handler. Support for using appenders as custom handlers has been deprecated and will be removed in a future release.
WFLYLOG0100
WARN
Usage of a log4j configuration file (%s) was found in deployment %s. Support for log4j configuration files in deployments has been deprecated and will be removed in a future release.
WFLYMAIL
Code
Level
Return Type
Message
WFLYMAIL0001
INFO
Bound mail session [%s]
WFLYMAIL0002
INFO
Unbound mail session [%s]
WFLYMAIL0003
DEBUG
Removed mail session [%s]
WFLYMAIL0004
org.jboss.msc.service.StartException
No outbound socket binding configuration '%s' is available.
WFLYMAIL0009
WARN
Host name [%s] could not be resolved!
WFLYMETRICS
Code
Level
Return Type
Message
WFLYMETRICS0001
INFO
Activating Base Metrics Subsystem
WFLYMETRICS0002
java.lang.IllegalArgumentException
Failed to initialize metrics from JMX MBeans
WFLYMETRICS0003
WARN
Unable to read attribute %s on %s: %s.
WFLYMETRICS0004
WARN
Unable to convert attribute %s on %s to Double value.
WFLYMETRICS0005
ERROR
Malformed name.
WFLYMMTREXT
Code
Level
Return Type
Message
WFLYMMTREXT0001
INFO
Activating Micrometer Subsystem
WFLYMMTREXT0002
INFO
Micrometer Subsystem is processing deployment
WFLYMMTREXT0003
DEBUG
The deployment does not have Jakarta Contexts and Dependency Injection enabled. Skipping Micrometer integration.
WFLYMMTREXT0004
DEBUG
Deployment %s requires use of the '%s' capability but it is not currently registered
WFLYMMTREXT0005
WARN
Unable to read attribute %s on %s: %s.
WFLYMMTREXT0006
WARN
Unable to convert attribute %s on %s to Double value.
WFLYMMTREXT0007
ERROR
Malformed name.
WFLYMMTREXT0008
java.lang.IllegalArgumentException
Failed to initialize metrics from JMX MBeans
WFLYMMTREXT0009
java.lang.IllegalArgumentException
An unsupported metric type was found: %s
WFLYMMTREXT0010
INFO
Not activating Micrometer Subsystem
WFLYMMTREXT0011
WARN
Micrometer has been enabled, but no endpoint has been configured. A No-op metrics registry has been configured.
WFLYMODCLS
Code
Level
Return Type
Message
WFLYMODCLS0001
ERROR
Error adding metrics.
WFLYMODCLS0004
ERROR
Mod_cluster requires Advertise but Multicast interface is not available.
WFLYMODCLS0005
WARN
No mod_cluster load balance factor provider specified for proxy '%s'! Using load balance factor provider with constant factor of '1'.
WFLYMODCLS0006
ERROR
Error applying properties to load metric class '%s'. Metric will not be loaded.
WFLYMODCLS0011
java.lang.String
Virtual host '%s' or context '%s' not found.
WFLYMODCLS0019
java.lang.IllegalArgumentException
'%s' is not a valid value for excluded-contexts.
WFLYMODCLS0021
WARN
Value 'ROOT' for excluded-contexts is deprecated, to exclude the root context use '/' instead.
WFLYMODCLS0023
ERROR
Error loading module '%s' to load custom metric from.
WFLYMODCLS0025
WARN
The '%s' element is no longer supported and will be ignored.
WFLYMODCLS0026
WARN
Attribute '%s' of element '%s' is no longer supported and will be ignored.
Resource at the address %s can not be managed, the server is in backup mode
WFLYMSGAMQ0067
org.jboss.as.controller.OperationFailedException
The broadcast group '%s' defines reference to nonexistent connector '%s'. Available connectors '%s'.
WFLYMSGAMQ0068
jakarta.jms.IllegalStateRuntimeException
It is not permitted to call this method on injected JMSContext (see Jakarta Messaging 2.0 spec, §12.4.5).
WFLYMSGAMQ0071
WARN
There is no resource matching the expiry-address %s for the address-settings %s, expired messages from destinations matching this address-setting will be lost!
WFLYMSGAMQ0072
WARN
There is no resource matching the dead-letter-address %s for the address-settings %s, undelivered messages from destinations matching this address-setting will be lost!
WFLYMSGAMQ0073
java.lang.String
Can not remove JNDI name %s. The resource must have at least one JNDI name
WFLYMSGAMQ0075
INFO
AIO wasn't located on this platform, it will fall back to using pure Java NIO. Your platform is Linux, install LibAIO to enable the AIO journal and achieve optimal performance.
WFLYMSGAMQ0076
org.jboss.as.controller.OperationFailedException
Parameter %s contains duplicate elements [%s]
WFLYMSGAMQ0077
org.jboss.as.controller.OperationFailedException
Can not remove unknown entry %s
WFLYMSGAMQ0078
org.jboss.as.controller.OperationFailedException
Only one %s child resource is allowed, found children: %s
WFLYMSGAMQ0079
java.lang.IllegalStateException
Indexed child resources can only be registered if the parent resource supports ordered children. The parent of '%s' is not indexed
WFLYMSGAMQ0080
org.jboss.msc.service.StartException
Discovery group %s is not defined
WFLYMSGAMQ0081
org.jboss.msc.service.StartException
Unsupported type of broadcast group configuration for legacy resource: %s
WFLYMSGAMQ0082
org.jboss.msc.service.StartException
Unsupported type of connector factory for legacy resource: %s
WFLYMSGAMQ0083
org.jboss.as.controller.OperationFailedException
The %s operation can not be performed: the server must be in %s mode
WFLYMSGAMQ0084
org.jboss.as.controller.OperationFailedException
The server does not define any in-vm connector. One is required to be able to import a journal
WFLYMSGAMQ0085
org.jboss.as.controller.OperationFailedException
Unable to load class %s from module %s
WFLYMSGAMQ0086
org.jboss.as.controller.OperationFailedException
Unable to load module %s
WFLYMSGAMQ0087
org.jboss.as.controller.OperationFailedException
Unable to load connector service factory class: %s
WFLYMSGAMQ0088
org.jboss.as.controller.OperationFailedException
%s is an invalid value for parameter %s, it should be multiple of %s
WFLYMSGAMQ0089
WARN
Resource at %s is not correctly configured: when its attribute %s is defined, the other attributes %s will not be taken into account
WFLYMSGAMQ0090
java.lang.IllegalArgumentException
The Elytron security domain cannot be null
WFLYMSGAMQ0091
DEBUG
Failed to authenticate username %s. Exception message: %s
WFLYMSGAMQ0092
DEBUG
Failed to authenticate username %s: cannot verify username/password pair
WFLYMSGAMQ0093
DEBUG
Failed to authorize username %s: missing permissions
WFLYMSGAMQ0094
WARN
Unable to detect database dialect from connection metadata or JDBC driver name. Please configure this manually using the 'journal-database' property in your configuration. Known database dialect strings are %s
WFLYMSGAMQ0095
WARN
Multiple client-mapping found in [%s] socket binding used by ActiveMQ [%s] transport configuration. Using address: [host: %s, port %s]
WFLYMSGAMQ0096
org.jboss.as.controller.OperationFailedException
The %s operation can not be performed on a JDBC store journal
WFLYMSGAMQ0097
org.jboss.as.controller.OperationFailedException
There is no socket-binding or outbound-socket-binding configured with the name %s
WFLYMSGAMQ0098
org.jboss.as.controller.OperationFailedException
Unable to load module %s - the module or one of its dependencies is missing [%s]
WFLYMSGAMQ0099
org.jboss.msc.service.StartException
Creating the remote destination %s failed with error %s
WFLYMSGAMQ0100
java.lang.RuntimeException
Deleting the remote destination %s failed with error %s
WFLYMSGAMQ0101
WARN
Invalid value %s for %s, legal values are %s, default value is applied.
The %s %s is configured to use socket-binding %s, but this socket binding doesn't have the multicast-address or a multicast-port attributes configured.
WFLYMSGAMQ0106
org.jboss.as.controller.OperationFailedException
The bridge %s didn't deploy.
WFLYMSGAMQ0107
java.lang.IllegalStateException
You must define a elytron security doman when security is enabled.
WFLYMSGAMQ0108
org.jboss.as.controller.OperationFailedException
Either socket-binding or jgroups-cluster attribute is required.
WFLYNAM
Code
Level
Return Type
Message
WFLYNAM0001
INFO
Activating Naming Subsystem
WFLYNAM0002
WARN
Failed to set %s
WFLYNAM0003
INFO
Starting Naming Service
WFLYNAM0012
ERROR
Failed to release binder service, used for a runtime made JNDI binding
WFLYNAM0013
ERROR
Failed to obtain jndi view value for entry %s.
WFLYNAM0014
java.lang.SecurityException
Attempt to add a Permission to a readonly PermissionCollection
WFLYNAM0015
java.lang.String
%s cannot be null.
WFLYNAM0016
javax.naming.NamingException
Could not dereference object
WFLYNAM0017
javax.naming.NamingException
Unable to list a non Context binding.
WFLYNAM0018
java.lang.String
Could not lookup link
WFLYNAM0020
javax.naming.NamingException
Could not resolve service %s
WFLYNAM0021
javax.naming.NamingException
Could not resolve service reference to %s in factory %s. Service was in state %s.
WFLYNAM0022
javax.naming.NamingException
Could not resolve service reference to %s in factory %s. This is a bug in ServiceReferenceObjectFactory. State was %s.
WFLYNAM0023
java.lang.String
Duplicate JNDI bindings for '%s' are not compatible. [%s] != [%s]
WFLYNAM0024
javax.naming.InvalidNameException
An empty name is not allowed
WFLYNAM0025
java.lang.IllegalStateException
Jndi entry '%s' is not yet registered in context '%s'
WFLYNAM0026
java.lang.IllegalStateException
Failed to destroy root context
WFLYNAM0027
javax.naming.NamingException
Failed instantiate %s %s from classloader %s
WFLYNAM0028
java.lang.String
Failed to read %s context entries.
WFLYNAM0029
java.lang.String
Failed to start %s
WFLYNAM0030
java.lang.RuntimeException
Illegal context in name: %s
WFLYNAM0032
javax.naming.NamingException
Invalid context reference. Not a '%s' reference.
WFLYNAM0033
java.lang.IllegalArgumentException
A valid JNDI name must be provided: %s
WFLYNAM0034
java.lang.IllegalArgumentException
Load factor must be greater than 0 and less than or equal to 1
WFLYNAM0035
java.lang.IllegalArgumentException
invalid permission, unknown action: %s
WFLYNAM0036
java.lang.IllegalArgumentException
invalid permission, unknown action: %s
WFLYNAM0037
java.lang.IllegalArgumentException
Can not have a negative size table!
WFLYNAM0038
java.lang.String
Jndi view is only available in runtime mode.
WFLYNAM0039
javax.naming.NameNotFoundException
Name '%s' not found in context '%s'
WFLYNAM0041
java.lang.IllegalArgumentException
%s is null
WFLYNAM0042
javax.naming.NamingException
Failed to create object factory from classloader.
WFLYNAM0043
javax.naming.OperationNotSupportedException
Naming context is read-only
WFLYNAM0044
java.lang.IllegalArgumentException
Service with name [%s] already bound.
WFLYNAM0045
java.lang.IllegalStateException
Table is full!
WFLYNAM0046
javax.naming.NamingException
Thread interrupted while retrieving service reference for service %s
Invalid binding name %s, name must start with one of %s
WFLYNAM0049
org.jboss.as.controller.OperationFailedException
Unknown binding type %s
WFLYNAM0050
org.jboss.as.controller.OperationFailedException
Unsupported simple binding type %s
WFLYNAM0051
org.jboss.as.controller.OperationFailedException
Unable to transform URL binding value %s
WFLYNAM0052
org.jboss.as.controller.OperationFailedException
Could not load module %s
WFLYNAM0053
org.jboss.as.controller.OperationFailedException
Could not load class %s from module %s
WFLYNAM0054
org.jboss.as.controller.OperationFailedException
Could not instantiate instance of class %s from module %s
WFLYNAM0055
org.jboss.as.controller.OperationFailedException
Class %s from module %s is not an instance of ObjectFactory
WFLYNAM0059
java.lang.RuntimeException
Resource lookup for injection failed: %s
WFLYNAM0060
org.jboss.as.controller.OperationFailedException
Binding type %s requires attribute named %s defined
WFLYNAM0061
org.jboss.as.controller.OperationFailedException
Binding type %s can not take a 'cache' attribute
WFLYNAM0062
javax.naming.NamingException
Failed to lookup %s
WFLYNAM0063
java.lang.IllegalStateException
%s service not started
WFLYNAM0064
org.jboss.as.controller.OperationFailedException
Cannot rebind external context lookup
WFLYNAM0065
org.jboss.as.controller.OperationFailedException
Could not load module %s - the module or one of its dependencies is missing [%s]
WFLYOIDC
Code
Level
Return Type
Message
WFLYOIDC0001
INFO
Activating WildFly Elytron OIDC Subsystem
WFLYOIDC0002
INFO
Elytron OIDC Client subsystem override for deployment '%s'
WFLYOIDC0003
java.lang.RuntimeException
Cannot remove credential. No credential defined for deployment '%s'
WFLYOIDC0004
java.lang.RuntimeException
Cannot update credential. No credential defined for deployment '%s'
WFLYOIDC0005
java.lang.RuntimeException
Cannot remove redirect rewrite rule. No redirect rewrite defined for deployment '%s'
WFLYOIDC0006
java.lang.RuntimeException
Cannot update redirect rewrite. No redirect rewrite defined for deployment '%s'
WFLYOIDC0007
org.jboss.as.controller.OperationFailedException
Must set 'resource' or 'client-id'
WFLYOIDC0008
WARN
The 'disable-trust-manager' attribute has been set to 'true' so no trust manager will be used when communicating with the OpenID provider over HTTPS. This value should always be set to 'false' in a production environment.
Deployment %s requires use of the '%s' capability but it is not currently registered
WFLYOTELEXT0005
ERROR
Error resolving the OpenTelemetry instance.
WFLYOTELEXT0008
java.lang.IllegalArgumentException
An unsupported exporter was specified: '%s'.
WFLYOTELEXT0009
ERROR
Error resolving the tracer.
WFLYOTELEXT0010
java.lang.IllegalArgumentException
An unsupported span processor was specified: '%s'.
WFLYOTELEXT0011
java.lang.IllegalArgumentException
Unrecognized value for sampler: '%s'.
WFLYOTELEXT0012
java.lang.IllegalArgumentException
Invalid ratio. Must be between 0.0 and 1.0 inclusive
WFLYPAT
Code
Level
Return Type
Message
WFLYPAT0000
java.lang.String
Conflicts detected
WFLYPAT0000
java.lang.IllegalStateException
failed to resolve a jboss.home.dir use the --distribution attribute to point to a valid installation
WFLYPAT0000
java.lang.IllegalStateException
No layers directory found at %s
WFLYPAT0000
java.lang.IllegalStateException
Cannot find layer '%s' under directory %s
WFLYPAT0000
java.lang.IllegalStateException
no associated module or bundle repository with layer '%s'
WFLYPAT0000
java.lang.IllegalStateException
Duplicate %s '%s'
WFLYPAT0000
java.lang.IllegalStateException
Not a directory %s
WFLYPAT0000
java.lang.IllegalStateException
patch types don't match
WFLYPAT0000
org.jboss.as.patching.PatchingException
invalid rollback information
WFLYPAT0001
WARN
Cannot delete file %s
WFLYPAT0002
WARN
Cannot invalidate %s
WFLYPAT0003
org.jboss.as.patching.PatchingException
Patch does not apply - expected (%s), but was (%s)
WFLYPAT0004
java.io.IOException
Failed to delete (%s)
WFLYPAT0005
java.io.IOException
Failed to create directory (%s)
WFLYPAT0008
java.lang.String
File at path specified by argument %s does not exist
WFLYPAT0011
org.jboss.as.patching.PatchingException
Cannot rollback patch (%s)
WFLYPAT0012
org.jboss.as.patching.PatchingException
Patch '%s' already applied
WFLYPAT0013
org.jboss.as.patching.PatchingException
There is no layer called %s installed
WFLYPAT0014
org.jboss.as.patching.PatchingException
Failed to resolve a valid patch descriptor for %s %s
WFLYPAT0015
org.jboss.as.patching.PatchingException
Requires patch '%s'
WFLYPAT0016
org.jboss.as.patching.PatchingException
Patch is incompatible with patch '%s'
WFLYPAT0017
org.jboss.as.patching.ContentConflictsException
Conflicts detected
WFLYPAT0018
java.io.SyncFailedException
copied content does not match expected hash for item: %s
WFLYPAT0019
java.lang.IllegalArgumentException
invalid patch name '%s'
WFLYPAT0020
java.lang.IllegalArgumentException
Cannot rollback. No patches applied.
WFLYPAT0021
org.jboss.as.patching.PatchingException
Patch '%s' not found in history.
WFLYPAT0023
org.jboss.as.controller.OperationFailedException
Failed to show history of patches
WFLYPAT0024
org.jboss.as.controller.OperationFailedException
Unable to apply or rollback a patch when the server is in a restart-required state.
WFLYPAT0025
java.lang.String
failed to load identity info
WFLYPAT0026
java.lang.String
No more patches
WFLYPAT0027
java.lang.String
No patch history %s
WFLYPAT0028
java.lang.String
Patch is missing file %s
WFLYPAT0029
java.lang.String
File is not readable %s
WFLYPAT0030
java.lang.String
Layer not found %s
WFLYPAT0031
ERROR
failed to undo change for: '%s'
WFLYPAT0032
java.lang.String
missing: '%s'
WFLYPAT0033
java.lang.String
inconsistent state: '%s'
WFLYPAT0034
java.lang.String
in error: '%s'
WFLYPAT0035
WARN
Cannot rename file %s
WFLYPAT0036
java.lang.IllegalStateException
Cannot process backup by renaming file %s
WFLYPAT0037
java.lang.IllegalStateException
Cannot process restore by renaming file %s
WFLYPAT0038
java.lang.IllegalStateException
Duplicate element patch-id (%s)
WFLYPAT0039
java.lang.String
Requested %s version %s did not match the installed version %s
WFLYPAT0040
java.lang.String
failed to load %s info
WFLYPAT0041
java.lang.String
Patch %s found in more than one stream: %s and %s
WFLYPAT0042
java.lang.String
Patch bundle is empty
WFLYPAT0043
org.jboss.as.patching.PatchingException
Content item type is missing in '%s'
WFLYPAT0044
java.lang.String
Unsupported content type '%s'
WFLYPAT0045
org.jboss.as.patching.PatchingException
Unrecognized condition format '%s'
WFLYPAT0046
org.jboss.as.patching.PatchingException
Cannot copy files to temporary directory %s: %s. Note that '-Djava.io.tmpdir' switch can be used to set different temporary directory.
WFLYPAT0047
java.io.IOException
Cannot copy files from %s to %s: %s
WFLYPAT0048
ERROR
Error when restoring file[%s] - %s
WFLYPAT0049
java.io.IOException
Some backup files were not removed.
WFLYPAT0050
INFO
%s cumulative patch ID is: %s, one-off patches include: %s
WFLYPAT0051
java.io.IOException
Invalid zip file. Found an entry that resolves to a path outside of the patch directory: %s
WFLYPC
Code
Level
Return Type
Message
WFLYPC0000
java.lang.String
Usage: %s [args...]%nwhere args include:
WFLYPC0000
java.lang.String
Keep a copy of the persistent domain configuration even if this host is not the Domain Controller. If ignore-unused-configuration is unset in host.xml, then the complete domain configuration will be stored, otherwise the configured value of ignore-unused-configuration will be used.
WFLYPC0000
java.lang.String
If this host is not the Domain Controller and cannot contact the Domain Controller at boot, a locally cached copy of the domain configuration is used for boot (if available, see --backup.) The Domain Controller is background polled until it becomes available. Note that starting a host with --cached-dc when the Domain Controller is available will cache a copy of the domain configuration even if --backup is not used.
WFLYPC0000
java.lang.String
Name of the domain configuration file to use (default is "domain.xml") (Same as -c)
WFLYPC0000
java.lang.String
Name of the domain configuration file to use (default is "domain.xml") (Same as --domain-config)
WFLYPC0000
java.lang.String
Name of the domain configuration file to use. This differs from '--domain-config', '-c' and '-domain-config' in that the initial file is never overwritten.
WFLYPC0000
java.lang.String
Display this message and exit
WFLYPC0000
java.lang.String
Address on which the host controller should listen for communication from the process controller
WFLYPC0000
java.lang.String
Port on which the host controller should listen for communication from the process controller
WFLYPC0000
java.lang.String
Name of the host configuration file to use (default is "host.xml")
WFLYPC0000
java.lang.String
Name of the host configuration file to use. This differs from '--host-config' in that the initial file is never overwritten.
WFLYPC0000
java.lang.String
Address on which the process controller listens for communication from processes it controls
WFLYPC0000
java.lang.String
Port on which the process controller listens for communication from processes it controls
WFLYPC0000
java.lang.String
Load system properties from the given url
WFLYPC0000
java.lang.String
Set a system property
WFLYPC0000
java.lang.String
Print version and exit
WFLYPC0000
java.lang.String
Set system property jboss.bind.address to the given value
WFLYPC0000
java.lang.String
Set system property jboss.bind.address. to the given value
WFLYPC0000
java.lang.String
Set system property jboss.default.multicast.address to the given value
WFLYPC0000
java.lang.String
Set the host controller's running type to ADMIN_ONLY causing it to open administrative interfaces and accept management requests but not start servers or, if this host controller is the primary for the domain, accept incoming connections from secondary host controllers.
WFLYPC0000
java.lang.String
Set system property jboss.domain.primary.address to the given value. In a default secondary Host Controller config, this is used to configure the address of the primary Host Controller.
WFLYPC0000
java.lang.String
Set system property jboss.domain.primary.port to the given value. In a default secondary Host Controller config, this is used to configure the port used for native management communication by the primary Host Controller.
WFLYPC0000
java.lang.String
Runs the server with a security manager installed.
WFLYPC0001
WARN
Attempted to reconnect non-existent process '%s'
WFLYPC0002
WARN
Attempted to remove non-existent process '%s'
WFLYPC0003
WARN
Attempted to start non-existent process '%s'
WFLYPC0004
WARN
Attempted to stop non-existent process '%s'
WFLYPC0005
WARN
Attempted to register duplicate named process '%s'
WFLYPC0006
WARN
Failed to send authentication key to process '%s': %s
WFLYPC0007
ERROR
Failed to send data bytes to process '%s' input stream
WFLYPC0008
ERROR
Failed to send reconnect message to process '%s' input stream
WFLYPC0009
ERROR
Failed to start process '%s'
WFLYPC0010
ERROR
Failed to write %s message to connection: %s
WFLYPC0011
INFO
Process '%s' finished with an exit status of %d
WFLYPC0012
WARN
Received connection with invalid version from %s
WFLYPC0013
WARN
Received unrecognized greeting code 0x%02x from %s
WFLYPC0014
WARN
Received connection with unknown credentials from %s
WFLYPC0015
WARN
Received unknown message with code 0x%02x
WFLYPC0016
INFO
All processes finished; exiting
WFLYPC0017
INFO
Shutting down process controller
WFLYPC0018
INFO
Starting process '%s'
WFLYPC0019
INFO
Stopping process '%s'
WFLYPC0020
ERROR
Stream processing failed for process '%s': %s
WFLYPC0021
INFO
Waiting %d seconds until trying to restart process %s.
WFLYPC0022
WARN
Failed to kill process '%s', trying to destroy the process instead.
WFLYPC0023
java.lang.String
No value was provided for argument %s
WFLYPC0025
java.lang.IllegalArgumentException
Authentication key must be 24 bytes long
WFLYPC0029
java.lang.IllegalArgumentException
%s length is invalid
WFLYPC0030
java.lang.IllegalArgumentException
Invalid option: %s
WFLYPC0031
java.lang.IllegalArgumentException
Command contains a null component
WFLYPC0033
ERROR
Failed to accept a connection
WFLYPC0034
ERROR
Failed to close resource %s
WFLYPC0035
ERROR
Failed to close the server socket %s
WFLYPC0036
ERROR
Failed to close a socket
WFLYPC0039
ERROR
Failed to handle incoming connection
WFLYPC0040
ERROR
Failed to handle socket failure condition
WFLYPC0041
ERROR
Failed to handle socket finished condition
WFLYPC0042
ERROR
Failed to handle socket shut down condition
WFLYPC0043
ERROR
Failed to read a message
WFLYPC0044
WARN
Leaked a message output stream; cleaning
WFLYPC0045
java.io.IOException
Failed to create server thread
WFLYPC0046
java.io.IOException
Failed to read object
WFLYPC0047
java.io.UTFDataFormatException
Invalid byte
WFLYPC0048
java.io.UTFDataFormatException
Invalid byte:%s(%d)
WFLYPC0049
java.io.IOException
Invalid byte token. Expecting '%s' received '%s'
WFLYPC0050
java.io.IOException
Invalid command byte read: %s
WFLYPC0051
java.io.IOException
Invalid start chunk start [%s]
WFLYPC0056
java.io.EOFException
Read %d bytes.
WFLYPC0058
java.io.IOException
Stream closed
WFLYPC0059
java.lang.IllegalStateException
Thread creation was refused
WFLYPC0060
java.io.EOFException
Unexpected end of stream
WFLYPC0061
java.io.IOException
Write channel closed
WFLYPC0062
java.io.IOException
Writes are already shut down
WFLYPC0063
INFO
Process '%s' did not complete normal stop within %d ms; attempting to kill process using OS calls
WFLYPC0064
INFO
Cannot locate process '%s' -- could not find the 'jps' command
WFLYPC0065
INFO
No process identifiable as '%s' could be found
WFLYPC0066
INFO
Multiple processes identifiable as '%s' found; OS level kill cannot be safely performed
WFLYPC0067
INFO
Process '%s' did not complete normal stop within %d ms; attempting to destroy process using java.lang.Process.destroyForcibly()
WFLYPL
Code
Level
Return Type
Message
WFLYPL0001
INFO
Activating PicketLink %s Subsystem
WFLYPL0003
INFO
Bound [%s] to [%s]
WFLYPL0007
java.lang.RuntimeException
Could not load module [%s].
WFLYPL0009
java.lang.RuntimeException
Could not load class [%s].
WFLYPL0010
org.jboss.as.controller.OperationFailedException
No type provided for %s. You must specify a class-name or code.
WFLYPL0012
org.jboss.as.controller.OperationFailedException
Attribute [%s] is not longer supported.
WFLYPL0013
org.jboss.as.controller.OperationFailedException
[%s] can only have [%d] child of type [%s].
WFLYPL0014
org.jboss.as.controller.OperationFailedException
Invalid attribute [%s] definition for [%s]. Only one of the following attributes are allowed: [%s].
WFLYPL0015
org.jboss.as.controller.OperationFailedException
Required attribute [%s] for [%s].
WFLYPL0016
org.jboss.as.controller.OperationFailedException
[%s] requires one of the given attributes [%s].
WFLYPL0017
java.lang.IllegalStateException
Type [%s] already defined.
WFLYPL0018
org.jboss.as.controller.OperationFailedException
[%s] can not be empty.
WFLYPL0019
org.jboss.as.controller.OperationFailedException
[%s] requires child [%s].
WFLYPL0054
org.jboss.as.controller.OperationFailedException
You must provide at least one identity configuration.
WFLYPL0055
org.jboss.as.controller.OperationFailedException
You must provide at least one identity store for identity configuration [%s].
WFLYPL0056
org.jboss.as.controller.OperationFailedException
No supported type provided.
WFLYPL0057
org.jboss.as.controller.OperationFailedException
No mapping was defined.
WFLYPL0101
org.jboss.as.controller.OperationFailedException
No type provided for the handler. You must specify a class-name or code.
WFLYPL0105
org.jboss.as.controller.OperationFailedException
The migrate operation can not be performed: the server must be in admin-only mode
Worker configuration is no longer used, please use endpoint worker configuration
WFLYRMT0023
java.lang.String
Only one of '%s' configuration or '%s' configuration is allowed
WFLYRMT0024
INFO
The remoting subsystem is present but no io subsystem was found. An io subsystem was not required when remoting schema '%s' was current but now is, so a default subsystem is being added.
WFLYRMT0025
org.jboss.as.controller.OperationFailedException
Can't remove %s as JMX uses it as a remoting endpoint
WFLYRMT0026
java.lang.String
Change of worker to '%s' in remoting might require the same change in linked resources depending on remoting and in definition of http(s) listeners.
WFLYRMT0027
org.jboss.msc.service.StartException
Failed to obtain SSLContext
WFLYRMT0028
org.jboss.as.controller.OperationFailedException
Invalid option '%s'.
WFLYRMT0029
org.jboss.as.controller.OperationFailedException
The use of security realms at runtime is unsupported.
WFLYRS
Code
Level
Return Type
Message
WFLYRS0001
WARN
%s annotation not on Class: %s
WFLYRS0002
WARN
%s annotation not on Class or Method: %s
WFLYRS0003
ERROR
More than one mapping found for Jakarta RESTful Web Services servlet: %s the second mapping %s will not work
Jakarta RESTful Web Services resource %s does not correspond to a view on the Jakarta Enterprise Beans %s. @Path annotations can only be placed on classes or interfaces that represent a local, remote or no-interface view of an Jakarta Enterprise Beans.
The context param org.jboss.as.jaxrs.disableSpringIntegration is deprecated, and will be removed in a future release. Please use org.jboss.as.jaxrs.enableSpringIntegration instead
WFLYRS0014
ERROR
Failed to register management view for REST resource class: %s
WFLYRS0015
WARN
No Servlet declaration found for Jakarta RESTful Web Services application. In %s either provide a class that extends jakarta.ws.rs.core.Application or declare a servlet class in web.xml.
WFLYRS0016
INFO
RESTEasy version %s
WFLYRS0017
WARN
Failed to read attribute from Jakarta RESTful Web Services deployment at %s with name %s
WFLYRS0018
WARN
Explicit usage of Jackson annotation in a Jakarta RESTful Web Services deployment; the system will disable Jakarta JSON Binding processing for the current deployment. Consider setting the '%s' property to 'false' to restore Jakarta JSON Binding.
WFLYRS0019
WARN
Error converting default value %s for parameter %s in method %s using param converter %s. Exception: %s : %s
WFLYRS0020
WARN
"Error converting default value %s for parameter %s in method %s using method %s. Exception: %s : %s"
WFLYRS0021
ERROR
%s %s
WFLYRS0022
org.jboss.as.controller.OperationFailedException
"Parameter %s is not a list"
WFLYRS0023
java.lang.String
Illegal value for parameter %s: %s
WFLYRS0029
WARN
The RESTEasy tracing API has been enabled for deployment "%s" and is not meant for production.
WFLYRS0030
java.lang.IllegalStateException
Invalid ConfigurationFactory found %s
WFLYRS0031
WARN
Failed to load RESTEasy MicroProfile Configuration: %s
WFLYRTS
Code
Level
Return Type
Message
WFLYRTS0001
java.lang.IllegalStateException
Can't import global transaction to wildfly transaction client.
WFLYRTS0002
ERROR
Cannot get transaction status on handling response context %s
Deployment configuration error: the following permissions are not implied by the maximum permissions set %s
WFLYSM0005
java.lang.String
Empty maximum sets are not understood in the target model version and must be rejected
WFLYSM0006
javax.xml.stream.XMLStreamException
Unexpected element '%s' encountered
WFLYSM0007
javax.xml.stream.XMLStreamException
Unexpected attribute '%s' encountered
WFLYSM0008
javax.xml.stream.XMLStreamException
Unexpected end of document
WFLYSM0009
javax.xml.stream.XMLStreamException
Missing required attribute(s): %s
WFLYSM0010
javax.xml.stream.XMLStreamException
Missing required element(s): %s
WFLYSM0011
javax.xml.stream.XMLStreamException
Unexpected content of type %s
WFLYSM0012
WARN
The following permission could not be constructed and will be ignored in the %s: (class="%s" name="%s" actions="%s")
WFLYSRV
Code
Level
Return Type
Message
WFLYSRV0000
java.lang.String
Name of the server configuration file to use (default is "standalone.xml") (Same as -c)
WFLYSRV0000
java.lang.String
Name of the server configuration file to use (default is "standalone.xml") (Same as --server-config)
WFLYSRV0000
java.lang.String
Name of the server configuration file to use. This differs from '--server-config' and '-c' in that the original file is never overwritten.
WFLYSRV0000
java.lang.String
Display this message and exit
WFLYSRV0000
java.lang.String
Load system properties from the given url
WFLYSRV0000
java.lang.String
Set a security property
WFLYSRV0000
java.lang.String
Set a system property
WFLYSRV0000
java.lang.String
Print version and exit
WFLYSRV0000
java.lang.String
Set system property jboss.bind.address to the given value
WFLYSRV0000
java.lang.String
Set system property jboss.bind.address. to the given value
WFLYSRV0000
java.lang.String
Set system property jboss.default.multicast.address to the given value
WFLYSRV0000
java.lang.String
Set the server's running type to ADMIN_ONLY causing it to open administrative interfaces and accept management requests but not start other runtime services or accept end user requests. Cannot be used in conjunction with --start-mode. Deprecated; use --start-mode=admin-only instead.
WFLYSRV0000
java.lang.String
Activate debug mode with an optional argument to specify the port. Only works if the launch script supports it.
WFLYSRV0000
java.lang.String
Runs the server with a security manager installed.
WFLYSRV0000
java.lang.String
Sets the start mode of the server, it can be either 'normal','admin-only' or 'suspend'. If this is 'suspend' the server will start in suspended mode, and will not service requests until it has been resumed. If this is started in admin-only mode the server will only open administrative interfaces and accept management requests but not start other runtime services or accept end user requests. Cannot be used in conjunction with --admin-only.
WFLYSRV0000
java.lang.String
Start the server gracefully, queuing or cleanly rejecting requests until the server is fully started
WFLYSRV0000
java.lang.String
The git repository to clone to get the server configuration.
WFLYSRV0000
java.lang.String
The git branch to use to get the server configuration. Default is 'master'
WFLYSRV0000
java.lang.String
The elytron configuration file for managing git credentials. Default is 'null'
WFLYSRV0000
java.lang.String
Configured system properties:
WFLYSRV0000
java.lang.String
VM Arguments: %s
WFLYSRV0000
java.lang.String
Configured system environment:
WFLYSRV0000
java.lang.String
Notification emitted when the process state changes
WFLYSRV0000
java.lang.String
The attribute '%s' has changed from '%s' to '%s'
WFLYSRV0000
java.lang.String
Repository initialized
WFLYSRV0000
java.lang.String
Adding .gitignore
WFLYSRV0000
java.lang.String
- Server configuration file in use: %s
WFLYSRV0000
java.lang.String
%s started in %dms - Started %d of %d services (%d services are lazy, passive or on-demand) %s
WFLYSRV0000
java.lang.String
%s started (with errors) in %dms - Started %d of %d services (%d services failed or missing dependencies, %d services are lazy, passive or on-demand) %s
WFLYSRV0001
WARN
%s in subdeployment ignored. jboss-deployment-structure.xml is only parsed for top level deployments.
WFLYSRV0002
WARN
Loading failed for the annotation index "%s" with the following exception: %s
WFLYSRV0003
WARN
Could not index class %s at %s
WFLYSRV0007
ERROR
Undeploy of deployment "%s" was rolled back with the following failure message: %s
WFLYSRV0008
ERROR
Undeploy of deployment "%s" was rolled back with no failure message
WFLYSRV0009
INFO
Undeployed "%s" (runtime-name: "%s")
WFLYSRV0010
INFO
Deployed "%s" (runtime-name : "%s")
WFLYSRV0011
ERROR
Redeploy of deployment "%s" was rolled back with the following failure message: %s
WFLYSRV0012
ERROR
Redeploy of deployment "%s" was rolled back with no failure message
WFLYSRV0013
INFO
Redeployed "%s"
WFLYSRV0014
ERROR
Replacement of deployment "%s" by deployment "%s" was rolled back with the following failure message: %s
WFLYSRV0015
ERROR
Replacement of deployment "%s" by deployment "%s" was rolled back with no failure message
WFLYSRV0016
INFO
Replaced deployment "%s" with deployment "%s"
WFLYSRV0017
WARN
Annotations import option %s specified in jboss-deployment-structure.xml for additional module %s has been ignored. Additional modules cannot import annotations.
WFLYSRV0018
WARN
Deployment "%s" is using a private module ("%s") which may be changed or removed in future versions without notice.
WFLYSRV0019
WARN
Deployment "%s" is using an unsupported module ("%s") which may be changed or removed in future versions without notice.
WFLYSRV0020
WARN
Exception occurred removing deployment content %s
WFLYSRV0021
ERROR
Deploy of deployment "%s" was rolled back with the following failure message: %s
WFLYSRV0022
ERROR
Deploy of deployment "%s" was rolled back with no failure message
WFLYSRV0023
WARN
Failed to parse property (%s), value (%s) as an integer
WFLYSRV0024
ERROR
Cannot add module '%s' as URLStreamHandlerFactory provider
WFLYSRV0025
INFO
%s
WFLYSRV0026
ERROR
%s
WFLYSRV0027
INFO
Starting deployment of "%s" (runtime-name: "%s")
WFLYSRV0028
INFO
Stopped deployment %s (runtime-name: %s) in %dms
WFLYSRV0034
WARN
No security realm or sasl server authentication defined for native management service; all access will be unrestricted.
WFLYSRV0035
WARN
No security realm or http server authentication defined for http management service; all access will be unrestricted.
WFLYSRV0039
INFO
Creating http management service using socket-binding (%s)
WFLYSRV0040
INFO
Creating http management service using secure-socket-binding (%s)
WFLYSRV0041
INFO
Creating http management service using socket-binding (%s) and secure-socket-binding (%s)
WFLYSRV0042
WARN
Caught exception closing input stream for uploaded deployment content
WFLYSRV0043
ERROR
Deployment unit processor %s unexpectedly threw an exception during undeploy phase %s of %s
WFLYSRV0045
WARN
Extension %s is missing the required manifest attribute %s-%s (skipping extension)
WFLYSRV0046
WARN
Extension %s URI syntax is invalid: %s
WFLYSRV0047
WARN
Could not find Extension-List entry %s referenced from %s
WFLYSRV0048
WARN
A server name configuration was provided both via system property %s ('%s') and via the xml configuration ('%s'). The xml configuration value will be used.
WFLYSRV0049
INFO
%s starting
WFLYSRV0050
INFO
%s stopped in %dms
WFLYSRV0051
INFO
Admin console listening on http://%s:%d
WFLYSRV0052
INFO
Admin console listening on https://%s:%d
WFLYSRV0053
INFO
Admin console listening on http://%s:%d and https://%s:%d
WFLYSRV0054
INFO
Admin console is not enabled
WFLYSRV0055
ERROR
Caught exception during boot
WFLYSRV0056
java.lang.String
Server boot has failed in an unrecoverable manner; exiting. See previous messages for details. %s
WFLYSRV0057
ERROR
No deployment content with hash %s is available in the deployment content repository for deployment %s. Because this Host Controller is booting in ADMIN-ONLY mode, boot will be allowed to proceed to provide administrators an opportunity to correct this problem. If this Host Controller were not in ADMIN-ONLY mode this would be a fatal boot failure.
WFLYSRV0058
WARN
Additional resource root %s added via jboss-deployment-structure.xml does not exist
WFLYSRV0059
WARN
Class Path entry %s in %s does not point to a valid jar for a Class-Path reference.
WFLYSRV0060
INFO
Http management interface listening on http://%s:%d/management
WFLYSRV0061
INFO
Http management interface listening on https://%s:%d/management
WFLYSRV0062
INFO
Http management interface listening on http://%s:%d/management and https://%s:%d/management
WFLYSRV0063
INFO
Http management interface is not enabled
WFLYSRV0064
WARN
urn:jboss:deployment-structure namespace found in jboss.xml for a sub deployment %s. This is only valid in a top level deployment.
WFLYSRV0065
WARN
Failed to unmount deployment overlay
WFLYSRV0067
WARN
jboss-deployment-dependencies cannot be used in a sub deployment, it must be specified at ear level: %s
WFLYSRV0068
ERROR
No deployment overlay content with hash %s is available in the deployment content repository for deployment %s at location %s. Because this Host Controller is booting in ADMIN-ONLY mode, boot will be allowed to proceed to provide administrators an opportunity to correct this problem. If this Host Controller were not in ADMIN-ONLY mode this would be a fatal boot failure.
WFLYSRV0070
INFO
Deployment restart detected for deployment %s, performing full redeploy instead.
WFLYSRV0071
WARN
The operating system has limited the number of open files to %d for this process; a value of at least 4096 is recommended
WFLYSRV0072
java.lang.String
Value expected for option %s
WFLYSRV0073
java.lang.String
Invalid option '%s'
WFLYSRV0074
java.lang.String
Malformed URL '%s' provided for option '%s'
WFLYSRV0075
java.lang.String
Unable to load properties from URL '%s'
WFLYSRV0079
java.lang.IllegalArgumentException
hostControllerName must be null if the server is not in a managed domain
WFLYSRV0080
java.lang.IllegalArgumentException
hostControllerName may not be null if the server is in a managed domain
WFLYSRV0081
org.jboss.as.controller.OperationFailedException
An IP address cannot be resolved using the given interface selection criteria. Failure was -- %s
WFLYSRV0082
org.jboss.msc.service.StartException
failed to resolve interface %s
WFLYSRV0083
org.jboss.msc.service.StartException
Failed to start the http-interface service
WFLYSRV0084
org.jboss.as.controller.OperationFailedException
No deployment content with hash %s is available in the deployment content repository.
WFLYSRV0085
org.jboss.as.controller.OperationFailedException
No deployment with name %s found
WFLYSRV0086
org.jboss.as.controller.OperationFailedException
Cannot use %s with the same value for parameters %s and %s. Use %s to redeploy the same content or %s to replace content with a new version with the same name.
Could not find the file repository connection to the host controller.
WFLYSRV0112
java.lang.IllegalArgumentException
Unknown mount type %s
WFLYSRV0113
org.jboss.msc.service.StartException
Failed to create temp file provider
WFLYSRV0115
org.jboss.as.controller.OperationFailedException
System property %s cannot be set via the xml configuration file or from a management client; it's value must be known at initial process start so it can only set from the command line
WFLYSRV0116
org.jboss.as.controller.OperationFailedException
System property %s cannot be set after the server name has been set via the xml configuration file or from a management client
WFLYSRV0117
java.lang.IllegalStateException
Unable to initialise a basic SSLContext '%s'
WFLYSRV0119
java.lang.IllegalStateException
Home directory does not exist: %s
WFLYSRV0121
java.lang.IllegalStateException
Configuration directory does not exist: %s
WFLYSRV0122
java.lang.IllegalStateException
Server base directory does not exist: %s
WFLYSRV0123
java.lang.IllegalStateException
Server data directory is not a directory: %s
WFLYSRV0124
java.lang.IllegalStateException
Could not create server data directory: %s
WFLYSRV0125
java.lang.IllegalStateException
Server content directory is not a directory: %s
WFLYSRV0126
java.lang.IllegalStateException
Could not create server content directory: %s
WFLYSRV0127
java.lang.IllegalStateException
Log directory is not a directory: %s
WFLYSRV0128
java.lang.IllegalStateException
Could not create log directory: %s
WFLYSRV0129
java.lang.IllegalStateException
Server temp directory does not exist: %s
WFLYSRV0130
java.lang.IllegalStateException
Could not create server temp directory: %s
WFLYSRV0131
java.lang.IllegalStateException
Controller temp directory does not exist: %s
WFLYSRV0132
java.lang.IllegalStateException
Could not create server temp directory: %s
WFLYSRV0133
java.lang.IllegalStateException
Domain base dir does not exist: %s
WFLYSRV0134
java.lang.IllegalStateException
Domain config dir does not exist: %s
WFLYSRV0135
java.lang.IllegalStateException
Server base directory is not a directory: %s
WFLYSRV0136
java.lang.IllegalStateException
Could not create server base directory: %s
WFLYSRV0137
org.jboss.as.controller.OperationFailedException
No deployment content with hash %s is available in the deployment content repository for deployment '%s'. This is a fatal boot error. To correct the problem, either restart with the --admin-only switch set and use the CLI to install the missing content or remove it from the configuration, or remove the deployment from the xml configuration file and restart.
WFLYSRV0138
java.lang.IllegalStateException
VFS is not available from the configured module loader
WFLYSRV0139
org.jboss.msc.service.ServiceNotFoundException
Server controller service was removed
WFLYSRV0140
java.lang.IllegalStateException
Root service was removed
WFLYSRV0141
java.lang.IllegalStateException
Cannot start server
WFLYSRV0143
java.lang.IllegalArgumentException
No directory called '%s' exists under '%s'
WFLYSRV0144
java.lang.IllegalArgumentException
-D%s=%s does not exist
WFLYSRV0145
java.lang.IllegalArgumentException
-D%s=%s is not a directory
WFLYSRV0146
java.lang.RuntimeException
Error copying '%s' to '%s'
WFLYSRV0147
java.io.InvalidObjectException
%s is null
WFLYSRV0148
java.io.InvalidObjectException
portOffset is out of range
WFLYSRV0149
org.jboss.as.controller.OperationFailedException
Invalid '%s' value: %d, the maximum index is %d
WFLYSRV0150
org.jboss.as.controller.OperationFailedException
Cannot create input stream from URL '%s'
WFLYSRV0151
org.jboss.as.controller.OperationFailedException
No bytes available at param %s
WFLYSRV0152
org.jboss.as.controller.OperationFailedException
Only 1 piece of content is current supported (AS7-431)
Failed to get content for deployment overlay %s at %s
WFLYSRV0198
org.jboss.as.controller.OperationFailedException
No deployment overlay content with hash %s is available in the deployment content repository for deployment overlay '%s' at location %s. This is a fatal boot error. To correct the problem, either restart with the --admin-only switch set and use the CLI to install the missing content or remove it from the configuration, or remove the deployment overlay from the xml configuration file and restart.
WFLYSRV0199
org.jboss.as.controller.OperationFailedException
No deployment overlay content with hash %s is available in the deployment content repository.
WFLYSRV0200
org.jboss.as.controller.OperationFailedException
Failed to read file %s
WFLYSRV0201
org.jboss.as.controller.OperationFailedException
Cannot have more than one of %s
WFLYSRV0202
org.jboss.as.controller.OperationFailedException
Unknown content item key: %s
WFLYSRV0203
org.jboss.as.controller.OperationFailedException
Cannot use %s when %s are used
WFLYSRV0204
org.jboss.as.controller.OperationFailedException
Null '%s'
WFLYSRV0205
org.jboss.as.controller.OperationFailedException
There is already a deployment called %s with the same runtime name %s
WFLYSRV0206
java.lang.IllegalStateException
Multiple deployment unit processors registered with priority %s and class %s
WFLYSRV0207
INFO
Starting subdeployment (runtime-name: "%s")
WFLYSRV0208
INFO
Stopped subdeployment (runtime-name: %s) in %dms
WFLYSRV0209
org.jboss.as.controller.OperationFailedException
When specifying a 'module' you also need to specify the 'code'
WFLYSRV0210
java.lang.IllegalStateException
Server is already paused
WFLYSRV0211
INFO
Suspending server with %d ms timeout.
WFLYSRV0212
INFO
Resuming server
WFLYSRV0213
WARN
Failed to connect to host-controller, retrying.
WFLYSRV0215
ERROR
Failed to resume activity %s. To resume normal operation it is recommended that you restart the server.
WFLYSRV0216
ERROR
Error cleaning obsolete content %s
WFLYSRV0219
WARN
%s deployment has been re-deployed, its content will not be removed. You will need to restart it.
WFLYSRV0220
INFO
Server shutdown has been requested via an OS signal
WFLYSRV0221
WARN
Deployment "%s" is using a deprecated module ("%s") which may be removed in future versions without notice.
WFLYSRV0222
java.lang.IllegalArgumentException
Illegal permission name '%s'
WFLYSRV0223
java.lang.IllegalArgumentException
Illegal permission actions '%s'
WFLYSRV0224
ERROR
Could not mount overlay %s as parent %s is not a directory
WFLYSRV0230
DEBUG
Vault is not initialized; resolution of vault expressions is not possible
WFLYSRV0231
java.lang.IllegalStateException
Could not read or create the server UUID in file: %s
WFLYSRV0232
org.jboss.as.controller.OperationFailedException
Could not get module info for module name: %s
WFLYSRV0233
java.lang.String
Undeployed "%s" (runtime-name: "%s")
WFLYSRV0234
java.lang.String
Deployed "%s" (runtime-name : "%s")
WFLYSRV0235
INFO
Security Manager is enabled
WFLYSRV0236
INFO
Suspending server with no timeout.
WFLYSRV0237
org.jboss.as.controller.OperationFailedException
It is not possible to use use-current-server-config=false while specifying a server-config
WFLYSRV0238
org.jboss.as.controller.OperationFailedException
server-config '%s' specified for reload could not be found
WFLYSRV0239
FATAL
Aborting with exit code %d
WFLYSRV0240
INFO
ProcessController has signalled to shut down; shutting down
WFLYSRV0241
INFO
Shutting down in response to management operation '%s'
WFLYSRV0242
org.jboss.as.controller.OperationFailedException
Cannot explode a deployment in a self-contained server
WFLYSRV0243
org.jboss.as.controller.OperationFailedException
Cannot explode an unmanaged deployment
WFLYSRV0244
org.jboss.as.controller.OperationFailedException
Cannot explode an already exploded deployment
WFLYSRV0245
org.jboss.as.controller.OperationFailedException
Cannot explode an already deployed deployment
WFLYSRV0246
org.jboss.as.controller.OperationFailedException
Cannot add content to a deployment in a self-contained server
WFLYSRV0247
org.jboss.as.controller.OperationFailedException
Cannot add content to an unmanaged deployment
WFLYSRV0248
org.jboss.as.controller.OperationFailedException
Cannot add content to an unexploded deployment
WFLYSRV0249
ERROR
Could not copy files from the managed content repository to the running deployment for %s
WFLYSRV0250
org.jboss.as.controller.OperationFailedException
Cannot remove content from a deployment in a self-contained server
WFLYSRV0251
org.jboss.as.controller.OperationFailedException
Cannot remove content from an unmanaged deployment
WFLYSRV0252
org.jboss.as.controller.OperationFailedException
Cannot remove content from an unexploded deployment
WFLYSRV0253
ERROR
Could not delete file %s from the running deployment %s
WFLYSRV0254
org.jboss.as.controller.OperationFailedException
Cannot read content from a deployment in a self-contained server
WFLYSRV0255
org.jboss.as.controller.OperationFailedException
Cannot read content from an unmanaged deployment
WFLYSRV0257
java.lang.IllegalArgumentException
Required system property '%s' not set
WFLYSRV0258
org.jboss.as.controller.OperationFailedException
Cannot explode a subdeployment of an unexploded deployment
WFLYSRV0259
org.jboss.as.controller.OperationFailedException
If attribute secure-socket-binding is defined ssl-context must also be defined
WFLYSRV0260
INFO
Starting server in suspended mode
WFLYSRV0261
java.lang.String
Boot complete
WFLYSRV0262
java.lang.String
You cannot set both --start-mode and --admin-only
WFLYSRV0263
java.lang.String
Unknown start mode %s
WFLYSRV0264
org.jboss.as.controller.OperationFailedException
Cannot specify both admin-only and start-mode
WFLYSRV0265
WARN
Invalid value '%s' for system property '%s' -- value must be a non-negative integer
WFLYSRV0267
javax.xml.stream.XMLStreamException
Cannot mount resource root '%s', is it really an archive?
WFLYSRV0268
java.lang.RuntimeException
Failed to pull the repository %s
WFLYSRV0269
java.lang.RuntimeException
Failed to initialize the repository %s
WFLYSRV0270
ERROR
Failed to publish configuration to %s
WFLYSRV0271
ERROR
Git error: %s
WFLYSRV0272
INFO
Suspending server
WFLYSRV0273
WARN
Excluded subsystem %s via jboss-deployment-structure.xml does not exist.
WFLYSRV0274
WARN
Excluded dependency %s via jboss-deployment-structure.xml does not exist.
WFLYSRV0275
java.lang.RuntimeException
Maximum number of allowed jar resources reached for global-directory module name '%s'. The maximum allowed is %d files
WFLYSRV0276
org.jboss.msc.service.StartException
There is an error in opening zip file %s
WFLYSRV0277
java.lang.RuntimeException
Failed to load SSH Credentials %s
WFLYSRV0278
INFO
The configuration history is managed through Git
WFLYSRV0279
INFO
Git initialized in %s
WFLYSRV0280
java.lang.IllegalArgumentException
Unable to initialise the git repository.
WFLYSRV0281
WARN
System property %s is set. This should only be used for standalone clients. Setting this on the server will override your profile configuration.
WFLYSRV0282
INFO
Server is starting with graceful startup disabled; external requests may receive failure responses until startup completes.
WFLYSRV0283
INFO
A non-graceful startup was requested in conjunction with a suspended startup. The server will start suspended.
WFLYSRV0284
java.lang.RuntimeException
Failed to restore the configuration after failing to initialize the repository %s
WFLYSRV0285
WARN
Vault support has been removed, no vault resources will be initialised.
The required service '%s' is not UP, it is currently '%s'.
WFLYSRV0293
WARN
The '%s' module alias has been added as a dependency to '%s' deployment via %s. While this is allowed, it is recommended to use its target module instead. Consider replacing this alias with its target module '%s'.
WFLYSRV0294
WARN
The '%s' module alias has been excluded from '%s' deployment via %s. While this is allowed, it is recommended to use its target module instead. Consider replacing this alias with its target module '%s'.
WFLYSRV0295
org.jboss.as.controller.OperationFailedException
No %s installation has been prepared.
WFLYSRV0296
java.lang.IllegalStateException
Authentication mechanism authentication is not yet complete
The '%s' attribute is no longer supported. The value [%f] of the '%s' attribute is being combined with the value [%f] of the '%s' attribute and the current processor count [%d] to derive a new value of [%d] for '%s'.
WFLYTHR0002
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0003
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0004
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0005
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0006
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0007
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0008
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0009
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0010
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0011
java.lang.IllegalStateException
The executor service hasn't been initialized.
WFLYTHR0012
java.lang.IllegalStateException
The executor service hasn't been initialized.
WFLYTHR0013
java.lang.IllegalStateException
The executor service hasn't been initialized.
WFLYTHR0014
java.lang.IllegalStateException
The thread factory service hasn't been initialized.
WFLYTHR0015
java.lang.IllegalStateException
The executor service hasn't been initialized.
WFLYTHR0016
org.jboss.as.controller.OperationFailedException
Service '%s' not found.
WFLYTHR0017
org.jboss.as.controller.OperationFailedException
Service '%s' not found.
WFLYTHR0018
org.jboss.as.controller.OperationFailedException
Service '%s' not found.
WFLYTHR0019
org.jboss.as.controller.OperationFailedException
Service '%s' not found.
WFLYTHR0020
org.jboss.as.controller.OperationFailedException
Service '%s' not found.
WFLYTHR0021
org.jboss.as.controller.OperationFailedException
Failed to locate executor service '%s'
WFLYTHR0024
org.jboss.as.controller.OperationFailedException
Missing '%s' for parameter '%s'
WFLYTHR0025
org.jboss.as.controller.OperationFailedException
Missing '%s' for parameter '%s'
WFLYTHR0027
javax.xml.stream.XMLStreamException
%s must be greater than or equal to zero
WFLYTHR0028
javax.xml.stream.XMLStreamException
%s must be greater than or equal to zero
WFLYTHR0029
org.jboss.as.controller.OperationFailedException
Missing '%s' for '%s'
WFLYTHR0030
org.jboss.as.controller.OperationFailedException
Failed to parse '%s', allowed values are: %s
WFLYTHR0031
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0032
org.jboss.as.controller.OperationFailedException
Service '%s' not found.
WFLYTHR0033
java.lang.IllegalStateException
The executor service hasn't been initialized.
WFLYTHR0034
java.lang.IllegalStateException
Unsupported metric '%s'
WFLYTRACEXT
Code
Level
Return Type
Message
WFLYTRACEXT0001
INFO
Activating MicroProfile OpenTracing Subsystem
WFLYTRACEXT0013
org.jboss.as.controller.OperationFailedException
The migrate operation cannot be performed: the server must be in admin-only mode
WFLYTRACEXT0014
java.lang.String
Migration failed. See results for more details.
WFLYTX
Code
Level
Return Type
Message
WFLYTX0001
ERROR
Unable to roll back active transaction
WFLYTX0002
ERROR
Unable to get transaction state
WFLYTX0003
ERROR
APPLICATION ERROR: transaction still active in request with status %s
WFLYTX0004
org.jboss.msc.service.StartException
Create failed
WFLYTX0005
org.jboss.msc.service.StartException
%s manager create failed
WFLYTX0006
org.jboss.msc.service.StartException
Failed to configure object store browser bean
WFLYTX0007
java.lang.IllegalStateException
Service not started
WFLYTX0008
org.jboss.msc.service.StartException
Start failed
WFLYTX0009
java.lang.String
Unknown metric %s
WFLYTX0010
java.lang.RuntimeException
MBean Server service not installed, this functionality is not available if the JMX subsystem has not been installed.
WFLYTX0012
org.jboss.as.controller.OperationFailedException
Attributes %s and %s are alternatives; both cannot be set with conflicting values.
WFLYTX0013
WARN
The %s attribute on the %s is set to the default value. This is a danger for environments running multiple servers. Please make sure the attribute value is unique.
WFLYTX0015
org.jboss.as.controller.OperationFailedException
Jndi names have to start with java:/ or java:jboss/
WFLYTX0023
org.jboss.as.controller.OperationFailedException
%s must be undefined if %s is 'true'.
WFLYTX0024
org.jboss.as.controller.OperationFailedException
%s must be defined if %s is defined.
WFLYTX0025
org.jboss.as.controller.OperationFailedException
Either %s must be 'true' or %s must be defined.
WFLYTX0026
WARN
The transaction %s could not be removed from the cache during cleanup.
WFLYTX0027
WARN
The pre-Jakarta Connectors synchronization %s associated with tx %s failed during after completion
WFLYTX0028
WARN
The Jakarta Connectors synchronization %s associated with tx %s failed during after completion
WFLYTX0029
java.lang.IllegalStateException
Syncs are not allowed to be registered when the tx is in state %s
WFLYTX0030
java.lang.IllegalStateException
Indexed child resources can only be registered if the parent resource supports ordered children. The parent of '%s' is not indexed
WFLYTX0031
javax.xml.stream.XMLStreamException
The attribute '%s' is no longer supported
WFLYTX0032
org.jboss.as.controller.OperationFailedException
%s must be defined if %s is 'true'.
WFLYTX0033
org.jboss.as.controller.OperationFailedException
Only one of %s and %s can be 'true'.
WFLYTX0034
DEBUG
relative_to property of the object-store is set to the default value with jboss.server.data.dir
WFLYTX0035
jakarta.resource.spi.work.WorkCompletedException
Cannot find or import inflow transaction for xid %s and work %s
WFLYTX0036
jakarta.resource.spi.work.WorkCompletedException
Imported Jakarta Connectors inflow transaction with xid %s of work %s is inactive
WFLYTX0037
jakarta.resource.spi.work.WorkCompletedException
Unexpected error on resuming transaction %s for work %s
WFLYTX0038
java.lang.RuntimeException
Unexpected error on suspending transaction for work %s
WFLYTX0039
WARN
A value of zero is not permitted for the maximum timeout, as such the timeout has been set to %s
WFLYTX0040
java.lang.IllegalStateException
There is no active transaction at the current context to register synchronization '%s'
WFLYTXLRACOORD
Code
Level
Return Type
Message
WFLYTXLRACOORD0001
INFO
Activating MicroProfile LRA Coordinator Subsystem
WFLYTXLRACOORD0002
org.jboss.msc.service.StartException
LRA recovery service start failed
WFLYTXLRACOORD0003
INFO
Starting Narayana MicroProfile LRA Coordinator available at path %s/lra-coordinator
WFLYTXLRACOORD0004
ERROR
Failed to stop Narayana MicroProfile LRA Coordinator at path %s/lra-coordinator
WFLYTXLRAPARTICIPANT
Code
Level
Return Type
Message
WFLYTXLRAPARTICIPANT0001
INFO
Activating MicroProfile LRA Participant Subsystem with system property (lra.coordinator.url) value as %s
WFLYTXLRAPARTICIPANT0002
INFO
Starting Narayana MicroProfile LRA Participant Proxy available at path %s/lra-participant-narayana-proxy
WFLYTXLRAPARTICIPANT0003
WARN
The CDI marker file cannot be created
WFLYTXLRAPARTICIPANT0004
ERROR
Failed to stop Narayana MicroProfile LRA Participant Proxy at path %s//lra-participant-narayana-proxy
WFLYUT
Code
Level
Return Type
Message
WFLYUT0001
ERROR
Could not initialize Jakarta Server Pages
WFLYUT0003
INFO
Undertow %s starting
WFLYUT0004
INFO
Undertow %s stopping
WFLYUT0005
WARN
Secure listener for protocol: '%s' not found! Using non secure port!
WFLYUT0006
INFO
Undertow %s listener %s listening on %s:%d
WFLYUT0007
INFO
Undertow %s listener %s stopped, was bound to %s:%d
WFLYUT0008
INFO
Undertow %s listener %s suspending
WFLYUT0009
INFO
Could not load class designated by HandlesTypes [%s].
WFLYUT0010
WARN
Could not load web socket endpoint %s.
WFLYUT0011
WARN
Could not load web socket application config %s.
WFLYUT0012
INFO
Started server %s.
WFLYUT0013
WARN
Could not create redirect URI.
WFLYUT0014
INFO
Creating file handler for path '%s' with options [directory-listing: '%s', follow-symlink: '%s', case-sensitive: '%s', safe-symlink-paths: '%s']
WFLYUT0016
WARN
Could not resolve name in absolute ordering: %s
WFLYUT0017
WARN
Could not delete servlet temp file %s
WFLYUT0018
INFO
Host %s starting
WFLYUT0019
INFO
Host %s stopping
WFLYUT0020
WARN
Clustering not supported, falling back to non-clustered session manager
WFLYUT0021
INFO
Registered web context: '%s' for server '%s'
WFLYUT0022
INFO
Unregistered web context: '%s' from server '%s'
WFLYUT0023
INFO
Skipped SCI for jar: %s.
WFLYUT0024
WARN
Failed to persist session attribute %s with value %s for session %s
WFLYUT0027
java.lang.String
Failed to parse XML descriptor %s at [%s,%s]
WFLYUT0028
java.lang.String
Failed to parse XML descriptor %s
WFLYUT0029
java.lang.String
@WebServlet is only allowed at class level %s
WFLYUT0030
java.lang.String
@WebInitParam requires name and value on %s
WFLYUT0031
java.lang.String
@WebFilter is only allowed at class level %s
WFLYUT0032
java.lang.String
@WebListener is only allowed at class level %s
WFLYUT0033
java.lang.String
@RunAs needs to specify a role name on %s
WFLYUT0034
java.lang.String
@DeclareRoles needs to specify role names on %s
WFLYUT0035
java.lang.String
@MultipartConfig is only allowed at class level %s
WFLYUT0036
java.lang.String
@ServletSecurity is only allowed at class level %s
WFLYUT0037
java.lang.RuntimeException
%s has the wrong component type, it cannot be used as a web component
mod_cluster advertise socket binding requires multicast address to be set
WFLYUT0074
ERROR
Could not find TLD %s
WFLYUT0075
java.lang.IllegalArgumentException
Cannot register resource of type %s
WFLYUT0076
java.lang.IllegalArgumentException
Cannot remove resource of type %s
WFLYUT0077
ERROR
Error invoking secure response
WFLYUT0078
ERROR
Failed to register management view for websocket %s at %s
WFLYUT0079
java.lang.IllegalStateException
No SSL Context available from security realm '%s'. Either the realm is not configured for SSL, or the server has not been reloaded since the SSL config was added.
WFLYUT0080
WARN
Valves are no longer supported, %s is not activated.
WFLYUT0081
WARN
The deployment %s will not be distributable because this feature is disabled in web-fragment.xml of the module %s.
WFLYUT0082
org.jboss.msc.service.StartException
Could not start '%s' listener.
WFLYUT0083
java.lang.String
%s is not allowed to be null
WFLYUT0087
java.lang.IllegalArgumentException
Duplicate default web module '%s' configured on server '%s', host '%s'
WFLYUT0089
java.lang.String
Predicate %s was not valid, message was: %s
WFLYUT0090
java.lang.IllegalArgumentException
Key alias %s does not exist in the configured key store
WFLYUT0091
java.lang.IllegalArgumentException
Key store entry %s is not a private key entry
WFLYUT0092
java.lang.IllegalArgumentException
Credential alias %s does not exist in the configured credential store
WFLYUT0093
java.lang.IllegalArgumentException
Credential %s is not a clear text password
WFLYUT0094
WARN
Configuration option [%s] ignored when using Elytron subsystem
WFLYUT0095
java.lang.String
the path ['%s'] doesn't exist on file system
WFLYUT0097
java.lang.String
If http-upgrade is enabled, remoting worker and http(s) worker must be the same. Please adjust values if need be.
The deployment is configured to use legacy security which is no longer available.
WFLYUT0109
org.jboss.msc.service.StartException
The deployment is configured to use legacy security which is no longer supported.
WFLYUT0110
org.jboss.as.controller.OperationFailedException
The use of security realms at runtime is unsupported.
WFLYUT0111
WARN
The annotation: '%s' will have no effect on Servlet: '%s'
WFLYWELD
Code
Level
Return Type
Message
WFLYWELD-001
DEBUG
Discovered %s
WFLYWELD0000
DEBUG
Unable to load annotation %s
WFLYWELD0001
ERROR
Failed to setup Weld contexts
WFLYWELD0002
ERROR
Failed to tear down Weld contexts
WFLYWELD0003
INFO
Processing weld deployment %s
WFLYWELD0005
ERROR
Could not find BeanManager for deployment %s
WFLYWELD0006
DEBUG
Starting Services for Jakarta Contexts and Dependency Injection deployment: %s
WFLYWELD0007
WARN
Could not load portable extension class %s
WFLYWELD0008
WARN
@Resource injection of type %s is not supported for non-Jakarta Enterprise Beans components. Injection point: %s
WFLYWELD0009
DEBUG
Starting weld service for deployment %s
WFLYWELD0010
DEBUG
Stopping weld service for deployment %s
WFLYWELD0011
WARN
Warning while parsing %s:%s %s
WFLYWELD0012
WARN
Warning while parsing %s:%s %s
WFLYWELD0013
WARN
Deployment %s contains Jakarta Contexts and Dependency Injection annotations but no bean archive was found (no beans.xml or class with bean defining annotations was present).
WFLYWELD0014
ERROR
Exception tearing down thread state
WFLYWELD0016
ERROR
Could not read entries
WFLYWELD0017
WARN
URL scanner does not understand the URL protocol %s, Jakarta Contexts and Dependency Injection beans will not be scanned.
WFLYWELD0018
WARN
Found both WEB-INF/beans.xml and WEB-INF/classes/META-INF/beans.xml. It is not portable to use both locations at the same time. Weld is going to use the former location for this deployment.
Service %s didn't implement the jakarta.enterprise.inject.spi.Extension interface
WFLYWELD0022
java.lang.IllegalArgumentException
View of type %s not found on Jakarta Enterprise Beans %s
WFLYWELD0030
java.lang.IllegalArgumentException
Unknown interceptor class for Jakarta Contexts and Dependency Injection %s
WFLYWELD0031
java.lang.IllegalArgumentException
%s cannot be null
WFLYWELD0032
java.lang.IllegalArgumentException
Injection point represents a method which doesn't follow JavaBean conventions (must have exactly one parameter) %s
WFLYWELD0033
java.lang.IllegalArgumentException
%s annotation not found on %s
WFLYWELD0034
java.lang.IllegalStateException
Could not resolve @EJB injection for %s on %s
WFLYWELD0035
java.lang.IllegalStateException
Resolved more than one Jakarta Enterprise Beans for @EJB injection of %s on %s. Found %s
WFLYWELD0036
java.lang.IllegalArgumentException
Could not determine bean class from injection point type of %s
WFLYWELD0037
java.lang.IllegalArgumentException
Error injecting persistence unit into Jakarta Contexts and Dependency Injection managed bean. Can't find a persistence unit named '%s' in deployment %s for injection point %s
WFLYWELD0038
java.lang.IllegalStateException
Could not inject SecurityManager, security is not enabled
WFLYWELD0039
java.lang.IllegalStateException
Singleton not set for %s. This means that you are trying to access a weld deployment with a Thread Context ClassLoader that is not associated with the deployment.
WFLYWELD0040
java.lang.IllegalStateException
%s is already running
WFLYWELD0041
java.lang.IllegalStateException
%s is not started
WFLYWELD0043
java.lang.IllegalArgumentException
BeanDeploymentArchive with id %s not found in deployment
WFLYWELD0044
java.lang.IllegalArgumentException
Error injecting resource into Jakarta Contexts and Dependency Injection managed bean. Can't find a resource named %s
WFLYWELD0045
java.lang.IllegalArgumentException
Cannot determine resource name. Both jndiName and mappedName are null
WFLYWELD0046
java.lang.IllegalArgumentException
Cannot inject injection point %s
WFLYWELD0047
java.lang.IllegalStateException
%s cannot be used at runtime
WFLYWELD0048
java.lang.String
These attributes must be 'true' for use with CDI 1.0 '%s'
WFLYWELD0049
java.lang.IllegalArgumentException
Error injecting resource into Jakarta Contexts and Dependency Injection managed bean. Can't find a resource named %s defined on %s
Using deployment classloader to load proxy classes for module %s. Package-private access will not work. To fix this the module should declare dependencies on %s
WFLYWELD0053
java.lang.IllegalStateException
Component interceptor support not available for: %s
WFLYWELD0054
WARN
Could not read provided index of an external bean archive: %s
WFLYWELD0055
WARN
Could not index class [%s] from an external bean archive: %s
WFLYWELD0056
java.lang.IllegalStateException
Weld is not initialized yet
WFLYWELD0057
java.lang.IllegalStateException
Persistence unit '%s' failed.
WFLYWELD0058
java.lang.IllegalStateException
Persistence unit '%s' removed.
WFLYWELDEJB
Code
Level
Return Type
Message
WFLYWELDEJB0001
jakarta.ejb.NoSuchEJBException
EJB has been removed: %s
WFLYWS
Code
Level
Return Type
Message
WFLYWS0001
WARN
Cannot load WS deployment aspects from %s
WFLYWS0002
INFO
Activating WebServices Extension
WFLYWS0003
INFO
Starting %s
WFLYWS0004
INFO
Stopping %s
WFLYWS0005
FATAL
Error while creating configuration service
WFLYWS0006
ERROR
Error while destroying configuration service
WFLYWS0007
WARN
Could not read WSDL from: %s
WFLYWS0008
WARN
[JAXWS 2.2 spec, section 7.7] The @WebService and @WebServiceProvider annotations are mutually exclusive - %s won't be considered as a webservice endpoint, since it doesn't meet that requirement
WFLYWS0009
WARN
WebService endpoint class cannot be final - %s won't be considered as a webservice endpoint
WFLYWS0010
WARN
Ignoring without and : %s
WFLYWS0011
ERROR
Cannot register record processor in JMX server
WFLYWS0012
ERROR
Cannot unregister record processor from JMX server
WFLYWS0013
INFO
MBeanServer not available, skipping registration/unregistration of %s
WFLYWS0014
WARN
Multiple Enterprise Beans 3 endpoints in the same deployment with different declared security roles; be aware this might be a security risk if you're not controlling allowed roles (@RolesAllowed) on each ws endpoint method.
WFLYWS0015
ERROR
Cannot register endpoint: %s in JMX server
WFLYWS0016
ERROR
Cannot unregister endpoint: %s from JMX server
WFLYWS0017
WARN
Invalid handler chain file: %s
WFLYWS0018
ERROR
Web service method %s must not be static or final. See section 5.3.2.4.2 of "Jakarta Enterprise Web Services 2.0".
WFLYWS0019
ERROR
Web service method %s must be public. See section 5.3.2.4.2 of "Jakarta Enterprise Web Services 2.0".
WFLYWS0020
ERROR
Web service implementation class %s does not contain method %s
WFLYWS0021
ERROR
Web service implementation class %s does not contain an accessible method %s
WFLYWS0022
ERROR
Web service implementation class %s may not declare a finalize() method. See section 5.3.2.4.2 of "Jakarta Enterprise Web Services 2.0".
WFLYWS0023
java.lang.NullPointerException
Null endpoint name
WFLYWS0024
java.lang.NullPointerException
Null endpoint class
WFLYWS0025
java.lang.IllegalStateException
Cannot resolve module or classloader for deployment %s
WFLYWS0026
jakarta.xml.ws.WebServiceException
Handler chain config file %s not found in %s
WFLYWS0027
java.lang.IllegalStateException
Unexpected element: %s
WFLYWS0028
java.lang.IllegalStateException
Unexpected end tag: %s
WFLYWS0029
java.lang.IllegalStateException
Reached end of xml document unexpectedly
WFLYWS0030
java.lang.IllegalStateException
Could not find class attribute for deployment aspect
WFLYWS0031
java.lang.IllegalStateException
Could not create a deployment aspect of class: %s
WFLYWS0032
java.lang.IllegalStateException
Could not find property name attribute for deployment aspect: %s
WFLYWS0033
java.lang.IllegalStateException
Could not find property class attribute for deployment aspect: %s
WFLYWS0034
java.lang.IllegalArgumentException
Unsupported property class: %s
WFLYWS0035
java.lang.IllegalStateException
Could not create list of type: %s
WFLYWS0036
java.lang.IllegalStateException
Could not create map of type: %s
WFLYWS0037
java.lang.String
No metrics available
WFLYWS0038
java.lang.IllegalStateException
Cannot find component view: %s
WFLYWS0039
java.io.IOException
Child '%s' not found for VirtualFile: %s
WFLYWS0040
java.lang.Exception
Failed to create context
WFLYWS0041
java.lang.Exception
Failed to start context
WFLYWS0042
java.lang.Exception
Failed to stop context
WFLYWS0043
java.lang.Exception
Failed to destroy context
WFLYWS0044
java.lang.IllegalStateException
Cannot create servlet delegate: %s
WFLYWS0045
java.lang.IllegalStateException
Cannot obtain deployment property: %s
WFLYWS0046
java.lang.IllegalStateException
Multiple security domains not supported. First domain: '%s' second domain: '%s'
WFLYWS0047
java.lang.IllegalArgumentException
Web Service endpoint %s with URL pattern %s is already registered. Web service endpoint %s is requesting the same URL pattern.
%s library (%s) detected in ws endpoint deployment; either provide a proper deployment replacing embedded libraries with container module dependencies or disable the webservices subsystem for the current deployment adding a proper jboss-deployment-structure.xml descriptor to it. The former approach is recommended, as the latter approach causes most of the webservices Jakarta EE and any JBossWS specific functionality to be disabled.
Could not update WS server configuration because of existing WS deployment on the server.
WFLYWS0065
WARN
Annotation '@%s' found on class '%s'. Perhaps you forgot to add a '%s' module dependency to your deployment?
WFLYWS0066
org.jboss.wsf.spi.WSFException
Servlet class %s declared in web.xml; either provide a proper deployment relying on JBossWS or disable the webservices subsystem for the current deployment adding a proper jboss-deployment-structure.xml descriptor to it. The former approach is recommended, as the latter approach causes most of the webservices Jakarta EE and any JBossWS specific functionality to be disabled.
WFLYWS0067
ERROR
Could not activate the webservices subsystem.
WFLYWS0068
WARN
A potentially problematic %s library (%s) detected in ws endpoint deployment; Check if this library can be replaced with container module
WFLYWS0070
DEBUG
Authorization failed for user: %s
WFLYWS0071
DEBUG
Failed to authenticate username %s:, incorrect username/password
WFLYWS0072
DEBUG
Error occured when authenticate username %s. Exception message: %s
WFLYWS0073
java.lang.IllegalStateException
The target endpoint %s is undeploying or stopped
WFLYWS0074
java.lang.IllegalStateException
The deployment is configured to use legacy security which is no longer supported.
WFLYXTS
Code
Level
Return Type
Message
WFLYXTS0001
org.jboss.msc.service.StartException
TxBridge inbound recovery service start failed
WFLYXTS0002
org.jboss.msc.service.StartException
TxBridge outbound recovery service start failed
WFLYXTS0003
org.jboss.msc.service.StartException
XTS service start failed
WFLYXTS0004
java.lang.IllegalStateException
Service not started
WFLYXTS0009
WARN
Rejecting call because it is not part of any XTS transaction
WFLYXTS0010
ERROR
Cannot get transaction status on handling context %s
WFNAM
Code
Level
Return Type
Message
WFNAM-0001
TRACE
Service configuration failure loading naming providers
Renaming from "%s" to "%s" across providers is not supported
WFNAM00015
javax.naming.NotContextException
Composite name segment "%s" does not refer to a context
WFNAM00016
DEBUG
Closing context "%s" failed
WFNAM00017
javax.naming.CommunicationException
No JBoss Remoting endpoint has been configured
WFNAM00018
javax.naming.CommunicationException
Failed to connect to remote host
WFNAM00019
javax.naming.InterruptedNamingException
Naming operation interrupted
WFNAM00020
javax.naming.CommunicationException
Remote naming operation failed
WFNAM00022
javax.naming.CommunicationException
The server provided no compatible protocol versions
WFNAM00023
javax.naming.CommunicationException
Received an invalid response from the server
WFNAM00024
javax.naming.OperationNotSupportedException
Naming operation not supported
WFNAM00025
INFO
org.jboss.naming.remote.client.InitialContextFactory is deprecated; new applications should use org.wildfly.naming.client.WildFlyInitialContextFactory instead
WFNAM00026
javax.naming.OperationNotSupportedException
No provider for found for URI: %s
WFNAM00029
javax.naming.CommunicationException
Invalid leading bytes in header
WFNAM00031
java.io.IOException
Outcome not understood
WFNAM00032
javax.naming.AuthenticationException
Peer authentication failed
WFNAM00033
javax.naming.AuthenticationException
Connection sharing not supported
WFNAM00034
ERROR
Unexpected parameter type - expected: %d received: %d
WFNAM00035
ERROR
Failed to send exception response to client
WFNAM00036
WARN
Unexpected internal error
WFNAM00037
ERROR
null correlationId so error not sent to client
WFNAM00038
java.io.IOException
Unrecognized messageId
WFNAM00039
ERROR
Unable to send header, closing channel
WFNAM00040
java.lang.IllegalArgumentException
Unsupported protocol version [ %d ]
WFNAM00041
ERROR
Error determining version selected by client
WFNAM00043
java.lang.RuntimeException
Unable to load callback handler class "%s"
WFNAM00044
javax.naming.NamingException
Unable to instantiate callback handler instance of type "%s"
WFNAM00049
INFO
Usage of the legacy "remote.connections" property is deprecated; please use javax.naming.Context#PROVIDER_URL instead
WFNAM00051
WARN
Provider URLs already given via standard mechanism; ignoring legacy property-based connection configuration
WFNAM00052
javax.naming.ConfigurationException
Invalid value given for property "%s": "%s" is not numeric
+
+
\ No newline at end of file
diff --git a/29/wildscribe/path/index.html b/29/wildscribe/path/index.html
index f338306bb..a3c2d4221 100644
--- a/29/wildscribe/path/index.html
+++ b/29/wildscribe/path/index.html
@@ -1,45 +1,11 @@
- WildFly Full 29 Model Reference
name The name of the path. Cannot be one of the standard fixed paths provided by the system: jboss.home - the root directory of the JBoss AS distribution; user.home - user's home directory; user.dir - user's current working directory; java.home - java installation directory; jboss.server.base.dir - root directory for an individual server instance. Note that the system provides other standard paths that can be overridden by declaring them in the configuration file. See the 'relative-to' attribute documentation for a complete list of standard paths.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
path The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
read-only True if added by the system, false if configured by user. If true, the path cannot be removed or modified.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution; user.home - user's home directory; user.dir - user's current working directory; java.home - java installation directory; jboss.server.base.dir - root directory for an individual server instance; jboss.server.data.dir - directory the server will use for persistent data file storage; jboss.server.log.dir - directory the server will use for log file storage; jboss.server.tmp.dir - directory the server will use for temporary file storage; jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
relative-to
STRING
false
false
The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution; user.home - user's home directory; user.dir - user's current working directory; java.home - java installation directory; jboss.server.base.dir - root directory for an individual server instance; jboss.server.data.dir - directory the server will use for persistent data file storage; jboss.server.log.dir - directory the server will use for log file storage; jboss.server.tmp.dir - directory the server will use for temporary file storage; jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
path-info Obtain the informations for a filesystem path.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
unit
STRING
false
false
BYTES
Disk space unit to display disk usage.
Reply properties
Filesystem path for which to obtain disk usage.
type
OBJECT
Value Type
{
- "used-space" => {
- "type" => DOUBLE,
- "description" => "The total size of the contents of a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "unit" => "BYTES"
- },
- "creation-time" => {
- "type" => STRING,
- "description" => "The creation time of a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "last-modified" => {
- "type" => STRING,
- "description" => "The last modified time of a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "resolved-path" => {
- "type" => STRING,
- "description" => "The resolved filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "available-space" => {
- "type" => DOUBLE,
- "description" => "The total size of available space for the partition containing a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "unit" => "BYTES"
- }
-}
+
+
\ No newline at end of file
diff --git a/29/wildscribe/socket-binding-group/index.html b/29/wildscribe/socket-binding-group/index.html
index d5f6790c9..7ea3b2370 100644
--- a/29/wildscribe/socket-binding-group/index.html
+++ b/29/wildscribe/socket-binding-group/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/socket-binding-group/local-destination-outbound-socket-binding/index.html b/29/wildscribe/socket-binding-group/local-destination-outbound-socket-binding/index.html
index b9f89623f..240dea099 100644
--- a/29/wildscribe/socket-binding-group/local-destination-outbound-socket-binding/index.html
+++ b/29/wildscribe/socket-binding-group/local-destination-outbound-socket-binding/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/socket-binding-group/remote-destination-outbound-socket-binding/index.html b/29/wildscribe/socket-binding-group/remote-destination-outbound-socket-binding/index.html
index 3e84fed1f..13e459948 100644
--- a/29/wildscribe/socket-binding-group/remote-destination-outbound-socket-binding/index.html
+++ b/29/wildscribe/socket-binding-group/remote-destination-outbound-socket-binding/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/socket-binding-group/socket-binding/index.html b/29/wildscribe/socket-binding-group/socket-binding/index.html
index cc2f2ddf4..d6c79b9c7 100644
--- a/29/wildscribe/socket-binding-group/socket-binding/index.html
+++ b/29/wildscribe/socket-binding-group/socket-binding/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
bound Whether an actual socket using this socket binding configuration has been bound.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
bound-address The address to which the actual socket using this socket binding configuration has been bound, or undefined if no socket has been bound.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
bound-port The port to which the actual socket using this socket binding configuration has been bound, or undefined if no socket has been bound.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Min
1
Max
2,147,483,647
Storage
runtime
Access Type
read-only
client-mappings Specifies zero or more client mappings for this socket binding. A client connecting to this socket should use the destination address specified in the mapping that matches its desired outbound interface. This allows for advanced network topologies that use either network address translation, or have bindings on multiple network interfaces to function. Each mapping should be evaluated in declared order, with the first successful match used to determine the destination.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
fixed-port Whether the port value should remain fixed even if numeric offsets are applied to the other sockets in the socket group.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
interface Name of the interface to which the socket should be bound, or, for multicast sockets, the interface on which it should listen. This should be one of the declared interfaces.
multicast-address Multicast address on which the socket should receive multicast traffic. If unspecified, the socket will not be configured to receive multicast.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
multicast-port Port on which the socket should receive multicast traffic. Must be configured if 'multicast-address' is configured.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
65,535
Storage
configuration
Access Type
read-write
Restart Required
all-services
name The name of the socket. Services which need to access the socket configuration information will find it using this name.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
port Number of the port to which the socket should be bound.
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
65,535
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add Adds a socket binding configuration to the group.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
client-mappings
LIST
false
false
Specifies zero or more client mappings for this socket binding. A client connecting to this socket should use the destination address specified in the mapping that matches its desired outbound interface. This allows for advanced network topologies that use either network address translation, or have bindings on multiple network interfaces to function. Each mapping should be evaluated in declared order, with the first successful match used to determine the destination.
fixed-port
BOOLEAN
false
true
false
Whether the port value should remain fixed even if numeric offsets are applied to the other sockets in the socket group.
interface
STRING
false
true
Name of the interface to which the socket should be bound, or, for multicast sockets, the interface on which it should listen. This should be one of the declared interfaces.
multicast-address
STRING
false
true
Multicast address on which the socket should receive multicast traffic. If unspecified, the socket will not be configured to receive multicast.
multicast-port
INT
false
true
Port on which the socket should receive multicast traffic. Must be configured if 'multicast-address' is configured.
port
INT
false
true
0
Number of the port to which the socket should be bound.
remove Removes a socket binding configuration from the group.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/batch-jberet/in-memory-job-repository/index.html b/29/wildscribe/subsystem/batch-jberet/in-memory-job-repository/index.html
index 1727671e0..1b3b51c24 100644
--- a/29/wildscribe/subsystem/batch-jberet/in-memory-job-repository/index.html
+++ b/29/wildscribe/subsystem/batch-jberet/in-memory-job-repository/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/batch-jberet/index.html b/29/wildscribe/subsystem/batch-jberet/index.html
index 93178e08c..cdebd96f8 100644
--- a/29/wildscribe/subsystem/batch-jberet/index.html
+++ b/29/wildscribe/subsystem/batch-jberet/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
jdbc-job-repository A job repository that stores job information in a database.
thread-factory The thread factory used for the thread-pool.
thread-pool The thread pool used for batch jobs. Note that the max-thread attribute should always be greater than 3. Two threads are reserved to ensure partition jobs can execute.
restart-jobs-on-resume If set to true when a resume operation has been invoked after a suspend operation any jobs stopped during the suspend will be restarted. A value of false will leave the jobs in a stopped state.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
security-domain References the security domain for batch jobs. This can only be defined if the Elytron subsystem is available.
If set to true when a resume operation has been invoked after a suspend operation any jobs stopped during the suspend will be restarted. A value of false will leave the jobs in a stopped state.
security-domain
STRING
false
false
References the security domain for batch jobs. This can only be defined if the Elytron subsystem is available.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/batch-jberet/jdbc-job-repository/index.html b/29/wildscribe/subsystem/batch-jberet/jdbc-job-repository/index.html
index 808aa3b05..5927edb24 100644
--- a/29/wildscribe/subsystem/batch-jberet/jdbc-job-repository/index.html
+++ b/29/wildscribe/subsystem/batch-jberet/jdbc-job-repository/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/batch-jberet/thread-factory/index.html b/29/wildscribe/subsystem/batch-jberet/thread-factory/index.html
index 40bf7cb09..6b4ca15a5 100644
--- a/29/wildscribe/subsystem/batch-jberet/thread-factory/index.html
+++ b/29/wildscribe/subsystem/batch-jberet/thread-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
priority May be used to specify the thread priority of created threads.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
10
Storage
configuration
Access Type
read-write
Restart Required
no-services
thread-name-pattern The template used to create names for threads. The following patterns may be used: %% - emit a percent sign %t - emit the per-factory thread sequence number %g - emit the global thread sequence number %f - emit the factory sequence number %i - emit the thread ID.
Specifies the name of a thread group to create for this thread factory.
priority
INT
false
true
May be used to specify the thread priority of created threads.
thread-name-pattern
STRING
false
true
The template used to create names for threads. The following patterns may be used: %% - emit a percent sign %t - emit the per-factory thread sequence number %g - emit the global thread sequence number %f - emit the factory sequence number %i - emit the thread ID.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/batch-jberet/thread-pool/index.html b/29/wildscribe/subsystem/batch-jberet/thread-pool/index.html
index 4c24a9cb6..59e563eb0 100644
--- a/29/wildscribe/subsystem/batch-jberet/thread-pool/index.html
+++ b/29/wildscribe/subsystem/batch-jberet/thread-pool/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The thread pool used for batch jobs. Note that the max-thread attribute should always be greater than 3. Two threads are reserved to ensure partition jobs can execute.
keepalive-time Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
largest-thread-count The largest number of threads that have ever simultaneously been in the pool.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
max-threads The maximum thread pool size. Note this should always be greater than 3. Two threads are reserved to ensure partition jobs can execute as expected.
rejected-count The number of tasks that have been rejected.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
task-count The approximate total number of tasks that have ever been scheduled for execution.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
thread-factory Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
max-threads
INT
true
true
The maximum thread pool size. Note this should always be greater than 3. Two threads are reserved to ensure partition jobs can execute as expected.
thread-factory
STRING
false
false
Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/bean-validation/index.html b/29/wildscribe/subsystem/bean-validation/index.html
index c00f53ba7..54e83ac6b 100644
--- a/29/wildscribe/subsystem/bean-validation/index.html
+++ b/29/wildscribe/subsystem/bean-validation/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/core-management/index.html b/29/wildscribe/subsystem/core-management/index.html
index d955a75ad..860e94724 100644
--- a/29/wildscribe/subsystem/core-management/index.html
+++ b/29/wildscribe/subsystem/core-management/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/core-management/process-state-listener/index.html b/29/wildscribe/subsystem/core-management/process-state-listener/index.html
index 6a03158cc..21adc655d 100644
--- a/29/wildscribe/subsystem/core-management/process-state-listener/index.html
+++ b/29/wildscribe/subsystem/core-management/process-state-listener/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/core-management/service/configuration-changes/index.html b/29/wildscribe/subsystem/core-management/service/configuration-changes/index.html
index c74ebe272..aecc56cd1 100644
--- a/29/wildscribe/subsystem/core-management/service/configuration-changes/index.html
+++ b/29/wildscribe/subsystem/core-management/service/configuration-changes/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/datasources-agroal/datasource/index.html b/29/wildscribe/subsystem/datasources-agroal/datasource/index.html
index 813fec261..fa4e2c72b 100644
--- a/29/wildscribe/subsystem/datasources-agroal/datasource/index.html
+++ b/29/wildscribe/subsystem/datasources-agroal/datasource/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/datasources-agroal/driver/index.html b/29/wildscribe/subsystem/datasources-agroal/driver/index.html
index df245d904..159ffb806 100644
--- a/29/wildscribe/subsystem/datasources-agroal/driver/index.html
+++ b/29/wildscribe/subsystem/datasources-agroal/driver/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/datasources-agroal/index.html b/29/wildscribe/subsystem/datasources-agroal/index.html
index fbcddb8fb..838fe10c0 100644
--- a/29/wildscribe/subsystem/datasources-agroal/index.html
+++ b/29/wildscribe/subsystem/datasources-agroal/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/datasources-agroal/xa-datasource/index.html b/29/wildscribe/subsystem/datasources-agroal/xa-datasource/index.html
index 22811edeb..2b90abb72 100644
--- a/29/wildscribe/subsystem/datasources-agroal/xa-datasource/index.html
+++ b/29/wildscribe/subsystem/datasources-agroal/xa-datasource/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/datasources/data-source/ExampleDS/connection-properties/index.html b/29/wildscribe/subsystem/datasources/data-source/ExampleDS/connection-properties/index.html
index b923847c8..37b5b8129 100644
--- a/29/wildscribe/subsystem/datasources/data-source/ExampleDS/connection-properties/index.html
+++ b/29/wildscribe/subsystem/datasources/data-source/ExampleDS/connection-properties/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The connection-properties element allows you to pass in arbitrary connection properties to the Driver.connect(url, props) method
Attributes (1)
value Each connection-property specifies a string name/value pair with the property name coming from the name attribute and the value coming from the element content
Each connection-property specifies a string name/value pair with the property name coming from the name attribute and the value coming from the element content
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/datasources/data-source/ExampleDS/index.html b/29/wildscribe/subsystem/datasources/data-source/ExampleDS/index.html
index d5f48fe26..85f422487 100644
--- a/29/wildscribe/subsystem/datasources/data-source/ExampleDS/index.html
+++ b/29/wildscribe/subsystem/datasources/data-source/ExampleDS/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allocation-retry The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
allocation-retry-wait-millis The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
allow-multiple-users Specifies if multiple users will access the datasource through the getConnection(user, password) method and hence if the internal pool type should account for that
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
background-validation An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
background-validation-millis The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value can be done only on disabled datasource, requires a server restart otherwise
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
blocking-timeout-wait-millis The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time
capacity-incrementer-properties Properties to be injected in class defining the policy for incrementing connections in the pool
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
check-valid-connection-sql Specify an SQL statement to check validity of a pool connection. This may be called when managed connection is obtained from the pool
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
connectable Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
connection-listener-class Speciefies class name extending org.jboss.jca.adapters.jdbc.spi.listener.ConnectionListener that provides a possible to listen for connection activation and passivation in order to perform actions before the connection is returned to the application or returned to the pool.
credential-reference Credential (from Credential Store) to authenticate on data source
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
datasource-class The fully qualified name of the JDBC datasource class
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
driver-class The fully qualified name of the JDBC driver class
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
driver-name Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
elytron-enabled Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enabled Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Deprecated Since 3.0.0
Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enlistment-trace Defines if WildFly/IronJacamar should record enlistment traces
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
exception-sorter-class-name An org.jboss.jca.adapters.jdbc.ExceptionSorter that provides an isExceptionFatal(SQLException) method to validate if an exception should broadcast an error
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
exception-sorter-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ExceptionSorter available
idle-timeout-minutes The idle-timeout-minutes elements specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
MINUTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
initial-pool-size The initial-pool-size element indicates the initial number of connections a pool should hold.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
jndi-name Specifies the JNDI name for the datasource
security-domain Specifies the PicketBox security domain which defines the PicketBox javax.security.auth.Subject that are used to distinguish connections in the pool
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
set-tx-query-timeout Whether to set the query timeout based on the time remaining until transaction timeout. Any configured query timeout will be used if there is no transaction
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
share-prepared-statements Whether to share prepared statements, i.e. whether asking for same statement twice without closing uses the same underlying prepared statement
stale-connection-checker-class-name An org.jboss.jca.adapters.jdbc.StaleConnectionChecker that provides an isStaleConnection(SQLException) method which if it returns true will wrap the exception in an org.jboss.jca.adapters.jdbc.StaleConnectionException
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
stale-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.StaleConnectionChecker available
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
track-statements Whether to check for unclosed statements when a connection is returned to the pool, result sets are closed, a statement is closed or return to the prepared statement cache. Valid values are: "false" - do not track statements, "true" - track statements and result sets and warn when they are not closed, "nowarn" - track statements but do not warn about them being unclosed
Attribute
Value
Default Value
NOWARN
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
tracking Defines if IronJacamar should track connection handles across transaction boundaries
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
transaction-isolation Set the java.sql.Connection transaction isolation level. Valid values are: TRANSACTION_READ_UNCOMMITTED, TRANSACTION_READ_COMMITTED, TRANSACTION_REPEATABLE_READ, TRANSACTION_SERIALIZABLE and TRANSACTION_NONE. Different values are used to set customLevel using TransactionIsolation#customLevel
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
url-delimiter Specifies the delimiter for URLs in connection-url for HA datasources
use-ccm Enable the use of a cached connection manager
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-fast-fail Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false)
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-java-context Setting this to false will bind the datasource into global JNDI
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-try-lock Any configured timeout for internal locks on the resource adapter objects in seconds
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
user-name Specify the user name used when creating a new connection
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
valid-connection-checker-class-name An org.jboss.jca.adapters.jdbc.ValidConnectionChecker that provides an isValidConnection(Connection) method to validate a connection. If an exception is returned that means the connection is invalid. This overrides the check-valid-connection-sql element
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
valid-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ValidConnectionChecker available
validate-on-match The validate-on-match element specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation
The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception
allocation-retry-wait-millis
LONG
false
true
The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection
allow-multiple-users
BOOLEAN
false
true
false
Specifies if multiple users will access the datasource through the getConnection(user, password) method and hence if the internal pool type should account for that
authentication-context
STRING
false
false
The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
background-validation
BOOLEAN
false
true
An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
background-validation-millis
LONG
false
true
The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value can be done only on disabled datasource, requires a server restart otherwise
blocking-timeout-wait-millis
LONG
false
true
The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time
capacity-decrementer-class
STRING
false
true
Class defining the policy for decrementing connections in the pool
capacity-decrementer-properties
OBJECT
false
true
Properties to be injected in class defining the policy for decrementing connections in the pool
capacity-incrementer-class
STRING
false
true
Class defining the policy for incrementing connections in the pool
capacity-incrementer-properties
OBJECT
false
true
Properties to be injected in class defining the policy for incrementing connections in the pool
check-valid-connection-sql
STRING
false
true
Specify an SQL statement to check validity of a pool connection. This may be called when managed connection is obtained from the pool
connectable
BOOLEAN
false
true
false
Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
connection-listener-class
STRING
false
true
Speciefies class name extending org.jboss.jca.adapters.jdbc.spi.listener.ConnectionListener that provides a possible to listen for connection activation and passivation in order to perform actions before the connection is returned to the application or returned to the pool.
connection-listener-property
OBJECT
false
true
Properties to be injected in class specidied in connection-listener-class
connection-url
STRING
false
true
The JDBC driver connection URL
credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate on data source
datasource-class
STRING
false
true
The fully qualified name of the JDBC datasource class
driver-class
STRING
false
true
The fully qualified name of the JDBC driver class
driver-name
STRING
true
true
Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
elytron-enabled
BOOLEAN
false
true
false
Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
enabled
BOOLEAN
false
true
true
Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
enlistment-trace
BOOLEAN
false
true
false
Defines if WildFly/IronJacamar should record enlistment traces
exception-sorter-class-name
STRING
false
true
An org.jboss.jca.adapters.jdbc.ExceptionSorter that provides an isExceptionFatal(SQLException) method to validate if an exception should broadcast an error
exception-sorter-module
STRING
false
true
The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ExceptionSorter available
exception-sorter-properties
OBJECT
false
true
The exception sorter properties
flush-strategy
STRING
false
true
FailingConnectionOnly
Specifies how the pool should be flush in case of an error.
idle-timeout-minutes
LONG
false
true
The idle-timeout-minutes elements specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
initial-pool-size
INT
false
true
The initial-pool-size element indicates the initial number of connections a pool should hold.
jndi-name
STRING
true
true
Specifies the JNDI name for the datasource
jta
BOOLEAN
false
true
true
Enable Jakarta Transactions integration
max-pool-size
INT
false
true
20
The max-pool-size element specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool
Defines the ManagedConnectionPool implementation, f.ex. org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool
min-pool-size
INT
false
true
0
The min-pool-size element specifies the minimum number of connections for a pool
new-connection-sql
STRING
false
true
Specifies an SQL statement to execute whenever a connection is added to the connection pool
password
STRING
false
true
Specifies the password used when creating a new connection
pool-fair
BOOLEAN
false
true
true
Defines if pool use should be fair
pool-prefill
BOOLEAN
false
true
false
Should the pool be prefilled. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
pool-use-strict-min
BOOLEAN
false
true
false
Specifies if the min-pool-size should be considered strictly
prepared-statements-cache-size
LONG
false
true
The number of prepared statements per connection in an LRU cache
query-timeout
LONG
false
true
Any configured query timeout in seconds. If not provided no timeout will be set
reauth-plugin-class-name
STRING
false
true
The fully qualified class name of the reauthentication plugin implementation
reauth-plugin-properties
OBJECT
false
true
The properties for the reauthentication plugin
security-domain
STRING
false
true
Specifies the PicketBox security domain which defines the PicketBox javax.security.auth.Subject that are used to distinguish connections in the pool
set-tx-query-timeout
BOOLEAN
false
true
false
Whether to set the query timeout based on the time remaining until transaction timeout. Any configured query timeout will be used if there is no transaction
share-prepared-statements
BOOLEAN
false
true
false
Whether to share prepared statements, i.e. whether asking for same statement twice without closing uses the same underlying prepared statement
spy
BOOLEAN
false
true
false
Enable spying of SQL statements
stale-connection-checker-class-name
STRING
false
true
An org.jboss.jca.adapters.jdbc.StaleConnectionChecker that provides an isStaleConnection(SQLException) method which if it returns true will wrap the exception in an org.jboss.jca.adapters.jdbc.StaleConnectionException
stale-connection-checker-module
STRING
false
true
The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.StaleConnectionChecker available
stale-connection-checker-properties
OBJECT
false
true
The stale connection checker properties
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled or not.
track-statements
STRING
false
true
NOWARN
Whether to check for unclosed statements when a connection is returned to the pool, result sets are closed, a statement is closed or return to the prepared statement cache. Valid values are: "false" - do not track statements, "true" - track statements and result sets and warn when they are not closed, "nowarn" - track statements but do not warn about them being unclosed
tracking
BOOLEAN
false
true
false
Defines if IronJacamar should track connection handles across transaction boundaries
transaction-isolation
STRING
false
true
Set the java.sql.Connection transaction isolation level. Valid values are: TRANSACTION_READ_UNCOMMITTED, TRANSACTION_READ_COMMITTED, TRANSACTION_REPEATABLE_READ, TRANSACTION_SERIALIZABLE and TRANSACTION_NONE. Different values are used to set customLevel using TransactionIsolation#customLevel
url-delimiter
STRING
false
true
Specifies the delimiter for URLs in connection-url for HA datasources
url-selector-strategy-class-name
STRING
false
true
A class that implements org.jboss.jca.adapters.jdbc.URLSelectorStrategy
use-ccm
BOOLEAN
false
true
true
Enable the use of a cached connection manager
use-fast-fail
BOOLEAN
false
true
false
Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false)
use-java-context
BOOLEAN
false
true
true
Setting this to false will bind the datasource into global JNDI
use-try-lock
LONG
false
true
Any configured timeout for internal locks on the resource adapter objects in seconds
user-name
STRING
false
true
Specify the user name used when creating a new connection
valid-connection-checker-class-name
STRING
false
true
An org.jboss.jca.adapters.jdbc.ValidConnectionChecker that provides an isValidConnection(Connection) method to validate a connection. If an exception is returned that means the connection is invalid. This overrides the check-valid-connection-sql element
valid-connection-checker-module
STRING
false
true
The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ValidConnectionChecker available
valid-connection-checker-properties
OBJECT
false
true
The valid connection checker properties
validate-on-match
BOOLEAN
false
true
The validate-on-match element specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation
disable Disable the data-source. Note this operation will not be supported runtime in next versions.
Deprecated Since 3.0.0
Disable the data-source. Note this operation will not be supported runtime in next versions.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/datasources/data-source/ExampleDS/statistics/jdbc/index.html b/29/wildscribe/subsystem/datasources/data-source/ExampleDS/statistics/jdbc/index.html
index 4cc04b042..ae32d0124 100644
--- a/29/wildscribe/subsystem/datasources/data-source/ExampleDS/statistics/jdbc/index.html
+++ b/29/wildscribe/subsystem/datasources/data-source/ExampleDS/statistics/jdbc/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/datasources/data-source/ExampleDS/statistics/pool/index.html b/29/wildscribe/subsystem/datasources/data-source/ExampleDS/statistics/pool/index.html
index 185f27f2e..0b5c85aff 100644
--- a/29/wildscribe/subsystem/datasources/data-source/ExampleDS/statistics/pool/index.html
+++ b/29/wildscribe/subsystem/datasources/data-source/ExampleDS/statistics/pool/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/datasources/index.html b/29/wildscribe/subsystem/datasources/index.html
index 3bc5e74a9..8bc2237aa 100644
--- a/29/wildscribe/subsystem/datasources/index.html
+++ b/29/wildscribe/subsystem/datasources/index.html
@@ -1,233 +1,11 @@
- WildFly Full 29 Model Reference
Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
Reply properties
type
OBJECT
Value Type
{
- "deployment-name" => {
- "type" => STRING,
- "description" => "The name of the deployment unit from which the driver was loaded",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L,
- "deprecated" => {
- "since" => "6.0.0",
- "reason" => "This attribute is no longer used"
- }
- },
- "driver-module-name" => {
- "type" => STRING,
- "description" => "The name of the module from which the driver was loaded, if it was loaded from the module path",
- "expressions-allowed" => true,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "module-slot" => {
- "type" => STRING,
- "description" => "The slot of the module from which the driver was loaded, if it was loaded from the module path",
- "expressions-allowed" => true,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "driver-class-name" => {
- "type" => STRING,
- "description" => "The fully qualified class name of the java.sql.Driver implementation",
- "expressions-allowed" => true,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "driver-datasource-class-name" => {
- "type" => STRING,
- "description" => "The fully qualified class name of the javax.sql.DataSource implementation",
- "expressions-allowed" => true,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "driver-xa-datasource-class-name" => {
- "type" => STRING,
- "description" => "The fully qualified class name of the javax.sql.XADataSource implementation",
- "expressions-allowed" => true,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "driver-major-version" => {
- "type" => INT,
- "description" => "The driver's major version number",
- "expressions-allowed" => true,
- "required" => false,
- "nillable" => true
- },
- "driver-minor-version" => {
- "type" => INT,
- "description" => "The driver's minor version number",
- "expressions-allowed" => true,
- "required" => false,
- "nillable" => true
- },
- "jdbc-compliant" => {
- "type" => BOOLEAN,
- "description" => "Whether or not the driver is JDBC compliant",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "deprecated" => {
- "since" => "6.0.0",
- "reason" => "This attribute is no longer used"
- }
- },
- "profile" => {
- "type" => STRING,
- "description" => "Domain Profile in which driver is defined. Null in case of standalone server",
- "expressions-allowed" => true,
- "required" => false,
- "nillable" => true,
- "min-length" => 1L,
- "max-length" => 2147483647L,
- "deprecated" => {
- "since" => "4.0.0",
- "reason" => "The server's profile can be determined by the profile-name attribute on the server's root resource."
- }
- },
- "driver-name" => {
- "type" => STRING,
- "description" => "Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "datasource-class-info" => {
- "type" => LIST,
- "description" => "The available properties for the datasource-class, and xa-datasource-class for the jdbc-driver",
- "expressions-allowed" => false,
- "required" => false,
- "nillable" => true,
- "min-length" => 0L,
- "max-length" => 2147483647L,
- "value-type" => OBJECT
- }
-}
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/datasources/jdbc-driver/index.html b/29/wildscribe/subsystem/datasources/jdbc-driver/index.html
index 5cfca3428..074466013 100644
--- a/29/wildscribe/subsystem/datasources/jdbc-driver/index.html
+++ b/29/wildscribe/subsystem/datasources/jdbc-driver/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
driver-module-name The name of the module from which the driver was loaded, if it was loaded from the module path
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-only
driver-name Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
The name of the deployment unit from which the driver was loaded
driver-class-name
STRING
false
true
The fully qualified class name of the java.sql.Driver implementation
driver-datasource-class-name
STRING
false
true
The fully qualified class name of the javax.sql.DataSource implementation
driver-major-version
INT
false
true
The driver's major version number
driver-minor-version
INT
false
true
The driver's minor version number
driver-module-name
STRING
true
true
The name of the module from which the driver was loaded, if it was loaded from the module path
driver-name
STRING
false
false
Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
driver-xa-datasource-class-name
STRING
false
true
The fully qualified class name of the javax.sql.XADataSource implementation
jdbc-compliant
BOOLEAN
false
false
Whether or not the driver is JDBC compliant
module-slot
STRING
false
true
The slot of the module from which the driver was loaded, if it was loaded from the module path
profile
STRING
false
true
Domain Profile in which driver is defined. Null in case of standalone server
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/datasources/xa-data-source/index.html b/29/wildscribe/subsystem/datasources/xa-data-source/index.html
index e98f9f458..fffaeb097 100644
--- a/29/wildscribe/subsystem/datasources/xa-data-source/index.html
+++ b/29/wildscribe/subsystem/datasources/xa-data-source/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allocation-retry The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
allocation-retry-wait-millis The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
allow-multiple-users Specifies if multiple users will access the datasource through the getConnection(user, password) method and hence if the internal pool type should account for that
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
background-validation An element to specify that connections should be validated on a background thread versus being validated prior to use.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
background-validation-millis The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
blocking-timeout-wait-millis The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time
check-valid-connection-sql Specify an SQL statement to check validity of a pool connection. This may be called when managed connection is obtained from the pool
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
connectable Enable the use of CMR for this datasource. This feature means that a local resource can reliably participate in an XA transaction.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
connection-listener-class Speciefies class name extending org.jboss.jca.adapters.jdbc.spi.listener.ConnectionListener that provides a possible to listen for connection activation and passivation in order to perform actions before the connection is returned to the application or returned to the pool.
credential-reference Credential (from Credential Store) to authenticate on data source
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
driver-name Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
elytron-enabled Enables Elytron security for handling authentication of connections for recovery. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enabled Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Deprecated Since 3.0.0
Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enlistment-trace Defines if WildFly/IronJacamar should record enlistment traces
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
exception-sorter-class-name An org.jboss.jca.adapters.jdbc.ExceptionSorter that provides an isExceptionFatal(SQLException) method to validate if an exception should broadcast an error
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
exception-sorter-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ExceptionSorter available
idle-timeout-minutes The idle-timeout-minutes elements specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
MINUTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
initial-pool-size The initial-pool-size element indicates the initial number of connections a pool should hold.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
interleaving An element to enable interleaving for XA connections
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
jndi-name Specifies the JNDI name for the datasource
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-pool-size The max-pool-size element specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool
Attribute
Value
Default Value
20
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
mcp Defines the ManagedConnectionPool implementation, f.ex. org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool
min-pool-size The min-pool-size element specifies the minimum number of connections for a pool
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
new-connection-sql Specifies an SQL statement to execute whenever a connection is added to the connection pool
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
no-recovery Specifies if the connection pool should be excluded from recovery
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
no-tx-separate-pool Oracle does not like XA connections getting used both inside and outside a Jakarta Transactions transaction. To workaround the problem you can create separate sub-pools for the different contexts
recovery-authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
recovery-elytron-enabled Enables Elytron security for handling authentication of connections for recovery. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
same-rm-override The is-same-rm-override element allows one to unconditionally set whether the javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-domain Specifies the PicketBox security domain which defines the javax.security.auth.Subject that are used to distinguish connections in the pool
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
set-tx-query-timeout Whether to set the query timeout based on the time remaining until transaction timeout. Any configured query timeout will be used if there is no transaction
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
share-prepared-statements Whether to share prepared statements, i.e. whether asking for same statement twice without closing uses the same underlying prepared statement
stale-connection-checker-class-name An org.jboss.jca.adapters.jdbc.StaleConnectionChecker that provides an isStaleConnection(SQLException) method which if it returns true will wrap the exception in an org.jboss.jca.adapters.jdbc.StaleConnectionException
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
stale-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.StaleConnectionChecker available
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
track-statements Whether to check for unclosed statements when a connection is returned to the pool, result sets are closed, a statement is closed or return to the prepared statement cache. Valid values are: "false" - do not track statements, "true" - track statements and result sets and warn when they are not closed, "nowarn" - track statements but do not warn about them being unclosed
Attribute
Value
Default Value
NOWARN
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
tracking Defines if IronJacamar should track connection handles across transaction boundaries
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
transaction-isolation Set the java.sql.Connection transaction isolation level. Valid values are: TRANSACTION_READ_UNCOMMITTED, TRANSACTION_READ_COMMITTED, TRANSACTION_REPEATABLE_READ, TRANSACTION_SERIALIZABLE and TRANSACTION_NONE. Different values are used to set customLevel using TransactionIsolation#customLevel.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
url-delimiter Specifies the delimiter for URLs in connection-url for HA datasources
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
url-property Specifies the property for the URL property in the xa-datasource-property values
use-ccm Enable the use of a cached connection manager
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-fast-fail Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false)
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-java-context Setting this to false will bind the datasource into global JNDI
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-try-lock Any configured timeout for internal locks on the resource adapter objects in seconds
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
user-name Specify the user name used when creating a new connection
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
valid-connection-checker-class-name An org.jboss.jca.adapters.jdbc.ValidConnectionChecker that provides an isValidConnection(Connection) method to validate a connection. If an exception is returned that means the connection is invalid. This overrides the check-valid-connection-sql element
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
valid-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ValidConnectionChecker available
validate-on-match The validate-on-match element specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
wrap-xa-resource Should the XAResource instances be wrapped in an org.jboss.tm.XAResourceWrapper instance
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
xa-datasource-class The fully qualified name of the javax.sql.XADataSource implementation
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
xa-resource-timeout The value is passed to XAResource.setTransactionTimeout(), in seconds. Default is zero
The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception
allocation-retry-wait-millis
LONG
false
true
The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection
allow-multiple-users
BOOLEAN
false
true
false
Specifies if multiple users will access the datasource through the getConnection(user, password) method and hence if the internal pool type should account for that
authentication-context
STRING
false
false
The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
background-validation
BOOLEAN
false
true
An element to specify that connections should be validated on a background thread versus being validated prior to use.
background-validation-millis
LONG
false
true
The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run.
blocking-timeout-wait-millis
LONG
false
true
The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time
capacity-decrementer-class
STRING
false
true
Class defining the policy for decrementing connections in the pool
capacity-decrementer-properties
OBJECT
false
true
Properties to inject in class defining the policy for decrementing connections in the pool
capacity-incrementer-class
STRING
false
true
Class defining the policy for incrementing connections in the pool
capacity-incrementer-properties
OBJECT
false
true
Properties to inject in class defining the policy for incrementing connections in the pool
check-valid-connection-sql
STRING
false
true
Specify an SQL statement to check validity of a pool connection. This may be called when managed connection is obtained from the pool
connectable
BOOLEAN
false
true
false
Enable the use of CMR for this datasource. This feature means that a local resource can reliably participate in an XA transaction.
connection-listener-class
STRING
false
true
Speciefies class name extending org.jboss.jca.adapters.jdbc.spi.listener.ConnectionListener that provides a possible to listen for connection activation and passivation in order to perform actions before the connection is returned to the application or returned to the pool.
connection-listener-property
OBJECT
false
true
Properties to be injected in class specified in connection-listener-class
credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate on data source
driver-name
STRING
true
true
Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
elytron-enabled
BOOLEAN
false
true
false
Enables Elytron security for handling authentication of connections for recovery. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
enabled
BOOLEAN
false
true
true
Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
enlistment-trace
BOOLEAN
false
true
false
Defines if WildFly/IronJacamar should record enlistment traces
exception-sorter-class-name
STRING
false
true
An org.jboss.jca.adapters.jdbc.ExceptionSorter that provides an isExceptionFatal(SQLException) method to validate if an exception should broadcast an error
exception-sorter-module
STRING
false
true
The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ExceptionSorter available
exception-sorter-properties
OBJECT
false
true
The exception sorter properties
flush-strategy
STRING
false
true
FailingConnectionOnly
Specifies how the pool should be flush in case of an error.
idle-timeout-minutes
LONG
false
true
The idle-timeout-minutes elements specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
initial-pool-size
INT
false
true
The initial-pool-size element indicates the initial number of connections a pool should hold.
interleaving
BOOLEAN
false
true
false
An element to enable interleaving for XA connections
jndi-name
STRING
true
true
Specifies the JNDI name for the datasource
max-pool-size
INT
false
true
20
The max-pool-size element specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool
Defines the ManagedConnectionPool implementation, f.ex. org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool
min-pool-size
INT
false
true
0
The min-pool-size element specifies the minimum number of connections for a pool
new-connection-sql
STRING
false
true
Specifies an SQL statement to execute whenever a connection is added to the connection pool
no-recovery
BOOLEAN
false
true
Specifies if the connection pool should be excluded from recovery
no-tx-separate-pool
BOOLEAN
false
true
false
Oracle does not like XA connections getting used both inside and outside a Jakarta Transactions transaction. To workaround the problem you can create separate sub-pools for the different contexts
pad-xid
BOOLEAN
false
true
false
Should the Xid be padded
password
STRING
false
true
Specifies the password used when creating a new connection
pool-fair
BOOLEAN
false
true
true
Defines if pool use should be fair
pool-prefill
BOOLEAN
false
true
false
Should the pool be prefilled. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
pool-use-strict-min
BOOLEAN
false
true
false
Specifies if the min-pool-size should be considered strictly
prepared-statements-cache-size
LONG
false
true
The number of prepared statements per connection in an LRU cache
query-timeout
LONG
false
true
Any configured query timeout in seconds. If not provided no timeout will be set
reauth-plugin-class-name
STRING
false
true
The fully qualified class name of the reauthentication plugin implementation
reauth-plugin-properties
OBJECT
false
true
The properties for the reauthentication plugin
recovery-authentication-context
STRING
false
false
The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
recovery-credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate on data source
recovery-elytron-enabled
BOOLEAN
false
true
false
Enables Elytron security for handling authentication of connections for recovery. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
recovery-password
STRING
false
true
The password used for recovery
recovery-plugin-class-name
STRING
false
true
The fully qualified class name of the recovery plugin implementation
recovery-plugin-properties
OBJECT
false
true
The properties for the recovery plugin
recovery-security-domain
STRING
false
true
The security domain used for recovery
recovery-username
STRING
false
true
The user name used for recovery
same-rm-override
BOOLEAN
false
true
The is-same-rm-override element allows one to unconditionally set whether the javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false
security-domain
STRING
false
true
Specifies the PicketBox security domain which defines the javax.security.auth.Subject that are used to distinguish connections in the pool
set-tx-query-timeout
BOOLEAN
false
true
false
Whether to set the query timeout based on the time remaining until transaction timeout. Any configured query timeout will be used if there is no transaction
share-prepared-statements
BOOLEAN
false
true
false
Whether to share prepared statements, i.e. whether asking for same statement twice without closing uses the same underlying prepared statement
spy
BOOLEAN
false
true
false
Enable spying of SQL statements
stale-connection-checker-class-name
STRING
false
true
An org.jboss.jca.adapters.jdbc.StaleConnectionChecker that provides an isStaleConnection(SQLException) method which if it returns true will wrap the exception in an org.jboss.jca.adapters.jdbc.StaleConnectionException
stale-connection-checker-module
STRING
false
true
The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.StaleConnectionChecker available
stale-connection-checker-properties
OBJECT
false
true
The stale connection checker properties
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled or not.
track-statements
STRING
false
true
NOWARN
Whether to check for unclosed statements when a connection is returned to the pool, result sets are closed, a statement is closed or return to the prepared statement cache. Valid values are: "false" - do not track statements, "true" - track statements and result sets and warn when they are not closed, "nowarn" - track statements but do not warn about them being unclosed
tracking
BOOLEAN
false
true
false
Defines if IronJacamar should track connection handles across transaction boundaries
transaction-isolation
STRING
false
true
Set the java.sql.Connection transaction isolation level. Valid values are: TRANSACTION_READ_UNCOMMITTED, TRANSACTION_READ_COMMITTED, TRANSACTION_REPEATABLE_READ, TRANSACTION_SERIALIZABLE and TRANSACTION_NONE. Different values are used to set customLevel using TransactionIsolation#customLevel.
url-delimiter
STRING
false
true
Specifies the delimiter for URLs in connection-url for HA datasources
url-property
STRING
false
true
Specifies the property for the URL property in the xa-datasource-property values
url-selector-strategy-class-name
STRING
false
true
A class that implements org.jboss.jca.adapters.jdbc.URLSelectorStrategy
use-ccm
BOOLEAN
false
true
true
Enable the use of a cached connection manager
use-fast-fail
BOOLEAN
false
true
false
Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false)
use-java-context
BOOLEAN
false
true
true
Setting this to false will bind the datasource into global JNDI
use-try-lock
LONG
false
true
Any configured timeout for internal locks on the resource adapter objects in seconds
user-name
STRING
false
true
Specify the user name used when creating a new connection
valid-connection-checker-class-name
STRING
false
true
An org.jboss.jca.adapters.jdbc.ValidConnectionChecker that provides an isValidConnection(Connection) method to validate a connection. If an exception is returned that means the connection is invalid. This overrides the check-valid-connection-sql element
valid-connection-checker-module
STRING
false
true
The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ValidConnectionChecker available
valid-connection-checker-properties
OBJECT
false
true
The valid connection checker properties
validate-on-match
BOOLEAN
false
true
The validate-on-match element specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation
wrap-xa-resource
BOOLEAN
false
true
true
Should the XAResource instances be wrapped in an org.jboss.tm.XAResourceWrapper instance
xa-datasource-class
STRING
false
true
The fully qualified name of the javax.sql.XADataSource implementation
xa-resource-timeout
INT
false
true
The value is passed to XAResource.setTransactionTimeout(), in seconds. Default is zero
disable Disable the data-source. Note this operation will not be supported runtime in next versions.
Deprecated Since 3.0.0
Disable the data-source. Note this operation will not be supported runtime in next versions.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html b/29/wildscribe/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html
index daff19d3c..f50a7ef7f 100644
--- a/29/wildscribe/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html
+++ b/29/wildscribe/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
value Specifies a property value to assign to the XADataSource implementation class. Each property is identified by the name attribute and the property value is given by the xa-datasource-property element content. The property is mapped onto the XADataSource implementation by looking for a JavaBeans style getter method for the property name. If found, the value of the property is set using the JavaBeans setter with the element text translated to the true property type using the java.beans.PropertyEditor
Specifies a property value to assign to the XADataSource implementation class. Each property is identified by the name attribute and the property value is given by the xa-datasource-property element content. The property is mapped onto the XADataSource implementation by looking for a JavaBeans style getter method for the property name. If found, the value of the property is set using the JavaBeans setter with the element text translated to the true property type using the java.beans.PropertyEditor
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/deployment-scanner/index.html b/29/wildscribe/subsystem/deployment-scanner/index.html
index b057ec043..7e5e74b2a 100644
--- a/29/wildscribe/subsystem/deployment-scanner/index.html
+++ b/29/wildscribe/subsystem/deployment-scanner/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/deployment-scanner/scanner/index.html b/29/wildscribe/subsystem/deployment-scanner/scanner/index.html
index a5177ed5b..699158cb5 100644
--- a/29/wildscribe/subsystem/deployment-scanner/scanner/index.html
+++ b/29/wildscribe/subsystem/deployment-scanner/scanner/index.html
@@ -1,45 +1,11 @@
- WildFly Full 29 Model Reference
auto-deploy-exploded Allows the automatic deployment of exploded content without requiring a .dodeploy marker file. Recommended for only basic development scenarios to prevent exploded application deployment from occurring during changes by the developer or operating system.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auto-deploy-xml Allows automatic deployment of XML content without requiring a .dodeploy marker file.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auto-deploy-zipped Allows automatic deployment of zipped content without requiring a .dodeploy marker file.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
deployment-timeout The time value in seconds for the deployment scanner to allow a deployment attempt before being cancelled.
Attribute
Value
Default Value
600
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
path The actual filesystem path to be scanned. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
relative-to Reference to a filesystem path defined in the "paths" section of the server configuration.
runtime-failure-causes-rollback Flag indicating whether a runtime failure of a deployment causes a rollback of the deployment as well as all other (maybe unrelated) deployments as part of the scan operation.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
scan-enabled Flag indicating if all scanning (including initial scanning at startup) is enabled.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
scan-interval Periodic interval, in milliseconds, at which the repository should be scanned for changes. A value of less than 1 indicates the repository should only be scanned at initial startup.
Allows the automatic deployment of exploded content without requiring a .dodeploy marker file. Recommended for only basic development scenarios to prevent exploded application deployment from occurring during changes by the developer or operating system.
auto-deploy-xml
BOOLEAN
false
true
true
Allows automatic deployment of XML content without requiring a .dodeploy marker file.
auto-deploy-zipped
BOOLEAN
false
true
true
Allows automatic deployment of zipped content without requiring a .dodeploy marker file.
deployment-timeout
LONG
false
true
600
The time value in seconds for the deployment scanner to allow a deployment attempt before being cancelled.
path
STRING
true
true
The actual filesystem path to be scanned. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path.
relative-to
STRING
false
false
Reference to a filesystem path defined in the "paths" section of the server configuration.
runtime-failure-causes-rollback
BOOLEAN
false
true
false
Flag indicating whether a runtime failure of a deployment causes a rollback of the deployment as well as all other (maybe unrelated) deployments as part of the scan operation.
scan-enabled
BOOLEAN
false
true
true
Flag indicating if all scanning (including initial scanning at startup) is enabled.
scan-interval
INT
false
true
0
Periodic interval, in milliseconds, at which the repository should be scanned for changes. A value of less than 1 indicates the repository should only be scanned at initial startup.
path-info Obtain the informations for a filesystem path.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
unit
STRING
false
false
BYTES
Disk space unit to display disk usage.
Reply properties
Filesystem path for which to obtain disk usage.
type
OBJECT
Value Type
{
- "used-space" => {
- "type" => DOUBLE,
- "description" => "The total size of the contents of a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "unit" => "BYTES"
- },
- "creation-time" => {
- "type" => STRING,
- "description" => "The creation time of a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "last-modified" => {
- "type" => STRING,
- "description" => "The last modified time of a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "resolved-path" => {
- "type" => STRING,
- "description" => "The resolved filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "available-space" => {
- "type" => DOUBLE,
- "description" => "The total size of available space for the partition containing a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "unit" => "BYTES"
- }
-}
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
type
STRING
run-scan The operation to run a single scan of the deployment scanner.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/discovery/aggregate-provider/index.html b/29/wildscribe/subsystem/discovery/aggregate-provider/index.html
index c7aebf6ae..94cfb5060 100644
--- a/29/wildscribe/subsystem/discovery/aggregate-provider/index.html
+++ b/29/wildscribe/subsystem/discovery/aggregate-provider/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/discovery/index.html b/29/wildscribe/subsystem/discovery/index.html
index 95f4f244d..35cd0f7a3 100644
--- a/29/wildscribe/subsystem/discovery/index.html
+++ b/29/wildscribe/subsystem/discovery/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/discovery/static-provider/index.html b/29/wildscribe/subsystem/discovery/static-provider/index.html
index 4ed36b259..861dcb70c 100644
--- a/29/wildscribe/subsystem/discovery/static-provider/index.html
+++ b/29/wildscribe/subsystem/discovery/static-provider/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/distributable-ejb/client-mappings-registry/infinispan/index.html b/29/wildscribe/subsystem/distributable-ejb/client-mappings-registry/infinispan/index.html
index ab0b0d424..f3b122fe6 100644
--- a/29/wildscribe/subsystem/distributable-ejb/client-mappings-registry/infinispan/index.html
+++ b/29/wildscribe/subsystem/distributable-ejb/client-mappings-registry/infinispan/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/distributable-ejb/client-mappings-registry/local/index.html b/29/wildscribe/subsystem/distributable-ejb/client-mappings-registry/local/index.html
index 363d064bd..300d28b05 100644
--- a/29/wildscribe/subsystem/distributable-ejb/client-mappings-registry/local/index.html
+++ b/29/wildscribe/subsystem/distributable-ejb/client-mappings-registry/local/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/distributable-ejb/index.html b/29/wildscribe/subsystem/distributable-ejb/index.html
index fd2ae3cd2..f836e2990 100644
--- a/29/wildscribe/subsystem/distributable-ejb/index.html
+++ b/29/wildscribe/subsystem/distributable-ejb/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/distributable-ejb/infinispan-bean-management/index.html b/29/wildscribe/subsystem/distributable-ejb/infinispan-bean-management/index.html
index 3b7bae7ed..b081b78a9 100644
--- a/29/wildscribe/subsystem/distributable-ejb/infinispan-bean-management/index.html
+++ b/29/wildscribe/subsystem/distributable-ejb/infinispan-bean-management/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/distributable-ejb/infinispan-timer-management/index.html b/29/wildscribe/subsystem/distributable-ejb/infinispan-timer-management/index.html
index f896d9bd3..53817671d 100644
--- a/29/wildscribe/subsystem/distributable-ejb/infinispan-timer-management/index.html
+++ b/29/wildscribe/subsystem/distributable-ejb/infinispan-timer-management/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/distributable-web/hotrod-session-management/affinity/local/index.html b/29/wildscribe/subsystem/distributable-web/hotrod-session-management/affinity/local/index.html
index 001312111..015c9dd5f 100644
--- a/29/wildscribe/subsystem/distributable-web/hotrod-session-management/affinity/local/index.html
+++ b/29/wildscribe/subsystem/distributable-web/hotrod-session-management/affinity/local/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/distributable-web/hotrod-session-management/affinity/none/index.html b/29/wildscribe/subsystem/distributable-web/hotrod-session-management/affinity/none/index.html
index 523d19bda..757e90087 100644
--- a/29/wildscribe/subsystem/distributable-web/hotrod-session-management/affinity/none/index.html
+++ b/29/wildscribe/subsystem/distributable-web/hotrod-session-management/affinity/none/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/distributable-web/hotrod-session-management/index.html b/29/wildscribe/subsystem/distributable-web/hotrod-session-management/index.html
index 8cbd88660..095a9e763 100644
--- a/29/wildscribe/subsystem/distributable-web/hotrod-session-management/index.html
+++ b/29/wildscribe/subsystem/distributable-web/hotrod-session-management/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/distributable-web/hotrod-single-sign-on-management/index.html b/29/wildscribe/subsystem/distributable-web/hotrod-single-sign-on-management/index.html
index 0e7048877..af6872e94 100644
--- a/29/wildscribe/subsystem/distributable-web/hotrod-single-sign-on-management/index.html
+++ b/29/wildscribe/subsystem/distributable-web/hotrod-single-sign-on-management/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/distributable-web/index.html b/29/wildscribe/subsystem/distributable-web/index.html
index a342c2b88..c09b73403 100644
--- a/29/wildscribe/subsystem/distributable-web/index.html
+++ b/29/wildscribe/subsystem/distributable-web/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/local/index.html b/29/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/local/index.html
index a1104bce4..d8accdd9a 100644
--- a/29/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/local/index.html
+++ b/29/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/local/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/none/index.html b/29/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/none/index.html
index d9b54a4c5..e50dd41c1 100644
--- a/29/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/none/index.html
+++ b/29/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/none/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/primary-owner/index.html b/29/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/primary-owner/index.html
index b8d49816c..f391a43dc 100644
--- a/29/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/primary-owner/index.html
+++ b/29/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/primary-owner/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/ranked/index.html b/29/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/ranked/index.html
index 57c721cb5..2c797fbc0 100644
--- a/29/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/ranked/index.html
+++ b/29/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/ranked/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Web requests will have an affinity for the first available member in a list containing primary and backup owners, and the member that last handled a given session
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/distributable-web/infinispan-session-management/index.html b/29/wildscribe/subsystem/distributable-web/infinispan-session-management/index.html
index 9d26b2ca8..6718cfbbd 100644
--- a/29/wildscribe/subsystem/distributable-web/infinispan-session-management/index.html
+++ b/29/wildscribe/subsystem/distributable-web/infinispan-session-management/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
local Web requests will have an affinity for the member that last handled a given session
none Web requests will not have an affinity for any cluster member
primary-owner Web requests will have an affinity for the primary owner of a given session
ranked Web requests will have an affinity for the first available member in a list containing primary and backup owners, and the member that last handled a given session
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/distributable-web/infinispan-single-sign-on-management/index.html b/29/wildscribe/subsystem/distributable-web/infinispan-single-sign-on-management/index.html
index 1d09073af..af9f59411 100644
--- a/29/wildscribe/subsystem/distributable-web/infinispan-single-sign-on-management/index.html
+++ b/29/wildscribe/subsystem/distributable-web/infinispan-single-sign-on-management/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/distributable-web/routing/infinispan/index.html b/29/wildscribe/subsystem/distributable-web/routing/infinispan/index.html
index d6014c4f9..a12136169 100644
--- a/29/wildscribe/subsystem/distributable-web/routing/infinispan/index.html
+++ b/29/wildscribe/subsystem/distributable-web/routing/infinispan/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/distributable-web/routing/local/index.html b/29/wildscribe/subsystem/distributable-web/routing/local/index.html
index 0ffed8e6d..0eb7dde5f 100644
--- a/29/wildscribe/subsystem/distributable-web/routing/local/index.html
+++ b/29/wildscribe/subsystem/distributable-web/routing/local/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ee-security/index.html b/29/wildscribe/subsystem/ee-security/index.html
index da4a3df87..4d96358eb 100644
--- a/29/wildscribe/subsystem/ee-security/index.html
+++ b/29/wildscribe/subsystem/ee-security/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ee/context-service/index.html b/29/wildscribe/subsystem/ee/context-service/index.html
index 15e04ae28..15e3aad28 100644
--- a/29/wildscribe/subsystem/ee/context-service/index.html
+++ b/29/wildscribe/subsystem/ee/context-service/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Has no effect in a server running the current version. A Context Service configured via the server configuration uses the default ContextServiceDefinition configuration, which is cleared = Transaction (equivalent to use-transaction-setup-provider=true, i.e. any tx in the thread is suspended before and resumed after), propagated = All Remaining, unchanged = none. To use a different ContextService you need to define it on the deployment, through XML or the ContextServiceDefinition annotation.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ee/global-directory/index.html b/29/wildscribe/subsystem/ee/global-directory/index.html
index 2677b3723..f18d6b010 100644
--- a/29/wildscribe/subsystem/ee/global-directory/index.html
+++ b/29/wildscribe/subsystem/ee/global-directory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
path The path of the directory to scan. It is treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise, the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
relative-to The name of another previously named path, or one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
The path of the directory to scan. It is treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise, the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
relative-to
STRING
false
false
The name of another previously named path, or one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ee/index.html b/29/wildscribe/subsystem/ee/index.html
index 2a4a3de78..95177ccaf 100644
--- a/29/wildscribe/subsystem/ee/index.html
+++ b/29/wildscribe/subsystem/ee/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
ear-subdeployments-isolated Flag indicating whether each of the subdeployments within a .ear can access classes belonging to another subdeployment within the same .ear. A value of false means the subdeployments can see classes belonging to other subdeployments within the .ear.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
global-modules A list of modules that should be made available to all deployments.
spec-descriptor-property-replacement Flag indicating whether descriptors defined by the Jakarta EE specification will have property replacements applied
Flag indicating whether Jakarta EE annotations will have property replacements applied
ear-subdeployments-isolated
BOOLEAN
false
true
false
Flag indicating whether each of the subdeployments within a .ear can access classes belonging to another subdeployment within the same .ear. A value of false means the subdeployments can see classes belonging to other subdeployments within the .ear.
global-modules
LIST
false
false
A list of modules that should be made available to all deployments.
jboss-descriptor-property-replacement
BOOLEAN
false
true
true
Flag indicating whether JBoss specific deployment descriptors will have property replacements applied
spec-descriptor-property-replacement
BOOLEAN
false
true
true
Flag indicating whether descriptors defined by the Jakarta EE specification will have property replacements applied
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ee/managed-executor-service/index.html b/29/wildscribe/subsystem/ee/managed-executor-service/index.html
index 04ac4c6de..42446015e 100644
--- a/29/wildscribe/subsystem/ee/managed-executor-service/index.html
+++ b/29/wildscribe/subsystem/ee/managed-executor-service/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
core-threads The minimum number of threads to be used by the executor. If left undefined the default core-size is calculated based on the number of processors. A value of zero is not advised and in some cases invalid. See the queue-length attribute for details on how this value is used to determine the queuing strategy.
hung-task-termination-period The period, in milliseconds, for attempting hung tasks automatic termination, by cancelling such tasks, and interrupting their executing threads. If value is 0, which is the default, hung tasks are never cancelled.
Attribute
Value
Default Value
0
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
hung-task-threshold The runtime, in milliseconds, for tasks to be considered hung by the managed executor service. If value is 0 tasks are never considered hung.
jndi-name The JNDI Name to lookup the managed executor service.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
keepalive-time When the number of threads is greater than the core, this is the maximum time, in milliseconds, that excess idle threads will wait for new tasks before terminating.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
long-running-tasks Flag which hints the duration of tasks executed by the executor.
max-threads The maximum number of threads to be used by the executor. If left undefined the value from core-size will be used. This value is ignored if an unbounded queue is used (only core-threads will be used in that case).
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
resource-services
queue-length The executors task queue capacity. A length of 0 means direct hand-off and possible rejection will occur. An undefined length (the default), or Integer.MAX_VALUE, indicates that an unbounded queue should be used. All other values specify an exact queue size. If an unbounded queue or direct hand-off is used, a core-threads value greater than zero is required.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
resource-services
reject-policy The policy to be applied to aborted tasks.
Attribute
Value
Default Value
ABORT
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
ABORT RETRY_ABORT
task-count The approximate total number of tasks that have ever been submitted for execution.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
thread-count The current number of executor threads.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
thread-factory The name of the thread factory to be used by the executor.
Deprecated Since 5.0.0
Deprecated, the executor's thread factory should be configured using attribute named thread-priority.
The name of the context service to be used by the executor.
core-threads
INT
false
true
The minimum number of threads to be used by the executor. If left undefined the default core-size is calculated based on the number of processors. A value of zero is not advised and in some cases invalid. See the queue-length attribute for details on how this value is used to determine the queuing strategy.
hung-task-termination-period
LONG
false
true
0
The period, in milliseconds, for attempting hung tasks automatic termination, by cancelling such tasks, and interrupting their executing threads. If value is 0, which is the default, hung tasks are never cancelled.
hung-task-threshold
LONG
false
true
0
The runtime, in milliseconds, for tasks to be considered hung by the managed executor service. If value is 0 tasks are never considered hung.
jndi-name
STRING
true
true
The JNDI Name to lookup the managed executor service.
keepalive-time
LONG
false
true
60000
When the number of threads is greater than the core, this is the maximum time, in milliseconds, that excess idle threads will wait for new tasks before terminating.
long-running-tasks
BOOLEAN
false
true
false
Flag which hints the duration of tasks executed by the executor.
max-threads
INT
false
true
The maximum number of threads to be used by the executor. If left undefined the value from core-size will be used. This value is ignored if an unbounded queue is used (only core-threads will be used in that case).
queue-length
INT
false
true
The executors task queue capacity. A length of 0 means direct hand-off and possible rejection will occur. An undefined length (the default), or Integer.MAX_VALUE, indicates that an unbounded queue should be used. All other values specify an exact queue size. If an unbounded queue or direct hand-off is used, a core-threads value greater than zero is required.
reject-policy
STRING
false
true
ABORT
The policy to be applied to aborted tasks.
thread-factory
STRING
false
false
The name of the thread factory to be used by the executor.
thread-priority
INT
false
true
5
The priority applied to threads created by the executor.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ee/managed-scheduled-executor-service/index.html b/29/wildscribe/subsystem/ee/managed-scheduled-executor-service/index.html
index 4c8d79c8f..3a9d19d7b 100644
--- a/29/wildscribe/subsystem/ee/managed-scheduled-executor-service/index.html
+++ b/29/wildscribe/subsystem/ee/managed-scheduled-executor-service/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
core-threads The number of threads to be used by the scheduled executor, even if they are idle. If this is not defined or is set to 0, the core pool size will be calculated based on the number of available processors.
hung-task-termination-period The period, in milliseconds, for attempting hung tasks automatic termination, by cancelling such tasks, and interrupting their executing threads. If value is 0, which is the default, hung tasks are never cancelled.
Attribute
Value
Default Value
0
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
hung-task-threshold The runtime, in milliseconds, for tasks to be considered hung by the scheduled executor. If 0 tasks are never considered hung.
jndi-name The JNDI Name to lookup the managed scheduled executor service.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
keepalive-time When the number of threads is greater than the core, this is the maximum time, in milliseconds, that excess idle threads will wait for new tasks before terminating.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
long-running-tasks Flag which hints the duration of tasks executed by the scheduled executor.
The name of the context service to be used by the scheduled executor.
core-threads
INT
false
true
The number of threads to be used by the scheduled executor, even if they are idle. If this is not defined or is set to 0, the core pool size will be calculated based on the number of available processors.
hung-task-termination-period
LONG
false
true
0
The period, in milliseconds, for attempting hung tasks automatic termination, by cancelling such tasks, and interrupting their executing threads. If value is 0, which is the default, hung tasks are never cancelled.
hung-task-threshold
LONG
false
true
0
The runtime, in milliseconds, for tasks to be considered hung by the scheduled executor. If 0 tasks are never considered hung.
jndi-name
STRING
true
true
The JNDI Name to lookup the managed scheduled executor service.
keepalive-time
LONG
false
true
60000
When the number of threads is greater than the core, this is the maximum time, in milliseconds, that excess idle threads will wait for new tasks before terminating.
long-running-tasks
BOOLEAN
false
true
false
Flag which hints the duration of tasks executed by the scheduled executor.
reject-policy
STRING
false
true
ABORT
The policy to be applied to aborted tasks.
thread-factory
STRING
false
false
The name of the thread factory to be used by the scheduled executor.
thread-priority
INT
false
true
5
The priority applied to threads created by the executor.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ee/managed-thread-factory/index.html b/29/wildscribe/subsystem/ee/managed-thread-factory/index.html
index ed9470be3..b77da2a6b 100644
--- a/29/wildscribe/subsystem/ee/managed-thread-factory/index.html
+++ b/29/wildscribe/subsystem/ee/managed-thread-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ee/service/default-bindings/index.html b/29/wildscribe/subsystem/ee/service/default-bindings/index.html
index 5007e8dce..f9fb7b3c1 100644
--- a/29/wildscribe/subsystem/ee/service/default-bindings/index.html
+++ b/29/wildscribe/subsystem/ee/service/default-bindings/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/application-security-domain/index.html b/29/wildscribe/subsystem/ejb3/application-security-domain/index.html
index dee9e8f66..1eea038fe 100644
--- a/29/wildscribe/subsystem/ejb3/application-security-domain/index.html
+++ b/29/wildscribe/subsystem/ejb3/application-security-domain/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/cache/index.html b/29/wildscribe/subsystem/ejb3/cache/index.html
index fcf4b6b32..66b215513 100644
--- a/29/wildscribe/subsystem/ejb3/cache/index.html
+++ b/29/wildscribe/subsystem/ejb3/cache/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/cluster-passivation-store/index.html b/29/wildscribe/subsystem/ejb3/cluster-passivation-store/index.html
index 54a3e4d89..43e7c90bd 100644
--- a/29/wildscribe/subsystem/ejb3/cluster-passivation-store/index.html
+++ b/29/wildscribe/subsystem/ejb3/cluster-passivation-store/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/distributable-cache/index.html b/29/wildscribe/subsystem/ejb3/distributable-cache/index.html
index 60652a47d..b98f5e6c2 100644
--- a/29/wildscribe/subsystem/ejb3/distributable-cache/index.html
+++ b/29/wildscribe/subsystem/ejb3/distributable-cache/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/file-passivation-store/index.html b/29/wildscribe/subsystem/ejb3/file-passivation-store/index.html
index 9f64b9ca4..f4b6ba2c3 100644
--- a/29/wildscribe/subsystem/ejb3/file-passivation-store/index.html
+++ b/29/wildscribe/subsystem/ejb3/file-passivation-store/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
SFSBs are no longer passivated eagerly, but only lazily as required by max-size
Attribute
Value
Default Value
SECONDS
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
NANOSECONDS MICROSECONDS MILLISECONDS SECONDS MINUTES HOURS DAYS
max-size The maximum number of beans this cache should store before forcing old beans to passivate
Attribute
Value
Default Value
100000
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
relative-to The root path used to store passivated beans
Deprecated Since 2.0.0
Use the relative-to attribute of the file-store of the relevant infinispan cache instead
Attribute
Value
Default Value
jboss.server.data.dir
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
sessions-path The subdirectory within the path specified by relative-to in which to store passivated beans
Deprecated Since 2.0.0
Beans and bean groups are no longer stored in distinct directories
Attribute
Value
Default Value
ejb3/sessions
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
subdirectory-count Specifies the number of subdirectories into which stored state should be divided, used to minimize the number of files created per directory
Deprecated Since 2.0.0
This is no longer configurable and will be ignored
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/index.html b/29/wildscribe/subsystem/ejb3/index.html
index d984707c9..0b3677f73 100644
--- a/29/wildscribe/subsystem/ejb3/index.html
+++ b/29/wildscribe/subsystem/ejb3/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allow-ejb-name-regex If this is true then regular expressions can be used in interceptor bindings to allow interceptors to be mapped to all beans that match the regular expression
default-clustered-sfsb-cache Name of the default stateful bean cache, which will be applicable to all clustered stateful Jakarta Enterprise Beans, unless overridden at the deployment or bean level
Deprecated Since 2.0.0
Not supported on current version servers; only allowed in managed domain profiles for use on servers running earlier versions.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
default-distinct-name The default distinct name that is applied to every Jakarta Enterprise Beans deployed on this server
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
default-entity-bean-instance-pool Name of the default entity bean instance pool, which will be applicable to all entity beans, unless overridden at the deployment or bean level
Deprecated Since 10.0.0
Not supported on current version servers; only allowed in managed domain profiles for use on servers running earlier versions.
Not supported on current version servers; only allowed in managed domain profiles for use on servers running earlier versions.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
default-mdb-instance-pool Name of the default MDB instance pool, which will be applicable to all MDBs, unless overridden at the deployment or bean level
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
default-missing-method-permissions-deny-access If this is set to true then methods on an Jakarta Enterprise Beans with a security domain specified or with other methods with security metadata will have an implicit @DenyAll unless other security metadata is present
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
default-resource-adapter-name Name of the default resource adapter name that will be used by MDBs, unless overridden at the deployment or bean level
Attribute
Value
Default Value
activemq-ra
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
default-security-domain The default security domain that will be used for Jakarta Enterprise Beans if the bean doesn't explicitly specify one
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
default-sfsb-cache Name of the default stateful bean cache, which will be applicable to all stateful Jakarta Enterprise Beans, unless overridden at the deployment or bean level
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
default-sfsb-passivation-disabled-cache Name of the default stateful bean cache, which will be applicable to all stateful Jakarta Enterprise Beans which have passivation disabled. Each deployment or Jakarta Enterprise Beans can optionally override this cache name.
default-slsb-instance-pool Name of the default stateless bean instance pool, which will be applicable to all stateless Jakarta Enterprise Beans, unless overridden at the deployment or bean level
default-stateful-bean-session-timeout The default session timeout for stateful beans. Modification to this attribute takes effect immediately for subsequent deployments; for Jakarta Enterprise Beans already deployed, redeploying is needed to use the new value.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
disable-default-ejb-permissions This deprecated attribute has no effect and will be removed in a future release; it may never be set to a "false" value
Deprecated Since 3.0.0
Adding default permissions to Jakarta Enterprise Beans deployments is no longer supported and this configuration attribute will be removed in a future release
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-graceful-txn-shutdown Enabling txn graceful shutdown will make the server wait for active remote Jakarta Enterprise Beans-related transactions to complete before suspending. For that reason, if the server is running on a cluster, the suspending cluster node may receive Jakarta Enterprise Beans requests until all active remote transactions are complete. To avoid this behavior, omit this tag. This attribute has no effect on local Jakarta Enterprise Beans-related transactions.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-statistics If set to true, enable the collection of invocation statistics. Deprecated in favour of "statistics-enabled"
Deprecated Since 5.0.0
If set to true, enable the collection of invocation statistics. Deprecated in favour of "statistics-enabled"
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
in-vm-remote-interface-invocation-pass-by-value If set to false, the parameters to invocations on remote interface of an Jakarta Enterprise Beans, will be passed by reference. Else, the parameters will be passed by value.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
log-system-exceptions If this is true then all Jakarta Enterprise Beans system (not application) exceptions will be logged. The Jakarta Enterprise Beans spec mandates this behaviour, however it is not recommended as it will often result in exceptions being logged twice (once by the Jakarta Enterprise Beans and once by the calling code)
If this is true then regular expressions can be used in interceptor bindings to allow interceptors to be mapped to all beans that match the regular expression
client-interceptors
LIST
false
false
Client interceptor definitions.
default-clustered-sfsb-cache
STRING
false
true
Name of the default stateful bean cache, which will be applicable to all clustered stateful Jakarta Enterprise Beans, unless overridden at the deployment or bean level
default-distinct-name
STRING
false
true
The default distinct name that is applied to every Jakarta Enterprise Beans deployed on this server
default-entity-bean-instance-pool
STRING
false
true
Name of the default entity bean instance pool, which will be applicable to all entity beans, unless overridden at the deployment or bean level
default-entity-bean-optimistic-locking
BOOLEAN
false
true
If set to true entity beans will use optimistic locking by default
default-mdb-instance-pool
STRING
false
true
Name of the default MDB instance pool, which will be applicable to all MDBs, unless overridden at the deployment or bean level
default-missing-method-permissions-deny-access
BOOLEAN
false
true
false
If this is set to true then methods on an Jakarta Enterprise Beans with a security domain specified or with other methods with security metadata will have an implicit @DenyAll unless other security metadata is present
default-resource-adapter-name
STRING
false
true
activemq-ra
Name of the default resource adapter name that will be used by MDBs, unless overridden at the deployment or bean level
default-security-domain
STRING
false
true
The default security domain that will be used for Jakarta Enterprise Beans if the bean doesn't explicitly specify one
default-sfsb-cache
STRING
false
true
Name of the default stateful bean cache, which will be applicable to all stateful Jakarta Enterprise Beans, unless overridden at the deployment or bean level
default-sfsb-passivation-disabled-cache
STRING
false
true
Name of the default stateful bean cache, which will be applicable to all stateful Jakarta Enterprise Beans which have passivation disabled. Each deployment or Jakarta Enterprise Beans can optionally override this cache name.
default-singleton-bean-access-timeout
LONG
false
true
5000
The default access timeout for singleton beans
default-slsb-instance-pool
STRING
false
true
Name of the default stateless bean instance pool, which will be applicable to all stateless Jakarta Enterprise Beans, unless overridden at the deployment or bean level
default-stateful-bean-access-timeout
LONG
false
true
5000
The default access timeout for stateful beans
default-stateful-bean-session-timeout
LONG
false
true
The default session timeout for stateful beans. Modification to this attribute takes effect immediately for subsequent deployments; for Jakarta Enterprise Beans already deployed, redeploying is needed to use the new value.
disable-default-ejb-permissions
BOOLEAN
false
true
true
This deprecated attribute has no effect and will be removed in a future release; it may never be set to a "false" value
enable-graceful-txn-shutdown
BOOLEAN
false
true
false
Enabling txn graceful shutdown will make the server wait for active remote Jakarta Enterprise Beans-related transactions to complete before suspending. For that reason, if the server is running on a cluster, the suspending cluster node may receive Jakarta Enterprise Beans requests until all active remote transactions are complete. To avoid this behavior, omit this tag. This attribute has no effect on local Jakarta Enterprise Beans-related transactions.
enable-statistics
BOOLEAN
false
true
If set to true, enable the collection of invocation statistics. Deprecated in favour of "statistics-enabled"
in-vm-remote-interface-invocation-pass-by-value
BOOLEAN
false
true
true
If set to false, the parameters to invocations on remote interface of an Jakarta Enterprise Beans, will be passed by reference. Else, the parameters will be passed by value.
log-system-exceptions
BOOLEAN
false
true
true
If this is true then all Jakarta Enterprise Beans system (not application) exceptions will be logged. The Jakarta Enterprise Beans spec mandates this behaviour, however it is not recommended as it will often result in exceptions being logged twice (once by the Jakarta Enterprise Beans and once by the calling code)
server-interceptors
LIST
false
false
Server interceptor definitions.
statistics-enabled
BOOLEAN
false
true
false
If set to true, enable the collection of invocation statistics.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/mdb-delivery-group/index.html b/29/wildscribe/subsystem/ejb3/mdb-delivery-group/index.html
index a5fd1579e..69bb91531 100644
--- a/29/wildscribe/subsystem/ejb3/mdb-delivery-group/index.html
+++ b/29/wildscribe/subsystem/ejb3/mdb-delivery-group/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/passivation-store/index.html b/29/wildscribe/subsystem/ejb3/passivation-store/index.html
index 0ed3001c0..a9924c031 100644
--- a/29/wildscribe/subsystem/ejb3/passivation-store/index.html
+++ b/29/wildscribe/subsystem/ejb3/passivation-store/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/remoting-profile/index.html b/29/wildscribe/subsystem/ejb3/remoting-profile/index.html
index 80a4c5b93..c1ad905ba 100644
--- a/29/wildscribe/subsystem/ejb3/remoting-profile/index.html
+++ b/29/wildscribe/subsystem/ejb3/remoting-profile/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/remoting-profile/remote-http-connection/index.html b/29/wildscribe/subsystem/ejb3/remoting-profile/remote-http-connection/index.html
index 1c0548df2..058ea1583 100644
--- a/29/wildscribe/subsystem/ejb3/remoting-profile/remote-http-connection/index.html
+++ b/29/wildscribe/subsystem/ejb3/remoting-profile/remote-http-connection/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/remoting-profile/remoting-ejb-receiver/channel-creation-options/index.html b/29/wildscribe/subsystem/ejb3/remoting-profile/remoting-ejb-receiver/channel-creation-options/index.html
index 59ac5129b..bdfe366ec 100644
--- a/29/wildscribe/subsystem/ejb3/remoting-profile/remoting-ejb-receiver/channel-creation-options/index.html
+++ b/29/wildscribe/subsystem/ejb3/remoting-profile/remoting-ejb-receiver/channel-creation-options/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/remoting-profile/remoting-ejb-receiver/index.html b/29/wildscribe/subsystem/ejb3/remoting-profile/remoting-ejb-receiver/index.html
index 16200c8fc..f9fa08ece 100644
--- a/29/wildscribe/subsystem/ejb3/remoting-profile/remoting-ejb-receiver/index.html
+++ b/29/wildscribe/subsystem/ejb3/remoting-profile/remoting-ejb-receiver/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/service/async/index.html b/29/wildscribe/subsystem/ejb3/service/async/index.html
index 67b79c447..f0906a15f 100644
--- a/29/wildscribe/subsystem/ejb3/service/async/index.html
+++ b/29/wildscribe/subsystem/ejb3/service/async/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/service/identity/index.html b/29/wildscribe/subsystem/ejb3/service/identity/index.html
index 64de2b0be..07443c1e7 100644
--- a/29/wildscribe/subsystem/ejb3/service/identity/index.html
+++ b/29/wildscribe/subsystem/ejb3/service/identity/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/service/iiop/index.html b/29/wildscribe/subsystem/ejb3/service/iiop/index.html
index 4070a6fd0..cb236442f 100644
--- a/29/wildscribe/subsystem/ejb3/service/iiop/index.html
+++ b/29/wildscribe/subsystem/ejb3/service/iiop/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
enable-by-default If this is true Jakarta Enterprise Beans's will be exposed over IIOP by default, otherwise it needs to be explicitly enabled in the deployment descriptor
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
use-qualified-name If true Jakarta Enterprise Beans names will be bound into the naming service with the application and module name prepended to the name (e.g. myapp/mymodule/MyEjb)
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Adds IIOP support to the Enterprise Beans 3 subsystem
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
enable-by-default
BOOLEAN
true
true
If this is true Jakarta Enterprise Beans's will be exposed over IIOP by default, otherwise it needs to be explicitly enabled in the deployment descriptor
use-qualified-name
BOOLEAN
true
true
If true Jakarta Enterprise Beans names will be bound into the naming service with the application and module name prepended to the name (e.g. myapp/mymodule/MyEjb)
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/service/remote/channel-creation-options/index.html b/29/wildscribe/subsystem/ejb3/service/remote/channel-creation-options/index.html
index f346e3906..e4017e59c 100644
--- a/29/wildscribe/subsystem/ejb3/service/remote/channel-creation-options/index.html
+++ b/29/wildscribe/subsystem/ejb3/service/remote/channel-creation-options/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/service/remote/index.html b/29/wildscribe/subsystem/ejb3/service/remote/index.html
index 1bdc3518f..334c5d04b 100644
--- a/29/wildscribe/subsystem/ejb3/service/remote/index.html
+++ b/29/wildscribe/subsystem/ejb3/service/remote/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
cluster The name of the clustered cache container which will be used to store/access the client-mappings of the Jakarta Enterprise Beans remoting connector's socket-binding on each node, in the cluster
Deprecated Since 10.0.0
The cluster attribute has been superseded by the client-mappings-registry element of the distributable-ejb subsystem and will be removed in a future release.
execute-in-worker If this is true the Jakarta Enterprise Beans request will be executed in the IO subsystems worker, otherwise it will dispatch to the Jakarta Enterprise Beans thread pool
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
thread-pool-name The name of the thread pool that handles remote invocations
The name of the clustered cache container which will be used to store/access the client-mappings of the Jakarta Enterprise Beans remoting connector's socket-binding on each node, in the cluster
connector-ref
STRING
false
false
The name of the connector on which the Enterprise Beans 3 remoting channel is registered.
connectors
LIST
true
false
A list of names of connectors on which the Enterprise Beans 3 invocations are received.
execute-in-worker
BOOLEAN
false
true
true
If this is true the Jakarta Enterprise Beans request will be executed in the IO subsystems worker, otherwise it will dispatch to the Jakarta Enterprise Beans thread pool
thread-pool-name
STRING
false
true
The name of the thread pool that handles remote invocations
remove Removes the Enterprise Beans 3 remote service
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/service/timer-service/database-data-store/index.html b/29/wildscribe/subsystem/ejb3/service/timer-service/database-data-store/index.html
index a89019dda..e6158029e 100644
--- a/29/wildscribe/subsystem/ejb3/service/timer-service/database-data-store/index.html
+++ b/29/wildscribe/subsystem/ejb3/service/timer-service/database-data-store/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allow-execution If this node is allowed to execute timers. If this is false then the timers will be added to the database, and another node may execute them. Note that depending on your refresh interval if you add timers with a very short delay they will not be executed until another node refreshes.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
database The type of database that is in use. SQL can be customised per database type. Common values are: postgresql, mysql, mariadb, db2, hsql, h2, oracle, mssql and sybase.
partition The partition name. This should be set to a different value for every node that is sharing a database to prevent the same timer being loaded by multiple noded.
Attribute
Value
Default Value
default
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
refresh-interval Interval between refreshing the current timer set against the underlying database. A low value means timers get picked up more quickly, but increase load on the database.
If this node is allowed to execute timers. If this is false then the timers will be added to the database, and another node may execute them. Note that depending on your refresh interval if you add timers with a very short delay they will not be executed until another node refreshes.
database
STRING
false
true
The type of database that is in use. SQL can be customised per database type. Common values are: postgresql, mysql, mariadb, db2, hsql, h2, oracle, mssql and sybase.
datasource-jndi-name
STRING
true
true
The datasource that is used to persist the timers
partition
STRING
false
true
default
The partition name. This should be set to a different value for every node that is sharing a database to prevent the same timer being loaded by multiple noded.
refresh-interval
INT
false
true
-1
Interval between refreshing the current timer set against the underlying database. A low value means timers get picked up more quickly, but increase load on the database.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/service/timer-service/file-data-store/index.html b/29/wildscribe/subsystem/ejb3/service/timer-service/file-data-store/index.html
index 12551ff21..27f660786 100644
--- a/29/wildscribe/subsystem/ejb3/service/timer-service/file-data-store/index.html
+++ b/29/wildscribe/subsystem/ejb3/service/timer-service/file-data-store/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/service/timer-service/index.html b/29/wildscribe/subsystem/ejb3/service/timer-service/index.html
index 20ea45ac2..05d9e20c4 100644
--- a/29/wildscribe/subsystem/ejb3/service/timer-service/index.html
+++ b/29/wildscribe/subsystem/ejb3/service/timer-service/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/simple-cache/index.html b/29/wildscribe/subsystem/ejb3/simple-cache/index.html
index 02d149fae..ef59ef632 100644
--- a/29/wildscribe/subsystem/ejb3/simple-cache/index.html
+++ b/29/wildscribe/subsystem/ejb3/simple-cache/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/strict-max-bean-instance-pool/index.html b/29/wildscribe/subsystem/ejb3/strict-max-bean-instance-pool/index.html
index 49de5a365..158692320 100644
--- a/29/wildscribe/subsystem/ejb3/strict-max-bean-instance-pool/index.html
+++ b/29/wildscribe/subsystem/ejb3/strict-max-bean-instance-pool/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
derive-size Specifies if and what the max pool size should be derived from. An undefined value (or the deprecated value 'none' which is converted to undefined) indicates that the explicit value of max-pool-size should be used. A value of 'from-worker-pools' indicates that the max pool size should be derived from the size of the total threads for all worker pools configured on the system. A value of 'from-cpu-count' indicates that the max pool size should be derived from the total number of processors available on the system. Note that the computation isn't a 1:1 mapping, the values may or may not be augmented by other factors.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
from-worker-pools from-cpu-count
derived-size Derived maximum number of bean instances that the pool can hold at a given point in time
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
max-pool-size Configured maximum number of bean instances that the pool can hold at a given point in time
Attribute
Value
Default Value
20
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
timeout The maximum amount of time to wait for a bean instance to be available from the pool
Attribute
Value
Default Value
5
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
timeout-unit The instance acquisition timeout unit
Attribute
Value
Default Value
MINUTES
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
NANOSECONDS MICROSECONDS MILLISECONDS SECONDS MINUTES HOURS DAYS
Operations (2)
add Adds a bean instance pool which has a strict upper limit for bean instances
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
derive-size
STRING
false
true
Specifies if and what the max pool size should be derived from. An undefined value (or the deprecated value 'none' which is converted to undefined) indicates that the explicit value of max-pool-size should be used. A value of 'from-worker-pools' indicates that the max pool size should be derived from the size of the total threads for all worker pools configured on the system. A value of 'from-cpu-count' indicates that the max pool size should be derived from the total number of processors available on the system. Note that the computation isn't a 1:1 mapping, the values may or may not be augmented by other factors.
max-pool-size
INT
false
true
20
Configured maximum number of bean instances that the pool can hold at a given point in time
timeout
LONG
false
true
5
The maximum amount of time to wait for a bean instance to be available from the pool
timeout-unit
STRING
false
true
MINUTES
The instance acquisition timeout unit
remove Removes a specific bean instance pool which has a strict upper limit for bean instances
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/ejb3/thread-pool/index.html b/29/wildscribe/subsystem/ejb3/thread-pool/index.html
index e1cbf7371..823caae1d 100644
--- a/29/wildscribe/subsystem/ejb3/thread-pool/index.html
+++ b/29/wildscribe/subsystem/ejb3/thread-pool/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A thread pool executor with an enhanced queue. In such a thread pool, its core and max size are configured independently, idle threads are always reused when available, and threads count is kept to a minimum.
active-count The approximate number of threads that are actively executing tasks.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
completed-task-count The approximate total number of tasks that have completed execution.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
core-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
largest-thread-count The largest number of threads that have ever simultaneously been in the pool.
rejected-count The number of tasks that have been rejected.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
task-count The approximate total number of tasks that have ever been scheduled for execution.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
thread-factory Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time
OBJECT
false
false
Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
max-threads
INT
true
true
The maximum thread pool size.
thread-factory
STRING
false
false
Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron-oidc-client/index.html b/29/wildscribe/subsystem/elytron-oidc-client/index.html
index e9aa258b4..9bb514c84 100644
--- a/29/wildscribe/subsystem/elytron-oidc-client/index.html
+++ b/29/wildscribe/subsystem/elytron-oidc-client/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
provider Configuration for an OpenID Connect provider. If you have multiple deployments secured by the same OpenID provider you can share the provider configuration here.
realm Configuration for a Keycloak realm. If you have multiple deployments secured by the same realm you can share the realm configuration here.
secure-deployment A deployment secured by an OpenID Connect provider.
secure-server Configuration used to secure the management console using Keycloak.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron-oidc-client/provider/index.html b/29/wildscribe/subsystem/elytron-oidc-client/provider/index.html
index 106ece00a..4a038227b 100644
--- a/29/wildscribe/subsystem/elytron-oidc-client/provider/index.html
+++ b/29/wildscribe/subsystem/elytron-oidc-client/provider/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configuration for an OpenID Connect provider. If you have multiple deployments secured by the same OpenID provider you can share the provider configuration here.
Attributes (32)
allow-any-hostname If set to 'true', hostname verification is skipped when communicating with the OpenID provider over HTTPS. This can be useful in testing environments. This should never be set to 'true' in production environments as it disables verification of SSL certificates.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
always-refresh-token If set to 'true', the subsystem refreshes the token every time your application receives a web request, and a new request is sent to the OpenID provider to obtain a new access token. This can result in a higher load on the OpenID provider and may impact the performance of the application.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auth-server-url The base URL of the Keycloak authorization server. This is Keycloak-specific. It is recommended to use the 'provider-url' instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
autodetect-bearer-only Whether to auto-detect SOAP or REST clients based on headers like 'X-Requested-With', 'SOAPAction' or 'Accept'. If set to 'true', the subsystem sends an HTTP 401 status code to unauthenticated SOAP or REST clients instead of redirecting them to the OpenID provider login page. Set the value to 'true' if your application serves both applications and web services.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-key-password The password for the client key. This is required if 'client-keystore' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore The path to the client keystore to use when communicating with the OpenID provider over HTTPS. This is optional.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-password The password for the client keystore. This is required if 'client-keystore' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
confidential-port The confidential port used by the OpenID provider when communicating securely over SSL/TLS.
Attribute
Value
Default Value
8443
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-pool-size The connection pool size to use when communicating with the OpenID provider.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-timeout-millis The timeout for establishing a connection with the remote host in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-ttl-millis The amount of time in milliseconds for the connection to be kept alive. A value less than or equal to zero is interpreted as an infinite value.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-allowed-headers If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-allowed-methods If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Methods' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-exposed-headers If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Expose-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-max-age If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Max-Age' header. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
disable-trust-manager Whether or not to make use of a trust manager when communicating with the OpenID provider over HTTPS. This is optional. This should be set to 'true' only during development and never in production as it disables verification of SSL certificates.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-cors Enable the Keycloak Cross-Origin Resource Sharing (CORS) support. This is optional. This is Keycloak-specific.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
expose-token If set to 'true', an authenticated browser client can obtain the signed access token (through a Javascript HTTP invocation) via the URL 'root/k_query_bearer_token'. This is optional.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
ignore-oauth-query-parameter Disable query parameter parsing for the 'access_token'. Users will not be able to authenticate if they only pass in an 'access_token'.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
principal-attribute Indicates which value from the ID token to use as the principal for the identity. The principal defaults to the value of the 'sub' if the token attribute is null.
proxy-url The URL for the HTTP proxy if one is used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
realm-public-key The public key of the OpenID provider in PEM format. This is optional. It is not recommended to set it. If the public key is not set, the subsystem downloads the public key from the OpenID provider when needed. If the public key is set, the subsystem never downloads new keys from the OpenID provider, breaking the subsystem when the OpenID provider rotates its keys.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
register-node-at-startup If set to 'true', the subsystem sends a registration request to the OpenID provider. This attribute is useful only when your application is clustered.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
register-node-period If 'register-node-at-startup' is set to 'true', this specifies the frequency (in seconds) at which the node should be re-registered.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
socket-timeout-millis The timeout for the socket waiting for data after establishing the connection in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
ssl-required Whether the communication with the OpenID provider should be over HTTPS. Valid values are: 'all' - to always require HTTPS, 'external' - to only require HTTPS for external requests, 'none' - if HTTPS is not required. This should be set to 'all' in production environments.
token-store Defines whether to store account information in an HTTP session or in a cookie.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
truststore The path to the truststore to use when communicating with Keycloak over HTTPS. Prefix the path with 'classpath:' to obtain the truststore from the deployment's classpath.
verify-token-audience If set to 'true', then during bearer-only authentication, the subsystem verifies if the token contains the client name defined as an audience. It is recommended to set the value to 'true' for improved security.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Add an OpenID provider definition to the subsystem.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
allow-any-hostname
BOOLEAN
false
true
false
If set to 'true', hostname verification is skipped when communicating with the OpenID provider over HTTPS. This can be useful in testing environments. This should never be set to 'true' in production environments as it disables verification of SSL certificates.
always-refresh-token
BOOLEAN
false
true
false
If set to 'true', the subsystem refreshes the token every time your application receives a web request, and a new request is sent to the OpenID provider to obtain a new access token. This can result in a higher load on the OpenID provider and may impact the performance of the application.
auth-server-url
STRING
false
true
The base URL of the Keycloak authorization server. This is Keycloak-specific. It is recommended to use the 'provider-url' instead.
autodetect-bearer-only
BOOLEAN
false
true
false
Whether to auto-detect SOAP or REST clients based on headers like 'X-Requested-With', 'SOAPAction' or 'Accept'. If set to 'true', the subsystem sends an HTTP 401 status code to unauthenticated SOAP or REST clients instead of redirecting them to the OpenID provider login page. Set the value to 'true' if your application serves both applications and web services.
client-key-password
STRING
false
true
The password for the client key. This is required if 'client-keystore' has been specified.
client-keystore
STRING
false
true
The path to the client keystore to use when communicating with the OpenID provider over HTTPS. This is optional.
client-keystore-password
STRING
false
true
The password for the client keystore. This is required if 'client-keystore' has been specified.
confidential-port
INT
false
true
8443
The confidential port used by the OpenID provider when communicating securely over SSL/TLS.
connection-pool-size
INT
false
true
The connection pool size to use when communicating with the OpenID provider.
connection-timeout-millis
LONG
false
true
The timeout for establishing a connection with the remote host in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
connection-ttl-millis
LONG
false
true
The amount of time in milliseconds for the connection to be kept alive. A value less than or equal to zero is interpreted as an infinite value.
cors-allowed-headers
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-allowed-methods
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Methods' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-exposed-headers
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Expose-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-max-age
INT
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Max-Age' header. If not set, this header is not returned in CORS responses.
disable-trust-manager
BOOLEAN
false
true
false
Whether or not to make use of a trust manager when communicating with the OpenID provider over HTTPS. This is optional. This should be set to 'true' only during development and never in production as it disables verification of SSL certificates.
enable-cors
BOOLEAN
false
true
false
Enable the Keycloak Cross-Origin Resource Sharing (CORS) support. This is optional. This is Keycloak-specific.
expose-token
BOOLEAN
false
true
false
If set to 'true', an authenticated browser client can obtain the signed access token (through a Javascript HTTP invocation) via the URL 'root/k_query_bearer_token'. This is optional.
ignore-oauth-query-parameter
BOOLEAN
false
true
false
Disable query parameter parsing for the 'access_token'. Users will not be able to authenticate if they only pass in an 'access_token'.
principal-attribute
STRING
false
true
Indicates which value from the ID token to use as the principal for the identity. The principal defaults to the value of the 'sub' if the token attribute is null.
provider-url
STRING
false
true
The OpenID provider URL.
proxy-url
STRING
false
true
The URL for the HTTP proxy if one is used.
realm-public-key
STRING
false
true
The public key of the OpenID provider in PEM format. This is optional. It is not recommended to set it. If the public key is not set, the subsystem downloads the public key from the OpenID provider when needed. If the public key is set, the subsystem never downloads new keys from the OpenID provider, breaking the subsystem when the OpenID provider rotates its keys.
register-node-at-startup
BOOLEAN
false
true
false
If set to 'true', the subsystem sends a registration request to the OpenID provider. This attribute is useful only when your application is clustered.
register-node-period
INT
false
true
If 'register-node-at-startup' is set to 'true', this specifies the frequency (in seconds) at which the node should be re-registered.
socket-timeout-millis
LONG
false
true
The timeout for the socket waiting for data after establishing the connection in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
ssl-required
STRING
false
true
external
Whether the communication with the OpenID provider should be over HTTPS. Valid values are: 'all' - to always require HTTPS, 'external' - to only require HTTPS for external requests, 'none' - if HTTPS is not required. This should be set to 'all' in production environments.
token-signature-algorithm
STRING
false
true
RS256
The token signature algorithm used by the OpenID provider.
token-store
STRING
false
true
Defines whether to store account information in an HTTP session or in a cookie.
truststore
STRING
false
true
The path to the truststore to use when communicating with Keycloak over HTTPS. Prefix the path with 'classpath:' to obtain the truststore from the deployment's classpath.
truststore-password
STRING
false
true
The password for the truststore.
verify-token-audience
BOOLEAN
false
true
false
If set to 'true', then during bearer-only authentication, the subsystem verifies if the token contains the client name defined as an audience. It is recommended to set the value to 'true' for improved security.
remove Remove an OpenID provider from the subsystem.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron-oidc-client/realm/index.html b/29/wildscribe/subsystem/elytron-oidc-client/realm/index.html
index 14a9b36eb..7c83c8179 100644
--- a/29/wildscribe/subsystem/elytron-oidc-client/realm/index.html
+++ b/29/wildscribe/subsystem/elytron-oidc-client/realm/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configuration for a Keycloak realm. If you have multiple deployments secured by the same realm you can share the realm configuration here.
Attributes (32)
allow-any-hostname If set to 'true', hostname verification will be skipped when communicating with Keycloak over HTTPS. This can be useful in testing environments. This should never be set to 'true' in production environments as it disables verification of SSL certificates.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
always-refresh-token If set to 'true', the subsystem refreshes the token every time your application receives a web request, and a new request is sent to Keycloak to obtain a new access token. This can result in a higher load on the Keycloak and may impact the performance of the application.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auth-server-url The base URL of the Keycloak authorization server. It is recommended to use the 'provider-url' instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
autodetect-bearer-only Whether to auto-detect SOAP or REST clients based on headers like 'X-Requested-With', 'SOAPAction' or 'Accept'. If set to 'true', the subsystem sends an HTTP 401 status code to unauthenticated SOAP or REST clients instead of redirecting them to the Keycloak login page. Set the value to 'true' if your application serves both applications and web services.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-key-password The password for the client key. This is required if 'client-keystore' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore The path to the client keystore to use when communicating with Keycloak over HTTPS. This is optional.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-password The password for the client keystore. This is required if 'client-keystore' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
confidential-port The confidential port used by Keycloak when communicating securely over SSL/TLS.
Attribute
Value
Default Value
8443
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-pool-size The connection pool size to use when communicating with Keycloak.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-timeout-millis The timeout for establishing a connection with the remote host in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-ttl-millis The amount of time in milliseconds for the connection to be kept alive. A value less than or equal to zero is interpreted as an infinite value.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-allowed-headers If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-allowed-methods If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Methods' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-exposed-headers If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Expose-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-max-age If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Max-Age' header. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
disable-trust-manager Whether or not to make use of a trust manager when communicating with Keycloak over HTTPS. This is optional. This should be set to 'true' only during development and never in production as it disables verification of SSL certificates.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-cors Enable the Keycloak Cross-Origin Resource Sharing (CORS) support. This is optional.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
expose-token If set to 'true', an authenticated browser client can obtain the signed access token (through a Javascript HTTP invocation) via the URL 'root/k_query_bearer_token'. This is optional.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
ignore-oauth-query-parameter Disable query parameter parsing for the 'access_token'. Users will not be able to authenticate if they only pass in an 'access_token'.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
principal-attribute Indicates which value from the ID token to use as the principal for the identity. The principal defaults to the value of the 'sub' if the token attribute is null.
proxy-url The URL for the HTTP proxy if one is used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
realm-public-key The public key of the Keycloak realm in PEM format. This is optional. It is not recommended to set it. If the public key is not set, the subsystem downloads the public key from Keycloak when needed. If the public key is set, the subsystem never downloads new keys from Keycloak, breaking the subsystem when Keycloak rotates its keys.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
register-node-at-startup If set to 'true', the subsystem sends a registration request to Keycloak. This attribute is useful only when your application is clustered.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
register-node-period If 'register-node-at-startup' is set to 'true', this specifies the frequency (in seconds) at which the node should be re-registered.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
socket-timeout-millis The timeout for the socket waiting for data after establishing the connection in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
ssl-required Whether the communication with Keycloak should be over HTTPS. Valid values are: 'all' - to always require HTTPS, 'external' - to only require HTTPS for external requests, 'none' - if HTTPS is not required. This should be set to 'all' in production environments.
token-store Defines whether to store account information in an HTTP session or in a cookie.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
truststore The path to the truststore to use when communicating with Keycloak over HTTPS. Prefix the path with 'classpath:' to obtain the truststore from the deployment's classpath.
verify-token-audience If set to 'true', then during bearer-only authentication, the subsystem verifies if the token contains the client name defined as an audience. It is recommended to set to 'true' for improved security.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Add a Keycloak realm definition to the subsystem.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
allow-any-hostname
BOOLEAN
false
true
false
If set to 'true', hostname verification will be skipped when communicating with Keycloak over HTTPS. This can be useful in testing environments. This should never be set to 'true' in production environments as it disables verification of SSL certificates.
always-refresh-token
BOOLEAN
false
true
false
If set to 'true', the subsystem refreshes the token every time your application receives a web request, and a new request is sent to Keycloak to obtain a new access token. This can result in a higher load on the Keycloak and may impact the performance of the application.
auth-server-url
STRING
false
true
The base URL of the Keycloak authorization server. It is recommended to use the 'provider-url' instead.
autodetect-bearer-only
BOOLEAN
false
true
false
Whether to auto-detect SOAP or REST clients based on headers like 'X-Requested-With', 'SOAPAction' or 'Accept'. If set to 'true', the subsystem sends an HTTP 401 status code to unauthenticated SOAP or REST clients instead of redirecting them to the Keycloak login page. Set the value to 'true' if your application serves both applications and web services.
client-key-password
STRING
false
true
The password for the client key. This is required if 'client-keystore' has been specified.
client-keystore
STRING
false
true
The path to the client keystore to use when communicating with Keycloak over HTTPS. This is optional.
client-keystore-password
STRING
false
true
The password for the client keystore. This is required if 'client-keystore' has been specified.
confidential-port
INT
false
true
8443
The confidential port used by Keycloak when communicating securely over SSL/TLS.
connection-pool-size
INT
false
true
The connection pool size to use when communicating with Keycloak.
connection-timeout-millis
LONG
false
true
The timeout for establishing a connection with the remote host in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
connection-ttl-millis
LONG
false
true
The amount of time in milliseconds for the connection to be kept alive. A value less than or equal to zero is interpreted as an infinite value.
cors-allowed-headers
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-allowed-methods
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Methods' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-exposed-headers
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Expose-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-max-age
INT
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Max-Age' header. If not set, this header is not returned in CORS responses.
disable-trust-manager
BOOLEAN
false
true
false
Whether or not to make use of a trust manager when communicating with Keycloak over HTTPS. This is optional. This should be set to 'true' only during development and never in production as it disables verification of SSL certificates.
enable-cors
BOOLEAN
false
true
false
Enable the Keycloak Cross-Origin Resource Sharing (CORS) support. This is optional.
expose-token
BOOLEAN
false
true
false
If set to 'true', an authenticated browser client can obtain the signed access token (through a Javascript HTTP invocation) via the URL 'root/k_query_bearer_token'. This is optional.
ignore-oauth-query-parameter
BOOLEAN
false
true
false
Disable query parameter parsing for the 'access_token'. Users will not be able to authenticate if they only pass in an 'access_token'.
principal-attribute
STRING
false
true
Indicates which value from the ID token to use as the principal for the identity. The principal defaults to the value of the 'sub' if the token attribute is null.
provider-url
STRING
false
true
The OpenID provider URL.
proxy-url
STRING
false
true
The URL for the HTTP proxy if one is used.
realm-public-key
STRING
false
true
The public key of the Keycloak realm in PEM format. This is optional. It is not recommended to set it. If the public key is not set, the subsystem downloads the public key from Keycloak when needed. If the public key is set, the subsystem never downloads new keys from Keycloak, breaking the subsystem when Keycloak rotates its keys.
register-node-at-startup
BOOLEAN
false
true
false
If set to 'true', the subsystem sends a registration request to Keycloak. This attribute is useful only when your application is clustered.
register-node-period
INT
false
true
If 'register-node-at-startup' is set to 'true', this specifies the frequency (in seconds) at which the node should be re-registered.
socket-timeout-millis
LONG
false
true
The timeout for the socket waiting for data after establishing the connection in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
ssl-required
STRING
false
true
external
Whether the communication with Keycloak should be over HTTPS. Valid values are: 'all' - to always require HTTPS, 'external' - to only require HTTPS for external requests, 'none' - if HTTPS is not required. This should be set to 'all' in production environments.
token-signature-algorithm
STRING
false
true
RS256
The token signature algorithm used by Keycloak.
token-store
STRING
false
true
Defines whether to store account information in an HTTP session or in a cookie.
truststore
STRING
false
true
The path to the truststore to use when communicating with Keycloak over HTTPS. Prefix the path with 'classpath:' to obtain the truststore from the deployment's classpath.
truststore-password
STRING
false
true
The password for the truststore.
verify-token-audience
BOOLEAN
false
true
false
If set to 'true', then during bearer-only authentication, the subsystem verifies if the token contains the client name defined as an audience. It is recommended to set to 'true' for improved security.
remove Remove a Keycloak realm from the subsystem.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron-oidc-client/secure-deployment/credential/index.html b/29/wildscribe/subsystem/elytron-oidc-client/secure-deployment/credential/index.html
index f1ce4ee7f..8d7619463 100644
--- a/29/wildscribe/subsystem/elytron-oidc-client/secure-deployment/credential/index.html
+++ b/29/wildscribe/subsystem/elytron-oidc-client/secure-deployment/credential/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The credential used to communicate with the OpenID Connect provider.
Attributes (8)
algorithm The credential signature algorithm used by the OpenID provider.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-key-alias The client key alias when the credential provider is used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-key-password The password for the client key when the credential provider is used. This is required if 'client-keystore-file' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-file The path to the client keystore when the credential provider is used. This is optional.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-password The password for the client keystore when the credential provider is used. This is required if 'client-keystore-file' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-type The client keystore type when the credential provider is used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
secret The client secret that was registered with the OpenID provider.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
token-timeout The amount of time after which the token expires and can no longer be used to authenticate requests.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Add credentials used to communicate with the OpenID provider.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
algorithm
STRING
false
true
The credential signature algorithm used by the OpenID provider.
client-key-alias
STRING
false
true
The client key alias when the credential provider is used.
client-key-password
STRING
false
true
The password for the client key when the credential provider is used. This is required if 'client-keystore-file' has been specified.
client-keystore-file
STRING
false
true
The path to the client keystore when the credential provider is used. This is optional.
client-keystore-password
STRING
false
true
The password for the client keystore when the credential provider is used. This is required if 'client-keystore-file' has been specified.
client-keystore-type
STRING
false
true
The client keystore type when the credential provider is used.
secret
STRING
false
true
The client secret that was registered with the OpenID provider.
token-timeout
INT
false
true
The amount of time after which the token expires and can no longer be used to authenticate requests.
remove Remove the credentials used to communicate with the OpenID provider.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron-oidc-client/secure-deployment/index.html b/29/wildscribe/subsystem/elytron-oidc-client/secure-deployment/index.html
index c599789d0..23f63886b 100644
--- a/29/wildscribe/subsystem/elytron-oidc-client/secure-deployment/index.html
+++ b/29/wildscribe/subsystem/elytron-oidc-client/secure-deployment/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A deployment secured by an OpenID Connect provider.
Children (2)
credential The credential used to communicate with the OpenID Connect provider.
redirect-rewrite-rule The rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String.
Attributes (47)
adapter-state-cookie-path If set, this defines the path used in cookies set by the subsystem. This is useful when deploying an application in the root context path.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
allow-any-hostname If set to 'true', hostname verification is skipped when communicating with the OpenID provider over HTTPS. This can be useful in testing environments. This should never be set to 'true' in production environments as it disables verification of SSL certificates.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
always-refresh-token If set to 'true', the subsystem refreshes the token every time your application receives a web request, and a new request is sent to the OpenID provider to obtain a new access token. This can result in a higher load on the OpenID provider and may impact the performance of the application.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auth-server-url The base URL of the Keycloak authorization server. This is Keycloak-specific. It is recommended to use 'provider-url' instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
autodetect-bearer-only Whether to auto-detect SOAP or REST clients based on headers like 'X-Requested-With', 'SOAPAction' or 'Accept'. If set to 'true', the subsystem sends an HTTP 401 status code to unauthenticated SOAP or REST clients instead of redirecting them to the OpenID provider login page. Set the value to 'true' if your application serves both applications and web services.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
bearer-only Enable Bearer-Token only authentication. Set this to 'true' if your application serves only web services and does not authenticate users.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-id The unique identifier for a client application registered in the OpenID provider.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-key-password The password for the client key. This is required if 'client-keystore' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore The path to the client keystore to use when communicating with the OpenID provider over HTTPS. This is optional.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-password The password for the client keystore. This is required if 'client-keystore' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
confidential-port The confidential port used by the OpenID provider when communicating securely over SSL/TLS.
Attribute
Value
Default Value
8443
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-pool-size The connection pool size to use when communicating with the OpenID provider.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-timeout-millis The timeout for establishing a connection with the remote host in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-ttl-millis The amount of time in milliseconds for the connection to be kept alive. A value less than or equal to zero is interpreted as an infinite value.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-allowed-headers If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-allowed-methods If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Methods' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-exposed-headers If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Expose-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-max-age If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Max-Age' header. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
credential The credential used to communicate with the OpenID Connect provider.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
disable-trust-manager Whether or not to make use of a trust manager when communicating with the OpenID provider over HTTPS. This is optional. This should be set to 'true' only during development and never in production as it disables verification of SSL certificates.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-basic-auth Enable Basic authentication. This is not supported in the current release.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-cors Enable the Keycloak Cross-Origin Resource Sharing (CORS) support. This is optional. This is Keycloak-specific.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
expose-token If set to 'true', an authenticated browser client can obtain the signed access token (through a Javascript HTTP invocation) via the URL 'root/k_query_bearer_token'. This is optional.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
ignore-oauth-query-parameter Disable query parameter parsing for the 'access_token'. Users will not be able to authenticate if they only pass in an 'access_token'.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
min-time-between-jwks-requests If the subsystem recognizes a token signed by an unknown public key, it will try to download a new public key from the server. The subsystem won't try to download a public key if it already tried last in less than 'min-time-between-jwks-requests' seconds.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
principal-attribute Indicates which value from the ID token to use as the principal for the identity. The principal defaults to the value of the 'sub' if the token attribute is null.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
provider The OpenID Connect provider to use for authentication.
proxy-url The URL for the HTTP proxy if one is used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
public-client If set to 'true', no client credentials are sent when communicating with the OpenID provider.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
public-key-cache-ttl The maximum interval between two requests to retrieve new public keys in seconds. New public keys are downloaded when the subsystem recognizes a token signed by an unknown public key. Even if the token's key is already known, new public keys are downloaded periodically as per the interval set here at least once.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
realm The Keycloak realm to use for authentication.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
realm-public-key The public key of the OpenID provider in PEM format. This is optional. It is not recommended to set it. If the public key is not set, the subsystem downloads the public key from the OpenID provider when needed. If the public key is set, the subsystem never downloads new keys from the OpenID provider, breaking the subsystem when the OpenID provider rotates its keys.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
redirect-rewrite-rule The rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
register-node-at-startup If set to 'true', the subsystem sends a registration request to the OpenID provider. This attribute is useful only when your application is clustered.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
register-node-period If 'register-node-at-startup' is set to 'true', this specifies the frequency (in seconds) at which the node should be re-registered.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
resource The unique, legacy identifier for a client application registered in the OpenID provider. It is recommended to use the 'client-id'.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
socket-timeout-millis The timeout for the socket waiting for data after establishing the connection in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
ssl-required Whether the communication with the OpenID provider should be over HTTPS. Valid values are: 'all' - to always require HTTPS, 'external' - to only require HTTPS for external requests, 'none' - if HTTPS is not required. This should be set to 'all' in production environments.
Attribute
Value
Default Value
external
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
ALL EXTERNAL NONE
token-minimum-time-to-live The subsystem will refresh the token if it will expire within the duration specified in 'token-minimum-time-to-live' seconds. This value should never exceed the access token lifespan. If the value is set to 0 seconds, the subsystem will refresh the token only if the token has expired.
token-store Defines whether to store account information in an HTTP session or in a cookie.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
truststore The path to the truststore to use when communicating with Keycloak over HTTPS. Prefix the path with 'classpath:' to obtain the truststore from the deployment's classpath.
turn-off-change-session-id-on-login The Session ID is changed by default on a successful login. Set this to 'true' if you want to turn this off.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
use-resource-role-mappings If set to 'true', the subsystem will look inside the token for application-level role mappings for a user. If set to 'false', the subsystem will look at the realm-level for user-role mappings. This is optional.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
verify-token-audience If set to 'true', then during bearer-only authentication, the subsystem verifies if the token contains the client name defined as an audience. It is recommended to set the value to 'true' for improved security.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Add a deployment to be secured by an OpenID Connect provider.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
adapter-state-cookie-path
STRING
false
true
If set, this defines the path used in cookies set by the subsystem. This is useful when deploying an application in the root context path.
allow-any-hostname
BOOLEAN
false
true
false
If set to 'true', hostname verification is skipped when communicating with the OpenID provider over HTTPS. This can be useful in testing environments. This should never be set to 'true' in production environments as it disables verification of SSL certificates.
always-refresh-token
BOOLEAN
false
true
false
If set to 'true', the subsystem refreshes the token every time your application receives a web request, and a new request is sent to the OpenID provider to obtain a new access token. This can result in a higher load on the OpenID provider and may impact the performance of the application.
auth-server-url
STRING
false
true
The base URL of the Keycloak authorization server. This is Keycloak-specific. It is recommended to use 'provider-url' instead.
autodetect-bearer-only
BOOLEAN
false
true
false
Whether to auto-detect SOAP or REST clients based on headers like 'X-Requested-With', 'SOAPAction' or 'Accept'. If set to 'true', the subsystem sends an HTTP 401 status code to unauthenticated SOAP or REST clients instead of redirecting them to the OpenID provider login page. Set the value to 'true' if your application serves both applications and web services.
bearer-only
BOOLEAN
false
true
false
Enable Bearer-Token only authentication. Set this to 'true' if your application serves only web services and does not authenticate users.
client-id
STRING
false
true
The unique identifier for a client application registered in the OpenID provider.
client-key-password
STRING
false
true
The password for the client key. This is required if 'client-keystore' has been specified.
client-keystore
STRING
false
true
The path to the client keystore to use when communicating with the OpenID provider over HTTPS. This is optional.
client-keystore-password
STRING
false
true
The password for the client keystore. This is required if 'client-keystore' has been specified.
confidential-port
INT
false
true
8443
The confidential port used by the OpenID provider when communicating securely over SSL/TLS.
connection-pool-size
INT
false
true
The connection pool size to use when communicating with the OpenID provider.
connection-timeout-millis
LONG
false
true
The timeout for establishing a connection with the remote host in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
connection-ttl-millis
LONG
false
true
The amount of time in milliseconds for the connection to be kept alive. A value less than or equal to zero is interpreted as an infinite value.
cors-allowed-headers
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-allowed-methods
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Methods' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-exposed-headers
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Expose-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-max-age
INT
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Max-Age' header. If not set, this header is not returned in CORS responses.
credential
OBJECT
false
false
The credential used to communicate with the OpenID Connect provider.
disable-trust-manager
BOOLEAN
false
true
false
Whether or not to make use of a trust manager when communicating with the OpenID provider over HTTPS. This is optional. This should be set to 'true' only during development and never in production as it disables verification of SSL certificates.
enable-basic-auth
BOOLEAN
false
true
false
Enable Basic authentication. This is not supported in the current release.
enable-cors
BOOLEAN
false
true
false
Enable the Keycloak Cross-Origin Resource Sharing (CORS) support. This is optional. This is Keycloak-specific.
expose-token
BOOLEAN
false
true
false
If set to 'true', an authenticated browser client can obtain the signed access token (through a Javascript HTTP invocation) via the URL 'root/k_query_bearer_token'. This is optional.
ignore-oauth-query-parameter
BOOLEAN
false
true
false
Disable query parameter parsing for the 'access_token'. Users will not be able to authenticate if they only pass in an 'access_token'.
min-time-between-jwks-requests
INT
false
true
If the subsystem recognizes a token signed by an unknown public key, it will try to download a new public key from the server. The subsystem won't try to download a public key if it already tried last in less than 'min-time-between-jwks-requests' seconds.
principal-attribute
STRING
false
true
Indicates which value from the ID token to use as the principal for the identity. The principal defaults to the value of the 'sub' if the token attribute is null.
provider
STRING
false
true
The OpenID Connect provider to use for authentication.
provider-url
STRING
false
true
The OpenID provider URL.
proxy-url
STRING
false
true
The URL for the HTTP proxy if one is used.
public-client
BOOLEAN
false
true
false
If set to 'true', no client credentials are sent when communicating with the OpenID provider.
public-key-cache-ttl
INT
false
true
The maximum interval between two requests to retrieve new public keys in seconds. New public keys are downloaded when the subsystem recognizes a token signed by an unknown public key. Even if the token's key is already known, new public keys are downloaded periodically as per the interval set here at least once.
realm
STRING
false
true
The Keycloak realm to use for authentication.
realm-public-key
STRING
false
true
The public key of the OpenID provider in PEM format. This is optional. It is not recommended to set it. If the public key is not set, the subsystem downloads the public key from the OpenID provider when needed. If the public key is set, the subsystem never downloads new keys from the OpenID provider, breaking the subsystem when the OpenID provider rotates its keys.
redirect-rewrite-rule
OBJECT
false
false
The rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String.
register-node-at-startup
BOOLEAN
false
true
false
If set to 'true', the subsystem sends a registration request to the OpenID provider. This attribute is useful only when your application is clustered.
register-node-period
INT
false
true
If 'register-node-at-startup' is set to 'true', this specifies the frequency (in seconds) at which the node should be re-registered.
resource
STRING
false
true
The unique, legacy identifier for a client application registered in the OpenID provider. It is recommended to use the 'client-id'.
socket-timeout-millis
LONG
false
true
The timeout for the socket waiting for data after establishing the connection in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
ssl-required
STRING
false
true
external
Whether the communication with the OpenID provider should be over HTTPS. Valid values are: 'all' - to always require HTTPS, 'external' - to only require HTTPS for external requests, 'none' - if HTTPS is not required. This should be set to 'all' in production environments.
token-minimum-time-to-live
INT
false
true
The subsystem will refresh the token if it will expire within the duration specified in 'token-minimum-time-to-live' seconds. This value should never exceed the access token lifespan. If the value is set to 0 seconds, the subsystem will refresh the token only if the token has expired.
token-signature-algorithm
STRING
false
true
RS256
The token signature algorithm used by the OpenID provider.
token-store
STRING
false
true
Defines whether to store account information in an HTTP session or in a cookie.
truststore
STRING
false
true
The path to the truststore to use when communicating with Keycloak over HTTPS. Prefix the path with 'classpath:' to obtain the truststore from the deployment's classpath.
truststore-password
STRING
false
true
The password for the truststore.
turn-off-change-session-id-on-login
BOOLEAN
false
true
false
The Session ID is changed by default on a successful login. Set this to 'true' if you want to turn this off.
use-resource-role-mappings
BOOLEAN
false
true
false
If set to 'true', the subsystem will look inside the token for application-level role mappings for a user. If set to 'false', the subsystem will look at the realm-level for user-role mappings. This is optional.
verify-token-audience
BOOLEAN
false
true
false
If set to 'true', then during bearer-only authentication, the subsystem verifies if the token contains the client name defined as an audience. It is recommended to set the value to 'true' for improved security.
remove Remove a deployment secured by an OpenID Connect provider.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron-oidc-client/secure-deployment/redirect-rewrite-rule/index.html b/29/wildscribe/subsystem/elytron-oidc-client/secure-deployment/redirect-rewrite-rule/index.html
index 811ee6925..ea0d604b1 100644
--- a/29/wildscribe/subsystem/elytron-oidc-client/secure-deployment/redirect-rewrite-rule/index.html
+++ b/29/wildscribe/subsystem/elytron-oidc-client/secure-deployment/redirect-rewrite-rule/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String.
Attributes (1)
replacement The replacement String in the rewrite rule for the redirect URI.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Add the rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String. You can use the '$' character to use for back-reference in the replacement String.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
replacement
STRING
false
true
The replacement String in the rewrite rule for the redirect URI.
remove Remove the rewrite rule for the redirect URI.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron-oidc-client/secure-server/credential/index.html b/29/wildscribe/subsystem/elytron-oidc-client/secure-server/credential/index.html
index f86156491..e2956cded 100644
--- a/29/wildscribe/subsystem/elytron-oidc-client/secure-server/credential/index.html
+++ b/29/wildscribe/subsystem/elytron-oidc-client/secure-server/credential/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The credential used to communicate with the OpenID Connect provider.
Attributes (8)
algorithm The credential signature algorithm used by the OpenID provider.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-key-alias The client key alias when the credential provider is used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-key-password The password for the client key when the credential provider is used. This is required if 'client-keystore-file' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-file The path to the client keystore when the credential provider is used. This is optional.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-password The password for the client keystore when the credential provider is used. This is required if 'client-keystore-file' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-type The client keystore type when the credential provider is used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
secret The client secret that was registered with the OpenID provider.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
token-timeout The amount of time after which the token expires and can no longer be used to authenticate requests.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Add credentials used to communicate with the OpenID provider.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
algorithm
STRING
false
true
The credential signature algorithm used by the OpenID provider.
client-key-alias
STRING
false
true
The client key alias when the credential provider is used.
client-key-password
STRING
false
true
The password for the client key when the credential provider is used. This is required if 'client-keystore-file' has been specified.
client-keystore-file
STRING
false
true
The path to the client keystore when the credential provider is used. This is optional.
client-keystore-password
STRING
false
true
The password for the client keystore when the credential provider is used. This is required if 'client-keystore-file' has been specified.
client-keystore-type
STRING
false
true
The client keystore type when the credential provider is used.
secret
STRING
false
true
The client secret that was registered with the OpenID provider.
token-timeout
INT
false
true
The amount of time after which the token expires and can no longer be used to authenticate requests.
remove Remove the credentials used to communicate with the OpenID provider.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron-oidc-client/secure-server/index.html b/29/wildscribe/subsystem/elytron-oidc-client/secure-server/index.html
index 5d1fb3dc7..7a8a62693 100644
--- a/29/wildscribe/subsystem/elytron-oidc-client/secure-server/index.html
+++ b/29/wildscribe/subsystem/elytron-oidc-client/secure-server/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configuration used to secure the management console using Keycloak.
Children (2)
credential The credential used to communicate with the OpenID Connect provider.
redirect-rewrite-rule The rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String.
Attributes (47)
adapter-state-cookie-path If set, this defines the path used in cookies set by the subsystem. This is useful when deploying an application in the root context path.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
allow-any-hostname If set to 'true', hostname verification is skipped when communicating with the OpenID provider over HTTPS. This can be useful in testing environments. This should never be set to 'true' in production environments as it disables verification of SSL certificates.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
always-refresh-token If set to 'true', the subsystem refreshes the token every time your application receives a web request, and a new request is sent to the OpenID provider to obtain a new access token. This can result in a higher load on the OpenID provider and may impact the performance of the application.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auth-server-url The base URL of the Keycloak authorization server. This is Keycloak-specific. It is recommended to use 'provider-url' instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
autodetect-bearer-only Whether to auto-detect SOAP or REST clients based on headers like 'X-Requested-With', 'SOAPAction' or 'Accept'. If set to 'true', the subsystem sends an HTTP 401 status code to unauthenticated SOAP or REST clients instead of redirecting them to the OpenID provider login page. Set the value to 'true' if your application serves both applications and web services.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
bearer-only Enable Bearer-Token only authentication. Set this to 'true' if your application serves only web services and does not authenticate users.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-id The unique identifier for a client application registered in the OpenID provider.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-key-password The password for the client key. This is required if 'client-keystore' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore The path to the client keystore to use when communicating with the OpenID provider over HTTPS. This is optional.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-password The password for the client keystore. This is required if 'client-keystore' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
confidential-port The confidential port used by the OpenID provider when communicating securely over SSL/TLS.
Attribute
Value
Default Value
8443
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-pool-size The connection pool size to use when communicating with the OpenID provider.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-timeout-millis The timeout for establishing a connection with the remote host in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-ttl-millis The amount of time in milliseconds for the connection to be kept alive. A value less than or equal to zero is interpreted as an infinite value.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-allowed-headers If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-allowed-methods If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Methods' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-exposed-headers If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Expose-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-max-age If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Max-Age' header. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
credential The credential used to communicate with the OpenID Connect provider.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
disable-trust-manager Whether or not to make use of a trust manager when communicating with the OpenID provider over HTTPS. This is optional. This should be set to 'true' only during development and never in production as it disables verification of SSL certificates.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-basic-auth Enable Basic authentication. This is not supported in the current release.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-cors Enable the Keycloak Cross-Origin Resource Sharing (CORS) support. This is optional. This is Keycloak-specific.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
expose-token If set to 'true', an authenticated browser client can obtain the signed access token (through a Javascript HTTP invocation) via the URL 'root/k_query_bearer_token'. This is optional.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
ignore-oauth-query-parameter Disable query parameter parsing for the 'access_token'. Users will not be able to authenticate if they only pass in an 'access_token'.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
min-time-between-jwks-requests If the subsystem recognizes a token signed by an unknown public key, it will try to download a new public key from the server. The subsystem won't try to download a public key if it already tried last in less than 'min-time-between-jwks-requests' seconds.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
principal-attribute Indicates which value from the ID token to use as the principal for the identity. The principal defaults to the value of the 'sub' if the token attribute is null.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
provider The OpenID Connect provider to use for authentication.
proxy-url The URL for the HTTP proxy if one is used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
public-client If set to 'true', no client credentials are sent when communicating with the OpenID provider.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
public-key-cache-ttl The maximum interval between two requests to retrieve new public keys in seconds. New public keys are downloaded when the subsystem recognizes a token signed by an unknown public key. Even if the token's key is already known, new public keys are downloaded periodically as per the interval set here at least once.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
realm The Keycloak realm to use for authentication.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
realm-public-key The public key of the OpenID provider in PEM format. This is optional. It is not recommended to set it. If the public key is not set, the subsystem downloads the public key from the OpenID provider when needed. If the public key is set, the subsystem never downloads new keys from the OpenID provider, breaking the subsystem when the OpenID provider rotates its keys.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
redirect-rewrite-rule The rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
register-node-at-startup If set to 'true', the subsystem sends a registration request to the OpenID provider. This attribute is useful only when your application is clustered.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
register-node-period If 'register-node-at-startup' is set to 'true', this specifies the frequency (in seconds) at which the node should be re-registered.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
resource The unique, legacy identifier for a client application registered in the OpenID provider. It is recommended to use the 'client-id'.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
socket-timeout-millis The timeout for the socket waiting for data after establishing the connection in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
ssl-required Whether the communication with the OpenID provider should be over HTTPS. Valid values are: 'all' - to always require HTTPS, 'external' - to only require HTTPS for external requests, 'none' - if HTTPS is not required. This should be set to 'all' in production environments.
Attribute
Value
Default Value
external
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
ALL EXTERNAL NONE
token-minimum-time-to-live The subsystem will refresh the token if it will expire within the duration specified in 'token-minimum-time-to-live' seconds. This value should never exceed the access token lifespan. If the value is set to 0 seconds, the subsystem will refresh the token only if the token has expired.
token-store Defines whether to store account information in an HTTP session or in a cookie.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
truststore The path to the truststore to use when communicating with Keycloak over HTTPS. Prefix the path with 'classpath:' to obtain the truststore from the deployment's classpath.
turn-off-change-session-id-on-login The Session ID is changed by default on a successful login. Set this to 'true' if you want to turn this off.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
use-resource-role-mappings If set to 'true', the subsystem will look inside the token for application-level role mappings for a user. If set to 'false', the subsystem will look at the realm-level for user-role mappings. This is optional.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
verify-token-audience If set to 'true', then during bearer-only authentication, the subsystem verifies if the token contains the client name defined as an audience. It is recommended to set the value to 'true' for improved security.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Add configuration to be used to secure the management console using the Keycloak OpenID provider.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
adapter-state-cookie-path
STRING
false
true
If set, this defines the path used in cookies set by the subsystem. This is useful when deploying an application in the root context path.
allow-any-hostname
BOOLEAN
false
true
false
If set to 'true', hostname verification is skipped when communicating with the OpenID provider over HTTPS. This can be useful in testing environments. This should never be set to 'true' in production environments as it disables verification of SSL certificates.
always-refresh-token
BOOLEAN
false
true
false
If set to 'true', the subsystem refreshes the token every time your application receives a web request, and a new request is sent to the OpenID provider to obtain a new access token. This can result in a higher load on the OpenID provider and may impact the performance of the application.
auth-server-url
STRING
false
true
The base URL of the Keycloak authorization server. This is Keycloak-specific. It is recommended to use 'provider-url' instead.
autodetect-bearer-only
BOOLEAN
false
true
false
Whether to auto-detect SOAP or REST clients based on headers like 'X-Requested-With', 'SOAPAction' or 'Accept'. If set to 'true', the subsystem sends an HTTP 401 status code to unauthenticated SOAP or REST clients instead of redirecting them to the OpenID provider login page. Set the value to 'true' if your application serves both applications and web services.
bearer-only
BOOLEAN
false
true
false
Enable Bearer-Token only authentication. Set this to 'true' if your application serves only web services and does not authenticate users.
client-id
STRING
false
true
The unique identifier for a client application registered in the OpenID provider.
client-key-password
STRING
false
true
The password for the client key. This is required if 'client-keystore' has been specified.
client-keystore
STRING
false
true
The path to the client keystore to use when communicating with the OpenID provider over HTTPS. This is optional.
client-keystore-password
STRING
false
true
The password for the client keystore. This is required if 'client-keystore' has been specified.
confidential-port
INT
false
true
8443
The confidential port used by the OpenID provider when communicating securely over SSL/TLS.
connection-pool-size
INT
false
true
The connection pool size to use when communicating with the OpenID provider.
connection-timeout-millis
LONG
false
true
The timeout for establishing a connection with the remote host in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
connection-ttl-millis
LONG
false
true
The amount of time in milliseconds for the connection to be kept alive. A value less than or equal to zero is interpreted as an infinite value.
cors-allowed-headers
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-allowed-methods
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Methods' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-exposed-headers
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Expose-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-max-age
INT
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Max-Age' header. If not set, this header is not returned in CORS responses.
credential
OBJECT
false
false
The credential used to communicate with the OpenID Connect provider.
disable-trust-manager
BOOLEAN
false
true
false
Whether or not to make use of a trust manager when communicating with the OpenID provider over HTTPS. This is optional. This should be set to 'true' only during development and never in production as it disables verification of SSL certificates.
enable-basic-auth
BOOLEAN
false
true
false
Enable Basic authentication. This is not supported in the current release.
enable-cors
BOOLEAN
false
true
false
Enable the Keycloak Cross-Origin Resource Sharing (CORS) support. This is optional. This is Keycloak-specific.
expose-token
BOOLEAN
false
true
false
If set to 'true', an authenticated browser client can obtain the signed access token (through a Javascript HTTP invocation) via the URL 'root/k_query_bearer_token'. This is optional.
ignore-oauth-query-parameter
BOOLEAN
false
true
false
Disable query parameter parsing for the 'access_token'. Users will not be able to authenticate if they only pass in an 'access_token'.
min-time-between-jwks-requests
INT
false
true
If the subsystem recognizes a token signed by an unknown public key, it will try to download a new public key from the server. The subsystem won't try to download a public key if it already tried last in less than 'min-time-between-jwks-requests' seconds.
principal-attribute
STRING
false
true
Indicates which value from the ID token to use as the principal for the identity. The principal defaults to the value of the 'sub' if the token attribute is null.
provider
STRING
false
true
The OpenID Connect provider to use for authentication.
provider-url
STRING
false
true
The OpenID provider URL.
proxy-url
STRING
false
true
The URL for the HTTP proxy if one is used.
public-client
BOOLEAN
false
true
false
If set to 'true', no client credentials are sent when communicating with the OpenID provider.
public-key-cache-ttl
INT
false
true
The maximum interval between two requests to retrieve new public keys in seconds. New public keys are downloaded when the subsystem recognizes a token signed by an unknown public key. Even if the token's key is already known, new public keys are downloaded periodically as per the interval set here at least once.
realm
STRING
false
true
The Keycloak realm to use for authentication.
realm-public-key
STRING
false
true
The public key of the OpenID provider in PEM format. This is optional. It is not recommended to set it. If the public key is not set, the subsystem downloads the public key from the OpenID provider when needed. If the public key is set, the subsystem never downloads new keys from the OpenID provider, breaking the subsystem when the OpenID provider rotates its keys.
redirect-rewrite-rule
OBJECT
false
false
The rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String.
register-node-at-startup
BOOLEAN
false
true
false
If set to 'true', the subsystem sends a registration request to the OpenID provider. This attribute is useful only when your application is clustered.
register-node-period
INT
false
true
If 'register-node-at-startup' is set to 'true', this specifies the frequency (in seconds) at which the node should be re-registered.
resource
STRING
false
true
The unique, legacy identifier for a client application registered in the OpenID provider. It is recommended to use the 'client-id'.
socket-timeout-millis
LONG
false
true
The timeout for the socket waiting for data after establishing the connection in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
ssl-required
STRING
false
true
external
Whether the communication with the OpenID provider should be over HTTPS. Valid values are: 'all' - to always require HTTPS, 'external' - to only require HTTPS for external requests, 'none' - if HTTPS is not required. This should be set to 'all' in production environments.
token-minimum-time-to-live
INT
false
true
The subsystem will refresh the token if it will expire within the duration specified in 'token-minimum-time-to-live' seconds. This value should never exceed the access token lifespan. If the value is set to 0 seconds, the subsystem will refresh the token only if the token has expired.
token-signature-algorithm
STRING
false
true
RS256
The token signature algorithm used by the OpenID provider.
token-store
STRING
false
true
Defines whether to store account information in an HTTP session or in a cookie.
truststore
STRING
false
true
The path to the truststore to use when communicating with Keycloak over HTTPS. Prefix the path with 'classpath:' to obtain the truststore from the deployment's classpath.
truststore-password
STRING
false
true
The password for the truststore.
turn-off-change-session-id-on-login
BOOLEAN
false
true
false
The Session ID is changed by default on a successful login. Set this to 'true' if you want to turn this off.
use-resource-role-mappings
BOOLEAN
false
true
false
If set to 'true', the subsystem will look inside the token for application-level role mappings for a user. If set to 'false', the subsystem will look at the realm-level for user-role mappings. This is optional.
verify-token-audience
BOOLEAN
false
true
false
If set to 'true', then during bearer-only authentication, the subsystem verifies if the token contains the client name defined as an audience. It is recommended to set the value to 'true' for improved security.
remove Remove configuration used to secure the management console using the Keycloak OpenID provider.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron-oidc-client/secure-server/redirect-rewrite-rule/index.html b/29/wildscribe/subsystem/elytron-oidc-client/secure-server/redirect-rewrite-rule/index.html
index be0247e0e..ed5129e69 100644
--- a/29/wildscribe/subsystem/elytron-oidc-client/secure-server/redirect-rewrite-rule/index.html
+++ b/29/wildscribe/subsystem/elytron-oidc-client/secure-server/redirect-rewrite-rule/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String.
Attributes (1)
replacement The replacement String in the rewrite rule for the redirect URI.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Add the rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String. You can use the '$' character to use for back-reference in the replacement String.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
replacement
STRING
false
true
The replacement String in the rewrite rule for the redirect URI.
remove Remove the rewrite rule for the redirect URI.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/add-prefix-role-mapper/index.html b/29/wildscribe/subsystem/elytron/add-prefix-role-mapper/index.html
index c73342cdb..4b2fcd23b 100644
--- a/29/wildscribe/subsystem/elytron/add-prefix-role-mapper/index.html
+++ b/29/wildscribe/subsystem/elytron/add-prefix-role-mapper/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/add-suffix-role-mapper/index.html b/29/wildscribe/subsystem/elytron/add-suffix-role-mapper/index.html
index 35b96b8ee..02bf2e1a2 100644
--- a/29/wildscribe/subsystem/elytron/add-suffix-role-mapper/index.html
+++ b/29/wildscribe/subsystem/elytron/add-suffix-role-mapper/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/aggregate-evidence-decoder/index.html b/29/wildscribe/subsystem/elytron/aggregate-evidence-decoder/index.html
index d00baf976..f02c6d5e9 100644
--- a/29/wildscribe/subsystem/elytron/aggregate-evidence-decoder/index.html
+++ b/29/wildscribe/subsystem/elytron/aggregate-evidence-decoder/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
An evidence decoder that is an aggregation of other evidence decoders. Given evidence, these evidence decoders will be attempted in order until one returns a non-null principal or until there are no more evidence decoders left to try.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/aggregate-http-server-mechanism-factory/index.html b/29/wildscribe/subsystem/elytron/aggregate-http-server-mechanism-factory/index.html
index 075f9fad0..620e2c0c4 100644
--- a/29/wildscribe/subsystem/elytron/aggregate-http-server-mechanism-factory/index.html
+++ b/29/wildscribe/subsystem/elytron/aggregate-http-server-mechanism-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/aggregate-principal-decoder/index.html b/29/wildscribe/subsystem/elytron/aggregate-principal-decoder/index.html
index 3cb1449d1..b13c87b50 100644
--- a/29/wildscribe/subsystem/elytron/aggregate-principal-decoder/index.html
+++ b/29/wildscribe/subsystem/elytron/aggregate-principal-decoder/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/aggregate-principal-transformer/index.html b/29/wildscribe/subsystem/elytron/aggregate-principal-transformer/index.html
index 00a9df3ce..a9590b884 100644
--- a/29/wildscribe/subsystem/elytron/aggregate-principal-transformer/index.html
+++ b/29/wildscribe/subsystem/elytron/aggregate-principal-transformer/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A principal transformer aggregating more principal transformers. Original principal is tried to be transformed by individual transformers until one return non-null principal - that is returned.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/aggregate-providers/index.html b/29/wildscribe/subsystem/elytron/aggregate-providers/index.html
index c60b1abfc..77b4392b7 100644
--- a/29/wildscribe/subsystem/elytron/aggregate-providers/index.html
+++ b/29/wildscribe/subsystem/elytron/aggregate-providers/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/aggregate-realm/index.html b/29/wildscribe/subsystem/elytron/aggregate-realm/index.html
index 7fe5523ae..5fd323234 100644
--- a/29/wildscribe/subsystem/elytron/aggregate-realm/index.html
+++ b/29/wildscribe/subsystem/elytron/aggregate-realm/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A realm definition that is an aggregation of two realms, one for the authentication steps and one for loading the identity for the authorization steps.
authorization-realms Reference to one or more security realms to use for loading the identity for authorization steps and aggregating the attributes (loading of the identity).
principal-transformer Reference to a principal transformer to apply between loading the identity for authentication and loading the identity for authorization
Reference to the security realm to use for authentication steps (obtaining or validating credentials).
authorization-realm
STRING
true
false
Reference to the security realm to use for loading the identity for authorization steps (loading of the identity).
authorization-realms
LIST
true
false
Reference to one or more security realms to use for loading the identity for authorization steps and aggregating the attributes (loading of the identity).
principal-transformer
STRING
false
true
Reference to a principal transformer to apply between loading the identity for authentication and loading the identity for authorization
remove The remove operation for the security realm.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/aggregate-role-decoder/index.html b/29/wildscribe/subsystem/elytron/aggregate-role-decoder/index.html
index f20576367..cf3b00536 100644
--- a/29/wildscribe/subsystem/elytron/aggregate-role-decoder/index.html
+++ b/29/wildscribe/subsystem/elytron/aggregate-role-decoder/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/aggregate-role-mapper/index.html b/29/wildscribe/subsystem/elytron/aggregate-role-mapper/index.html
index aa7929359..0eea13474 100644
--- a/29/wildscribe/subsystem/elytron/aggregate-role-mapper/index.html
+++ b/29/wildscribe/subsystem/elytron/aggregate-role-mapper/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/aggregate-sasl-server-factory/index.html b/29/wildscribe/subsystem/elytron/aggregate-sasl-server-factory/index.html
index 0c6459ec6..4aacd938f 100644
--- a/29/wildscribe/subsystem/elytron/aggregate-sasl-server-factory/index.html
+++ b/29/wildscribe/subsystem/elytron/aggregate-sasl-server-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/aggregate-security-event-listener/index.html b/29/wildscribe/subsystem/elytron/aggregate-security-event-listener/index.html
index 8005f5f77..4d186c393 100644
--- a/29/wildscribe/subsystem/elytron/aggregate-security-event-listener/index.html
+++ b/29/wildscribe/subsystem/elytron/aggregate-security-event-listener/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/authentication-configuration/index.html b/29/wildscribe/subsystem/elytron/authentication-configuration/index.html
index bbd1b164b..7167ea295 100644
--- a/29/wildscribe/subsystem/elytron/authentication-configuration/index.html
+++ b/29/wildscribe/subsystem/elytron/authentication-configuration/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
forwarding-mode The type of security identity forwarding to use. A mode of 'authentication' forwarding forwards the principal and credential. A mode of 'authorization' forwards the authorization id, allowing for a different authentication identity.
webservices Web services client configuration definition.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add Add a new authentication configuration definition.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
anonymous
BOOLEAN
false
true
false
Enables anonymous authentication.
authentication-name
STRING
false
true
The authentication name to use.
authorization-name
STRING
false
true
The authorization name to use.
credential-reference
OBJECT
false
false
The reference to credential stored in CredentialStore under defined alias or clear text password.
extends
STRING
false
false
A previously defined authentication configuration to extend.
forwarding-mode
STRING
false
true
authentication
The type of security identity forwarding to use. A mode of 'authentication' forwarding forwards the principal and credential. A mode of 'authorization' forwards the authorization id, allowing for a different authentication identity.
host
STRING
false
true
The host to use.
kerberos-security-factory
STRING
false
false
Reference to a kerberos security factory used to obtain a GSS kerberos credential
mechanism-properties
OBJECT
false
false
Configuration properties for the SASL authentication mechanism.
port
INT
false
true
The port to use.
protocol
STRING
false
true
The protocol to use.
realm
STRING
false
true
The realm to use.
sasl-mechanism-selector
STRING
false
true
The SASL mechanism selector string.
security-domain
STRING
false
false
Reference to a security domain to obtain a forwarded identity.
webservices
OBJECT
false
true
Web services client configuration definition.
remove Remove the authentication configuration definition.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/authentication-context/index.html b/29/wildscribe/subsystem/elytron/authentication-context/index.html
index 623147448..64fef537d 100644
--- a/29/wildscribe/subsystem/elytron/authentication-context/index.html
+++ b/29/wildscribe/subsystem/elytron/authentication-context/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/caching-realm/index.html b/29/wildscribe/subsystem/elytron/caching-realm/index.html
index dcb85768a..afe9cf32e 100644
--- a/29/wildscribe/subsystem/elytron/caching-realm/index.html
+++ b/29/wildscribe/subsystem/elytron/caching-realm/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A realm definition that enables caching to another security realm. Caching strategy is LRU (Least Recently Used) where least accessed entries are discarded when maximum number of entries is reached.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/case-principal-transformer/index.html b/29/wildscribe/subsystem/elytron/case-principal-transformer/index.html
index 169d8c880..43c1866a8 100644
--- a/29/wildscribe/subsystem/elytron/case-principal-transformer/index.html
+++ b/29/wildscribe/subsystem/elytron/case-principal-transformer/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/certificate-authority-account/index.html b/29/wildscribe/subsystem/elytron/certificate-authority-account/index.html
index 75c5b2597..4eb47a1b6 100644
--- a/29/wildscribe/subsystem/elytron/certificate-authority-account/index.html
+++ b/29/wildscribe/subsystem/elytron/certificate-authority-account/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
alias The alias of certificate authority account key in the keystore. If the alias does not already exist in the keystore, a certificate authority account key will be automatically generated and stored as a PrivateKeyEntry under the alias.
add Add a new certificate authority account definition.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
certificate-authority
STRING
false
true
LetsEncrypt
The name of the certificate authority to use.
contact-urls
LIST
false
true
A list of URLs that the certificate authority can contact about any issues related to this account.
alias
STRING
true
true
The alias of certificate authority account key in the keystore. If the alias does not already exist in the keystore, a certificate authority account key will be automatically generated and stored as a PrivateKeyEntry under the alias.
credential-reference
OBJECT
false
false
Credential to be used when accessing the certificate authority account key.
key-store
STRING
true
false
The keystore that contains the certificate authority account key.
change-account-key Change the key associated with this certificate authority account.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
staging
BOOLEAN
false
true
false
Indicates whether or not the certificate authority's staging URL should be used. The default value is false. This should only be set to true for testing purposes. This should never be set to true in a production environment.
create-account Create an account with the certificate authority if one doesn't already exist.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
agree-to-terms-of-service
BOOLEAN
true
true
Indicates whether or not the user agrees to the certificate authority's terms of service.
staging
BOOLEAN
false
true
false
Indicates whether or not the certificate authority's staging URL should be used. The default value is false. This should only be set to true for testing purposes. This should never be set to true in a production environment.
Indicates whether or not the certificate authority's staging URL should be used. The default value is false. This should only be set to true for testing purposes. This should never be set to true in a production environment.
get-metadata Get the metadata associated with the certificate authority.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
staging
BOOLEAN
false
true
false
Indicates whether or not the certificate authority's staging URL should be used. The default value is false. This should only be set to true for testing purposes. This should never be set to true in a production environment.
remove Remove the certificate authority account definition.
update-account Update an account with the certificate authority.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
agree-to-terms-of-service
BOOLEAN
true
true
Indicates whether or not the user agrees to the certificate authority's terms of service.
staging
BOOLEAN
false
true
false
Indicates whether or not the certificate authority's staging URL should be used. The default value is false. This should only be set to true for testing purposes. This should never be set to true in a production environment.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/certificate-authority/index.html b/29/wildscribe/subsystem/elytron/certificate-authority/index.html
index 9df98bbfb..228cd2b31 100644
--- a/29/wildscribe/subsystem/elytron/certificate-authority/index.html
+++ b/29/wildscribe/subsystem/elytron/certificate-authority/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/chained-principal-transformer/index.html b/29/wildscribe/subsystem/elytron/chained-principal-transformer/index.html
index 871297a6d..662a5ca1c 100644
--- a/29/wildscribe/subsystem/elytron/chained-principal-transformer/index.html
+++ b/29/wildscribe/subsystem/elytron/chained-principal-transformer/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/client-ssl-context/index.html b/29/wildscribe/subsystem/elytron/client-ssl-context/index.html
index 31cc4e2f6..81aa23ba1 100644
--- a/29/wildscribe/subsystem/elytron/client-ssl-context/index.html
+++ b/29/wildscribe/subsystem/elytron/client-ssl-context/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/client-ssl-context/ssl-session/index.html b/29/wildscribe/subsystem/elytron/client-ssl-context/ssl-session/index.html
index 71dd4d5eb..03eb1a7a3 100644
--- a/29/wildscribe/subsystem/elytron/client-ssl-context/ssl-session/index.html
+++ b/29/wildscribe/subsystem/elytron/client-ssl-context/ssl-session/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
peer-host The peer host as reported by the SSLSession.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
peer-port The peer port as reported by the SSLSession.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
peer-principal The peer principal as reported by the SSLSession.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
protocol The protocol as reported by the SSLSession.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
valid The validity of the session as reported by the SSLSession.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (1)
invalidate Invalidate the SSLSession (Note: This does not terminate current connections, only prevents future connections from joining or resuming this session).
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/concatenating-principal-decoder/index.html b/29/wildscribe/subsystem/elytron/concatenating-principal-decoder/index.html
index 1b2031319..0049dc154 100644
--- a/29/wildscribe/subsystem/elytron/concatenating-principal-decoder/index.html
+++ b/29/wildscribe/subsystem/elytron/concatenating-principal-decoder/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/configurable-http-server-mechanism-factory/index.html b/29/wildscribe/subsystem/elytron/configurable-http-server-mechanism-factory/index.html
index c8f0e1973..36f39df93 100644
--- a/29/wildscribe/subsystem/elytron/configurable-http-server-mechanism-factory/index.html
+++ b/29/wildscribe/subsystem/elytron/configurable-http-server-mechanism-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/configurable-sasl-server-factory/index.html b/29/wildscribe/subsystem/elytron/configurable-sasl-server-factory/index.html
index db5a55de6..e7e89d956 100644
--- a/29/wildscribe/subsystem/elytron/configurable-sasl-server-factory/index.html
+++ b/29/wildscribe/subsystem/elytron/configurable-sasl-server-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/constant-permission-mapper/index.html b/29/wildscribe/subsystem/elytron/constant-permission-mapper/index.html
index f853d8a3b..952e93321 100644
--- a/29/wildscribe/subsystem/elytron/constant-permission-mapper/index.html
+++ b/29/wildscribe/subsystem/elytron/constant-permission-mapper/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/constant-principal-decoder/index.html b/29/wildscribe/subsystem/elytron/constant-principal-decoder/index.html
index 6f8a30b29..417d0f668 100644
--- a/29/wildscribe/subsystem/elytron/constant-principal-decoder/index.html
+++ b/29/wildscribe/subsystem/elytron/constant-principal-decoder/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/constant-principal-transformer/index.html b/29/wildscribe/subsystem/elytron/constant-principal-transformer/index.html
index 9d154fb2a..99bec8b56 100644
--- a/29/wildscribe/subsystem/elytron/constant-principal-transformer/index.html
+++ b/29/wildscribe/subsystem/elytron/constant-principal-transformer/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/constant-realm-mapper/index.html b/29/wildscribe/subsystem/elytron/constant-realm-mapper/index.html
index eac4a96ed..7812dfe08 100644
--- a/29/wildscribe/subsystem/elytron/constant-realm-mapper/index.html
+++ b/29/wildscribe/subsystem/elytron/constant-realm-mapper/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/constant-role-mapper/index.html b/29/wildscribe/subsystem/elytron/constant-role-mapper/index.html
index d570ab1c9..60af4aabf 100644
--- a/29/wildscribe/subsystem/elytron/constant-role-mapper/index.html
+++ b/29/wildscribe/subsystem/elytron/constant-role-mapper/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/credential-store/index.html b/29/wildscribe/subsystem/elytron/credential-store/index.html
index 2232daa5b..0c7f9b8d5 100644
--- a/29/wildscribe/subsystem/elytron/credential-store/index.html
+++ b/29/wildscribe/subsystem/elytron/credential-store/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
modifiable Specifies whether credential store is modifiable.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
other-providers The name of the providers defined within the subsystem to obtain the Providers to search for the one that can create the required Jakarta Connectors objects within credential store. This is valid only for key-store based CredentialStore. If this is not specified then the global list of Providers is used instead.
provider-name The name of the provider to use to instantiate the CredentialStoreSpi. If the provider is not specified then the first provider found that can create an instance of the specified 'type' will be used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
providers The name of the providers defined within the subsystem to obtain the Providers to search for the one that can create the required CredentialStore type. If this is not specified then the global list of Providers is used instead.
relative-to A reference to a previously defined path that the file name is relative to.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
state The state of the underlying service that represents this credential store at runtime.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Allowed Values
DOWN STARTING START_FAILED UP STOPPING REMOVED
type The credential store type, e.g. KeyStoreCredentialStore.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (10)
add Add another credential store to the configuration.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
credential-reference
OBJECT
true
false
Credential reference to be used to create protection parameter.
path
STRING
false
true
File name of credential store storage.
relative-to
STRING
false
false
A reference to a previously defined path that the file name is relative to.
create
BOOLEAN
false
false
false
Specifies whether credential store should create storage when it doesn't exist.
implementation-properties
OBJECT
false
true
Map of credentials store implementation specific properties.
location
STRING
false
true
File name of credential store storage.
modifiable
BOOLEAN
false
false
true
Specifies whether credential store is modifiable.
other-providers
STRING
false
false
The name of the providers defined within the subsystem to obtain the Providers to search for the one that can create the required Jakarta Connectors objects within credential store. This is valid only for key-store based CredentialStore. If this is not specified then the global list of Providers is used instead.
provider-name
STRING
false
true
The name of the provider to use to instantiate the CredentialStoreSpi. If the provider is not specified then the first provider found that can create an instance of the specified 'type' will be used.
providers
STRING
false
false
The name of the providers defined within the subsystem to obtain the Providers to search for the one that can create the required CredentialStore type. If this is not specified then the global list of Providers is used instead.
type
STRING
false
true
The credential store type, e.g. KeyStoreCredentialStore.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/custom-credential-security-factory/index.html b/29/wildscribe/subsystem/elytron/custom-credential-security-factory/index.html
index 4f19f13e5..b4ff955b8 100644
--- a/29/wildscribe/subsystem/elytron/custom-credential-security-factory/index.html
+++ b/29/wildscribe/subsystem/elytron/custom-credential-security-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/custom-evidence-decoder/index.html b/29/wildscribe/subsystem/elytron/custom-evidence-decoder/index.html
index ce6fb4050..a6fd9f208 100644
--- a/29/wildscribe/subsystem/elytron/custom-evidence-decoder/index.html
+++ b/29/wildscribe/subsystem/elytron/custom-evidence-decoder/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/custom-modifiable-realm/index.html b/29/wildscribe/subsystem/elytron/custom-modifiable-realm/index.html
index dfbaa3ceb..d2b4d87af 100644
--- a/29/wildscribe/subsystem/elytron/custom-modifiable-realm/index.html
+++ b/29/wildscribe/subsystem/elytron/custom-modifiable-realm/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Custom realm configured as being modifiable will be expected to implement the ModifiableSecurityRealm interface. By configuring a realm as being modifiable management operations will be made available to manipulate the realm.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/custom-permission-mapper/index.html b/29/wildscribe/subsystem/elytron/custom-permission-mapper/index.html
index 007630fd8..4085866de 100644
--- a/29/wildscribe/subsystem/elytron/custom-permission-mapper/index.html
+++ b/29/wildscribe/subsystem/elytron/custom-permission-mapper/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/custom-principal-decoder/index.html b/29/wildscribe/subsystem/elytron/custom-principal-decoder/index.html
index d729735be..d611b89ea 100644
--- a/29/wildscribe/subsystem/elytron/custom-principal-decoder/index.html
+++ b/29/wildscribe/subsystem/elytron/custom-principal-decoder/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/custom-principal-transformer/index.html b/29/wildscribe/subsystem/elytron/custom-principal-transformer/index.html
index 8148a0b1d..266a43581 100644
--- a/29/wildscribe/subsystem/elytron/custom-principal-transformer/index.html
+++ b/29/wildscribe/subsystem/elytron/custom-principal-transformer/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/custom-realm-mapper/index.html b/29/wildscribe/subsystem/elytron/custom-realm-mapper/index.html
index 616cd2a1c..3a94ecdc9 100644
--- a/29/wildscribe/subsystem/elytron/custom-realm-mapper/index.html
+++ b/29/wildscribe/subsystem/elytron/custom-realm-mapper/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/custom-realm/index.html b/29/wildscribe/subsystem/elytron/custom-realm/index.html
index e432fc05c..0eae6fdda 100644
--- a/29/wildscribe/subsystem/elytron/custom-realm/index.html
+++ b/29/wildscribe/subsystem/elytron/custom-realm/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A custom realm definitions can implement either the SecurityRealm interface or the ModifiableSecurityRealm interface. Regardless of which interface is implemented management operations will not be exposed to manage the realm. However other services that depend on the realm will still be able to perform a type check and cast to gain access to the modification API.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/custom-role-decoder/index.html b/29/wildscribe/subsystem/elytron/custom-role-decoder/index.html
index c3c3a65a5..90898b98f 100644
--- a/29/wildscribe/subsystem/elytron/custom-role-decoder/index.html
+++ b/29/wildscribe/subsystem/elytron/custom-role-decoder/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/custom-role-mapper/index.html b/29/wildscribe/subsystem/elytron/custom-role-mapper/index.html
index 42de797c0..be4739e47 100644
--- a/29/wildscribe/subsystem/elytron/custom-role-mapper/index.html
+++ b/29/wildscribe/subsystem/elytron/custom-role-mapper/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/custom-security-event-listener/index.html b/29/wildscribe/subsystem/elytron/custom-security-event-listener/index.html
index 0f39a5614..7fc07c98d 100644
--- a/29/wildscribe/subsystem/elytron/custom-security-event-listener/index.html
+++ b/29/wildscribe/subsystem/elytron/custom-security-event-listener/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/dir-context/index.html b/29/wildscribe/subsystem/elytron/dir-context/index.html
index f55357617..78598d1f5 100644
--- a/29/wildscribe/subsystem/elytron/dir-context/index.html
+++ b/29/wildscribe/subsystem/elytron/dir-context/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
authentication-context The authentication context to obtain login credentials to connect to the LDAP server. Can be omitted if authentication-level is 'none' (anonymous).
authentication-level The authentication level (security level/authentication mechanism) to use. Corresponds to SECURITY_AUTHENTICATION ('java.naming.security.authentication') environment property. Allowed values: 'none', 'simple', sasl_mech, where sasl_mech is a space-separated list of SASL mechanism names.
Attribute
Value
Default Value
simple
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
connection-timeout The timeout for connecting to the LDAP server in milliseconds.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
credential-reference The credential reference to authenticate and connect to the LDAP server. Can be omitted if authentication-level is 'none' (anonymous).
The authentication context to obtain login credentials to connect to the LDAP server. Can be omitted if authentication-level is 'none' (anonymous).
authentication-level
STRING
false
true
simple
The authentication level (security level/authentication mechanism) to use. Corresponds to SECURITY_AUTHENTICATION ('java.naming.security.authentication') environment property. Allowed values: 'none', 'simple', sasl_mech, where sasl_mech is a space-separated list of SASL mechanism names.
connection-timeout
INT
false
true
The timeout for connecting to the LDAP server in milliseconds.
credential-reference
OBJECT
false
false
The credential reference to authenticate and connect to the LDAP server. Can be omitted if authentication-level is 'none' (anonymous).
enable-connection-pooling
BOOLEAN
false
true
false
Indicates if connection pooling is enabled.
module
STRING
false
true
Name of module that will be used as class loading base.
principal
STRING
false
true
The principal to authenticate and connect to the LDAP server. Can be omitted if authentication-level is 'none' (anonymous).
properties
OBJECT
false
true
The additional connection properties for the DirContext.
read-timeout
INT
false
true
The read timeout for an LDAP operation in milliseconds.
referral-mode
STRING
false
true
ignore
If referrals should be followed.
ssl-context
STRING
false
false
The name of ssl-context used to secure connection to the LDAP server.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/distributed-realm/index.html b/29/wildscribe/subsystem/elytron/distributed-realm/index.html
index 4135a8614..6aaed81bb 100644
--- a/29/wildscribe/subsystem/elytron/distributed-realm/index.html
+++ b/29/wildscribe/subsystem/elytron/distributed-realm/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
emit-events Whether a SecurityEvent signifying realm unavailability should be emitted, applicable only when the ignore-unavailable-realms attribute is set to true. The default value is true.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
ignore-unavailable-realms Whether subsequent realms should be checked after an unavailable realm is reached. If set to false or not set, when the unavailable realm is reached "org.wildfly.security.auth.server.RealmUnavailableException" is thrown and the search stops. The default value is false.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
realms References to one or more security realms for authentication and authorization.
Whether a SecurityEvent signifying realm unavailability should be emitted, applicable only when the ignore-unavailable-realms attribute is set to true. The default value is true.
ignore-unavailable-realms
BOOLEAN
false
true
false
Whether subsequent realms should be checked after an unavailable realm is reached. If set to false or not set, when the unavailable realm is reached "org.wildfly.security.auth.server.RealmUnavailableException" is thrown and the search stops. The default value is false.
realms
LIST
true
false
References to one or more security realms for authentication and authorization.
remove The remove operation for the security realm.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/expression/encryption/index.html b/29/wildscribe/subsystem/elytron/expression/encryption/index.html
index dc2f299be..c1380eb19 100644
--- a/29/wildscribe/subsystem/elytron/expression/encryption/index.html
+++ b/29/wildscribe/subsystem/elytron/expression/encryption/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/failover-realm/index.html b/29/wildscribe/subsystem/elytron/failover-realm/index.html
index 3b152fcdb..c35d876e5 100644
--- a/29/wildscribe/subsystem/elytron/failover-realm/index.html
+++ b/29/wildscribe/subsystem/elytron/failover-realm/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/file-audit-log/index.html b/29/wildscribe/subsystem/elytron/file-audit-log/index.html
index 03daf970d..ecd4174ca 100644
--- a/29/wildscribe/subsystem/elytron/file-audit-log/index.html
+++ b/29/wildscribe/subsystem/elytron/file-audit-log/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/filesystem-realm/index.html b/29/wildscribe/subsystem/elytron/filesystem-realm/index.html
index f8d921644..c9e882db3 100644
--- a/29/wildscribe/subsystem/elytron/filesystem-realm/index.html
+++ b/29/wildscribe/subsystem/elytron/filesystem-realm/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/filtering-key-store/index.html b/29/wildscribe/subsystem/elytron/filtering-key-store/index.html
index 21255422a..8b641a113 100644
--- a/29/wildscribe/subsystem/elytron/filtering-key-store/index.html
+++ b/29/wildscribe/subsystem/elytron/filtering-key-store/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
alias-filter A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
state The state of the underlying service that represents this KeyStore at runtime, if it is anything other than UP runtime operations will not be available.
A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/http-authentication-factory/index.html b/29/wildscribe/subsystem/elytron/http-authentication-factory/index.html
index bb047d4cf..07cab2468 100644
--- a/29/wildscribe/subsystem/elytron/http-authentication-factory/index.html
+++ b/29/wildscribe/subsystem/elytron/http-authentication-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/identity-realm/index.html b/29/wildscribe/subsystem/elytron/identity-realm/index.html
index 9f582d05a..b5c5454a5 100644
--- a/29/wildscribe/subsystem/elytron/identity-realm/index.html
+++ b/29/wildscribe/subsystem/elytron/identity-realm/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/index.html b/29/wildscribe/subsystem/elytron/index.html
index af63671ed..5ce78d6d7 100644
--- a/29/wildscribe/subsystem/elytron/index.html
+++ b/29/wildscribe/subsystem/elytron/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
add-prefix-role-mapper A role mapper definition for a role mapper that adds a prefix to each provided.
add-suffix-role-mapper A role mapper definition for a role mapper that adds a suffix to each provided.
aggregate-evidence-decoder An evidence decoder that is an aggregation of other evidence decoders. Given evidence, these evidence decoders will be attempted in order until one returns a non-null principal or until there are no more evidence decoders left to try.
aggregate-principal-decoder A principal decoder definition where the principal decoder is an aggregation of other principal decoders.
aggregate-principal-transformer A principal transformer aggregating more principal transformers. Original principal is tried to be transformed by individual transformers until one return non-null principal - that is returned.
aggregate-realm A realm definition that is an aggregation of two realms, one for the authentication steps and one for loading the identity for the authorization steps.
aggregate-role-decoder Definition of a RoleDecoder that is an aggregation of other role decoders.
aggregate-role-mapper A role mapper definition where the role mapper is an aggregation of other role mappers.
aggregate-sasl-server-factory A sasl server factory definition where the sasl server factory is an aggregation of other sasl server factories.
caching-realm A realm definition that enables caching to another security realm. Caching strategy is LRU (Least Recently Used) where least accessed entries are discarded when maximum number of entries is reached.
case-principal-transformer A principal transformer where the principal is adjusted to upper or lower case.
chained-principal-transformer A principal transformer definition where the principal transformer is a chaining of other principal transformers.
client-ssl-context An SSLContext for use on the client side of a connection.
concatenating-principal-decoder A principal decoder definition where the principal decoder is a concatenation of other principal decoders.
configurable-http-server-mechanism-factory A HTTP server factory definition that wraps another HTTP server factory and applies the specified configuration and filtering.
configurable-sasl-server-factory A SaslServerFactory definition that wraps another SaslServerFactory and applies the specified configuration and filtering.
custom-modifiable-realm Custom realm configured as being modifiable will be expected to implement the ModifiableSecurityRealm interface. By configuring a realm as being modifiable management operations will be made available to manipulate the realm.
custom-realm A custom realm definitions can implement either the SecurityRealm interface or the ModifiableSecurityRealm interface. Regardless of which interface is implemented management operations will not be exposed to manage the realm. However other services that depend on the realm will still be able to perform a type check and cast to gain access to the modification API.
dir-context The configuration to connect to a directory (LDAP) server.
distributed-realm A realm definition for authentication and authorization of identities distributed between multiple realms.
expression Definition of an expression resolver to decrypt encrypted expressions.
encryption Definition of an expression resolver to decrypt encrypted expressions.
failover-realm A realm definition that wraps two realms. One for default operation and the second to fail over to in case the first one is unavailable.
file-audit-log An audit logger that logs to a local file.
filesystem-realm A simple security realm definition backed by the filesystem.
logical-role-mapper A RoleMapper definition for a RoleMapper that performs a logical operation using two referenced RoleMappers.
mapped-regex-realm-mapper Definition of a RealmMapper implementation that first uses a regular expression to extract the realm name, this is then converted using the configured mapping of realm names.
mapped-role-mapper A RoleMapper definition for a RoleMapper that performs a mapping based on configured map.
mechanism-provider-filtering-sasl-server-factory A SaslServerFactory definition that wraps another SaslServerFactory and enables filtering of mechanisms based on the mechanism name and Provider name and version. Any mechanisms loaded by factories not located using a Provider will not be filtered by this definition.
periodic-rotating-file-audit-log An audit log definition for persisting an audit log to a local files rotating the log after a time period derived from the given suffix string, which should be in a format understood by java.time.format.DateTimeFormatter.
policy A definition that sets up a policy provider.
properties-realm A security realm definition backed by properties files.
provider-http-server-mechanism-factory A http server factory definition where the http server factory is an aggregation of factories from the Provider[]
regex-role-mapper A RoleMapper definition for a RoleMapper that performs a mapping based on regex and replaces matching roles with replacement pattern.
service-loader-sasl-server-factory A sasl server factory definition where the sasl server factory is an aggregation of factories identified using a ServiceLoader
simple-regex-realm-mapper Definition of a simple RealmMapper that attempts to extract the realm name using the capture group from the regular expression, if that does not provide a match then the delegate RealmMapper is used instead.
simple-role-decoder Definition of a simple RoleDecoder that takes a single attribute and maps it directly to roles.
size-rotating-file-audit-log An audit log definition for persisting an audit log to a local files rotating the log after the size of the file grows beyond a certain point and keeping a fixed number of backups.
source-address-role-decoder Definition of a RoleDecoder that maps roles based on the IP address of a remote client.
syslog-audit-log An audit logger that sends audit events to a remote syslog server.
token-realm A security realm definition capable of validating and extracting identities from security tokens.
trust-manager A trust manager definition for creating the TrustManager[] as used to create an SSLContext.
x500-subject-evidence-decoder An evidence decoder that derives the principal associated with the given evidence from the subject from the first certificate in the given evidence.
x509-subject-alt-name-evidence-decoder An evidence decoder that derives the principal associated with the given evidence from an X.509 subject alternative name from the first certificate in the given evidence.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/jaas-realm/index.html b/29/wildscribe/subsystem/elytron/jaas-realm/index.html
index 7925cc085..aefdbe7e8 100644
--- a/29/wildscribe/subsystem/elytron/jaas-realm/index.html
+++ b/29/wildscribe/subsystem/elytron/jaas-realm/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
callback-handler Callback handler to use with the Login Context. Security property "auth.login.defaultCallbackHandler" can be used instead. The default callback handler of the realm will be used if none of these are defined.
module The module to use to obtain the classloader to load the custom LoginModules and custom CallbackHandler. The classloader that loads the resource will be used if none defined.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
path Path to the JAAS Login Context configuration file. You can also specify the location of the configuration with java system property "java.security.auth.login.config" or with java security property "login.config.url".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
relative-to The base path of the JAAS configuration file.
Callback handler to use with the Login Context. Security property "auth.login.defaultCallbackHandler" can be used instead. The default callback handler of the realm will be used if none of these are defined.
entry
STRING
true
true
JAAS configuration file entry name.
module
STRING
false
false
The module to use to obtain the classloader to load the custom LoginModules and custom CallbackHandler. The classloader that loads the resource will be used if none defined.
path
STRING
false
true
Path to the JAAS Login Context configuration file. You can also specify the location of the configuration with java system property "java.security.auth.login.config" or with java security property "login.config.url".
relative-to
STRING
false
false
The base path of the JAAS configuration file.
remove The remove operation for the security realm.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/jaspi-configuration/index.html b/29/wildscribe/subsystem/elytron/jaspi-configuration/index.html
index b61afc4b3..12d261f34 100644
--- a/29/wildscribe/subsystem/elytron/jaspi-configuration/index.html
+++ b/29/wildscribe/subsystem/elytron/jaspi-configuration/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/jdbc-realm/index.html b/29/wildscribe/subsystem/elytron/jdbc-realm/index.html
index 77f5d9c3f..56be6473a 100644
--- a/29/wildscribe/subsystem/elytron/jdbc-realm/index.html
+++ b/29/wildscribe/subsystem/elytron/jdbc-realm/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/kerberos-security-factory/index.html b/29/wildscribe/subsystem/elytron/kerberos-security-factory/index.html
index 760cf73c5..668fa35cb 100644
--- a/29/wildscribe/subsystem/elytron/kerberos-security-factory/index.html
+++ b/29/wildscribe/subsystem/elytron/kerberos-security-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
debug Should the JAAS step of obtaining the credential have debug logging enabled.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
fail-cache Amount of seconds before new try to obtain server credential should be done if it has failed last time.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
mechanism-names The mechanism names the credential should be usable with. Names will be converted to OIDs and used together with OIDs from mechanism-oids attribute.
Attribute
Value
Default Value
["KRB5","SPNEGO"]
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Allowed Values
KRB5LEGACY GENERIC KRB5 KRB5V2 SPNEGO
mechanism-oids The mechanism OIDs the credential should be usable with. Will be used together with OIDs derived from names from mechanism-names attribute.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
minimum-remaining-lifetime How much lifetime (in seconds) should a cached credential have remaining before it is recreated.
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
obtain-kerberos-ticket Should the KerberosTicket also be obtained and associated with the credential. This is required to be true where credentials are delegated to the server.
relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
request-lifetime How much lifetime (in seconds) should be requested for newly created credentials.
Attribute
Value
Default Value
2147483647
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
required Is the keytab file with adequate principal required to exist at the time the service starts?
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
server If this for use server side or client side?
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
wrap-gss-credential Should generated GSS credentials be wrapped to prevent improper disposal or not?
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add The add operation for the Kerberos SecurityFactory
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
debug
BOOLEAN
false
true
false
Should the JAAS step of obtaining the credential have debug logging enabled.
fail-cache
INT
false
true
Amount of seconds before new try to obtain server credential should be done if it has failed last time.
mechanism-names
LIST
false
true
["KRB5","SPNEGO"]
The mechanism names the credential should be usable with. Names will be converted to OIDs and used together with OIDs from mechanism-oids attribute.
mechanism-oids
LIST
false
true
The mechanism OIDs the credential should be usable with. Will be used together with OIDs derived from names from mechanism-names attribute.
minimum-remaining-lifetime
INT
false
true
0
How much lifetime (in seconds) should a cached credential have remaining before it is recreated.
obtain-kerberos-ticket
BOOLEAN
false
true
false
Should the KerberosTicket also be obtained and associated with the credential. This is required to be true where credentials are delegated to the server.
options
OBJECT
false
false
The Krb5LoginModule additional options.
principal
STRING
true
true
The principal represented by the KeyTab
request-lifetime
INT
false
true
2147483647
How much lifetime (in seconds) should be requested for newly created credentials.
required
BOOLEAN
false
true
false
Is the keytab file with adequate principal required to exist at the time the service starts?
server
BOOLEAN
false
true
true
If this for use server side or client side?
wrap-gss-credential
BOOLEAN
false
true
false
Should generated GSS credentials be wrapped to prevent improper disposal or not?
path
STRING
true
true
The path of the KeyTab to load to obtain the credential.
relative-to
STRING
false
false
The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.
remove The remove operation for the Kerberos SecurityFactory
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/key-manager/index.html b/29/wildscribe/subsystem/elytron/key-manager/index.html
index f88bab487..621425caa 100644
--- a/29/wildscribe/subsystem/elytron/key-manager/index.html
+++ b/29/wildscribe/subsystem/elytron/key-manager/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
algorithm The name of the algorithm to use to create the underlying KeyManagerFactory.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
alias-filter A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
credential-reference The credential reference to decrypt KeyStore item. (Not a password of the KeyStore.)
Attribute
Value
Type
OBJECT
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
generate-self-signed-certificate-host If the file that backs the KeyStore does not exist and this attribute is set, then a self-signed certificate will be generated for the specified host name. This is not intended for production use.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
key-store Reference to the KeyStore to use to initialise the underlying KeyManagerFactory.
The name of the algorithm to use to create the underlying KeyManagerFactory.
alias-filter
STRING
false
true
A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
credential-reference
OBJECT
true
false
The credential reference to decrypt KeyStore item. (Not a password of the KeyStore.)
generate-self-signed-certificate-host
STRING
false
true
If the file that backs the KeyStore does not exist and this attribute is set, then a self-signed certificate will be generated for the specified host name. This is not intended for production use.
key-store
STRING
true
false
Reference to the KeyStore to use to initialise the underlying KeyManagerFactory.
provider-name
STRING
false
true
The name of the provider to use to create the underlying KeyManagerFactory.
providers
STRING
false
false
Reference to obtain the Provider[] to use when creating the underlying KeyManagerFactory.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/key-store-realm/index.html b/29/wildscribe/subsystem/elytron/key-store-realm/index.html
index e151d9ae1..e25d20e39 100644
--- a/29/wildscribe/subsystem/elytron/key-store-realm/index.html
+++ b/29/wildscribe/subsystem/elytron/key-store-realm/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/key-store/index.html b/29/wildscribe/subsystem/elytron/key-store/index.html
index 73b8ea374..aef5f5f60 100644
--- a/29/wildscribe/subsystem/elytron/key-store/index.html
+++ b/29/wildscribe/subsystem/elytron/key-store/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
alias-filter A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
credential-reference The reference to credential stored in CredentialStore under defined alias or clear text password.
Attribute
Value
Type
OBJECT
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
loaded-provider Information about the provider that was used for this KeyStore.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
modified Indicates if the in-memory representation of the KeyStore has been changed since it was last loaded or stored. Note: For some providers updates may be immediate without further load or store calls.
provider-name The name of the provider to use to load the KeyStore, disables searching for the first Provider that can create a KeyStore of the specified type.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
providers A reference to the providers that should be used to obtain the list of Provider instances to search, if not specified the global list of providers will be used instead.
state The state of the underlying service that represents this KeyStore at runtime, if it is anything other than UP runtime operations will not be available.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Allowed Values
DOWN STARTING START_FAILED UP STOPPING REMOVED
synchronized The time this KeyStore was last loaded or saved. Note: Some providers may continue to apply updates after the KeyStore was loaded within the application server.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
type The type of the KeyStore, used when creating the new KeyStore instance.
A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
credential-reference
OBJECT
true
false
The reference to credential stored in CredentialStore under defined alias or clear text password.
path
STRING
false
true
The path to the KeyStore file.
relative-to
STRING
false
false
The base path this store is relative to.
required
BOOLEAN
false
true
false
Is the file required to exist at the time the KeyStore service starts?
provider-name
STRING
false
true
The name of the provider to use to load the KeyStore, disables searching for the first Provider that can create a KeyStore of the specified type.
providers
STRING
false
false
A reference to the providers that should be used to obtain the list of Provider instances to search, if not specified the global list of providers will be used instead.
type
STRING
false
true
The type of the KeyStore, used when creating the new KeyStore instance.
change-alias Move an existing KeyStore entry to a new alias.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
alias
STRING
true
true
The alias that identifies the existing KeyStore entry to move.
new-alias
STRING
true
true
The new alias to use.
credential-reference
OBJECT
false
false
The credential reference to be used to access the existing KeyStore entry, if needed.
export-certificate Export a certificate from a KeyStore entry to a file.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
alias
STRING
true
true
The alias that identifies the KeyStore entry.
path
STRING
true
true
The path to the file to export the certificate to.
relative-to
STRING
false
false
The base path of the export file.
pem
BOOLEAN
false
true
false
Specifies whether to export the certificate in printable encoding format. If not specified, the certificate will be exported in binary encoding format.
The alias that identifies the PrivateKeyEntry to use to generate the certificate signing request.
signature-algorithm
STRING
false
true
The signature algorithm name to use when signing the certificate signing request.
distinguished-name
STRING
false
true
The DN to use in the certificate signing request. If not specified, the DN from the certificate will be used.
extensions
LIST
false
false
The list of X.509 certificate extensions to include in the certificate signing request.
credential-reference
OBJECT
false
false
The credential reference to be used to access the private key.
path
STRING
true
true
The path to the file where the certificate signing request should be stored.
relative-to
STRING
false
false
The base path of the certificate signing request file.
generate-key-pair Generate a key pair and wrap the resulting public key in a self-signed X.509 certificate. The generated private key and self-signed certificate will be added to the KeyStore.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
alias
STRING
true
true
The alias of the new KeyStore entry.
algorithm
STRING
false
true
The algorithm to be used to generate the key pair.
signature-algorithm
STRING
false
true
The signature algorithm name to use when signing the self-signed certificate.
key-size
INT
false
true
The key size to use when generating the key pair.
distinguished-name
STRING
true
true
The DN to use as both the subject DN and the issuer DN.
not-before
STRING
false
true
The starting date and time the self-signed certificate is valid.
validity
LONG
false
true
90
The number of days for which the self-signed certificate should be considered valid. The default value is 90 days.
extensions
LIST
false
false
The list of X.509 certificate extensions to include in the self-signed certificate.
credential-reference
OBJECT
false
false
The credential reference to be used to protect the generated private key.
import-certificate Import a certificate or certificate chain from a file into a KeyStore entry.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
alias
STRING
true
true
The alias that identifies the KeyStore entry.
credential-reference
OBJECT
false
false
The credential reference to be used to access the private key.
path
STRING
true
true
The path to the file that contains the certificate or certificate chain to import in binary encoding format or printable encoding format.
relative-to
STRING
false
false
The base path of the certificate file.
trust-cacerts
BOOLEAN
false
true
false
Specifies whether certificates from the cacerts file should be included when creating / validating the certificate chain.
validate
BOOLEAN
false
true
true
Specifies whether to validate that the top-most certificate is actually trusted when importing a certificate chain or whether to validate the certificate is actually trusted when importing a certificate. The default value is true. When this is set to true and validation fails, the certificate or certificate chain will not be imported into a KeyStore entry.
load Load the KeyStore, if the KeyStore is file backed this will involve re-reading the contents of the file.
obtain-certificate Obtain a signed certificate from a certificate authority and store it in a KeyStore entry.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
alias
STRING
true
true
The alias of the KeyStore entry.
domain-names
LIST
true
false
The list of DNS name(s) to request the certificate for.
certificate-authority-account
STRING
true
false
A reference to the certificate authority account information that should be used to obtain the certificate.
agree-to-terms-of-service
BOOLEAN
false
true
Indicates whether or not the user agrees to the certificate authority's terms of service.
staging
BOOLEAN
false
true
false
Indicates whether or not the certificate authority's staging URL should be used. This should only be set to true for testing purposes. This should never be set to true in a production environment.
algorithm
STRING
false
true
RSA
The algorithm to be used to generate the key pair. The default value is RSA.
key-size
INT
false
true
2048
The key size to use when generating the key pair. The default value is 2048.
credential-reference
OBJECT
false
false
The credential reference to be used to protect the generated private key.
The alias that identifies the KeyStore entry that contains the certificate to be revoked.
reason
STRING
false
true
The reason for revocation.
certificate-authority-account
STRING
true
false
A reference to the certificate authority account information that should be uesd to revoke the certificate.
staging
BOOLEAN
false
true
false
Indicates whether or not the certificate authority's staging URL should be used. This should only be set to true for testing purposes. This should never be set to true in a production environment.
The alias that identifies the KeyStore entry that contains the certificate to check.
expiration
LONG
false
true
30
The number of days to expiry to be checked.
store Store the KeyStore to file, this operation will fail for any KeyStore instances not backed by a file. If the file does not exist and it was not flagged as required it will be created.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/ldap-key-store/index.html b/29/wildscribe/subsystem/elytron/ldap-key-store/index.html
index 179946e8a..80d55d39c 100644
--- a/29/wildscribe/subsystem/elytron/ldap-key-store/index.html
+++ b/29/wildscribe/subsystem/elytron/ldap-key-store/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
filter-alias The LDAP filter for obtaining an item of the KeyStore by alias. If this is not specified then the default value will be (alias_attribute={0}). The string '{0}' will be replaced by the searched alias and the 'alias_attribute' value will be the value of the attribute 'alias-attribute'.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
filter-certificate The LDAP filter for obtaining an item of the KeyStore by certificate. If this is not specified then the default value will be (certificate_attribute={0}). The string '{0}' will be replaced by searched encoded certificate and the 'certificate_attribute' will be the value of the attribute 'certificate-attribute'.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
filter-iterate The LDAP filter for iterating over all items of the KeyStore. If this is not specified then the default value will be (alias_attribute=*). The 'alias_attribute' will be the value of the attribute 'alias-attribute'.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
key-attribute The name of LDAP attribute, where will be key stored.
Attribute
Value
Default Value
userPKCS12
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
key-type The type of KeyStore, in which will be key serialized to LDAP attribute.
Attribute
Value
Default Value
PKCS12
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
new-item-template Configuration for item creation. Define how will look LDAP entry of newly created keystore item.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
search-path The path in LDAP, where will be KeyStore items searched.
search-time-limit The time limit for obtaining keystore items from LDAP.
Attribute
Value
Default Value
10000
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
size The size of LDAP KeyStore in amount of items/aliases.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
state The state of the underlying service that represents this KeyStore at runtime, if it is anything other than UP runtime operations will not be available.
The name of DirContext, which will be used to communication with LDAP server.
new-item-template
OBJECT
false
false
Configuration for item creation. Define how will look LDAP entry of newly created keystore item.
alias-attribute
STRING
false
true
cn
The name of LDAP attribute, where will be item alias stored.
certificate-attribute
STRING
false
true
usercertificate
The name of LDAP attribute, where will be certificate stored.
certificate-chain-attribute
STRING
false
true
userSMIMECertificate
The name of LDAP attribute, where will be certificate chain stored.
certificate-chain-encoding
STRING
false
true
PKCS7
The encoding of the certificate chain.
certificate-type
STRING
false
true
X.509
The type of the Certificate.
key-attribute
STRING
false
true
userPKCS12
The name of LDAP attribute, where will be key stored.
key-type
STRING
false
true
PKCS12
The type of KeyStore, in which will be key serialized to LDAP attribute.
filter-alias
STRING
false
true
The LDAP filter for obtaining an item of the KeyStore by alias. If this is not specified then the default value will be (alias_attribute={0}). The string '{0}' will be replaced by the searched alias and the 'alias_attribute' value will be the value of the attribute 'alias-attribute'.
filter-certificate
STRING
false
true
The LDAP filter for obtaining an item of the KeyStore by certificate. If this is not specified then the default value will be (certificate_attribute={0}). The string '{0}' will be replaced by searched encoded certificate and the 'certificate_attribute' will be the value of the attribute 'certificate-attribute'.
filter-iterate
STRING
false
true
The LDAP filter for iterating over all items of the KeyStore. If this is not specified then the default value will be (alias_attribute=*). The 'alias_attribute' will be the value of the attribute 'alias-attribute'.
search-path
STRING
true
true
The path in LDAP, where will be KeyStore items searched.
search-recursive
BOOLEAN
false
true
true
If the LDAP search should be recursive.
search-time-limit
INT
false
true
10000
The time limit for obtaining keystore items from LDAP.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/ldap-realm/index.html b/29/wildscribe/subsystem/elytron/ldap-realm/index.html
index 7fc0fddc8..08eee7339 100644
--- a/29/wildscribe/subsystem/elytron/ldap-realm/index.html
+++ b/29/wildscribe/subsystem/elytron/ldap-realm/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/logical-permission-mapper/index.html b/29/wildscribe/subsystem/elytron/logical-permission-mapper/index.html
index 7cf5109ab..416731d5a 100644
--- a/29/wildscribe/subsystem/elytron/logical-permission-mapper/index.html
+++ b/29/wildscribe/subsystem/elytron/logical-permission-mapper/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/logical-role-mapper/index.html b/29/wildscribe/subsystem/elytron/logical-role-mapper/index.html
index 9807d349c..862bffdbf 100644
--- a/29/wildscribe/subsystem/elytron/logical-role-mapper/index.html
+++ b/29/wildscribe/subsystem/elytron/logical-role-mapper/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/mapped-regex-realm-mapper/index.html b/29/wildscribe/subsystem/elytron/mapped-regex-realm-mapper/index.html
index 972058793..4845bde2f 100644
--- a/29/wildscribe/subsystem/elytron/mapped-regex-realm-mapper/index.html
+++ b/29/wildscribe/subsystem/elytron/mapped-regex-realm-mapper/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Definition of a RealmMapper implementation that first uses a regular expression to extract the realm name, this is then converted using the configured mapping of realm names.
delegate-realm-mapper The RealmMapper to delegate to if the pattern does not match. If no delegate is specified then the default realm on the domain will be used instead. If the username does not match the pattern and a delegate realm-mapper is present, the result of delegate-realm-mapper is mapped via the realm-map.
pattern The regular expression which must contain at least one capture group to extract the realm from the name. If the regular expression matches more than one capture group, the first capture group is used.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
realm-map Mapping of realm name extracted using the regular expression to a defined realm name. If the value for the mapping is not in the map or the realm whose name is the result of the mapping does not exist in the given security domain, the default realm is used.
The RealmMapper to delegate to if the pattern does not match. If no delegate is specified then the default realm on the domain will be used instead. If the username does not match the pattern and a delegate realm-mapper is present, the result of delegate-realm-mapper is mapped via the realm-map.
pattern
STRING
true
true
The regular expression which must contain at least one capture group to extract the realm from the name. If the regular expression matches more than one capture group, the first capture group is used.
realm-map
OBJECT
true
true
Mapping of realm name extracted using the regular expression to a defined realm name. If the value for the mapping is not in the map or the realm whose name is the result of the mapping does not exist in the given security domain, the default realm is used.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/mapped-role-mapper/index.html b/29/wildscribe/subsystem/elytron/mapped-role-mapper/index.html
index 59e6d6d29..f1b2b184d 100644
--- a/29/wildscribe/subsystem/elytron/mapped-role-mapper/index.html
+++ b/29/wildscribe/subsystem/elytron/mapped-role-mapper/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/mechanism-provider-filtering-sasl-server-factory/index.html b/29/wildscribe/subsystem/elytron/mechanism-provider-filtering-sasl-server-factory/index.html
index c990645a3..76b20a889 100644
--- a/29/wildscribe/subsystem/elytron/mechanism-provider-filtering-sasl-server-factory/index.html
+++ b/29/wildscribe/subsystem/elytron/mechanism-provider-filtering-sasl-server-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A SaslServerFactory definition that wraps another SaslServerFactory and enables filtering of mechanisms based on the mechanism name and Provider name and version. Any mechanisms loaded by factories not located using a Provider will not be filtered by this definition.
available-mechanisms The SASL mechanisms available from this factory after all filtering has been applied.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
enabling When set to 'true' no provider loaded mechanisms are enabled unless matched by one of the filters, setting to 'false' has the inverse effect.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
filters The filters to apply when comparing the mechanisms from the providers, a filter matches when all of the specified values match the mechanism / provider pair.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
sasl-server-factory Reference to a sasl server factory to be wrapped by this definition.
add The add operation for the sasl server factory.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
enabling
BOOLEAN
false
true
true
When set to 'true' no provider loaded mechanisms are enabled unless matched by one of the filters, setting to 'false' has the inverse effect.
filters
LIST
false
false
The filters to apply when comparing the mechanisms from the providers, a filter matches when all of the specified values match the mechanism / provider pair.
sasl-server-factory
STRING
true
false
Reference to a sasl server factory to be wrapped by this definition.
remove The remove operation for the sasl server factory.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/periodic-rotating-file-audit-log/index.html b/29/wildscribe/subsystem/elytron/periodic-rotating-file-audit-log/index.html
index fb1981480..6b29ae0e5 100644
--- a/29/wildscribe/subsystem/elytron/periodic-rotating-file-audit-log/index.html
+++ b/29/wildscribe/subsystem/elytron/periodic-rotating-file-audit-log/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
An audit log definition for persisting an audit log to a local files rotating the log after a time period derived from the given suffix string, which should be in a format understood by java.time.format.DateTimeFormatter.
suffix The suffix string in a format which can be understood by java.time.format.DateTimeFormatter. The period of the rotation is automatically calculated based on the suffix.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
synchronized Whether every event should be immediately synchronised to disk.
Whether every event should be immediately flushed to disk (If undefined will default to the value of synchronized).
encoding
STRING
false
true
The audit file encoding. Default is UTF_8.
format
STRING
false
true
SIMPLE
The format to use to record the audit event.
suffix
STRING
true
true
The suffix string in a format which can be understood by java.time.format.DateTimeFormatter. The period of the rotation is automatically calculated based on the suffix.
synchronized
BOOLEAN
false
true
true
Whether every event should be immediately synchronised to disk.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/permission-set/index.html b/29/wildscribe/subsystem/elytron/permission-set/index.html
index cf7bd56cf..4fec12924 100644
--- a/29/wildscribe/subsystem/elytron/permission-set/index.html
+++ b/29/wildscribe/subsystem/elytron/permission-set/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/policy/index.html b/29/wildscribe/subsystem/elytron/policy/index.html
index 4d4d47e84..a5a39647e 100644
--- a/29/wildscribe/subsystem/elytron/policy/index.html
+++ b/29/wildscribe/subsystem/elytron/policy/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/properties-realm/index.html b/29/wildscribe/subsystem/elytron/properties-realm/index.html
index d9bf81a47..0352bf79b 100644
--- a/29/wildscribe/subsystem/elytron/properties-realm/index.html
+++ b/29/wildscribe/subsystem/elytron/properties-realm/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
groups-attribute The name of the attribute in the returned AuthorizationIdentity that should contain the group membership information for the identity.
Attribute
Value
Default Value
groups
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
groups-properties The properties file containing the users and their groups.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
hash-charset The character set to use when converting the password string to a byte array.
Attribute
Value
Default Value
UTF-8
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
hash-encoding The string format for the password if it is not stored in plain text.
Attribute
Value
Default Value
hex
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
base64 hex
synchronized The time the properties files that back this realm were last loaded.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
users-properties The properties file containing the users and their passwords.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/provider-http-server-mechanism-factory/index.html b/29/wildscribe/subsystem/elytron/provider-http-server-mechanism-factory/index.html
index 6894c42f9..0460ec408 100644
--- a/29/wildscribe/subsystem/elytron/provider-http-server-mechanism-factory/index.html
+++ b/29/wildscribe/subsystem/elytron/provider-http-server-mechanism-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/provider-loader/index.html b/29/wildscribe/subsystem/elytron/provider-loader/index.html
index 8481ed964..3c21b68bc 100644
--- a/29/wildscribe/subsystem/elytron/provider-loader/index.html
+++ b/29/wildscribe/subsystem/elytron/provider-loader/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
argument An argument to be passed into the constructor as the Provider is instantiated.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
class-names The fully qualified class names of the providers to load, these are loaded after the service-loader discovered providers and duplicates will be skipped.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
configuration The key/value configuration to be passed to the Provider to initialise it.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
loaded-providers The list of providers loaded by this provider loader.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
module The name of the module to load the provider from.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
path The path of the file to use to initialise the providers.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
relative-to The base path of the configuration file.
The fully qualified class names of the providers to load, these are loaded after the service-loader discovered providers and duplicates will be skipped.
module
STRING
false
false
The name of the module to load the provider from.
argument
STRING
false
true
An argument to be passed into the constructor as the Provider is instantiated.
configuration
OBJECT
false
true
The key/value configuration to be passed to the Provider to initialise it.
path
STRING
false
true
The path of the file to use to initialise the providers.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/provider-sasl-server-factory/index.html b/29/wildscribe/subsystem/elytron/provider-sasl-server-factory/index.html
index a67855b82..bd14e978d 100644
--- a/29/wildscribe/subsystem/elytron/provider-sasl-server-factory/index.html
+++ b/29/wildscribe/subsystem/elytron/provider-sasl-server-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/regex-principal-transformer/index.html b/29/wildscribe/subsystem/elytron/regex-principal-transformer/index.html
index 116d14fab..0eb1ec72a 100644
--- a/29/wildscribe/subsystem/elytron/regex-principal-transformer/index.html
+++ b/29/wildscribe/subsystem/elytron/regex-principal-transformer/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/regex-role-mapper/index.html b/29/wildscribe/subsystem/elytron/regex-role-mapper/index.html
index a79e1d5a0..084cfbc9d 100644
--- a/29/wildscribe/subsystem/elytron/regex-role-mapper/index.html
+++ b/29/wildscribe/subsystem/elytron/regex-role-mapper/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
keep-non-mapped When set to 'true' then the roles that did not match the pattern will be kept and not removed.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
pattern Regex string that will be used for matching. Regex can capture groups. Role matches the pattern if given pattern can be found in any substring of given role.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
replace-all When set to 'false', only first occurrence of the pattern will be replaced in role. When set to 'true' then all of the occurrences will be replaced by replacement.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
replacement Replacement that will be used when mapping roles that contain the pattern. Can make use of captured groups from pattern.
When set to 'true' then the roles that did not match the pattern will be kept and not removed.
pattern
STRING
true
true
Regex string that will be used for matching. Regex can capture groups. Role matches the pattern if given pattern can be found in any substring of given role.
replace-all
BOOLEAN
false
true
false
When set to 'false', only first occurrence of the pattern will be replaced in role. When set to 'true' then all of the occurrences will be replaced by replacement.
replacement
STRING
true
true
Replacement that will be used when mapping roles that contain the pattern. Can make use of captured groups from pattern.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/regex-validating-principal-transformer/index.html b/29/wildscribe/subsystem/elytron/regex-validating-principal-transformer/index.html
index f5ac894d1..761350977 100644
--- a/29/wildscribe/subsystem/elytron/regex-validating-principal-transformer/index.html
+++ b/29/wildscribe/subsystem/elytron/regex-validating-principal-transformer/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
match If set to true, the name must match the given pattern to make validation successful. If set to false, the name must not match the given pattern to make validation successful.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
pattern The regular expression to use for the principal transformer.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add The add operation for the principal transformer.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
match
BOOLEAN
false
true
true
If set to true, the name must match the given pattern to make validation successful. If set to false, the name must not match the given pattern to make validation successful.
pattern
STRING
true
true
The regular expression to use for the principal transformer.
remove The remove operation for the principal transformer.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/sasl-authentication-factory/index.html b/29/wildscribe/subsystem/elytron/sasl-authentication-factory/index.html
index 8b497390c..229394e67 100644
--- a/29/wildscribe/subsystem/elytron/sasl-authentication-factory/index.html
+++ b/29/wildscribe/subsystem/elytron/sasl-authentication-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/secret-key-credential-store/index.html b/29/wildscribe/subsystem/elytron/secret-key-credential-store/index.html
index 45436239d..fd6cec1a0 100644
--- a/29/wildscribe/subsystem/elytron/secret-key-credential-store/index.html
+++ b/29/wildscribe/subsystem/elytron/secret-key-credential-store/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/security-domain/index.html b/29/wildscribe/subsystem/elytron/security-domain/index.html
index d128d3cbd..878931b9f 100644
--- a/29/wildscribe/subsystem/elytron/security-domain/index.html
+++ b/29/wildscribe/subsystem/elytron/security-domain/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
outflow-anonymous When outflowing to a security domain if outflow is not possible should the anonymous identity be used? Outflowing anonymous has the effect of clearing any identity already established for that domain.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
outflow-security-domains The list of security domains that the security identity from this domain should automatically outflow to.
add The add operation for a security domain definition.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
default-realm
STRING
false
false
The default realm contained by this security domain.
evidence-decoder
STRING
false
false
A reference to an EvidenceDecoder to be used by this domain.
outflow-anonymous
BOOLEAN
false
true
false
When outflowing to a security domain if outflow is not possible should the anonymous identity be used? Outflowing anonymous has the effect of clearing any identity already established for that domain.
outflow-security-domains
LIST
false
false
The list of security domains that the security identity from this domain should automatically outflow to.
permission-mapper
STRING
false
false
A reference to a PermissionMapper to be used by this domain.
post-realm-principal-transformer
STRING
false
false
A reference to a principal transformer to be applied after the realm has operated on the supplied identity name.
pre-realm-principal-transformer
STRING
false
false
A reference to a principal transformer to be applied before the realm is selected.
principal-decoder
STRING
false
false
A reference to a PrincipalDecoder to be used by this domain.
realm-mapper
STRING
false
false
Reference to the RealmMapper to be used by this domain.
realms
LIST
false
false
The list of realms contained by this security domain.
role-decoder
STRING
false
false
Reference to the RoleDecoder to be used by this domain.
role-mapper
STRING
false
false
Reference to the RoleMapper to be used by this domain.
security-event-listener
STRING
false
false
Reference to a listener for security events.
trusted-security-domains
LIST
false
false
The list of security domains that are trusted by this security domain.
trusted-virtual-security-domains
LIST
false
false
The list of virtual security domains that are trusted by this security domain.
read-identity Reads an identity from a security domain if it exists.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
name
STRING
true
false
The name of the identity to read.
remove The remove operation for a security domain definition.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/server-ssl-context/index.html b/29/wildscribe/subsystem/elytron/server-ssl-context/index.html
index e5292e738..9718bfbd3 100644
--- a/29/wildscribe/subsystem/elytron/server-ssl-context/index.html
+++ b/29/wildscribe/subsystem/elytron/server-ssl-context/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
authentication-optional Rejecting of the client certificate by the security domain will not prevent the connection. Allows a fall through to use other authentication mechanisms (like form login) when the client certificate is rejected by security domain. Has an effect only when the security domain is set.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
cipher-suite-filter The filter to apply to specify the enabled cipher suites for TLSv1.2 and below.
Attribute
Value
Default Value
DEFAULT
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
cipher-suite-names The filter to apply to specify the enabled cipher suites for TLSv1.3.
maximum-session-cache-size The maximum number of SSL sessions in the cache. The default value -1 means use the JVM default value. Value zero means there is no limit.
Attribute
Value
Default Value
-1
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
need-client-auth To require a client certificate on SSL handshake. Connection without trusted client certificate (see trust-manager) will be rejected.
want-client-auth To request (but not to require) a client certificate on SSL handshake. If a security domain is referenced and supports X509 evidence, this will be set to true automatically. Ignored when need-client-auth is set.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
wrap Should the SSLEngine, SSLSocket, and SSLServerSocket instances returned be wrapped to protect against further modification.
Rejecting of the client certificate by the security domain will not prevent the connection. Allows a fall through to use other authentication mechanisms (like form login) when the client certificate is rejected by security domain. Has an effect only when the security domain is set.
cipher-suite-filter
STRING
false
true
DEFAULT
The filter to apply to specify the enabled cipher suites for TLSv1.2 and below.
cipher-suite-names
STRING
false
true
The filter to apply to specify the enabled cipher suites for TLSv1.3.
final-principal-transformer
STRING
false
false
A final principal transformer to apply for this mechanism realm.
key-manager
STRING
true
false
Reference to the key manager to use within the SSLContext.
maximum-session-cache-size
INT
false
true
-1
The maximum number of SSL sessions in the cache. The default value -1 means use the JVM default value. Value zero means there is no limit.
need-client-auth
BOOLEAN
false
true
false
To require a client certificate on SSL handshake. Connection without trusted client certificate (see trust-manager) will be rejected.
post-realm-principal-transformer
STRING
false
false
A principal transformer to apply after the realm is selected.
pre-realm-principal-transformer
STRING
false
false
A principal transformer to apply before the realm is selected.
protocols
LIST
false
true
The enabled protocols.
provider-name
STRING
false
true
The name of the provider to use. If not specified, all providers from providers will be passed to the SSLContext.
providers
STRING
false
false
The name of the providers to obtain the Provider[] to use to load the SSLContext.
realm-mapper
STRING
false
false
The realm mapper to be used for SSL authentication.
security-domain
STRING
false
false
The security domain to use for authentication during SSL session establishment.
session-timeout
INT
false
true
-1
The timeout for SSL sessions, in seconds. The default value -1 means use the JVM default value. Value zero means there is no limit.
trust-manager
STRING
false
false
Reference to the trust manager to use within the SSLContext.
use-cipher-suites-order
BOOLEAN
false
true
true
To honor local cipher suites preference.
want-client-auth
BOOLEAN
false
true
false
To request (but not to require) a client certificate on SSL handshake. If a security domain is referenced and supports X509 evidence, this will be set to true automatically. Ignored when need-client-auth is set.
wrap
BOOLEAN
false
true
false
Should the SSLEngine, SSLSocket, and SSLServerSocket instances returned be wrapped to protect against further modification.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/server-ssl-context/ssl-session/index.html b/29/wildscribe/subsystem/elytron/server-ssl-context/ssl-session/index.html
index e293cf01b..66d46663f 100644
--- a/29/wildscribe/subsystem/elytron/server-ssl-context/ssl-session/index.html
+++ b/29/wildscribe/subsystem/elytron/server-ssl-context/ssl-session/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
peer-host The peer host as reported by the SSLSession.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
peer-port The peer port as reported by the SSLSession.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
peer-principal The peer principal as reported by the SSLSession.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
protocol The protocol as reported by the SSLSession.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
valid The validity of the session as reported by the SSLSession.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (1)
invalidate Invalidate the SSLSession (Note: This does not terminate current connections, only prevents future connections from joining or resuming this session).
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/server-ssl-sni-context/index.html b/29/wildscribe/subsystem/elytron/server-ssl-sni-context/index.html
index c6154e795..18179d97d 100644
--- a/29/wildscribe/subsystem/elytron/server-ssl-sni-context/index.html
+++ b/29/wildscribe/subsystem/elytron/server-ssl-sni-context/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/service-loader-http-server-mechanism-factory/index.html b/29/wildscribe/subsystem/elytron/service-loader-http-server-mechanism-factory/index.html
index 19949f18b..53db85f2d 100644
--- a/29/wildscribe/subsystem/elytron/service-loader-http-server-mechanism-factory/index.html
+++ b/29/wildscribe/subsystem/elytron/service-loader-http-server-mechanism-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/service-loader-sasl-server-factory/index.html b/29/wildscribe/subsystem/elytron/service-loader-sasl-server-factory/index.html
index 11d6302b9..54cf397dc 100644
--- a/29/wildscribe/subsystem/elytron/service-loader-sasl-server-factory/index.html
+++ b/29/wildscribe/subsystem/elytron/service-loader-sasl-server-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/simple-permission-mapper/index.html b/29/wildscribe/subsystem/elytron/simple-permission-mapper/index.html
index b77f495f2..55f1b0d0d 100644
--- a/29/wildscribe/subsystem/elytron/simple-permission-mapper/index.html
+++ b/29/wildscribe/subsystem/elytron/simple-permission-mapper/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/simple-regex-realm-mapper/index.html b/29/wildscribe/subsystem/elytron/simple-regex-realm-mapper/index.html
index 5ce4bce20..80650c50c 100644
--- a/29/wildscribe/subsystem/elytron/simple-regex-realm-mapper/index.html
+++ b/29/wildscribe/subsystem/elytron/simple-regex-realm-mapper/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Definition of a simple RealmMapper that attempts to extract the realm name using the capture group from the regular expression, if that does not provide a match then the delegate RealmMapper is used instead.
pattern The regular expression which must contain at least one capture group to extract the realm from the name. If the regular expression matches more than one capture group, the first capture group is used.
The RealmMapper to delegate to if there is no match using the pattern.
pattern
STRING
true
true
The regular expression which must contain at least one capture group to extract the realm from the name. If the regular expression matches more than one capture group, the first capture group is used.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/simple-role-decoder/index.html b/29/wildscribe/subsystem/elytron/simple-role-decoder/index.html
index 7c2e927cf..dfb3bcfe8 100644
--- a/29/wildscribe/subsystem/elytron/simple-role-decoder/index.html
+++ b/29/wildscribe/subsystem/elytron/simple-role-decoder/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/size-rotating-file-audit-log/index.html b/29/wildscribe/subsystem/elytron/size-rotating-file-audit-log/index.html
index c13aae5b9..797ffbeba 100644
--- a/29/wildscribe/subsystem/elytron/size-rotating-file-audit-log/index.html
+++ b/29/wildscribe/subsystem/elytron/size-rotating-file-audit-log/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
An audit log definition for persisting an audit log to a local files rotating the log after the size of the file grows beyond a certain point and keeping a fixed number of backups.
rotate-on-boot Whether the file should be rotated before the a new file is set.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
rotate-size The log file size the file should rotate at.
Attribute
Value
Default Value
10m
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
suffix Format of date used as suffix of log file names in java.time.format.DateTimeFormatter. The suffix does not play a role in determining when the file should be rotated.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
synchronized Whether every event should be immediately flushed to disk (If undefined will default to the value of synchronized).
Whether every event should be immediately flushed to disk.
encoding
STRING
false
true
The audit file encoding. Default is UTF_8.
format
STRING
false
true
SIMPLE
The format to use to record the audit event.
max-backup-index
INT
false
true
1
The maximum number of files to backup when rotating.
rotate-on-boot
BOOLEAN
false
true
false
Whether the file should be rotated before the a new file is set.
rotate-size
STRING
false
true
10m
The log file size the file should rotate at.
suffix
STRING
false
true
Format of date used as suffix of log file names in java.time.format.DateTimeFormatter. The suffix does not play a role in determining when the file should be rotated.
synchronized
BOOLEAN
false
true
true
Whether every event should be immediately flushed to disk (If undefined will default to the value of synchronized).
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/source-address-role-decoder/index.html b/29/wildscribe/subsystem/elytron/source-address-role-decoder/index.html
index 4ef99080d..d15d124b1 100644
--- a/29/wildscribe/subsystem/elytron/source-address-role-decoder/index.html
+++ b/29/wildscribe/subsystem/elytron/source-address-role-decoder/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/syslog-audit-log/index.html b/29/wildscribe/subsystem/elytron/syslog-audit-log/index.html
index dca4cb59c..e0a7ab7a4 100644
--- a/29/wildscribe/subsystem/elytron/syslog-audit-log/index.html
+++ b/29/wildscribe/subsystem/elytron/syslog-audit-log/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
reconnect-attempts The maximum amount of failed reconnect attempts that should be made for sending messages to a syslog server before the endpoint is closed.
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
server-address The server address of the syslog server the events should be sent to.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
ssl-context The SSLContext to use to connect to the syslog server when SSL_TCP transport is used.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/token-realm/index.html b/29/wildscribe/subsystem/elytron/token-realm/index.html
index 30ce6a89e..2d92e1862 100644
--- a/29/wildscribe/subsystem/elytron/token-realm/index.html
+++ b/29/wildscribe/subsystem/elytron/token-realm/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
jwt A token validator to be used in conjunction with a token-based realm that handles security tokens based on the JWT/JWS standard.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
oauth2-introspection A token validator to be used in conjunction with a token-based realm that handles OAuth2 Access Tokens and validates them using an endpoint compliant with OAuth2 Token Introspection specification(RFC-7662).
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
principal-claim The name of the claim that should be used to obtain the principal's name.
A token validator to be used in conjunction with a token-based realm that handles security tokens based on the JWT/JWS standard.
oauth2-introspection
OBJECT
false
false
A token validator to be used in conjunction with a token-based realm that handles OAuth2 Access Tokens and validates them using an endpoint compliant with OAuth2 Token Introspection specification(RFC-7662).
principal-claim
STRING
false
true
username
The name of the claim that should be used to obtain the principal's name.
remove The remove operation for the security realm.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/trust-manager/index.html b/29/wildscribe/subsystem/elytron/trust-manager/index.html
index 414b24a96..3ace8df54 100644
--- a/29/wildscribe/subsystem/elytron/trust-manager/index.html
+++ b/29/wildscribe/subsystem/elytron/trust-manager/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
algorithm The name of the algorithm to use to create the underlying TrustManagerFactory.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
alias-filter A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
maximum-cert-path The maximum number of non-self-issued intermediate certificates that may exist in a certification path for OCSP and CRL checks. If neither OCSP and CRL is configured, this attribute has no effect.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
ocsp Enables online certificate status protocol checks to a trust manager.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
only-leaf-cert Whether only leaf certificate should be checked for revocation status.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
provider-name The name of the provider to use to create the underlying TrustManagerFactory.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
providers Reference to obtain the Provider[] to use when creating the underlying TrustManagerFactory.
The name of the algorithm to use to create the underlying TrustManagerFactory.
alias-filter
STRING
false
true
A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
certificate-revocation-list
OBJECT
false
false
Enables certificate revocation list checks to a trust manager.
certificate-revocation-lists
LIST
false
false
Enables certificate revocation list checks to a trust manager using multiple certificate revocation lists.
key-store
STRING
true
false
Reference to the KeyStore to use to initialise the underlying TrustManagerFactory.
maximum-cert-path
INT
false
true
The maximum number of non-self-issued intermediate certificates that may exist in a certification path for OCSP and CRL checks. If neither OCSP and CRL is configured, this attribute has no effect.
ocsp
OBJECT
false
false
Enables online certificate status protocol checks to a trust manager.
only-leaf-cert
BOOLEAN
false
false
false
Whether only leaf certificate should be checked for revocation status.
provider-name
STRING
false
true
The name of the provider to use to create the underlying TrustManagerFactory.
providers
STRING
false
false
Reference to obtain the Provider[] to use when creating the underlying TrustManagerFactory.
soft-fail
BOOLEAN
false
false
false
Whether a certificate with unknown OCSP response should be accepted.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/virtual-security-domain/index.html b/29/wildscribe/subsystem/elytron/virtual-security-domain/index.html
index 0c35f0481..1343f9011 100644
--- a/29/wildscribe/subsystem/elytron/virtual-security-domain/index.html
+++ b/29/wildscribe/subsystem/elytron/virtual-security-domain/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
auth-method The authentication mechanism that will be used with the virtual security domain. Allowed values: 'OIDC', 'MP-JWT'. The default value is 'OIDC'.
Attribute
Value
Default Value
OIDC
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
OIDC MP-JWT
outflow-anonymous When outflowing to a security domain, if outflow is not possible, should the anonymous identity be used? Outflow to a security domain might not be possible if the domain does not trust this domain or if the identity being outflowed to a domain does not exist in that domain. Outflowing anonymous has the effect of clearing any identity already established for that domain.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
outflow-security-domains The list of security domains that the security identity from this virtual domain should automatically outflow to.
add The add operation for a virtual security domain definition.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
auth-method
STRING
false
false
OIDC
The authentication mechanism that will be used with the virtual security domain. Allowed values: 'OIDC', 'MP-JWT'. The default value is 'OIDC'.
outflow-anonymous
BOOLEAN
false
true
false
When outflowing to a security domain, if outflow is not possible, should the anonymous identity be used? Outflow to a security domain might not be possible if the domain does not trust this domain or if the identity being outflowed to a domain does not exist in that domain. Outflowing anonymous has the effect of clearing any identity already established for that domain.
outflow-security-domains
LIST
false
false
The list of security domains that the security identity from this virtual domain should automatically outflow to.
remove The remove operation for a virtual security domain definition.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/x500-attribute-principal-decoder/index.html b/29/wildscribe/subsystem/elytron/x500-attribute-principal-decoder/index.html
index 27f83ba9a..c45383a93 100644
--- a/29/wildscribe/subsystem/elytron/x500-attribute-principal-decoder/index.html
+++ b/29/wildscribe/subsystem/elytron/x500-attribute-principal-decoder/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/x500-subject-evidence-decoder/index.html b/29/wildscribe/subsystem/elytron/x500-subject-evidence-decoder/index.html
index 2091f6b3d..31d766009 100644
--- a/29/wildscribe/subsystem/elytron/x500-subject-evidence-decoder/index.html
+++ b/29/wildscribe/subsystem/elytron/x500-subject-evidence-decoder/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/elytron/x509-subject-alt-name-evidence-decoder/index.html b/29/wildscribe/subsystem/elytron/x509-subject-alt-name-evidence-decoder/index.html
index cc2799eb0..6f300cd8f 100644
--- a/29/wildscribe/subsystem/elytron/x509-subject-alt-name-evidence-decoder/index.html
+++ b/29/wildscribe/subsystem/elytron/x509-subject-alt-name-evidence-decoder/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
An evidence decoder that derives the principal associated with the given evidence from an X.509 subject alternative name from the first certificate in the given evidence.
alt-name-type The subject alternative name type to decode from the given evidence. Allowed values: 'rfc822Name', 'dNSName', 'directoryName', 'uniformResourceIdentifier', 'iPAddress', 'registeredID'
segment The 0-based occurrence of the subject alternative name to map. This attribute is optional and only used when there is more than one subject alternative name of the given alt-name-type. The default value is 0.
The subject alternative name type to decode from the given evidence. Allowed values: 'rfc822Name', 'dNSName', 'directoryName', 'uniformResourceIdentifier', 'iPAddress', 'registeredID'
segment
INT
false
true
0
The 0-based occurrence of the subject alternative name to map. This attribute is optional and only used when there is more than one subject alternative name of the given alt-name-type. The default value is 0.
remove The remove operation for the evidence decoder.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/health/index.html b/29/wildscribe/subsystem/health/index.html
index d31523eed..149461dd2 100644
--- a/29/wildscribe/subsystem/health/index.html
+++ b/29/wildscribe/subsystem/health/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/iiop-openjdk/index.html b/29/wildscribe/subsystem/iiop-openjdk/index.html
index 36ba75d57..a61bcb54c 100644
--- a/29/wildscribe/subsystem/iiop-openjdk/index.html
+++ b/29/wildscribe/subsystem/iiop-openjdk/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
high-water-mark TCP connection cache parameter. Each time the number of connections exceeds this value ORB tries to reclaim connections. Number of reclaimed connections is specified by tcp-number-to-reclaim property. If this property is not set then it is configured as OpenJDK ORB default.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
integrity Indicates whether the transport must require integrity protection or not. Valid values are 'none', 'supported' and 'required'.
Deprecated Since 1.0.0
Use server-requires-ssl instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Allowed Values
none supported required
iona Indicates whether interoperability with IONA's ASP is enabled.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
number-to-reclaim TCP connection cache parameter. Each time number of connections exceeds tcp-high-water-mark property then ORB tries to reclaim connections. Number of reclaimed connections is specified by this property. If it is not set then it is configured as OpenJDK ORB default.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
persistent-server-id Persistent id of the server. Persistent object references are valid across many activactions of the server and they identify it using this property. As a result of that: many activations of the same server should have this property set to the same value, different server instances running on the same host should have different server ids.
Attribute
Value
Default Value
1
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
properties A list of generic key/value properties.
security iiop-openjdk.security=Indicates whether the security interceptors are to be installed (elytron) or not (none). identity and client are legacy security configurations which are valid for compatibility reasons but are no longer supported.
Attribute
Value
Default Value
none
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Allowed Values
identity client elytron none
security-domain The name of the security domain that holds the key and trust stores that will be used to establish SSL connections.
Deprecated Since 3.0.0
Legacy security domains are not supported in a running server. Only usable in a domain configuration to support secondary hosts running earlier versions.
Attribute
Value
Capability reference
org.wildfly.security.legacy-security-domain
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
server-requires Value that indicates the server SSL required parameters (None, ServerAuth, ClientAuth, MutualAuth).
Deprecated Since 1.0.0
Use server-requires-ssl instead.
Attribute
Value
Default Value
None
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Allowed Values
None ServerAuth ClientAuth MutualAuth
server-requires-ssl Indicates whether IIOP connections to the server require SSL.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
server-ssl-context The name of the SSL context used to create server side SSL sockets.
server-supports Value that indicates the server SSL supported parameters (None, ServerAuth, ClientAuth, MutualAuth).
Deprecated Since 1.0.0
Use server-requires-ssl instead.
Attribute
Value
Default Value
MutualAuth
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Allowed Values
None ServerAuth ClientAuth MutualAuth
socket-binding The name of the socket binding configuration that specifies the ORB port. At least one of socket-binding, ssl-socket-binding parameters have to be configured.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
ssl-socket-binding The name of the socket binding configuration that specifies the ORB SSL port. At least one of socket-binding, ssl-socket-binding parameters have to be configured.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
support-ssl Indicates whether SSL is to be supported (on) or not (off).
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
transactions Indicates whether the transactions interceptors are to be installed (full or spec) or not (none). The value 'full' enabled JTS while 'spec' enables a spec compliant mode (non JTS) that rejects incoming transaction contexts.
Attribute
Value
Default Value
none
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Allowed Values
full none spec
trust-in-client Indicates if the transport must require trust in client to be established. Valid values are 'none', 'supported' and 'required'.
Deprecated Since 1.0.0
Use server-requires-ssl instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Allowed Values
none supported required
trust-in-target Indicates if the transport must require trust in target to be established. Valid values are 'none' and 'supported'.
The authentication method. Valid values are 'none' and 'username_password'.
realm
STRING
false
true
The authentication service (AS) realm name.
required
BOOLEAN
false
true
false
Indicates if authentication is required (true) or not (false).
authentication-context
STRING
false
true
The name of the authentication context used when the security initializer is set to 'elytron'.
security
STRING
false
true
none
iiop-openjdk.security=Indicates whether the security interceptors are to be installed (elytron) or not (none). identity and client are legacy security configurations which are valid for compatibility reasons but are no longer supported.
transactions
STRING
false
true
none
Indicates whether the transactions interceptors are to be installed (full or spec) or not (none). The value 'full' enabled JTS while 'spec' enables a spec compliant mode (non JTS) that rejects incoming transaction contexts.
iona
BOOLEAN
false
true
false
Indicates whether interoperability with IONA's ASP is enabled.
export-corbaloc
BOOLEAN
false
true
true
Indicates whether the root context should be exported as corbaloc::address:port/NameService (on) or not (off).
root-context
STRING
false
true
JBoss/Naming/root
The naming service root context.
giop-version
STRING
false
true
1.2
The GIOP version to be used.
persistent-server-id
STRING
false
false
1
Persistent id of the server. Persistent object references are valid across many activactions of the server and they identify it using this property. As a result of that: many activations of the same server should have this property set to the same value, different server instances running on the same host should have different server ids.
socket-binding
STRING
false
false
The name of the socket binding configuration that specifies the ORB port. At least one of socket-binding, ssl-socket-binding parameters have to be configured.
ssl-socket-binding
STRING
false
false
The name of the socket binding configuration that specifies the ORB SSL port. At least one of socket-binding, ssl-socket-binding parameters have to be configured.
caller-propagation
STRING
false
true
none
Indicates whether the caller identity should be propagated in the SAS context or not. Valid values are 'none' and 'supported'.
add-component-via-interceptor
BOOLEAN
false
true
true
Indicates whether SSL components should be added by an IOR interceptor (on) or not (off).
client-requires
STRING
false
true
None
Value that indicates the client SSL required parameters (None, ServerAuth, ClientAuth, MutualAuth).
client-requires-ssl
BOOLEAN
false
true
false
Indicates whether IIOP connections from the server require SSL.
client-ssl-context
STRING
false
false
The name of the SSL context used to create client side SSL sockets.
client-supports
STRING
false
true
MutualAuth
Value that indicates the client SSL supported parameters (None, ServerAuth, ClientAuth, MutualAuth).
security-domain
STRING
false
false
The name of the security domain that holds the key and trust stores that will be used to establish SSL connections.
server-requires
STRING
false
true
None
Value that indicates the server SSL required parameters (None, ServerAuth, ClientAuth, MutualAuth).
server-requires-ssl
BOOLEAN
false
true
false
Indicates whether IIOP connections to the server require SSL.
server-ssl-context
STRING
false
false
The name of the SSL context used to create server side SSL sockets.
server-supports
STRING
false
true
MutualAuth
Value that indicates the server SSL supported parameters (None, ServerAuth, ClientAuth, MutualAuth).
support-ssl
BOOLEAN
false
true
false
Indicates whether SSL is to be supported (on) or not (off).
high-water-mark
INT
false
true
TCP connection cache parameter. Each time the number of connections exceeds this value ORB tries to reclaim connections. Number of reclaimed connections is specified by tcp-number-to-reclaim property. If this property is not set then it is configured as OpenJDK ORB default.
number-to-reclaim
INT
false
true
TCP connection cache parameter. Each time number of connections exceeds tcp-high-water-mark property then ORB tries to reclaim connections. Number of reclaimed connections is specified by this property. If it is not set then it is configured as OpenJDK ORB default.
confidentiality
STRING
false
true
Indicates whether the transport must require confidentiality protection or not. Valid values are 'none', 'supported' and 'required'.
detect-misordering
STRING
false
true
Indicates whether the transport must require misordering detection or not. Valid values are 'none', 'supported' and 'required'.
detect-replay
STRING
false
true
Indicates whether the transport must require replay detection or not. Valid values are 'none', 'supported' and 'required'.
integrity
STRING
false
true
Indicates whether the transport must require integrity protection or not. Valid values are 'none', 'supported' and 'required'.
trust-in-client
STRING
false
true
Indicates if the transport must require trust in client to be established. Valid values are 'none', 'supported' and 'required'.
trust-in-target
STRING
false
true
Indicates if the transport must require trust in target to be established. Valid values are 'none' and 'supported'.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/cache/component/locking/index.html b/29/wildscribe/subsystem/infinispan/cache-container/cache/component/locking/index.html
index 4ce4f38a7..ce4ad200e 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/cache/component/locking/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/cache/component/locking/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/cache/component/partition-handling/index.html b/29/wildscribe/subsystem/infinispan/cache-container/cache/component/partition-handling/index.html
index 2d74ae897..fe0f36c9b 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/cache/component/partition-handling/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/cache/component/partition-handling/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/cache/component/persistence/index.html b/29/wildscribe/subsystem/infinispan/cache-container/cache/component/persistence/index.html
index 286e9c1a9..dacf7f61d 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/cache/component/persistence/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/cache/component/persistence/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/cache/component/transaction/index.html b/29/wildscribe/subsystem/infinispan/cache-container/cache/component/transaction/index.html
index fa11885c8..3677a6f2a 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/cache/component/transaction/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/cache/component/transaction/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/cache/index.html b/29/wildscribe/subsystem/infinispan/cache-container/cache/index.html
index 1bfb49756..78e45a599 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/cache/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/cache/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/backups/backup/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/backups/backup/index.html
index 40ac6e5b6..480bffffd 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/backups/backup/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/backups/backup/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
after-failures Indicates the number of failures after which this backup site should go offline.
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
enabled Indicates whether or not this backup site is enabled.
Deprecated Since 16.0.0
Deprecated. Ignored if specified.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
failure-policy The policy to follow when connectivity to the backup site fails.
Attribute
Value
Default Value
WARN
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
IGNORE WARN FAIL CUSTOM
min-wait Indicates the minimum time (in milliseconds) to wait after the max number of failures is reached, after which this backup site should go offline.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/backups/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/backups/index.html
index 5376ef795..4eaa750e8 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/backups/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/backups/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/expiration/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/expiration/index.html
index 9d02dcb2e..ead6e9a01 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/expiration/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/expiration/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
interval Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
lifespan Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-idle Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds an expiration configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
interval
LONG
false
true
60000
Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
lifespan
LONG
false
true
Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
max-idle
LONG
false
true
Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
remove Removes an expiration configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/locking/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/locking/index.html
index 679cbc098..22618fbd7 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/locking/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/locking/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
striping If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a locking configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
acquire-timeout
LONG
false
true
15000
Maximum time to attempt a particular lock acquisition.
concurrency-level
INT
false
true
1000
Concurrency level for lock containers. Adjust this value according to the number of concurrent threads interacting with Infinispan.
isolation
STRING
false
true
READ_COMMITTED
Sets the cache locking isolation level.
striping
BOOLEAN
false
true
false
If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
remove Removes a locking configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/partition-handling/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/partition-handling/index.html
index f2d3f41e0..510bc00e4 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/partition-handling/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/partition-handling/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/state-transfer/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/state-transfer/index.html
index a123fd2b1..d4a560952 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/state-transfer/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/state-transfer/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The state transfer configuration for distributed and replicated caches.
Attributes (2)
chunk-size The maximum number of cache entries in a batch of transferred state.
Attribute
Value
Default Value
512
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
resource-services
timeout The maximum amount of time (ms) to wait for state from neighboring caches, before throwing an exception and aborting startup. If timeout is 0, state transfer is performed asynchronously, and the cache will be immediately available.
The maximum number of cache entries in a batch of transferred state.
timeout
LONG
false
true
240000
The maximum amount of time (ms) to wait for state from neighboring caches, before throwing an exception and aborting startup. If timeout is 0, state transfer is performed asynchronously, and the cache will be immediately available.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/transaction/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/transaction/index.html
index b8ca778df..84e6957f2 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/transaction/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/transaction/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
complete-timeout The duration (in ms) after which idle transactions are removed.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
locking The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
Attribute
Value
Default Value
PESSIMISTIC
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
OPTIMISTIC PESSIMISTIC
mode Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
Attribute
Value
Default Value
NONE
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
NONE BATCH NON_XA NON_DURABLE_XA FULL_XA
stop-timeout If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a transaction configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
locking
STRING
false
true
PESSIMISTIC
The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
mode
STRING
false
true
NONE
Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
stop-timeout
LONG
false
true
10000
If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
complete-timeout
LONG
false
true
60000
The duration (in ms) after which idle transactions are removed.
remove Removes a transaction configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/index.html
index 05da392b1..3c45f37e9 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
capacity-factor Controls the proportion of entries that will reside on the local node, compared to the other nodes in the cluster.
Attribute
Value
Default Value
1.0
Type
DOUBLE
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
l1-lifespan Maximum lifespan of an entry placed in the L1 cache. This element configures the L1 cache behavior in 'distributed' caches instances. In any other cache modes, this element is ignored.
Attribute
Value
Default Value
0
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
modules The set of modules associated with this cache's configuration.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
owners Number of cluster-wide replicas for each cache entry.
Attribute
Value
Default Value
2
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
resource-services
remote-timeout In SYNC mode, the timeout (in ms) used to wait for an acknowledgment when making a remote call, after which the call is aborted and an exception is thrown.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segments Controls the number of hash space segments which is the granularity for key distribution in the cluster. Value must be strictly positive.
Attribute
Value
Default Value
256
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
resource-services
statistics-enabled If enabled, statistics will be collected for this cache
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Add a distributed cache to this cache container
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
capacity-factor
DOUBLE
false
true
1.0
Controls the proportion of entries that will reside on the local node, compared to the other nodes in the cluster.
l1-lifespan
LONG
false
true
0
Maximum lifespan of an entry placed in the L1 cache. This element configures the L1 cache behavior in 'distributed' caches instances. In any other cache modes, this element is ignored.
owners
INT
false
true
2
Number of cluster-wide replicas for each cache entry.
segments
INT
false
true
256
Controls the number of hash space segments which is the granularity for key distribution in the cluster. Value must be strictly positive.
remote-timeout
LONG
false
true
10000
In SYNC mode, the timeout (in ms) used to wait for an acknowledgment when making a remote call, after which the call is aborted and an exception is thrown.
statistics-enabled
BOOLEAN
false
true
false
If enabled, statistics will be collected for this cache
modules
LIST
false
true
The set of modules associated with this cache's configuration.
remove Remove a distributed cache from this cache container
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/memory/heap/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/memory/heap/index.html
index 4b41f81b4..fb152d5a6 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/memory/heap/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/memory/heap/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/memory/off-heap/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/memory/off-heap/index.html
index 3effb3cc3..a025264e1 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/memory/off-heap/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/memory/off-heap/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/index.html
index 287bb6923..168474789 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
class The custom store implementation class to use for this cache store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a basic cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
class
STRING
true
true
The custom store implementation class to use for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache store configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/write/behind/index.html
index 2cdf4a522..2c3b26737 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/write/through/index.html
index d28d5eb4f..e0c6259fc 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/index.html
index 4fa542198..ebe5ecd62 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
path The system path under which this cache store will persist its entries.
Deprecated Since 16.0.0
Deprecated. Uses the persistence location of the associated cache container.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (3)
add Adds a file cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
path
STRING
false
true
The system path under which this cache store will persist its entries.
relative-to
STRING
false
false
The system path to which the specified path is relative.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache file store configuration element from the cache.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Deprecated Since 16.0.0
Deprecated; will be removed in a future release.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/write/behind/index.html
index 5500ea3d8..2c766bec7 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/write/through/index.html
index f93efa9c1..83dfd1fcf 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/index.html
index 1bf99f87b..0e65f0e6d 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
cache-configuration Name of the cache configuration template defined in Infinispan Server to create caches from.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Name of the cache configuration template defined in Infinispan Server to create caches from.
remote-cache-container
STRING
true
false
Reference to a container-managed remote-cache-container.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/write/behind/index.html
index b4f39594c..eaba63f52 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/write/through/index.html
index 1f179bf1f..3056c5eae 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/index.html
index 855b32dc0..aa51509c4 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a JDBC cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
data-source
STRING
true
false
References the data source used to connect to this store.
dialect
STRING
false
true
The dialect of this datastore.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a JDBC cache store configuration element to the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/table/string/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/table/string/index.html
index c24e94c46..f5e6a4d89 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/table/string/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/table/string/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/write/behind/index.html
index 1cfb0b0df..32bec6fd9 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/write/through/index.html
index 3ebb068f2..d1e2c7274 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/none/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/none/index.html
index 4399ea8c8..65385db83 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/none/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/none/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/index.html
index e73e3d18a..fd7b85637 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
cache The name of the remote cache to use for this remote store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
socket-timeout A socket timeout for remote cache communication.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
tcp-no-delay A TCP_NODELAY value for remote cache communication.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a remote cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
cache
STRING
true
true
The name of the remote cache to use for this remote store.
socket-timeout
LONG
false
true
60000
A socket timeout for remote cache communication.
tcp-no-delay
BOOLEAN
false
true
true
A TCP_NODELAY value for remote cache communication.
remote-servers
LIST
true
false
A list of remote servers for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache remote store configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/write/behind/index.html
index 6c01de537..e646b3cd3 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/write/through/index.html
index 6f45697a2..cd43c3fc7 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/index.html b/29/wildscribe/subsystem/infinispan/cache-container/index.html
index ec9866c3f..8c966a79d 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/expiration/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/expiration/index.html
index d4bb25e30..65d5eaa86 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/expiration/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/expiration/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
interval Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
lifespan Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-idle Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds an expiration configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
interval
LONG
false
true
60000
Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
lifespan
LONG
false
true
Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
max-idle
LONG
false
true
Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
remove Removes an expiration configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/locking/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/locking/index.html
index 8d1f8fdb4..2b4369c08 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/locking/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/locking/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
striping If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a locking configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
acquire-timeout
LONG
false
true
15000
Maximum time to attempt a particular lock acquisition.
concurrency-level
INT
false
true
1000
Concurrency level for lock containers. Adjust this value according to the number of concurrent threads interacting with Infinispan.
isolation
STRING
false
true
READ_COMMITTED
Sets the cache locking isolation level.
striping
BOOLEAN
false
true
false
If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
remove Removes a locking configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/transaction/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/transaction/index.html
index 66ac34ffd..e66f753b5 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/transaction/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/transaction/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
complete-timeout The duration (in ms) after which idle transactions are removed.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
locking The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
Attribute
Value
Default Value
PESSIMISTIC
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
OPTIMISTIC PESSIMISTIC
mode Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
Attribute
Value
Default Value
NONE
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
NONE BATCH NON_XA NON_DURABLE_XA FULL_XA
stop-timeout If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a transaction configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
locking
STRING
false
true
PESSIMISTIC
The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
mode
STRING
false
true
NONE
Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
stop-timeout
LONG
false
true
10000
If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
complete-timeout
LONG
false
true
60000
The duration (in ms) after which idle transactions are removed.
remove Removes a transaction configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/index.html
index 7f14ba8f0..29b0a0ab6 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
modules The set of modules associated with this cache's configuration.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
remote-timeout In SYNC mode, the timeout (in ms) used to wait for an acknowledgment when making a remote call, after which the call is aborted and an exception is thrown.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
statistics-enabled If enabled, statistics will be collected for this cache
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Add an invalidation cache to this cache container
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
remote-timeout
LONG
false
true
10000
In SYNC mode, the timeout (in ms) used to wait for an acknowledgment when making a remote call, after which the call is aborted and an exception is thrown.
statistics-enabled
BOOLEAN
false
true
false
If enabled, statistics will be collected for this cache
modules
LIST
false
true
The set of modules associated with this cache's configuration.
remove Remove an invalidation cache from this cache container
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/memory/heap/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/memory/heap/index.html
index e45c5f287..ea1cd33cc 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/memory/heap/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/memory/heap/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/memory/off-heap/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/memory/off-heap/index.html
index f07274893..963ae8b5c 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/memory/off-heap/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/memory/off-heap/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/index.html
index 11f03a46b..80c0767db 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
class The custom store implementation class to use for this cache store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a basic cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
class
STRING
true
true
The custom store implementation class to use for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache store configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/write/behind/index.html
index 9893511d8..cd5679f76 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/write/through/index.html
index 811309b4b..69de7c0ec 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/index.html
index 2cd2a3fb3..405b6c6cf 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
path The system path under which this cache store will persist its entries.
Deprecated Since 16.0.0
Deprecated. Uses the persistence location of the associated cache container.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (3)
add Adds a file cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
path
STRING
false
true
The system path under which this cache store will persist its entries.
relative-to
STRING
false
false
The system path to which the specified path is relative.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache file store configuration element from the cache.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Deprecated Since 16.0.0
Deprecated; will be removed in a future release.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/write/behind/index.html
index d3553b387..9976c068b 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/write/through/index.html
index 124b4500f..c17f0c6d1 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/index.html
index 493c6d6a6..9a60686b3 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
cache-configuration Name of the cache configuration template defined in Infinispan Server to create caches from.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Name of the cache configuration template defined in Infinispan Server to create caches from.
remote-cache-container
STRING
true
false
Reference to a container-managed remote-cache-container.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/write/behind/index.html
index 570ec923d..f77b1b81d 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/write/through/index.html
index 9f079d277..f15c40f42 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/index.html
index 7b2315fc0..b0304d76d 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a JDBC cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
data-source
STRING
true
false
References the data source used to connect to this store.
dialect
STRING
false
true
The dialect of this datastore.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a JDBC cache store configuration element to the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/table/string/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/table/string/index.html
index d1675cda5..20a188d2e 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/table/string/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/table/string/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/write/behind/index.html
index cb7a6388a..c66f5053f 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/write/through/index.html
index 6d7d084b1..aefabb6a6 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/none/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/none/index.html
index 3a8d6d474..6828cee52 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/none/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/none/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/index.html
index 573e2e886..59bd65c9e 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
cache The name of the remote cache to use for this remote store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
socket-timeout A socket timeout for remote cache communication.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
tcp-no-delay A TCP_NODELAY value for remote cache communication.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a remote cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
cache
STRING
true
true
The name of the remote cache to use for this remote store.
socket-timeout
LONG
false
true
60000
A socket timeout for remote cache communication.
tcp-no-delay
BOOLEAN
false
true
true
A TCP_NODELAY value for remote cache communication.
remote-servers
LIST
true
false
A list of remote servers for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache remote store configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/write/behind/index.html
index 9955819ab..319aaa8ae 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/write/through/index.html
index c93ecb224..36fa6d1fd 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/component/expiration/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/component/expiration/index.html
index 8d9253ce4..ad47eae25 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/component/expiration/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/component/expiration/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
interval Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
lifespan Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-idle Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds an expiration configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
interval
LONG
false
true
60000
Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
lifespan
LONG
false
true
Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
max-idle
LONG
false
true
Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
remove Removes an expiration configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/component/locking/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/component/locking/index.html
index c8d76e75d..5a921836a 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/component/locking/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/component/locking/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
striping If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a locking configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
acquire-timeout
LONG
false
true
15000
Maximum time to attempt a particular lock acquisition.
concurrency-level
INT
false
true
1000
Concurrency level for lock containers. Adjust this value according to the number of concurrent threads interacting with Infinispan.
isolation
STRING
false
true
READ_COMMITTED
Sets the cache locking isolation level.
striping
BOOLEAN
false
true
false
If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
remove Removes a locking configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/component/transaction/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/component/transaction/index.html
index 06c4f20e2..40bbf54ee 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/component/transaction/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/component/transaction/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
complete-timeout The duration (in ms) after which idle transactions are removed.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
locking The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
Attribute
Value
Default Value
PESSIMISTIC
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
OPTIMISTIC PESSIMISTIC
mode Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
Attribute
Value
Default Value
NONE
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
NONE BATCH NON_XA NON_DURABLE_XA FULL_XA
stop-timeout If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a transaction configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
locking
STRING
false
true
PESSIMISTIC
The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
mode
STRING
false
true
NONE
Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
stop-timeout
LONG
false
true
10000
If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
complete-timeout
LONG
false
true
60000
The duration (in ms) after which idle transactions are removed.
remove Removes a transaction configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/index.html
index 49ba518ba..c6f2c7f42 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/memory/heap/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/memory/heap/index.html
index 4dd58fc14..bb0c2dece 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/memory/heap/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/memory/heap/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/memory/off-heap/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/memory/off-heap/index.html
index 6ea0ff7b7..37db1443d 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/memory/off-heap/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/memory/off-heap/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/index.html
index a7f0da186..a3b131129 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
class The custom store implementation class to use for this cache store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a basic cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
class
STRING
true
true
The custom store implementation class to use for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache store configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/write/behind/index.html
index 086b18058..f27f358be 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/write/through/index.html
index 508520214..bfdd830fc 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/index.html
index e5ee36dc6..77d030c44 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
path The system path under which this cache store will persist its entries.
Deprecated Since 16.0.0
Deprecated. Uses the persistence location of the associated cache container.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (3)
add Adds a file cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
path
STRING
false
true
The system path under which this cache store will persist its entries.
relative-to
STRING
false
false
The system path to which the specified path is relative.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache file store configuration element from the cache.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Deprecated Since 16.0.0
Deprecated; will be removed in a future release.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/write/behind/index.html
index 1155d6469..146e79aa8 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/write/through/index.html
index 665c1e723..cba808470 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/index.html
index f4d619de6..ba1982d28 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
cache-configuration Name of the cache configuration template defined in Infinispan Server to create caches from.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Name of the cache configuration template defined in Infinispan Server to create caches from.
remote-cache-container
STRING
true
false
Reference to a container-managed remote-cache-container.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/write/behind/index.html
index 8e071d3a1..45ab26ebb 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/write/through/index.html
index a89152145..abbe47c1a 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/index.html
index 61a446ecc..b71bdfab8 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a JDBC cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
data-source
STRING
true
false
References the data source used to connect to this store.
dialect
STRING
false
true
The dialect of this datastore.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a JDBC cache store configuration element to the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/table/string/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/table/string/index.html
index 40287d55c..67b5ed979 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/table/string/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/table/string/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/write/behind/index.html
index 314d42074..6bcf2359d 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/write/through/index.html
index aa6b24834..b6c14255e 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/none/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/none/index.html
index 6149cbc34..bc28e38ab 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/none/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/none/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/index.html
index 14b58a5e7..82db68ddc 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
cache The name of the remote cache to use for this remote store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
socket-timeout A socket timeout for remote cache communication.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
tcp-no-delay A TCP_NODELAY value for remote cache communication.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a remote cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
cache
STRING
true
true
The name of the remote cache to use for this remote store.
socket-timeout
LONG
false
true
60000
A socket timeout for remote cache communication.
tcp-no-delay
BOOLEAN
false
true
true
A TCP_NODELAY value for remote cache communication.
remote-servers
LIST
true
false
A list of remote servers for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache remote store configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/write/behind/index.html
index 4be9fa066..8f67acd86 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/write/through/index.html
index bdb79e9ba..836cfa994 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/backups/backup/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/backups/backup/index.html
index 9a7b56acc..3bae1e535 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/backups/backup/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/backups/backup/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
after-failures Indicates the number of failures after which this backup site should go offline.
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
enabled Indicates whether or not this backup site is enabled.
Deprecated Since 16.0.0
Deprecated. Ignored if specified.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
failure-policy The policy to follow when connectivity to the backup site fails.
Attribute
Value
Default Value
WARN
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
IGNORE WARN FAIL CUSTOM
min-wait Indicates the minimum time (in milliseconds) to wait after the max number of failures is reached, after which this backup site should go offline.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/backups/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/backups/index.html
index ba7e8c0b1..6c52b5cf5 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/backups/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/backups/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/expiration/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/expiration/index.html
index 3da6c0e06..bfcecbe67 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/expiration/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/expiration/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
interval Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
lifespan Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-idle Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds an expiration configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
interval
LONG
false
true
60000
Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
lifespan
LONG
false
true
Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
max-idle
LONG
false
true
Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
remove Removes an expiration configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/locking/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/locking/index.html
index d5bc9448d..cce0f7276 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/locking/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/locking/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
striping If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a locking configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
acquire-timeout
LONG
false
true
15000
Maximum time to attempt a particular lock acquisition.
concurrency-level
INT
false
true
1000
Concurrency level for lock containers. Adjust this value according to the number of concurrent threads interacting with Infinispan.
isolation
STRING
false
true
READ_COMMITTED
Sets the cache locking isolation level.
striping
BOOLEAN
false
true
false
If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
remove Removes a locking configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/partition-handling/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/partition-handling/index.html
index 6edf442bc..e3a669b9c 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/partition-handling/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/partition-handling/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/state-transfer/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/state-transfer/index.html
index 41b31c3d8..02e29f344 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/state-transfer/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/state-transfer/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The state transfer configuration for distributed and replicated caches.
Attributes (2)
chunk-size The maximum number of cache entries in a batch of transferred state.
Attribute
Value
Default Value
512
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
resource-services
timeout The maximum amount of time (ms) to wait for state from neighboring caches, before throwing an exception and aborting startup. If timeout is 0, state transfer is performed asynchronously, and the cache will be immediately available.
The maximum number of cache entries in a batch of transferred state.
timeout
LONG
false
true
240000
The maximum amount of time (ms) to wait for state from neighboring caches, before throwing an exception and aborting startup. If timeout is 0, state transfer is performed asynchronously, and the cache will be immediately available.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/transaction/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/transaction/index.html
index 3628f6086..bd10001cb 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/transaction/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/transaction/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
complete-timeout The duration (in ms) after which idle transactions are removed.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
locking The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
Attribute
Value
Default Value
PESSIMISTIC
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
OPTIMISTIC PESSIMISTIC
mode Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
Attribute
Value
Default Value
NONE
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
NONE BATCH NON_XA NON_DURABLE_XA FULL_XA
stop-timeout If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a transaction configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
locking
STRING
false
true
PESSIMISTIC
The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
mode
STRING
false
true
NONE
Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
stop-timeout
LONG
false
true
10000
If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
complete-timeout
LONG
false
true
60000
The duration (in ms) after which idle transactions are removed.
remove Removes a transaction configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/index.html
index 92898160e..27ed30737 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
modules The set of modules associated with this cache's configuration.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
remote-timeout In SYNC mode, the timeout (in ms) used to wait for an acknowledgment when making a remote call, after which the call is aborted and an exception is thrown.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
statistics-enabled If enabled, statistics will be collected for this cache
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Add a replicated cache to this cache container
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
remote-timeout
LONG
false
true
10000
In SYNC mode, the timeout (in ms) used to wait for an acknowledgment when making a remote call, after which the call is aborted and an exception is thrown.
statistics-enabled
BOOLEAN
false
true
false
If enabled, statistics will be collected for this cache
modules
LIST
false
true
The set of modules associated with this cache's configuration.
remove Remove a replicated cache from this cache container
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/memory/heap/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/memory/heap/index.html
index 9d38f62f6..0b33e9e38 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/memory/heap/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/memory/heap/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/memory/off-heap/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/memory/off-heap/index.html
index 612bc3afb..8ecf082a6 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/memory/off-heap/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/memory/off-heap/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/index.html
index d05fc0cf3..f86cabe06 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
class The custom store implementation class to use for this cache store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a basic cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
class
STRING
true
true
The custom store implementation class to use for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache store configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/write/behind/index.html
index 6158ca247..75c5dfd15 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/write/through/index.html
index dda900083..01007df22 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/index.html
index 47bcad4f1..f8a1def29 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
path The system path under which this cache store will persist its entries.
Deprecated Since 16.0.0
Deprecated. Uses the persistence location of the associated cache container.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (3)
add Adds a file cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
path
STRING
false
true
The system path under which this cache store will persist its entries.
relative-to
STRING
false
false
The system path to which the specified path is relative.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache file store configuration element from the cache.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Deprecated Since 16.0.0
Deprecated; will be removed in a future release.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/write/behind/index.html
index 15a7e8c89..1dad9fc6b 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/write/through/index.html
index 3d39c6586..9dfb71526 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/index.html
index 029b40f51..9166012a1 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
cache-configuration Name of the cache configuration template defined in Infinispan Server to create caches from.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Name of the cache configuration template defined in Infinispan Server to create caches from.
remote-cache-container
STRING
true
false
Reference to a container-managed remote-cache-container.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/write/behind/index.html
index 556492f07..439078eb8 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/write/through/index.html
index 838fd3ba3..6cfa8776c 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/index.html
index fd65ae3ac..87ef18c9d 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a JDBC cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
data-source
STRING
true
false
References the data source used to connect to this store.
dialect
STRING
false
true
The dialect of this datastore.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a JDBC cache store configuration element to the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/table/string/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/table/string/index.html
index 94da4fd9c..daad881bd 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/table/string/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/table/string/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/write/behind/index.html
index a64ae0bf1..df2bcb276 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/write/through/index.html
index 499a49bd7..233e340a1 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/none/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/none/index.html
index 9f7abe7d2..aa559cf48 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/none/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/none/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/index.html
index db43ba543..f6d1f425c 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
cache The name of the remote cache to use for this remote store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
socket-timeout A socket timeout for remote cache communication.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
tcp-no-delay A TCP_NODELAY value for remote cache communication.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a remote cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
cache
STRING
true
true
The name of the remote cache to use for this remote store.
socket-timeout
LONG
false
true
60000
A socket timeout for remote cache communication.
tcp-no-delay
BOOLEAN
false
true
true
A TCP_NODELAY value for remote cache communication.
remote-servers
LIST
true
false
A list of remote servers for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache remote store configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/write/behind/index.html
index 061262e58..df2225f7a 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/write/through/index.html
index c812e0afa..44912377a 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/backups/backup/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/backups/backup/index.html
index 478fa653b..c8db97598 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/backups/backup/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/backups/backup/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
after-failures Indicates the number of failures after which this backup site should go offline.
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
enabled Indicates whether or not this backup site is enabled.
Deprecated Since 16.0.0
Deprecated. Ignored if specified.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
failure-policy The policy to follow when connectivity to the backup site fails.
Attribute
Value
Default Value
WARN
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
IGNORE WARN FAIL CUSTOM
min-wait Indicates the minimum time (in milliseconds) to wait after the max number of failures is reached, after which this backup site should go offline.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/backups/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/backups/index.html
index 9bc69d9d6..cec6b8877 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/backups/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/backups/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/expiration/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/expiration/index.html
index 5115210f5..46f1f3570 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/expiration/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/expiration/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
interval Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
lifespan Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-idle Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds an expiration configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
interval
LONG
false
true
60000
Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
lifespan
LONG
false
true
Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
max-idle
LONG
false
true
Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
remove Removes an expiration configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/locking/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/locking/index.html
index 62901373f..02c7e479d 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/locking/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/locking/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
striping If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a locking configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
acquire-timeout
LONG
false
true
15000
Maximum time to attempt a particular lock acquisition.
concurrency-level
INT
false
true
1000
Concurrency level for lock containers. Adjust this value according to the number of concurrent threads interacting with Infinispan.
isolation
STRING
false
true
READ_COMMITTED
Sets the cache locking isolation level.
striping
BOOLEAN
false
true
false
If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
remove Removes a locking configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/partition-handling/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/partition-handling/index.html
index 4e2a2d813..a4502033a 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/partition-handling/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/partition-handling/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/state-transfer/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/state-transfer/index.html
index 6749b4e45..49297f853 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/state-transfer/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/state-transfer/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The state transfer configuration for distributed and replicated caches.
Attributes (2)
chunk-size The maximum number of cache entries in a batch of transferred state.
Attribute
Value
Default Value
512
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
resource-services
timeout The maximum amount of time (ms) to wait for state from neighboring caches, before throwing an exception and aborting startup. If timeout is 0, state transfer is performed asynchronously, and the cache will be immediately available.
The maximum number of cache entries in a batch of transferred state.
timeout
LONG
false
true
240000
The maximum amount of time (ms) to wait for state from neighboring caches, before throwing an exception and aborting startup. If timeout is 0, state transfer is performed asynchronously, and the cache will be immediately available.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/transaction/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/transaction/index.html
index d9c7b8abb..f26d4e477 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/transaction/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/transaction/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
complete-timeout The duration (in ms) after which idle transactions are removed.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
locking The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
Attribute
Value
Default Value
PESSIMISTIC
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
OPTIMISTIC PESSIMISTIC
mode Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
Attribute
Value
Default Value
NONE
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
NONE BATCH NON_XA NON_DURABLE_XA FULL_XA
stop-timeout If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a transaction configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
locking
STRING
false
true
PESSIMISTIC
The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
mode
STRING
false
true
NONE
Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
stop-timeout
LONG
false
true
10000
If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
complete-timeout
LONG
false
true
60000
The duration (in ms) after which idle transactions are removed.
remove Removes a transaction configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/index.html
index 1d4b87ac3..a7e1ce081 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
modules The set of modules associated with this cache's configuration.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
remote-timeout In SYNC mode, the timeout (in ms) used to wait for an acknowledgment when making a remote call, after which the call is aborted and an exception is thrown.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segments Controls the number of hash space segments which is the granularity for key distribution in the cluster. Value must be strictly positive.
Attribute
Value
Default Value
256
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
resource-services
statistics-enabled If enabled, statistics will be collected for this cache
When greater than zero, specifies the duration (in ms) that a cache entry will be cached on a non-owner following a write operation.
invalidation-batch-size
INT
false
true
128
The threshold after which batched invalidations are sent.
segments
INT
false
true
256
Controls the number of hash space segments which is the granularity for key distribution in the cluster. Value must be strictly positive.
remote-timeout
LONG
false
true
10000
In SYNC mode, the timeout (in ms) used to wait for an acknowledgment when making a remote call, after which the call is aborted and an exception is thrown.
statistics-enabled
BOOLEAN
false
true
false
If enabled, statistics will be collected for this cache
modules
LIST
false
true
The set of modules associated with this cache's configuration.
remove Remove a scattered cache from this cache container
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/memory/heap/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/memory/heap/index.html
index 2a14228e9..cbe7751ab 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/memory/heap/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/memory/heap/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/memory/off-heap/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/memory/off-heap/index.html
index d7d88a766..19986bd45 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/memory/off-heap/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/memory/off-heap/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/index.html
index 99b4acba9..cbe704e7c 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
class The custom store implementation class to use for this cache store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a basic cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
class
STRING
true
true
The custom store implementation class to use for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache store configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/write/behind/index.html
index dfa4d2527..042414c8a 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/write/through/index.html
index 4caaf0ca8..9ce55f399 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/index.html
index ae1769e46..0884255df 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
path The system path under which this cache store will persist its entries.
Deprecated Since 16.0.0
Deprecated. Uses the persistence location of the associated cache container.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (3)
add Adds a file cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
path
STRING
false
true
The system path under which this cache store will persist its entries.
relative-to
STRING
false
false
The system path to which the specified path is relative.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache file store configuration element from the cache.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Deprecated Since 16.0.0
Deprecated; will be removed in a future release.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/write/behind/index.html
index 5c11b24f3..cc7518274 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/write/through/index.html
index 73015f6db..f95b75ba9 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/index.html
index 6c7cef9aa..6500797b0 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
cache-configuration Name of the cache configuration template defined in Infinispan Server to create caches from.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Name of the cache configuration template defined in Infinispan Server to create caches from.
remote-cache-container
STRING
true
false
Reference to a container-managed remote-cache-container.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/write/behind/index.html
index b535becea..687c43335 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/write/through/index.html
index 34d08c8fe..6b0e43821 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/index.html
index 6b11ed125..d3af9ba3a 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a JDBC cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
data-source
STRING
true
false
References the data source used to connect to this store.
dialect
STRING
false
true
The dialect of this datastore.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a JDBC cache store configuration element to the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/table/string/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/table/string/index.html
index 3489ce8e0..fd62c6f88 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/table/string/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/table/string/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/write/behind/index.html
index f1f3ffef8..2669a1443 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/write/through/index.html
index 8d1e4af98..397c67cfe 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/none/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/none/index.html
index 8b5b5451d..7a20a8ae8 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/none/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/none/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/index.html
index 9a4594c22..cb7352c3c 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
cache The name of the remote cache to use for this remote store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
socket-timeout A socket timeout for remote cache communication.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
tcp-no-delay A TCP_NODELAY value for remote cache communication.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a remote cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
cache
STRING
true
true
The name of the remote cache to use for this remote store.
socket-timeout
LONG
false
true
60000
A socket timeout for remote cache communication.
tcp-no-delay
BOOLEAN
false
true
true
A TCP_NODELAY value for remote cache communication.
remote-servers
LIST
true
false
A list of remote servers for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache remote store configuration element from the cache.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/write/behind/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/write/behind/index.html
index aa017e03c..e7d8679a2 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/write/behind/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/write/behind/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/write/through/index.html b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/write/through/index.html
index 26879f70a..4cabd381a 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/write/through/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/write/through/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/thread-pool/blocking/index.html b/29/wildscribe/subsystem/infinispan/cache-container/thread-pool/blocking/index.html
index 210168839..2302e383b 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/thread-pool/blocking/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/thread-pool/blocking/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Defines a thread pool used for for blocking operations.
Attributes (4)
keepalive-time Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
min-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
max-threads
INT
false
true
150
The maximum thread pool size.
queue-length
INT
false
true
5000
The queue length.
keepalive-time
LONG
false
true
60000
Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/thread-pool/expiration/index.html b/29/wildscribe/subsystem/infinispan/cache-container/thread-pool/expiration/index.html
index b6afe38ae..7b953a828 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/thread-pool/expiration/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/thread-pool/expiration/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
keepalive-time Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
min-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time
LONG
false
true
60000
Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/thread-pool/listener/index.html b/29/wildscribe/subsystem/infinispan/cache-container/thread-pool/listener/index.html
index da64ccff4..5261a2cd4 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/thread-pool/listener/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/thread-pool/listener/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Defines a thread pool used for asynchronous cache listener notifications.
Attributes (4)
keepalive-time Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
min-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
max-threads
INT
false
true
1
The maximum thread pool size.
queue-length
INT
false
true
1000
The queue length.
keepalive-time
LONG
false
true
60000
Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/thread-pool/non-blocking/index.html b/29/wildscribe/subsystem/infinispan/cache-container/thread-pool/non-blocking/index.html
index 7601a6d9c..3dd7af274 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/thread-pool/non-blocking/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/thread-pool/non-blocking/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Defines a thread pool used for for non-blocking operations.
Attributes (4)
keepalive-time Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
min-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
max-threads
INT
false
true
2
The maximum thread pool size.
queue-length
INT
false
true
1000
The queue length.
keepalive-time
LONG
false
true
60000
Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/transport/jgroups/index.html b/29/wildscribe/subsystem/infinispan/cache-container/transport/jgroups/index.html
index 5da4a140c..870acaa09 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/transport/jgroups/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/transport/jgroups/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/cache-container/transport/none/index.html b/29/wildscribe/subsystem/infinispan/cache-container/transport/none/index.html
index a912b1334..370ea07a7 100644
--- a/29/wildscribe/subsystem/infinispan/cache-container/transport/none/index.html
+++ b/29/wildscribe/subsystem/infinispan/cache-container/transport/none/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/index.html b/29/wildscribe/subsystem/infinispan/index.html
index 6eb0b34f5..7debd1819 100644
--- a/29/wildscribe/subsystem/infinispan/index.html
+++ b/29/wildscribe/subsystem/infinispan/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/remote-cache-container/component/connection-pool/index.html b/29/wildscribe/subsystem/infinispan/remote-cache-container/component/connection-pool/index.html
index 9721659e8..5ba82f50d 100644
--- a/29/wildscribe/subsystem/infinispan/remote-cache-container/component/connection-pool/index.html
+++ b/29/wildscribe/subsystem/infinispan/remote-cache-container/component/connection-pool/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
exhausted-action Specifies what happens when asking for a connection from a server's pool, and that pool is exhausted.
Attribute
Value
Default Value
WAIT
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
EXCEPTION WAIT CREATE_NEW
max-active Controls the maximum number of connections per server that are allocated (checked out to client threads, or idle in the pool) at one time. When non-positive, there is no limit to the number of connections per server. When maxActive is reached, the connection pool for that server is said to be exhausted. Value -1 means no limit.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-wait The amount of time in milliseconds to wait for a connection to become available when the exhausted action is ExhaustedAction.WAIT, after which a java.util.NoSuchElementException will be thrown. If a negative value is supplied, the pool will block indefinitely.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
min-evictable-idle-time Specifies the minimum amount of time that an connection may sit idle in the pool before it is eligible for eviction due to idle time. When non-positive, no connection will be dropped from the pool due to idle time alone. This setting has no effect unless timeBetweenEvictionRunsMillis > 0.
Attribute
Value
Default Value
1800000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
min-idle Sets a target value for the minimum number of idle connections (per server) that should always be available. If this parameter is set to a positive number and timeBetweenEvictionRunsMillis > 0, each time the idle connection eviction thread runs, it will try to create enough idle instances so that there will be minIdle idle instances available for each server.
Specifies what happens when asking for a connection from a server's pool, and that pool is exhausted.
max-active
INT
false
true
Controls the maximum number of connections per server that are allocated (checked out to client threads, or idle in the pool) at one time. When non-positive, there is no limit to the number of connections per server. When maxActive is reached, the connection pool for that server is said to be exhausted. Value -1 means no limit.
max-wait
LONG
false
true
The amount of time in milliseconds to wait for a connection to become available when the exhausted action is ExhaustedAction.WAIT, after which a java.util.NoSuchElementException will be thrown. If a negative value is supplied, the pool will block indefinitely.
min-evictable-idle-time
LONG
false
true
1800000
Specifies the minimum amount of time that an connection may sit idle in the pool before it is eligible for eviction due to idle time. When non-positive, no connection will be dropped from the pool due to idle time alone. This setting has no effect unless timeBetweenEvictionRunsMillis > 0.
min-idle
INT
false
true
1
Sets a target value for the minimum number of idle connections (per server) that should always be available. If this parameter is set to a positive number and timeBetweenEvictionRunsMillis > 0, each time the idle connection eviction thread runs, it will try to create enough idle instances so that there will be minIdle idle instances available for each server.
remove Removes configuration of the connection pool.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/remote-cache-container/component/security/index.html b/29/wildscribe/subsystem/infinispan/remote-cache-container/component/security/index.html
index 08f6f8cae..3f294b772 100644
--- a/29/wildscribe/subsystem/infinispan/remote-cache-container/component/security/index.html
+++ b/29/wildscribe/subsystem/infinispan/remote-cache-container/component/security/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/remote-cache-container/index.html b/29/wildscribe/subsystem/infinispan/remote-cache-container/index.html
index 7ee368716..61148fd3c 100644
--- a/29/wildscribe/subsystem/infinispan/remote-cache-container/index.html
+++ b/29/wildscribe/subsystem/infinispan/remote-cache-container/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
idle-connections The number of idle connections to the Infinispan server.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
key-size-estimate This hint allows sizing of byte buffers when serializing and deserializing keys, to minimize array resizing.
Deprecated Since 15.0.0
Deprecated. This attribute will be ignored.
Attribute
Value
Default Value
64
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
marshaller Defines the marshalling implementation used to marshal cache entries.
Attribute
Value
Default Value
LEGACY
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-retries Sets the maximum number of retries for each request. A valid value should be greater or equals than 0. Zero means no retry will made in case of a network failure.
Attribute
Value
Default Value
10
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
modules The set of modules associated with this remote cache container's configuration.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
properties A list of remote cache container properties.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
protocol-version This property defines the protocol version that this client should use.
socket-timeout Enable or disable SO_TIMEOUT on socket connections to remote Hot Rod servers with the specified timeout, in milliseconds. A timeout of 0 is interpreted as an infinite timeout.
tcp-keep-alive Configures TCP Keepalive on the TCP stack.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
tcp-no-delay Enable or disable TCP_NODELAY on socket connections to remote Hot Rod servers.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
transaction-timeout The duration (in ms) after which idle transactions are rolled back.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
value-size-estimate This hint allows sizing of byte buffers when serializing and deserializing values, to minimize array resizing.
Deprecated Since 15.0.0
Deprecated. This attribute will be ignored.
Attribute
Value
Default Value
512
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Add a remote cache container to the infinispan subsystem.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
connection-timeout
INT
false
true
60000
Defines the maximum socket connect timeout before giving up connecting to the server.
default-remote-cluster
STRING
true
false
Required default remote server cluster.
marshaller
STRING
false
true
LEGACY
Defines the marshalling implementation used to marshal cache entries.
max-retries
INT
false
true
10
Sets the maximum number of retries for each request. A valid value should be greater or equals than 0. Zero means no retry will made in case of a network failure.
properties
OBJECT
false
true
A list of remote cache container properties.
protocol-version
STRING
false
true
4.0
This property defines the protocol version that this client should use.
socket-timeout
INT
false
true
60000
Enable or disable SO_TIMEOUT on socket connections to remote Hot Rod servers with the specified timeout, in milliseconds. A timeout of 0 is interpreted as an infinite timeout.
statistics-enabled
BOOLEAN
false
true
false
Enables statistics gathering for this remote cache.
tcp-no-delay
BOOLEAN
false
true
true
Enable or disable TCP_NODELAY on socket connections to remote Hot Rod servers.
tcp-keep-alive
BOOLEAN
false
true
false
Configures TCP Keepalive on the TCP stack.
transaction-timeout
LONG
false
true
60000
The duration (in ms) after which idle transactions are rolled back.
modules
LIST
false
true
The set of modules associated with this remote cache container's configuration.
key-size-estimate
INT
false
true
64
This hint allows sizing of byte buffers when serializing and deserializing keys, to minimize array resizing.
value-size-estimate
INT
false
true
512
This hint allows sizing of byte buffers when serializing and deserializing values, to minimize array resizing.
remove Remove a cache container from the infinispan subsystem.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/remote-cache-container/remote-cache/index.html b/29/wildscribe/subsystem/infinispan/remote-cache-container/remote-cache/index.html
index a720324cc..65845c7ab 100644
--- a/29/wildscribe/subsystem/infinispan/remote-cache-container/remote-cache/index.html
+++ b/29/wildscribe/subsystem/infinispan/remote-cache-container/remote-cache/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/remote-cache-container/remote-cluster/index.html b/29/wildscribe/subsystem/infinispan/remote-cache-container/remote-cluster/index.html
index 8fe657fbd..bc507f268 100644
--- a/29/wildscribe/subsystem/infinispan/remote-cache-container/remote-cluster/index.html
+++ b/29/wildscribe/subsystem/infinispan/remote-cache-container/remote-cluster/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
switch-cluster Switch the cluster to which this HotRod client should communicate. Primary used to failback to the local site in the event of a site failover.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/infinispan/remote-cache-container/thread-pool/async/index.html b/29/wildscribe/subsystem/infinispan/remote-cache-container/thread-pool/async/index.html
index bbc62c254..8f4fe6997 100644
--- a/29/wildscribe/subsystem/infinispan/remote-cache-container/thread-pool/async/index.html
+++ b/29/wildscribe/subsystem/infinispan/remote-cache-container/thread-pool/async/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Defines a thread pool used for asynchronous operations.
Attributes (4)
keepalive-time Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
min-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
add Adds thread pool configuration used for asynchronous operations.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
min-threads
INT
false
true
99
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
max-threads
INT
false
true
99
The maximum thread pool size.
queue-length
INT
false
true
0
The queue length.
keepalive-time
LONG
false
true
0
Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
remove Removes thread pool configuration used for asynchronous operations.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/io/buffer-pool/index.html b/29/wildscribe/subsystem/io/buffer-pool/index.html
index 46bd02cb9..6939184ce 100644
--- a/29/wildscribe/subsystem/io/buffer-pool/index.html
+++ b/29/wildscribe/subsystem/io/buffer-pool/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/io/index.html b/29/wildscribe/subsystem/io/index.html
index ba1d3447c..d0ba1ea5d 100644
--- a/29/wildscribe/subsystem/io/index.html
+++ b/29/wildscribe/subsystem/io/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/io/worker/index.html b/29/wildscribe/subsystem/io/worker/index.html
index f53c4f70c..0bfe35136 100644
--- a/29/wildscribe/subsystem/io/worker/index.html
+++ b/29/wildscribe/subsystem/io/worker/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
core-pool-size Minimum number of threads to keep in the underlying thread pool even if they are idle. Threads over this limit will be terminated over time specified by task-keepalive attribute.
io-threads Specify the number of I/O threads to create for the worker. If not specified, a default will be chosen, which is calculated by cpuCount * 2
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-pool-size The maximum number of threads allowed in the worker task thread pool. Depending on the pool implementation, when this limit is reached tasks which cannot be queued may be rejected. This can be configured using the 'task-max-threads' attribute; see the description of that attribute for details on how this value is determined.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
queue-size An estimate of the number of tasks in the worker queue.
stack-size The stack size (in bytes) to attempt to use for worker threads.
Attribute
Value
Default Value
0
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Storage
configuration
Access Type
read-write
Restart Required
all-services
task-core-threads Specify the starting number of threads for the worker task thread pool.
Attribute
Value
Default Value
2
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
task-keepalive Specify the number of milliseconds to keep non-core task threads alive.
Attribute
Value
Default Value
60000
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
task-max-threads Specify the maximum number of threads for the worker task thread pool.If not set, a default value used which is calculated by the formula cpuCount * 16,as long as the MaxFileDescriptorCount jmx property allows that number; otherwise the calculation takes that max into account and adjusts accordingly.
Specify the number of I/O threads to create for the worker. If not specified, a default will be chosen, which is calculated by cpuCount * 2
stack-size
LONG
false
true
0
The stack size (in bytes) to attempt to use for worker threads.
task-core-threads
INT
false
true
2
Specify the starting number of threads for the worker task thread pool.
task-keepalive
INT
false
true
60000
Specify the number of milliseconds to keep non-core task threads alive.
task-max-threads
INT
false
true
Specify the maximum number of threads for the worker task thread pool.If not set, a default value used which is calculated by the formula cpuCount * 16,as long as the MaxFileDescriptorCount jmx property allows that number; otherwise the calculation takes that max into account and adjusts accordingly.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/io/worker/outbound-bind-address/index.html b/29/wildscribe/subsystem/io/worker/outbound-bind-address/index.html
index 457c3b17f..5d0a4ec5a 100644
--- a/29/wildscribe/subsystem/io/worker/outbound-bind-address/index.html
+++ b/29/wildscribe/subsystem/io/worker/outbound-bind-address/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/io/worker/server/index.html b/29/wildscribe/subsystem/io/worker/server/index.html
index 0cb9b76bb..a144334e2 100644
--- a/29/wildscribe/subsystem/io/worker/server/index.html
+++ b/29/wildscribe/subsystem/io/worker/server/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
connection-limit-high-water-mark If the connection count hits this number, no new connections will be accepted until the count drops below the low-water mark.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
connection-limit-low-water-mark If the connection count has previously hit the high water mark, once it drops back down below this count, connections will be accepted again.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jaxrs/index.html b/29/wildscribe/subsystem/jaxrs/index.html
index fc087a6b1..1e7465003 100644
--- a/29/wildscribe/subsystem/jaxrs/index.html
+++ b/29/wildscribe/subsystem/jaxrs/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
tracing-threshold The "SUMMARY" threshold will emit some brief tracing information. The "TRACE" threshold will produce more detailed tracing information, and the "VERBOSE" threshold will generate extremely detailed tracing information.
Attribute
Value
Default Value
SUMMARY
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
SUMMARY TRACE VERBOSE
tracing-type "ALL" will enable the tracing feature. "ON_DEMAND" mode will give the control to client side: A client can send a tracing request via HTTP header and get the tracing info back from response headers. "OFF" mode will disable the tracing feature, and this is the default mode. Note that this it is suggested this is set to "OFF" for production servers.
Attribute
Value
Default Value
OFF
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
OFF ON_DEMAND ALL
Operations (2)
add Operation creating the Jakarta RESTful Web Services subsystem.
The "SUMMARY" threshold will emit some brief tracing information. The "TRACE" threshold will produce more detailed tracing information, and the "VERBOSE" threshold will generate extremely detailed tracing information.
tracing-type
STRING
false
true
OFF
"ALL" will enable the tracing feature. "ON_DEMAND" mode will give the control to client side: A client can send a tracing request via HTTP header and get the tracing info back from response headers. "OFF" mode will disable the tracing feature, and this is the default mode. Note that this it is suggested this is set to "OFF" for production servers.
remove Operation removing the Jakarta RESTful Web Services subsystem.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jca/archive-validation/archive-validation/index.html b/29/wildscribe/subsystem/jca/archive-validation/archive-validation/index.html
index 17a7d7013..0301cc271 100644
--- a/29/wildscribe/subsystem/jca/archive-validation/archive-validation/index.html
+++ b/29/wildscribe/subsystem/jca/archive-validation/archive-validation/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jca/bean-validation/bean-validation/index.html b/29/wildscribe/subsystem/jca/bean-validation/bean-validation/index.html
index ab85c82bb..32cb78b14 100644
--- a/29/wildscribe/subsystem/jca/bean-validation/bean-validation/index.html
+++ b/29/wildscribe/subsystem/jca/bean-validation/bean-validation/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jca/bootstrap-context/index.html b/29/wildscribe/subsystem/jca/bootstrap-context/index.html
index 59b29549a..fb64afa0b 100644
--- a/29/wildscribe/subsystem/jca/bootstrap-context/index.html
+++ b/29/wildscribe/subsystem/jca/bootstrap-context/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jca/cached-connection-manager/cached-connection-manager/index.html b/29/wildscribe/subsystem/jca/cached-connection-manager/cached-connection-manager/index.html
index 52c81f1a3..2769b5ab4 100644
--- a/29/wildscribe/subsystem/jca/cached-connection-manager/cached-connection-manager/index.html
+++ b/29/wildscribe/subsystem/jca/cached-connection-manager/cached-connection-manager/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jca/distributed-workmanager/index.html b/29/wildscribe/subsystem/jca/distributed-workmanager/index.html
index 4104da0cb..f7c6648f0 100644
--- a/29/wildscribe/subsystem/jca/distributed-workmanager/index.html
+++ b/29/wildscribe/subsystem/jca/distributed-workmanager/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jca/distributed-workmanager/long-running-threads/index.html b/29/wildscribe/subsystem/jca/distributed-workmanager/long-running-threads/index.html
index 5268070ac..9102f2f9f 100644
--- a/29/wildscribe/subsystem/jca/distributed-workmanager/long-running-threads/index.html
+++ b/29/wildscribe/subsystem/jca/distributed-workmanager/long-running-threads/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A thread pool executor with a bounded queue where threads submittings tasks may block. Such a thread pool has a core and maximum size and a specified queue length. When a task is submitted, if the number of running threads is less than the core size, a new thread is created. Otherwise, if there is room in the queue, the task is enqueued. Otherwise, if the number of running threads is less than the maximum size, a new thread is created. Otherwise, the caller blocks until room becomes available in the queue.
core-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
largest-thread-count The largest number of threads that have ever simultaneously been in the pool.
rejected-count The number of tasks that have been passed to the handoff-executor (if one is specified) or discarded.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
thread-factory Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time
OBJECT
false
false
Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
max-threads
INT
true
true
The maximum thread pool size.
queue-length
INT
true
true
The queue length.
thread-factory
STRING
false
false
Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
remove Removes a blocking bounded queue thread pool.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jca/distributed-workmanager/short-running-threads/index.html b/29/wildscribe/subsystem/jca/distributed-workmanager/short-running-threads/index.html
index f735bf9ed..d73bebe0c 100644
--- a/29/wildscribe/subsystem/jca/distributed-workmanager/short-running-threads/index.html
+++ b/29/wildscribe/subsystem/jca/distributed-workmanager/short-running-threads/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A thread pool executor with a bounded queue where threads submittings tasks may block. Such a thread pool has a core and maximum size and a specified queue length. When a task is submitted, if the number of running threads is less than the core size, a new thread is created. Otherwise, if there is room in the queue, the task is enqueued. Otherwise, if the number of running threads is less than the maximum size, a new thread is created. Otherwise, the caller blocks until room becomes available in the queue.
core-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
largest-thread-count The largest number of threads that have ever simultaneously been in the pool.
rejected-count The number of tasks that have been passed to the handoff-executor (if one is specified) or discarded.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
thread-factory Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time
OBJECT
false
false
Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
max-threads
INT
true
true
The maximum thread pool size.
queue-length
INT
true
true
The queue length.
thread-factory
STRING
false
false
Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
remove Removes a blocking bounded queue thread pool.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jca/index.html b/29/wildscribe/subsystem/jca/index.html
index 47fe82145..53b30618c 100644
--- a/29/wildscribe/subsystem/jca/index.html
+++ b/29/wildscribe/subsystem/jca/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jca/tracer/tracer/index.html b/29/wildscribe/subsystem/jca/tracer/tracer/index.html
index 2c61c2894..3e1d85b5e 100644
--- a/29/wildscribe/subsystem/jca/tracer/tracer/index.html
+++ b/29/wildscribe/subsystem/jca/tracer/tracer/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jca/workmanager/default/index.html b/29/wildscribe/subsystem/jca/workmanager/default/index.html
index 26db13677..9206f81e2 100644
--- a/29/wildscribe/subsystem/jca/workmanager/default/index.html
+++ b/29/wildscribe/subsystem/jca/workmanager/default/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jca/workmanager/default/long-running-threads/index.html b/29/wildscribe/subsystem/jca/workmanager/default/long-running-threads/index.html
index 82c23d04a..a83c0b42b 100644
--- a/29/wildscribe/subsystem/jca/workmanager/default/long-running-threads/index.html
+++ b/29/wildscribe/subsystem/jca/workmanager/default/long-running-threads/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A thread pool executor with a bounded queue where threads submittings tasks may block. Such a thread pool has a core and maximum size and a specified queue length. When a task is submitted, if the number of running threads is less than the core size, a new thread is created. Otherwise, if there is room in the queue, the task is enqueued. Otherwise, if the number of running threads is less than the maximum size, a new thread is created. Otherwise, the caller blocks until room becomes available in the queue.
core-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
largest-thread-count The largest number of threads that have ever simultaneously been in the pool.
rejected-count The number of tasks that have been passed to the handoff-executor (if one is specified) or discarded.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
thread-factory Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time
OBJECT
false
false
Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
max-threads
INT
true
true
The maximum thread pool size.
queue-length
INT
true
true
The queue length.
thread-factory
STRING
false
false
Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
remove Removes a blocking bounded queue thread pool.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jca/workmanager/default/short-running-threads/index.html b/29/wildscribe/subsystem/jca/workmanager/default/short-running-threads/index.html
index d54f394d6..69cdc8fb0 100644
--- a/29/wildscribe/subsystem/jca/workmanager/default/short-running-threads/index.html
+++ b/29/wildscribe/subsystem/jca/workmanager/default/short-running-threads/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A thread pool executor with a bounded queue where threads submittings tasks may block. Such a thread pool has a core and maximum size and a specified queue length. When a task is submitted, if the number of running threads is less than the core size, a new thread is created. Otherwise, if there is room in the queue, the task is enqueued. Otherwise, if the number of running threads is less than the maximum size, a new thread is created. Otherwise, the caller blocks until room becomes available in the queue.
core-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
largest-thread-count The largest number of threads that have ever simultaneously been in the pool.
rejected-count The number of tasks that have been passed to the handoff-executor (if one is specified) or discarded.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
thread-factory Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time
OBJECT
false
false
Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
max-threads
INT
true
true
The maximum thread pool size.
queue-length
INT
true
true
The queue length.
thread-factory
STRING
false
false
Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
remove Removes a blocking bounded queue thread pool.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jca/workmanager/default/statistics/local/index.html b/29/wildscribe/subsystem/jca/workmanager/default/statistics/local/index.html
index 1bf8165a9..23605afe0 100644
--- a/29/wildscribe/subsystem/jca/workmanager/default/statistics/local/index.html
+++ b/29/wildscribe/subsystem/jca/workmanager/default/statistics/local/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jdr/index.html b/29/wildscribe/subsystem/jdr/index.html
index 8c9981e58..9f54a3ea6 100644
--- a/29/wildscribe/subsystem/jdr/index.html
+++ b/29/wildscribe/subsystem/jdr/index.html
@@ -1,25 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/fork/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/fork/index.html
index 234be2e46..7306f4bf1 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/fork/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/fork/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/ASYM_ENCRYPT/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/ASYM_ENCRYPT/index.html
index 88419f505..cd6249337 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/ASYM_ENCRYPT/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/ASYM_ENCRYPT/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/index.html
index 5e7af6152..fbeafb65e 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/cipher/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/cipher/index.html
index 8134e0622..64533311c 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/cipher/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/cipher/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/digest/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/digest/index.html
index 2336e8e85..87d7c2052 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/digest/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/digest/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/plain/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/plain/index.html
index 287e487f7..efecd337d 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/plain/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/plain/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/FD_SOCK/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/FD_SOCK/index.html
index b752987e8..792406b8c 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/FD_SOCK/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/FD_SOCK/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/FD_SOCK2/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/FD_SOCK2/index.html
index f1cc7d453..fb245aeff 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/FD_SOCK2/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/FD_SOCK2/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/JDBC_PING/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/JDBC_PING/index.html
index 4a6f1abb5..efaf56edf 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/JDBC_PING/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/JDBC_PING/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/MPING/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/MPING/index.html
index 263b0b89b..e63503512 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/MPING/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/MPING/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/SYM_ENCRYPT/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/SYM_ENCRYPT/index.html
index 455134770..43260f78b 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/SYM_ENCRYPT/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/SYM_ENCRYPT/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/TCPGOSSIP/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/TCPGOSSIP/index.html
index ebb9e4261..340dfa090 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/TCPGOSSIP/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/TCPGOSSIP/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/TCPPING/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/TCPPING/index.html
index 7f8185c9e..85be4d97a 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/TCPPING/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/TCPPING/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.ASYM_ENCRYPT/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.ASYM_ENCRYPT/index.html
index 3bf73c232..1e2d5c475 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.ASYM_ENCRYPT/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.ASYM_ENCRYPT/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.AUTH/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.AUTH/index.html
index 7f5952b46..85e8cdd54 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.AUTH/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.AUTH/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.JDBC_PING/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.JDBC_PING/index.html
index adc91d7fc..ac2ce08ea 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.JDBC_PING/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.JDBC_PING/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.SYM_ENCRYPT/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.SYM_ENCRYPT/index.html
index a4bc0c8e1..d1a4d1b9c 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.SYM_ENCRYPT/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.SYM_ENCRYPT/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.TCPGOSSIP/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.TCPGOSSIP/index.html
index 6e4073a88..deb2a4002 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.TCPGOSSIP/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.TCPGOSSIP/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.TCPPING/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.TCPPING/index.html
index 6284e8046..c0ebd4033 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.TCPPING/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.TCPPING/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/index.html
index 5a5b03ef1..d020db16f 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/FD_ALL3/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/FD_ALL3/index.html
index 11e16fe05..2715e2c96 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/FD_ALL3/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/FD_ALL3/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/FD_SOCK2/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/FD_SOCK2/index.html
index a8d7ad6ab..5cde47f53 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/FD_SOCK2/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/FD_SOCK2/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
after_creation_hook Fully qualified name of a class implementing ProtocolHook, will be called after creation of the protocol (before init())
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
bind_addr The NIC on which the ServerSocket should listen on. The following special values are also recognized: GLOBAL, SITE_LOCAL, LINK_LOCAL and NON_LOOPBACK
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
client_bind_port Start port for client socket. Default value of 0 picks a random port
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
client_state The client state (CONNECTED / DISCONNECTED)
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
cluster The cluster we've joined. Set on joining a cluster, null when unconnected
ergonomics Enables ergonomics: dynamically find the best values for properties at runtime
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
external_addr Use "external_addr" if you have hosts on different networks behind firewalls. On each firewall, set up a port forwarding rule to the local IP (e.g. 192.168.1.100) of the host, then on each host, set the "external_addr" TCP transport attribute to the external (public IP) address of the firewall
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
external_port Used to map the internal port (bind_port) to an external port. Only used if > 0
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
id Give the protocol a different ID if needed so we can have multiple instances of it in the same stack
max_port The highest port the FD_SOCK server can listen on. Needed when wrapping around, looking for ports. See https://issues.redhat.com/browse/JGRP-2560 for details.
min_port The lowest port the FD_SOCK server can listen on. Needed when wrapping around, looking for ports. See https://issues.redhat.com/browse/JGRP-2560 for details
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/FRAG4/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/FRAG4/index.html
index 2967029af..cb0f559fd 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/FRAG4/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/FRAG4/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/MERGE3/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/MERGE3/index.html
index c2131d861..62ce4646d 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/MERGE3/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/MERGE3/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/MFC/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/MFC/index.html
index 816f37085..beeb5c961 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/MFC/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/MFC/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
max_credits Max number of bytes to send per receiver until an ack must be received to proceed
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
min_credits Computed as max_credits x min_theshold unless explicitly set
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
min_threshold The threshold (as a percentage of max_credits) at which a receiver sends more credits to a sender. Example: if max_credits is 1'000'000, and min_threshold 0.25, then we send ca. 250'000 credits to P once we've got only 250'000 credits left for P (we've received 750'000 bytes from P)
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/PING/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/PING/index.html
index 6b377810a..a9dfe8db7 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/PING/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/PING/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (23)
after_creation_hook Fully qualified name of a class implementing ProtocolHook, will be called after creation of the protocol (before init())
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
async_discovery If true then the discovery is done on a separate timer thread. Should be set to true when discovery is blocking and/or takes more than a few milliseconds
max_members_in_discovery_request Max size of the member list shipped with a discovery request. If we have more, the mbrs field in the discovery request header is nulled and members return the entire membership, not individual members
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
max_rank_to_reply The max rank of this member to respond to discovery requests, e.g. if max_rank_to_reply=2 in {A,B,C,D,E}, only A (rank 1) and B (rank 2) will reply. A value <= 0 means everybody will reply. This attribute is ignored if TP.use_ip_addrs is false.
num_discovery_runs The number of times a discovery process is executed when finding initial members (https://issues.redhat.com/browse/JGRP-2317)
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
return_entire_cache Whether or not to return the entire logical-physical address cache mappings on a discovery request, or not.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
send_cache_on_join When a new node joins, and we have a static discovery protocol (TCPPING), then send the contents of the discovery cache to new and existing members if true (and we're the coord). Addresses JGRP-1903
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
sends_can_block True if sending a message can block at the transport level
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
stagger_timeout If greater than 0, we'll wait a random number of milliseconds in range [0..stagger_timeout] before sending a discovery response. This prevents traffic spikes in large clusters when everyone sends their discovery response at the same time
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
stats Determines whether to collect statistics (and expose them via JMX). Default is true
use_disk_cache If a persistent disk cache (PDC) is present, combine the discovery results with the contents of the disk cache before returning the results
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/RED/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/RED/index.html
index 1da7734f3..615829c64 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/RED/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/RED/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (15)
after_creation_hook Fully qualified name of a class implementing ProtocolHook, will be called after creation of the protocol (before init())
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
avg_queue_size The average number of elements in the bundler's queue. Computed as o * (1 - 2^-wf) + c * (2^-wf) where o is the old average, c the current queue size amd wf the weight_factor
Attribute
Value
Type
DOUBLE
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
drop_rate Percentage of all messages that were dropped
weight_factor The weight used to compute the average queue size. The higher the value is, the less the current queue size is taken into account. E.g. with 2, 25% of the current queue size and 75% of the old average is taken to compute the new average. In other words: with a high value, the average will take longer to reflect the current queue size.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/UDP/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/UDP/index.html
index 47136e34d..80f6f77da 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/UDP/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/UDP/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (58)
after_creation_hook Fully qualified name of a class implementing ProtocolHook, will be called after creation of the protocol (before init())
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
avg_batch_size Returns the average batch size of received batches
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
bind_addr The bind address which should be used by this transport. The following special values are also recognized: GLOBAL, SITE_LOCAL, LINK_LOCAL, NON_LOOPBACK, match-interface, match-host, match-address
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
bind_port The port to which the transport binds. Default of 0 binds to any (ephemeral) port. See also port_range
bundler_type The type of bundler used ("ring-buffer", "transfer-queue" (default), "sender-sends" or "no-bundler") or the fully qualified classname of a Bundler implementation
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
cluster_name Name of the cluster to which this transport is connected
disable_loopback If true, disables IP_MULTICAST_LOOP on the MulticastSocket (for sending and receiving of multicast packets). IP multicast packets send on a host P will therefore not be received by anyone on P. Use with caution.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
dropped_messages Number of messages dropped when sending because of insufficient buffer space
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
ergonomics Enables ergonomics: dynamically find the best values for properties at runtime
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
external_addr Use "external_addr" if you have hosts on different networks, behind firewalls. On each firewall, set up a port forwarding rule (sometimes called "virtual server") to the local IP (e.g. 192.168.1.100) of the host then on each host, set "external_addr" TCP transport parameter to the external (public IP) address of the firewall.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
external_port Used to map the internal port (bind_port) to an external port. Only used if > 0
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
id Give the protocol a different ID if needed so we can have multiple instances of it in the same stack
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
ip_mcast Multicast toggle. If false multiple unicast datagrams are sent instead of one multicast. Default is true
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
ip_ttl The time-to-live (TTL) for multicast datagram packets. Default is 8
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
is_trace tracing is enabled or disabled for the given log
logical_addr_cache_expiration Time (in ms) after which entries in the logical address cache marked as removable can be removed. 0 never removes any entries (not recommended)
logical_addr_cache_reaper_interval Interval (in ms) at which the reaper task scans logical_addr_cache and removes entries marked as removable. 0 disables reaping.
loopback_copy Whether or not to make a copy of a message before looping it back up. Don't use this; might get removed without warning
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
loopback_separate_thread Loop back the message on a separate thread or use the current thread. Don't use this; might get removed without warning
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
mcast_addr The multicast address used for sending and receiving packets
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
mcast_port The multicast port used for sending and receiving packets. Default is 7600
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
mcast_receiver_threads Number of multicast receiver threads, all reading from the same MulticastSocket. If de-serialization is slow, increasing the number of receiver threads might yield better performance.
num_threads Returns the number of live threads in the JVM
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
port_range The range of valid ports: [bind_port .. bind_port+port_range ]. 0 only binds to bind_port and fails if taken
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
receive_interfaces Comma delimited list of interfaces (IP addresses or interface names) to receive multicasts on
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
receive_on_all_interfaces If true, the transport should use all available interfaces to receive multicast messages
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
stats Determines whether to collect statistics (and expose them via JMX). Default is true
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
suppress_time_different_cluster_warnings Time during which identical warnings about messages from a member from a different cluster will be suppressed. 0 disables this (every warning will be logged). Setting the log level to ERROR also disables this.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
suppress_time_different_version_warnings Time during which identical warnings about messages from a member with a different version will be suppressed. 0 disables this (every warning will be logged). Setting the log level to ERROR also disables this.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
suppress_time_out_of_buffer_space Suppresses warnings on Mac OS (for now) about not enough buffer space when sending a datagram packet
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
thread_naming_pattern Thread naming pattern for threads in this channel. Valid values are "pcl": "p": includes the thread name, e.g. "Incoming thread-1", "UDP ucast receiver", "c": includes the cluster name, e.g. "MyCluster", "l": includes the local address of the current member, e.g. "192.168.5.1:5678"
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
time_service_interval Interval (in ms) at which the time service updates its timestamp. 0 disables the time service
timer_handle_non_blocking_tasks If enabled, the timer will run non-blocking tasks on its own (runner) thread, and not submit them to the thread pool. Otherwise, all tasks are submitted to the thread pool. This attribute is experimental and may be removed without notice.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
timer_tasks Number of timer tasks queued up for execution
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
timer_threads Number of threads currently in the pool
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
tos Traffic class for sending unicast and multicast datagrams
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
ucast_receiver_threads Number of unicast receiver threads, all reading from the same DatagramSocket. If de-serialization is slow, increasing the number of receiver threads might yield better performance.
use_virtual_threads If true, create virtual threads, otherwise create native threads
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
who_has_cache_timeout Timeout (in ms) to determine how long to wait until a request to fetch the physical address for a given logical address will be sent again. Subsequent requests for the same physical address will therefore be spaced at least who_has_cache_timeout ms apart
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/UFC/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/UFC/index.html
index 56853c4f3..452ca1ce1 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/UFC/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/UFC/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
max_credits Max number of bytes to send per receiver until an ack must be received to proceed
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
min_credits Computed as max_credits x min_theshold unless explicitly set
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
min_threshold The threshold (as a percentage of max_credits) at which a receiver sends more credits to a sender. Example: if max_credits is 1'000'000, and min_threshold 0.25, then we send ca. 250'000 credits to P once we've got only 250'000 credits left for P (we've received 750'000 bytes from P)
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/UNICAST3/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/UNICAST3/index.html
index 57c850f5e..c443fc9c1 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/UNICAST3/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/UNICAST3/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (46)
ack_threshold Send an ack immediately when a batch of ack_threshold (or more) messages is received. Otherwise send delayed acks. If 1, ack single messages (similar to UNICAST)
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
after_creation_hook Fully qualified name of a class implementing ProtocolHook, will be called after creation of the protocol (before init())
conn_close_timeout Time (in ms) until a connection marked to be closed will get removed. 0 disables this
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
conn_expiry_timeout Time (in milliseconds) after which an idle incoming or outgoing connection is closed. The connection will get re-established when used again. 0 disables connection reaping. Note that this creates lingering connection entries, which increases memory over time.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
ergonomics Enables ergonomics: dynamically find the best values for properties at runtime
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
id Give the protocol a different ID if needed so we can have multiple instances of it in the same stack
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
is_trace tracing is enabled or disabled for the given log
log_not_found_msgs If true, trashes warnings about retransmission messages not found in the xmit_table (used for testing)
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
loopback If true, a unicast message to self is looped back up on the same thread. Noter that this may cause problems (e.g. deadlocks) in some applications, so make sure that your code can handle this. Issue: https://issues.redhat.com/browse/JGRP-2547
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
max_batch_size The max size of a message batch when delivering messages. 0 is unbounded
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
max_xmit_req_size Max number of messages to ask for in a retransmit request. 0 disables this and uses the max bundle size in the transport
xmit_table_msgs_per_row Number of elements of a row of the matrix in the retransmission table; gets rounded to the next power of 2 (only for experts). The capacity of the matrix is xmit_table_num_rows * xmit_table_msgs_per_row
xmits_enabled When true, the sender retransmits messages until ack'ed and the receiver asks for missing messages. When false, this is not done, but ack'ing and stale connection testing is still done. https://issues.redhat.com/browse/JGRP-2676
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/VERIFY_SUSPECT2/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/VERIFY_SUSPECT2/index.html
index 9e030efd8..fccf84771 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/VERIFY_SUSPECT2/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/VERIFY_SUSPECT2/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.GMS/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.GMS/index.html
index 167693b15..51b658349 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.GMS/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.GMS/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (35)
after_creation_hook Fully qualified name of a class implementing ProtocolHook, will be called after creation of the protocol (before init())
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
all_clients_retry_timeout Time (in ms) to wait for another discovery round when all discovery responses were clients. A timeout of 0 means don't wait at all.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
coord Whether or not the current instance is the coordinator
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
ergonomics Enables ergonomics: dynamically find the best values for properties at runtime
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
id Give the protocol a different ID if needed so we can have multiple instances of it in the same stack
log_collect_msgs Logs failures for collecting all view acks if true
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
log_view_warnings Logs warnings for reception of views less than the current, and for views which don't include self
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
max_join_attempts Number of join attempts before we give up and become a singleton. 0 means 'never give up'
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
max_leave_attempts Number of times a LEAVE request is sent to the coordinator (without receiving a LEAVE response, before giving up and leaving anyway (failure detection will eventually exclude the left member). A value of 0 means wait forever
use_delta_views If true, then GMS is allowed to send VIEW messages with delta views, otherwise it always sends full views. See https://issues.redhat.com/browse/JGRP-1354 for details.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.NAKACK2/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.NAKACK2/index.html
index 3f542ca95..e1b197d01 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.NAKACK2/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.NAKACK2/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (47)
after_creation_hook Fully qualified name of a class implementing ProtocolHook, will be called after creation of the protocol (before init())
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
become_server_queue_size Size of the queue to hold messages received after creating the channel, but before being connected (is_server=false). After becoming the server, the messages in the queue are fed into up() and the queue is cleared. The motivation is to avoid retransmissions (see https://issues.redhat.com/browse/JGRP-1509 for details).
resend_last_seqno If enabled, multicasts the highest sent seqno every xmit_interval ms. This is skipped if a regular message has been multicast, and the task aquiesces if the highest sent seqno hasn't changed for resend_last_seqno_max_times times. Used to speed up retransmission of dropped last messages (JGRP-1904)
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
resend_last_seqno_max_times Max number of times the last seqno is resent before acquiescing if last seqno isn't incremented
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
resend_task_running Whether or not the task to resend the last seqno is running (depends on resend_last_seqno)
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
sends_can_block True if sending a message can block at the transport level
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
size_of_all_messages Returns the number of bytes of all messages in all retransmit buffers. To compute the size, Message.getLength() is used
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
size_of_all_messages_incl_headers Returns the number of bytes of all messages in all retransmit buffers. To compute the size, Message.size() is used
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
stats Determines whether to collect statistics (and expose them via JMX). Default is true
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
suppress_time_non_member_warnings Time during which identical warnings about messages from a non member will be suppressed. 0 disables this (every warning will be logged). Setting the log level to ERROR also disables this.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
use_mcast_xmit Retransmit retransmit responses (messages) using multicast rather than unicast
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
use_mcast_xmit_req Use a multicast to request retransmission of missing messages
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
xmit_from_random_member Ask a random member for retransmission of a missing message. Default is false
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
xmit_interval Interval (in milliseconds) at which missing messages (from all retransmit buffers) are retransmitted. 0 turns retransmission off
xmit_table_msgs_per_row Number of elements of a row of the matrix in the retransmission table; gets rounded to the next power of 2 (only for experts). The capacity of the matrix is xmit_table_num_rows * xmit_table_msgs_per_row
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.STABLE/index.html b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.STABLE/index.html
index 14a084107..4dd638513 100644
--- a/29/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.STABLE/index.html
+++ b/29/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.STABLE/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/index.html b/29/wildscribe/subsystem/jgroups/index.html
index 6bd86205e..6aec2d483 100644
--- a/29/wildscribe/subsystem/jgroups/index.html
+++ b/29/wildscribe/subsystem/jgroups/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/index.html b/29/wildscribe/subsystem/jgroups/stack/index.html
index b57f701dc..29b5ddfe0 100644
--- a/29/wildscribe/subsystem/jgroups/stack/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/protocol/ASYM_ENCRYPT/index.html b/29/wildscribe/subsystem/jgroups/stack/protocol/ASYM_ENCRYPT/index.html
index 398467393..e919a2ac5 100644
--- a/29/wildscribe/subsystem/jgroups/stack/protocol/ASYM_ENCRYPT/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/protocol/ASYM_ENCRYPT/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/protocol/AUTH/index.html b/29/wildscribe/subsystem/jgroups/stack/protocol/AUTH/index.html
index 846338a28..3d1f00824 100644
--- a/29/wildscribe/subsystem/jgroups/stack/protocol/AUTH/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/protocol/AUTH/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/cipher/index.html b/29/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/cipher/index.html
index c72146678..f02a47093 100644
--- a/29/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/cipher/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/cipher/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/digest/index.html b/29/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/digest/index.html
index d7e894f6d..59381ef36 100644
--- a/29/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/digest/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/digest/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/plain/index.html b/29/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/plain/index.html
index e57c83821..ecaaf58c9 100644
--- a/29/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/plain/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/plain/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/protocol/FD_SOCK/index.html b/29/wildscribe/subsystem/jgroups/stack/protocol/FD_SOCK/index.html
index fabfe1b43..b4bfab457 100644
--- a/29/wildscribe/subsystem/jgroups/stack/protocol/FD_SOCK/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/protocol/FD_SOCK/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/protocol/FD_SOCK2/index.html b/29/wildscribe/subsystem/jgroups/stack/protocol/FD_SOCK2/index.html
index 2d09c9473..cd5a2a3cd 100644
--- a/29/wildscribe/subsystem/jgroups/stack/protocol/FD_SOCK2/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/protocol/FD_SOCK2/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/protocol/JDBC_PING/index.html b/29/wildscribe/subsystem/jgroups/stack/protocol/JDBC_PING/index.html
index 8f73777db..f2d1b74a4 100644
--- a/29/wildscribe/subsystem/jgroups/stack/protocol/JDBC_PING/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/protocol/JDBC_PING/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/protocol/MPING/index.html b/29/wildscribe/subsystem/jgroups/stack/protocol/MPING/index.html
index 22e0c51a6..fb6ba63aa 100644
--- a/29/wildscribe/subsystem/jgroups/stack/protocol/MPING/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/protocol/MPING/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/protocol/SYM_ENCRYPT/index.html b/29/wildscribe/subsystem/jgroups/stack/protocol/SYM_ENCRYPT/index.html
index dfbcd624b..f8f5972ed 100644
--- a/29/wildscribe/subsystem/jgroups/stack/protocol/SYM_ENCRYPT/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/protocol/SYM_ENCRYPT/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/protocol/TCPGOSSIP/index.html b/29/wildscribe/subsystem/jgroups/stack/protocol/TCPGOSSIP/index.html
index e1187354c..92a6edb47 100644
--- a/29/wildscribe/subsystem/jgroups/stack/protocol/TCPGOSSIP/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/protocol/TCPGOSSIP/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/protocol/TCPPING/index.html b/29/wildscribe/subsystem/jgroups/stack/protocol/TCPPING/index.html
index 5724579db..1249f1d49 100644
--- a/29/wildscribe/subsystem/jgroups/stack/protocol/TCPPING/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/protocol/TCPPING/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.ASYM_ENCRYPT/index.html b/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.ASYM_ENCRYPT/index.html
index 5ca7b82b4..62c61798e 100644
--- a/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.ASYM_ENCRYPT/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.ASYM_ENCRYPT/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.AUTH/index.html b/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.AUTH/index.html
index 9e41c009d..a1c6558a3 100644
--- a/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.AUTH/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.AUTH/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.JDBC_PING/index.html b/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.JDBC_PING/index.html
index 1678f668d..8e22d1d90 100644
--- a/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.JDBC_PING/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.JDBC_PING/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.SYM_ENCRYPT/index.html b/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.SYM_ENCRYPT/index.html
index ac8d0d307..bb45e18f6 100644
--- a/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.SYM_ENCRYPT/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.SYM_ENCRYPT/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.TCPGOSSIP/index.html b/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.TCPGOSSIP/index.html
index c78c07af0..93184b8b5 100644
--- a/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.TCPGOSSIP/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.TCPGOSSIP/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.TCPPING/index.html b/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.TCPPING/index.html
index ce0e6745a..3606ffffe 100644
--- a/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.TCPPING/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.TCPPING/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/relay/relay.RELAY2/index.html b/29/wildscribe/subsystem/jgroups/stack/relay/relay.RELAY2/index.html
index b721e1674..91b015d8e 100644
--- a/29/wildscribe/subsystem/jgroups/stack/relay/relay.RELAY2/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/relay/relay.RELAY2/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/relay/relay.RELAY2/remote-site/index.html b/29/wildscribe/subsystem/jgroups/stack/relay/relay.RELAY2/remote-site/index.html
index 76a32dfac..1795aa45e 100644
--- a/29/wildscribe/subsystem/jgroups/stack/relay/relay.RELAY2/remote-site/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/relay/relay.RELAY2/remote-site/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/transport/TCP/index.html b/29/wildscribe/subsystem/jgroups/stack/transport/TCP/index.html
index a366e5a90..7c7d1f956 100644
--- a/29/wildscribe/subsystem/jgroups/stack/transport/TCP/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/transport/TCP/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
diagnostics-socket-binding The diagnostics socket binding specification for this protocol layer, used to specify IP interfaces and ports for communication.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/transport/TCP/thread-pool/default/index.html b/29/wildscribe/subsystem/jgroups/stack/transport/TCP/thread-pool/default/index.html
index 9a15c3259..57b0a2b12 100644
--- a/29/wildscribe/subsystem/jgroups/stack/transport/TCP/thread-pool/default/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/transport/TCP/thread-pool/default/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
keepalive-time Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
min-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
max-threads
INT
false
true
200
The maximum thread pool size.
keepalive-time
LONG
false
true
60000
Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/transport/TCP_NIO2/index.html b/29/wildscribe/subsystem/jgroups/stack/transport/TCP_NIO2/index.html
index 52b2f4b4d..9e3ed708f 100644
--- a/29/wildscribe/subsystem/jgroups/stack/transport/TCP_NIO2/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/transport/TCP_NIO2/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
diagnostics-socket-binding The diagnostics socket binding specification for this protocol layer, used to specify IP interfaces and ports for communication.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/transport/TCP_NIO2/thread-pool/default/index.html b/29/wildscribe/subsystem/jgroups/stack/transport/TCP_NIO2/thread-pool/default/index.html
index 6d23c025b..9db583b2e 100644
--- a/29/wildscribe/subsystem/jgroups/stack/transport/TCP_NIO2/thread-pool/default/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/transport/TCP_NIO2/thread-pool/default/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
keepalive-time Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
min-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
max-threads
INT
false
true
200
The maximum thread pool size.
keepalive-time
LONG
false
true
60000
Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/transport/UDP/index.html b/29/wildscribe/subsystem/jgroups/stack/transport/UDP/index.html
index 97f8b68f2..20f97e1cb 100644
--- a/29/wildscribe/subsystem/jgroups/stack/transport/UDP/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/transport/UDP/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
diagnostics-socket-binding The diagnostics socket binding specification for this protocol layer, used to specify IP interfaces and ports for communication.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jgroups/stack/transport/UDP/thread-pool/default/index.html b/29/wildscribe/subsystem/jgroups/stack/transport/UDP/thread-pool/default/index.html
index e838c82c7..398f7e07e 100644
--- a/29/wildscribe/subsystem/jgroups/stack/transport/UDP/thread-pool/default/index.html
+++ b/29/wildscribe/subsystem/jgroups/stack/transport/UDP/thread-pool/default/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
keepalive-time Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
min-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
max-threads
INT
false
true
200
The maximum thread pool size.
keepalive-time
LONG
false
true
60000
Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jmx/configuration/audit-log/handler/index.html b/29/wildscribe/subsystem/jmx/configuration/audit-log/handler/index.html
index aac44d51e..79b38e09d 100644
--- a/29/wildscribe/subsystem/jmx/configuration/audit-log/handler/index.html
+++ b/29/wildscribe/subsystem/jmx/configuration/audit-log/handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jmx/configuration/audit-log/index.html b/29/wildscribe/subsystem/jmx/configuration/audit-log/index.html
index 38ccfde4a..b9ccc4d86 100644
--- a/29/wildscribe/subsystem/jmx/configuration/audit-log/index.html
+++ b/29/wildscribe/subsystem/jmx/configuration/audit-log/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jmx/expose-model/expression/index.html b/29/wildscribe/subsystem/jmx/expose-model/expression/index.html
index 28f66daae..129b0c215 100644
--- a/29/wildscribe/subsystem/jmx/expose-model/expression/index.html
+++ b/29/wildscribe/subsystem/jmx/expose-model/expression/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The configuration for exposing the 'expression' model controller in the MBeanServer. This facade will expose all simple attributes and operation parameters as String. Reads return the unresolved expression. You may use expressions when writing attributes and setting operation parameters.
Attributes (1)
domain-name The domain name to use for the 'expression' model controller JMX facade in the MBeanServer.
Attribute
Value
Default Value
jboss.as.expr
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Adds the 'expression' model controller JMX facade to the MBeanServer.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
domain-name
STRING
false
true
jboss.as.expr
The domain name to use for the 'expression' model controller JMX facade in the MBeanServer.
remove Removes the 'expression' model controller JMX facade from the MBeanServer.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jmx/expose-model/resolved/index.html b/29/wildscribe/subsystem/jmx/expose-model/resolved/index.html
index e0bae6b32..25c3ab206 100644
--- a/29/wildscribe/subsystem/jmx/expose-model/resolved/index.html
+++ b/29/wildscribe/subsystem/jmx/expose-model/resolved/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The configuration for exposing the 'resolved' model controller in the MBeanServer. This facade will expose all simple attributes and operation parameters as their type in the underlying model. Reads return the resolved expression if used, or the raw value. You may not use expressions when writing attributes and setting operation parameters.
Attributes (2)
domain-name The domain name to use for the 'resolved' model controller JMX facade in the MBeanServer.
Attribute
Value
Default Value
jboss.as
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
proper-property-format If false, PROPERTY type attributes are represented as a DMR string, this is the legacy behaviour. If true, PROPERTY type attributes are represented by a composite type where the key is a string, and the value has the same type as the property in the underlying model.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Adds the 'resolved' model controller JMX facade to the MBeanServer.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
domain-name
STRING
false
true
jboss.as
The domain name to use for the 'resolved' model controller JMX facade in the MBeanServer.
proper-property-format
BOOLEAN
false
true
true
If false, PROPERTY type attributes are represented as a DMR string, this is the legacy behaviour. If true, PROPERTY type attributes are represented by a composite type where the key is a string, and the value has the same type as the property in the underlying model.
remove Removes the 'resolved' model controller JMX facade from the MBeanServer.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jmx/index.html b/29/wildscribe/subsystem/jmx/index.html
index 0a31af0f7..fbf7c3d97 100644
--- a/29/wildscribe/subsystem/jmx/index.html
+++ b/29/wildscribe/subsystem/jmx/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
configuration Configuration of the JMX audit logger.
audit-log The management audit logging top-level resource.
expose-model Expose the model controller in the MBeanServer. The recommended is the 'expression' child.
expression The configuration for exposing the 'expression' model controller in the MBeanServer. This facade will expose all simple attributes and operation parameters as String. Reads return the unresolved expression. You may use expressions when writing attributes and setting operation parameters.
resolved The configuration for exposing the 'resolved' model controller in the MBeanServer. This facade will expose all simple attributes and operation parameters as their type in the underlying model. Reads return the resolved expression if used, or the raw value. You may not use expressions when writing attributes and setting operation parameters.
remoting-connector JBoss remoting connectors for the JMX subsystem.
jmx A JBoss remoting connector for the JMX subsystem.
non-core-mbean-sensitivity Whether or not core MBeans, i.e. mbeans not coming from the model controller, should be considered sensitive.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
show-model Alias for the existence of the 'resolved' model controller jmx facade. When writing, if set to 'true' it will add the 'resolved' model controller jmx facade resource with the default domain name.
Deprecated Since 7.0.0
The show-model configuration is deprecated and may be removed or moved in future versions.
Whether or not core MBeans, i.e. mbeans not coming from the model controller, should be considered sensitive.
show-model
BOOLEAN
false
false
Alias for the existence of the 'resolved' model controller jmx facade. When writing, if set to 'true' it will add the 'resolved' model controller jmx facade resource with the default domain name.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jmx/remoting-connector/jmx/index.html b/29/wildscribe/subsystem/jmx/remoting-connector/jmx/index.html
index 1de1823d9..2d7ca1430 100644
--- a/29/wildscribe/subsystem/jmx/remoting-connector/jmx/index.html
+++ b/29/wildscribe/subsystem/jmx/remoting-connector/jmx/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jpa/index.html b/29/wildscribe/subsystem/jpa/index.html
index fab5dc15a..1dbfb627d 100644
--- a/29/wildscribe/subsystem/jpa/index.html
+++ b/29/wildscribe/subsystem/jpa/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
default-extended-persistence-inheritance Controls how Jakarta Persistence extended persistence context (XPC) inheritance is performed. 'DEEP' shares the extended persistence context at top bean level. 'SHALLOW' the extended persistece context is only shared with the parent bean (never with sibling beans).
Controls how Jakarta Persistence extended persistence context (XPC) inheritance is performed. 'DEEP' shares the extended persistence context at top bean level. 'SHALLOW' the extended persistece context is only shared with the parent bean (never with sibling beans).
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/jsf/index.html b/29/wildscribe/subsystem/jsf/index.html
index 533f1e620..38b0a185e 100644
--- a/29/wildscribe/subsystem/jsf/index.html
+++ b/29/wildscribe/subsystem/jsf/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
disallow-doctype-decl Specifies whether or not DOCTYPE declarations in Jakarta Server Faces deployments should be disallowed. This setting can be overridden at the deployment level.
Specifies whether or not DOCTYPE declarations in Jakarta Server Faces deployments should be disallowed. This setting can be overridden at the deployment level.
list-active-jsf-impls List the Jakarta Server Faces implementation slots installed on the installation being queried. Note that in a managed domain, reading this information from different hosts can result in different results, since different hosts can have different modules installed.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/async-handler/index.html b/29/wildscribe/subsystem/logging/async-handler/index.html
index 790e0f9eb..aecbedc3a 100644
--- a/29/wildscribe/subsystem/logging/async-handler/index.html
+++ b/29/wildscribe/subsystem/logging/async-handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/console-handler/index.html b/29/wildscribe/subsystem/logging/console-handler/index.html
index df2d25472..36faca8bc 100644
--- a/29/wildscribe/subsystem/logging/console-handler/index.html
+++ b/29/wildscribe/subsystem/logging/console-handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/custom-formatter/index.html b/29/wildscribe/subsystem/logging/custom-formatter/index.html
index 9b595390b..c111d9472 100644
--- a/29/wildscribe/subsystem/logging/custom-formatter/index.html
+++ b/29/wildscribe/subsystem/logging/custom-formatter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A custom formatter to be used with handlers. Note that most log records are formatted in the printf format. Formatters may require invocation of the org.jboss.logmanager.ExtLogRecord#getFormattedMessage() for the message to be properly formatted.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/custom-handler/index.html b/29/wildscribe/subsystem/logging/custom-handler/index.html
index 2070d2508..8763bdc44 100644
--- a/29/wildscribe/subsystem/logging/custom-handler/index.html
+++ b/29/wildscribe/subsystem/logging/custom-handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/file-handler/index.html b/29/wildscribe/subsystem/logging/file-handler/index.html
index 98ff82aa8..6e26adfca 100644
--- a/29/wildscribe/subsystem/logging/file-handler/index.html
+++ b/29/wildscribe/subsystem/logging/file-handler/index.html
@@ -1,45 +1,11 @@
- WildFly Full 29 Model Reference
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/filter/index.html b/29/wildscribe/subsystem/logging/filter/index.html
index ffb457772..e65a8aac6 100644
--- a/29/wildscribe/subsystem/logging/filter/index.html
+++ b/29/wildscribe/subsystem/logging/filter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A filter to be used with handlers and loggers. Please note the name of the filter should start with an alpha character and not contain any special characters. The following names are considered reserved names; accept, deny, not, all, any, levelChange, levels, levelRange, match, substitute, substituteAll.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/index.html b/29/wildscribe/subsystem/logging/index.html
index 7cc5a12be..487751e27 100644
--- a/29/wildscribe/subsystem/logging/index.html
+++ b/29/wildscribe/subsystem/logging/index.html
@@ -1,27 +1,11 @@
- WildFly Full 29 Model Reference
async-handler It defines a handler which writes to the sub-handlers in an asynchronous thread, used for handlers which introduce a substantial amount of lag.
console-handler Defines a handler which writes to the console.
custom-formatter A custom formatter to be used with handlers. Note that most log records are formatted in the printf format. Formatters may require invocation of the org.jboss.logmanager.ExtLogRecord#getFormattedMessage() for the message to be properly formatted.
custom-handler Defines a custom logging handler. The custom handler must extend java.util.logging.Handler.
file-handler Defines a handler which writes to a file.
filter A filter to be used with handlers and loggers. Please note the name of the filter should start with an alpha character and not contain any special characters. The following names are considered reserved names; accept, deny, not, all, any, levelChange, levels, levelRange, match, substitute, substituteAll.
json-formatter A formatter that formats log messages in JSON.
periodic-rotating-file-handler It defines a handler which writes to a file, rotating the log after a time period derived from the given suffix string, which should be in a format understood by java.text.SimpleDateFormat.
periodic-size-rotating-file-handler It defines a handler which writes to a file, rotating the log after a time period derived from the given suffix string or after the size of the file grows beyond a certain point and keeping a fixed number of backups. The suffix should be in a format understood by the java.text.SimpleDateFormat. Any backups rotated by the suffix will not be purged during a size rotation.
root-logger Defines the root logger for this log context.
ROOT Defines the root logger for this log context.
size-rotating-file-handler Defines a handler which writes to a file, rotating the log after the size of the file grows beyond a certain point and keeping a fixed number of backups.
socket-handler It defines a handler which writes to a socket. Note that a socket-handler will queue messages during the boot process. These messages will be drained to the socket once the resource is fully configured. If the server is in an admin-only state, messages will be discarded.
xml-formatter A formatter that formats log messages in XML.
Attributes (2)
add-logging-api-dependencies Indicates whether or not logging API dependencies should be added to deployments during the deployment process. A value of true will add the dependencies to the deployment. A value of false will skip the deployment from being processed for logging API dependencies.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-deployment-logging-config Indicates whether or not deployments should use a logging configuration file found in the deployment to configure the log manager. If set to true and a logging configuration file is found in the deployment's META-INF or WEB-INF/classes directory, then a log manager will be configured with those settings. If set to false, the server's logging configuration will be used regardless of any logging configuration files supplied in the deployment.
Indicates whether or not logging API dependencies should be added to deployments during the deployment process. A value of true will add the dependencies to the deployment. A value of false will skip the deployment from being processed for logging API dependencies.
use-deployment-logging-config
BOOLEAN
false
true
true
Indicates whether or not deployments should use a logging configuration file found in the deployment to configure the log manager. If set to true and a logging configuration file is found in the deployment's META-INF or WEB-INF/classes directory, then a log manager will be configured with those settings. If set to false, the server's logging configuration will be used regardless of any logging configuration files supplied in the deployment.
list-log-files Lists the log files in the jboss.server.log.dir directory that are defined on a file-handler, periodic-rotating-file-handler or size-rotating-file-handler.
Deprecated Since 3.0.0
Use the log-file resource to see the available log files.
Reply properties
type
LIST
Value Type
{
- "file-name" => {
- "type" => STRING,
- "description" => "The name of the file.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "file-size" => {
- "type" => LONG,
- "description" => "The size of the log file in bytes.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false
- },
- "last-modified-date" => {
- "type" => STRING,
- "description" => "The date the file was last modified.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- }
-}
read-log-file Reads the contents of a log file. The file must be in the jboss.server.log.dir and must be defined as a file-handler, periodic-rotating-file-handler or size-rotating-file-handler.
Deprecated Since 3.0.0
Use the log-file resource to read the log file.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
name
STRING
true
true
The name of the log file to read. This file must exist in the jboss.server.log.dir.
encoding
STRING
false
true
The character encoding used to read the file.
lines
INT
false
true
10
The number of lines to read from the file. A value of -1 will read all log lines.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/json-formatter/index.html b/29/wildscribe/subsystem/logging/json-formatter/index.html
index 8f3994444..c5832c520 100644
--- a/29/wildscribe/subsystem/logging/json-formatter/index.html
+++ b/29/wildscribe/subsystem/logging/json-formatter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
date-format The date/time format pattern. The pattern must be a valid java.time.format.DateTimeFormatter.ofPattern() pattern. The default pattern is an ISO-8601 extended offset date-time format.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
exception-output-type Indicates how the cause of the logged message, if one is available, will be added to the JSON output.
Attribute
Value
Default Value
detailed
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
detailed formatted detailed-and-formatted
key-overrides Allows the names of the keys for the JSON properties to be overridden.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
resource-services
meta-data Sets the meta data to use in the JSON format. Properties will be added to each log message.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
pretty-print Indicates whether or not pretty printing should be used when formatting.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
print-details Sets whether or not details should be printed. Printing the details can be expensive as the values are retrieved from the caller. The details include the source class name, source file name, source method name, source module name, source module version and source line number.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
record-delimiter The value to be used to indicate the end of a record. If set to null no delimiter will be used at the end of the record. The default value is a line feed.
Attribute
Value
Default Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
zone-id The zone ID for formatting the date and time. The system default is used if left undefined.
The date/time format pattern. The pattern must be a valid java.time.format.DateTimeFormatter.ofPattern() pattern. The default pattern is an ISO-8601 extended offset date-time format.
exception-output-type
STRING
false
true
detailed
Indicates how the cause of the logged message, if one is available, will be added to the JSON output.
key-overrides
OBJECT
false
false
Allows the names of the keys for the JSON properties to be overridden.
meta-data
OBJECT
false
false
Sets the meta data to use in the JSON format. Properties will be added to each log message.
pretty-print
BOOLEAN
false
true
false
Indicates whether or not pretty printing should be used when formatting.
print-details
BOOLEAN
false
true
false
Sets whether or not details should be printed. Printing the details can be expensive as the values are retrieved from the caller. The details include the source class name, source file name, source method name, source module name, source module version and source line number.
record-delimiter
STRING
false
true
The value to be used to indicate the end of a record. If set to null no delimiter will be used at the end of the record. The default value is a line feed.
zone-id
STRING
false
true
The zone ID for formatting the date and time. The system default is used if left undefined.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/log-file/index.html b/29/wildscribe/subsystem/logging/log-file/index.html
index d8b47b8aa..b7a322faa 100644
--- a/29/wildscribe/subsystem/logging/log-file/index.html
+++ b/29/wildscribe/subsystem/logging/log-file/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
stream Provides the server log as a response attachment. The response result value is the unique id of the attachment.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (1)
read-log-file Reads the contents of a log file. The file must be in the jboss.server.log.dir and must be defined as a file-handler, periodic-rotating-file-handler or size-rotating-file-handler.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
encoding
STRING
false
true
The character encoding used to read the file.
lines
INT
false
true
10
The number of lines to read from the file. A value of -1 will read all log lines.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/logger/index.html b/29/wildscribe/subsystem/logging/logger/index.html
index 89e2946a7..539388055 100644
--- a/29/wildscribe/subsystem/logging/logger/index.html
+++ b/29/wildscribe/subsystem/logging/logger/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/logging-profile/async-handler/index.html b/29/wildscribe/subsystem/logging/logging-profile/async-handler/index.html
index e41448a70..3236bc865 100644
--- a/29/wildscribe/subsystem/logging/logging-profile/async-handler/index.html
+++ b/29/wildscribe/subsystem/logging/logging-profile/async-handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/logging-profile/console-handler/index.html b/29/wildscribe/subsystem/logging/logging-profile/console-handler/index.html
index 431688385..7051290e4 100644
--- a/29/wildscribe/subsystem/logging/logging-profile/console-handler/index.html
+++ b/29/wildscribe/subsystem/logging/logging-profile/console-handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/logging-profile/custom-formatter/index.html b/29/wildscribe/subsystem/logging/logging-profile/custom-formatter/index.html
index 21b306172..ed132a67a 100644
--- a/29/wildscribe/subsystem/logging/logging-profile/custom-formatter/index.html
+++ b/29/wildscribe/subsystem/logging/logging-profile/custom-formatter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A custom formatter to be used with handlers. Note that most log records are formatted in the printf format. Formatters may require invocation of the org.jboss.logmanager.ExtLogRecord#getFormattedMessage() for the message to be properly formatted.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/logging-profile/custom-handler/index.html b/29/wildscribe/subsystem/logging/logging-profile/custom-handler/index.html
index f397c8357..35e98db86 100644
--- a/29/wildscribe/subsystem/logging/logging-profile/custom-handler/index.html
+++ b/29/wildscribe/subsystem/logging/logging-profile/custom-handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/logging-profile/file-handler/index.html b/29/wildscribe/subsystem/logging/logging-profile/file-handler/index.html
index 377f81b70..83595a7f2 100644
--- a/29/wildscribe/subsystem/logging/logging-profile/file-handler/index.html
+++ b/29/wildscribe/subsystem/logging/logging-profile/file-handler/index.html
@@ -1,45 +1,11 @@
- WildFly Full 29 Model Reference
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/logging-profile/filter/index.html b/29/wildscribe/subsystem/logging/logging-profile/filter/index.html
index be406cc97..02698cbb3 100644
--- a/29/wildscribe/subsystem/logging/logging-profile/filter/index.html
+++ b/29/wildscribe/subsystem/logging/logging-profile/filter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A filter to be used with handlers and loggers. Please note the name of the filter should start with an alpha character and not contain any special characters. The following names are considered reserved names; accept, deny, not, all, any, levelChange, levels, levelRange, match, substitute, substituteAll.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/logging-profile/index.html b/29/wildscribe/subsystem/logging/logging-profile/index.html
index 4621d707b..f6d8c7d24 100644
--- a/29/wildscribe/subsystem/logging/logging-profile/index.html
+++ b/29/wildscribe/subsystem/logging/logging-profile/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
async-handler It defines a handler which writes to the sub-handlers in an asynchronous thread, used for handlers which introduce a substantial amount of lag.
console-handler Defines a handler which writes to the console.
custom-formatter A custom formatter to be used with handlers. Note that most log records are formatted in the printf format. Formatters may require invocation of the org.jboss.logmanager.ExtLogRecord#getFormattedMessage() for the message to be properly formatted.
custom-handler Defines a custom logging handler. The custom handler must extend java.util.logging.Handler.
file-handler Defines a handler which writes to a file.
filter A filter to be used with handlers and loggers. Please note the name of the filter should start with an alpha character and not contain any special characters. The following names are considered reserved names; accept, deny, not, all, any, levelChange, levels, levelRange, match, substitute, substituteAll.
json-formatter A formatter that formats log messages in JSON.
periodic-rotating-file-handler It defines a handler which writes to a file, rotating the log after a time period derived from the given suffix string, which should be in a format understood by java.text.SimpleDateFormat.
periodic-size-rotating-file-handler It defines a handler which writes to a file, rotating the log after a time period derived from the given suffix string or after the size of the file grows beyond a certain point and keeping a fixed number of backups. The suffix should be in a format understood by the java.text.SimpleDateFormat. Any backups rotated by the suffix will not be purged during a size rotation.
root-logger Defines the root logger for this log context.
ROOT Defines the root logger for this log context.
size-rotating-file-handler Defines a handler which writes to a file, rotating the log after the size of the file grows beyond a certain point and keeping a fixed number of backups.
socket-handler It defines a handler which writes to a socket. Note that a socket-handler will queue messages during the boot process. These messages will be drained to the socket once the resource is fully configured. If the server is in an admin-only state, messages will be discarded.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/logging-profile/json-formatter/index.html b/29/wildscribe/subsystem/logging/logging-profile/json-formatter/index.html
index c80b8e4b2..2931792af 100644
--- a/29/wildscribe/subsystem/logging/logging-profile/json-formatter/index.html
+++ b/29/wildscribe/subsystem/logging/logging-profile/json-formatter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
date-format The date/time format pattern. The pattern must be a valid java.time.format.DateTimeFormatter.ofPattern() pattern. The default pattern is an ISO-8601 extended offset date-time format.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
exception-output-type Indicates how the cause of the logged message, if one is available, will be added to the JSON output.
Attribute
Value
Default Value
detailed
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
detailed formatted detailed-and-formatted
key-overrides Allows the names of the keys for the JSON properties to be overridden.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
resource-services
meta-data Sets the meta data to use in the JSON format. Properties will be added to each log message.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
pretty-print Indicates whether or not pretty printing should be used when formatting.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
print-details Sets whether or not details should be printed. Printing the details can be expensive as the values are retrieved from the caller. The details include the source class name, source file name, source method name, source module name, source module version and source line number.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
record-delimiter The value to be used to indicate the end of a record. If set to null no delimiter will be used at the end of the record. The default value is a line feed.
Attribute
Value
Default Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
zone-id The zone ID for formatting the date and time. The system default is used if left undefined.
The date/time format pattern. The pattern must be a valid java.time.format.DateTimeFormatter.ofPattern() pattern. The default pattern is an ISO-8601 extended offset date-time format.
exception-output-type
STRING
false
true
detailed
Indicates how the cause of the logged message, if one is available, will be added to the JSON output.
key-overrides
OBJECT
false
false
Allows the names of the keys for the JSON properties to be overridden.
meta-data
OBJECT
false
false
Sets the meta data to use in the JSON format. Properties will be added to each log message.
pretty-print
BOOLEAN
false
true
false
Indicates whether or not pretty printing should be used when formatting.
print-details
BOOLEAN
false
true
false
Sets whether or not details should be printed. Printing the details can be expensive as the values are retrieved from the caller. The details include the source class name, source file name, source method name, source module name, source module version and source line number.
record-delimiter
STRING
false
true
The value to be used to indicate the end of a record. If set to null no delimiter will be used at the end of the record. The default value is a line feed.
zone-id
STRING
false
true
The zone ID for formatting the date and time. The system default is used if left undefined.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/logging-profile/log-file/index.html b/29/wildscribe/subsystem/logging/logging-profile/log-file/index.html
index 001e64380..a9e7b2152 100644
--- a/29/wildscribe/subsystem/logging/logging-profile/log-file/index.html
+++ b/29/wildscribe/subsystem/logging/logging-profile/log-file/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
stream Provides the server log as a response attachment. The response result value is the unique id of the attachment.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (1)
read-log-file Reads the contents of a log file. The file must be in the jboss.server.log.dir and must be defined as a file-handler, periodic-rotating-file-handler or size-rotating-file-handler.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
encoding
STRING
false
true
The character encoding used to read the file.
lines
INT
false
true
10
The number of lines to read from the file. A value of -1 will read all log lines.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/logging-profile/logger/index.html b/29/wildscribe/subsystem/logging/logging-profile/logger/index.html
index 3c0f6bd93..a41826edc 100644
--- a/29/wildscribe/subsystem/logging/logging-profile/logger/index.html
+++ b/29/wildscribe/subsystem/logging/logging-profile/logger/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/logging-profile/pattern-formatter/index.html b/29/wildscribe/subsystem/logging/logging-profile/pattern-formatter/index.html
index c358a5c20..478c7553d 100644
--- a/29/wildscribe/subsystem/logging/logging-profile/pattern-formatter/index.html
+++ b/29/wildscribe/subsystem/logging/logging-profile/pattern-formatter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
color-map The color-map attribute allows for a comma delimited list of colors to be used for different levels with a pattern formatter. The format for the color mapping pattern is level-name:color-name.Valid Levels; severe, fatal, error, warn, warning, info, debug, trace, config, fine, finer, finest Valid Colors; black, green, red, yellow, blue, magenta, cyan, white, brightblack, brightred, brightgreen, brightblue, brightyellow, brightmagenta, brightcyan, brightwhite
The color-map attribute allows for a comma delimited list of colors to be used for different levels with a pattern formatter. The format for the color mapping pattern is level-name:color-name.Valid Levels; severe, fatal, error, warn, warning, info, debug, trace, config, fine, finer, finest Valid Colors; black, green, red, yellow, blue, magenta, cyan, white, brightblack, brightred, brightgreen, brightblue, brightyellow, brightmagenta, brightcyan, brightwhite
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/logging-profile/periodic-rotating-file-handler/index.html b/29/wildscribe/subsystem/logging/logging-profile/periodic-rotating-file-handler/index.html
index b43b8de0b..9df5630dd 100644
--- a/29/wildscribe/subsystem/logging/logging-profile/periodic-rotating-file-handler/index.html
+++ b/29/wildscribe/subsystem/logging/logging-profile/periodic-rotating-file-handler/index.html
@@ -1,45 +1,11 @@
- WildFly Full 29 Model Reference
It defines a handler which writes to a file, rotating the log after a time period derived from the given suffix string, which should be in a format understood by java.text.SimpleDateFormat.
suffix Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
level
STRING
false
true
ALL
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
name
STRING
false
false
The name of the handler.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
suffix
STRING
true
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
Use the write-attribute for the enabled attribute.
path-info Obtain the informations for a filesystem path.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
unit
STRING
false
false
BYTES
Disk space unit to display disk usage.
Reply properties
Filesystem path for which to obtain disk usage.
type
OBJECT
Value Type
{
- "used-space" => {
- "type" => DOUBLE,
- "description" => "The total size of the contents of a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "unit" => "BYTES"
- },
- "creation-time" => {
- "type" => STRING,
- "description" => "The creation time of a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "last-modified" => {
- "type" => STRING,
- "description" => "The last modified time of a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "resolved-path" => {
- "type" => STRING,
- "description" => "The resolved filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "available-space" => {
- "type" => DOUBLE,
- "description" => "The total size of available space for the partition containing a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "unit" => "BYTES"
- }
-}
remove Removes the periodic rotating file handler.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
enabled
BOOLEAN
false
true
true
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
autoflush
BOOLEAN
false
true
true
Automatically flush after each write.
append
BOOLEAN
false
true
true
Specify whether to append to the target file.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
suffix
STRING
true
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/logging-profile/periodic-size-rotating-file-handler/index.html b/29/wildscribe/subsystem/logging/logging-profile/periodic-size-rotating-file-handler/index.html
index a9ed2e2f6..ff0912a4d 100644
--- a/29/wildscribe/subsystem/logging/logging-profile/periodic-size-rotating-file-handler/index.html
+++ b/29/wildscribe/subsystem/logging/logging-profile/periodic-size-rotating-file-handler/index.html
@@ -1,45 +1,11 @@
- WildFly Full 29 Model Reference
It defines a handler which writes to a file, rotating the log after a time period derived from the given suffix string or after the size of the file grows beyond a certain point and keeping a fixed number of backups. The suffix should be in a format understood by the java.text.SimpleDateFormat. Any backups rotated by the suffix will not be purged during a size rotation.
rotate-on-boot Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
rotate-size The size at which to rotate the log file.
Attribute
Value
Default Value
2m
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
suffix Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (4)
add Adds a new periodic size rotating file handler.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
append
BOOLEAN
false
true
true
Specify whether to append to the target file.
autoflush
BOOLEAN
false
true
true
Automatically flush after each write.
enabled
BOOLEAN
false
true
true
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
level
STRING
false
true
ALL
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
max-backup-index
INT
false
true
1
The maximum number of backups to keep.
name
STRING
false
false
The name of the handler.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
rotate-on-boot
BOOLEAN
false
true
false
Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
rotate-size
STRING
false
true
2m
The size at which to rotate the log file.
suffix
STRING
true
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
path-info Obtain the informations for a filesystem path.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
unit
STRING
false
false
BYTES
Disk space unit to display disk usage.
Reply properties
Filesystem path for which to obtain disk usage.
type
OBJECT
Value Type
{
- "used-space" => {
- "type" => DOUBLE,
- "description" => "The total size of the contents of a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "unit" => "BYTES"
- },
- "creation-time" => {
- "type" => STRING,
- "description" => "The creation time of a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "last-modified" => {
- "type" => STRING,
- "description" => "The last modified time of a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "resolved-path" => {
- "type" => STRING,
- "description" => "The resolved filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "available-space" => {
- "type" => DOUBLE,
- "description" => "The total size of available space for the partition containing a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "unit" => "BYTES"
- }
-}
remove Removes the periodic size rotating file handler.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/logging-profile/root-logger/ROOT/index.html b/29/wildscribe/subsystem/logging/logging-profile/root-logger/ROOT/index.html
index 2a390c156..5321ef3f9 100644
--- a/29/wildscribe/subsystem/logging/logging-profile/root-logger/ROOT/index.html
+++ b/29/wildscribe/subsystem/logging/logging-profile/root-logger/ROOT/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/logging-profile/size-rotating-file-handler/index.html b/29/wildscribe/subsystem/logging/logging-profile/size-rotating-file-handler/index.html
index 267f3999d..7bfa9c08c 100644
--- a/29/wildscribe/subsystem/logging/logging-profile/size-rotating-file-handler/index.html
+++ b/29/wildscribe/subsystem/logging/logging-profile/size-rotating-file-handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Defines a handler which writes to a file, rotating the log after the size of the file grows beyond a certain point and keeping a fixed number of backups.
rotate-on-boot Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
rotate-size The size at which to rotate the log file.
Attribute
Value
Default Value
2m
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
suffix Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The suffix does not determine when the file should be rotated.
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
level
STRING
false
true
ALL
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
max-backup-index
INT
false
true
1
The maximum number of backups to keep.
name
STRING
false
false
The name of the handler.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
rotate-on-boot
BOOLEAN
false
true
false
Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
rotate-size
STRING
false
true
2m
The size at which to rotate the log file.
suffix
STRING
false
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The suffix does not determine when the file should be rotated.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
enabled
BOOLEAN
false
true
true
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
autoflush
BOOLEAN
false
true
true
Automatically flush after each write.
append
BOOLEAN
false
true
true
Specify whether to append to the target file.
max-backup-index
INT
false
true
1
The maximum number of backups to keep.
rotate-size
STRING
false
true
2m
The size at which to rotate the log file.
rotate-on-boot
BOOLEAN
false
true
false
Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
suffix
STRING
false
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The suffix does not determine when the file should be rotated.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/logging-profile/socket-handler/index.html b/29/wildscribe/subsystem/logging/logging-profile/socket-handler/index.html
index 209940c79..3129d5388 100644
--- a/29/wildscribe/subsystem/logging/logging-profile/socket-handler/index.html
+++ b/29/wildscribe/subsystem/logging/logging-profile/socket-handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
It defines a handler which writes to a socket. Note that a socket-handler will queue messages during the boot process. These messages will be drained to the socket once the resource is fully configured. If the server is in an admin-only state, messages will be discarded.
block-on-reconnect If set to true the write methods will block when attempting to reconnect. This is only advisable to be set to true if using an asynchronous handler.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enabled If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
encoding The character encoding used by this Handler.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
filter-spec A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/logging-profile/syslog-handler/index.html b/29/wildscribe/subsystem/logging/logging-profile/syslog-handler/index.html
index ae1494807..413f27c1a 100644
--- a/29/wildscribe/subsystem/logging/logging-profile/syslog-handler/index.html
+++ b/29/wildscribe/subsystem/logging/logging-profile/syslog-handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/logging-profile/xml-formatter/index.html b/29/wildscribe/subsystem/logging/logging-profile/xml-formatter/index.html
index d29a5744c..c5202a1b8 100644
--- a/29/wildscribe/subsystem/logging/logging-profile/xml-formatter/index.html
+++ b/29/wildscribe/subsystem/logging/logging-profile/xml-formatter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
date-format The date/time format pattern. The pattern must be a valid java.time.format.DateTimeFormatter.ofPattern() pattern. The default pattern is an ISO-8601 extended offset date-time format.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
exception-output-type Indicates how the cause of the logged message, if one is available, will be added to the XML output.
Attribute
Value
Default Value
detailed
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
detailed formatted detailed-and-formatted
key-overrides Allows the names of the keys for the XML properties to be overridden.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
resource-services
meta-data Sets the meta data to use in the XML format. Properties will be added to each log message.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
namespace-uri Sets the namespace URI used for each record if print-namespace attribute is true. Note that if no namespace-uri is defined and there are overridden keys no namespace will be written regardless if the print-namespace attribute is set to true.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
pretty-print Indicates whether or not pretty printing should be used when formatting.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
print-details Sets whether or not details should be printed. Printing the details can be expensive as the values are retrieved from the caller. The details include the source class name, source file name, source method name, source module name, source module version and source line number.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
print-namespace Turns on or off the printing of the namespace for each . This is set to false by default.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
record-delimiter The value to be used to indicate the end of a record. If set to null no delimiter will be used at the end of the record. The default value is a line feed.
Attribute
Value
Default Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
zone-id The zone ID for formatting the date and time. The system default is used if left undefined.
The date/time format pattern. The pattern must be a valid java.time.format.DateTimeFormatter.ofPattern() pattern. The default pattern is an ISO-8601 extended offset date-time format.
exception-output-type
STRING
false
true
detailed
Indicates how the cause of the logged message, if one is available, will be added to the XML output.
key-overrides
OBJECT
false
false
Allows the names of the keys for the XML properties to be overridden.
meta-data
OBJECT
false
false
Sets the meta data to use in the XML format. Properties will be added to each log message.
namespace-uri
STRING
false
true
Sets the namespace URI used for each record if print-namespace attribute is true. Note that if no namespace-uri is defined and there are overridden keys no namespace will be written regardless if the print-namespace attribute is set to true.
pretty-print
BOOLEAN
false
true
false
Indicates whether or not pretty printing should be used when formatting.
print-details
BOOLEAN
false
true
false
Sets whether or not details should be printed. Printing the details can be expensive as the values are retrieved from the caller. The details include the source class name, source file name, source method name, source module name, source module version and source line number.
print-namespace
BOOLEAN
false
true
false
Turns on or off the printing of the namespace for each . This is set to false by default.
record-delimiter
STRING
false
true
The value to be used to indicate the end of a record. If set to null no delimiter will be used at the end of the record. The default value is a line feed.
zone-id
STRING
false
true
The zone ID for formatting the date and time. The system default is used if left undefined.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/pattern-formatter/index.html b/29/wildscribe/subsystem/logging/pattern-formatter/index.html
index 97c82b3cb..3d151b6e0 100644
--- a/29/wildscribe/subsystem/logging/pattern-formatter/index.html
+++ b/29/wildscribe/subsystem/logging/pattern-formatter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
color-map The color-map attribute allows for a comma delimited list of colors to be used for different levels with a pattern formatter. The format for the color mapping pattern is level-name:color-name.Valid Levels; severe, fatal, error, warn, warning, info, debug, trace, config, fine, finer, finest Valid Colors; black, green, red, yellow, blue, magenta, cyan, white, brightblack, brightred, brightgreen, brightblue, brightyellow, brightmagenta, brightcyan, brightwhite
The color-map attribute allows for a comma delimited list of colors to be used for different levels with a pattern formatter. The format for the color mapping pattern is level-name:color-name.Valid Levels; severe, fatal, error, warn, warning, info, debug, trace, config, fine, finer, finest Valid Colors; black, green, red, yellow, blue, magenta, cyan, white, brightblack, brightred, brightgreen, brightblue, brightyellow, brightmagenta, brightcyan, brightwhite
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/periodic-rotating-file-handler/index.html b/29/wildscribe/subsystem/logging/periodic-rotating-file-handler/index.html
index bf2c2027c..0057c54ee 100644
--- a/29/wildscribe/subsystem/logging/periodic-rotating-file-handler/index.html
+++ b/29/wildscribe/subsystem/logging/periodic-rotating-file-handler/index.html
@@ -1,45 +1,11 @@
- WildFly Full 29 Model Reference
It defines a handler which writes to a file, rotating the log after a time period derived from the given suffix string, which should be in a format understood by java.text.SimpleDateFormat.
suffix Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
filter
OBJECT
false
false
Defines a simple filter type.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
level
STRING
false
true
ALL
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
name
STRING
false
false
The name of the handler.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
suffix
STRING
true
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
Use the write-attribute for the enabled attribute.
path-info Obtain the informations for a filesystem path.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
unit
STRING
false
false
BYTES
Disk space unit to display disk usage.
Reply properties
Filesystem path for which to obtain disk usage.
type
OBJECT
Value Type
{
- "used-space" => {
- "type" => DOUBLE,
- "description" => "The total size of the contents of a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "unit" => "BYTES"
- },
- "creation-time" => {
- "type" => STRING,
- "description" => "The creation time of a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "last-modified" => {
- "type" => STRING,
- "description" => "The last modified time of a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "resolved-path" => {
- "type" => STRING,
- "description" => "The resolved filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "available-space" => {
- "type" => DOUBLE,
- "description" => "The total size of available space for the partition containing a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "unit" => "BYTES"
- }
-}
remove Removes the periodic rotating file handler.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
enabled
BOOLEAN
false
true
true
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
autoflush
BOOLEAN
false
true
true
Automatically flush after each write.
append
BOOLEAN
false
true
true
Specify whether to append to the target file.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
suffix
STRING
true
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/periodic-size-rotating-file-handler/index.html b/29/wildscribe/subsystem/logging/periodic-size-rotating-file-handler/index.html
index febb15ce3..9bb5f65a7 100644
--- a/29/wildscribe/subsystem/logging/periodic-size-rotating-file-handler/index.html
+++ b/29/wildscribe/subsystem/logging/periodic-size-rotating-file-handler/index.html
@@ -1,45 +1,11 @@
- WildFly Full 29 Model Reference
It defines a handler which writes to a file, rotating the log after a time period derived from the given suffix string or after the size of the file grows beyond a certain point and keeping a fixed number of backups. The suffix should be in a format understood by the java.text.SimpleDateFormat. Any backups rotated by the suffix will not be purged during a size rotation.
rotate-on-boot Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
rotate-size The size at which to rotate the log file.
Attribute
Value
Default Value
2m
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
suffix Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (4)
add Adds a new periodic size rotating file handler.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
append
BOOLEAN
false
true
true
Specify whether to append to the target file.
autoflush
BOOLEAN
false
true
true
Automatically flush after each write.
enabled
BOOLEAN
false
true
true
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
level
STRING
false
true
ALL
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
max-backup-index
INT
false
true
1
The maximum number of backups to keep.
name
STRING
false
false
The name of the handler.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
rotate-on-boot
BOOLEAN
false
true
false
Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
rotate-size
STRING
false
true
2m
The size at which to rotate the log file.
suffix
STRING
true
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
path-info Obtain the informations for a filesystem path.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
unit
STRING
false
false
BYTES
Disk space unit to display disk usage.
Reply properties
Filesystem path for which to obtain disk usage.
type
OBJECT
Value Type
{
- "used-space" => {
- "type" => DOUBLE,
- "description" => "The total size of the contents of a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "unit" => "BYTES"
- },
- "creation-time" => {
- "type" => STRING,
- "description" => "The creation time of a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "last-modified" => {
- "type" => STRING,
- "description" => "The last modified time of a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "resolved-path" => {
- "type" => STRING,
- "description" => "The resolved filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "min-length" => 1L,
- "max-length" => 2147483647L
- },
- "available-space" => {
- "type" => DOUBLE,
- "description" => "The total size of available space for the partition containing a filesystem path.",
- "expressions-allowed" => false,
- "required" => true,
- "nillable" => false,
- "unit" => "BYTES"
- }
-}
remove Removes the periodic size rotating file handler.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/root-logger/ROOT/index.html b/29/wildscribe/subsystem/logging/root-logger/ROOT/index.html
index 22a9b6a49..78aa4591d 100644
--- a/29/wildscribe/subsystem/logging/root-logger/ROOT/index.html
+++ b/29/wildscribe/subsystem/logging/root-logger/ROOT/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/size-rotating-file-handler/index.html b/29/wildscribe/subsystem/logging/size-rotating-file-handler/index.html
index eb7d0b78e..99990ec0d 100644
--- a/29/wildscribe/subsystem/logging/size-rotating-file-handler/index.html
+++ b/29/wildscribe/subsystem/logging/size-rotating-file-handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Defines a handler which writes to a file, rotating the log after the size of the file grows beyond a certain point and keeping a fixed number of backups.
rotate-on-boot Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
rotate-size The size at which to rotate the log file.
Attribute
Value
Default Value
2m
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
suffix Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The suffix does not determine when the file should be rotated.
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
filter
OBJECT
false
false
Defines a simple filter type.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
level
STRING
false
true
ALL
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
max-backup-index
INT
false
true
1
The maximum number of backups to keep.
name
STRING
false
false
The name of the handler.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
rotate-on-boot
BOOLEAN
false
true
false
Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
rotate-size
STRING
false
true
2m
The size at which to rotate the log file.
suffix
STRING
false
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The suffix does not determine when the file should be rotated.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
enabled
BOOLEAN
false
true
true
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
autoflush
BOOLEAN
false
true
true
Automatically flush after each write.
append
BOOLEAN
false
true
true
Specify whether to append to the target file.
max-backup-index
INT
false
true
1
The maximum number of backups to keep.
rotate-size
STRING
false
true
2m
The size at which to rotate the log file.
rotate-on-boot
BOOLEAN
false
true
false
Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
suffix
STRING
false
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The suffix does not determine when the file should be rotated.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/socket-handler/index.html b/29/wildscribe/subsystem/logging/socket-handler/index.html
index 307aeccfa..05a2f619c 100644
--- a/29/wildscribe/subsystem/logging/socket-handler/index.html
+++ b/29/wildscribe/subsystem/logging/socket-handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
It defines a handler which writes to a socket. Note that a socket-handler will queue messages during the boot process. These messages will be drained to the socket once the resource is fully configured. If the server is in an admin-only state, messages will be discarded.
block-on-reconnect If set to true the write methods will block when attempting to reconnect. This is only advisable to be set to true if using an asynchronous handler.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enabled If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
encoding The character encoding used by this Handler.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
filter-spec A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/syslog-handler/index.html b/29/wildscribe/subsystem/logging/syslog-handler/index.html
index c42bf429d..e35fdbe76 100644
--- a/29/wildscribe/subsystem/logging/syslog-handler/index.html
+++ b/29/wildscribe/subsystem/logging/syslog-handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/logging/xml-formatter/index.html b/29/wildscribe/subsystem/logging/xml-formatter/index.html
index 64328ecde..2a8d4e258 100644
--- a/29/wildscribe/subsystem/logging/xml-formatter/index.html
+++ b/29/wildscribe/subsystem/logging/xml-formatter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
date-format The date/time format pattern. The pattern must be a valid java.time.format.DateTimeFormatter.ofPattern() pattern. The default pattern is an ISO-8601 extended offset date-time format.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
exception-output-type Indicates how the cause of the logged message, if one is available, will be added to the XML output.
Attribute
Value
Default Value
detailed
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
detailed formatted detailed-and-formatted
key-overrides Allows the names of the keys for the XML properties to be overridden.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
resource-services
meta-data Sets the meta data to use in the XML format. Properties will be added to each log message.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
namespace-uri Sets the namespace URI used for each record if print-namespace attribute is true. Note that if no namespace-uri is defined and there are overridden keys no namespace will be written regardless if the print-namespace attribute is set to true.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
pretty-print Indicates whether or not pretty printing should be used when formatting.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
print-details Sets whether or not details should be printed. Printing the details can be expensive as the values are retrieved from the caller. The details include the source class name, source file name, source method name, source module name, source module version and source line number.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
print-namespace Turns on or off the printing of the namespace for each . This is set to false by default.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
record-delimiter The value to be used to indicate the end of a record. If set to null no delimiter will be used at the end of the record. The default value is a line feed.
Attribute
Value
Default Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
zone-id The zone ID for formatting the date and time. The system default is used if left undefined.
The date/time format pattern. The pattern must be a valid java.time.format.DateTimeFormatter.ofPattern() pattern. The default pattern is an ISO-8601 extended offset date-time format.
exception-output-type
STRING
false
true
detailed
Indicates how the cause of the logged message, if one is available, will be added to the XML output.
key-overrides
OBJECT
false
false
Allows the names of the keys for the XML properties to be overridden.
meta-data
OBJECT
false
false
Sets the meta data to use in the XML format. Properties will be added to each log message.
namespace-uri
STRING
false
true
Sets the namespace URI used for each record if print-namespace attribute is true. Note that if no namespace-uri is defined and there are overridden keys no namespace will be written regardless if the print-namespace attribute is set to true.
pretty-print
BOOLEAN
false
true
false
Indicates whether or not pretty printing should be used when formatting.
print-details
BOOLEAN
false
true
false
Sets whether or not details should be printed. Printing the details can be expensive as the values are retrieved from the caller. The details include the source class name, source file name, source method name, source module name, source module version and source line number.
print-namespace
BOOLEAN
false
true
false
Turns on or off the printing of the namespace for each . This is set to false by default.
record-delimiter
STRING
false
true
The value to be used to indicate the end of a record. If set to null no delimiter will be used at the end of the record. The default value is a line feed.
zone-id
STRING
false
true
The zone ID for formatting the date and time. The system default is used if left undefined.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/mail/index.html b/29/wildscribe/subsystem/mail/index.html
index e1db985a4..f02b0d0b5 100644
--- a/29/wildscribe/subsystem/mail/index.html
+++ b/29/wildscribe/subsystem/mail/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/mail/mail-session/custom/index.html b/29/wildscribe/subsystem/mail/mail-session/custom/index.html
index dee9ef2c7..9536ae54a 100644
--- a/29/wildscribe/subsystem/mail/mail-session/custom/index.html
+++ b/29/wildscribe/subsystem/mail/mail-session/custom/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/mail/mail-session/index.html b/29/wildscribe/subsystem/mail/mail-session/index.html
index 2e337bb5d..8ffbf1bc0 100644
--- a/29/wildscribe/subsystem/mail/mail-session/index.html
+++ b/29/wildscribe/subsystem/mail/mail-session/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/mail/mail-session/server/imap/index.html b/29/wildscribe/subsystem/mail/mail-session/server/imap/index.html
index db471e51e..2e8d52d7e 100644
--- a/29/wildscribe/subsystem/mail/mail-session/server/imap/index.html
+++ b/29/wildscribe/subsystem/mail/mail-session/server/imap/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/mail/mail-session/server/pop3/index.html b/29/wildscribe/subsystem/mail/mail-session/server/pop3/index.html
index a661c8ae0..ffd3a001a 100644
--- a/29/wildscribe/subsystem/mail/mail-session/server/pop3/index.html
+++ b/29/wildscribe/subsystem/mail/mail-session/server/pop3/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/mail/mail-session/server/smtp/index.html b/29/wildscribe/subsystem/mail/mail-session/server/smtp/index.html
index f97deec81..e3d29e468 100644
--- a/29/wildscribe/subsystem/mail/mail-session/server/smtp/index.html
+++ b/29/wildscribe/subsystem/mail/mail-session/server/smtp/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/connection-factory/index.html b/29/wildscribe/subsystem/messaging-activemq/connection-factory/index.html
index cd13d6691..b92bef125 100644
--- a/29/wildscribe/subsystem/messaging-activemq/connection-factory/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/connection-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
protocol-manager-factory The protocol manager factory used by this connection factory (it must implement org.apache.activemq.artemis.spi.core.remoting.ClientProtocolManagerFactory).
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
false
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
true
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
enable-amq1-prefix
BOOLEAN
false
true
true
Enable the use of ActiveMQ 1.5.x prefixes in the addresses.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
factory-type
STRING
false
true
GENERIC
The type of connection factory.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
false
Whether the connection factory supports High Availability.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this connection factory (it must implement org.apache.activemq.artemis.spi.core.remoting.ClientProtocolManagerFactory).
reconnect-attempts
INT
false
true
0
The reconnect attempts.
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/connector/index.html b/29/wildscribe/subsystem/messaging-activemq/connector/index.html
index 4f8dd8f6d..cd5a2f57e 100644
--- a/29/wildscribe/subsystem/messaging-activemq/connector/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/connector/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/discovery-group/index.html b/29/wildscribe/subsystem/messaging-activemq/discovery-group/index.html
index 470e8e25b..123fd9dcd 100644
--- a/29/wildscribe/subsystem/messaging-activemq/discovery-group/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/discovery-group/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
jgroups-stack References the name of a JGroups channel factory.
Deprecated Since 3.0.0
Deprecated. Use jgroups-channel instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
refresh-timeout Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
Period, in ms, to wait for an initial broadcast to give us at least one node in the cluster.
jgroups-channel
STRING
false
false
References the name of a JGroups channel. If undefined, the default channel will be used.
jgroups-cluster
STRING
false
false
The logical cluster name.
jgroups-stack
STRING
false
false
References the name of a JGroups channel factory.
refresh-timeout
LONG
false
true
10000
Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/external-jms-queue/index.html b/29/wildscribe/subsystem/messaging-activemq/external-jms-queue/index.html
index 83669ee51..ef9b047e6 100644
--- a/29/wildscribe/subsystem/messaging-activemq/external-jms-queue/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/external-jms-queue/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/external-jms-topic/index.html b/29/wildscribe/subsystem/messaging-activemq/external-jms-topic/index.html
index abaa1ceca..8cf272ae9 100644
--- a/29/wildscribe/subsystem/messaging-activemq/external-jms-topic/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/external-jms-topic/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/http-connector/index.html b/29/wildscribe/subsystem/messaging-activemq/http-connector/index.html
index 6fc291c84..69d0434d1 100644
--- a/29/wildscribe/subsystem/messaging-activemq/http-connector/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/http-connector/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
endpoint The http-acceptor that serves as the endpoint of this http-connector.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
params A key-value pair understood by the connector factory-class and used to configure it.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
server-name The name of the ActiveMQ Artemis server that will be connected to on the remote server. If undefined, the name of the parent ActiveMQ Artemis server will be used (suitable if the http-connector is used to connect to the parent server)
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
socket-binding The socket binding that the connector will use to create connections
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
ssl-context The SSL context that the connector will use to connect
The http-acceptor that serves as the endpoint of this http-connector.
params
OBJECT
false
true
A key-value pair understood by the connector factory-class and used to configure it.
server-name
STRING
false
false
The name of the ActiveMQ Artemis server that will be connected to on the remote server. If undefined, the name of the parent ActiveMQ Artemis server will be used (suitable if the http-connector is used to connect to the parent server)
socket-binding
STRING
true
false
The socket binding that the connector will use to create connections
ssl-context
STRING
false
false
The SSL context that the connector will use to connect
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/in-vm-connector/index.html b/29/wildscribe/subsystem/messaging-activemq/in-vm-connector/index.html
index 09331c623..7fb4cee0d 100644
--- a/29/wildscribe/subsystem/messaging-activemq/in-vm-connector/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/in-vm-connector/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/index.html b/29/wildscribe/subsystem/messaging-activemq/index.html
index 5fc8873e1..df7287829 100644
--- a/29/wildscribe/subsystem/messaging-activemq/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
connector A connector can be used by a client to define how it connects to a server.
discovery-group Multicast group to listen to receive broadcast from other servers announcing their connectors.
external-jms-queue Defines a Jakarta Messaging queue to a remote broker.
external-jms-topic Defines a Jakarta Messaging topic to a remote broker.
http-connector Used by a remote client to define how it connects to a server over HTTP.
in-vm-connector Used by an in-VM client to define how it connects to a server.
jgroups-discovery-group Multicast group to listen to receive broadcast from other servers announcing their connectors using JGroups cluster configuration.
global-client-scheduled-thread-pool-max-size Maximum size of the pool of threads used by all ActiveMQ clients running inside this server. If the attribute is undefined (by default), ActiveMQ will configure it to be 8 x the number of available processors.
add Operation adding the messaging-activemq subsystem
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
global-client-scheduled-thread-pool-max-size
INT
false
true
Maximum size of the pool of threads used by all ActiveMQ clients running inside this server. If the attribute is undefined (by default), ActiveMQ will configure it to be 8 x the number of available processors.
global-client-thread-pool-max-size
INT
false
true
Maximum size of the pool of scheduled threads used by all ActiveMQ clients running inside this server.
remove Operation removing the messaging-activemq subsystem
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/jgroups-discovery-group/index.html b/29/wildscribe/subsystem/messaging-activemq/jgroups-discovery-group/index.html
index f57f4f889..2335c3dc8 100644
--- a/29/wildscribe/subsystem/messaging-activemq/jgroups-discovery-group/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/jgroups-discovery-group/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
refresh-timeout Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
Period, in ms, to wait for an initial broadcast to give us at least one node in the cluster.
jgroups-channel
STRING
false
false
References the name of a JGroups channel. If undefined, the default channel will be used.
jgroups-cluster
STRING
true
false
The logical cluster name.
jgroups-stack
STRING
false
false
References the name of a JGroups channel factory.
refresh-timeout
LONG
false
true
10000
Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/jms-bridge/index.html b/29/wildscribe/subsystem/messaging-activemq/jms-bridge/index.html
index 3eee7291e..c499f4e46 100644
--- a/29/wildscribe/subsystem/messaging-activemq/jms-bridge/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/jms-bridge/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
add-messageID-in-header If true, then the original message's message ID will be appended in the message sent to the destination in the header AMQ_BRIDGE_MSG_ID_LIST. If the message is bridged more than once, each message ID will be appended.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-id The Jakarta Messaging client ID to use when creating/looking up the subscription if it is durable and the source destination is a topic.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
failure-retry-interval The amount of time in milliseconds to wait between trying to recreate connections to the source or target servers when the bridge has detected they have failed.
Attribute
Value
Default Value
5000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-batch-size The maximum number of messages to consume from the source destination before sending them in a batch to the target destination. Its value must >= 1.
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-batch-time The maximum number of milliseconds to wait before sending a batch to target, even if the number of messages consumed has not reached max-batch-size. Its value must be -1 to represent 'wait forever', or >= 1 to specify an actual time.
Attribute
Value
Default Value
-1
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-retries The number of times to attempt to recreate connections to the source or target servers when the bridge has detected they have failed. The bridge will give up after trying this number of times. -1 represents 'try forever'.
Attribute
Value
Default Value
-1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
message-count The number of messages successfully committed.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
module The name of AS7 module containing the resources required to lookup source and target Jakarta Messaging resources.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
paused Whether the Jakarta Messaging bridge is paused.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
quality-of-service The desired quality of service mode (AT_MOST_ONCE, DUPLICATES_OK or ONCE_AND_ONLY_ONCE).
Attribute
Value
Default Value
AT_MOST_ONCE
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
AT_MOST_ONCE DUPLICATES_OK ONCE_AND_ONLY_ONCE
selector A Jakarta Messaging selector expression used for consuming messages from the source destination. Only messages that match the selector expression will be bridged from the source to the target destination.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
source-connection-factory The name of the source connection factory to lookup on the source messaging server.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
source-context The properties used to configure the source JNDI initial context.
If true, then the original message's message ID will be appended in the message sent to the destination in the header AMQ_BRIDGE_MSG_ID_LIST. If the message is bridged more than once, each message ID will be appended.
client-id
STRING
false
true
The Jakarta Messaging client ID to use when creating/looking up the subscription if it is durable and the source destination is a topic.
failure-retry-interval
LONG
false
true
5000
The amount of time in milliseconds to wait between trying to recreate connections to the source or target servers when the bridge has detected they have failed.
max-batch-size
INT
false
true
1
The maximum number of messages to consume from the source destination before sending them in a batch to the target destination. Its value must >= 1.
max-batch-time
LONG
false
true
-1
The maximum number of milliseconds to wait before sending a batch to target, even if the number of messages consumed has not reached max-batch-size. Its value must be -1 to represent 'wait forever', or >= 1 to specify an actual time.
max-retries
INT
false
true
-1
The number of times to attempt to recreate connections to the source or target servers when the bridge has detected they have failed. The bridge will give up after trying this number of times. -1 represents 'try forever'.
module
STRING
true
false
The name of AS7 module containing the resources required to lookup source and target Jakarta Messaging resources.
quality-of-service
STRING
false
true
AT_MOST_ONCE
The desired quality of service mode (AT_MOST_ONCE, DUPLICATES_OK or ONCE_AND_ONLY_ONCE).
selector
STRING
false
true
A Jakarta Messaging selector expression used for consuming messages from the source destination. Only messages that match the selector expression will be bridged from the source to the target destination.
subscription-name
STRING
false
true
The name of the subscription if it is durable and the source destination is a topic.
source-connection-factory
STRING
true
false
The name of the source connection factory to lookup on the source messaging server.
source-context
OBJECT
false
true
The properties used to configure the source JNDI initial context.
source-credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate source connection
source-destination
STRING
true
false
The name of the source destination to lookup on the source messaging server.
source-password
STRING
false
true
The password for creating the source connection.
source-user
STRING
false
true
The name of the user for creating the source connection.
target-connection-factory
STRING
true
false
The name of the target connection factory to lookup on the target messaging server.
target-context
OBJECT
false
true
The properties used to configure the target JNDI initial context.
target-credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate target connection
target-destination
STRING
true
false
The name of the target destination to lookup on the target messaging server.
target-password
STRING
false
true
The password for creating the target connection.
target-user
STRING
false
true
The name of the user for creating the target connection.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/pooled-connection-factory/index.html b/29/wildscribe/subsystem/messaging-activemq/pooled-connection-factory/index.html
index f8a51f5e7..2c210d370 100644
--- a/29/wildscribe/subsystem/messaging-activemq/pooled-connection-factory/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/pooled-connection-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allow-local-transactions Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
credential-reference Credential (from Credential Store) to authenticate the pooled connection factory
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
enable-amq1-prefix Enable the use of ActiveMQ 1.5.x prefixes in the addresses.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enlistment-trace Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
entries The jndi names the connection factory should be bound to.
use-jndi Use JNDI to locate the destination for incoming connections
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-local-tx Use a local transaction for incoming sessions
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
user The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
true
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate the pooled connection factory
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
false
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
enable-amq1-prefix
BOOLEAN
false
true
true
Enable the use of ActiveMQ 1.5.x prefixes in the addresses.
enlistment-trace
BOOLEAN
false
true
Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
true
Whether the connection factory supports High Availability.
initial-connect-attempts
INT
false
true
-1
The number of attempts to connect initially with this factory.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
managed-connection-pool
STRING
false
true
The class name of the managed connection pool used by this pooled-connection-factory.
max-pool-size
INT
false
true
20
The maximum size for the pool
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
min-pool-size
INT
false
true
0
The minimum size for the pool
password
STRING
false
true
The default password to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this pooled connection factory.
reconnect-attempts
INT
false
true
-1
The reconnect attempts. By default, a pooled connection factory will try to reconnect infinitely to the messaging server(s).
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction
STRING
false
true
xa
The type of transaction supported by this pooled connection factory (can be LOCAL, NONE or XA, default is XA).
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-auto-recovery
BOOLEAN
false
true
true
True to use auto recovery.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
user
STRING
false
true
The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
jndi-params
STRING
false
true
The JNDI params to use for locating the destination for incoming connections.
rebalance-connections
BOOLEAN
false
true
false
Rebalance inbound connections when cluster topology changes.
setup-attempts
INT
false
true
The number of times to set up an MDB endpoint
setup-interval
LONG
false
true
The interval between attempts at setting up an MDB endpoint.
use-jndi
BOOLEAN
false
true
Use JNDI to locate the destination for incoming connections
use-local-tx
BOOLEAN
false
true
Use a local transaction for incoming sessions
allow-local-transactions
BOOLEAN
false
true
false
Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/remote-connector/index.html b/29/wildscribe/subsystem/messaging-activemq/remote-connector/index.html
index f96fa557d..6d9d64360 100644
--- a/29/wildscribe/subsystem/messaging-activemq/remote-connector/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/remote-connector/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/acceptor/index.html b/29/wildscribe/subsystem/messaging-activemq/server/acceptor/index.html
index 4739ff021..f34d4f6a0 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/acceptor/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/acceptor/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/address-setting/index.html b/29/wildscribe/subsystem/messaging-activemq/server/address-setting/index.html
index ba174c962..561dec220 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/address-setting/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/address-setting/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
An address setting defines some attributes that are defined against an address wildcard rather than a specific queue.
Attributes (25)
address-full-policy Determines what happens when an address where max-size-bytes is specified becomes full. (PAGE, DROP or BLOCK)
Attribute
Value
Default Value
PAGE
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
DROP PAGE BLOCK FAIL
auto-create-addresses Determines whether ActiveMQ should automatically create an addresses corresponding to the address-settings match when a producer or a consumer is tries to use such a queue.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auto-create-jms-queues Determines whether ActiveMQ should automatically create a Jakarta Messaging queue corresponding to the address-settings match when a Jakarta Messaging producer or a consumer is tries to use such a queue.
Deprecated Since 3.0.0
This attribute is no longer supported by ActiveMQ.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auto-create-queues Determines whether ActiveMQ should automatically create a queue corresponding to the address-settings match when a producer or a consumer is tries to use such a queue.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auto-delete-addresses Determines whether ActiveMQ should automatically delete auto-created addresses when they have no consumers and no messages.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auto-delete-created-queues Determines whether ActiveMQ should automatically delete auto-created queues when they have no consumers and no messages.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auto-delete-jms-queues Determines Whether ActiveMQ should automatically delete auto-created Jakarta Messaging queues when they have no consumers and no messages.
Deprecated Since 3.0.0
This attribute is no longer supported by ActiveMQ.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auto-delete-queues Determines Whether ActiveMQ should automatically delete auto-created queues when they have no consumers and no messages.
redistribution-delay Defines how long to wait when the last consumer is closed on a queue before redistributing any messages
Attribute
Value
Default Value
-1
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
send-to-dla-on-no-route If this parameter is set to true for that address, if the message is not routed to any queues it will instead be sent to the dead letter address (DLA) for that address, if it exists.
Determines what happens when an address where max-size-bytes is specified becomes full. (PAGE, DROP or BLOCK)
auto-create-addresses
BOOLEAN
false
true
true
Determines whether ActiveMQ should automatically create an addresses corresponding to the address-settings match when a producer or a consumer is tries to use such a queue.
auto-create-jms-queues
BOOLEAN
false
true
false
Determines whether ActiveMQ should automatically create a Jakarta Messaging queue corresponding to the address-settings match when a Jakarta Messaging producer or a consumer is tries to use such a queue.
auto-create-queues
BOOLEAN
false
true
false
Determines whether ActiveMQ should automatically create a queue corresponding to the address-settings match when a producer or a consumer is tries to use such a queue.
auto-delete-addresses
BOOLEAN
false
true
true
Determines whether ActiveMQ should automatically delete auto-created addresses when they have no consumers and no messages.
auto-delete-created-queues
BOOLEAN
false
true
false
Determines whether ActiveMQ should automatically delete auto-created queues when they have no consumers and no messages.
auto-delete-jms-queues
BOOLEAN
false
true
false
Determines Whether ActiveMQ should automatically delete auto-created Jakarta Messaging queues when they have no consumers and no messages.
auto-delete-queues
BOOLEAN
false
true
false
Determines Whether ActiveMQ should automatically delete auto-created queues when they have no consumers and no messages.
dead-letter-address
STRING
false
true
The dead letter address
expiry-address
STRING
false
true
Defines where to send a message that has expired.
expiry-delay
LONG
false
true
-1
Defines the expiration time that will be used for messages using the default expiration time
last-value-queue
BOOLEAN
false
true
false
Defines whether a queue only uses last values or not
max-delivery-attempts
INT
false
true
10
Defines how many time a cancelled message can be redelivered before sending to the dead-letter-address
max-redelivery-delay
LONG
false
true
0
Maximum value for the redelivery-delay (in ms).
max-size-bytes
LONG
false
true
-1
The max bytes size.
message-counter-history-day-limit
INT
false
true
0
Day limit for the message counter history.
page-max-cache-size
INT
false
true
5
The number of page files to keep in memory to optimize IO during paging navigation.
page-size-bytes
INT
false
true
10485760
The paging size.
redelivery-delay
LONG
false
true
0
Defines how long to wait before attempting redelivery of a cancelled message
redelivery-multiplier
DOUBLE
false
true
1.0
Multiplier to apply to the redelivery-delay parameter
redistribution-delay
LONG
false
true
-1
Defines how long to wait when the last consumer is closed on a queue before redistributing any messages
send-to-dla-on-no-route
BOOLEAN
false
true
false
If this parameter is set to true for that address, if the message is not routed to any queues it will instead be sent to the dead letter address (DLA) for that address, if it exists.
slow-consumer-check-period
LONG
false
true
5
How often to check for slow consumers on a particular queue.
slow-consumer-policy
STRING
false
true
NOTIFY
Determine what happens when a slow consumer is identified.
slow-consumer-threshold
LONG
false
true
-1
The minimum rate of message consumption allowed before a consumer is considered slow.
remove Operation removing an existing address-setting
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/bridge/index.html b/29/wildscribe/subsystem/messaging-activemq/server/bridge/index.html
index ba48d8b40..d53ba6b88 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/bridge/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/bridge/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
check-period The period (in milliseconds) between client failure check.
Attribute
Value
Default Value
30000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
confirmation-window-size The confirmation-window-size to use for the connection used to forward messages to the target node.
Attribute
Value
Default Value
10485760
Type
INT
Nillable
true
Expressions Allowed
true
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
connection-ttl The maximum time (in milliseconds) for which the connections used by the bridges are considered alive (in the absence of heartbeat).
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
credential-reference Credential (from Credential Store) to authenticate the bridge
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
discovery-group The name of the discovery group used by this bridge. Must be undefined (null) if 'static-connectors' is defined.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
filter An optional filter string. If specified then only messages which match the filter expression specified will be forwarded. The filter string follows the ActiveMQ filter expression syntax described in the ActiveMQ documentation.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
forwarding-address The address on the target server that the message will be forwarded to. If a forwarding address is not specified then the original destination of the message will be retained.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
ha Whether or not this bridge should support high availability. True means it will connect to any available server in a cluster and support failover.
max-retry-interval The maximum interval of time used to retry connections
Attribute
Value
Default Value
2000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
min-large-message-size The minimum size (in bytes) for a message before it is considered as a large message.
Attribute
Value
Default Value
102400
Type
INT
Nillable
true
Expressions Allowed
true
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
password The password to use when creating the bridge connection to the remote server. If it is not specified the default cluster password specified by the cluster-password attribute in the root messaging subsystem resource will be used.
queue-name The unique name of the local queue that the bridge consumes from.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
reconnect-attempts The total number of reconnect attempts the bridge will make before giving up and shutting down. A value of -1 signifies an unlimited number of attempts.
Attribute
Value
Default Value
-1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
reconnect-attempts-on-same-node The total number of reconnect attempts on the same node the bridge will make before giving up and shutting down. A value of -1 signifies an unlimited number of attempts.
Attribute
Value
Default Value
10
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
retry-interval The period in milliseconds between subsequent reconnection attempts, if the connection to the target server has failed.
Attribute
Value
Default Value
2000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
retry-interval-multiplier A multiplier to apply to the time since the last retry to compute the time to the next retry. This allows you to implement an exponential backoff between retry attempts.
Attribute
Value
Default Value
1.0
Type
DOUBLE
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
routing-type Pass or strip the routing type from the messages the bridge forwards.
static-connectors A list of names of statically defined connectors used by this bridge. Must be undefined (null) if 'discovery-group-name' is defined.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
transformer-class-name The name of a user-defined class which implements the org.apache.activemq.artemis.core.server.cluster.Transformer interface.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-duplicate-detection Whether the bridge will automatically insert a duplicate id property into each message that it forwards.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
user The user name to use when creating the bridge connection to the remote server. If it is not specified the default cluster user specified by the cluster-user attribute in the root messaging subsystem resource will be used.
The period (in milliseconds) between client failure check.
confirmation-window-size
INT
false
true
10485760
The confirmation-window-size to use for the connection used to forward messages to the target node.
connection-ttl
LONG
false
true
60000
The maximum time (in milliseconds) for which the connections used by the bridges are considered alive (in the absence of heartbeat).
credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate the bridge
discovery-group
STRING
true
false
The name of the discovery group used by this bridge. Must be undefined (null) if 'static-connectors' is defined.
filter
STRING
false
true
An optional filter string. If specified then only messages which match the filter expression specified will be forwarded. The filter string follows the ActiveMQ filter expression syntax described in the ActiveMQ documentation.
forwarding-address
STRING
false
true
The address on the target server that the message will be forwarded to. If a forwarding address is not specified then the original destination of the message will be retained.
ha
BOOLEAN
false
true
false
Whether or not this bridge should support high availability. True means it will connect to any available server in a cluster and support failover.
initial-connect-attempts
INT
false
true
-1
The number of attempts to connect initially with this bridge.
max-retry-interval
LONG
false
true
2000
The maximum interval of time used to retry connections
min-large-message-size
INT
false
true
102400
The minimum size (in bytes) for a message before it is considered as a large message.
password
STRING
false
true
CHANGE ME!!
The password to use when creating the bridge connection to the remote server. If it is not specified the default cluster password specified by the cluster-password attribute in the root messaging subsystem resource will be used.
producer-window-size
INT
false
true
-1
Producer flow control size on the bridge.
queue-name
STRING
true
true
The unique name of the local queue that the bridge consumes from.
reconnect-attempts
INT
false
true
-1
The total number of reconnect attempts the bridge will make before giving up and shutting down. A value of -1 signifies an unlimited number of attempts.
reconnect-attempts-on-same-node
INT
false
true
10
The total number of reconnect attempts on the same node the bridge will make before giving up and shutting down. A value of -1 signifies an unlimited number of attempts.
retry-interval
LONG
false
true
2000
The period in milliseconds between subsequent reconnection attempts, if the connection to the target server has failed.
retry-interval-multiplier
DOUBLE
false
true
1.0
A multiplier to apply to the time since the last retry to compute the time to the next retry. This allows you to implement an exponential backoff between retry attempts.
routing-type
STRING
false
true
PASS
Pass or strip the routing type from the messages the bridge forwards.
static-connectors
LIST
true
false
A list of names of statically defined connectors used by this bridge. Must be undefined (null) if 'discovery-group-name' is defined.
transformer-class-name
STRING
false
false
The name of a user-defined class which implements the org.apache.activemq.artemis.core.server.cluster.Transformer interface.
use-duplicate-detection
BOOLEAN
false
true
true
Whether the bridge will automatically insert a duplicate id property into each message that it forwards.
user
STRING
false
true
ACTIVEMQ.CLUSTER.ADMIN.USER
The user name to use when creating the bridge connection to the remote server. If it is not specified the default cluster user specified by the cluster-user attribute in the root messaging subsystem resource will be used.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/broadcast-group/index.html b/29/wildscribe/subsystem/messaging-activemq/server/broadcast-group/index.html
index 66f8bfa14..7e5c39122 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/broadcast-group/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/broadcast-group/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/cluster-connection/index.html b/29/wildscribe/subsystem/messaging-activemq/server/cluster-connection/index.html
index 4e699917a..25738a3f4 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/cluster-connection/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/cluster-connection/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Cluster connections group servers into clusters so that messages can be load balanced between the nodes of the cluster.
Attributes (25)
allow-direct-connections-only Whether, if a node learns of the existence of a node that is more than 1 hop away, we do not create a bridge for direct cluster connection. Only relevant if 'static-connectors' is defined.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
call-failover-timeout The timeout to use when fail over is in process (in ms) for remote calls made by the cluster connection.
Attribute
Value
Default Value
-1
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
call-timeout The timeout (in ms) for remote calls made by the cluster connection.
Attribute
Value
Default Value
30000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
check-period The period (in milliseconds) between client failure check.
Attribute
Value
Default Value
30000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
cluster-connection-address Each cluster connection only applies to messages sent to an address that starts with this value.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
confirmation-window-size The confirmation-window-size to use for the connection used to forward messages to a target node.
Attribute
Value
Default Value
10485760
Type
INT
Nillable
true
Expressions Allowed
true
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
connection-ttl The maximum time (in milliseconds) for which the connections used by the cluster connections are considered alive (in the absence of heartbeat).
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
connector-name The name of connector to use for live connection
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
discovery-group The discovery group used to obtain the list of other servers in the cluster to which this cluster connection will make connections. Must be undefined (null) if 'static-connectors' is defined.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
initial-connect-attempts The number of attempts to connect initially with this cluster connection.
Attribute
Value
Default Value
-1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-hops The maximum number of times a message can be forwarded. ActiveMQ can be configured to also load balance messages to nodes which might be connected to it only indirectly with other ActiveMQ servers as intermediates in a chain.
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-retry-interval The maximum interval of time used to retry connections
reconnect-attempts The total number of reconnect attempts the bridge will make before giving up and shutting down. A value of -1 signifies an unlimited number of attempts.
Attribute
Value
Default Value
-1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
retry-interval The period in milliseconds between subsequent attempts to reconnect to a target server, if the connection to the target server has failed.
Attribute
Value
Default Value
500
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
retry-interval-multiplier A multiplier to apply to the time since the last retry to compute the time to the next retry. This allows you to implement an exponential backoff between retry attempts.
Attribute
Value
Default Value
1.0
Type
DOUBLE
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
started Whether the cluster connection is started.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
static-connectors The statically defined list of connectors to which this cluster connection will make connections. Must be undefined (null) if 'discovery-group-name' is defined.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
topology The topology of the nodes that this cluster connection is aware of.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
use-duplicate-detection Whether the bridge will automatically insert a duplicate id property into each message that it forwards.
Whether, if a node learns of the existence of a node that is more than 1 hop away, we do not create a bridge for direct cluster connection. Only relevant if 'static-connectors' is defined.
call-failover-timeout
LONG
false
true
-1
The timeout to use when fail over is in process (in ms) for remote calls made by the cluster connection.
call-timeout
LONG
false
true
30000
The timeout (in ms) for remote calls made by the cluster connection.
check-period
LONG
false
true
30000
The period (in milliseconds) between client failure check.
cluster-connection-address
STRING
true
true
Each cluster connection only applies to messages sent to an address that starts with this value.
confirmation-window-size
INT
false
true
10485760
The confirmation-window-size to use for the connection used to forward messages to a target node.
connection-ttl
LONG
false
true
60000
The maximum time (in milliseconds) for which the connections used by the cluster connections are considered alive (in the absence of heartbeat).
connector-name
STRING
true
false
The name of connector to use for live connection
discovery-group
STRING
true
false
The discovery group used to obtain the list of other servers in the cluster to which this cluster connection will make connections. Must be undefined (null) if 'static-connectors' is defined.
initial-connect-attempts
INT
false
true
-1
The number of attempts to connect initially with this cluster connection.
max-hops
INT
false
true
1
The maximum number of times a message can be forwarded. ActiveMQ can be configured to also load balance messages to nodes which might be connected to it only indirectly with other ActiveMQ servers as intermediates in a chain.
max-retry-interval
LONG
false
true
2000
The maximum interval of time used to retry connections
message-load-balancing-type
STRING
false
true
ON_DEMAND
The type of message load balancing provided by the cluster connection.
min-large-message-size
INT
false
true
102400
The minimum size (in bytes) for a message before it is considered as a large message.
notification-attempts
INT
false
true
2
How many times the cluster connection will broadcast itself
notification-interval
LONG
false
true
1000
How often the cluster connection will broadcast itself
producer-window-size
INT
false
true
-1
Producer flow control size on the cluster connection.
reconnect-attempts
INT
false
true
-1
The total number of reconnect attempts the bridge will make before giving up and shutting down. A value of -1 signifies an unlimited number of attempts.
retry-interval
LONG
false
true
500
The period in milliseconds between subsequent attempts to reconnect to a target server, if the connection to the target server has failed.
retry-interval-multiplier
DOUBLE
false
true
1.0
A multiplier to apply to the time since the last retry to compute the time to the next retry. This allows you to implement an exponential backoff between retry attempts.
static-connectors
LIST
true
false
The statically defined list of connectors to which this cluster connection will make connections. Must be undefined (null) if 'discovery-group-name' is defined.
use-duplicate-detection
BOOLEAN
false
true
true
Whether the bridge will automatically insert a duplicate id property into each message that it forwards.
get-nodes Returns a map of the nodes connected to this cluster connection, where keys are node IDs and values are the addresses used to connect to the nodes.
Reply properties
A map where keys are node IDs and values are the addresses used to connect to the nodes.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/connection-factory/index.html b/29/wildscribe/subsystem/messaging-activemq/server/connection-factory/index.html
index fc75810ce..196a7e313 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/connection-factory/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/connection-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
protocol-manager-factory The protocol manager factory used by this connection factory (it must implement org.apache.activemq.artemis.spi.core.remoting.ClientProtocolManagerFactory).
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
true
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
true
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
factory-type
STRING
false
true
GENERIC
The type of connection factory.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
false
Whether the connection factory supports High Availability.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this connection factory (it must implement org.apache.activemq.artemis.spi.core.remoting.ClientProtocolManagerFactory).
reconnect-attempts
INT
false
true
0
The reconnect attempts.
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/connector-service/index.html b/29/wildscribe/subsystem/messaging-activemq/server/connector-service/index.html
index 5fa4763f3..850e627ea 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/connector-service/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/connector-service/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/connector/index.html b/29/wildscribe/subsystem/messaging-activemq/server/connector/index.html
index 88c0b961d..7857a112d 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/connector/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/connector/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/core-address/index.html b/29/wildscribe/subsystem/messaging-activemq/server/core-address/index.html
index 002f45440..f2d233001 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/core-address/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/core-address/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A runtime-only resource representing a ActiveMQ "address". Zero or more queues can be bound to a single address. When a message is routed, it is routed to the set of queues bound to the message's address.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/core-address/role/index.html b/29/wildscribe/subsystem/messaging-activemq/server/core-address/role/index.html
index 922563620..a5bf57e13 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/core-address/role/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/core-address/role/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/discovery-group/index.html b/29/wildscribe/subsystem/messaging-activemq/server/discovery-group/index.html
index c2384bb8f..7bcfba29e 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/discovery-group/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/discovery-group/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
jgroups-stack References the name of a JGroups channel factory.
Deprecated Since 3.0.0
Deprecated. Use jgroups-channel instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
refresh-timeout Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
Period, in ms, to wait for an initial broadcast to give us at least one node in the cluster.
jgroups-channel
STRING
false
false
References the name of a JGroups channel. If undefined, the default channel will be used.
jgroups-cluster
STRING
false
false
The logical cluster name.
jgroups-stack
STRING
false
false
References the name of a JGroups channel factory.
refresh-timeout
LONG
false
true
10000
Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/divert/index.html b/29/wildscribe/subsystem/messaging-activemq/server/divert/index.html
index 68566ae03..c4f399290 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/divert/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/divert/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A messaging resource that allows you to transparently divert messages routed to one address to some other address, without making any changes to any client application logic.
exclusive Whether the divert is exclusive, meaning that the message is diverted to the new address, and does not go to the old address at all.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
filter An optional filter string. If specified then only messages which match the filter expression specified will be diverted. The filter string follows the ActiveMQ filter expression syntax described in the ActiveMQ documentation.
Whether the divert is exclusive, meaning that the message is diverted to the new address, and does not go to the old address at all.
filter
STRING
false
true
An optional filter string. If specified then only messages which match the filter expression specified will be diverted. The filter string follows the ActiveMQ filter expression syntax described in the ActiveMQ documentation.
forwarding-address
STRING
true
true
Address to divert to
routing-name
STRING
false
true
Routing name of the divert
transformer-class-name
STRING
false
false
The name of a class used to transform the message's body or properties before it is diverted.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/grouping-handler/index.html b/29/wildscribe/subsystem/messaging-activemq/server/grouping-handler/index.html
index e80d7250f..3e95bb139 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/grouping-handler/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/grouping-handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Makes decisions about which node in a cluster should handle a message with a group id assigned.
Attributes (5)
group-timeout How long a group binding will be used, -1 means for ever. Bindings are removed after this wait elapses (valid for both LOCAL and REMOTE handlers).
reaper-period How often the reaper will be run to check for timed out group bindings (only valid for LOCAL handlers).
Attribute
Value
Default Value
30000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
timeout How long to wait for a handling decision to be made; an exception will be thrown during the send if this timeout is reached, ensuring that strict ordering is kept.
Attribute
Value
Default Value
5000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
type Whether the handler is the single "Local" handler for the cluster, which makes handling decisions, or a "Remote" handler which converses with the local handler.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Allowed Values
LOCAL REMOTE
Operations (2)
add Operation adding the grouping handler. Only one grouping handler is allowed.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
group-timeout
LONG
false
true
-1
How long a group binding will be used, -1 means for ever. Bindings are removed after this wait elapses (valid for both LOCAL and REMOTE handlers).
grouping-handler-address
STRING
true
true
A reference to a cluster connection and the address it uses.
reaper-period
LONG
false
true
30000
How often the reaper will be run to check for timed out group bindings (only valid for LOCAL handlers).
timeout
LONG
false
true
5000
How long to wait for a handling decision to be made; an exception will be thrown during the send if this timeout is reached, ensuring that strict ordering is kept.
type
STRING
true
true
Whether the handler is the single "Local" handler for the cluster, which makes handling decisions, or a "Remote" handler which converses with the local handler.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/live-only/index.html b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/live-only/index.html
index d17f331a5..50627c028 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/live-only/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/live-only/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Attributes (5)
scale-down Configure whether this server send its messages to another live server in the scale-down cluster when it is shutdown cleanly.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/configuration/primary/index.html b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/configuration/primary/index.html
index 8cbaa6f11..a8a1086ff 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/configuration/primary/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/configuration/primary/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Attributes (5)
check-for-live-server Whether to check the cluster for another server using the same server ID when starting up.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
cluster-name Name of the cluster used for replication. If it is undefined, the name of the first cluster connection defined in the configuration will be used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
group-name If set, backup servers will only pair with live servers with matching group-name.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/configuration/secondary/index.html b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/configuration/secondary/index.html
index edbfaef9b..807c83065 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/configuration/secondary/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/configuration/secondary/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Attributes (12)
allow-failback Whether a server will automatically stop when a another places a request to take over its place. The use case is when a regular server stops and its backup takes over its duties, later the main server restarts and requests the server (the former backup) to stop operating.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
cluster-name Name of the cluster used for replication. If it is undefined, the name of the first cluster connection defined in the configuration will be used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
group-name If set, backup servers will only pair with live servers with matching group-name.
max-saved-replicated-journal-size This specifies how many times a replicated backup server can restart after moving its files on start. Once there are this number of backup journal files the server will stop permanently after if fails back.
Attribute
Value
Default Value
2
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
restart-backup Will this server, if a backup, restart once it has been stopped because of failback or scaling down.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
scale-down Configure whether this server send its messages to another live server in the scale-down cluster when it is shutdown cleanly.
synchronized-with-live The replication synchronization process with the live server is complete.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (2)
add Add an HA Policy to configure high availability for this ActiveMQ server.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
allow-failback
BOOLEAN
false
true
true
Whether a server will automatically stop when a another places a request to take over its place. The use case is when a regular server stops and its backup takes over its duties, later the main server restarts and requests the server (the former backup) to stop operating.
cluster-name
STRING
false
true
Name of the cluster used for replication. If it is undefined, the name of the first cluster connection defined in the configuration will be used.
group-name
STRING
false
true
If set, backup servers will only pair with live servers with matching group-name.
initial-replication-sync-timeout
LONG
false
true
30000
How long to wait until the initiation replication is synchronized.
max-saved-replicated-journal-size
INT
false
true
2
This specifies how many times a replicated backup server can restart after moving its files on start. Once there are this number of backup journal files the server will stop permanently after if fails back.
restart-backup
BOOLEAN
false
true
true
Will this server, if a backup, restart once it has been stopped because of failback or scaling down.
scale-down
BOOLEAN
false
true
Configure whether this server send its messages to another live server in the scale-down cluster when it is shutdown cleanly.
scale-down-cluster-name
STRING
false
true
Name of the cluster used to scale down.
scale-down-connectors
LIST
false
false
List of connectors used to form the scale-down cluster.
scale-down-discovery-group
STRING
false
false
Name of the discovery group used to build the scale-down cluster
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/index.html b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/index.html
index 023382ca5..fc8478ee6 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Children (1)
configuration Configuration
primary A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
secondary A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Attributes (6)
backup-port-offset The offset to use for the Connectors and Acceptors when creating a new backup server.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
backup-request-retries How many times the live server will try to request a backup, -1 means for ever.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-primary/index.html b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-primary/index.html
index 191403ff6..dd9a63ad3 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-primary/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-primary/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Attributes (5)
check-for-live-server Whether to check the cluster for another server using the same server ID when starting up.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
cluster-name Name of the cluster used for replication. If it is undefined, the name of the first cluster connection defined in the configuration will be used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
group-name If set, backup servers will only pair with live servers with matching group-name.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-secondary/index.html b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-secondary/index.html
index 4fc77f480..af89ad6be 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-secondary/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-secondary/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Attributes (12)
allow-failback Whether a server will automatically stop when a another places a request to take over its place. The use case is when a regular server stops and its backup takes over its duties, later the main server restarts and requests the server (the former backup) to stop operating.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
cluster-name Name of the cluster used for replication. If it is undefined, the name of the first cluster connection defined in the configuration will be used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
group-name If set, backup servers will only pair with live servers with matching group-name.
max-saved-replicated-journal-size This specifies how many times a replicated backup server can restart after moving its files on start. Once there are this number of backup journal files the server will stop permanently after if fails back.
Attribute
Value
Default Value
2
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
restart-backup Will this server, if a backup, restart once it has been stopped because of failback or scaling down.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
scale-down Configure whether this server send its messages to another live server in the scale-down cluster when it is shutdown cleanly.
synchronized-with-live The replication synchronization process with the live server is complete.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (2)
add Add an HA Policy to configure high availability for this ActiveMQ server.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
allow-failback
BOOLEAN
false
true
true
Whether a server will automatically stop when a another places a request to take over its place. The use case is when a regular server stops and its backup takes over its duties, later the main server restarts and requests the server (the former backup) to stop operating.
cluster-name
STRING
false
true
Name of the cluster used for replication. If it is undefined, the name of the first cluster connection defined in the configuration will be used.
group-name
STRING
false
true
If set, backup servers will only pair with live servers with matching group-name.
initial-replication-sync-timeout
LONG
false
true
30000
How long to wait until the initiation replication is synchronized.
max-saved-replicated-journal-size
INT
false
true
2
This specifies how many times a replicated backup server can restart after moving its files on start. Once there are this number of backup journal files the server will stop permanently after if fails back.
restart-backup
BOOLEAN
false
true
true
Will this server, if a backup, restart once it has been stopped because of failback or scaling down.
scale-down
BOOLEAN
false
true
Configure whether this server send its messages to another live server in the scale-down cluster when it is shutdown cleanly.
scale-down-cluster-name
STRING
false
true
Name of the cluster used to scale down.
scale-down-connectors
LIST
false
false
List of connectors used to form the scale-down cluster.
scale-down-discovery-group
STRING
false
false
Name of the discovery group used to build the scale-down cluster
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/configuration/primary/index.html b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/configuration/primary/index.html
index 0cc006a57..81eb620d6 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/configuration/primary/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/configuration/primary/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/configuration/secondary/index.html b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/configuration/secondary/index.html
index aed45da41..bc9bff16a 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/configuration/secondary/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/configuration/secondary/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Attributes (8)
allow-failback Whether a server will automatically stop when a another places a request to take over its place. The use case is when a regular server stops and its backup takes over its duties, later the main server restarts and requests the server (the former backup) to stop operating.
add Add an HA Policy to configure high availability for this ActiveMQ server.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
allow-failback
BOOLEAN
false
true
true
Whether a server will automatically stop when a another places a request to take over its place. The use case is when a regular server stops and its backup takes over its duties, later the main server restarts and requests the server (the former backup) to stop operating.
failover-on-server-shutdown
BOOLEAN
false
true
false
Whether the server must failover when it is normally shutdown.
restart-backup
BOOLEAN
false
true
true
Will this server, if a backup, restart once it has been stopped because of failback or scaling down.
scale-down
BOOLEAN
false
true
Configure whether this server send its messages to another live server in the scale-down cluster when it is shutdown cleanly.
scale-down-cluster-name
STRING
false
true
Name of the cluster used to scale down.
scale-down-connectors
LIST
false
false
List of connectors used to form the scale-down cluster.
scale-down-discovery-group
STRING
false
false
Name of the discovery group used to build the scale-down cluster
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/index.html b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/index.html
index 802c4a954..a7ac17246 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Children (1)
configuration Configuration
primary A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
secondary A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Attributes (5)
backup-port-offset The offset to use for the Connectors and Acceptors when creating a new backup server.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
backup-request-retries How many times the live server will try to request a backup, -1 means for ever.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-primary/index.html b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-primary/index.html
index 020b9944e..71aca66e8 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-primary/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-primary/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-secondary/index.html b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-secondary/index.html
index b2e31b0c1..ca11f7375 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-secondary/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-secondary/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Attributes (8)
allow-failback Whether a server will automatically stop when a another places a request to take over its place. The use case is when a regular server stops and its backup takes over its duties, later the main server restarts and requests the server (the former backup) to stop operating.
add Add an HA Policy to configure high availability for this ActiveMQ server.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
allow-failback
BOOLEAN
false
true
true
Whether a server will automatically stop when a another places a request to take over its place. The use case is when a regular server stops and its backup takes over its duties, later the main server restarts and requests the server (the former backup) to stop operating.
failover-on-server-shutdown
BOOLEAN
false
true
false
Whether the server must failover when it is normally shutdown.
restart-backup
BOOLEAN
false
true
true
Will this server, if a backup, restart once it has been stopped because of failback or scaling down.
scale-down
BOOLEAN
false
true
Configure whether this server send its messages to another live server in the scale-down cluster when it is shutdown cleanly.
scale-down-cluster-name
STRING
false
true
Name of the cluster used to scale down.
scale-down-connectors
LIST
false
false
List of connectors used to form the scale-down cluster.
scale-down-discovery-group
STRING
false
false
Name of the discovery group used to build the scale-down cluster
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/http-acceptor/index.html b/29/wildscribe/subsystem/messaging-activemq/server/http-acceptor/index.html
index d111f256a..d3aaba583 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/http-acceptor/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/http-acceptor/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/http-connector/index.html b/29/wildscribe/subsystem/messaging-activemq/server/http-connector/index.html
index c8bbd1f76..63ec2de43 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/http-connector/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/http-connector/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
endpoint The http-acceptor that serves as the endpoint of this http-connector.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
params A key-value pair understood by the connector factory-class and used to configure it.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
server-name The name of the ActiveMQ Artemis server that will be connected to on the remote server. If undefined, the name of the parent ActiveMQ Artemis server will be used (suitable if the http-connector is used to connect to the parent server)
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
socket-binding The socket binding that the connector will use to create connections
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
ssl-context The SSL context that the connector will use to connect
The http-acceptor that serves as the endpoint of this http-connector.
params
OBJECT
false
true
A key-value pair understood by the connector factory-class and used to configure it.
server-name
STRING
false
false
The name of the ActiveMQ Artemis server that will be connected to on the remote server. If undefined, the name of the parent ActiveMQ Artemis server will be used (suitable if the http-connector is used to connect to the parent server)
socket-binding
STRING
true
false
The socket binding that the connector will use to create connections
ssl-context
STRING
false
false
The SSL context that the connector will use to connect
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/in-vm-acceptor/index.html b/29/wildscribe/subsystem/messaging-activemq/server/in-vm-acceptor/index.html
index 68047fa0c..9f0cc80a1 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/in-vm-acceptor/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/in-vm-acceptor/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/in-vm-connector/index.html b/29/wildscribe/subsystem/messaging-activemq/server/in-vm-connector/index.html
index 40e443bf7..818cf371b 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/in-vm-connector/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/in-vm-connector/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/index.html b/29/wildscribe/subsystem/messaging-activemq/server/index.html
index 50a49c3ae..0b28a380c 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/index.html
@@ -1,320 +1,11 @@
- WildFly Full 29 Model Reference
acceptor An acceptor defines a way in which connections can be made to the ActiveMQ server.
address-setting An address setting defines some attributes that are defined against an address wildcard rather than a specific queue.
bridge The function of a bridge is to consume messages from a source queue, and forward them to a target address, typically on a different ActiveMQ server.
broadcast-group A broadcast group is the means by which a server broadcasts connectors over the network.
cluster-connection Cluster connections group servers into clusters so that messages can be load balanced between the nodes of the cluster.
connector A connector can be used by a client to define how it connects to a server.
connector-service A connector service allows to integrate external components with Apache ActiveMQ Artemis to send and receive messages.
core-address A runtime-only resource representing a ActiveMQ "address". Zero or more queues can be bound to a single address. When a message is routed, it is routed to the set of queues bound to the message's address.
discovery-group Multicast group to listen to receive broadcast from other servers announcing their connectors.
divert A messaging resource that allows you to transparently divert messages routed to one address to some other address, without making any changes to any client application logic.
grouping-handler Makes decisions about which node in a cluster should handle a message with a group id assigned.
ha-policy A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
live-only A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
replication-colocated A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
replication-primary A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
replication-secondary A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
shared-store-colocated A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
shared-store-primary A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
shared-store-secondary A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
http-acceptor Defines a way in which remote connections can be made to the ActiveMQ server over HTTP.
http-connector Used by a remote client to define how it connects to a server over HTTP.
in-vm-acceptor Defines a way in which in-VM connections can be made to the ActiveMQ server.
in-vm-connector Used by an in-VM client to define how it connects to a server.
jgroups-broadcast-group A broadcast group is the means by which a server broadcasts connectors over the network using JGroups cluster configuration.
jgroups-discovery-group Multicast group to listen to receive broadcast from other servers announcing their connectors using JGroups cluster configuration.
async-connection-execution-enabled Whether incoming packets on the server should be handed off to a thread from the thread pool for processing. False if they should be handled on the remoting thread.
jmx-domain The JMX domain used to register internal ActiveMQ MBeans in the MBeanServer.
Attribute
Value
Default Value
org.apache.activemq.artemis
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
jmx-management-enabled Whether ActiveMQ should expose its internal management API via JMX. This is not recommended, as accessing these MBeans can lead to inconsistent configuration.
journal-database Type of the database (can be used to customize SQL statements). If this attribute is not specified, the type of the database will be determined based on the DataSource metadata.
journal-pool-files The number of journal files that can be reused. ActiveMQ will create as many files as needed however when reclaiming files it will shrink back to the value (-1 means no limit).
Attribute
Value
Default Value
10
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
journal-sync-non-transactional Whether to wait for non transaction data to be synced to the journal before returning a response to the client.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
journal-sync-transactional Whether to wait for transaction data to be synchronized to the journal before returning a response to the client.
perf-blast-pages Number of pages to add to check the journal performance (only meant to be used to test performance of pages).
Deprecated Since 3.0.0
Artemis 2 no longer supports this attribute.
Attribute
Value
Default Value
-1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
persist-delivery-count-before-delivery Whether the delivery count is persisted before delivery. False means that this only happens after a message has been cancelled.
statistics-enabled Whether gathering of statistics such as message counters are enabled.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
thread-pool-max-size The number of threads that the main thread pool has. -1 means no limit.
Attribute
Value
Default Value
30
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
transaction-timeout Default duration before a transaction will be rolled back after create time. If a Transaction Manager is used, this value will be replaced by that of the TM.
How often to scan for addresses and queues which should be deleted.
async-connection-execution-enabled
BOOLEAN
false
true
true
Whether incoming packets on the server should be handed off to a thread from the thread pool for processing. False if they should be handled on the remoting thread.
connection-ttl-override
LONG
false
true
-1
If set, this will override how long (in ms) to keep a connection alive without receiving a ping.
id-cache-size
INT
false
true
20000
The size of the cache for pre-creating message IDs.
incoming-interceptors
LIST
false
false
The list of incoming interceptor classes used by this server.
outgoing-interceptors
LIST
false
false
The list of outgoing interceptor classes used by this server.
page-max-concurrent-io
INT
false
true
5
The maximum number of concurrent reads allowed on paging
persist-delivery-count-before-delivery
BOOLEAN
false
true
false
Whether the delivery count is persisted before delivery. False means that this only happens after a message has been cancelled.
persist-id-cache
BOOLEAN
false
true
true
Whether IDs are persisted to the journal.
persistence-enabled
BOOLEAN
false
true
true
Whether the server will use the file based journal for persistence.
scheduled-thread-pool-max-size
INT
false
true
5
The number of threads that the main scheduled thread pool has.
thread-pool-max-size
INT
false
true
30
The number of threads that the main thread pool has. -1 means no limit.
wild-card-routing-enabled
BOOLEAN
false
true
true
Whether the server supports wild card routing.
cluster-credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate to cluster
cluster-password
STRING
false
true
CHANGE ME!!
The password used by cluster connections to communicate between the clustered nodes.
cluster-user
STRING
false
true
ACTIVEMQ.CLUSTER.ADMIN.USER
The user used by cluster connections to communicate between the clustered nodes.
critical-analyzer-check-period
LONG
false
true
0
Time used to check the response times (defaults to half of critical-analyzer-timeout).
critical-analyzer-enabled
BOOLEAN
false
true
true
To enable or disable the critical analyzer.
critical-analyzer-policy
STRING
false
true
LOG
Should the messaging server log, be halted or shutdown upon failures.
critical-analyzer-timeout
LONG
false
true
120000
Timeout used to do the critical analysis.
memory-measure-interval
LONG
false
true
-1
Frequency to sample JVM memory in ms (or -1 to disable memory sampling)
memory-warning-threshold
INT
false
true
25
Percentage of available memory which if exceeded results in a warning log
perf-blast-pages
INT
false
true
-1
Number of pages to add to check the journal performance (only meant to be used to test performance of pages).
run-sync-speed-test
BOOLEAN
false
true
false
Whether on startup to perform a diagnostic test on how fast your disk can sync. Useful when determining performance issues.
server-dump-interval
LONG
false
true
-1
How often to dump basic runtime information to the server log. A value less than 1 disables this feature.
create-bindings-dir
BOOLEAN
false
true
true
Whether the server should create the bindings directory on start up.
create-journal-dir
BOOLEAN
false
true
true
Whether the server should create the journal directory on start up.
disk-scan-period
INT
false
true
5000
The interval where the disk is scanned for percentual usage.
global-max-disk-usage
INT
false
true
100
The maximum percentage of data we should use from disks. The System will block while the disk is full.
global-max-memory-size
LONG
false
true
-1
Maximum amount of memory which message data may consume.
journal-bindings-table
STRING
false
true
BINDINGS
Name of the JDBC table to store the bindings.
journal-buffer-size
LONG
false
true
The size of the internal buffer on the journal.
journal-buffer-timeout
LONG
false
true
The timeout (in nanoseconds) used to flush internal buffers on the journal.
journal-compact-min-files
INT
false
true
10
The minimal number of journal data files before we can start compacting.
journal-compact-percentage
INT
false
true
30
The percentage of live data on which we consider compacting the journal.
journal-database
STRING
false
true
Type of the database (can be used to customize SQL statements). If this attribute is not specified, the type of the database will be determined based on the DataSource metadata.
journal-datasource
STRING
false
false
Name of the DataSource for the JDBC store.
journal-file-open-timeout
INT
false
true
5
The timeout (in seconds) for opening journal files. Values <= 0 mean fail immediately.
journal-file-size
LONG
false
true
10485760
The size (in bytes) of each journal file.
journal-jdbc-lock-expiration
INT
false
true
20
The time the HA lock is considered valid without keeping it alive.
journal-jdbc-lock-renew-period
INT
false
true
4
The renewal period for the HA lock to keep it alive.
journal-jdbc-network-timeout
INT
false
true
20
The timeout used by the JDBC connection to detect network issues.
journal-jms-bindings-table
STRING
false
true
JMS_BINDINGS
Name of the JDBC table to store the Jakarta Messaging bindings.
journal-large-messages-table
STRING
false
true
LARGE_MESSAGES
Name of the JDBC table to store the large messages.
journal-max-attic-files
INT
false
true
10
The maximum number of journal files stored in the attic in case of corrupted journal files.
journal-max-io
INT
false
true
The maximum number of write requests that can be in the AIO queue at any one time.
journal-messages-table
STRING
false
true
MESSAGES
Name of the JDBC table to store the messages.
journal-min-files
INT
false
true
2
How many journal files to pre-create.
journal-node-manager-store-table
STRING
false
true
NODE_MANAGER_STORE
Name of the JDBC table to store the node manager.
journal-page-store-table
STRING
false
true
PAGE_STORE
Name of the JDBC table to store pages.
journal-pool-files
INT
false
true
10
The number of journal files that can be reused. ActiveMQ will create as many files as needed however when reclaiming files it will shrink back to the value (-1 means no limit).
journal-sync-non-transactional
BOOLEAN
false
true
true
Whether to wait for non transaction data to be synced to the journal before returning a response to the client.
journal-sync-transactional
BOOLEAN
false
true
true
Whether to wait for transaction data to be synchronized to the journal before returning a response to the client.
journal-type
STRING
false
true
ASYNCIO
The type of journal to use.
log-journal-write-rate
BOOLEAN
false
true
false
Whether to periodically log the journal's write rate and flush rate.
jmx-domain
STRING
false
true
org.apache.activemq.artemis
The JMX domain used to register internal ActiveMQ MBeans in the MBeanServer.
jmx-management-enabled
BOOLEAN
false
true
false
Whether ActiveMQ should expose its internal management API via JMX. This is not recommended, as accessing these MBeans can lead to inconsistent configuration.
management-address
STRING
false
true
activemq.management
Address to send management messages to.
management-notification-address
STRING
false
true
activemq.notifications
The name of the address that consumers bind to to receive management notifications.
message-expiry-scan-period
LONG
false
true
30000
How often (in ms) to scan for expired messages.
message-expiry-thread-priority
INT
false
true
3
The priority of the thread expiring messages.
network-check-list
STRING
false
true
This is a comma separated list, no spaces, of DNS or IPs (it should accept IPV6) to be used to validate the network.
network-check-nic
STRING
false
true
The NIC (Network Interface Controller) to be used to validate the network.
network-check-period
LONG
false
true
5000
The frequency of how often we should check if the network is still up.
network-check-ping-command
STRING
false
true
ping -c 1 -t %d %s
The command used to ping IPV4 addresses.
network-check-ping6-command
STRING
false
true
ping6 -c 1 %2$s
The command used to ping IPV6 addresses.
network-check-timeout
LONG
false
true
1000
The timeout used on the ping.
network-check-url-list
STRING
false
true
The list of HTTP URIs to be used to validate the network.
elytron-domain
STRING
false
false
The name of the Elytron security domain used to verify user and role information.
override-in-vm-security
BOOLEAN
false
true
true
Whether the ActiveMQ server will override security credentials for in-vm connections.
security-domain
STRING
false
false
The security domain to use to verify user and role information.
security-enabled
BOOLEAN
false
true
true
Whether security is enabled.
security-invalidation-interval
LONG
false
true
10000
How long (in ms) to wait before invalidating the security cache.
message-counter-max-day-history
INT
false
true
10
How many days to keep message counter history.
message-counter-sample-period
LONG
false
true
10000
The sample period (in ms) to use for message counters.
statistics-enabled
BOOLEAN
false
true
false
Whether gathering of statistics such as message counters are enabled.
transaction-timeout
LONG
false
true
300000
Default duration before a transaction will be rolled back after create time. If a Transaction Manager is used, this value will be replaced by that of the TM.
transaction-timeout-scan-period
LONG
false
true
1000
How often (in ms) to scan for timeout transactions.
close-connections-for-address Closes all the connections of clients connected to this server whose remote address contains the specified IP address.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
ip-address
STRING
true
false
An IP address in string format.
Reply properties
True if any connections were closed, false otherwise.
type
BOOLEAN
close-connections-for-user Closes all the connections of clients connected to this server under the specified user name.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
user
STRING
true
false
An user name.
Reply properties
True if any connections were closed, false otherwise.
A list of strings. The Strings are Base-64 representation of the transaction XID and can be used to heuristically commit or rollback the transactions.
type
LIST
Value Type
STRING
list-producers-info-as-json For all sessions, lists information about message producers using JSON serialization.
Reply properties
A JSON string containing an array of producer details.
type
STRING
list-remote-addresses Lists the addresses of all the clients connected to the given address. If an ip-address argument is supplied, only those clients whose remote address string includes the given ip-address string will be returned.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
ip-address
STRING
false
false
An IP address in string format.
Reply properties
A list of strings, where the strings are remote client addresses.
type
LIST
Value Type
STRING
list-sessions Lists all the sessions IDs for the specified connection ID.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
connection-id
STRING
true
false
The connection id.
Reply properties
A list of strings, where each string is a session ID.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/jgroups-broadcast-group/index.html b/29/wildscribe/subsystem/messaging-activemq/server/jgroups-broadcast-group/index.html
index 8a2fc184c..3ca4f762e 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/jgroups-broadcast-group/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/jgroups-broadcast-group/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/jgroups-discovery-group/index.html b/29/wildscribe/subsystem/messaging-activemq/server/jgroups-discovery-group/index.html
index 7583505c1..cac06c57a 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/jgroups-discovery-group/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/jgroups-discovery-group/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
refresh-timeout Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
Period, in ms, to wait for an initial broadcast to give us at least one node in the cluster.
jgroups-channel
STRING
false
false
References the name of a JGroups channel. If undefined, the default channel will be used.
jgroups-cluster
STRING
true
false
The logical cluster name.
jgroups-stack
STRING
false
false
References the name of a JGroups channel factory.
refresh-timeout
LONG
false
true
10000
Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/jms-queue/index.html b/29/wildscribe/subsystem/messaging-activemq/server/jms-queue/index.html
index c374eadba..14ec55274 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/jms-queue/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/jms-queue/index.html
@@ -1,159 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/jms-topic/index.html b/29/wildscribe/subsystem/messaging-activemq/server/jms-topic/index.html
index 52d613f4b..4e80f670f 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/jms-topic/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/jms-topic/index.html
@@ -1,377 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/legacy-connection-factory/index.html b/29/wildscribe/subsystem/messaging-activemq/server/legacy-connection-factory/index.html
index fff956361..e5fed1a67 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/legacy-connection-factory/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/legacy-connection-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
false
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
discovery-group
STRING
false
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
factory-type
STRING
false
true
GENERIC
The type of connection factory.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
false
Whether the connection factory supports High Availability.
initial-connect-attempts
INT
false
true
1
The number of attempts for the initial connection to the server.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/path/bindings-directory/index.html b/29/wildscribe/subsystem/messaging-activemq/server/path/bindings-directory/index.html
index c35a44d9c..7993b8424 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/path/bindings-directory/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/path/bindings-directory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A filesystem path pointing to one of the locations where ActiveMQ stores persistent data.
Attributes (2)
path The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
Attribute
Value
Default Value
activemq/bindings
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
relative-to
STRING
false
false
jboss.server.data.dir
The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/path/journal-directory/index.html b/29/wildscribe/subsystem/messaging-activemq/server/path/journal-directory/index.html
index 222bbd68f..680550df9 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/path/journal-directory/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/path/journal-directory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A filesystem path pointing to one of the locations where ActiveMQ stores persistent data.
Attributes (2)
path The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
Attribute
Value
Default Value
activemq/journal
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
relative-to
STRING
false
false
jboss.server.data.dir
The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/path/large-messages-directory/index.html b/29/wildscribe/subsystem/messaging-activemq/server/path/large-messages-directory/index.html
index 2abc867e2..ce3e95786 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/path/large-messages-directory/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/path/large-messages-directory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A filesystem path pointing to one of the locations where ActiveMQ stores persistent data.
Attributes (2)
path The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
Attribute
Value
Default Value
activemq/largemessages
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
relative-to
STRING
false
false
jboss.server.data.dir
The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/path/paging-directory/index.html b/29/wildscribe/subsystem/messaging-activemq/server/path/paging-directory/index.html
index 8b7c5a64b..5867f4c41 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/path/paging-directory/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/path/paging-directory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A filesystem path pointing to one of the locations where ActiveMQ stores persistent data.
Attributes (2)
path The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
Attribute
Value
Default Value
activemq/paging
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
relative-to
STRING
false
false
jboss.server.data.dir
The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/pooled-connection-factory/index.html b/29/wildscribe/subsystem/messaging-activemq/server/pooled-connection-factory/index.html
index 1f87e7019..95a5c4f3a 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/pooled-connection-factory/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/pooled-connection-factory/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allow-local-transactions Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
credential-reference Credential (from Credential Store) to authenticate the pooled connection factory
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
enlistment-trace Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
entries The jndi names the connection factory should be bound to.
use-jndi Use JNDI to locate the destination for incoming connections
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-local-tx Use a local transaction for incoming sessions
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
user The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
true
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate the pooled connection factory
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
false
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
enlistment-trace
BOOLEAN
false
true
Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
false
Whether the connection factory supports High Availability.
initial-connect-attempts
INT
false
true
1
The number of attempts to connect initially with this factory.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
managed-connection-pool
STRING
false
true
The class name of the managed connection pool used by this pooled-connection-factory.
max-pool-size
INT
false
true
20
The maximum size for the pool
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
min-pool-size
INT
false
true
0
The minimum size for the pool
password
STRING
false
true
The default password to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this pooled connection factory.
reconnect-attempts
INT
false
true
-1
The reconnect attempts. By default, a pooled connection factory will try to reconnect infinitely to the messaging server(s).
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction
STRING
false
true
xa
The type of transaction supported by this pooled connection factory (can be LOCAL, NONE or XA, default is XA).
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-auto-recovery
BOOLEAN
false
true
true
True to use auto recovery.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
user
STRING
false
true
The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
jndi-params
STRING
false
true
The JNDI params to use for locating the destination for incoming connections.
rebalance-connections
BOOLEAN
false
true
false
Rebalance inbound connections when cluster topology changes.
setup-attempts
INT
false
true
The number of times to set up an MDB endpoint
setup-interval
LONG
false
true
The interval between attempts at setting up an MDB endpoint.
use-jndi
BOOLEAN
false
true
Use JNDI to locate the destination for incoming connections
use-local-tx
BOOLEAN
false
true
Use a local transaction for incoming sessions
allow-local-transactions
BOOLEAN
false
true
false
Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/queue/index.html b/29/wildscribe/subsystem/messaging-activemq/server/queue/index.html
index 3091ab605..78d3c4551 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/queue/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/queue/index.html
@@ -1,219 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/remote-acceptor/index.html b/29/wildscribe/subsystem/messaging-activemq/server/remote-acceptor/index.html
index 5b47fb528..eb53c626f 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/remote-acceptor/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/remote-acceptor/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/remote-connector/index.html b/29/wildscribe/subsystem/messaging-activemq/server/remote-connector/index.html
index e6f3b5581..cd50a6784 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/remote-connector/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/remote-connector/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/runtime-queue/index.html b/29/wildscribe/subsystem/messaging-activemq/server/runtime-queue/index.html
index 1d70b1365..72d701e9f 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/runtime-queue/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/runtime-queue/index.html
@@ -1,219 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/security-setting/index.html b/29/wildscribe/subsystem/messaging-activemq/server/security-setting/index.html
index dfc878f3b..e0d005127 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/security-setting/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/security-setting/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/security-setting/role/index.html b/29/wildscribe/subsystem/messaging-activemq/server/security-setting/role/index.html
index 666192efb..76eb2c9c0 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/security-setting/role/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/security-setting/role/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/socket-broadcast-group/index.html b/29/wildscribe/subsystem/messaging-activemq/server/socket-broadcast-group/index.html
index beb00690e..819dcaced 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/socket-broadcast-group/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/socket-broadcast-group/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/server/socket-discovery-group/index.html b/29/wildscribe/subsystem/messaging-activemq/server/socket-discovery-group/index.html
index cddad6e00..c3e7f1ef8 100644
--- a/29/wildscribe/subsystem/messaging-activemq/server/socket-discovery-group/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/server/socket-discovery-group/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
initial-wait-timeout Period, in ms, to wait for an initial broadcast to give us at least one node in the cluster.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
refresh-timeout Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
Period, in ms, to wait for an initial broadcast to give us at least one node in the cluster.
refresh-timeout
LONG
false
true
10000
Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/messaging-activemq/socket-discovery-group/index.html b/29/wildscribe/subsystem/messaging-activemq/socket-discovery-group/index.html
index 0b874d351..f721aaad1 100644
--- a/29/wildscribe/subsystem/messaging-activemq/socket-discovery-group/index.html
+++ b/29/wildscribe/subsystem/messaging-activemq/socket-discovery-group/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
initial-wait-timeout Period, in ms, to wait for an initial broadcast to give us at least one node in the cluster.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
refresh-timeout Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
Period, in ms, to wait for an initial broadcast to give us at least one node in the cluster.
refresh-timeout
LONG
false
true
10000
Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/metrics/index.html b/29/wildscribe/subsystem/metrics/index.html
index f485bfe94..a86e065d3 100644
--- a/29/wildscribe/subsystem/metrics/index.html
+++ b/29/wildscribe/subsystem/metrics/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/micrometer/index.html b/29/wildscribe/subsystem/micrometer/index.html
index c396608cc..2f74c7e92 100644
--- a/29/wildscribe/subsystem/micrometer/index.html
+++ b/29/wildscribe/subsystem/micrometer/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/microprofile-config-smallrye/config-source-provider/index.html b/29/wildscribe/subsystem/microprofile-config-smallrye/config-source-provider/index.html
index 178235851..7d841265d 100644
--- a/29/wildscribe/subsystem/microprofile-config-smallrye/config-source-provider/index.html
+++ b/29/wildscribe/subsystem/microprofile-config-smallrye/config-source-provider/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/microprofile-config-smallrye/config-source/index.html b/29/wildscribe/subsystem/microprofile-config-smallrye/config-source/index.html
index f5be18ea1..b760a7405 100644
--- a/29/wildscribe/subsystem/microprofile-config-smallrye/config-source/index.html
+++ b/29/wildscribe/subsystem/microprofile-config-smallrye/config-source/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
properties Properties configured for this config source and stored directly in WildFly management model.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add Add a Config Source (the source of the configuration is determined by the attributes of the config-source (class to provide a new ConfigSource implementation, properties to store configuration values in WildFly management model, etc.)
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
class
OBJECT
false
false
Class of the config source to load
dir
OBJECT
false
false
Directory that is scanned to config properties for this config source (file names are key, file content are value)
ordinal
INT
false
true
100
Ordinal value for the config source
properties
OBJECT
false
false
Properties configured for this config source and stored directly in WildFly management model.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/microprofile-config-smallrye/index.html b/29/wildscribe/subsystem/microprofile-config-smallrye/index.html
index 0f832e855..ecde9f9a3 100644
--- a/29/wildscribe/subsystem/microprofile-config-smallrye/index.html
+++ b/29/wildscribe/subsystem/microprofile-config-smallrye/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/microprofile-fault-tolerance-smallrye/index.html b/29/wildscribe/subsystem/microprofile-fault-tolerance-smallrye/index.html
index e4dc3f60f..650433691 100644
--- a/29/wildscribe/subsystem/microprofile-fault-tolerance-smallrye/index.html
+++ b/29/wildscribe/subsystem/microprofile-fault-tolerance-smallrye/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/microprofile-jwt-smallrye/index.html b/29/wildscribe/subsystem/microprofile-jwt-smallrye/index.html
index de951e512..5256409b0 100644
--- a/29/wildscribe/subsystem/microprofile-jwt-smallrye/index.html
+++ b/29/wildscribe/subsystem/microprofile-jwt-smallrye/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/microprofile-openapi-smallrye/index.html b/29/wildscribe/subsystem/microprofile-openapi-smallrye/index.html
index 315ae033b..e2733d0be 100644
--- a/29/wildscribe/subsystem/microprofile-openapi-smallrye/index.html
+++ b/29/wildscribe/subsystem/microprofile-openapi-smallrye/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/microprofile-telemetry/index.html b/29/wildscribe/subsystem/microprofile-telemetry/index.html
index e63fffbb2..3a3e840ae 100644
--- a/29/wildscribe/subsystem/microprofile-telemetry/index.html
+++ b/29/wildscribe/subsystem/microprofile-telemetry/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/modcluster/index.html b/29/wildscribe/subsystem/modcluster/index.html
index 531086bb9..974271c9e 100644
--- a/29/wildscribe/subsystem/modcluster/index.html
+++ b/29/wildscribe/subsystem/modcluster/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configuration and runtime operations for mod_cluster subsystem.
Children (1)
proxy Proxy resource coupled with single Undertow listener (and server) specifying load balancer discovery, its configuration and load balance factor provider. Multiple proxy configuration can be specified.
Operations (2)
add Add the mod_cluster subsystem leaving the server in 'reload-required' state.
remove Remove the mod_cluster subsystem leaving the server in 'reload-required' state.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/modcluster/proxy/index.html b/29/wildscribe/subsystem/modcluster/proxy/index.html
index ad7f6eb86..930c5272a 100644
--- a/29/wildscribe/subsystem/modcluster/proxy/index.html
+++ b/29/wildscribe/subsystem/modcluster/proxy/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Proxy resource coupled with single Undertow listener (and server) specifying load balancer discovery, its configuration and load balance factor provider. Multiple proxy configuration can be specified.
auto-enable-contexts If false, the contexts are registered with the reverse proxy as disabled, they need to be enabled manually by 'enable-context' operation or via mod_cluster_manager console (if available).
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
balancer The name of the balancer on the reverse proxy to register with.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
excluded-contexts List of contexts to exclude from registration with the reverse proxies.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
flush-packets Whether to enable packet flushing on the reverse proxy.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
flush-wait Time to wait before flushing packets on the reverse proxy.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
listener The name of Undertow listener that will be registered with the reverse proxy.
max-attempts Maximum number of failover attempts by reverse proxy when sending the request to the backend server.
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
node-timeout Timeout (in seconds) for proxy connections to a node. That is the time mod_cluster will wait for the back-end response before returning an error.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
ping Number of seconds for which to wait for a pong answer to a ping.
Attribute
Value
Default Value
10
Type
INT
Nillable
true
Expressions Allowed
true
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
proxies List of reverse proxies for mod_cluster to register with defined by 'outbound-socket-binding' in 'socket-binding-group'.
status-interval Number of seconds a STATUS message is sent from the application server to the proxy.
Attribute
Value
Default Value
10
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
sticky-session Indicates whether subsequent requests for a given session should be routed to the same node, if possible.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
sticky-session-force Indicates whether the reverse proxy should run an error in the event that the balancer is unable to route a request to the node to which it is stuck. Ignored if sticky sessions are disabled.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
sticky-session-remove Indicates whether the reverse proxy should remove session stickiness in the event that the balancer is unable to route a request to the node to which it is stuck. Ignored if sticky sessions are disabled.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
stop-context-timeout Maximum time to wait for context to process pending requests.
Attribute
Value
Default Value
10
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
ttl Time to live (in seconds) for idle connections above smax.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
worker-timeout Number of seconds to wait for a worker to become available to handle a request.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (15)
add Add a proxy resource requiring an Undertow listener reference leaving the server in 'reload-required' state.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
advertise
BOOLEAN
false
true
true
Whether to enable multicast-based advertise mechanism.
advertise-security-key
STRING
false
true
If specified, reverse proxy advertisements checksums will be verified using this value as a salt.
advertise-socket
STRING
false
true
Name of socket binding to use for the advertise socket.
auto-enable-contexts
BOOLEAN
false
true
true
If false, the contexts are registered with the reverse proxy as disabled, they need to be enabled manually by 'enable-context' operation or via mod_cluster_manager console (if available).
balancer
STRING
false
true
The name of the balancer on the reverse proxy to register with.
excluded-contexts
STRING
false
true
List of contexts to exclude from registration with the reverse proxies.
flush-packets
BOOLEAN
false
true
false
Whether to enable packet flushing on the reverse proxy.
flush-wait
INT
false
true
Time to wait before flushing packets on the reverse proxy.
listener
STRING
true
true
The name of Undertow listener that will be registered with the reverse proxy.
load-balancing-group
STRING
false
true
Name of the load balancing group this node belongs to.
max-attempts
INT
false
true
1
Maximum number of failover attempts by reverse proxy when sending the request to the backend server.
node-timeout
INT
false
true
Timeout (in seconds) for proxy connections to a node. That is the time mod_cluster will wait for the back-end response before returning an error.
ping
INT
false
true
10
Number of seconds for which to wait for a pong answer to a ping.
proxies
LIST
false
false
List of reverse proxies for mod_cluster to register with defined by 'outbound-socket-binding' in 'socket-binding-group'.
proxy-url
STRING
false
true
/
Base URL for MCMP requests.
session-draining-strategy
STRING
false
true
DEFAULT
Session draining strategy used during undeployment of a web application.
smax
INT
false
true
Soft maximum idle connection count for reverse proxy.
socket-timeout
INT
false
true
20
Timeout to wait for the reverse proxy to answer a MCMP message.
ssl-context
STRING
false
true
Reference to the SSLContext to be used by mod_cluster.
status-interval
INT
false
true
10
Number of seconds a STATUS message is sent from the application server to the proxy.
sticky-session
BOOLEAN
false
true
true
Indicates whether subsequent requests for a given session should be routed to the same node, if possible.
sticky-session-remove
BOOLEAN
false
true
false
Indicates whether the reverse proxy should remove session stickiness in the event that the balancer is unable to route a request to the node to which it is stuck. Ignored if sticky sessions are disabled.
sticky-session-force
BOOLEAN
false
true
false
Indicates whether the reverse proxy should run an error in the event that the balancer is unable to route a request to the node to which it is stuck. Ignored if sticky sessions are disabled.
stop-context-timeout
INT
false
true
10
Maximum time to wait for context to process pending requests.
ttl
INT
false
true
Time to live (in seconds) for idle connections above smax.
worker-timeout
INT
false
true
Number of seconds to wait for a worker to become available to handle a request.
add-proxy Add a reverse proxy to the list of proxies to register with.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
host
STRING
true
false
Host of the reverse proxy.
port
INT
true
false
Port of the reverse proxy accepting MCMP commands.
disable Tell reverse proxies that all contexts of the node can't process new requests.
Reply properties
type
BOOLEAN
disable-context Tell reverse proxies that the context can't process new requests.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
virtualhost
STRING
true
false
Name of the virtual host to disable context on.
context
STRING
true
false
Name of the context to disable.
Reply properties
type
BOOLEAN
enable Tell reverse proxies that all contexts on the node are ready to receive requests.
Reply properties
type
BOOLEAN
enable-context Tell reverse proxies that the context is ready to receive requests.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
virtualhost
STRING
true
false
Name of the virtual host to enable context for.
context
STRING
true
false
Name of the context to enable.
Reply properties
type
BOOLEAN
list-proxies List the reverse proxies this node is currently registered with.
read-proxies-info Send an INFO command to the reverse proxies and display the result.
Reply properties
type
LIST
Value Type
STRING
refresh Refresh the node sending a new CONFIG message to the reverse proxies.
remove Remove a proxy resource leaving the server in 'reload-required' state.
remove-proxy Remove the reverse proxy from the list of proxies to register with.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
host
STRING
true
false
Host of the reverse proxy.
port
INT
true
false
Port of the reverse proxy.
reset Reset the node's connection to the reverse proxies.
stop Tell reverse proxies that all contexts on the node can't process requests.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
waittime
INT
false
false
10
Number of seconds for which to wait for sessions to drain before stopping all contexts if session draining is in effect. Negative or zero timeout value will wait indefinitely.
Reply properties
type
BOOLEAN
stop-context Tell reverse proxies that the context can't process requests.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
virtualhost
STRING
true
false
Name of the virtual host to stop the context on.
context
STRING
true
false
Name of the context to stop.
waittime
INT
false
false
10
Number of seconds for which to wait for sessions to drain before stopping the context if session draining is in effect. Negative or zero timeout value will wait indefinitely.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/custom-load-metric/index.html b/29/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/custom-load-metric/index.html
index a30d8f965..bbf47f77c 100644
--- a/29/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/custom-load-metric/index.html
+++ b/29/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/custom-load-metric/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Built-in load metric contributing a value to the overall load factor of a node. The load factors from each metric are aggregated according to their weights.
Attributes (5)
capacity Maximum capacity of the metric used to normalize the load values from a metric which require explicit capacity.
Attribute
Value
Default Value
1.0
Type
DOUBLE
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
class Class name to use to construct a load metric from.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
module Module name from which to load the load metric class.
Attribute
Value
Default Value
org.wildfly.extension.mod_cluster
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
property Properties to apply on a loaded metric instance.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
weight Number indicating the significance of a metric with respect to the other metrics. For example, a metric of weight 2 will have twice the impact on the overall load factor than a metric of weight 1.
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add Add a load metric to the set of load metrics to calculate the load factor from.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
weight
INT
false
true
1
Number indicating the significance of a metric with respect to the other metrics. For example, a metric of weight 2 will have twice the impact on the overall load factor than a metric of weight 1.
capacity
DOUBLE
false
true
1.0
Maximum capacity of the metric used to normalize the load values from a metric which require explicit capacity.
property
OBJECT
false
true
Properties to apply on a loaded metric instance.
class
STRING
true
true
Class name to use to construct a load metric from.
module
STRING
false
true
org.wildfly.extension.mod_cluster
Module name from which to load the load metric class.
remove Remove a load metric from the set of load metrics to calculate the load factor from.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/index.html b/29/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/index.html
index b180a0bca..fcd3efeea 100644
--- a/29/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/index.html
+++ b/29/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configuration and runtime operations for mod_cluster subsystem.
Children (2)
custom-load-metric Custom load metric loaded from a specified Java class contributing a value to the overall load factor of a node. The load factors from each metric are aggregated according to their weights.
load-metric Built-in load metric contributing a value to the overall load factor of a node. The load factors from each metric are aggregated according to their weights.
Attributes (3)
decay The factor by which a historic load values should degrade in significance.
Attribute
Value
Default Value
2.0
Type
DOUBLE
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
history The number of historic (previous) load values to consider in the load balance factor computation.
Attribute
Value
Default Value
9
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
initial-load Initial load within the range [0..100] with which to prepopulate historical values. Used to gradually drive load to the node. Value of 0 prepopulates with full load and value of -1 disables this behavior.
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
100
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add Add a dynamic load provider with no load metrics.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
decay
DOUBLE
false
true
2.0
The factor by which a historic load values should degrade in significance.
history
INT
false
true
9
The number of historic (previous) load values to consider in the load balance factor computation.
initial-load
INT
false
true
0
Initial load within the range [0..100] with which to prepopulate historical values. Used to gradually drive load to the node. Value of 0 prepopulates with full load and value of -1 disables this behavior.
remove Remove a dynamic load provider defaulting to simple load provider.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/load-metric/index.html b/29/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/load-metric/index.html
index 97d94e50a..aebae1067 100644
--- a/29/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/load-metric/index.html
+++ b/29/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/load-metric/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Built-in load metric contributing a value to the overall load factor of a node. The load factors from each metric are aggregated according to their weights.
Attributes (4)
capacity Maximum capacity of the metric used to normalize the load values from a metric which require explicit capacity.
Attribute
Value
Default Value
1.0
Type
DOUBLE
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
property Properties to apply on a loaded metric instance.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
type Type of a built-in load metric from the enumerated values.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
Allowed Values
cpu heap sessions receive-traffic send-traffic requests busyness
weight Number indicating the significance of a metric with respect to the other metrics. For example, a metric of weight 2 will have twice the impact on the overall load factor than a metric of weight 1.
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add Add a load metric to the set of load metrics to calculate the load factor from.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
weight
INT
false
true
1
Number indicating the significance of a metric with respect to the other metrics. For example, a metric of weight 2 will have twice the impact on the overall load factor than a metric of weight 1.
capacity
DOUBLE
false
true
1.0
Maximum capacity of the metric used to normalize the load values from a metric which require explicit capacity.
property
OBJECT
false
true
Properties to apply on a loaded metric instance.
type
STRING
true
false
Type of a built-in load metric from the enumerated values.
remove Remove a load metric from the set of load metrics to calculate the load factor from.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/modcluster/proxy/load-provider/simple/index.html b/29/wildscribe/subsystem/modcluster/proxy/load-provider/simple/index.html
index 4b1ba5c0e..6c4b4091c 100644
--- a/29/wildscribe/subsystem/modcluster/proxy/load-provider/simple/index.html
+++ b/29/wildscribe/subsystem/modcluster/proxy/load-provider/simple/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/naming/binding/index.html b/29/wildscribe/subsystem/naming/binding/index.html
index 0280c0680..767e8cea3 100644
--- a/29/wildscribe/subsystem/naming/binding/index.html
+++ b/29/wildscribe/subsystem/naming/binding/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/naming/index.html b/29/wildscribe/subsystem/naming/index.html
index 2925fd337..f386cfba3 100644
--- a/29/wildscribe/subsystem/naming/index.html
+++ b/29/wildscribe/subsystem/naming/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/naming/service/remote-naming/index.html b/29/wildscribe/subsystem/naming/service/remote-naming/index.html
index 08d54b0f3..d3536adb1 100644
--- a/29/wildscribe/subsystem/naming/service/remote-naming/index.html
+++ b/29/wildscribe/subsystem/naming/service/remote-naming/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/opentelemetry/index.html b/29/wildscribe/subsystem/opentelemetry/index.html
index a89356ec1..24276f9c2 100644
--- a/29/wildscribe/subsystem/opentelemetry/index.html
+++ b/29/wildscribe/subsystem/opentelemetry/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/pojo/index.html b/29/wildscribe/subsystem/pojo/index.html
index 119d8142c..5d8dbbbfc 100644
--- a/29/wildscribe/subsystem/pojo/index.html
+++ b/29/wildscribe/subsystem/pojo/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/remoting/configuration/endpoint/index.html b/29/wildscribe/subsystem/remoting/configuration/endpoint/index.html
index d11be387e..b9a6afeff 100644
--- a/29/wildscribe/subsystem/remoting/configuration/endpoint/index.html
+++ b/29/wildscribe/subsystem/remoting/configuration/endpoint/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The child resource for configuring the remoting endpoint is deprecated. Use the attributes on the parent resource to configure the remoting endpoint.
Endpoint configuration
Attributes (18)
auth-realm The authentication realm to use if no authentication CallbackHandler is specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-retries Specify the number of times a client is allowed to retry authentication before closing the connection.
Attribute
Value
Default Value
3
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
authorize-id The SASL authorization ID. Used as authentication user name to use if no authentication CallbackHandler is specified and the selected SASL mechanism demands a user name.
heartbeat-interval The interval to use for connection heartbeat, in milliseconds. If the connection is idle in the outbound direction for this amount of time, a ping message will be sent, which will trigger a corresponding reply message.
Attribute
Value
Default Value
60000
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-inbound-channels The maximum number of inbound channels to support for a connection.
Attribute
Value
Default Value
40
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-inbound-message-size The maximum inbound message size to be allowed. Messages exceeding this size will cause an exception to be thrown on the reading side as well as the writing side.
Attribute
Value
Default Value
9223372036854775807
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-inbound-messages The maximum number of concurrent inbound messages on a channel.
Attribute
Value
Default Value
80
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-outbound-channels The maximum number of outbound channels to support for a connection.
Attribute
Value
Default Value
40
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-outbound-message-size The maximum outbound message size to send. No messages larger than this well be transmitted; attempting to do so will cause an exception on the writing side.
Attribute
Value
Default Value
9223372036854775807
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-outbound-messages The maximum number of concurrent outbound messages on a channel.
Attribute
Value
Default Value
65535
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
receive-buffer-size The size of the largest buffer that this endpoint will accept over a connection.
Attribute
Value
Default Value
8192
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
receive-window-size The maximum window size of the receive direction for connection channels, in bytes.
Attribute
Value
Default Value
131072
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
sasl-protocol Where a SaslServer or SaslClient are created by default the protocol specified it 'remoting', this can be used to override this.
Attribute
Value
Default Value
remote
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
send-buffer-size The size of the largest buffer that this endpoint will transmit over a connection.
Attribute
Value
Default Value
8192
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
server-name The server side of the connection passes it's name to the client in the initial greeting, by default the name is automatically discovered from the local address of the connection or it can be overridden using this.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
transmit-window-size The maximum window size of the transmit direction for connection channels, in bytes.
The authentication realm to use if no authentication CallbackHandler is specified.
authentication-retries
INT
false
true
3
Specify the number of times a client is allowed to retry authentication before closing the connection.
authorize-id
STRING
false
true
The SASL authorization ID. Used as authentication user name to use if no authentication CallbackHandler is specified and the selected SASL mechanism demands a user name.
buffer-region-size
INT
false
true
The size of allocated buffer regions.
heartbeat-interval
INT
false
true
60000
The interval to use for connection heartbeat, in milliseconds. If the connection is idle in the outbound direction for this amount of time, a ping message will be sent, which will trigger a corresponding reply message.
max-inbound-channels
INT
false
true
40
The maximum number of inbound channels to support for a connection.
max-inbound-message-size
LONG
false
true
9223372036854775807
The maximum inbound message size to be allowed. Messages exceeding this size will cause an exception to be thrown on the reading side as well as the writing side.
max-inbound-messages
INT
false
true
80
The maximum number of concurrent inbound messages on a channel.
max-outbound-channels
INT
false
true
40
The maximum number of outbound channels to support for a connection.
max-outbound-message-size
LONG
false
true
9223372036854775807
The maximum outbound message size to send. No messages larger than this well be transmitted; attempting to do so will cause an exception on the writing side.
max-outbound-messages
INT
false
true
65535
The maximum number of concurrent outbound messages on a channel.
receive-buffer-size
INT
false
true
8192
The size of the largest buffer that this endpoint will accept over a connection.
receive-window-size
INT
false
true
131072
The maximum window size of the receive direction for connection channels, in bytes.
sasl-protocol
STRING
false
true
remote
Where a SaslServer or SaslClient are created by default the protocol specified it 'remoting', this can be used to override this.
send-buffer-size
INT
false
true
8192
The size of the largest buffer that this endpoint will transmit over a connection.
server-name
STRING
false
true
The server side of the connection passes it's name to the client in the initial greeting, by default the name is automatically discovered from the local address of the connection or it can be overridden using this.
transmit-window-size
INT
false
true
131072
The maximum window size of the transmit direction for connection channels, in bytes.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/remoting/connector/index.html b/29/wildscribe/subsystem/remoting/connector/index.html
index 2455d149a..de78e7288 100644
--- a/29/wildscribe/subsystem/remoting/connector/index.html
+++ b/29/wildscribe/subsystem/remoting/connector/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/remoting/connector/property/index.html b/29/wildscribe/subsystem/remoting/connector/property/index.html
index c9492d2cc..677a94de8 100644
--- a/29/wildscribe/subsystem/remoting/connector/property/index.html
+++ b/29/wildscribe/subsystem/remoting/connector/property/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/remoting/connector/security/sasl/index.html b/29/wildscribe/subsystem/remoting/connector/security/sasl/index.html
index 6339fba54..b5c2c0d45 100644
--- a/29/wildscribe/subsystem/remoting/connector/security/sasl/index.html
+++ b/29/wildscribe/subsystem/remoting/connector/security/sasl/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
include-mechanisms The optional nested "include-mechanisms" element contains a list of allowed SASL mechanism names. Only mechanisms that are present in this list will be allowed.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
qop The optional nested "qop" element contains a list of quality-of-protection values, in decreasing order of preference.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
reuse-session The optional nested "reuse-session" boolean element specifies whether or not the server should attempt to reuse previously authenticated session information. The mechanism may or may not support such reuse, and other factors may also prevent it.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
server-auth The optional nested "server-auth" boolean element specifies whether the server should authenticate to the client. Not all mechanisms may support this setting.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
strength The optional nested "strength" element contains a list of cipher strength values, in decreasing order of preference.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Adds the SASL authentication configuration for its connector
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
include-mechanisms
LIST
false
false
The optional nested "include-mechanisms" element contains a list of allowed SASL mechanism names. Only mechanisms that are present in this list will be allowed.
qop
LIST
false
false
The optional nested "qop" element contains a list of quality-of-protection values, in decreasing order of preference.
reuse-session
BOOLEAN
false
true
false
The optional nested "reuse-session" boolean element specifies whether or not the server should attempt to reuse previously authenticated session information. The mechanism may or may not support such reuse, and other factors may also prevent it.
server-auth
BOOLEAN
false
true
false
The optional nested "server-auth" boolean element specifies whether the server should authenticate to the client. Not all mechanisms may support this setting.
strength
LIST
false
false
The optional nested "strength" element contains a list of cipher strength values, in decreasing order of preference.
remove Removes the SASL authentication configuration for its connector
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/remoting/connector/security/sasl/property/index.html b/29/wildscribe/subsystem/remoting/connector/security/sasl/property/index.html
index a46d12ea3..0f218e905 100644
--- a/29/wildscribe/subsystem/remoting/connector/security/sasl/property/index.html
+++ b/29/wildscribe/subsystem/remoting/connector/security/sasl/property/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/remoting/connector/security/sasl/sasl-policy/policy/index.html b/29/wildscribe/subsystem/remoting/connector/security/sasl/sasl-policy/policy/index.html
index 75d3c75d9..6955a15ff 100644
--- a/29/wildscribe/subsystem/remoting/connector/security/sasl/sasl-policy/policy/index.html
+++ b/29/wildscribe/subsystem/remoting/connector/security/sasl/sasl-policy/policy/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
forward-secrecy The optional nested "forward-secrecy" element contains a boolean value which specifies whether mechanisms that implement forward secrecy between sessions are required. Forward secrecy means that breaking into one session will not automatically provide information for breaking into future sessions.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
no-active The optional nested "no-active" element contains a boolean value which specifies whether mechanisms susceptible to active (non-dictionary) attacks are not permitted. "false" to permit, "true" to deny.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
no-anonymous The optional nested "no-anonymous" element contains a boolean value which specifies whether mechanisms that accept anonymous login are permitted. "false" to permit, "true" to deny.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
no-dictionary The optional nested "no-dictionary" element contains a boolean value which specifies whether mechanisms susceptible to passive dictionary attacks are permitted. "false" to permit, "true" to deny.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
no-plain-text The optional nested "no-plain-text" element contains a boolean value which specifies whether mechanisms susceptible to simple plain passive attacks (e.g., "PLAIN") are not permitted. "false" to permit, "true" to deny.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
pass-credentials The optional nested "pass-credentials" element contains a boolean value which specifies whether mechanisms that pass client credentials are required.
The optional nested "forward-secrecy" element contains a boolean value which specifies whether mechanisms that implement forward secrecy between sessions are required. Forward secrecy means that breaking into one session will not automatically provide information for breaking into future sessions.
no-active
BOOLEAN
false
true
true
The optional nested "no-active" element contains a boolean value which specifies whether mechanisms susceptible to active (non-dictionary) attacks are not permitted. "false" to permit, "true" to deny.
no-anonymous
BOOLEAN
false
true
true
The optional nested "no-anonymous" element contains a boolean value which specifies whether mechanisms that accept anonymous login are permitted. "false" to permit, "true" to deny.
no-dictionary
BOOLEAN
false
true
true
The optional nested "no-dictionary" element contains a boolean value which specifies whether mechanisms susceptible to passive dictionary attacks are permitted. "false" to permit, "true" to deny.
no-plain-text
BOOLEAN
false
true
true
The optional nested "no-plain-text" element contains a boolean value which specifies whether mechanisms susceptible to simple plain passive attacks (e.g., "PLAIN") are not permitted. "false" to permit, "true" to deny.
pass-credentials
BOOLEAN
false
true
true
The optional nested "pass-credentials" element contains a boolean value which specifies whether mechanisms that pass client credentials are required.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/remoting/http-connector/index.html b/29/wildscribe/subsystem/remoting/http-connector/index.html
index ee76ad671..545a571b3 100644
--- a/29/wildscribe/subsystem/remoting/http-connector/index.html
+++ b/29/wildscribe/subsystem/remoting/http-connector/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/remoting/http-connector/property/index.html b/29/wildscribe/subsystem/remoting/http-connector/property/index.html
index 44a6cfb65..d5e4bac39 100644
--- a/29/wildscribe/subsystem/remoting/http-connector/property/index.html
+++ b/29/wildscribe/subsystem/remoting/http-connector/property/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/remoting/http-connector/security/sasl/index.html b/29/wildscribe/subsystem/remoting/http-connector/security/sasl/index.html
index 79fc3c929..1df8e8f1a 100644
--- a/29/wildscribe/subsystem/remoting/http-connector/security/sasl/index.html
+++ b/29/wildscribe/subsystem/remoting/http-connector/security/sasl/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
include-mechanisms The optional nested "include-mechanisms" element contains a list of allowed SASL mechanism names. Only mechanisms that are present in this list will be allowed.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
qop The optional nested "qop" element contains a list of quality-of-protection values, in decreasing order of preference.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
reuse-session The optional nested "reuse-session" boolean element specifies whether or not the server should attempt to reuse previously authenticated session information. The mechanism may or may not support such reuse, and other factors may also prevent it.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
server-auth The optional nested "server-auth" boolean element specifies whether the server should authenticate to the client. Not all mechanisms may support this setting.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
strength The optional nested "strength" element contains a list of cipher strength values, in decreasing order of preference.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Adds the SASL authentication configuration for its connector
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
include-mechanisms
LIST
false
false
The optional nested "include-mechanisms" element contains a list of allowed SASL mechanism names. Only mechanisms that are present in this list will be allowed.
qop
LIST
false
false
The optional nested "qop" element contains a list of quality-of-protection values, in decreasing order of preference.
reuse-session
BOOLEAN
false
true
false
The optional nested "reuse-session" boolean element specifies whether or not the server should attempt to reuse previously authenticated session information. The mechanism may or may not support such reuse, and other factors may also prevent it.
server-auth
BOOLEAN
false
true
false
The optional nested "server-auth" boolean element specifies whether the server should authenticate to the client. Not all mechanisms may support this setting.
strength
LIST
false
false
The optional nested "strength" element contains a list of cipher strength values, in decreasing order of preference.
remove Removes the SASL authentication configuration for its connector
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/remoting/http-connector/security/sasl/property/index.html b/29/wildscribe/subsystem/remoting/http-connector/security/sasl/property/index.html
index 3794d3da5..69fa299ce 100644
--- a/29/wildscribe/subsystem/remoting/http-connector/security/sasl/property/index.html
+++ b/29/wildscribe/subsystem/remoting/http-connector/security/sasl/property/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/remoting/http-connector/security/sasl/sasl-policy/policy/index.html b/29/wildscribe/subsystem/remoting/http-connector/security/sasl/sasl-policy/policy/index.html
index 8d08cb41d..b69012c85 100644
--- a/29/wildscribe/subsystem/remoting/http-connector/security/sasl/sasl-policy/policy/index.html
+++ b/29/wildscribe/subsystem/remoting/http-connector/security/sasl/sasl-policy/policy/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
forward-secrecy The optional nested "forward-secrecy" element contains a boolean value which specifies whether mechanisms that implement forward secrecy between sessions are required. Forward secrecy means that breaking into one session will not automatically provide information for breaking into future sessions.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
no-active The optional nested "no-active" element contains a boolean value which specifies whether mechanisms susceptible to active (non-dictionary) attacks are not permitted. "false" to permit, "true" to deny.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
no-anonymous The optional nested "no-anonymous" element contains a boolean value which specifies whether mechanisms that accept anonymous login are permitted. "false" to permit, "true" to deny.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
no-dictionary The optional nested "no-dictionary" element contains a boolean value which specifies whether mechanisms susceptible to passive dictionary attacks are permitted. "false" to permit, "true" to deny.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
no-plain-text The optional nested "no-plain-text" element contains a boolean value which specifies whether mechanisms susceptible to simple plain passive attacks (e.g., "PLAIN") are not permitted. "false" to permit, "true" to deny.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
pass-credentials The optional nested "pass-credentials" element contains a boolean value which specifies whether mechanisms that pass client credentials are required.
The optional nested "forward-secrecy" element contains a boolean value which specifies whether mechanisms that implement forward secrecy between sessions are required. Forward secrecy means that breaking into one session will not automatically provide information for breaking into future sessions.
no-active
BOOLEAN
false
true
true
The optional nested "no-active" element contains a boolean value which specifies whether mechanisms susceptible to active (non-dictionary) attacks are not permitted. "false" to permit, "true" to deny.
no-anonymous
BOOLEAN
false
true
true
The optional nested "no-anonymous" element contains a boolean value which specifies whether mechanisms that accept anonymous login are permitted. "false" to permit, "true" to deny.
no-dictionary
BOOLEAN
false
true
true
The optional nested "no-dictionary" element contains a boolean value which specifies whether mechanisms susceptible to passive dictionary attacks are permitted. "false" to permit, "true" to deny.
no-plain-text
BOOLEAN
false
true
true
The optional nested "no-plain-text" element contains a boolean value which specifies whether mechanisms susceptible to simple plain passive attacks (e.g., "PLAIN") are not permitted. "false" to permit, "true" to deny.
pass-credentials
BOOLEAN
false
true
true
The optional nested "pass-credentials" element contains a boolean value which specifies whether mechanisms that pass client credentials are required.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/remoting/index.html b/29/wildscribe/subsystem/remoting/index.html
index 7ba26df8c..4cf2412fc 100644
--- a/29/wildscribe/subsystem/remoting/index.html
+++ b/29/wildscribe/subsystem/remoting/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
auth-realm The authentication realm to use if no authentication CallbackHandler is specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-retries Specify the number of times a client is allowed to retry authentication before closing the connection.
Attribute
Value
Default Value
3
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
authorize-id The SASL authorization ID. Used as authentication user name to use if no authentication CallbackHandler is specified and the selected SASL mechanism demands a user name.
heartbeat-interval The interval to use for connection heartbeat, in milliseconds. If the connection is idle in the outbound direction for this amount of time, a ping message will be sent, which will trigger a corresponding reply message.
Attribute
Value
Default Value
60000
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-inbound-channels The maximum number of inbound channels to support for a connection.
Attribute
Value
Default Value
40
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-inbound-message-size The maximum inbound message size to be allowed. Messages exceeding this size will cause an exception to be thrown on the reading side as well as the writing side.
Attribute
Value
Default Value
9223372036854775807
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-inbound-messages The maximum number of concurrent inbound messages on a channel.
Attribute
Value
Default Value
80
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-outbound-channels The maximum number of outbound channels to support for a connection.
Attribute
Value
Default Value
40
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-outbound-message-size The maximum outbound message size to send. No messages larger than this well be transmitted; attempting to do so will cause an exception on the writing side.
Attribute
Value
Default Value
9223372036854775807
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-outbound-messages The maximum number of concurrent outbound messages on a channel.
Attribute
Value
Default Value
65535
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
receive-buffer-size The size of the largest buffer that this endpoint will accept over a connection.
Attribute
Value
Default Value
8192
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
receive-window-size The maximum window size of the receive direction for connection channels, in bytes.
Attribute
Value
Default Value
131072
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
sasl-protocol Where a SaslServer or SaslClient are created by default the protocol specified it 'remoting', this can be used to override this.
Attribute
Value
Default Value
remote
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
send-buffer-size The size of the largest buffer that this endpoint will transmit over a connection.
Attribute
Value
Default Value
8192
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
server-name The server side of the connection passes it's name to the client in the initial greeting, by default the name is automatically discovered from the local address of the connection or it can be overridden using this.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
transmit-window-size The maximum window size of the transmit direction for connection channels, in bytes.
The number of read threads to create for the remoting worker.
worker-task-core-threads
INT
false
true
The number of core threads for the remoting worker task thread pool.
worker-task-keepalive
INT
false
true
The number of milliseconds to keep non-core remoting worker task threads alive.
worker-task-limit
INT
false
true
The maximum number of remoting worker tasks to allow before rejecting.
worker-task-max-threads
INT
false
true
The maximum number of threads for the remoting worker task thread pool.
worker-write-threads
INT
false
true
The number of write threads to create for the remoting worker.
auth-realm
STRING
false
true
The authentication realm to use if no authentication CallbackHandler is specified.
authentication-retries
INT
false
true
3
Specify the number of times a client is allowed to retry authentication before closing the connection.
authorize-id
STRING
false
true
The SASL authorization ID. Used as authentication user name to use if no authentication CallbackHandler is specified and the selected SASL mechanism demands a user name.
buffer-region-size
INT
false
true
The size of allocated buffer regions.
heartbeat-interval
INT
false
true
60000
The interval to use for connection heartbeat, in milliseconds. If the connection is idle in the outbound direction for this amount of time, a ping message will be sent, which will trigger a corresponding reply message.
max-inbound-channels
INT
false
true
40
The maximum number of inbound channels to support for a connection.
max-inbound-message-size
LONG
false
true
9223372036854775807
The maximum inbound message size to be allowed. Messages exceeding this size will cause an exception to be thrown on the reading side as well as the writing side.
max-inbound-messages
INT
false
true
80
The maximum number of concurrent inbound messages on a channel.
max-outbound-channels
INT
false
true
40
The maximum number of outbound channels to support for a connection.
max-outbound-message-size
LONG
false
true
9223372036854775807
The maximum outbound message size to send. No messages larger than this well be transmitted; attempting to do so will cause an exception on the writing side.
max-outbound-messages
INT
false
true
65535
The maximum number of concurrent outbound messages on a channel.
receive-buffer-size
INT
false
true
8192
The size of the largest buffer that this endpoint will accept over a connection.
receive-window-size
INT
false
true
131072
The maximum window size of the receive direction for connection channels, in bytes.
sasl-protocol
STRING
false
true
remote
Where a SaslServer or SaslClient are created by default the protocol specified it 'remoting', this can be used to override this.
send-buffer-size
INT
false
true
8192
The size of the largest buffer that this endpoint will transmit over a connection.
server-name
STRING
false
true
The server side of the connection passes it's name to the client in the initial greeting, by default the name is automatically discovered from the local address of the connection or it can be overridden using this.
transmit-window-size
INT
false
true
131072
The maximum window size of the transmit direction for connection channels, in bytes.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/remoting/local-outbound-connection/index.html b/29/wildscribe/subsystem/remoting/local-outbound-connection/index.html
index a3f3f3977..edb6634f8 100644
--- a/29/wildscribe/subsystem/remoting/local-outbound-connection/index.html
+++ b/29/wildscribe/subsystem/remoting/local-outbound-connection/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/remoting/local-outbound-connection/property/index.html b/29/wildscribe/subsystem/remoting/local-outbound-connection/property/index.html
index 847068b09..f92cf7c34 100644
--- a/29/wildscribe/subsystem/remoting/local-outbound-connection/property/index.html
+++ b/29/wildscribe/subsystem/remoting/local-outbound-connection/property/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/remoting/outbound-connection/index.html b/29/wildscribe/subsystem/remoting/outbound-connection/index.html
index e6734a8de..80f28d029 100644
--- a/29/wildscribe/subsystem/remoting/outbound-connection/index.html
+++ b/29/wildscribe/subsystem/remoting/outbound-connection/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/remoting/outbound-connection/property/index.html b/29/wildscribe/subsystem/remoting/outbound-connection/property/index.html
index 04f4d21ac..1019a72af 100644
--- a/29/wildscribe/subsystem/remoting/outbound-connection/property/index.html
+++ b/29/wildscribe/subsystem/remoting/outbound-connection/property/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/remoting/remote-outbound-connection/index.html b/29/wildscribe/subsystem/remoting/remote-outbound-connection/index.html
index ea95b9245..63c79cbd3 100644
--- a/29/wildscribe/subsystem/remoting/remote-outbound-connection/index.html
+++ b/29/wildscribe/subsystem/remoting/remote-outbound-connection/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/remoting/remote-outbound-connection/property/index.html b/29/wildscribe/subsystem/remoting/remote-outbound-connection/property/index.html
index e4ebe8874..9f5a5800d 100644
--- a/29/wildscribe/subsystem/remoting/remote-outbound-connection/property/index.html
+++ b/29/wildscribe/subsystem/remoting/remote-outbound-connection/property/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/request-controller/index.html b/29/wildscribe/subsystem/request-controller/index.html
index 3768e9811..87f60dcab 100644
--- a/29/wildscribe/subsystem/request-controller/index.html
+++ b/29/wildscribe/subsystem/request-controller/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
active-requests The number of requests that are currently running on the server.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
max-requests The maximum number of all types of requests that can be running on a server at a time. Once this limit is hit, any new requests will be rejected.
Attribute
Value
Default Value
-1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
track-individual-endpoints If this is true, requests are tracked at an endpoint level, which will allow individual deployments to be suspended.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/resource-adapters/index.html b/29/wildscribe/subsystem/resource-adapters/index.html
index c23a6b539..9a6f83932 100644
--- a/29/wildscribe/subsystem/resource-adapters/index.html
+++ b/29/wildscribe/subsystem/resource-adapters/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/resource-adapters/resource-adapter/admin-objects/config-properties/index.html b/29/wildscribe/subsystem/resource-adapters/resource-adapter/admin-objects/config-properties/index.html
index be9713ce6..e36f8211f 100644
--- a/29/wildscribe/subsystem/resource-adapters/resource-adapter/admin-objects/config-properties/index.html
+++ b/29/wildscribe/subsystem/resource-adapters/resource-adapter/admin-objects/config-properties/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/resource-adapters/resource-adapter/admin-objects/index.html b/29/wildscribe/subsystem/resource-adapters/resource-adapter/admin-objects/index.html
index 44d2bd3a4..ea9f15e80 100644
--- a/29/wildscribe/subsystem/resource-adapters/resource-adapter/admin-objects/index.html
+++ b/29/wildscribe/subsystem/resource-adapters/resource-adapter/admin-objects/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/resource-adapters/resource-adapter/config-properties/index.html b/29/wildscribe/subsystem/resource-adapters/resource-adapter/config-properties/index.html
index d6dfaf033..b6b95fc80 100644
--- a/29/wildscribe/subsystem/resource-adapters/resource-adapter/config-properties/index.html
+++ b/29/wildscribe/subsystem/resource-adapters/resource-adapter/config-properties/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/resource-adapters/resource-adapter/connection-definitions/config-properties/index.html b/29/wildscribe/subsystem/resource-adapters/resource-adapter/connection-definitions/config-properties/index.html
index be15b7d77..307b5bbde 100644
--- a/29/wildscribe/subsystem/resource-adapters/resource-adapter/connection-definitions/config-properties/index.html
+++ b/29/wildscribe/subsystem/resource-adapters/resource-adapter/connection-definitions/config-properties/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/resource-adapters/resource-adapter/connection-definitions/index.html b/29/wildscribe/subsystem/resource-adapters/resource-adapter/connection-definitions/index.html
index 28083ffca..aa53846e3 100644
--- a/29/wildscribe/subsystem/resource-adapters/resource-adapter/connection-definitions/index.html
+++ b/29/wildscribe/subsystem/resource-adapters/resource-adapter/connection-definitions/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allocation-retry The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
allocation-retry-wait-millis The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-context-and-application Indicates that either application-supplied parameters, such as from getConnection(user, pw), or Subject (provided by Elytron after authenticating using configured authentication-context), are used to distinguish connections in the pool.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
background-validation An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value requires a server restart.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
background-validation-millis The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value requires a server restart.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
blocking-timeout-wait-millis The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time.
class-name Specifies the fully qualified class name of a managed connection factory or admin object.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
connectable Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
elytron-enabled Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enabled Specifies if the resource adapter should be enabled.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enlistment Defines if lazy enlistment should be used if supported by the resource adapter.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enlistment-trace Defines if WildFly/IronJacamar should record enlistment traces.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
flush-strategy Specifies how the pool should be flushed in case of an error.
idle-timeout-minutes Specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value requires a server restart.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
MINUTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
initial-pool-size Specifies the initial number of connections a pool should hold.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
interleaving An element to enable interleaving for XA connections.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
jndi-name Specifies the JNDI name for the connection factory.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-pool-size Specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool.
Attribute
Value
Default Value
20
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
mcp Defines the ManagedConnectionPool implementation. For example: org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
min-pool-size Specifies the minimum number of connections for a pool.
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
no-recovery Specifies if the connection pool should be excluded from recovery.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
no-tx-separate-pool Oracle does not like XA connections getting used both inside and outside a JTA transaction. To workaround the problem you can create separate sub-pools for the different contexts.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
pad-xid Specifies whether the Xid should be padded.
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
same-rm-override Using this attribute, you can unconditionally set whether javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-application Indicates that application-supplied parameters, such as from getConnection(user, pw), are used to distinguish connections in the pool.
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-domain Specifies the PicketBox security domain which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-domain-and-application Indicates that either application-supplied parameters, such as from getConnection(user, pw) are used to distinguish connections in the pool.
Deprecated Since 6.1.0
PicketBox is no longer supported. Use Elytron configuration instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
sharable Enable the use of sharable connections, which allows lazy association to be enabled if supported.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
tracking Defines if IronJacamar should track connection handles across transaction boundaries.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-ccm Enable the use of a cached connection manager.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-fast-fail Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false).
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-java-context Setting this to false will bind the object into global JNDI.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
validate-on-match This specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
wrap-xa-resource Specifies whether XAResource instances should be wrapped in an org.jboss.tm.XAResourceWrapper instance.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
xa-resource-timeout The value is passed to XAResource.setTransactionTimeout(), in seconds.
The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception.
allocation-retry-wait-millis
LONG
false
true
The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection.
authentication-context
STRING
false
false
The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
authentication-context-and-application
STRING
false
false
Indicates that either application-supplied parameters, such as from getConnection(user, pw), or Subject (provided by Elytron after authenticating using configured authentication-context), are used to distinguish connections in the pool.
background-validation
BOOLEAN
false
true
An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value requires a server restart.
background-validation-millis
LONG
false
true
The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value requires a server restart.
blocking-timeout-wait-millis
LONG
false
true
The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time.
capacity-decrementer-class
STRING
false
true
Class defining the policy for decrementing connections in the pool.
capacity-decrementer-properties
OBJECT
false
true
Properties to inject in class defining the policy for decrementing connections in the pool.
capacity-incrementer-class
STRING
false
true
Class defining the policy for incrementing connections in the pool.
capacity-incrementer-properties
OBJECT
false
true
Properties to inject in class defining the policy for incrementing connections in the pool.
class-name
STRING
true
true
Specifies the fully qualified class name of a managed connection factory or admin object.
connectable
BOOLEAN
false
true
false
Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
elytron-enabled
BOOLEAN
false
true
false
Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
enabled
BOOLEAN
false
true
true
Specifies if the resource adapter should be enabled.
enlistment
BOOLEAN
false
true
true
Defines if lazy enlistment should be used if supported by the resource adapter.
enlistment-trace
BOOLEAN
false
true
false
Defines if WildFly/IronJacamar should record enlistment traces.
flush-strategy
STRING
false
true
FailingConnectionOnly
Specifies how the pool should be flushed in case of an error.
idle-timeout-minutes
LONG
false
true
Specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value requires a server restart.
initial-pool-size
INT
false
true
Specifies the initial number of connections a pool should hold.
interleaving
BOOLEAN
false
true
false
An element to enable interleaving for XA connections.
jndi-name
STRING
true
true
Specifies the JNDI name for the connection factory.
max-pool-size
INT
false
true
20
Specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool.
mcp
STRING
false
true
Defines the ManagedConnectionPool implementation. For example: org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.
min-pool-size
INT
false
true
0
Specifies the minimum number of connections for a pool.
no-recovery
BOOLEAN
false
true
false
Specifies if the connection pool should be excluded from recovery.
no-tx-separate-pool
BOOLEAN
false
true
false
Oracle does not like XA connections getting used both inside and outside a JTA transaction. To workaround the problem you can create separate sub-pools for the different contexts.
pad-xid
BOOLEAN
false
true
false
Specifies whether the Xid should be padded.
pool-fair
BOOLEAN
false
true
true
Defines if pool use should be fair.
pool-prefill
BOOLEAN
false
true
false
Specifies if the pool should be prefilled. Changing this value requires a server restart.
pool-use-strict-min
BOOLEAN
false
true
false
Specifies if the min-pool-size should be considered strict.
recovery-authentication-context
STRING
false
false
The Elytron authentication context used for recovery (current authentication-context will be used if unspecified).
recovery-credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate on recovery connection
recovery-elytron-enabled
BOOLEAN
false
true
false
Indicates that an Elytron authentication context will be used for recovery.
recovery-password
STRING
false
true
The password used for recovery.
recovery-plugin-class-name
STRING
false
true
The fully qualified class name of the recovery plugin implementation.
recovery-plugin-properties
OBJECT
false
true
The properties for the recovery plugin.
recovery-security-domain
STRING
false
true
The PicketBox security domain used for recovery.
recovery-username
STRING
false
true
The user name used for recovery.
same-rm-override
BOOLEAN
false
true
Using this attribute, you can unconditionally set whether javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false.
security-application
BOOLEAN
false
true
false
Indicates that application-supplied parameters, such as from getConnection(user, pw), are used to distinguish connections in the pool.
security-domain
STRING
false
true
Specifies the PicketBox security domain which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
security-domain-and-application
STRING
false
true
Indicates that either application-supplied parameters, such as from getConnection(user, pw) are used to distinguish connections in the pool.
sharable
BOOLEAN
false
true
true
Enable the use of sharable connections, which allows lazy association to be enabled if supported.
tracking
BOOLEAN
false
true
Defines if IronJacamar should track connection handles across transaction boundaries.
use-ccm
BOOLEAN
false
true
true
Enable the use of a cached connection manager.
use-fast-fail
BOOLEAN
false
true
false
Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false).
use-java-context
BOOLEAN
false
true
true
Setting this to false will bind the object into global JNDI.
validate-on-match
BOOLEAN
false
true
This specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation.
wrap-xa-resource
BOOLEAN
false
true
true
Specifies whether XAResource instances should be wrapped in an org.jboss.tm.XAResourceWrapper instance.
xa-resource-timeout
INT
false
true
The value is passed to XAResource.setTransactionTimeout(), in seconds.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/resource-adapters/resource-adapter/index.html b/29/wildscribe/subsystem/resource-adapters/resource-adapter/index.html
index 9263c37dd..6bfff97f4 100644
--- a/29/wildscribe/subsystem/resource-adapters/resource-adapter/index.html
+++ b/29/wildscribe/subsystem/resource-adapters/resource-adapter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
beanvalidationgroups Specifies the Jakarta Bean Validation groups that should be used.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
bootstrap-context Specifies the unique name of the bootstrap context that should be used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
module Specifies the module from which resource adapter will be loaded
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
transaction-support Specifies the transaction support level of the resource adapter. This attribute allows expressions, but only simple expressions resolved from environment variables or system properties are supported. Nested expressions and resolution from vaults or credential stores are not supported.
wm-security-domain Defines the name of the PicketBox security domain that should be used.
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security
activate Force the resource adapter config activation without server reload.
add Add a new resource adapter. At least one of ARCHIVE or MODULE is required.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
archive
STRING
false
false
Specifies the resource adapter archive.
beanvalidationgroups
LIST
false
true
Specifies the Jakarta Bean Validation groups that should be used.
bootstrap-context
STRING
false
true
Specifies the unique name of the bootstrap context that should be used.
module
STRING
false
false
Specifies the module from which resource adapter will be loaded
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled or not.
transaction-support
STRING
false
true
Specifies the transaction support level of the resource adapter. This attribute allows expressions, but only simple expressions resolved from environment variables or system properties are supported. Nested expressions and resolution from vaults or credential stores are not supported.
wm-elytron-security-domain
STRING
false
true
Defines the name of the Elytron security domain that should be used.
wm-security
BOOLEAN
false
true
false
Toggle on/off wm.security for this resource adapter. In case of false all wm-security-* parameters are ignored, even the defaults.
wm-security-default-groups
LIST
false
true
Defines a default groups list that should be added to the used Subject instance.
wm-security-default-principal
STRING
false
true
Defines a default principal name that should be added to the used Subject instance.
wm-security-domain
STRING
false
true
other
Defines the name of the PicketBox security domain that should be used.
wm-security-mapping-groups
LIST
false
false
List of groups mappings.
wm-security-mapping-required
BOOLEAN
false
true
false
Defines if a mapping is required for security credentials.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/rts/index.html b/29/wildscribe/subsystem/rts/index.html
index e9207643d..b64ae4c60 100644
--- a/29/wildscribe/subsystem/rts/index.html
+++ b/29/wildscribe/subsystem/rts/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/sar/index.html b/29/wildscribe/subsystem/sar/index.html
index b5fd8cb4a..d3ae6a9bf 100644
--- a/29/wildscribe/subsystem/sar/index.html
+++ b/29/wildscribe/subsystem/sar/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/security-manager/deployment-permissions/default/index.html b/29/wildscribe/subsystem/security-manager/deployment-permissions/default/index.html
index 97877bd08..283a23e47 100644
--- a/29/wildscribe/subsystem/security-manager/deployment-permissions/default/index.html
+++ b/29/wildscribe/subsystem/security-manager/deployment-permissions/default/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/security-manager/index.html b/29/wildscribe/subsystem/security-manager/index.html
index c4858a689..1c97867b7 100644
--- a/29/wildscribe/subsystem/security-manager/index.html
+++ b/29/wildscribe/subsystem/security-manager/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/singleton/index.html b/29/wildscribe/subsystem/singleton/index.html
index 3f379bdb3..e0bc70ee3 100644
--- a/29/wildscribe/subsystem/singleton/index.html
+++ b/29/wildscribe/subsystem/singleton/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/singleton/singleton-policy/deployment/index.html b/29/wildscribe/subsystem/singleton/singleton-policy/deployment/index.html
index 1f7688d0e..24d897f0b 100644
--- a/29/wildscribe/subsystem/singleton/singleton-policy/deployment/index.html
+++ b/29/wildscribe/subsystem/singleton/singleton-policy/deployment/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/singleton/singleton-policy/election-policy/random/index.html b/29/wildscribe/subsystem/singleton/singleton-policy/election-policy/random/index.html
index 1ef139396..4e4f03928 100644
--- a/29/wildscribe/subsystem/singleton/singleton-policy/election-policy/random/index.html
+++ b/29/wildscribe/subsystem/singleton/singleton-policy/election-policy/random/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/singleton/singleton-policy/election-policy/simple/index.html b/29/wildscribe/subsystem/singleton/singleton-policy/election-policy/simple/index.html
index 51fe12185..498937263 100644
--- a/29/wildscribe/subsystem/singleton/singleton-policy/election-policy/simple/index.html
+++ b/29/wildscribe/subsystem/singleton/singleton-policy/election-policy/simple/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/singleton/singleton-policy/index.html b/29/wildscribe/subsystem/singleton/singleton-policy/index.html
index 392d20261..f76a8d0cc 100644
--- a/29/wildscribe/subsystem/singleton/singleton-policy/index.html
+++ b/29/wildscribe/subsystem/singleton/singleton-policy/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/singleton/singleton-policy/service/index.html b/29/wildscribe/subsystem/singleton/singleton-policy/service/index.html
index 52b7ebf74..295e0a8dd 100644
--- a/29/wildscribe/subsystem/singleton/singleton-policy/service/index.html
+++ b/29/wildscribe/subsystem/singleton/singleton-policy/service/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/transactions/commit-markable-resource/index.html b/29/wildscribe/subsystem/transactions/commit-markable-resource/index.html
index d757011b7..3d58368c6 100644
--- a/29/wildscribe/subsystem/transactions/commit-markable-resource/index.html
+++ b/29/wildscribe/subsystem/transactions/commit-markable-resource/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Configures a datasource to be considered by the transaction manager as a CMR resource. CMR is a non-XA database resource that can reliably participate in an XA transaction.
Attributes (4)
batch-size Configures number of ids placed within 'in' clause of the SQL query 'DELETE FROM ... WHERE xid in (...)' when periodic recovery processes the CMR database table garbage collection. When some garbage is left in the CMR database table after deletion another SQL delete is run during the next recovery cycle. When 'immediate-cleanup' is used this configuration has no big impact as the periodic recovery finds each time an empty CMR database table.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
immediate-cleanup Immediate cleanup of ids associated with this CMR resource after the end of the transaction. When set to false the garbage collection of the ids is processed by periodic recovery.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
jndi-name A JNDI name of the non-XA datasource which is made to be a CMR resource for the purpose of transaction manager participant handling. The datasource is required to be marked as 'connectable=true'.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
name Defines the database table name used for storing ids associated with this CMR resource. The default value for naming the database table is 'xids'.
Configures number of ids placed within 'in' clause of the SQL query 'DELETE FROM ... WHERE xid in (...)' when periodic recovery processes the CMR database table garbage collection. When some garbage is left in the CMR database table after deletion another SQL delete is run during the next recovery cycle. When 'immediate-cleanup' is used this configuration has no big impact as the periodic recovery finds each time an empty CMR database table.
immediate-cleanup
BOOLEAN
false
true
true
Immediate cleanup of ids associated with this CMR resource after the end of the transaction. When set to false the garbage collection of the ids is processed by periodic recovery.
name
STRING
false
true
xids
Defines the database table name used for storing ids associated with this CMR resource. The default value for naming the database table is 'xids'.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/transactions/index.html b/29/wildscribe/subsystem/transactions/index.html
index 6cb9c9769..dd11fef09 100644
--- a/29/wildscribe/subsystem/transactions/index.html
+++ b/29/wildscribe/subsystem/transactions/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
commit-markable-resource Configures a datasource to be considered by the transaction manager as a CMR resource. CMR is a non-XA database resource that can reliably participate in an XA transaction.
log-store Representation of the transaction logging storage mechanism.
log-store Representation of the transaction logging storage mechanism.
average-commit-time The average time of transaction commit, measured from the moment the client calls commit until the transaction manager determines that the commit attempt was successful.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Unit
NANOSECONDS
Storage
runtime
Access Type
metric
default-timeout The default timeout, in seconds, for a new transaction started by the transaction manager (see also the 'maximum-timeout' attribute).
Attribute
Value
Default Value
300
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-statistics Whether transaction statistics should be gathered.
Deprecated Since 2.0.0
Use statistics-enabled.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-tsm-status Set to 'true' to enable the transaction status manager (TSM) service (used for out of process recovery). When 'true' the application server binds to the socket defined by the 'status-socket-binding' attribute.
jdbc-action-store-drop-table If set to true then the jdbc-action-store table will be dropped during application server startup.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
jvm
jdbc-action-store-table-prefix Optional prefix for the name of the database table used for writing transaction log records of the action store type.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
jvm
jdbc-communication-store-drop-table If set to true then the jdbc-communication-store table will be dropped during application server startup.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
jvm
jdbc-communication-store-table-prefix Optional prefix for the name of the database table used for writing transaction log records of the communication store type.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
jvm
jdbc-state-store-drop-table If set to true then the jdbc-state-store table will be dropped during application server startup.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
jvm
jdbc-state-store-table-prefix Optional prefix for the name of the database table used for writing transaction log records of the state store type.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
jvm
jdbc-store-datasource The JNDI name of a non-XA datasource (i.e. one whose 'jta' attribute is set to false) to be used for the JDBC store. The datasource must be defined in the datasources subsystem.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
jvm
journal-store-enable-async-io Whether AsyncIO should be enabled for the journal store. When true, the transaction manager will use the native aio (POSIX asynchronous I/O) libraries provided by the platform, if available. Applicable only when use-journal-store is set true.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
jvm
jts If true, this enables the Java Transaction Service (JTS). If JTS is enabled then the transactions attribute of the 'iiop-openjdk' subsystem must be set to 'full'. This setting changes the internal mechanisms used in the transaction manager. It has no impact on the user working with JTA API.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
jvm
maximum-timeout If the 'default-timeout' attribute is zero then this value is used for setting the maximum timeout value (in seconds) for newly started transactions.
Attribute
Value
Default Value
31536000
Type
INT
Nillable
true
Expressions Allowed
true
Min
300
Max
2,147,483,647
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
node-identifier Used to set the node identifier. Each Xid that the transaction manager creates will have this identifier encoded within it and ensures the transaction manager will only recover branches which match the specified identifier. It is imperative that this identifier is unique between application server instances which share either an object store or access common resource managers.
number-of-application-rollbacks The number of transactions that have been rolled back by application request. This includes those that timeout, since the timeout behavior is considered an attribute of the application configuration.
object-store-path Denotes a path where the transaction manager object store should store data. By default the value is treated as relative to the path denoted by the 'relative-to' attribute. When the 'relative-to' attribute is undefined the value is considered an absolute path. This setting is valid when default or journal store is used. It's not used when the jdbc journal store is used.
Attribute
Value
Default Value
tx-object-store
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
object-store-relative-to References a global path configuration in the domain model, defaulting to the application server data directory (jboss.server.data.dir). The value of the 'object-store-path' attribute will be treated as relative to this path. Undefine this attribute to disable the default behavior and force the value of the 'object-store-path' attribute to be treated as an absolute path.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
process-id-socket-binding The name of the socket binding to use if the transaction manager should use a socket-based generation of transaction id. Will be 'undefined' if 'process-id-uuid' is 'true'; otherwise must be set.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
process-id-socket-max-ports The maximum number of ports to search for an open port if the transaction manager should use a socket-based generation of transaction id. If the port specified by the socket binding referenced in 'process-id-socket-binding' is occupied, the next higher port will be tried until an open port is found or the number of ports specified by this attribute have been tried. Will be 'undefined' if 'process-id-uuid' is 'true'.
Attribute
Value
Default Value
10
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
process-id-uuid Indicates a strategy used for obtaining a unique identifier needed for creation of transaction instances. When true then the transaction manager generates the transaction id based on process id (PID). When set to false then the transaction manager generates the transaction id based on the referenced socket binding, i.e. the attribute 'process-id-socket-binding' is required.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
recovery-listener Used to specify if the recovery system should listen on a network socket or not. When true the application server binds to a socket at the port defined by the 'socket-binding' attribute. When the recovery listener is activated the user can remotely control the recovery manager.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
socket-binding References an existing socket binding that the transaction manager will listen on for recovery requests.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
stale-transaction-time The time for which transaction that contains remote enlistments is held in memory after it is being completed.
Attribute
Value
Default Value
600
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
statistics-enabled Whether transaction statistics should be gathered. The statistics are available by reading subsystem attributes prefixed with 'number-' and within the 'average-commit-time' attribute.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
status-socket-binding References an existing socket binding that the transaction manager will listen on for transaction status requests.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-hornetq-store Use the journal store for writing transaction logs. Set to true to enable and to false to use the default log store type. The default log store is normally one file system file per transaction log.It's alternative to jdbc based store.
Deprecated Since 3.0.0
Use use-journal-store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
jvm
use-jdbc-store Use the jdbc store for writing transaction logs. Data is saved in the database indicated by the 'jdbc-store-datasource' attribute. Set to true to enable. Note that the server will not boot if both 'use-journal-store' and 'use-jdbc-store' attributes are set to true. If both are set to false then the default filesystem based store will be used.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
jvm
use-journal-store Use the journal store for writing transaction logs. The journal store consists of one file for all the transactions. Set to true to enable. Note that the server will not boot if both 'use-journal-store' and 'use-jdbc-store' attributes are set to true. If both are set to false then the default filesystem based store will be used.
The default timeout, in seconds, for a new transaction started by the transaction manager (see also the 'maximum-timeout' attribute).
enable-statistics
BOOLEAN
false
true
false
Whether transaction statistics should be gathered.
enable-tsm-status
BOOLEAN
false
true
false
Set to 'true' to enable the transaction status manager (TSM) service (used for out of process recovery). When 'true' the application server binds to the socket defined by the 'status-socket-binding' attribute.
hornetq-store-enable-async-io
BOOLEAN
false
true
false
Whether AsyncIO should be enabled for the journal store.
jdbc-action-store-drop-table
BOOLEAN
false
true
false
If set to true then the jdbc-action-store table will be dropped during application server startup.
jdbc-action-store-table-prefix
STRING
false
true
Optional prefix for the name of the database table used for writing transaction log records of the action store type.
jdbc-communication-store-drop-table
BOOLEAN
false
true
false
If set to true then the jdbc-communication-store table will be dropped during application server startup.
jdbc-communication-store-table-prefix
STRING
false
true
Optional prefix for the name of the database table used for writing transaction log records of the communication store type.
jdbc-state-store-drop-table
BOOLEAN
false
true
false
If set to true then the jdbc-state-store table will be dropped during application server startup.
jdbc-state-store-table-prefix
STRING
false
true
Optional prefix for the name of the database table used for writing transaction log records of the state store type.
jdbc-store-datasource
STRING
false
true
The JNDI name of a non-XA datasource (i.e. one whose 'jta' attribute is set to false) to be used for the JDBC store. The datasource must be defined in the datasources subsystem.
journal-store-enable-async-io
BOOLEAN
false
true
false
Whether AsyncIO should be enabled for the journal store. When true, the transaction manager will use the native aio (POSIX asynchronous I/O) libraries provided by the platform, if available. Applicable only when use-journal-store is set true.
jts
BOOLEAN
false
false
false
If true, this enables the Java Transaction Service (JTS). If JTS is enabled then the transactions attribute of the 'iiop-openjdk' subsystem must be set to 'full'. This setting changes the internal mechanisms used in the transaction manager. It has no impact on the user working with JTA API.
maximum-timeout
INT
false
true
31536000
If the 'default-timeout' attribute is zero then this value is used for setting the maximum timeout value (in seconds) for newly started transactions.
node-identifier
STRING
false
true
1
Used to set the node identifier. Each Xid that the transaction manager creates will have this identifier encoded within it and ensures the transaction manager will only recover branches which match the specified identifier. It is imperative that this identifier is unique between application server instances which share either an object store or access common resource managers.
object-store-path
STRING
false
true
tx-object-store
Denotes a path where the transaction manager object store should store data. By default the value is treated as relative to the path denoted by the 'relative-to' attribute. When the 'relative-to' attribute is undefined the value is considered an absolute path. This setting is valid when default or journal store is used. It's not used when the jdbc journal store is used.
object-store-relative-to
STRING
false
true
References a global path configuration in the domain model, defaulting to the application server data directory (jboss.server.data.dir). The value of the 'object-store-path' attribute will be treated as relative to this path. Undefine this attribute to disable the default behavior and force the value of the 'object-store-path' attribute to be treated as an absolute path.
process-id-socket-binding
STRING
true
true
The name of the socket binding to use if the transaction manager should use a socket-based generation of transaction id. Will be 'undefined' if 'process-id-uuid' is 'true'; otherwise must be set.
process-id-socket-max-ports
INT
false
true
10
The maximum number of ports to search for an open port if the transaction manager should use a socket-based generation of transaction id. If the port specified by the socket binding referenced in 'process-id-socket-binding' is occupied, the next higher port will be tried until an open port is found or the number of ports specified by this attribute have been tried. Will be 'undefined' if 'process-id-uuid' is 'true'.
process-id-uuid
BOOLEAN
false
false
false
Indicates a strategy used for obtaining a unique identifier needed for creation of transaction instances. When true then the transaction manager generates the transaction id based on process id (PID). When set to false then the transaction manager generates the transaction id based on the referenced socket binding, i.e. the attribute 'process-id-socket-binding' is required.
recovery-listener
BOOLEAN
false
true
false
Used to specify if the recovery system should listen on a network socket or not. When true the application server binds to a socket at the port defined by the 'socket-binding' attribute. When the recovery listener is activated the user can remotely control the recovery manager.
socket-binding
STRING
true
true
References an existing socket binding that the transaction manager will listen on for recovery requests.
stale-transaction-time
INT
false
true
600
The time for which transaction that contains remote enlistments is held in memory after it is being completed.
statistics-enabled
BOOLEAN
false
true
false
Whether transaction statistics should be gathered. The statistics are available by reading subsystem attributes prefixed with 'number-' and within the 'average-commit-time' attribute.
status-socket-binding
STRING
true
true
References an existing socket binding that the transaction manager will listen on for transaction status requests.
use-hornetq-store
BOOLEAN
false
false
false
Use the journal store for writing transaction logs. Set to true to enable and to false to use the default log store type. The default log store is normally one file system file per transaction log.It's alternative to jdbc based store.
use-jdbc-store
BOOLEAN
false
false
false
Use the jdbc store for writing transaction logs. Data is saved in the database indicated by the 'jdbc-store-datasource' attribute. Set to true to enable. Note that the server will not boot if both 'use-journal-store' and 'use-jdbc-store' attributes are set to true. If both are set to false then the default filesystem based store will be used.
use-journal-store
BOOLEAN
false
false
false
Use the journal store for writing transaction logs. The journal store consists of one file for all the transactions. Set to true to enable. Note that the server will not boot if both 'use-journal-store' and 'use-jdbc-store' attributes are set to true. If both are set to false then the default filesystem based store will be used.
resolve-object-store-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/transactions/log-store/log-store/index.html b/29/wildscribe/subsystem/transactions/log-store/log-store/index.html
index 6772a486d..7227bcf5a 100644
--- a/29/wildscribe/subsystem/transactions/log-store/log-store/index.html
+++ b/29/wildscribe/subsystem/transactions/log-store/log-store/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Representation of the transaction logging storage mechanism.
Children (1)
transactions Represents a snapshot of the persistent information that the transaction manager stores for the purpose of recovering a transaction in the event of failure. Loading the information from the object store is provided by a 'probe' operation. The 'probe' operation flushes the existing data from the model and loads a new snapshot from the object store. The transactions model lists the transactions and provides operations to work with them. After probing, the model is updated to include information about the state of incomplete transactions. A 'stuck' transaction (one that is unable to finish) will remain in the model until either it is completed or explicitly removed using the 'delete' operation.
Attributes (2)
expose-all-logs Configures the behaviour of the probe operation. When true then all transaction log records are exposed. By default only a subset of the transaction log is exposed.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-write
Restart Required
no-services
type Read-only attribute that specifies the implementation type of the logging store. The possible values are default, journal and jdbc.
Attribute
Value
Default Value
default
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
Operations (3)
add Add a representation of the transaction logging storage mechanism.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
type
STRING
false
false
default
Read-only attribute that specifies the implementation type of the logging store. The possible values are default, journal and jdbc.
probe Scan the content of the transaction log and load this snapshot as content of the model under log-store resource. This operation will create a child for each pending transaction with sub-resources representing transaction participants.
remove Remove a representation of the transaction logging storage mechanism.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/transactions/log-store/log-store/transactions/index.html b/29/wildscribe/subsystem/transactions/log-store/log-store/transactions/index.html
index 4ca11a2b2..a5a01f666 100644
--- a/29/wildscribe/subsystem/transactions/log-store/log-store/transactions/index.html
+++ b/29/wildscribe/subsystem/transactions/log-store/log-store/transactions/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
The persistent information that the transaction manager stores for the purpose of recovering a transaction in the event of failure. The probe operation will add and remove transactions from the model as the corresponding real transactions start and finish the prepare and commit phases. A stuck transaction will remain in the model until either it is completed or explicitly removed by the delete operation.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
participants The resources that did work in a transaction.
Attributes (4)
age-in-seconds The time since this transaction was prepared or when the recovery system last tried to recover it.
type The type name under which this record is stored.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
Operations (1)
delete Remove this transaction record from the transaction log. This means removing all participant records which are part of the transaction and calling XAResource.forget on all these participants (if possible). WARNING after this operation is executed the transaction manager will have no knowledge of the transaction and will therefore never be able to recover it. If you are sure that the transaction is complete then the operation is safe. The representation of the transaction log is removed from the model too.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/transactions/log-store/log-store/transactions/participants/index.html b/29/wildscribe/subsystem/transactions/log-store/log-store/transactions/participants/index.html
index 3e47b2d8d..9615cef93 100644
--- a/29/wildscribe/subsystem/transactions/log-store/log-store/transactions/participants/index.html
+++ b/29/wildscribe/subsystem/transactions/log-store/log-store/transactions/participants/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
status Reports the commitment status of this participant (can be one of Pending, Prepared, Failed, Heuristic or Readonly).
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
Allowed Values
PENDING PREPARED FAILED HEURISTIC READONLY
type The type name under which this record is stored.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
Operations (3)
delete Attempt to remove this participant from its containing transaction log. If the participant is an XA resource an attempt will be made to call forget on the actual resource and if the forget call fails then the remove operation will also fail.
recover If this record is in a heuristic state then attempt to replay the commit phase of the 2PC transaction. It switches the 'HEURISTIC' participant status to 'PREPARED', the operation does not immediately start the recovery process but the recovery manager will consider this participant with 'PREPARED' status in the next cycle.
refresh Refresh the management view of the attributes of this participant record by querying the transaction log which will update the snapshot view loaded in the model. Note that the model contains only a snapshot view of the transactions from time the probe was executed, not the real-time data from the transaction log, hence the need for this refresh operation.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/application-security-domain/index.html b/29/wildscribe/subsystem/undertow/application-security-domain/index.html
index 0cf6ce691..b0d875d5c 100644
--- a/29/wildscribe/subsystem/undertow/application-security-domain/index.html
+++ b/29/wildscribe/subsystem/undertow/application-security-domain/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/application-security-domain/setting/single-sign-on/index.html b/29/wildscribe/subsystem/undertow/application-security-domain/setting/single-sign-on/index.html
index c852a207d..8894d449d 100644
--- a/29/wildscribe/subsystem/undertow/application-security-domain/setting/single-sign-on/index.html
+++ b/29/wildscribe/subsystem/undertow/application-security-domain/setting/single-sign-on/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/buffer-cache/index.html b/29/wildscribe/subsystem/undertow/buffer-cache/index.html
index b88910ee3..1d45a3995 100644
--- a/29/wildscribe/subsystem/undertow/buffer-cache/index.html
+++ b/29/wildscribe/subsystem/undertow/buffer-cache/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/byte-buffer-pool/index.html b/29/wildscribe/subsystem/undertow/byte-buffer-pool/index.html
index a2ad97ab0..10fdf7fe1 100644
--- a/29/wildscribe/subsystem/undertow/byte-buffer-pool/index.html
+++ b/29/wildscribe/subsystem/undertow/byte-buffer-pool/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
A byte buffer pool used for IO operations, this provides the same capabilities as the buffer pool from the IO subsystem, so they can be used interchangeably and must have a unique name. This buffer pool allows for more precise configuration of the total amount of retained memory than the IO subsystem.
direct If this is true the buffer pool will use direct buffers, this is recommended for best performance
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
leak-detection-percent The percentage of buffers that will be allocated with a leak detector. This should only be larger than zero if you are experiencing issues with buffers leaking.
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-pool-size The maximum amount of buffers to keep in the pool. If more buffers are required at runtime they will be allocated dynamically. Setting this to zero effectively disables pooling.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
thread-local-cache-size The maximum number of buffers to cache on each thread. The actual number may be lower depending on the calculated usage pattern.
If this is true the buffer pool will use direct buffers, this is recommended for best performance
leak-detection-percent
INT
false
true
0
The percentage of buffers that will be allocated with a leak detector. This should only be larger than zero if you are experiencing issues with buffers leaking.
max-pool-size
INT
false
true
The maximum amount of buffers to keep in the pool. If more buffers are required at runtime they will be allocated dynamically. Setting this to zero effectively disables pooling.
thread-local-cache-size
INT
false
true
12
The maximum number of buffers to cache on each thread. The actual number may be lower depending on the calculated usage pattern.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/filter/custom-filter/index.html b/29/wildscribe/subsystem/undertow/configuration/filter/custom-filter/index.html
index 49f26c508..504926685 100644
--- a/29/wildscribe/subsystem/undertow/configuration/filter/custom-filter/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/filter/custom-filter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/filter/error-page/index.html b/29/wildscribe/subsystem/undertow/configuration/filter/error-page/index.html
index 07d013a37..ff70b2084 100644
--- a/29/wildscribe/subsystem/undertow/configuration/filter/error-page/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/filter/error-page/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/filter/expression-filter/index.html b/29/wildscribe/subsystem/undertow/configuration/filter/expression-filter/index.html
index 68de01348..9703137a0 100644
--- a/29/wildscribe/subsystem/undertow/configuration/filter/expression-filter/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/filter/expression-filter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/filter/gzip/index.html b/29/wildscribe/subsystem/undertow/configuration/filter/gzip/index.html
index 2cf657786..e417bbf8c 100644
--- a/29/wildscribe/subsystem/undertow/configuration/filter/gzip/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/filter/gzip/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/filter/index.html b/29/wildscribe/subsystem/undertow/configuration/filter/index.html
index 3e633b146..3143766d8 100644
--- a/29/wildscribe/subsystem/undertow/configuration/filter/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/filter/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/none/index.html b/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/none/index.html
index 19b51b225..fb9323800 100644
--- a/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/none/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/none/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Web requests will not have an affinity for any particular server, routing information will be ignored. Intended for use cases where web session state is not maintained within the application server.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/ranked/index.html b/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/ranked/index.html
index ea4dc4671..5521cb627 100644
--- a/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/ranked/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/ranked/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
Web requests will have an affinity for the first available node in a list typically comprised of: primary owner, backup nodes, local node (if not a primary nor backup owner).
Attributes (1)
delimiter The delimiter used to separate ranked routes within the session ID.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/single/index.html b/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/single/index.html
index 67ccd4c83..d1ab2cf08 100644
--- a/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/single/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/single/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/index.html b/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/index.html
index 335706034..919e3b997 100644
--- a/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
sticky-session-force If this is true then an error will be returned if the request cannot be routed to the sticky node, otherwise it will be routed to another node
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/load-balancing-group/index.html b/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/load-balancing-group/index.html
index a1726873f..660d3b0cc 100644
--- a/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/load-balancing-group/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/load-balancing-group/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/node/context/index.html b/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/node/context/index.html
index c78ae7865..20d22085d 100644
--- a/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/node/context/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/node/context/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/node/index.html b/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/node/index.html
index f91525f2c..2d406b420 100644
--- a/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/node/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/node/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/index.html b/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/index.html
index e07b6ec57..216f01ae2 100644
--- a/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
affinity Determines how session affinity is handled. Typically used to enable ranked routing support or to disable routing completely.
none Web requests will not have an affinity for any particular server, routing information will be ignored. Intended for use cases where web session state is not maintained within the application server.
ranked Web requests will have an affinity for the first available node in a list typically comprised of: primary owner, backup nodes, local node (if not a primary nor backup owner).
single Web requests have an affinity for the member that last handled a given session. This option corresponds to traditional sticky session behavior.
balancer Runtime representation of a mod_cluster balancer
connection-idle-timeout The amount of time a connection can be idle before it will be closed. Connections will not time out once the pool size is down to the configured minimum (as configured by cached-connections-per-thread)
Attribute
Value
Default Value
60
Type
INT
Nillable
true
Expressions Allowed
true
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
connections-per-thread The number of connections that will be maintained to backend servers, per IO thread.
Attribute
Value
Default Value
40
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enable-http2 If the load balancer should attempt to upgrade back end connections to HTTP2. If HTTP2 is not supported HTTP or HTTPS will be used as normal
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
failover-strategy Determines how a failover node is chosen, in the event that the node to which a session has affinity is not available.
http2-header-table-size The size of the header table used for HPACK compression, in bytes. This amount of memory will be allocated per connection for compression. Larger values use more memory but may give better compression.
Attribute
Value
Default Value
4096
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
http2-initial-window-size The flow control window size that controls how quickly the client can send data to the server
Attribute
Value
Default Value
65535
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
http2-max-concurrent-streams The maximum number of HTTP/2 streams that can be active at any time on a single connection
management-access-predicate A predicate that is applied to incoming requests to determine if they can perform mod cluster management commands. Provides additional security on top of what is provided by limiting management to requests that originate from the management-socket-binding
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
management-socket-binding The socket binding of the mod_cluster management address and port. When using mod_cluster two HTTP listeners should be defined, a public one to handle requests, and one bound to the internal network to handle mod cluster commands. This socket binding should correspond to the internal listener, and should not be publicly accessible.
max-ajp-packet-size The maximum size for AJP packets. Increasing this will allow AJP to work for requests/responses that have a large amount of headers. This is an advanced option, and must be the same between load balancers and backend servers.
Attribute
Value
Default Value
8192
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-request-time The max amount of time that a request to a backend node can take before it is killed
Attribute
Value
Default Value
-1
Type
INT
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-retries The number of times to attempt to retry a request if it fails. Note that if a request is not considered idempotent then it will only be retried if the proxy can be sure it was not sent to the backend server).
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
request-queue-size The number of requests that can be queued if the connection pool is full before requests are rejected with a 503
Attribute
Value
Default Value
1000
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-key The security key that is used for the mod-cluster group. All members must use the same security key.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-realm The security realm that provides the SSL configuration
Deprecated Since 4.0.0
Use the ssl-context attribute to reference a configured SSLContext directly.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
ssl-context Reference to the SSLContext to be used by this filter.
The socket binding of the mod_cluster management address and port. When using mod_cluster two HTTP listeners should be defined, a public one to handle requests, and one bound to the internal network to handle mod cluster commands. This socket binding should correspond to the internal listener, and should not be publicly accessible.
advertise-socket-binding
STRING
false
true
The multicast group and port that is used to advertise.
security-key
STRING
false
true
The security key that is used for the mod-cluster group. All members must use the same security key.
advertise-protocol
STRING
false
true
http
The protocol that is in use.
advertise-path
STRING
false
true
/
The path that mod-cluster is registered under.
advertise-frequency
INT
false
true
10000
The frequency (in milliseconds) that mod-cluster advertises itself on the network
failover-strategy
STRING
false
false
LOAD_BALANCED
Determines how a failover node is chosen, in the event that the node to which a session has affinity is not available.
health-check-interval
INT
false
true
10000
The frequency of health check pings to backend nodes
broken-node-timeout
INT
false
true
60000
The amount of time that must elapse before a broken node is removed from the table
worker
STRING
false
true
default
The XNIO worker that is used to send the advertise notifications
max-request-time
INT
false
true
-1
The max amount of time that a request to a backend node can take before it is killed
management-access-predicate
STRING
false
true
A predicate that is applied to incoming requests to determine if they can perform mod cluster management commands. Provides additional security on top of what is provided by limiting management to requests that originate from the management-socket-binding
connections-per-thread
INT
false
true
40
The number of connections that will be maintained to backend servers, per IO thread.
cached-connections-per-thread
INT
false
true
40
The number of connections that will be kept alive indefinitely
connection-idle-timeout
INT
false
true
60
The amount of time a connection can be idle before it will be closed. Connections will not time out once the pool size is down to the configured minimum (as configured by cached-connections-per-thread)
request-queue-size
INT
false
true
1000
The number of requests that can be queued if the connection pool is full before requests are rejected with a 503
security-realm
STRING
false
false
The security realm that provides the SSL configuration
ssl-context
STRING
false
false
Reference to the SSLContext to be used by this filter.
use-alias
BOOLEAN
false
false
false
If an alias check is performed
enable-http2
BOOLEAN
false
false
false
If the load balancer should attempt to upgrade back end connections to HTTP2. If HTTP2 is not supported HTTP or HTTPS will be used as normal
max-ajp-packet-size
INT
false
true
8192
The maximum size for AJP packets. Increasing this will allow AJP to work for requests/responses that have a large amount of headers. This is an advanced option, and must be the same between load balancers and backend servers.
http2-max-header-list-size
INT
false
true
The maximum size of request headers the server is prepared to accept
http2-max-frame-size
INT
false
true
16384
The max HTTP/2 frame size
http2-max-concurrent-streams
INT
false
true
The maximum number of HTTP/2 streams that can be active at any time on a single connection
http2-initial-window-size
INT
false
true
65535
The flow control window size that controls how quickly the client can send data to the server
http2-header-table-size
INT
false
true
4096
The size of the header table used for HPACK compression, in bytes. This amount of memory will be allocated per connection for compression. Larger values use more memory but may give better compression.
http2-enable-push
BOOLEAN
false
true
true
If push should be enabled for HTTP/2 connections
max-retries
INT
false
true
1
The number of times to attempt to retry a request if it fails. Note that if a request is not considered idempotent then it will only be retried if the proxy can be sure it was not sent to the backend server).
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/filter/request-limit/index.html b/29/wildscribe/subsystem/undertow/configuration/filter/request-limit/index.html
index 67d4edc7e..fcc3fad79 100644
--- a/29/wildscribe/subsystem/undertow/configuration/filter/request-limit/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/filter/request-limit/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/filter/response-header/index.html b/29/wildscribe/subsystem/undertow/configuration/filter/response-header/index.html
index 354d81dba..7728e7373 100644
--- a/29/wildscribe/subsystem/undertow/configuration/filter/response-header/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/filter/response-header/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/filter/rewrite/index.html b/29/wildscribe/subsystem/undertow/configuration/filter/rewrite/index.html
index cd347bea5..9fa206647 100644
--- a/29/wildscribe/subsystem/undertow/configuration/filter/rewrite/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/filter/rewrite/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/handler/file/index.html b/29/wildscribe/subsystem/undertow/configuration/handler/file/index.html
index 549f0a47f..906052b50 100644
--- a/29/wildscribe/subsystem/undertow/configuration/handler/file/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/handler/file/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/handler/index.html b/29/wildscribe/subsystem/undertow/configuration/handler/index.html
index 7ac48cb73..13fdb99e5 100644
--- a/29/wildscribe/subsystem/undertow/configuration/handler/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/handler/reverse-proxy/host/index.html b/29/wildscribe/subsystem/undertow/configuration/handler/reverse-proxy/host/index.html
index bd5c88985..f0c3d2075 100644
--- a/29/wildscribe/subsystem/undertow/configuration/handler/reverse-proxy/host/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/handler/reverse-proxy/host/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
enable-http2 If this is true then the proxy will attempt to use HTTP/2 to connect to the backend. If it is not supported it will fall back to HTTP/1.1.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
instance-id The instance id (aka JVM route) that will be used to enable sticky sessions
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/configuration/handler/reverse-proxy/index.html b/29/wildscribe/subsystem/undertow/configuration/handler/reverse-proxy/index.html
index 3bdbecd48..880ec5ce0 100644
--- a/29/wildscribe/subsystem/undertow/configuration/handler/reverse-proxy/index.html
+++ b/29/wildscribe/subsystem/undertow/configuration/handler/reverse-proxy/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
connection-idle-timeout The amount of time a connection can be idle before it will be closed. Connections will not time out once the pool size is down to the configured minimum (as configured by cached-connections-per-thread)
Attribute
Value
Default Value
60000
Type
INT
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
connections-per-thread The number of connections that will be maintained to backend servers, per IO thread.
Attribute
Value
Default Value
40
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-request-time The maximum time that a proxy request can be active for, before being killed
Attribute
Value
Default Value
-1
Type
INT
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-retries The number of times to attempt to retry a request if it fails. Note that if a request is not considered idempotent then it will only be retried if the proxy can be sure it was not sent to the backend server).
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
problem-server-retry Time in seconds to wait before attempting to reconnect to a server that is down
Attribute
Value
Default Value
30
Type
INT
Nillable
true
Expressions Allowed
true
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
request-queue-size The number of requests that can be queued if the connection pool is full before requests are rejected with a 503
Attribute
Value
Default Value
10
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
session-cookie-names Comma separated list of session cookie names. Generally this will just be JSESSIONID.
The number of connections that will be kept alive indefinitely
connection-idle-timeout
INT
false
true
60000
The amount of time a connection can be idle before it will be closed. Connections will not time out once the pool size is down to the configured minimum (as configured by cached-connections-per-thread)
connections-per-thread
INT
false
true
40
The number of connections that will be maintained to backend servers, per IO thread.
max-request-time
INT
false
true
-1
The maximum time that a proxy request can be active for, before being killed
max-retries
INT
false
true
1
The number of times to attempt to retry a request if it fails. Note that if a request is not considered idempotent then it will only be retried if the proxy can be sure it was not sent to the backend server).
problem-server-retry
INT
false
true
30
Time in seconds to wait before attempting to reconnect to a server that is down
request-queue-size
INT
false
true
10
The number of requests that can be queued if the connection pool is full before requests are rejected with a 503
session-cookie-names
STRING
false
true
JSESSIONID
Comma separated list of session cookie names. Generally this will just be JSESSIONID.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/index.html b/29/wildscribe/subsystem/undertow/index.html
index 08e7c4a26..2e9d1454b 100644
--- a/29/wildscribe/subsystem/undertow/index.html
+++ b/29/wildscribe/subsystem/undertow/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
buffer-cache The buffer cache used to cache static content
byte-buffer-pool A byte buffer pool used for IO operations, this provides the same capabilities as the buffer pool from the IO subsystem, so they can be used interchangeably and must have a unique name. This buffer pool allows for more precise configuration of the total amount of retained memory than the IO subsystem.
instance-id The cluster instance id (defaults to {$jboss.node.name} if undefined)
Attribute
Value
Default Value
${jboss.node.name}
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
obfuscate-session-route Obfuscate the instance-id when routing, thus preventing that data from being sent across connections when serving HTTP requests with the HTTP invoker
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
statistics-enabled Configures if statistics are enabled. Changes take effect on the connector level statistics immediately, deployment level statistics will only be affected after the deployment is redeployed (or the container is reloaded).
The default security domain used by web deployments
default-server
STRING
false
false
default-server
The default server to use for deployments
default-servlet-container
STRING
false
false
default
The default servlet container to use for deployments
default-virtual-host
STRING
false
false
default-host
The default virtual host to use for deployments
instance-id
STRING
false
true
${jboss.node.name}
The cluster instance id (defaults to {$jboss.node.name} if undefined)
obfuscate-session-route
BOOLEAN
false
true
false
Obfuscate the instance-id when routing, thus preventing that data from being sent across connections when serving HTTP requests with the HTTP invoker
statistics-enabled
BOOLEAN
false
true
false
Configures if statistics are enabled. Changes take effect on the connector level statistics immediately, deployment level statistics will only be affected after the deployment is redeployed (or the container is reloaded).
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/server/ajp-listener/index.html b/29/wildscribe/subsystem/undertow/server/ajp-listener/index.html
index 44c75df57..6e43e5838 100644
--- a/29/wildscribe/subsystem/undertow/server/ajp-listener/index.html
+++ b/29/wildscribe/subsystem/undertow/server/ajp-listener/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allow-encoded-slash If a request comes in with encoded / characters (i.e. %2F), will these be decoded.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
allow-equals-in-cookie-value If this is true then Undertow will allow non-escaped equals characters in unquoted cookie values. Unquoted cookie values may not contain equals characters. If present the value ends before the equals sign. The remainder of the cookie value will be dropped.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
allow-unescaped-characters-in-url If this is true Undertow will accept non-encoded characters that are disallowed by the URI specification. This defaults to false, and in general should not be needed as most clients correctly encode characters. Note that setting this to true can be considered a security risk, as allowing non-standard characters can allow request smuggling attacks in some circumstances.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
always-set-keep-alive If this is true then a Connection: keep-alive header will be added to responses, even when it is not strictly required by the specification.
bytes-received The number of bytes that have been received by this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
BYTES
Storage
runtime
Access Type
metric
bytes-sent The number of bytes that have been sent out on this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
BYTES
Storage
runtime
Access Type
metric
decode-url If this is true then the parser will decode the URL and query parameters using the selected character encoding (UTF-8 by default). If this is false they will not be decoded. This will allow a later handler to decode them into whatever charset is desired.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
disallowed-methods A comma separated list of HTTP methods that are not allowed
Enabled attributes are being deprecated, as they cause problems in enforcement of configuration consistency.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
error-count The number of 500 responses that have been sent by this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
max-ajp-packet-size The maximum supported size of AJP packets. If this is modified it has to be increased on the load balancer and the backend server.
Attribute
Value
Default Value
8192
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-buffered-request-size Maximum size of a buffered request, in bytes. Requests are not usually buffered, the most common case is when performing SSL renegotiation for a POST request, and the post data must be fully buffered in order to perform the renegotiation.
Attribute
Value
Default Value
16384
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-connections The maximum number of concurrent connections. Only values greater than 0 are allowed. For unlimited connections simply undefine this attribute value.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-cookies The maximum number of cookies that will be parsed. This is used to protect against hash vulnerabilities.
Attribute
Value
Default Value
200
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-header-size The maximum size of a http request header, in bytes.
Attribute
Value
Default Value
1048576
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-headers The maximum number of headers that will be parsed. This is used to protect against hash vulnerabilities.
Attribute
Value
Default Value
200
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-parameters The maximum number of parameters that will be parsed. This is used to protect against hash vulnerabilities. This applies to both query parameters, and to POST data, but is not cumulative (i.e. you can potentially have max parameters * 2 total parameters).
Attribute
Value
Default Value
1000
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-post-size The maximum size of a post that will be accepted, in bytes.
Attribute
Value
Default Value
10485760
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-processing-time The maximum processing time taken by a request on this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
NANOSECONDS
Storage
runtime
Access Type
metric
no-request-timeout The length of time in milliseconds that the connection can be idle before it is closed by the container.
Attribute
Value
Default Value
60000
Type
INT
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
processing-time The total processing time of all requests handed by this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
NANOSECONDS
Storage
runtime
Access Type
metric
read-timeout Configure a read timeout for a socket, in milliseconds. If the given amount of time elapses without a successful read taking place, the socket's next read will throw a {@link ReadTimeoutException}.
record-request-start-time If this is true then Undertow will record the request start time, to allow for request time to be logged. This has a small but measurable performance impact
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
redirect-socket If this listener is supporting non-SSL requests, and a request is received for which a matching requires SSL transport, undertow will automatically redirect the request to the socket binding port specified here.
write-timeout Configure a write timeout for a socket, in milliseconds. If the given amount of time elapses without a successful write taking place, the socket's next write will throw a {@link WriteTimeoutException}.
If a request comes in with encoded / characters (i.e. %2F), will these be decoded.
allow-equals-in-cookie-value
BOOLEAN
false
true
false
If this is true then Undertow will allow non-escaped equals characters in unquoted cookie values. Unquoted cookie values may not contain equals characters. If present the value ends before the equals sign. The remainder of the cookie value will be dropped.
allow-unescaped-characters-in-url
BOOLEAN
false
true
false
If this is true Undertow will accept non-encoded characters that are disallowed by the URI specification. This defaults to false, and in general should not be needed as most clients correctly encode characters. Note that setting this to true can be considered a security risk, as allowing non-standard characters can allow request smuggling attacks in some circumstances.
always-set-keep-alive
BOOLEAN
false
true
true
If this is true then a Connection: keep-alive header will be added to responses, even when it is not strictly required by the specification.
buffer-pipelined-data
BOOLEAN
false
true
false
If we should buffer pipelined requests.
buffer-pool
STRING
false
false
default
The listeners buffer pool
decode-url
BOOLEAN
false
true
true
If this is true then the parser will decode the URL and query parameters using the selected character encoding (UTF-8 by default). If this is false they will not be decoded. This will allow a later handler to decode them into whatever charset is desired.
disallowed-methods
LIST
false
true
["TRACE"]
A comma separated list of HTTP methods that are not allowed
enabled
BOOLEAN
false
true
true
If the listener is enabled
max-ajp-packet-size
INT
false
true
8192
The maximum supported size of AJP packets. If this is modified it has to be increased on the load balancer and the backend server.
max-buffered-request-size
INT
false
true
16384
Maximum size of a buffered request, in bytes. Requests are not usually buffered, the most common case is when performing SSL renegotiation for a POST request, and the post data must be fully buffered in order to perform the renegotiation.
max-connections
INT
false
true
The maximum number of concurrent connections. Only values greater than 0 are allowed. For unlimited connections simply undefine this attribute value.
max-cookies
INT
false
true
200
The maximum number of cookies that will be parsed. This is used to protect against hash vulnerabilities.
max-header-size
INT
false
true
1048576
The maximum size of a http request header, in bytes.
max-headers
INT
false
true
200
The maximum number of headers that will be parsed. This is used to protect against hash vulnerabilities.
max-parameters
INT
false
true
1000
The maximum number of parameters that will be parsed. This is used to protect against hash vulnerabilities. This applies to both query parameters, and to POST data, but is not cumulative (i.e. you can potentially have max parameters * 2 total parameters).
max-post-size
LONG
false
true
10485760
The maximum size of a post that will be accepted, in bytes.
no-request-timeout
INT
false
true
60000
The length of time in milliseconds that the connection can be idle before it is closed by the container.
read-timeout
INT
false
true
90000
Configure a read timeout for a socket, in milliseconds. If the given amount of time elapses without a successful read taking place, the socket's next read will throw a {@link ReadTimeoutException}.
receive-buffer
INT
false
true
The receive buffer size, in bytes.
record-request-start-time
BOOLEAN
false
true
false
If this is true then Undertow will record the request start time, to allow for request time to be logged. This has a small but measurable performance impact
redirect-socket
STRING
false
false
If this listener is supporting non-SSL requests, and a request is received for which a matching requires SSL transport, undertow will automatically redirect the request to the socket binding port specified here.
request-parse-timeout
INT
false
true
The maximum amount of time (in milliseconds) that can be spent parsing the request
resolve-peer-address
BOOLEAN
false
true
false
Enables host dns lookup
rfc6265-cookie-validation
BOOLEAN
false
true
false
If cookies should be validated to ensure they comply with RFC6265.
scheme
STRING
false
true
The listener scheme, can be HTTP or HTTPS. By default the scheme will be taken from the incoming AJP request.
secure
BOOLEAN
false
true
false
If this is true then requests that originate from this listener are marked as secure, even if the request is not using HTTPS.
send-buffer
INT
false
true
The send buffer size, in bytes.
socket-binding
STRING
true
false
The listener socket binding
tcp-backlog
INT
false
true
10000
Configure a server with the specified backlog.
tcp-keep-alive
BOOLEAN
false
true
Configure a channel to send TCP keep-alive messages in an implementation-dependent manner.
url-charset
STRING
false
true
UTF-8
URL charset
worker
STRING
false
false
default
The listeners XNIO worker
write-timeout
INT
false
true
90000
Configure a write timeout for a socket, in milliseconds. If the given amount of time elapses without a successful write taking place, the socket's next write will throw a {@link WriteTimeoutException}.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/server/host/filter-ref/index.html b/29/wildscribe/subsystem/undertow/server/host/filter-ref/index.html
index 80da67c78..59f019553 100644
--- a/29/wildscribe/subsystem/undertow/server/host/filter-ref/index.html
+++ b/29/wildscribe/subsystem/undertow/server/host/filter-ref/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
predicate Predicates provide a simple way of making a true/false decision based on an exchange. Many handlers have a requirement that they be applied conditionally, and predicates provide a general way to specify a condition.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
priority Defines filter order. A lower number instructs the server to be included earlier in the handler chain than others with higher numbers. Values range from 1, indicating the filter will be handled first, to 2147483647, resulting in the filter being handled last.
Predicates provide a simple way of making a true/false decision based on an exchange. Many handlers have a requirement that they be applied conditionally, and predicates provide a general way to specify a condition.
priority
INT
false
true
1
Defines filter order. A lower number instructs the server to be included earlier in the handler chain than others with higher numbers. Values range from 1, indicating the filter will be handled first, to 2147483647, resulting in the filter being handled last.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/server/host/index.html b/29/wildscribe/subsystem/undertow/server/host/index.html
index a12a5ab70..72fba619a 100644
--- a/29/wildscribe/subsystem/undertow/server/host/index.html
+++ b/29/wildscribe/subsystem/undertow/server/host/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
disable-console-redirect if set to true, /console redirect wont be enabled for this host, default is false
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
queue-requests-on-start If requests should be queued on start for this host. If this is set to false the default response code will be returned instead.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/server/host/location/filter-ref/index.html b/29/wildscribe/subsystem/undertow/server/host/location/filter-ref/index.html
index 34ba2d32b..54c177caa 100644
--- a/29/wildscribe/subsystem/undertow/server/host/location/filter-ref/index.html
+++ b/29/wildscribe/subsystem/undertow/server/host/location/filter-ref/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
predicate Predicates provide a simple way of making a true/false decision based on an exchange. Many handlers have a requirement that they be applied conditionally, and predicates provide a general way to specify a condition.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
priority Defines filter order. A lower number instructs the server to be included earlier in the handler chain than others with higher numbers. Values range from 1, indicating the filter will be handled first, to 2147483647, resulting in the filter being handled last.
Predicates provide a simple way of making a true/false decision based on an exchange. Many handlers have a requirement that they be applied conditionally, and predicates provide a general way to specify a condition.
priority
INT
false
true
1
Defines filter order. A lower number instructs the server to be included earlier in the handler chain than others with higher numbers. Values range from 1, indicating the filter will be handled first, to 2147483647, resulting in the filter being handled last.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/server/host/location/index.html b/29/wildscribe/subsystem/undertow/server/host/location/index.html
index d1b9f6ca8..fa354c672 100644
--- a/29/wildscribe/subsystem/undertow/server/host/location/index.html
+++ b/29/wildscribe/subsystem/undertow/server/host/location/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/server/host/setting/access-log/index.html b/29/wildscribe/subsystem/undertow/server/host/setting/access-log/index.html
index cd409d823..1c8fb15c8 100644
--- a/29/wildscribe/subsystem/undertow/server/host/setting/access-log/index.html
+++ b/29/wildscribe/subsystem/undertow/server/host/setting/access-log/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/server/host/setting/console-access-log/index.html b/29/wildscribe/subsystem/undertow/server/host/setting/console-access-log/index.html
index 9485cd47d..0cf4ed278 100644
--- a/29/wildscribe/subsystem/undertow/server/host/setting/console-access-log/index.html
+++ b/29/wildscribe/subsystem/undertow/server/host/setting/console-access-log/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
include-host-name Indicates whether or not the host name should included in the JSON structured output. If set to true the key will be hostName in the structured data and the value will be the host this console-access-log belongs to.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
metadata Any additional metadata to add to the JSON structured output.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
predicate Predicate that determines if the request should be logged.
The attributes to be included in the structured output.
include-host-name
BOOLEAN
false
true
true
Indicates whether or not the host name should included in the JSON structured output. If set to true the key will be hostName in the structured data and the value will be the host this console-access-log belongs to.
metadata
OBJECT
false
true
Any additional metadata to add to the JSON structured output.
predicate
STRING
false
true
Predicate that determines if the request should be logged.
worker
STRING
false
false
default
Name of the worker to use for logging.
remove Stops the access logger from writing to the console.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/server/host/setting/http-invoker/index.html b/29/wildscribe/subsystem/undertow/server/host/setting/http-invoker/index.html
index fc68e3eb1..31bbe871d 100644
--- a/29/wildscribe/subsystem/undertow/server/host/setting/http-invoker/index.html
+++ b/29/wildscribe/subsystem/undertow/server/host/setting/http-invoker/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/server/host/setting/single-sign-on/index.html b/29/wildscribe/subsystem/undertow/server/host/setting/single-sign-on/index.html
index 598a4f2ea..be4ee3a25 100644
--- a/29/wildscribe/subsystem/undertow/server/host/setting/single-sign-on/index.html
+++ b/29/wildscribe/subsystem/undertow/server/host/setting/single-sign-on/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/server/http-listener/index.html b/29/wildscribe/subsystem/undertow/server/http-listener/index.html
index f2e357f4c..f75ef391e 100644
--- a/29/wildscribe/subsystem/undertow/server/http-listener/index.html
+++ b/29/wildscribe/subsystem/undertow/server/http-listener/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allow-encoded-slash If a request comes in with encoded / characters (i.e. %2F), will these be decoded.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
allow-equals-in-cookie-value If this is true then Undertow will allow non-escaped equals characters in unquoted cookie values. Unquoted cookie values may not contain equals characters. If present the value ends before the equals sign. The remainder of the cookie value will be dropped.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
allow-unescaped-characters-in-url If this is true Undertow will accept non-encoded characters that are disallowed by the URI specification. This defaults to false, and in general should not be needed as most clients correctly encode characters. Note that setting this to true can be considered a security risk, as allowing non-standard characters can allow request smuggling attacks in some circumstances.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
always-set-keep-alive If this is true then a Connection: keep-alive header will be added to responses, even when it is not strictly required by the specification.
bytes-received The number of bytes that have been received by this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
BYTES
Storage
runtime
Access Type
metric
bytes-sent The number of bytes that have been sent out on this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
BYTES
Storage
runtime
Access Type
metric
certificate-forwarding If certificate forwarding should be enabled. If this is enabled then the listener will take the certificate from the SSL_CLIENT_CERT attribute. This should only be enabled if behind a proxy, and the proxy is configured to always set these headers.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
decode-url If this is true then the parser will decode the URL and query parameters using the selected character encoding (UTF-8 by default). If this is false they will not be decoded. This will allow a later handler to decode them into whatever charset is desired.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
disallowed-methods A comma separated list of HTTP methods that are not allowed
Attribute
Value
Default Value
["TRACE"]
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
enable-http2 Enables HTTP2 support for this listener
http2-header-table-size The size of the header table used for HPACK compression, in bytes. This amount of memory will be allocated per connection for compression. Larger values use more memory but may give better compression.
Attribute
Value
Default Value
4096
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
http2-initial-window-size The flow control window size that controls how quickly the client can send data to the server
Attribute
Value
Default Value
65535
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
http2-max-concurrent-streams The maximum number of HTTP/2 streams that can be active at any time on a single connection
max-buffered-request-size Maximum size of a buffered request, in bytes. Requests are not usually buffered, the most common case is when performing SSL renegotiation for a POST request, and the post data must be fully buffered in order to perform the renegotiation.
Attribute
Value
Default Value
16384
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-connections The maximum number of concurrent connections. Only values greater than 0 are allowed. For unlimited connections simply undefine this attribute value.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-cookies The maximum number of cookies that will be parsed. This is used to protect against hash vulnerabilities.
Attribute
Value
Default Value
200
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-header-size The maximum size of a http request header, in bytes.
Attribute
Value
Default Value
1048576
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-headers The maximum number of headers that will be parsed. This is used to protect against hash vulnerabilities.
Attribute
Value
Default Value
200
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-parameters The maximum number of parameters that will be parsed. This is used to protect against hash vulnerabilities. This applies to both query parameters, and to POST data, but is not cumulative (i.e. you can potentially have max parameters * 2 total parameters).
Attribute
Value
Default Value
1000
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-post-size The maximum size of a post that will be accepted, in bytes.
Attribute
Value
Default Value
10485760
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-processing-time The maximum processing time taken by a request on this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
NANOSECONDS
Storage
runtime
Access Type
metric
no-request-timeout The length of time in milliseconds that the connection can be idle before it is closed by the container.
Attribute
Value
Default Value
60000
Type
INT
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
processing-time The total processing time of all requests handed by this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
NANOSECONDS
Storage
runtime
Access Type
metric
proxy-address-forwarding Enables handling of x-forwarded-host header (and other x-forwarded-* headers) and use this header information to set the remote address. This should only be used behind a trusted proxy that sets these headers otherwise a remote user can spoof their IP address.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
proxy-protocol If this is true then the listener will use the proxy protocol v1, as defined by https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt. This option MUST only be enabled for listeners that are behind a load balancer that supports the same protocol.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
read-timeout Configure a read timeout for a socket, in milliseconds. If the given amount of time elapses without a successful read taking place, the socket's next read will throw a {@link ReadTimeoutException}.
record-request-start-time If this is true then Undertow will record the request start time, to allow for request time to be logged. This has a small but measurable performance impact
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
redirect-socket If this listener is supporting non-SSL requests, and a request is received for which a matching requires SSL transport, undertow will automatically redirect the request to the socket binding port specified here.
request-count The number of requests this listener has served
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
request-parse-timeout The maximum amount of time (in milliseconds) that can be spent parsing the request
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
require-host-http11 Require that all HTTP/1.1 requests have a 'Host' header, as per the RFC. IF the request does not include this header it will be rejected with a 403.
write-timeout Configure a write timeout for a socket, in milliseconds. If the given amount of time elapses without a successful write taking place, the socket's next write will throw a {@link WriteTimeoutException}.
If a request comes in with encoded / characters (i.e. %2F), will these be decoded.
allow-equals-in-cookie-value
BOOLEAN
false
true
false
If this is true then Undertow will allow non-escaped equals characters in unquoted cookie values. Unquoted cookie values may not contain equals characters. If present the value ends before the equals sign. The remainder of the cookie value will be dropped.
allow-unescaped-characters-in-url
BOOLEAN
false
true
false
If this is true Undertow will accept non-encoded characters that are disallowed by the URI specification. This defaults to false, and in general should not be needed as most clients correctly encode characters. Note that setting this to true can be considered a security risk, as allowing non-standard characters can allow request smuggling attacks in some circumstances.
always-set-keep-alive
BOOLEAN
false
true
true
If this is true then a Connection: keep-alive header will be added to responses, even when it is not strictly required by the specification.
buffer-pipelined-data
BOOLEAN
false
true
false
If we should buffer pipelined requests.
buffer-pool
STRING
false
false
default
The listeners buffer pool
certificate-forwarding
BOOLEAN
false
true
false
If certificate forwarding should be enabled. If this is enabled then the listener will take the certificate from the SSL_CLIENT_CERT attribute. This should only be enabled if behind a proxy, and the proxy is configured to always set these headers.
decode-url
BOOLEAN
false
true
true
If this is true then the parser will decode the URL and query parameters using the selected character encoding (UTF-8 by default). If this is false they will not be decoded. This will allow a later handler to decode them into whatever charset is desired.
disallowed-methods
LIST
false
true
["TRACE"]
A comma separated list of HTTP methods that are not allowed
enable-http2
BOOLEAN
false
true
false
Enables HTTP2 support for this listener
enabled
BOOLEAN
false
true
true
If the listener is enabled
http2-enable-push
BOOLEAN
false
true
true
If server push is enabled for this connection
http2-header-table-size
INT
false
true
4096
The size of the header table used for HPACK compression, in bytes. This amount of memory will be allocated per connection for compression. Larger values use more memory but may give better compression.
http2-initial-window-size
INT
false
true
65535
The flow control window size that controls how quickly the client can send data to the server
http2-max-concurrent-streams
INT
false
true
The maximum number of HTTP/2 streams that can be active at any time on a single connection
http2-max-frame-size
INT
false
true
16384
The max HTTP/2 frame size
http2-max-header-list-size
INT
false
true
The maximum size of request headers the server is prepared to accept
max-buffered-request-size
INT
false
true
16384
Maximum size of a buffered request, in bytes. Requests are not usually buffered, the most common case is when performing SSL renegotiation for a POST request, and the post data must be fully buffered in order to perform the renegotiation.
max-connections
INT
false
true
The maximum number of concurrent connections. Only values greater than 0 are allowed. For unlimited connections simply undefine this attribute value.
max-cookies
INT
false
true
200
The maximum number of cookies that will be parsed. This is used to protect against hash vulnerabilities.
max-header-size
INT
false
true
1048576
The maximum size of a http request header, in bytes.
max-headers
INT
false
true
200
The maximum number of headers that will be parsed. This is used to protect against hash vulnerabilities.
max-parameters
INT
false
true
1000
The maximum number of parameters that will be parsed. This is used to protect against hash vulnerabilities. This applies to both query parameters, and to POST data, but is not cumulative (i.e. you can potentially have max parameters * 2 total parameters).
max-post-size
LONG
false
true
10485760
The maximum size of a post that will be accepted, in bytes.
no-request-timeout
INT
false
true
60000
The length of time in milliseconds that the connection can be idle before it is closed by the container.
proxy-address-forwarding
BOOLEAN
false
true
false
Enables handling of x-forwarded-host header (and other x-forwarded-* headers) and use this header information to set the remote address. This should only be used behind a trusted proxy that sets these headers otherwise a remote user can spoof their IP address.
proxy-protocol
BOOLEAN
false
true
false
If this is true then the listener will use the proxy protocol v1, as defined by https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt. This option MUST only be enabled for listeners that are behind a load balancer that supports the same protocol.
read-timeout
INT
false
true
90000
Configure a read timeout for a socket, in milliseconds. If the given amount of time elapses without a successful read taking place, the socket's next read will throw a {@link ReadTimeoutException}.
receive-buffer
INT
false
true
The receive buffer size, in bytes.
record-request-start-time
BOOLEAN
false
true
false
If this is true then Undertow will record the request start time, to allow for request time to be logged. This has a small but measurable performance impact
redirect-socket
STRING
false
false
If this listener is supporting non-SSL requests, and a request is received for which a matching requires SSL transport, undertow will automatically redirect the request to the socket binding port specified here.
request-parse-timeout
INT
false
true
The maximum amount of time (in milliseconds) that can be spent parsing the request
require-host-http11
BOOLEAN
false
true
false
Require that all HTTP/1.1 requests have a 'Host' header, as per the RFC. IF the request does not include this header it will be rejected with a 403.
resolve-peer-address
BOOLEAN
false
true
false
Enables host dns lookup
rfc6265-cookie-validation
BOOLEAN
false
true
false
If cookies should be validated to ensure they comply with RFC6265.
secure
BOOLEAN
false
true
false
If this is true then requests that originate from this listener are marked as secure, even if the request is not using HTTPS.
send-buffer
INT
false
true
The send buffer size, in bytes.
socket-binding
STRING
true
false
The listener socket binding
tcp-backlog
INT
false
true
10000
Configure a server with the specified backlog.
tcp-keep-alive
BOOLEAN
false
true
Configure a channel to send TCP keep-alive messages in an implementation-dependent manner.
url-charset
STRING
false
true
UTF-8
URL charset
worker
STRING
false
false
default
The listeners XNIO worker
write-timeout
INT
false
true
90000
Configure a write timeout for a socket, in milliseconds. If the given amount of time elapses without a successful write taking place, the socket's next write will throw a {@link WriteTimeoutException}.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/server/https-listener/index.html b/29/wildscribe/subsystem/undertow/server/https-listener/index.html
index 7f08c21c5..3b3323e5a 100644
--- a/29/wildscribe/subsystem/undertow/server/https-listener/index.html
+++ b/29/wildscribe/subsystem/undertow/server/https-listener/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allow-encoded-slash If a request comes in with encoded / characters (i.e. %2F), will these be decoded.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
allow-equals-in-cookie-value If this is true then Undertow will allow non-escaped equals characters in unquoted cookie values. Unquoted cookie values may not contain equals characters. If present the value ends before the equals sign. The remainder of the cookie value will be dropped.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
allow-unescaped-characters-in-url If this is true Undertow will accept non-encoded characters that are disallowed by the URI specification. This defaults to false, and in general should not be needed as most clients correctly encode characters. Note that setting this to true can be considered a security risk, as allowing non-standard characters can allow request smuggling attacks in some circumstances.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
always-set-keep-alive If this is true then a Connection: keep-alive header will be added to responses, even when it is not strictly required by the specification.
bytes-received The number of bytes that have been received by this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
BYTES
Storage
runtime
Access Type
metric
bytes-sent The number of bytes that have been sent out on this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
BYTES
Storage
runtime
Access Type
metric
certificate-forwarding If certificate forwarding should be enabled. If this is enabled then the listener will take the certificate from the SSL_CLIENT_CERT attribute. This should only be enabled if behind a proxy, and the proxy is configured to always set these headers.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
decode-url If this is true then the parser will decode the URL and query parameters using the selected character encoding (UTF-8 by default). If this is false they will not be decoded. This will allow a later handler to decode them into whatever charset is desired.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
disallowed-methods A comma separated list of HTTP methods that are not allowed
Attribute
Value
Default Value
["TRACE"]
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
enable-http2 Enables HTTP2 support for this listener
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enable-spdy Enables SPDY support for this listener. This has been deprecated and has no effect, HTTP/2 should be used instead
http2-header-table-size The size of the header table used for HPACK compression, in bytes. This amount of memory will be allocated per connection for compression. Larger values use more memory but may give better compression.
Attribute
Value
Default Value
4096
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
http2-initial-window-size The flow control window size that controls how quickly the client can send data to the server
Attribute
Value
Default Value
65535
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
http2-max-concurrent-streams The maximum number of HTTP/2 streams that can be active at any time on a single connection
max-buffered-request-size Maximum size of a buffered request, in bytes. Requests are not usually buffered, the most common case is when performing SSL renegotiation for a POST request, and the post data must be fully buffered in order to perform the renegotiation.
Attribute
Value
Default Value
16384
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-connections The maximum number of concurrent connections. Only values greater than 0 are allowed. For unlimited connections simply undefine this attribute value.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-cookies The maximum number of cookies that will be parsed. This is used to protect against hash vulnerabilities.
Attribute
Value
Default Value
200
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-header-size The maximum size of a http request header, in bytes.
Attribute
Value
Default Value
1048576
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-headers The maximum number of headers that will be parsed. This is used to protect against hash vulnerabilities.
Attribute
Value
Default Value
200
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-parameters The maximum number of parameters that will be parsed. This is used to protect against hash vulnerabilities. This applies to both query parameters, and to POST data, but is not cumulative (i.e. you can potentially have max parameters * 2 total parameters).
Attribute
Value
Default Value
1000
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-post-size The maximum size of a post that will be accepted, in bytes.
Attribute
Value
Default Value
10485760
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-processing-time The maximum processing time taken by a request on this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
NANOSECONDS
Storage
runtime
Access Type
metric
no-request-timeout The length of time in milliseconds that the connection can be idle before it is closed by the container.
Attribute
Value
Default Value
60000
Type
INT
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
processing-time The total processing time of all requests handed by this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
NANOSECONDS
Storage
runtime
Access Type
metric
proxy-address-forwarding Enables handling of x-forwarded-host header (and other x-forwarded-* headers) and use this header information to set the remote address. This should only be used behind a trusted proxy that sets these headers otherwise a remote user can spoof their IP address.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
proxy-protocol If this is true then the listener will use the proxy protocol v1, as defined by https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt. This option MUST only be enabled for listeners that are behind a load balancer that supports the same protocol.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
read-timeout Configure a read timeout for a socket, in milliseconds. If the given amount of time elapses without a successful read taking place, the socket's next read will throw a {@link ReadTimeoutException}.
record-request-start-time If this is true then Undertow will record the request start time, to allow for request time to be logged. This has a small but measurable performance impact
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
request-count The number of requests this listener has served
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
request-parse-timeout The maximum amount of time (in milliseconds) that can be spent parsing the request
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
require-host-http11 Require that all HTTP/1.1 requests have a 'Host' header, as per the RFC. IF the request does not include this header it will be rejected with a 403.
write-timeout Configure a write timeout for a socket, in milliseconds. If the given amount of time elapses without a successful write taking place, the socket's next write will throw a {@link WriteTimeoutException}.
If a request comes in with encoded / characters (i.e. %2F), will these be decoded.
allow-equals-in-cookie-value
BOOLEAN
false
true
false
If this is true then Undertow will allow non-escaped equals characters in unquoted cookie values. Unquoted cookie values may not contain equals characters. If present the value ends before the equals sign. The remainder of the cookie value will be dropped.
allow-unescaped-characters-in-url
BOOLEAN
false
true
false
If this is true Undertow will accept non-encoded characters that are disallowed by the URI specification. This defaults to false, and in general should not be needed as most clients correctly encode characters. Note that setting this to true can be considered a security risk, as allowing non-standard characters can allow request smuggling attacks in some circumstances.
always-set-keep-alive
BOOLEAN
false
true
true
If this is true then a Connection: keep-alive header will be added to responses, even when it is not strictly required by the specification.
buffer-pipelined-data
BOOLEAN
false
true
false
If we should buffer pipelined requests.
buffer-pool
STRING
false
false
default
The listeners buffer pool
certificate-forwarding
BOOLEAN
false
true
false
If certificate forwarding should be enabled. If this is enabled then the listener will take the certificate from the SSL_CLIENT_CERT attribute. This should only be enabled if behind a proxy, and the proxy is configured to always set these headers.
decode-url
BOOLEAN
false
true
true
If this is true then the parser will decode the URL and query parameters using the selected character encoding (UTF-8 by default). If this is false they will not be decoded. This will allow a later handler to decode them into whatever charset is desired.
disallowed-methods
LIST
false
true
["TRACE"]
A comma separated list of HTTP methods that are not allowed
enable-http2
BOOLEAN
false
true
false
Enables HTTP2 support for this listener
enable-spdy
BOOLEAN
false
true
false
Enables SPDY support for this listener. This has been deprecated and has no effect, HTTP/2 should be used instead
enabled
BOOLEAN
false
true
true
If the listener is enabled
enabled-cipher-suites
STRING
false
true
Configures Enabled SSL ciphers
enabled-protocols
STRING
false
true
Configures SSL protocols
http2-enable-push
BOOLEAN
false
true
true
If server push is enabled for this connection
http2-header-table-size
INT
false
true
4096
The size of the header table used for HPACK compression, in bytes. This amount of memory will be allocated per connection for compression. Larger values use more memory but may give better compression.
http2-initial-window-size
INT
false
true
65535
The flow control window size that controls how quickly the client can send data to the server
http2-max-concurrent-streams
INT
false
true
The maximum number of HTTP/2 streams that can be active at any time on a single connection
http2-max-frame-size
INT
false
true
16384
The max HTTP/2 frame size
http2-max-header-list-size
INT
false
true
The maximum size of request headers the server is prepared to accept
max-buffered-request-size
INT
false
true
16384
Maximum size of a buffered request, in bytes. Requests are not usually buffered, the most common case is when performing SSL renegotiation for a POST request, and the post data must be fully buffered in order to perform the renegotiation.
max-connections
INT
false
true
The maximum number of concurrent connections. Only values greater than 0 are allowed. For unlimited connections simply undefine this attribute value.
max-cookies
INT
false
true
200
The maximum number of cookies that will be parsed. This is used to protect against hash vulnerabilities.
max-header-size
INT
false
true
1048576
The maximum size of a http request header, in bytes.
max-headers
INT
false
true
200
The maximum number of headers that will be parsed. This is used to protect against hash vulnerabilities.
max-parameters
INT
false
true
1000
The maximum number of parameters that will be parsed. This is used to protect against hash vulnerabilities. This applies to both query parameters, and to POST data, but is not cumulative (i.e. you can potentially have max parameters * 2 total parameters).
max-post-size
LONG
false
true
10485760
The maximum size of a post that will be accepted, in bytes.
no-request-timeout
INT
false
true
60000
The length of time in milliseconds that the connection can be idle before it is closed by the container.
proxy-address-forwarding
BOOLEAN
false
true
false
Enables handling of x-forwarded-host header (and other x-forwarded-* headers) and use this header information to set the remote address. This should only be used behind a trusted proxy that sets these headers otherwise a remote user can spoof their IP address.
proxy-protocol
BOOLEAN
false
true
false
If this is true then the listener will use the proxy protocol v1, as defined by https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt. This option MUST only be enabled for listeners that are behind a load balancer that supports the same protocol.
read-timeout
INT
false
true
90000
Configure a read timeout for a socket, in milliseconds. If the given amount of time elapses without a successful read taking place, the socket's next read will throw a {@link ReadTimeoutException}.
receive-buffer
INT
false
true
The receive buffer size, in bytes.
record-request-start-time
BOOLEAN
false
true
false
If this is true then Undertow will record the request start time, to allow for request time to be logged. This has a small but measurable performance impact
request-parse-timeout
INT
false
true
The maximum amount of time (in milliseconds) that can be spent parsing the request
require-host-http11
BOOLEAN
false
true
false
Require that all HTTP/1.1 requests have a 'Host' header, as per the RFC. IF the request does not include this header it will be rejected with a 403.
resolve-peer-address
BOOLEAN
false
true
false
Enables host dns lookup
rfc6265-cookie-validation
BOOLEAN
false
true
false
If cookies should be validated to ensure they comply with RFC6265.
secure
BOOLEAN
false
true
false
If this is true then requests that originate from this listener are marked as secure, even if the request is not using HTTPS.
security-realm
STRING
true
false
The listeners security realm
send-buffer
INT
false
true
The send buffer size, in bytes.
socket-binding
STRING
true
false
The listener socket binding
ssl-context
STRING
true
false
Reference to the SSLContext to be used by this listener.
ssl-session-cache-size
INT
false
true
The maximum number of active SSL sessions
ssl-session-timeout
INT
false
true
The timeout for SSL sessions, in seconds
tcp-backlog
INT
false
true
10000
Configure a server with the specified backlog.
tcp-keep-alive
BOOLEAN
false
true
Configure a channel to send TCP keep-alive messages in an implementation-dependent manner.
url-charset
STRING
false
true
UTF-8
URL charset
verify-client
STRING
false
true
NOT_REQUESTED
The desired SSL client authentication mode for SSL channels
worker
STRING
false
false
default
The listeners XNIO worker
write-timeout
INT
false
true
90000
Configure a write timeout for a socket, in milliseconds. If the given amount of time elapses without a successful write taking place, the socket's next write will throw a {@link WriteTimeoutException}.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/server/index.html b/29/wildscribe/subsystem/undertow/server/index.html
index 1cd7be4cd..ec1e6d61d 100644
--- a/29/wildscribe/subsystem/undertow/server/index.html
+++ b/29/wildscribe/subsystem/undertow/server/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/servlet-container/index.html b/29/wildscribe/subsystem/undertow/servlet-container/index.html
index 0f269cc2e..3f5b44b14 100644
--- a/29/wildscribe/subsystem/undertow/servlet-container/index.html
+++ b/29/wildscribe/subsystem/undertow/servlet-container/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
allow-non-standard-wrappers If true then request and response wrappers that do not extend the standard wrapper classes can be used
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
allow-orphan-session Indicates whether session creation should be permitted after a response-closing operation, e.g. HttpServletResponse.sendRedirect(...). Enabling this behavior is generally discouraged, as the created session will be unreferenceable.
default-encoding Default encoding to use for all deployed applications
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
default-session-timeout The default session timeout (in minutes) for all applications deployed in the container.
Attribute
Value
Default Value
30
Type
INT
Nillable
true
Expressions Allowed
true
Unit
MINUTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
directory-listing If directory listing should be enabled for default servlets.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
disable-caching-for-secured-pages If Undertow should set headers to disable caching for secured paged. Disabling this can cause security problems, as sensitive pages may be cached by an intermediary.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
disable-file-watch-service If this is true then the file watch service will not be used to monitor exploded deployments for changes
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
disable-session-id-reuse If this is true then an unknown session ID will never be reused, and a new session id will be generated. If this is false then it will be re-used if and only if it is present in the session manager of another deployment, to allow the same session id to be shared between applications on the same server.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
eager-filter-initialization If true undertow calls filter init() on deployment start rather than when first requested.
file-cache-time-to-live The length of time in ms an item will stay cached. By default this is 2000 for exploded deployments, and -1 (infinite) for archive deployments
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
ignore-flush Ignore flushes on the servlet output stream. In most cases these just hurt performance for no good reason.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-sessions The maximum number of sessions that can be active at one time
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
preserve-path-on-forward If this is true Undertow will reset request path, URL and URI information to original values after forward.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
proactive-authentication If proactive authentication should be used. If this is true a user will always be authenticated if credentials are present.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
session-id-length The length of the generated session ID. Longer session ID's are more secure. This number refers to the number of bytes of randomness that are used to generate the session ID, the actual ID that is sent to the client will be base64 encoded so will be approximately 33% larger (e.g. a session id length of 30 will result in a cookie value of length 40).
Attribute
Value
Default Value
30
Type
INT
Nillable
true
Expressions Allowed
true
Min
16
Max
200
Storage
configuration
Access Type
read-write
Restart Required
all-services
stack-trace-on-error If an error page with the stack trace should be generated on error. Values are all, none and local-only
If true then request and response wrappers that do not extend the standard wrapper classes can be used
allow-orphan-session
BOOLEAN
false
true
false
Indicates whether session creation should be permitted after a response-closing operation, e.g. HttpServletResponse.sendRedirect(...). Enabling this behavior is generally discouraged, as the created session will be unreferenceable.
default-buffer-cache
STRING
false
true
default
The buffer cache to use for caching static resources
default-cookie-version
INT
false
true
0
The default cookie version servlet applications will send
default-encoding
STRING
false
true
Default encoding to use for all deployed applications
default-session-timeout
INT
false
true
30
The default session timeout (in minutes) for all applications deployed in the container.
directory-listing
BOOLEAN
false
true
If directory listing should be enabled for default servlets.
disable-caching-for-secured-pages
BOOLEAN
false
true
true
If Undertow should set headers to disable caching for secured paged. Disabling this can cause security problems, as sensitive pages may be cached by an intermediary.
disable-file-watch-service
BOOLEAN
false
true
false
If this is true then the file watch service will not be used to monitor exploded deployments for changes
disable-session-id-reuse
BOOLEAN
false
true
false
If this is true then an unknown session ID will never be reused, and a new session id will be generated. If this is false then it will be re-used if and only if it is present in the session manager of another deployment, to allow the same session id to be shared between applications on the same server.
eager-filter-initialization
BOOLEAN
false
true
false
If true undertow calls filter init() on deployment start rather than when first requested.
file-cache-max-file-size
INT
false
true
10485760
The maximum size of a file that will be cached in the file cache
file-cache-metadata-size
INT
false
true
100
The maximum number of files that will have their metadata cached
file-cache-time-to-live
INT
false
true
The length of time in ms an item will stay cached. By default this is 2000 for exploded deployments, and -1 (infinite) for archive deployments
ignore-flush
BOOLEAN
false
true
false
Ignore flushes on the servlet output stream. In most cases these just hurt performance for no good reason.
max-sessions
INT
false
true
The maximum number of sessions that can be active at one time
preserve-path-on-forward
BOOLEAN
false
true
false
If this is true Undertow will reset request path, URL and URI information to original values after forward.
proactive-authentication
BOOLEAN
false
true
true
If proactive authentication should be used. If this is true a user will always be authenticated if credentials are present.
session-id-length
INT
false
true
30
The length of the generated session ID. Longer session ID's are more secure. This number refers to the number of bytes of randomness that are used to generate the session ID, the actual ID that is sent to the client will be base64 encoded so will be approximately 33% larger (e.g. a session id length of 30 will result in a cookie value of length 40).
stack-trace-on-error
STRING
false
true
local-only
If an error page with the stack trace should be generated on error. Values are all, none and local-only
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/servlet-container/mime-mapping/index.html b/29/wildscribe/subsystem/undertow/servlet-container/mime-mapping/index.html
index 1468cb72c..878167df8 100644
--- a/29/wildscribe/subsystem/undertow/servlet-container/mime-mapping/index.html
+++ b/29/wildscribe/subsystem/undertow/servlet-container/mime-mapping/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/servlet-container/setting/affinity-cookie/index.html b/29/wildscribe/subsystem/undertow/servlet-container/setting/affinity-cookie/index.html
index 80db682af..c79f86a38 100644
--- a/29/wildscribe/subsystem/undertow/servlet-container/setting/affinity-cookie/index.html
+++ b/29/wildscribe/subsystem/undertow/servlet-container/setting/affinity-cookie/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/servlet-container/setting/crawler-session-management/index.html b/29/wildscribe/subsystem/undertow/servlet-container/setting/crawler-session-management/index.html
index be6211385..5e688aec4 100644
--- a/29/wildscribe/subsystem/undertow/servlet-container/setting/crawler-session-management/index.html
+++ b/29/wildscribe/subsystem/undertow/servlet-container/setting/crawler-session-management/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/servlet-container/setting/jsp/index.html b/29/wildscribe/subsystem/undertow/servlet-container/setting/jsp/index.html
index 3b7d5242f..561ebd836 100644
--- a/29/wildscribe/subsystem/undertow/servlet-container/setting/jsp/index.html
+++ b/29/wildscribe/subsystem/undertow/servlet-container/setting/jsp/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
check-interval Check interval for Jakarta Server Pages updates using a background thread. This has no effect for most deployments where Jakarta Server Pages change notifications are handled using the File System notification API. This only takes effect if the file watch service is disabled.
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
development Enable Development mode which enables reloading Jakarta Server Pages on-the-fly
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
disabled Disable the Jakarta Server Pages container.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
display-source-fragment When a runtime error occurs, attempts to display corresponding Jakarta Server Pages source fragment
trim-spaces Trim some spaces from the generated Servlet.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
x-powered-by Enable advertising the Jakarta Server Pages engine in x-powered-by.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add Adds Jakarta Server Pages container configuration.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
check-interval
INT
false
true
0
Check interval for Jakarta Server Pages updates using a background thread. This has no effect for most deployments where Jakarta Server Pages change notifications are handled using the File System notification API. This only takes effect if the file watch service is disabled.
development
BOOLEAN
false
true
false
Enable Development mode which enables reloading Jakarta Server Pages on-the-fly
disabled
BOOLEAN
false
true
false
Disable the Jakarta Server Pages container.
display-source-fragment
BOOLEAN
false
true
true
When a runtime error occurs, attempts to display corresponding Jakarta Server Pages source fragment
dump-smap
BOOLEAN
false
true
false
Write SMAP data to a file.
error-on-use-bean-invalid-class-attribute
BOOLEAN
false
true
false
Enable errors when using a bad class in useBean.
generate-strings-as-char-arrays
BOOLEAN
false
true
false
Generate String constants as char arrays.
java-encoding
STRING
false
true
UTF8
Specify the encoding used for Java sources.
keep-generated
BOOLEAN
false
true
true
Keep the generated Servlets.
mapped-file
BOOLEAN
false
true
true
Map to the Jakarta Server Pages source.
modification-test-interval
INT
false
true
4
Minimum amount of time between two tests for updates, in seconds.
optimize-scriptlets
BOOLEAN
false
true
false
If Jakarta Server Pages scriptlets should be optimised to remove string concatenation
recompile-on-fail
BOOLEAN
false
true
false
Retry failed Jakarta Server Pages compilations on each request.
scratch-dir
STRING
false
true
Specify a different work directory.
smap
BOOLEAN
false
true
true
Enable SMAP.
source-vm
STRING
false
true
1.8
Source VM level for compilation.
tag-pooling
BOOLEAN
false
true
true
Enable tag pooling.
target-vm
STRING
false
true
1.8
Target VM level for compilation.
trim-spaces
BOOLEAN
false
true
false
Trim some spaces from the generated Servlet.
x-powered-by
BOOLEAN
false
true
true
Enable advertising the Jakarta Server Pages engine in x-powered-by.
remove Removes Jakarta Server Pages container configuration.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/servlet-container/setting/persistent-sessions/index.html b/29/wildscribe/subsystem/undertow/servlet-container/setting/persistent-sessions/index.html
index db5838a1c..ccd96153b 100644
--- a/29/wildscribe/subsystem/undertow/servlet-container/setting/persistent-sessions/index.html
+++ b/29/wildscribe/subsystem/undertow/servlet-container/setting/persistent-sessions/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/servlet-container/setting/session-cookie/index.html b/29/wildscribe/subsystem/undertow/servlet-container/setting/session-cookie/index.html
index cda508401..7ab5a54e7 100644
--- a/29/wildscribe/subsystem/undertow/servlet-container/setting/session-cookie/index.html
+++ b/29/wildscribe/subsystem/undertow/servlet-container/setting/session-cookie/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/servlet-container/setting/websockets/index.html b/29/wildscribe/subsystem/undertow/servlet-container/setting/websockets/index.html
index c0d348028..ec9d3668e 100644
--- a/29/wildscribe/subsystem/undertow/servlet-container/setting/websockets/index.html
+++ b/29/wildscribe/subsystem/undertow/servlet-container/setting/websockets/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
deflater-level Configures the level of compression of the DEFLATE algorithm
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
9
Storage
configuration
Access Type
read-write
Restart Required
all-services
dispatch-to-worker If callbacks should be dispatched to a worker thread. If this is false then they will be run in the IO thread, which is faster however care must be taken not to perform blocking operations.
Configures the level of compression of the DEFLATE algorithm
dispatch-to-worker
BOOLEAN
false
true
true
If callbacks should be dispatched to a worker thread. If this is false then they will be run in the IO thread, which is faster however care must be taken not to perform blocking operations.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/undertow/servlet-container/welcome-file/index.html b/29/wildscribe/subsystem/undertow/servlet-container/welcome-file/index.html
index a57936fca..d33761f82 100644
--- a/29/wildscribe/subsystem/undertow/servlet-container/welcome-file/index.html
+++ b/29/wildscribe/subsystem/undertow/servlet-container/welcome-file/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/webservices/client-config/index.html b/29/wildscribe/subsystem/webservices/client-config/index.html
index 1915e6754..a34abd4d5 100644
--- a/29/wildscribe/subsystem/webservices/client-config/index.html
+++ b/29/wildscribe/subsystem/webservices/client-config/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/webservices/client-config/post-handler-chain/handler/index.html b/29/wildscribe/subsystem/webservices/client-config/post-handler-chain/handler/index.html
index bbcd45181..5757bd769 100644
--- a/29/wildscribe/subsystem/webservices/client-config/post-handler-chain/handler/index.html
+++ b/29/wildscribe/subsystem/webservices/client-config/post-handler-chain/handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/webservices/client-config/post-handler-chain/index.html b/29/wildscribe/subsystem/webservices/client-config/post-handler-chain/index.html
index 26cf4ba71..bec5f3ba2 100644
--- a/29/wildscribe/subsystem/webservices/client-config/post-handler-chain/index.html
+++ b/29/wildscribe/subsystem/webservices/client-config/post-handler-chain/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/webservices/client-config/pre-handler-chain/handler/index.html b/29/wildscribe/subsystem/webservices/client-config/pre-handler-chain/handler/index.html
index c2a8f9e6f..c50d241fc 100644
--- a/29/wildscribe/subsystem/webservices/client-config/pre-handler-chain/handler/index.html
+++ b/29/wildscribe/subsystem/webservices/client-config/pre-handler-chain/handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/webservices/client-config/pre-handler-chain/index.html b/29/wildscribe/subsystem/webservices/client-config/pre-handler-chain/index.html
index e6dee6054..907ce8d14 100644
--- a/29/wildscribe/subsystem/webservices/client-config/pre-handler-chain/index.html
+++ b/29/wildscribe/subsystem/webservices/client-config/pre-handler-chain/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/webservices/client-config/property/index.html b/29/wildscribe/subsystem/webservices/client-config/property/index.html
index 250245b68..1526cf329 100644
--- a/29/wildscribe/subsystem/webservices/client-config/property/index.html
+++ b/29/wildscribe/subsystem/webservices/client-config/property/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/webservices/endpoint-config/index.html b/29/wildscribe/subsystem/webservices/endpoint-config/index.html
index e1ede9668..76ee6fa6e 100644
--- a/29/wildscribe/subsystem/webservices/endpoint-config/index.html
+++ b/29/wildscribe/subsystem/webservices/endpoint-config/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/webservices/endpoint-config/post-handler-chain/handler/index.html b/29/wildscribe/subsystem/webservices/endpoint-config/post-handler-chain/handler/index.html
index a61436020..b7bc87bbf 100644
--- a/29/wildscribe/subsystem/webservices/endpoint-config/post-handler-chain/handler/index.html
+++ b/29/wildscribe/subsystem/webservices/endpoint-config/post-handler-chain/handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/webservices/endpoint-config/post-handler-chain/index.html b/29/wildscribe/subsystem/webservices/endpoint-config/post-handler-chain/index.html
index fa931d8f7..c834d241d 100644
--- a/29/wildscribe/subsystem/webservices/endpoint-config/post-handler-chain/index.html
+++ b/29/wildscribe/subsystem/webservices/endpoint-config/post-handler-chain/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/webservices/endpoint-config/pre-handler-chain/handler/index.html b/29/wildscribe/subsystem/webservices/endpoint-config/pre-handler-chain/handler/index.html
index fe77cad6b..23a5ca748 100644
--- a/29/wildscribe/subsystem/webservices/endpoint-config/pre-handler-chain/handler/index.html
+++ b/29/wildscribe/subsystem/webservices/endpoint-config/pre-handler-chain/handler/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/webservices/endpoint-config/pre-handler-chain/index.html b/29/wildscribe/subsystem/webservices/endpoint-config/pre-handler-chain/index.html
index 58f682c98..2af72276e 100644
--- a/29/wildscribe/subsystem/webservices/endpoint-config/pre-handler-chain/index.html
+++ b/29/wildscribe/subsystem/webservices/endpoint-config/pre-handler-chain/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/webservices/endpoint-config/property/index.html b/29/wildscribe/subsystem/webservices/endpoint-config/property/index.html
index ace609da5..659911eab 100644
--- a/29/wildscribe/subsystem/webservices/endpoint-config/property/index.html
+++ b/29/wildscribe/subsystem/webservices/endpoint-config/property/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/webservices/index.html b/29/wildscribe/subsystem/webservices/index.html
index be5c6494a..b42c4ca23 100644
--- a/29/wildscribe/subsystem/webservices/index.html
+++ b/29/wildscribe/subsystem/webservices/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
statistics-enabled Whether statistics are to be gathered for endpoints, default value is 'false'.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
wsdl-host The WSDL, that is a required deployment artifact for an endpoint, has a element which points to the location of the endpoint. JBoss supports rewriting of that SOAP address. If the content of is a valid URL, JBossWS will not rewrite it unless 'modify-wsdl-address' is true. If the content of is not a valid URL, JBossWS will rewrite it using the attribute values given below. If 'wsdl-host' is set to 'jbossws.undefined.host', JBossWS uses requesters host when rewriting the
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
wsdl-path-rewrite-rule This string defines a SED substitution command (e.g., 's/regexp/replacement/g') that JBossWS executes against the path component of each URL published from the server. When wsdl-path-rewrite-rule is not defined, JBossWS retains the original path component of each URL. When 'modify-wsdl-address' is set to "false" this element is ignored.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
wsdl-port The non-secure port that will be used for rewriting the SOAP address. If absent the port will be identified by querying the list of installed connectors.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
wsdl-secure-port The secure port that will be used for rewriting the SOAP address. If absent the port will be identified by querying the list of installed connectors.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
wsdl-uri-scheme The URI scheme to use for rewriting . Valid values are 'http' and 'https'. This configuration overrides scheme computed by processing the endpoint (even if a transport guarantee is specified). The provided values for 'wsdl-port' and 'wsdl-secure-port' (or their default values) are used depending on specified scheme.
Whether statistics are to be gathered for endpoints, default value is 'false'.
wsdl-host
STRING
false
true
The WSDL, that is a required deployment artifact for an endpoint, has a element which points to the location of the endpoint. JBoss supports rewriting of that SOAP address. If the content of is a valid URL, JBossWS will not rewrite it unless 'modify-wsdl-address' is true. If the content of is not a valid URL, JBossWS will rewrite it using the attribute values given below. If 'wsdl-host' is set to 'jbossws.undefined.host', JBossWS uses requesters host when rewriting the
wsdl-path-rewrite-rule
STRING
false
false
This string defines a SED substitution command (e.g., 's/regexp/replacement/g') that JBossWS executes against the path component of each URL published from the server. When wsdl-path-rewrite-rule is not defined, JBossWS retains the original path component of each URL. When 'modify-wsdl-address' is set to "false" this element is ignored.
wsdl-port
INT
false
true
The non-secure port that will be used for rewriting the SOAP address. If absent the port will be identified by querying the list of installed connectors.
wsdl-secure-port
INT
false
true
The secure port that will be used for rewriting the SOAP address. If absent the port will be identified by querying the list of installed connectors.
wsdl-uri-scheme
STRING
false
true
The URI scheme to use for rewriting . Valid values are 'http' and 'https'. This configuration overrides scheme computed by processing the endpoint (even if a transport guarantee is specified). The provided values for 'wsdl-port' and 'wsdl-secure-port' (or their default values) are used depending on specified scheme.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/weld/index.html b/29/wildscribe/subsystem/weld/index.html
index 147f1c31e..fff32a6ba 100644
--- a/29/wildscribe/subsystem/weld/index.html
+++ b/29/wildscribe/subsystem/weld/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
development-mode Weld comes with a special mode for application development. When the development mode is enabled, certain built-in tools, which facilitate the development of Jakarta Contexts and Dependency Injection applications are available. Setting this attribute to true activates the development mode.
Deprecated Since 5.0.0
Development mode is no longer supported on servers running the current version.
non-portable-mode If true, then the non-portable mode is enabled. The non-portable mode is suggested by the specification to overcome problems with legacy applications that do not use Jakarta Contexts and Dependency Injection SPI properly and may be rejected by more strict validation in CDI 1.1.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
require-bean-descriptor If true, then implicit bean archives without a bean descriptor file (beans.xml) are ignored by Weld.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
thread-pool-size The number of threads to be used by the Weld thread pool. The pool is shared across all Jakarta Contexts and Dependency Injection enabled deployments and used primarily for parallel Weld bootstrapping.
Weld comes with a special mode for application development. When the development mode is enabled, certain built-in tools, which facilitate the development of Jakarta Contexts and Dependency Injection applications are available. Setting this attribute to true activates the development mode.
legacy-empty-beans-xml-treatment
BOOLEAN
false
true
false
If true, all bean archives with empty beans.xml are considered to have discovery mode ALL.
non-portable-mode
BOOLEAN
false
true
false
If true, then the non-portable mode is enabled. The non-portable mode is suggested by the specification to overcome problems with legacy applications that do not use Jakarta Contexts and Dependency Injection SPI properly and may be rejected by more strict validation in CDI 1.1.
require-bean-descriptor
BOOLEAN
false
true
false
If true, then implicit bean archives without a bean descriptor file (beans.xml) are ignored by Weld.
thread-pool-size
INT
false
true
The number of threads to be used by the Weld thread pool. The pool is shared across all Jakarta Contexts and Dependency Injection enabled deployments and used primarily for parallel Weld bootstrapping.
+
+
\ No newline at end of file
diff --git a/29/wildscribe/subsystem/xts/index.html b/29/wildscribe/subsystem/xts/index.html
index 57b21c42c..2d38508d3 100644
--- a/29/wildscribe/subsystem/xts/index.html
+++ b/29/wildscribe/subsystem/xts/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/system-property/index.html b/29/wildscribe/system-property/index.html
index 227902b61..789f73c6f 100644
--- a/29/wildscribe/system-property/index.html
+++ b/29/wildscribe/system-property/index.html
@@ -1 +1,11 @@
- WildFly Full 29 Model Reference
WildFly can be booted in two different modes. A managed domain allows
+you to run and manage a multi-server topology. Alternatively, you can
+run a standalone server instance.
For many use cases, the centralized management capability available via
+a managed domain is not necessary. For these use cases, a WildFly
+instance can be run as a "standalone server". A standalone server
+instance is an independent process, much like an JBoss Application
+Server 3, 4, 5, or 6 instance is. Standalone instances can be launched
+via the standalone.sh or standalone.bat launch scripts.
+
+
+
If more than one standalone instance is launched and multi-server
+management is desired, it is the user’s responsibility to coordinate
+management across the servers. For example, to deploy an application
+across all of the standalone servers, the user would need to
+individually deploy the application on each server.
+
+
+
It is perfectly possible to launch multiple standalone server instances
+and have them form an HA cluster, just like it was possible with JBoss
+Application Server 3, 4, 5 and 6.
One of the primary new features of WildFly is the ability to manage
+multiple WildFly instances from a single control point. A collection of
+such servers is referred to as the members of a "domain" with a single
+Domain Controller process acting as the central management control
+point. All of the WildFly instances in the domain share a common
+management policy, with the Domain Controller acting to ensure that each
+server is configured according to that policy. Domains can span multiple
+physical (or virtual) machines, with all WildFly instances on a given
+host under the control of a special Host Controller process. One Host
+Controller instance is configured to act as the central Domain
+Controller. The Host Controller on each host interacts with the Domain
+Controller to control the lifecycle of the application server instances
+running on its host and to assist the Domain Controller in managing
+them.
+
+
+
When you launch a WildFly managed domain on a host (via the domain.sh
+or domain.bat launch scripts) your intent is to launch a Host
+Controller and usually at least one WildFly instance. On one of the
+hosts the Host Controller should be configured to act as the Domain
+Controller. See Domain Setup for details.
+
+
+
The following is an example managed domain topology:
When the domain.sh or domain.bat script is run on a host, a process
+known as a Host Controller is launched. The Host Controller is solely
+concerned with server management; it does not itself handle application
+server workloads. The Host Controller is responsible for starting and
+stopping the individual application server processes that run on its
+host, and interacts with the Domain Controller to help manage them.
+
+
+
Each Host Controller by default reads its configuration from the
+domain/configuration/host.xml file located in the unzipped WildFly
+installation on its host’s filesystem. The host.xml file contains
+configuration information that is specific to the particular host.
+Primarily:
+
+
+
+
+
the listing of the names of the actual WildFly instances that are
+meant to run off of this installation.
+
+
+
configuration of how the Host Controller is to contact the Domain
+Controller to register itself and access the domain configuration. This
+may either be configuration of how to find and contact a remote Domain
+Controller, or a configuration telling the Host Controller to itself act
+as the Domain Controller.
+
+
+
configuration of items that are specific to the local physical
+installation. For example, named interface definitions declared in
+domain.xml (see below) can be mapped to an actual machine-specific IP
+address in host.xml. Abstract path names in domain.xml can be mapped
+to actual filesystem paths in host.xml.
One Host Controller instance is configured to act as the central
+management point for the entire domain, i.e. to be the Domain
+Controller. The primary responsibility of the Domain Controller is to
+maintain the domain’s central management policy, to ensure all Host
+Controllers are aware of its current contents, and to assist the Host
+Controllers in ensuring any running application server instances are
+configured in accordance with this policy. This central management
+policy is stored by default in the domain/configuration/domain.xml
+file in the unzipped WildFly installation on Domain Controller’s host’s
+filesystem.
+
+
+
A domain.xml file must be located in the domain/configuration
+directory of an installation that’s meant to run the Domain Controller.
+It does not need to be present in installations that are not meant to
+run a Domain Controller; i.e. those whose Host Controller is configured
+to contact a remote Domain Controller. The presence of a domain.xml
+file on such a server does no harm.
+
+
+
The domain.xml file includes, among other things, the configuration of
+the various "profiles" that WildFly instances in the domain can be
+configured to run. A profile configuration includes the detailed
+configuration of the various subsystems that comprise that profile (e.g.
+an embedded JBoss Web instance is a subsystem; a JBoss TS transaction
+manager is a subsystem, etc). The domain configuration also includes the
+definition of groups of sockets that those subsystems may open. The
+domain configuration also includes the definition of "server groups":
A server group is set of server instances that will be managed and
+configured as one. In a managed domain each application server instance
+is a member of a server group. (Even if the group only has a single
+server, the server is still a member of a group.) It is the
+responsibility of the Domain Controller and the Host Controllers to
+ensure that all servers in a server group have a consistent
+configuration. They should all be configured with the same profile and
+they should have the same deployment content deployed.
+
+
+
The domain can have multiple server groups. The above diagram shows two
+server groups, "ServerGroupA" and "ServerGroupB". Different server
+groups can be configured with different profiles and deployments; for
+example in a domain with different tiers of servers providing different
+services. Different server groups can also run the same profile and have
+the same deployments; for example to support rolling application upgrade
+scenarios where a complete service outage is avoided by first upgrading
+the application on one server group and then upgrading a second server
+group.
A server-group configuration includes the following required attributes:
+
+
+
+
+
name — the name of the server group
+
+
+
profile — the name of the profile the servers in the group should run
+
+
+
+
+
In addition, the following optional elements are available:
+
+
+
+
+
socket-binding-group — specifies the name of the default socket
+binding group to use on servers in the group. Can be overridden on a
+per-server basis in host.xml. If not provided in the server-group
+element, it must be provided for each server in host.xml.
+
+
+
deployments — the deployment content that should be deployed on the
+servers in the group.
+
+
+
deployment-overlays — the overlays and their associated deployments.
+
+
+
system-properties — system properties that should be set on all
+servers in the group
+
+
+
jvm — default jvm settings for all servers in the group. The Host
+Controller will merge these settings with any provided in host.xml to
+derive the settings to use to launch the server’s JVM. See
+JVM settings for further details.
Each "Server" in the above diagram represents an actual application
+server instance. The server runs in a separate JVM process from the Host
+Controller. The Host Controller is responsible for launching that
+process. (In a managed domain the end user cannot directly launch a
+server process from the command line.)
+
+
+
The Host Controller synthesizes the server’s configuration by combining
+elements from the domain wide configuration (from domain.xml ) and the
+host-specific configuration (from host.xml ).
Which use cases are appropriate for managed domain and which are
+appropriate for standalone servers? A managed domain is all about
+coordinated multi-server management — with it WildFly provides a
+central point through which users can manage multiple servers, with rich
+capabilities to keep those servers' configurations consistent and the
+ability to roll out configuration changes (including deployments) to the
+servers in a coordinated fashion.
+
+
+
It’s important to understand that the choice between a managed domain
+and standalone servers is all about how your servers are managed, not
+what capabilities they have to service end user requests. This
+distinction is particularly important when it comes to high availability
+clusters. It’s important to understand that HA functionality is
+orthogonal to running standalone servers or a managed domain. That is, a
+group of standalone servers can be configured to form an HA cluster. The
+domain and standalone modes determine how the servers are managed, not
+what capabilities they provide.
+
+
+
So, given all that:
+
+
+
+
+
A single server installation gains nothing from running in a managed
+domain, so running a standalone server is a better choice.
+
+
+
For multi-server production environments, the choice of running a
+managed domain versus standalone servers comes down to whether the user
+wants to use the centralized management capabilities a managed domain
+provides. Some enterprises have developed their own sophisticated
+multi-server management capabilities and are comfortable coordinating
+changes across a number of independent WildFly instances. For these
+enterprises, a multi-server architecture comprised of individual
+standalone servers is a good option.
+
+
+
Running a standalone server is better suited for most development
+scenarios. Any individual server configuration that can be achieved in a
+managed domain can also be achieved in a standalone server, so even if
+the application being developed will eventually run in production on a
+managed domain installation, much (probably most) development can be
+done using a standalone server.
+
+
+
Running a managed domain mode can be helpful in some advanced
+development scenarios; i.e. those involving interaction between multiple
+WildFly instances. Developers may find that setting up various servers
+as members of a domain is an efficient way to launch a multi-server
+cluster.
An extension is a module that extends the core capabilities of the
+server. The WildFly core is very simple and lightweight; most of the
+capabilities people associate with an application server are provided
+via extensions. An extension is packaged as a module in the modules
+folder. The user indicates that they want a particular extension to be
+available by including an <extension/> element naming its module in
+the domain.xml or standalone.xml file.
The most significant part of the configuration in domain.xml and
+standalone.xml is the configuration of one (in standalone.xml) or
+more (in domain.xml) "profiles". A profile is a named set of subsystem
+configurations. A subsystem is an added set of capabilities added to the
+core server by an extension (see "Extensions" above). A subsystem
+provides servlet handling capabilities; a subsystem provides an Jakarta Enterprise Beans
+container; a subsystem provides Jakarta Transactions, etc. A profile is a named list of
+subsystems, along with the details of each subsystem’s configuration. A
+profile with a large number of subsystems results in a server with a
+large set of capabilities. A profile with a small, focused set of
+subsystems will have fewer capabilities but a smaller footprint.
+
+
+
The content of an individual profile configuration looks largely the
+same in domain.xml and standalone.xml. The only difference is
+standalone.xml is only allowed to have a single profile element (the
+profile the server will run), while domain.xml can have many profiles,
+each of which can be mapped to one or more groups of servers.
+
+
+
The contents of individual subsystem configurations look exactly the
+same between domain.xml and standalone.xml.
A logical name for a filesystem path. The domain.xml, host.xml and
+standalone.xml configurations all include a section where paths can be
+declared. Other sections of the configuration can then reference those
+paths by their logical name, rather than having to include the full
+details of the path (which may vary on different machines). For example,
+the logging subsystem configuration includes a reference to the "
+`jboss.server.log.dir`" path that points to the server’s " `log`"
+directory.
WildFly automatically provides a number of standard paths without any
+need for the user to configure them in a configuration file:
+
+
+
+
+
jboss.home.dir - the root directory of the WildFly distribution
+
+
+
user.home - user’s home directory
+
+
+
user.dir - user’s current working directory
+
+
+
java.home - java installation directory
+
+
+
jboss.server.base.dir - root directory for an individual server
+instance
+
+
+
jboss.server.config.dir - directory the server will use for
+configuration file storage
+
+
+
jboss.server.data.dir - directory the server will use for persistent
+data file storage
+
+
+
jboss.server.log.dir - directory the server will use for log file
+storage
+
+
+
jboss.server.temp.dir - directory the server will use for temporary
+file storage
+
+
+
jboss.controller.temp.dir - directory the server will use for
+temporary file storage
+
+
+
jboss.domain.servers.dir - directory under which a host controller
+will create the working area for individual server instances (managed
+domain mode only)
+
+
+
+
+
Users can add their own paths or override all except the first 5 of the
+above by adding a <path/> element to their configuration file.
path — the actual filesystem path. Treated as an absolute path,
+unless the 'relative-to' attribute is specified, in which case the value
+is treated as relative to that path.
+
+
+
relative-to — (optional) the name of another previously named path,
+or of one of the standard paths provided by the system.
+
+
+
+
+
A <path/> element in a domain.xml need not include anything more
+than the name attribute; i.e. it need not include any information
+indicating what the actual filesystem path is:
+
+
+
+
<pathname="x"/>
+
+
+
+
Such a configuration simply says, "There is a path named 'x' that other
+parts of the domain.xml configuration can reference. The actual
+filesystem location pointed to by 'x' is host-specific and will be
+specified in each machine’s host.xml file." If this approach is used,
+there must be a path element in each machine’s host.xml that specifies
+what the actual filesystem path is:
+
+
+
+
<pathname="x"path="/var/x"/>
+
+
+
+
A <path/> element in a standalone.xml must include the specification
+of the actual filesystem path.
A logical name for a network interface/IP address/host name to which
+sockets can be bound. The domain.xml, host.xml and standalone.xml
+configurations all include a section where interfaces can be declared.
+Other sections of the configuration can then reference those interfaces
+by their logical name, rather than having to include the full details of
+the interface (which may vary on different machines). An interface
+configuration includes the logical name of the interface as well as
+information specifying the criteria to use for resolving the actual
+physical address to use. See Interfaces
+and ports for further details.
+
+
+
An <interface/> element in a domain.xml need not include anything
+more than the name attribute; i.e. it need not include any information
+indicating what the actual IP address associated with the name is:
+
+
+
+
<interfacename="internal"/>
+
+
+
+
Such a configuration simply says, "There is an interface named
+'internal' that other parts of the domain.xml configuration can
+reference. The actual IP address pointed to by 'internal' is
+host-specific and will be specified in each machine’s host.xml file." If
+this approach is used, there must be an interface element in each
+machine’s host.xml that specifies the criteria for determining the IP
+address:
A socket binding is a named configuration for a socket.
+
+
+
The domain.xml and standalone.xml configurations both include a
+section where named socket configurations can be declared. Other
+sections of the configuration can then reference those sockets by their
+logical name, rather than having to include the full details of the
+socket configuration (which may vary on different machines).
+See Socket Binding Groups
+for full details.
System property values can be set in a number of places in domain.xml,
+host.xml and standalone.xml. The values in standalone.xml are set
+as part of the server boot process. Values in domain.xml and
+host.xml are applied to servers when they are launched.
+
+
+
When a system property is configured in domain.xml or host.xml, the
+servers it ends up being applied to depends on where it is set. Setting
+a system property in a child element directly under the domain.xml
+root results in the property being set on all servers. Setting it in a
+<system-property/> element inside a <server-group/> element in
+domain.xml results in the property being set on all servers in the
+group. Setting it in a child element directly under the host.xml root
+results in the property being set on all servers controlled by that
+host’s Host Controller. Finally, setting it in a <system-property/>
+element inside a <server/> element in host.xml result in the
+property being set on that server. The same property can be configured
+in multiple locations, with a value in a <server/> element taking
+precedence over a value specified directly under the host.xml root
+element, the value in a host.xml taking precedence over anything from
+domain.xml, and a value in a <server-group/> element taking
+precedence over a value specified directly under the domain.xml root
+element.
Scripts are located in the $JBOSS_HOME/bin directory. Within this directory you will find script configuration files
+for standalone and domain startup scripts for each platform. These files can be used to configure your environment
+without having to edit the scripts themselves. For example, you can configure the JAVA_OPTS environment variable to
+configure the JVM before the container is launched.
By default, these are in the $JBOSS_HOME/bin directory. However, you can set the STANDALONE_CONF environment
+variable for standalone servers or DOMAIN_CONF environment variable for domain servers with a value of the
+absolute path to the file.
Starting with WildFly 23, common configuration files were introduced. These files are invoked from every script in the
+$JBOSS_HOME/bin directory. While these configuration files are not present in the directory by default, they
+can be added. You can simply just add the common.conf configuration file for the script type you want to
+execute and all scripts in the directory will invoke the configuration script.
+
+
+
+
+
common.conf for bash scripts
+
+
+
common.conf.bat for Windows batch scripts
+
+
+
common.conf.ps1 for PowerShell scripts
+
+
+
+
+
You can also set the COMMON_CONF environment variable to have this configuration script live outside the
+$JBOSS_HOME/bin directory.
+
+
+
+
+
+
+
+
+If you provide a common configuration file it will be invoked before the standalone and domain script
+configuration files. For example invoking standalone.sh first invokes the common.conf then later invokes
+the standalone.conf.
+
When WildFly parses your configuration files at boot, or when you use
+one of the AS’s Management Clients you are
+adding, removing or modifying management resources in the AS’s
+internal management model. A WildFly management resource has the
+following characteristics:
All WildFly management resources are organized in a tree. The path to
+the node in the tree for a particular resource is its address. Each
+segment in a resource’s address is a key/value pair:
+
+
+
+
+
The key is the resource’s type, in the context of its parent. So,
+for example, the root resource for a standalone server has children of
+type subsystem, interface, socket-binding, etc. The resource for
+the subsystem that provides the AS’s webserver capability has children
+of type connector and virtual-server. The resource for the subsystem
+that provides the AS’s messaging server capability has, among others,
+children of type jms-queue and jms-topic.
+
+
+
The value is the name of a particular resource of the given type, e.g
+web or messaging for subsystems or http or https for web
+subsystem connectors.
+
+
+
+
+
The full address for a resource is the ordered list of key/value pairs
+that lead from the root of the tree to the resource. Typical notation is
+to separate the elements in the address with a '/' and to separate the
+key and the value with an '=':
Querying or modifying the state of a resource is done via an operation.
+An operation has the following characteristics:
+
+
+
+
+
A string name
+
+
+
Zero or more named parameters. Each parameter has a string name, and a
+value of type org.jboss.dmr.ModelNode (or, when invoked via the CLI,
+the text representation of a ModelNode; when invoked via the HTTP API,
+the JSON representation of a ModelNode.) Parameters may be optional.
+
+
+
A return value, which will be of type org.jboss.dmr.ModelNode (or,
+when invoked via the CLI, the text representation of a ModelNode; when
+invoked via the HTTP API, the JSON representation of a ModelNode.)
+
+
+
+
+
Every resource except the root resource will have an add operation and
+should have a remove operation ("should" because in WildFly 29 many do
+not). The parameters for the add operation vary depending on the
+resource. The remove operation has no parameters.
+
+
+
There are also a number of "global" operations that apply to all
+resources. See Global operations for full
+details.
+
+
+
The operations a resource supports can themselves be determined by
+invoking an operation: the read-operation-names operation. Once the
+name of an operation is known, details about its parameters and return
+value can be determined by invoking the read-operation-description
+operation. For example, to learn the names of the operations exposed by
+the root resource for a standalone server, and then learn the full
+details of one of them, via the CLI one would:
+
+
+
+
[standalone@localhost:9990 /] :read-operation-names
+{
+ "outcome" => "success",
+ "result" => [
+ "add-namespace",
+ "add-schema-location",
+ "delete-snapshot",
+ "full-replace-deployment",
+ "list-snapshots",
+ "read-attribute",
+ "read-children-names",
+ "read-children-resources",
+ "read-children-types",
+ "read-config-as-xml",
+ "read-operation-description",
+ "read-operation-names",
+ "read-resource",
+ "read-resource-description",
+ "reload",
+ "remove-namespace",
+ "remove-schema-location",
+ "replace-deployment",
+ "shutdown",
+ "take-snapshot",
+ "upload-deployment-bytes",
+ "upload-deployment-stream",
+ "upload-deployment-url",
+ "validate-address",
+ "write-attribute"
+ ]
+}
+[standalone@localhost:9990 /] :read-operation-description(name=upload-deployment-url)
+{
+ "outcome" => "success",
+ "result" => {
+ "operation-name" => "upload-deployment-url",
+ "description" => "Indicates that the deployment content available at the included URL should be added to the deployment content repository. Note that this operation does not indicate the content should be deployed into the runtime.",
+ "request-properties" => {"url" => {
+ "type" => STRING,
+ "description" => "The URL at which the deployment content is available for upload to the domain's or standalone server's deployment content repository.. Note that the URL must be accessible from the target of the operation (i.e. the Domain Controller or standalone server).",
+ "required" => true,
+ "min-length" => 1,
+ "nillable" => false
+ }},
+ "reply-properties" => {
+ "type" => BYTES,
+ "description" => "The hash of managed deployment content that has been uploaded to the domain's or standalone server's deployment content repository.",
+ "min-length" => 20,
+ "max-length" => 20,
+ "nillable" => false
+ }
+ }
+}
+
+
+
+
See Descriptions
+below for more on how to learn about the operations a resource exposes.
Management resources expose information about their state as attributes.
+Attributes have string name, and a value of type
+org.jboss.dmr.ModelNode (or: for the CLI, the text representation of a
+ModelNode; for HTTP API, the JSON representation of a ModelNode.)
+
+
+
Attributes can either be read-only or read-write. Reading and writing
+attribute values is done via the global read-attribute and
+write-attribute operations.
+
+
+
The read-attribute operation takes a single parameter "name" whose
+value is a the name of the attribute. For example, to read the "port"
+attribute of a socket-binding resource via the CLI:
Attributes can have one of two possible storage types:
+
+
+
+
+
CONFIGURATION – means the value of the attribute is stored in the
+persistent configuration; i.e. in the domain.xml, host.xml or
+standalone.xml file from which the resource’s configuration was read.
+
+
+
RUNTIME – the attribute value is only available from a running
+server; the value is not stored in the persistent configuration. A
+metric (e.g. number of requests serviced) is a typical example of a
+RUNTIME attribute.
+
+
+
+
+
The values of all of the attributes a resource exposes can be obtained
+via the read-resource operation, with the "include-runtime" parameter
+set to "true". For example, from the CLI:
Omit the "include-runtime" parameter (or set it to "false") to limit
+output to those attributes whose values are stored in the persistent
+configuration:
It is possible to override the value of any simple attribute by providing an environment variable with a name
+that maps to the attribute (and its resource).
+
+
+
+
+
+
+
+
+
+
Complex attributes (which have their type set to LIST, OBJECT, or PROPERTY) can not be overridden using an environment variable.
+
+
+
+
+
+
+
If there is an environment variable with such a name, the management resource will use the value of this environment variable
+when the management resource validates and sets the attribute value.
+This takes place before the attribute value is resolved (if it contains an expression) or corrected.
+
+
+
+
+
+
+
+
+
+
This feature is disabled by default. To enable it, the environment variable WILDFLY_OVERRIDING_ENV_VARS must be set (its value is not relevant):
If WildFly is started with that environment variable, the value of the proxy-address-forwarding attribute on the
+/subsystem=undertow/server=default-server/http-listener=default will be set to the value of the environment variable:
If an attribute value is determined from an environment variable, the next time the configuration is persisted, that value from the environment variable will be persisted.
+Until an operation triggers such persistence of the configuration file, the configuration file will not reflect the current running configuration.
Management resources may support child resources. The
+types of children a
+resource supports (e.g. connector for the web subsystem resource) can
+be obtained by querying the resource’s description (see
+Descriptions below)
+or by invoking the read-children-types operation. Once you know the
+legal child types, you can query the names of all children of a given
+type by using the global read-children-types operation. The operation
+takes a single parameter "child-type" whose value is the type. For
+example, a resource representing a socket binding group has children. To
+find the type of those children and the names of resources of that type
+via the CLI one could:
All resources expose metadata that describes their attributes,
+operations and child types. This metadata is itself obtained by invoking
+one or more of the global operations each
+resource supports. We showed examples of the read-operation-names,
+read-operation-description, read-children-types and
+read-children-names operations above.
+
+
+
The read-resource-description operation can be used to find the
+details of the attributes and child types associated with a resource.
+For example, using the CLI:
+
+
+
+
[standalone@localhost:9990 /] /socket-binding-group=standard-sockets:read-resource-description
+{
+ "outcome" => "success",
+ "result" => {
+ "description" => "Contains a list of socket configurations.",
+ "head-comment-allowed" => true,
+ "tail-comment-allowed" => false,
+ "attributes" => {
+ "name" => {
+ "type" => STRING,
+ "description" => "The name of the socket binding group.",
+ "required" => true,
+ "head-comment-allowed" => false,
+ "tail-comment-allowed" => false,
+ "access-type" => "read-only",
+ "storage" => "configuration"
+ },
+ "default-interface" => {
+ "type" => STRING,
+ "description" => "Name of an interface that should be used as the interface for any sockets that do not explicitly declare one.",
+ "required" => true,
+ "head-comment-allowed" => false,
+ "tail-comment-allowed" => false,
+ "access-type" => "read-write",
+ "storage" => "configuration"
+ },
+ "port-offset" => {
+ "type" => INT,
+ "description" => "Increment to apply to the base port values defined in the socket bindings to derive the runtime values to use on this server.",
+ "required" => false,
+ "head-comment-allowed" => true,
+ "tail-comment-allowed" => false,
+ "access-type" => "read-write",
+ "storage" => "configuration"
+ }
+ },
+ "operations" => {},
+ "children" => {"socket-binding" => {
+ "description" => "The individual socket configurtions.",
+ "min-occurs" => 0,
+ "model-description" => undefined
+ }}
+ }
+}
+
+
+
+
Note the
+"operations" ⇒ }} in the output above. If the command had included the {{operations
+parameter (i.e.
+/socket-binding-group=standard-sockets:read-resource-description(operations=true))
+the output would have included the description of each operation
+supported by the resource.
+
+
+
See the Global operations section for
+details on other parameters supported by the read-resource-description
+operation and all the other globally available operations.
WildFly management resources are conceptually quite similar to Open
+MBeans. They have the following primary differences:
+
+
+
+
+
WildFly management resources are organized in a tree structure. The
+order of the key value pairs in a resource’s address is significant, as
+it defines the resource’s position in the tree. The order of the key
+properties in a JMX ObjectName is not significant.
+
+
+
In an Open MBean attribute values, operation parameter values and
+operation return values must either be one of the simple JDK types
+(String, Boolean, Integer, etc) or implement either the
+javax.management.openmbean.CompositeData interface or the
+javax.management.openmbean.TabularData interface. WildFly management
+resource attribute values, operation parameter values and operation
+return values are all of type org.jboss.dmr.ModelNode.
As noted above, management resources are organized in a tree structure.
+The structure of the tree depends on whether you are running a
+standalone server or a managed domain.
In a managed domain, the structure of the managed resource tree spans
+the entire domain, covering both the domain wide configuration (e.g.
+what’s in domain.xml, the host specific configuration for each host
+(e.g. what’s in host.xml, and the resources exposed by each running
+application server. The Host Controller processes in a managed domain
+provide access to all or part of the overall resource tree. How much is
+available depends on whether the management client is interacting with
+the Host Controller that is acting as the Domain Controller. If
+the Host Controller is the Domain Controller, then the section of
+the tree for each host is available. If the Host Controller is a secondary Host Controller
+to a remote Domain Controller, then only the portion of the tree
+associated with that host is available.
+
+
+
+
+
The root resource for the entire domain. The persistent configuration
+associated with this resource and its children, except for those of type
+host, is persisted in the domain.xml file on the Domain Controller.
+
+
+
+
extension – extensions available in the domain
+
+
+
path – paths available on across the domain
+
+
+
system-property – system properties set as part of the
+configuration (i.e. not on the command line) and available across the
+domain
+
+
+
profile – sets of subsystem configurations that can be assigned to
+server groups
+
+
+
+
subsystem – configuration of subsystems that are part of the
+profile
+
+
+
+
+
+
interface – interface configurations
+
+
+
socket-binding-group – sets of socket bindings configurations that
+can be applied to server groups
deployment – deployments available for assignment to server groups
+
+
+
deployment-overlay — deployment-overlays content available to
+overlay deployments in server groups
+
+
+
server-group – server group configurations
+
+
+
host – the individual Host Controllers. Each child of this type
+represents the root resource for a particular host. The persistent
+configuration associated with one of these resources or its children is
+persisted in the host’s host.xml file.
+
+
+
+
path – paths available on each server on the host
+
+
+
system-property – system properties to set on each server on the
+host
+
+
+
core-service=management – the Host Controller’s core management
+services
+
+
+
interface – interface configurations that apply to the Host
+Controller or servers on the host
+
+
+
jvm – JVM configurations that can be applied when launching
+servers
+
+
+
server-config – configuration describing how the Host Controller
+should launch a server; what server group configuration to use, and any
+server-specific overrides of items specified in other resources
+
+
+
server – the root resource for a running server. Resources from
+here and below are not directly persisted; the domain-wide and host
+level resources contain the persistent configuration that drives a
+server
+
+
+
+
extension – extensions installed in the server
+
+
+
path – paths available on the server
+
+
+
system-property – system properties set as part of the
+configuration (i.e. not on the command line)
+
+
+
core-service=management – the server’s core management services
+
+
+
core-service=service-container – resource for the JBoss MSC
+ServiceContainer that’s at the heart of the AS
+
+
+
subsystem – the subsystems installed on the server. The bulk of
+the management model will be children of type subsystem
+
+
+
interface – interface configurations
+
+
+
socket-binding-group – the central resource for the server’s
+socket bindings
WildFly offers three different approaches to configure and manage
+servers: a web interface, a command line client and a set of XML
+configuration files. Regardless of the approach you choose, the
+configuration is always synchronized across the different views and
+finally persisted to the XML files.
The HTTP API endpoint is the entry point for management clients that
+rely on the HTTP protocol to integrate with the management layer. It
+uses a JSON encoded protocol and a de-typed, RPC style API to describe
+and execute management operations against a managed domain or standalone
+server. It’s used by the web console, but offers integration
+capabilities for a wide range of other clients too.
+
+
+
The HTTP API endpoint is co-located with either the domain controller or
+a standalone server. By default, it runs on port 9990:
~(See standalone/configuration/standalone.xml or
+domain/configuration/host.xml)~
+
+
+
The HTTP API Endpoint serves two different contexts. One for executing
+management operations and another one that allows you to access the web
+interface:
For the responses returned from the HTTP management interface it is also possible to define custom constant HTTP headers that will be added to any response based on matching a configured prefix against the request path.
+
+
+
As an example it could be desirable to add a HTTP header X-Help which points users to the correct location to obtain assistance. The following management operation can be executed within the CLI to activate returning this header on all requests.
The example here has illustrated adding a single header for all requests matching the path prefix / i.e. every request. More advanced mappings can be defined by specifying a mapping for a more specific path prefix such as /management.
+
+
+
If a request matches multiple mappings such as a request to /management where mappings for / and /management have been specified the headers from all of the mappings will be applied to the corresponding request.
+
+
+
Within a single mapping it is also possible to define multiple headers which should be set on the corresponding response.
+
+
+
As the constant-headers attribute is set verification will be performed to verify that the HTTP headers specified are only making use of allowed characters as specified in the HTTP specification RFCs.
+
+
+
Additionally as they have special handling within the management interface overriding the following headers is disallowed and attempts to set these will result in an error being reported.
+
+
+
+
+
Connection
+
+
+
Content-Length
+
+
+
Content-Type
+
+
+
Date
+
+
+
Transfer-Encoding
+
+
+
+
+
The configured headers are set at the very end of processing the request immediately before the response is returned to the client, this will mean any of the configured headers will override the same headers set by the corresponding endpoint.
The Command Line Interface (CLI) is a management tool for a managed
+domain or standalone server. It allows a user to connect to the domain
+controller or a standalone server and execute management operations
+available through the de-typed management model.
Depending on the operating system, the CLI is launched using
+jboss-cli.sh or jboss-cli.bat located in the WildFly bin
+directory. For further information on the default directory structure,
+please consult the " Getting Started
+Guide".
+
+
+
The first thing to do after the CLI has started is to connect to a
+managed WildFly instance. This is done using the command connect, e.g.
+
+
+
+
./bin/jboss-cli.sh
+You are disconnected at the moment. Type 'connect' to connect to the server
+or 'help' for the list of supported commands.
+[disconnected /]
+
+[disconnected /] connect
+[domain@localhost:9990 /]
+
+[domain@localhost:9990 /] quit
+Closed connection to localhost:9990
+
+
+
+
localhost:9990 is the default host and port combination for the
+WildFly CLI client.
+
+
+
The host and the port of the server can be provided as an optional
+parameter, if the server is not listening on localhost:9990.
+
+
+
+
./bin/jboss-cli.sh
+You are disconnected at the moment. Type 'connect' to connect to the server
+[disconnected /] connect 192.168.0.10:9990
+Connected to standalone controller at 192.168.0.1:9990
+
+
+
+
The :9990 is not required as the CLI will use port 9990 by default. The
+port needs to be provided if the server is listening on some other port.
+
+
+
To terminate the session type quit.
+
+
+
+
+
+
+
+
+The jboss-cli script accepts a --connect parameter: ./jboss-cli.sh
+--connect
+
+
+
+
+
+
The --controller parameter can be used to specify the host and port of
+the server: ./jboss-cli.sh --connect --controller=192.168.0.1:9990
+
+
+
Help is also available:
+
+
+
In order to list the set of commands that are currently available in the current context
+use the option --commands (NB: the following examples are not displaying an
+exhaustive set of CLI commands, more and/or different commands could be available
+in your running CLI instance):
+
+
+
+
[domain@localhost:9990 /] help --commands
+Commands available in the current context:
+batch connection-factory deployment-overlay if patch reload try
+cd connection-info echo jdbc-driver-info pwd rollout-plan undeploy
+clear data-source echo-dmr jms-queue quit run-batch unset
+command deploy help jms-topic read-attribute set version
+connect deployment-info history ls read-operation shutdown xa-data-source
+To read a description of a specific command execute 'help <command name>'.
+
+
+
+
The help command can print help for any command or operation. For operations,
+the operation description is formatted as a command help (synopsis, description and
+options). Some commands (eg: patch) expose two levels of documentation. A high
+level description for the command itself and a dedicated help content for each action (eg: apply).
+The help documentation of each command makes it clear if this two levels are available or not.
+
+
+
Use Tab-completion to discover the set of commands and operations:
+
+
+
+
help <TAB>
+
+
+
+
The list of all commands (enabled or not) is displayed.
+
+
+
Examples
+
+
+
+
+
Display the help of the patch command:
+
+
+
+
+
+
help patch
+
+
+
+
+
+
Display the help of the apply action of the patch command:
+
+
+
+
+
+
help patch apply
+
+
+
+
+
+
Display the description of the elytronkey-store resource add operation
+formatted as a command help content:
The CLI can also be run in non-interactive mode to support scripts and
+other types of command line or batch processing. The --command and
+--commands arguments can be used to pass a command or a list of commands
+to execute. Additionally a --file argument is supported which enables
+CLI commands to be provided from a text file.
+
+
+
For example the following command can be used to list all the current
+deployments
The output can be combined with other shell commands for further
+processing, for example to find out what .war files are deployed:
+
+
+
+
$ ./bin/jboss-cli.sh --connect --commands=ls\ deployment | grep war
+sample.war
+
+
+
+
In order to match a command with its output, you can provide the option
+--echo-command (or add the XML element <echo-command> to the CLI
+configuration file) in order to make the CLI to include the prompt
+command + options in the output. With this option enabled, any executed
+command will be added to the output.
By default CLI command and operation executions are not timely bounded.
+It means that a command never ending its execution will make the CLI
+process to be stuck and unresponsive. To protect the CLI from this
+behavior, one can set a command execution timeout.
In interactive mode, when a timeout occurs, an error message is
+displayed then the console prompt is made available to type new
+commands. In non interactive mode (executing a script or a list of
+commands), when a timeout occurs, an exception is thrown and the CLI
+execution is stopped. In both modes (interactive and non interactive),
+when a timeout occurs, the CLI will make a best effort to cancel the
+associated server side activities.
Once the CLI is running, the timeout can be adjusted to cope with the
+commands to execute. For example a batch command will need a longer
+timeout than a non batch one. The command command-timeout allows to
+get, set and reset the command timeout.
The command command-timeout set update the timeout value to a number
+of seconds. If a timeout has been set via configuration (XML file or
+option), it is overridden by the set action.
+
+
+
+
[standalone@localhost:9990 /] command-timeout set 10
The command command-timeout reset \{config|default} allows to set the
+timeout to its configuration value (XML file or option) or default value
+(0 second). If no configuration value is set, resetting to the
+configuration value sets the timeout to its default value (0 seconds).
The native interface shares the same security configuration as the http
+interface, however we also support a local authentication mechanism
+which means that the CLI can authenticate against the local WildFly
+instance without prompting the user for a username and password. This
+mechanism only works if the user running the CLI has read access to the
+standalone/tmp/auth folder or domain/tmp/auth folder under the
+respective WildFly installation - if the local mechanism fails then the
+CLI will fallback to prompting for a username and password for a user
+configured as in Default HTTP Interface Security.
+
+
+
Establishing a CLI connection to a remote server will require a username
+and password by default.
Operation requests allow for low level interaction with the management
+model. They are different from the high level commands (i.e.
+create-jms-queue) in that they allow you to read and modify the server
+configuration as if you were editing the XML configuration files
+directly. The configuration is represented as a tree of addressable
+resources, where each node in the tree (aka resource) offers a set of
+operations to execute.
+
+
+
An operation request basically consists of three parts: The address,
+an operation name and an optional set of parameters.
+
+
+
The formal specification for an operation request is:
Tab-completion is supported for all commands and options, i.e.
+node-types and node-names, operation names and parameter names.
+
+
+
In operation Tab-completion, required parameters have a name terminated by the
+'*' character. This helps identify which are the parameters that must be set in order to
+construct a valid operation. Furthermore, Tab-completion does not propose
+parameters that are alternatives of parameters already present in the operation.
bytes, hash, input-stream-index and url are required but also alternatives
+(only one of them can be set). As soon as one of these parameter has been set, the
+others are no longer proposed by completion.
target-path argument is automatically inlined in the command.
+
+
+
+
+
+
+
+
+We are also considering adding aliases that are less verbose for the user, and
+will translate into the corresponding operation requests in the
+background.
+
+
+
+
+
+
Whitespaces between the separators in the operation request strings are
+not significant.
The operation types can be distinguished between common operations that
+exist on any node and specific operations that belong to a particular
+configuration resource (i.e. subsystem). The common operations are:
+
+
+
+
+
add
+
+
+
read-attribute
+
+
+
read-children-names
+
+
+
read-children-resources
+
+
+
read-children-types
+
+
+
read-operation-description
+
+
+
read-operation-names
+
+
+
read-resource
+
+
+
read-resource-description
+
+
+
remove
+
+
+
validate-address
+
+
+
write-attribute
+
+
+
+
+
For a list of specific operations (e.g. operations that relate to the
+logging subsystem) you can always query the model itself. For example,
+to read the operations supported by the logging subsystem resource on a
+standalone server:
As you can see, the logging resource offers four additional operations,
+namely root-logger-assign-handler, root-logger-unassign-handler,
+set-root-logger and remove-root-logger.
+
+
+
Further documentation about a resource or operation can be retrieved
+through the description:
+
+
+
+
[standalone@localhost:9990 /] /subsystem=logging:read-operation-description(name=change-root-log-level)
+{
+ "outcome" => "success",
+ "result" => {
+ "operation-name" => "change-root-log-level",
+ "description" => "Change the root logger level.",
+ "request-properties" => {"level" => {
+ "type" => STRING,
+ "description" => "The log level specifying which message levels will be logged by this logger.
+ Message levels lower than this value will be discarded.",
+ "required" => true
+ }}
+ }
+}
+
+
+
+
Full model
+
+
+
+
+
+
+
+
+To see the full model enter :read-resource(recursive=true).
+
Command (and operation request) history is enabled by default. The
+history is kept both in-memory and in a file on the disk, i.e. it is
+preserved between command line sessions. The history file name is
+.jboss-cli-history and is automatically created in the user’s home
+directory. When the command line interface is launched this file is read
+and the in-memory history is initialized with its content.
+
+
+
+
+
+
+
+
+While in the command line session, you can use the arrow keys to go back
+and forth in the history of commands and operations.
+
+
+
+
+
+
To manipulate the history you can use the history command. If executed
+without any arguments, it will print all the recorded commands and
+operations (up to the configured maximum, which defaults to 500) from
+the in-memory history.
+
+
+
history supports three optional arguments:
+
+
+
+
+
disable - will disable history expansion (but will not clear the
+previously recorded history);
+
+
+
enabled - will re-enable history expansion (starting from the last
+recorded command before the history expansion was disabled);
+
+
+
clear - will clear the in-memory history (but not the file one).
In interactive mode, when the content to display is longer than the terminal
+ height, the content is paged. You can navigate the content by using the following
+ keys and mouse events:
+
+
+
+
+
space or PAGE_DOWN: scroll the content one page down.
+
+
+
'\' or PAGE_UP: scroll the content one page up.
+
+
+
';' or up arrow or mouse wheel up: scroll the content one line up.
+
+
+
ENTER or down arrow or mouse wheel down: scroll the content one line down.
+
+
+
HOME or 'g': scroll to the top of the content. NB: HOME is only supported
+for keyboards containing this key.
+
+
+
END or 'G': scroll to the bottom of the content. NB: END is only supported
+for keyboards containing this key.
+
+
+
'q' or 'Q' or ESC: exit the paging.
+
+
+
+
+
NB: When the end of the content is reached (using ENTER, space, …) the paging
+ is automatically exited.
+
+
+
It is possible to search for text when the content is paged. Search is operated
+ with the following keys:
+
+
+
+
+
'/' to display prompt allowing to type some text. Type return to launch the search.
+You can use up/down arrows to retrieve previously typed text. NB: search history
+ is not persisted when CLI process exits.
+
+
+
'n' to jump to the next match if any. If no search text has been typed, then the
+last entry from the search history is used.
+
+
+
'N' to jump to the previous match if any. If no search text has been typed,
+then the last entry from the search history is used.
+
+
+
+
+
There are two possible ways to disable the output paging and write the whole output of the commands at once:
+
+
+
+
+
--no-output-paging command line parameter will disable the output paging;
+
+
+
Add <output-paging>false<output-paging> in jboss-cli.xml.
+
+
+
+
+
+
+
+
+
+
+On Windows, searching and navigating backward is only supported starting with Windows 10 and Windows Server 2016.
+
+
+
+
+
+
+
+
+
+
+
+If the CLI process is sent the signal KILL(9) while it is paging, the terminal will stay
+ in alternate mode. This makes the terminal to behave in an unexpected manner (display and mouse events).
+ In order to restore the terminal state call: tput rmcup.
+
The batch mode allows one to group commands and operations and execute
+them together as an atomic unit. If at least one of the commands or
+operations fails, all the other successfully executed commands and
+operations in the batch are rolled back.
+
+
+
Not all of the commands are allowed in the batch. For example, commands
+like cd, ls, help, etc. are not allowed in the batch since they
+don’t translate into operation requests. Only the commands that
+translate into operation requests are allowed in the batch. The batch,
+actually, is executed as a composite operation request.
+
+
+
The batch mode is entered by executing command batch.
WildFly is distributed secured by default. The default security
+mechanism is username / password based making use of HTTP Digest for the
+authentication process.
+
+
+
The reason for securing the server by default is so that if the
+management interfaces are accidentally exposed on a public IP address
+authentication is required to connect - for this reason there is no
+default user in the distribution.
+
+
+
The user are stored in a properties file called mgmt-users.properties
+under standalone/configuration and domain/configuration depending on the
+running mode of the server, these files contain the users username along
+with a pre-prepared hash of the username along with the name of the
+realm and the users password.
+
+
+
+
+
+
+
+
+Although the properties files do not contain the plain text passwords
+they should still be guarded as the pre-prepared hashes could be used to
+gain access to any server with the same realm if the same user has used
+the same password.
+
+
+
+
+
+
To manipulate the files and add users we provide a utility add-user.sh
+and add-user.bat to add the users and generate the hashes, to add a user
+you should execute the script and follow the guided process.
+
+The full details of the add-user utility are described later but for the
+purpose of accessing the management interface you need to enter the
+following values: -
+
+
+
+
+
Type of user - This will be a 'Management User' to selection option a.
+
+
+
Realm - This MUST match the realm name used in the configuration so
+unless you have changed the configuration to use a different realm name
+leave this set as 'ManagementRealm'.
+
+
+
Username - The username of the user you are adding.
+
+
+
Password - The users password.
+
+
+
+
+
Provided the validation passes you will then be asked to confirm you
+want to add the user and the properties files will be updated.
+
+
+
For the final question, as this is a user that is going to be accessing
+the admin console just answer 'n' - this option will be described later
+for adding secondary host controllers that authenticate against a
+Domain Controller but that is a later topic.
+
+
+
After a new user has been added the server should be restarted or the
+load operation should be executed on the ManagementRealm or
+ApplicationRealm resource in the elytron subsystem as appropriate.
The native interface shares the same security configuration as the http
+interface, however we also support a local authentication mechanism
+which means that the CLI can authenticate against the local WildFly
+instance without prompting the user for a username and password. This
+mechanism only works if the user running the CLI has read access to the
+standalone/tmp/auth folder or domain/tmp/auth folder under the
+respective WildFly installation - if the local mechanism fails then the
+CLI will fallback to prompting for a username and password for a user
+configured as in Default HTTP Interface Security.
+
+
+
Establishing a CLI connection to a remote server will require a username
+and password by default.
The Command Line Interface (CLI) is a management tool for a managed
+domain or standalone server. It allows a user to connect to the domain
+controller or a standalone server and execute management operations
+available through the de-typed management model.
WildFly stores its configuration in centralized XML configuration files,
+one per server for standalone servers and, for managed domains, one per
+host with an additional domain wide policy controlled by the Domain Controller.
+These files are meant to be human-readable and human editable.
+
+
+
+
+
+
+
+
+The XML configuration files act as a central, authoritative source of
+configuration. Any configuration changes made via the web interface or
+the CLI are persisted back to the XML configuration files. If a domain
+or standalone server is offline, the XML configuration files can be hand
+edited as well, and any changes will be picked up when the domain or
+standalone server is next started. However, users are encouraged to use
+the web interface or the CLI in preference to making offline edits to
+the configuration files. External changes made to the configuration
+files while processes are running will not be detected, and may be
+overwritten.
+
The XML configuration for a standalone server can be found in the
+standalone/configuration directory. The default configuration file is
+standalone/configuration/standalone.xml.
+
+
+
The standalone/configuration directory includes a number of other
+standard configuration files, e.g. standalone-full.xml,
+standalone-ha.xml and standalone-full-ha.xml each of which is
+similar to the default standalone.xml file but includes additional
+subsystems not present in the default configuration. If you prefer to
+use one of these files as your server configuration, you can specify it
+with the [line-through]*c* or -server-config command line argument:
In a managed domain, the XML files are found in the
+domain/configuration directory. There are two types of configuration
+files – one per host, and then a single domain-wide file managed by the
+primary Host Controller, aka the Domain Controller. (For more on the types of
+processes in a managed domain, see Operating
+Modes.)
When you start a managed domain process, a Host Controller instance is
+launched, and it parses its own configuration file to determine its own
+configuration, how it should integrate with the rest of the domain, any
+host-specific values for settings in the domain wide configuration (e.g.
+IP addresses) and what servers it should launch. This information is
+contained in the host-specific configuration file, the default version
+of which is domain/configuration/host.xml.
+
+
+
Each host will have its own variant host.xml, with settings
+appropriate for its role in the domain. WildFly ships with three
+standard variants:
+
+
+
+
+
+
+
+
+
host-primary.xml
+
A configuration that specifies the Host Controller
+should become the primary Host Controller, aka the Domain Controller.
+No servers will be started by this Host Controller, which is a recommended
+setup for a production Domain Controller.
+
+
+
+
+
host-secondary.xml
+
A configuration that specifies the Host Controller
+should not become the primary Host Controller and instead should register with a remote
+primary Host Controller and be controlled by it. This configuration launches servers,
+although a user will likely wish to modify how many servers are launched
+and what server groups they belong to.
+
+
+
host.xml
+
The default host configuration, tailored for an easy out of
+the box experience experimenting with a managed domain. This
+configuration specifies the Host Controller should become the primary Host Controller,
+aka the Domain Controller, but it also launches a couple of servers.
+
+
+
+
+
Which host-specific configuration should be used can be controlled via
+the _ --host-config_ command line argument:
Once a Host Controller has processed its host-specific configuration, it
+knows whether it is configured to act as the Domain Controller.
+If it is, it must parse the domain wide configuration file, by default
+located at domain/configuration/domain.xml. This file contains the
+bulk of the settings that should be applied to the servers in the domain
+when they are launched – among other things, what subsystems they should
+run with what settings, what sockets should be used, and what
+deployments should be deployed.
+
+
+
Which domain-wide configuration should be used can be controlled via the
+_ --domain-config_ command line argument:
That argument is only relevant for hosts configured to act as the
+Domain Controller.
+
+
+
A secondary Host Controller does not usually parse the domain wide
+configuration file. A secondary Host Controller gets the domain wide configuration from the
+remote Domain Controller when it registers with it. A secondary Host Controller also
+will not persist changes to a domain.xml file if one is present on the
+filesystem. For that reason it is recommended that no domain.xml be
+kept on the filesystem of hosts that will only run as secondary Host Controllers.
+
+
+
A secondary Host Controller can be configured to keep a locally persisted copy of the domain
+wide configuration and then use it on boot (in case the Domain Controller is not
+available.) See --backup and --cached-dc under
+Command line parameters.
WildFly uses named interface references throughout the configuration. A
+network interface is declared by specifying a logical name and a
+selection criteria for the physical interface:
This means the server in question declares two interfaces: One is
+referred to as " management"; the other one " public". The "
+management" interface is used for all components and services that are
+required by the management layer (i.e. the HTTP Management Endpoint).
+The " public" interface binding is used for any application related
+network communication (i.e. Web, Messaging, etc). There is nothing
+special about these names; interfaces can be declared with any name.
+Other sections of the configuration can then reference those interfaces
+by their logical name, rather than having to include the full details of
+the interface (which, on servers in a management domain, may vary on
+different machines).
+
+
+
The domain.xml, host.xml and standalone.xml configuration files
+all include a section where interfaces can be declared. If we take a
+look at the XML declaration it reveals the selection criteria. The
+criteria is one of two types: either a single element indicating that
+the interface should be bound to a wildcard address, or a set of one or
+more characteristics that an interface or address must have in order to
+be a valid match. The selection criteria in this example are specific IP
+addresses for each interface:
<interfacename="global">
+ <!-- Use the wildcard address -->
+ <any-address/>
+</interface>
+
+<interfacename="external">
+ <nicname="eth0"/>
+</interface>
+
+<interfacename="default">
+ <!-- Match any interface/address on the right subnet if it's
+ up, supports multicast and isn't point-to-point -->
+ <subnet-matchvalue="192.168.0.0/16"/>
+ <up/>
+ <multicast/>
+ <not>
+ <point-to-point/>
+ </not>
+</interface>
+
+
+
+
+
+
+
+
+
+An interface configuration element is used to provide a single InetAddress to parts
+of the server that reference that interface. If the selection criteria specified for
+the interface element results in more than one address meeting the criteria, then a
+warning will be logged and one just one address will be selected and used. Preference
+will be given to network interfaces that are up, are non-loopback and are not
+point-to-point.
+
WildFly supports using the -b command line argument to specify the
+address to assign to interfaces. See
+Controlling the Bind Address with -b for further details.
The socket configuration in WildFly works similarly to the interfaces
+declarations. Sockets are declared using a logical name, by which they
+will be referenced throughout the configuration. Socket declarations are
+grouped under a certain name. This allows you to easily reference a
+particular socket binding group when configuring server groups in a
+managed domain. Socket binding groups reference an interface by its
+logical name:
A socket binding includes the following information:
+
+
+
+
+
name — logical name of the socket configuration that should be used
+elsewhere in the configuration
+
+
+
port — base port to which a socket based on this configuration should
+be bound. (Note that servers can be configured to override this base
+value by applying an increment or decrement to all port values.)
+
+
+
interface (optional) — logical name (see "Interfaces declarations"
+above) of the interface to which a socket based on this configuration
+should be bound. If not defined, the value of the "default-interface"
+attribute from the enclosing socket binding group will be used.
+
+
+
multicast-address (optional) — if the socket will be used for
+multicast, the multicast address to use
+
+
+
multicast-port (optional) — if the socket will be used for multicast,
+the multicast port to use
+
+
+
fixed-port (optional, defaults to false) — if true, declares that the
+value of port should always be used for the socket and should not be
+overridden by applying an increment or decrement
WildFly supports the use of both IPv4 and IPv6 addresses. By default,
+WildFly is configured for use in an IPv4 network and so if you are
+running in an IPv4 network, no changes are required. If you need to run
+in an IPv6 network, the changes required are minimal and involve
+changing the JVM stack and address preferences, and adjusting any
+interface IP address values specified in the configuration
+(standalone.xml or domain.xml).
The system properties java.net.preferIPv4Stack and
+java.net.preferIPv6Addresses are used to configure the JVM for use with
+IPv4 or IPv6 addresses. With WildFly, in order to run using IPv4
+addresses, you need to specify java.net.preferIPv4Stack=true; in order
+to run with IPv6 addresses, you need to specify
+java.net.preferIPv4Stack=false (the JVM default) and
+java.net.preferIPv6Addresses=true. The latter ensures that any hostname
+to IP address conversions always return IPv6 address variants.
+
+
+
These system properties are conveniently set by the JAVA_OPTS
+environment variable, defined in the standalone.conf (or domain.conf)
+file. For example, to change the IP stack preference from its default of
+IPv4 to IPv6, edit the standalone.conf (or domain.conf) file and change
+its default IPv4 setting:
+
+
+
+
if [ "x$JAVA_OPTS" = "x" ]; then
+ JAVA_OPTS=" ... -Djava.net.preferIPv4Stack=true ..."
+...
+
+
+
+
to an IPv6 suitable setting:
+
+
+
+
if [ "x$JAVA_OPTS" = "x" ]; then
+ JAVA_OPTS=" ... -Djava.net.preferIPv4Stack=false -Djava.net.preferIPv6Addresses=true ..."
+...
To change the IP address literals referenced in standalone.xml (or
+domain.xml), first visit the interface declarations and ensure that
+valid IPv6 addresses are being used as interface values. For example, to
+change the default configuration in which the loopback interface is used
+as the primary interface, change from the IPv4 loopback address:
Note that when embedding IPv6 address literals in the substitution
+expression, square brackets surrounding the IP address literal are used
+to avoid ambiguity. This follows the convention for the use of IPv6
+literals in URLs.
+
+
+
Over and above making such changes for the interface definitions, you
+should also check the rest of your configuration file and adjust IP
+address literals from IPv4 to IPv6 as required.
For use with the default configuration we supply a utility add-user
+which can be used to manage the properties files for the default realms
+used to store the users and their roles.
+
+
+
The add-user utility can be used to manage both the users in the
+ManagementRealm and the users in the ApplicationRealm, changes made
+apply to the properties file used both for domain mode and standalone
+mode.
+
+
+
+
+
+
+
+
+After you have installed your application server and decided if you are
+going to run in standalone mode or domain mode you can delete the parent
+folder for the mode you are not using, the add-user utility will then
+only be managing the properties file for the mode in use.
+
+
+
+
+
+
The add-user utility is a command line utility however it can be run in
+both interactive and non-interactive mode. Depending on your platform
+the script to run the add-user utility is either add-user.sh or
+add-user.bat which can be found in \{ jboss.home}/bin.
+
+
+
This guide now contains a couple of examples of this utility in use to
+accomplish the most common tasks.
Adding users to the properties files is the primary purpose of this
+utility. Usernames can only contain the following characters in any
+number and in any order:
+The default name of the realm for management users is ManagementRealm,
+when the utility prompts for the realm name just accept the default
+unless you have switched to a different realm.
+
Here we have added a new Management User called adminUser, as you can
+see some of the questions offer default responses so you can just press
+enter without repeating the default value.
+
+
+
For now just answer n or no to the final question, adding users to
+be used by processes is described in more detail in the domain
+management chapter.
To add a user in non-interactive mode the command
+./add-user.sh {username} {password} can be used.
+
+
+
+
+
+
+
+
+
+
+
+If you add users using this approach there is a risk that any other user
+that can view the list of running process may see the arguments
+including the password of the user being added, there is also the risk
+that the username / password combination will be cached in the history
+file of the shell you are currently using.
+
Here a new user called appUser has been added, in this case a comma
+separated list of roles has also been specified.
+
+
+
As with adding a management user just answer n or no to the final
+question until you know you are adding a user that will be establishing
+a connection from one server to another.
To add an application user non-interactively use the command
+./add-user.sh -a {username} {password}.
+
+
+
+
+
+
+
+
+
+
+
+Non-interactive mode does not support defining a list of users, to
+associate a user with a set of roles you will need to manually edit the
+application-roles.properties file by hand.
+
Within the add-user utility it is also possible to update existing
+users, in interactive mode you will be prompted to confirm if this is
+your intention.
There are still a few features to add to the add-user utility such as
+removing users or adding application users with roles in non-interactive
+mode, if you are interested in contributing to WildFly development the
+add-user utility is a good place to start as it is a stand alone
+utility, however it is a part of the AS build so you can become familiar
+with the AS development processes without needing to delve straight into
+the internals of the application server.
WildFly introduces a Role Based Access Control scheme that allows
+different administrative users to have different sets of permissions to
+read and update parts of the management tree. This replaces the simple
+permission scheme used in JBoss AS 7, where anyone who could
+successfully authenticate to the management security realm would have
+all permissions.
WildFly ships with two access control "providers", the "simple"
+provider, and the "rbac" provider. The "simple" provider is the default,
+and provides a permission scheme equivalent to the JBoss AS 7 behavior
+where any authenticated administrator has all permissions. The "rbac"
+provider gives the finer grained permission scheme that is the focus of
+this section.
+
+
+
The access control configuration is included in the management section
+of a standalone server’s standalone.xml, or in a new "management"
+section in a managed domain’s domain.xml. The access control policy is
+centrally configured in a managed domain.
As you can see, the provider is set to "simple" by default. With the
+"simple" provider, the nested "role-mapping" section is not actually
+relevant. It’s there to help ensure that if the provider attribute is
+switched to "rbac" there will be at least one user mapped to a role that
+can continue to administer the system. This default mapping assigns the
+"$local" user name to the RBAC role that provides all permissions, the
+"SuperUser" role. The "$local" user name is the name an administrator
+will be assigned if he or she uses the CLI on the same system as the
+WildFly instance and the "local" authentication scheme is enabled.
The access control scheme implemented by the "rbac" provider is based on
+seven standard roles. A role is a named set of permissions to perform
+one of the actions: addressing (i.e. looking up) a management resource,
+reading it, or modifying it. The different roles have constraints
+applied to their permissions that are used to determine whether the
+permission is granted.
The seven standard roles are divided into two broad categories, based on
+whether the role can deal with items that are considered to be "security
+sensitive". Resources, attributes and operations that may affect
+administrative security (e.g. security realm resources and attributes
+that contain passwords) are "security sensitive".
+
+
+
Four roles are not given permissions for "security sensitive" items:
+
+
+
+
+
Monitor – a read-only role. Cannot modify any resource.
+
+
+
Operator – Monitor permissions, plus can modify runtime state, but
+cannot modify anything that ends up in the persistent configuration.
+Could, for example, restart a server.
+
+
+
Maintainer – Operator permissions, plus can modify the persistent
+configuration.
+
+
+
Deployer – like a Maintainer, but with permission to modify persistent
+configuration constrained to resources that are considered to be
+"application resources". A deployment is an application resource. The
+messaging server is not. Items like datasources and Jakarta Messaging destinations are
+not considered to be application resources by default, but this is
+configurable.
+
+
+
+
+
Three roles are granted permissions for security sensitive items:
+
+
+
+
+
SuperUser – has all permissions. Equivalent to a JBoss AS 7
+administrator.
+
+
+
Administrator – has all permissions except cannot read or write
+resources related to the administrative audit logging system.
+
+
+
Auditor – can read anything. Can only modify the resources related to
+the administrative audit logging system.
+
+
+
+
+
The Auditor and Administrator roles are meant for organizations that
+want a separation of responsibilities between those who audit normal
+administrative actions and those who perform them, with those who
+perform most actions (Administrator role) not being able to read or
+alter the auditing configuration.
As mentioned above, permissions are granted to perform one of three
+actions, addressing a resource, reading it, and modifying. The latter
+two actions are fairly self-explanatory. But what is meant by
+"addressing" a resource?
+
+
+
"Addressing" a resource refers to taking an action that allows the user
+to determine whether a resource at a given address actually exists. For
+example, the "read-children-names" operation lets a user determine valid
+addresses. Trying to read a resource and getting a "Permission denied"
+error also gives the user a clue that there actually is a resource at
+the requested address.
+
+
+
Some resources may include sensitive information as part of their
+address. For example, security realm resources include the realm name as
+the last element in the address. That realm name is potentially security
+sensitive; for example it is part of the data used when creating a hash
+of a user password. Because some addresses may contain security
+sensitive data, a user needs permission to even "address" a resource. If
+a user attempts to address a resource and does not have permission, they
+will not receive a "permission denied" type error. Rather, the system
+will respond as if the resource does not even exist, e.g. excluding the
+resource from the result of the "read-children-names" operation or
+responding with a "No such resource" error instead of "Permission
+denied" if the user is attempting to read or write the resource.
+
+
+
Another term for "addressing" a resource is "looking up" the resource.
Use the CLI to switch the access-control provider.
+
+
+
+
+
+
+
+
+Before changing the provider to "rbac", be sure your configuration has a
+user who will be mapped to one of the RBAC roles, preferably with at
+least one in the Administrator or SuperUser role. Otherwise your
+installation will not be manageable except by shutting it down and
+editing the xml configuration. If you have started with one of the
+standard xml configurations shipped with WildFly, the "$local" user will
+be mapped to the "SuperUser" role and the "local" authentication scheme will be
+enabled. This will allow a user running the CLI on the same system as the
+WildFly process to have full administrative permissions. Remote CLI users and
+web-based admin console users will have no permissions.
+
+
+
+
+
+
We recommend mapping at least one
+user besides "$local" before switching the provider to "rbac". You can
+do all of the configuration associated with the "rbac" provider even
+when the provider is set to "simple"
+
+
+
The management resources related to access control are located in the
+core-service=management/access=authorization portion of the management
+resource tree. Update the provider attribute to change between the
+"simple" and "rbac" providers. Any update requires a reload or restart
+to take effect.
In a managed domain, the access control configuration is part of the
+domain wide configuration, so the resource address is the same as above,
+but the CLI is connected to the Domain Controller:
As with a standalone server, a reload or restart is required for the
+change to take effect. In this case, all hosts and servers in the domain
+will need to be reloaded or restarted, starting with the Domain
+Controller, so be sure to plan well before making this change.
Once the "rbac" access control provider is enabled, only users who are
+mapped to one of the available roles will have any administrative
+permissions at all. So, to make RBAC useful, a mapping between
+individual users or groups of users and the available roles must be
+performed.
Now if user jsmith authenticates to any security domain associated with
+the management interface they are using, he will be mapped to the
+Administrator role.
A "group" is an arbitrary collection of users that may exist in the end
+user environment. They can be named whatever the end user organization
+wants and can contain whatever users the end user organization wants.
+Some of the authentication store types supported by WildFly security
+realms include the ability to access information about what groups a
+user is a member of and associate this information with the Subject
+produced when the user is authenticated. This is currently supported for
+the following authentication store types:
+
+
+
+
+
properties file (via the <realm_name>-groups.properties file)
The easiest way to map groups to roles is to use the web-based admin
+console.
+
+
+
Navigate to the "Administration" tab and the "Groups" subtab. From there
+group mappings can be added, removed, or edited.
+
+
+
+
+
+
The CLI can also be used to map groups to roles. The only difference to
+individual user mapping is the value of the type attribute should be
+GROUP instead of USER.
It’s possible to specify that all authenticated users should be mapped
+to a particular role. This could be used, for example, to ensure that
+anyone who can authenticate can at least have Monitor privileges.
+
+
+
+
+
+
+
+
+A user who can authenticate to the management security realm but who
+does not map to a role will not be able to perform any administrative
+functions, not even reads.
+
+
+
+
+
+
In the web based admin console, navigate to the "Administration" tab,
+"Roles" subtab, highlight the relevant role, click the "Edit" button and
+click on the "Include All" checkbox:
It is also possible to explicitly exclude certain users and groups from
+a role. Exclusions take precedence over inclusions, including cases
+where the include-all attribute is set to true for a role.
+
+
+
In the admin console, excludes are done in the same screens as includes.
+In the add dialog, simply change the "Type" pulldown to "Exclude".
+
+
+
+
+
+
In the CLI, excludes are identical to includes, except the resource
+address has exclude instead of include as the key for the last
+address element:
It is possible that a given user will be mapped to more than one role.
+When this occurs, by default the user will be granted the union of the
+permissions of the two roles. This behavior can be changed on a global
+basis to instead respond to the user request with an error if this
+situation is detected:
+
+
+
+
[standalone@localhost:9990 /] cd core-service=management/access=authorization
+[standalone@localhost:9990 access=authorization] :write-attribute(name=permission-combination-policy,value=rejecting)
+{"outcome" => "success"}
+
+
+
+
Note that no reload is required; the change takes immediate effect.
+
+
+
To restore the default behavior, set the value to "permissive":
+
+
+
+
[standalone@localhost:9990 /] cd core-service=management/access=authorization
+[standalone@localhost:9990 access=authorization] :write-attribute(name=permission-combination-policy,value=permissive)
+{"outcome" => "success"}
A managed domain may involve a variety of servers running different
+configurations and hosting different applications. In such an
+environment, it is likely that there will be different teams of
+administrators responsible for different parts of the domain. To allow
+organizations to grant permissions to only parts of a domain, WildFly’s
+RBAC scheme allows for the creation of custom "scoped roles". Scoped
+roles are based on the seven standard roles, but with permissions
+limited to a portion of the domain – either to a set of server groups or
+to a set of hosts.
The privileges for a server-group scoped role are constrained to
+resources associated with one or more server groups. Server groups are
+often associated with a particular application or set of applications;
+organizations that have separate teams responsible for different
+applications may find server-group scoped roles useful.
+
+
+
A server-group scoped role is equivalent to the default role upon which
+it is based, but with privileges constrained to target resources in the
+resource trees rooted in the server group resources. The server-group
+scoped role can be configured to include privileges for the following
+resources trees logically related to the server group:
+
+
+
+
+
Profile
+
+
+
Socket Binding Group
+
+
+
Deployment
+
+
+
Deployment override
+
+
+
Server group
+
+
+
Server config
+
+
+
Server
+
+
+
+
+
Resources in the profile, socket binding group, server config and server
+portions of the tree that are not logically related to a server group
+associated with the server-group scoped role will not be addressable by
+a user in that role. So, in a domain with server groups "a" and "b", a
+user in a server-group scoped role that grants access to "a" will not be
+able to address /server-group=b. The system will treat that resource as
+non-existent for that user.
+
+
+
In addition to these privileges, users in a server-group scoped role
+will have non-sensitive read privileges (equivalent to the Monitor role)
+for resources other than those listed above.
+
+
+
The easiest way to create a server-group scoped role is to
+use the admin console.
+But you can also use the CLI to create a server-group scoped role.
The privileges for a host-scoped role are constrained to resources
+associated with one or more hosts. A user with a host-scoped role cannot
+modify the domain wide configuration. Organizations may use host-scoped
+roles to give administrators relatively broad administrative rights for
+a host without granting such rights across the managed domain.
+
+
+
A host-scoped role is equivalent to the default role upon which it is
+based, but with privileges constrained to target resources in the
+resource trees rooted in the host resources for one or more specified
+hosts.
+
+
+
In addition to these privileges, users in a host-scoped role will have
+non-sensitive read privileges (equivalent to the Monitor role) for
+domain wide resources (i.e. those not in the /host=* section of the
+tree.)
+
+
+
Resources in the /host=* portion of the tree that are unrelated to the
+hosts specified for the Host Scoped Role will not be visible to users in
+that host-scoped role. So, in a domain with hosts "a" and "b", a user in
+a host-scoped role that grants access to "a" will not be able to address
+/host=b. The system will treat that resource as non-existent for that
+user.
+
+
+
The easiest way to create a host-scoped role is to
+use the admin console.
+But you can also use the CLI to create a host scoped role.
Both server-group and host scoped roles can be added, removed or edited
+via the admin console. Select "Scoped Roles" from the "Administration"
+tab, "Roles" subtab:
+
+
+
+
+
+
When adding a new scoped role, use the dialogue’s "Type" pull down to
+choose between a host scoped role and a server-group scoped role. Then
+place the names of the relevant hosts or server groups in the "Scope"
+text are.
"Sensitivity" constraints are about restricting access to
+security-sensitive data. Different organizations may have different
+opinions about what is security sensitive, so WildFly provides
+configuration options to allow users to tailor these constraints.
The developers of the WildFly core and of any subsystem may annotate
+resources, attributes or operations with a "sensitivity classification".
+Classifications are either provided by the core and may be applicable
+anywhere in the management model, or they are scoped to a particular
+subsystem. For each classification, there will be a setting declaring
+whether by default the addressing, read and write actions are considered
+to be sensitive. If an action is sensitive, only users in the roles able
+to deal with sensitive data (Administrator, Auditor, SuperUser) will
+have permissions.
+
+
+
Using the CLI, administrators can see the settings for a classification.
+For example, there is a core classification called "socket-config" that
+is applied to elements throughout the model that relate to configuring
+sockets:
+
+
+
+
[domain@localhost:9990 /] cd core-service=management/access=authorization/constraint=sensitivity-classification/type=core/classification=socket-config
+[domain@localhost:9990 classification=socket-config] ls -l
+ATTRIBUTE VALUE TYPE
+configured-requires-addressable undefined BOOLEAN
+configured-requires-read undefined BOOLEAN
+configured-requires-write undefined BOOLEAN
+default-requires-addressable false BOOLEAN
+default-requires-read false BOOLEAN
+default-requires-write true BOOLEAN
+
+CHILD MIN-OCCURS MAX-OCCURS
+applies-to n/a n/a
+
+
+
+
The various default-requires-… attributes indicate whether a user
+must be in a role that allows security sensitive actions in order to
+perform the action. In the socket-config example above,
+default-requires-write is true, while the others are false. So, by
+default modifying a setting involving socket configuration is considered
+sensitive, while addressing those resources or doing reads is not
+sensitive.
+
+
+
The default-requires-… attributes are read-only. The
+configured-requires-… attributes however can be modified to override
+the default settings with ones appropriate for your organization. For
+example, if your organization doesn’t regard modifying socket
+configuration settings to be security sensitive, you can change that
+setting:
Administrators can also read the management model to see to which
+resources, attributes and operations a particular sensitivity
+classification applies:
There will be a separate child for each address to which the
+classification applies. The entire-resource attribute will be true if
+the classification applies to the entire resource. Otherwise, the
+attributes and operations attributes will include the names of
+attributes or operations to which the classification applies.
By default any attribute or operation parameter whose value includes a
+security vault expression will be treated as sensitive, even if no
+sensitivity classification applies or the classification does not treat
+the action as sensitive.
+
+
+
This setting can be globally changed via the CLI. There is a resource
+for this configuration:
+
+
+
+
[domain@localhost:9990 /] cd core-service=management/access=authorization/constraint=vault-expression
+[domain@localhost:9990 constraint=vault-expression] ls -l
+ATTRIBUTE VALUE TYPE
+configured-requires-read undefined BOOLEAN
+configured-requires-write undefined BOOLEAN
+default-requires-read true BOOLEAN
+default-requires-write true BOOLEAN
+
+
+
+
The various default-requires-… attributes indicate whether a user
+must be in a role that allows security sensitive actions in order to
+perform the action. So, by default both reading and writing attributes
+whose values include vault expressions requires a user to be in one of
+the roles with sensitive data permissions.
+
+
+
The default-requires-… attributes are read-only. The
+configured-requires-… attributes however can be modified to override
+the default settings with settings appropriate for your organization.
+For example, if your organization doesn’t regard reading vault
+expressions to be security sensitive, you can change that setting:
+This vault-expression constraint overlaps somewhat with the
+core
+"credential" sensitivity classification in that the most typical uses
+of a vault expression are in attributes that contain a user name or
+password, and those will typically be annotated with the "credential"
+sensitivity classification. So, if you change the settings for the
+"credential" sensitivity classification you may also need to make a
+corresponding change to the vault-expression constraint settings, or
+your change will not have full effect.
+
+
+
+
+
+
Be aware though, that vault expressions can be used in any attribute
+that supports expressions, not just in credential-type attributes. So it
+is important to be familiar with where and how your organization uses
+vault expressions before changing these settings.
The standard Deployer role
+has its write permissions limited to resources that are considered to be
+"application resources"; i.e. conceptually part of an application and
+not part of the general server configuration. By default, only
+deployment resources are considered to be application resources.
+However, different organizations may have different opinions on what
+qualifies as an application resource, so for resource types that
+subsystems authors consider potentially to be application resources,
+WildFly provides a configuration option to declare them as such. Such
+resources will be annotated with an "application classification".
+
+
+
For example, the mail subsystem provides such a classification:
+
+
+
+
[domain@localhost:9990 /] cd /core-service=management/access=authorization/constraint=application-classification/type=mail/classification=mail-session
+[domain@localhost:9990 classification=mail-session] ls -l
+ATTRIBUTE VALUE TYPE
+configured-application undefined BOOLEAN
+default-application false BOOLEAN
+
+CHILD MIN-OCCURS MAX-OCCURS
+applies-to n/a n/a
+
+
+
+
Use read-resource or read-children-resources to see what resources
+have this classification applied:
The RBAC scheme will result in reduced permissions for administrators
+who do not map to the SuperUser role, so this will of course have some
+impact on their experience when using administrative tools like the
+admin console and the CLI.
The admin console takes great pains to provide a good user experience
+even when the user has reduced permissions. Resources the user is not
+permitted to see will simply not be shown, or if appropriate will be
+replaced in the UI with an indication that the user is not authorized.
+Interaction units like "Add" and "Remove" buttons and "Edit" links will
+be suppressed if the user has no write permissions.
The CLI is a much more unconstrained tool than the admin console is,
+allowing users to try to execute whatever operations they wish, so it’s
+more likely that users who attempt to do things for which they lack
+necessary permissions will receive failure messages. For example, a user
+in the Monitor role cannot read passwords:
This prevents unauthorized users fishing for sensitive data in resource
+addresses by checking for "Permission denied" type failures.
+
+
+
Users who use the read-resource operation may ask for data, some of
+which they are allowed to see and some of which they are not. If this
+happens, the request will not fail, but inaccessible data will be elided
+and a response header will be included advising on what was not
+included. Here we show the effect of a Monitor trying to recursively
+read the elytron subsystem configuration:
The response-headers section includes access control data in a list
+with one element per relevant resource. (In this case there’s just one.)
+The absolute and relative address of the resource is shown, along with
+the fact that the value of the deep-copy-subject-mode attribute has
+been filtered (i.e. undefined is shown as the value, which may not be
+the real value) as well as the fact that child resources of type
+security-domain have been filtered.
The management model descriptive metadata returned from operations like
+read-resource-description and read-operation-description can be
+configured to include information describing the access control
+constraints relevant to the resource, This is done by using the
+access-control parameter. The output will be tailored to the caller’s
+permissions. For example, a user who maps to the Monitor role could ask
+for information about a resource in the mail subsystem:
Because trim-descriptions was used as the value for the
+access-control parameter, the typical "description", "attributes",
+"operations" and "children" data is largely suppressed. (For more on
+this, see below.) The
+access-constraints field indicates that this resource is annotated
+with an application constraint. The access-control field includes information about the
+permissions the current caller has for this resource. The default
+section shows the default settings for resources of this type. The
+read and write fields directly under default show that the caller
+can, in general, read this resource but cannot write it. The
+attributes section shows the individual attribute settings. Note that
+Monitor cannot read the username and password attributes.
+
+
+
There are three valid values for the access-control parameter to
+read-resource-description and read-operation-description:
+
+
+
+
+
none – do not include access control information in the response.
+This is the default behavior if no parameter is included.
+
+
+
trim-descriptions – remove the normal description details, as shown
+in the example above
+
+
+
combined-descriptions – include both the normal output and the
+access control data
Users can learn in which roles they are operating. In the admin console,
+click on your name in the top right corner; the roles you are in will be
+shown.
+
+
+
+
+
+
CLI users should use the whoami operation with the verbose attribute
+set:
If a user maps to the SuperUser role, WildFly also supports letting that
+user request that they instead map to one or more other roles. This can
+be useful when doing demos, or when the SuperUser is changing the RBAC
+configuration and wants to see what effect the changes have from the
+perspective of a user in another role. This capability is only available
+to the SuperUser role, so it can only be used to narrow a user’s
+permissions, not to potentially increase them.
With the CLI, run-as capability is on a per-request basis. It is done by
+using the "roles" operation header, the value of which can be the name
+of a single role or a bracket-enclosed, comma-delimited list of role
+names.
This "run-as" capability is available even if the "simple" access
+control provider is used. When the "simple" provider is used, any
+authenticated administrator is treated the same as if they would map to
+SuperUser when the "rbac" provider is used.
+However, the "simple" provider actually understands all of the "rbac"
+provider configuration settings described above, but only makes use of
+them if the "run-as" capability is used for a request. Otherwise, the
+SuperUser role has all permissions, so detailed configuration is
+irrelevant.
+
+
+
Using the run-as capability with the "simple" provider may be useful if
+an administrator is setting up an rbac provider configuration before
+switching the provider to rbac to make that configuration take effect.
+The administrator can then run-as different roles to see the effect of
+the planned settings.
In a managed domain, deployments are associated with a server-group
+(see Core management concepts).
+Any server within the server group will then be provided with that
+deployment.
+
+
+
The domain and host controller components manage the distribution of
+binaries across network boundaries.
Distributing deployment binaries involves two steps: uploading the
+deployment to the repository the domain controller will use to
+distribute its contents, and then assigning the deployment to one or
+more server groups.
+
+
+
You can do this in one sweep with the CLI:
+
+
+
+
[domain@localhost:9990 /] deploy ~/Desktop/test-application.war
+Either --all-server-groups or --server-groups must be specified.
+
+[domain@localhost:9990 /] deploy ~/Desktop/test-application.war --all-server-groups
+'test-application.war' deployed successfully.
+
+
+
+
The deployment will be available to the domain controller, assigned to a
+server group, and deployed on all running servers in that group:
If you only want the deployment deployed on servers in some server
+groups, but not all, use the --server-groups parameter instead of
+-all-server-groups:
Managed and unmanaged deployments can be 'exploded', i.e. on the
+filesystem in the form of a directory structure whose structure
+corresponds to an unzipped version of the archive. An exploded
+deployment can be convenient to administer if your administrative
+processes involve inserting or replacing files from a base version in
+order to create a version tailored for a particular use (for example,
+copy in a base deployment and then copy in a jboss-web.xml file to
+tailor a deployment for use in WildFly.) Exploded deployments are also
+nice in some development scenarios, as you can replace static content
+(e.g. .html, .css) files in the deployment and have the new content
+visible immediately without requiring a redeploy.
+
+
+
Since unmanaged deployment content is directly in your charge, the
+following operations only make sense for a managed deployment.
This will create an empty exploded deployment to which you’ll be able to
+add content. The empty content parameter is required to check that you
+really intend to create an empty deployment and not just forget to
+define the content.
This will 'explode' an existing archive deployment to its exploded
+format. This operation is not recursive so you need to explode the
+sub-deployment if you want to be able to manipulate the sub-deployment
+content. You can do this by specifying the sub-deployment archive path
+as a parameter to the explode operation.
Now you can add or remove content to your exploded deployment. Note that
+per-default this will overwrite existing contents, you can specify the
+overwrite parameter to make the operation fail if the content already
+exists.
Each content specifies a source content and the target path to which it
+will be copied relative to the deployment root. With WildFly 11 you can
+use input-stream-index (which was a convenient way to pass a stream of
+content) from the CLI by pointing it to a local file.
[domain@localhost:9990 /] attachment save --operation=/deployment=kitchensink.ear:read-content(path=META-INF/MANIFEST.MF) --file=example
+File saved to /home/mjurc/wildfly/build/target/wildfly-11.0.0.Alpha1-SNAPSHOT/example
When you deploy content, the domain controller adds two types of entries
+to the domain.xml configuration file, one showing global information
+about the deployment, and another for each relevant server group showing
+how it is used by that server group:
Deployments on a standalone server work in a similar way to those on
+managed domains. The main difference is that there are no server group
+associations.
Deployment content (for example, war, ear, jar, and sar files) can be
+placed in the standalone/deployments directory of the WildFly
+distribution, in order to be automatically deployed into the server
+runtime. For this to work the deployment-scanner subsystem must be
+present. The scanner periodically checks the contents of the deployments
+directory and reacts to changes by updating the server.
+
+
+
+
+
+
+
+
+Users are encouraged to use the WildFly management APIs to upload and
+deploy deployment content instead of relying on the deployment scanner
+that periodically scans the directory, particularly if running
+production systems.
+
The WildFly filesystem deployment scanner operates in one of two
+different modes, depending on whether it will directly monitor the
+deployment content in order to decide to deploy or redeploy it.
+
+
+
Auto-deploy mode:
+
+
+
The scanner will directly monitor the deployment content, automatically
+deploying new content and redeploying content whose timestamp has
+changed. This is similiar to the behavior of previous AS releases,
+although there are differences:
+
+
+
+
+
A change in any file in an exploded deployment triggers redeploy.
+Because EE 6+ applications do not require deployment descriptors,
+there is no attempt to monitor deployment descriptors and only redeploy
+when a deployment descriptor changes.
+
+
+
The scanner will place marker files in this directory as an indication
+of the status of its attempts to deploy or undeploy content. These are
+detailed below.
+
+
+
+
+
Manual deploy mode:
+
+
+
The scanner will not attempt to directly monitor the deployment content
+and decide if or when the end user wishes the content to be deployed.
+Instead, the scanner relies on a system of marker files, with the user’s
+addition or removal of a marker file serving as a sort of command
+telling the scanner to deploy, undeploy or redeploy content.
+
+
+
Auto-deploy mode and manual deploy mode can be independently configured
+for zipped deployment content and exploded deployment content. This is
+done via the "auto-deploy" attribute on the deployment-scanner element
+in the standalone.xml configuration file:
By default, auto-deploy of zipped content is enabled, and auto-deploy of
+exploded content is disabled. Manual deploy mode is strongly recommended
+for exploded content, as exploded content is inherently vulnerable to
+the scanner trying to auto-deploy partially copied content.
The marker files always have the same name as the deployment content to
+which they relate, but with an additional file suffix appended. For
+example, the marker file to indicate the example.war file should be
+deployed is named example.war.dodeploy. Different marker file suffixes
+have different meanings.
+
+
+
The relevant marker file types are:
+
+
+
+
+
+
+
+
+
File
+
Purpose
+
+
+
+
+
.dodeploy
+
Placed by the user to indicate that the given content
+should be deployed into the runtime (or redeployed if already deployed in
+the runtime.)
+
+
+
.skipdeploy
+
Disables auto-deploy of the content for as long as the
+file is present. Most useful for allowing updates to exploded content
+without having the scanner initiate redeploy in the middle of the update.
+Can be used with zipped content as well, although the scanner will detect
+in-progress changes to zipped content and wait until changes are
+complete.
+
+
+
.isdeploying
+
Placed by the deployment scanner service to indicate that
+it has noticed a .dodeploy file or new or updated auto-deploymode content
+and is in the process of deploying the content.This marker file will be
+deleted when the deployment process completes.
+
+
+
.deployed
+
Placed by the deployment scanner service to indicate that
+the given content has been deployed into the runtime. If an end user
+deletes this file, the content will be undeployed.
+
+
+
.failed
+
Placed by the deployment scanner service to indicate that
+the given content failed to deploy into the runtime. The contentof the
+file will include some information about the cause ofthe failure. Note
+that with auto-deploy mode, removing this file will make the deployment
+eligible for deployment again.
+
+
+
.isundeploying
+
Placed by the deployment scanner service to indicate
+that it has noticed a .deployed file has been deleted and the content is
+being undeployed. This marker file will be deleted when the undeployment
+process completes.
+
+
+
.undeployed
+
Placed by the deployment scanner service to indicate that
+the given content has been undeployed from the runtime. If an end user
+deletes this file, it has no impact.
+
+
+
.pending
+
Placed by the deployment scanner service to indicate that
+it has noticed the need to deploy content but has not yet instructed the
+server to deploy it. This file is created if the scanner detects that
+some auto-deploy content is still in the process of being copied or if
+there is some problem that prevents auto-deployment. The scanner will not
+instruct the server to deploy or undeploy any content (not just
+the directly affected content) as long as this condition holds.
WildFly supports two mechanisms for dealing with deployment content –
+managed and unmanaged deployments.
+
+
+
With a managed deployment the server takes the deployment content and
+copies it into an internal content repository and thereafter uses that
+copy of the content, not the original user-provided content. The server
+is thereafter responsible for the content it uses.
+
+
+
With an unmanaged deployment the user provides the local filesystem path
+of deployment content, and the server directly uses that content.
+However, the user is responsible for ensuring that content, e.g. for
+making sure that no changes are made to it that will negatively impact
+the functioning of the deployed application.
+
+
+
To help you differentiate managed from unmanaged deployments the
+deployment model has a runtime boolean attribute 'managed'.
+
+
+
Managed deployments have a number of benefits over unmanaged:
+
+
+
+
+
They can be manipulated by remote management clients, not requiring
+access to the server filesystem.
+
+
+
In a managed domain, WildFly/EAP will take responsibility for
+replicating a copy of the deployment to all hosts/servers in the domain
+where it is needed. With an unmanaged deployment, it is the user’s
+responsibility to have the deployment available on the local filesystem
+on all relevant hosts, at a consistent path.
+
+
+
The deployment content actually used is stored on the filesystem in
+the internal content repository, which should help shelter it from
+unintended changes.
+
+
+
+
+
All of the previous examples above illustrate using managed deployments,
+except for any discussion of deployment scanner handling of exploded
+deployments. In WildFly 10 and earlier exploded deployments are always
+unmanaged, this is no longer the case since WildFly 11.
For a managed deployment, the actual file the server uses when creating
+runtime services is not the file provided to the CLI deploy command or
+to the web console. It is a copy of that file stored in an internal
+content repository. The repository is located in the
+domain/data/content directory for a managed domain, or in
+standalone/data/content for a standalone server. Actual binaries are
+stored in a subdirectory:
+
+
+
+
ls domain/data/content/
+ |---/47
+ |-----95cc29338b5049e238941231b36b3946952991
+ |---/dd
+ |-----a9881fa7811b22f1424b4c5acccb13c71202bd
+
+
+
+
+
+
+
+
+
+The location of the content repository and its internal structure is
+subject to change at any time and should not be relied upon by end
+users.
+
+
+
+
+
+
The description of a managed deployment in the domain or standalone
+configuration file includes an attribute recording the SHA1 hash of the
+deployment content:
The WildFly process calculates and records that hash when the user
+invokes a management operation (e.g. CLI deploy command or using the
+console) providing deployment content. The user is not expected to
+calculate the hash.
+
+
+
The sha1 attribute in the content element tells the WildFly process
+where to find the deployment content in its internal content repository.
+
+
+
In a domain each host will have a copy of the content needed by its
+servers in its own local content repository. The WildFly domain
+controller and secondary Host Controller processes take responsibility for
+ensuring each host has the needed content.
An unmanaged deployment is one where the server directly deploys the
+content at a path you specify instead of making an internal copy and
+then deploying the copy.
+
+
+
Initially deploying an unmanaged deployment is much like deploying a
+managed one, except you tell WildFly that you do not want the deployment
+to be managed:
When you do this, instead of the server making a copy of the content at
+/Desktop/test-application.war, calculating the hash of the content,
+storing the hash in the configuration file and then installing the copy
+into the runtime, instead it will convert
+/Desktop/test-application.war to an absolute path, store the path in
+the configuration file, and then install the original content in the
+runtime.
+
+
+
You can also use unmanaged deployments in a domain:
However, before you run this command you must ensure that a copy of the
+content is present on all machines that have servers in the target
+server groups, all at the same filesystem path. The domain will not copy
+the file for you.
Doing a replacement of the deployment with a new version is a bit
+different, the server is using the file you want to replace. You should
+undeploy the deployment, replace the content, and then deploy again. Or
+you can stop the server, replace the deployment and deploy again.
Deployment overlays are our way of 'overlaying' content into an existing
+deployment, without physically modifying the contents of the deployment
+archive. Possible use cases include swapping out deployment descriptors,
+modifying static web resources to change the branding of an application,
+or even replacing jar libraries with different versions.
+
+
+
Deployment overlays have a different lifecycle to a deployment. In order
+to use a deployment overlay, you first create the overlay, using the CLI
+or the management API. You then add files to the overlay, specifying the
+deployment paths you want them to overlay. Once you have created the
+overlay you then have to link it to a deployment name (which is done
+slightly differently depending on if you are in standalone or domain
+mode). Once you have created the link any deployment that matches the
+specified deployment name will have the overlay applied.
+
+
+
When you modify or create an overlay it will not affect existing
+deployments, they must be redeployed in order to take effect
To create a deployment overlay the CLI provides a high level command to
+do all the steps specified above in one go. An example command is given
+below for both standalone and domain mode:
The following chapters will focus on the high level management use cases
+that are available through the CLI and the web interface. For a detailed
+description of each subsystem configuration property, please consult the
+respective component reference.
+
+
+
Schema Location
+
+
+
+
+
+
+
+
+The configuration schemas can found in $JBOSS_HOME/docs/schema.
+
The EE subsystem provides common functionality in the Jakarta EE platform,
+such as the EE Concurrency Utilities (JSR 236) and @Resource
+injection. The subsystem is also responsible for managing the lifecycle
+of Jakarta EE application’s deployments, that is, .ear files and configuration of global directories to share common libraries across all deployed applications.
+
+
+
The EE subsystem configuration may be used to:
+
+
+
+
+
customise the deployment of Jakarta EE applications
+
+
+
create EE Concurrency Utilities instances
+
+
+
define the default bindings
+
+
+
+
+
The subsystem name is ee and this document covers EE subsystem version
+5.0, which XML namespace within WildFly XML configurations is
+urn:jboss:domain:ee:5.0. The path for the subsystem’s XML schema,
+within WildFly’s distribution, is docs/schema/jboss-as-ee_5_0.xsd.
+
+
+
Subsystem XML configuration example with all elements and attributes
+specified:
Global modules is a set of JBoss Modules that will be added as
+dependencies to the JBoss Modules module of every Jakarta EE deployment. Such
+dependencies allows Jakarta EE deployments to see the classes exported by
+the global modules.
+
+
+
Each global module is defined through the module resource, an example
+of its XML configuration:
The only mandatory attribute is the JBoss Modules module name, the slot
+attribute defaults to main, and both define the JBoss Modules module ID to
+reference.
+
+
+
The optional annotations attribute, which defaults to false,
+indicates if a pre-computed annotation index should be imported from
+META-INF/jandex.idx
+
+
+
The optional services attribute indicates if any services exposed in
+META-INF/services should be made available to the deployments class
+loader, and defaults to false.
+
+
+
The optional meta-inf attribute, which defaults to true, indicates
+if the Module’s META-INF path should be available to the deployment’s
+class loader.
Global modules can be used to share common libraries across all deployed applications, but it could be impractical if the name of a shared library changes very often or if there are many libraries you want to share. Both cases will require changes in the underlying module.xml that represents this global module.
+
+
+
The EE subsystem allows the configuration of a global directory, which represents a directory tree scanned automatically to include .jar files and resources as a single additional dependency. This module dependency is added as a system dependency on each deployed application. Basically, with a global directory, you will be relying on WildFly to automate the maintenance and configuration of a JBoss Modules module that represents the jar files and resources of a specific directory.
+
+
+
You can configure a global directory using the following operation:
The following attributes are available on the global-directory resource:
+
+
+
+
+
path: The path of the directory to scan. (Mandatory)
+
+
+
relative-to: The name of another previously named path, or of one of the standard paths provided by the system. (Optional)
+
+
+
+
+
When a global-directory is created, the server establishes a JBoss Modules module with one Path Resource Loader created using 'path' and 'relative-to' attributes and one Jar Resource loader for each jar file included in this directory and its subdirectories.
+
+
+
The 'Path Resource Loader' will make available any file as a resource to the application. The 'Jar Resource loader' will make available any class inside of the jar file to the applications.
+
+
+
For example, suppose you have configured one global directory pointing to the following directory tree:
The name of the generated module follows the pattern deployment.external.global-directory.{global-directory-name} and as such, it can be excluded selectively using your deployment-structure.xml.
+
+
+
All resources will be available from the application class loader. For example, you could access the above property files using the context ClassLoader of your current thread:
All classes inside of each jar file will also be available, and the order of how the resource-root are created internally will govern the order of the class loading. The jar resources of the generated module will be created iterating over all jar files found in the directory tree. Each directory is scanned alphabetically starting from the root, and on each level, each subdirectory is also explored alphabetically until visiting all the branch. Files found on each level are also added in alphabetical order.
+
+
+
Notice you should know which classes are exposed on each .jar file and avoid conflicts including the same class twice with incompatible binary change. In those cases, classloading errors are likely to occur. Specifically, you should not add classes that interfere with the classes the server already makes available for your application; the goal of a global directory is not to override and replace existing library versions shipped with the server. It is a facility that will allow moving common frameworks you usually add to your application libs to a common place to facilitate maintenance.
+
+
+
The module created from the shared directory is loaded as soon as the first application is deployed in the server after creating the global-directory. That means, if the server is started/restarted and there are no applications deployed, then the global directory is neither scanned nor the module loaded. Any change in any of the contents of the global-directory will require a server reload to make them available to the deployed applications.
+
+
+
In case of domain mode or distributed environments, it is the user responsibility to make the content of the configured global directory consistent across all the server instances, as well as distribute the jar files that they contain.
A flag indicating whether each of the subdeployments within a .ear can
+access classes belonging to another subdeployment within the same
+.ear. The default value is false, which allows the subdeployments to
+see classes belonging to other subdeployments within the .ear.
If the ear-subdeployments-isolated is set to false, then the classes
+in web.war can access classes belonging to ejb1.jar and ejb2.jar.
+Similarly, classes from ejb1.jar can access classes from ejb2.jar
+(and vice-versa).
+
+
+
+
+
+
+
+
+This flag has no effect on the isolated classloader of the .war
+file(s), i.e. irrespective of whether this flag is set to true or
+false, the .war within a .ear will have a isolated classloader,
+and other subdeployments within that .ear will not be able to access
+classes from that .war. This is as per spec.
+
The EE subsystem configuration includes flags to configure whether
+system property replacement will be done on XML descriptors and Java
+Annotations included in Jakarta EE deployments.
+
+
+
+
+
+
+
+
+System properties etc are resolved in the security context of the
+application server itself, not the deployment that contains the file.
+This means that if you are running with a security manager and enable
+this property, a deployment can potentially access system properties or
+environment entries that the security manager would have otherwise
+prevented.
+
Flag indicating whether system property replacement will be performed on
+standard Jakarta EE XML descriptors. If not configured this defaults to
+true, however it is set to false in the standard configuration files
+shipped with WildFly.
Flag indicating whether system property replacement will be performed on
+WildFly proprietary XML descriptors, such as jboss-app.xml. This
+defaults to true.
EE Concurrency Utilities (JSR 236) were introduced to
+ease the task of writing multithreaded applications. Instances
+of these utilities are managed by WildFly, and the related configuration.
The Context Service is a concurrency utility which creates contextual
+proxies from existent objects. WildFly Context Services are also used to
+propagate the context from a Jakarta EE application invocation thread, to
+the threads internally used by the other EE Concurrency Utilities.
+Context Service instances may be created using the subsystem XML
+configuration:
The name attribute is mandatory, and it’s value should be a unique
+name within all Context Services.
+
+
+
The jndi-name attribute is also mandatory, and defines where in the
+JNDI the Context Service should be placed.
+
+
+
The optional use-trasaction-setup-provider attribute indicates if the
+contextual proxies built by the Context Service should suspend
+transactions in context, when invoking the proxy objects, and its value
+defaults to true.
+
+
+
Management clients, such as the WildFly CLI, may also be used to
+configure Context Service instances. An example to add and remove
+one named other:
The Managed Thread Factory allows Jakarta EE applications to create new
+threads. WildFly Managed Thread Factory instances may also, optionally,
+use a Context Service instance to propagate the Jakarta EE application
+thread’s context to the new threads. Instance creation is done through
+the EE subsystem, by editing the subsystem XML configuration:
The name attribute is mandatory, and it’s value should be a unique
+name within all Managed Thread Factories.
+
+
+
The jndi-name attribute is also mandatory, and defines where in the
+JNDI the Managed Thread Factory should be placed.
+
+
+
The optional context-service references an existent Context Service by
+its name. If specified then thread created by the factory will
+propagate the invocation context, present when creating the thread.
+
+
+
The optional priority indicates the priority for new threads created
+by the factory, and defaults to 5.
+
+
+
Management clients, such as the WildFly CLI, may also be used to
+configure Managed Thread Factory instances. An example to add and
+remove one named other:
The Managed Executor Service is the Jakarta EE adaptation of Java SE
+Executor Service, providing to Jakarta EE applications the functionality of
+asynchronous task execution. WildFly is responsible to manage the
+lifecycle of Managed Executor Service instances, which are specified
+through the EE subsystem XML configuration:
The name attribute is mandatory, and it’s value should be a unique
+name within all Managed Executor Services.
+
+
+
The jndi-name attribute is also mandatory, and defines where in the
+JNDI the Managed Executor Service should be placed.
+
+
+
The optional context-service references an existent Context Service by
+its name. If specified then the referenced Context Service will
+capture the invocation context present when submitting a task to the
+executor, which will then be used when executing the task.
+
+
+
The optional thread-factory references an existent Managed Thread
+Factory by its name, to handle the creation of internal threads. If
+not specified then a Managed Thread Factory with default configuration
+will be created and used internally.
+
+
+
The mandatory core-threads provides the number of threads to keep in
+the executor’s pool, even if they are idle. If this is not defined or
+is set to 0, the core pool size will be calculated based on the number
+of available processors.
+
+
+
The optional queue-length indicates the number of tasks that can be
+stored in the input queue. The default value is 0, which means the
+queue capacity is unlimited.
+
+
+
The executor’s task queue is based on the values of the attributes
+core-threads and queue-length:
+
+
+
+
+
If queue-length is 0, or queue-length is
+Integer.MAX_VALUE (2147483647) and core-threads is 0, direct
+handoff queuing strategy will be used and a synchronous queue will be
+created.
+
+
+
If queue-length is Integer.MAX_VALUE but core-threads is not
+0, an unbounded queue will be used.
+
+
+
For any other valid value for queue-length, a bounded queue wil be
+created.
+
+
+
+
+
The optional hung-task-threshold defines a runtime threshold value, in
+milliseconds, for tasks to be considered hung by the executor.
+A value of 0 will never consider tasks to be hung.
+
+
+
The optional hung-task-termination-period defines the period, in
+milliseconds, for attempting the termination of hung tasks, by cancelling
+their execution, and interrupting their executing threads. Please note
+that the termination of a cancelled hung task is not guaranteed.
+A value of 0, which is the default, deactivates the periodic
+cancellation of hung tasks. Management clients, such as the WildFly CLI,
+may still be used to manually attempt the termination of hung tasks:
The optional long-running-tasks is a hint to optimize the execution of
+long running tasks, and defaults to false.
+
+
+
The optional max-threads defines the the maximum number of threads
+used by the executor, which defaults to Integer.MAX_VALUE (2147483647).
+
+
+
The optional keepalive-time defines the time, in milliseconds, that an
+internal thread may be idle. The attribute default value is 60000.
+
+
+
The optional reject-policy defines the policy to use when a task is
+rejected by the executor. The attribute value may be the default
+ABORT, which means an exception should be thrown, or RETRY_ABORT,
+which means the executor will try to submit it once more, before
+throwing an exception.
+
+
+
Management clients, such as the WildFly CLI, may also be used to
+configure Managed Executor Service instances. An example to add and
+remove one named other:
The Managed Scheduled Executor Service is the Jakarta EE adaptation of Java
+SE Scheduled Executor Service, providing to Jakarta EE applications the
+functionality of scheduling task execution. WildFly is responsible to
+manage the lifecycle of Managed Scheduled Executor Service instances,
+which are specified through the EE subsystem XML configuration:
The name attribute is mandatory, and it’s value should be a unique
+name within all Managed Scheduled Executor Services.
+
+
+
The jndi-name attribute is also mandatory, and defines where in the
+JNDI the Managed Scheduled Executor Service should be placed.
+
+
+
The optional context-service references an existent Context Service by
+its name. If specified then the referenced Context Service will
+capture the invocation context present when submitting a task to the
+executor, which will then be used when executing the task.
+
+
+
The optional thread-factory references an existent Managed Thread
+Factory by its name, to handle the creation of internal threads. If
+not specified then a Managed Thread Factory with default configuration
+will be created and used internally.
+
+
+
The mandatory core-threads provides the number of threads to keep in
+the executor’s pool, even if they are idle. A value of 0 means there
+is no limit.
+
+
+
The optional hung-task-threshold defines a runtime threshold value, in
+milliseconds, for tasks to be considered hung by the executor.
+A value of 0 will never consider tasks to be hung.
+
+
+
The optional hung-task-termination-period defines the period, in
+milliseconds, for attempting the termination of hung tasks, by cancelling
+their execution, and interrupting their executing threads. Please note
+that the termination of a cancelled hung task is not guaranteed.
+A value of 0, which is the default, deactivates the periodic
+cancellation of hung tasks. Management clients, such as the WildFly CLI,
+may still be used to manually attempt the termination of hung tasks:
The optional long-running-tasks is a hint to optimize the execution of
+long running tasks, and defaults to false.
+
+
+
The optional keepalive-time defines the time, in milliseconds, that an
+internal thread may be idle. The attribute default value is 60000.
+
+
+
The optional reject-policy defines the policy to use when a task is
+rejected by the executor. The attribute value may be the default
+ABORT, which means an exception should be thrown, or RETRY_ABORT,
+which means the executor will try to submit it once more, before
+throwing an exception.
+
+
+
Management clients, such as the WildFly CLI, may also be used to
+configure Managed Scheduled Executor Service instances. An example to
+add and remove one named other:
The Jakarta EE Specification mandates the existence of a default instance
+for each of the following resources:
+
+
+
+
+
Context Service
+
+
+
Datasource
+
+
+
Jakarta Messaging Connection Factory
+
+
+
Managed Executor Service
+
+
+
Managed Scheduled Executor Service
+
+
+
Managed Thread Factory
+
+
+
+
+
The EE subsystem looks up the default instances from JNDI, using the
+names in the default bindings configuration, before placing those in the
+standard JNDI names, such as java:comp/DefaultManagedExecutorService:
Above bindings become application dependencies upon deployment. However in some cases
+they might not be required or covered by non-default resources. In such case default binding could be:
+
+
+
+
+
+
+
rewriten - to point to user configured resource( :write-attribute(name=…,value=…) )
+
+
+
undefined - if there is no need for runtime dependency( :undefine-attribute(name=…) )
+
+
+
+
+
+
+
+
+
+
+
+
+The default bindings are optional, if the jndi name for a default
+binding is not configured then the related resource will not be
+available to Jakarta EE applications.
+
+
+
+
+
+
+
+
+
+
+
+If default EE resources are not required and bindings do not point at them,
+it is safe to remove or turn off default services.
+
The Naming subsystem provides the JNDI implementation on WildFly, and
+its configuration allows to:
+
+
+
+
+
bind entries in global JNDI namespaces
+
+
+
turn off/on the remote JNDI interface
+
+
+
+
+
The subsystem name is naming and this document covers Naming subsystem
+version 2.0, which XML namespace within WildFly XML configurations is
+urn:jboss:domain:naming:2.0. The path for the subsystem’s XML schema,
+within WildFly’s distribution, is docs/schema/jboss-as-naming_2_0.xsd.
+
+
+
Subsystem XML configuration example with all elements and attributes
+specified:
The Naming subsystem configuration allows binding entries into the
+following global JNDI namespaces:
+
+
+
+
+
java:global
+
+
+
java:jboss
+
+
+
java:
+
+
+
+
+
+
+
+
+
+
+If WildFly is to be used as a Jakarta EE application server, then it’s
+recommended to opt for java:global, since it is a standard (i.e.
+portable) namespace.
+
+
+
+
+
+
Four different types of bindings are supported:
+
+
+
+
+
Simple
+
+
+
Object Factory
+
+
+
External Context
+
+
+
Lookup
+
+
+
+
+
In the subsystem’s XML configuration, global bindings are configured
+through the <bindings /> XML element, as an example:
The name attribute is mandatory and specifies the target JNDI name for
+the entry.
+
+
+
The value attribute is mandatory and defines the entry’s value.
+
+
+
The optional type attribute, which defaults to java.lang.String,
+specifies the type of the entry’s value. Besides java.lang.String,
+allowed types are all the primitive types and their corresponding object
+wrapper classes, such as int or java.lang.Integer, and java.net.URL.
+
+
+
Management clients, such as the WildFly CLI, may be used to configure
+simple bindings. An example to add and remove the one in the XML
+example above:
The Naming subsystem configuration allows the binding of
+javax.naming.spi.ObjectFactory entries, through the object-factory
+XML element, for instance:
The name attribute is mandatory and specifies the target JNDI name for
+the entry.
+
+
+
The class attribute is mandatory and defines the object factory’s Java
+type.
+
+
+
The module attribute is mandatory and specifies the JBoss Module ID
+where the object factory Java class may be loaded from.
+
+
+
The optional environment child element may be used to provide a custom
+environment to the object factory.
+
+
+
Management clients, such as the WildFly CLI, may be used to configure
+object factory bindings. An example to add and remove the one in the
+XML example above:
Federation of external JNDI contexts, such as a LDAP context, are
+achieved by adding External Context bindings to the global bindings
+configuration, through the external-context XML element. An example of
+its XML configuration:
The name attribute is mandatory and specifies the target JNDI name for
+the entry.
+
+
+
The class attribute is mandatory and indicates the Java initial naming
+context type used to create the federated context. Note that such type
+must have a constructor with a single environment map argument.
+
+
+
The optional module attribute specifies the JBoss Module ID where any
+classes required by the external JNDI context may be loaded from.
+
+
+
The optional cache attribute, which value defaults to false,
+indicates if the external context instance should be cached.
+
+
+
The optional environment child element may be used to provide the
+custom environment needed to lookup the external context.
+
+
+
Management clients, such as the WildFly CLI, may be used to configure
+external context bindings. An example to add and remove the one in
+the XML example above:
Some JNDI providers may fail when their resources are looked up if they
+do not implement properly the lookup(Name) method. Their errors would
+look like:
+
+
+
+
+
+
+
+
11:31:49,047 ERROR org.jboss.resource.adapter.jms.inflow.JmsActivation
+(default-threads -1) javax.naming.InvalidNameException: Only support
+CompoundName namesat
+com.tibco.tibjms.naming.TibjmsContext.lookup(TibjmsContext.java:504)at
+javax.naming.InitialContext.lookup(InitialContext.java:421)
+
+
+
+
+
To work around their shortcomings, the
+org.jboss.as.naming.lookup.by.string property can be specified in the
+external-context’s environment to use instead the lookup(String) method
+(with a performance degradation):
The Naming subsystem configuration allows the binding of existent
+entries into additional names, i.e. aliases. Binding aliases are
+specified through the lookup XML element. An example of its XML
+configuration:
The name attribute is mandatory and specifies the target JNDI name for
+the entry.
+
+
+
The lookup attribute is mandatory and indicates the source JNDI name.
+It can chain lookups on external contexts. For example, having an
+external context bounded to java:global/federation/ldap/example,
+searching can be done there by setting lookup attribute to
+java:global/federation/ldap/example/subfolder.
+
+
+
Management clients, such as the WildFly CLI, may be used to configure
+binding aliases. An example to add and remove the one in the XML
+example above:
The Naming subsystem configuration may be used to (de)activate the
+remote JNDI interface, which allows clients to lookup entries present in
+a remote WildFly instance.
+
+
+
+
+
+
+
+
+Only entries within the java:jboss/exported context are accessible
+over remote JNDI.
+
+
+
+
+
+
In the subsystem’s XML configuration, remote JNDI access bindings are
+configured through the <remote-naming /> XML element:
+
+
+
+
<remote-naming/>
+
+
+
+
Management clients, such as the WildFly CLI, may be used to add/remove
+the remote JNDI interface. An example to add and remove the one in
+the XML example above:
Datasources are configured through the datasource subsystem. Declaring
+a new datasource consists of two separate steps: You would need to
+provide a JDBC driver and define a datasource that references the driver
+you installed.
The recommended way to install a JDBC driver into WildFly 29 is to deploy
+it as a regular JAR deployment. The reason for this is that when you run
+WildFly in domain mode, deployments are automatically propagated to all
+servers to which the deployment applies; thus distribution of the driver
+JAR is one less thing for you to worry about!
+
+
+
Any JDBC 4-compliant driver will automatically be recognized and
+installed into the system by name and version. A JDBC JAR is identified
+using the Java service provider mechanism. Such JARs will contain a text
+a file named META-INF/services/java.sql.Driver, which contains the
+name of the class(es) of the Drivers which exist in that JAR. If your
+JDBC driver JAR is not JDBC 4-compliant, it can be made deployable in
+one of a few ways.
+
+
+
Modify the JAR
+
+
+
The most straightforward solution is to simply modify the JAR and add
+the missing file. You can do this from your command shell by:
+
+
+
+
+
Change to, or create, an empty temporary directory.
+
+
+
Create a META-INF subdirectory.
+
+
+
Create a META-INF/services subdirectory.
+
+
+
Create a META-INF/services/java.sql.Driver file which contains one
+line - the fully-qualified class name of the JDBC driver.
+
+
+
Use the jar command-line tool to update the JAR like this:
+
+
+
+
+
+
jar \-uf jdbc-driver.jar META-INF/services/java.sql.Driver
+
+
+
+
For a detailed explanation how to deploy JDBC 4 compliant driver jar,
+please refer to the chapter " Application Deployment".
The datasource subsystem is provided by the
+IronJacamar project. For a detailed
+description of the available configuration properties, please consult
+the project documentation.
The Agroal subsystem allows the definition of datasources. Declaring a new datasource consists of two separate steps: provide a JDBC driver and define a datasource that references the driver you installed.
+
+
+
The Agroal subsystem is provided by the Agroal project. For a detailed description of the available configuration properties, please consult the project documentation.
A driver definition is a reference to a class in a JDBC driver. Multiple definitions can be created on the same JDBC driver for multiple classes in it. Agroal requires an implementation of java.sql.Driver or javax.sql.DataSource for non-XA datasources, while for XA a javax.sql.XADataSource implementation is required.
+
+
+
+
+
+
+
+
+Agroal will try to load an java.sql.Driver from the specified module if the class is not defined
+
+
+
+
+
+
+
+
+
+
+
+Any installed driver provides an operation called class-info that lists all the properties available for that particular class, that can be set in the connection-factory.
+
Agroal provides both XA and non-XA datasources and most of the attributes that define them are common. This definition is mainly split in two logical units: the connection factory and the connection pool. As the name implies, the connection factory has all that is required to create new connections and connection pool defines how connections are handled by the pool.
The connection factory requires a reference to a driver (see agroal-driver-installation). With a java.sql.Driver the preferred way to 'point' to the database is to specify an url attribute while for javax.sql.DataSource and javax.sql.XADataSource the preferred way is to specify connection-properties.
+
+
+
+
+
+
+
+
+Attributes username and password are provided for basic authentication with the database. Agroal does not allow username and password to be set as connection-properties due to security requirements.
+
+
+
+
+
+
Other features provided by the connection-factory definition include the possibility of executing a SQL statement right after the connection has been created and to specify the isolation level of transactions in the database.
The main attributes of the connection-pool definition are the ones that control it’s size. While the initial size attribute is only taken into account while bootstrapping the pool, min size and max size are always enforced and can be changed at any time without requiring a reload of the server.
+
+
+
Another important attribute of the connection-pool is the blocking timeout that defines the maximum amount of time a thread will wait for a connection. If that time elapses and still no connection is available an exception is thrown. Keep in mind that the default value is 0, meaning that a thread will wait forever for a connection to become available. Changing this setting does not require a reload of the server.
+
+
+
The connection pool provides other convenient features like background validation of connections on the pool, removal of idle connections from the pool and detection of connections held for too long by one thread. All these features are disabled by default and can be enabled by specifying an interval of time on the corresponding attribute.
+
+
+
+
+
+
+
+
+There is a set of flush operations that perform many of these features on-demand. These are flush-all to close all connections immediately, flush-graceful to close all connections under normal operation, flush-invalid to remove any invalid connections from the pool and flush-idle to remove any connections not being used.
+
The available statistics include the number of created / destroyed connections and the number of connections in use / available in the pool. There are also statistics for the time it takes to create a connection and for how long have threads been blocked waiting for a connection.
In addition to all the common attributes, a datasource definition may disable the Jakarta Transactions integration.
+
+
+
Deferred enlistment is not supported, meaning that if Jakarta Transactions is enabled a connection must always be obtained within the scope of a transaction. The connection will always be enlisted with that transaction (lazy enlistment is not supported).
+
+
+
+
+
+
+
+
+The connectable attribute allows a non-XA datasource to take part in an XA transaction ('Last Resource Commit Optimization (LRCO)' / 'Commit Markable Resource')
+
+The overall server logging configuration is represented by the logging
+subsystem. It consists of four notable parts: handler configurations,
+logger, the root logger declarations (aka log categories) and
+logging profiles. Each logger does reference a handler (or set of
+handlers). Each handler declares the log format and output:
+
The add-logging-api-dependencies controls whether or not the container
+adds
+implicit
+logging API dependencies to your deployments. If set to true, the
+default, all the implicit logging API dependencies are added. If set to
+false the dependencies are not added to your deployments.
The use-deployment-logging-config controls whether or not your
+deployment is scanned for
+per-deployment
+logging. If set to true, the default,
+per-deployment
+logging is enabled. Set to false to disable this feature.
Per-deployment logging allows you to add a logging configuration file to
+your deployment and have the logging for that deployment configured
+according to the configuration file. In an EAR the configuration should
+be in the META-INF directory. In a WAR or JAR deployment the
+configuration file can be in either the META-INF or WEB-INF/classes
+directories.
+
+
+
The following configuration files are allowed:
+
+
+
+
+
logging.properties
+
+
+
jboss-logging.properties
+
+
+
+
+
You can also disable this functionality by changing the
+use-deployment-logging-config attribute to false.
Logging profiles are like additional logging subsystems. Each logging
+profile constists of three of the four notable parts listed above:
+handler configurations, logger and the root logger declarations.
+
+
+
You can assign a logging profile to a deployment via the deployments
+manifest. Add a Logging-Profile entry to the MANIFEST.MF file with a
+value of the logging profile id. For example a logging profile defined
+on /subsystem=logging/logging-profile=ejbs the MANIFEST.MF would look
+like:
+
+
+
+
Manifest-Version: 1.0
+Logging-Profile: ejbs
+
+
+
+
A logging profile can be assigned to any number of deployments. Using a
+logging profile also allows for runtime changes to the configuration.
+This is an advantage over the per-deployment logging configuration as
+the redeploy is not required for logging changes to take affect.
In a managed domain two types of log files do exist: Controller and
+server logs. The controller components govern the domain as whole. It’s
+their responsibility to start/stop server instances and execute managed
+operations throughout the domain. Server logs contain the logging
+information for a particular server instance. They are co-located with
+the host the server is running on.
+
+
+
For the sake of simplicity we look at the default setup for managed
+domain. In this case, both the domain controller components and the
+servers are located on the same host:
Log files can be listed and viewed via management operations. The log
+files allowed to be viewed are intentionally limited to files that exist
+in the jboss.server.log.dir and are associated with a known file
+handler. Known file handler types include file-handler,
+periodic-rotating-file-handler and size-rotating-file-handler. The
+operations are valid in both standalone and domain modes.
You may have noticed that there is a logging.properties file in the
+configuration directory. This is logging configuration is used when the
+server boots up until the logging subsystem kicks in. If the logging
+subsystem is not included in your configuration, then this would act as
+the logging configuration for the entire server.
+
+
+
+
+
+
+
+
+The logging.properties file is overwritten at boot and with each
+change to the logging subsystem. Any changes made to the file are not
+persisted. Any changes made to the XML configuration or via management
+operations will be persisted to the logging.properties file and used
+on the next boot.
+
A custom formatter to be used with handlers. Note that most log records are formatted in the printf format. Formatters
+may require invocation of the org.jboss.logmanager.ExtLogRecord#getFormattedMessage() for the message to be properly
+formatted.
Handlers define how log messages are recorded. If a message is said to be
+{oracle-javadocs}/java.logging/java/util/logging/Logger.html#isLoggable-java.util.logging.Level-[loggable] by a
+logger the message is then processed by the log handler.
+
+
+
The following are the available handlers for WildFly Full;
An async-handler is a handler that asynchronously writes log messages to it’s child handlers. This type of
+handler is generally used to wrap other handlers that take a substantial time to write messages.
A periodic-rotating-file-handler is a handler that writes log messages to the specified file. The file rotates on
+the date pattern specified in the suffix attribute. The suffix must be a valid pattern recognized by the
+java.text.SimpleDateFormat and must not rotate on seconds or
+milliseconds.
+
+
+
+
+
+
+
+
+The rotate happens before the next message is written by the handler.
+
A periodic-size-rotating-file-handler is a handler that writes log messages to the specified file. The file rotates on
+the date pattern specified in the suffix attribute or the rotate-size attribute. The suffix must be a valid
+pattern recognized by the java.text.SimpleDateFormat and must
+not rotate on seconds or milliseconds.
+
+
+
The max-backup-index works differently on this handler than the
+size-rotating-file-handler. The date suffix of the file to be rotated must be the
+same as the current expected suffix. For example with a suffix pattern of yyyy-MM and a rotate-size of 10m the
+file will be rotated with the current month each time the 10Mb size is reached.
+
+
+
+
+
+
+
+
+The rotate happens before the next message is written by the handler.
+
A size-rotating-file-handler is a handler that writes log messages to the specified file. The file rotates when
+the file size is greater than the rotate-size attribute. The rotated file will be kept and the index appended
+to the name moving previously rotated file indexes up by 1 until the max-backup-index is reached. Once the
+max-backup-index is reached, the indexed files will be overwritten.
+
+
+
+
+
+
+
+
+The rotate happens before the next message is written by the handler.
+
A socket-handler is a handler which sends messages over a socket. This can be a TCP or UDP socket and must be
+defined in a socket binding group under the local-destination-outbound-socket-binding or
+remote-destination-outbound-socket-binding resource.
+
+
+
During the boot logging messages will be queued until the socket binding is configured and the logging subsystem is
+added. This is important to note because setting the level of the handler to DEBUG or TRACE could result in
+large memory consumption during boot.
+
+
+
+
+
+
+
+
+
+
A server booted in --admin-only mode will discard messages rather than send them over a socket.
+
+
+
+
+
+
+
CLI Example
+
+
# Add the socket binding
+/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=log-server:add(host=localhost, port=4560)
+# Add a json-formatter
+/subsystem=logging/json-formatter=json:add
+# Add the socket handler
+/subsystem=logging/socket-handler=log-server-handler:add(named-formatter=json, level=INFO, outbound-socket-binding-ref=log-server)
+# Add the handler to the root logger
+/subsystem=logging/root-logger=ROOT:add-handler(name=log-server-handler)
A syslog-handler is a handler that writes to a syslog server via UDP. The handler support
+RFC3164 or RFC5424 formats.
+
+
+
+
+
+
+
+
+
+
The syslog-handler is missing some configuration properties that may be
+useful in some scenarios like setting a formatter. Use the
+org.jboss.logmanager.handlers.SyslogHandler in module
+org.jboss.logmanager as a
+custom-handler to exploit
+these benefits. Additional attributes will be added at some point so
+this will no longer be necessary.
Create a file handler. There are 3 different types of file handlers
+to choose from; file-handler, periodic-rotating-file-handler and
+size-rotating-file-handler. In this example we’ll just use a simple
+file-handler.
Loggers are used to log messages. A logger is defined by a category
+generally consisting of a package name or a class name.
+
+
+
A logger is the first step to determining if a messages should be logged
+or not. If a logger is defined with a level, the level of the message
+must be greater than the level defined on the logger. The filter is then
+checked next and the rules of the filter will determine whether or not
+the messages is said to be loggable.
A logger resource uses the path subsystem=logging/logger=$category
+where $category is the of the logger. For example to a logger named
+org.wildfly.example would have a resource path of
+subsystem=logging/logger=org.wildfly.example.
+You may notice that the category and filter attributes are missing.
+While filter is writable it may be deprecated and removed in the
+future. Both attributes are still on the resource for legacy reasons.
+
The handlers attribute is a list of handler names that should be
+attached to the logger. If the
+use-parent-handlers
+attribute is set to true and the log messages is determined to be
+loggable, parent loggers will continue to be processed.
A logger hierarchy is defined by it’s category. The category is a .
+(dot) delimited string generally consisting of the package name or a
+class name. For example the logger org.wildfly is the parent logger of
+org.wildfly.example.
Filters are used to add fine grained control over a log message. A filter can be assigned to a logger or log handler.
+See the Filter documentation for details on filters.
The filter resource allows a custom filter to be used. The custom filter must reside in a module and implement the
+Filter interface.
+
+
+
It’s generally suggested to add filters to a handler. By default loggers do no inherit filters. This means if a filter
+is placed on a logger named org.jboss.as.logging is only checked if the logger name is equal to org.jboss.as.logging.
Accepts a filter as an argument and inverts
+the returned value.
+
The expression takes a single filter for it’s
+argument.
+
not(match("JBAS"))
+
+
+
all
+
all(filterExpressions)
+
A filter consisting of several filters in
+a chain. If any filter find the log message to be unloggable, the
+message will not be logged and subsequent filters will not be checked.
+
The expression takes a comma delimited list of filters for it’s
+argument.
+
all(match("JBAS"), match("WELD"))
+
+
+
any
+
any(filterExpressions)
+
A filter consisting of several filters in
+a chain. If any filter fins the log message to be loggable, the message
+will be logged and the subsequent filters will not be checked.
+
The
+expression takes a comma delimited list of filters for it’s argument.
+
any(match("JBAS"), match("WELD"))
+
+
+
levelChange
+
levelChange(level)
+
A filter which modifies the log record
+with a new level.
+
The expression takes a single string based level for
+it’s argument.
+
levelChange(WARN)
+
+
+
levels
+
levels(levels)
+
A filter which includes log messages with a
+level that is listed in the list of levels.
+
The expression takes a
+comma delimited list of string based levels for it’s argument.
+
levels(DEBUG, INFO, WARN, ERROR)
+
+
+
levelRange
+
levelRange([minLevel,maxLevel])
+
A filter which logs
+records that are within the level range.
+
The filter expression uses a
+"[" to indicate a minimum inclusive level and a "]" to indicate a
+maximum inclusive level. Otherwise use "(" or ")" respectively indicate
+exclusive. The first argument for the expression is the minimum level
+allowed, the second argument is the maximum level allowed.
+
minimum
+level must be less than ERROR and the maximum level must be greater than
+DEBUGlevelRange(ERROR, DEBUG) minimum level must be less than or equal
+to ERROR and the maximum level must be greater than
+DEBUGlevelRange[ERROR, DEBUG) minimum level must be less than or equal
+to ERROR and the maximum level must be greater or equal to
+INFOlevelRange[ERROR, INFO]
+
+
+
match
+
match("pattern")
+
A regular-expression based filter. The raw
+unformatted message is used against the pattern.
+
The expression takes a
+regular expression for it’s argument. match("JBAS\d+")
+
+
+
+
substitute
+
substitute("pattern", "replacement value")
+
A filter which
+replaces the first match to the pattern with the replacement value.
+
The
+first argument for the expression is the pattern the second argument is
+the replacement text.
+
substitute("JBAS", "EAP")
+
+
+
substituteAll
+
substituteAll("pattern", "replacement value")
+
A filter
+which replaces all matches of the pattern with the replacement value.
+
The first argument for the expression is the pattern the second
+argument is the replacement text.
+
substituteAll("JBAS", "EAP")
+
+
+
filterName
+
myCustomFilter
+
A custom filter which is defined on a filter resource.
This element is used to configure the instance pool that is used by
+default for stateless session beans. If it is not present stateless
+session beans are not pooled, but are instead created on demand for
+every invocation. The instance pool can be overridden on a per
+deployment or per bean level using jboss-ejb3.xml or the
+org.jboss.ejb3.annotation.Pool annotation. The instance pools
+themselves are configured in the <pools> element.
This element is used to configure Stateful Session Beans.
+
+
+
+
+
default-session-timeout This optional attribute specifies the default
+amount of time in milliseconds a stateful session bean can remain idle
+before it is eligible for removal by the container.
+It can be overridden via ejb-jar.xml deployment descriptor or via
+jakarta.ejb.StatefulTimeout annotation.
+
+
+
default-access-timeout This attribute specifies the default time
+concurrent invocations on the same bean instance will wait to acquire
+the instance lock. It can be overridden via the deployment descriptor or
+via the jakarta.ejb.AccessTimeout annotation.
+
+
+
cache-ref This attribute is used to set the default cache for
+beans which require a passivating cache. It can be overridden by jboss-ejb3.xml, or via
+the org.jboss.ejb3.annotation.Cache annotation.
+
+
+
non-passivating-cache-ref This attribute is used to set the default cache
+for beans which require a non-passivating cache.
This element is used to configure Singleton Session Beans.
+
+
+
+
+
default-access-timeout This attribute specifies the default time
+concurrent invocations will wait to acquire the instance lock. It can be
+overridden via the deployment descriptor or via the
+jakarta.ejb.AccessTimeout annotation.
This element is used to configure the instance pool that is used by
+default for Message Driven Beans. If it is not present they are not
+pooled, but are instead created on demand for every invocation. The
+instance pool can be overridden on a per deployment or per bean level
+using jboss-ejb3.xml or the org.jboss.ejb3.annotation.Pool
+annotation. The instance pools themselves are configured in the
+<pools> element.
This element is used to configure the instance pool that is used by
+default for Entity Beans. If it is not present they are not pooled, but
+are instead created on demand for every invocation. The instance pool
+can be overridden on a per deployment or per bean level using
+jboss-ejb3.xml or the org.jboss.ejb3.annotation.Pool annotation. The
+instance pools themselves are configured in the <pools> element.
This element is used to define named cache factories to support the persistence of SFSB session states.
+Cache factories may be passivating (an in-memory cache with the ability to passivate to persistant store
+the session states of beans not recently used and then activate them when needed) or non-passivating
+(an in-memory cache only). Default values for passivating and non-passivating caches are specified
+in the <stateful> element mentioned above. A SFSB may override the named cache used to store its session states
+via the @Cache annotation (in its class definition) or via a corresponding deployment descriptor.
This element defines a passivating cache factory (in-memory plus passivation to persistent store) for storing
+session states of a SFSB. A passivating cache factory relies on a bean-management provider to configure
+the passivation mechanism and the persistent store that it uses.
+
+
+
+
+
bean-management This attribute specifies the bean-management provider to be used to
+support passivation of cache entries. The bean-management provider is defined and configured
+in the distributable-ejb subsystem (see the High Availability Guide).
+If the attribute is non-defined, the default bean management provider
+defined in the distributable-ejb subsystem is used.
This element is used to enable remote EJB invocations. In other words, it allows a remote EJB client
+application to make invocations on Jakarta Enterprise beans deployed on the server.
+
+
+
It specifies the following attributes:
+
+
+
+
+
connectors specifies a space-separated list of remoting connectors to use (as defined in the remoting
+subsystem configuration) for accepting invocations.
+
+
+
thread-pool specifies a thread pool to use for processing incoming remote invocations
A remote profile specifies a configuration of remote invocations that can
+be referenced by many deployments. EJBs that are meant to be invoked can
+be discovered in either a static or a dynamic way.
+
+
+
Static discovery decides which remote node to connect to based on the information
+provided by the administrator.
+
+
+
Dynamic discovery is responsible for monitoring the available EJBs on all the
+nodes to which connections are configured and decides which remote node to
+connect to based on the gathered data.
+
+
+
+
+
name the name of the profile
+
+
+
exclude-local-receiver If set, no local receiver is used in this profile
+
+
+
local-receiver-pass-by-value If set, local receiver will pass ejb beans by value
Static ejb discovery allows the administrator to explicitly specify on which remote nodes
+given EJBs are located. The module tag is used to define it:
This is used to configure the thread pools used by async, timer and
+remote invocations.
+
+
+
+
+
max-threads specifies the maximum number of threads in the thread pool.
+It is a required attribute and defaults to 10.
+
+
+
core-threads specifies the number of core threads in the thread pool.
+It is an optional attribute and defaults to max-threads value.
+
+
+
keepalive-time specifies the amount of time that non-core threads can
+stay idle before they become eligible for removal. It is an optional
+attribute and defaults to 60 seconds.
This is used to enable IIOP (i.e. CORBA) invocation of EJB’s. If this
+element is present then the JacORB subsystem must also be installed. It
+supports the following two attributes:
+
+
+
+
+
enable-by-default If this is true then all EJB’s with EJB2.x home
+interfaces are exposed via IIOP, otherwise they must be explicitly
+enabled via jboss-ejb3.xml.
+
+
+
use-qualified-name If this is true then EJB’s are bound to the corba
+naming context with a binding name that contains the application and
+modules name of the deployment (e.g. myear/myejbjar/MyBean), if this is
+false the default binding name is simply the bean name.
By default remote interface invocations use pass by value, as required
+by the EJB spec. This element can use used to enable pass by reference,
+which can give you a performance boost. Note WildFly will do a shallow
+check to see if the caller and the EJB have access to the same class
+definitions, which means if you are passing something such as a
+List<MyObject>, WildFly only checks the List to see if it is the same
+class definition on the call & EJB side. If the top level class
+definition is the same, JBoss will make the call using pass by
+reference, which means that if MyObject or any objects beneath it are
+loaded from different classloaders, you would get a ClassCastException.
+If the top level class definitions are loaded from different
+classloaders, JBoss will use pass by value. JBoss cannot do a deep check
+of all of the classes to ensure no ClassCastExceptions will occur
+because doing a deep check would eliminate any performance boost you
+would have received by using call by reference. It is recommended that
+you configure pass by reference only on callers that you are sure will
+use the same class definitions and not globally. This can be done via a
+configuration in the jboss-ejb-client.xml as shown below.
+
+
+
To configure a caller/client use pass by reference, you configure your
+top level deployment with a META-INF/jboss-ejb-client.xml containing:
This element configures a number of server-side interceptors which can be
+configured without changing the deployments.
+
+
+
Each interceptor is configured in <interceptor> tag which contains the
+following fields:
+
+
+
+
+
module - the module in which the interceptor is defined
+
+
+
class - the class which implements the interceptor
+
+
+
+
+
In order to use server interceptors you have to create a module that implements
+them and place it into ${WILDFLY_HOME}/modules directory.
+
+
+
Interceptor implementations are POJO classes which use
+jakarta.interceptor.AroundInvoke and jakarta.interceptor.AroundTimeout to
+mark interceptor methods.
Web subsystem was replaced in WildFly 8 with Undertow.
+
+
+
+
+
There are two main parts to the undertow subsystem, which are server and
+Servlet container configuration, as well as some ancillary items.
+Advanced topics like load balancing and failover are covered on the
+"High Availability Guide". The default configuration does is suitable
+for most use cases and provides reasonable performance settings.
the default servlet container to use for deployments
+
+
+
instance-id
+
the id of Undertow. Defaults to "${jboss.node.name}" if undefined
+
+
+
obfuscate-session-route
+
set this to "true" to indicate the
+instance-id should be obfuscated in routing. This prevents instance-id from being sent across
+HTTP connections when serving remote requests with the HTTP invoker.
+
+
+
default-security-domain
+
the default security domain used by web deployments
+
+
+
statistics-enabled
+
set this to true to enable statistics gathering for Undertow subsystem
+
+
+
+
+
+
+
+
+
+
+
+
When setting obfuscate-session-route to "true", the server’s
+name is used as a salt in the hashing algorithm that obfuscates the value of instance-id.
+For that reason, it is strongly advised that the value of the server be changed from "default-server" to something
+else, or else it would be easy to reverse engineer the obfuscated route to its original value, using "default-server"
+bytes as the salt.
The buffer cache is used for caching content, such as static files.
+Multiple buffer caches can be configured, which allows for separate
+servers to use different sized caches.
+
+
+
Buffers are allocated in regions, and are of a fixed size. If you are
+caching many small files then using a smaller buffer size will be
+better.
+
+
+
The total amount of space used can be calculated by multiplying the
+buffer size by the number of buffers per region by the maximum number of
+regions.
The following settings are common to all connectors:
+
+
+
+
+
+
+
+
+
Attribute
+
Description
+
+
+
+
+
allow-encoded-slash
+
If a request comes in with encoded / characters (i.e. %2F), will these be decoded.
+
+
+
allow-equals-in-cookie-value
+
If this is true then Undertow will allow non-escaped equals characters in unquoted cookie values.
+Unquoted cookie values may not contain equals characters. If present the value ends before the
+equals sign. The remainder of the cookie value will be dropped.
+
+
+
allow-unescaped-characters-in-url
+
If this is true Undertow will accept non-encoded characters that are disallowed by the URI specification.
+This defaults to false, and in general should not be needed as most clients correctly encode characters.
+Note that setting this to true can be considered a security risk, as allowing non-standard characters can
+allow request smuggling attacks in some circumstances.
+
+
+
always-set-keep-alive
+
If this is true then a Connection: keep-alive header will be added to responses, even when it is not
+strictly required by the specification.
+
+
+
buffer-pipelined-data
+
If we should buffer pipelined requests.
+
+
+
buffer-pool
+
The listeners buffer pool
+
+
+
certificate-forwarding
+
If certificate forwarding should be enabled. If this is enabled then the listener will take the certificate
+from the SSL_CLIENT_CERT attribute. This should only be enabled if behind a proxy, and the proxy is
+configured to always set these headers.
+
+
+
decode-url
+
If this is true then the parser will decode the URL and query parameters using the selected character
+encoding (UTF-8 by default). If this is false they will not be decoded. This will allow a later handler to
+decode them into whatever charset is desired.
+
+
+
disallowed-methods
+
A comma separated list of HTTP methods that are not allowed
+
+
+
enable-http2
+
Enables HTTP2 support for this listener
+
+
+
enabled (Deprecated)
+
If the listener is enabled
+
+
+
http2-enable-push
+
If server push is enabled for this connection
+
+
+
http2-header-table-size
+
The size of the header table used for HPACK compression, in bytes. This amount of memory will be allocated
+per connection for compression. Larger values use more memory but may give better compression.
+
+
+
http2-initial-window-size
+
The flow control window size that controls how quickly the client can send data to the server
+
+
+
http2-max-concurrent-streams
+
The maximum number of HTTP/2 streams that can be active at any time on a single connection
+
+
+
http2-max-frame-size
+
The max HTTP/2 frame size
+
+
+
http2-max-header-list-size
+
The maximum size of request headers the server is prepared to accept
+
+
+
max-buffered-request-size
+
Maximum size of a buffered request, in bytes. Requests are not usually buffered, the most common case is
+when performing SSL renegotiation for a POST request, and the post data must be fully buffered in order
+to perform the renegotiation.
+
+
+
max-connections
+
The maximum number of concurrent connections. Only values greater than 0 are allowed. For unlimited
+connections simply undefine this attribute value.
+
+
+
max-cookies
+
The maximum number of cookies that will be parsed. This is used to protect against hash vulnerabilities.
+
+
+
max-header-size
+
The maximum size of a http request header, in bytes.
+
+
+
max-headers
+
The maximum number of headers that will be parsed. This is used to protect against hash vulnerabilities.
+
+
+
max-parameters
+
The maximum number of parameters that will be parsed. This is used to protect against hash vulnerabilities.
+This applies to both query parameters, and to POST data, but is not cumulative (i.e. you can potentially
+have max parameters * 2 total parameters).
+
+
+
max-post-size
+
The maximum size of a post that will be accepted, in bytes.
+
+
+
no-request-timeout
+
The length of time in milliseconds that the connection can be idle before it is closed by the container.
+
+
+
proxy-address-forwarding
+
Enables handling of x-forwarded-host header (and other x-forwarded-* headers) and use this header information
+to set the remote address. This should only be used behind a trusted proxy that sets these headers otherwise
+a remote user can spoof their IP address.
+
+
+
proxy-protocol
+
If this is true then the listener will use the proxy protocol v1, as defined by
+https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt. This option MUST only be enabled for listeners
+that are behind a load balancer that supports the same protocol.
+
+
+
read-timeout
+
Configure a read timeout for a socket, in milliseconds. If the given amount of time elapses without a
+successful read taking place, the socket’s next read will throw a {@link ReadTimeoutException}.
+
+
+
receive-buffer
+
The receive buffer size, in bytes.
+
+
+
record-request-start-time
+
If this is true then Undertow will record the request start time, to allow for request time to be logged.
+This has a small but measurable performance impact
+
+
+
request-parse-timeout
+
The maximum amount of time (in milliseconds) that can be spent parsing the request
+
+
+
require-host-http11
+
Require that all HTTP/1.1 requests have a 'Host' header, as per the RFC. IF the request does not include
+this header it will be rejected with a 403.
+
+
+
resolve-peer-address
+
Enables host dns lookup
+
+
+
rfc6265-cookie-validation
+
If cookies should be validated to ensure they comply with RFC6265.
+
+
+
secure
+
If this is true then requests that originate from this listener are marked as secure, even if the request
+is not using HTTPS.
+
+
+
send-buffer
+
The send buffer size, in bytes.
+
+
+
socket-binding
+
The listener socket binding
+
+
+
tcp-backlog
+
Configure a server with the specified backlog.
+
+
+
tcp-keep-alive
+
Configure a channel to send TCP keep-alive messages in an implementation-dependent manner.
+
+
+
url-charset
+
URL charset
+
+
+
worker
+
The listeners XNIO worker
+
+
+
write-timeout
+
Configure a write timeout for a socket, in milliseconds. If the given amount of time
+elapses without a successful write taking place, the socket’s next write will throw
+a {@link WriteTimeoutException}.
If this listener is supporting non-SSL requests, and a request is received for which a matching
+<security-constraint> requires SSL transport, undertow will automatically redirect the request to the
+socket binding port specified here.
Https listener provides secure access to the server. The most important
+configuration option is ssl-context which cross references a pre-configured
+SSL Context instance.
A whitespace separated list of additional host names that should
+be matched
+
+
+
default-web-module
+
The name of a deployment that should be used to
+serve up requests that do not match anything.
+
+
+
queue-requests-on-start
+
If requests should be queued on start for this host. If this is set to false the default
+response code will be returned instead.
+
Note: If a Non-graceful Startup is requested, and the queue-requests-on-start attribute is not set, requests will NOT be
+queued despite the default value of true for the property. In the instance of a non-graceful startup, non-queued requests
+are required. However, if non-graceful is configured, but queue-requests-on-start is explicitly set to true, then requests
+will be queued, effectively disabling the non-graceful mode for requests to that host.
Each host allows for access logging to the console which writes structured data in JSON format. This only writes to
+stdout and is a single line of JSON structured data.
+
+
+
The attributes management model attribute is used to determine which exchange attributes should be logged. This is
+similar to the pattern used for traditional access logging. The main difference being since the data is structured
+the ability to use defined keys is essential.
+
+
+
A metadata attribute also exists which allows extra metadata to be added to the output. The value of the attribute is
+a set of arbitrary key/value pairs. The values can include management model expressions, which must be resolvable when
+the console access log service is started. The value is resolved once per start or reload of the server.
The servlet-container element corresponds to an instance of an Undertow
+Servlet container. Most servers will only need a single servlet
+container, however there may be cases where it makes sense to define
+multiple containers (in particular if you want applications to be
+isolated, so they cannot dispatch to each other using the
+RequestDispatcher. You can also use multiple Servlet containers to serve
+different applications from the same context path on different virtual
+hosts).
+
+
+
+
+
+
+
+
+
Attribute
+
Description
+
+
+
+
+
allow-non-standard-wrappers
+
The Servlet specification requires
+applications to only wrap the request/response using wrapper classes
+that extend from the ServletRequestWrapper and ServletResponseWrapper
+classes. If this is set to true then this restriction is relaxed.
+
+
+
default-buffer-cache
+
The buffer cache that is used to cache static
+resources in the default Servlet.
+
+
+
stack-trace-on-error
+
Can be either all, none, or local-only. When set
+to none Undertow will never display stack traces. When set to All
+Undertow will always display them (not recommended for production use).
+When set to local-only Undertow will only display them for requests from
+local addresses, where there are no headers to indicate that the request
+has been proxied. Note that this feature means that the Undertow error
+page will be displayed instead of the default error page specified in
+web.xml.
+
+
+
default-encoding
+
The default encoding to use for requests and
+responses.
+
+
+
use-listener-encoding
+
If this is true then the default encoding will
+be the same as that used by the listener that received the request.
+
+
+
preserve-path-on-forward
+
If this is true, the return values of the
+getServletPath(), getRequestURL() and getRequestURI() methods from
+ HttpServletRequest will be unchanged following a
+ RequestDispatcher.forward() call, and point to the original resource requested.
+If false, following the RequestDispatcher.forward() call, they will
+point to the resource being forwarded to.
This allows you to change the attributes of the affinity cookie.
+If the affinity cookie is configured, the affinity will not be appended to the session ID, but will be sent via the configured cookie name.
Persistent sessions allow session data to be saved across redeploys and
+restarts. This feature is enabled by adding the persistent-sessions
+element to the server config. This is mostly intended to be a
+development time feature.
+
+
+
If the path is not specified then session data is stored in memory, and
+will only be persistent across redeploys, rather than restarts.
The AJP listeners are child resources of the subsystem undertow. They
+are used with mod_jk, mod_proxy and mod_cluster of the Apache httpd
+front-end. Each listener does reference a particular socket binding:
WildFly 10 added support for using the Undertow subsystem as a load
+balancer. WildFly supports two different approaches, you can either
+define a static load balancer, and specify the back end hosts in your
+configuration, or use it as a mod_cluster frontend, and use mod_cluster
+to dynamically update the hosts.
WildFly uses Undertow’s proxy capabilities to act as a load balancer.
+Undertow will connect to the back end servers using its built in client,
+and proxies requests.
+
+
+
The following protocols are supported:
+
+
+
+
+
http
+
+
+
ajp
+
+
+
http2
+
+
+
h2c (clear text HTTP2)
+Of these protocols h2c should give the best performance, if the back end
+servers support it.
+
+
+
+
+
The Undertow proxy uses async IO, the only threads that are involved in
+the request is the IO thread that is responsible for the connection. The
+connection to the back end server is made from the same thread, which
+removes the need for any thread safety constructs.
+If both the front and back end servers support server push, and HTTP2 is
+in use then the proxy also supports pushing responses to the client. In
+cases where proxy and backend are capable of server push, but the client
+does not support it the server will send a X-Disable-Push header to let
+the backend know that it should not attempt to push for this request.
# configure correct path to WildFly installation
+WILDFLY_HOME=/path/to/wildfly
+
+# configure correct IP of the node
+MY_IP=192.168.1.1
+
+# run the load balancer profile
+$WILDFLY_HOME/bin/standalone.sh -b $MY_IP -bprivate $MY_IP -c standalone-load-balancer.xml
+
+
+
+
It’s highly recommended to use private/internal network for communication between load balancer and nodes.
+To do this set the correct IP address to the private interface (-bprivate argument).
Run the server with the HA (or Full HA) profile, which has mod_cluster component included.
+If the UDP multicast is working in your environment, the workers should work out of the box without any change.
+If it’s not the case, then configure the IP address of the load balancer statically.
+
+
+
+
# configure correct path to WildFly installation
+WILDFLY_HOME=/path/to/wildfly
+# configure correct IP of the node
+MY_IP=192.168.1.2
+
+# Configure static load balancer IP address.
+# This is necessary when UDP multicast doesn't work in your environment.
+LOAD_BALANCER_IP=192.168.1.1
+$WILDFLY_HOME/bin/jboss-cli.sh <<EOT
+
+embed-server -c=standalone-ha.xml
+/subsystem=modcluster/proxy=default:write-attribute(name=advertise, value=false)
+/socket-binding-group=standard-sockets/remote-destination-outbound-socket-binding=proxy1:add(host=$LOAD_BALANCER_IP, port=8090)
+/subsystem=modcluster/proxy=default:list-add(name=proxies, value=proxy1)
+EOT
+
+# start the woker node with HA profile
+$WILDFLY_HOME/bin/standalone.sh -c standalone-ha.xml -b $MY_IP -bprivate $MY_IP
+
+
+
+
Again, to make it safe, users should configure private/internal IP address into MY_IP variable.
To use WildFly as a static load balancer the first step is to create a
+proxy handler in the Undertow subsystem. For the purposes of this
+example we are going to assume that our load balancer is going to load
+balance between two servers, sv1.foo.com and sv2.foo.com, and will be
+using the AJP protocol.
+
+
+
The first step is to add a reverse proxy handler to the Undertow
+subsystem:
The Jakarta Messaging server configuration is done through the messaging-activemq
+subsystem. In this chapter we are going outline the frequently used
+configuration options. For a more detailed explanation please consult
+the Artemis user guide (See "Component Reference").
The configuration options discussed in this section assume that the the
+org.wildfly.extension.messaging-activemq extension is present in your
+configuration. This extension is not included in the standard
+standalone.xml and standalone-ha.xml configurations included in the
+WildFly distribution. It is, however, included with the
+standalone-full.xml and standalone-full-ha.xml configurations.
+
+
+
You can add the extension to a configuration without it either by adding
+an <extension module="org.wildfly.extension.messaging-activemq"/>
+element to the xml or by using the following CLI operation:
There are three kinds of basic Jakarta Messaging connection-factory that depends
+on the type of connectors that is used.
+
+
+
There is also a pooled-connection-factory which is special in that it
+is essentially a configuration facade for both the inbound and
+outbound connectors of the the Artemis Jakarta Connectors Resource Adapter. An MDB can
+be configured to use a pooled-connection-factory (e.g. using
+@ResourceAdapter). In this context, the MDB leverages the inbound
+connector of the Artemis Jakarta Connectors RA. Other kinds of clients can look up the
+pooled-connection-factory in JNDI (or inject it) and use it to send
+messages. In this context, such a client would leverage the outbound
+connector of the Artemis Jakarta Connectors RA. A pooled-connection-factory is also
+special because:
+
+
+
+
+
It is only available to local clients, although it can be configured
+to point to a remote server.
+
+
+
As the name suggests, it is pooled and therefore provides superior
+performance to the clients which are able to use it. The pool size can
+be configured via the max-pool-size and min-pool-size attributes.
+
+
+
It should only be used to send (i.e. produce) messages when looked
+up in JNDI or injected.
+
+
+
It can be configured to use specific security credentials via the
+user and password attributes. This is useful if the remote server to
+which it is pointing is secured.
+
+
+
Resources acquired from it will be automatically enlisted any on-going
+Jakarta Transactions. If you want to send a message from an Jakarta Enterprise Beans using CMT
+then this is likely the connection factory you want to use so the send
+operation will be atomically committed along with the rest of the Jakarta Enterprise Beans’s
+transaction operations.
+
+
+
+
+
To be clear, the inbound connector of the Artemis Jakarta Connectors RA (which is for
+consuming messages) is only used by MDBs and other Jakarta Connectors based components.
+It is not available to traditional clients.
+
+
+
Both a connection-factory and a pooled-connection-factory reference
+a connector declaration.
+
+
+
A netty-connector is associated with a socket-binding which tells
+the client using the connection-factory where to connect.
+
+
+
+
+
A connection-factory referencing a netty-connector is suitable to
+be used by a remote client to send messages to or receive messages
+from the server (assuming the connection-factory has an appropriately
+exported entry).
+
+
+
A pooled-connection-factory looked up in JNDI or injected which is
+referencing a netty-connector is suitable to be used by a local
+client to send messages to a remote server granted the socket-binding
+references an outbound-socket-binding pointing to the remote server in
+question.
+
+
+
A pooled-connection-factory used by an MDB which is referencing a
+remote-connector is suitable to consume messages from a remote server
+granted the socket-binding references an outbound-socket-binding
+pointing to the remote server in question.
+
+
+
+
+
An in-vm-connector is associated with a server-id which tells the
+client using the connection-factory where to connect (since multiple
+Artemis servers can run in a single JVM).
+
+
+
+
+
A connection-factory referencing an in-vm-connector is suitable to
+be used by a local client to either send messages to or receive
+messages from a local server.
+
+
+
A pooled-connection-factory looked up in JNDI or injected which is
+referencing an in-vm-connector is suitable to be used by a local
+client only to send messages to a local server.
+
+
+
A pooled-connection-factory used by an MDB which is referencing an
+in-vm-connector is suitable only to consume messages from a local
+server.
+
+
+
+
+
A http-connector is associated with the socket-binding that
+represents the HTTP socket (by default, named http).
+
+
+
+
+
A connection-factory referencing a http-connector is suitable to
+be used by a remote client to send messages to or receive messages from
+the server by connecting to its HTTP port before upgrading to the
+messaging protocol.
+
+
+
A pooled-connection-factory referencing a http-connector is
+suitable to be used by a local client to send messages to a remote
+server granted the socket-binding references an
+outbound-socket-binding pointing to the remote server in question.
+
+
+
A pooled-connection-factory used by an MDB which is referencing a
+http-connector is suitable only to consume messages from a remote
+server granted the socket-binding references an
+outbound-socket-binding pointing to the remote server in question.
+
+
+
+
+
The entry declaration of a connection-factory or a
+pooled-connection-factory specifies the JNDI name under which the
+factory will be exposed. Only JNDI names bound in the
+"java:jboss/exported" namespace are available to remote clients. If a
+connection-factory has an entry bound in the "java:jboss/exported"
+namespace a remote client would look-up the connection-factory using
+the text after"java:jboss/exported". For example, the "
+RemoteConnectionFactory`" is bound by default to
+`"java:jboss/exported/jms/RemoteConnectionFactory" which means a remote
+client would look-up this connection-factory using "
+jms/RemoteConnectionFactory`". A `pooled-connection-factory should
+not have any entry bound in the " java:jboss/exported`" namespace
+because a `pooled-connection-factory is not suitable for remote
+clients.
+
+
+
Since Jakarta Messaging 2.0, a default Jakarta Messaging connection factory is accessible to Jakarta EE
+applications under the JNDI name java:comp/DefaultJMSConnectionFactory.
+The WildFly messaging subsystem defines a pooled-connection-factory that
+is used to provide this default connection factory. Any parameter change
+on this pooled-connection-factory will be take into account by any EE
+application looking the default Jakarta Messaging provider under the JNDI name
+java:comp/DefaultJMSConnectionFactory.
Jakarta Messaging queues and topics are sub resources of the messaging-actively
+subsystem. One can define either a jms-queue or jms-topic. Each
+destination must be given a name and contain at least one entry in
+its entries element (separated by whitespace).
+
+
+
Each entry refers to a JNDI name of the queue or topic. Keep in mind
+that any jms-queue or jms-topic which needs to be accessed by a
+remote client needs to have an entry in the "java:jboss/exported"
+namespace. As with connection factories, if a jms-queue or or
+jms-topic has an entry bound in the "java:jboss/exported" namespace a
+remote client would look it up using the text after
+"java:jboss/exported`". For example, the following `jms-queue
+"testQueue" is bound to "java:jboss/exported/jms/queue/test" which means
+a remote client would look-up this \{{kms-queue} using
+"jms/queue/test". A local client could look it up using
+"java:jboss/exported/jms/queue/test", "java:jms/queue/test", or more
+simply "jms/queue/test":
When a queue is paused, it will receive messages but will not deliver them. When it’s resumed, it’ll begin delivering the queued messages, if any.
+When a topic is paused, it will receive messages but will not deliver them. Newly added subscribers will be paused too until the topic is resumed. When it is resumed, delivering will occur again. The persist parameter ensure that the topic stays paused on the restart of the server.
A number of additional commands to maintain the Jakarta Messaging subsystem are
+available as well:
+
+
+
+
[standalone@localhost:9990 /] jms-queue --help --commands
+add
+...
+remove
+To read the description of a specific command execute 'jms-queue command_name --help'.
Some of the settings are applied against an address wild card instead of
+a specific messaging destination. The dead letter queue and redelivery
+settings belong into this group:
By default, Artemis will use the " ApplicationDomain`" Elytron security
+domain. This domain is used to authenticate users making connections to Artemis
+and then they are authorized to perform specific functions based on their
+role(s) and the `security-settings described above. This domain can be
+changed by using the elytron-domain, e.g.:
The preferred way is to reuse an SSLContext defined in the Elytron subsystem and reference it using the ssl-context attribute available on http-acceptor, remote-acceptor, http-connector and remote-acceptor.
+That way you can use the SSLContext with the broker but also with other services such as Undertow.
+
+
+
+
+
+
+
+
+One point that you have to take into account is the fact that the connector might be used on a different point than the server you have configured it on.
+For example, if you obtain the connection factory remotely using JNDI, the SSLContext configured in the connector is 'relative' to your client and not to the server it was configured.
+That means that a standalone client wouldn’t be able to resolve it, and if this is running on another WildFly instance, the Elytron SSLContext must be configured there.
+
If the Artemis server is configured to be clustered, it will use the
+cluster 's user and password attributes to connect to other
+Artemis nodes in the cluster.
+
+
+
If you do not change the default value of <cluster-password>, Artemis
+will fail to authenticate with the error:
+
+
+
+
HQ224018: Failed to create session: HornetQExceptionerrorType=CLUSTER_SECURITY_EXCEPTION message=HQ119099: Unable to authenticate cluster user: HORNETQ.CLUSTER.ADMIN.USER
+
+
+
+
To prevent this error, you must specify a value for
+<cluster-password>. It is possible to encrypt this value by as an encrypted
+expression by referring to the Elytron documentation.
+
+
+
Alternatively, you can use the system property
+jboss.messaging.cluster.password to specify the cluster password from
+the command line.
+This feature is primarily intended for development as destinations
+deployed this way can not be managed with any of the provided management
+tools (e.g. console, CLI, etc).
+
The function of a Jakarta Messaging bridge is to consume messages from a source Jakarta Messaging
+destination, and send them to a target Jakarta Messaging destination. Typically either
+the source or the target destinations are on different servers.
+The bridge can also be used to bridge messages from other non Artemis
+messaging servers, as long as they are JMS 1.1 compliant.
+
+
+
The Jakarta Messaging Bridge is provided by the Artemis project. For a detailed
+description of the available configuration properties, please consult
+the project documentation.
Source and target Jakarta Messaging resources (destination and connection factories)
+are looked up using JNDI.
+If either the source or the target resources are managed by another
+messaging server than WildFly, the required client classes must be
+bundled in a module. The name of the module must then be declared when
+the Jakarta Messaging Bridge is configured.
+
+
+
The use of a Jakarta Messaging bridges with any messaging provider will require to
+create a module containing the jar of this provider.
+
+
+
Let’s suppose we want to use an hypothetical messaging provider named
+AcmeMQ. We want to bridge messages coming from a source AcmeMQ
+destination to a target destination on the local WildFly messaging
+server. To lookup AcmeMQ resources from JNDI, 2 jars are required,
+acmemq-1.2.3.jar, mylogapi-0.0.1.jar (please note these jars do not
+exist, this is just for the example purpose). We must not include a
+Jakarta Messaging jar since it will be provided by a WildFly module directly.
+
+
+
To use these resources in a Jakarta Messaging bridge, we must bundle them in a WildFly
+module:
<?xml version="1.0" encoding="UTF-8"?>
+<modulexmlns="urn:jboss:module:1.9"name="org.acmemq">
+ <properties>
+ <propertyname="jboss.api"value="private"/>
+ </properties>
+
+
+ <resources>
+ <!-- insert resources required to connect to the source or target -->
+ <!-- messaging brokers if it not another WildFly instance -->
+ <resource-rootpath="acmemq-1.2.3.jar"/>
+ <resource-rootpath="mylogapi-0.0.1.jar"/>
+ </resources>
+
+
+ <dependencies>
+ <!-- add the dependencies required by messaging Bridge code -->
+ <modulename="java.se"/>
+ <modulename="jakarta.jms.api"/>
+ <modulename="jakarta.transaction.api"/>
+ <modulename="org.jboss.remote-naming"/>
+ <!-- we depend on org.apache.activemq.artemis module since we will send messages to -->
+ <!-- the Artemis server embedded in the local WildFly instance -->
+ <modulename="org.apache.activemq.artemis"/>
+ </dependencies>
+</module>
The source and target sections contain the name of the Jakarta Messaging resource
+( connection-factory and destination) that will be looked up in
+JNDI.
+It optionally defines the user and password credentials. If they are
+set, they will be passed as arguments when creating the Jakarta Messaging connection
+from the looked up ConnectionFactory.
+It is also possible to define JNDI context properties in the
+source-context and target-context sections. If these sections are
+absent, the Jakarta Messaging resources will be looked up in the local WildFly
+instance (as it is the case in the target section in the example
+above).
Currently two statistics are available on a Jakarta Messaging bridge: the number of processed messages and the number of aborted/rolled back messages.
+Those are available with the following command :
The messaging-activemq subsystem is provided by the Artemis project. For
+a detailed description of the available configuration properties, please
+consult the project documentation.
You can configure the disk space usage of the journal by using the global-max-disk-usage attribute, thus blocking the paging and processing of new messages until some disk space is available.
+This is done from the CLI:
You can define at which frequency the disk usage is checked using the disk-scan-period attribute.
+
+
+
In the same way configure the maximal memory affected to processing messages by using the global-max-memory-size attribute, thus blocking the processing of new messages until some memory space is available.
+This is done from the CLI:
When things go wrong on the broker, the critical analyzer may act as a safeguard shutting down the broker or the JVM.
+If the response time goes beyond a configured timeout, the broker is considered unstable and an action can be taken to either shutdown the broker or halt the VM.
+Currently in WildFly this will only be logged but you can change that behaviour by setting the critical-analyzer-policy attribute to HALT or SHUTDOWN.
+For this, the critical analyzer measures the response time in:
+
+
+
+
+
Queue delivery (adding to the queue)
+
+
+
Journal storage
+
+
+
Paging operations
+
+
+
+
+
You can configure the critical analyzer on the broker using the CLI.
+To disable the critical analyzer, you can execute the following CLI command:
If you need to troubleshoot the journal you can use the print-data operation. Like the export operation, it needs to be executed in admin-mode.
+Also this will send back a file so it must be coupled with the attachment operation to display or save the result. Note that the display operation won’t work properly if you are asking for a zipped version of the data.
The messaging-activemq subsystem allows to configure a
+pooled-connection-factory resource to let a local client deployed in
+WildFly connect to a remote Artemis server.
+
+
+
The configuration of such a pooled-connection-factory is done in 3
+steps:
+
+
+
+
+
create an outbound-socket-binding pointing to the remote messaging
+server:
In Artemis 1.x topics and queues used had a prefix(jms.topic. and jms.queue.) that were prepended to the destination name.
+In Artemis 2.x this is no longer the case, but for compatibility reasons WildFly still prepend those prefixes and tells Artemis to run in compatibility mode.
+If you are connecting to a remote Artemis 2.x, it may not be in compatibility mode and thus the old prefixes may not be used anymore.
+If you need to use destinations without those prefixes, you can configure your connection factory not to use them by setting the attribute enable-amq1-prefix to false.
You can also add queues and topics defined on a remote Artemis server to be used as if they were local to the server. This means that you can make those remote destinations available via JNDI just like local destinations.
+You can also configure destinations not to enable the Artemis 1.x prefixes by setting the attribute enable-amq1-prefix to false. Those destinations are defined out-of the server element:
When a pooled-connection-factory is configured to connect to a remote
+Artemis, it is possible to configure Message-Driven Beans (MDB) to have
+them consume messages from this remote server.
+
+
+
The MDB must be annotated with the @ResourceAdapter annotation using
+the name of the pooled-connection-factory resource
If the MDB needs to produce messages to the remote server, it must
+inject the pooled-connection-factory by looking it up in JNDI using
+one of its entries.
A MDB must also specify which destination it will consume messages from.
+
+
+
The standard way is to define a destinationLookup activation config
+property that corresponds to a JNDI lookup on the local server.
+When the MDB is consuming from a remote Artemis server it will now create those bindings locally.
+It is possible to use the naming subsystem to configure
+external context federation to have local JNDI
+bindings delegating to external bindings.
+
+
+
However there is a simpler solution to configure the destination when
+using the Artemis Resource Adapter.
+Instead of using JDNI to lookup the Jakarta Messaging Destination resource, you can
+just specify the name of the destination (as configured in the remote
+Artemis server) using the destination activation config property and
+set the useJNDI activation config property to false to let the Artemis
+Resource Adapter create automatically the Jakarta Messaging destination without
+requiring any JNDI lookup.
These properties configure the MDB to consume messages from the Jakarta Messaging
+Queue named myQueue hosted on the remote Artemis server.
+In most cases, such a MDB does not need to lookup other destinations to
+process the consumed messages and it can use the JMSReplyTo destination
+if it is defined on the message.
+If the MDB needs any other Jakarta Messaging destinations defined on the remote
+server, it must use client-side JNDI by following the
+Artemis
+documentation or configure external configuration context in the naming
+subsystem (which allows to inject the Jakarta Messaging resources using the
+@Resource annotation).
The annotation @JMSDestinationDefinition can be used to create a destination on a remote Artemis Server. This will work in the same way as for a local server.
+For this it needs to be able to access Artemis management queue. If your remote Artemis Server management queue is not the default one you can pass the management queue address as a property to the @JMSDestinationDefinition.
+Please note that the destination is created remotely but won’t be removed once the deployement is undeployed/removed.
+
+
+
+
@JMSDestinationDefinition(
+ // explicitly mention a resourceAdapter corresponding to a pooled-connection-factory resource to the remote server
+ resourceAdapter = "activemq-ra",
+ name="java:global/env/myQueue2",
+ interfaceName="jakarta.jms.Queue",
+ destinationName="myQueue2",
+ properties = {
+ "management-address=my.management.queue",
+ "selector=color = 'red'"
+ }
+)
+
+
+
+
You can also configure destinations not to enable the Artemis 1.x prefixes by adding a property enable-amq1-prefix to false to the @JMSDestinationDefinition.
+
+
+
+
@JMSDestinationDefinition(
+ // explicitly mention a resourceAdapter corresponding to a pooled-connection-factory resource to the remote server
+ resourceAdapter = "activemq-ra",
+ name="java:global/env/myQueue2",
+ interfaceName="jakarta.jms.Queue",
+ destinationName="myQueue2",
+ properties = {
+ "enable-amq1-prefix=false"
+ }
+)
WildFly supports both backwards and forwards compatibility with
+legacy versions that were using HornetQ as their messaging brokers (such
+as JBoss AS7 or WildFly 8 and 9).
+These two compatibility modes are provided by the ActiveMQ Artemis
+project that supports HornetQ’s CORE protocol:
+
+
+
+
+
backward compatibility: WildFly messaging clients (using Artemis) can
+connect to a legacy app server (running HornetQ)
+
+
+
forward compatibility: legacy messaging clients (using HornetQ) can connect
+to a WildFly 29 app server (running Artemis).
Forward compatibility requires no code change in legacy messaging clients. It
+is provided by the WildFly messaging-activemq subsystem and its
+resources.
+
+
+
+
+
legacy-connection-factory is a subresource of the
+messaging-activemq’s `server and can be used to store in JNDI a
+HornetQ-based ConnectionFactory.
The legacy-entries must be used by legacy clients (using HornetQ)
+while the regular entries are for WildFly 29 Jakarta Messaging clients (using
+Artemis).
+
+
+
The legacy client will then lookup these legacy messaging resources to
+communicate with WildFly.
+To avoid any code change in the legacy messaging clients, the legacy JNDI
+entries must match the lookup expected by the legacy client.
During migration, the legacy messaging subsystem will create a
+legacy-connection-factory resource and add legacy-entries to the
+jms-queue and jms-topic resource if the boolean attribute
+add-legacy-entries is set to true for its migrate operation. If
+that is the case, the legacy entries in the migrated
+messaging-activemq subsystem will correspond to the entries specified
+in the legacy messaging subsystem and the regular entries will be
+created with a -new suffix.
+If add-legacy-entries is set to false during migration, no legacy
+resources will be created in the messaging-activemq subsystem and
+legacy messaging clients will not be able to communicate with WildFly 29
+servers.
Backward compatibility requires no configuration change in the legacy
+server.
+WildFly 29 clients do not look up resources on the legacy server but
+use client-side JNDI to create their Jakarta Messaging resources. WildFly’s Artemis client
+can then use these resources to communicate with the legacy server
+using the HornetQ CORE protocol.
+
+
+
Artemis supports
+Client-side
+JNDI to create Jakarta Messaging resources ( ConnectionFactory and Destination).
+
+
+
For example, if a WildFly 29 messaging client wants to communicate with a
+legacy server using a queue named myQueue, it must use the
+following properties to configure its JNDI InitialContext:
+
+
+
+
java.naming.factory.initial=org.apache.activemq.artemis.jndi.ActiveMQInitialContextFactory
+connectionFactory.jms/ConnectionFactory=tcp://<legacy server address>:5445? \
+ protocolManagerFactoryStr=org.apache.activemq.artemis.core.protocol.hornetq.client.HornetQClientProtocolManagerFactory
+queue.jms/myQueue=myQueue
+
+
+
+
It can then use the jms/ConnectionFactory name to create the Jakarta Messaging
+ConnectionFactory and jms/myQueue to create the Jakarta Messaging Queue.
+Note that the property
+protocolManagerFactoryStr=org.apache.activemq.artemis.core.protocol.hornetq.client.HornetQClientProtocolManagerFactory
+is mandatory when specifying the URL of the legacy connection factory so
+that the Artemis JMS client can communicate with the HornetQ broker in
+the legacy server.
Apache ActiveMQ Artemis (like HornetQ beforehand) ships with a high
+performance journal. Since Apache ActiveMQ Artemis handles its own
+persistence, rather than relying on a database or other 3rd party
+persistence engine it is very highly optimised for the specific
+messaging use cases. The majority of the journal is written in Java,
+however we abstract out the interaction with the actual file system to
+allow different pluggable implementations.
+
+
+
Apache ActiveMQ Artemis ships with two implementations:
+
+
+
+
+
Java NIO.
+
+
+
+
+
The first implementation uses standard Java NIO to interface with the
+file system. This provides extremely good performance and runs on any
+platform where there’s a Java 6+ runtime.
+
+
+
+
+
Linux Asynchronous IO
+
+
+
+
+
The second implementation uses a thin native code wrapper to talk to the
+Linux asynchronous IO library (AIO). With AIO, Apache ActiveMQ Artemis
+will be called back when the data has made it to disk, allowing us to
+avoid explicit syncs altogether and simply send back confirmation of
+completion when AIO informs us that the data has been persisted.
+
+
+
Using AIO will typically provide even better performance than using Java
+NIO.
+
+
+
The AIO journal is only available when running Linux kernel 2.6 or later
+and after having installed libaio (if it’s not already installed). If AIO is
+not supported on the system then Artemis will fallback to NIO. To know which
+type of journal is effectively used you can execute the following command using jboss-cli:
Please note that AIO is represented by ASYNCIO in the WildFly model configuration.
+
+
+
Also, please note that AIO will only work with the following file
+systems: ext2, ext3, ext4, jfs, xfs. With other file systems, e.g. NFS
+it may appear to work, but it will fall back to a slower synchronous
+behaviour. Don’t put the journal on a NFS share!
+
+
+
One point that should be added is that AIO doesn’t work well with
+encrypted partitions, thus you have to move to NIO on those.
If you see the following exception in your WildFly log file / console
+
+
+
+
[org.apache.activemq.artemis.core.server] (ServerService Thread Pool -- 64) AMQ222010: Critical IO Error, shutting down the server. file=AIOSequentialFile:/home/wildfly/wildfly-10.0.0.Final/standalone/data/activemq/journal/activemq-data-2.amq, message=Cannot open file:The Argument is invalid: java.io.IOException: Cannot open file:The Argument is invalid
+ at org.apache.activemq.artemis.jlibaio.LibaioContext.open(Native Method)
+
+
+
+
that means that AIO isn’t working properly on your system.
+
+
+
To use NIO instead execute the following command using jboss-cli:
[org.hornetq.core.server] (ServerService Thread Pool -- 64) HQ222010: Critical IO Error, shutting down the server. file=AIOSequentialFile:/home/wildfly/wildfly-9.0.2.Final/standalone/data/messagingjournal/hornetq-data-1.hq, message=Can't open file: HornetQException[errorType=NATIVE_ERROR_CANT_OPEN_CLOSE_FILE message=Can't open file]
+ at org.hornetq.core.libaio.Native.init(Native Method)
+
+
+
+
that means that AIO isn’t working properly on your system.
+
+
+
To use NIO instead execute the following commnd using jboss-cli :
The Artemis server that are integrated to WildFly can be configured to
+use a JDBC store for its messaging journal instead of its file-based
+journal.
+The server resource of the messaging-activemq subsystem needs to
+configure its journal-datasource attribute to be able to use JDBC
+store. If this attribute is not defined, the regular file-base journal
+will be used for the Artemis server.
+This attribute value must correspond to a data source defined in the
+datasource subsystem.
+
+
+
For example, if the datasources subsystem defines an ExampleDS data
+source at /subsystem=datasources/data-source=ExampleDS, the Artemis
+server can use it for its JDBC store with the operation:
Artemis JDBC store uses SQL commands to create the tables used to
+persist its information.
+These SQL commands may differ depending on the type of database. The SQL
+commands used by the JDBC store are located in modules/system/layers/base/org/apache/activemq/artemis/main/artemis-jdbc-store-${ARTEMIS_VERSION}.jar/journal-sql.properties.
+
+
+
Artemis uses different JDBC tables to store its bindings information,
+the persistent messages and the large messages (paging is not supported
+yet).
+
+
+
The name of these tables can be configured with the
+journal-bindings-table, journal-messages-table,
+journal-page-store-table, and journal-large-messages-table.
+
+
+
Please note that the configuration of the underlying pool is something that you need to take care of.
+You need at least four connections:
+
+
+
+
+
one for the binding
+
+
+
one for the messages journal
+
+
+
one for the lease lock (if you use HA)
+
+
+
one for the node manager shared state (if you use HA)
+
+
+
+
+
So you should define a min-pool-size of 4 for the pool.
+But one fact that you need to take into account is that paging and large messages can use an unbounded number of threads.
+The size, a.k.a. max-pool-size, of the pool should be defined according to the amount of concurrent threads that perform page/large message streaming operations. There is no defined rule for this as there is no 1-1 relation between the number of threads and the number of connections. The number of connections depend on the number of threads processing paging and large messages operations as well as the time you are willing to wait to get a connection (cf. blocking-timeout-wait-millis). When new large messages or paging operations occur they will be in a dedicated thread and will try to get a connection, being enqueued until one is ready or the time to obtain one runs out which will create a failure.
+You really need to tailor your configuration according to your needs and test it in your environment following the DataSource configuration subsystem documentation and perform tests and peroformance runs before going to production.
Each Artemis server can be configured to broadcast itself and/or discovery other Artemis servers within a cluster.
+Artemis supports two mechanisms for configuring broadcast/discovery:
Artemis can leverage the membership of an existing JGroups channel to both broadcast its identity and discover nodes on which Artemis servers are deployed.
+WildFly’s default full-ha profile uses this mechanism for broadcast/discovery using the default JGroups channel of the server (as defined by the JGroups subsystem).
+
+
+
To add this support to a profile that does not include it by default, use the following:
To segregate Artemis servers use a distinct membership, configure broadcast/discovery using a separate channel. To do this, first create the channel resource:
If the cluster is behind an HTTP load balancer we need to indicate to the clients that they must not use the cluster topology to connect to it but keep on using the initial connection to the load-balancer.
+For this you need to specify on the (pooled) connection factory not to use the topology by setting the attribute "use-topology-for-load-balancing" to false.
It is possible that if a replicated live or backup server becomes isolated in a network that failover will occur and you will end up with 2 live servers serving messages in a cluster, this we call split brain. You main mitigate this problem by configuring one or more addresses that are part of your network topology, that will be pinged through the life cycle of the server.
+
+
+
The server will stop itself until the network is back on such case.
+This is configured using the following configuration attributes:
+
+
+
+
+
network-check-NIC: The NIC (Network Interface Controller) to be used to validate the network.
+
+
+
network-check-period: The frequency of how often we should check if the network is still up.
+
+
+
network-check-timeout: The timeout used on the ping.
+
+
+
network-check-list: This is a comma separated list, no spaces, of DNS or IPs (it should accept IPV6) to be used to validate the network.
+
+
+
network-check-URL-list: The list of HTTP URIs to be used to validate the network.
+
+
+
network-check-ping-command: The command used to ping IPV4 addresses.
+
+
+
network-check-ping6-command: The command used to ping IPV6 addresses.
Make sure you understand your network topology as this is meant to validate your network. Using IPs that could eventually disappear or be partially visible may defeat the purpose. You can use a list of multiple IPs. Any successful ping will make the server OK to continue running
Transaction subsystem configures the behaviour of the transaction manager.
+Narayana is the transaction manager used in WildFly.
+The second component configured within the subsystem is
+WildFly Transaction Client
+(the WFTC serves as an abstract layer to work with the transactional context).
The structure of the transaction subsystem follows the structure of Narayana component.
+Narayana defines a separate configuration bean for every
+internal module.
+For example any configuration related to Narayana core is available through beans
+CoordinatorEnvironmentBean and
+CoreEnvironmentBean,
+for JTA processing it is
+JTAEnvironmentBean,
+for the transaction recovery setup it’s
+RecoveryEnvironmentBean.
+
+
+
The transaction subsystem provides only a sub-set of the configuration available via Narayana beans.
+Any other configuration option provided by Narayana is still possible to be configured via
+system properties and JVM restart is usually required.
+
+
+
Narayana defines unified naming for the system properties which are used for configuration.
+The system property is in form [bean name].[property name]. For example, the system property with name RecoveryEnvironmentBean.periodicRecoveryInitilizationOffset defined in
+RecoveryEnvironmentBean
+configures a waiting time for first time execution of the periodic recovery after application server starts.
The transaction subsystem separates the configuration into sections in XML configuration file.
+Every section belongs to some Narayana module.
+The configuration for model consists, on the other hand, of a flat structure of attributes
+(most of them at top level).
+
+
+
For example, the subsystem defines the node identifier under core-environment XML element in XML
+configuration, while the node-identifer attribute is defined directly under /subsystem=transactions
+resource in the model.
+
+
+
The description of individual attributes and their meaning can be found in the
+Model Reference Guide.
node-identifier, process-id-uuid, process-id-socket-binding, process-id-socket-max-ports model
+ attributes are configured under core-environment XML element
If you configure the recovery-listener then Narayana binds the linked socket, and a user may request
+an explicit launch of
+the recovery scan.
+We can see an example of the socket communication in the following example.
+
+
+
telnet communication with recovery listener
+
+
telnet localhost 4712
+# command to start the recovery scan
+SCAN[enter]
+# at this time the transaction recovery has been started
+^]
+close
When subsystem defines the statistics-enabled to true Narayana starts gathering
+statistics about transaction processing. User can view a single attribute
+or list all statistics attributes as a group.
+Transaction statistics attributes are read-only runtime attributes.
+
+
+
observing all transaction statistics attributes
+
+
# connect to a running application server
+./bin/jboss-cli.sh -c
+
+# enable transaction statistics
+/subsystem=transactions:write-attribute(name=statistics-enabled, value=true)
+# list all statistics attributes
+/subsystem=transactions:read-attribute-group(name=statistics, include-runtime=true)
Narayana needs to persist data about transaction processing to a transaction log.
+This persistent storage is called object store in context of Narayana.
+Narayana requires to persist a log for an XA transactions that are processed
+with the two-phase commit protocol. Otherwise, the transaction is held only in memory
+without storing anything to the object store.
+
+
+
Narayana provides three object stores implementations.
+
+
+
+
+
ShadowNoFileLock store persists records in directory structure on the file system.
+A separate file represents an record, log of a prepared transaction.
+Used when attributes use-jdbc-store and use-journal-store are both false.
+
+
+
Journal store persists records in a journal file on the file system.
+Records are stored in append only log implemented within ActiveMQ Artemis
+project.
+Used when attribute use-journal-store is true and use-jdbc-store is false.
+
+
+
JDBC stores persists records in a database. The records are accessible via JDBC connection.
+This store requires a linked datasource from the datasources subsystem.
+Used when attribute use-jdbc-store is true and use-journal-store is false.
An XML configuration of object-store XML element configuring the journal store with model attributes
+object-store-path, object-store-relative-to, journal-store-enable-async-io is
JDBC implementation makes the transaction log to be persisted into a database.
+Transaction subsystem accesses the database via linked (via JNDI) non-transactional (jta=false) datasource.
+When the transaction subsystem configures the JDBC store implementation then
+the Transaction Manager creates one or few database tables (if they do not exist) to persist transaction data
+when WildFly starts. Narayana creates a separate table for each store type.
+Narayana uses the store type to grouping transaction records of the same type.
+
+
+
Narayana uses the following store types in WildFly
+
+
+
+
+
action store stores data for JTA transactions
+
+
+
state store stores data for TXOJ objects
+
+
+
communications store stores data for monitoring remote JTS transactions and storing CORBA IOR’s
+
+
+
+
+
Attributes configuration may define a prefix for each store type.
+When we configure no prefix, or the same prefix for all store types
+then Narayana saves the transaction data into the same database table.
+By default, Narayana persists transaction log in database table named JBossTSTxTable.
Makes possible for a database non-XA datasource (i.e., a local resource) to reliably
+participate in an XA transaction
+in the two-phase commit processing.
+The datasource has to be configured with connectable attribute of value true and linked to transaction
+subsystem as a commit markable resource (CMR).
+
+
+
As a prerequisite the database must contain a table named xids
+(the database table name can be configured with attribute name under commit-markable-resource)
+where Narayana persists additional metadata when two-phase commit prepares the non-XA datasource.
+
+
+
The SQL select that has to be working for xids table can be found
+in the Narayana code.
+
+
+
example of SQL statement to create the xids table to store CMR metadata
log-store is a runtime only resource
+that can be loaded with a snapshot of the content of the Narayana object store.
+The operation /subsystem=transactions/log-store=log-store:probe loads
+persisted transaction records from object store and that can be viewed in the model.
+Another :probe operation flushes the old data and loads up-to-date records.
The transactions and participant resources contains several operations
+that can be used to work with the content of the object store.
+
+
+
+
+
delete Removes the transaction record from the object store
+and calls the XAResource.forget call at all participants.
+
+
+
refresh Reloads information from the Narayana object store about the participant
+and updates the information from object store to model.
+
+
+
recover This operation switches the participant status to PREPARED.
+This is useful mostly for HEURISTIC participant records as HEURISTIC state is
+skipped by period recovery processing. Switching the HEURISTIC to PREPARED
+means that the periodic recovery will try to finish the record.
+
+
+
+
+
operations at log-store transactions structure
+
+
# delete of the transaction that subsequently deletes all participants
+/subsystem=transactions/log-store=log-store/transactions=0\:ffffc0a80065\:-22769d16\:60c87436\:1a:delete
+# delete of the particular participant
+/subsystem=transactions/log-store=log-store/transactions=0\:ffffc0a80065\:-22769d16\:60c87436\:1a/participants=1:delete
+# refresh and recover
+/subsystem=transactions/log-store=log-store/transactions=0\:ffffc0a80065\:-22769d16\:60c87436\:1a/participants=1:refresh
+/subsystem=transactions/log-store=log-store/transactions=0\:ffffc0a80065\:-22769d16\:60c87436\:1a/participants=1:recover
This org.wildfly.extension.metrics extension is included in all the standalone configurations included in the
+WildFly distribution as well as the metrics layer.
+
+
+
You can also add the extension to a configuration without it either by adding
+an <extension module="org.wildfly.extension.metrics"/>
+element to the xml or by using the following CLI operation:
The /subsystem=metrics resource defines three attributes:
+
+
+
+
+
security-enabled - a boolean to indicate whether authentication is required to access the HTTP metrics endpoint (described below). By default, it is true. The
+standalone configurations explicitly sets it to false to accept unauthenticated access to the HTTP endpoints.
+
+
+
exposed-subsystems - a list of strings corresponding to the names of subsystems that exposes their metrics in the HTTP metrics endpoints.
+By default, it is not defined (there will be no metrics exposed by subsystem. The special wildcard "" can be used to expose metrics from all subsystems. The standalone
+configuration sets this attribute to "".
+
+
+
prefix - A string to prepend to WildFly metrics that are exposed by the HTTP endpoint /metrics with the Prometheus output format.
Secured access to the HTTP endpoint is controlled by the security-enabled attribute of the /subsystem=metrics resource.
+If it is set to true, the HTTP client must be authenticated.
+
+
+
If security is disabled, the HTTP endpoint returns a 200 OK response:
+
+
+
+
$ curl -v http://localhost:9990/metrics
+< HTTP/1.1 200 OK
+...
+# HELP base_classloader_total_loaded_class_count Displays the total number of classes that have been loaded since the Java virtual machine has started execution
+.
+# TYPE base_classloader_total_loaded_class_count counter
+base_classloader_total_loaded_class_count 10822.0
+...
+
+
+
+
If security has been enabled, the HTTP client must pass the credentials corresponding to a management user
+created by the add-user script. For example:
+
+
+
+
$ curl -v --digest -u myadminuser:myadminpassword http://localhost:9990/metrics
+< HTTP/1.1 200 OK
+...
+# HELP base_classloader_total_loaded_class_count Displays the total number of classes that have been loaded since the Java virtual machine has started execution
+.
+# TYPE base_classloader_total_loaded_class_count counter
+base_classloader_total_loaded_class_count 10822.0
+...
+
+
+
+
If the authentication fails, the server will reply with a 401 NOT AUTHORIZED response.
WildFly metrics names are based on the subsystem that provides them as well as the name of the attribute from the management model.
+Their name can also be prepended with a prefix (specified on the /subsystem=metrics resource).
+Other information is stored using labels.
+
+
+
For example Undertow exposes a metric attribute request-count for every Servlet in an application deployment.
+This attribute will be exposed to Prometheus with the name wildfly_undertow_request_count.
+Other information such as the name of the Servlet are added to the labels of the metrics.
+
+
+
The helloworld quickstart demonstrates the use of CDI and Servlet in Wildfly.
+A corresponding metric will be exposed for it with the name and labels:
+Some subsystems (such as undertow or messaging-activemq) do not enable their statistics by default
+as they have an impact on performance and memory usage. These subsystems provides a statistics-enabled attribute that must
+be set to true to enable them.
+For convenience, WildFly standalone configuration provides expressions to enable the statistics by setting a
+System property -Dwildfly.statistics-enabled=true to enable statistics on the subsystems provided by the configuration.
+
Micrometer is a vendor-neutral observability facade that provides a generic, reusable API for registering and recording metrics related to application performance. This extension provides an integration with Micrometer, exposing its API to deployed applications so that they may expose application-specific metrics in addition to the server metrics added by the extension.
+
+
+
+
+
+
+
+
+Standard WildFly continues to use the existing metrics subsystem, so this extension must be manually added and configured. See below for details.
+
This org.wildfly.extension.micrometer extension is available to all the standalone configurations included in the WildFly distribution, but must be added manually:
This subsystem exposes metrics from the WildFly Management Model and JVM MBeans, as well as end-user applications via the Micrometer API now exposed to applications deployed to the server. By default, this extension will attempt to push metrics data via the OTLP protocol to an OpenTelemetry-compatible "collector". The endpoint for the collector must be configured explicitly, as you can see in the write-attribute statement above.
+
+
+
+
+
+
+
+
+It is assumed that the server administrator will provision and secure the collector, which is outside the scope of this document.
+
+
+
+
+
+
Note that this an alternative to the existing WildFly Metrics extension. While they may be run concurrently, it is not advisable, as this will likely have an impact on server performance due to the duplicated metrics collection. To disable WildFly Metrics, issue these commands:
exposed-subsystems - a list of strings corresponding to the names of subsystems that exposes their metrics in the
+HTTP metrics endpoints. By default, it is not defined (there will be no metrics exposed by subsystem). The special wildcard "*" can be used to expose metrics from all subsystems. The standalone configuration sets this attribute to "*".
+
+
+
step - the step size, or reporting frequency, to use (in seconds).
WildFly metrics names are based on the subsystem that provides them, as well as the name of the attribute from the management model.
+
+
+
For example Undertow exposes a metric attribute request-count for every Servlet in an application deployment. This attribute will be exposed with the name undertow_request_count. Other information such as the name of the Servlet are added to the tags of the metric.
+
+
+
The helloworld quickstart demonstrates the use of CDI and Servlet in WildFly. A corresponding metric will be exposed for it with the name and tags:
+Some subsystems (such as undertow or messaging-activemq) do not enable their statistics by default as they have an impact on performance and memory usage. These subsystems provide a statistics-enabled attribute that must be set to true to enable them. For convenience, WildFly standalone configuration provides expressions to enable the statistics by setting a System property -Dwildfly.statistics-enabled=true to enable statistics on the subsystems provided by the configuration.
+
Unlike the previous metrics systems, this new extension exposes an API (that of Micrometer) to applications in order to allow developers to record and export metrics out of the box. To do so, application developers will need to inject a MeterRegistry instance:
This provides the application with a MeterRegistry instance that will have any recorded metrics exported with the system metrics WildFly already exposes. There is no need for an application to include the Micrometer dependencies in the application archive, as they are provided by the server out-of-the-box:
This extension is not included in any of the standalone configurations included in the WildFly distribution.
+To enable, the administrator must run the following CLI commands:
The sampler is configured via the sampler element:
+
+
+
+
+
type: The type of sampler to use
+
+
+
+
on: Always on (all traces are recorded)
+
+
+
off: Always off (no traces are recorded)
+
+
+
ratio: Return a ratio of the traces (e.g., 1 trace in 10000).
+
+
+
+
+
+
ratio: The value used to configure the ratio sampler, which must be within [0.0, 1.0].For example, if 1 trace in 10,000 is to be exported, this value would be 0.0001.
The following XML is an example of the full configuration, including default values (WildFly does not typically persist
+default values, so what you see in the configuration file may look different):
All incoming REST requests are automatically traced, so no work needs be done in user applications.If a REST request is received and the OpenTelemetry context propagation header (traceparent) is present, the request will traced as part of the remote trace context automatically.
+
+
+
Likewise, all Jakarta REST Client calls will have the trace context added to outgoing request headers so that requests to external applications can be traced correctly (assuming the remote system properly handles OpenTelemetry trace context propagation).If the REST Client call is made to another application on the local WildFly server, or a remote server of the same version or later, the trace context will propagate automatically as described above.
+
+
+
While automatic tracing may be sufficient in many cases, it will often be desirable to have traces occur throughout the user application.To support that, WildFly makes available the io.opentelemetry.api.OpenTelemetry and
+io.opentelemetry.api.trace.Tracer instances, via CDI injection.A user application, then is able to create arbitrary spans as part of the server-managed trace:
+
+
+
+
@Path("/myEndpoint")
+publicclassMyEndpoint {
+ @Inject
+ private Tracer tracer;
+
+ @GET
+ public Response doSomeWork() {
+ final Span span = tracer.spanBuilder("Doing some work")
+ .startSpan();
+ span.makeCurrent();
+ doSomeMoreWork();
+ span.addEvent("Make request to external system.");
+ makeExternalRequest();
+ span.addEvent("All the work is done.");
+ span.end();
+
+ return Response.ok().build();
+}
This subsystem exposes only healthiness checks for the WildFly runtime.
+Support for MicroProfile Health is provided by
+the microprofile-health-smallrye subsystem.
This org.wildfly.extension.health extension is included in all the standalone configurations included in the
+WildFly distribution as well as the health layer.
+
+
+
You can also add the extension to a configuration without it either by adding
+an <extension module="org.wildfly.extension.health"/>
+element to the xml or by using the following CLI operation:
The /subsystem=health resource defines one attribute:
+
+
+
+
+
security-enabled - a boolean to indicate whether authentication is required to access the HTTP health endpoint (described below). By default, it is true. The
+standalone configurations explicitly sets it to false to accept unauthenticated access to the HTTP endpoints.
Secured access to the HTTP endpoint is controlled by the security-enabled attribute.
+If it is set to true, the HTTP client must be authenticated.
+
+
+
If security has been enabled, the HTTP client must pass the credentials corresponding to a management user
+created by the add-user script. For example:
If the authentication fails, the server will reply with a 401 NOT AUTHORIZED response.
+
+
+
+
+
+
+
+
+The HTTP response contains additional information with individual outcomes for each probe that determined the healthiness.
+This is informational only and the HTTP response code is the only relevant data to determine the healthiness of the application server.
+
This extension is included in the standard configurations included in the
+WildFly distribution.
+
+
+
You can also add the extension to a configuration without it either by adding
+an <extension module="org.wildfly.extension.microprofile.config-smallrye"/>
+element to the xml or by using the following CLI operation:
In addition to the default ConfigSources specified by the MicroProfile Config specification
+(environment variables, System properties and META-INF/microprofile-config.properties file), the
+microprofile-config-smallrye provides additional types of ConfigSource
+This corresponds to the layout used by OpenShift ConfigMaps.
+The dir value corresponds to the mountPath in the ConfigMap definition in OpenShift or Kubernetes.
+
You can also point to a root directory by adjusting the examples in the preceding section to include
+root=true when defining them. Top level directories within this root directory each become an
+individual ConfigSource reading from a directory similar to what we saw earlier in
+ConfigSource from Directory. Any directories below the top-level
+directories are ignored. Also, any files in the root directory are ignored; only files in the top
+level directories within the root directory will be used for the configuration.
+
+
+
This is especially useful when running on OpenShift where constructs such as ConfigMap and
+ServiceBinding instances get mapped under
+a common known location. For example if there are two ConfigMap instances (for this example,
+we will call them map-a, and map-b) used by your application pod, they will
+each get mapped under /etc/config. So you would have /etc/config/map-a and /etc/config/map-b
+directories.
+
+
+
Each of these directories will have files where the file name is the name of the property and the file
+content is the value of the property, like we saw earlier.
+
+
+
We can thus simply run the following CLI command to pick up all these child directories as
+a ConfigSource each:
Specifying the root directory rather than each individual directory removes the need to know the
+exact names of each entry under the common parent directory (this is especially useful in some
+OpenShift scenarios where the names of these directories are auto-generated).
+
+
+
The situation where two ConfigSource entries under the same root both contain the same property
+should be avoided. However, to make this situation deterministic, the directories representing each
+ConfigSource are sorted by their name according to standard Java sorting rules before doing the
+lookup of values. To make this more concrete, if we have the following entries:
+* /etc/config/map-a/name contains kabir
+* /etc/config/map-b/name contains jeff
+
+
+
Since map-a will come before map-b after sorting, in the following scenario kabir (coming from
+map-a) will be injected for the following username field:
You may override this default sorting by including a file called config_ordinal in a directory. The
+ordinal specified in that file will be used for config values coming from that directory. Building
+on our previous example, if we had:
+* /etc/config/map-a/config_ordinal contains 120
+* /etc/config/map-b/config_ordinal contains 140
+
+
+
Since now map-b has a higher ordinal (140) than map-a (120), we will instead inject the value
+jeff for the earlier username field.
+
+
+
If there is no config_ordinal file in a top-level directory under the root directory, the
+ordinal used when specifying the ConfigSource will be used for that directory.
You can create a specific type of ConfigSource implementation by creating a config-source resource
+with a class attribute.
+
+
+
For example, you can provide an implementation of org.eclipse.microprofile.config.spi.ConfigSource
+that is named org.example.MyConfigSource and provided by a JBoss module named org.example:
You can create a specific type of ConfigSourceProvider implementation by creating a config-source-provider resource
+with a class attribute.
+
+
+
For example, you can provide an implementation of org.eclipse.microprofile.config.spi.ConfigSourceProvider
+that is named org.example.MyConfigSourceProvider and provided by a JBoss module named org.example:
Applications that are deployed in WildFly must have Jakarta Contexts and Dependency Injection enabled (e.g. with a META-INF/beans.xml
+or by having Jakarta Contexts and Dependency Injection Bean annotation) to be able to use MicroProfile Config in their code.
This extension is included in the standalone-microprofile configurations included in the
+WildFly distribution.
+
+
+
You can also add the extension to a configuration without it either by adding
+an <extension module="org.wildfly.extension.microprofile.health-smallrye"/>
+element to the xml or by using the following CLI operation:
Secured access to the HTTP endpoint is controlled by the security-enabled attribute of the /subsystem=microprofile-health-smallrye resource.
+The value of this attribute will override the security-enabled attribute of the /subsystem=health resource (documented in Health subsystem configuration guide).
+If it is set to true, the HTTP client must be authenticated.
+
+
+
If security has been enabled, the HTTP client must pass the credentials corresponding to a management user
+created by the add-user script. For example:
WildFly provides some readiness procedures that are checked to determine if the application server is ready to serve requests:
+
+
+
+
+
boot-errors checks that there were no errors during the server boot sequence
+
+
+
deployments-status checks that all deployments were deployed without errors
+
+
+
server-state checks that the server state is running
+
+
+
empty-readiness-checks determines the status when there are no readiness check procedures deployed to the server. The outcome of this procedure is determined by the empty-readiness-checks-status attribute. If the attribute is
+UP (by default), the server can be ready when there are no readiness checks in the deployments. Setting the empty-readiness-checks-status attribute to DOWN will make this procedure fail when there are no readiness checks in the deployments.
+
+
+
+
+
If a deployment does not provide any readiness checks, WildFly will automatically add one for each deployment (named ready-<deployment name>) which always returns UP.
+
+
+
+
+
+
+
+
+
+
This allows applications that does not provide readiness checks to still be able to inform cloud containers when they are ready to serve requests.
+Setting empty-readiness-checks-status to DOWN ensures that the server will not be ready until the application is deployed. At that time, the ready-<deployment name>
+will be added (which returns UP) and the empty-readiness-checks procedure will no longer be checked as there is now a readiness check procedure provided either by the deployment or by the server.
+
+
+
+
+
+
+
WildFly also provide a liveness procedure that is checked to determine if the application server is live:
+
+
+
+
+
empty-liveness-checks determines the status when there are no liveness check procedures deployed to the server. The outcome of this procedure is determined by the empty-liveness-checks-status attribute. If the attribute is
+UP (by default), the server can be live when there are no liveness checks in the deployments. Setting the empty-liveness-checks-status attribute to DOWN will make this procedure fail when there are no liveness checks in the deployments.
+
+
+
+
+
WildFly also provides a similar procedure for what concerns startup checks:
+
+
+
+
+
empty-startup-checks determines the status when there are no startup check procedures deployed to the server. The outcome of this procedure is determined by the empty-startup-checks-status attribute. If the attribute is
+UP (by default), the server can be ready when there are no startup checks in the deployments. Setting the empty-startup-checks-status attribute to DOWN will make this procedure fail when there are no readiness checks in the deployments.
+
+
+
+
+
If a deployment does not provide any startup checks, WildFly will automatically add one for each deployment (named started-<deployment name>) which always returns UP.
+
+
+
+
+
+
+
+
+
+
This allows applications that does not provide startup checks to still be able to inform cloud containers when they are started to proceed with the container start.
+Setting empty-startup-checks-status to DOWN ensures that the server will not be ready until the application is deployed. At that time, the started-<deployment name>
+will be added (which returns UP) and the empty-startup-checks procedure will no longer be checked as there is now a startup check procedure provided either by the deployment or by the server.
It is possible to disable all these server procedures by using the MicroProfile Config property mp.health.disable-default-procedures.
+
+
+
+
+
+
+
+
+
+
The MicroProfile Config property mp.health.disable-default-procedures is read at 2 different times:
+
+
+
+
+
When the server starts, to determine if its server procedures should be disabled or enabled. It can be set using the system property mp.health.disable-default-procedures or the environment variable MP_HEALTH_DISABLE_DEFAULT_PROCEDURES. Setting this property in a deployment is ignored at that time.
+
+
+
When an application is deployed, to determine if WildFly should add a readiness check if the deployment does not provide any. At that time, setting this property in a microprofile-config.properties file in the deployment would be taken into account. (with the usual priority rules for MicroProfile Config properties).
+
+
+
+
+
+
+
+
+
When the mp.health.disable-default-procedures is set to true the server will not return any of its health checks in the responses which involve also the default empty configurable checks included before the deployments are processed, namely empty-readiness-checks, empty-startup-checks, and empty-liveness-checks. This means that the server might prematurely respond with invalid UP response particularly to startup and readiness invocations before the user deployment is processed. For this reason, MicroProfile Health specification defines two MicroProfile Config properties that specify the response returned while the server is still processing deployments, i.e. it returns an empty health response:
+
+
+
+
+
mp.health.default.readiness.empty.response (default DOWN) that specifies empty readiness response. This response will be switched to UP once the user deployment is processed even if it doesn’t contain any readiness checks. Otherwise, it will be switched to the status set by the user readiness checks.
+
+
+
mp.health.default.startup.empty.response (default DOWN) that specifies empty startup response. This response will be switched to UP once the user deployment is processed even if it doesn’t contain any startup checks. Otherwise, it will be switched to the status set by the user startup checks.
Support for MicroProfile JWT RBAC is provided by the microprofile-jwt-smallrye subsystem.
+
+
+
The MicroProfile JWT specification describes how authentication can be performed using cryptographically signed JWT tokens and the contents of the token to be used to establish a resuting identity without relying on access to external repositories of identities such as databases or directory servers.
The MicroProfile JWT integration is provided by the microprofile-jwt-smallrye subsystem and is included in the default configuration, if not present the subsystem can be added using the following CLI commands.
The microprofile-jwt-smallrye subsystem contains no configurable attributes or resources, it’s presence is required however to detect if a deployment is making use of the MP-JWT authentication mechanism and to activate support for JWT making use of the SmallRye JWT project.
The subsystem will scan all deployments to detect if the MP-JWT mechanism is required for any web components and if true activate the integration and the authentication mechanism.
+
+
+
The classes in the deployment will be scanned to identify if there is a class which extends jakarta.ws.rs.core.Application annotated with the org.eclipse.microprofile.auth.LoginConfig to specify an auth-method. Additionally the auth-method contained within the deployments web.xml will be checked.
+
+
+
If authentication configuration is defined within the @LoginConfig annotation and within the web.xml deployment descriptor the contents of the web.xml are given precedence.
+
+
+
If after evaluating the deployment the resulting auth-method is MP-JWT then this integration will be activated, in all other cases no activation will occur and deployment will continue as normal.
For an individual deployment the configuration in relation to MicroProfile JWT can be provided using MicroProfile Config properties, many are defined within the MicroProfile JWT specification however SmallRye JWT also supports some additional properties.
There are presently a couple of limitations with support for JWKS which we are looking to address.
+
+
+
+
+
If a JWKS is inlined using the mp.jwt.verify.publickey property then only the first key from the set will be used with the remainder being ignored.
+
+
+
Encoding of JWKS using Base64 is presently unsupported.
+
+
+
+
+
In both cases a clear text JWKS can be referenced instead using the mp.jwt.verify.publickey.location config property.
+
+
+
Support for Base64 encoded JWKS keys and inlined JWKS keys within the mp.jwt.verify.publickey property will be further evaluation and either support added or a contibution to the specification to remove these options.
The SmallRye JWT specific properties allow for a lot of customisation not covered by the specification, however as these are not specification defined they could be subject to change.
+
+
+
+
+
+
+
+
+
+
Property Name
+
Default
+
Description
+
+
+
smallrye.jwt.verify.key.location
+
NONE
+
Location of the verification key which can point to both public and secret keys. Secret keys can only be in the JWK format. Note that 'mp.jwt.verify.publickey.location' will be ignored if this property is set.
+
+
+
smallrye.jwt.verify.algorithm
+
RS256
+
Signature algorithm. Set it to ES256 to support the Elliptic Curve signature algorithm. This property is deprecated, use mp.jwt.verify.publickey.algorithm.
+
+
+
smallrye.jwt.verify.key-format
+
ANY
+
Set this property to a specific key format such as PEM_KEY, PEM_CERTIFICATE, JWK or JWK_BASE64URL to optimize the way the verification key is loaded.
+
+
+
smallrye.jwt.verify.relax-key-validation
+
false
+
Relax the validation of the verification keys, setting this property to true will allow public RSA keys with the length less than 2048 bit.
+
+
+
smallrye.jwt.verify.certificate-thumbprint
+
false
+
If this property is enabled then a signed token must contain either 'x5t' or 'x5t#S256' X509Certificate thumbprint headers. Verification keys can only be in JWK or PEM Certificate key formats in this case. JWK keys must have a 'x5c' (Base64-encoded X509Certificate) property set.
+
+
+
smallrye.jwt.token.header
+
Authorization
+
Set this property if another header such as Cookie is used to pass the token. This property is deprecated, use mp.jwt.token.header.
+
+
+
smallrye.jwt.token.cookie
+
none
+
Name of the cookie containing a token. This property will be effective only if smallrye.jwt.token.header is set to Cookie. This property is deprecated, use mp.jwt.token.cookie.
+
+
+
smallrye.jwt.always-check-authorization
+
false
+
Set this property to true for Authorization header be checked even if the smallrye.jwt.token.header is set to Cookie but no cookie with a smallrye.jwt.token.cookie name exists.
+
+
+
smallrye.jwt.token.schemes
+
Bearer
+
Comma-separated list containing an alternative single or multiple schemes, for example, DPoP.
+
+
+
smallrye.jwt.token.kid
+
none
+
Key identifier. If it is set then the verification JWK key as well every JWT token must have a matching kid header.
+
+
+
smallrye.jwt.time-to-live
+
none
+
The maximum number of seconds that a JWT may be issued for use. Effectively, the difference between the expiration date of the JWT and the issued at date must not exceed this value.
+
+
+
smallrye.jwt.require.named-principal
+
false
+
If an application relies on java.security.Principal returning a name then a token must have a upn or preferred_username or sub claim set. Setting this property will result in SmallRye JWT throwing an exception if none of these claims is available for the application code to reliably deal with a non-null Principal name.
+
+
+
smallrye.jwt.path.sub
+
none
+
Path to the claim containing the subject name. It starts from the top level JSON object and can contain multiple segments where each segment represents a JSON object name only, example: realms/subject. This property can be used if a token has no 'sub' claim but has the subject set in a different claim. Use double quotes with the namespace qualified claims.
+
+
+
smallrye.jwt.claims.sub
+
none
+
This property can be used to set a default sub claim value when the current token has no standard or custom sub claim available. Effectively this property can be used to customize java.security.Principal name if no upn or preferred_username or sub claim is set.
+
+
+
smallrye.jwt.path.groups
+
none
+
Path to the claim containing the groups. It starts from the top level JSON object and can contain multiple segments where each segment represents a JSON object name only, example: realm/groups. This property can be used if a token has no 'groups' claim but has the groups set in a different claim. Use double quotes with the namespace qualified claims.
+
+
+
smallrye.jwt.groups-separator
+
' '
+
Separator for splitting a string which may contain multiple group values. It will only be used if the smallrye.jwt.path.groups property points to a custom claim whose value is a string. The default value is a single space because a standard OAuth2 scope claim may contain a space separated sequence.
+
+
+
smallrye.jwt.claims.groups
+
none
+
This property can be used to set a default groups claim value when the current token has no standard or custom groups claim available.
+
+
+
smallrye.jwt.jwks.refresh-interval
+
60
+
JWK cache refresh interval in minutes. It will be ignored unless the mp.jwt.verify.publickey.location points to the HTTP or HTTPS URL based JWK set and no HTTP Cache-Control response header with a positive max-age parameter value is returned from a JWK set endpoint.
+
+
+
smallrye.jwt.jwks.forced-refresh-interval
+
30
+
Forced JWK cache refresh interval in minutes which is used to restrict the frequency of the forced refresh attempts which may happen when the token verification fails due to the cache having no JWK key with a kid property matching the current token’s kid header. It will be ignored unless the mp.jwt.verify.publickey.location points to the HTTP or HTTPS URL based JWK set.
+
+
+
smallrye.jwt.expiration.grace
+
60
+
Expiration grace in seconds. By default an expired token will still be accepted if the current time is no more than 1 min after the token expiry time.
+
+
+
smallrye.jwt.verify.aud
+
none
+
Comma separated list of the audiences that a token aud claim may contain. This property is deprecated. Use mp.jwt.verify.audiences instead.
+
+
+
smallrye.jwt.required.claims
+
none
+
Comma separated list of the claims that a token must contain.
+
+
+
smallrye.jwt.decrypt.key.location
+
none
+
Config property allows for an external or internal location of Private Decryption Key to be specified. This property is deprecated, use mp.jwt.decrypt.key.location.
+
+
+
smallrye.jwt.decrypt.algorithm
+
RSA_OAEP
+
Decryption algorithm.
+
+
+
smallrye.jwt.token.decryption.kid
+
none
+
Decryption Key identifier. If it is set then the decryption JWK key as well every JWT token must have a matching kid header.
For traditional deployments to WildFly where security is required a security domain name would be identified during deployment and this in turn would be mapped to use configured resources either within the elytron or legacy security subsystems.
+
+
+
One of the main motivations for using MicroProfile JWT is the ability to describe an identity from the incoming token without relying on access to external resources. For this reason MicroProfile JWT deployments will not depend on managed SecurityDomain resources, instead a virtual SecurityDomain will be created and used across the deployment.
+
+
+
As the deployment is configured entirely within the MicroProfile Config properties other than the presence of the microprofile-jwt-smallrye subsystem the virtual SecurityDomain means no other managed configuration is required for the deployment.
The OpenAPI specification defines a contract for JAX-RS applications in the same way that WSDL defined a contract for legacy web services.
+The MicroProfile OpenAPI specification defines a mechanism for generating an OpenAPI v3 document from a JAX-RS application as well as an API for customizing production of the document.
The MicroProfile OpenAPI capability is provided by the microprofile-openapi-smallrye subsystem.
+This subsystem is included in the default standalone-microprofile.xml configuration of the WildFly distribution.
+
+
+
You can also add the subsystem manually to any profile via the CLI:
The microprofile-openapi-smallrye subsystem obtains all of its configuration via MicroProfile Config. Thus the subsystem itself defines no attributes.
+
+
+
In addition to the standard Open API configuration properties, WildFly supports the following additional MicroProfile Config properties:
+
+
+
+
+
+
+
+
+
+
Property
+
Default
+
Description
+
+
+
+
+
mp.openapi.extensions.enabled
+
true
+
Enables/disables registration of an OpenAPI endpoint. Many users will want to parameterize this to selectively enable/disable OpenAPI in different environments.
+
+
+
mp.openapi.extensions.path
+
/openapi
+
Used to customize the path of the OpenAPI endpoint.
+
+
+
mp.openapi.extensions.servers.relative
+
true
+
Indicates whether auto-generated Server records are absolute or relative to the location of the OpenAPI endpoint. If absolute, WildFly will generate Server records including the protocols, hosts, and ports at which the given deployment is accessible.
The MicroProfile OpenAPI specification defines an HTTP endpoint that serves an OpenAPI 3.0 document describing the REST endpoints for the host.
+The OpenAPI endpoint is registered using the configured path (e.g. http://localhost:8080/openapi) local to the root of the host associated with a given deployment.
+
+
+
+
+
+
+
+
+Currently, the OpenAPI endpoint for a given virtual host can only document a single JAX-RS deployment.
+To use OpenAPI with multiple JAX-RS deployments registered with different context paths on the same virtual host, each deployment should use a distinct endpoint path.
+
+
+
+
+
+
By default, the OpenAPI endpoint returns a YAML document.
+Alternatively, a JSON document can be requested via an Accept HTTP header, or a format query parameter.
If the Undertow server/host of a given application defines an HTTPS listener, then the OpenAPI document will also be available via HTTPS, e.g. https://localhost:8443/openapi
This extension is automatically included in the standalone-microprofile server profiles,
+however, it is not included by default in the default configuration of WildFly.
+
+
+
+
+
+
+
+
+The MicroProfile Metrics extension and subsystem are required by this extension to provide Metrics integration,
+please follow the instructions in the MicroProfile Metrics Subsystem Configuration section.
+If the Metrics subsystem is not available, no metrics data will be collected.
+
+
+
+
+
+
You can add the extension to a configuration without it either by using the following CLI operations:
Support for MicroProfile Reactive Streams Operators is
+provided as a Tech Preview feature by the microprofile-reactive-streams-operators-smallrye subsystem.
This extension is not included in the standard configurations included in the WildFly distribution.
+
+
+
You can add the extension to a configuration either by adding
+an <extension module="org.wildfly.extension.microprofile.reactive-streams-operators-smallrye"/>
+element to the xml or by using the following CLI operation:
If you provision your own server and include the microprofile-reactive-streams-operators layer, you will get the required modules, and the extension and subsystem will be added to your configuration.
WildFly’s MicroProfile Reactive Streams Operators subsystem implements MicroProfile Reactive Streams Operators 2.0, which adds support for asynchronous streaming of data. It essentially replicates the the interfaces, and their implementations, that were made available in the java.util.concurrent.Flow class introduced in Java 9. Thus MicroProfile Reactive Streams Operators can be considered a stop-gap until Java 9 and later is ubiquitous.
The microprofile-reactive-streams-operators-smallrye subsystem contains no configurable attributes or resources. Its presence makes the interfaces
+from the MicroProfile Reactive Streams Operators available to a deployment, and provides the implementation. Additionally it makes an instance of the ReactiveStreamsEngine class available for injection.
This extension is not included in the standard configurations included in the WildFly distribution.
+
+
+
You can add the extension to a configuration either by adding
+an <extension module="org.wildfly.extension.microprofile.reactive-messaging-smallrye"/>
+element to the xml or by using the following CLI operation:
If you provision your own server and include the microprofile-reactive-messaging Galleon layer, you will get the required modules, and the extension and subsystem will be added to your configuration.
+
+
+
If you provision the microprofile-reactive-messaging-kafka Galleon layer it includes the modules to enable the Kafka connector functionality. The microprofile-reactive-messaging-kafka layer includes the microprofile-reactive-messaging layer which provides the core MicroProfile Reactive Messaging functionality.
WildFly’s MicroProfile Reactive Messaging subsystem implements MicroProfile Reactive Messaging {eclipse-mp-reactive-messaging-api-version}, which adds support for asynchronous messaging support based on MicroProfile Reactive Streams Operators.
The microprofile-reactive-messaging-smallrye subsystem contains no configurable attributes or resources. For the core MicroProfile Reactive Messaging functionality there is no configuration. For configuration of the connectors to external brokers MicroProfile Config is used.
The subsystem will scan all deployments to find classes containing methods with the org.eclipse.microprofile.reactive.messaging.Incoming or org.eclipse.microprofile.reactive.messaging.Outgoing annotations. If these annotations are found, Reactive Messaging will be enabled for the deployment.
See the spec for more thorough examples, this section just attempts to summarize the highlights.
+
+
+
Version 1.0 of the MicroProfile Reactive Messaging specification introduced the @Incoming and @Outgoing annotations. They are intended for use in an @ApplicationScoped (or @Dependent) CDI bean:
Values generated by the generate() method will be received by the consume() method. In this basic setup where the channel names match, the streams are dealt with in-memory. We’ll see how to have them handled by Kafka later on.
+
+
+
In the above example, we are essentially generating values and consuming them with no user-interaction. MicroProfile Reactive Messaging 2.0 introduces a @Channel annotation, which can be used to inject a Publisher for receiving values sent on streams, and an Emitter which can be used to send values to a stream. This makes it easier to send/receive values from code paths resulting from user interaction:
In the above example we can now easily send data to the Reactive Messaging streams by calling Emitter.send(). Similarly, we can subscribe to the Publisher and receive the data. However, receiving still has a few shortcomings:
+
+
+
+
+
The above example will not work out of the box. When trying to send on the Emitter, you will get an error that there are no subscibers (which in turn runs the risk of causing overflow). This can be worked around by creating a subscription on the Publisher.
+
+
+
At present there can only be one subscription on the injected Publisher.
+
+
+
+
+
The above points means that this Publisher is not usable directly as an asynchronous return value for e.g. a Jakarta RESTFul Webservices endpoint. As the Jakarta RESTFul Webservices request is what will create the subscription such a call would need to happen before calling Emitter.send().
+
+
+
If we replace the Emitter with the generate() method from the original method our example will work. However, if we return the Publisher to more than one Jakarta RESTFul Webservices request, we end up with more than one subscriptions which will not all receive every single value.
+
+
+
User’s applications intended to return published values to users via e.g. Jakarta RESTFul Webservices will need to do their own subscriptions and buffering of the data. Care must be taken to not let the cache grow uncontrolled, which could cause OutOfMemoryErrors.
MicroProfile Reactive Messaging is designed to be flexible enough to integrate with a wide variety of external messaging systems. This functionality is provided via 'connectors'.
+
+
+
The only included connector at the moment is the Kafka connector.
+
+
+
Connectors are configured using MicroProfile Config. The property keys for the methods have some prefixes mandated by the MicroProfile Reactive Messaging Specification which lists these as:
Essentially channel-name is the @Incoming.value() or the @Outgoing.value().
+
+
+
If we have the following pair of methods:
+
+
+
+
@Outgoing("to")
+publicint send() {
+ int i = // Randomly generated...
+}
+
+@Incoming("from")
+publicvoid receive(int i) {
+ // Process payload
+}
+
+
+
+
Then the property prefixes mandated by the MicroProfile Reactive Messaging specifications are:
+
+
+
+
+
mp.messaging.incoming.from. - this would pick out the property as configuration of the receive() method.
+
+
+
mp.messaging.outgoing.to. - this would pick out the property as configuration of the send() method.
+
+
+
+
+
Note that although these prefixes are understood by the subsystem, the full set depends on the connector you want to configure. Different connectors understand different properties.
Next we will briefly discuss each of these entries. Remember the to channel is on the send() method, and the from channel is on the receive() method.
+
+
+
kafka.bootstrap.servers=kafka:9092 sets the URL of the Kafka broker to connect to for the whole application. It could also be done for just the to channel by setting mp.messaging.outgoing.to.bootstrap.servers=kafka:9092 instead.
+
+
+
mp.messaging.outgoing.to.connector=smallrye-kafka says that we want to use Kafka to back the to channel. Note that the value smallrye-kafka is SmallRye Reactive Messaging specific, and will only be understood if the Kafka connector is enabled.
+
+
+
mp.messaging.outgoing.to.topic=my-topic says that we will send data to the Kafka topic called my-topic.
+
+
+
mp.messaging.outgoing.to.value.serializer=org.apache.kafka.common.serialization.IntegerSerializer tells the connector to use IntegerSerializer to serialize the values output by the send() method when writing to the topic. Kafka provides serializers for the standard Java types. You may implement your own serializer by writing a class implementing org.apache.kafka.common.serialization.Serializer and including it in the deployment.
+
+
+
mp.messaging.incoming.from.connector=smallrye-kafka says that we want to use Kafka to back the from channel. As above, the value smallrye-kafka is SmallRye Reactive Messaging specific.
+
+
+
mp.messaging.incoming.from.topic=my-topic says that we will read data from the Kafka topic called my-topic.
+
+
+
mp.messaging.incoming.from.value.deserializer=org.apache.kafka.common.serialization.IntegerDeserializer tells the connector to use IntegerDeserializer to deserialize the values from the topic before calling the receive() method. You may implement your own deserializer by writing a class implementing org.apache.kafka.common.serialization.Deserializer and including it in the deployment.
+
+
+
In addition to the above, Apache Kafka, and SmallRye Reactive Messaging’s Kafka connector understand a lot more properties. These can be found in the SmallRye Reactive Messaging Kafka connector documentation, and in the Apache Kafka documentation for the producers and the consumers.
+
+
+
The prefixes discussed above are stripped off before passing the property to Kafka. The same happens for other configuration properties. See the Kafka documentation for more details about how to configure Kafka consumers and producers.
If connecting to a Kafka instance secured with SSL and SASL, the following example 'microprofile-config.properties' will help you get started. There are a few new properties. We are showing them on the connector level but they could equally well be defined on the channel level (i.e. with the mp.messaging.outgoing.to-kafka. and mp.messaging.incoming.from-kafka. prefixes from the previous examples rather than the connector-wide mp.messaging.connector.smallrye-kafka prefix).
+
+
+
+
mp.messaging.connector.smallrye-kafka.bootstrap.servers=localhost:9092
+mp.messaging.connector.smallrye-kafka.sasl.mechanism=PLAIN
+mp.messaging.connector.smallrye-kafka.security.protocol=SASL_SSL
+mp.messaging.connector.smallrye-kafka.sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
+ username="${USER}" \
+ password="${PASSWORD}";
+mp.messaging.connector.smallrye-kafka.wildfly.elytron.ssl.context=test
+
+# Channel configuration would follow here, but is left out for brevity
+
+
+
+
Each of these lines has the following meaning:
+
+
+
+
+
mp.messaging.connector.smallrye-kafka.bootstrap.servers=localhost:9092 - specifies the Kafka servers to connect to. This is the same as in the previous examples
+
+
+
mp.messaging.connector.smallrye-kafka.sasl.mechanism=PLAIN - specifies the SASL mechanism to use. See sasl.mechanism in the Kafka documentation for other choices.
+
+
+
mp.messaging.connector.smallrye-kafka.security.protocol - specifies the protocol mechanism to use. See security.protocol in the Kafka documentation for other choices. In this case we are using SASL_SSL which means that communication is over SSL, and that SASL is used to authenticate
+
+
+
mp.messaging.connector.smallrye-kafka.sasl.jaas.config=… - specifies how we will authenticate with Kafka. In order to not hardcode the credentials in our microprofile-config.properties file we are using the property substitution feature of MicroProfile Config. In this case, if you have defined the USER and PASSWORD environment variables they will be passed in as part of the configuration
+
+
+
mp.messaging.connector.smallrye-kafka.wildfly.elytron.ssl.context=test - this is not needed if Kafka is secured with a CA signed certificate. If you are using self-signed certificates, you will need to specify a truststore in the Elytron subsystem, and create an SSLContext referencing that. The value of this property is used to look up the SSLContext in the Elytron subsystem under /subsystem=elytron/client-ssl-context=* in the WildFly management model. In this case the property value is test, so we look up the SSLContext defined by /subsystem=elytron/client-ssl-context=test and use that configure the truststore to use for the connection to Kafka.
In order to be able to get more information about messages received from Kafka, and to be able to influence how Kafka handles messages, there is a user API for Kafka. This API lives in the io/smallrye/reactive/messaging/kafka/api package.
the key of the Kafka record represented by a Message
+
+
+
the Kafka topic and partition used for the Message, and the offset within those
+
+
+
the Messagetimestamp and timestampType
+
+
+
the Messageheaders - these are pieces of information the application can attach on the producing side, and receive on the consuming side. They are stored and forwarded on by Kafka but have no meaning to Kafka itself.
+
+
+
+
+
+
OutgoingKafkaRecordMetadata - This is constructed via the builder returned via the builder() method, and allows you to specify/override how Kafka will handle the messages. Similar to the IncomingKafkaRecordMetadata case, you can set:
+
+
+
+
the key. Kafka will then treat this entry as the key of the message
+
+
+
the topic, as already seen we typically use the microprofile-config.properties configuration to specify the topic to use for a channel backed by Kafka. However, in some cases the code sending the message might need to make some choices (for example depending on values contained in the data) about which topic to send to. Specifying this here will make Kafka use that topic.
+
+
+
the partition. Generally, it is best to let Kafka’s partitioner choose the partition, but for cases where it is essential to be able to specify it this can be done
+
+
+
the timestamp if you don’t want the one auto-generated by Kafka
+
+
+
headers - you can attach headers for the consumer, as mentioned for IncomingKafkaRecordMetadata
+
+
+
+
+
+
KafkaMetadataUtil contains utility methods to write OutgoingKafkaRecordMetadata to a Message, and to read IncomingKafkaRecordMetadata from a Message. Note that if you write OutgoingKafkaRecordMetadata to a Message which is sent to a channel not handled by Kafka it will be ignored, and if you attempt to read IncomingKafkaRecordMetadata from a Message arriving from a channel no handled by Kafka it will be null.
+
+
+
+
+
The following example shows how to write and read the key from a message:
+
+
+
+
@Inject
+@Channel("from-user")
+Emitter<Integer> emitter;
+
+@Incoming("from-user")
+@Outgoing("to-kafka")
+public Message<Integer> send(Message<Integer> msg) {
+ // Set the key in the metadata
+ OutgoingKafkaRecordMetadata<String> md =
+ OutgoingKafkaRecordMetadata.<String>builder()
+ .withKey("KEY-" + i)
+ .build();
+ // Note that Message is immutable so the copy returned by this method
+ // call is not the same as the parameter to the method
+ return KafkaMetadataUtil.writeOutgoingKafkaMetadata(msg, md);
+}
+
+@Incoming("from-kafka")
+public CompletionStage<Void> receive(Message<Integer> msg) {
+ IncomingKafkaRecordMetadata<String, Integer> metadata =
+ KafkaMetadataUtil.readIncomingKafkaMetadata(msg).get();
+
+ // We can now read the Kafka record key
+ String key = metadata.getKey();
+
+ // When using the Message wrapper around the payload we need to explicitly ack
+ // them
+ return msg.ack();
+}
+
+
+
+
To configure the Kafka mapping we need a microprofile-config.properties
This configuration looks a lot like the previous configuration that we saw, but note that we need to specify the key.serializer for the outgoing channel, and the key.deserializer for the incoming channel. As before, they are implementations of org.apache.kafka.common.serialization.Serializer and org.apache.kafka.common.serialization.Deserializer respectively. Kafka provides implementations for basic types, and you may write your own and include them in the deployment.
While we do expose the Kafka Clients jar in our BOMs, its usage is limited to
+
+
+
+
+
Classes/interfaces exposed via the Kafka User API, e.g.:
+
+
+
+
org.apache.kafka.common.header.Header and org.apache.kafka.common.header.Headers and implementations of those that are considered public API as per the Apache Kafka documentation.
+
+
+
org.apache.kafka.clients.consumer.ConsumerRecord
+
+
+
org.apache.kafka.common.record.TimestampType
+
+
+
+
+
+
Classes/interfaces needed for serialization and deserialization:
Implementatations of org.apache.kafka.common.serialization.Deserializer and org.apache.kafka.common.serialization.Serializer in the org.apache.kafka.common.serialization package
The MicroProfile Telemetry integration is provided by the microprofle-telemetry subsystem, and is included in the default configuration. If not no present, the subsystem can be added using the following CLI commands.
+
+
+
+
+
+
+
+
+
+
The MicroProfile Telemetry subsystem depends on the OpenTelemetry subsystem, so it must be added prior to adding MicroProfile Telemetry.
The MicroProfile Telemetry subsystem contains no configurable attributes or resources. Any server configuration related to OpenTelemetry should be made to the opentelemetry subsystem, the documentation for which can be found in the relevant section of the Administration Guide.
+
+
+
The MicroProfile Telemetry subsystem does, however, allow for individual applications to override any server configuration via MicroProfile Config. For example, the default service name used in exported traces is derived from the deployment name, so if the deployment archive is my-application-1.0.war, the service name will be my-application-1.0.war. This can be overridden using the standard OpenTelemetry configuration properties (documented here):
+
+
+
+
otel.service.name=My Application
+
+
+
+
Note also that, per spec requirements, MicroProfile Telemetry is disabled by default and must be manually enabled on a per-application basis:
The microprofile-lra-coordinator subsystem provides the LRA Coordinator capabilities required for the coordination of the distributed transactions.
+
+
+
The microprofile-lra-participant subsystem provides capabilities required to define services that participate in the LRAs by executing transactional actions and compensations. They communicate with the LRA Coordinator in order to process distributed transactions.
You can add the extension to a configuration either by adding
+an <extension module="org.wildfly.extension.microprofile.lra-coordinator"/>
+element to the xml or by using the following CLI operation:
If you provision your own server and include the microprofile-lra-coordinator Galleon layer, you will get the required modules, and the extension and subsystem will be added to your configuration.
You can add the extension to a configuration either by adding
+an <extension module="org.wildfly.extension.microprofile.lra-participant"/>
+element to the xml or by using the following CLI operation:
If you provision your own server and include the microprofile-lra-participant Galleon layer, you will get the required modules, and the extension and subsystem will be added to your configuration.
WildFly’s MicroProfile LRA Participant subsystem implements MicroProfile
+LRA {eclipse-mp-lra-api-version}, which adds support for Long Running Actions based on the saga pattern. The MicroProfile LRA Coordinator subsystem is used to provide coordination of such transactions which LRA Participants contact in order to enlist into the LRAs.
+
+
+
Tha LRA Coordinator can also run independently in the distributed system and can be started with for instance Docker like this:
+
+
+
+
$ docker run -p 8080:8080 quay.io/jbosstm/lra-coordinator
JBossWS components are provided to the application server through the
+webservices subsystem. JBossWS components handle the processing of WS
+endpoints. The subsystem supports the configuration of published
+endpoint addresses, and endpoint handler chains. A default webservice
+subsystem is provided in the server’s domain and standalone
+configuration files.
JBossWS supports the rewriting of the <soap:address> element of
+endpoints published in WSDL contracts. This feature is useful for
+controlling the server address that is advertised to clients for each
+endpoint.
+
+
+
The following elements are available and can be modified (all are
+optional):
+
+
+
+
+
+
+
+
+
+
Name
+
Type
+
Description
+
+
+
+
+
modify-wsdl-address
+
boolean
+
This boolean enables and disables the
+address rewrite functionality.When modify-wsdl-address is set to true
+and the content of <soap:address> is a valid URL, JBossWS will rewrite
+the URL using the values of wsdl-host and wsdl-port or
+wsdl-secure-port.When modify-wsdl-address is set to false and the
+content of <soap:address> is a valid URL, JBossWS will not rewrite the
+URL. The <soap:address> URL will be used.When the content of
+<soap:address> is not a valid URL, JBossWS will rewrite it no matter
+what the setting of modify-wsdl-address.If modify-wsdl-address is set to
+true and wsdl-host is not defined or explicitly set to
+'jbossws.undefined.host' the content of <soap:address> URL is use.
+JBossWS uses the requester’s host when rewriting the <soap:address>When
+modify-wsdl-address is not defined JBossWS uses a default value of true.
+
+
+
wsdl-host
+
string
+
The hostname / IP address to be used for rewriting
+<soap:address>.If wsdl-host is set to jbossws.undefined.host, JBossWS
+uses the requester’s host when rewriting the <soap:address>When
+wsdl-host is not defined JBossWS uses a default value of
+'jbossws.undefined.host'.
+
+
+
wsdl-port
+
int
+
Set this property to explicitly define the HTTP port
+that will be used for rewriting the SOAP address.Otherwise the HTTP port
+will be identified by querying the list of installed HTTP connectors.
+
+
+
wsdl-secure-port
+
int
+
Set this property to explicitly define the HTTPS
+port that will be used for rewriting the SOAP address.Otherwise the
+HTTPS port will be identified by querying the list of installed HTTPS
+connectors.
+
+
+
wsdl-uri-scheme
+
string
+
This property explicitly sets the URI scheme
+to use for rewriting <soap:address> . Valid values are http and https.
+This configuration overrides scheme computed by processing the endpoint
+(even if a transport guaranteeis specified). The provided values for
+wsdl-port and wsdl-secure-port (or their default values) are used
+depending on specified scheme.
+
+
+
wsdl-path-rewrite-rule
+
string
+
This string defines a SED substitution
+command (e.g., 's/regexp/replacement/g') that JBossWS executes against
+the path component of each <soap:address> URL published from the
+server.When wsdl-path-rewrite-rule is not defined, JBossWS retains the
+original path component of each <soap:address> URL.When
+'modify-wsdl-address' is set to "false" this element is ignored.
JBossWS enables extra setup configuration data to be predefined and
+associated with an endpoint implementation. Predefined endpoint
+configurations can be used for Jakarta XML Web Services client and Jakarta XML Web Services endpoint setup.
+Endpoint configurations can include Jakarta XML Web Services handlers and key/value
+properties declarations. This feature provides a convenient way to add
+handlers to WS endpoints and to set key/value properties that control
+JBossWS and Apache CXF internals (
+see
+Apache CXF configuration).
+
+
+
The webservices subsystem provides
+schema
+to support the definition of named sets of endpoint configuration data.
+Annotation, org.jboss.ws.api.annotation.EndpointConfig is provided to
+map the named configuration to the endpoint implementation.
+
+
+
There is no limit to the number of endpoint configurations that can be
+defined within the webservices subsystem. Each endpoint configuration
+must have a name that is unique within the webservices subsystem.
+Endpoint configurations defined in the webservices subsystem are
+available for reference by name through the annotation to any endpoint
+in a deployed application.
+
+
+
WildFly ships with two predefined endpoint configurations.
+Standard-Endpoint-Config is the default configuration.
+Recording-Endpoint-Config is an example of custom endpoint configuration
+and includes a recording handler.
+The Standard-Endpoint-Config is a special endpoint configuration. It
+is used for any endpoint that does not have an explicitly assigned
+endpoint configuration.
+
Endpoint configs are defined using the endpoint-config element. Each
+endpoint configuration may include properties and handlers set to the
+endpoints associated to the configuration.
Each endpoint configuration may be associated with zero or more PRE and
+POST handler chains. Each handler chain may include JAXWS handlers. For
+outbound messages the PRE handler chains are executed before any handler
+that is attached to the endpoint using the standard means, such as with
+annotation @HandlerChain, and POST handler chains are executed after
+those objects have executed. For inbound messages the POST handler
+chains are executed before any handler that is attached to the endpoint
+using the standard means and the PRE handler chains are executed after
+those objects have executed.
+
+
+
+
* Server inbound messages
+Client --> ... --> POST HANDLER --> ENDPOINT HANDLERS --> PRE HANDLERS --> Endpoint
+
+* Server outbound messages
+Endpoint --> PRE HANDLER --> ENDPOINT HANDLERS --> POST HANDLERS --> ... --> Client
+
+
+
+
The protocol-binding attribute must be used to set the protocols for
+which the chain will be triggered.
+The class attribute is used to provide the fully qualified class name
+of the handler. At deploy time, an instance of the class is created for
+each referencing deployment. For class creation to succeed, the
+deployment classloader must to be able to load the handler class.
+
Each web service endpoint is exposed through the deployment that
+provides the endpoint implementation. Each endpoint can be queried as a
+deployment resource. For further information please consult the chapter
+"Application Deployment". Each web service endpoint specifies a web
+context and a WSDL Url:
The web service subsystem is provided by the JBossWS project. For a
+detailed description of the available configuration properties, please
+consult the project documentation.
Resource adapters are configured through the resource-adapters
+subsystem. Declaring a new resource adapter consists of two separate
+steps: You would need to deploy the .rar archive and define a resource
+adapter entry in the subsystem.
The resource adapter subsystem is provided by the
+IronJacamar project. For a detailed
+description of the available configuration properties, please consult
+the project documentation.
+The batch subsystem is used to configure an environment for running
+batch applications. WildFly uses
+JBeret for it’s batch implementation.
+Specific information about JBeret can be found in the
+user guide. The
+resource path, in CLI notation, for the subsystem
+is subsystem=batch-jberet.
+
A new security-domain attribute was added to the batch-jberet
+subsystem to allow batch jobs to be executed under that security domain.
+Jobs that are stopped as part of a suspend operation will be restarted
+on execution of a resume with the original user that started job.
+
+
+
There was a
+org.wildfly.extension.batch.jberet.deployment.BatchPermission added to
+allow a security restraint to various batch functions. The following
+functions can be controlled with this permission.
+
+
+
+
+
start
+
+
+
stop
+
+
+
restart
+
+
+
abandon
+
+
+
read
+
+
+
+
+
The read function allows users to use the getter methods from the
+jakarta.batch.operations.JobOperator or read the batch-jberet
+deployment resource, for example
+/deployment=my.war/subsystem=batch-jberet:read-resource.
The batch subsystem supports 2 types of job repository:
+
+
+
+
+
in-memory job repository: all job execution data are kept in the memory
+of WildFly instance. When the server shuts down, all job execution data
+are lost. In a clustered environment, each WildFly server instance has its
+own in-memory job repository, and it is not possible to share job execution
+data between WildFly instances. This is the default job repository in
+batch subsystem.
+
+
+
jdbc job repository: all job execution data are saved in a relational
+database accessed via jdbc. In a clustered environment, a jdbc job repository
+can be used to share job execution data between WildFly instances.
+For example, one may start a job execution in one instance, stop and restart
+it from a different WildFly instance.
In some cases, when a job repository accumulates a large number of job
+execution records (say hundreds of thousands), application deployment times may
+be negatively impacted. This is relevant mainly to persistent job repository
+implementations, like the jdbc job repository.
+
+
+
In order to avoid accumulating too high a number of job execution records, the
+application can delete old executions via
+JobOperator.abandon(long executionId), or other means like pruning the
+database tables can be employed.
+
+
+
If it’s no possible to avoid storing large number of job execution records,
+the job repositories can be configured to limit the number of job executions
+that is returned by them by setting the execution-records-limit attribute.
+If the attribute is set, Wildfly will only load specified maximum number of
+job executions from the backing storage mechanism.
There are no deployment descriptors for configuring a batch environment
+defined by the JSR-352
+specification. In WildFly you can use a
+jboss-all.xml deployment descriptor to define aspects of the batch
+environment for your deployment.
+
+
+
In the jboss-all.xml deployment descriptor you can define a named job
+repository, a new job repository and/or a named thread pool. A named job
+repository and named thread pool are resources defined on the batch
+subsystem. Only a named thread pool is allowed to be defined in the
+deployment descriptor.
Some subsystems in WildFly register runtime
+resources for deployments. The batch subsystem registers jobs and
+executions. The jobs are registered using the job name, this is not
+the job XML name. Executions are registered using the execution id.
The batch subsystem resource on a deployment also has 3 operations to
+interact with batch jobs on the selected deployment. There is a
+start-job, stop-job and restart-job operation. The execution
+resource also has a stop-job and restart-job operation.
Jakarta Faces configuration is handled by the jsf subsystem. The jsf subsystem
+allows multiple Jakarta Faces implementations to be installed on the same WildFly server. In particular, any
+version that implements spec level 4.0 or higher can be installed. For each Jakarta Faces
+implementation, a new slot needs to be created under jakarta.faces.impl, jakarta.faces.api, and
+org.jboss.as.jsf-injection. When the jsf subsystem starts up, it scans the module path to find all
+the Jakarta Faces implementations that have been installed. The default Jakarta Faces implementation that
+WildFly should use is defined by the default-jsf-impl-slot subsystem attribute.
WildFly supports provisioning a server using the Galleon tool, which allows an administrator to provision a server with
+only the desired features, which are delivered as feature packs. For more information, see Provisioning WildFly with Galleon.
+For an example of such a feature pack, see the WildFly MyFaces Feature Pack
+project in the WildFly Extras GitHub organization.
+
+
+
As a quick start, to provision a server using this feature pack, one might use a commandline like the following:
After starting the server, the following CLI command can be used to verify that your new Jakarta Faces
+implementation has been installed successfully. The new Jakarta Faces implementation should appear in the output
+of this command.
The following CLI command can be used to make a newly installed Jakarta Faces implementation the default Jakarta
+Server Faces implementation used by WildFly:
A Jakarta Faces app can be configured to use an installed Jakarta Faces implementation that’s not the
+default implementation by adding a org.jboss.jbossfaces.JSF_CONFIG_NAME context parameter to its web.xml file. For
+example, to indicate that a Jakarta Faces app should use MyFaces 4.0.0 (assuming MyFaces 4.0.0 has been installed
+on the server), the following context parameter would need to be added:
This setting can be overridden for a particular Jakarta Faces deployment by adding the
+com.sun.faces.disallowDoctypeDecl context parameter to the deployment’s web.xml file:
The JMX subsystem registers a service with the Remoting endpoint so that
+remote access to JMX can be obtained over the exposed Remoting
+connector.
+
+
+
This is switched on by default in standalone mode and accessible over
+port 9990 but in domain mode is switched off so needs to be enabled - in
+domain mode the port will be the port of the Remoting connector for the
+WildFly instance to be monitored.
+
+
+
To use the connector you can access it in the standard way using a
+service:jmx URL:
+
+
+
+
importjavax.management.MBeanServerConnection;
+importjavax.management.remote.JMXConnector;
+importjavax.management.remote.JMXConnectorFactory;
+importjavax.management.remote.JMXServiceURL;
+
+publicclassJMXExample {
+
+ publicstaticvoid main(String[] args) throwsException {
+ //Get a connection to the WildFly MBean server on localhost
+ String host = "localhost";
+ int port = 9990; // management-web port
+ String urlString =
+ System.getProperty("jmx.service.url","service:jmx:remote+http://" + host + ":" + port);
+ JMXServiceURL serviceURL = newJMXServiceURL(urlString);
+ JMXConnector jmxConnector = JMXConnectorFactory.connect(serviceURL, null);
+ MBeanServerConnection connection = jmxConnector.getMBeanServerConnection();
+
+ //Invoke on the WildFly MBean server
+ int count = connection.getMBeanCount();
+ System.out.println(count);
+ jmxConnector.close();
+ }
+}
+
+
+
+
You also need to set your classpath when running the above example. The
+following script covers Linux. If your environment is much different,
+paste your script when you have it working.
+If using jconsole use the jconsole.sh and jconsole.bat scripts
+included in the /bin directory of the WildFly distribution as these set
+the classpath as required to connect over Remoting.
+
+
+
+
+
+
In addition to the standard JVM MBeans, the WildFly MBean server
+contains the following MBeans:
+
+
+
+
+
+
+
+
+
JMX ObjectName
+
Description
+
+
+
+
+
jboss.msc:type=container,name=jboss-as
+
Exposes management operations
+on the JBoss Modular Service Container, which is the dependency
+injection framework at the heart of WildFly. It is useful for debugging
+dependency problems, for example if you are integrating your own
+subsystems, as it exposes operations to dump all services and their
+current states
+
+
+
jboss.naming:type=JNDIView
+
Shows what is bound in JNDI
+
+
+
jboss.modules:type=ModuleLoader,name=*
+
This collection of MBeans
+exposes management operations on JBoss Modules classloading layer. It is
+useful for debugging dependency problems arising from missing module
+dependencies
Audit logging for the JMX MBean server managed by the JMX subsystem. The
+resource is at /subsystem=jmx/configuration=audit-log and its
+attributes are similar to the ones mentioned for
+/core-service=management/access=audit/logger=audit-log in
+Audit logging.
+
+
+
+
+
+
+
+
+
Attribute
+
Description
+
+
+
+
+
enabled
+
true to enable logging of the JMX operations
+
+
+
log-boot
+
true to log the JMX operations when booting the server, false
+otherwise
+
+
+
log-read-only
+
If true all operations will be audit logged, if false
+only operations that change the model will be logged
+
+
+
+
+
Then which handlers are used to log the management operations are
+configured as handler=* children of the logger. These handlers and
+their formatters are defined in the global
+/core-service=management/access=audit section mentioned in
+Audit logging.
The same JSON Formatter is used as described in
+Audit logging. However the records for MBean
+Server invocations have slightly different fields from those logged for
+the core management layer.
It includes an optional timestamp and then the following information in
+the json record
+
+
+
+
+
+
+
+
+
Field name
+
Description
+
+
+
+
+
type
+
This will have the value jmx meaning it comes from the jmx
+subsystem
+
+
+
r/o
+
true if the operation has read only impact on the MBean(s)
+
+
+
booting
+
true if the operation was executed during the bootup process,
+false if it was executed once the server is up and running
+
+
+
version
+
The version number of the WildFly instance
+
+
+
user
+
The username of the authenticated user.
+
+
+
domainUUID
+
This is not currently populated for JMX operations
+
+
+
access
+
This can have one of the following values:*NATIVE - The
+operation came in through the native management interface, for example
+the CLI*HTTP - The operation came in through the domain HTTP interface,
+for example the admin console*JMX - The operation came in through the
+JMX subsystem. See JMX for how to configure audit logging for JMX.
+
+
+
remote-address
+
The address of the client executing this operation
+
+
+
method
+
The name of the called MBeanServer method
+
+
+
sig
+
The signature of the called called MBeanServer method
+
+
+
params
+
The actual parameters passed in to the MBeanServer method, a
+simple Object.toString() is called on each parameter.
+
+
+
error
+
If calling the MBeanServer method resulted in an error, this
+field will be populated with Throwable.getMessage()
The deployment scanner is only used in standalone mode. Its job is to
+monitor a directory for new files and to deploy those files. It can be
+found in standalone.xml:
You can define more deployment-scanner entries to scan for deployments
+from more locations. The configuration showed will scan the
+JBOSS_HOME/standalone/deployments directory every five seconds. The
+runtime model is shown below, and uses default values for attributes not
+specified in the xml:
The name of the scanner. default is used if not specified
+
+
+
path
+
STRING
+
The actual filesystem path to be scanned. Treated as an
+absolute path, unless the 'relative-to' attribute is specified, in which
+case the value is treated as relative to that path.
+
+
+
relative-to
+
STRING
+
Reference to a filesystem path defined in the
+"paths" section of the server configuration, or one of the system
+properties specified on startup. In the example above
+jboss.server.base.dir resolves to JBOSS_HOME/standalone
+
+
+
scan-enabled
+
BOOLEAN
+
If true scanning is enabled
+
+
+
scan-interval
+
INT
+
Periodic interval, in milliseconds, at which the
+repository should be scanned for changes. A value of less than 1
+indicates the repository should only be scanned at initial startup.
+
+
+
auto-deploy-zipped
+
BOOLEAN
+
Controls whether zipped deployment content
+should be automatically deployed by the scanner without requiring the
+user to add a .dodeploy marker file.
+
+
+
auto-deploy-exploded
+
BOOLEAN
+
Controls whether exploded deployment
+content should be automatically deployed by the scanner without
+requiring the user to add a .dodeploy marker file. Setting this to
+'true' is not recommended for anything but basic development scenarios,
+as there is no way to ensure that deployment will not occur in the
+middle of changes to the content.
+
+
+
auto-deploy-xml
+
BOOLEAN
+
Controls whether XML content should be
+automatically deployed by the scanner without requiring a .dodeploy
+marker file.
+
+
+
deployment-timeout
+
LONG
+
Timeout, in seconds, a deployment is allows
+to execute before being canceled. The default is 60 seconds.
+
+
+
+
+
Deployment scanners can be added by modifying standalone.xml before
+starting up the server or they can be added and removed at runtime using
+the CLI
The core management subsystem is composed services used to manage the
+server or monitor its status.
+The core management subsystem configuration may be used to:
+
+
+
+
+
register a listener for a server lifecycle events.
You can create an implementation of
+org.wildfly.extension.core.management.client.ProcessStateListener
+which will be notified on running and runtime configuration state
+changes thus enabling the developer to react to those changes.
+
+
+
In order to use this feature you need to create your own module then
+configure and deploy it using the core management subsystem.
To compile it you need to depend on the
+org.wildfly.core:wildfly-core-management-client maven module. Now
+let’s add the module to the wildfly modules :
You can use the core management subsystem to enable and configure an
+in-memory history of the last configuration changes.
+For example to track the last 5 configuration changes let’s active this
+:
The required extension is in the module org.jboss.as.jaxrs. In most cases the extension should be present. However, if it
+is not you can add it with CLI.
By default the jaxrs subsystem is empty which results in default configuration values being used.
+
+
+
This can be changed with a management client such as the CLI or the web console. You can get detailed information about the
+"Configuration switches" in section 3.5 of the RESTEasy User Guide.
+
+
+
An example configuring the subsystem with the CLI:
The use of hyphens is a WildFly convention. The hyphens are translated into periods before
+the parameters are passed into RESTEasy so that they conform to the RESTEasy parameter names.
+
+
+
For a discussion of the various parameters, see the RESTEasy User Guide.
+
+
+
+
+
+
+
+
+
+
+
+
+One important thing to understand is that these parameters are global. That is, they apply to all deployments.
+Since these parameters are global, the classes referred to in "resteasy.providers" and "resteasy.disable.providers"
+must be available to all deployments. In practice, then, they are meant to enable
+or disable RESTEasy providers. Note that they can be used in conjunction with
+"resteasy-use-builtin-providers" to tailor a set of available providers.
+
+
+
+
+
+
+
+
+
+
+
+Another important fact is that once parameters are changed via some management interface the changes require
+ a redeployment of any applications previously deployed.
+
+
+
+
+
+
+
+
+
+
+
+RESTEasy has introduced a new treatment of jakarta.ws.rs.WebApplicationException's thrown by a
+Jakarta REST client or MicroProfile REST Client running inside a RESTful resource, in which the embedded
+jakarta.ws.rs.core.Response is "sanitized" before being returned to prevent the risk of information leaking from a
+third party. The original behavior can be restored by setting the parameter
+"resteasy.original.webapplicationexception.behavior" to "true". See the RESTEasy User Guide
+chapter "Resteasy WebApplicationExceptions" for more information.
+
The elytron-oidc-client subsystem is included in the default configuration. If not present, the subsystem can be
+added using the following CLI commands.
By default, the elytron-oidc-client subsystem does not contain any configured resources or attributes.
+
+
+
The configuration required to secure an application with OpenID Connect can either be provided within the
+application itself or within the elytron-oidc-client subsystem.
The configuration required to secure an application with OpenID Connect can be specified in the deployment.
+
+
+
The first step is to create an oidc.json configuration file in the WEB-INF directory of the application.
+The second step is to set the auth-method to OIDC in the application’s web.xml file.
+
+
+
Here is an example of an oidc.json configuration file:
Instead of adding configuration to your deployment to secure it with OpenID Connect as described in the
+previous section, another option is to add configuration to the elytron-oidc-client subsystem instead.
+
+
+
The following example shows how to add configuration to the elytron-oidc-client subsystem.
The secure-deployment resource allows you to provide configuration for a specific deployment. In
+the example above, the secure-deployment resource is providing the configuration that should be used
+for the DEPLOYMENT_RUNTIME_NAME.war deployment, where DEPLOYMENT_RUNTIME_NAME corresponds to
+the runtime-name for the deployment.
+
+
+
The various configuration options that can be specified in the secure-deployment configuration
+correspond to the same options that can be specified in the oidc.json configuration that was
+explained in the previous section.
+
+
+
If you have multiple applications that are being secured using the same OpenID provider,
+the provider configuration can be defined separately as shown in the example below:
The elytron-oidc-client subsystem will scan deployments to detect if the OIDC authentication mechanism
+is required for any web components (i.e., for each deployment, the subsystem will determine if OIDC configuration
+has either been found within the deployment or if there is OIDC configuration for the deployment in the subsystem
+configuration). If the subsystem detects that the OIDC mechanism is indeed required, the subsystem will
+activate the authentication mechanism automatically. Otherwise, no activation will occur and deployment
+will continue normally.
The purpose of using OpenID Connect is to verify a user’s identity based on the authentication that’s been
+performed by the OpenID provider. For this reason, OpenID Connect deployments do not depend on security-domain
+resources that have been defined in the Elytron subsystem, like traditional deployments do. Instead,
+the elytron-oidc-client subsystem will automatically create and make use of its own virtual security domain
+across the deployment. No further managed configuration is required.
+
+
+
+
+
+
+
+
+
+
To propagate an identity from a virtual security domain, additional configuration might be required
+depending on your use case. See Identity Propagation for more details.
The provider-url attribute in the oidc.json configuration and in the elytron-oidc-client
+subsystem configuration allows you to specify the URL for the OpenID provider that you’d like to use.
+For WildFly 25, the elytron-oidc-client subsystem has been tested with the Keycloak OpenID provider.
+Other OpenID providers haven’t been extensively tested yet so the use of other OpenID providers should
+be considered experimental for now and should not be used in a production environment yet. Proper support
+for other OpenID providers will be added in a future WildFly release.
By default, when verifying an access token, the elytron-oidc-client subsystem expects the token
+to contain a typ claim with value Bearer. Access tokens provided by the Keycloak OpenID provider
+contain this claim. However, access tokens provided by other OpenID providers might not include this
+claim, causing token validation to fail. When using an OpenID provider other than Keycloak,
+it is possible to disable the typ claim validation by setting the wildfly.elytron.oidc.disable.typ.claim.validation
+system property to true.
In some cases, it might be desirable to secure an application using multiple oidc.json configuration files.
+For example, you might want a different oidc.json file to be used depending on the request in order to authenticate
+users from multiple Keycloak realms. The elytron-oidc-client subsystem makes it possible to use a custom configuration
+resolver so you can define which configuration file to use for each request.
+
+
+
To make use of the multi-tenancy feature, you need to create a class that implements the
+org.wildfly.security.http.oidc.OidcClientConfigurationResolver interface, as shown in the example below:
+
+
+
+
packageexample;
+
+importjava.io.InputStream;
+importjava.util.HashMap;
+importjava.util.Map;
+importjava.util.concurrent.ConcurrentHashMap;
+
+importorg.wildfly.security.http.oidc.OidcClientConfiguration;
+importorg.wildfly.security.http.oidc.OidcClientConfigurationBuilder;
+importorg.wildfly.security.http.oidc.OidcClientConfigurationResolver;
+importorg.wildfly.security.http.oidc.OidcHttpFacade;
+
+publicclassMyCustomConfigResolverimplements OidcClientConfigurationResolver {
+
+ privatefinalMap<String, OidcClientConfiguration> cache = newConcurrentHashMap<>();
+
+ @Override
+ public OidcClientConfiguration resolve(OidcHttpFacade.Request request) {
+ String path = request.getURI();
+ String realm = ... // determine which Keycloak realm to use based on the request path
+ OidcClientConfiguration clientConfiguration = cache.get(realm);
+ if (clientConfiguration == null) {
+ InputStream is = getClass().getResourceAsStream("/oidc-" + realm + ".json"); // config to use based on the realm
+ clientConfiguration = OidcClientConfigurationBuilder.build(is);
+ cache.put(realm, clientConfiguration);
+ }
+ return clientConfiguration;
+ }
+
+}
+
+
+
+
Once you’ve created your OidcClientConfigurationResolver `, you can specify that you want to make
+use of your custom configuration resolver by setting the `oidc.config.resolvercontext-param in
+your application’s web.xml file, as shown in the example below:
When securing an application with OpenID Connect, the elytron-oidc-client subsystem will automatically
+create a virtual security domain for you. If your application invokes an EJB, additional configuration
+might be required to propagate the security identity from the virtual security domain depending on how
+the EJB is being secured.
If your application secured with OpenID Connect invokes an EJB within the same deployment (e.g.,
+within the same WAR or EAR) or invokes an EJB in a separate deployment (e.g., across EARs)
+and you’d like to secure the EJB using a different security domain from your servlet,
+additional configuration will be needed to outflow the security identities established by
+the virtual security domain to another security domain.
+
+
+
The virtual-security-domain resource allows you to specify that security identities
+established by a virtual security domain should automatically be outflowed to other
+security domains. A virtual-security-domain resource has a few attributes, as
+described below:
+
+
+
+
+
name - This is the runtime name of a deployment associated with a virtual security domain (e.g.,
+DEPLOYMENT_NAME.ear, a deployment that has a subdeployment that is secured using OpenID Connect).
+
+
+
outflow-security-domains - This is the list of security-domains that security identities from
+the virtual security domain should be automatically outflowed to.
+
+
+
outflow-anonymous - When outflowing to a security domain, if outflow is not possible, should the
+anonymous identity be used? Outflow to a security domain might not be possible if the domain does
+not trust this domain or if the identity being outflowed to a domain does not exist in that domain.
+Outflowing anonymous has the effect of clearing any identity already established for that domain.
+This attribute defaults to false.
+
+
+
+
+
In addition to configuring a virtual-security-domain resource, you’ll also need to update the
+security-domain configuration for your EJB to indicate that it should trust security identities established
+by the virtual-security-domain. This can be specified by configuring the trusted-virtual-security-domains
+attribute for a security-domain (e.g., setting the trusted-virtual-security-domains attribute to
+DEPLOYMENT_NAME.ear for a security-domain would indicate that this security-domain
+should trust the virtual security domain associated with the DEPLOYMENT_NAME.ear deployment).
+
+
+
The virtual-security-domain configuration and trusted-virtual-security-domains configuration
+will allow security identities established by a virtual security domain to be successfully
+outflowed to a security-domain being used to secure the EJB.
If your application secured with OpenID Connect invokes an EJB within the same deployment (e.g.,
+within the same WAR or EAR), and you’d like to secure the EJB using the same virtual security
+domain as your servlet, no additional configuration is required. This means that if no security
+domain configuration has been explicitly specified for the EJB, the virtual security domain will
+automatically be used to secure the EJB.
If your application secured with OpenID Connect invokes an EJB in a separate deployment (e.g., across EARs)
+and you’d like to secure the EJB using the same virtual security domain as your servlet,
+additional configuration will be needed. In particular, the EJB will need to reference the virtual
+security domain explicitly.
+
+
+
The virtual-security-domain resource allows you to reference the virtual security domain
+from the security domain configuration for the EJB. As an example, a virtual-security-domain
+resource could be added as follows:
An annotation like @SecurityDomain(DEPLOYMENT_NAME.ear) can then be added to the EJB,
+where DEPLOYMENT_NAME.ear is a reference to the virtual-security-domain defined above.
+
+
+
This configuration indicates that the virtual security domain associated with DEPLOYMENT_NAME.ear
+should be used to secure the EJB.
The management console can be secured with OpenID Connect using the Keycloak OpenID provider.
+
+
+
+
+
+
+
+
+
+
The ability to secure the management console with the Keycloak OpenID provider is only available when
+running a standalone server and is not supported when running a managed domain. The management
+CLI cannot be secured with OpenID Connect.
+
+
+
+
+
+
+
To secure the management console with OpenID Connect, configuration is required on the Keycloak side
+and in the elytron-oidc-client subsystem.
Follow the steps in Keycloak’s getting started guide to
+add a new realm called wildfly-infra.
+
+
+
Then, create a new OpenID Connect client called wildfly-console. Set the Valid Redirect URIs using
+the URI used to access the WildFly management console, e.g., http://localhost:9990/console/. Similarly, you’ll
+also need to set *Web Origins using the management port for your WildFly instance, e.g.,
+http://localhost:9990.
+
+
+
Next, create a second OpenID Connect client called wildfly-management. This will be a bearer-only client so in
+the Capability configuration, be sure to uncheck the Standard flow and Direct access grants.
+
+
+
If you will be configuring WildFly to enable Role Based Access Control (RBAC), you can also create
+a new Realm role (e.g., Administrator) and assign it to a user.
We need to add a secure-deployment resource that references the wildfly-management client that was created
+in the previous section.
+
+
+
A secure-server that references the wildfly-console client is also needed.
+
+
+
Some example CLI commands that add these resources can be seen here:
+
+
+
+
# Configure the Keycloak provider
+/subsystem=elytron-oidc-client/provider=keycloak:add(provider-url=http://localhost:8180/realms/wildfly-infra)
+
+# Create a secure-deployment in order to protect mgmt interface
+/subsystem=elytron-oidc-client/secure-deployment=wildfly-management:add(provider=keycloak,client-id=wildfly-management,principal-attribute=preferred_username,bearer-only=true,ssl-required=EXTERNAL)
+
+# Enable RBAC where roles are obtained from the identity
+/core-service=management/access=authorization:write-attribute(name=provider,value=rbac)
+/core-service=management/access=authorization:write-attribute(name=use-identity-roles,value=true)
+
+# Create a secure-server in order to publish the management console configuration via mgmt interface
+/subsystem=elytron-oidc-client/secure-server=wildfly-console:add(provider=keycloak,client-id=wildfly-console,public-client=true)
+
+# reload
+reload
With the above configuration in place, when you access the management console (e.g., http://localhost:9990/console/),
+you will be redirected to Keycloak to log in, and will then be redirected back to the management console upon successful
+authentication.
The presence of each of these turns on a piece of functionality:
+
+
+
+
+
+
+
+
+
Name
+
Description
+
+
+
+
+
jdr
+
Enables the gathering of diagnostic data for use in remote
+analysis of error conditions. Although the data is in a simple format
+and could be useful to anyone, primarily useful for JBoss EAP
+subscribers who would provide the data to Red Hat when requesting
+support
+
+
+
pojo
+
Enables the deployment of applications containing JBoss
+Microcontainer services, as supported by previous versions of JBoss
+Application Server
+
+
+
sar
+
Enables the deployment of .SAR archives containing MBean services,
+as supported by previous versions of JBoss Application Server
To run a group of servers as a managed domain you need to configure both
+the domain controller and each host that joins the domain. This sections
+focuses on the network configuration for the domain and host controller
+components. For background information users are encouraged to review
+the Operating modes and
+Configuration
+Files sections.
The domain controller is the central government for a managed domain. A
+domain controller configuration requires two steps:
+
+
+
+
+
A host needs to be configured to act as the Domain Controller for the
+whole domain
+
+
+
The host must expose an addressable management interface binding for
+the managed hosts to communicate with it
+
+
+
+
+
Example IP Addresses
+
+
+
+
+
+
+
+
+In this example the domain controller uses 192.168.0.101 and the host
+controller 192.168.0.10
+
+
+
+
+
+
Configuring a host to act as the Domain Controller is done through the
+domain-controller declaration in host.xml. If it includes the
+<local/> element, then this host will become the domain controller:
A host acting as the Domain Controller must expose a management
+interface on an address accessible to the other hosts in the domain.
+Exposing an HTTP(S) management interface is not required, but is
+recommended as it allows the Administration Console to work:
The interface attributes above refer to a named interface declaration
+later in the host.xml file. This interface declaration will be used to
+resolve a corresponding network interface.
Please consult the chapter "Interface Configuration" for a more detailed
+explanation on how to configure network interfaces.
+
+
+
Next by default the Domain Controller is configured to require
+authentication so a user needs to be added that can be used by the secondary
+Host Controller to connect.
+
+
+
Make use of the add-user utility to add a new user, for this example I
+am adding a new user called "secondary".
+
+
+
+
+
+
+
+
+add-user MUST be run on the Domain Controller and NOT the
+secondary Host Controller.
+
Once the Domain Controller is configured correctly you can proceed with
+any host that should join the domain. The Host Controller configuration
+requires three steps:
+
+
+
+
+
The logical host name (within the domain) needs to be distinct
+
+
+
The Host Controller needs to know the Domain Controller IP address
+
+
+
+
+
Provide a distinct, logical name for the host. In the following example
+we simply name it "secondary":
If the name attribute is not set, the default name for the host will
+be the value of the jboss.host.name system property. If that is not
+set, the value of the HOSTNAME or COMPUTERNAME environment variable
+will be used, one of which will be set on most operating systems. If
+neither is set the name will be the value of
+InetAddress.getLocalHost().getHostName().
+
+
+
An authentication-context needs to be defined in the elytron subsystem
+to contain the identity of the host controller.
+The name of each host needs to be unique when registering with the
+Domain Controller, however the username does not - using the username
+attribute allows the same account to be used by multiple hosts if this
+makes sense in your environment.
+
WildFly 10 and later make it easy for secondary Host Controllers to "ignore"
+parts of the domain wide configuration. What does the mean and why is it
+useful?
+
+
+
One of the responsibilities of the Domain Controller is ensuring that
+all running Host Controllers have a consistent local copy of the domain
+wide configuration (i.e. those resources whose address does not begin
+with /host=*, i.e. those that are persisted in domain.xml. Having
+that local copy allows a user to do the following things:
+
+
+
+
+
Ask the secondary Host Controller to launch its already configured servers, even if the
+Domain Controller is not running.
+
+
+
Configured new servers, using different server groups from those
+current running, and ask the secondary Host Controller to launch them, even if the Domain
+Controller is not running.
+
+
+
Reconfigure the secondary Host Controller to act as the Domain Controller, allowing it to
+take over as the Domain Controller if the previous Domain Controller has failed or been shut
+down.
+
+
+
+
+
However, of these three things only the latter two require that the
+secondary Host Controller maintain a complete copy of the domain wide configuration. The
+first only requires the secondary Host Controller to have the portion of the domain wide
+configuration that is relevant to its current servers. And the first use
+case is the most common one. A secondary Host Controller that is only meant to support the
+first use case can safely "ignore" portions of the domain wide
+configuration. And there are benefits to ignoring some resources:
+
+
+
+
+
If a server group is ignored, and the deployments mapped to that
+server group aren’t mapped to other non-ignored groups, then the secondary Host Controller
+does not need to pull down a copy of the deployment content from the
+Domain Controller. That can save disk space on the secondary Host Controller, improve the speed of
+starting new hosts and reduce network traffic.
+
+
+
WildFly supports "mixed domains" where a later version Domain
+Controller can manage secondary Host Controllers running previous versions. But those
+"legacy" secondary Host Controllers cannot understand configuration resources, attributes
+and operations introduced in newer versions. So any attempt to use newer
+things in the domain wide configuration will fail unless the legacy
+secondary Host Controllers are ignoring the relevant resources. But ignoring resources will
+allow the legacy secondary Host Controllers to work fine managing servers using profiles
+without new concepts, while other hosts can run servers with profiles
+that take advantage of the latest features.
+
+
+
+
+
Prior to WildFly 10, a secondary Host Controller could be configured to ignore some
+resources, but the mechanism was not particularly user friendly:
+
+
+
+
+
The resources to be ignored had to be listed in a fair amount of
+detail in each host’s configuration.
+
+
+
If a new resource is added and needs to be ignored, then each host
+that needs to ignore that must be updated to record that.
+
+
+
+
+
Starting with WildFly 10, this kind of detailed configuration is no
+longer required. Instead, with the standard versions of host.xml, the
+secondary Host Controller will behave as follows:
+
+
+
+
+
If the secondary Host Controller was started with the --backup command line parameter,
+the behavior will be the same as releases prior to 10; i.e. only
+resources specifically configured to be ignored will be ignored.
+
+
+
Otherwise, the secondary Host Controller will "ignore unused resources".
+
+
+
+
+
What does "ignoring unused resources" mean?
+
+
+
+
+
Any server-group that is not referenced by one of the host’s
+server-config resources is ignored.
+
+
+
Any profile that is not referenced by a non-ignored server-group,
+either directly or indirectly via the profile resource’s 'include'
+attribute, is ignored
+
+
+
Any socket-binding-group that is not directly referenced by one of the
+host’s server-config resources, or referenced by a non-ignored
+server-group, is ignored
+
+
+
Extension resources will not be automatically ignored, even if no
+non-ignored profile uses the extension. Ignoring an extension requires
+explicit configuration. Perhaps in a future release extensions will be
+explicitly ignored.
+
+
+
If a change is made to the secondary Host Controller host’s configuration or to the domain
+wide configuration that reduces the set of ignored resources, then as
+part of handling that change the secondary Host Controller will contact the Domain Controller to pull
+down the missing pieces of configuration and will integrate those pieces
+in its local copy of the management model. Examples of such changes
+include adding a new server-config that references a previously ignored
+server-group or socket-binding-group, changing the server-group or
+socket-binding-group assigned to a server-config, changing the profile
+or socket-binding-group assigned to a non-ignored server-group, or
+adding a profile or socket-binding-group to the set of those included
+directly or indirectly by a non-ignored profile or socket-binding-group.
+
+
+
+
+
The default behavior can be changed, either to always ignore unused
+resources, even if --backup is used, or to not ignore unused
+resources, by updating the domain-controller element in the host-xml
+file and setting the ignore-unused-configuration attribute:
The "ignore unused resources" behavior can be used in combination with
+the pre-WildFly 10 detailed specification of what to ignore. If that is
+done both the unused resources and the explicitly declared resources
+will be ignored. Here’s an example of such a configuration, one where
+the secondary Host Controller cannot use the "org.example.foo" extension that has been
+installed on the Domain Controller and on some secondary Host Controllers, but not this one:
The Domain Controller also defines the socket binding groups and the
+profiles. The socket binding groups define the default socket bindings
+that are used:
~(See domain/configuration/domain.xml)~
+In this example the bigger-sockets group includes all the socket
+bindings defined in the standard-sockets groups and then defines an
+extra socket binding of its own.
+
+
+
A profile is a collection of subsystems, and these subsystems are what
+implement the functionality people expect of an application server.
+
+
+
+
<profiles>
+ <profilename="default">
+ <subsystemxmlns="urn:jboss:domain:web:1.0">
+ <connectorname="http"scheme="http"protocol="HTTP/1.1"socket-binding="http"/>
+ [...]
+ </subsystem>
+ <\!-\- The rest of the subsystems here \-->
+ [...]
+ </profile>
+ <profilename="bigger">
+ <subsystemxmlns="urn:jboss:domain:web:1.0">
+ <connectorname="http"scheme="http"protocol="HTTP/1.1"socket-binding="http"/>
+ [...]
+ </subsystem>
+ <\!-\- The same subsystems as defined by 'default' here \-->
+ [...]
+ <subsystemxmlns="urn:jboss:domain:fictional-example:1.0">
+ <socket-to-usename="unique-to-bigger"/>
+ </subsystem>
+ </profile>
+</profiles>
+
+
+
+
~(See domain/configuration/domain.xml)~
+Here we have two profiles. The bigger profile contains all the same
+subsystems as the default profile (although the parameters for the
+various subsystems could be different in each profile), and adds the
+fictional-example subsystem which references the unique-to-bigger
+socket binding.
server-one and server-two both are associated with
+main-server-group so that means they both run the subsystems defined
+by the default profile, and have the socket bindings defined by the
+standard-sockets socket binding group. Since all the servers defined
+by a host will be run on the same physical host we would get port
+conflicts unless we used
+<socket-binding-group ref="standard-sockets" port-offset="150"/> for
+server-two. This means that server-two will use the socket bindings
+defined by standard-sockets but it will add 150 to each port number
+defined, so the value used for http will be 8230 for server-two.
+
+
+
server-three will not be started due to its auto-start="false". The
+default value if no auto-start is given is true so both server-one
+and server-two will be started when the host controller is started.
+server-three belongs to other-server-group, so if its auto-start
+were changed to true it would start up using the subsystems from the
+bigger profile, and it would use the bigger-sockets socket binding
+group.
~(See domain/configuration/host.xml)~
+From the preceding examples we can see that we also had a jvm
+reference at server group level in the Domain Controller. The jvm’s name
+must match one of the definitions in the Host Controller. The values
+supplied at Domain Controller and Host Controller level are combined,
+with the Host Controller taking precedence if the same parameter is
+given in both places.
+
+
+
Finally, as seen, we can also override the jvm at server level. Again,
+the jvm’s name must match one of the definitions in the Host Controller.
+The values are combined with the ones coming in from Domain
+Controller and Host Controller level, this time the server definition
+takes precedence if the same parameter is given in all places.
+
+
+
Following these rules the jvm parameters to start each server would be
To start up a WildFly managed domain, execute the
+$JBOSS_HOME/bin/domain.sh script. To start up a standalone server,
+execute the $JBOSS_HOME/bin/standalone.sh. With no arguments, the
+default configuration is used. You can override the default
+configuration by providing arguments on the command line, or in your
+calling script.
This command starts up a standalone server instance using a non-standard
+AS home directory and a custom configuration directory. For specific
+information about system properties, refer to the definitions below.
+
+
+
Instead of passing the parameters directly, you can put them into a
+properties file, and pass the properties file to the script, as in the
+two examples below.
Note however, that properties set this way are not processed as part of
+JVM launch. They are processed early in the boot process, but this
+mechanism should not be used for setting properties that control JVM
+behavior (e.g. java.net.perferIPv4Stack) or the behavior of the JBoss
+Modules classloading system.
+
+
+
The syntax for passing in parameters and properties files is the same
+regardless of whether you are running the domain.sh, standalone.sh,
+or the Microsoft Windows scripts domain.bat or standalone.bat.
+
+
+
The properties file is a standard Java property file containing
+key=value pairs:
System properties can also be set via the xml configuration files. Note
+however that for a standalone server properties set this way will not be
+set until the xml configuration is parsed and the commands created by
+the parser have been executed. So this mechanism should not be used for
+setting properties whose value needs to be set before this point.
The standalone and the managed domain modes each use a default
+configuration which expects various files and writable directories to
+exist in standard locations. Each of these standard locations is
+associated with a system property, which has a default value. To
+override a system property, pass its new value using the one of the
+mechanisms above. The locations which can be controlled via system
+property are:
For some command line arguments frequently used in previous major
+releases of WildFly, replacing the "=" in the above examples with a
+space is supported, for compatibility.
+
+
+
+
-b 192.168.100.10
+
+
+
+
If possible, use the -x=value syntax. New parameters will always
+support this syntax.
+
+
+
The sections below describe the command line parameter names that are
+available in standalone and domain mode.
Set the server’s running type to ADMIN_ONLY causing it
+to open administrative interfaces and accept management requests but not
+start other runtime services or accept end user requests.
+
+
+
--server-config -c
+
standalone.xml
+
A relative path which is interpreted
+to be relative to jboss.server.config.dir. The name of the configuration
+file to use.
+
+
+
--read-only-server-config
+
-
+
A relative path which is interpreted to
+be relative to jboss.server.config.dir. This is similar to
+--server-config but if this alternative is specified the server will not
+overwrite the file when the management model is changed. However, a full
+versioned history is maintained of the file.
+
+
+
--graceful-startup
+
true
+
Start the servers in gracefully, queuing or cleanly rejecting incoming requests until the server is fully started.
+
+
+
--git-repo
+
-
+
remote Git repository URL to use for configuration directory and content repository content or local if only a local repository is to be used.
+
+
+
--git-branch
+
master
+
The Git branch or tag to be used. If a tag name is used then the future commits will go into the detached state.
+
+
+
--git-auth
+
-
+
A URL to an Elytron configuration file containing the credentials to be used for connecting to the Git repository.
Set the host controller’s running type to ADMIN_ONLY causing it to open
+administrative interfaces and accept management requests but not start servers or, if this
+host controller is the primary for the domain, accept incoming connections from secondary
+host controllers.
+
+
+
--domain-config -c
+
domain.xml
+
A relative path which is interpreted to
+be relative to jboss.domain.config.dir. The name of the domain wide
+configuration file to use.
+
+
+
--read-only-domain-config
+
-
+
A relative path which is interpreted to
+be relative to jboss.domain.config.dir. This is similar to
+--domain-config but if this alternative is specified the host
+controller will not overwrite the file when the management model is
+changed. However, a full versioned history is maintained of the file.
+
+
+
--host-config
+
host.xml
+
A relative path which is interpreted to be
+relative to jboss.domain.config.dir. The name of the host-specific
+configuration file to use.
+
+
+
--read-only-host-config
+
-
+
A relative path which is interpreted to be
+relative to jboss.domain.config.dir. This is similar to --host-config
+but if this alternative is specified the host controller will not
+overwrite the file when the management model is changed. However, a full
+versioned history is maintained of the file.
+
+
+
+
+
The following parameters take no value and are only usable on secondary host
+controllers (i.e. hosts configured to connect to a remote domain
+controller.)
+
+
+
+
+
+
+
+
+
Name
+
Function
+
+
+
+
+
--backup
+
Causes the secondary host controller to create and maintain a
+local copy (domain.cached-remote.xml) of the domain configuration. If
+ignore-unused-configuration is unset in host.xml,a complete copy of the
+domain configuration will be stored locally, otherwise the configured
+value of ignore-unused-configuration in host.xml will be used. (See
+ignore-unused-configuration for more details.)
+
+
+
--cached-dc
+
If the secondary host controller is unable to contact the
+domain controller to get its configuration at boot, this option
+will allow the secondary host controller to boot and become operational using
+a previously cached copy of the domain configuration
+(domain.cached-remote.xml.) If the cached configuration is not present,
+this boot will fail. This file is created using one of the
+following methods:- A previously successful connection to the
+domain controller using --backup or --cached-dc.- Copying the domain
+configuration from an alternative host to
+domain/configuration/domain.cached-remote.xml.The unavailable
+domain controller will be polled periodically for availability, and once
+becoming available, the secondary host controller will reconnect to the
+domain controller and synchronize the domain configuration. During
+the interval the domain controller is unavailable, the secondary host
+controller will not be able to make any modifications to the domain
+configuration, but it may launch servers and handle requests to deployed
+applications etc.
WildFly binds sockets to the IP addresses and interfaces contained in
+the <interfaces> elements in standalone.xml, domain.xml and
+host.xml. (See
+Interfaces
+and
+Socket
+Bindings for further information on these elements.) The standard
+configurations that ship with WildFly includes two interface
+configurations:
Those configurations use the values of system properties
+jboss.bind.address.management and jboss.bind.address if they are
+set. If they are not set, 127.0.0.1 is used for each value.
+
+
+
As noted in
+Common
+Parameters, the AS supports the -b and -b<name> command line
+switches. The only function of these switches is to set system
+properties jboss.bind.address and jboss.bind.address.<name>
+respectively. However, because of the way the standard WildFly
+configuration files are set up, using the -b switches can indirectly
+control how the AS binds sockets.
+
+
+
If your interface configurations match those shown above, using this
+as your launch command causes all sockets associated with interface
+named "public" to be bound to 192.168.100.10.
+
+
+
+
$JBOSS_HOME/bin/standalone.sh -b=192.168.100.10
+
+
+
+
In the standard config files, public interfaces are those not associated
+with server management. Public interfaces handle normal end-user
+requests.
+
+
+
+
+
+
+
+
+The interface named "public" is not inherently special. It is provided
+as a convenience. You can name your interfaces to suit your environment.
+
+
+
+
+
+
To bind the public interfaces to all IPv4 addresses (the IPv4 wildcard
+address), use the following syntax:
+
+
+
+
$JBOSS_HOME/bin/standalone.sh -b=0.0.0.0
+
+
+
+
You can also bind the management interfaces, as follows:
In the standard config files, management interfaces are those sockets
+associated with server management, such as the socket used by the CLI,
+the HTTP socket used by the admin console, and the JMX connector socket.
+
+
+
+
+
+
+
+
+The -b switch only controls the interface bindings because the
+standard config files that ship with WildFly sets things up that way. If
+you change the <interfaces> section in your configuration to no longer
+use the system properties controlled by -b, then setting -b in your
+launch command will have no effect.
+
+
+
+
+
+
For example, this perfectly valid setting for the "public" interface
+causes -b to have no effect on the "public" interface:
The key point is the contents of the configuration files determine the
+configuration. Settings like-bare not overrides of the
+configuration files. They only provide a shorter syntax for setting a
+system properties that may or may not be referenced in the configuration
+files. They are provided as a convenience, and you can choose to modify
+your configuration to ignore them.
WildFly may use multicast communication for some services, particularly
+those involving high availability clustering. The multicast addresses
+and ports used are configured using the socket-binding elements in
+standalone.xml and domain.xml. (See
+Socket
+Bindings for further information on these elements.) The standard HA
+configurations that ship with WildFly include two socket binding
+configurations that use a default multicast address:
Those configurations use the values of system property
+jboss.default.multicast.address if it is set. If it is not set,
+230.0.0.4 is used for each value. (The configuration may include other
+socket bindings for multicast-based services that are not meant to use
+the default multicast address; e.g. a binding the mod-cluster services
+use to communicate on a separate address/port with Apache httpd
+servers.)
+
+
+
As noted in
+Common Parameters, the AS supports the -u command line switch. The only
+function of this switch is to set system property jboss.default.multicast.address. However, because of the way the
+standard AS configuration files are set up, using the -u switches can indirectly control how the AS uses multicast.
+
+
+
If your socket binding configurations match those shown above, using
+this as your launch command causes the service using those sockets
+configurations to be communicate over multicast address 230.0.1.2.
+
+
+
+
$JBOSS_HOME/bin/standalone.sh -u=230.0.1.2
+
+
+
+
+
+
+
+
+
+As with the -b switch, the -u switch only controls the multicast
+address used because the standard config files that ship with WildFly
+sets things up that way. If you change the <socket-binding> sections
+in your configuration to no longer use the system properties controlled
+by -u, then setting -u in your launch command will have no effect.
+
WildFly introduces the ability to suspend and resume servers. This can
+be combined with shutdown to enable the server to gracefully finish
+processing all active requests and then shut down. When a server is
+suspended it will immediately stop accepting new requests, but wait for
+existing requests to complete. A suspended server can be resumed at any
+point, and will begin processing requests immediately. Suspending and
+resuming has no effect on deployment state (e.g. if a server is
+suspended singleton Jakarta Enterprise Beans’s will not be destroyed). As of WildFly 11 it is
+also possible to start a server in suspended mode which means it will
+not accept requests until it has been resumed. Servers will also be
+suspended during the boot process, so no requests will be accepted until
+the startup process is 100% complete.
+
+
+
Suspend/Resume has no effect on management operations; management
+operations can still be performed while a server is suspended. If you
+wish to perform a management operation that will affect the operation of
+the server you can suspend the server, perform the operation, and then
+resume the server. This allows all requests to finish, and makes sure
+that no requests are running while the management changes are taking
+place.
+
+
+
+
+
+
+
+
+
+
If you perform a management operation while the server is suspended,
+and the response to that operation includes the
+operation-requires-reload or operation-requires-restart response
+headers, then the operation will not take full effect until that
+reload or restart is done. Simply resuming the server will not be
+sufficient to cause the change to take effect.
+
+
+
+
+
+
+
When a server is suspending it goes through four different states:
+
+
+
+
+
RUNNING - The normal state, the server is accepting requests and
+running normally
+
+
+
PRE_SUSPEND - In PRE_SUSPEND the server will notify external parties
+that it is about to suspend, for example mod_cluster will notify the
+load balancer that the deployment is suspending. Requests are still
+accepted in this phase.
+
+
+
SUSPENDING - All new requests are rejected, and the server is
+waiting for all active requests to finish. If there are no active
+requests at suspend time this phase will be skipped.
+
+
+
SUSPENDED - All requests have completed, and the server is
+suspended.
In order to start into suspended mode when using a standalone server you
+need to add --start-mode=suspend to the command line. It is also
+possible to specify the start-mode in the reload operation to cause
+the server to reload into suspended mode (other possible values for
+start-mode are normal and admin-only).
+
+
+
In domain mode servers can be started in suspended mode by passing the
+suspend=true parameter to any command that causes a server to start,
+restart or reload (e.g. :start-servers(suspend=true)).
WildFly introduces a new subsystem called the Request Controller
+Subsystem. This optional subsystem tracks all requests at their entry
+point, which is how the graceful shutdown mechanism knows when all requests
+are done. (It also allows you to provide a global limit on the total
+number of running requests).
+
+
+
If this subsystem is not present suspend/resume will be limited. In
+general things that happen in the PRE_SUSPEND phase will work as normal
+(stopping message delivery, notifying the load balancer); however the
+server will not wait for all requests to complete and instead will move
+straight to SUSPENDED mode.
+
+
+
There is a small performance penalty associated with the request
+controller subsystem (about on par with enabling statistics), so if you
+do not require the suspend/resume functionality this subsystem can be
+removed to get a small performance boost.
Suspend/Resume is a service provided by the WildFly platform that any
+subsystem may choose to integrate with. Some subsystems integrate
+directly with the suspend controller, while others integrate through the
+request controller subsystem.
+
+
+
The following subsystems support graceful shutdown. Note that only
+subsystems that provide an external entry point to the server need
+graceful shutdown support. For example the Jakarta RESTful Web Services subsystem does not
+require suspend/resume support as all access to Jakarta RESTful Web Services is through the
+web connector.
+
+
+
+
+
Undertow - Undertow will wait for all requests to finish.
+
+
+
mod_cluster - The mod_cluster subsystem will notify the load
+balancer that the server is suspending in the PRE_SUSPEND phase.
+
+
+
Jakarta Enterprise Beans - Jakarta Enterprise Beans will wait
+for all remote Jakarta Enterprise Beans requests and MDB message
+deliveries to finish. Delivery to MDB’s is stopped in the PRE_SUSPEND
+phase. Jakarta Enterprise Beans timers are suspended, and missed timers will be activated
+when the server is resumed.
+
+
+
Batch - Batch jobs will be stopped at a checkpoint while the server
+is suspending. They will be restarted from that checkpoint when the
+server returns to running mode.
+
+
+
EE Concurrency - The server will wait for all active jobs to finish.
+All jobs that have already been queued will be skipped.
+
+
+
Transactions - The transaction subsystem waits for all running
+transactions to finish while the server is suspending. During that time
+the server refuses to start any new transaction. But any in-flight
+transaction will be serviced - e.g. the server will accept any
+incoming remote call which carries the context of a transaction already
+started at the suspending server.
When you work with Jakarta Enterprise Beans you have to enable the graceful shutdown
+functionality by setting the attribute enable-graceful-txn-shutdown to
+true. For example, in the ejb3 subsystem section of standalone.xml:
+
+
+
+
<enable-graceful-txn-shutdownvalue="false"/>
+
+
+
+
By default graceful shutdown is disabled for the ejb subsystem.
+The reason for this is that the behavior might be unwelcome in cluster
+environments, as the server notifies remote clients that the node is no
+longer available for remote calls only after the transactions are
+finished. During that brief window of time, the client of a cluster may
+send a new request to a node that is shutting down and it will refuse the
+request because it is not related to an existing transaction.
+If this attribute enable-graceful-txn-shutdown is set to false, we
+disable the graceful behavior and Jakarta Enterprise Beans clients will not attempt to invoke
+the node when it suspends, regardless of active transactions.
Suspend/Resume can be controlled via the following CLI operations
+and commands in standalone mode:
+
+
+
:suspend(suspend-timeout=x)
+
+
+
Suspends the server. If the timeout is specified it will wait in the
+SUSPENDING phase up to the specified number of seconds for all requests
+to finish. If there is no timeout specified or the value is less than
+zero it will wait indefinitely.
+
+
+
:resume
+
+
+
Resumes a previously suspended server. The server should be able to
+begin serving requests immediately.
+
+
+
:read-attribute(name=suspend-state)
+
+
+
Returns the current suspend state of the server.
+
+
+
shutdown --suspend-timeout=x
+
+
+
If a timeout parameter is passed to the shutdown command then a graceful
+shutdown will be performed. The server will be suspended, and will wait
+in SUSPENDING state up to the specified number of seconds for all requests
+to finish before shutting down. A timeout value of less than zero means
+it will wait indefinitely.
Note that even though the host controller itself is being shut down, the suspend-timeout attribute for the shutdown operation at host level is applied to the servers only and not to the host controller itself.
If you use an OS signal like TERM to shut down your WildFly standalone server
+process, e.g. via kill -15 <pid>, the WildFly server will shut down gracefully.
+By default, the behavior will be analogous to a CLI shutdown --suspend-timeout=0 command;
+that is the process will not wait in SUSPENDING state for in-flight requests to
+complete before proceeding to SUSPENDED state and then shutting down. A different
+timeout can be configured by setting the org.wildfly.sigterm.suspend.timeout
+system property. The value of the property should be an integer indicating the maximum
+number of seconds to wait for in-flight requests to complete. A value of -1 means
+the server should wait indefinitely.
+
+
+
Graceful shutdown via an OS signal will not work if the server JVM is configured
+to disable signal handling (i.e. with the -Xrs argument to java). It also won’t
+work if the method used to terminate the process doesn’t result in a signal the
+JVM can respond to (e.g. kill -9).
+
+
+
In a managed domain, Process Controller and Host Controller processes will not attempt
+any sort of graceful shutdown in response to a signal. A domain mode server may, but
+the proper way to control the lifecycle of a domain mode server process is via the
+management API and its managing Host Controller, not via direct signals to the server
+process.
By default, WildFly starts up gracefully, meaning that incoming requests are queued or cleanly rejected
+until the server is ready to process them. In some instances, though, it may be desirable to allow the
+server to begin to process requests at the earliest possible moment. One such example might be
+when two deployed applications need to interact with one another during the deployment or
+application startup. In one such scenario, Application A needs to make a REST request to
+Application B to get information vital to its own startup. Under a graceful startup, the request
+to Application B will block until the server is fully started. However, the server can’t fully
+start, as Application A is waiting for data from Application B before its deploy/startup can
+complete. In this situation, a deadlock occurs, and the server startup times out.
+
+
+
A non-graceful startup is intended to address this situation in that it will allow WildFly to
+begin attempting to answer requests as soon as possible. In the scenario above, assuming
+Application B has successfully deployed/started, Application A can also start immediately, as its
+request will be fulfilled. Note, however, that a race condition can occur: if Application B is
+not yet deployed (e.g., the deploy order is incorrect, or B has not finished starting), then
+Application A may still fail to start since Application B is not available. WildFly users making
+use of non-graceful startups must be aware of this and take steps to remedy those scenarios. With
+a non-graceful startup, however, WildFly will no longer be the cause of a deployment failure in
+such a configuration.
+
+
+
Some discussion here of how this relates to reloading and restarting, as well as to suspended starts, is
+important. When reloading, the ApplicationServerService is stopped, and a new one started. It is equivalent
+to if it was being started the first time: all the same stuff happens, but it happens faster because a lot of
+classloading and static initialization doesn’t have to happen again. This includes honoring the value of
+graceful-startup, so if the server was initially started non-gracefully, it will be reloaded in the same manner.
+
+
+
Restarting the server is similar. A restart means a new JVM, so all the initialization happens again, exactly
+as it did on the first start. When restarting in domain mode, the Host Controller simply rereads the config
+file and does the same thing it did the first time. In standalone, the restart is driven by standalone.[sh|ps1|bat].
+The running JVM exits with a specific exit code, which the script recognizes and starts a new server, using the
+same parameters as the first start, so if you start a server non-gracefully, you will restart a server
+non-gracefully.
+
+
+
Finally, there’s start-mode=suspend. In the event that an administrator specifies a suspended start as well as a
+non-graceful start, the suspended start will "win". That is to say, the server will start in a suspended mode,
+the graceful-start=false will be disregarded, and the server will log a message indicating that this is happening.
Starting a standalone server is done through the bin/standalone.sh
+script. However in a managed domain server instances are managed by the
+domain controller and need to be started through the management layer:
+
+
+
First of all, get to know which servers are configured on a particular
+host:
Configuration of the JVM settings is different for a managed domain and
+a standalone server. In a managed domain, the domain controller
+components are responsible for starting and stopping server processes and
+hence determine the JVM settings. For a standalone server, it’s the
+responsibility of the process that started the server (e.g. passing them
+as command line arguments).
In a managed domain the JVM settings can be declared at different
+scopes: For a specific server group, for a host or for a particular
+server. If not declared, the settings are inherited from the parent
+scope. This allows you to customize or extend the JVM settings within
+every layer.
+
+
+
Let’s take a look at the JVM declaration for a server group:
In this example the server group "main-server-group" declares a heap
+size of 64m and a maximum heap size of 512m. Any server that belongs
+to this group will inherit these settings. You can change these settings
+for the group as a whole, or a specific server or host:
The Controlling filesystem locations with system properties section describes the available system properties associated with relevant WildFly file system paths. In addition to all the domain mode properties, the following server specific properties are also available for resolution as JVM options:
+
+
+
+
+
jboss.server.base.dir
+
+
+
jboss.server.log.dir
+
+
+
jboss.server.data.dir
+
+
+
jboss.server.temp.dir
+
+
+
+
+
This ability is useful when you need to configure JVM settings without specifying a specific server name. For example, if you want to redirect the GC logging to a file to the default log server directory, you can configure the following JVM option at host level:
For a standalone sever you have to pass in the JVM settings either as
+command line arguments when executing the
+$JBOSS_HOME/bin/standalone.sh script, or by declaring them in
+$JBOSS_HOME/bin/standalone.conf. (For Windows users, the script to
+execute is %JBOSS_HOME%/bin/standalone.bat while the JVM settings can
+be declared in %JBOSS_HOME%/bin/standalone.conf.bat.)
WildFly comes with audit logging built in for management operations
+affecting the management model. By default it is turned off. The
+information is output as JSON records.
+
+
+
The default configuration of audit logging in standalone.xml looks as
+follows:
Audit data are stored in standalone/data/audit-log.log.
+
+
+
+
+
+
+
+
+The audit logging subsystem has a lot of internal dependencies, and it
+logs operations changing, enabling and disabling its components. When
+configuring or changing things at runtime it is a good idea to make
+these changes as part of a CLI batch. For example if you are adding a
+syslog handler you need to add the handler and its information as one
+step. Similarly if you are using a file handler, and want to change its
+path and relative-to attributes, that needs to happen as one step.
+
The first thing that needs configuring is the formatter, we currently
+support outputting log records as JSON. You can define several
+formatters, for use with different handlers. A log record has the
+following format, and it is the formatter’s job to format the data
+presented:
It includes an optional timestamp and then the following information in
+the json record
+
+
+
+
+
+
+
+
+
Field name
+
Description
+
+
+
+
+
type
+
This can have the values core, meaning it is a management
+operation, or jmx meaning it comes from the jmx subsystem (see the jmx
+subsystem for configuration of the jmx subsystem’s audit logging)
+
+
+
r/o
+
true if the operation does not change the management model, false
+otherwise
+
+
+
booting
+
true if the operation was executed during the bootup process,
+false if it was executed once the server is up and running
+
+
+
version
+
The version number of the WildFly instance
+
+
+
user
+
The username of the authenticated user. In this case the
+operation has been logged via the CLI on the same machine as the running
+server, so the special $local user is used
+
+
+
domainUUID
+
An ID to link together all operations as they are
+propagated from the Domain Controller to its servers, secondary Host
+Controllers, and secondary Host Controller servers
+
+
+
access
+
This can have one of the following values:*NATIVE - The
+operation came in through the native management interface, for example
+the CLI*HTTP - The operation came in through the domain HTTP interface,
+for example the admin console*JMX - The operation came in through the
+JMX subsystem. See JMX for how to configure audit logging for JMX.
+
+
+
remote-address
+
The address of the client executing this operation
+
+
+
success
+
true if the operation succeeded, false if it was rolled back
+
+
+
ops
+
The operations being executed. This is a list of the operations
+serialized to JSON. At boot this will be all the operations resulting
+from parsing the xml. Once booted the list will typically just contain a
+single entry
+
+
+
+
+
The json formatter resource has the following attributes:
+
+
+
+
+
+
+
+
+
Attribute
+
Description
+
+
+
+
+
include-date
+
Boolan toggling whether or not to include the timestamp
+in the formatted log records
+
+
+
date-separator
+
A string containing characters to separate the date and
+the rest of the formatted log message. Will be ignored if
+include-date=false
+
+
+
date-format
+
The date format to use for the timestamp as understood by
+java.text.SimpleDateFormat. Will be ignored if include-date=false
+
+
+
compact
+
If true will format the JSON on one line. There may still be
+values containing new lines, so if having the whole record on one line
+is important, set escape-new-line or escape-control-characters to true
+
+
+
escape-control-characters
+
If true it will escape all control
+characters (ascii entries with a decimal value < 32) with the ascii code
+in octal, e.g. a new line becomes '#012'. If this is true, it will
+override escape-new-line=false
+
+
+
escape-new-line
+
If true it will escape all new lines with the ascii
+code in octal, e.g. "#012".
A handler is responsible for taking the formatted data and logging it to
+a location. There are currently two types of handlers, File and Syslog.
+You can configure several of each type of handler and use them to log
+information.
The file handlers log the audit log records to a file on the server. The
+attributes for the file handler are
+
+
+
+
+
+
+
+
+
+
Attribute
+
Description
+
Read Only
+
+
+
+
+
formatter
+
The name of a JSON formatter to use to format the log
+records
+
false
+
+
+
path
+
The path of the audit log file
+
false
+
+
+
relative-to
+
The name of another previously named path, or of one of
+the standard paths provided by the system. If relative-to is provided,
+the value of the path attribute is treated as relative to the path
+specified by this attribute
+
false
+
+
+
failure-count
+
The number of logging failures since the handler was
+initialized
+
true
+
+
+
max-failure-count
+
The maximum number of logging failures before
+disabling this handler
+
false
+
+
+
disabled-due-to-failure
+
true if this handler was disabled due to
+logging failures
+
true
+
+
+
+
+
In our standard configuration path=audit-log.log and
+relative-to=jboss.server.data.dir, typically this will be
+$JBOSS_HOME/standalone/data/audit-log.log
The default configuration does not have syslog audit logging set up.
+Syslog is a better choice for audit logging since you can log to a
+remote syslog server, and secure the authentication to happen over TLS
+with client certificate authentication. Syslog servers vary a lot in
+their capabilities so not all settings in this section apply to all
+syslog servers. We have tested with rsyslog.
The syslog handler resource has the following attributes:
+
+
+
+
+
+
+
+
+
+
formatter
+
The name of a JSON formatter to use to format the log
+records
+
false
+
+
+
+
+
failure-count
+
The number of logging failures since the handler was
+initialized
+
true
+
+
+
max-failure-count
+
The maximum number of logging failures before
+disabling this handler
+
false
+
+
+
disabled-due-to-failure
+
true if this handler was disabled due to
+logging failures
+
true
+
+
+
syslog-format
+
Whether to set the syslog format to the one specified in
+RFC-5424 or RFC-3164
+
false
+
+
+
max-length
+
The maximum length in bytes a log message, including the
+header, is allowed to be. If undefined, it will default to 1024 bytes if
+the syslog-format is RFC3164, or 2048 bytes if the syslog-format is
+RFC5424.
+
false
+
+
+
truncate
+
Whether or not a message, including the header, should
+truncate the message if the length in bytes is greater than the maximum
+length. If set to false messages will be split and sent with the same
+header values
+
false
+
+
+
+
+
When adding a syslog handler you also need to add the protocol it will
+use to communicate with the syslog server. The valid choices for
+protocol are UDP, TCP and TLS. The protocol must be added at the
+same time as you add the syslog handler, or it will fail. Also, you can
+only add one protocol for the handler.
Configures the handler to use UDP to communicate with the syslog server.
+The address of the UDP resource is
+/core-service=management/access=audit/syslog-handler=*/protocol=udp.
+The attributes of the UDP resource are:
+
+
+
+
+
+
+
+
+
Attribute
+
Description
+
+
+
+
+
host
+
The host of the syslog server for the udp requests
+
+
+
port
+
The port of the syslog server listening for the udp requests
Configures the handler to use TCP to communicate with the syslog server.
+The address of the TCP resource is
+/core-service=management/access=audit/syslog-handler=*/protocol=tcp.
+The attributes of the TCP resource are:
+
+
+
+
+
+
+
+
+
Attribute
+
Description
+
+
+
+
+
host
+
The host of the syslog server for the tcp requests
+
+
+
port
+
The port of the syslog server listening for the tcp requests
+
+
+
message-transfer
+
The message transfer setting as described in section
+3.4 of RFC-6587. This can either be OCTET_COUNTING as described in
+section 3.4.1 of RFC-6587, or NON_TRANSPARENT_FRAMING as described in
+section 3.4.1 of RFC-6587
Configures the handler to use TLC to communicate securely with the
+syslog server. The address of the TLS resource is
+/core-service=management/access=audit/syslog-handler=*/protocol=tls.
+The attributes of the TLS resource are the same as for TCP:
+
+
+
+
+
+
+
+
+
Attribute
+
Description
+
+
+
+
+
host
+
The host of the syslog server for the tls requests
+
+
+
port
+
The port of the syslog server listening for the tls requests
+
+
+
message-transfer
+
The message transfer setting as described in section
+3.4 of RFC-6587. This can either be OCTET_COUNTING as described in
+section 3.4.1 of RFC-6587, or NON_TRANSPARENT_FRAMING as described in
+section 3.4.1 of RFC-6587
+
+
+
+
+
If the syslog server’s TLS certificate is not signed by a certificate
+signing authority, you will need to set up a truststore to trust the
+certificate. The resource for the trust store is a child of the TLS
+resource, and the full address is
+/core-service=management/access=audit/syslog-handler=*/protocol=tls/authentication=truststore.
+The attributes of the truststore resource are:
+
+
+
+
+
+
+
+
+
Attribute
+
Description
+
+
+
+
+
keystore-password
+
The password for the truststore
+
+
+
keystore-path
+
The path of the truststore
+
+
+
keystore-relative-to
+
The name of another previously named path, or of
+one of the standard paths provided by the system. If
+keystore-relative-to is provided, the value of the keystore-path
+attribute is treated as relative to the path specified by this attribute
If you have set up the syslog server to require client certificate
+authentication, when creating your handler you will also need to set up
+a client certificate store containing the certificate to be presented to
+the syslog server. The address of the client certificate store resource
+is
+/core-service=management/access=audit/syslog-handler=*/protocol=tls/authentication=client-certificate-store
+and its attributes are:
+
+
+
+
+
+
+
+
+
Attribute
+
Description
+
+
+
+
+
keystore-password
+
The password for the keystore
+
+
+
key-password
+
The password for the keystore key
+
+
+
keystore-path
+
The path of the keystore
+
+
+
keystore-relative-to
+
The name of another previously named path, or of
+one of the standard paths provided by the system. If
+keystore-relative-to is provided, the value of the keystore-path
+attribute is treated as relative to the path specified by this attribute
The final part that needs configuring is the logger for the management
+operations. This references one or more handlers and is configured at
+/core-service=management/access=audit/logger=audit-log. The attributes
+for this resource are:
+
+
+
+
+
+
+
+
+
Attribute
+
Description
+
+
+
+
+
enabled
+
true to enable logging of the management operations
+
+
+
log-boot
+
true to log the management operations when booting the
+server, false otherwise
+
+
+
log-read-only
+
If true all operations will be audit logged, if false
+only operations that change the model will be logged
+
+
+
+
+
Then which handlers are used to log the management operations are
+configured as handler=* children of the logger.
In domain mode audit logging is configured for each host in its
+host.xml file. This means that when connecting to the DC, the
+configuration of the audit logging is under the host’s entry, e.g. here
+is the default configuration:
We now have two file handlers, one called host-file used to configure
+the file to log management operations on the host, and one called
+server-file used to log management operations executed on the servers.
+Then logger=audit-log is used to configure the logger for the host
+controller, referencing the host-file handler.
+server-logger=audit-log is used to configure the logger for the
+managed servers, referencing the server-file handler. The attributes
+for server-logger=audit-log are the same as for
+server-logger=audit-log in the previous section. Having the host
+controller and server loggers configured independently means we can
+control audit logging for managed servers and the host controller
+independently.
An operation is considered to be not proceeding normally if it has been
+executing with the exclusive operation lock held for longer than 15
+seconds. Read-only operations do not acquire the exclusive operation
+lock, so this operation will not cancel read-only operations. Operations
+blocking waiting for another operation to release the exclusive lock
+will also not be cancelled.
+
+
+
If there isn’t any operation that is failing to proceed normally, there
+will be a failure response:
+
+
+
+
[standalone@localhost:9990 /] /core-service=management/service=management-operations:cancel-non-progressing-operation
+{
+ "outcome" => "failed",
+ "failure-description" => "WFLYDM0089: No operation was found that has been holding the operation execution write lock for long than [15] seconds",
+ "rolled-back" => true
+}
The mechanism used to submit a request to the server.
+NATIVE, JMX, HTTP
+
+
+
address
+
The address of the resource targeted by the operation. The
+value in the final element of the address will be '<hidden>' if the
+caller is not authorized to address the operation’s target resource.
+
+
+
caller-thread
+
The name of the thread that is executing the operation.
+
+
+
cancelled
+
Whether the operation has been cancelled.
+
+
+
exclusive-status
+
Amount of time in nanoseconds the operation has
+been executing with the exclusive operation execution lock held, or -1
+if the operation does not hold the exclusive execution lock.
+
+
+
execution-status
+
The current activity of the operation. See below for
+details.
+
+
+
operation
+
The name of the operation, or '<hidden>' if the caller is
+not authorized to address the operation’s target resource.
+
+
+
running-time
+
Amount of time the operation has been executing, in
+nanoseconds.
+
+
+
+
+
The following are the values for the exclusive-running-time attribute:
+
+
+
+
+
+
+
+
+
Value
+
Meaning
+
+
+
+
+
executing
+
The caller thread is actively executing
+
+
+
awaiting-other-operation
+
The caller thread is blocking waiting for
+another operation to release the exclusive execution lock
+
+
+
awaiting-stability
+
The caller thread has made changes to the service
+container and is waiting for the service container to stabilize
+
+
+
completing
+
The operation is committed and is completing execution
+
+
+
rolling-back
+
The operation is rolling back
+
+
+
+
+
All currently executing operations can be viewed in one request using
+the read-children-resources operation:
The cancel-non-progressing-operation operation is a convenience
+operation for identifying and canceling an operation. However, an
+administrator can examine the active-operation resources to identify any
+operation, and then directly cancel it by invoking the cancel
+operation on the resource for the desired operation.
As an operation executes, the execution thread may block at various
+points, particularly while waiting for the service container to
+stabilize following any changes. Since an operation may be holding the
+exclusive execution lock while blocking, in WildFly execution behavior
+was changed to ensure that blocking will eventually time out, resulting
+in roll back of the operation.
+
+
+
The default blocking timeout is 300 seconds. This is intentionally long,
+as the idea is to only trigger a timeout when something has definitely
+gone wrong with the operation, without any false positives.
+
+
+
An administrator can control the blocking timeout for an individual
+operation by using the blocking-timeout operation header. For example,
+if a particular deployment is known to take an extremely long time to
+deploy, the default 300 second timeout could be increased:
Note the blocking timeout is not a guaranteed maximum execution time
+for an operation. If it only a timeout that will be enforced at various
+points during operation execution.
The management operations may modify the model. When this occurs the xml
+backing the model is written out again reflecting the latest changes. In
+addition a full history of the file is maintained. The history of the
+file goes in a separate directory under the configuration directory.
+
+
+
As mentioned in Command line parameters the default
+configuration file can be selected using a command-line parameter. For a
+standalone server instance the history of the active standalone.xml is
+kept in jboss.server.config.dir/standalone_xml_history (See
+Command line parameters#standalone_system_properties
+for more details). For a domain the active domain.xml and host.xml
+histories are kept in jboss.domain.config.dir/domain_xml_history and
+jboss.domain.config.dir/host_xml_history.
+
+
+
The rest of this section will only discuss the history for
+standalone.xml. The concepts are exactly the same for domain.xml and
+host.xml.
+
+
+
Within standalone_xml_history itself following a successful first time
+boot we end up with three new files:
+
+
+
+
+
standalone.initial.xml - This contains the original configuration
+that was used the first time we successfully booted. This file will
+never be overwritten. You may of course delete the history directory and
+any files in it at any stage.
+
+
+
standalone.boot.xml - This contains the original configuration that
+was used for the last successful boot of the server. This gets
+overwritten every time we boot the server successfully.
+
+
+
standalone.last.xml - At this stage the contents will be identical
+to standalone.boot.xml. This file gets overwritten each time the
+server successfully writes the configuration, if there was an unexpected
+failure writing the configuration this file is the last known successful
+write.
+
+
+
+
+
standalone_xml_history contains a directory called current which
+should be empty. Now if we execute a management operation that modifies
+the model, for example adding a new system property using the CLI:
The original configuration file is backed up to
+standalone_xml_history/current/standalone.v1.xml. The next change to
+the model would result in a file called standalone.v2.xml etc. The 100
+most recent of these files are kept.
+
+
+
The change is applied to the original configuration file
+
+
+
The changed original configuration file is copied to
+standalone.last.xml
+
+
+
+
+
When restarting the server, any existing
+standalone_xml_history/current directory is moved to a new timestamped
+folder within the standalone_xml_history, and a new current folder
+is created. These timestamped folders are kept for 30 days.
In addition to the backups taken by the server as described above you
+can manually take snapshots which will be stored in the snapshot
+folder under the _xml_history folder, the automatic backups described
+above are subject to automatic house keeping so will eventually be
+automatically removed, the snapshots on the other hand can be entirely
+managed by the administrator.
+
+
+
You may also take your own snapshots using the CLI:
In domain mode executing the snapshot operations against the root node
+will work against the domain model. To do this for a host model you need
+to navigate to the host in question:
For subsequent server starts it may be desirable to take the state of
+the server back to one of the previously known states, for a number of
+items an abbreviated reverence to the file can be used:
+
+
+
+
+
+
+
+
+
+
Abbreviation
+
Parameter
+
Description
+
+
+
+
+
initial
+
--server-config=initial
+
This will start the server using the
+initial configuration first used to start the server.
+
+
+
boot
+
--server-config=boot
+
This will use the configuration from the
+last successful boot of the server.
+
+
+
last
+
--server-config=last
+
This will start the server using the
+configuration backed up from the last successful save.
+
+
+
v?
+
--server-config=v?
+
This will server the _xml_history/current
+folder for the configuration where ? is the number of the backup to use.
+
+
+
-?
+
--server-config=-?
+
The server will be started after searching the
+snapshot folder for the configuration which matches this prefix.
+
+
+
+
+
In addition to this the --server-config parameter can always be used
+to specify a configuration relative to the jboss.server.config.dir and
+finally if no matching configuration is found an attempt to locate the
+configuration as an absolute path will be made.
To enhance the initial configuration file history we have now a native Git support to manage the configuration history. This feature goes a little farther than the initial configuration file history in that it also manages content repository content and all the configuration files (such as properties). This feature only work for standalone servers using the default directory layout.
+
+
+
As mentioned in Command line parameters we support the usage of a remote Git repository to pull the configuration from or create or use a local Git repository.
+In fact if a .git directory exists under jboss.server.base.dir then using Git for managing configuration files will be automatically activated.
+Each modification of the content or the configuration will result in a new commit when the operation is successful and there are changes to commit. If there is an authenticated user then it will be stored as the author of the commit.
+Please note that this is a real Git repository so using a native Git client you can manipulate it.
+
+
+
Now if we execute a management operation that modifies
+the model, for example adding a new system property using the CLI:
Starting the server with the option --git-repo=local will initiate a Git repository if none exists or use the current Git repository. When initiating the local Git repository a .gitignore file will be created and added to the initial commit.
+
+
+
If a --git-branch parameter is added then the repository will be checked out on the supplied branch. Please note that the branch will not be automatically created and must exist in the repository already. By default, if no parameter is specified, the branch master will be used.
If a remote Git repository is provided then the server will try to pull from it at boot. If this is the first time we are pulling then local files will be deleted to avoid the pull to fail because of the need to overwrite those existing files.
+The parameter for --git-repo can be a URL or a remote alias provided you have manually added it to the local git configuration.
+
+
+
If a --git-branch parameter is added then the branch will be pulled, otherwise it will default to master.
+
+
+
For example this is an elytron configuration file that you could use to connect to GitHub via the --git-auth parameter:
Sample command line to start the server using the standalone-full.xml file pulled from Github and being authenticated via the Elytron configuration file github-wildfly-config.xml:
In addition to the commits taken by the server as described above you
+can manually take snapshots which will be stored as tags in the Git repository.
+You can choose the tag name and the commit message attached to this tag.
+
+
+
You may also take your own snapshots using the CLI:
Users may also connect to an SSH git server. In order to connect to any SSH git server to manage your configuration file history, you must use an Elytron configuration
+file to specify your SSH credentials. The following example shows how to specify an SSH url and a wildfly-config.xml file
+containing SSH credentials:
This configuration indicates that the private key to be used for SSH authentication is in the file id_ec_test in the
+directory /home/user/git-persistence and the passphrase "secret" is needed to decrypt the key.
+
+
+
The ssh-credential accepts the following attributes:
+
+
+
+
+
ssh-directory - the path to the directory containing the private key file and the known hosts file. The default value
+is [user.home]/.ssh.
+
+
+
private-key-file - the name of the file containing the private key. The default private key file names used are: id_rsa,
+id_dsa, and id_ecdsa.
+
+
+
known-hosts-file - the name of the file containing the known SSH hosts you trust. The default value is known_hosts
+
+
+
+
+
One of the following child elements may also be used to specify the passphrase to be used to decrypt the private key (if applicable):
Along with the key-pair credential, if your known SSH hosts are not in ~/.ssh/known_hosts, you should specify an ssh-credential
+with the ssh-directory and known-hosts-file attributes defined to specify the location and name of your known hosts file.
+
+
+
When specifying keys in OpenSSH format, it is only necessary to specify the private key and the public key will be parsed
+from the private key string. When specifying key pairs in PKCS format, it is necessary to specify both the private and
+public keys using the following elements:
It is possible to specify your SSH credentials as a reference to a credential store entry.
+See: Adding a Credential
+to a credential store and Referencing Credentials
+stored in a credential store.
A common way to manage WildFly installations over time is to start with a standard configuration file (e.g. the out-of-the-box standalone.xml file that comes with each WildFly release) and then apply installation specific customizations to it (e.g. add datasource resources and Elytron security realm resources to integrate with the company’s own services). As the standard configuration file evolves over time (with new releases) the goal is to efficiently re-apply the installation specific customizations. Users have several ways to apply their customizations: edit the XML manually or with XML manipulation tools (neither of which is recommended), create jboss-cli scripts that you can run on each upgrade, or use WildFly’s YAML configuration file feature.
+
+
+
With the YAML configuration file approach, you provide one or more YAML files that specify the resources that you want WildFly to add to its running configuration, along with any configuration attribute values that should differ from what’s in standalone.xml. Using YAML files has advantages over using CLI scripts:
+
+
+
+
+
CLI scripts can be tricky to write as they usually aren’t idempotent. If you run a script that adds a datasource, that datasource is now in the standalone.xml file, so if you run the script again, it will fail due to attempting to add an existing resource. This can be worked around by using the --read-ony-server-config command line flag instead of the usual -c / --server-config. Or you can write more complex CLI scripts that check whether resources already exist before attempting to add them. Both of these approaches can work, but they can be tricky to do correctly. The YAML configuration file approach is idempotent. The WildFly server reads the YAML at boot and updates its running configuration, but it does not update the standalone.xml file, so the same thing can be done repeatedly.
+
+
+
Applying a CLI script usually involves launching a separate Java process (the WildFly CLI). Needing to do this can be a poor fit for configuration customization workflows. With the YAML configuration file approach, the WildFly server process itself process the YAML as part of boot.
Using the --yaml or -y argument you can pass a list of YAML files. Each path needs to be separated by the File.pathSeparator. It is a semicolon (;) on Windows and colon (:) on Mac and Unix-based operating systems.
+Paths can be absolute, relative to the current execution directory or relative to the standalone configuration directory.
This section is an in depth reference to the WildFly management API.
+Readers are encouraged to read the
+Management clients and
+Core management concepts sections
+for fundamental background information, as well as the
+Management tasks and
+Domain setup sections for key task oriented
+information. This section is meant as an in depth reference to delve
+into some of the key details.
Reads a management resource’s attribute values along with either basic
+or complete information about any child resources. Supports the following
+parameters, none of which are required:
+
+
+
+
+
recursive – (boolean, default is false) – whether to include
+complete information about child resources, recursively.
+
+
+
recursive-depth – (int) – The depth to which information about child
+resources should be included if recursive is true. If not set, the
+depth will be unlimited; i.e. all descendant resources will be included.
+
+
+
proxies – (boolean, default is false) – whether to include remote
+resources in a recursive query (i.e. host level resources from secondary
+Host Controllers in a query of the Domain Controller; running server
+resources in a query of a host).
+
+
+
include-runtime – (boolean, default is false) – whether to include
+runtime attributes (i.e. those whose value does not come from the
+persistent configuration) in the response.
+
+
+
include-defaults – (boolean, default is true) – whether to include
+in the result default values not set by users. Many attributes have a
+default value that will be used in the runtime if the users have not
+provided an explicit value. If this parameter is false the value for
+such attributes in the result will be undefined. If true the result
+will include the default value for such parameters.
Reads the value of an individual attribute. Takes a single, required,
+parameter:
+
+
+
+
+
name – (string) – the name of the attribute to read.
+
+
+
include-defaults – (boolean, default is true) – whether to include
+in the result default values not set by users. Many attributes have a
+default value that will be used in the runtime if the users have not
+provided an explicit value. If this parameter is false the value for
+such attributes in the result will be undefined. If true the result
+will include the default value for such parameters.
Sets the value of an individual attribute to the undefined value, if
+such a value is allowed for the attribute. The operation will fail if
+the undefined value is not allowed. Takes a single required parameter:
+
+
+
+
+
name – (string) – the name of the attribute to write.
Removes an element from the value of a list attribute, either the
+element at a specified index, or the first element whose value matches
+a specified value:
+
+
+
+
+
name – (string) – the name of the list attribute to add new value
+to.
+
+
+
value – (type depends on the element being written, optional) – the
+element to be removed. Optional and ignored if index is specified.
+
+
+
index – (int, optional) – index in the list whose element should be
+removed. By default it is undefined, meaning value should be
+specified.
+
+
+
+
+
This operation will fail if the specified attribute is not a list.
Empties the list attribute. It is different from :undefine-attribute
+as it results in attribute of type list with 0 elements, whereas
+:undefine-attribute results in an undefined value for the attribute
+
+
+
+
+
name – (string) – the name of the list attribute
+
+
+
+
+
This operation will fail if the specified attribute is not a list.
Empties the map attribute. It is different from :undefine-attribute as
+it results in attribute of type map with 0 entries, whereas
+:undefine-attribute results in an undefined value for the attribute
+
+
+
+
+
name – (string) – the name of the map attribute
+
+
+
+
+
This operation will fail if the specified attribute is not a map.
Returns the description of a resource’s attributes, types of children
+and, optionally, operations. Supports the
+following parameters, none of which are required:
+
+
+
+
+
recursive – (boolean, default is false) – whether to include
+information about child resources, recursively.
+
+
+
proxies – (boolean, default is false) – whether to include remote
+resources in a recursive query (i.e. host level resources from secondary
+Host Controllers in a query of the Domain Controller; running server
+resources in a query of a host)
+
+
+
operations – (boolean, default is false) – whether to include
+descriptions of the resource’s operations
+
+
+
inherited – (boolean, default is true) – if operations is
+true, whether to include descriptions of operations inherited from
+higher level resources. The global operations described in this section
+are themselves inherited from the root resource, so the primary effect
+of setting inherited to false is to exclude the descriptions of the
+global operations from the output.
Returns a list of the
+types of child resources the resource supports. Takes two optional
+parameters:
+
+
+
+
+
include-aliases – (boolean, default is false) – whether to include
+alias children (i.e. those which are aliases of other sub-resources) in
+the response.
+
+
+
include-singletons – (boolean, default is false) – whether to
+include singleton children (i.e. those are children that acts as
+resource aggregate and are registered with a wildcard name) in the
+response
+wildfly-dev
+discussion around this topic.
Returns information about all of a resource’s children that are of a
+given type.
+For each child resource, the returned information is equivalent to
+executing the read-resource operation on that resource. Takes the
+following parameters, of which only \{{child-type} is required:
+
+
+
+
+
child-type – (string) – the name of the type of child resource
+
+
+
recursive – (boolean, default is false) – whether to include
+complete information about child resources, recursively.
+
+
+
recursive-depth – (int) – The depth to which information about child
+resources should be included if recursive is \{{true}. If not set,
+the depth will be unlimited; i.e. all descendant resources will be
+included.
+
+
+
proxies – (boolean, default is false) – whether to include remote
+resources in a recursive query (i.e. host level resources from secondary
+Host Controllers in a query of the Domain Controller; running server
+resources in a query of a host)
+
+
+
include-runtime – (boolean, default is false) – whether to include
+runtime attributes (i.e. those whose value does not come from the
+persistent configuration) in the response.
+
+
+
include-defaults – (boolean, default is true) – whether to include
+in the result default values not set by users. Many attributes have a
+default value that will be used in the runtime if the users have not
+provided an explicit value. If this parameter is false the value for
+such attributes in the result will be undefined. If true the result
+will include the default value for such parameters.
Returns a list of attributes of a
+type for a given attribute group name. For each attribute the returned
+information is equivalent to executing the read-attribute operation of
+that resource. Takes the following parameters, of which only \{{name}
+is required:
+
+
+
+
+
name – (string) – the name of the attribute group to read.
+
+
+
include-defaults – (boolean, default is true) – whether to include
+in the result default values not set by users. Many attributes have a
+default value that will be used in the runtime if the users have not
+provided an explicit value. If this parameter is false the value for
+such attributes in the result will be undefined. If true the result
+will include the default value for such parameters.
+
+
+
include-runtime – (boolean, default is false) – whether to include
+runtime attributes (i.e. those whose value does not come from the
+persistent configuration) in the response.
+
+
+
include-aliases – (boolean, default is false) – whether to include
+alias attributes (i.e. those which are alias of other attributes) in the
+response.
Besides the global operations described above, by convention nearly
+every resource should expose an add operation and a remove
+operation. Exceptions to this convention are the root resource, and
+resources that do not store persistent configuration and are created
+dynamically at runtime (e.g. resources representing the JVM’s platform
+mbeans or resources representing aspects of the running state of a
+deployment.)
The operation that creates a new resource must be named add. The
+operation may take zero or more parameters; what those parameters are
+depends on the resource being created.
The management model exposed by WildFly is very large and complex. There
+are dozens, probably hundreds of logical concepts involved – hosts,
+server groups, servers, subsystems, datasources, web connectors, and on
+and on – each of which in a classic objected oriented API design could
+be represented by a Java type (i.e. a Java class or interface.)
+However, a primary goal in the development of WildFly’s native
+management API was to ensure that clients built to use the API had as
+few compile-time and run-time dependencies on JBoss-provided classes as
+possible, and that the API exposed by those libraries be powerful but
+also simple and stable. A management client running with the management
+libraries created for an earlier version of WildFly should still work if
+used to manage a later version domain. The management client libraries
+needed to be forward compatible.
+
+
+
It is highly unlikely that an API that consists of hundreds of Java
+types could be kept forward compatible. Instead, the WildFly management
+API is a detyped API. A detyped API is like decaffeinated coffee – it
+still has a little bit of caffeine, but not enough to keep you awake at
+night. WildFly’s management API still has a few Java types in it (it’s
+impossible for a Java library to have no types!) but not enough to keep
+you (or us) up at night worrying that your management clients won’t be
+forward compatible.
+
+
+
A detyped API works by making it possible to build up arbitrarily
+complex data structures using a small number of Java types. All of the
+parameter values and return values in the API are expressed using those
+few types. Ideally, most of the types are basic JDK types, like
+java.lang.String, java.lang.Integer, etc. In addition to the basic
+JDK types, WildFly’s detyped management API uses a small library called
+jboss-dmr. The purpose of this section is to provide a basic overview
+of the jboss-dmr library.
+
+
+
Even if you don’t use jboss-dmr directly (probably the case for all but
+a few users), some of the information in this section may be useful.
+When you invoke operations using the application server’s Command Line
+Interface, the return values are just the text representation of of a
+jboss-dmr ModelNode. If your CLI commands require complex parameter
+values, you may yourself end up writing the text representation of a
+ModelNode. And if you use the HTTP management API, all response bodies
+as well as the request body for any POST will be a JSON representation
+of a ModelNode.
+
+
+
The source code for jboss-dmr is available on
+Github. The maven coordinates for
+a jboss-dmr release are org.jboss.jboss-dmr:jboss-dmr.
The public API exposed by jboss-dmr is very simple: just three classes,
+one of which is an enum!
+
+
+
The primary class is org.jboss.dmr.ModelNode. A ModelNode is
+essentially just a wrapper around some value; the value is typically
+some basic JDK type. A ModelNode exposes a getType() method. This
+method returns a value of type org.jboss.dmr.ModelType, which is an
+enum of all the valid types of values. And that’s 95% of the public API;
+a class and an enum. (We’ll get to the third class, Property, below.)
To illustrate how to work with ModelNode s, we’ll use the
+Beanshell scripting library. We won’t get into
+many details of beanshell here; it’s a simple and intuitive tool and
+hopefully the following examples are as well.
+
+
+
We’ll start by launching a beanshell interpreter, with the jboss-dmr
+library available on the classpath. Then we’ll tell beanshell to import
+all the jboss-dmr classes so they are available for use:
+
+
+
+
$ java -cp bsh-2.0b4.jar:jboss-dmr-1.0.0.Final.jar bsh.Interpreter
+BeanShell 2.0b4 - by Pat Niemeyer (pat@pat.net)
+bsh % import org.jboss.dmr.*;
+bsh %
+
+
+
+
Next, create a ModelNode and use the beanshell print function to
+output what type it is:
bsh % node.set("A string");
+bsh % print(node.asInt());
+// Error: // Uncaught Exception: Method Invocation node.asInt : at Line: 20 : in file: <unknown file> : node .asInt ( )
+
+Target exception: java.lang.NumberFormatException: For input string: "A string"
+
+java.lang.NumberFormatException: For input string: "A string"
+ at java.lang.NumberFormatException.forInputString(NumberFormatException.java:48)
+ at java.lang.Integer.parseInt(Integer.java:449)
+ at java.lang.Integer.parseInt(Integer.java:499)
+ at org.jboss.dmr.StringModelValue.asInt(StringModelValue.java:61)
+ at org.jboss.dmr.ModelNode.asInt(ModelNode.java:117)
+ ....
+
+
+
+
The ModelNode.getType() method can be used to ensure a node has an
+expected value type before attempting a type conversion.
+
+
+
One set variant takes another ModelNode as its argument. The value
+of the passed in node is copied, so there is no shared state between the
+two model nodes:
The above examples aren’t particularly interesting; if all we can do
+with a ModelNode is wrap a simple Java primitive, what use is that?
+However, a ModelNode’s value can be more complex than a simple
+primitive, and using these more complex types we can build complex data
+structures. The first more complex type is `ModelType.LIST.
+
+
+
Use the add methods to initialize a node’s value as a list and add to
+the list:
+
+
+
+
bsh % ModelNode list = new ModelNode();
+bsh % list.add(5);
+bsh % list.add(10);
+bsh % print(list.getType());
+LIST
+
+
+
+
Use asInt() to find the size of the list:
+
+
+
+
bsh % print(list.asInt());
+2
+
+
+
+
Use the overloaded get method variant that takes an int param to
+retrieve an item. The item is returned as a ModelNode:
Here’s one of the trickiest things about jboss-dmr:Theget
+methods actually mutate state; they are not "read-only". For example,
+calling get with an index that does not exist yet in the list will
+actually create a child of type ModelType.UNDEFINED at that index (and
+will create UNDEFINED children for any intervening indices.)
That’s not so interesting in the above example, but later on with node
+of type ModelType.OBJECT we’ll see how that kind of method chaining
+can let you build up fairly complex data structures with a minimum of
+code.
+
+
+
Use the asList() method to get a List<ModelNode> of the children:
+
+
+
+
bsh % for (ModelNode element : list.asList()) {
+print(element.getType());
+}
+INT
+INT
+STRING
+UNDEFINED
+UNDEFINED
+INT
+
+
+
+
The asString() and toString() methods provide slightly differently
+formatted text representations of a ModelType.LIST node:
Directly instantiating a Property via its constructor is not common.
+More typically one of the two argument ModelNode.add or
+ModelNode.set variants is used. The first argument is the property
+name:
The most powerful and most commonly used complex value type in jboss-dmr
+is ModelType.OBJECT. A ModelNode whose value is ModelType.OBJECT
+internally maintains a Map<String, ModelNode.
+
+
+
Use the get method variant that takes a string argument to add an
+entry to the map. If no entry exists under the given name, a new entry
+is added with a the value being a ModelType.UNDEFINED node. The node
+is returned:
+
+
+
+
bsh % ModelNode range = new ModelNode();
+bsh % ModelNode min = range.get("min");
+bsh % print(range.toString());
+{"min" => undefined}
+bsh % min.set(2);
+bsh % print(range.toString());
+{"min" => 2}
+
+
+
+
Again it is important to remember that thegetoperation may mutate
+the state of a model node by adding a new entry.It is not a read-only
+operation.
+
+
+
Since get will never return null, a common pattern is to use method
+chaining to create the key/value pair:
A call to get passing an already existing key will of course return
+the same model node as was returned the first time get was called with
+that key:
+
+
+
+
bsh % print(min == range.get("min"));
+true
+
+
+
+
Multiple parameters can be passed to get. This is a simple way to
+traverse a tree made up of ModelType.OBJECT nodes. Again, get may
+mutate the node on which it is invoked; e.g. it will actually create the
+tree if nodes do not exist. This next example uses a workaround to get
+beanshell to handle the overloaded get method that takes a variable
+number of arguments:
The semantics of the backing map in a node of ModelType.OBJECT are
+those of a LinkedHashMap. The map remembers the order in which
+key/value pairs are added. This is relevant when iterating over the
+pairs after calling asPropertyList() and for controlling the order in
+which key/value pairs appear in the output from toString().
+
+
+
Since the get method will actually mutate the state of a node if the
+given key does not exist, ModelNode provides a couple methods to let
+you check whether the entry is there. The has method simply does that:
Very often, the need is to not only know whether the key/value pair
+exists, but whether the value is defined (i.e. not
+ModelType.UNDEFINED. This kind of check is analogous to checking
+whether a field in a Java class has a null value. The hasDefined lets
+you do this:
A value of type ModelType.EXPRESSION is stored as a string, but can
+later be resolved to different value. The string has a special syntax
+that should be familiar to those who have used the system property
+substitution feature in previous JBoss AS releases.
When the resolve operation is called, the string is parsed and any
+embedded system properties are resolved against the JVM’s current system
+property values. A new ModelNode is returned whose value is the
+resolved string:
In addition to system properties, in the above examples, we also support substituting
+from environment variables. See the Expression Resolution
+subsection for a more thorough description of how this works in practice.
A detailed description of the resources, attributes and operations that
+make up the management model provided by an individual WildFly instance
+or by any Domain Controller or secondary Host Controller process can be
+queried using the read-resource-description, read-operation-names,
+read-operation-description and read-child-types operations described
+in the Global operations section. In this
+section we provide details on what’s included in those descriptions.
All portions of the management model exposed by WildFly are addressable
+via an ordered list of key/value pairs. For each addressable
+Management Resource, the following
+descriptive information will be available:
+
+
+
+
+
description – String – text description of this portion of the model
+
+
+
min-occurs – int, either 0 or 1 – Minimum number of resources of
+this type that must exist in a valid model. If not present, the default
+value is 0.
+
+
+
max-occurs – int – Maximum number of resources of this type that may
+exist in a valid model. If not present, the default value depends upon
+the value of the final key/value pair in the address of the described
+resource. If this value is '*', the default value is Integer.MAX_VALUE,
+i.e. there is no limit. If this value is some other string, the default
+value is 1.
+
+
+
attributes – Map of String (the attribute name) to complex structure
+– the configuration attributes available in this portion of the model.
+See the Description of an Attribute section
+for the representation of each attribute.
+
+
+
operations – Map of String (the operation name) to complex structure
+– the operations that can be targeted at this address. See the
+Description of an Operation section
+for the representation of each operation.
+
+
+
children – Map of String (the type of child) to complex structure –
+the relationship of this portion of the model to other addressable
+portions of the model. See the
+Description of Parent/Child Relationships
+section for the representation of each child relationship.
+
+
+
head-comment-allowed – boolean – This description key is for
+possible future use.
+
+
+
tail-comment-allowed – boolean – This description key is for
+possible future use.
+
+
+
+
+
For example:
+
+
+
+
{
+ "description => "A manageable resource",
+ "tail-comment-allowed" => false,
+ "attributes" => {
+ "foo" => {
+ .... details of attribute foo
+ }
+ },
+ "operations" => {
+ "start" => {
+ .... details of the start operation
+ }
+ },
+ "children" => {
+ "bar" => {
+ .... details of the relationship with children of type "bar"
+ }
+ }
+}
An attribute is a portion of the management model that is not directly
+addressable. Instead, it is conceptually a property of an addressable
+management resource. For
+each attribute in the model, the following descriptive information will
+be available:
+
+
+
+
+
description – String – text description of the attribute
+
+
+
type – org.jboss.dmr.ModelType – the type of the attribute value.
+One of the enum values BIG_DECIMAL, BIG_INTEGER, BOOLEAN, BYTES, DOUBLE,
+INT, LIST, LONG, OBJECT, PROPERTY, STRING. Most of these are
+self-explanatory. An OBJECT will be represented in the detyped model as
+a map of string keys to values of some other legal type, conceptually
+similar to a javax.management.openmbean.CompositeData. A PROPERTY is a
+single key/value pair, where the key is a string, and the value is of
+some other legal type.
+
+
+
value-type – ModelType or complex structure – Only present if type
+is LIST or OBJECT. If all elements in the LIST or all the values of the
+OBJECT type are of the same type, this will be one of the ModelType
+enums BIG_DECIMAL, BIG_INTEGER, BOOLEAN, BYTES, DOUBLE, INT, LONG,
+STRING. Otherwise, value-type will detail the structure of the
+attribute value, enumerating the value’s fields and the type of their
+value. So, an attribute with a type of LIST and a value-type value
+of ModelType.STRING is analogous to a Java List<String>, while one
+with a value-type value of ModelType.INT is analogous to a Java
+List<Integer>. An attribute with a type of OBJECT and a value-type
+value of ModelType.STRING is analogous to a Java
+Map<String, String>. An attribute with a type of OBJECT and a
+value-type whose value is not of type ModelType represents a
+fully-defined complex object, with the object’s legal fields and their
+values described.
+
+
+
expressions-allowed – boolean – indicates whether the value of the
+attribute may be of type ModelType.EXPRESSION, instead of its standard
+type (see type and value-type above for discussion of an attribute’s
+standard type.) A value of ModelType.EXPRESSION contains a
+system-property or environment variable
+substitution expression that the server will resolve
+against the server-side system property map before using the value. For
+example, an attribute named max-threads may have an expression value of
+${example.pool.max-threads:10} instead of just 10. Default value if
+not present is false.
+See the Expression Resolution subsection
+for a more thorough description.
+
+
+
required – boolean – true if the attribute must have a defined value
+in a representation of its portion of the model unless another attribute
+included in a list of alternatives is defined; false if it may be
+undefined (implying a null value) even in the absence of alternatives.
+If not present, true is the default.
+
+
+
nillable – boolean – true if the attribute might not have a defined
+value in a representation of its portion of the model. A nillable
+attribute may
+be undefined either because it is not required or because it is
+required but has alternatives and one of the alternatives is defined.
+
+
+
storage – String – Either "configuration" or "runtime". If
+"configuration", the attribute’s value is stored as part of the
+persistent configuration (e.g. in domain.xml, host.xml or
+standalone.xml.) If "runtime" the attribute’s value is not stored in the
+persistent configuration; the value only exists as long as the resource
+is running.
+
+
+
access-type – String – One of "read-only", "read-write" or "metric".
+Whether an attribute value can be written, or can only read. A "metric"
+is a read-only attribute whose value is not stored in the persistent
+configuration, and whose value may change due to activity on the server.
+If an attribute is "read-write", the resource will expose an operation
+named "write-attribute" whose "name" parameter will accept this
+attribute’s name and whose "value" parameter will accept a valid value
+for this attribute. That operation will be the standard means of
+updating this attribute’s value.
+
+
+
restart-required – String – One of "no-services", "all-services",
+"resource-services" or "jvm". Only relevant to attributes whose
+access-type is read-write. Indicates whether execution of a
+write-attribute operation whose name parameter specifies this attribute
+requires a restart of services (or an entire JVM) in order for the
+change to take effect in the runtime . See the discussion of
+Applying
+Updates to Runtime Services below. Default value is "no-services".
+
+
+
default – the default value for the attribute that will be used in
+runtime services if the attribute is not explicitly defined and no other
+attributes listed as alternatives are defined.
+
+
+
alternatives – List of string – Indicates an exclusive relationship
+between attributes. If this attribute is defined, the other attributes
+listed in this descriptor’s value should be undefined, even if their
+required descriptor says true; i.e. the presence of this attribute
+satisfies the requirement. Note that an attribute that is not explicitly
+configured but has a default value is still regarded as not being
+defined for purposes of checking whether the exclusive relationship has
+been violated. Default is undefined; i.e. this does not apply to most
+attributes.
+
+
+
requires – List of string – Indicates that if this attribute has a
+value (other than undefined), the other attributes listed in this
+descriptor’s value must also have a value, even if their required
+descriptor says false. This would typically be used in conjunction with
+alternatives. For example, attributes "a" and "b" are required, but are
+alternatives to each other; "c" and "d" are optional. But "b" requires
+"c" and "d", so if "b" is used, "c" and "d" must also be defined.
+Default is undefined; i.e. this does not apply to most attributes.
+
+
+
capability-reference – string – if defined indicates that this
+attribute’s value specifies the dynamic portion of the name of the
+specified capability provided by another resource. This indicates the
+attribute is a reference to another area of the management model. (Note
+that at present some attributes that reference other areas of the model
+may not provide this information.)
+
+
+
head-comment-allowed – boolean – This description key is for
+possible future use.
+
+
+
tail-comment-allowed – boolean – This description key is for
+possible future use.
+
+
+
arbitrary key/value pairs that further describe the attribute value,
+e.g. "max" ⇒ 2. See the Arbitrary
+Descriptors section.
A management resource may have operations associated with it. The
+description of an operation will include the following information:
+
+
+
+
+
operation-name – String – the name of the operation
+
+
+
description – String – text description of the operation
+
+
+
request-properties – Map of String to complex structure –
+description of the parameters of the operation. Keys are the names of
+the parameters, values are descriptions of the parameter value types.
+See
+below
+for details on the description of parameter value types.
+
+
+
reply-properties – complex structure, or empty – description of the
+return value of the operation, with an empty node meaning void. See
+below
+for details on the description of operation return value types.
+
+
+
restart-required – String – One of "no-services", "all-services",
+"resource-services" or "jvm". Indicates whether the operation makes a
+configuration change that requires a restart of services (or an entire
+JVM) in order for the change to take effect in the runtime. See
+the discussion of Applying
+Updates to Runtime Services below. Default value is "no-services".
description – String – text description of the parameter or return
+value
+
+
+
type – org.jboss.dmr.ModelType – the type of the parameter or
+return value. One of the enum values BIG_DECIMAL, BIG_INTEGER, BOOLEAN,
+BYTES, DOUBLE, INT, LIST, LONG, OBJECT, PROPERTY, STRING.
+
+
+
value-type – ModelType or complex structure – Only present if type
+is LIST or OBJECT. If all elements in the LIST or all the values of the
+OBJECT type are of the same type, this will be one of the ModelType
+enums BIG_DECIMAL, BIG_INTEGER, BOOLEAN, BYTES, DOUBLE, INT, LIST, LONG,
+PROPERTY, STRING. Otherwise, value-type will detail the structure of the
+attribute value, enumerating the value’s fields and the type of their
+value.So, a parameter with a type of LIST and a value-type value of
+ModelType.STRING is analogous to a Java List<String>, while one with
+a value-type value of ModelType.INT is analogous to a Java
+List<Integer>. A parameter with a type of OBJECT and a value-type
+value of ModelType.STRING is analogous to a Java
+Map<String, String>. A parameter with a type of OBJECT and a
+value-type whose value is not of type ModelType represents a
+fully-defined complex object, with the object’s legal fields and their
+values described.
+
+
+
expressions-allowed – boolean – indicates whether the value of the
+the parameter or return value may be of type ModelType.EXPRESSION,
+instead its standard type (see type and value-type above for discussion
+of the standard type.) A value of ModelType.EXPRESSION contains a
+system-property or environment variable
+substitution expression that the server will resolve
+against the server-side system property map before using the value. For
+example, a parameter named max-threads may have an expression value of
+${example.pool.max-threads:10} instead of just 10. Default value if
+not present is false.
+See the Expression Resolution subsection
+for a more thorough description.
+
+
+
required – boolean – true if the parameter or return value must have
+a defined value in the operation or response unless another item
+included in a list of alternatives is defined; false if it may be
+undefined (implying a null value) even in the absence of alternatives.
+If not present, true is the default.
+
+
+
nillable – boolean – true if the parameter or return value might not
+have a defined value in a representation of its portion of the model. A
+nillable parameter or return value may be undefined either because it is
+not required or because it is required but has alternatives and one
+of the alternatives is defined.
+
+
+
default – the default value for the parameter that will be used in
+runtime services if the parameter is not explicitly defined and no other
+parameters listed as alternatives are defined.
+
+
+
restart-required – String – One of "no-services", "all-services",
+"resource-services" or "jvm". Only relevant to attributes whose
+access-type is read-write. Indicates whether execution of a
+write-attribute operation whose name parameter specifies this attribute
+requires a restart of services (or an entire JVM) in order for the
+change to take effect in the runtime . See the discussion of
+Applying
+Updates to Runtime Services below. Default value is "no-services".
+
+
+
alternatives – List of string – Indicates an exclusive relationship
+between parameters. If this attribute is defined, the other parameters
+listed in this descriptor’s value should be undefined, even if their
+required descriptor says true; i.e. the presence of this parameter
+satisfies the requirement. Note that an parameer that is not explicitly
+configured but has a default value is still regarded as not being
+defined for purposes of checking whether the exclusive relationship has
+been violated. Default is undefined; i.e. this does not apply to most
+parameters.
+
+
+
requires – List of string – Indicates that if this parameter has a
+value (other than undefined), the other parameters listed in this
+descriptor’s value must also have a value, even if their required
+descriptor says false. This would typically be used in conjunction with
+alternatives. For example, parameters "a" and "b" are required, but are
+alternatives to each other; "c" and "d" are optional. But "b" requires
+"c" and "d", so if "b" is used, "c" and "d" must also be defined.
+Default is undefined; i.e. this does not apply to most parameters.
+
+
+
arbitrary key/value pairs that further describe the attribute value,
+e.g. "max" ⇒2. See the Arbitrary Descriptors
+section.
The description of an attribute, operation parameter or operation return
+value type can include arbitrary key/value pairs that provide extra
+information. Whether a particular key/value pair is present depends on
+the context, e.g. a pair with key "max" would probably only occur as
+part of the description of some numeric type.
+
+
+
Following are standard keys and their expected value type. If descriptor
+authors want to add an arbitrary key/value pair to some descriptor and
+the semantic matches the meaning of one of the following items, the
+standard key/value type must be used.
+
+
+
+
+
min – int – the minimum value of some numeric type. The absence of
+this item implies there is no minimum value.
+
+
+
max – int – the maximum value of some numeric type. The absence of
+this item implies there is no maximum value.
+
+
+
min-length – int – the minimum length of some string, list or byte[]
+type. The absence of this item implies a minimum length of zero.
+
+
+
max-length – int – the maximum length of some string, list or
+byte[]. The absence of this item implies there is no maximum value.
+
+
+
allowed – List – a list of legal values. The type of the elements in
+the list should match the type of the attribute.
+
+
+
unit - The unit of the value, if one is applicable - e.g. ns, ms, s,
+m, h, KB, MB, TB. See the
+org.jboss.as.controller.client.helpers.MeasurementUnit in the
+org.jboss.as:jboss-as-controller-client artifact for a listing of legal
+measurement units..
+
+
+
filesystem-path – boolean – a flag to indicate that the attribute is a
+path on the filesystem.
+
+
+
attached-streams – boolean – a flag to indicate that the attribute is a
+stream id to an attached stream.
+
+
+
relative-to – boolean – a flag to indicate that the attribute is a
+relative path.
+
+
+
feature-reference – boolean – a flag to indicate that the attribute is a
+reference to a provisioning feature via a capability.
+
+
+
+
+
Some examples:
+
+
+
+
{
+ "operation-name" => "incrementFoo",
+ "description" => "Increase the value of the 'foo' attribute by the given amount",
+ "request-properties" => {
+ "increment" => {
+ "type" => INT,
+ "description" => "The amount to increment",
+ "required" => true
+ }},
+ "reply-properties" => {
+ "type" => INT,
+ "description" => "The new value",
+ }
+}
The address used to target an addressable portion of the model must be
+an ordered list of key value pairs. The effect of this requirement is
+the addressable portions of the model naturally form a tree structure,
+with parent nodes in the tree defining what the valid keys are and the
+children defining what the valid values are. The parent node also
+defines the cardinality of the relationship. The description of the
+parent node includes a children element that describes these
+relationships:
+
+
+
+
{
+ ....
+ "children" => {
+ "connector" => {
+ .... description of the relationship with children of type "connector"
+ },
+ "virtual-host" => {
+ .... description of the relationship with children of type "virtual-host"
+ }
+}
+
+
+
+
The description of each relationship will include the following
+elements:
+
+
+
+
+
description – String – text description of the relationship
+
+
+
model-description – either "undefined" or a complex structure – This
+is a node of ModelType.OBJECT, the keys of which are legal values for
+the value portion of the address of a resource of this type, with the
+special character '*' indicating the value portion can have an arbitrary
+value. The values in the node are the full description of the particular
+child resource (its text description, attributes, operations, children)
+as detailed above. This model-description may also be "undefined",
+i.e. a null value, if the query that asked for the parent node’s
+description did not include the "recursive" param set to true.
+
+
+
+
+
Example with if the recursive flag was set to true:
+
+
+
+
{
+ "description" => "The connectors used to handle client connections",
+ "model-description" => {
+ "*" => {
+ "description" => "Handles client connections",
+ "min-occurs" => 1,
+ "attributes => {
+ ... details of children as documented above
+ },
+ "operations" => {
+ .... details of operations as documented above
+ },
+ "children" => {
+ .... details of the children's children
+ }
+ }
+ }
+}
+
+
+
+
If the recursive flag was false:
+
+
+
+
{
+ "description" => "The connectors used to handle client connections",
+ "model-description" => undefined
+}
An attribute or operation description may include a restart-required
+descriptor; this section is an explanation of the
+meaning of that descriptor.
+
+
+
An operation that changes a management resource’s persistent
+configuration usually can also also affect a runtime service associated
+with the resource. For example, there is a runtime service associated
+with any host.xml or standalone.xml <interface> element; other
+services in the runtime depend on that service to provide the
+InetAddress associated with the interface. In many cases, an update to
+a resource’s persistent configuration can be immediately applied to the
+associated runtime service. The runtime service’s state is updated to
+reflect the new value(s).
+
+
+
However, in many cases the runtime service’s state cannot be updated
+without restarting the service. Restarting a service can have broad
+effects. A restart of a service A will trigger a restart of other
+services B, C and D that depend on A, triggering a restart of services that
+depend on B, C and D, etc. Those service restarts may very well disrupt
+handling of end-user requests.
+
+
+
Because restarting a service can be disruptive to end-user request
+handling, the handlers for management operations will not restart any
+service without some form of explicit instruction from the end user
+indicating a service restart is desired. In a few cases, simply
+executing the operation is an indication the user wants services to
+restart (e.g. a /host=primary/server-config=server-one:restart
+operation in a managed domain, or a /:reload operation on a standalone
+server.) For all other cases, if an operation (or attribute write)
+cannot be performed without restarting a service, the metadata
+describing the operation or attribute will include a restart-required
+descriptor whose value indicates what is necessary
+for the operation to affect the runtime:
+
+
+
+
+
no-services – Applying the operation to the runtime does not require
+the restart of any services. This value is the default if the
+restart-required descriptor is not present.
+
+
+
all-services – The operation can only immediately update the
+persistent configuration; applying the operation to the runtime will
+require a subsequent restart of all services in the affected VM.
+Executing the operation will put the server into a reload-required
+state. Until a restart of all services is performed the response to this
+operation and to any subsequent operation will include a response header
+"process-state" ⇒ "reload-required". For a standalone server, a
+restart of all services can be accomplished by executing the reload
+CLI command. For a server in a managed domain, restarting all services
+is done via a reload operation targeting the particular server (e.g.
+/host=primary/server=server-one:reload).
+
+
+
jvm --The operation can only immediately update the persistent
+configuration; applying the operation to the runtime will require a full
+process restart (i.e. stop the JVM and launch a new JVM). Executing the
+operation will put the server into a restart-required state. Until
+a restart is performed the response to this operation and to any
+subsequent operation will include a response header
+"process-state" ⇒ "restart-required". For a standalone server, a full
+process restart requires first stopping the server via OS-level
+operations (Ctrl-C, kill) or via the shutdown CLI command, and then
+starting the server again from the command line. For a server in a
+managed domain, restarting a server requires executing the
+/host=<host>/server-config=<server>:restart operation.
+
+
+
resource-services – The operation can only immediately update the
+persistent configuration; applying the operation to the runtime will
+require a subsequent restart of some services associated with the
+resource. If the operation includes the request header
+"allow-resource-service-restart" ⇒ true, the handler for the
+operation will go ahead and restart the runtime service. Otherwise
+executing the operation will put the server into a reload-required
+state. (See the discussion of all-services above for more on the
+reload-required state.)
When resolving an expression in the model the following locations are checked.
+For this example we will use the expression ${my.example-expr}.
+
+
+
+
+
First we check if there is a system property with the name
+my.example-expr.
+If there is, we use its value as the result of the resolution.
+If not, we continue checking the next locations.
+
+
+
We convert the name my.example-expr to upper case, and replace all
+non-alphanumeric characters with underscores, ending up with
+MY_EXAMPLE_EXPR. We check if there is an environment variable with that
+name. If there is, we use its value as the result of the resolution.
+If not, we continue checking the next location.
+
+
+
+
+
+
+
+
+
+
+This step was introduced for WildFly 25, and has the scope to introduce some issues in special cases. Say you have an environment variable COMMON_VAR_NAME=foo already in use, and you use ${common-var-name:bar} in the wildfly configuration. Prior to WildFly 25, the default value (i.e. bar) will be used. In WildFly 25 and later, the value from the environment variable (i.e. foo) will be used.
+
+
+
+
+
+
+
+
If (and only if) the original name starts with env. we trim the prefix
+and look for an environment variable called what we are left with, with no
+conversion performed (e.g. if the original name was env.example, we look for
+an environment variable called example; if the original name was
+env.MY_EXAMPLE_EXPR, we look for an environment variable called MY_EXAMPLE_EXPR).
+If there is such an environmet variable, we use its value as the result of the resolution.
+
+
+
If none of the above checks yielded a result, the resolution failed. The
+final step is to check if the expression provided a default. Our ${my.example-expr}
+example provided no default, so the expression could not be resolved. If
+we had specified a default in the expression the default is returned (e.g. for
+${my.example-expr:hello}, the value hello is returned).
The Management API in WildFly is accessible through multiple channels,
+one of them being HTTP and JSON.
+
+
+
Even if you haven’t used a curl command line you might already have used
+this channel since it is how the web console interact with the
+Management API.
+
+
+
WildFly is distributed secured by default, the default security
+mechanism is username / password based making use of HTTP Digest for
+the authentication process.
+
+
+
Thus you need to create a user with the add-user.sh script.
While you can do everything with POST, some operations can be called
+through a 'classical' GET request.
+
+
+
These are the supported operations for a GET :
+
+
+
+
+
attribute : for a read-attribute operation
+
+
+
resource : for a read-resource operation
+
+
+
resource-description : for a read-resource-description operation
+
+
+
snapshots : for the list-snapshots operation
+
+
+
operation-description : for a read-operation-description operation
+
+
+
operation-names : for ad read-operation-names operation
+
+
+
+
+
The URL format is the following one : http://server:9990/management/
+<path_to_resource>?operation=<operation_name>&operation_parameter=<value>…
+
+
+
path_to_resource is the path to the wanted resource replacing all '='
+with '/' : thus for example subsystem=undertow/server=default-server
+becomes subsystem/undertow/server/default-server.
Here’s an example of an operation on a resource with a nested address
+and passed parameters. This is same as if you would run
+/host=primary/server=server-01:read-attribute(name=server-state)
Following example will get us information from http connection in
+undertow subsystem including run-time attributes
+This is the same as running
+/subsystem=undertow/server=default-server:read-resource(include-runtime=true,recursive=true)
+in CLI
A standalone WildFly process, or a managed domain Domain Controller or
+secondary Host Controller process can be configured to listen for remote
+management requests using its "native management interface":
~(See standalone/configuration/standalone.xml or
+domain/configuration/host.xml)~
+
+
+
The CLI tool that comes with the application server uses this interface,
+and user can develop custom clients that use it as well. In this section
+we’ll cover the basics on how to develop such a client. We’ll also cover
+details on the format of low-level management operation requests and
+responses – information that should prove useful for users of the CLI
+tool as well.
The native management interface uses an open protocol based on the JBoss
+Remoting library. JBoss Remoting is used to establish a communication
+channel from the client to the process being managed. Once the
+communication channel is established the primary traffic over the
+channel is management requests initiated by the client and asynchronous
+responses from the target process.
+
+
+
A custom Java-based client should have the maven artifact
+org.jboss.as:jboss-as-controller-client and its dependencies on the
+classpath. The other dependencies are:
+
+
+
+
+
+
+
+
+
Maven Artifact
+
Purpose
+
+
+
+
+
org.jboss.remoting:jboss-remoting
+
Remote communication
+
+
+
org.jboss:jboss-dmr
+
Detyped representation of the management model
+
+
+
org.jboss.as:jboss-as-protocol
+
Wire protocol for remote WildFly
+management
+
+
+
org.jboss.sasl:jboss-sasl
+
SASL authentication
+
+
+
org.jboss.xnio:xnio-api
+
Non-blocking IO
+
+
+
org.jboss.xnio:xnio-nio
+
Non-blocking IO
+
+
+
org.jboss.logging:jboss-logging
+
Logging
+
+
+
org.jboss.threads:jboss-threads
+
Thread management
+
+
+
org.jboss.marshalling:jboss-marshalling
+
Marshalling and unmarshalling
+data to/from streams
+
+
+
+
+
The client API is entirely within the
+org.jboss.as:jboss-as-controller-client artifact; the other
+dependencies are part of the internal implementation of
+org.jboss.as:jboss-as-controller-client and are not compile-time
+dependencies of any custom client based on it.
+
+
+
The management protocol is an open protocol, so a completely custom
+client could be developed without using these libraries (e.g. using
+Python or some other language.)
The org.jboss.as.controller.client.ModelControllerClient class is the
+main class a custom client would use to manage a WildFly server instance
+or a Domain Controller or secondary Host Controller.
+
+
+
The custom client must have maven artifact
+org.jboss.as:jboss-as-controller-client and its dependencies on the
+classpath.
The address and port are what is configured in the target process'
+<management><management-interfaces><native-interface…/> element.
+
+
+
Typically, however, the native management interface will be secured,
+requiring clients to authenticate. On the client side, the custom client
+will need to provide the user’s authentication credentials, obtained in
+whatever manner is appropriate for the client (e.g. from a dialog box in
+a GUI-based client.) Access to these credentials is provided by passing
+in an implementation of the
+javax.security.auth.callback.CallbackHandler interface. For example:
Management requests are formulated using the org.jboss.dmr.ModelNode
+class from the jboss-dmr library. The jboss-dmr library allows the
+complete WildFly management model to be expressed using a very small
+number of Java types. See
+Detyped
+management and the jboss-dmr library for full details on using this
+library.
+
+
+
Let’s show an example of creating an operation request object that can
+be used to
+read
+the resource description for the web subsystem’s HTTP connector:
+
+
+
+
ModelNode op = new ModelNode();
+op.get("operation").set("read-resource-description");
+
+ModelNode address = op.get("address");
+address.add("subsystem", "web");
+address.add("connector", "http");
+
+op.get("recursive").set(true);
+op.get("operations").set(true);
+
+
+
+
What we’ve done here is created a ModelNode of type ModelType.OBJECT
+with the following fields:
+
+
+
+
+
operation – the name of the operation to invoke. All operation
+requests must include this field and its value must be a String.
+
+
+
address – the address of the resource to invoke the operation
+against. This field’s must be of ModelType.LIST with each element in
+the list being a ModelType.PROPERTY. If this field is omitted the
+operation will target the root resource. The operation can be targeted
+at any address in the management model; here we are targeting it at the
+resource for the web subsystem’s http connector.
+
+
+
+
+
In this case, the request includes two optional parameters:
+
+
+
+
+
recursive – true means you want the description of child resources
+under this resource. Default is false
+
+
+
operations – true means you want the description of operations
+exposed by the resource to be included. Default is false.
+
+
+
+
+
Different operations take different parameters, and some take no
+parameters at all.
The example above produces an operation request ModelNode equivalent to
+what the CLI produces internally when it parses and executes the
+following low-level CLI command:
The execute operation shown above will block the calling thread until
+the response is received from the process being managed.
+ModelControllerClient also exposes and API allowing asynchronous
+invocation:
+
+
+
+
Future<ModelNode> future = client.executeAsync(op);
+. . . // do other stuff
+ModelNode returnVal = future.get();
+System.out.println(returnVal.get("result").toString());
A ModelControllerClient can be reused for multiple requests. Creating
+a new ModelControllerClient for each request is an anti-pattern.
+However, when the ModelControllerClient is no longer needed, it should
+always be explicitly closed, allowing it to close down any connections
+to the process it was managing and release other resources:
ModelNode op = new ModelNode();
+op.get("operation").set("write-attribute");
+ModelNode addr = op.get("address");
+addr.add("profile", "production");
+addr.add("subsystem", "threads");
+addr.add("bounded-queue-thread-pool", "pool1");
+op.get("name").set("count");
+op.get("value").set(20);
+System.out.println(op);
+
+
+
+
The order in which the outermost elements appear in the request is not
+relevant. The required elements are:
+
+
+
+
+
operation – String – The name of the operation being invoked.
+
+
+
address – the address of the managed resource against which the
+request should be executed. If not set, the address is the root
+resource. The address is an ordered list of key-value pairs describing
+where the resource resides in the overall management resource tree.
+Management resources are organized in a tree, so the order in which
+elements in the address occur is important.
+
+
+
+
+
The other key/value pairs are parameter names and their values. The
+names and values should match what is specified in the
+operation’s
+description.
+
+
+
Parameters may have any name, except for the reserved words operation,
+address and operation-headers.
Besides the special operation and address values discussed above,
+operation requests can also include special "header" values that help
+control how the operation executes. These headers are created under the
+special reserved word operation-headers:
rollback-on-runtime-failure – boolean, optional, defaults to true.
+Whether an operation that successfully updates the persistent
+configuration model should be reverted if it fails to apply to the
+runtime. Operations that affect the persistent configuration are applied
+in two stages – first to the configuration model and then to the actual
+running services. If there is an error applying to the configuration
+model the operation will be aborted with no configuration change and no
+change to running services will be attempted. However, operations are
+allowed to change the configuration model even if there is a failure to
+apply the change to the running services – if and only if this
+rollback-on-runtime-failure header is set to false. So, this header
+only deals with what happens if there is a problem applying an operation
+to the running state of a server (e.g. actually increasing the size of a
+runtime thread pool.)
+
+
+
rollout-plan – only relevant to requests made to a Domain Controller
+or Host Controller. See "
+Operations with a
+Rollout Plan" for details.
roles – String or list of strings. Name(s) of RBAC role(s) the
+permissions for which should be used when making access control
+decisions instead of those from the roles normally associated with the
+user invoking the operation. Only respected if the user is normally
+associated with a role with all permissions (i.e. SuperUser), meaning
+this can only be used to reduce permissions for a caller, not to
+increase permissions.
+
+
+
blocking-timeout – int, optional, defaults to 300. Maximum time, in
+seconds, that the operation should block at various points waiting for
+completion. If this period is exceeded, the operation will roll back.
+Does not represent an overall maximum execution time for an operation;
+rather it is meant to serve as a sort of fail-safe measure to prevent
+problematic operations indefinitely tying up resources.
The root resource for a Domain or Host Controller or an individual
+server will expose an operation named " `composite`". This operation
+executes a list of other operations as an atomic unit (although the
+atomicity requirement can be
+relaxed.
+The structure of the request for the " `composite`" operation has the
+same fundamental structure as a simple operation (i.e. operation name,
+address, params as key value pairs).
The "composite" operation takes a single parameter:
+
+
+
+
+
steps – a list, where each item in the list has the same structure
+as a simple operation request. In the example above each of the two
+steps is modifying the thread pool configuration for a different pool.
+There need not be any particular relationship between the steps. Note
+that the rollback-on-runtime-failure and rollout-plan operation
+headers are not supported for the individual steps in a composite
+operation.
+
+
+
+
+The `rollback-on-runtime-failure` operation header discussed above has a
+particular meaning when applied to a composite operation, controlling
+whether steps that successfully execute should be reverted if other
+steps fail at runtime. Note that if any steps modify the persistent
+configuration, and any of those steps fail, all steps will be reverted.
+Partial/incomplete changes to the persistent configuration are not
+allowed.
Operations targeted at domain or host level resources can potentially
+impact multiple servers. Such operations can include a "rollout plan"
+detailing the sequence in which the operation should be applied to
+servers as well as policies for detailing whether the operation should
+be reverted if it fails to execute successfully on some servers.
+
+
+
If the operation includes a rollout plan, the structure is as follows:
As you can see, the rollout plan is another structure in the
+operation-headers section. The root node of the structure allows two
+children:
+
+
+
+
+
in-series – a list – A list of activities that are to be performed
+in series, with each activity reaching completion before the next step
+is executed. Each activity involves the application of the operation to
+the servers in one or more server groups. See below for details on each
+element in the list.
+
+
+
rollback-across-groups – boolean – indicates whether the need to
+rollback the operation on all the servers in one server group should
+trigger a rollback across all the server groups. This is an optional
+setting, and defaults to false.
+
+
+
+
+
Each element in the list under the in-series node must have one or the
+other of the following structures:
+
+
+
+
+
concurrent-groups – a map of server group names to policies
+controlling how the operation should be applied to that server group.
+For each server group in the map, the operation may be applied
+concurrently. See below for details on the per-server-group policy
+configuration.
+
+
+
server-group – a single key/value mapping of a server group name to
+a policy controlling how the operation should be applied to that server
+group. See below for details on the policy configuration. (Note: there
+is no difference in plan execution between this and a "
+`concurrent-groups`" map with a single entry.)
+
+
+
+
+
The policy controlling how the operation is applied to the servers
+within a server group has the following elements, each of which is
+optional:
+
+
+
+
+
rolling-to-servers – boolean – If true, the operation will be
+applied to each server in the group in series. If false or not
+specified, the operation will be applied to the servers in the group
+concurrently.
+
+
+
max-failed-servers – int – Maximum number of servers in the group
+that can fail to apply the operation before it should be reverted on all
+servers in the group. The default value if not specified is zero; i.e.
+failure on any server triggers rollback across the group.
+
+
+
max-failure-percentage – int between 0 and 100 – Maximum percentage
+of the total number of servers in the group that can fail to apply the
+operation before it should be reverted on all servers in the group. The
+default value if not specified is zero; i.e. failure on any server
+triggers rollback across the group.
+
+
+
+
+
If both max-failed-servers and max-failure-percentage are set,
+max-failure-percentage takes precedence.
+
+
+
Looking at the (contrived) example above, application of the operation
+to the servers in the domain would be done in 3 phases. If the policy
+for any server group triggers a rollback of the operation across the
+server group, all other server groups will be rolled back as well. The 3
+phases are:
+
+
+
+
+
Server groups groupA and groupB will have the operation applied
+concurrently. The operation will be applied to the servers in groupA in
+series, while all servers in groupB will handle the operation
+concurrently. If more than 20% of the servers in groupA fail to apply
+the operation, it will be rolled back across that group. If any servers
+in groupB fail to apply the operation it will be rolled back across that
+group.
+
+
+
Once all servers in groupA and groupB are complete, the operation
+will be applied to the servers in groupC. Those servers will handle the
+operation concurrently. If more than one server in groupC fails to apply
+the operation it will be rolled back across that group.
+
+
+
Once all servers in groupC are complete, server groups groupD and
+groupE will have the operation applied concurrently. The operation will
+be applied to the servers in groupD in series, while all servers in
+groupE will handle the operation concurrently. If more than 20% of the
+servers in groupD fail to apply the operation, it will be rolled back
+across that group. If any servers in groupE fail to apply the operation
+it will be rolled back across that group.
All operations that impact multiple servers will be executed with a
+rollout plan. However, actually specifying the rollout plan in the
+operation request is not required. If no rollout-plan operation header
+is specified, a default plan will be generated. The plan will have the
+following characteristics:
+
+
+
+
+
There will only be a single high level phase. All server groups
+affected by the operation will have the operation applied concurrently.
+
+
+
Within each server group, the operation will be applied to all servers
+concurrently.
+
+
+
Failure on any server in a server group will cause rollback across the
+group.
+
+
+
Failure of any server group will result in rollback of all other
+server groups.
Since a rollout plan may be quite complex, having to pass it as a header
+every time can become quickly painful. So instead we can store it in the
+model and then reference it when we want to use it.
+To create a rollout plan you can use the operation rollout-plan add
+like this :
Simple responses are provided by the following types of operations:
+
+
+
+
+
Non-composite operations that target a single server. (See below for
+more on composite operations).
+
+
+
Non-composite operations that target a Domain Controller or secondary Host
+Controller and don’t require the responder to apply the operation on
+multiple servers and aggregate their results (e.g. a simple read of a
+domain configuration property.)
+
+
+
+
+
The response will always include a simple boolean outcome field, with
+one of three possible values:
+
+
+
+
+
success – the operation executed successfully
+
+
+
failed – the operation failed
+
+
+
cancelled – the execution of the operation was cancelled. (This
+would be an unusual outcome for a simple operation which would generally
+very rapidly reach a point in its execution where it couldn’t be
+cancelled.)
+
+
+
+
+
The other fields in the response will depend on whether the operation
+was successful.
Besides the standard outcome, result and failure-description
+fields described above, the response may also include various headers
+that provide more information about the affect of the operation or about
+the overall state of the server. The headers will be child element under
+a field named response-headers. For example:
A response header is typically related to whether an operation could be
+applied to the targeted runtime without requiring a restart of some or
+all services, or even of the target process itself. Please see the
+"Applying
+Updates to Runtime Services" section of the Description of the
+Management Model section for a discussion of the basic concepts related
+to what happens if an operation requires a service restart to be
+applied.
+
+
+
The current possible response headers are:
+
+
+
+
+
operation-requires-reload – boolean – indicates that the specific
+operation that has generated this response requires a restart of all
+services in the process in order to take effect in the runtime. This
+would typically only have a value of 'true'; the absence of the header
+is the same as a value of 'false.'
+
+
+
operation-requires-restart – boolean – indicates that the specific
+operation that has generated this response requires a full process
+restart in order to take effect in the runtime. This would typically
+only have a value of 'true'; the absence of the header is the same as a
+value of 'false.'
+
+
+
process-state – enumeration – Provides information about the overall
+state of the target process. One of the following values:
+
+
+
+
starting – the process is starting
+
+
+
running – the process is in a normal running state. The
+process-state header would typically not be seen with this value; the
+absence of the header is the same as a value of 'running'.
+
+
+
reload-required – some operation (not necessarily this one) has
+executed that requires a restart of all services in order for a
+configuration change to take effect in the runtime.
+
+
+
restart-required – some operation (not necessarily this one) has
+executed that requires a full process restart in order for a
+configuration change to take effect in the runtime.
A composite operation is one that incorporates more than one simple
+operation in a list and executes them atomically. See the
+"Composite
+Operations" section for more information.
+
+
+
Basic composite responses are provided by the following types of
+operations:
+
+
+
+
+
Composite operations that target a single server.
+
+
+
Composite operations that target a Domain Controller or a secondary Host
+Controller and don’t require the responder to apply the operation on
+multiple servers and aggregate their results (e.g. a list of simple
+reads of domain configuration properties.)
+
+
+
+
+
The high level format of a basic composite operation response is largely
+the same as that of a simple operation response, although there is an
+important semantic difference. For a composite operation, the meaning of
+the outcome flag is controlled by the value of the operation request’s
+rollback-on-runtime-failure header field. If that field was false
+(default is true), the outcome flag will be success if all steps were
+successfully applied to the persistent configuration even if none of
+the composite operation’s steps was successfully applied to the runtime.
+
+
+
What’s distinctive about a composite operation response is the result
+field. First, even if the operation was not successful, the result
+field will usually be present. (It won’t be present if there was some
+sort of immediate failure that prevented the responder from even
+attempting to execute the individual operations.) Second, the content of
+the result field will be a map. Each entry in the map will record the
+result of an element in the steps parameter of the composite operation
+request. The key for each item in the map will be the string " step-X`"
+where "X" is the 1-based index of the step’s position in the request’s
+`steps list. So each individual operation in the composite operation
+will have its result recorded.
+
+
+
The individual operation results will have the same basic format as the
+simple operation results described above. However, there are some
+differences from the simple operation case when the individual
+operation’s outcome flag is failed. These relate to the fact that in
+a composite operation, individual operations can be rolled back or not
+even attempted.
+
+
+
If an individual operation was not even attempted (because the overall
+operation was cancelled or, more likely, a prior operation failed):
+
+
+
+
{
+ "outcome" => "cancelled"
+}
+
+
+
+
An individual operation that failed and was rolled back:
And for a failed 3 step composite operation, where the first step
+succeeded and the second failed, triggering cancellation of the 3rd and
+rollback of the others:
Multi-server responses are provided by operations that target a Domain
+Controller or secondary Host Controller and require the responder to apply
+the operation on multiple servers and aggregate their results (e.g.
+nearly all domain or host configuration updates.)
+
+
+
Multi-server operations are executed in several stages.
+
+
+
First, the operation may need to be applied against the authoritative
+configuration model maintained by the Domain Controller (for
+domain.xml confgurations) or a Host Controller (for a host.xml
+configuration). If there is a failure at this stage, the operation is
+automatically rolled back, with a response like this:
+
+
+
+
{
+ "outcome" => "failed",
+ "failure-description" => {
+ "domain-failure-description" => "[JBAS-33333] Failed to apply X to the domain model"
+ }
+}
+
+
+
+
If the operation was addressed to the domain model, in the next stage
+the Domain Controller will ask each secondary Host Controller to apply it to
+its local copy of the domain model. If any Host Controller fails to do
+so, the Domain Controller will tell all Host Controllers to revert the
+change, and it will revert the change locally as well. The response to
+the client will look like this:
+
+
+
+
{
+ "outcome" => "failed",
+ "failure-description" => {
+ "host-failure-descriptions" => {
+ "hostA" => "[DOM-3333] Failed to apply to the domain model",
+ "hostB" => "[DOM-3333] Failed to apply to the domain model"
+ }
+ }
+}
+
+
+
+
If the preceding stages succeed, the operation will be pushed to all
+affected servers. If the operation is successful on all servers, the
+response will look like this (this example operation has a void
+response, hence the result for each server is undefined):
The operation need not succeed on all servers in order to get an
+"outcome" ⇒ "success" result. All that is required is that it succeed
+on at least one server without the rollback policies in the rollout plan
+triggering a rollback on that server. An example response in such a
+situation would look like this:
Overview of all system properties in WildFly including OS system
+properties and properties specified on command line using -D, -P or
+--properties arguments.
Descriptions, possible attribute type and values, permission and whether
+expressions ( $\{ … } ) are allowed from the underlying model are
+shown by the read-resource-description command.
The attribute for interface is named "resolved-address". It’s a runtime
+attribute so it does not show up in :read-resource by default. You have
+to add the "include-runtime" parameter.
WildFly scripts for Windows end with "Press any key to continue …".
+This behavior is useful when script is executed by double clicking the
+script but not when you need to invoke several commands from custom
+script (e.g. 'bin/jboss-admin.bat --connect command=:shutdown').
+
+
+
To avoid "Press any key to continue …" message you need to specify
+NOPAUSE variable. Call 'set NOPAUSE=true' in command line before running
+any WildFly 29 .bat script or include it in your custom script before
+invoking scripts from WildFly.
In addition to the legacy deploy, undeploy and deployment-info commands,
+that stay un-changed, the CLI offers a deployment command that properly
+separates the various use cases encountered when managing deployments. This command
+offers a simpler interface and should be the way to go when managing deployments.
+New features will be added thanks to the deployment command, legacy commands will not evolve.
+This document contains a summary of the capabilities of this command, type help deployment
+to display the list of all available actions and help deployment <action> for the detailed
+description of an action.
+
+
+
Actions to deploy some content:
+
+
+
+
+
deployment deploy-file: To deploy a file located on the file system.
+
+
+
deployment deploy-url: To deploy content referenced by an URL.
+
+
+
deployment deploy-cli-achive: To deploy some content thanks to a CLI archive
+(.cli file) located on the file system.
+
+
+
+
+
Actions to enable some deployments:
+
+
+
+
+
deployment enable: To enable a given disabled deployment.
+
+
+
deployment enable-all: To enable all disabled deployments.
+
+
+
+
+
Actions to disable some deployments:
+
+
+
+
+
deployment disable: To disable a given enabled deployment.
+
+
+
deployment disable-all: To disable all enabled deployments.
+
+
+
+
+
Actions to undeploy some deployments:
+
+
+
+
+
deployment undeploy: To undeploy a given deployment and remove its content
+from the repository.
+
+
+
deployment undeploy-cli-archive: To undeploy some content using a CLI archive
+(.cli file) located on the file system.
+
+
+
+
+
Actions to get information on some deployments:
+
+
+
+
+
deployment info: To display information about single or multiple deployments.
+
+
+
deployment list: To display all the existing deployments.
It can be desirable to incrementally create and(or) update a WildFly
+deployment. This chapter details how this can be achieved using the
+WildFly CLI tool.
+
+
+
Steps to create an empty deployment and add an index html file.
add-content operation allows you to add more than one file (
+content argument is a list of complex types).
+
+
+
CLI offers completion for browse-content’s path and
+remove-content's paths argument.
+
+
+
You can safely use operations that are using attached streams in batch
+operations. In the case of batch operations, streams are attached to the
+composite operation.
+
+
+
+
+
+
+
+
+
+
+On Windows, path separator '\' needs to be escaped, this is a limitation
+of CLI handling complex types. The file path completion is automatically
+escaping the paths it is proposing.
+
In order to benefit from CLI support for attached file streams and file
+system completion, you need to properly structure your operation
+arguments. Steps to create an operation that receives a list of file
+streams attached to the operation:
+
+
+
+
+
Define your operation argument as a LIST of INT (The LIST
+value-type must be of type INT).
+
+
+
In the description of your argument, add the 2 following boolean
+descriptors: filesystem-path and attached-streams
+
+
+
+
+
When your operation is called from the CLI, file system completion will
+be automatically proposed for your argument. At execution time, the file
+system paths will be automatically converted onto the index of the
+attached streams.
Some management resources are exposing the content of files in the
+matter of streams. Streams returned by a management operation are
+attached to the headers of the management response. The CLI command
+attachment (see CLI help for a detailed description of this command)
+allows to display or save the content of the attached streams.
The command for allows to iterate the content of an operation result. As an
+example, this command can be used to display the content of the Manifest files
+present in all deployed applications. For example:
+
+
+
+
for deployed in :read-children-names(child-type=deployment)
+ echo $deployed Manifest content
+ attachment display --operation=/deployment=$deployed:read-content(path=META-INF/MANIFEST.MF)
+done
+
+
+
+
When this for block is executed, the content of all Manifest files is displayed in the CLI console.
+
+
+
Tips
+
+
+
+
+
The scope of the defined variable is limited to the for block.
+
+
+
If a variable with the same name already exists, the for command will print an error.
+
+
+
If the operation doesn’t return a list, the for command will print an error.
+
+
+
for block can be discarded and not execute by adding the option --discard to done.
CLi offers a security command to group all security related management actions
+under a single command.
+
+
+
+
+
security enable-ssl-management: To enable SSL (elytron SSLContext) for the
+management interfaces. Type help security enable-ssl-management for a
+complete description of the command.
+
+
+
+
+
Among other ways to configure SSL, this command offers an interactive wizard to
+help you configure SSL by generating a self-signed certificate.
+Example of wizard usage:
+
+
+
+
security enable-ssl-management --interactive
+Please provide required pieces of information to enable SSL:
+Key-store file name (default management.keystore):
+Password (blank generated):
+What is your first and last name? [Unknown]:
+What is the name of your organizational unit? [Unknown]:
+What is the name of your organization? [Unknown]:
+What is the name of your City or Locality? [Unknown]:
+What is the name of your State or Province? [Unknown]:
+What is the two-letter country code for this unit? [Unknown]:
+Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct y/n [y]?
+Validity (in days, blank default):
+Alias (blank generated):
+Enable SSL Mutual Authentication y/n (blank n):n
+
+SSL options:
+key store file: management.keystore
+distinguished name: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
+password: KRzne5s1
+validity: default
+alias: alias-265e6c6d-ff4e-4b8c-8f10-f015d678eb29
+Server keystore file management.keystore, certificate signing request management.csr and
+certificate file management.keystore.pem will be generated in server configuration directory.
+Do you confirm y/n :y
+
+
+
+
NB: Once the command is executed, the CLI will reload the server and reconnect to it.
+
+
+
This command can also obtain the certificates from the Let’s Encrypt certificate authority
+by use of the --lets-encrypt parameter.
+Besides the mentioned workflow the user will be prompted to specify more information
+(eg: account key store, certificate authority account) to obtain the certificate from Let’s Encrypt.
+
+
+
+
+
security disable-ssl-management: To disable SSL (elytron SSLContext) for the
+management interfaces. Type help security disable-ssl-management for
+a complete description of the command.
+
+
+
security enable-ssl-http-server: To enable SSL (elytron SSLContext) for the
+undertow server. The same wizard as the enable-ssl-management action is available.
+Type help security enable-ssl-http-server for a complete description of the command.
+
+
+
+
+
This command can also obtain the certificates from the Let’s Encrypt certificate authority
+by use of the --lets-encrypt parameter.
+Besides the mentioned workflow the user will be prompted to specify more information
+(eg: account key store, certificate authority account) to obtain the certificate from Let’s Encrypt.
+
+
+
+
+
security disable-ssl-http-server: To disable SSL (elytron SSLContext) for the
+undertow server. Type help security disable-ssl-http-server for a complete
+description of the command.
+
+
+
security enable-sasl-management: To enable SASL authentication (elytron SASL factory) for the
+management interfaces. Calling this command without any option will have the
+effect to associate the out of the box SASL factory to the http-interface.
+Type help security enable-sasl-management for a complete description of the command.
+
+
+
+
+
This command supports a subset of SASL mechanisms such as: EXTERNAL, DIGEST-MD5,
+JBOSS-LOCAL-USER, SCRAM-*, … The CLI completer proposes the set of mechanisms that
+can be properly configured using this command. Each mechanism can be associated
+to a property file realm, a file-system realm or a trust-store realm according to its nature.
+
+
+
NB: Once the command is executed, the CLI will reload the server and reconnect to it.
+
+
+
+
+
security disable-sasl-management: To disable SASL for the
+management interfaces. If a mechanism is provided, this mechanism will be removed
+from the factory, the factory will stay associated to the interface. Without mechanism, the
+factory is no more active on the management interface. Type help security disable-sasl-management
+for a complete description of the command.
+
+
+
security reorder-sasl-management: To re-order the list of SASL mechanisms present
+in the factory. Order of mechanisms is of importance, the first in the list is sent to the client.
+Type help security reorder-sasl-management for a complete description of the command.
+
+
+
security enable-http-auth-management: To enable HTTP authentication (elytron HTTP factory) for the
+management http-interface. Calling this command without any option will have the
+effect to associate the out of the box HTTP Authentication factory to the http-interface.
+Type help security enable-http-auth-management for a complete description of the command.
+
+
+
+
+
This command supports a subset of HTTP mechanisms such as: BASIC, CLIENT_CERT, DIGEST, …
+The CLI completer proposes the set of mechanisms that can be properly configured
+using this command. Each mechanism can be associated to a property file realm,
+a file-system realm or a trust-store realm according to its nature.
+
+
+
NB: Once the command is executed, the CLI will reload the server and reconnect to it.
+
+
+
+
+
security disable-http-auth-management: To disable HTTP Authentication for the
+http management interface. If a mechanism is provided, this mechanism will be removed
+from the factory, the factory will stay associated to the interface. Without mechanism, the
+factory is no more active on the management interface. Type help security disable-http-auth-management
+for a complete description of the command.
+
+
+
security enable-http-auth-http-server: To enable HTTP authentication (elytron HTTP factory) for the
+given undertow security domain.
+Type help security enable-http-auth-http-server for a complete description of the command.
+
+
+
+
+
This command supports a subset of HTTP mechanisms such as: BASIC, CLIENT_CERT, DIGEST, …
+The CLI completer proposes the set of mechanisms that can be properly configured
+using this command. Each mechanism can be associated to a property file realm,
+a file-system realm or a trust-store realm according to its nature.
+
+
+
NB: Once the command is executed, the CLI will reload the server and reconnect to it.
+
+
+
+
+
security disable-http-auth-http-server: To disable HTTP Authentication for the
+given undertow security domain. If a mechanism is provided, this mechanism will be removed
+from the factory, the factory will stay associated to the security domain. Without mechanism, the
+factory is no more active on the security-domain. Type help security disable-http-auth-http-server
+for a complete description of the command.
The CLI script JBOSS_HOME/docs/examples/enable-microprofile.cli can be applied to a default standalone configuration
+to add support for MicroProfile.
+
+
+
Impact on updated configuration:
+
+
+
+
+
Addition of MicroProfile subsystems.
+
+
+
Removal of security subsystem.
+
+
+
Removal of ManagementRealm.
+
+
+
Elytron security used for management and application entry points.
+
+
+
+
+
By default the script updates standalone.xml configuration.
+Thanks to the config=<config name> system property, the script can be applied to another standalone configuration.
+
+
+
NB: this script has to be applied offline with no server running.
This document details the steps to follow in order to develop a WildFly application
+packaged as a bootable JAR. A bootable JAR can be run both on bare-metal and cloud platforms.
+
+
+
Developing an application packaged as a bootable JAR is not different from developing an application for a traditional
+WildFly server installation using Maven.
+The extra steps required to package your application inside a bootable JAR are handled by the
+org.wildfly.plugins:wildfly-jar-maven-plugin Maven plugin.
+
+
+
This document contains the minimal information set required to build and run a WildFly bootable JAR.
+Complete information on the Maven plugin usage can be found in the bootable JAR documentation.
+
+
+
+
+
1. Adding the bootable JAR Maven plugin to your pom file
+
+
+
This is done by adding an extra build step to your application deployment Maven pom.xml file.
The next chapter covers the plugin configuration items that are required to identify the WildFly server version and content.
+
+
+
+
+
2. Galleon configuration
+
+
+
The Bootable JAR Maven plugin depends on Galleon to construct the WildFly server contained in the JAR file.
+
+
+
Galleon is configured thanks to the Maven plugin <configuration> element.
+
+
+
The first required piece of information that Galleon needs is a reference to the WildFly Galleon feature-pack.
+The WildFly Galleon feature-pack is a maven artifact that contains everything needed to dynamically provision a server.
+This feature-pack, as well as the feature-packs on which its depends,
+are deployed in public maven repositories.
+
+
+
When the bootable JAR Maven plugin builds a JAR, WildFly feature-packs are retrieved and
+their content is assembled to create the server contained in the JAR.
+
+
+
Once you have identified a WildFly Galleon feature-pack, you need to select a set of
+WildFly Layers that are used to compose the server.
+
+
+
The set of Galleon layers to include is driven by the needs of the application you are developing.
+The list of WildFly Layers provides details on
+the server features that each layer brings. Make sure that the API and server features you are using (eg: Jakarta RESTful Web Services, MicroProfile Config, datasources)
+are provided by the layers you are choosing.
+
+
+
If you decide not to specify Galleon layers, a server containing all MicroProfile subsystems is
+provisioned. (The server configuration is identical to the standalone-microprofile.xml configuration
+in the traditional WildFly server zip.)
(1) In this plugin configuration extract, we are retrieving the latest WildFly Galleon feature-pack installed in the
+ org.jboss.universe:community-universe Galleon universe. In case you would like to provision a specific version of the server,
+you would need to specify the server version, for example wildfly@maven(org.jboss.universe:community-universe)#21.0.0.Final
If your project is using WildFly Preview, the feature-pack-location to use
+is wildfly-preview@maven(org.jboss.universe:community-universe).
+
+
+
+
+
+
+
2.1. WildFly Layers
+
+
A Galleon layer is a name that identifies a server capability (e.g.: jaxrs,
+ejb, microprofile-config, jpa) or an aggregation of such capabilities. A layer captures a server capability in the form of:
+
+
+
+
+
A piece of server XML configuration (e.g.: extension, configured subsystem, interfaces) that describes the capability.
+
+
+
A set of modules and other filesystem content that implements the capability.
+
+
+
+
+
When you are using a layer, it delivers these pieces of information in order for
+Galleon to assemble a server containing only the required configuration and modules.
+
+
+
In the tables below we provide basic information about all of the layers WildFly provides.
+
+
+
Besides the layer names and a brief description of each, the tables below detail the various dependency relationships
+between layers. If the capabilities provided by a layer A require capabilities provided by another layer B, then layer A will depend on layer B.
+If you ask for layer A, then Galleon will automatically provide B as well. In some cases A’s dependency on B can be optional; that
+is A typically comes with B, but can function without it. In this case if you ask for A by default Galleon will provide B as well,
+but you can tell Galleon to exclude B.
+
+
+
Some layers are logical alternatives to other layers. If two layers are alternatives to each other they both provide the same general
+capabilities, but with different implementation characteristics. For example a number of layers provide the capability to cache different
+types of objects. These layers typically come in pairs of alternatives, where one alternative provides local caching, while the other provides
+distributed caching. If a layer you want has an optional dependency on a layer that has an alternative, you can exclude that dependency
+and instead specify the alternative. If a layer has an alternative the Description column in the tables below will identify it.
+
+
+
+
+
+
+
+
+
+
If the elytron layer is present, security will be handled by the elytron subsystem.
+The undertow and ejb subsystems are configured with an otherapplication-security-domain that references the Elytron ApplicationDomain security domain.
+
+
+
+
+
+
+
2.1.1. Foundational Galleon layers
+
+
A single Galleon layer can provide a relatively small set of capabilities, but most users will want to start with a broader set
+of capabilities without having to spell out all the details. To help with this WildFly provides a few foundational layers
+all of which provide typical core WildFly capabilities like the logging subsystem and a secure remote management interface.
+
+
+
You don’t have to base your WildFly installation on one of these foundational layers, but doing so may be more convenient.
A typical manageable server core. This layer could serve as a base for a more
+specialized WildFly that doesn’t need the capabilities provided by the other foundational layers.
Support for the Undertow HTTP server. Provides servlet support but does not provide typical EE integration like resource injection.
+Use web-server for a servlet container with EE integration.
Support for distributable web applications. Configures a non-local Infinispan-based container web cache for data session handling suitable to clustering environments.
Support for loading the HAL web console from the /console context on the HTTP
+management interface. Not required to use a HAL console obtained independently
+and configured to connect to the server.
Support for distributable web applications. Configures a local Infinispan-based container web cache for data session handling suitable to single node environments.
+References in this document to Java Persistence API (JPA) refer to the Jakarta Persistence unless otherwise noted.
+ References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
+
+
+
+
+
+
+
+
+
+
3. Additional configuration
+
+
+
The plugin allows you to specify additional configuration items:
+
+
+
+
+
A set of WildFly CLI scripts to execute to fine tune the server configuration.
+
+
+
Some extra content to be copied inside the bootable JAR (e.g.: server keystore).
+
+
+
+
+
Check this documentation for more details on how to configure execution of
+CLI scripts and to package extra content.
+
+
+
+
+
4. Packaging your application
+
+
+
Call ` mvn package` to package both your application and the bootable JAR in the file <project build directory>/<project final name>-bootable.jar
+
+
+
In order to speed-up the development of your application (avoid rebuilding the JAR each time your application is re-compiled),
+the Maven plugin offers a development mode that allows you to build and start the bootable JAR only once.
As of WildFly 11 a common configuration framework has been introduced for use by the client libraries to define configuration, this allows for the configuration to be shared across multiple clients rather than relying on their own configuration files. As an example the configuration used by a Jakarta Enterprise Beans client can be shared with the JBoss CLI, if both of these required SSL configuration this can now be defined once and re-used.
+
+
+
Programmatic APIs are also available for many of the options however this document is focusing on the configuration available within the common wildfly-config.xml configuration file.
+
+
+
+
+
2. wildfly-config.xml Discovery
+
+
+
At the time a client requires access to its configuration, the class path is scanned for a wildfly-config.xml or META-INF/wildfly-config.xml file. Once the file is located the configuration will be parsed to be made available for that client.
+
+
+
Alternatively, the wildfly.config.url system property can also be specified to identify the location of the configuration that should be used.
+
+
+
+
+
3. Configuration Sections
+
+
+
3.1. <authentication-client /> - WildFly Elytron
+
+
The <authentication-client/> element can be added to the wildfly-config.xml configuration to define configuration in relation to authentication configuration for outbound connections and SSL configuration for outbound connections e.g.
Note: A single wildfly-config.xml could be used by multiple projects using multiple versions of WildFly Elytron, newer versions of WildFly Elytron will introduce new configuration using later namespace versions however they will still continue to support the previously released schemas until advertised otherwise. For the configuration to be compatible with this either use a schema and namespace compatible with all the versions in use, or multiple authentication-client elements can be added, these should be added ordered by namespace youngest to oldest. If a configuration with a later namespace is discovered by a newer WildFly Elytron client it will be used and parsing will not look for an older version as well.
+
+
+
The <authentication-client /> configuration can contain the following sections: -
+
+
+
+
<credential-stores />
+
+
Definitions of credential stores to be referenced from elsewhere in the configuration.
+
+
<key-stores />
+
+
Definitions of KeyStores to be referenced elsewhere in the configuration.
+
+
<authentication-rules />
+
+
Rules to be applied for outbound connections to match against an appropriate authentication configuration.
+
+
<authentication-configurations />
+
+
The individual authentication configurations that will be matched by the authentication rules.
+
+
<net-authenticator />
+
+
Flag to enable integration with the [java.net.Authenticator|https://docs.oracle.com/javase/8/docs/api/java/net/Authenticator.html].
+
+
<ssl-context-rules />
+
+
Rules to be applied for outbound connections to match against an appropriate SSL context configuration.
+
+
<ssl-contexts />
+
+
Individual SSL context definitions that will be matched by the ssl context rules.
+
+
<providers/>
+
+
Definition of how [java.security.Provider|https://docs.oracle.com/javase/8/docs/api/java/security/Provider.html] instances will be discovered.
+
+
+
+
+
3.1.1. <credential-stores />
+
+
The <credential-stores /> element can be used to define individual named credential stores that can subsequently be used elsewhere in the configuration to reference stored credentials as an alternative to the credentials being embedded in the configuration.
The <attribute/> element can be repeated as many times as is required for the configuration.
+
+
+
+
<protection-parameter-credentials />
+
+
One or more credentials to be assembled into a protection parameter when initialising the credential store.
+
+
+
+
+
The <protection-paramter-credentials /> element can contain one more more child elements, which of these are actually supported will depend on the credential store implementation: -
The <key-stores /> element can be used to define individual key-store definitions that can subsequently be referenced from alternative locations within the configuration.
+
+
+
+
<?xml version="1.0" encoding="UTF-8"?>
+
+<configuration>
+ <authentication-clientxmlns="urn:elytron:1.0">
+ <key-stores>
+ <key-storename="...">
+ <!-- One of the following to specify where to load the KeyStore from. -->
+ <file-namename="..."/>
+ <load-fromuri-"..."/>
+ <resourcename="..."/>
+ <!-- One of the following to specify the protection parameter to unlock the KeyStore. -->
+ <key-store-clear-passwordpassword="..."/>
+ <key-store-masked-passwordalgorithm="..."key-material="..."iteration-count="..."salt="..."masked-password="..."initialization-vector="..."/>
+ <key-store-credential>...</key-store-credential>
+ </key-store>
+ </key-stores>
+ ...
+ </authentication-client>
+</configuration>
+
+
+
+
An individual <key-store /> definition must contain exactly one of the following elements to define where to load the store from.
+
+
+
+
<file name="…" />*
+
+
Load from file where 'name' is the name of the file.
+
+
<load-from uri="…" />
+
+
Load the file from the URI specified.
+
+
<resource name="…" />
+
+
Load as a resource from the Thread context classloader where 'name' is the name of the resource to load.
+
+
+
+
+
Exactly one of the following elements must also be present to specify the protection parameter for initialisation of the KeyStore.
(Mandatory) - Name of the KeyStore being referenced to load the entry from.
+
+
alias
+
+
(Optional) - The alias of the entry to load from the referenced KeyStore, this can only be omitted for KeyStores that contain only a single entry.
+
+
+
+
+
Java KeyStores also make use of a protection parameter when accessing a single entry in addition to the protection parameter to load the KeyStore, exactly one of the following elements must be present to specify the protection parameter of the entry being loaded.
Reference to a credential stored in a credential store.
+
+
<key-store-credential>…</key-store-credential>
+
+
A reference to another KeyStore to obtain an Entry to use as the protection parameter to access the alias.
+
+
+
+
+
The <key-store-credential /> is exactly the same, this means theoretically a chain of references could be used to lead to the unlocking of the required alias.
+
+
+
+
3.1.3. <authentication-rules /> and <ssl-context-rules />
+
+
When either an authentication-configuration or an ssl-context is required the URI of the resources being accessed as well as an optional abstract type and abstract type authority and matched against the rules defined in the configuration to identify which authentication-configuration or ssl-context should be used.
+
+
+
The rules to match <authentication-configuration /> instances are defined within the <authentication-rules /> element.
Overall this means that authentication configuration matching is independent of SSLContext matching. By separating the rules from the configurations is means multiple rules can be defined that match against the same configuration.
+
+
+
The rules applied so first match wins and not most specific match wins, to achieve a most specific match wins configuration place the most specific rules at the beginning leaving the more general matches towards the end.
+
+
+
For both the <authentication-rules /> and the <ssl-context-rules /> the structure of the rules is identical other than one references an authentication configuration and the other references an SSLContext.
+
+
+
+
<ruleuse-configuration|use-ssl-context="...">
+ <!-- At most one of the following two can be defined. -->
+ <match-no-user/>
+ <match-username="..."/>
+ <!-- Each of the following can be defined at most once. -->
+ <match-protocolname="..."/>
+ <match-hostname="..."/>
+ <match-pathname="..."/>
+ <match-portnumber="..."/>
+ <match-urnname="..."/>
+ <match-domainname="..."/>
+ <match-abstract-typename="..."authority="..."/>
+</rule>
+
+
+
+
Where multiple matches are defined within a rule they must all match for the rule to apply. If a rule is defined with no match elements then it becomes a match all rule and will match anything, these can be useful at the end of the configuration to ensure something matches.
+
+
+
The individual match elements are: -
+
+
+
+
<match-no-user />
+
+
user-info can be embedded within a URI, this rule matches when there is no user-info.
+<match-user name="…" /> - Matches when the user-info embedded in the URI matches the name specified within this element.
+<match-protocol name="…" /> - Matches the protocol within the URI against the name specified in this match element.
+<match-host-name name="…" /> - Matches the host name from within the URI against the name specified in this match element.
+<match-path name="…" /> - Matches the path from the URI against the name specified in this match element.
+<match-port number="…" /> - Matches the port number specified within the URI against the number in this match element. This only matches against the number specified within the URI and not against any default derrived from the protocol.
+<match-urn name="…" />" - Matches the scheme specific part of the URI against the name specified within this element.
+
+
* <match-domain-name name="…"/>
+
+
Matches where the protocol of the URI is 'domain' and the scheme specific part of the URI is the name specified within this match element.
+
+
<match-abstract-type name="…" authority="…" />
+
+
Matches the abstract type and/or authority against the values specified within this match element.
Elytron client provides a java security provider which can be used to register a JVM wide default SSLContext. The provider can instantiate an SSLContext from an Elytron client configuration file. This SSLContext will then be the one returned when SSLContext.getDefault() is called. When this provider is registered then all client libraries that use SSLContext.getDefault() will use the Elytron client configuration without having to use Elytron client APIs in their code.
+
+
+
To register this org.wildfly.security.auth.client.WildFlyElytronClientDefaultSSLContextProvider provider, a runtime dependency on wildfly-elytron-client and wildfly-client-config is needed. Then it can be registered the usual way, either statically or dynamically.
+
+
+
The provider loads the SSL context from either the current authentication context obtained from the classpath, or from the authentication context obtained from the file whose path is passed into the security provider either programmatically or as an argument in the java.security file. Any arguments passed to the provider directly have precedence over the authentication context from the classpath.
+
+
+
As an example, the SSL context configured to match all rules is the one that will be initialized and returned by this provider:
Alternatively, the provider can be registered in the java.security file and the path to an Elytron client configuration file can be optionally specified as shown below:
A regular expression pattern and replacement to re-write the user name used for authentication.
+
+
<sasl-mechanism-selector selector="…" />
+
+
A SASL mechanism selector using the syntax from [org.wildfly.security.sasl.SaslMechanismSelector,fromString()|https://github.com/wildfly-security/wildfly-elytron/blob/1.1.4.Final/src/main/java/org/wildfly/security/sasl/SaslMechanismSelector.java#L544]
Specify the name that should be used for authorization if different from the authentication identity.
+
+
<providers/>
+
+
This element is described in more detail within [<providers />|#Providers] and overrides the default or inherited provider discovery with a definition specific to this authentication configuration definition.
+
+
+
+
+
The final two elements are mutually exclusive and define how the SASL mechanism factories will be discovered for authentication.
+
+
+
+
<use-provider-sasl-factory />
+
+
The [java.security.Provider|https://docs.oracle.com/javase/8/docs/api/java/security/Provider.html] instances either inherited or defined in this configuration will be used to locate the available SASL client factories.
SASL client factories will be discovered using service loader discovery on the specified module or if not specified using the ClassLoader loading the configuration.
+
+
+
+
+
+
3.1.5. <net-authenticator />
+
+
This element contains no specific configuration, however if present the [org.wildfly.security.auth.util.ElytronAuthenticator|http://wildfly-security.github.io/wildfly-elytron/1.1.x/org/wildfly/security/auth/util/ElytronAuthenticator.html] will be registered with [java.net.Authenticator.setDefault(Authenticator)|https://docs.oracle.com/javase/8/docs/api/java/net/Authenticator.html#setDefault-java.net.Authenticator-] meaning that the WildFly Elytron authentication client configuration can be used for authentication where the JDK APIs are used for HTTP calls which require authentication.
+
+
+
There are some limitations within this integration as the JDK will cache the authentication JVM wide from the first call so is better used in stand alone processes that don’t require different credentials for different calls to the same URI,
+
+
+
+
3.1.6. <ssl-contexts />
+
+
The <ssl-contexts /> element holds individual names SSLContext definitions that can subsequently be matched by the [<ssl-context-rules />|#Rules].
The element <default-ssl-context name="…" /> simply takes the SSLContext obtainable from [javax.net.ssl.SSLContext.getDefault()|https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLContext.html#getDefault--] and assigns it a name so it can referenced from the [<ssl-context-rules />|#Rules]. This element can be repeated meaning the default SSLContext can be referenced using different names.
+
+
+
The element <ssl-context /> is used to define a named configured SSLContext, each of the child elements is optional and can be specified at most once to build up the configuration of the SSLContext.
+
+
+
+
<key-store-ssl-certificate>
+
+
Defines a reference to an entry within a KeyStore for the key and certificate to use in this SSLContext.
This structure is identical to the structure use in [<key-store-credential />|#key-store-credential], but it is to obtain the entry for the key and certificate. The nested elements however remain the protection parameter to unlock the entry. In comparison with the key-store-credential the key-store-ssl-certificate allows to configure also the TrustManager: -
+
+
+
+
provider-name
+
+
- Name of the provider used to obtain the KeyManagerFactory.
+
+
algorithm
+
+
- The algorithm name of the KeyManagerFactory to obtain.
+
+
<trust-store-key-store-name />
+
+
A reference to a KeyStore that will be used to initialise the TrustManager.
+
+
<cipher-suite selector="…" names="…" />
+
+
Configuration to filter the enabled cipher suites. This element must contain at least one of the following two attributes: -
+
+
selector
+
+
(Optional) Used to configure the enabled cipher suites for TLSv1.2 and below. The format of the selector attribute is described in detail
+in org.wildfly.security.ssl.CipherSuiteSelector.fromString(selector).
+The default value is DEFAULT, which corresponds to all known cipher suites that do not have NULL encryption and excludes any cipher suites that have no authentication.
+
+
names
+
+
(Optional) Used to configure the enabled cipher suites for TLSv1.3. The format of the names attribute is a simple colon (":")
+separated list of TLSv1.3 cipher suite names (e.g., TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256).
+This attribute must be specified in order for TLSv1.3 to be enabled.
+
+
+
+
+
The following example configuration specifies that the default filtering should be used for TLSv1.2 and below and specifies that the
+TLS_AES_128_CCM_8_SHA256 and TLS_AES_256_GCM_SHA384 cipher suites should be used for TLSv1.3.
Used to define a space separated list of the protocols to be supported. The default value is TLSv1 TLSv1.1 TLSv1.2 TLSv1.3. Note that the TLSv1.3 protocol will only be usable when running against JDK 11 or higher.
+
+
<provider-name />
+
+
Once the available providers have been identified only the provider with the name defined on this element will be used.
+
+
<providers/>
+
+
This element is described in more detail within [<providers />|#Providers] and overrides the default or inherited provider discovery with a definition specific to this SSLContext definition.
+
+
<certificate-revocation-list />
+
+
The presence of this element enabled checking the peer’s certificate against a certificate revocation list, this element defines both a path to the certificate revocation list and also specifies the maximum number of non-self-issued intermediate certificates that may exist in a certification path
+
+
<certificate-revocation-lists />
+
+
This element enables checking the peer’s certificate against multiple certificate revocation lists. This element defines a list of certificate revocation list objects which define a path to the certificate revocation list,
+and also the base path of the certificate revocation list file.
+
+
+
+
+
+
+
+
+
+
+The certificate-revocation-list element can be substituted by a certificate-revocation-lists element which in turn allows the
+configuration of multiple certificate revocation lists as follows.
+
Older JDK versions use SSLv2Hello during the initial SSL handshake message
+where the SSL/TLS version that will be used for the rest of the communication is
+negotiated.
+
+
+
Using SSLv2Hello is discouraged, therefore newer JDK versions disable this protocol
+on the client by default. However, they do provide the ability to re-enable it if necessary.
+
+
+
SSLv2Hello can be configured as a supported protocol for the SSL context as follows:
+
+
+
+
<protocol names="SSLv2Hello TLSv1">
+
+
+
+
+
WARNING:
+
+
+
+
The use of SSLv2Hello is strongly discouraged.
+
+
+
SSLv2Hello cannot be configured by itself, as its purpose is to determine
+which encryption protocols are supported by the server it connects to. It always
+needs to be configured along side another encryption protocol.
+
+
+
Additionally, IBM JDK does not support specifying SSLv2Hello in its client, although a
+server side connection always accepts this protocol.
+
+
+
+
+
+
+
3.1.7. <providers />
+
+
The <providers /> element is used to define how [java.security.Provider|https://docs.oracle.com/javase/8/docs/api/java/security/Provider.html] instances are located when required. The other configuration sections of <authentication-client /> are independent of each other, the <providers /> configuration however applies to the current element and it’s children unless overridden, this configuration can be specified in the following locations.
If an individual <credential-store />, <authentication-configuration />, or <ssl-context /> contains a <providers /> definition that that definition will apply specifically to that instance. If a configured item does not contain a <providers /> definition but a top level <providers /> is defined within <authentication-configuration /> then that will be used instead.
Both the child elements are optional, can appear in any order and can be repeated although repeating <global /> would not really be beneficial.
+
+
+
+
<global />
+
+
The providers from [java.security.Security.getProviders()|https://docs.oracle.com/javase/8/docs/api/java/security/Security.html#getProviders--]
+
+
<credential-stores />
+
+
Providers loaded using service loader discovery from the module specified, if no module is specified the ClassLoader which loaded the authentication client is used.
+
+
+
+
+
Where no <provider /> configuration exists the default behaviour is the equivalent of: -
This gives the WildFly Elytron Provider priority over any globally registered Providers but also allows for the globally registered providers to be used.
+
+
+
+
3.1.8. Masked Password Types
+
+
The authentication client supports the following masked password types:
The following attributes are used to define the masked password:
+
+
+
+
algorithm
+
+
The algorithm that was used to encrypt the password. If this attribute is not specified, the default value is "masked-MD5-DES".
+A list of the supported algorithm types can be found in
+Masked Password Type
+
+
key-material
+
+
The initial key material that was used to encrypt the password. If this attribute is not specified, the default value is "somearbitrarycrazystringthatdoesnotmatter".
+
+
iteration-count
+
+
The iteration count that was used to encrypt the password. This attribute is required.
+
+
salt
+
+
The salt that was used to encrypt the password. This attribute is required.
+
+
masked-password
+
+
The base64 encrypted password (without the "MASK-" prefix). This attribute is required.
+
+
initialization-vector
+
+
The initialization vector that was used to encrypt the password. This attribute is optional.
+
+
+
+
+
+
+
3.2. jboss-ejb-client
+
+
The jboss-ejb-client.xml can be used to conifure EJB client from within a deployment. The file
+should be located in jar’s META-INF directory.
Configurations that will be used to setup an EJB client context for the deployment.
+
+
+
+
+
invocation-timeout A timeout, in milliseconds, that will be used for EJB invocations.
+A value of zero or a negative value will imply a "wait forever" semantic where the invocation
+will never timeout and the client will wait for the invocation result indefinitely.
+
+
+
deployment-node-selector The fully qualified class name of the class which implements the
+org.jboss.ejb.client.DeploymentNodeSelector interface. The instance of this class will be used
+for selecting nodes, from among multiple eligible nodes within an EJB client context, which can
+handle a particular deployment.
+
+
+
default-compression Default compression level (from 0 to 9) of request and response message
+payload.
+
+
+
+
+
<ejb-receivers>
+
+
Configures a number of remoting based EJB receivers.
+
+
+
+
+
exclude-local-receiver Set to true if the local receiver which gets added to the EJB client
+context by default, has to be excluded from the context.
+
+
+
local-receiver-pass-by-value Set to false if the local receiver that’s available in the EJB
+client context, should use pass-by-reference (instead of pass-by-value) semantics for the EJB invocations.
+
+
+
+
+
<remoting-ejb-receiver>
+
+
+
+
outbound-connection-ref Reference to an outbound connection configured in the remoting subsystem.
+
+
+
connect-timeout The timeout, in milliseconds, to be used while creating a connection.
+
+
+
+
+
+
+
<http-connections>
+
+
Configures remote http-connection for EJB invocation
+
+
+
<http-connection>
+
+
HTTP Connection for EJB invocation.
+
+
+
+
+
uri Uniform Resource Identifier for the HTTP connection should be defined.
+
+
+
+
+
+
+
<profile>
+
+
References a remoting profile configured in the remoting subsystem.
+
+
+
+
+
name The name of the profile.
+
+
+
+
+
+
+
+
+
+
+References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
+
+
+
+
+
+
+
+
+
3.3. Remoting Client Configuration
+
+
3.3.1. <endpoint /> - Remoting Client
+
+
You can use the endpoint element, which is in the urn:jboss-remoting:5.0 namespace, to configure a JBoss Remoting client endpoint using the wildfly-config.xml file. This section describes how to configure a JBoss Remoting client using this element.
This section describes the child elements and attributes that can be configured within this element.
+
+
+
The <endpoint /> element contains the following optional attribute:
+
+
+
+
+
+
+
+
+
Attribute Name
+
Attribute Description
+
+
+
+
+
name
+
The endpoint name. If not given, an endpoint name will be derived from the system’s host name, if possible.
+
+
+
+
+
The <endpoint /> element can optionally contain the following two child elements, as described in the next sections:
+
+
+
+
+
<providers />
+
+
+
<connections />
+
+
+
+
+
The configured endpoint will use the default XNIO configuration.
+
+
+
<providers />
+
+
This optional element specifies transport providers for the remote endpoint. It can contain any number of <provider /> sub-elements.
+
+
+
<provider />
+
+
This element defines a remote transport provider provider. It has the following attributes.
+
+
+
+
+
+
+
+
+
Attribute Name
+
Attribute Description
+
+
+
+
+
scheme
+
The primary URI scheme which corresponds to this provider. This attribute is required.
+
+
+
aliases
+
A space-separated list of other URI scheme names that are also recognized for this provider . This attribute is optional.
+
+
+
module
+
The name of the module that contains the provider implementation. This attribute is optional; if not given, the class loader of JBoss Remoting itself will be searched for the provider class.
+
+
+
class
+
The name of the class that implements the transport provider. This attribute is optional; if not given, the Java java.util.ServiceLoader facility will be used to search for the provider class.
+
+
+
+
+
This element has no content.
+
+
+
+
+
<connections />
+
+
This optional element specifies connections for the remote endpoint. It can contain any number of [#connection] elements.
+
+
+
<connection />
+
+
This element defines a connection for the remote endpoint. It has the following attributes.
+
+
+
+
+
+
+
+
+
Attribute Name
+
Attribute Description
+
+
+
+
+
destination
+
The destination URI for the connection. This attribute is required.
+
+
+
read-timeout
+
The timeout, in seconds, for read operations on the corresponding socket. This attribute is optional, however it should only be given if a heartbeat-interval is defined.
+
+
+
write-timeout
+
The timeout, in seconds, for a write operation. This attribute is optional, however it should only be given if a heartbeat-interval is defined..
+
+
+
ip-traffic-class
+
Defines the numeric IP traffic class to use for this connection’s traffic. This attribute is optional.
+
+
+
tcp-keepalive
+
Boolean setting that determines whether to use TCP keepalive. This attribute is optional.
+
+
+
heartbeat-interval
+
The interval, in milliseconds, to use when checking for a connection heartbeat. This attribute is optional.
+
+
+
+
+
+
+
Example Remoting Client Configuration in the wildfly-config.xml File
You can use the worker element, which is in the urn:xnio:3.5 namespace, to configure a default XNIO worker using the wildfly-config.xml file. This section describes how to do this.
This section describes the child elements that can be configured within this root worker element.
+
+
+
The <worker /> element can optionally contain the following child elements, as described in the next sections:
+
+
+
+
+
<daemon-threads />
+
+
+
<worker-name />
+
+
+
<pool-size />
+
+
+
<task-keepalive />
+
+
+
<io-threads />
+
+
+
<stack-size />
+
+
+
<outbound-bind-addresses />
+
+
+
+
+
<daemon-threads />
+
+
This optional element takes a single required attribute:
+
+
+
+
+
+
+
+
+
Attribute Name
+
Attribute Description
+
+
+
+
+
value
+
The value of the setting (required). A value of true indicates that worker and task threads should be daemon threads, and false indicates that they should not be daemon threads. If this element is not given, a value of true is assumed.
+
+
+
+
+
This element has no content.
+
+
+
+
<worker-name />
+
+
This element defines the name of the worker. The worker name will appear in thread dumps and in JMX.
+
+
+
+
+
+
+
+
+
Attribute Name
+
Attribute Description
+
+
+
+
+
value
+
The worker’s name (required).
+
+
+
+
+
This element has no content.
+
+
+
+
<pool-size />
+
+
This optional element defines the size parameters of the worker’s task thread pool. The following attributes are allowed:
+
+
+
+
+
+
+
+
+
Attribute Name
+
Attribute Description
+
+
+
+
+
max-threads
+
A positive integer which specifies the maximum number of threads that should be created (required).
+
+
+
+
+
+
<task-keepalive />
+
+
This optional element establishes the keep-alive time of task threads before they may be expired.
+
+
+
+
+
+
+
+
+
Attribute Name
+
Attribute Description
+
+
+
+
+
value
+
A positive integer which represents the minimum number of seconds to keep idle threads alive (required).
+
+
+
+
+
+
<io-threads />
+
+
This optional element determines how many I/O (selector) threads should be maintained. Generally this number should be a small constant multiple of the number of available cores.
+
+
+
+
+
+
+
+
+
Attribute Name
+
Attribute Description
+
+
+
+
+
value
+
A positive integer value for the number of I/O threads (required).
+
+
+
+
+
+
<stack-size />
+
+
This optional element establishes the desired minimum thread stack size for worker threads.
+
+
+
+
+
+
+
+
+
Attribute Name
+
Attribute Description
+
+
+
+
+
value
+
A positive integer value which indicates the requested stack size, in bytes (required).
+
+
+
+
+
+
<outbound-bind-addresses />
+
+
This optional element specifies bind addresses to use for outbound connections. Each bind address mapping consists of a destination IP address block, and a bind address and optional port number to use for connections to destinations within that block.
+
+
+
<bind-address />
+
+
This element defines an individual bind address mapping.
+
+
+
+
+
+
+
+
+
Attribute Name
+
Attribute Description
+
+
+
+
+
match
+
The IP address block in CIDR notation to match (required).
+
+
+
bind-address
+
The IP address to bind to if the address block matches (required).
+
+
+
bind-port
+
A specific port number to bind to if the address block matches (optional, defaults to 0 meaning "any port").
+
+
+
+
+
+
+
+
+
3.5. webservices-client
+
+
<webservices /> - Webservices Client
+
+
+
The <webservices /> element in a wildfly-config.xml file can be used to specify Web Services Client configuration that will apply during assigning of configurations when building a client. This element is from the “urn:elytron:client:1.5” namespace. Below is the example of use:
The <webservices /> element can optionally contain the following child elements:
+
+
+
+
+
<set-http-mechanism name="BASIC"/> This element is used to specify an HTTP mechanism that WS client should use to authenticate. Currently only the HTTP Basic authentication is supported and used as default.
+
+
+
<set-ws-security-type name="UsernameToken"/> This element is used to specify WS-Security type that WS client will use to authenticate with the server. Currently only Username Token Profile can be configured.
+
+
+
+
+
These elements will take effect only if both username and password are configured in Elytron client.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/latest/Cloud_References.html b/latest/Cloud_References.html
new file mode 100644
index 000000000..344404611
--- /dev/null
+++ b/latest/Cloud_References.html
@@ -0,0 +1,544 @@
+
+
+
+
+
+
+
+References
+
+
+
+
+
+
Since JBoss AS 7, Class loading is considerably different from previous
+versions of JBoss AS. Class loading is based on the
+MODULES project. Instead of the more familiar
+hierarchical class loading environment, WildFly’s class loading is based
+on modules that have to define explicit dependencies on other modules.
+Deployments in WildFly are also modules, and do not have access to
+classes that are defined in jars in the application server unless an
+explicit dependency on those classes is defined.
+
+
+
1.1. Deployment Module Names
+
+
Module names for top level deployments follow the format
+deployment.myarchive.war while sub deployments are named like
+deployment.myear.ear.mywar.war.
+
+
+
This means that it is possible for a deployment to import classes from
+another deployment using the other deployments module name, the details
+of how to add an explicit module dependency are explained below.
+
+
+
+
1.2. Automatic Dependencies
+
+
Even though in WildFly modules are isolated by default, as part of the
+deployment process some dependencies on modules defined by the
+application server are set up for you automatically. For instance, if
+you are deploying a Jakarta EE application a dependency on the Java EE
+API’s will be added to your module automatically. Similarly, if your
+module contains a beans.xml file a dependency on
+Weld will be added automatically, along
+with any supporting modules that weld needs to operate.
Automatic dependencies can be excluded through the use of
+jboss-deployment-structure.xml.
+
+
+
+
1.3. Class Loading Precedence
+
+
A common source of errors in Java applications is including API classes
+in a deployment that are also provided by the container. This can result
+in multiple versions of the class being created and the deployment
+failing to deploy properly. To prevent this in WildFly, module
+dependencies are added in a specific order that should prevent this
+situation from occurring.
+
+
+
In order of highest priority to lowest priority
+
+
+
+
+
System Dependencies - These are dependencies that are added to the
+module automatically by the container, including the Jakarta EE api’s.
+
+
+
User Dependencies - These are dependencies that are added through
+jboss-deployment-structure.xml or through the Dependencies: manifest
+entry.
+
+
+
Local Resource - Class files packaged up inside the deployment
+itself, e.g. class files from WEB-INF/classes or WEB-INF/lib of a
+war.
+
+
+
Inter deployment dependencies - These are dependencies on other
+deployments in an ear deployment. This can include classes in an ear’s
+lib directory, or classes defined in other ejb jars.
+
+
+
+
+
+
1.4. WAR Class Loading
+
+
The war is considered to be a single module, so classes defined in
+WEB-INF/lib are treated the same as classes in WEB-INF/classes. All
+classes packaged in the war will be loaded with the same class loader.
+
+
+
+
1.5. EAR Class Loading
+
+
Ear deployments are multi-module deployments. This means that not all
+classes inside an ear will necessarily have access to all other classes
+in the ear, unless explicit dependencies have been defined. By default
+the EAR/lib directory is a single module, and every WAR or EJB jar
+deployment is also a separate module. Sub deployments (wars and
+ejb-jars) always have a dependency on the parent module, which gives
+them access to classes in EAR/lib, however they do not always have an
+automatic dependency on each other. This behaviour is controlled via the
+ear-subdeployments-isolated setting in the ee subsystem configuration:
If the ear-subdeployments-isolated is set to false, then the classes in
+web.war can access classes belonging to ejb1.jar and ejb2.jar.
+Similarly, classes from ejb1.jar can access classes from ejb2.jar (and
+vice-versa).
+
+
+
+
+
+
+
+
+The ear-subdeployments-isolated element value has no effect on the
+isolated classloader of the .war file(s). i.e. irrespective of whether
+this flag is set to true or false, the .war within a .ear will have an
+isolated classloader and other sub-deployments within that .ear will not
+be able to access classes from that .war. This is as per spec.
+
+
+
+
+
+
If the ear-subdeployments-isolated is set to true then no automatic
+module dependencies between the sub-deployments are set up. User must
+manually setup the dependency with Class-Path entries, or by setting
+up explicit module dependencies.
+
+
+
Portability
+
+
+
+
+
+
+
+
+The Jakarta EE specification says that portable applications should not
+rely on sub deployments having access to other sub deployments unless an
+explicit Class-Path entry is set in the MANIFEST.MF. So portable
+applications should always use Class-Path entry to explicitly state
+their dependencies.
+
+
+
+
+
+
+
+
+
+
+
+It is also possible to override the ear-subdeployments-isolated element
+value at a per deployment level. See the section on
+jboss-deployment-structure.xml below.
+
+
+
+
+
+
1.5.1. Dependencies: Manifest Entries
+
+
Deployments (or more correctly modules within a deployment) may set up
+dependencies on other modules by adding a Dependencies: manifest
+entry. This entry consists of a comma separated list of module names
+that the deployment requires. The available modules can be seen under
+the modules directory in the application server distribution. For
+example to add a dependency on javassist and apache velocity you can add
+a manifest entry as follows:
Each dependency entry may also specify some of the following parameters
+by adding them after the module name:
+
+
+
+
+
export This means that the dependencies will be exported, so any
+module that depends on this module will also get access to the
+dependency.
+
+
+
services By default items in META-INF of a dependency are not
+accessible, this makes items from META-INF/services accessible so
+services in
+the modules can be loaded.
+
+
+
optional If this is specified the deployment will not fail if the
+module is not available.
+
+
+
meta-inf This will make the contents of the META-INF directory
+available (unlike services, which just makes META-INF/services
+available). In general this will not cause any deployment descriptors in
+META-INF to be processed, with the exception of beans.xml. If a
+beans.xml file is present this module will be scanned by Weld and any
+resulting beans will be available to the application.
+
+
+
annotations If a Jandex index has be created for the module these
+annotations will be merged into the deployments annotation index. The
+Jandex index can be generated using
+the Jandex Ant task or the Jandex Maven plugin, and must be named
+META-INF/jandex.idx. Note that it is not
+necessary to break open the jar being indexed to add this to the modules
+class path, a better approach is to create a jar containing just this
+index, and adding it as an additional resource root in the module.xml
+file.
+
+
+
+
+
Adding a dependency to all modules in an EAR
+
+
+
+
+
+
+
+
+Using the export parameter it is possible to add a dependency to all
+sub deployments in an ear. If a module is exported from a
+Dependencies: entry in the top level of the ear (or by a jar in the
+ear/lib directory) it will be available to all sub deployments as
+well.
+
+
+
+
+
+
+
+
+
+
+
+To generate a MANIFEST.MF entry when using maven put the following in
+your pom.xml:
+
If your deployment is a jar you must use the maven-jar-plugin rather
+than the maven-war-plugin.
+
+
+
+
1.5.2. Class Path Entries
+
+
It is also possible to add module dependencies on other modules inside
+the deployment using the Class-Path manifest entry. This can be used
+within an ear to set up dependencies between sub deployments, and also
+to allow modules access to additional jars deployed in an ear that are
+not sub deployments and are not in the EAR/lib directory. If a jar in
+the EAR/lib directory references a jar via Class-Path: then this
+additional jar is merged into the parent ear’s module, and is accessible
+to all sub deployments in the ear.
+
+
+
+
+
1.6. Global Modules
+
+
It is also possible to set up global modules, that are accessible to all
+deployments. This is done by modifying the configuration file
+(standalone/domain.xml).
+
+
+
For example, to add javassist to all deployments you can use the
+following XML:
Note that the slot field is optional and defaults to main.
+
+
+
+
1.7. Global Directory
+
+
The EE subsystem allows the configuration of a global directory, which represents a directory tree scanned automatically to include .jar files and resources as a single additional dependency. This dependency is added as a system dependency to all deployed application. See Subsystem EE Global Directory to get more information about how to set up a global directory.
+
+
+
+
1.8. JBoss Deployment Structure File
+
+
jboss-deployment-structure.xml is a JBoss specific deployment
+descriptor that can be used to control class loading in a fine grained
+manner. It should be placed in the top level deployment, in META-INF
+(or WEB-INF for web deployments). It can do the following:
+
+
+
+
+
Prevent automatic dependencies from being added
+
+
+
Add additional dependencies
+
+
+
Define additional modules
+
+
+
Change an EAR deployments isolated class loading behaviour
+
+
+
Add additional resource roots to a module
+
+
+
+
+
An example of a complete jboss-deployment-structure.xml file for an
+ear deployment is as follows:
+
+
+
jboss-deployment-structure.xml
+
+
<jboss-deployment-structure>
+ <!-- Make sub deployments isolated by default, so they cannot see each others classes without a Class-Path entry -->
+ <ear-subdeployments-isolated>true</ear-subdeployments-isolated>
+ <!-- This corresponds to the top level deployment. For a war this is the war's module, for an ear -->
+ <!-- This is the top level ear module, which contains all the classes in the EAR's lib folder -->
+ <deployment>
+ <!-- exclude-subsystem prevents a subsystems deployment unit processors running on a deployment -->
+ <!-- which gives basically the same effect as removing the subsystem, but it only affects single deployment -->
+ <exclude-subsystems>
+ <subsystemname="logging"/>
+ </exclude-subsystems>
+ <!-- Exclusions allow you to prevent the server from automatically adding some dependencies -->
+ <exclusions>
+ <modulename="org.javassist"/>
+ </exclusions>
+ <!-- This allows you to define additional dependencies, it is the same as using the Dependencies: manifest attribute -->
+ <dependencies>
+ <modulename="deployment.javassist.proxy"/>
+ <modulename="deployment.myjavassist"/>
+ <!-- Import META-INF/services for ServiceLoader impls as well -->
+ <modulename="myservicemodule"services="import"/>
+ </dependencies>
+ <!-- These add additional classes to the module. In this case it is the same as including the jar in the EAR's lib directory -->
+ <resources>
+ <resource-rootpath="my-library.jar"/>
+ </resources>
+ </deployment>
+ <sub-deploymentname="myapp.war">
+ <!-- This corresponds to the module for a web deployment -->
+ <!-- it can use all the same tags as the <deployment> entry above -->
+ <dependencies>
+ <!-- Adds a dependency on a ejb jar. This could also be done with a Class-Path entry -->
+ <modulename="deployment.myear.ear.myejbjar.jar"/>
+ </dependencies>
+ <!-- Set's local resources to have the lowest priority -->
+ <!-- If the same class is both in the sub deployment and in another sub deployment that -->
+ <!-- is visible to the war, then the Class from the other deployment will be loaded, -->
+ <!-- rather than the class actually packaged in the war. -->
+ <!-- This can be used to resolve ClassCastExceptions if the same class is in multiple sub deployments-->
+ <local-lastvalue="true"/>
+ </sub-deployment>
+ <!-- Now we are going to define two additional modules -->
+ <!-- This one is a different version of javassist that we have packaged -->
+ <modulename="deployment.myjavassist">
+ <resources>
+ <resource-rootpath="javassist.jar">
+ <!-- We want to use the servers version of javassist.util.proxy.* so we filter it out-->
+ <filter>
+ <excludepath="javassist/util/proxy"/>
+ </filter>
+ </resource-root>
+ </resources>
+ </module>
+ <!-- This is a module that re-exports the containers version of javassist.util.proxy -->
+ <!-- This means that there is only one version of the Proxy classes defined -->
+ <modulename="deployment.javassist.proxy">
+ <dependencies>
+ <modulename="org.javassist">
+ <imports>
+ <includepath="javassist/util/proxy"/>
+ <excludepath="/**"/>
+ </imports>
+ </module>
+ </dependencies>
+ </module>
+</jboss-deployment-structure>
Not all JDK classes are exposed to a deployment by default. If your
+deployment uses JDK classes that are not exposed you can get access to
+them using jboss-deployment-structure.xml with system dependencies:
+
+
+
Using jboss-deployment-structure.xml to access JDK classes
1.10. The "jboss.api" property and application use of modules shipped with WildFly
+
+
The WildFly distribution includes a large number of modules, a great
+many of which are included for use by WildFly internals, with no testing
+of the appropriateness of their direct use by applications or any
+commitment to continue to ship those modules in future releases if they
+are no longer needed by the internals. So how can a user know whether it
+is advisable for their application to specify an explicit dependency on
+a module WildFly ships? The "jboss.api" property specified in the
+module’s module.xml file can tell you:
If a module does not have a property element like the above, then it’s
+equivalent to one with a value of "public".
+
+
+
Following are the meanings of the various values you may see for the
+jboss.api property:
+
+
+
+
+
+
+
+
+
Value
+
Meaning
+
+
+
+
+
public
+
May be explicitly depended upon by end user applications. Will
+continue to be available in future releases within the same major series
+and should not have incompatible API changes in future releases within
+the same minor series, and ideally not within the same major series.
+
+
+
private
+
Intended for internal use only. Only tested according to
+internal usage. May not be safe for end user applications to use
+directly.Could change significantly or be removed in a future release
+without notice.
+
+
+
unsupported
+
If you see this value in a module.xml in a WildFly
+release, please file a bug report, as it is not applicable in WildFly.
+In EAP it has a meaning equivalent to "private" but that does not mean
+the module is "private" in WildFly; it could very easily be "public".
+
+
+
preview
+
May be explicitly depended upon by end user applications, but
+there are no guarantees of continued availability in future releases or
+that there will not be incompatible API changes. This is not a common
+classification in WildFly. It is not used in WildFly 10.
+
+
+
deprecated
+
May be explicitly depended upon by end user applications.
+Stable and reliable but an alternative should be sought. Will be removed
+in a future major release.
+
+
+
+
+
Note that these definitions are only applicable to WildFly. In EAP and
+other Red Hat products based on WildFly the same classifiers are used,
+with generally similar meaning, but the precise meaning is per the
+definitions on the Red Hat customer support portal.
+
+
+
If an application declares a direct dependency on a module marked
+"private", "unsupported" or "deprecated", during deployment a WARN
+message will be logged. The logging will be in log categories
+"org.jboss.as.dependency.private", "org.jboss.as.dependency.unsupported"
+and "org.jboss.as.dependency.deprecated" respectively. These categories
+are not used for other purposes, so once you feel sufficiently warned
+the logging can be safely suppressed by turning the log level for the
+relevant category to ERROR or higher.
+
+
+
Other than the WARN messages noted above, declaring a direct dependency
+on a non-public module has no impact on how WildFly processes the
+deployment.
+
+
+
+
1.11. How to list the module dependencies of a deployed application
+
+
In WildFly it is possible to list the module dependencies added by the container to your deployed application. This task can be achieved via the command line interface, where specific operations are available to list the module dependencies for deployments and ear-subdeployments.
+
+
+
You can list the module dependencies of a deployment using the list-modules operation as below:
By default, the list-modules operation shows the list of dependencies in a compact view, including only the module name. You can control this output using the attribute verbose=[false*|true] to enable/disable a detailed response.
+
+
+
The following output shows an example of a detailed view:
The list_modules operation shows information in three different categories:
+
+
+
+
+
system-dependencies: These are the dependencies added implicitly by the server container.
+
+
+
local-dependencies: These are dependencies on other parts of the deployment.
+
+
+
user-dependencies: These are the dependencies defined by the user via a manifest file or deployment-structure.xml.
+
+
+
+
+
For each module, the following information is shown:
+
+
+
+
+
name: The module name and, if the slot name is not the default "main" slot, the slot name is concatenated after a ":" character separator.
+
+
+
optional: If the dependency was added as an optional dependency.
+
+
+
export: If the dependency is being exported to other modules.
+
+
+
import-services: If the module for the deployment or subdeployment is allowed to import services from the dependency.
+
+
+
+
+
+
+
+
2. Implicit module dependencies for deployments
+
+
+
As explained in the Class Loading in WildFly article,
+WildFly 29 is based on module classloading. A class within a module B
+isn’t visible to a class within a module A, unless module B adds a
+dependency on module A. Module dependencies can be explicitly (as
+explained in that classloading article) or can be "implicit". This
+article will explain what implicit module dependencies mean and how,
+when and which modules are added as implicit dependencies.
+
+
+
2.1. What’s an implicit module dependency?
+
+
Consider an application deployment which contains Jakarta Enterprise Beans. Jakarta Enterprise Beans typically
+need access to classes from the jakarta.ejb.* package and other Jakarta EE
+API packages. The jars containing these packages are already shipped in
+WildFly and are available as "modules". The module which contains the
+jakarta.ejb.* classes has a specific name and so does the module which
+contains all the Jakarta EE API classes. For an application to be able to
+use these classes, it has to add a dependency on the relevant modules.
+Forcing the application developers to add module dependencies like these
+(i.e. dependencies which can be "inferred") isn’t a productive approach.
+Hence, whenever an application is being deployed, the deployers within
+the server, which are processing this deployment "implicitly" add these
+module dependencies to the deployment so that these classes are visible
+to the deployment at runtime. This way the application developer doesn’t
+have to worry about adding them explicitly. How and when these implicit
+dependencies are added is explained in the next section.
+
+
+
+
2.2. How and when is an implicit module dependency added?
+
+
When a deployment is being processed by the server, it goes through a
+chain of "deployment processors". Each of these processors will have a
+way to check if the deployment meets a certain criteria and if it does,
+the deployment processor adds an implicit module dependency to that
+deployment. Let’s take an example - Consider (again) an Jakarta Enterprise Beans 3 deployment
+which has the following class:
As can be seen, we have a simple @Stateless Jakarta Enterprise Beans. When the deployment
+containing this class is being processed, the Jakarta Enterprise Beans deployment processor
+will see that the deployment contains a class with the @Stateless
+annotation and thus identifies this as an Jakarta Enterprise Beans deployment. This is just
+one of the several ways, various deployment processors can identify a
+deployment of some specific type. The Jakarta Enterprise Beans deployment processor will
+then add an implicit dependency on the Jakarta EE API module, so that all
+the Jakarta EE API classes are visible to the deployment.
+
+
+
Some subsystems will always add API classes, even if the trigger
+condition is not met. These are listed separately below.
+
+
+
In the next section, we’ll list down the implicit module dependencies
+that are added to a deployment, by various deployers within WildFly.
+
+
+
+
2.3. Which are the implicit module dependencies?
+
+
+
+
+
+
+
+
+
+
Subsystem responsible for adding the implicit dependency
+
Dependencies
+that are always added
+
Dependencies that are added if a trigger
+condition is met
+
Trigger which leads to the implicit module dependency
+being added
+
+
+
+
+
Core Server
+
java.se org.jboss.vfs
+
+
+
+
+
Batch Subsystem
+
jakarta.batch.api
+
+
implicit
+
+
+
EE Subsystem
+
javaee.api
+
+
+
+
+
Jakarta Enterprise Beans 3 subsystem
+
+
javaee.api
+
The presence of ejb-jar.xml (in valid
+locations in the deployment, as specified by spec) or the presence of
+annotation based Jakarta Enterprise Beans (ex: @Stateless, @Stateful, @MessageDriven etc)
If the deployment is a resource adaptor (RAR)
+deployment.
+
+
+
Jakarta Persistence (Hibernate) subsystem
+
jakarta.persistence.api
+
javaee.api
+org.jboss.as.jpa org.hibernate
+
The presence of an @PersistenceUnit or
+@PersistenceContext annotation, or a <persistence-unit-ref> or
+<persistence-context-ref> in a deployment descriptor..
If a
+beans.xml file is detected in the deployment
+
+
+
+
+
+
+
+
3. Deployment Descriptors used In WildFly
+
+
+
This page gives a list and a description of all the valid deployment
+descriptors that a WildFly deployment can use. This document is a work
+in progress.
+
+
+
+
+
+
+
+
+
+
+
+
Descriptor
+
Location
+
Specification
+
Description
+
Info
+
+
+
+
+
jboss-deployment-structure.xml
+
META-INF or WEB-INF of the top level
+deployment
+
+
This file can be used to control class loading for the
+deployment
+
Class Loading in WildFly
+
+
+
beans.xml
+
WEB-INF or META-INF
+
Jakarta Contexts and Dependency Injection
+
The presence of this descriptor
+(even if empty) activates Jakarta Contexts and Dependency Injection
+
Weld Reference Guide
+
+
+
web.xml
+
WEB-INF
+
Servlet
+
Web deployment descriptor
+
+
+
+
jboss-web.xml
+
WEB-INF
+
+
JBoss Web deployment descriptor. This can be
+use to override settings from web.xml, and to set WildFly specific
+options
+
+
+
+
ejb-jar.xml
+
WEB-INF of a war, or META-INF of an Jakarta Enterprise Beans jar
+
Jakarta Enterprise Beans
+
The Jakarta Enterprise Beans
+spec deployment descriptor
+
ejb-jar.xml schema
+
+
+
jboss-ejb3.xml
+
WEB-INF of a war, or META-INF of an Jakarta Enterprise Beans jar
+
+
The
+JBoss Jakarta Enterprise Beans deployment descriptor, this can be used to override settings
+from ejb-jar.xml, and to set WildFly specific settings
+
+
+
+
application.xml
+
META-INF of an EAR
+
Jakarta EE Platform Specification
+
+
application.xml schema
+
+
+
jboss-app.xml
+
META-INF of an EAR
+
+
JBoss application deployment
+descriptor, can be used to override settings application.xml, and to set
+WildFly specific settings
+
+
+
+
persistence.xml
+
META-INF
+
Jakarta Persistence
+
Jakarta Persistence descriptor used for defining
+persistence units
+
Hibernate Reference Guide
+
+
+
jboss-ejb-client.xml
+
WEB-INF of a war, or META-INF of an Jakarta Enterprise Beans jar
+
+
Remote Jakarta Enterprise Beans settings. This file is used to setup the Jakarta Enterprise Beans client context
+for a deployment that is used for remote Jakarta Enterprise Beans invocations
+
Jakarta Enterprise Beans
+invocations from a remote server instance
+
+
+
jbosscmp-jdbc.xml
+
META-INF of an Jakarta Enterprise Beans jar
+
+
CMP deployment
+descriptor. Used to map CMP entity beans to a database. The format is
+largely unchanged from previous versions.
+
+
+
+
ra.xml
+
META-INF of a rar archive
+
+
Spec deployment descriptor for
+resource adaptor deployments
+
IronJacamar Reference Guide Schema
+
+
+
ironjacamar.xml
+
META-INF of a rar archive
+
+
JBoss deployment
+descriptor for resource adaptor deployments
+
IronJacamar Reference Guide
+
+
+
*-jms.xml
+
META-INF or WEB-INF
+
+
Jakarta Messaging message destination deployment
+descriptor, used to deploy message destinations with a deployment
+
+
+
+
*-ds.xml
+
META-INF or WEB-INF
+
+
Datasource deployment descriptor, use
+to bundle datasources with a deployment
+
DataSource Configuration
+
+
+
application-client.xml
+
META-INF of an application client jar
+
Jakarta EE
+Platform Specification
+
The spec deployment descriptor for application
+client deployments
+
application-client.xml schema
+
+
+
jboss-client.xml
+
META-INF of an application client jar
+
+
The WildFly
+specific deployment descriptor for application client deployments
+
+
+
+
jboss-webservices.xml
+
META-INF for Jakarta Enterprise Beans webservice deployments or
+WEB-INF for POJO webservice deployments/Jakarta Enterprise Beans webservice endpoints bundled
+in .war
+
+
The JBossWS 4.0.x specific deployment descriptor for
+webservice endpoints
+
+
+
+
+
+
+
+
4. Development Guidelines and Recommended Practices
+
+
+
The purpose of this page is to document tips and techniques that will
+assist developers in creating fast, secure, and reliable applications.
+It is also a place to note what you should avoid doing when developing
+applications.
+
+
+
+
+
5. Application Client Reference
+
+
+
As a Jakarta EE compliant server, WildFly 29 contains an application
+client. An application client is essentially a cut down server instance,
+that allows you to use EE features such as injection in a client side
+program.
+
+
+
+
+
+
+
+
+This article is not a tutorial on application client development, rather
+it covers the specifics of the WildFly application client. There are
+tutorials available elsewhere that cover application client basics, such
+as
+this
+one.
+
+
+
+
+
+
+
+
+
+
+
+Note that the application client is different from the Jakarta Enterprise Beans client
+libraries, it is perfectly possible to write a client application that does
+not use the application client, but instead uses the jboss-ejb-client
+library directly.
+
+
+
+
+
+
5.1. Getting Started
+
+
To launch the application client use the appclient.sh or
+appclient.bat script in the bin directory. For example:
The --host argument tells the appclient the server to connect to. The
+next argument is the application client deployment to use, application
+clients can only run a single deployment, and this deployment must also
+be deployed on the full server instance that the client is connecting
+too.
+
+
+
Any arguments after the deployment to use are passed directly through to
+the application clients main function.
+
+
+
+
5.2. Connecting to more than one host
+
+
If you want to connect to more than one host or make use of the
+clustering functionality then you need to specify a
+jboss-ejb-client.properties file rather than a host:
The embedded API can be used to launch WildFly Full within a currently running process.
+
+
+
The embedded server can be reinitialized with a different JBoss Home. However the module directory, module.path
+system property, and the modules system packages, jboss.modules.system.pkgs system property, are effectively static.
+This means that creating a new embedded server or host controller within the same VM will not allow overriding the
+modules directory or the system packages.
+
+
+
You can also set a hint to indicate which log manager is being used. The hint attempts to ensure that JBoss Logging
+will bind to the correct log manager. It also adds the hinted logging package to the modules system packages.
+
+
+
+
+
+
+
+
+If using the embedded API with Java 11 you’ll need to add --add-module=java.se to your JVM arguments. See
+MODULES-372 for details.
+
+
+
+
+
+
6.1. Standalone API
+
+
A standalone server allows you to manage the lifecycle of a server within the currently running process. The server
+can be configured in admin-only mode or fully started and applications can be deployed.
+
+
+
6.1.1. Examples
+
+
Simple Example
+
+
final StandaloneServer server = EmbeddedProcessFactory.createStandaloneServer(Configuration.Builder.of(jbossHome).build());
+server.start();
+
+try {
+ // Print the listening address
+ final ModelControllerClient client = server.getModelControllerClient();
+ final ModelNode address = Operations.createAddress("interface", "public");
+ final ModelNode op = Operations.createReadAttributeOperation(address, "inet-address");
+ op.get("resolve-expressions").set(true);
+ final ModelNode result = client.execute(op);
+ if (!Operations.isSuccessfulOutcome((result))) {
+ thrownewRuntimeException("Failed to get the public inet-address: " + Operations.getFailureDescription(result));
+ }
+ System.out.printf("Listening on %s%n", Operations.readResult(result).asString());
+} finally {
+ server.stop();
+}
+
+
+
+
Server in admin-only Example
+
+
final StandaloneServer server = EmbeddedProcessFactory.createStandaloneServer(
+ Configuration.Builder.of(jbossHome)
+ .addCommandArgument("--admin-only")
+ .build());
+server.start();
+
+try {
+ // Print the listening address
+ final ModelControllerClient client = server.getModelControllerClient();
+ final ModelNode address = Operations.createAddress();
+ final ModelNode op = Operations.createReadAttributeOperation(address, "running-mode");
+ op.get("resolve-expressions").set(true);
+ final ModelNode result = client.execute(op);
+ if (!Operations.isSuccessfulOutcome((result))) {
+ thrownewRuntimeException("Failed to get the running-mode: " + Operations.getFailureDescription(result));
+ }
+ System.out.printf("Running mode is %s%n", Operations.readResult(result).asString());
+} finally {
+ server.stop();
+}
+
+
+
+
log4j2 Hint
+
+
final StandaloneServer server = EmbeddedProcessFactory.createStandaloneServer(Configuration.Builder.of(jbossHome)
+ .setLoggerHint(Configuration.LoggerHint.LOG4J2)
+ .build()
+);
+server.start();
+
+try {
+ // Print the listening address
+ final ModelControllerClient client = server.getModelControllerClient();
+ final ModelNode address = Operations.createAddress("interface", "public");
+ final ModelNode op = Operations.createReadAttributeOperation(address, "inet-address");
+ op.get("resolve-expressions").set(true);
+ final ModelNode result = client.execute(op);
+ if (!Operations.isSuccessfulOutcome((result))) {
+ thrownewRuntimeException("Failed to get the public inet-address: " + Operations.getFailureDescription(result));
+ }
+ org.apache.logging.log4j.LogManager.getFormatterLogger(Main.class).info("Listening on %s%n", Operations.readResult(result).asString());
+} finally {
+ server.stop();
+}
+
+
+
+
+
+
6.2. Host Controller API
+
+
The host controller API creates a host controller in the current process. The host controller is started in admin-only
+mode therefore servers within the domain cannot be started. However the server configuration can be altered via
+management operations.
+
+
+
6.2.1. Example
+
+
Simple Example
+
+
final HostController server = EmbeddedProcessFactory.createHostController(Configuration.Builder.of(jbossHome).build());
+server.start();
+
+try {
+ // Print the listening address
+ final ModelControllerClient client = server.getModelControllerClient();
+ final ModelNode address = new ModelNode().setEmptyList();
+ final ModelNode op = Operations.createOperation(ClientConstants.READ_CHILDREN_NAMES_OPERATION, address);
+ op.get(ClientConstants.CHILD_TYPE).set(ClientConstants.SERVER_GROUP);
+ final ModelNode result = client.execute(op);
+ if (!Operations.isSuccessfulOutcome(result)) {
+ thrownewRuntimeException("Failed to get the public inet-address: " + Operations.getFailureDescription(result));
+ }
+ System.out.println("Available server groups:");
+ for (ModelNode value : Operations.readResult(result).asList()) {
+ System.out.printf("\t%s%n", value.asString());
+ }
+} finally {
+ server.stop();
+}
+
+
+
+
+
+
+
+
7. CDI Reference
+
+
+
WildFly uses Weld, the CDI reference
+implementation as its CDI provider. To activate CDI for a deployment
+simply add a beans.xml file in any archive in the deployment.
+
+
+
This document is not intended to be a CDI tutorial, it only covers CDI
+usage that is specific to WildFly. For some general information on CDI
+see the below links:
For WildFly 29 onwards, it is now possible to have classes outside the
+deployment be picked up as CDI beans. In order for this to work, you must
+add a dependency on the external deployment that your beans are coming
+from, and make sure the META-INF directory of this deployment is
+imported, so that your deployment has visibility to the beans.xml file
+(To import beans from outside the deployment they must be in an archive
+with a beans.xml file).
+
+
+
There are two ways to do this, either using the MANIFEST.MF or using
+jboss-deployment-structure.xml.
+
+
+
Using MANIFEST.MF you need to add a Dependencies entry, with
+meta-inf specified after the entry, e.g.
Note that this can be used to create beans from both modules in the
+modules directory, and from other deployments.
+
+
+
For more information on class loading and adding dependencies to your
+deployment please see the Class
+Loading Guide
+
+
+
+
7.2. Suppressing implicit bean archives
+
+
CDI 1.1 brings new options to packaging of CDI-enabled applications. In
+addition to well-known explicit bean archives (basically any archive
+containing the beans.xml file) the specification introduces implicit
+bean archives.
+
+
+
An implicit bean archive is any archive that contains one or more
+classes annotated with a bean defining annotation (scope annotation) or
+one or more session beans. As a result, the beans.xml file is no longer
+required for CDI to work in your application.
+
+
+
In an implicit bean archive only those classes that are either
+annotated with bean defining annotations or are session beans are
+recognized by CDI as beans (other classes cannot be injected).
+
+
+
This has a side-effect, though. Libraries exist that make use of scope
+annotation (bean defining annotations) for their own convenience but are
+not designed to run with CDI support. Guava would be an example of such
+library. If your application bundles such library it will be recognized
+as a CDI archive and may
+fail the
+deployment.
+
+
+
Fortunately, WildFly makes it possible to suppress implicit bean
+archives and only enable CDI in archives that bundle the beans.xml file.
+There are two ways to achieve this:
+
+
+
7.2.1. Per-deployment configuration
+
+
You can either set this up for your deployment only by adding the
+following content to the META-INF/jboss-all.xml file of your
+application:
CDI 1.1 clarifies some aspects of how CDI protable extensions work. As a
+result, some extensions that do not use the API properly (but were
+tolerated in CDI 1.0 environment) may stop working with CDI 1.1.If this
+is the case of your application you will see an exception like this:
+
+
+
+
org.jboss.weld.exceptions.IllegalStateException: WELD-001332: BeanManager method getBeans() is not available during application initialization
+
+
+
+
Fortunatelly, there is a non-portable mode available in WildFly which
+skips some of the API usage checks and therefore allows the legacy
+extensions to work as before.
+
+
+
Again, there are two ways to enable the non-portable mode:
+
+
+
7.3.1. Per-deployment configuration
+
+
You can either set this up for your deployment only by adding the
+following content to the META-INF/jboss-all.xml file of your
+application:
Note that new portable extensions should always use the
+BeanManager
+APIproperly and thus never require the non-portable mode. The
+non-portable mode only exists to preserve compatibility with legacy
+extensions!
+
+
+
+
+
+
+
+
+References in this document to CDI refer to Jakarta Contexts and Dependency Injection unless otherwise noted.
+
+
+
+
+
+
+
+
+
+
8. EE Concurrency Utilities
+
+
+
+EE Concurrency Utilities (JSR 236) is a technology introduced with Java
+EE 7, which adapts well known Java SE concurrency utilities to the Java
+EE application environment specifics. The Jakarta EE application server is
+responsible for the creation (and shutdown) of every instance of the EE
+Concurrency Utilities, and provide these to the applications, ready to
+use.
+
+
+
+
The EE Concurrency Utilities support the propagation of the invocation
+context, capturing the existent context in the application threads to
+use in their own threads, the same way a logged-in user principal is
+propagated when a servlet invokes an Jakarta Enterprise Beans asynchronously. The propagation
+of the invocation context includes, by default, the class loading, JNDI
+and security contexts.
+
+
+
WildFly creates a single default instance of each EE Concurrency Utility
+type in all configurations within the distribution, as mandated by the
+specification, but additional instances, perhaps customised to better
+serve a specific usage, may be created through WildFly’s EE Subsystem
+Configuration. To learn how to configure EE Concurrency Utilities please
+refer to EE Concurrency
+Utilities Configuration. Additionally, the EE subsystem configuration
+also includes the configuration of which instance should be considered
+the default instance mandated by the Jakarta EE specification, and such
+configuration is covered by
+Default EE Bindings Configuration.
+
+
+
8.1. Context Service
+
+
The Context Service ( jakarta.enterprise.concurrent.ContextService) is a
+brand new concurrency utility, which applications may use to build
+contextual proxies from existing objects.
+
+
+
A contextual proxy is an object that sets an invocation context, captured
+when created, whenever is invoked, before delegating the invocation to
+the original object.
WildFly default configurations creates a single default instance of a
+Context Service, which may be retrieved through @Resource injection:
+
+
+
+
@Resource
+private ContextService contextService;
+
+
+
+
+
+
+
+
+
+To retrieve instead a non default Context Service instance,
+@Resource’s `lookup attribute needs to specify the JNDI name used in
+the wanted instance configuration. WildFly will always inject the
+default instance, no matter what’s the name attribute value, if the
+lookup attribute is not defined.
+
+
+
+
+
+
Applications may alternatively use instead the standard JNDI API:
+As mandated by the Jakarta EE specification, the default Context Service
+instance’s JNDI name is java:comp/DefaultContextService.
+
+
+
+
+
+
+
8.2. Managed Thread Factory
+
+
The Managed Thread Factory (
+jakarta.enterprise.concurrent.ManagedThreadFactory) allows Java EE
+applications to create Java threads. It is an extension of Java SE’s
+Thread Factory ( java.util.concurrent.ThreadFactory) adapted to the
+Jakarta EE platform specifics.
+
+
+
Managed Thread Factory instances are managed by the application server,
+thus Jakarta EE applications are forbidden to invoke any lifecycle related
+method.
+
+
+
In case the Managed Thread Factory is configured to use a Context
+Service, the application’s thread context is captured when a thread
+creation is requested, and such context is propagated to the thread’s
+Runnable execution.
+
+
+
Managed Thread Factory threads implement
+jakarta.enterprise.concurrent.ManageableThread, which allows an
+application to learn about termination status.
+To retrieve instead a non default Managed Thread Factory instance,
+@Resource’s `lookup attribute needs to specify the JNDI name used in
+the wanted instance configuration. WildFly will always inject the
+default instance, no matter what’s the name attribute value, in case
+the lookup attribute is not defined.
+
+
+
+
+
+
Applications may alternatively use instead the standard JNDI API:
+As mandated by the Jakarta EE specification, the default Managed Thread
+Factory instance’s JNDI name is java:comp/DefaultManagedThreadFactory.
+
+
+
+
+
+
+
8.3. Managed Executor Service
+
+
The Managed Executor Service (
+jakarta.enterprise.concurrent.ManagedExecutorService) allows Java EE
+applications to submit tasks for asynchronous execution. It is an
+extension of Java SE’s Executor Service (
+java.util.concurrent.ExecutorService) adapted to the Jakarta EE platform
+requirements.
+
+
+
Managed Executor Service instances are managed by the application
+server, thus Jakarta EE applications are forbidden to invoke any lifecycle
+related method.
+
+
+
In case the Managed Executor Service is configured to use a Context
+Service, the application’s thread context is captured when the task is
+submitted, and propagated to the executor thread responsible for the
+task execution.
+To retrieve instead a non default Managed Executor Service instance,
+@Resource’s `lookup attribute needs to specify the JNDI name used in
+the wanted instance configuration. WildFly will always inject the
+default instance, no matter what’s the name attribute value, in case
+the lookup attribute is not defined.
+
+
+
+
+
+
Applications may alternatively use instead the standard JNDI API:
+As mandated by the Jakarta EE specification, the default Managed Executor
+Service instance’s JNDI name is
+java:comp/DefaultManagedExecutorService.
+
+
+
+
+
+
+
8.4. Managed Scheduled Executor Service
+
+
The Managed Scheduled Executor Service (
+jakarta.enterprise.concurrent.ManagedScheduledExecutorService) allows
+Jakarta EE applications to schedule tasks for asynchronous execution. It is
+an extension of Java SE’s Executor Service (
+java.util.concurrent.ScheduledExecutorService) adapted to the Java EE
+platform requirements.
+
+
+
Managed Scheduled Executor Service instances are managed by the
+application server, thus Jakarta EE applications are forbidden to invoke
+any lifecycle related method.
+
+
+
In case the Managed Scheduled Executor Service is configured to use a
+Context Service, the application’s thread context is captured when the
+task is scheduled, and propagated to the executor thread responsible for
+the task execution.
WildFly default configurations creates a single default instance of a
+Managed Scheduled Executor Service, which may be retrieved through
+@Resource injection:
+To retrieve instead a non default Managed Scheduled Executor Service
+instance, @Resource’s `lookup attribute needs to specify the JNDI
+name used in the wanted instance configuration. WildFly will always
+inject the default instance, no matter what’s the name attribute
+value, in case the lookup attribute is not defined.
+
+
+
+
+
+
Applications may alternatively use instead the standard JNDI API:
+As mandated by the Jakarta EE specification, the default Managed Scheduled
+Executor Service instance’s JNDI name is
+java:comp/DefaultManagedScheduledExecutorService.
+
+
+
+
+
+
+
+
+
9. Jakarta Enterprise Beans 3 Reference Guide
+
+
+
This chapter details the extensions that are available when developing
+Enterprise Java Beans tm on WildFly 29.
+
+
+
Currently, there is no support for configuring the extensions using an
+implementation specific descriptor file.
+
+
+
9.1. Resource Adapter for Message Driven Beans
+
+
Each Message Driven Bean must be connected to a resource adapter.
+
+
+
9.1.1. Specification of Resource Adapter using Metadata Annotations
+
+
The ResourceAdapter annotation is used to specify the resource adapter
+with which the MDB should connect.
+
+
+
The value of the annotation is the name of the deployment unit
+containing the resource adapter. For example jms-ra.rar.
Whenever a run-as role is specified for a given method invocation the
+default anonymous principal is used as the caller principal. This
+principal can be overridden by specifying a run-as principal.
+
+
+
9.2.1. Specification of Run-as Principal using Metadata Annotations
+
+
The RunAsPrincipal annotation is used to specify the run-as principal
+to use for a given method invocation.
+
+
+
The value of the annotation specifies the name of the principal to
+use. The actual type of the principal is undefined and should not be
+relied upon.
+
+
+
Using this annotation without specifying a run-as role is considered an
+error.
+
+
+
For example:
+
+
+
+
@RunAs("admin")
+@RunAsPrincipal("MyBean")
+
+
+
+
+
+
9.3. Security Domain
+
+
Each Enterprise Java Bean tm can be associated with a security domain.
+Only when an Jakarta Enterprise Beans are associated with a security domain will
+authentication and authorization be enforced.
+
+
+
9.3.1. Specification of Security Domain using Metadata Annotations
+
+
The SecurityDomain annotation is used to specify the security domain
+to associate with the Jakarta Enterprise Beans.
+
+
+
The value of the annotation is the name of the security domain to be
+used.
+
+
+
For example:
+
+
+
+
@SecurityDomain("other")
+
+
+
+
+
+
9.4. Transaction Timeout
+
+
For any newly started transaction a transaction timeout can be specified
+in seconds.
+
+
+
When a transaction timeout of 0 is used, then the actual transaction
+timeout will default to the domain configured default.
+TODO: add link to tx subsystem
+
+
+
Although this is only applicable when using transaction attribute
+REQUIRED or REQUIRES_NEW the application server will not detect
+invalid setups.
+
+
+
New Transactions
+
+
+
+
+
+
+
+
+Take care that even when transaction attribute REQUIRED is specified,
+the timeout will only be applicable if a new transaction is started.
+
+
+
+
+
+
9.4.1. Specification of Transaction Timeout with Metadata Annotations
+
+
The TransactionTimeout annotation is used to specify the transaction
+timeout for a given method.
+
+
+
The value of the annotation is the timeout used in the given unit
+granularity. It must be a positive integer or 0. Whenever 0 is specified
+the default domain configured timeout is used.
+
+
+
The unit specifies the granularity of the value. The actual value
+used is converted to seconds. Specifying a granularity lower than
+SECONDS is considered an error, even when the computed value will
+result in an even amount of seconds.
+
+
+
For example:@TransactionTimeout(value = 10, unit = TimeUnit.SECONDS)
+
+
+
+
9.4.2. Specification of Transaction Timeout in the Deployment Descriptor
+
+
The trans-timeout element is used to define the transaction timeout
+for business, home, component, and message-listener interface methods;
+no-interface view methods; web service endpoint methods; and timeout
+callback methods.
+
+
+
The trans-timeout element resides in the urn:trans-timeout namespace
+and is part of the standard container-transaction element as defined
+in the jboss namespace.
+
+
+
For the rules when a container-transaction is applicable please refer
+to EJB 3.1 FR 13.3.7.2.1.
The service is responsible to call the registered timeout methods of the
+different session beans.
+
+
+
+
+
+
+
+
+A persistent timer will be identified by the name of the EAR, the name
+of the sub-deployment JAR and the Bean’s name.
+If one of those names are changed (e.g. EAR name contain a version) the
+timer entry became orphaned and the timer event will not longer be
+fired.
+
+
+
+
+
+
9.5.1. Single event timer
+
+
The timer is will be started once at the specified time.
+
+
+
In case of a server restart the timeout method of a persistent timer
+will only be called directly if the specified time is elapsed.
+If the timer is not persistent, it will no longer be available
+if JBoss is restarted or the application is redeployed.
+
+
+
+
9.5.2. Recurring timer
+
+
The timer will be started at the specified first occurrence and after
+that point at each time if the interval is elapsed.
+If the timer will be started during the last execution is not finished
+the execution will be suppressed with a warning to avoid concurrent
+execution.
+
+
+
In case of server downtime for a persistent timer, the timeout method
+will be called only once if one, or more than one, interval is
+elapsed.
+If the timer is not persistent, it will no longer be active
+after the server is restarted or the application is redeployed.
+
+
+
+
9.5.3. Calendar timer
+
+
The timer will be started if the schedule expression match. It will be
+automatically deactivated and removed if there will be no next
+expiration possible, i.e. If you set a specific year.
+
+
+
For example:
+
+
+
+
@Schedule( ... dayOfMonth="1", month="1", year="2012") +
+// start once at 01-01-2012 00:00:00
+
+
+
+
Programmatic calendar timer
+
+
If the timer is persistent it will be fetched at server start and the
+missed timeouts are called concurrent.
+If a persistent timer contains an end date it will be executed once
+nevertheless how many times the execution was missed. Also a retry will
+be suppressed if the timeout method throw an Exception.
+In case of such expired timer access to the given Timer object might
+throw a NoMoreTimeoutExcption or NoSuchObjectException.
+
+
+
If the timer is non persistent it will not longer be active after the
+server is restarted or the application is redeployed.
+
+
+
TODO: clarify whether this should happen concurrently/blocked or even
+fired only once like a recurring timer!
+
+
+
+
Annotated calendar timer
+
+
If the timer is non persistent it will not activated for missed events
+during the server is down. In case of server start the timer is
+scheduled based on the @Schedule annotation.
+
+
+
If the timer is persistent (default if not deactivated by annotation)
+all missed events are fetched at server start and the annotated timeout
+method is called concurrent.
+
+
+
TODO: clarify whether this should happen concurrently/blocked or even
+fired only once like a recurring timer!
+
+
+
+
+
+
9.6. Container interceptors
+
+
+JBoss AS versions prior to WildFly8 allowed a JBoss specific way to
+plug-in user application specific interceptors on the server side so
+that those interceptors get invoked during an EJB invocation. Such
+interceptors differed from the typical (portable) spec provided Jakarta EE
+interceptors. The Jakarta Interceptors are expected to run after the
+container has done necessary invocation processing which involves
+security context propagation, transaction management and other such
+duties. As a result, these Jakarta Interceptors come too late into the
+picture, if the user applications have to intercept the call before
+certain container specific interceptor(s) are run.
+
+
+
+
9.6.1. Typical EJB invocation call path on the server
The invocation on the bean.doSomething() triggers the following (only
+relevant portion of the flow shown below):
+
+
+
+
+
WildFly specific interceptor (a.k.a container interceptor) 1
+
+
+
WildFly specific interceptor (a.k.a container interceptor) 2
+
+
+
….
+
+
+
WildFly specific interceptor (a.k.a container interceptor) N
+
+
+
User application specific Jakarta EE interceptor(s) (if any)
+
+
+
Invocation on the EJB instance’s method
+
+
+
+
+
The WildFly specific interceptors include the security context
+propagation, transaction management and other container provided
+services. In some cases, the " `container interceptors`" (let’s call
+them that) might even decide break the invocation flow and not let the
+invocation proceed (for example: due to the invoking caller not being
+among the allowed user roles who can invoke the method on the bean).
+
+
+
Previous versions of JBoss AS allowed a way to plug-in the user
+application specific interceptors (which relied on JBoss AS specific
+libraries) into this invocation flow so that they do run some
+application specific logic before the control reaches step#5 above. For
+example, AS5 allowed the use of JBoss AOP interceptors to do this.
+
+
+
As of WildFly 8, this feature was implemented.
+
+
+
+
9.6.2. Configuring container interceptors
+
+
As you can see from the JIRA https://issues.redhat.com/browse/AS7-5897,
+one of the goals of this feature implementation was to make sure that we
+don’t introduce any new WildFly specific library dependencies for the
+container interceptors. So we decided to allow the Jakarta Interceptors
+(which are just POJO classes with lifecycle callback annotations) to be
+used as container interceptors. As such you won’t need any dependency on
+any WildFly specific libraries. That will allow us to support this
+feature for a longer time in future versions of WildFly.
+
+
+
Furthermore, configuring these container interceptors is similar to
+configuring the Jakarta Interceptors for EJBs. In fact, it uses the same
+xsd elements that are allowed in ejb-jar.xml for 3.1 version of ejb-jar
+deployment descriptor.
+
+
+
+
+
+
+
+
+Container interceptors can only be configured via deployment
+descriptors. There’s no annotation based way to configure container
+interceptors. This was an intentional decision, taken to avoid
+introducing any WildFly specific library dependency for the annotation.
+
+
+
+
+
+
Configuring the container interceptors can be done in jboss-ejb3.xml
+file, which then gets placed under the META-INF folder of the EJB
+deployment, just like the ejb-jar.xml. Here’s an example of how the
+container interceptor(s) can be configured in jboss-ejb3.xml:
The usage of urn:container-interceptors:1.0 namespace which allows the
+container-interceptors elements to be configured
+
+
+
The container-interceptors element which contain the interceptor
+bindings
+
+
+
The interceptor bindings themselves are the same elements as what the
+EJB3.1 xsd allows for standard Jakarta Interceptors
+
+
+
The interceptors can be bound either to all EJBs in the deployment
+(using the * wildcard) or individual bean level (using the specific
+EJB name) or at specific method level for the EJBs.
The interceptor classes themselves are simple POJOs and use the
+@jakarta.annotation.AroundInvoke to mark the around invoke method which
+will get invoked during the invocation on the bean. Here’s an example of
+the interceptor:
9.6.3. Container interceptor positioning in the interceptor chain
+
+
The container interceptors configured for a EJB are guaranteed to be run
+before the WildFly provided security interceptors, transaction
+management interceptors and other such interceptors thus allowing the
+user application specific container interceptors to setup any relevant
+context data before the invocation proceeds.
+
+
+
+
9.6.4. Semantic difference between container interceptor(s) and Jakarta Interceptors API
+
+
Although the container interceptors are modeled to be similar to the
+Jakarta Interceptors, there are some differences in the API semantics.
+One such difference is that invoking on
+jakarta.interceptor.InvocationContext.getTarget() method is illegal for
+container interceptors since these interceptors are invoked way before
+the EJB components are setup or instantiated.
+References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
+
+
+
+
+
+
+
+
9.7. Jakarta Enterprise Beans 3 Database Persistent Timers
+
+
+WildFly now supports persistent timers backed by a shared database. High-availability
+support is provided through the database, and as a result it is not
+intended to be a super high performance solution that supports thousands
+of timers going off a second, however properly tuned it should provide
+sufficient performance for most use cases.
+
+
+
+
+
+
+
+
+
+Note that for this to work correctly the underlying database must
+support the READ_COMMITTED or SERIALIZABLE isolation mode and the
+datasource must be configured accordingly
+
+
+
+
+
+
9.7.1. Setup
+
+
In order to use clustered timers it is necessary to add a database
+backed timer store. This can be done from the CLI with the following
+command:
allow-execution - If this node is allowed to execute timers. If this
+is false then timers added on this node will be added to the database
+for another node to execute. This allows you to limit timer execution to
+a few nodes in a cluster, which can greatly reduce database load for
+large clusters.
+
+
+
datasource-jndi-name - The datasource to use
+
+
+
refresh-interval - The refresh interval in milliseconds. This is the
+period of time that must elapse before this node will check the database
+for new timers added by other nodes. A smaller value means that timers
+will be picked up more quickly, however it will result in more load on
+the database. This is most important to tune if you are adding timers
+that will expire quickly. If the node that added the timer cannot
+execute it (e.g. because it has failed or because allow-execution is
+false), this timer may not be executed until a node has refreshed.
+
+
+
database - Define the type of database that is in use. Some SQL
+statements are customised by database, and this tells the data store
+which version of the SQL to use.
+Without this attribute the server try to detected the type
+automatically, current supported types are postgresql, mysql, oracle,
+db2, hsql and h2.
+Note that this SQL resides in the file
+modules/system/layers/base/org/jboss/as/ejb3/main/timers/timer-sql.properties
+And as such is it possible to modify the SQL that is executed or add
+support for new databases by adding new DB specific SQL to this file (if
+you do add support for a new database it would be greatly appreciated if
+you could contribute the SQL back to the project).
+
+
+
partition - A node will only see timers from other nodes that have
+the same partition name. This allows you to break a large cluster up
+into several smaller clusters, which should improve performance. e.g.
+instead of having a cluster of 100 nodes, where all hundred are trying
+to execute and refresh the same timers, you can create 20 clusters of 5
+nodes by giving ever group of 5 a different partition name.
+
+
+
+
+
Non clustered timers
+
+
Note that you can still use the database data store for non-clustered
+timers, in which case set the refresh interval to zero and make sure
+that every node has a unique partition name (or uses a different
+database).
+
+
+
+
+
9.7.2. Using clustered timers in a deployment
+
+
It is possible to use the data store as default for all applications by
+changing the default-data-store within the ejb3 subsystem:
Another option is to use a separate data store for specific
+applications, all that is required is to set the timer data store name
+in jboss-ejb3.xml:
In a clustered deployment, multiple nodes updating timer datastore may cause the in-memory timer state to be temporarily
+out of sync. Some application may find the refresh-interval configuration not sufficient in some cases, and
+need to programmatically refresh timers. This can be done with Jakarta Interceptors configured for those business methods
+that need this capability, as illustrated in the following steps:
+
+
+
+
+
Implement an Jakarta Interceptors that enables wildfly.ejb.timer.refresh.enabled to true. For example,
Configure the Jakarta Interceptors to the target stateless or singleton bean business methods.
+When wildfly.ejb.timer.refresh.enabled is set to true, calling TimerService.getAllTimers()
+will first refresh from timer datastore before returning timers. For example,
+
+
+
+
+
+
@Singleton
+publicclassRefreshBean1 ... {
+
+ @Interceptors(RefreshInterceptor.class)
+ publicvoid businessMethod1() {
+ ...
+ // since wildfly.ejb.timer.refresh.enabled is set to true in interceptor for this business method,
+ // calling timerService.getAllTimers() will first refresh from timer datastore before returning timers.
+ final Collection<Timer> allTimers = timerService.getAllTimers();
+ ...
+ }
+}
+
+
+
+
+
+
Applications may configure such an interceptor to certain business methods that require this capability.
+Alternatively, applications may implement a dedicated business method to programmatically refresh timers, to
+be invoked by other parts of the application when needed. For example,
+
+
+
+
+
+
@Interceptors(RefreshInterceptor.class)
+ publicList<Timer> getAllTimerInfoWithRefresh() {
+ return timerService.getAllTimers();
+ }
+
+ publicvoid businessMethod1() {
+ final LocalBusinessInterface businessObject = sessionContext.getBusinessObject(LocalBusinessInterface.class);
+ businessObject.getAllTimerInfoWithRefresh();
+
+ // timer has been programmatically refreshed from datastore.
+ // continue with other business logic...
+ }
+
+
+
+
+
9.7.4. Technical details
+
+
Internally every node that is allowed to execute timers schedules a
+timeout for every timer is knows about. When this timeout expires then
+this node attempts to 'lock' the timer, by updating its state to
+running. The query this executes looks like:
+
+
+
+
UPDATE JBOSS_EJB_TIMER SET TIMER_STATE=? WHERE ID=? AND TIMER_STATE<>? AND NEXT_DATE=?;
+
+
+
+
Due to the use of a transaction and READ_COMMITTED or SERIALIZABLE
+isolation mode only one node will succeed in updating the row, and this
+is the node that the timer will run on.
+
+
+
+
+
9.8. Jakarta Enterprise Beans Distributed Timers
+
+
+WildFly now supports distributed timers backed by an embedded Infinispan cache.
+The Infinispan cache not only provides an HA solution for persistent timer metadata, in the case of a server crash or restart,
+but also distributes timer execution evenly between cluster members.
+Consequently, this solution generally provides better performance and scalability than the existing database solution.
+
+
+
+
This feature can also be used to provide file, database, or remote Infinispan cluster persistence of timer metadata for single server architectures, effectively replacing the existing file-store and database-store TimerService facilities.
+Additionally, this feature can also provide passivation support for non-persistent timers to allow the creation of large number of transient timers without the risk of running out of memory.
+
+
+
9.8.1. Setup
+
+
Distributed timer behavior is configured via the distributable-ejb subsystem, and can be configured globally via the ejb3 subsystem or customized per EJB via the timer-service EJB deployment descriptor namespace.
+
+
+
WildFly’s HA profiles (e.g. standalone-ha.xml) are configured to use the distributable timer service by default to handle both persistent and non-persistent timers.
+
+
+
To enable the use of distributable timer service within a non-HA profile (e.g. standalone.xml), one must first disable the existing data store mechanism, and then specify the timer management to use for persistent timers, which references a timer management resource from the distributable-ejb subsystem.
To use distributable timer management for transient (i.e. non-persistent) timers, remove the thread-pool-name attribute, and then specify the timer management to use for transient timers, which references a timer management resource from the distributable-ejb subsystem.
The <persistent-timer-management/> and <transient-timer-management/> elements above each reference a named timer management resource defined within the distributable-ejb subsystem.
To enable IIOP you must have the JacORB subsystem installed, and the
+<iiop/> element present in the ejb3 subsystem configuration. The
+standalone-full.xml configuration that comes with the distribution has
+both of these enabled.
+
+
+
The <iiop/> element takes two attributes that control the default
+behaviour of the server, for full details see EJB3
+subsystem configuration guide.
+
+
+
+
9.9.2. Enabling JTS
+
+
To enable JTS simply add a <jts/> element to the transactions
+subsystem configuration.
+
+
+
It is also necessary to enable the JacORB transactions interceptor as
+shown below.
Downloading stubs directly from the server is no longer supported. If
+you do not wish to pre-generate your stub classes JDK Dynamic stubs can
+be used instead. The enable JDK dynamic stubs simply set the
+com.sun.CORBA.ORBUseDynamicStub system property to true.
+
+
+
+
9.9.4. Configuring Jakarta Enterprise Beans IIOP settings via jboss-ejb3.xml
+
+
TODO
+
+
+
+
+
9.10. Jakarta Enterprise Beans over HTTP
+
+
Beginning with WildFly 11 it is now possible to use HTTP as the
+transport (instead of remoting) for remote Jakarta Enterprise Beans and JNDI invocations.
+
+
+
Everything mentioned below is applicable for both JNDI and Jakarta Enterprise Beans
+functionality.
+
+
+
9.10.1. Server Configuration
+
+
In order to configure the server the http-invoker needs to be enabled on
+each virtual host you wish to use in the Undertow subsystem. This is
+enabled by default in standard configs, but if it has been removed it
+can be added via:
The Hhttp-invoker takes two parameters, a path (which defaults to
+/wildfly-services) and a http-authentication-factory which must be a
+reference to an Elytron http-authentication-factory.
+
+
+
Note that any deployment that wishes to use this must use Elytron
+security with the same security domain that corresponds to the HTTP
+authentication factory.
+
+
+
+
9.10.2. Performing Invocations
+
+
The mechanism for performing invocations is exactly the same as for the
+remoting based Jakarta Enterprise Beans client, the only difference is that instead of a
+'remote+http' URI you use a 'http' URI (which must include the path that
+was configured in the invoker). For example if you are currently using
+'remote+ http://localhost:8080' as the target URI, you would change this
+to 'http://localhost:8080/wildfly-services'.
jboss-ejb3.xml is a custom deployment descriptor that can be placed in
+either ejb-jar or war archives. If it is placed in an ejb-jar then it
+must be placed in the META-INF folder, in a web archive it must be
+placed in the WEB-INF folder.
+
+
+
The contents of jboss-ejb3.xml are merged with the contents of
+ejb-jar.xml, with the jboss-ejb3.xml items taking precedence.
As you can see the format is largely similar to ejb-jar.xml, in fact
+they even use the same namespaces, however jboss-ejb3.xml adds some
+additional namespaces of its own to allow for configuring non-spec info.
+The format of the standard http://java.sun.com/xml/ns/javaee is well
+documented elsewhere, this document will cover the non-standard
+namespaces.
+
+
+
+
+
+
+
+
+Namespace "http://www.jboss.com/xml/ns/javaee" is bound to "jboss-ejb3-spec-2_0.xsd": this file redefines some elements of "ejb-jar_3_1.xml"
+
The following namespaces can all be used in the <assembly-descriptor>
+element. They can be used to apply their configuration to a single bean,
+or to all beans in the deployment by using * as the ejb-name.
+
+
+
The security namespace urn:security
+
+
This allows you to set the security domain and the run-as principal for
+an Jakarta Enterprise Beans.
The IIOP namespace is where IIOP settings are configured. As there are
+quite a large number of options these are covered in the
+IIOP guide.
+
+
+
+
The pool namespace urn:ejb-pool:1.0
+
+
This allows you to select the pool that is used by the SLSB or MDB.
+Pools are defined in the server configuration (i.e. standalone.xml or
+domain.xml)
This namespace is deprecated and as of WildFly 29 its use has no effect.
+The clustering behavior of Jakarta Enterprise Beans are determined by the profile in use on
+the server.
+
+
+
+
The timer-service namespace urn:timer-service:2.0
+
+
This allows you to customize the TimerService behavior for a given EJB.
There are three mechanisms in WildFly that allow controlling if a
+specific MDB is actively receiving or not messages:
+
+
+
+
+
delivery active
+
+
+
delivery groups
+
+
+
clustered singleton
+
+
+
+
+
We will see each one of them in the following sections.
+
+
+
9.12.1. Delivery Active
+
+
Delivery active is simply an attribute associated with the MDB that
+indicates if the MDB is receiving messages or not. If an MDB is not
+currently receiving messages, the messages will be saved in the queue or
+topic for later, according to the rules of the topic/queue.
+
+
+
You can configure delivery active using xml or annotations, and you can
+change its value after deployment using the cli.
+
+
+
+
+
jboss-ejb3.xml:
+
+
+
+
+
In the jboss-ejb3 xml file, configure the value of active as false to
+mark that the MDB will not be receiving messages as soon as it is
+deployed:
These management operations dynamically change the value of the active
+attribute, enabling or disabling delivery for the MDB. at runtime To use
+them, connect to the WildFly instance you want to manage, then enter the
+path of the MDB you want to manage delivery for:
Delivery groups provide a straightforward way to manage delivery for a
+group of MDBs. Every MDB belonging to a delivery group has delivery
+active if that group is active, and has delivery inactive
+whenever the group is not active.
+
+
+
You can add a delivery group to the ejb3 subsystem using either the
+subsystem xml or cli. Next, we will see examples of each case. In those
+examples we will add only a single delivery group, but keep in mind that
+you can add as many delivery groups as you need to a WildFly instance.
+
+
+
+
+
the ejb3 subsystem xml (located in your configuration xml, such as
+standalone.xml)
The example above adds a delivery group named "mdb-group-name" (you can
+use whatever name suits you best as the group name). The "true" active
+attribute indicates that all MDBs belonging to that group will have
+delivery active right after deployment. If you mark that attribute as
+false, you are indicating that every MDB belonging to the group will not
+start receiving messages after deployment, a condition that will remain
+until the group becomes active.
+
+
+
+
+
jboss-cli
+
+
+
+
+
You can add a mdb-delivery-group using the add command as below:
You can also use a wildcard to mark that all MDBs in your application
+belong to a delivery-group. In the following example, we add all MDBs in
+the application to group1, except for HelloWorldMDB, that is added to
+group2:
In the example above, we use the wildcard to specify that every MDB in the
+ejb-jar will belong to mdb-delivery-group1.
+That means that, in order for delivery of messages to be active for those MDBs,
+mdb-delivery-group1 must be active.
+
+
+
In addition, the configuration above specifies that HelloWorldMDB belongs also
+to mdb-delivery-group2 and mdb-delivery-group3. So, delivery of messages to
+ HelloWorldMDB will only be active when mdb-delivery-group1,
+ mdb-delivery-group2, and mdb-delivery-group3 are all active.
+
+
+
The same could be specified using the @DeliveryGroup annotation:
Notice that all the delivery-groups used by an application must be installed in
+the WildFly server upon deployment, or the deployment will fail with a message
+stating that the delivery-group is missing.
+
+
+
+
+
9.12.3. Clustered Singleton Delivery
+
+
Delivery can be marked as singleton in a clustered environment. In this
+case, only one node in the cluster will have delivery active for that
+MDB, whereas in all other nodes, delivery will be inactive. This option
+can be used for applications that are deployed in all nodes of the
+cluster. Such applications will be active in all nodes of the cluster,
+except for the MDBs that are marked as clustered singleton. For those
+MDBs, only one cluster node will be processing their messages. In case
+that node stops, another node will have delivery activated, guaranteeing
+that there is always one node processing the messages. This node is what
+we call primary singleton provider of the MDB.
+
+
+
Notice that applications using clustered singleton delivery can only be
+deployed in clustered WildFly servers (i.e., servers that are using the
+ha configuration).
+
+
+
To mark delivery as clustered singleton, you can use the jboss-ejb3.xml
+or the @ClusteredSingleton annotation:
As in the previous jboss-ejb3.xml examples, a wildcard can be used in
+the place of the ejb-name to indicate that all MDBs in the application
+are singleton clustered.
+
+
+
+
+
annotation
+
+
+
+
+
You can use the org.jboss.ejb3.annotation.ClusteredSingleton annotation
+to mark an MDB as clustered singleton:
9.12.4. Using Multiple MDB Delivery Control Mechanisms
+
+
The previous delivery control mechanisms can be used together in a
+single MDB. In this case, they work as a set of restrictions for
+delivery to be active in a MDB.
+
+
+
For example, if an MDB belongs to one or more delivery groups and is also a
+clustered singleton MDB, the delivery will be active for that MDB only
+if the delivery groups are active in the cluster node that was elected as
+the primary singleton provider.
+
+
+
Also, if you use jboss-cli to stopDelivery on a MDB that belongs to one or more
+delivery groups, the MDB will stop receiving messages in case all groups
+were active. If one or more of the groups associated with the MDB was not active,
+the MDB will continue in the same, inactive state. But, once all groups become active,
+the MDB will still be prevented from receiving messages, unless a startDelivery
+operation is executed to revert the previously executed stopDelivery operation.
+
+
+
Invoking stopDelivery on an MDB that is marked as clustered singleton
+will work in a similar way: no visible effect if the current node is not
+the primary singleton provider; but it will stop delivery of messages
+for that MDB if the current node is the primary singleton provider. If
+the current node is not the primary singleton provider, but eventually becomes so, the
+delivery of messages will not be active for that MDB, unless a
+startDelivery operation is invoked.
+
+
+
In other words, when more than one delivery control mechanism is used in
+conjunction, they act as a set of restrictions that need all to be true
+in order for the MDB to receive messages:
+
+
+
+
+
MDB belongs to one delivery-group + stop-delivery was invoked: the delivery group
+needs to be active and the delivery needs to be restarted (via start-delivery) in order
+for that MDB to start receiving messages;
+
+
+
MDB belongs to one delivery-group + MDB is clustered singleton: the delivery group
+needs to be active and the current node needs to be the primary singleton provider
+node in order for that MDB to start receiving messages;
+
+
+
MDB belongs to one delivery-group + MDB is clustered singleton + stop-delivery was invoked:
+as above, the delivery-group has to be active, the current cluster node must be the
+primary singleton provider node, plus, start-delivery needs to be invoked on that MDB,
+only with these three factors being true the MDB will start receiving messages.
+
+
+
MDB belongs to multiple delivery-groups + stop-delivery was invoked: all the delivery
+groups need to be active and the delivery needs to be restarted (via start-delivery) in
+order for that MDB to start receiving messages;
+
+
+
MDB belongs to multiple delivery-groups + MDB is clustered singleton: all the delivery
+groups need to be active and the current node needs to be the primary singleton
+provider node in order for that MDB to start receiving messages;
+
+
+
MDB belongs to multiple delivery-groups + MDB is clustered singleton + stop-delivery was
+invoked: as above, all delivery-groups must be active, and current cluster node has to be the
+primary singleton provider node, plus, start-delivery needs to be invoked on that MDB, only
+with these three factors being true the MDB will start receiving messages.
+
+
+
+
+
+
+
9.13. Securing Jakarta Enterprise Beans
+
+
The Jakarta EE spec specifies certain annotations (like @RolesAllowed,
+@PermitAll, @DenyAll) which can be used on Jakarta Enterprise Beans implementation classes
+and/or the business method implementations of the beans. Like with all
+other configurations, these security related configurations can also be
+done via the deployment descriptor (ejb-jar.xml). We won’t be going
+into the details of Jakarta EE specific annotations/deployment descriptor
+configurations in this chapter but instead will be looking at the vendor
+specific extensions to the security configurations.
+
+
+
9.13.1. Security Domain
+
+
The Jakarta EE spec doesn’t mandate a specific way to configure security
+domain for a bean. It leaves it to the vendor implementations to allow
+such configurations, the way they wish. In WildFly 29, the use of
+@org.jboss.ejb3.annotation.SecurityDomain annotation allows the
+developer to configure the security domain for a bean. Here’s an
+example:
The use of @SecurityDomain annotation lets the developer to point the
+container to the name of the security domain which is configured in the
+Jakarta Enterprise Beans 3 subsystem in the standalone/domain configuration. The configuration
+of the security domain in the Jakarta Enterprise Beans 3 subsystem is out of the scope of this
+chapter.
+
+
+
An alternate way of configuring a security domain, instead of using
+annotation, is to use jboss-ejb3.xml deployment descriptor. Here’s an
+example of how the configuration will look like:
+
+
+
+
<?xml version="1.0" encoding="UTF-8"?>
+<jboss:jboss
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:jboss="http://www.jboss.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:s="urn:security:1.1"
+ xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-2_0.xsd http://java.sun.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-spec-2_0.xsd"
+ version="3.1"impl-version="2.0">
+
+ <assembly-descriptor>
+ <s:security>
+ <!-- Even wildcard * is supported -->
+ <ejb-name>MyBean</ejb-name>
+ <!-- Name of the security domain which is configured in the EJB3 subsystem -->
+ <s:security-domain>other</s:security-domain>
+ </s:security>
+ </assembly-descriptor>
+</jboss:jboss>
+
+
+
+
As you can see we use the security-domain element to configure the
+security domain.
+
+
+
+
+
+
+
+
+The jboss-ejb3.xml is expected to be placed in the .jar/META-INF folder
+of a .jar deployment or .war/WEB-INF folder of a .war deployment.
+
+
+
+
+
+
+
9.13.2. Absence of security domain configuration but presence of other
As you can see the doSomething method is configured to be accessible
+for users with role "bar". However, the bean isn’t configured for any
+specific security domain. Prior to WildFly 29, the absence of an
+explicitly configured security domain on the bean would leave the bean
+unsecured, which meant that even if the doSomething method was
+configured with @RolesAllowed("bar") anyone even without the "bar"
+role could invoke on the bean.
+
+
+
In WildFly 29, the presence of any security metadata (like @RolesAllowed,
+@PermitAll, @DenyAll, @RunAs, @RunAsPrincipal) on the bean or any
+business method of the bean, makes the bean secure, even in the absence
+of an explicitly configured security domain. In such cases, the security
+domain name is default to "other". Users can explicitly configure an
+security domain for the bean if they want to using either the annotation
+or deployment descriptor approach explained earlier.
+
+
+
+
9.13.3. Access to methods without explicit security metadata, on a secured
As you can see the doSomething method is marked for access for only
+users with role "bar". That enables security on the bean (with security
+domain defaulted to "other"). However, notice that the method
+helloWorld doesn’t have any specific security configurations.
+
+
+
In WildFly 29, such methods which have no explicit security
+configurations, in a secured bean, will be treated similar to a method
+with @DenyAll configuration. What that means is, no one is allowed
+access to the helloWorld method. This behaviour can be controlled via
+the jboss-ejb3.xml deployment descriptor at a per bean level or a per
+deployment level as follows:
+
+
+
+
<?xml version="1.0" encoding="UTF-8"?>
+<jboss:jboss
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:jboss="http://www.jboss.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:s="urn:security:1.1"
+ xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-2_0.xsd http://java.sun.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-ejb3-spec-2_0.xsd"
+ version="3.1"impl-version="2.0">
+
+ <assembly-descriptor>
+ <s:security>
+ <!-- Even wildcard * is supported where * is equivalent to all EJBs in the deployment -->
+ <ejb-name>FooBean</ejb-name>
+ <s:missing-method-permissions-deny-access>false</s:missing-method-permissions-deny-access>
+ </s:security>
+ </assembly-descriptor>
+</jboss:jboss>
+
+
+
+
Notice the use of <missing-method-permissions-deny-access> element.
+The value for this element can either be true or false. If this element
+isn’t configured then it is equivalent to a value of true i.e. no one is
+allowed access to methods, which have no explicit security
+configurations, on secured beans. Setting this to false allows access to
+such methods for all users i.e. the behaviour will be switched to be
+similar to @PermitAll.
+
+
+
This behaviour can also be configured at the Jakarta Enterprise Beans 3 subsystem level so
+that it applies to all Jakarta Enterprise Beans 3 deployments on the server, as follows:
Again, the default-missing-method-permissions-deny-access element
+accepts either a true or false value. A value of true makes the
+behaviour similar to @DenyAll and a value of false makes it behave
+like @PermitAll
+
+
+
+
+
9.14. Jakarta Enterprise Beans Client Interceptors
+
+
9.14.1. Implementing Client Interceptors
+
+
The Jakarta Enterprise Beans client supports the notion of client side interceptors. These are interceptors
+that are run before an invocation is dispatched, and can modify various properties of
+the request before it is sent, as well as modifying parameters and the return value.
+
+
+
These interceptors are represented by the class org.jboss.ejb.client.EJBClientInterceptor,
+and are generally registered placing interceptor class names in
+META-INF/services/org.jboss.ejb.client.EJBClientInterceptor.
+
+
+
For more details about what can be modified refer to the Jakarta Enterprise Beans client JavaDoc.
+
+
+
+
9.14.2. Accessing invocation context data
+
+
It is possible for client interceptors to access data from the invocation context data map used in the server
+invocation (i.e. InvocationContext.getContextData()). To access a specific key you must call
+org.jboss.ejb.client.EJBClientInvocationContext.addReturnedContextDataKey(String key) with
+the name of the key you are interested in. This method must be called from the handleInvocation method
+of the interceptor.
+
+
+
If there is data in the context map under this specific key then it will be sent back to the client
+and will be available in the handleInvocationResult in the client invocations context data map.
+
+
+
+
+
9.15. Jakarta Enterprise Beans on Kubernetes
+
+
If the WildFly server is deployed on Kubernetes then there are several
+points that you need to bear in mind when you use EJBs.
+
+
+
+
+
+
+
+
+When deploying on Kubernetes you should consider the use of the WildFly Operator.
+ It manages the Kubernetes objects in WildFly friendly way.
+ For example, it uses StatefulSet for the correct handling of EJB remoting and transaction recovery processing.
+
+
+
+
+
+
The rest of this chapter assumes the StatefulSet is used
+as the Kubernetes API object for managing the WildFly server.
+
+
+
The StatefulSet provides a guarantee of persistent storage and network hostname stability
+over the restarts of the pod.
+
+
+
These two guarantees are particularly important for the transaction manager which is a stateful component.
+The persistent storage over restarts is needed as the transaction log is usually stored at the file system.
+If the transaction manager creates a transaction log record it’s created only at the transaction log particular to the WildFly instance.
+The hostname stability is needed as the WildFly may be contacted via EJB remote call with transaction propagation.
+The WildFly has to be reachable under the same hostname even after pod restarts.
+As the transaction log is bound to the particular WildFly instance it may be finished only there.
+
+
+
9.15.1. EJB calls on Kubernetes
+
+
The EJB caller has two options on how to configure the remote call.
+It can be defined either as a remote outbound connection (see details at Admin Guide, section Outbound Connections)
+or you may use a direct InitialContext lookup in your code.
+
+
+
If you use either case then for the Kubernetes you need to adjust the configuration of the target node.
+For the target hostname, you need to use the DNS name of the very first pod managed by StatefulSet.
+
+
+
The StatefulSet guarantees depend on the ordering of the pods. The pods are named in the prescribed order.
+If you scale your application up to 3 replicas you may expect
+your pods will have names such as wildfly-server-0, wildfly-server-1, wildfly-server-2.
+
+
+
It’s expected a headless services
+to be used along with the StatefulSet. With the headless service, there is ensured the DNS hostname for the pod.
+If the application uses the WildFly Operator, a headless service will be created with a name such as wildfly-server-headless.
+Then the DNS name of the very first pod will be wildfly-server-0.wildfly-server-headless.
+
+
+
The use of the hosname wildfly-server-0.wildfly-server-headless
+guarantees that the EJB call may reach any WildFly instance connected to the cluster.
+It’s a bootstrap connection which is used to initialize the EJB client
+which gathers the structure of the WildFly cluster as the next step.
+
+
+
+
9.15.2. EJB configuration for Kubernetes
+
+
These are steps you need to process in order to run EJB remote calls.
+Some steps are related to the server configuration, the other ones
+on your application.
All the socket-binding must define the client mapping for the DNS value mapped by StatefulSet headless service.
+For example if the application is named wildfly-server and the StatefulSet headless service is named wildfly-server-headless
+then the http socket binding has to be defined in the following way:
A small workaround is needed for the remote EJB transaction recovery on Kubernetes
+(the issue could be tracked at WFCORE-4668).
+The WildFly application server has to be configured with property wildfly.config.url.
+The wildfly.config.url points to a XML configuration file. If we consider one being placed at $JBOSS_HOME/standalone/configuration/wildfly-config.xml
+then the property is setup as JAVA_OPTS="$JAVA_OPTS -Dwildfly.config.url=$JBOSS_HOME/standalone/configuration/wildfly-config.xml".
+The wildfly-config.xml defines the EJB recovery authentication to be used during transaction recovery for remote EJB calls.
+The target server has to configure a user that is permitted to receive the EJB remote calls.
+Such a user is then configured by standard means of security configuration.
+Let’s say there is configured a user on the target server.
+The user is created with script $JBOSS_HOME/bin/add-user.sh under the ApplicationRealm.
+Then the caller WildFly uses the configuration in wildfly-config.xml this way
+(you may copy the content below, but replace the >>PASTE_…_HERE<< with user and password you configured):
+References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
+
+
+
+
+
+
+
+
9.16. Jakarta Enterprise Beans Deployment Runtime Resources
+
+
Enterprise bean deployment exposes certain management runtime resources to help users inspect enterprise bean metadata
+and monitor invocation statistics. Bean metadata is configured in the application via deployment descriptor and
+annotations. Stateless, stateful, singleton session beans and message-driven beans support a common set of resources,
+and also resources specific to the bean type. For example, these are some of the common enterprise bean resources:
+
+
+
+
+
jndi-names
+
+
+
component-class-name
+
+
+
declared-roles
+
+
+
transaction-type
+
+
+
stateful-timeout
+
+
+
activation-config
+
+
+
+
+
Users can view these enterprise bean resources via WildFly CLI or Administration Console. The following sections
+provides sample CLI and Administration Console output for each enterprise bean type. For complete details, refer to
+WildFly Model Reference Documentation
+
+
+
9.16.1. Stateless Session Bean Runtime Resources
+
+
To view the management runtime resources for a deployed stateless session bean in CLI, run the following CLI command:
To view it in WildFly Administration Console, go to the Management Model section of the target deployment. For example,
+
+
+
+
+
+
+
+
+
+
10. JPA Reference Guide
+
+
+
10.1. Introduction
+
+
The WildFly JPA subsystem implements the Jakarta Persistence 3.1 container-managed
+requirements. Deploys the persistence unit definitions, the persistence
+unit/context annotations and persistence unit/context references in the
+deployment descriptor. JPA Applications use the Hibernate (version 5.3)
+persistence provider, which is included with WildFly. The JPA subsystem
+uses the standard SPI (jakarta.persistence.spi.PersistenceProvider) to
+access the Hibernate persistence provider and some additional extensions
+as well.
+
+
+
During application deployment, JPA use is detected (e.g. persistence.xml
+or @PersistenceContext/Unit annotations) and injects Hibernate
+dependencies into the application deployment. This makes it easy to
+deploy JPA applications.
Or remove the persistence provider class name from your persistence.xml
+(so the default provider will be used).
+
+
+
+
10.3. Entity manager
+
+
The entity manager (jakarta.persistence.EntityManager class) is similar to
+the Hibernate Session class; applications use it to
+create/read/update/delete data (and related operations). Applications
+can use application-managed or container-managed entity managers. Keep
+in mind that the entity manager is not thread safe, don’t share the same
+entity manager instance with multiple threads.
+
+
+
Internally, the entity manager, has a persistence context for managing
+entities. You can think of the persistence context as being closely
+associated with the entity manager.
+
+
+
+
10.4. Container-managed entity manager
+
+
When you inject a container-managed entity managers into an application
+variable, it is treated like an (EE container controlled) Java proxy
+object, that will be associated with an underlying EntityManager
+instance, for each started JTA transaction and is flushed/closed when
+the JTA transaction commits. Such that when your application code
+invokes EntityManager.anyMethod(), the current JTA transaction is
+searched (using persistence unit name as key) for the underlying
+EntityManager instance, if not found, a new EntityManager instance is
+created and associated with the current JTA transaction, to be reused
+for the next EntityManager invocation. Use the @PersistenceContext
+annotation, to inject a container-managed entity manager into a
+jakarta.persistence.EntityManager variable.
+
+
+
+
10.5. Application-managed entity manager
+
+
An application-managed entity manager is kept around until the
+application closes it. The scope of the application-managed entity
+manager is from when the application creates it and lasts until the
+application closes it. Use the @PersistenceUnit annotation, to inject
+a persistence unit into a jakarta.persistence.EntityManagerFactory
+variable. The EntityManagerFactory can return an application-managed
+entity manager.
+
+
+
+
10.6. Persistence Context
+
+
The JPA persistence context contains the entities managed by the entity
+manager (via the JPA persistence provider). The underlying entity
+manager maintains the persistence context. The persistence context acts
+like a first level (transactional) cache for interacting with the
+datasource. Loaded entities are placed into the persistence context
+before being returned to the application. Entities changes are also
+placed into the persistence context (to be saved in the database when
+the transaction commits).
+
+
+
+
10.7. Transaction-scoped Persistence Context
+
+
The transaction-scoped persistence context coordinates with the (active)
+JTA transaction. When the transaction commits, the persistence context
+is flushed to the datasource (entity objects are detached but may still
+be referenced by application code). All entity changes that are expected
+to be saved to the datasource, must be made during a transaction.
+Entities read outside of a transaction will be detached when the entity
+manager invocation completes. Example transaction-scoped persistence
+context is below.
+
+
+
+
@Stateful// will use container managed transactions
+publicclassCustomerManager {
+ @PersistenceContext(unitName = "customerPU") // default type is PersistenceContextType.TRANSACTION
+ EntityManager em;
+ public customer createCustomer(String name, String address) {
+ Customer customer = new Customer(name, address);
+ em.persist(customer); // persist new Customer when JTA transaction completes (when method ends).
+ // internally:
+ // 1. Look for existing "customerPU" persistence context in active JTA transaction and use if found.
+ // 2. Else create new "customerPU" persistence context (e.g. instance of org.hibernate.ejb.HibernatePersistence)
+ // and put in current active JTA transaction.
+ return customer; // return Customer entity (will be detached from the persistence context when caller gets control)
+ } // Transaction.commit will be called, Customer entity will be persisted to the database and "customerPU" persistence context closed
+
+
+
+
+
10.8. Extended Persistence Context
+
+
The (ee container managed) extended persistence context can span
+multiple transactions and allows data modifications to be queued up
+(without an active JTA transaction), to be applied
+during completion of next JTA transaction. The Container-managed extended persistence
+context can only be injected into a stateful session bean.
JPA 2.2 specification section 7.6.3.1
+
+If a stateful session bean instantiates a stateful session bean (executing in the same EJB container instance) which also has such an extended persistence context with the same synchronization type, the extended persistence context of the first stateful session bean is inherited by the second stateful session bean and bound to it, and this rule recursively applies independently of whether transactions are active or not at the point of the creation of the stateful session beans. If the stateful session beans differ in declared synchronization type, the EJBException is thrown by the container. If the persistence context has been inherited by any stateful session beans, the container does not close the persistence context until all such stateful session beans have been removed or otherwise destroyed.
+
+
+
+
By default, the current stateful session bean being created, will (
+deeply) inherit the extended persistence context from any stateful
+session bean executing in the current Java thread. The deep
+inheritance of extended persistence context includes walking multiple
+levels up the stateful bean call stack (inheriting from parent beans).
+The deep inheritance of extended persistence context includes sibling
+beans. For example, parentA references child beans beanBwithXPC &
+beanCwithXPC. Even though parentA doesn’t have an extended persistence
+context, beanBwithXPC & beanCwithXPC will share the same extended
+persistence context.
+
+
+
Some other EE application servers, use shallow inheritance, where
+stateful session bean only inherit from the parent stateful session bean
+(if there is a parent bean). Sibling beans do not share the same
+extended persistence context unless their (common) parent bean also has
+the same extended persistence context.
+
+
+
Applications can include a (top-level) jboss-all.xml deployment
+descriptor that specifies either the (default) DEEP extended
+persistence context inheritance or SHALLOW.
+
+
+
The WF/docs/schema/jboss-jpa_1_0.xsd describes the jboss-jpa
+deployment descriptor that may be included in the jboss-all.xml. Below
+is an example of using SHALLOW extended persistence context
+inheritance:
The AS console/cli can change the default extended persistence context
+setting (DEEP or SHALLOW). The following cli commands will read the
+current JPA settings and enable SHALLOW extended persistence context
+inheritance for applications that do not include the jboss-jpa
+deployment descriptor:
+
+
+
+
+
/jboss-cli.sh
+
cd subsystem=jpa
+:read-resource
+:write-attribute(name=default-extended-persistence-inheritance,value="SHALLOW")
+
+
+
+
+
+
+
10.9. Entities
+
+
JPA allows use of your (pojo) plain old Java class to represent a
+database table row.
+
+
+
+
@PersistenceContext EntityManager em;
+Integer bomPk = getIndexKeyValue();
+BillOfMaterials bom = em.find(BillOfMaterials.class, bomPk); // read existing table row into BillOfMaterials class
+
+BillOfMaterials createdBom = new BillOfMaterials("..."); // create new entity
+em.persist(createdBom); // createdBom is now managed and will be saved to database when the current JTA transaction completes
+
+
+
+
The entity lifecycle is managed by the underlying persistence provider.
+
+
+
+
+
New (transient): an entity is new if it has just been instantiated
+using the new operator, and it is not associated with a persistence
+context. It has no persistent representation in the database and no
+identifier value has been assigned.
+
+
+
Managed (persistent): a managed entity instance is an instance with a
+persistent identity that is currently associated with a persistence
+context.
+
+
+
Detached: the entity instance is an instance with a persistent
+identity that is no longer associated with a persistence context,
+usually because the persistence context was closed or the instance was
+evicted from the context.
+
+
+
Removed: a removed entity instance is an instance with a persistent
+identity, associated with a persistence context, but scheduled for
+removal from the database.
+
+
+
+
+
+
10.10. Deployment
+
+
The persistence.xml contains the persistence unit configuration (e.g.
+datasource name) and as described in the JPA 2.0 spec (section 8.2), the
+jar file or directory whose META-INF directory contains the
+persistence.xml file is termed the root of the persistence unit. In Java
+EE environments, the root of a persistence unit must be one of the
+following (quoted directly from the JPA 2.0 specification):
+
+
+
"
+
+
+
+
+
an EJB-JAR file
+
+
+
the WEB-INF/classes directory of a WAR file
+
+
+
a jar file in the WEB-INF/lib directory of a WAR file
+
+
+
a jar file in the EAR library directory
+
+
+
an application client jar file
+
+
+
+
+
The persistence.xml can specify either a JTA datasource or a non-JTA
+datasource. The JTA datasource is expected to be used within the EE
+environment (even when reading data without an active transaction). If a
+datasource is not specified, the default-datasource will instead be used
+(must be configured).
+
+
+
+
+
+
+
+
+Java Persistence 1.0 supported use of a jar file in the root of
+the EAR as the root of a persistence unit. This use is no longer
+supported. Portable applications should use the EAR library directory
+for this case instead.
+
+
+
+
+
+
"
+
+
+
Question: Can you have a EAR/META-INF/persistence.xml?
+
+
+
Answer: No, the above may deploy but it could include other archives
+also in the EAR, so you may have deployment issues for other reasons.
+Better to put the persistence.xml in an EAR/lib/somePuJar.jar.
+
+
+
+
10.11. Troubleshooting
+
+
The org.jboss.as.jpa logging can be enabled to get the following
+information:
+
+
+
+
+
INFO - when persistence.xml has been parsed, starting of persistence
+unit service (per deployed persistence.xml), stopping of persistence
+unit service
+
+
+
DEBUG - informs about entity managers being injected, creating/reusing
+transaction scoped entity manager for active transaction
+
+
+
TRACE - shows how long each entity manager operation took in
+milliseconds, application searches for a persistence unit, parsing of
+persistence.xml
+
+
+
+
+
To enable TRACE, open the as/standalone/configuration/standalone.xml (or
+as/domain/configuration/domain.xml) file. Search for <subsystem
+xmlns="urn:jboss:domain:logging:1.0"> and add the org.jboss.as.jpa
+category. You need to change the console-handler level from INFO to
+TRACE.
To troubleshoot issues with the Hibernate second level cache, try
+enabling trace for org.hibernate.SQL + org.hibernate.cache.infinispan
+org.infinispan:
To enable the second level cache with Hibernate, just set the
+hibernate.cache.use_second_level_cache property to true or
+set shared-cache-mode to one of the following:
+
+
+
+
+
ENABLE_SELECTIVE
+
+
+
DISABLE_SELECTIVE
+
+
+
ALL
+
+
+
+
+
Infinispan is the cache provider for JPA applications, so you don’t need to specify
+anything in addition. The Infinispan version that is included in
+WildFly is expected to work with the Hibernate version that is included
+with WildFly. Example persistence.xml settings:
+
+
+
+
<?xml version="1.0" encoding="UTF-8"?><persistencexmlns="http://java.sun.com/xml/ns/persistence"version="1.0">
+<persistence-unitname="2lc_example_pu">
+ <description>example of enabling the second level cache.</description>
+ <jta-data-source>java:jboss/datasources/mydatasource</jta-data-source>
+ <shared-cache-mode>ENABLE_SELECTIVE</shared-cache-mode>
+</persistence-unit>
+</persistence>
+
+
+
+
Here is an example of enabling the second level cache for a Hibernate
+native API hibernate.cfg.xml file:
The Hibernate native API application will also need a MANIFEST.MF:
+
+
+
+
Dependencies: org.infinispan,org.hibernate
+
+
+
+
Infinispan
+Hibernate/JPA second level cache provider documentation contains
+advanced configuration information but you should bear in mind that when
+Hibernate runs within WildFly 29, some of those configuration options,
+such as region factory, are not needed. Moreover, the application server
+providers you with option of selecting a different cache container for
+Infinispan via hibernate.cache.infinispan.container persistence
+property. To reiterate, this property is not mandatory and a default
+container is already deployed for by the application server to host the
+second level cache.
+
+
+
Here is an example of what the Hibernate cache settings may currently be
+in your standalone.xml:
WildFly includes Hibernate Search.
+If you want to use the bundled version of Hibernate Search, which requires to use the default Hibernate ORM persistence provider:
+
+
+
+
+
Ensure at least one entity in your application is annotated with org.hibernate.search.mapper.pojo.mapping.definition.annotation.Indexed,
+so that WildFly will make the module org.hibernate.search.mapper.orm:main available to your deployment.
+
+
+
Ensure you set the configuration property hibernate.search.backend.type to lucene,
+so that WildFly will make the module org.hibernate.search.backend.lucene:main available to your deployment.
+
+
+
Alternatively, add dependencies to those modules explicitly,
+for example using a manifest entry.
+Do not forget to append the services keyword, otherwise Hibernate Search may not detect these modules.
If you do not want Hibernate Search to be exposed to your deployment, set the persistence property wildfly.jpa.hibernate.search.module to either none to not automatically inject any Hibernate Search module, or to any other module identifier to inject a different module. For example you could set wildfly.jpa.hibernate.search.module=org.hibernate.search.mapper.orm:6.1.0.Beta1 to use the experimental version 6.1.0.Beta1 instead of the provided module; in this case you’ll have to download and add the custom modules to the application server as other versions are not included. When setting wildfly.jpa.hibernate.search.module=none you might also opt to include Hibernate Search and its dependencies within your application but we highly recommend the modules approach.
+
+
+
+
10.14. Packaging the Hibernate JPA persistence provider with your application
+
+
WildFly allows the packaging of Hibernate persistence provider jars with
+the application. The JPA deployer will detect the presence of a
+persistence provider in the application and
+jboss.as.jpa.providerModule needs to be set to application.
You need to copy the EclipseLink (3.0 or newer) jar into the WildFly
+modules/org/eclipse/persistence/main folder and update
+modules/org/eclipse/persistence/main/module.xml to include the
+EclipseLink jar (take care to use the jar name that you copied in). If
+you happen to leave the EclipseLink version number in the jar name, the
+module.xml should reflect that. This will help you get your application
+that depends on EclipseLink, to deploy on WildFly.
Applications that use the Hibernate API directly, can be referred to
+as native Hibernate applications. Native Hibernate applications, can
+choose to use the Hibernate jars included with WildFly or they can
+package their own copy of the Hibernate jars. Applications that utilize
+JPA will automatically have the Hibernate classes injected onto the
+application deployment classpath. Meaning that JPA applications, should
+expect to use the Hibernate jars included in WildFly.
+
+
+
Example MANIFEST.MF entry to add dependency for Hibernate native
+applications:
10.18. Hibernate ORM 5.1 native API bytecode transformer was removed
+
+
If your application references the Hibernate ORM 5.1 native API bytecode transformer, you should remove references to org.jboss.as.hibernate.Hibernate51CompatibilityTransformer
+in any jboss-deployment-structure.xml files in your application. The Hibernate51CompatibilityTransformer system property is now ignored.
+
+
+
For the following example Hibernate51CompatibilityTransformer.xml, you need to remove each transformer:
WildFly automatically sets or checks the following Hibernate properties (if
+not already set in persistence unit definition):
+
+
+
+
+
+
+
+
+
Property
+
Purpose
+
+
+
+
+
hibernate.id.new_generator_mappings
+
Can no longer be set to false by applications as per the Hibernate 6 change to only support hibernate.id.new_generator_mappings=true.
+
+
+
hibernate.transaction.jta.platform= instance of
+org.hibernate.service.jta.platform.spi.JtaPlatform interface
+
The
+transaction manager, user transaction and transaction synchronization
+registry is passed into Hibernate via this class.
+
+
+
hibernate.session_factory_name = qualified persistence unit name
+
Is
+set to the application name + persistence unit name (application can
+specify a different value but it needs to be unique across all
+application deployments on the AS instance).
+
+
+
hibernate.session_factory_name_is_jndi = false
+
only set if the
+application didn’t specify a value for hibernate.session_factory_name.
+
+
+
hibernate.entitymanager_factory_name = qualified persistence unit
+name
+
Is set to the application name + persistence unit name
+(application can specify a different value but it needs to be unique
+across all application deployments on the AS instance).
+This replaces the hibernate.ejb.entitymanager_factory_name property which is no longer supported.
Sets all of the various hibernate.jpa.* properties to true (hibernate.jpa.compliance.transaction, hibernate.jpa.compliance.closed,hibernate.jpa.compliance.query, hibernate.jpa.compliance.list, hibernate.jpa.compliance.caching, hibernate.jpa.compliance.proxy
+
+
+
hibernate.enable_lazy_load_no_trans=false
+
+
+
+
+
+
+
10.20. Persistence unit properties
+
+
The following properties are supported in the persistence unit
+definition (in the persistence.xml file):
+
+
+
+
+
+
+
+
+
Property
+
Purpose
+
+
+
+
+
jboss.as.jpa.providerModule
+
name of the persistence provider module
+(default is org.hibernate). Should be application, if a persistence
+provider is packaged with the application. See note below about some
+module names that are built in (based on the provider).
+
+
+
jboss.as.jpa.adapterModule
+
name of the integration classes that help
+WildFly to work with the persistence provider.
+
+
+
jboss.as.jpa.adapterClass
+
class name of the integration adapter.
+
+
+
jboss.as.jpa.managed
+
set to false to disable container managed JPA
+access to the persistence unit. The default is true, which enables
+container managed JPA access to the persistence unit. This is typically
+set to false for Spring applications.
+
+
+
jboss.as.jpa.classtransformer
+
set to false to disable class
+transformers for the persistence unit. Set to true, to allow entity
+class enhancing/rewriting.
+
+
+
wildfly.jpa.default-unit
+
set to true to choose the default persistence
+unit in an application. This is useful if you inject a persistence
+context without specifying the unitName (@PersistenceContext
+EntityManager em) but have multiple persistence units specified in your
+persistence.xml.
+
+
+
wildfly.jpa.twophasebootstrap
+
persistence providers (like Hibernate
+ORM 4.3+ via EntityManagerFactoryBuilder), allow a two phase persistence
+unit bootstrap, which improves JPA integration with Jakarta Contexts and Dependency Injection. Setting the
+wildfly.jpa.twophasebootstrap hint to false, disables the two phase
+bootstrap (for the persistence unit that contains the hint).
+
+
+
wildfly.jpa.applicationdatasource
+
set to true when using an application defined DataSource or resource reference to a global DataSource.
+
+
+
wildfly.jpa.allowdefaultdatasourceuse
+
set to false to prevent
+persistence unit from using the default data source. Defaults to true.
+This is only important for persistence units that do not specify a
+datasource.
+
+
+
jboss.as.jpa.deferdetach
+
Controls whether a transaction scoped
+persistence context used in a non-JTA transaction thread will detach
+loaded entities after each EntityManager invocation or when the
+persistence context is closed (e.g. business method ends). Defaults to
+false (entities are cleared after EntityManager invocation) and if set
+to true, the detach is deferred until the context is closed.
+
+
+
wildfly.jpa.skipquerydetach
+
Controls whether a transaction scoped
+persistence context used in a non-JTA transaction thread will detach
+Query results immediately. Defaults to
+false (Query results are detached immediately) and if set
+to true, the detach is deferred until the persistence context is closed.
+
+
+
wildfly.jpa.hibernate.search.module
+
Controls which version of
+Hibernate Search to include on classpath. Only makes sense when using
+Hibernate as JPA implementation. The default is auto; other valid values
+are none or a full module identifier to use an alternative version.
+
+
+
jboss.as.jpa.scopedname
+
Specify the qualified (application scoped)
+persistence unit name to be used. By default, this is internally set to
+the application name + persistence unit name. The
+hibernate.cache.region_prefix will default to whatever you set
+jboss.as.jpa.scopedname to. Make sure you set the
+jboss.as.jpa.scopedname value to a value not already in use by other
+applications deployed on the same application server instance.
+
+
+
wildfly.jpa.allowjoinedunsync
+
If set to true, allows an
+SynchronizationType.UNSYNCHRONIZED persistence context that has been
+joined to the active JTA transaction, to be propagated into a
+SynchronizationType.SYNCHRONIZED persistence context. Otherwise, an
+IllegalStateException exception would of been thrown that complains that
+an unsychronized persistence context cannot be propagated into a
+synchronized persistence context. Defaults to false.
+
+
+
wildfly.jpa.skipmixedsynctypechecking
+
Set to true to disable the
+throwing of an IllegalStateException exception when propagating an
+SynchronizationType.UNSYNCHRONIZED persistence context into a
+SynchronizationType.SYNCHRONIZED persistence context. This is a
+workaround intended to allow applications that used to incorrectly not
+get IllegalStateException exception with extended persistence contexts,
+to avoid the IllegalStateException, so they don’t have to change their
+application right away (for compatibility purposes). This hint may be
+deprecated in a future release. See WFLY-7108 for more details. Defaults
+to false.
+
+
+
wildfly.jpa.regionfactory
+
Only applies to Hibernate ORM 5.3+, set to false to disable automatic use of Infinispan as second level cache (hibernate.cache.region.factory_class).
+
+
+
wildfly.jpa.jtaplatform
+
Only applies to Hibernate ORM 5.3+, set to false to disable automatic configuring of the JTA integration platform (hibernate.transaction.jta.platform).
+
+
+
+
+
+
10.21. Determine the persistence provider module
+
+
As mentioned above, if the jboss.as.jpa.providerModule property is not
+specified, the provider module name is determined by the provider name
+specified in the persistence.xml. The mapping is:
10.22. Binding EntityManagerFactory/EntityManager to JNDI
+
+
By default WildFly does not bind the entity manager factory to JNDI.
+However, you can explicitly configure this in the persistence.xml of
+your application by setting the jboss.entity.manager.factory.jndi.name
+hint. The value of that property should be the JNDI name to which the entity manager factory should be bound.
+
+
+
You can also bind a container managed (transaction scoped) entity manager to JNDI as well, }}via hint
+jboss.entity.manager.jndi.name\{
+}{{. As a reminder, a transaction scoped entity manager (persistence context), acts as a proxy that always gets an unique underlying entity manager (at the persistence provider level).
+
+
+
Here’s an example:
+
+
+
persistence.xml
+
+
+
+
<?xml version="1.0" encoding="UTF-8"?>
+<persistenceversion="2.0"
+xmlns="http://java.sun.com/xml/ns/persistence"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+xsi:schemaLocation="
+ http://java.sun.com/xml/ns/persistence
+ http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd">
+ <persistence-unitname="myPU">
+ <!-- If you are running in a production environment, add a managed
+ data source, the example data source is just for proofs of concept! -->
+ <jta-data-source>java:jboss/datasources/ExampleDS</jta-data-source>
+ <properties>
+ <!-- Bind entity manager factory to JNDI at java:jboss/myEntityManagerFactory -->
+ <propertyname="jboss.entity.manager.factory.jndi.name"value="java:jboss/myEntityManagerFactory"/>
+ <propertyname="jboss.entity.manager.jndi.name"value="java:/myEntityManager"/>
+ </properties>
+ </persistence-unit>
+</persistence>
+References in this document to Java Transaction API (JTA) refer to Jakarta Transactions unless otherwise noted.
+ References in this document to Java Persistence API (JPA) refer to the Jakarta Persistence unless otherwise noted.
+
+
+
+
+
+
+
+
+
11. JTA Reference
+
+
+
WildFly uses Narayana as the implementation of the JTA specification.
+Narayana manages transactions in the application server.
+
+
+
11.1. Transactions in Enterprise Java applications
+
+
Transactions are one of the core functionalities provided by the container
+for the applications. A developer can manage transactions either with
+the programmatic approach - with API defined by JTA specification.
+Or he can use annotations. There are two types.
+
+
+
+
+
first - EJB annotations, their meaning and capabilities are defined under
+EJB specification and are valid when used in the EJB component
+
+
+
second - CDI annotations, their meaning is defined under JTA specification
+
+
+
+
+
11.1.1. Transactions managed with programmatic JTA API
+
+
The JTA API is defined under
+jakarta.transaction
+package. The package could be considered a bit misguiding as it presents classes
+which are expected to be used by application developer. These classes
+are intended as an API for the application server (as the WildFly is).
+
+
+
The user is expected to interact with
+jakarta.transaction.UserTransaction
+which defines the transaction boundaries. The UserTransaction could be used
+in case the transaction is not defined by annotation at the method
+- aka. the transaction is not managed by the container. Those are places like
+servlets, CDI bean which is not annotated with @Transactional and
+EJBs defined as bean managed.
+
+
+
UserTransaction is available via CDI injection
+
+
+
+
@Inject
+UserTransaction txn;
+
+
+
+
or with EJB @Resource injection where you can additionally define the JNDI
+name to be looked-up. The specification says it’s java:comp/UserTransaction.
jakarta.transaction.TransactionManager
+is not meant to be used by business logic but if you need to register
+a synchronization
+or you need to change transaction timeout (before the begin() method is called)
+then it will be the option for you.
+
+
+
The TransactionManager could be taken with injection
+and looked-up with the JNDI name
If you start using CDI beans then you can manage transactions either programmatically
+or you can use annotations.
+The @Transactional
+defines transaction boundaries
+(start of the method starts the transaction, while the transaction is finished at its end).
+If the method finishes sucessfully the transaction is committed.
+If the transaction ends with RuntimeException then it’s rolled-back.
+
+
+
When you define the method to be @Transactional you define the behaviour
+of incoming (or non-existent) transactional context.
+Please refer the to documentation for
+Transactional.TxType.
+
+
+
It’s important to note that the TxType influences the transaction management
+only when called with the managed CDI bean. If you call the method directly -
+without the CDI container wraps the invocation then the TxType has no effect.
+
+
+
+
@RequestScope
+publicclassMyCDIBean {
+ @Inject
+ MyCDIBean myBean;
+
+ @Transactional(TxType.REQUIRED)
+ publicvoid mainMethod() {
+ // CDI container does not wrap the invocation
+ // no new transaction is started
+ innerFunctionality();
+
+ // CDI container starts a new transaction
+ // the method uses TxType.REQUIRES_NEW and is called from the CDI bean
+ myBean.innerFunctionality();
+ }
+
+ @Transactional(TxType.REQUIRES_NEW)
+ privatevoid innerFunctionality() {
+ // some business logic
+ }
+}
+
+
+
+
+
+
+
+
+
+the exception handling could be influenced by attributes
+ rollbackOn and dontRollbackOn (of the @Transactional annotation)
+
+
+
+
+
+
+
+
+
+
+
+if you use the @Transactional for managing transactions boundaries
+ you won’t be permitted to use the UserTransaction methods.
+ If you do so you can expect a runtime exception being thrown.
+
+
+
+
+
+
CDI introduces as well a scope for use with transactions -
+@TransactionScoped.
+you can define the same behaviour when you use the ejb-jar.xml
+ descriptor instead of the annotations
+
+
+
+
+
+
The WildFly provides specific annotation org.jboss.ejb3.annotation.TransactionTimeout
+which gives you the chance to change the transaction timeout for a particular bean/method.
+
+
+
+
+
+
+
+
+when you use message-driven bean then the @TransactionTimeout does not work
+ and you need to define the timeout through the @ActivationConfigProperty:
+ @ActivationConfigProperty(propertyName="transactionTimeout", propertyValue="1")
+
+
+
+
+
+
The default behaviour of an EJB is to be
+
+
+
+
+
container managed - transaction boundaries are driven by annotations
+
+
+
when the EJB method is invoked - a new transaction is started when no transaction context is available,
+or the method joins the existing transactions when the transaction context is passed by the call
+
+
+
+
+
It’s the same transactional behaviour as if the EJB is annotated with
Using the @TransactionManagement(TransactionManagementType.CONTAINER) means
+the container is responsible to manage transactions. The boundary of the transaction
+is defined by the start and end of the method and you influence the behaviour by using
+@TransactionAttribute.
+
+
+
If java.lang.RuntimeException is thrown the transaction is rolled back.
+EJBContext
+could be used to define the transaction should be rolled-back
+by the end of the method when setRollbackOnly is used.
+
+
+
+
@Stateless
+publicclassMyBean {
+ @PersistenceContext
+ private EntityManager em;
+
+ @Resource
+ EJBContext ctx;
+
+ publicvoid method() {
+ em.persist(new TestEntity());
+ // at the end of the method the rollback is called
+ ctx.setRollbackOnly();
+ }
+}
+
+
+
+
+
+
+
+
+
+the EJBContext let you get the UserTransaction but you are not allowed
+ to do any operation with that when you run container managed transaction.
+ You can expect to receive a runtime exception in such case.
+
+
+
+
+
+
+
Bean managed transactions
+
+
Using the @TransactionManagement(TransactionManagementType.BEAN) means
+the transaction will be managed manually with the use of the JTA API.
+That’s with the UserTransaction injections and methods on it.
+You can inject the EJBContext to get the UserTransaction instance too.
+
+
+
+
+
+
+
+
+if a call is made from the container-managed method,
+ passing the transaction context to the bean managed method
+ then the context is suspended. It’s similar(!) to
+ call transaction managed bean annotated with
+ @TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
+
+
+
+
+
+
+
Transaction synchronization
+
+
JTA API gives a chance to react to the event of a finishing transaction.
+The definition says that transaction manager announces the even of beforeCompletion and afterCompletion
+which are defined by the interface jakarta.transaction.Synchronization.
+The beforeCompletion
+callback is invoked at time the transaction manager starts to commit the global transaction. The invocation is processed in the transaction context.
+The afterCompletion
+is invoked after the transaction is committed or rolled-back (and is processed outside of the transaction context).
+
+
+
The user needs just to create a simple Java POJO and implement the interface.
+
+
+
+
publicclassMySynchronization
+ implements jakarta.transaction.Synchronization {
+ @Override
+ publicvoid beforeCompletion() {
+ System.out.println("Transaction is about to be finished"):
+ }
+
+ @Override
+ publicvoid afterCompletion(int status) {
+ System.out.println("Transaction finished with status " + status):
+ }
+}
+
+
+
+
For registration of the synchronization callback, the user can inject the
+jakarta.transaction.TransactionSynchronizationRegistry.
+(the mandated JNDI location for the object is at java:comp/TransactionSynchronizationRegistry) and then to register
+the synchronization instance. The instance is bound to the currently active transaction.
The transaction synchronization registry adds other useful methods which are putResource(Object key, Object value)
+and getResource(Object key). Their purpose is saving data objects alongside the transaction context.
+When the transaction is active you can store and retrieve the saved data. When the transaction is finished
+and there is no transaction context available (e.g. at afterCompletion) the java.lang.IllegalStateException
+is thrown.
+
+
+
The other option for the user is to use the transaction object
+to register the synchronization.
When the user runs the Stateful Session Bean he can implement
+interface jakarta.ejb.SessionSynchronization
+(or to use annotations) for the definition of the synchronization callbacks onto the bean.
+The session synchronization defines three methods.
+Of these three methods afterBegin is not connected to the transaction synchronization so we will not discuss it further.
+The following example works with annotations but the bean may just implement the SessionSynchronization
+interface and it would work the same way.
+
+
+
+
// only(!) SFSB can use the capability of SessionSynchronization
+@Stateful
+publicclassMyStatefulBean {
+ publicvoid method() {
+ System.out.println("Running an important business logic...");
+ Thread.sleep(42000);
+ }
+
+ @BeforeCompletion
+ publicvoid beforeCompletion() {
+ System.out.println("Transaction is about to be finished"):
+ }
+
+ @AfterCompletion
+ publicvoid afterCompletion(boolean committed) {
+ System.out.println("Transaction finished with the outcome "
+ + (committed ? "committed" : "rolled-back")):
+ }
+}
The WildFly classloading is based
+on the jboss modules
+which define the modular class loading system.
+The transactions for CDI comes as the extension and because of it
+this extension has to be available at the application classpath.
+If the application/deployment uses annotations @Transactional
+or @TransactionScoped then class loading handling is done automatically.
+
+
+
There is one limitation with the CDI with this approach.
+If your application adds the transactional annotations dynamically
+(you adds the annotations dynamically during runtime) then the
+transaction module has to be
+explicitly added
+to the application classpath.
+
+
+
This can be done with creating META-INF/MANIFEST.MF or
+with use of jboss-deployment-structure.xml descriptor. The MANIFEST.MF
+could look like
The Narayana component is configured to log only messages with level WARN
+(see category com.arjuna in the standalone-*.xml).
+If you struggle issues of the transactional handling
+you can get a better insight into transaction processing by setting the level to TRACE.
The TRACE could overwhelm you with information from the transactions subsystem.
+Let’s quickly review what are the most important points to look at in the log.
+
+
+
+
+
+
+
+
+It’s beneficial to understand how
+ the two-phase commit works.
+
+
+
+
+
+
An example of the log messages produces by Narayana is (the content is shortened for sake of brevity)
It’s good to consider to follow with the thread id (in the log above it’s default-task-1).
+The transaction could be suspended and started at the different thread
+but it’s not usual.
+
+
+
The log shows the Narayana processes the two-phase commit. Bear in mind that the example above
+shows only one resource to be part of the two-phase commit handling.
+That’s intentional for the log not being too long.
+
+
+
the section-1 refers to the point where the transaction is started. The
+JTA synchronizations
+ are registered and the transaction is added to be handled by transaction reaper
+ (the transaction reaper is an independent thread taking care of transaction timeouts,
+ see more at section Transaction timeouts
+ in the Narayana documentation).
+
+
+
At this place consider the BasicAction (a Narayana abstraction for the transaction)
+is identified by string 0:ffff0a28050c:-a09a5fe:5c598d64:3b.
+It refers to the transaction id. You can track it through the log and follow
+what is happening with the particular transaction.
+
+
+
the section-2 refers to the part of business logic processing. That’s the time
+when a database insertion is run or Jakarta Messaging sends a message to a queue.
+That’s where you spot message containing enlistResource. After the resource
+is enlisted to the transaction the transaction manager saves a record
+persistently under transaction log store.
+
+
+
the section-3 refers to the time when the transaction is about to be committed.
+That means all business logic was finished (that could be the time a method
+annotated with @Transactional reached its end).
+
+
+
the section-4 refers to the first phase of 2PC which is prepare. You can see
+XAResourceRecord.topLevelPrepare informing what’s the global transaction id
+(already defined at the start of the transaction) and the branch id
+(particular to each resource). The resource is then prepared.
+
+
+
when whole prepare phase finishes Narayana saves the state into object store
+
+
+
the section-5 refers to the second phase of 2PC which is commit. You can see
+XAResourceRecord.topLevelCommit with similar information as for prepare.
+
+
+
the section-6 shows the transaction is finished, information about the transaction
+is removed from the Narayana object store and unregistered from the transaction reaper.
+
+
+
+
+
For more grained troubleshooting you can consider using
+Byteman tool.
+
+
+
+
11.4. Transactions configuration
+
+
Configuration related to the behaviour of the Narayana transaction manager
+is covered under transactions subsystem. For the details refer to
+Admin Guide Transactions subsystem.
+
+
+
To check the subsystem model you can use the WildFly model reference
+or list all the configuration options of the subsystem in jboss-cli
+References in this document to CDI refer to Jakarta Contexts and Dependency Injection unless otherwise noted.
+ References in this document to Java Transaction API (JTA) refer to Jakarta Transactions unless otherwise noted.
+ References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
+
+
+
+
+
+
+
+
+
12. JNDI Reference
+
+
+
+WildFly offers several mechanisms to retrieve components by name. Every
+WildFly instance has it’s own local JNDI namespace ( java:) which is
+unique per JVM. The layout of this namespace is primarily governed by
+the Jakarta EE specification. Applications which share the same WildFly
+instance can use this namespace to intercommunicate. In addition to
+local JNDI, a variety of mechanisms exist to access remote components.
+
+
+
+
+
+
Client JNDI - This is a mechanism by which remote components can be
+accessed using the JNDI APIs, but without network round-trips . This
+approach is the most efficient, and removes a potential single point
+of failure . For this reason, it is highly recommended to use Client
+JNDI over traditional remote JNDI access. However, to make this
+possible, it does require that all names follow a strict layout, so user
+customizations are not possible. Currently only access to remote Jakarta Enterprise Beans
+are supported via the ejb: namespace. Future revisions will likely add a
+Jakarta Messaging client JNDI namespace.
+
+
+
Traditional Remote JNDI - This is a more familiar approach to EE
+application developers, where the client performs a remote component
+name lookup against a server, and a proxy/stub to the component is
+serialized as part of the name lookup and returned to the client. The
+client then invokes a method on the proxy which results in another
+remote network call to the underlying service. In a nutshell,
+traditional remote JNDI involves two calls to invoke an EE component,
+whereas Client JNDI requires one. It does however allow for customized
+names, and for a centralised directory for multiple application servers.
+This centralized directory is, however, a single point of failure.
+
+
+
EE Application Client / Server-To-Server Delegation - This approach is
+where local names are bound as an alias to a remote name using one of
+the above mechanisms. This is useful in that it allows applications to
+only ever reference standard portable Jakarta EE names in both code and
+deployment descriptors. It also allows for the application to be unaware
+of network topology details/ This can even work with Java SE clients by
+using the little known EE Application Client feature. This feature
+allows you to run an extremely minimal AS server around your
+application, so that you can take advantage of certain core services
+such as naming and injection.
+
+
+
+
+
+
+
13. Local JNDI
+
+
+
The Jakarta EE platform specification defines the following JNDI contexts:
+
+
+
+
+
java:comp - The namespace is scoped to the current component (i.e.
+Jakarta Enterprise Beans)
+
+
+
java:module - Scoped to the current module
+
+
+
java:app - Scoped to the current application
+
+
+
java:global - Scoped to the application server
+
+
+
+
+
In addition to the standard namespaces, WildFly also provides the
+following two global namespaces:
+
+
+
+
+
java:jboss
+
+
+
java:/
+
+
+
+
+
+
+
+
+
+
+Only entries within the java:jboss/exported context are accessible
+over remote JNDI.
+
+
+
+
+
+
+
+
+
+
+
+For web deployments java:comp is aliased to java:module, so Jakarta Enterprise Beans’s
+deployed in a war do not have their own comp namespace.
+
+
+
+
+
+
13.1. Binding entries to JNDI
+
+
There are several methods that can be used to bind entries into JNDI in
+WildFly.
+
+
+
13.1.1. Using a deployment descriptor
+
+
For Jakarta EE applications the recommended way is to use a
+deployment descriptor to create the binding. For
+example the following web.xml binds the string "Hello World" to
+java:global/mystring and the string "Hello Module" to
+java:comp/env/hello (any non absolute JNDI name is relative to
+java:comp/env context).
Standard Jakarta EE applications may use the standard JNDI API, included
+with Java SE, to bind entries in the global namespaces (the standard
+java:comp, java:module and java:app namespaces are read-only, as
+mandated by the Jakarta EE Platform Specification).
+There is no need to unbind entries created programmatically, since
+WildFly tracks which bindings belong to a deployment, and the bindings
+are automatically removed when the deployment is undeployed.
+
+
+
+
+
+
+
WildFly Modules and Extensions
+
+
With respect to code in WildFly Modules/Extensions, which is executed
+out of a Jakarta EE application context, using the standard JNDI API may
+result in a UnsupportedOperationException if the target namespace uses a
+WritableServiceBasedNamingStore. To work around that, the bind()
+invocation needs to be wrapped using WildFly proprietary APIs:
+The ServiceTarget removes the bind when uninstalled, thus using one out
+of the module/extension domain usage should be avoided, unless entries
+are removed using unbind().
+
+
+
+
+
+
+
+
13.1.3. Naming Subsystem Configuration
+
+
It is also possible to bind to one of the three global namespaces using
+configuration in the naming subsystem. This can be done by either
+editing the standalone.xml/domain.xml file directly, or through the
+management API.
+
+
+
Four different types of bindings are supported:
+
+
+
+
+
Simple - A primitive or java.net.URL entry (default is
+java.lang.String).
+
+
+
Object Factory - This allows to specify the
+javax.naming.spi.ObjectFactory that is used to create the looked up
+value.
+
+
+
External Context - An external context to federate, such as an LDAP
+Directory Service
+
+
+
Lookup - The allows to create JNDI aliases, when this entry is looked
+up it will lookup the target and return the result.
Note that @Resource is more than a JNDI lookup, it also binds an entry
+in the component’s JNDI environment. The new bind JNDI name is defined
+by @Resource’s `name attribute, which value, if unspecified, is the
+Java type concatenated with / and the field’s name, for instance
+java.lang.String/myString. More, similar to when using deployment
+descriptors to bind JNDI entries. unless the name is an absolute JNDI
+name, it is considered relative to java:comp/env. For instance, with
+respect to the field named myString above, the @Resource’s `lookup
+attribute instructs WildFly to lookup the value in
+java:global/mystring, bind it in
+java:comp/env/java.lang.String/myString, and then inject such value
+into the field.
+
+
+
With respect to the field named hello, there is no lookup attribute
+value defined, so the responsibility to provide the entry’s value is
+delegated to the deployment descriptor. Considering that the deployment
+descriptor was the web.xml previously shown, which defines an
+environment entry with same hello name, then WildFly inject the valued
+defined in the deployment descriptor into the field.
+
+
+
The executor field has no attributes specified, so the bind’s name
+would default to
+java:comp/env/jakarta.enterprise.concurrent.ManagedExecutorService/executor,
+but there is no such entry in the deployment descriptor, and when that
+happens it’s up to WildFly to provide a default value or null, depending
+on the field’s Java type. In this particular case WildFly would inject
+the default instance of a managed executor service, the value in
+java:comp/DefaultManagedExecutorService, as mandated by the EE
+Concurrency Utilities 1.0 Specification (JSR 236).
+
+
+
+
13.2.2. Standard Java SE JNDI API
+
+
Jakarta EE applications may use, without any additional configuration
+needed, the standard JNDI API to lookup an entry from JNDI:
WildFly supports two different types of remote JNDI.
+
+
+
14.1. http-remoting:
+
+
The http-remoting: protocol implementation is provided by JBoss Remote
+Naming project, and uses http upgrade to lookup items from the servers
+local JNDI. To use it, you must have the appropriate jars on the class
+path, if you are maven user can be done simply by adding the following
+to your pom.xml dependencies:
If you are not using maven a shaded jar that contains all required
+classes
+can be found in the bin/client directory of WildFly’s distribution.
+
+
+
+
finalProperties env = newProperties();
+env.put(Context.INITIAL_CONTEXT_FACTORY, "org.wildfly.naming.client.WildFlyInitialContextFactory");
+env.put(Context.PROVIDER_URL, "http-remoting://localhost:8080");
+// the property below is required ONLY if there is no ejb client configuration loaded (such as a
+// jboss-ejb-client.properties in the class path) and the context will be used to lookup EJBs
+env.put("jboss.naming.client.ejb.context", true);
+InitialContext remoteContext = newInitialContext(env);
+RemoteCalculator ejb = (RemoteCalculator) remoteContext.lookup("wildfly-http-remoting-ejb/CalculatorBean!"
+ + RemoteCalculator.class.getName());
+
+
+
+
+
+
+
+
+
+The http-remoting client assumes JNDI names in remote lookups are
+relative to java:jboss/exported namespace, a lookup of an absolute JNDI
+name will fail.
+
+
+
+
+
+
+
14.2. ejb:
+
+
The ejb: namespace implementation is provided by the jboss-ejb-client
+library, and allows the lookup of EJB’s using their application name,
+module name, ejb name and interface type. To use it, you must have the
+appropriate jars on the class path, if you are maven user can be done
+simply by adding the following to your pom.xml dependencies:
If you are not using maven a shaded jar that contains all required
+classes
+can be found in the bin/client directory of WildFly’s distribution.
+
+
+
This is a client side JNDI implementation. Instead of looking up an EJB
+on the server the lookup name contains enough information for the client
+side library to generate a proxy with the EJB information. When you
+invoke a method on this proxy it will use the current EJB client context
+to perform the invocation. If the current context does not have a
+connection to a server with the specified EJB deployed then an error
+will occur. Using this protocol it is possible to look up EJB’s that do
+not actually exist, and no error will be thrown until the proxy is
+actually used. The exception to this is stateful session beans, which
+need to connect to a server when they are created in order to create the
+session bean instance on the server.
The first example is a lookup of a singleton, stateless or EJB 2.x home
+interface. This lookup will not hit the server, instead a proxy will be
+generated for the remote interface specified in the name. The second
+example is for a stateful session bean, in this case the JNDI lookup
+will hit the server, in order to tell the server to create the SFSB
+session.
+References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
+
+
+
+
+
+
+
+
+
15. Jakarta RESTful Web Services Reference Guide
+
+
+
RESTEasy is the Jakarta RESTful Web Services implementation used in WildFly Full. For detailed documentation see the
+RESTEasy 6.2.4.Final documentation.
+
+
+
15.1. Jakarta RESTful Web Services Activation
+
+
This section outlines the three options you have for deploying Jakarta RESTful Web Services
+applications in WildFly 29. These three methods are specified in the
+Jakarta RESTful Web Services 3.1 specification in section 2.3.2.
+
+
+
15.1.1. Subclassing jakarta.ws.rs.core.Application and using @ApplicationPath
+
+
This is the easiest way and does not require any xml configuration.
+Simply include a subclass of jakarta.ws.rs.core.Application in your
+application, and annotate it with the path that you want your JAX-RS
+classes to be available. For example:
This will make your Jakarta RESTful Web Services resources available under /
+mywebappcontext/hello.
+
+
+
+
+
+
+
+
+Note that you only have to add the mapping, not the corresponding
+servlet. The server is responsible for adding the corresponding servlet
+automatically.
+
+
+
+
+
+
+
+
15.2. Using Jackson for serialization
+
+
By default, for JSON processing the Jakarta JSON Processing API is used. However, you can use Jackson instead. This can
+be achieved by setting the resteasy.preferJacksonOverJsonB property as a system property or as a
+context property in the deployment’s web.xml. There is also a subsystem attribute, resteasy-prefer-jackson-over-jsonb,
+which can be set to true. Finally, if no value is set for the context and system properties, the subsystem scans Jakarta
+RESTful Web Services deployments for Jackson annotations and sets the property to true if any of those annotations are
+found.
+
+
+
15.2.1. Custom ObjectMapper
+
+
In some cases you may want to or need to create a custom ObjectMapper. This can be achieved by creating a
+jakarta.ws.rs.ext.ContextResolver which creates the ObjectMapper. The following example creates an ObjectMapper
+which allows JSR-310 date/times.
As of WildFly 27 and RESTEasy 6.2 to get the Jakarta XML Binding annotations to work with Jackson for JSON serialization
+you need to use a custom ObjectMapper. An example of this ObjectMapper would look like:
The tracing feature provides more internal states of the Jakarta RESTful Web Services container. For example, it could
+be able to show what filters a request is going through, or how long time a request is processed and other kinds of information.
+
+
+
The tracing feature can be enabled by setting the tracing-type attribute to ALL or ON_DEMAND. You can also control
+the threshold with the tracing-threshold attribute. The following is an example of enabling tracing using CLI:
You can also configure the tracing feature with the context parameters resteasy.server.tracing.type and
+resteasy.server.tracing.threshold in your deployments web.xml file.
+
+
+
+
+
+
+
+
+The tracing feature should not be used in production environments. Data can be exposed to clients via HTTP headers.
+
+
+
+
+
+
+
15.4. RESTEasy Spring Framework Integration
+
+
WildFly generally includes support for Jakarta Context and Dependency Injection (CDI). The Spring Framework, however,
+does not support CDI. You may need to exclude some subsystems and modules for Spring applications to work with Jakarta
+RESTful Web Services.
+
+
+
The following is an example jboss-deployment-structure.xml that may be needed.
The org.jboss.resteasy.resteasy-cdi module adds CDI support for the RESTEasy implementation. Excluding this
+should allow Spring deployments to work.
+
+
+
+
+
+
+
+
+References in this document to Java API for RESTful Web Services (JAX-RS) refer to Jakarta RESTful Web Services unless otherwise noted.
+
+
+
+
+
+
+
+
+
16. Sharing sessions between wars in an ear
+
+
+
Undertow allows you to share sessions between wars in an ear, if it is
+explicitly configured to do so. Note that if you use this feature your
+applications may not be portable, as this is not a standard servlet
+feature.
+
+
+
In order to enable this you must include a shared-session-config
+element in the jboss-all.xml file in the META-INF directory of the
+ear:
The Web Services functionalities of WildFly are provided by the JBossWS
+project integration.
+
+
+
The latest project documentation is available
+here.
+
+
+
This section covers the most relevant topics for the JBossWS version
+available on WildFly 29.
+
+
+
17.1. Jakarta XML Web Services User Guide
+
+
The Java API for XML-Based Web
+Services (JAX-WS / JSR-224) defines the mapping between WSDL and Java
+as well as the classes to be used for accessing webservices and
+publishing them. JBossWS implements the latest JAX-WS specification,
+hence users can reference it for any vendor agnostic webservice usage
+need. Below is a brief overview of the most basic functionalities.
+
+
+
17.1.1. Web Service Endpoints
+
+
Jakarta XML Web Services simplifies the development model for a web service endpoint a
+great deal. In short, an endpoint implementation bean is annotated with
+Jakarta XML Web Services annotations and deployed to the server. The server automatically
+generates and publishes the abstract contract (i.e. wsdl+schema) for
+client consumption. All marshalling/unmarshalling is delegated to
+JAXB.
+
+
+
Plain old Java Object (POJO)
+
+
Let’s take a look at simple POJO endpoint implementation. All endpoint
+associated metadata is provided via
+JSR-181 annotations
Note, only the endpoint implementation bean and web.xml are required.
+
+
+
+
Accessing the generated WSDL
+
+
A successfully deployed service endpoint will show up in the WildFly
+managent console. You can get the deployed endpoint wsdl address there
+too.
+
+
+
+
+
+
+
+
+Note, it is also possible to generate the abstract contract off line
+using JBossWS tools. For details of that please see Bottom-Up (Java to
+WSDL).
+
+
+
+
+
+
+
+
Jakarta Enterprise Beans 3 Stateless Session Bean (SLSB)
+
+
The Jakarta XML Web Services programming model supports the same set of annotations on
+Jakarta Enterprise Beans 3 stateless session beans as on POJO endpoints.
A successfully deployed service endpoint will show up in the WildFly
+managent console. You can get the deployed endpoint wsdl address there
+too.
+
+
+
+
+
+
+
+
+Note, it is also possible to generate the abstract contract off line
+using JBossWS tools. For details of that please see Bottom-Up (Java to
+WSDL).
+
+
+
+
+
+
+
+
Endpoint Provider
+
+
Jakarta XML Web Services services typically implement a native Java service endpoint
+interface (SEI), perhaps mapped from a WSDL port type, either directly
+or via the use of annotations.
+
+
+
Java SEIs provide a high level Java-centric abstraction that hides the
+details of converting between Java objects and their XML representations
+for use in XML-based messages. However, in some cases it is desirable
+for services to be able to operate at the XML message level. The
+Provider interface offers an alternative to SEIs and may be implemented
+by services wishing to work at the XML message level.
+
+
+
A Provider based service instances invoke method is called for each
+message received for the service.
+
+
+
+
@WebServiceProvider(wsdlLocation = "WEB-INF/wsdl/Provider.wsdl")
+@ServiceMode(value = Service.Mode.PAYLOAD)
+public class ProviderBeanPayload implements Provider<Source>
+{
+ public Source invoke(Source req)
+ {
+ // Access the entire request PAYLOAD and return the response PAYLOAD
+ }
+}
+
+
+
+
Note, Service.Mode.PAYLOAD is the default and does not have to be
+declared explicitly. You can also use Service.Mode.MESSAGE to access
+the entire SOAP message (i.e. with MESSAGE the Provider can also see
+SOAP Headers)
+
+
+
The abstract contract for a provider endpoint cannot be
+derived/generated automatically. Therefore it is necessary to specify
+the wsdlLocation with the @WebServiceProvider annotation.
+
+
+
+
+
17.1.2. Web Service Clients
+
+
Service
+
+
Service is an abstraction that represents a WSDL service. A WSDL
+service is a collection of related ports, each of which consists of a
+port type bound to a particular protocol and available at a particular
+endpoint address.
+
+
+
For most clients, you will start with a set of stubs generated from the
+WSDL. One of these will be the service, and you will create objects of
+that class in order to work with the service (see "static case" below).
+
+
+
Service Usage
+
+Static case
+
+
Most clients will start with a WSDL file, and generate some stubs using
+JBossWS tools like wsconsume. This usually gives a mass of files, one
+of which is the top of the tree. This is the service implementation
+class.
+
+
+
The generated implementation class can be recognised as it will have two
+public constructors, one with no arguments and one with two arguments,
+representing the wsdl location (a java.net.URL) and the service name
+(a javax.xml.namespace.QName) respectively.
+
+
+
Usually you will use the no-argument constructor. In this case the WSDL
+location and service name are those found in the WSDL. These are set
+implicitly from the @WebServiceClient annotation that decorates the
+generated class.
+
+
+
The following code snippet shows the generated constructors from the
+generated class:
+
+
+
+
// Generated Service Class
+
+@WebServiceClient(name="StockQuoteService", targetNamespace="http://example.com/stocks", wsdlLocation="http://example.com/stocks.wsdl")
+public class StockQuoteService extends jakarta.xml.ws.Service
+{
+ public StockQuoteService()
+ {
+ super(new URL("http://example.com/stocks.wsdl"), new QName("http://example.com/stocks", "StockQuoteService"));
+ }
+
+ public StockQuoteService(String wsdlLocation, QName serviceName)
+ {
+ super(wsdlLocation, serviceName);
+ }
+
+ ...
+}
+
+
+
+
Section Dynamic Proxy explains how to obtain a port from the service and
+how to invoke an operation on the port. If you need to work with the XML
+payload directly or with the XML representation of the entire SOAP
+message, have a look at Dispatch.
+
+
+
+Dynamic case
+
+
In the dynamic case, when nothing is generated, a web service client
+uses Service.create to create Service instances, the following code
+illustrates this process.
+
+
+
+
URL wsdlLocation = new URL("http://example.org/my.wsdl");
+QName serviceName = new QName("http://example.org/sample", "MyService");
+Service service = Service.create(wsdlLocation, serviceName);
+
+
+
+
+
+
Handler Resolver
+
+
Jakarta XML Web Services provides a flexible plug-in framework for message processing
+modules, known as handlers, that may be used to extend the capabilities
+of a Jakarta XML Web Services runtime system. Handler Framework describes the handler
+framework in detail. A Service instance provides access to a
+HandlerResolver via a pair of getHandlerResolver /
+setHandlerResolver methods that may be used to configure a set of
+handlers on a per-service, per-port or per-protocol binding basis.
+
+
+
When a Service instance is used to create a proxy or a Dispatch instance
+then the handler resolver currently registered with the service is used
+to create the required handler chain. Subsequent changes to the handler
+resolver configured for a Service instance do not affect the handlers on
+previously created proxies, or Dispatch instances.
+
+
+
+
Executor
+
+
Service instances can be configured with a
+java.util.concurrent.Executor. The executor will then be used to
+invoke any asynchronous callbacks requested by the application. The
+setExecutor and getExecutor methods of Service can be used to
+modify and retrieve the executor configured for a service.
+
+
+
+
+
Dynamic Proxy
+
+
You can create an instance of a client proxy using one of getPort
+methods on the Service.
+
+
+
+
/**
+ * The getPort method returns a proxy. A service client
+ * uses this proxy to invoke operations on the target
+ * service endpoint. The <code>serviceEndpointInterface</code>
+ * specifies the service endpoint interface that is supported by
+ * the created dynamic proxy instance.
+ **/
+public <T> T getPort(QName portName, Class<T> serviceEndpointInterface)
+{
+ ...
+}
+
+/**
+ * The getPort method returns a proxy. The parameter
+ * <code>serviceEndpointInterface</code> specifies the service
+ * endpoint interface that is supported by the returned proxy.
+ * In the implementation of this method, the Jakarta XML Web Services
+ * runtime system takes the responsibility of selecting a protocol
+ * binding (and a port) and configuring the proxy accordingly.
+ * The returned proxy should not be reconfigured by the client.
+ *
+ **/
+public <T> T getPort(Class<T> serviceEndpointInterface)
+{
+ ...
+}
+
+
+
+
The service endpoint interface (SEI) is usually generated using tools.
+For details see Top Down (WSDL to Java)
+
+
+
A generated static Service usually also offers typed methods to get
+ports. These methods also return dynamic proxies that implement the SEI.
The @WebServiceRef annotation is used to declare a reference to a Web
+service. It follows the resource pattern exemplified by the
+jakarta.annotation.Resource annotation in
+JSR-250.
+
+
+
There are two uses to the WebServiceRef annotation:
+
+
+
+
+
To define a reference whose type is a generated service class. In
+this case, the type and value element will both refer to the generated
+service class type. Moreover, if the reference type can be inferred by
+the field/method declaration the annotation is applied to, the type and
+value elements MAY have the default value (Object.class, that is). If
+the type cannot be inferred, then at least the type element MUST be
+present with a non-default value.
+
+
+
To define a reference whose type is a SEI. In this case, the type
+element MAY be present with its default value if the type of the
+reference can be inferred from the annotated field/method declaration,
+but the value element MUST always be present and refer to a generated
+service class type (a subtype of jakarta.xml.ws.Service). The wsdlLocation
+element, if present, overrides theWSDL location information specified in
+the WebService annotation of the referenced generated service class.
+
+
+
public class EJB3Client implements EJB3Remote
+{
+ @WebServiceRef
+ public TestEndpointService service4;
+
+ @WebServiceRef
+ public TestEndpoint port3;
+
+
+
+
+
+
+
+
Dispatch
+
+
XMLWeb Services use XML messages for communication between services and
+service clients. The higher level Jakarta XML Web Services APIs are designed to hide the
+details of converting between Java method invocations and the
+corresponding XML messages, but in some cases operating at the XML
+message level is desirable. The Dispatch interface provides support for
+this mode of interaction.
+
+
+
Dispatch supports two usage modes, identified by the constants
+jakarta.xml.ws.Service.Mode.MESSAGE and
+jakarta.xml.ws.Service.Mode.PAYLOAD respectively:
+
+
+
Message In this mode, client applications work directly with
+protocol-specific message structures. E.g., when used with a SOAP
+protocol binding, a client application would work directly with a SOAP
+message.
+
+
+
Message Payload In this mode, client applications work with the
+payload of messages rather than the messages themselves. E.g., when used
+with a SOAP protocol binding, a client application would work with the
+contents of the SOAP Body rather than the SOAP message as a whole.
+
+
+
Dispatch is a low level API that requires clients to construct messages
+or message payloads as XML and requires an intimate knowledge of the
+desired message or payload structure. Dispatch is a generic class that
+supports input and output of messages or message payloads of any type.
The BindingProvider interface represents a component that provides a
+protocol binding for use by clients, it is implemented by proxies and is
+extended by the Dispatch interface.
+
+
+
BindingProvider instances may provide asynchronous operation
+capabilities. When used, asynchronous operation invocations are
+decoupled from the BindingProvider instance at invocation time such
+that the response context is not updated when the operation completes.
+Instead a separate response context is made available using the
+Response interface.
+
+
+
+
public void testInvokeAsync() throws Exception
+{
+ URL wsdlURL = new URL("http://" + getServerHost() + ":8080/jaxws-samples-asynchronous?wsdl");
+ QName serviceName = new QName(targetNS, "TestEndpointService");
+ Service service = Service.create(wsdlURL, serviceName);
+ TestEndpoint port = service.getPort(TestEndpoint.class);
+ Response response = port.echoAsync("Async");
+ // access future
+ String retStr = (String) response.get();
+ assertEquals("Async", retStr);
+}
+
+
+
+
+
Oneway Invocations
+
+
@Oneway indicates that the given web method has only an input message
+and no output. Typically, a oneway method returns the thread of control
+to the calling application prior to executing the actual business
+method.
There are two properties to configure the http connection timeout and
+client receive time out:
+
+
+
+
public void testConfigureTimeout() throws Exception
+{
+ //Set timeout until a connection is established
+ ((BindingProvider)port).getRequestContext().put("jakarta.xml.ws.client.connectionTimeout", "6000");
+
+ //Set timeout until the response is received
+ ((BindingProvider) port).getRequestContext().put("jakarta.xml.ws.client.receiveTimeout", "1000");
+
+ port.echo("testTimeout");
+}
+
+
+
+
+
+
17.1.3. Common API
+
+
This sections describes concepts that apply equally to Web Service
+Endpoints and Web Service Clients.
+
+
+
Handler Framework
+
+
The handler framework is implemented by a Jakarta XML Web Services protocol binding in
+both client and server side runtimes. Proxies, and Dispatch instances,
+known collectively as binding providers, each use protocol bindings to
+bind their abstract functionality to specific protocols.
+
+
+
Client and server-side handlers are organized into an ordered list known
+as a handler chain. The handlers within a handler chain are invoked each
+time a message is sent or received. Inbound messages are processed by
+handlers prior to binding provider processing. Outbound messages are
+processed by handlers after any binding provider processing.
+
+
+
Handlers are invoked with a message context that provides methods to
+access and modify inbound and outbound messages and to manage a set of
+properties. Message context properties may be used to facilitate
+communication between individual handlers and between handlers and
+client and service implementations. Different types of handlers are
+invoked with different types of message context.
+
+
+
Logical Handler
+
+
Handlers that only operate on message context properties and message
+payloads. Logical handlers are protocol agnostic and are unable to
+affect protocol specific parts of a message. Logical handlers are
+handlers that implement jakarta.xml.ws.handler.LogicalHandler.
+
+
+
+
Protocol Handler
+
+
Handlers that operate on message context properties and protocol
+specific messages. Protocol handlers are specific to a particular
+protocol and may access and change protocol specific aspects of a
+message. Protocol handlers are handlers that implement any interface
+derived from jakarta.xml.ws.handler.Handler except
+jakarta.xml.ws.handler.LogicalHandler.
+
+
+
+
Service endpoint handlers
+
+
On the service endpoint, handlers are defined using the @HandlerChain
+annotation.
\2. A relative path from the source file or class file. (ex:
+bar/handlerfile1.xml)
+
+
+
+
Service client handlers
+
+
On the client side, handler can be configured using the @HandlerChain
+annotation on the SEI or dynamically using the API.
+
+
+
+
Service service = Service.create(wsdlURL, serviceName);
+Endpoint port = (Endpoint)service.getPort(Endpoint.class);
+
+BindingProvider bindingProvider = (BindingProvider)port;
+List<Handler> handlerChain = new ArrayList<Handler>();
+handlerChain.add(new LogHandler());
+handlerChain.add(new AuthorizationHandler());
+handlerChain.add(new RoutingHandler());
+bindingProvider.getBinding().setHandlerChain(handlerChain); // important!
+
+
+
+
+
+
Message Context
+
+
MessageContext is the super interface for all Jakarta XML Web Services message contexts.
+It extends Map<String,Object> with additional methods and constants to
+manage a set of properties that enable handlers in a handler chain to
+share processing related state. For example, a handler may use the put
+method to insert a property in the message context that one or more
+other handlers in the handler chain may subsequently obtain via the get
+method.
+
+
+
Properties are scoped as either APPLICATION or HANDLER. All properties
+are available to all handlers for an instance of an MEP on a particular
+endpoint. E.g., if a logical handler puts a property in the message
+context, that property will also be available to any protocol handlers
+in the chain during the execution of an MEP instance. APPLICATION scoped
+properties are also made available to client applications (see section
+4.2.1) and service endpoint implementations. The defaultscope for a
+property is HANDLER.
+
+
+
Logical Message Context
+
+
Logical Handlers are passed a message context of type
+LogicalMessageContext when invoked. LogicalMessageContext extends
+MessageContext with methods to obtain and modify the message payload,
+it does not provide access to the protocol specific aspects of amessage.
+A protocol binding defines what component of a message are available via
+a logical message context. The SOAP binding defines that a logical
+handler deployed in a SOAP binding can access the contents of the SOAP
+body but not the SOAP headers whereas the XML/HTTP binding defines that
+a logical handler can access the entire XML payload of a message.
+
+
+
+
SOAP Message Context
+
+
SOAP handlers are passed a SOAPMessageContext when invoked.
+SOAPMessageContext extends MessageContext with methods to obtain and
+modify the SOAP message payload.
+
+
+
+
+
Fault Handling
+
+
An implementation may thow a SOAPFaultException
+
+
+
+
public void throwSoapFaultException()
+{
+ SOAPFactory factory = SOAPFactory.newInstance();
+ SOAPFault fault = factory.createFault("this is a fault string!", new QName("http://foo", "FooCode"));
+ fault.setFaultActor("mr.actor");
+ fault.addDetail().addChildElement("test");
+ thrownew SOAPFaultException(fault);
+}
The ServiceMode annotation is used to specify the mode for a provider
+class, i.e. whether a provider wants to have access to protocol message
+payloads (e.g. a SOAP body) or the entire protocol messages (e.g. a SOAP
+envelope).
+
+
+
+
jakarta.xml.ws.WebFault
+
+
The WebFault annotation is used when mapping WSDL faults to Java
+exceptions, see section 2.5. It is used to capture the name of the fault
+element used when marshalling the Jakarta XML Binding type generated from the global
+element referenced by the WSDL fault message. It can also be used to
+customize the mapping of service specific exceptions to WSDL faults.
+
+
+
+
jakarta.xml.ws.RequestWrapper
+
+
The RequestWrapper annotation is applied to the methods of an SEI. It
+is used to capture the Jakarta XML Binding generated request wrapper bean and the
+element name and namespace for marshalling / unmarshalling the bean. The
+default value of localName element is the operationName as defined in
+WebMethod annotation and the default value for the targetNamespace
+element is the target namespace of the SEI.When starting from Java, this
+annotation is used to resolve overloading conflicts in document literal
+mode. Only the className element is required in this case.
+
+
+
+
jakarta.xml.ws.ResponseWrapper
+
+
The ResponseWrapper annotation is applied to the methods of an SEI. It
+is used to capture the Jakarta XML Binding generated response wrapper bean and the
+element name and namespace for marshalling / unmarshalling the bean. The
+default value of the localName element is the operationName as defined
+in the WebMethod appended with "Response" and the default value of the
+targetNamespace element is the target namespace of the SEI. When
+starting from Java, this annotation is used to resolve overloading
+conflicts in document literal mode. Only the className element is
+required in this case.
+
+
+
+
jakarta.xml.ws.WebServiceClient
+
+
The WebServiceClient annotation is specified on a generated service
+class (see 2.7). It is used to associate a class with a specific Web
+service, identify by a URL to a WSDL document and the qualified name of
+a wsdl:service element.
+
+
+
+
jakarta.xml.ws.WebEndpoint
+
+
The WebEndpoint annotation is specified on the getPortName() methods
+of a generated service class (see 2.7). It is used to associate a get
+method with a specific wsdl:port, identified by its local name (a
+NCName).
+
+
+
+
jakarta.xml.ws.WebServiceProvider
+
+
The WebServiceProvider annotation is specified on classes that
+implement a strongly typed jakarta.xml.ws.Provider. It is used to
+declare that a class that satisfies the requirements for a provider (see
+5.1) does indeed define a Web service endpoint, much like the
+WebService annotation does for SEI-based endpoints.
+
+
+
The WebServiceProvider and WebService annotations are mutually
+exclusive.
+
+
+
+
jakarta.xml.ws.BindingType
+
+
The BindingType annotation is applied to an endpoint implementation
+class. It specifies the binding to use when publishing an endpoint of
+this type.
+
+
+
The default binding for an endpoint is the SOAP 1.1/HTTP one.
+
+
+
+
jakarta.xml.ws.WebServiceRef
+
+
The WebServiceRef annotation is used to declare a reference to a Web
+service. It follows the resource pattern exemplified by the
+jakarta.annotation.Resource annotation in JSR-250 [JBWS:32]. The
+WebServiceRef annotation is required to be honored when running on the
+Jakarta EE platform, where it is subject to the common resource injection
+rules described by the platform specification [JBWS:33].
+
+
+
+
jakarta.xml.ws.WebServiceRefs
+
+
The WebServiceRefs annotation is used to declare multiple references
+to Web services on a single class. It is necessary to work around the
+limition against specifying repeated annotations of the same type on any
+given class, which prevents listing multiple jakarta.ws.WebServiceRef
+annotations one after the other. This annotation follows the resource
+pattern exemplified by the jakarta.annotation.Resources annotation in
+JSR-250.
+
+
+
Since no name and type can be inferred in this case, each
+WebServiceRef annotation inside a WebServiceRefs MUST contain name and
+type elements with non-default values. The WebServiceRef annotation is
+required to be honored when running on the Jakarta EE platform, where it
+is subject to the common resource injection rules described by the
+platform specification.
+
+
+
+
jakarta.xml.ws.Action
+
+
The Action annotation is applied to the methods of a SEI. It used to
+generate the wsa:Action on wsdl:input and wsdl:output of each
+wsdl:operation mapped from the annotated methods.
+
+
+
+
jakarta.xml.ws.FaultAction
+
+
The FaultAction annotation is used within the Action annotation to
+generate the wsa:Action element on the wsdl:fault element of each
+wsdl:operation mapped from the annotated methods.
+
+
+
+
+
17.1.5. JSR-181 Annotations
+
+
JSR-181 defines the syntax and semantics of Java Web Service (JWS)
+metadata and default values.
Marks a Java class as implementing a Web Service, or a Java interface as
+defining a Web Service interface.
+
+
+
+
jakarta.jws.WebMethod
+
+
Customizes a method that is exposed as a Web Service operation.
+
+
+
+
jakarta.jws.OneWay
+
+
Indicates that the given web method has only an input message and no
+output. Typically, a oneway method returns the thread of control to the
+calling application prior to executing the actual business method. A
+JSR-181 processor is REQUIRED to report an error if an operation marked
+@Oneway has a return value, declares any checked exceptions or has any
+INOUT or OUT parameters.
+
+
+
+
jakarta.jws.WebParam
+
+
Customizes the mapping of an individual parameter to a Web Service
+message part and XML element.
+
+
+
+
jakarta.jws.WebResult
+
+
Customizes the mapping of the return value to a WSDL part and XML
+element.
+
+
+
+
jakarta.jws.SOAPBinding
+
+
Specifies the mapping of the Web Service onto the SOAP message protocol.
+
+
+
The SOAPBinding annotation has a target of TYPE and METHOD. The
+annotation may be placed on a method if and only if the
+SOAPBinding.style is DOCUMENT. Implementations MUST report an error
+if the SOAPBinding annotation is placed on a method with a
+SOAPBinding.style of RPC. Methods that do not have a SOAPBinding
+annotation accept the SOAPBinding behavior defined on the type.
+
+
+
+
jakarta.jws.HandlerChain
+
+
The @HandlerChain annotation associates the Web Service with an
+externally defined handler chain.
+
+
+
It is an error to combine this annotation with the
+@SOAPMessageHandlers annotation.
+
+
+
The @HandlerChain annotation MAY be present on the endpoint interface
+and service implementation bean. The service implementation bean’s
+@HandlerChain is used if @HandlerChain is present on both.
+
+
+
The @HandlerChain annotation MAY be specified on the type only. The
+annotation target includes METHOD and FIELD for use by Jakarta XML Web Services Specification-2.x.
+
+
+
+
+
+
+
+
+References in this document to Java API for XML-Based Web Services (JAX-WS) refer to the Jakarta XML Web Services unless otherwise noted
+
+
+
+
+
+
+
+
+
17.2. Jakarta XML Web Services Tools
+
+
The Jakarta XML Web Services tools provided by JBossWS can be used in a variety of ways.
+First we will look at server-side development strategies, and then
+proceed to the client.
+
+
+
17.2.1. Server side
+
+
When developing a Web Service Endpoint (the server-side) you have the
+option of starting from Java ( bottom-up development), or from the
+abstact contract (WSDL) that defines your service ( top-down
+development). If this is a new service (no existing contract), the
+bottom-up approach is the fastest route; you only need to add a few
+annotations to your classes to get a service up and running. However, if
+you are developing a service with an already defined contract, it is far
+simpler to use the top-down approach, since the provided tool will
+generate the annotated code for you.
+
+
+
Bottom-up use cases:
+
+
+
+
+
Exposing an already existing Jakarta Enterprise Beans 3 bean as a Web Service
+
+
+
Providing a new service, and you want the contract to be generated for
+you
+
+
+
+
+
Top-down use cases:
+
+
+
+
+
Replacing the implementation of an existing Web Service, and you can’t
+break compatibility with older clients
+
+
+
Exposing a service that conforms to a contract specified by a third
+party (e.g. a vender that calls you back using an already defined
+protocol).
+
+
+
Creating a service that adheres to the XML Schema and WSDL you
+developed by hand up front
+
+
+
+
+
The following Jakarta XML Web Services command line tools are included in JBossWS:
+
+
+
+
+
+
+
+
+
Command
+
Description
+
+
+
+
+
wsprovide
+
Generates Jakarta XML Web Services portable artifacts, and provides the
+abstract contract. Used for bottom-up development.
+
+
+
wsconsume
+
Consumes the abstract contract (WSDL and Schema files), and
+produces artifacts for both a server and client. Used for top-down and
+client development
+
+
+
+
+
Bottom-Up (Using wsprovide)
+
+
The bottom-up strategy involves developing the Java code for your
+service, and then annotating it using Jakarta XML Web Services annotations. These
+annotations can be used to customize the contract that is generated for
+your service. For example, you can change the operation name to map to
+anything you like. However, all of the annotations have sensible
+defaults, so only the @WebService annotation is required.
A JSE or Jakarta Enterprise Beans 3 deployment can be built using this class, and it is the
+only Java code needed to deploy on JBossWS. The WSDL, and all other Java
+artifacts called "wrapper classes" will be generated for you at deploy
+time. This actually goes beyond the Jakarta XML Web Services specification, which requires
+that wrapper classes be generated using an offline tool. The reason for
+this requirement is purely a vender implementation problem, and since we
+do not believe in burdening a developer with a bunch of additional
+steps, we generate these as well. However, if you want your deployment
+to be portable to other application servers, you will unfortunately need
+to use a tool and add the generated classes to your deployment.
+
+
+
This is the primary purpose of the wsprovide tool, to generate
+portable Jakarta XML Web Services artifacts. Additionally, it can be used to "provide" the
+abstract contract (WSDL file) for your service. This can be obtained by
+invoking wsprovide using the "-w" option:
+Remember that when deploying on JBossWS you do not need to run this
+tool. You only need it for generating portable artifacts and/or the
+abstract contract for your service.
+
+
+
+
+
+
Let’s create a POJO endpoint for deployment on WildFly. A simple
+web.xml needs to be created:
The war can then be deployed to the JBoss Application Server.The war can
+then be deployed to the JBoss Application Server; this will internally
+invoke wsprovide, which will generate the WSDL. If deployment was
+successful, and you are using the default settings, it should be
+available in the server management console.
+
+
+
For a portable Jakarta XML Web Services deployment, the wrapper classes generated earlier
+could be added to the deployment.
+
+
+
+
Top-Down (Using wsconsume)
+
+
The top-down development strategy begins with the abstract contract for
+the service, which includes the WSDL file and zero or more schema files.
+The wsconsume tool is then used to consume this contract, and produce
+annotated Java classes (and optionally sources) that define it.
+
+
+
+
+
+
+
+
+wsconsume may have problems with symlinks on Unix systems
+
+
+
+
+
+
Using the WSDL file from the bottom-up example, a new Java
+implementation that adheres to this service can be generated. The "-k"
+option is passed to wsconsume to preserve the Java source files that
+are generated, instead of providing just classes:
The following table shows the purpose of each generated file:
+
+
+
+
+
+
+
+
+
File
+
Purpose
+
+
+
+
+
Echo.java
+
Service Endpoint Interface
+
+
+
Echo_Type.java
+
Wrapper bean for request message
+
+
+
EchoResponse.java
+
Wrapper bean for response message
+
+
+
ObjectFactory.java
+
Jakarta XML Binding XML Registry
+
+
+
package-info.java
+
Holder for Jakarta XML Binding package annotations
+
+
+
EchoService.java
+
Used only by Jakarta XML Web Services clients
+
+
+
+
+
Examining the Service Endpoint Interface reveals annotations that are
+more explicit than in the class written by hand in the bottom-up
+example, however, these evaluate to the same contract:
Before going to detail on the client-side it is important to understand
+the decoupling concept that is central to Web Services. Web Services are
+not the best fit for internal RPC, even though they can be used in this
+way. There are much better technologies for this (CORBA, and RMI for
+example). Web Services were designed specifically for interoperable
+coarse-grained correspondence. There is no expectation or guarantee that
+any party participating in a Web Service interaction will be at any
+particular location, running on any particular OS, or written in any
+particular programming language. So because of this, it is important to
+clearly separate client and server implementations. The only thing they
+should have in common is the abstract contract definition. If, for
+whatever reason, your software does not adhere to this principal, then
+you should not be using Web Services. For the above reasons, the
+recommended methodology for developing a client is to follow the
+top-down approach , even if the client is running on the same server.
+
+
+
Let’s repeat the process of the top-down section, although using the
+deployed WSDL, instead of the one generated offline by wsprovide. The
+reason why we do this is just to get the right value for soap:address.
+This value must be computed at deploy time, since it is based on
+container configuration specifics. You could of course edit the WSDL
+file yourself, although you need to ensure that the path is correct.
As you can see, this generated class extends the main client entry point
+in Jakarta XML Web Services, jakarta.xml.ws.Service. While you can use Service directly,
+this is far simpler since it provides the configuration info for you.
+The only method we really care about is the getEchoPort() method,
+which returns an instance of our Service Endpoint Interface. Any WS
+operation can then be called by just invoking a method on the returned
+interface.
+
+
+
+
+
+
+
+
+It’s not recommended to refer to a remote WSDL URL in a production
+application. This causes network I/O every time you instantiate the
+Service Object. Instead, use the tool on a saved local copy, or use the
+URL version of the constructor to provide a new WSDL location.
+
+
+
+
+
+
All that is left to do, is write and compile the client:
It is easy to change the endpoint address of your operation at runtime,
+setting the ENDPOINT_ADDRESS_PROPERTY as shown below:
+
+
+
+
EchoService service = new EchoService();
+ Echo echo = service.getEchoPort();
+
+ /* Set NEW Endpoint Location */
+ String endpointURL = "http://NEW_ENDPOINT_URL";
+ BindingProvider bp = (BindingProvider)echo;
+ bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, endpointURL);
+
+ System.out.println("Server said: " + echo.echo(args0));
+
+
+
+
+
+
17.3. wsconsume
+
+
wsconsume is a command line tool and ant task that "consumes" the
+abstract contract (WSDL file) and produces portable Jakarta XML Web Services and
+client artifacts.
+
+
+
17.3.1. Command Line Tool
+
+
The command line tool has the following usage:
+
+
+
+
usage: wsconsume [options] <wsdl-url>
+options:
+ -h, --help Show this help message
+ -b, --binding=<file> One or more Jakarta XML Web Services or Jakarta XML Binding binding files
+ -k, --keep Keep/Generate Java source
+ -c --catalog=<file> Oasis XML Catalog file for entity resolution
+ -j --clientjar=<name> Create a jar file of the generated artifacts for calling the webservice
+ -p --package=<name> The target package for generated source
+ -w --wsdlLocation=<loc> Value to use for @WebServiceClient.wsdlLocation
+ -o, --output=<directory> The directory to put generated artifacts
+ -s, --source=<directory> The directory to put Java source
+ -t, --target=<2.0|2.1|2.2> The Jakarta XML Web Services specification target
+ -q, --quiet Be somewhat more quiet
+ -v, --verbose Show full exception stack traces
+ -l, --load-consumer Load the consumer and exit (debug utility)
+ -e, --extension Enable SOAP 1.2 binding extension
+ -a, --additionalHeaders Enables processing of implicit SOAP headers
+ -n, --nocompile Do not compile generated sources
+
+
+
+
+
+
+
+
+
+The wsdlLocation is used when creating the Service to be used by clients
+and will be added to the @WebServiceClient annotation, for an endpoint
+implementation based on the generated service endpoint interface you
+will need to manually add the wsdlLocation to the @WebService annotation
+on your web service implementation and not the service endpoint
+interface.
+
+
+
+
+
+
Examples
+
+
Generate artifacts in Java class form only:
+
+
+
+
wsconsume Example.wsdl
+
+
+
+
Generate source and class files:
+
+
+
+
wsconsume -k Example.wsdl
+
+
+
+
Generate source and class files in a custom directory:
+
+
+
+
wsconsume -k -o custom Example.wsdl
+
+
+
+
Generate source and class files in the org.foo package:
+
+
+
+
wsconsume -k -p org.foo Example.wsdl
+
+
+
+
Generate source and class files using multiple binding files:
The wsconsume tools is included in the
+org.jboss.ws.plugins:jaxws-tools-maven-plugin plugin. The plugin has
+two goals for running the tool, wsconsume and wsconsume-test, which
+basically do the same during different maven build phases (the former
+triggers the sources generation during generate-sources phase, the
+latter during the generate-test-sources one).
+
+
+
The wsconsume plugin has the following parameters:
+
+
+
+
+
+
+
+
+
+
Attribute
+
Description
+
Default
+
+
+
+
+
bindingFiles
+
Jakarta XML Web Services or Jakarta XML Binding binding file
+
true
+
+
+
classpathElements
+
Each classpathElement provides alibrary file to be
+added to classpath
Enables more informational output about command progress.
+
false
+
+
+
wsdls
+
The WSDL files or URLs to consume
+
n/a
+
+
+
extension
+
Enable SOAP 1.2 binding extension.
+
false
+
+
+
encoding
+
The charset encoding to use for generated sources.
+
$\{project.build.sourceEncoding}
+
+
+
argLine
+
An optional additional argline to be used when running in fork
+mode;can be used to set endorse dir, enable debugging,
+etc.Example<argLine>-Djava.endorsed.dirs=…</argLine>
+
none
+
+
+
fork
+
Whether or not to run the generation task in a separate VM.
+
false
+
+
+
target
+
A preference for the Jakarta XML Web Services specification target
+
Depends on
+the underlying stack and endorsed dirs if any
+
+
+
+
+
Examples
+
+
You can use wsconsume in your own project build simply referencing the
+jaxws-tools-maven-plugin in the configured plugins in your pom.xml
+file.
+
+
+
The following example makes the plugin consume the test.wsdl file and
+generate SEI and wrappers' java sources. The generated sources are then
+compiled together with the other project classes.
Finally, if the wsconsume invocation is required for consuming a wsdl to
+be used in your testsuite only, you might want to use the
+wsconsume-test goal as follows:
Plugin stack dependencyThe plugin itself does not have an explicit
+dependency to a JBossWS stack, as it’s meant for being used with
+implementations of any supported version of the JBossWS SPI. So the
+user is expected to set a dependency in his own pom.xml to the desired
+JBossWS stack version. The plugin will rely on the that for using the
+proper tooling.
+Be careful when using this plugin with the Maven War Plugin as that
+include any project dependency into the generated application war
+archive. You might want to set <scope>provided</scope> for the
+JBossWS stack dependency to avoid that.
+
+
+
+
+
+
+
+
+
+
+
+Up to version 1.1.2.Final, the artifactId of the plugin was
+maven-jaxws-tools-plugin.
+
+
+
+
+
+
+
+
17.3.3. Ant Task
+
+
The wsconsume Ant task ( org.jboss.ws.tools.ant.WSConsumeTask) has
+the following attributes:
+
+
+
+
+
+
+
+
+
+
Attribute
+
Description
+
Default
+
+
+
+
+
fork
+
Whether or not to run the generation task in a separate VM.
+
true
+
+
+
keep
+
Keep/Enable Java source code generation.
+
false
+
+
+
catalog
+
Oasis XML Catalog file for entity resolution
+
none
+
+
+
package
+
The target Java package for generated code.
+
generated
+
+
+
binding
+
A Jakarta XML Web Services or Jakarta XML Binding binding file
+
none
+
+
+
wsdlLocation
+
Value to use for @WebServiceClient.wsdlLocation
+
generated
+
+
+
encoding
+
The charset encoding to use for generated sources
+
n/a
+
+
+
destdir
+
The output directory for generated artifacts.
+
"output"
+
+
+
sourcedestdir
+
The output directory for Java source.
+
value of destdir
+
+
+
target
+
The Jakarta XML Web Services specification target. Allowed values are 2.0, 2.1
+and 2.2
+
+
+
+
verbose
+
Enables more informational output about command progress.
+
false
+
+
+
wsdl
+
The WSDL file or URL
+
n/a
+
+
+
extension
+
Enable SOAP 1.2 binding extension.
+
false
+
+
+
additionalHeaders
+
Enables processing of implicit SOAP headers
+
false
+
+
+
+
+
+
+
+
+
+
+Users also need to put streamBuffer.jar and stax-ex.jar to the classpath
+of the ant task to generate the appropriate artefacts.
+
+
+
+
+
+
+
+
+
+
+
+The wsdlLocation is used when creating the Service to be used by clients
+and will be added to the @WebServiceClient annotation, for an endpoint
+implementation based on the generated service endpoint interface you
+will need to manually add the wsdlLocation to the @WebService annotation
+on your web service implementation and not the service endpoint
+interface.
+
+
+
+
+
+
Also, the following nested elements are supported:
+
+
+
+
+
+
+
+
+
+
Element
+
Description
+
Default
+
+
+
+
+
binding
+
A Jakarta XML Web Services or Jakarta XML Binding binding file
+
none
+
+
+
jvmarg
+
Allows setting of custom jvm arguments
+
+
+
+
+
+
Examples
+
+
Generate Jakarta XML Web Services source and classes in a separate JVM with separate
+directories, a custom wsdl location attribute, and a list of binding
+files from foo.wsdl:
wsprovide is a command line tool, Maven plugin and Ant task that
+generates portable Jakarta XML Web Services artifacts for a service endpoint
+implementation. It also has the option to "provide" the abstract
+contract for offline usage.
+
+
+
17.4.1. Command Line Tool
+
+
The command line tool has the following usage:
+
+
+
+
usage: wsprovide [options] <endpoint class name>
+options:
+ -h, --help Show this help message
+ -k, --keep Keep/Generate Java source
+ -w, --wsdl Enable WSDL file generation
+ -a, --address The generated port soap:address in wsdl
+ -c. --classpath=<path> The classpath that contains the endpoint
+ -o, --output=<directory> The directory to put generated artifacts
+ -r, --resource=<directory> The directory to put resource artifacts
+ -s, --source=<directory> The directory to put Java source
+ -e, --extension Enable SOAP 1.2 binding extension
+ -q, --quiet Be somewhat more quiet
+ -t, --show-traces Show full exception stack traces
+
+
+
+
Examples
+
+
Generating wrapper classes for portable artifacts in the "generated"
+directory:
+
+
+
+
wsprovide -o generated foo.Endpoint
+
+
+
+
Generating wrapper classes and WSDL in the "generated" directory
The wsprovide tools is included in the
+org.jboss.ws.plugins:jaxws-tools-maven-plugin plugin. The plugin
+has two goals for running the tool, wsprovide and wsprovide-test,
+which basically do the same during different Maven build phases (the
+former triggers the sources generation during process-classes phase,
+the latter during the process-test-classes one).
+
+
+
The wsprovide plugin has the following parameters:
+
+
+
+
+
+
+
+
+
+
Attribute
+
Description
+
Default
+
+
+
+
+
testClasspathElements
+
Each classpathElement provides alibrary file to
+be added to classpath
Plugin stack dependencyThe plugin itself does not have an explicit
+dependency to a JBossWS stack, as it’s meant for being used with
+implementations of any supported version of the JBossWS SPI. So the
+user is expected to set a dependency in his own pom.xml to the desired
+JBossWS stack version. The plugin will rely on the that for using the
+proper tooling.
+Be careful when using this plugin with the Maven War Plugin as that
+include any project dependency into the generated application war
+archive. You might want to set <scope>provided</scope> for the
+JBossWS stack dependency to avoid that.
+
+
+
+
+
+
+
+
+
+
+
+Up to version 1.1.2.Final, the artifactId of the plugin was
+maven-jaxws-tools-plugin.
+
+
+
+
+
+
+
+
17.4.3. Ant Task
+
+
The wsprovide ant task ( org.jboss.ws.tools.ant.WSProvideTask) has the
+following attributes:
+
+
+
+
+
+
+
+
+
+
Attribute
+
Description
+
Default
+
+
+
+
+
fork
+
Whether or not to run the generation task in a separate VM.
+
true
+
+
+
keep
+
Keep/Enable Java source code generation.
+
false
+
+
+
destdir
+
The output directory for generated artifacts.
+
"output"
+
+
+
resourcedestdir
+
The output directory for resource artifacts
+(WSDL/XSD).
+
value of destdir
+
+
+
sourcedestdir
+
The output directory for Java source.
+
value of destdir
+
+
+
extension
+
Enable SOAP 1.2 binding extension.
+
false
+
+
+
genwsdl
+
Whether or not to generate WSDL.
+
false
+
+
+
address
+
The generated port soap:address in wsdl.
+
+
+
+
verbose
+
Enables more informational output about command progress.
+
false
+
+
+
sei
+
Service Endpoint Implementation.
+
+
+
+
classpath
+
The classpath that contains the service endpoint
+implementation.
+
"."
+
+
+
+
+
Examples
+
+
Executing wsprovide in verbose mode with separate output directories for
+source, resources, and classes:
17.5. Jakarta XML Web Services Advanced User Guide
+
+
17.5.1. Logging
+
+
Logging of inbound and outbound messages is a common need. Different
+approaches are available for achieving that:
+
+
+
Jakarta XML Web Services Handler approach
+
+
A portable way of performing logging is writing a simple Jakarta XML Web Services handler
+dumping the messages that are passed in it; the handler can be added to
+the desired client/endpoints (programmatically / using @HandlerChain
+Jakarta XML Web Services annotation).
+
+
+
The predefined client and endpoint configuration
+mechanism allows user to add the logging handler to any client/endpoint
+or to some of them only (in which case the @EndpointConfig annotation
+/ JBossWS API is required though).
+
+
+
+
Apache CXF approach
+
+
Apache CXF also comes with logging interceptors that can be easily used
+to log messages to the console or configured client/server log files.
+Those interceptors can be added to client, endpoint and buses in
+multiple ways:
+
+
+
System property
+
+
Setting the org.apache.cxf.logging.enabled system property to true
+causes the logging interceptors to be added to any Bus instance being
+created on the JVM.
+
+
+
+
+
+
+
+
+On WildFly, the system property is easily set by adding what follows to
+the standalone / domain server configuration just after the extensions
+section:
+
Logging interceptors can be selectively added to endpoints using the
+Apache CXF annotations @org.apache.cxf.interceptor.InInterceptors and
+@org.apache.cxf.interceptor.OutInterceptors. The same is achieved on
+client side by programmatically adding new instances of the logging
+interceptors to the client or the bus.
+
+
+
Alternatively, Apache CXF also comes with a
+org.apache.cxf.feature.LoggingFeature that can be used on clients and
+endpoints (either annotating them with
+@org.apache.cxf.feature.Features or directly with
+@org.apache.cxf.annotations.Logging).
JBossWS includes most of the WS-* specification functionalities through
+the integration with Apache CXF. In particular, the whole WS-Security
+Policy framework is fully supported, enabling full contract driven
+configuration of complex features like WS-Security.
+
+
+
In details information available further down in this documentation
+book.
+
+
+
+
17.5.3. Address rewrite
+
+
JBossWS allows users to configure the soap:address attribute in the
+wsdl contract of deployed services.
If the content of <soap:address> in the wsdl is a valid URL, JBossWS
+will not rewrite it unless modify-wsdl-address is true. If the content
+of <soap:address> is not a valid URL instead, JBossWS will always
+rewrite it using the attribute values given below. Please note that the
+variable $\{jboss.bind.address} can be used to set the address which
+the application is bound to at each startup.
+
+
+
The wsdl-secure-port and wsdl-port attributes are used to explicitly
+define the ports to be used for rewriting the SOAP address. If these
+attributes are not set, the ports will be identified by querying the
+list of installed connectors. If multiple connectors are found the port
+of the first connector is used.
+
+
+
+
Dynamic rewrite
+
+
When the application server is bound to multiple addresses or
+non-trivial real-world network architectures cause request for different
+external addresses to hit the same endpoint, a static rewrite of the
+soap:address may not be enough. JBossWS allows for both the soap:address
+in the wsdl and the wsdl address in the console to be rewritten with the
+host use in the client request. This way, users always get the right
+wsdl address assuming they’re connecting to an instance having the
+endpoint they’re looking for. To trigger this behaviour, the
+jbossws.undefined.host value has to be specified for the wsdl-host
+element.
Of course, when a confidential transport address is required, the
+addresses are always rewritten using https protocol and the port
+currently configured for the https/ssl connector.
+
+
+
+
+
17.5.4. Configuration through deployment descriptor
+
+
The jboss-webservices.xml deployment descriptor can be used to provide
+additional configuration for a given deployment. The expected location
+of it is:
+
+
+
+
+
META-INF/jboss-webservices.xml for Jakarta Enterprise Beans webservice deployments
+
+
+
WEB-INF/jboss-webservices.xml for POJO webservice deployments and
+Jakarta Enterprise Beans webservice endpoints bundled in war archives
+
+
+
+
+
The structure of file is the following (schemas are available
+here):
Elements <config-name> and <config-file> can be used to associate
+any endpoint provided in the deployment with a given
+endpoint configuration. Endpoint configuration are
+either specified in the referenced config file or in the WildFly domain
+model (webservices subsystem). For further details on the endpoint
+configurations and their management in the domain model, please see the
+related
+documentation.
<property> elements can be used to setup simple property values to
+configure the ws stack behavior. Allowed property names and values are
+mentioned in the guide under related topics.
Apache CXF has a feature for validating incoming and outgoing SOAP
+messages on both client and server side. The validation is performed
+against the relevant schema in the endpoint wsdl contract (server side)
+or the wsdl contract used for building up the service proxy (client
+side).
+
+
+
Schema validation can be turned on programmatically on client side
Alternatively, any endpoint and client running in-container can be
+associated to a JBossWS predefined configuration
+having the schema-validation-enabled property set to true in the
+referenced config file.
+
+
+
Finally, JBossWS also allows for server-wide (default) setup of schema
+validation by using the Standard-Endpoint-Config and
+Standard-Client-Config special configurations (which apply to any
+client / endpoint unless a different configuration is specified for
+them)
As Kohsuke Kawaguchi wrote on
+his
+blog, one common complaint from the Jakarta XML Binding users is the lack of support
+for binding 3rd party classes. The scenario is this: you are trying to
+annotate your classes with Jakarta XML Binding annotations to make it XML bindable, but
+some of the classes are coming from libraries and JDK, and thus you
+cannot put necessary Jakarta XML Binding annotations on it.
+
+
+
To solve this Jakarta XML Binding has been designed to provide hooks for programmatic
+introduction of annotations to the runtime.
+
+
+
This is currently leveraged by the JBoss Jakarta XML Binding Introductions project,
+using which users can define annotations in XML and make Jakarta XML Binding see those
+as if those were in the class files (perhaps coming from 3rd party
+libraries).
17.5.8. Predefined client and endpoint configurations
+
+
+JBossWS permits extra setup configuration data to be predefined and
+associated with an endpoint or a client. Configurations can include
+Jakarta XML Web Services handlers and key/value property declarations that control JBossWS
+and Apache CXF internals. Predefined configurations can be used for
+Jakarta XML Web Services client and Jakarta XML Web Services endpoint setup.
+
+
+
+
Configurations can be defined in the webservice subsystem and in an
+application’s deployment descriptor file. There can be many
+configuration definitions in the webservice subsystem and in an
+application. Each configuration must have a name that is unique within
+the server. Configurations defined in an application are local to the
+application. Endpoint implementations declare the use of a specific
+configuration through the use of the
+org.jboss.ws.api.annotation.EndpointConfig annotation. An endpoint
+configuration defined in the webservices subsystem is available to all
+deployed applications on the server container and can be referenced by
+name in the annotation. An endpoint configuration defined in an
+application must be referenced by both deployment descriptor file name
+and configuration name by the annotation.
+
+
+
Handlers
+
+
+
Each endpoint configuration may be associated with zero or more PRE and
+POST handler chains. Each handler chain may include JAXWS handlers. For
+outbound messages the PRE handler chains are executed before any handler
+that is attached to the endpoint using the standard means, such as with
+annotation @HandlerChain, and POST handler chains are executed after
+those objects have executed. For inbound messages the POST handler
+chains are executed before any handler that is attached to the endpoint
+using the standard means and the PRE handler chains are executed after
+those objects have executed.
+
+
+
+
* Server inbound messages
+Client --> ... --> POST HANDLER --> ENDPOINT HANDLERS --> PRE HANDLERS --> Endpoint
+
+* Server outbound messages
+Endpoint --> PRE HANDLER --> ENDPOINT HANDLERS --> POST HANDLERS --> ... --> Client
+
+
+
+
The same applies for client configurations.
+
+
+
Properties
+
+
+
Key/value properties are used for controlling both some Apache CXF
+internals and some JBossWS options. Specific supported values are
+mentioned where relevant in the rest of the documentation.
+
+
+
Assigning configurations
+
+
Endpoints and clients are assigned configuration through different
+means. Users can explicitly require a given configuration or rely on
+container defaults. The assignment process can be split up as follows:
+
+
+
+
+
Explicit assignment through annotations (for endpoints) or API
+programmatic usage (for clients)
+
+
+
Automatic assignment of configurations from default descriptors
+
+
+
Automatic assignment of configurations from container
+
+
+
+
+
Endpoint configuration assignment
+
+
The explicit configuration assignment is meant for developer that know
+in advance their endpoint or client has to be setup according to a
+specified configuration. The configuration is either coming from a
+descriptor that is included in the application deployment, or is
+included in the application server webservices subsystem management
+model.
+
+
+
+
Endpoint Configuration Deployment Descriptor
+
+
Jakarta EE archives that can contain Jakarta XML Web Services client and endpoint
+implementations can also contain predefined client and endpoint
+configuration declarations. All endpoint/client configuration
+definitions for a given archive must be provided in a single deployment
+descriptor file, which must be an implementation of schema
+jbossws-jaxws-config.
+Many endpoint/client configurations can be defined in the deployment
+descriptor file. Each configuration must have a name that is unique
+within the server on which the application is deployed. The
+configuration name can’t be referred to by endpoint/client
+implementations outside the application. Here is an example of a
+descriptor, containing two endpoint configurations:
WildFly allows declaring JBossWS client and server predefined
+configurations in the webservices subsystem section of the server
+model. As a consequence it is possible to declare server-wide handlers
+to be added to the chain of each endpoint or client assigned to a given
+configuration.
+
+
+
Please refer to the
+WildFly
+documentation for details on managing the webservices subsystem such
+as adding, removing and modifying handlers and properties.
+
+
+
The allowed contents in the webservices subsystem are defined by the
+schema
+included in the application server.
+
+
+Standard configurations
+
+
Clients running in-container as well as endpoints are assigned standard
+configurations by default. The defaults are used unless different
+configurations are set as described on this page. This enables
+administrators to tune the default handler chains for client and
+endpoint configurations. The names of the default client and endpoint
+configurations, used in the webservices subsystem are
+Standard-Client-Config and Standard-Endpoint-Config respectively.
+
+
+
+Handlers classloading
+
+
When setting a server-wide handler, please note the handler class needs
+to be available through each ws deployment classloader. As a consequence
+proper module dependencies might need to be specified in the deployments
+that are going to leverage a given predefined configuration. A shortcut
+is to add a dependency to the module containing the handler class in one
+of the modules which are already automatically set as dependencies to
+any deployment, for instance org.jboss.ws.spi.
Once a configuration is available to a given application, the
+org.jboss.ws.api.annotation.EndpointConfig annotation is used to
+assign an endpoint configuration to a Jakarta XML Web Services endpoint implementation.
+When assigning a configuration that is defined in the webservices
+subsystem only the configuration name is specified. When assigning a
+configuration that is defined in the application, the relative path to
+the deployment descriptor and the configuration name must be specified.
The most practical way of setting a configuration is using
+org.jboss.ws.api.configuration.ClientConfigFeature, a JAXWS Feature
+extension provided by JBossWS:
+
+
+
+
importorg.jboss.ws.api.configuration.ClientConfigFeature;
+
+...
+
+Service service = Service.create(wsdlURL, serviceName);
+Endpoint port = service.getPort(Endpoint.class, new ClientConfigFeature("META-INF/my-client-config.xml", "Custom Client Config"));
+port.echo("Kermit");
+
+... or ....
+
+port = service.getPort(Endpoint.class, new ClientConfigFeature("META-INF/my-client-config.xml", "Custom Client Config"), true); //setup properties too from the configuration
+port.echo("Kermit");
+... or ...
+
+port = service.getPort(Endpoint.class, new ClientConfigFeature(null, testConfigName)); //reads from current container configurations if available
+port.echo("Kermit");
+
+
+
+
JBossWS parses the specified configuration file. The configuration file
+must be found as a resource by the classloader of the current thread.
+The
+jbossws-jaxws-config
+schema defines the descriptor contents and is included in the
+jbossws-spi artifact.
+
+
+
+Explicit setup through API
+
+
Alternatively, JBossWS API comes with facility classes that can be used
+for assigning configurations when building a client. JAXWS handlers read
+from client configurations as follows:
+
+
+
+
importorg.jboss.ws.api.configuration.ClientConfigUtil;
+importorg.jboss.ws.api.configuration.ClientConfigurer;
+
+...
+
+Service service = Service.create(wsdlURL, serviceName);
+Endpoint port = service.getPort(Endpoint.class);
+BindingProvider bp = (BindingProvider)port;
+ClientConfigUtil.setConfigHandlers(bp, "META-INF/my-client-config.xml", "Custom Client Config 1");
+port.echo("Kermit");
+
+...
+
+ClientConfigurer configurer = ClientConfigUtil.resolveClientConfigurer();
+configurer.setConfigHandlers(bp, "META-INF/my-client-config.xml", "Custom Client Config 2");
+port.echo("Kermit");
+
+...
+
+configurer.setConfigHandlers(bp, "META-INF/my-client-config.xml", "Custom Client Config 3");
+port.echo("Kermit");
+
+...
+
+configurer.setConfigHandlers(bp, null, "Container Custom Client Config"); //reads from current container configurations if available
+port.echo("Kermit");
+
+
+
+
+
+
similarly, properties are read from client configurations as
+follows:
+
+
+
+
+
+
importorg.jboss.ws.api.configuration.ClientConfigUtil;
+importorg.jboss.ws.api.configuration.ClientConfigurer;
+
+...
+
+Service service = Service.create(wsdlURL, serviceName);
+Endpoint port = service.getPort(Endpoint.class);
+
+ClientConfigUtil.setConfigProperties(port, "META-INF/my-client-config.xml", "Custom Client Config 1");
+port.echo("Kermit");
+
+...
+
+ClientConfigurer configurer = ClientConfigUtil.resolveClientConfigurer();
+configurer.setConfigProperties(port, "META-INF/my-client-config.xml", "Custom Client Config 2");
+port.echo("Kermit");
+
+...
+
+configurer.setConfigProperties(port, "META-INF/my-client-config.xml", "Custom Client Config 3");
+port.echo("Kermit");
+
+...
+
+configurer.setConfigProperties(port, null, "Container Custom Client Config"); //reads from current container configurations if available
+port.echo("Kermit");
+
+...
+
+configurer.setConfigProperties(port, null, null); //reads from current Elytron client configuration if available
+port.echo("Kermit");
+
+
+
+
The default ClientConfigurer implementation parses the specified
+configuration file, if any, after having resolved it as a resources
+using the current thread context classloader. The
+jbossws-jaxws-config
+schema defines the descriptor contents and is included in the
+jbossws-spi artifact.
+
+
+
If WildFly Elytron client configuration is present, the client will automatically use SSL context and credentials (for HTTP Basic authentication or Username Token Profile) from this configuration if these were not already configured.
+
+
+
+
+
Automatic configuration from default descriptors
+
+
In some cases, the application developer might not be aware of the
+configuration that will need to be used for its client and endpoint
+implementation, perhaps because that’s a concern of the application
+deployer. In other cases, explicit usage (compile time dependency) of
+JBossWS API might not be accepted. To cope with such scenarios, JBossWS
+allows including default client ( jaxws-client-config.xml) and
+endpoint ( jaxws-endpoint-config.xml) descriptor within the
+application (in its root), which are parsed for getting configurations
+any time a configuration file name is not specified.
+
+
+
If the configuration name is also not specified, JBossWS automatically
+looks for a configuration named the same as
+
+
+
+
+
the endpoint implementation class (full qualified name), in case of
+Jakarta XML Web Services endpoints;
+
+
+
the service endpoint interface (full qualified name), in case of
+Jakarta XML Web Services clients.
+
+
+
+
+
No automatic configuration name is selected for Dispatch clients.
+
+
+
So, for instance, an endpoint implementation class
+org.foo.bar.EndpointImpl for which no pre-defined configuration is
+explicitly set will cause JBossWS to look for a
+org.foo.bar.EndpointImpl named configuration within a
+jaxws-endpoint-config.xml descriptor in the root of the application
+deployment. Similarly, on client side, a client proxy implementing
+org.foo.bar.Endpoint interface (SEI) will have the setup read from a
+org.foo.bar.Endpoint named configuration in jaxws-client-config.xml
+descriptor.
+
+
+
+
Automatic configuration assignment from container setup
+
+
JBossWS fall-backs to getting predefined configurations from the
+container setup whenever no explicit configuration has been provided and
+the default descriptors are either not available or do not contain
+relevant configurations. This gives additional control on the Jakarta XML Web Services
+client and endpoint setup to administrators, as the container setup can
+be managed independently from the deployed applications.
+JBossWS hence accesses the webservices subsystem the same as explained
+above for explicitly named configuration; the default configuration
+names used for look are
+
+
+
+
+
the endpoint implementation class (full qualified name), in case of
+Jakarta XML Web Services endpoints;
+
+
+
the service endpoint interface (full qualified name), in case of
+Jakarta XML Web Services clients.
+Dispatch clients are not automatically configured. If no configuration
+is found using names computed as above, the Standard-Client-Config and
+Standard-Endpoint-Config configurations are used for clients and
+endpoints respectively
+
+
+
+
+
+
+
+
17.5.9. Authentication
+
+
Authentication
+
+
Here the simplest way to authenticate a web service user with JBossWS is
+explained.
+
+
+
First we secure the access to the SLSB as we would do for normal (non
+web service) invocations: this can be easily done through the
+@RolesAllowed, @PermitAll, @DenyAll annotation. The allowed user roles
+can be set with these annotations both on the bean class and on any of
+its business methods.
The security domain as well as its the authentication and authorization
+mechanisms are defined differently depending on the application server
+version in use.
+
+
+
+
Use BindingProvider to set principal/credential
+
+
A web service client may use the jakarta.xml.ws.BindingProvider
+interface to set the username/password combination
All Jakarta XML Web Services functionalities provided by JBossWS on top of WildFly are
+currently served through a proper integration of the JBoss Web Services
+stack with most of the Apache CXF project
+modules.
+
+
+
Apache CXF is an open source services framework. It allows building and
+developing services using frontend programming APIs (including Jakarta XML Web Services),
+with services speaking a variety of protocols such as SOAP and XML/HTTP
+over a variety of transports such as HTTP and Jakarta Messaging.
+
+
+
The integration layer ( JBossWS-CXF in short hereafter) is mainly
+meant for:
+
+
+
+
+
allowing using standard webservices APIs (including Jakarta XML Web Services) on
+WildFly; this is performed internally leveraging Apache CXF without
+requiring the user to deal with it;
+
+
+
allowing using Apache CXF advanced features (including WS-*) on top of
+WildFly without requiring the user to deal with / setup / care about the
+required integration steps for running in such a container.
+
+
+
+
+
In order for achieving the goals above, the JBossWS-CXF integration
+supports the JBoss ws endpoint deployment mechanism and comes with many
+internal customizations on top of Apache CXF.
+
+
+
In the next sections a list of technical suggestions and notes on the
+integration is provided; please also refer to the
+Apache CXF official documentation
+for in-depth details on the CXF architecture.
+
+
+
+
Building WS applications the JBoss way
+
+
The Apache CXF client and endpoint configuration as explained in the
+Apache CXF official user guide is
+heavily based on Spring. Apache CXF basically parses Spring cxf.xml
+descriptors; those may contain any basic bean plus specific ws client
+and endpoint beans which CXF has custom parsers for. Apache CXF can be
+used to deploy webservice endpoints on any servlet container by
+including its libraries in the deployment; in such a scenario Spring
+basically serves as a convenient configuration option, given direct
+Apache CXF API usage won’t be very handy. Similar reasoning applies on
+client side, where a Spring based descriptor offers a shortcut for
+setting up Apache CXF internals.
+
+
+
This said, nowadays almost any Apache CXF functionality can be
+configured and used through direct API usage, without Spring. As a
+consequence of that and given the considerations in the sections below,
+the JBossWS integration with Apache CXF does not rely on Spring
+descriptors.
+
+
+
Portable applications
+
+
WildFly is much more then a servlet container; it actually provides
+users with a fully compliant target platform for Jakarta EE applications.
+
+
+
Generally speaking, users are encouraged to write portable
+applications by relying only on Jakarta XML Web Services specification whenever
+possible. That would by the way ensure easy migrations to and from other
+compliant platforms. Being a Jakarta EE container, WildFly already comes
+with a Jakarta XML Web Services compliant implementation, which is basically Apache CXF
+plus the JBossWS-CXF integration layer. So users just need to write
+their Jakarta XML Web Services application; no need for embedding any Apache CXF or any
+ws related dependency library in user deployments. Please refer to the
+Jakarta XML Web Services User Guide section of the documentation for
+getting started.
+
+
+
WS-* usage (including WS-Security, WS-Addressing, WS-ReliableMessaging,
+…) should also be configured in the most portable way; that is by
+relying on proper WS-Policy assertions on the endpoint WSDL contracts,
+so that client and endpoint configuration is basically a matter of
+setting few ws context properties. The WS-* related sections of this
+documentation cover all the details on configuring applications making
+use of WS-* through policies.
+
+
+
As a consequence of the reasoning above, the JBossWS-CXF integration is
+currently built directly on the Apache CXF API and aims at allowing
+users to configure webservice clients and endpoints without Spring
+descriptors.
+
+
+
+
Direct Apache CXF API usage
+
+
Whenever users can’t really meet their application requirements with
+Jakarta XML Web Services plus WS-Policy, it is of course still possible to rely on direct
+Apache CXF API usage (given that’s included in the AS), loosing the Java
+EE portability of the application. That could be the case of a user
+needing specific Apache CXF functionalities, or having to consume WS-*
+enabled endpoints advertised through legacy wsdl contracts without
+WS-Policy assertions.
+
+
+
On server side, direct Apache CXF API usage might not be always possible
+or end up being not very easy. For this reason, the JBossWS integration
+comes with a convenient alternative through customization options in the
+jboss-webservices.xml descriptor described below on this page.
+Properties can be declared in jboss-webservices.xml to control Apache
+CXF internals like interceptors, features, etc.
+
+
+
+
+
Bus usage
+
+
Creating a Bus instance
+
+
Most of the Apache CXF features are configurable using the
+org.apache.cxf.Bus class. While for basic Jakarta XML Web Services usage the user might
+never need to explicitly deal with Bus, using Apache CXF specific
+features generally requires getting a handle to a org.apache.cxf.Bus
+instance. This can happen on client side as well as in a ws endpoint or
+handler business code.
+
+
+
New Bus instances are produced by the currently configured
+org.apache.cxf.BusFactory implementation the following way:
+
+
+
+
Bus bus = BusFactory.newInstance().createBus();
+
+
+
+
The algorithm for selecting the actual implementation of BusFactory to
+be used leverages the Service API, basically looking for optional
+configurations in META-INF/services/… location using the current
+thread context classloader. JBossWS-CXF integration comes with its own
+implementation of BusFactory,
+org.jboss.wsf.stack.cxf.client.configuration.JBossWSBusFactory, that
+allows for seamless setup of JBossWS customizations on top of Apache
+CXF. So, assuming the JBossWS-CXF libraries are available in the current
+thread context classloader, the JBossWSBusFactory is automatically
+retrieved by the BusFactory.newInstance() call above.
+
+
+
JBossWS users willing to explicitly use functionalities of
+org.apache.cxf.bus.CXFBusFactory, get the same API with JBossWS
+additions through JBossWSBusFactory:
+
+
+
+
Map<Class, Object> myExtensions = newHashMap<Class, Object>();
+myExtensions.put(...);
+Bus bus = new JBossWSBusFactory().createBus(myExtensions);
+
+
+
+
+
Using existing Bus instances
+
+
Apache CXF keeps reference to a global default Bus instance as well as
+to a thread default bus for each thread. That is performed through
+static members in org.apache.cxf.BusFactory, which also comes with
+the following methods in the public API:
+
+
+
+
publicstaticsynchronized Bus getDefaultBus()
+publicstaticsynchronized Bus getDefaultBus(boolean createIfNeeded)
+publicstaticsynchronizedvoid setDefaultBus(Bus bus)
+publicstatic Bus getThreadDefaultBus()
+publicstatic Bus getThreadDefaultBus(boolean createIfNeeded)
+publicstaticvoid setThreadDefaultBus(Bus bus)
+
+
+
+
Please note that the default behaviour of getDefaultBus()/
+getDefaultBus(true)/getThreadDefaultBus()/
+getThreadDefaultBus(true) is to create a new Bus instance if that’s
+not set yet. Moreover getThreadDefaultBus() and
+getThreadDefaultBus(true) first fallback to retrieving the configured
+global default bus before actually trying creating a new instance (and
+the created new instance is set as global default bus if that was not
+set there yet).
+
+
+
The drawback of this mechanism (which is basically fine in JSE
+environment) is that when running in WildFly container you need to be
+careful in order not to (mis)use a bus over multiple applications
+(assuming the Apache CXF classes are loaded by the same classloader,
+which is currently the case with WildFly).
+
+
+
Here is a list of general suggestions to avoid problems when running
+in-container:
+
+
+
+
+
forget about the global default bus; you don’t need that, so don’t do
+getDefaultBus()/getDefaultBus(true)/setDefaultBus() in
+your code;
+
+
+
avoid getThreadDefaultBus()/getThreadDefaultBus(true) unless
+you already know for sure the default bus is already set;
+
+
+
keep in mind thread pooling whenever you customize a thread default
+bus instance (for instance adding bus scope interceptors, …), as that
+thread and bus might be later reused; so either shutdown the bus when
+you’re done or explicitly remove it from the BusFactory thread
+association.
+
+
+
+
+
Finally, remember that each time you explictly create a new Bus instance
+(factory.createBus()) that is set as thread default bus and global
+default bus if those are not set yet. The JAXWS Provider
+implementation also creates Bus instances internally, in particular
+the JBossWS version of JAXWS Provider makes sure the default bus is
+never internally used and instead a new Bus is created if required
+(more details on this in the next paragraph).
+
+
+
+
Bus selection strategies for JAXWS clients
+
+
JAXWS clients require an Apache CXF Bus to be available; the client is
+registered within the Bus and the Bus affects the client behavior (e.g.
+through the configured CXF interceptors). The way a bus is internally
+selected for serving a given JAXWS client is very important, especially
+for in-container clients; for this reason, JBossWS users can choose the
+preferred Bus selection strategy. The strategy is enforced in the
+jakarta.xml.ws.spi.Provider implementation from the JBossWS integration,
+being that called whenever a JAXWS Service (client) is requested.
+
+
+Thread bus strategy (THREAD_BUS)
+
+
Each time the vanilla JAXWS api is used to create a Bus, the JBossWS-CXF
+integration will automatically make sure a Bus is currently associated
+to the current thread in the BusFactory. If that’s not the case, a new
+Bus is created and linked to the current thread (to prevent the user
+from relying on the default Bus). The Apache CXF engine will then create
+the client using the current thread Bus.
+
+
+
This is the default strategy, and the most straightforward one in Java
+SE environments; it lets users automatically reuse a previously created
+Bus instance and allows using customized Bus that can possibly be
+created and associated to the thread before building up a JAXWS client.
+
+
+
The drawback of the strategy is that the link between the Bus instance
+and the thread needs to be eventually cleaned up (when not needed
+anymore). This is really evident in a Jakarta EE environment (hence when
+running in-container), as threads from pools (e.g. serving web requests)
+are re-used.
+
+
+
When relying on this strategy, the safest approach to be sure of
+cleaning up the link is to surround the JAXWS client with a
+try/finally block as below:
+
+
+
+
try {
+ Service service = Service.create(wsdlURL, serviceQName);
+ MyEndpoint port = service.getPort(MyEndpoint.class);
+ //...
+} finally {
+ BusFactory.setThreadDefaultBus(null);
+ // OR (if you don't need the bus and the client anymore)
+ Bus bus = BusFactory.getThreadDefaultBus(false);
+ bus.shutdown(true);
+}
+
+
+
+
+New bus strategy (NEW_BUS)
+
+
Another strategy is to have the JAXWS Provider from the JBossWS
+integration create a new Bus each time a JAXWS client is built. The main
+benefit of this approach is that a fresh bus won’t rely on any formerly
+cached information (e.g. cached WSDL / schemas) which might have changed
+after the previous client creation. The main drawback is of course worse
+performance as the Bus creation takes time.
+
+
+
If there’s a bus already associated to the current thread before the
+JAXWS client creation, that is automatically restored when returning
+control to the user; in other words, the newly created bus will be used
+only for the created JAXWS client but won’t stay associated to the
+current thread at the end of the process. Similarly, if the thread was
+not associated to any bus before the client creation, no bus will be
+associated to the thread at the end of the client creation.
+
+
+
+Thread context classloader bus strategy (TCCL_BUS)
+
+
The last strategy is to have the bus created for serving the client be
+associated to the current thread context classloader (TCCL). That
+basically means the same Bus instance is shared by JAXWS clients running
+when the same TCCL is set. This is particularly interesting as each web
+application deployment usually has its own context classloader, so this
+strategy is possibly a way to keep the number of created Bus instances
+bound to the application number in WildFly container.
+
+
+
If there’s a bus already associated to the current thread before the
+JAXWS client creation, that is automatically restored when returning
+control to the user; in other words, the bus corresponding to the
+current thread context classloader will be used only for the created
+JAXWS client but won’t stay associated to the current thread at the end
+of the process. If the thread was not associated to any bus before the
+client creation, a new bus will be created (and later user for any other
+client built with this strategy and the same TCCL in place); no bus will
+be associated to the thread at the end of the client creation.
+
+
+
+Strategy configuration
+
+
Users can request a given Bus selection strategy to be used for the
+client being built by specifying one of the following JBossWS features
+(which extend jakarta.xml.ws.WebServiceFeature):
Service service = Service.create(wsdlURL, serviceQName, new UseThreadBusFeature());
+
+
+
+
If no feature is explicitly specified, the system default strategy is
+used, which can be modified through the
+org.jboss.ws.cxf.jaxws-client.bus.strategy system property when
+starting the JVM. The valid values for the property are THREAD_BUS,
+NEW_BUS and TCCL_BUS. The default is THREAD_BUS.
+
+
+
+
+
+
Server Side Integration Customization
+
+
The JBossWS-CXF server side integration takes care of internally
+creating proper Apache CXF structures (including a Bus instance, of
+course) for the provided ws deployment. Should the deployment include
+multiple endpoints, those would all live within the same Apache CXF Bus,
+which would of course be completely separated by the other deployments'
+bus instances.
+
+
+
While JBossWS sets sensible defaults for most of the Apache CXF
+configuration options on server side, users might want to fine tune the
+Bus instance that’s created for their deployment; a
+jboss-webservices.xml descriptor can be used for deployment level
+customizations.
JBossWS-CXF integration comes with a set of allowed property names to
+control Apache CXF internals.
+
+
+WorkQueue configuration
+
+
Apache CXF uses WorkQueue instances for dealing with some operations
+(e.g. @Oneway requests processing). A
+WorkQueueManager
+is installed in the Bus as an extension and allows for adding / removing
+queues as well as controlling the existing ones.
+
+
+
On server side, queues can be provided by using the
+cxf.queue.<queue-name>.* properties in jboss-webservices.xml (e.g.
+cxf.queue.default.maxQueueSize for controlling the max queue size of
+the default workqueue). At deployment time, the JBossWS integration
+can add new instances of
+AutomaticWorkQueueImpl
+to the currently configured WorkQueueManager; the properties below are
+used to fill in parameter into the
+AutomaticWorkQueueImpl
+constructor:
+
+
+
+
+
+
+
+
+
Property
+
Default value
+
+
+
+
+
cxf.queue.<queue-name>.maxQueueSize
+
256
+
+
+
cxf.queue.<queue-name>.initialThreads
+
0
+
+
+
cxf.queue.<queue-name>.highWaterMark
+
25
+
+
+
cxf.queue.<queue-name>.lowWaterMark
+
5
+
+
+
cxf.queue.<queue-name>.dequeueTimeout
+
120000
+
+
+
+
+
+Policy alternative selector
+
+
The Apache CXF policy engine supports different strategies to deal with
+policy alternatives. JBossWS-CXF integration currently defaults to the
+MaximalAlternativeSelector,
+but still allows for setting different selector implementation using the
+cxf.policy.alternativeSelector property in jboss-webservices.xml.
+
+
+
+MBean management
+
+
Apache CXF allows managing its MBean objects that are installed into the
+WildFly MBean server. The feature is enabled on a deployment basis
+through the cxf.management.enabled property in
+jboss-webservices.xml. The
+cxf.management.installResponseTimeInterceptors property can also be
+used to control installation of CXF response time interceptors, which
+are added by default when enabling MBean management, but might not be
+desired in some cases. Here is an example:
Schema validation of exchanged messages can also be enabled in
+jboss-webservices.xml. Further details available
+here.
+
+
+
+Interceptors
+
+
The jboss-webservices.xml descriptor also allows specifying the
+cxf.interceptors.in and cxf.interceptors.out properties; those
+allows declaring interceptors to be attached to the Bus instance that’s
+created for serving the deployment.
The jboss-webservices.xml descriptor also allows specifying the
+cxf.features property; that allows declaring features to be attached
+to any endpoint belonging to the Bus instance that’s created for serving
+the deployment.
WS-Discovery support can be turned on in jboss-webservices for the
+current deployment. Further details available here.
+
+
+
+
+
+
Apache CXF interceptors
+
+
Apache CXF supports declaring interceptors using one of the following
+approaches:
+
+
+
+
+
Annotation usage on endpoint classes (
+@org.apache.cxf.interceptor.InInterceptor,
+@org.apache.cxf.interceptor.OutInterceptor)
+
+
+
Direct API usage on client side (through the
+org.apache.cxf.interceptor.InterceptorProvider interface)
+
+
+
Spring descriptor usage ( cxf.xml)
+
+
+
+
+
As the Spring descriptor usage is not supported, the JBossWS integration
+adds an additional descriptor based approach to avoid requiring
+modifications to the actual client/endpoint code. Users can declare
+interceptors within predefined client and endpoint
+configurations by specifying a list of interceptor class names for the
+cxf.interceptors.in and cxf.interceptors.out properties.
A new instance of each specified interceptor class will be added to the
+client or endpoint the configuration is assigned to. The interceptor
+classes must have a no-argument constructor.
+
+
+
+
Apache CXF features
+
+
Apache CXF supports declaring features using one of the following
+approaches:
+
+
+
+
+
Annotation usage on endpoint classes (
+@org.apache.cxf.feature.Features)
+
+
+
Direct API usage on client side (through extensions of the
+org.apache.cxf.feature.AbstractFeature class)
+
+
+
Spring descriptor usage ( cxf.xml)
+
+
+
+
+
As the Spring descriptor usage is not supported, the JBossWS integration
+adds an additional descriptor based approach to avoid requiring
+modifications to the actual client/endpoint code. Users can declare
+features within predefined client and endpoint
+configurations by specifying a list of feature class names for the
+cxf.features property.
A new instance of each specified feature class will be added to the
+client or endpoint the configuration is assigned to. The feature classes
+must have a no-argument constructor.
+
+
+
+
Properties driven bean creation
+
+
Sections above explain how to declare CXF interceptors and features
+through properties either in a client/endpoint predefined configuration
+or in a jboss-webservices.xml descriptor. By getting the
+feature/interceptor class name only specified, the container simply
+tries to create a bean instance using the class default constructor.
+This sets a limitation on the feature/interceptor configuration, unless
+custom extensions of vanilla CXF classes are provided, with the default
+constructor setting properties before eventually using the super
+constructor.
+
+
+
To cope with this issue, JBossWS integration comes with a mechanism for
+configuring simple bean hierarchies when building them up from
+properties. Properties can have bean reference values, that is strings
+starting with ##. Property reference keys are used to specify the bean
+class name and the value for for each attribute. So for instance the
+following properties:
+
+
+
+
+
+
+
+
+
Key
+
Value
+
+
+
+
+
cxf.features
+
foo, bar
+
+
+
##foo
+
org.jboss.Foo
+
+
+
##foo.par
+
34
+
+
+
##bar
+
org.jboss.Bar
+
+
+
##bar.color
+
blue
+
+
+
+
+
would result into the stack installing two feature instances, the same
+that would have been created by
+
+
+
+
importorg.Bar;
+importorg.Foo;
+
+...
+
+Foo foo = new Foo();
+foo.setPar(34);
+Bar bar = new Bar();
+bar.setColor("blue");
+
+
+
+
The mechanism assumes that the classes are valid beans with proper
+getter and setter methods; value objects are cast to the correct
+primitive type by inspecting the class definition. Nested beans can of
+course be configured.
+
+
+
+
HTTPConduit configuration
+
+
HTTP transport setup in Apache CXF is achieved through
+org.apache.cxf.transport.http.HTTPConduit
+configurations.
+When running on top of the JBossWS integration, conduits can be
+programmatically modified using the Apache CXF API as follows:
+
+
+
+
importorg.apache.cxf.frontend.ClientProxy;
+importorg.apache.cxf.transport.http.HTTPConduit;
+importorg.apache.cxf.transports.http.configuration.HTTPClientPolicy;
+
+//set chunking threshold before using a Jakarta XML Web Services port client
+...
+HTTPConduit conduit = (HTTPConduit)ClientProxy.getClient(port).getConduit();
+HTTPClientPolicy client = conduit.getClient();
+
+client.setChunkingThreshold(8192);
+...
+
+
+
+
Users can also control the default values for the most common
+HTTPConduit parameters by setting specific system properties; the
+provided values will override Apache CXF defaut values.
+
+
+
+
+
+
+
+
+
Property
+
Description
+
+
+
+
+
cxf.client.allowChunking
+
A boolean to tell Apache CXF whether to allow
+send messages using chunking.
+
+
+
cxf.client.chunkingThreshold
+
An integer value to tell Apache CXF the
+threshold at which switching from non-chunking to chunking mode.
+
+
+
cxf.client.connectionTimeout
+
A long value to tell Apache CXF how many
+milliseconds to set the connection timeout to
+
+
+
cxf.client.receiveTimeout
+
A long value to tell Apache CXF how many
+milliseconds to set the receive timeout to
+
+
+
cxf.client.connection
+
A string to tell Apache CXF to use Keep-Alive or
+close connection type
+
+
+
cxf.tls-client.disableCNCheck
+
A boolean to tell Apache CXF whether
+disabling CN host name check or not
+
+
+
+
+
The vanilla Apache CXF defaults apply when the system properties above
+are not set.
+
+
+
+
+
17.5.11. WS-Addressing
+
+
JBoss Web Services inherits full WS-Addressing capabilities from the
+underlying Apache CXF implementation. Apache CXF provides support for
+2004-08 and 1.0 versions of
+WS-Addressing.
+
+
+
Enabling WS-Addressing
+
+
WS-Addressing can be turned on in multiple standard ways:
+
+
+
+
+
consuming a WSDL contract that specifies a WS-Addressing assertion /
+policy
+
+
+
using the @jakarta.xml.ws.soap.Addressing annotation
+
+
+
using the jakarta.xml.ws.soap.AddressingFeature feature
The WS-Addressing support is also perfectly integrated with the Apache
+CXF WS-Policy engine.
+
+
+
This basically means that the WSDL contract generation for code-first
+endpoint deployment is policy-aware: users can annotate endpoints with
+the @jakarta.xml.ws.soap.Addressing annotation and expect the
+published WSDL contract to contain proper WS-Addressing policy (assuming
+no wsdlLocation is specified in the endpoint’s @WebService
+annotation).
+
+
+
Similarly, on client side users do not need to manually specify the
+jakarta.xml.ws.soap.AddressingFeature feature, as the policy engine is
+able to properly process the WS-Addressing policy in the consumed WSDL
+and turn on addressing as requested.
+
+
+
+
Example
+
+
Here is an example showing how to simply enable WS-Addressing through
+WS-Policy.
+
+
+
Endpoint
+
+
A simple Jakarta XML Web Services endpoint is prepared using a java-first approach;
+WS-Addressing is enforced through @Addressing annotation and no
+wsdlLocation is provided in @WebService:
WS-Security provides the means to secure your services beyond transport
+level protocols such as HTTPS. Through a number of standards such as
+XML-Encryption, and headers defined
+in the
+WS-Security
+standard, it allows you to:
+
+
+
+
+
Pass authentication tokens between services.
+
+
+
Encrypt messages or parts of messages.
+
+
+
Sign messages.
+
+
+
Timestamp messages.
+
+
+
+
+
WS-Security makes heavy use of public and private key cryptography. It
+is helpful to understand these basics to really understand how to
+configure WS-Security. With public key cryptography, a user has a pair
+of public and private keys. These are generated using a large prime
+number and a key function.
+
+
+
+
+
+
The keys are related mathematically, but cannot be derived from one
+another. With these keys we can encrypt messages. For example, if Bob
+wants to send a message to Alice, he can encrypt a message using her
+public key. Alice can then decrypt this message using her private key.
+Only Alice can decrypt this message as she is the only one with the
+private key.
+
+
+
+
+
+
Messages can also be signed. This allows you to ensure the authenticity
+of the message. If Alice wants to send a message to Bob, and Bob wants
+to be sure that it is from Alice, Alice can sign the message using her
+private key. Bob can then verify that the message is from Alice by using
+her public key.
+
+
+
+
+
+
+
JBoss WS-Security support
+
+
JBoss Web Services supports many real world scenarios requiring
+WS-Security functionalities. This includes signature and encryption
+support through X509 certificates, authentication and authorization
+through username tokens as well as all ws-security configurations
+covered by WS-
+SecurityPolicy
+specification.
+
+
+
As well as for other WS-* features, the core of
+WS-Security functionalities is provided through the Apache CXF engine.
+On top of that the JBossWS integration adds few configuration
+enhancements to simplify the setup of WS-Security enabled endpoints.
+
+
+
Apache CXF WS-Security implementation
+
+
Apache CXF features a top class WS-Security module supporting multiple
+configurations and easily extendible.
+
+
+
The system is based on interceptors that delegate to
+Apache WSS4J for the low level security
+operations. Interceptors can be configured in different ways, either
+through Spring configuration files or directly using Apache CXF client
+API. Please refer to the
+Apache CXF documentation if
+you’re looking for more details.
+
+
+
Recent versions of Apache CXF, however, introduced support for
+WS-Security Policy, which aims at moving most of the security
+configuration into the service contract (through policies), so that
+clients can easily be configured almost completely automatically from
+that. This way users do not need to manually deal with configuring /
+installing the required interceptors; the Apache CXF WS-Policy engine
+internally takes care of that instead.
+
+
+WS-Security Policy support
+
+
WS-SecurityPolicy describes the actions that are required to securely
+communicate with a service advertised in a given WSDL contract. The WSDL
+bindings / operations reference WS-Policy fragments with the security
+requirements to interact with the service. The
+WS-SecurityPolicy
+specification allows for specifying things like asymmetric/symmetric
+keys, using transports (https) for encryption, which parts/headers to
+encrypt or sign, whether to sign then encrypt or encrypt then sign,
+whether to include timestamps, whether to use derived keys, etc.
+
+
+
However some mandatory configuration elements are not covered by
+WS-SecurityPolicy, basically because they’re not meant to be public /
+part of the published endpoint contract; those include things such as
+keystore locations, usernames and passwords, etc. Apache CXF allows
+configuring these elements either through Spring xml descriptors or
+using the client API / annotations. Below is the list of supported
+configuration properties:
+
+
+
+
+
+
+
+
+
ws-security.username
+
The username used for UsernameToken policy
+assertions
+
+
+
+
+
ws-security.password
+
The password used for UsernameToken policy
+assertions. If not specified, the callback handler will be called.
+
+
+
ws-security.callback-handler
+
The WSS4J security CallbackHandler that
+will be used to retrieve passwords for keystores and UsernameTokens.
+
+
+
ws-security.signature.properties
+
The properties file/object that
+contains the WSS4J properties for configuring the signature keystore and
+crypto objects
+
+
+
ws-security.encryption.properties
+
The properties file/object that
+contains the WSS4J properties for configuring the encryption keystore
+and crypto objects
+
+
+
ws-security.signature.username
+
The username or alias for the key in
+the signature keystore that will be used. If not specified, it uses the
+the default alias set in the properties file. If that’s also not set,
+and the keystore only contains a single key, that key will be used.
+
+
+
ws-security.encryption.username
+
The username or alias for the key in
+the encryption keystore that will be used. If not specified, it uses the
+the default alias set in the properties file. If that’s also not set,
+and the keystore only contains a single key, that key will be used. For
+the web service provider, the useReqSigCert keyword can be used to
+accept (encrypt to) any client whose public key is in the service’s
+truststore (defined in ws-security.encryption.properties.)
+
+
+
ws-security.signature.crypto
+
Instead of specifying the signature
+properties, this can point to the full WSS4J Crypto object. This can
+allow easier "programmatic" configuration of the Crypto information."
+
+
+
ws-security.encryption.crypto
+
Instead of specifying the encryption
+properties, this can point to the full WSS4J Crypto object. This can
+allow easier "programmatic" configuration of the Crypto information."
In order for removing the need of Spring on server side for setting up
+WS-Security configuration properties not covered by policies, the
+JBossWS integration allows for getting those pieces of information from
+a defined endpoint configuration. Endpoint
+configurationscan include property declarations and endpoint
+implementations can be associated with a given endpoint configuration
+using the @EndpointConfig annotation.
The JBossWS configuration additions allow for a descriptor approach to
+the WS-Security Policy engine configuration. If you prefer to provide
+the same information through an annotation approach, you can leverage
+the Apache CXF @org.apache.cxf.annotations.EndpointProperties
+annotation:
In this section some sample of WS-Security service endpoints and clients
+are provided. Please note they’re only meant as tutorials; you should
+really careful isolate the ws-security policies / assertion that best
+suite your security needs before going to production environment.
+
+
+
+
+
+
+
+
+The following sections provide directions and examples on understanding
+some of the configuration options for WS-Security engine. Please note
+the implementor remains responsible for assessing the application
+requirements and choosing the most suitable security policy for them.
+
+
+
+
+
+
Signature and encryption
+
+Endpoint
+
+
First of all you need to create the web service endpoint using Jakarta XML Web Services.
+While this can generally be achieved in different ways, it’s required to
+use a contract-first approach when using WS-Security, as the policies
+declared in the wsdl are parsed by the Apache CXF engine on both server
+and client sides. So, here is an example of WSDL contract enforcing
+signature and encryption using X 509 certificates (the referenced schema
+is omitted):
The referenced jaxws-endpoint-config.xml descriptor is used to provide
+a custom endpoint configuration with the required server side
+configuration properties; this tells the engine which certificate / key
+to use for signature / signature verification and for encryption /
+decryption:
the bob.properties configuration file is also referenced above; it
+includes the WSS4J Crypto properties which in turn link to the keystore
+file, type and the alias/password to use for accessing it:
A callback handler for the letting Apache CXF access the keystore is
+also provided:
+
+
+
+
packageorg.jboss.test.ws.jaxws.samples.wsse.policy.basic;
+
+importjava.io.IOException;
+importjava.util.HashMap;
+importjava.util.Map;
+importjavax.security.auth.callback.Callback;
+importjavax.security.auth.callback.CallbackHandler;
+importjavax.security.auth.callback.UnsupportedCallbackException;
+importorg.apache.ws.security.WSPasswordCallback;
+
+publicclassKeystorePasswordCallbackimplementsCallbackHandler {
+ privateMap<String, String> passwords = newHashMap<String, String>();
+
+ public KeystorePasswordCallback() {
+ passwords.put("alice", "password");
+ passwords.put("bob", "password");
+ }
+
+ /**
+ * It attempts to get the password from the private
+ * alias/passwords map.
+ */
+ publicvoid handle(Callback[] callbacks) throwsIOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
+
+ String pass = passwords.get(pc.getIdentifier());
+ if (pass != null) {
+ pc.setPassword(pass);
+ return;
+ }
+ }
+ }
+
+ /**
+ * Add an alias/password pair to the callback mechanism.
+ */
+ publicvoid setAliasPassword(String alias, String password) {
+ passwords.put(alias, password);
+ }
+}
+
+
+
+
Assuming the bob.pkcs12 keystore has been properly generated and contains
+Bob’s (server) full key (private/certificate + public key) as well as
+Alice’s (client) public key, we can proceed to packaging the endpoint.
+Here is the expected content (the endpoint is a POJO one in a war
+archive, but EJB3 endpoints in jar archives are of course also
+supported):
+
+
+
+
alessio@inuyasha /dati/jbossws/stack/cxf/trunk $ jar -tvf ./modules/testsuite/cxf-tests/target/test-libs/jaxws-samples-wsse-policy-sign-encrypt.war
+ 0 Thu Jun 16 18:50:48 CEST 2011 META-INF/
+ 140 Thu Jun 16 18:50:46 CEST 2011 META-INF/MANIFEST.MF
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/
+ 586 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/web.xml
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/basic/
+ 1687 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/basic/KeystorePasswordCallback.class
+ 383 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/basic/ServiceIface.class
+ 1070 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/basic/ServiceImpl.class
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/
+ 705 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHello.class
+ 1069 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHelloResponse.class
+ 1225 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/jaxws-endpoint-config.xml
+ 0 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/wsdl/
+ 4086 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/wsdl/SecurityService.wsdl
+ 653 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/wsdl/SecurityService_schema1.xsd
+ 1820 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/classes/bob.pkcs12
+ 311 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/classes/bob.properties
+
+
+
+
As you can see, the jaxws classes generated by the tools are of course
+also included, as well as a basic web.xml referencing the endpoint
+bean:
You start by consuming the published WSDL contract using the wsconsume
+tool on client side too. Then you simply invoke the the endpoint as a
+standard Jakarta XML Web Services one:
As you can see, the WS-Security properties are set in the request
+context. Here the KeystorePasswordCallback is the same as on server
+side above, you might want/need different implementation in real world
+scenarios, of course.
+The alice.properties file is the client side equivalent of the server
+side bob.properties and references the alice.pkcs12 keystore file,
+which has been populated with Alice’s (client) full key
+(private/certificate + public key) as well as Bob’s (server) public key.
The Apache CXF WS-Policy engine will digest the security requirements in
+the contract and ensure a valid secure communication is in place for
+interacting with the server endpoint.
+
+
+
+Endpoint serving multiple clients
+
+
The server side configuration described above implies the endpoint is
+configured for serving a given client which a service agreement has been
+established for. In some real world scenarios though, the same server
+might be expected to be able to deal with (including decrypting and
+encrypting) messages coming from and being sent to multiple clients.
+Apache CXF supports that through the useReqSigCert value for the
+ws-security.encryption.username configuration parameter.
+
+
+
Of course the referenced server side keystore then needs to contain the
+public key of all the clients that are expected to be served.
+
+
+
+
+
Authentication and authorization
+
+
The Username Token Profile can be used to provide client’s credentials
+to a WS-Security enabled target endpoint.
+
+
+
Apache CXF provides means for setting basic password callback handlers
+on both client and server sides to set/check passwords; the
+ws-security.username and ws-security.callback-handler properties can
+be used similarly as shown in the signature and encryption example.
+Things become more interesting when requiring a given user to be
+authenticated (and authorized) against a security domain on the target
+application server.
+
+
+
On server side, you need to install two additional interceptors that act
+as bridges towards the application server authentication layer:
+
+
+
+
+
an interceptor for performing authentication and populating a valid
+SecurityContext; the provided interceptor should extend
+org.apache.cxf.ws.interceptor.security.AbstractUsernameTokenInInterceptor,
+in particular JBossWS integration comes with
+org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingInterceptor
+for this;
+
+
+
an interceptor for performing authorization; CXF requires that to
+extend
+org.apache.cxf.interceptor.security.AbstractAuthorizingInInterceptor,
+for instance the SimpleAuthorizingInterceptor can be used for simply
+mapping endpoint operations to allowed roles.
+
+
+
+
+
So, here follows an example of WS-SecurityPolicy endpoint using Username
+Token Profile for authenticating through the application server security
+domain system.
+
+
+Endpoint
+
+
As in the other example, we start with a wsdl contract containing the
+proper WS-Security Policy:
Please note the specified JBoss security domain needs to be properly
+configured for computing digests.
+
+
+
The service endpoint can be generated using the wsconsume tool and
+then enriched with a @EndpointConfig annotation and @InInterceptors
+annotation to add the two interceptors mentioned above for JAAS
+integration:
The POJOEndpointAuthorizationInterceptor is included into the
+deployment and deals with the roles cheks:
+
+
+
+
packageorg.jboss.test.ws.jaxws.samples.wsse.policy.jaas;
+
+importjava.util.HashMap;
+importjava.util.Map;
+importorg.apache.cxf.interceptor.security.SimpleAuthorizingInterceptor;
+
+publicclassPOJOEndpointAuthorizationInterceptorextends SimpleAuthorizingInterceptor
+{
+
+ public POJOEndpointAuthorizationInterceptor()
+ {
+ super();
+ readRoles();
+ }
+
+ privatevoid readRoles()
+ {
+ //just an example, this might read from a configuration file or such
+ Map<String, String> roles = newHashMap<String, String>();
+ roles.put("sayHello", "friend");
+ roles.put("greetMe", "snoopies");
+ setMethodRolesMap(roles);
+ }
+}
+
+
+
+
The jaxws-endpoint-config.xml descriptor is used to provide a custom
+endpoint configuration with the required server side configuration
+properties; in particular for this Username Token case that’s just a CXF
+configuration option for leaving the username token validation to the
+configured interceptors:
In order for requiring a given JBoss security domain to be used to
+protect access to the endpoint (a POJO one in this case), we declare
+that in a jboss-web.xml descriptor (the JBossWS security domain is
+used):
+
+
+
+
<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">
+<jboss-web>
+ <security-domain>java:/jaas/JBossWS</security-domain>
+</jboss-web
The endpoint is packaged into a war archive, including the JAXWS classes
+generated by wsconsume:
+
+
+
+
alessio@inuyasha /dati/jbossws/stack/cxf/trunk $ jar -tvf ./modules/testsuite/cxf-tests/target/test-libs/jaxws-samples-wsse-policy-username-jaas.war
+ 0 Thu Jun 16 18:50:48 CEST 2011 META-INF/
+ 155 Thu Jun 16 18:50:46 CEST 2011 META-INF/MANIFEST.MF
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/
+ 585 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/web.xml
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaas/
+ 982 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaas/POJOEndpointAuthorizationInterceptor.class
+ 412 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaas/ServiceIface.class
+ 1398 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaas/ServiceImpl.class
+ 0 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/
+ 701 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/GreetMe.class
+ 1065 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/GreetMeResponse.class
+ 705 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHello.class
+ 1069 Thu Jun 16 18:50:48 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/policy/jaxws/SayHelloResponse.class
+ 556 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/jaxws-endpoint-config.xml
+ 241 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/jboss-web.xml
+ 0 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/wsdl/
+ 3183 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/wsdl/SecurityService.wsdl
+ 1012 Thu Jun 16 18:50:44 CEST 2011 WEB-INF/wsdl/SecurityService_schema1.xsd
+
+
+
+
+
+
+
+
+
+If you’re deploying the endpoint archive on WildFly, remember to add a
+dependency to org.apache.ws.security and org.apache.cxf module (due
+to the @InInterceptor annotation) in the MANIFEST.MF file.
+
Here too you start by consuming the published WSDL contract using the
+wsconsume tool. Then you simply invoke the the endpoint as a standard
+Jakarta XML Web Services one:
The UsernamePasswordCallback class is shown below and is responsible
+for setting the passwords on client side just before performing the
+invocations:
If everything has been done properly, you should expect to calls to
+sayHello() fail when done with user "snoopy" and pass with user
+"kermit" (and credential "thefrog"); moreover, you should get an
+authorization error when trying to call greetMe() with user "kermit",
+as that does not have the "snoopies" role.
+
+
+
+
+
Secure transport
+
+
Another quite common use case is using WS-Security Username Token
+Profile over a secure transport (HTTPS). A scenario like this is
+implemented similarly to what’s described in the previous example,
+except for few differences explained below.
+
+
+
First of all, here is an excerpt of a wsdl wth a sample security policy
+for Username Token over HTTPS:
Apache CXF supports
+WS-SecureConversation
+specification, which is about improving performance by allowing client
+and server to negotiate initial security keys to be used for later
+communication encryption/signature. This is done by having two policies
+in the wsdl contract, an outer one setting the security requirements to
+actually communicate with the endpoint and a bootstrap one, related to
+the communication for establishing the secure conversation keys. The
+client will be automatically sending an initial message to the server
+for negotiating the keys, then the actual communication to the endpoint
+takes place. As a consequence, Apache CXF needs a way to specify which
+WS-Security configuration properties are intended for the bootstrap
+policy and which are intended for the actual service policy. To
+accomplish this, properties intended for the bootstrap policy are
+appended with .sct.
WS-Trust is a Web
+service specification that defines extensions to WS-Security. It is a
+general framework for implementing security in a distributed system. The
+standard is based on a centralized Security Token Service, STS, which is
+capable of authenticating clients and issuing tokens containing various
+kinds of authentication and authorization data. The specification
+describes a protocol used for issuance, exchange, and validation of
+security tokens, however the following specifications play an important
+role in the WS-Trust architecture:
+WS-SecurityPolicy
+1.2,
+SAML
+2.0,
+Username
+Token Profile,
+X.509
+Token Profile,
+SAML
+Token Profile, and
+Kerberos
+Token Profile.
+
+
+
The WS-Trust extensions address the needs of applications that span
+multiple domains and requires the sharing of security keys by providing
+a standards based trusted third party web service (STS) to broker trust
+relationships between a Web service requester and a Web service
+provider. This architecture also alleviates the pain of service updates
+that require credential changes by providing a common location for this
+information. The STS is the common access point from which both the
+requester and provider retrieves and verifies security tokens.
+
+
+
There are three main components of the WS-Trust specification.
+
+
+
+
+
The Security Token Service (STS), a web service that issues, renews,
+and validates security tokens.
+
+
+
The message formats for security token requests and responses.
+
+
+
The mechanisms for key exchange
+
+
+
+
+
+
Security Token Service
+
+
The Security Token Service, STS, is the core of the WS-Trust
+specification. It is a standards based mechanism for authentication and
+authorization. The STS is an implementation of the WS-Trust
+specification’s protocol for issuing, exchanging, and validating
+security tokens, based on token format, namespace, or trust boundaries.
+The STS is a web service that acts as a trusted third party to broker
+trust relationships between a Web service requester and a Web service
+provider. It is a common access point trusted by both requester and
+provider to provide interoperable security tokens. It removes the need
+for a direct relationship between the two. Because the STS is a
+standards based mechanism for authentication, it helps ensure
+interoperability across realms and between different platforms.
+
+
+
The STS’s WSDL contract defines how other applications and processes
+interact with it. In particular the WSDL defines the WS-Trust and
+WS-Security policies that a requester must fulfill in order to
+successfully communicate with the STS’s endpoints. A web service
+requester consumes the STS’s WSDL and with the aid of an STSClient
+utility, generates a message request compliant with the stated security
+policies and submits it to the STS endpoint. The STS validates the
+request and returns an appropriate response.
+
+
+
+
Apache CXF support
+
+
Apache CXF is an open-source, fully featured Web services framework. The
+JBossWS open source project integrates the JBoss Web Services (JBossWS)
+stack with the Apache CXF project modules thus providing WS-Trust and
+other Jakarta XML Web Services functionality in WildFly. This integration makes it easy to
+deploy CXF STS implementations, however WildFly can run any WS-Trust
+compliant STS. In addition the Apache CXF API provides a STSClient
+utility to facilitate web service requester communication with its STS.
+
+
+
Detailed information about the Apache CXF’s WS-Trust implementation can
+be found
+here.
+
+
+
+
A Basic WS-Trust Scenario
+
+
Here is an example of a basic WS-Trust scenario. It is comprised of a
+Web service requester (ws-requester), a Web service provider
+(ws-provider), and a Security Token Service (STS). The ws-provider
+requires a SAML 2.0 token issued from a designed STS to be presented by
+the ws-requester using asymmetric binding. These communication
+requirements are declared in the ws-provider’s WSDL. The STS requires
+ws-requester credentials be provided in a WSS UsernameToken format
+request using symmetric binding. The STS’s response is provided
+containing a SAML 2.0 token. These communication requirements are
+declared in the STS’s WSDL.
+
+
+
+
+
A ws-requester contacts the ws-provider and consumes its WSDL. Upon
+finding the security token issuer requirement, it creates and configures
+a STSClient with the information it requires to generate a proper
+request.
+
+
+
The STSClient contacts the STS and consumes its WSDL. The security
+policies are discovered. The STSClient creates and sends an
+authentication request, with appropriate credentials.
+
+
+
The STS verifies the credentials.
+
+
+
In response, the STS issues a security token that provides proof
+that the ws-requester has authenticated with the STS.
+
+
+
The STClient presents a message with the security token to the
+ws-provider.
+
+
+
The ws-provider verifies the token was issued by the STS, thus
+proving the ws-requester has successfully authenticated with the STS.
+
+
+
The ws-provider executes the requested service and returns the
+results to the the ws-requester.
+
+
+
+
+
Web service provider
+
+
This section examines the crucial elements in providing endpoint
+security in the web service provider described in the basic WS-Trust
+scenario. The components that will be discussed are.
+
+
+
+
+
web service provider’s WSDL
+
+
+
web service provider’s Interface and Implementation classes.
+
+
+
ServerCallbackHandler class
+
+
+
Crypto properties and keystore files
+
+
+
MANIFEST.MF
+
+
+
+
+Web service provider WSDL
+
+
The web service provider is a contract-first endpoint. All the WS-trust
+and security policies for it are declared in the WSDL,
+SecurityService.wsdl. For this scenario a ws-requester is required to
+present a SAML 2.0 token issued from a designed STS. The address of the
+STS is provided in the WSDL. An asymmetric binding policy is used to
+encrypt and sign the SOAP body of messages that pass back and forth
+between ws-requester and ws-provider. X.509 certificates are use for the
+asymmetric binding. The rules for sharing the public and private keys in
+the SOAP request and response messages are declared. A detailed
+explanation of the security settings are provided in the comments in the
+listing below.
+
+
+
+
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<definitionstargetNamespace="http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy"name="SecurityService"
+ xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsaws="http://www.w3.org/2005/08/addressing"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+ xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
+ <types>
+ <xsd:schema>
+ <xsd:importnamespace="http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy"schemaLocation="SecurityService_schema1.xsd"/>
+ </xsd:schema>
+ </types>
+ <messagename="sayHello">
+ <partname="parameters"element="tns:sayHello"/>
+ </message>
+ <messagename="sayHelloResponse">
+ <partname="parameters"element="tns:sayHelloResponse"/>
+ </message>
+ <portTypename="ServiceIface">
+ <operationname="sayHello">
+ <inputmessage="tns:sayHello"/>
+ <outputmessage="tns:sayHelloResponse"/>
+ </operation>
+ </portType>
+ <!--
+ The wsp:PolicyReference binds the security requirments on all the STS endpoints.
+ The wsp:Policy wsu:Id="#AsymmetricSAML2Policy" element is defined later in this file.
+ -->
+ <bindingname="SecurityServicePortBinding"type="tns:ServiceIface">
+ <wsp:PolicyReferenceURI="#AsymmetricSAML2Policy"/>
+ <soap:bindingtransport="http://schemas.xmlsoap.org/soap/http"style="document"/>
+ <operationname="sayHello">
+ <soap:operationsoapAction=""/>
+ <input>
+ <soap:bodyuse="literal"/>
+ <wsp:PolicyReferenceURI="#Input_Policy"/>
+ </input>
+ <output>
+ <soap:bodyuse="literal"/>
+ <wsp:PolicyReferenceURI="#Output_Policy"/>
+ </output>
+ </operation>
+ </binding>
+ <servicename="SecurityService">
+ <portname="SecurityServicePort"binding="tns:SecurityServicePortBinding">
+ <soap:addresslocation="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust/SecurityService"/>
+ </port>
+ </service>
+
+ <wsp:Policywsu:Id="AsymmetricSAML2Policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <!--
+ The wsam:Addressing element, indicates that the endpoints of this
+ web service MUST conform to the WS-Addressing specification. The
+ attribute wsp:Optional="false" enforces this assertion.
+ -->
+ <wsam:Addressingwsp:Optional="false">
+ <wsp:Policy/>
+ </wsam:Addressing>
+ <!--
+ The sp:AsymmetricBinding element indicates that security is provided
+ at the SOAP layer. A public/private key combinations is required to
+ protect the message. The initiator will use it's private key to sign
+ the message and the recipient's public key is used to encrypt the message.
+ The recipient of the message will use it's private key to decrypt it and
+ initiator's public key to verify the signature.
+ -->
+ <sp:AsymmetricBinding>
+ <wsp:Policy>
+ <!--
+ The sp:InitiatorToken element specifies the elements required in
+ generating the initiator request to the ws-provider's service.
+ -->
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <!--
+ The sp:IssuedToken element asserts that a SAML 2.0 security token is
+ expected from the STS using a public key type. The
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ attribute instructs the runtime to include the initiator's public key
+ with every message sent to the recipient.
+
+ The sp:RequestSecurityTokenTemplate element directs that all of the
+ children of this element will be copied directly into the body of the
+ RequestSecurityToken (RST) message that is sent to the STS when the
+ initiator asks the STS to issue a token.
+ -->
+ <sp:IssuedToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
+ <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</t:KeyType>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ <!--
+ The sp:Issuer element defines the STS's address and endpoint information
+ This information is used by the STSClient.
+ -->
+ <sp:Issuer>
+ <wsaws:Address>http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService</wsaws:Address>
+ <wsaws:Metadataxmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance"
+ wsdli:wsdlLocation="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService?wsdl">
+ <wsaw:ServiceNamexmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
+ xmlns:stsns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ EndpointName="UT_Port">stsns:SecurityTokenService</wsaw:ServiceName>
+ </wsaws:Metadata>
+ </sp:Issuer>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <!--
+ The sp:RecipientToken element asserts the type of public/private key-pair
+ expected from the recipient. The
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ attribute indicates that the initiator's public key will never be included
+ in the reply messages.
+
+ The sp:WssX509V3Token10 element indicates that an X509 Version 3 token
+ should be used in the message.
+ -->
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ <sp:RequireIssuerSerialReference/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+<!--
+ The sp:Layout element, indicates the layout rules to apply when adding
+ items to the security header. The sp:Lax sub-element indicates items
+ are added to the security header in any order that conforms to
+ WSS: SOAP Message Security.
+-->
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <!--
+ The sp:AlgorithmSuite element, requires the Basic256 algorithm suite
+ be used in performing cryptographic operations.
+-->
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+<!--
+ The sp:Wss11 element declares WSS: SOAP Message Security 1.1 options
+ to be supported by the STS. These particular elements generally refer
+ to how keys are referenced within the SOAP envelope. These are normally
+ handled by CXF.
+-->
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+<!--
+ The sp:Trust13 element declares controls for WS-Trust 1.3 options.
+ They are policy assertions related to exchanges specifically with
+ client and server challenges and entropy behaviors. Again these are
+ normally handled by CXF.
+-->
+ <sp:Trust13>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policywsu:Id="Input_Policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body/>
+ <sp:HeaderName="To"Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="From"Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="FaultTo"Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="ReplyTo"Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="MessageID"Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="RelatesTo"Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="Action"Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policywsu:Id="Output_Policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:EncryptedParts>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts>
+ <sp:Body/>
+ <sp:HeaderName="To"Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="From"Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="FaultTo"Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="ReplyTo"Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="MessageID"Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="RelatesTo"Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="Action"Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</definitions>
+
+
+
+
+Web service provider Interface
+
+
The web service provider interface class, ServiceIface, is a simple
+straight forward web service definition.
The web service provider implementation class, ServiceImpl, is a simple
+POJO. It uses the standard WebService annotation to define the service
+endpoint. In addition there are two Apache CXF annotations,
+EndpointProperties and EndpointProperty used for configuring the
+endpoint for the CXF runtime. These annotations come from the
+Apache WSS4J project, which provides a
+Java implementation of the primary WS-Security standards for Web
+Services. These annotations are programmatically adding properties to
+the endpoint. With plain Apache CXF, these properties are often set via
+the <jaxws:properties> element on the <jaxws:endpoint> element in the
+Spring config; these annotations allow the properties to be configured
+in the code.
+
+
+
WSS4J uses the Crypto interface to get keys and certificates for
+encryption/decryption and for signature creation/verification. As is
+asserted by the WSDL, X509 keys and certificates are required for this
+service. The WSS4J configuration information being provided by
+ServiceImpl is for Crypto’s Merlin implementation. More information will
+be provided about this in the keystore section.
+
+
+
The first EndpointProperty statement in the listing is declaring the
+user’s name to use for the message signature. It is used as the alias
+name in the keystore to get the user’s cert and private key for
+signature. The next two EndpointProperty statements declares the Java
+properties file that contains the (Merlin) crypto configuration
+information. In this case both for signing and encrypting the messages.
+WSS4J reads this file and extra required information for message
+handling. The last EndpointProperty statement declares the
+ServerCallbackHandler implementation class. It is used to obtain the
+user’s password for the certificates in the keystore file.
ServerCallbackHandler is a callback handler for the WSS4J Crypto API. It
+is used to obtain the password for the private key in the keystore. This
+class enables CXF to retrieve the password of the user name to use for
+the message signature. A certificates' password is not discoverable. The
+creator of the certificate must record the password he assigns and
+provide it when requested through the CallbackHandler. In this scenario
+skpass is the password for user myservicekey.
WSS4J’s Crypto implementation is loaded and configured via a Java
+properties file that contains Crypto configuration data. The file
+contains implementation-specific properties such as a keystore location,
+password, default alias and the like. This application is using the
+Merlin implementation. File serviceKeystore.properties contains this
+information.
+
+
+
File servicestore.jks, is a Java KeyStore (JKS) repository. It contains
+self signed certificates for myservicekey and mystskey. Self signed
+certificates are not appropriate for production use.
When deployed on WildFly this application requires access to the JBossWs
+and CXF APIs provided in module org.jboss.ws.cxf.jbossws-cxf-client. The
+dependency statement directs the server to provide them at deployment.
This section examines the crucial elements in providing the Security
+Token Service functionality described in the basic WS-Trust scenario.
+The components that will be discussed are.
+
+
+
+
+
STS’s WSDL
+
+
+
STS’s implementation class.
+
+
+
STSCallbackHandler class
+
+
+
Crypto properties and keystore files
+
+
+
MANIFEST.MF
+
+
+
Server configuration files
+
+
+
+
+STS WSDL
+
+
The STS is a contract-first endpoint. All the WS-trust and security
+policies for it are declared in the WSDL, ws-trust-1.4-service.wsdl. A
+symmetric binding policy is used to encrypt and sign the SOAP body of
+messages that pass back and forth between ws-requester and the STS. The
+ws-requester is required to authenticate itself by providing WSS
+UsernameToken credentials. The rules for sharing the public and private
+keys in the SOAP request and response messages are declared. A detailed
+explanation of the security settings are provided in the comments in the
+listing below.
+
+
+
+
<?xml version="1.0" encoding="UTF-8"?>
+<wsdl:definitions
+ targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ xmlns:tns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ xmlns:wstrust="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
+
+ <wsdl:types>
+ <xs:schemaelementFormDefault="qualified"targetNamespace='http://docs.oasis-open.org/ws-sx/ws-trust/200512'>
+
+ <xs:elementname='RequestSecurityToken'type='wst:AbstractRequestSecurityTokenType'/>
+ <xs:elementname='RequestSecurityTokenResponse'type='wst:AbstractRequestSecurityTokenType'/>
+
+ <xs:complexTypename='AbstractRequestSecurityTokenType'>
+ <xs:sequence>
+ <xs:anynamespace='##any'processContents='lax'minOccurs='0'maxOccurs='unbounded'/>
+ </xs:sequence>
+ <xs:attributename='Context'type='xs:anyURI'use='optional'/>
+ <xs:anyAttributenamespace='##other'processContents='lax'/>
+ </xs:complexType>
+ <xs:elementname='RequestSecurityTokenCollection'type='wst:RequestSecurityTokenCollectionType'/>
+ <xs:complexTypename='RequestSecurityTokenCollectionType'>
+ <xs:sequence>
+ <xs:elementname='RequestSecurityToken'type='wst:AbstractRequestSecurityTokenType'minOccurs='2'maxOccurs='unbounded'/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:elementname='RequestSecurityTokenResponseCollection'type='wst:RequestSecurityTokenResponseCollectionType'/>
+ <xs:complexTypename='RequestSecurityTokenResponseCollectionType'>
+ <xs:sequence>
+ <xs:elementref='wst:RequestSecurityTokenResponse'minOccurs='1'maxOccurs='unbounded'/>
+ </xs:sequence>
+ <xs:anyAttributenamespace='##other'processContents='lax'/>
+ </xs:complexType>
+
+ </xs:schema>
+ </wsdl:types>
+
+ <!-- WS-Trust defines the following GEDs -->
+ <wsdl:messagename="RequestSecurityTokenMsg">
+ <wsdl:partname="request"element="wst:RequestSecurityToken"/>
+ </wsdl:message>
+ <wsdl:messagename="RequestSecurityTokenResponseMsg">
+ <wsdl:partname="response"
+ element="wst:RequestSecurityTokenResponse"/>
+ </wsdl:message>
+ <wsdl:messagename="RequestSecurityTokenCollectionMsg">
+ <wsdl:partname="requestCollection"
+ element="wst:RequestSecurityTokenCollection"/>
+ </wsdl:message>
+ <wsdl:messagename="RequestSecurityTokenResponseCollectionMsg">
+ <wsdl:partname="responseCollection"
+ element="wst:RequestSecurityTokenResponseCollection"/>
+ </wsdl:message>
+
+ <!-- This portType an example of a Requestor (or other) endpoint that
+ Accepts SOAP-based challenges from a Security Token Service -->
+ <wsdl:portTypename="WSSecurityRequestor">
+ <wsdl:operationname="Challenge">
+ <wsdl:inputmessage="tns:RequestSecurityTokenResponseMsg"/>
+ <wsdl:outputmessage="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ </wsdl:portType>
+
+
+ <!-- This portType is an example of an STS supporting full protocol -->
+<!--
+ The wsdl:portType and data types are XML elements defined by the
+ WS_Trust specification. The wsdl:portType defines the endpoints
+ supported in the STS implementation. This WSDL defines all operations
+ that an STS implementation can support.
+-->
+ <wsdl:portTypename="STS">
+ <wsdl:operationname="Cancel">
+ <wsdl:inputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:outputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinal"message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operationname="Issue">
+ <wsdl:inputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:outputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal"message="tns:RequestSecurityTokenResponseCollectionMsg"/>
+ </wsdl:operation>
+ <wsdl:operationname="Renew">
+ <wsdl:inputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:outputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal"message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operationname="Validate">
+ <wsdl:inputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:outputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinal"message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operationname="KeyExchangeToken">
+ <wsdl:inputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KET"message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:outputwsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/KETFinal"message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operationname="RequestCollection">
+ <wsdl:inputmessage="tns:RequestSecurityTokenCollectionMsg"/>
+ <wsdl:outputmessage="tns:RequestSecurityTokenResponseCollectionMsg"/>
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <!-- This portType is an example of an endpoint that accepts
+ Unsolicited RequestSecurityTokenResponse messages -->
+ <wsdl:portTypename="SecurityTokenResponseService">
+ <wsdl:operationname="RequestSecurityTokenResponse">
+ <wsdl:inputmessage="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ </wsdl:portType>
+
+<!--
+ The wsp:PolicyReference binds the security requirments on all the STS endpoints.
+ The wsp:Policy wsu:Id="UT_policy" element is later in this file.
+-->
+ <wsdl:bindingname="UT_Binding"type="wstrust:STS">
+ <wsp:PolicyReferenceURI="#UT_policy"/>
+ <soap:bindingstyle="document"
+ transport="http://schemas.xmlsoap.org/soap/http"/>
+ <wsdl:operationname="Issue">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"/>
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy"/>
+ <soap:bodyuse="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy"/>
+ <soap:bodyuse="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operationname="Validate">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"/>
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy"/>
+ <soap:bodyuse="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy"/>
+ <soap:bodyuse="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operationname="Cancel">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"/>
+ <wsdl:input>
+ <soap:bodyuse="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:bodyuse="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operationname="Renew">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"/>
+ <wsdl:input>
+ <soap:bodyuse="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:bodyuse="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operationname="KeyExchangeToken">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken"/>
+ <wsdl:input>
+ <soap:bodyuse="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:bodyuse="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operationname="RequestCollection">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection"/>
+ <wsdl:input>
+ <soap:bodyuse="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:bodyuse="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsdl:servicename="SecurityTokenService">
+ <wsdl:portname="UT_Port"binding="tns:UT_Binding">
+ <soap:addresslocation="http://localhost:8080/SecurityTokenService/UT"/>
+ </wsdl:port>
+ </wsdl:service>
+
+ <wsp:Policywsu:Id="UT_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+<!--
+ The sp:UsingAddressing element, indicates that the endpoints of this
+ web service conforms to the WS-Addressing specification. More detail
+ can be found here: [http://www.w3.org/TR/2006/CR-ws-addr-wsdl-20060529]
+-->
+ <wsap10:UsingAddressing/>
+<!--
+ The sp:SymmetricBinding element indicates that security is provided
+ at the SOAP layer and any initiator must authenticate itself by providing
+ WSS UsernameToken credentials.
+-->
+ <sp:SymmetricBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+<!--
+ In a symmetric binding, the keys used for encrypting and signing in both
+ directions are derived from a single key, the one specified by the
+ sp:ProtectionToken element. The sp:X509Token sub-element declares this
+ key to be a X.509 certificate and the
+ IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never"
+ attribute adds the requirement that the token MUST NOT be included in
+ any messages sent between the initiator and the recipient; rather, an
+ external reference to the token should be used. Lastly the WssX509V3Token10
+ sub-element declares that the Username token presented by the initiator
+ should be compliant with Web Services Security UsernameToken Profile
+ 1.0 specification. [ http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf ]
+-->
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+<!--
+ The sp:AlgorithmSuite element, requires the Basic256 algorithm suite
+ be used in performing cryptographic operations.
+-->
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+<!--
+ The sp:Layout element, indicates the layout rules to apply when adding
+ items to the security header. The sp:Lax sub-element indicates items
+ are added to the security header in any order that conforms to
+ WSS: SOAP Message Security.
+-->
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+<!--
+ The sp:SignedSupportingTokens element declares that the security header
+ of messages must contain a sp:UsernameToken and the token must be signed.
+ The attribute IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"
+ on sp:UsernameToken indicates that the token MUST be included in all
+ messages sent from initiator to the recipient and that the token MUST
+ NOT be included in messages sent from the recipient to the initiator.
+ And finally the element sp:WssUsernameToken10 is a policy assertion
+ indicating the Username token should be as defined in Web Services
+ Security UsernameToken Profile 1.0
+-->
+ <sp:SignedSupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:UsernameToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+<!--
+ The sp:Wss11 element declares WSS: SOAP Message Security 1.1 options
+ to be supported by the STS. These particular elements generally refer
+ to how keys are referenced within the SOAP envelope. These are normally
+ handled by CXF.
+-->
+ <sp:Wss11
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+<!--
+ The sp:Trust13 element declares controls for WS-Trust 1.3 options.
+ They are policy assertions related to exchanges specifically with
+ client and server challenges and entropy behaviors. Again these are
+ normally handled by CXF.
+-->
+ <sp:Trust13
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policywsu:Id="Input_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SignedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ <sp:HeaderName="To"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="From"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="FaultTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="ReplyTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="MessageID"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="RelatesTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="Action"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ <sp:EncryptedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policywsu:Id="Output_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SignedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ <sp:HeaderName="To"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="From"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="FaultTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="ReplyTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="MessageID"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="RelatesTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="Action"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ <sp:EncryptedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</wsdl:definitions>
+
+
+
+
+STS Implementation
+
+
The Apache CXF’s STS, SecurityTokenServiceProvider, is a web service
+provider that is compliant with the protocols and functionality defined
+by the WS-Trust specification. It has a modular architecture. Many of
+its components are configurable or replaceable and there are many
+optional features that are enabled by implementing and configuring
+plug-ins. Users can customize their own STS by extending from
+SecurityTokenServiceProvider and overriding the default settings.
+Extensive information about the CXF’s STS configurable and pluggable
+components can be found
+here.
+
+
+
This STS implementation class, SimpleSTS, is a POJO that extends from
+SecurityTokenServiceProvider. Note that the class is defined with a
+WebServiceProvider annotation and not a WebService annotation. This
+annotation defines the service as a Provider-based endpoint, meaning it
+supports a more messaging-oriented approach to Web services. In
+particular, it signals that the exchanged messages will be XML documents
+of some type. SecurityTokenServiceProvider is an implementation of the
+jakarta.xml.ws.Provider interface. In comparison the WebService annotation
+defines a (service endpoint interface) SEI-based endpoint which supports
+message exchange via SOAP envelopes.
+
+
+
As was done in the ServiceImpl class, the WSS4J annotations
+EndpointProperties and EndpointProperty are providing endpoint
+configuration for the CXF runtime. This was previous described
+here.
+
+
+
The InInterceptors annotation is used to specify a JBossWS integration
+interceptor to be used for authenticating incoming requests; JAAS
+integration is used here for authentication, the username/passoword
+coming from the UsernameToken in the ws-requester message are used for
+authenticating the requester against a security domain on the
+application server hosting the STS deployment.
+
+
+
In this implementation we are customizing the operations of token
+issuance, token validation and their static properties.
+
+
+
StaticSTSProperties is used to set select properties for configuring
+resources in the STS. You may think this is a duplication of the
+settings made with the WSS4J annotations. The values are the same but
+the underlaying structures being set are different, thus this
+information must be declared in both places.
+
+
+
The setIssuer setting is important because it uniquely identifies the
+issuing STS. The issuer string is embedded in issued tokens and, when
+validating tokens, the STS checks the issuer string value. Consequently,
+it is important to use the issuer string in a consistent way, so that
+the STS can recognize the tokens that it has issued.
+
+
+
The setEndpoints call allows the declaration of a set of allowed token
+recipients by address. The addresses are specified as reg-ex patterns.
+
+
+
TokenIssueOperation and TokenValidateOperation have a modular structure.
+This allows custom behaviors to be injected into the processing of
+messages. In this case we are overriding the
+SecurityTokenServiceProvider’s default behavior and performing SAML
+token processing and validation. CXF provides an implementation of a
+SAMLTokenProvider and SAMLTokenValidator which we are using rather than
+writing our own.
STSCallbackHandler is a callback handler for the WSS4J Crypto API. It is
+used to obtain the password for the private key in the keystore. This
+class enables CXF to retrieve the password of the user name to use for
+the message signature.
WSS4J’s Crypto implementation is loaded and configured via a Java
+properties file that contains Crypto configuration data. The file
+contains implementation-specific properties such as a keystore location,
+password, default alias and the like. This application is using the
+Merlin implementation. File stsKeystore.properties contains this
+information.
+
+
+
File servicestore.jks, is a Java KeyStore (JKS) repository. It contains
+self signed certificates for myservicekey and mystskey. Self signed
+certificates are not appropriate for production use.
When deployed on WildFly, this application requires access to the
+JBossWs and CXF APIs provided in modules
+org.jboss.ws.cxf.jbossws-cxf-client and org.apache.cxf. The Apache CXF
+internals, org.apache.cxf.impl, are needed to build the STS
+configuration in the SampleSTS constructor. The dependency statement
+directs the server to provide them at deployment.
The STS requires a JBoss security domain be configured. The
+jboss-web.xml descriptor declares a named security
+domain,"JBossWS-trust-sts" to be used by this service for
+authentication. This security domain requires two properties files and
+the addition of a security-domain declaration in the JBoss server
+configuration file.
+
+
+
For this scenario the domain needs to contain user alice, password
+clarinet, and role friend. See the listings below for
+jbossws-users.properties and jbossws-roles.properties. In addition the
+following XML elements must be added to the Elytron subsystem in the
+server configuration file. Replace " SOME_PATH" with appropriate
+information and then configure authentication with this security domain.
<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" ">
+<jboss-web>
+ <security-domain>java:/jaas/JBossWS-trust-sts</security-domain>
+</jboss-web>
+
+
+
+
jbossws-users.properties
+
+
+
+
# A sample users.properties file for use with the UsersRolesLoginModule
+alice=clarinet
+
+
+
+
jbossws-roles.properties
+
+
+
+
# A sample roles.properties file for use with the UsersRolesLoginModule
+alice=friend
+
+
+
+
WS-MetadataExchange and interoperability
+
+
+
+
+
+
+
+
+To achieve better interoperability, you might consider allowing the STS
+endpoint to reply to WS-MetadataExchange messages directed to the /mex
+URL sub-path (e.g.
+http://localhost:8080/jaxws-samples-wsse-policy-trust-sts/SecurityTokenService/mex).
+This can be done by tweaking the url-pattern for the underlying
+endpoint servlet, for instance by adding a web.xml descriptor as
+follows to the deployment:<?xml version="1.0" encoding="UTF-8"?>
+<web-app
+version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
+xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
+http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">;
+<servlet>
+<servlet-name>TestSecurityTokenService</servlet-name>
+<servlet-class>org.jboss.test.ws.jaxws.samples.wsse.policy.trust.SampleSTS</servlet-class>
+</servlet>
+<servlet-mapping>
+<servlet-name>TestSecurityTokenService</servlet-name>
+<url-pattern>/SecurityTokenService/*</url-pattern>
+</servlet-mapping>
+</web-app>
+As a matter of fact, at the time of writing some webservices
+implementations (including Metro) assume the /mex URL as the default
+choice for directing WS-MetadataExchange requests to and use that to
+retrieve STS wsdl contracts.
+
+
+
+
+
+
+
+
Web service requester
+
+
This section examines the crucial elements in calling a web service that
+implements endpoint security as described in the basic WS-Trust
+scenario. The components that will be discussed are.
+
+
+
+
+
web service requester’s implementation
+
+
+
ClientCallbackHandler
+
+
+
Crypto properties and keystore files
+
+
+
+
+Web service requester Implementation
+
+
The ws-requester, the client, uses standard procedures for creating a
+reference to the web service in the first four line. To address the
+endpoint security requirements, the web service’s "Request Context" is
+configured with the information needed in message generation. In
+addition, the STSClient that communicates with the STS is configured
+with similar values. Note the key strings ending with a ".it" suffix.
+This suffix flags these settings as belonging to the STSClient. The
+internal CXF code assigns this information to the STSClient that is
+auto-generated for this service call.
+
+
+
There is an alternate method of setting up the STSCLient. The user may
+provide their own instance of the STSClient. The CXF code will use this
+object and not auto-generate one. This is used in the ActAs and
+OnBehalfOf examples. When providing the STSClient in this way, the user
+must provide a org.apache.cxf.Bus for it and the configuration keys must
+not have the ".it" suffix.
+
+
+
+
QName serviceName = newQName("http://www.jboss.org/jbossws/ws-extensions/wssecuritypolicy", "SecurityService");
+URL wsdlURL = newURL(serviceURL + "?wsdl");
+Service service = Service.create(wsdlURL, serviceName);
+ServiceIface proxy = (ServiceIface) service.getPort(ServiceIface.class);
+
+// set the security related configuration information for the service "request"
+Map<String, Object> ctx = ((BindingProvider) proxy).getRequestContext();
+ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
+ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
+ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myservicekey");
+
+
+//-- Configuration settings that will be transfered to the STSClient
+// "alice" is the name provided for the WSS Username. Her password will
+// be retreived from the ClientCallbackHander by the STSClient.
+ctx.put(SecurityConstants.USERNAME + ".it", "alice");
+ctx.put(SecurityConstants.CALLBACK_HANDLER + ".it", new ClientCallbackHandler());
+ctx.put(SecurityConstants.ENCRYPT_PROPERTIES + ".it",
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ctx.put(SecurityConstants.ENCRYPT_USERNAME + ".it", "mystskey");
+// alias name in the keystore to get the user's public key to send to the STS
+ctx.put(SecurityConstants.STS_TOKEN_USERNAME + ".it", "myclientkey");
+// Crypto property configuration to use for the STS
+ctx.put(SecurityConstants.STS_TOKEN_PROPERTIES + ".it",
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+// write out an X509Certificate structure in UseKey/KeyInfo
+ctx.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO + ".it", "true");
+// Setting indicates the STSclient should not try using the WS-MetadataExchange
+// call using STS EPR WSA address when the endpoint contract does not contain
+// WS-MetadataExchange info.
+ctx.put("ws-security.sts.disable-wsmex-call-using-epr-address", "true");
+
+proxy.sayHello();
+
+
+
+
+ClientCallbackHandler
+
+
ClientCallbackHandler is a callback handler for the WSS4J Crypto API. It
+is used to obtain the password for the private key in the keystore. This
+class enables CXF to retrieve the password of the user name to use for
+the message signature. Note that "alice" and her password have been
+provided here. This information is not in the (JKS) keystore but
+provided in the WildFly security domain. It was declared in file
+jbossws-users.properties.
WSS4J’s Crypto implementation is loaded and configured via a Java
+properties file that contains Crypto configuration data. The file
+contains implementation-specific properties such as a keystore location,
+password, default alias and the like. This application is using the
+Merlin implementation. File clientKeystore.properties contains this
+information.
+
+
+
File clientstore.jks, is a Java KeyStore (JKS) repository. It contains
+self signed certificates for myservicekey and mystskey. Self signed
+certificates are not appropriate for production use.
The ActAs feature is used in scenarios that require composite
+delegation. It is commonly used in multi-tiered systems where an
+application calls a service on behalf of a logged in user or a service
+calls another service on behalf of the original caller.
+
+
+
ActAs is nothing more than a new sub-element in the RequestSecurityToken
+(RST). It provides additional information about the original caller when
+a token is negotiated with the STS. The ActAs element usually takes the
+form of a token with identity claims such as name, role, and
+authorization code, for the client to access the service.
+
+
+
The ActAs scenario is an extension of
+the basic
+WS-Trust scenario. In this example the ActAs service calls the
+ws-service on behalf of a user. There are only a couple of additions to
+the basic scenario’s code. An ActAs web service provider and callback
+handler have been added. The ActAs web services' WSDL imposes the same
+security policies as the ws-provider. UsernameTokenCallbackHandler is
+new. It is a utility that generates the content for the ActAs element.
+And lastly there are a couple of code additions in the STS to support
+the ActAs request.
+
+
+
Web service provider
+
+
This section examines the web service elements from the basic WS-Trust
+scenario that have been changed to address the needs of the ActAs
+example. The components are
+
+
+
+
+
ActAs web service provider’s WSDL
+
+
+
ActAs web service provider’s Interface and Implementation classes.
+
+
+
ActAsCallbackHandler class
+
+
+
UsernameTokenCallbackHandler
+
+
+
Crypto properties and keystore files
+
+
+
MANIFEST.MF
+
+
+
+
+Web service provider WSDL
+
+
The ActAs web service provider’s WSDL is a clone of the ws-provider’s
+WSDL. The wsp:Policy section is the same. There are changes to the
+service endpoint, targetNamespace, portType, binding name, and service.
The web service provider implementation class, ActAsServiceImpl, is a
+simple POJO. It uses the standard WebService annotation to define the
+service endpoint and two Apache WSS4J annotations, EndpointProperties
+and EndpointProperty used for configuring the endpoint for the CXF
+runtime. The WSS4J configuration information provided is for WSS4J’s
+Crypto Merlin implementation.
+
+
+
ActAsServiceImpl is calling ServiceImpl acting on behalf of the user.
+Method setupService performs the requisite configuration setup.
ActAsCallbackHandler is a callback handler for the WSS4J Crypto API. It
+is used to obtain the password for the private key in the keystore. This
+class enables CXF to retrieve the password of the user name to use for
+the message signature. This class has been revised to return the
+passwords for this service, myactaskey and the "actas" user, alice.
The ActAs and OnBeholdOf sub-elements of the RequestSecurityToken are
+required to be defined as WSSE Username Tokens. This utility generates
+the properly formated element.
+
+
+
+
packageorg.jboss.test.ws.jaxws.samples.wsse.policy.trust.shared;
+
+importorg.apache.cxf.helpers.DOMUtils;
+importorg.apache.cxf.message.Message;
+importorg.apache.cxf.ws.security.SecurityConstants;
+importorg.apache.cxf.ws.security.trust.delegation.DelegationCallback;
+importorg.apache.ws.security.WSConstants;
+importorg.apache.ws.security.message.token.UsernameToken;
+importorg.w3c.dom.Document;
+importorg.w3c.dom.Node;
+importorg.w3c.dom.Element;
+importorg.w3c.dom.ls.DOMImplementationLS;
+importorg.w3c.dom.ls.LSSerializer;
+
+importjavax.security.auth.callback.Callback;
+importjavax.security.auth.callback.CallbackHandler;
+importjavax.security.auth.callback.UnsupportedCallbackException;
+importjava.io.IOException;
+importjava.util.Map;
+
+/**
+* A utility to provide the 3 different input parameter types for jaxws property
+* "ws-security.sts.token.act-as" and "ws-security.sts.token.on-behalf-of".
+* This implementation obtains a username and password via the jaxws property
+* "ws-security.username" and "ws-security.password" respectively, as defined
+* in SecurityConstants. It creates a wss UsernameToken to be used as the
+* delegation token.
+*/
+
+publicclassUsernameTokenCallbackHandlerimplementsCallbackHandler {
+
+ publicvoid handle(Callback[] callbacks)
+ throwsIOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof DelegationCallback) {
+ DelegationCallback callback = (DelegationCallback) callbacks[i];
+ Message message = callback.getCurrentMessage();
+
+ String username =
+ (String)message.getContextualProperty(SecurityConstants.USERNAME);
+ String password =
+ (String)message.getContextualProperty(SecurityConstants.PASSWORD);
+ if (username != null) {
+ Node contentNode = message.getContent(Node.class);
+ Document doc = null;
+ if (contentNode != null) {
+ doc = contentNode.getOwnerDocument();
+ } else {
+ doc = DOMUtils.createDocument();
+ }
+ UsernameToken usernameToken = createWSSEUsernameToken(username,password, doc);
+ callback.setToken(usernameToken.getElement());
+ }
+ } else {
+ thrownewUnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+ }
+ }
+ }
+
+ /**
+ * Provide UsernameToken as a string.
+ * @param ctx
+ * @return
+ */
+ publicString getUsernameTokenString(Map<String, Object> ctx){
+ Document doc = DOMUtils.createDocument();
+ String result = null;
+ String username = (String)ctx.get(SecurityConstants.USERNAME);
+ String password = (String)ctx.get(SecurityConstants.PASSWORD);
+ if (username != null) {
+ UsernameToken usernameToken = createWSSEUsernameToken(username,password, doc);
+ result = toString(usernameToken.getElement().getFirstChild().getParentNode());
+ }
+ return result;
+ }
+
+ /**
+ *
+ * @param username
+ * @param password
+ * @return
+ */
+ publicString getUsernameTokenString(String username, String password){
+ Document doc = DOMUtils.createDocument();
+ String result = null;
+ if (username != null) {
+ UsernameToken usernameToken = createWSSEUsernameToken(username,password, doc);
+ result = toString(usernameToken.getElement().getFirstChild().getParentNode());
+ }
+ return result;
+ }
+
+ /**
+ * Provide UsernameToken as a DOM Element.
+ * @param ctx
+ * @return
+ */
+ publicElement getUsernameTokenElement(Map<String, Object> ctx){
+ Document doc = DOMUtils.createDocument();
+ Element result = null;
+ UsernameToken usernameToken = null;
+ String username = (String)ctx.get(SecurityConstants.USERNAME);
+ String password = (String)ctx.get(SecurityConstants.PASSWORD);
+ if (username != null) {
+ usernameToken = createWSSEUsernameToken(username,password, doc);
+ result = usernameToken.getElement();
+ }
+ return result;
+ }
+
+ /**
+ *
+ * @param username
+ * @param password
+ * @return
+ */
+ publicElement getUsernameTokenElement(String username, String password){
+ Document doc = DOMUtils.createDocument();
+ Element result = null;
+ UsernameToken usernameToken = null;
+ if (username != null) {
+ usernameToken = createWSSEUsernameToken(username,password, doc);
+ result = usernameToken.getElement();
+ }
+ return result;
+ }
+
+ private UsernameToken createWSSEUsernameToken(String username, String password, Document doc) {
+
+ UsernameToken usernameToken = new UsernameToken(true, doc,
+ (password == null)? null: WSConstants.PASSWORD_TEXT);
+ usernameToken.setName(username);
+ usernameToken.addWSUNamespace();
+ usernameToken.addWSSENamespace();
+ usernameToken.setID("id-" + username);
+
+ if (password != null){
+ usernameToken.setPassword(password);
+ }
+
+ return usernameToken;
+ }
+
+
+ privateString toString(Node node) {
+ String str = null;
+
+ if (node != null) {
+ DOMImplementationLS lsImpl = (DOMImplementationLS)
+ node.getOwnerDocument().getImplementation().getFeature("LS", "3.0");
+ LSSerializer serializer = lsImpl.createLSSerializer();
+ serializer.getDomConfig().setParameter("xml-declaration", false); //by default its true, so set it to false to get String without xml-declaration
+ str = serializer.writeToString(node);
+ }
+ return str;
+ }
+
+}
+
+
+
+
+Crypto properties and keystore files
+
+
The ActAs service must provide its own credentials. The requisite
+properties file, actasKeystore.properties, and keystore, actasstore.jks,
+were created.
When deployed on WildFly this application requires access to the JBossWs
+and CXF APIs provided in modules org.jboss.ws.cxf.jbossws-cxf-client and
+org.apache.cxf. The Apache CXF internals, org.apache.cxf.impl, are
+needed in handling the ActAs and OnBehalfOf extensions. The dependency
+statement directs the server to provide them at deployment.
This section examines the STS elements from the basic WS-Trust scenario
+that have been changed to address the needs of the ActAs example. The
+components are.
+
+
+
+
+
STS’s implementation class.
+
+
+
STSCallbackHandler class
+
+
+
+
+STS Implementation class
+
+
The initial description of SampleSTS can be found
+here.
+
+
+
The declaration of the set of allowed token recipients by address has
+been extended to accept ActAs addresses and OnBehalfOf addresses. The
+addresses are specified as reg-ex patterns.
+
+
+
The TokenIssueOperation requires class, UsernameTokenValidator be
+provided in order to validate the contents of the OnBehalfOf claims and
+class, UsernameTokenDelegationHandler to be provided in order to process
+the token delegation request of the ActAs on OnBehalfOf user.
+
+
+
+
packageorg.jboss.test.ws.jaxws.samples.wsse.policy.trust.sts;
+
+importjava.util.Arrays;
+importjava.util.LinkedList;
+importjava.util.List;
+
+importjakarta.xml.ws.WebServiceProvider;
+
+importorg.apache.cxf.annotations.EndpointProperties;
+importorg.apache.cxf.annotations.EndpointProperty;
+importorg.apache.cxf.interceptor.InInterceptors;
+importorg.apache.cxf.sts.StaticSTSProperties;
+importorg.apache.cxf.sts.operation.TokenIssueOperation;
+importorg.apache.cxf.sts.operation.TokenValidateOperation;
+importorg.apache.cxf.sts.service.ServiceMBean;
+importorg.apache.cxf.sts.service.StaticService;
+importorg.apache.cxf.sts.token.delegation.UsernameTokenDelegationHandler;
+importorg.apache.cxf.sts.token.provider.SAMLTokenProvider;
+importorg.apache.cxf.sts.token.validator.SAMLTokenValidator;
+importorg.apache.cxf.sts.token.validator.UsernameTokenValidator;
+importorg.apache.cxf.ws.security.sts.provider.SecurityTokenServiceProvider;
+
+@WebServiceProvider(serviceName = "SecurityTokenService",
+ portName = "UT_Port",
+ targetNamespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/",
+ wsdlLocation = "WEB-INF/wsdl/ws-trust-1.4-service.wsdl")
+//be sure to have dependency on org.apache.cxf module when on AS7, otherwise Apache CXF annotations are ignored
+@EndpointProperties(value = {
+ @EndpointProperty(key = "ws-security.signature.username", value = "mystskey"),
+ @EndpointProperty(key = "ws-security.signature.properties", value = "stsKeystore.properties"),
+ @EndpointProperty(key = "ws-security.callback-handler", value = "org.jboss.test.ws.jaxws.samples.wsse.policy.trust.sts.STSCallbackHandler"),
+ @EndpointProperty(key = "ws-security.validate.token", value = "false") //to let the JAAS integration deal with validation through the interceptor below
+})
+@InInterceptors(interceptors = {"org.jboss.wsf.stack.cxf.security.authentication.SubjectCreatingPolicyInterceptor"})
+publicclassSampleSTSextends SecurityTokenServiceProvider
+{
+ public SampleSTS() throwsException
+ {
+ super();
+
+ StaticSTSProperties props = new StaticSTSProperties();
+ props.setSignatureCryptoProperties("stsKeystore.properties");
+ props.setSignatureUsername("mystskey");
+ props.setCallbackHandlerClass(STSCallbackHandler.class.getName());
+ props.setIssuer("DoubleItSTSIssuer");
+
+ List<ServiceMBean> services = newLinkedList<ServiceMBean>();
+ StaticService service = new StaticService();
+ service.setEndpoints(Arrays.asList(
+ "http://localhost:(\\d)*/jaxws-samples-wsse-policy-trust/SecurityService",
+ "http://\\[::1\\]:(\\d)*/jaxws-samples-wsse-policy-trust/SecurityService",
+ "http://\\[0:0:0:0:0:0:0:1\\]:(\\d)*/jaxws-samples-wsse-policy-trust/SecurityService",
+
+ "http://localhost:(\\d)*/jaxws-samples-wsse-policy-trust-actas/ActAsService",
+ "http://\\[::1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-actas/ActAsService",
+ "http://\\[0:0:0:0:0:0:0:1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-actas/ActAsService",
+
+ "http://localhost:(\\d)*/jaxws-samples-wsse-policy-trust-onbehalfof/OnBehalfOfService",
+ "http://\\[::1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-onbehalfof/OnBehalfOfService",
+ "http://\\[0:0:0:0:0:0:0:1\\]:(\\d)*/jaxws-samples-wsse-policy-trust-onbehalfof/OnBehalfOfService"
+ ));
+ services.add(service);
+
+ TokenIssueOperation issueOperation = new TokenIssueOperation();
+ issueOperation.setServices(services);
+ issueOperation.getTokenProviders().add(new SAMLTokenProvider());
+ // required for OnBehalfOf
+ issueOperation.getTokenValidators().add(new UsernameTokenValidator());
+ // added for OnBehalfOf and ActAs
+ issueOperation.getDelegationHandlers().add(new UsernameTokenDelegationHandler());
+ issueOperation.setStsProperties(props);
+
+ TokenValidateOperation validateOperation = new TokenValidateOperation();
+ validateOperation.getTokenValidators().add(new SAMLTokenValidator());
+ validateOperation.setStsProperties(props);
+
+ this.setIssueOperation(issueOperation);
+ this.setValidateOperation(validateOperation);
+ }
+}
+
+
+
+
+STSCallbackHandler
+
+
The user, alice, and corresponding password was required to be added for
+the ActAs example.
This section examines the ws-requester elements from the basic WS-Trust
+scenario that have been changed to address the needs of the ActAs
+example. The component is
+
+
+
+
+
ActAs web service requester implementation class
+
+
+
+
+Web service requester Implementation
+
+
The ActAs ws-requester, the client, uses standard procedures for
+creating a reference to the web service in the first four lines. To
+address the endpoint security requirements, the web service’s "Request
+Context" is configured via the BindingProvider. Information needed in
+the message generation is provided through it. The ActAs user,
+myactaskey, is declared in this section and UsernameTokenCallbackHandler
+is used to provide the contents of the ActAs element to the STSClient.
+In this example a STSClient object is created and provided to the
+proxy’s request context. The alternative is to provide keys tagged with
+the ".it" suffix as was done in
+the
+Basic Scenario client. The use of ActAs is configured through the props
+map using the SecurityConstants.STS_TOKEN_ACT_AS key. The alternative is
+to use the STSClient.setActAs method.
The OnBehalfOf feature is used in scenarios that use the proxy pattern.
+In such scenarios, the client cannot access the STS directly, instead it
+communicates through a proxy gateway. The proxy gateway authenticates
+the caller and puts information about the caller into the OnBehalfOf
+element of the RequestSecurityToken (RST) sent to the real STS for
+processing. The resulting token contains only claims related to the
+client of the proxy, making the proxy completely transparent to the
+receiver of the issued token.
+
+
+
OnBehalfOf is nothing more than a new sub-element in the RST. It
+provides additional information about the original caller when a token
+is negotiated with the STS. The OnBehalfOf element usually takes the
+form of a token with identity claims such as name, role, and
+authorization code, for the client to access the service.
+
+
+
The OnBehalfOf scenario is an extension of
+the
+basic WS-Trust scenario. In this example the OnBehalfOf service calls
+the ws-service on behalf of a user. There are only a couple of additions
+to the basic scenario’s code. An OnBehalfOf web service provider and
+callback handler have been added. The OnBehalfOf web services' WSDL
+imposes the same security policies as the ws-provider.
+UsernameTokenCallbackHandler is a utility shared with ActAs. It
+generates the content for the OnBehalfOf element. And lastly there are
+code additions in the STS that both OnBehalfOf and ActAs share in
+common.
This section examines the web service elements from the basic WS-Trust
+scenario that have been changed to address the needs of the OnBehalfOf
+example. The components are.
+
+
+
+
+
web service provider’s WSDL
+
+
+
web service provider’s Interface and Implementation classes.
+
+
+
OnBehalfOfCallbackHandler class
+
+
+
+
+Web service provider WSDL
+
+
The OnBehalfOf web service provider’s WSDL is a clone of the
+ws-provider’s WSDL. The wsp:Policy section is the same. There are
+changes to the service endpoint, targetNamespace, portType, binding
+name, and service.
The web service provider implementation class, OnBehalfOfServiceImpl, is
+a simple POJO. It uses the standard WebService annotation to define the
+service endpoint and two Apache WSS4J annotations, EndpointProperties
+and EndpointProperty used for configuring the endpoint for the CXF
+runtime. The WSS4J configuration information provided is for WSS4J’s
+Crypto Merlin implementation.
+
+
+
OnBehalfOfServiceImpl is calling the ServiceImpl acting on behalf of the
+user. Method setupService performs the requisite configuration setup.
OnBehalfOfCallbackHandler is a callback handler for the WSS4J Crypto
+API. It is used to obtain the password for the private key in the
+keystore. This class enables CXF to retrieve the password of the user
+name to use for the message signature. This class has been revised to
+return the passwords for this service, myactaskey and the "OnBehalfOf"
+user, alice.
This section examines the ws-requester elements from the basic WS-Trust
+scenario that have been changed to address the needs of the OnBehalfOf
+example. The component is
+
+
+
+
+
OnBehalfOf web service requester implementation class
+
+
+
+
+Web service requester Implementation
+
+
The OnBehalfOf ws-requester, the client, uses standard procedures for
+creating a reference to the web service in the first four lines. To
+address the endpoint security requirements, the web service’s "Request
+Context" is configured via the BindingProvider. Information needed in
+the message generation is provided through it. The OnBehalfOf user,
+alice, is declared in this section and the callbackHandler,
+UsernameTokenCallbackHandler is provided to the STSClient for generation
+of the contents for the OnBehalfOf message element. In this example a
+STSClient object is created and provided to the proxy’s request context.
+The alternative is to provide keys tagged with the ".it" suffix as was
+done in
+the
+Basic Scenario client. The use of OnBehalfOf is configured by the
+method call stsClient.setOnBehalfOf. The alternative is to use the key
+SecurityConstants.STS_TOKEN_ON_BEHALF_OF and a value in the props map.
+
+
+
+
finalQName serviceName = newQName("http://www.jboss.org/jbossws/ws-extensions/onbehalfofwssecuritypolicy", "OnBehalfOfService");
+finalURL wsdlURL = newURL(serviceURL + "?wsdl");
+Service service = Service.create(wsdlURL, serviceName);
+OnBehalfOfServiceIface proxy = (OnBehalfOfServiceIface) service.getPort(OnBehalfOfServiceIface.class);
+
+
+Bus bus = BusFactory.newInstance().createBus();
+try {
+
+ BusFactory.setThreadDefaultBus(bus);
+
+ Map<String, Object> ctx = proxy.getRequestContext();
+
+ ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
+ ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myactaskey");
+ ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
+
+ // user and password OnBehalfOf user
+ // UsernameTokenCallbackHandler will extract this information when called
+ ctx.put(SecurityConstants.USERNAME,"alice");
+ ctx.put(SecurityConstants.PASSWORD, "clarinet");
+
+ STSClient stsClient = new STSClient(bus);
+
+ // Providing the STSClient the mechanism to create the claims contents for OnBehalfOf
+ stsClient.setOnBehalfOf(new UsernameTokenCallbackHandler());
+
+ Map<String, Object> props = stsClient.getProperties();
+ props.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
+ props.put(SecurityConstants.ENCRYPT_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
+ props.put(SecurityConstants.STS_TOKEN_USERNAME, "myclientkey");
+ props.put(SecurityConstants.STS_TOKEN_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
+
+ ctx.put(SecurityConstants.STS_CLIENT, stsClient);
+
+} finally {
+ bus.shutdown(true);
+}
+proxy.sayHello();
+
+
+
+
+
+
+
SAML Bearer Assertion Scenario
+
+
WS-Trust deals with managing software security tokens. A SAML assertion
+is a type of security token. In the SAML Bearer scenario, the service
+provider automatically trusts that the incoming SOAP request came from
+the subject defined in the SAML token after the service verifies the
+tokens signature.
+
+
+
Implementation of this scenario has the following requirements.
+
+
+
+
+
SAML tokens with a Bearer subject confirmation method must be
+protected so the token can not be snooped. In most cases, a bearer token
+combined with HTTPS is sufficient to prevent "a man in the middle"
+getting possession of the token. This means a security policy that uses
+a sp:TransportBinding and sp:HttpsToken.
+
+
+
A bearer token has no encryption or signing keys associated with it,
+therefore a sp:IssuedToken of bearer keyType should be used with a
+sp:SupportingToken or a sp:SignedSupportingTokens.
+
+
+
+
+
Web service Provider
+
+
This section examines the web service elements for the SAML Bearer
+scenario. The components are
+
+
+
+
+
Bearer web service provider’s WSDL
+
+
+
SSL configuration
+
+
+
Bearer web service provider’s Interface and Implementation classes.
+
+
+
Crypto properties and keystore files
+
+
+
MANIFEST.MF
+
+
+
+
+Web service provider WSDL
+
+
The web service provider is a contract-first endpoint. All the WS-trust
+and security policies for it are declared in WSDL, BearerService.wsdl.
+For this scenario a ws-requester is required to present a SAML 2.0
+Bearer token issued from a designed STS. The address of the STS is
+provided in the WSDL. HTTPS, a TransportBinding and HttpsToken policy
+are used to protect the SOAP body of messages that pass back and forth
+between ws-requester and ws-provider. A detailed explanation of the
+security settings are provided in the comments in the listing below.
+
+
+
+
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<definitionstargetNamespace="http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypolicy"
+ name="BearerService"
+ xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypolicy"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsaws="http://www.w3.org/2005/08/addressing"
+ xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+ xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
+
+ <types>
+ <xsd:schema>
+ <xsd:importnamespace="http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypolicy"
+ schemaLocation="BearerService_schema1.xsd"/>
+ </xsd:schema>
+ </types>
+ <messagename="sayHello">
+ <partname="parameters"element="tns:sayHello"/>
+ </message>
+ <messagename="sayHelloResponse">
+ <partname="parameters"element="tns:sayHelloResponse"/>
+ </message>
+ <portTypename="BearerIface">
+ <operationname="sayHello">
+ <inputmessage="tns:sayHello"/>
+ <outputmessage="tns:sayHelloResponse"/>
+ </operation>
+ </portType>
+
+<!--
+ The wsp:PolicyReference binds the security requirments on all the endpoints.
+ The wsp:Policy wsu:Id="#TransportSAML2BearerPolicy" element is defined later in this file.
+-->
+ <bindingname="BearerServicePortBinding"type="tns:BearerIface">
+ <wsp:PolicyReferenceURI="#TransportSAML2BearerPolicy"/>
+ <soap:bindingtransport="http://schemas.xmlsoap.org/soap/http"style="document"/>
+ <operationname="sayHello">
+ <soap:operationsoapAction=""/>
+ <input>
+ <soap:bodyuse="literal"/>
+ </input>
+ <output>
+ <soap:bodyuse="literal"/>
+ </output>
+ </operation>
+ </binding>
+
+<!--
+ The soap:address has been defined to use JBoss's https port, 8443. This is
+ set in conjunction with the sp:TransportBinding policy for https.
+-->
+ <servicename="BearerService">
+ <portname="BearerServicePort"binding="tns:BearerServicePortBinding">
+ <soap:addresslocation="https://@jboss.bind.address@:8443/jaxws-samples-wsse-policy-trust-bearer/BearerService"/>
+ </port>
+ </service>
+
+
+ <wsp:Policywsu:Id="TransportSAML2BearerPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <!--
+ The wsam:Addressing element, indicates that the endpoints of this
+ web service MUST conform to the WS-Addressing specification. The
+ attribute wsp:Optional="false" enforces this assertion.
+ -->
+ <wsam:Addressingwsp:Optional="false">
+ <wsp:Policy/>
+ </wsam:Addressing>
+
+<!--
+ The sp:TransportBinding element indicates that security is provided by the
+ message exchange transport medium, https. WS-Security policy specification
+ defines the sp:HttpsToken for use in exchanging messages transmitted over HTTPS.
+-->
+ <sp:TransportBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken>
+ <wsp:Policy/>
+ </sp:HttpsToken>
+ </wsp:Policy>
+ </sp:TransportToken>
+<!--
+ The sp:AlgorithmSuite element, requires the TripleDes algorithm suite
+ be used in performing cryptographic operations.
+-->
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDes/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+<!--
+ The sp:Layout element, indicates the layout rules to apply when adding
+ items to the security header. The sp:Lax sub-element indicates items
+ are added to the security header in any order that conforms to
+ WSS: SOAP Message Security.
+-->
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+
+<!--
+ The sp:SignedSupportingTokens element causes the supporting tokens
+ to be signed using the primary token that is used to sign the message.
+-->
+ <sp:SignedSupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+<!--
+ The sp:IssuedToken element asserts that a SAML 2.0 security token of type
+ Bearer is expected from the STS. The
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ attribute instructs the runtime to include the initiator's public key
+ with every message sent to the recipient.
+
+ The sp:RequestSecurityTokenTemplate element directs that all of the
+ children of this element will be copied directly into the body of the
+ RequestSecurityToken (RST) message that is sent to the STS when the
+ initiator asks the STS to issue a token.
+-->
+ <sp:IssuedToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
+ <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</t:KeyType>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+<!--
+ The sp:Issuer element defines the STS's address and endpoint information
+ This information is used by the STSClient.
+-->
+ <sp:Issuer>
+ <wsaws:Address>http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-bearer/SecurityTokenService</wsaws:Address>
+ <wsaws:Metadata
+ xmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance"
+ wsdli:wsdlLocation="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-bearer/SecurityTokenService?wsdl">
+ <wsaw:ServiceName
+ xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
+ xmlns:stsns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ EndpointName="UT_Port">stsns:SecurityTokenService</wsaw:ServiceName>
+ </wsaws:Metadata>
+ </sp:Issuer>
+
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+<!--
+ The sp:Wss11 element declares WSS: SOAP Message Security 1.1 options
+ to be supported by the STS. These particular elements generally refer
+ to how keys are referenced within the SOAP envelope. These are normally
+ handled by CXF.
+-->
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+<!--
+ The sp:Trust13 element declares controls for WS-Trust 1.3 options.
+ They are policy assertions related to exchanges specifically with
+ client and server challenges and entropy behaviors. Again these are
+ normally handled by CXF.
+-->
+ <sp:Trust13>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</definitions>
+
+
+
+
+SSL configuration
+
+
This web service is using https, therefore the JBoss server must be
+configured to provide SSL support in the Web subsystem. There are 2
+components to SSL configuration.
+
+
+
+
+
create a certificate keystore
+
+
+
declare an SSL connector in the Web subsystem of the JBoss server
+configuration file.
The web service provider implementation class, BearerImpl, is a simple
+POJO. It uses the standard WebService annotation to define the service
+endpoint. In addition there are two Apache CXF annotations,
+EndpointProperties and EndpointProperty used for configuring the
+endpoint for the CXF runtime. These annotations come from the
+Apache WSS4J project, which provides a
+Java implementation of the primary WS-Security standards for Web
+Services. These annotations are programmatically adding properties to
+the endpoint. With plain Apache CXF, these properties are often set via
+the <jaxws:properties> element on the <jaxws:endpoint> element in the
+Spring config; these annotations allow the properties to be configured
+in the code.
+
+
+
WSS4J uses the Crypto interface to get keys and certificates for
+signature creation/verification, as is asserted by the WSDL for this
+service. The WSS4J configuration information being provided by
+BearerImpl is for Crypto’s Merlin implementation. More information will
+be provided about this in the keystore section.
+
+
+
Because the web service provider automatically trusts that the incoming
+SOAP request came from the subject defined in the SAML token there is no
+need for a Crypto callbackHandler class or a signature username, unlike
+in prior examples, however in order to verify the message signature, the
+Java properties file that contains the (Merlin) crypto configuration
+information is still required.
WSS4J’s Crypto implementation is loaded and configured via a Java
+properties file that contains Crypto configuration data. The file
+contains implementation-specific properties such as a keystore location,
+password, default alias and the like. This application is using the
+Merlin implementation. File serviceKeystore.properties contains this
+information.
+
+
+
File servicestore.jks, is a Java KeyStore (JKS) repository. It contains
+self signed certificates for myservicekey and mystskey. Self signed
+certificates are not appropriate for production use.
When deployed on WildFly this application requires access to the JBossWs
+and CXF APIs provided in module org.jboss.ws.cxf.jbossws-cxf-client. The
+dependency statement directs the server to provide them at deployment.
This section examines the crucial elements in providing the Security
+Token Service functionality for providing a SAML Bearer token. The
+components that will be discussed are.
+
+
+
+
+
Security Domain
+
+
+
STS’s WSDL
+
+
+
STS’s implementation class
+
+
+
STSBearerCallbackHandler
+
+
+
Crypto properties and keystore files
+
+
+
MANIFEST.MF
+
+
+
+
+Security Domain
+
+
The STS requires a JBoss security domain be configured. The
+jboss-web.xml descriptor declares a named security
+domain,"JBossWS-trust-sts" to be used by this service for
+authentication. This security domain requires two properties files and
+the addition of a security-domain declaration in the JBoss server
+configuration file.
+
+
+
For this scenario the domain needs to contain user alice, password
+clarinet, and role friend. See the listings below for
+jbossws-users.properties and jbossws-roles.properties. In addition the
+following XML elements must be added to the Elytron subsystem in the
+server configuration file. Replace " SOME_PATH" with appropriate
+information and then configure authentication with this security domain.
<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.4//EN" ">
+<jboss-web>
+ <security-domain>java:/jaas/JBossWS-trust-sts</security-domain>
+</jboss-web>
+
+
+
+
jbossws-users.properties
+
+
+
+
# A sample users.properties file for use with the UsersRolesLoginModule
+alice=clarinet
+
+
+
+
jbossws-roles.properties
+
+
+
+
# A sample roles.properties file for use with the UsersRolesLoginModule
+alice=friend
+
+
+
+
+STS’s WSDL
+
+
+
<?xml version="1.0" encoding="UTF-8"?>
+<wsdl:definitions
+ targetNamespace="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ xmlns:tns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ xmlns:wstrust="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns:wsap10="http://www.w3.org/2006/05/addressing/wsdl"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
+
+ <wsdl:types>
+ <xs:schemaelementFormDefault="qualified"
+ targetNamespace='http://docs.oasis-open.org/ws-sx/ws-trust/200512'>
+
+ <xs:elementname='RequestSecurityToken'
+ type='wst:AbstractRequestSecurityTokenType'/>
+ <xs:elementname='RequestSecurityTokenResponse'
+ type='wst:AbstractRequestSecurityTokenType'/>
+
+ <xs:complexTypename='AbstractRequestSecurityTokenType'>
+ <xs:sequence>
+ <xs:anynamespace='##any'processContents='lax'minOccurs='0'
+ maxOccurs='unbounded'/>
+ </xs:sequence>
+ <xs:attributename='Context'type='xs:anyURI'use='optional'/>
+ <xs:anyAttributenamespace='##other'processContents='lax'/>
+ </xs:complexType>
+ <xs:elementname='RequestSecurityTokenCollection'
+ type='wst:RequestSecurityTokenCollectionType'/>
+ <xs:complexTypename='RequestSecurityTokenCollectionType'>
+ <xs:sequence>
+ <xs:elementname='RequestSecurityToken'
+ type='wst:AbstractRequestSecurityTokenType'minOccurs='2'
+ maxOccurs='unbounded'/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:elementname='RequestSecurityTokenResponseCollection'
+ type='wst:RequestSecurityTokenResponseCollectionType'/>
+ <xs:complexTypename='RequestSecurityTokenResponseCollectionType'>
+ <xs:sequence>
+ <xs:elementref='wst:RequestSecurityTokenResponse'minOccurs='1'
+ maxOccurs='unbounded'/>
+ </xs:sequence>
+ <xs:anyAttributenamespace='##other'processContents='lax'/>
+ </xs:complexType>
+
+ </xs:schema>
+ </wsdl:types>
+
+ <!-- WS-Trust defines the following GEDs -->
+ <wsdl:messagename="RequestSecurityTokenMsg">
+ <wsdl:partname="request"element="wst:RequestSecurityToken"/>
+ </wsdl:message>
+ <wsdl:messagename="RequestSecurityTokenResponseMsg">
+ <wsdl:partname="response"
+ element="wst:RequestSecurityTokenResponse"/>
+ </wsdl:message>
+ <wsdl:messagename="RequestSecurityTokenCollectionMsg">
+ <wsdl:partname="requestCollection"
+ element="wst:RequestSecurityTokenCollection"/>
+ </wsdl:message>
+ <wsdl:messagename="RequestSecurityTokenResponseCollectionMsg">
+ <wsdl:partname="responseCollection"
+ element="wst:RequestSecurityTokenResponseCollection"/>
+ </wsdl:message>
+
+ <!-- This portType an example of a Requestor (or other) endpoint that
+ Accepts SOAP-based challenges from a Security Token Service -->
+ <wsdl:portTypename="WSSecurityRequestor">
+ <wsdl:operationname="Challenge">
+ <wsdl:inputmessage="tns:RequestSecurityTokenResponseMsg"/>
+ <wsdl:outputmessage="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <!-- This portType is an example of an STS supporting full protocol -->
+ <!--
+ The wsdl:portType and data types are XML elements defined by the
+ WS_Trust specification. The wsdl:portType defines the endpoints
+ supported in the STS implementation. This WSDL defines all operations
+ that an STS implementation can support.
+ -->
+ <wsdl:portTypename="STS">
+ <wsdl:operationname="Cancel">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"
+ message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinal"
+ message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operationname="Issue">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"
+ message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal"
+ message="tns:RequestSecurityTokenResponseCollectionMsg"/>
+ </wsdl:operation>
+ <wsdl:operationname="Renew">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"
+ message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal"
+ message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operationname="Validate">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"
+ message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/ValidateFinal"
+ message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operationname="KeyExchangeToken">
+ <wsdl:input
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KET"
+ message="tns:RequestSecurityTokenMsg"/>
+ <wsdl:output
+ wsam:Action="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/KETFinal"
+ message="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ <wsdl:operationname="RequestCollection">
+ <wsdl:inputmessage="tns:RequestSecurityTokenCollectionMsg"/>
+ <wsdl:outputmessage="tns:RequestSecurityTokenResponseCollectionMsg"/>
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <!-- This portType is an example of an endpoint that accepts
+ Unsolicited RequestSecurityTokenResponse messages -->
+ <wsdl:portTypename="SecurityTokenResponseService">
+ <wsdl:operationname="RequestSecurityTokenResponse">
+ <wsdl:inputmessage="tns:RequestSecurityTokenResponseMsg"/>
+ </wsdl:operation>
+ </wsdl:portType>
+
+ <!--
+ The wsp:PolicyReference binds the security requirments on all the STS endpoints.
+ The wsp:Policy wsu:Id="UT_policy" element is later in this file.
+ -->
+ <wsdl:bindingname="UT_Binding"type="wstrust:STS">
+ <wsp:PolicyReferenceURI="#UT_policy"/>
+ <soap:bindingstyle="document"
+ transport="http://schemas.xmlsoap.org/soap/http"/>
+ <wsdl:operationname="Issue">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue"/>
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy"/>
+ <soap:bodyuse="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy"/>
+ <soap:bodyuse="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operationname="Validate">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Validate"/>
+ <wsdl:input>
+ <wsp:PolicyReference
+ URI="#Input_policy"/>
+ <soap:bodyuse="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <wsp:PolicyReference
+ URI="#Output_policy"/>
+ <soap:bodyuse="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operationname="Cancel">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel"/>
+ <wsdl:input>
+ <soap:bodyuse="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:bodyuse="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operationname="Renew">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew"/>
+ <wsdl:input>
+ <soap:bodyuse="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:bodyuse="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operationname="KeyExchangeToken">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/KeyExchangeToken"/>
+ <wsdl:input>
+ <soap:bodyuse="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:bodyuse="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ <wsdl:operationname="RequestCollection">
+ <soap:operation
+ soapAction="http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/RequestCollection"/>
+ <wsdl:input>
+ <soap:bodyuse="literal"/>
+ </wsdl:input>
+ <wsdl:output>
+ <soap:bodyuse="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+ </wsdl:binding>
+
+ <wsdl:servicename="SecurityTokenService">
+ <wsdl:portname="UT_Port"binding="tns:UT_Binding">
+ <soap:addresslocation="http://localhost:8080/SecurityTokenService/UT"/>
+ </wsdl:port>
+ </wsdl:service>
+
+
+ <wsp:Policywsu:Id="UT_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <!--
+ The sp:UsingAddressing element, indicates that the endpoints of this
+ web service conforms to the WS-Addressing specification. More detail
+ can be found here: [http://www.w3.org/TR/2006/CR-ws-addr-wsdl-20060529]
+ -->
+ <wsap10:UsingAddressing/>
+ <!--
+ The sp:SymmetricBinding element indicates that security is provided
+ at the SOAP layer and any initiator must authenticate itself by providing
+ WSS UsernameToken credentials.
+ -->
+ <sp:SymmetricBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <!--
+ In a symmetric binding, the keys used for encrypting and signing in both
+ directions are derived from a single key, the one specified by the
+ sp:ProtectionToken element. The sp:X509Token sub-element declares this
+ key to be a X.509 certificate and the
+ IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never"
+ attribute adds the requirement that the token MUST NOT be included in
+ any messages sent between the initiator and the recipient; rather, an
+ external reference to the token should be used. Lastly the WssX509V3Token10
+ sub-element declares that the Username token presented by the initiator
+ should be compliant with Web Services Security UsernameToken Profile
+ 1.0 specification. [ http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0.pdf ]
+ -->
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <!--
+ The sp:AlgorithmSuite element, requires the Basic256 algorithm suite
+ be used in performing cryptographic operations.
+ -->
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <!--
+ The sp:Layout element, indicates the layout rules to apply when adding
+ items to the security header. The sp:Lax sub-element indicates items
+ are added to the security header in any order that conforms to
+ WSS: SOAP Message Security.
+ -->
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+
+ <!--
+ The sp:SignedSupportingTokens element declares that the security header
+ of messages must contain a sp:UsernameToken and the token must be signed.
+ The attribute IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient"
+ on sp:UsernameToken indicates that the token MUST be included in all
+ messages sent from initiator to the recipient and that the token MUST
+ NOT be included in messages sent from the recipient to the initiator.
+ And finally the element sp:WssUsernameToken10 is a policy assertion
+ indicating the Username token should be as defined in Web Services
+ Security UsernameToken Profile 1.0
+ -->
+ <sp:SignedSupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:UsernameToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <!--
+ The sp:Wss11 element declares WSS: SOAP Message Security 1.1 options
+ to be supported by the STS. These particular elements generally refer
+ to how keys are referenced within the SOAP envelope. These are normally
+ handled by CXF.
+ -->
+ <sp:Wss11
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <!--
+ The sp:Trust13 element declares controls for WS-Trust 1.3 options.
+ They are policy assertions related to exchanges specifically with
+ client and server challenges and entropy behaviors. Again these are
+ normally handled by CXF.
+ -->
+ <sp:Trust13
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policywsu:Id="Input_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SignedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ <sp:HeaderName="To"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="From"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="FaultTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="ReplyTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="MessageID"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="RelatesTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="Action"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ <wsp:Policywsu:Id="Output_policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SignedParts
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <sp:Body/>
+ <sp:HeaderName="To"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="From"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="FaultTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="ReplyTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="MessageID"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="RelatesTo"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ <sp:HeaderName="Action"
+ Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</wsdl:definitions>
+
+
+
+
+STS’s implementation class
+
+
The Apache CXF’s STS, SecurityTokenServiceProvider, is a web service
+provider that is compliant with the protocols and functionality defined
+by the WS-Trust specification. It has a modular architecture. Many of
+its components are configurable or replaceable and there are many
+optional features that are enabled by implementing and configuring
+plug-ins. Users can customize their own STS by extending from
+SecurityTokenServiceProvider and overriding the default settings.
+Extensive information about the CXF’s STS configurable and pluggable
+components can be found
+here.
+
+
+
This STS implementation class, SampleSTSBearer, is a POJO that extends
+from SecurityTokenServiceProvider. Note that the class is defined with a
+WebServiceProvider annotation and not a WebService annotation. This
+annotation defines the service as a Provider-based endpoint, meaning it
+supports a more messaging-oriented approach to Web services. In
+particular, it signals that the exchanged messages will be XML documents
+of some type. SecurityTokenServiceProvider is an implementation of the
+jakarta.xml.ws.Provider interface. In comparison the WebService annotation
+defines a (service endpoint interface) SEI-based endpoint which supports
+message exchange via SOAP envelopes.
+
+
+
As was done in the BearerImpl class, the WSS4J annotations
+EndpointProperties and EndpointProperty are providing endpoint
+configuration for the CXF runtime. The first EndpointProperty statement
+in the listing is declaring the user’s name to use for the message
+signature. It is used as the alias name in the keystore to get the
+user’s cert and private key for signature. The next two EndpointProperty
+statements declares the Java properties file that contains the (Merlin)
+crypto configuration information. In this case both for signing and
+encrypting the messages. WSS4J reads this file and extra required
+information for message handling. The last EndpointProperty statement
+declares the STSBearerCallbackHandler implementation class. It is used
+to obtain the user’s password for the certificates in the keystore file.
+
+
+
In this implementation we are customizing the operations of token
+issuance, token validation and their static properties.
+
+
+
StaticSTSProperties is used to set select properties for configuring
+resources in the STS. You may think this is a duplication of the
+settings made with the WSS4J annotations. The values are the same but
+the underlaying structures being set are different, thus this
+information must be declared in both places.
+
+
+
The setIssuer setting is important because it uniquely identifies the
+issuing STS. The issuer string is embedded in issued tokens and, when
+validating tokens, the STS checks the issuer string value. Consequently,
+it is important to use the issuer string in a consistent way, so that
+the STS can recognize the tokens that it has issued.
+
+
+
The setEndpoints call allows the declaration of a set of allowed token
+recipients by address. The addresses are specified as reg-ex patterns.
+
+
+
TokenIssueOperation has a modular structure. This allows custom
+behaviors to be injected into the processing of messages. In this case
+we are overriding the SecurityTokenServiceProvider’s default behavior
+and performing SAML token processing. CXF provides an implementation of
+a SAMLTokenProvider which we are using rather than writing our own.
STSBearerCallbackHandler is a callback handler for the WSS4J Crypto API.
+It is used to obtain the password for the private key in the keystore.
+This class enables CXF to retrieve the password of the user name to use
+for the message signature.
WSS4J’s Crypto implementation is loaded and configured via a Java
+properties file that contains Crypto configuration data. The file
+contains implementation-specific properties such as a keystore location,
+password, default alias and the like. This application is using the
+Merlin implementation. File stsKeystore.properties contains this
+information.
+
+
+
File servicestore.jks, is a Java KeyStore (JKS) repository. It contains
+self signed certificates for myservicekey and mystskey. Self signed
+certificates are not appropriate for production use.
When deployed on WildFly, this application requires access to the
+JBossWs and CXF APIs provided in modules
+org.jboss.ws.cxf.jbossws-cxf-client and org.apache.cxf. The Apache CXF
+internals, org.apache.cxf.impl, are needed to build the STS
+configuration in the SampleSTS constructor. The dependency statement
+directs the server to provide them at deployment.
This section examines the crucial elements in calling a web service that
+implements endpoint security as described in the SAML Bearer scenario.
+The components that will be discussed are.
+
+
+
+
+
Web service requester’s implementation
+
+
+
ClientCallbackHandler
+
+
+
Crypto properties and keystore files
+
+
+
+
+Web service requester Implementation
+
+
The ws-requester, the client, uses standard procedures for creating a
+reference to the web service. To address the endpoint security
+requirements, the web service’s "Request Context" is configured with the
+information needed in message generation. In addition, the STSClient
+that communicates with the STS is configured with similar values. Note
+the key strings ending with a ".it" suffix. This suffix flags these
+settings as belonging to the STSClient. The internal CXF code assigns
+this information to the STSClient that is auto-generated for this
+service call.
+
+
+
There is an alternate method of setting up the STSCLient. The user may
+provide their own instance of the STSClient. The CXF code will use this
+object and not auto-generate one. When providing the STSClient in this
+way, the user must provide a org.apache.cxf.Bus for it and the
+configuration keys must not have the ".it" suffix. This is used in the
+ActAs and OnBehalfOf examples.
+
+
+
+
String serviceURL = "https://" + getServerHost() + ":8443/jaxws-samples-wsse-policy-trust-bearer/BearerService";
+
+ finalQName serviceName = newQName("http://www.jboss.org/jbossws/ws-extensions/bearerwssecuritypolicy", "BearerService");
+ Service service = Service.create(newURL(serviceURL + "?wsdl"), serviceName);
+ BearerIface proxy = (BearerIface) service.getPort(BearerIface.class);
+
+ Map<String, Object> ctx = ((BindingProvider)proxy).getRequestContext();
+
+ // set the security related configuration information for the service "request"
+ ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
+ ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
+ ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myservicekey");
+
+ //-- Configuration settings that will be transfered to the STSClient
+ // "alice" is the name provided for the WSS Username. Her password will
+ // be retreived from the ClientCallbackHander by the STSClient.
+ ctx.put(SecurityConstants.USERNAME + ".it", "alice");
+ ctx.put(SecurityConstants.CALLBACK_HANDLER + ".it", new ClientCallbackHandler());
+ ctx.put(SecurityConstants.ENCRYPT_PROPERTIES + ".it",
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ ctx.put(SecurityConstants.ENCRYPT_USERNAME + ".it", "mystskey");
+ ctx.put(SecurityConstants.STS_TOKEN_USERNAME + ".it", "myclientkey");
+ ctx.put(SecurityConstants.STS_TOKEN_PROPERTIES + ".it",
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ ctx.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO + ".it", "true");
+
+ proxy.sayHello();
ClientCallbackHandler is a callback handler for the WSS4J Crypto API. It
+is used to obtain the password for the private key in the keystore. This
+class enables CXF to retrieve the password of the user name to use for
+the message signature. Note that "alice" and her password have been
+provided here. This information is not in the (JKS) keystore but
+provided in the WildFly security domain. It was declared in file
+jbossws-users.properties.
WSS4J’s Crypto implementation is loaded and configured via a Java
+properties file that contains Crypto configuration data. The file
+contains implementation-specific properties such as a keystore location,
+password, default alias and the like. This application is using the
+Merlin implementation. File clientKeystore.properties contains this
+information.
+
+
+
File clientstore.jks, is a Java KeyStore (JKS) repository. It contains
+self signed certificates for myservicekey and mystskey. Self signed
+certificates are not appropriate for production use.
WS-Trust deals with managing software security tokens. A SAML assertion
+is a type of security token. In the Holder-Of-Key method, the STS
+creates a SAML token containing the client’s public key and signs the
+SAML token with its private key. The client includes the SAML token and
+signs the outgoing soap envelope to the web service with its private
+key. The web service validates the SOAP message and the SAML token.
+
+
+
Implementation of this scenario has the following requirements.
+
+
+
+
+
SAML tokens with a Holder-Of-Key subject confirmation method must be
+protected so the token can not be snooped. In most cases, a
+Holder-Of-Key token combined with HTTPS is sufficient to prevent "a man
+in the middle" getting possession of the token. This means a security
+policy that uses a sp:TransportBinding and sp:HttpsToken.
+
+
+
A Holder-Of-Key token has no encryption or signing keys associated
+with it, therefore a sp:IssuedToken of SymmetricKey or PublicKey keyType
+should be used with a sp:SignedEndorsingSupportingTokens.
+
+
+
+
+
Web service Provider
+
+
This section examines the web service elements for the SAML
+Holder-Of-Key scenario. The components are
+
+
+
+
+
Web service provider’s WSDL
+
+
+
SSL configuration
+
+
+
Web service provider’s Interface and Implementation classes.
+
+
+
Crypto properties and keystore files
+
+
+
MANIFEST.MF
+
+
+
+
+Web service provider WSDL
+
+
The web service provider is a contract-first endpoint. All the WS-trust
+and security policies for it are declared in the WSDL,
+HolderOfKeyService.wsdl. For this scenario a ws-requester is required to
+present a SAML 2.0 token of SymmetricKey keyType, issued from a designed
+STS. The address of the STS is provided in the WSDL. A transport binding
+policy is used. The token is declared to be signed and endorsed,
+sp:SignedEndorsingSupportingTokens. A detailed explanation of the
+security settings are provided in the comments in the listing below.
+
+
+
+
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<definitionstargetNamespace="http://www.jboss.org/jbossws/ws-extensions/holderofkeywssecuritypolicy"
+ name="HolderOfKeyService"
+ xmlns:tns="http://www.jboss.org/jbossws/ws-extensions/holderofkeywssecuritypolicy"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:wsp="http://www.w3.org/ns/ws-policy"
+ xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata"
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+ xmlns:wsaws="http://www.w3.org/2005/08/addressing"
+ xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex"
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702"
+ xmlns:t="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
+
+ <types>
+ <xsd:schema>
+ <xsd:importnamespace="http://www.jboss.org/jbossws/ws-extensions/holderofkeywssecuritypolicy"
+ schemaLocation="HolderOfKeyService_schema1.xsd"/>
+ </xsd:schema>
+ </types>
+ <messagename="sayHello">
+ <partname="parameters"element="tns:sayHello"/>
+ </message>
+ <messagename="sayHelloResponse">
+ <partname="parameters"element="tns:sayHelloResponse"/>
+ </message>
+ <portTypename="HolderOfKeyIface">
+ <operationname="sayHello">
+ <inputmessage="tns:sayHello"/>
+ <outputmessage="tns:sayHelloResponse"/>
+ </operation>
+ </portType>
+<!--
+ The wsp:PolicyReference binds the security requirments on all the endpoints.
+ The wsp:Policy wsu:Id="#TransportSAML2HolderOfKeyPolicy" element is defined later in this file.
+-->
+ <bindingname="HolderOfKeyServicePortBinding"type="tns:HolderOfKeyIface">
+ <wsp:PolicyReferenceURI="#TransportSAML2HolderOfKeyPolicy"/>
+ <soap:bindingtransport="http://schemas.xmlsoap.org/soap/http"style="document"/>
+ <operationname="sayHello">
+ <soap:operationsoapAction=""/>
+ <input>
+ <soap:bodyuse="literal"/>
+ </input>
+ <output>
+ <soap:bodyuse="literal"/>
+ </output>
+ </operation>
+ </binding>
+<!--
+ The soap:address has been defined to use JBoss's https port, 8443. This is
+ set in conjunction with the sp:TransportBinding policy for https.
+-->
+ <servicename="HolderOfKeyService">
+ <portname="HolderOfKeyServicePort"binding="tns:HolderOfKeyServicePortBinding">
+ <soap:addresslocation="https://@jboss.bind.address@:8443/jaxws-samples-wsse-policy-trust-holderofkey/HolderOfKeyService"/>
+ </port>
+ </service>
+
+
+ <wsp:Policywsu:Id="TransportSAML2HolderOfKeyPolicy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <!--
+ The wsam:Addressing element, indicates that the endpoints of this
+ web service MUST conform to the WS-Addressing specification. The
+ attribute wsp:Optional="false" enforces this assertion.
+ -->
+ <wsam:Addressingwsp:Optional="false">
+ <wsp:Policy/>
+ </wsam:Addressing>
+<!--
+ The sp:TransportBinding element indicates that security is provided by the
+ message exchange transport medium, https. WS-Security policy specification
+ defines the sp:HttpsToken for use in exchanging messages transmitted over HTTPS.
+-->
+ <sp:TransportBinding
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+ <sp:TransportToken>
+ <wsp:Policy>
+ <sp:HttpsToken>
+ <wsp:Policy/>
+ </sp:HttpsToken>
+ </wsp:Policy>
+ </sp:TransportToken>
+<!--
+ The sp:AlgorithmSuite element, requires the TripleDes algorithm suite
+ be used in performing cryptographic operations.
+-->
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:TripleDes/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+<!--
+ The sp:Layout element, indicates the layout rules to apply when adding
+ items to the security header. The sp:Lax sub-element indicates items
+ are added to the security header in any order that conforms to
+ WSS: SOAP Message Security.
+-->
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:TransportBinding>
+
+<!--
+ The sp:SignedEndorsingSupportingTokens, when transport level security level is
+ used there will be no message signature and the signature generated by the
+ supporting token will sign the Timestamp.
+-->
+ <sp:SignedEndorsingSupportingTokens
+ xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+ <wsp:Policy>
+<!--
+ The sp:IssuedToken element asserts that a SAML 2.0 security token of type
+ Bearer is expected from the STS. The
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ attribute instructs the runtime to include the initiator's public key
+ with every message sent to the recipient.
+
+ The sp:RequestSecurityTokenTemplate element directs that all of the
+ children of this element will be copied directly into the body of the
+ RequestSecurityToken (RST) message that is sent to the STS when the
+ initiator asks the STS to issue a token.
+-->
+ <sp:IssuedToken
+ sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0</t:TokenType>
+ <!--
+ KeyType of "SymmetricKey", the client must prove to the WS service that it
+ possesses a particular symmetric session key.
+ -->
+ <t:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</t:KeyType>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+<!--
+ The sp:Issuer element defines the STS's address and endpoint information
+ This information is used by the STSClient.
+-->
+ <sp:Issuer>
+ <wsaws:Address>http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-holderofkey/SecurityTokenService</wsaws:Address>
+ <wsaws:Metadata
+ xmlns:wsdli="http://www.w3.org/2006/01/wsdl-instance"
+ wsdli:wsdlLocation="http://@jboss.bind.address@:8080/jaxws-samples-wsse-policy-trust-sts-holderofkey/SecurityTokenService?wsdl">
+ <wsaw:ServiceName
+ xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
+ xmlns:stsns="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
+ EndpointName="UT_Port">stsns:SecurityTokenService</wsaw:ServiceName>
+ </wsaws:Metadata>
+ </sp:Issuer>
+
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:SignedEndorsingSupportingTokens>
+<!--
+ The sp:Wss11 element declares WSS: SOAP Message Security 1.1 options
+ to be supported by the STS. These particular elements generally refer
+ to how keys are referenced within the SOAP envelope. These are normally
+ handled by CXF.
+-->
+ <sp:Wss11>
+ <wsp:Policy>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+<!--
+ The sp:Trust13 element declares controls for WS-Trust 1.3 options.
+ They are policy assertions related to exchanges specifically with
+ client and server challenges and entropy behaviors. Again these are
+ normally handled by CXF.
+-->
+ <sp:Trust13>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust13>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+</definitions>
This web service is using https, therefore the JBoss server must be
+configured to provide SSL support in the Web subsystem. There are 2
+components to SSL configuration.
+
+
+
+
+
create a certificate keystore
+
+
+
declare an SSL connector in the Web subsystem of the JBoss server
+configuration file.
The web service provider implementation class, HolderOfKeyImpl, is a
+simple POJO. It uses the standard WebService annotation to define the
+service endpoint. In addition there are two Apache CXF annotations,
+EndpointProperties and EndpointProperty used for configuring the
+endpoint for the CXF runtime. These annotations come from the
+Apache WSS4J project, which provides a
+Java implementation of the primary WS-Security standards for Web
+Services. These annotations are programmatically adding properties to
+the endpoint. With plain Apache CXF, these properties are often set via
+the <jaxws:properties> element on the <jaxws:endpoint> element in the
+Spring config; these annotations allow the properties to be configured
+in the code.
+
+
+
WSS4J uses the Crypto interface to get keys and certificates for
+signature creation/verification, as is asserted by the WSDL for this
+service. The WSS4J configuration information being provided by
+HolderOfKeyImpl is for Crypto’s Merlin implementation. More information
+will be provided about this in the keystore section.
+
+
+
The first EndpointProperty statement in the listing disables ensurance
+of compliance with the Basic Security Profile 1.1. The next
+EndpointProperty statements declares the Java properties file that
+contains the (Merlin) crypto configuration information. The last
+EndpointProperty statement declares the STSHolderOfKeyCallbackHandler
+implementation class. It is used to obtain the user’s password for the
+certificates in the keystore file.
WSS4J’s Crypto implementation is loaded and configured via a Java
+properties file that contains Crypto configuration data. The file
+contains implementation-specific properties such as a keystore location,
+password, default alias and the like. This application is using the
+Merlin implementation. File serviceKeystore.properties contains this
+information.
+
+
+
File servicestore.jks, is a Java KeyStore (JKS) repository. It contains
+self signed certificates for myservicekey and mystskey. Self signed
+certificates are not appropriate for production use.
When deployed on WildFly this application requires access to the JBossWs
+and CXF APIs provided in module org.jboss.ws.cxf.jbossws-cxf-client. The
+dependency statement directs the server to provide them at deployment.
This section examines the crucial elements in providing the Security
+Token Service functionality for providing a SAML Holder-Of-Key token.
+The components that will be discussed are.
+
+
+
+
+
Security Domain
+
+
+
STS’s WSDL
+
+
+
STS’s implementation class
+
+
+
STSBearerCallbackHandler
+
+
+
Crypto properties and keystore files
+
+
+
MANIFEST.MF
+
+
+
+
+Security Domain
+
+
The STS requires a JBoss security domain be configured. The
+jboss-web.xml descriptor declares a named security
+domain,"JBossWS-trust-sts" to be used by this service for
+authentication. This security domain requires two properties files and
+the addition of a security-domain declaration in the JBoss server
+configuration file.
+
+
+
For this scenario the domain needs to contain user alice, password
+clarinet, and role friend. See the listings below for
+jbossws-users.properties and jbossws-roles.properties. In addition the
+following XML elements must be added to the Elytron subsystem in the
+server configuration file. Replace " SOME_PATH" with appropriate
+information and then configure authentication with this security domain.
The Apache CXF’s STS, SecurityTokenServiceProvider, is a web service
+provider that is compliant with the protocols and functionality defined
+by the WS-Trust specification. It has a modular architecture. Many of
+its components are configurable or replaceable and there are many
+optional features that are enabled by implementing and configuring
+plug-ins. Users can customize their own STS by extending from
+SecurityTokenServiceProvider and overriding the default settings.
+Extensive information about the CXF’s STS configurable and pluggable
+components can be found
+here.
+
+
+
This STS implementation class, SampleSTSHolderOfKey, is a POJO that
+extends from SecurityTokenServiceProvider. Note that the class is
+defined with a WebServiceProvider annotation and not a WebService
+annotation. This annotation defines the service as a Provider-based
+endpoint, meaning it supports a more messaging-oriented approach to Web
+services. In particular, it signals that the exchanged messages will be
+XML documents of some type. SecurityTokenServiceProvider is an
+implementation of the jakarta.xml.ws.Provider interface. In comparison the
+WebService annotation defines a (service endpoint interface) SEI-based
+endpoint which supports message exchange via SOAP envelopes.
+
+
+
As was done in the HolderOfKeyImpl class, the WSS4J annotations
+EndpointProperties and EndpointProperty are providing endpoint
+configuration for the CXF runtime. The first EndpointProperty statements
+declares the Java properties file that contains the (Merlin) crypto
+configuration information. WSS4J reads this file and extra required
+information for message handling. The last EndpointProperty statement
+declares the STSHolderOfKeyCallbackHandler implementation class. It is
+used to obtain the user’s password for the certificates in the keystore
+file.
+
+
+
In this implementation we are customizing the operations of token
+issuance and their static properties.
+
+
+
StaticSTSProperties is used to set select properties for configuring
+resources in the STS. You may think this is a duplication of the
+settings made with the WSS4J annotations. The values are the same but
+the underlaying structures being set are different, thus this
+information must be declared in both places.
+
+
+
The setIssuer setting is important because it uniquely identifies the
+issuing STS. The issuer string is embedded in issued tokens and, when
+validating tokens, the STS checks the issuer string value. Consequently,
+it is important to use the issuer string in a consistent way, so that
+the STS can recognize the tokens that it has issued.
+
+
+
The setEndpoints call allows the declaration of a set of allowed token
+recipients by address. The addresses are specified as reg-ex patterns.
+
+
+
TokenIssueOperation has a modular structure. This allows custom
+behaviors to be injected into the processing of messages. In this case
+we are overriding the SecurityTokenServiceProvider’s default behavior
+and performing SAML token processing. CXF provides an implementation of
+a SAMLTokenProvider which we are using rather than writing our own.
STSHolderOfKeyCallbackHandler is a callback handler for the WSS4J Crypto
+API. It is used to obtain the password for the private key in the
+keystore. This class enables CXF to retrieve the password of the user
+name to use for the message signature.
WSS4J’s Crypto implementation is loaded and configured via a Java
+properties file that contains Crypto configuration data. The file
+contains implementation-specific properties such as a keystore location,
+password, default alias and the like. This application is using the
+Merlin implementation. File stsKeystore.properties contains this
+information.
+
+
+
File servicestore.jks, is a Java KeyStore (JKS) repository. It contains
+self signed certificates for myservicekey and mystskey. Self signed
+certificates are not appropriate for production use.
When deployed on WildFly, this application requires access to the
+JBossWs and CXF APIs provided in modules
+org.jboss.ws.cxf.jbossws-cxf-client and org.apache.cxf. The Apache CXF
+internals, org.apache.cxf.impl, are needed to build the STS
+configuration in the SampleSTSHolderOfKey constructor. The dependency
+statement directs the server to provide them at deployment.
This section examines the crucial elements in calling a web service that
+implements endpoint security as described in the SAML Holder-Of-Key
+scenario. The components that will be discussed are.
+
+
+
+
+
web service requester’s implementation
+
+
+
ClientCallbackHandler
+
+
+
Crypto properties and keystore files
+
+
+
+
+Web service requester Implementation
+
+
The ws-requester, the client, uses standard procedures for creating a
+reference to the web service. To address the endpoint security
+requirements, the web service’s "Request Context" is configured with the
+information needed in message generation. In addition, the STSClient
+that communicates with the STS is configured with similar values. Note
+the key strings ending with a ".it" suffix. This suffix flags these
+settings as belonging to the STSClient. The internal CXF code assigns
+this information to the STSClient that is auto-generated for this
+service call.
+
+
+
There is an alternate method of setting up the STSCLient. The user may
+provide their own instance of the STSClient. The CXF code will use this
+object and not auto-generate one. When providing the STSClient in this
+way, the user must provide a org.apache.cxf.Bus for it and the
+configuration keys must not have the ".it" suffix. This is used in the
+ActAs and OnBehalfOf examples.
+
+
+
+
String serviceURL = "https://" + getServerHost() + ":8443/jaxws-samples-wsse-policy-trust-holderofkey/HolderOfKeyService";
+
+finalQName serviceName = newQName("http://www.jboss.org/jbossws/ws-extensions/holderofkeywssecuritypolicy", "HolderOfKeyService");
+finalURL wsdlURL = newURL(serviceURL + "?wsdl");
+Service service = Service.create(wsdlURL, serviceName);
+HolderOfKeyIface proxy = (HolderOfKeyIface) service.getPort(HolderOfKeyIface.class);
+
+Map<String, Object> ctx = ((BindingProvider)proxy).getRequestContext();
+
+// set the security related configuration information for the service "request"
+ctx.put(SecurityConstants.CALLBACK_HANDLER, new ClientCallbackHandler());
+ctx.put(SecurityConstants.SIGNATURE_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ctx.put(SecurityConstants.ENCRYPT_PROPERTIES,
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ctx.put(SecurityConstants.SIGNATURE_USERNAME, "myclientkey");
+ctx.put(SecurityConstants.ENCRYPT_USERNAME, "myservicekey");
+
+//-- Configuration settings that will be transfered to the STSClient
+// "alice" is the name provided for the WSS Username. Her password will
+// be retreived from the ClientCallbackHander by the STSClient.
+ctx.put(SecurityConstants.USERNAME + ".it", "alice");
+ctx.put(SecurityConstants.CALLBACK_HANDLER + ".it", new ClientCallbackHandler());
+ctx.put(SecurityConstants.ENCRYPT_PROPERTIES + ".it",
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ctx.put(SecurityConstants.ENCRYPT_USERNAME + ".it", "mystskey");
+ctx.put(SecurityConstants.STS_TOKEN_USERNAME + ".it", "myclientkey");
+ctx.put(SecurityConstants.STS_TOKEN_PROPERTIES + ".it",
+ Thread.currentThread().getContextClassLoader().getResource(
+ "META-INF/clientKeystore.properties"));
+ctx.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO + ".it", "true");
+
+proxy.sayHello();
+
+
+
+
+ClientCallbackHandler
+
+
ClientCallbackHandler is a callback handler for the WSS4J Crypto API. It
+is used to obtain the password for the private key in the keystore. This
+class enables CXF to retrieve the password of the user name to use for
+the message signature. Note that "alice" and her password have been
+provided here. This information is not in the (JKS) keystore but
+provided in the WildFly security domain. It was declared in file
+jbossws-users.properties.
WSS4J’s Crypto implementation is loaded and configured via a Java
+properties file that contains Crypto configuration data. The file
+contains implementation-specific properties such as a keystore location,
+password, default alias and the like. This application is using the
+Merlin implementation. File clientKeystore.properties contains this
+information.
+
+
+
File clientstore.jks, is a Java KeyStore (JKS) repository. It contains
+self signed certificates for myservicekey and mystskey. Self signed
+certificates are not appropriate for production use.
JBoss Web Services inherits full WS-Reliable Messaging capabilities from
+the underlying Apache CXF implementation. At the time of writing, Apache
+CXF provides support for the
+WS-Reliable Messaging 1.0
+(February 2005) version of the specification.
+
+
+
Enabling WS-Reliable Messaging
+
+
WS-Reliable Messaging is implemented internally in Apache CXF through a
+set of interceptors that deal with the low level requirements of the
+reliable messaging protocol. In order for enabling WS-Reliable
+Messaging, users need to either:
+
+
+
+
+
consume a WSDL contract that specifies proper WS-Reliable Messaging
+policies / assertions
+
+
+
manually add / configure the reliable messaging interceptors
+
+
+
specify the reliable messaging policies in an optional CXF Spring XML
+descriptor
+
+
+
specify the Apache CXF reliable messaging feature in an optional CXF
+Spring XML descriptor
+
+
+
+
+
The former approach relies on the Apache CXF WS-Policy engine and is the
+only portable one. The other approaches are Apache CXF proprietary ones,
+however they allow for fine-grained configuration of protocol aspects
+that are not covered by the WS-Reliable Messaging Policy. More details
+are available in the
+Apache CXF
+documentation.
+
+
+
+
Example
+
+
In this example we configure WS-Reliable Messaging endpoint and client
+through the WS-Policy support.
+
+
+
Endpoint
+
+
We go with a contract-first approach, so we start by creating a proper
+WSDL contract, containing the WS-Reliable Messaging and WS-Addressing
+policies (the latter is a requirement of the former):
Finally we package the generated POJO endpoint together with a basic
+web.xml the usual way and deploy to the application server. The
+webservices stack automatically detects the policies and enables
+WS-Reliable Messaging.
+
+
+
+
Client
+
+
The endpoint advertises his RM capabilities (and requirements) through
+the published WSDL and the client is required to also enable WS-RM for
+successfully exchanging messages with the server.
+
+
+
So a regular JAX WS client is enough if the user does not need to tune
+any specific detail of the RM subsystem.
Fine-grained tuning of WS-Reliable Messaging engine requires setting up
+proper RM features and attach them for instance to the client proxy.
+Here is an example:
+
+
+
+
packageorg.jboss.test.ws.jaxws.samples.wsrm.client;
+
+//...
+importjakarta.xml.ws.Service;
+importorg.apache.cxf.ws.rm.feature.RMFeature;
+importorg.apache.cxf.ws.rm.manager.AcksPolicyType;
+importorg.apache.cxf.ws.rm.manager.DestinationPolicyType;
+importorg.jboss.test.ws.jaxws.samples.wsrm.generated.SimpleService;
+
+// ...
+Service service = Service.create(wsdlURL, serviceName);
+
+RMFeature feature = new RMFeature();
+RMAssertion rma = new RMAssertion();
+RMAssertion.BaseRetransmissionInterval bri = new RMAssertion.BaseRetransmissionInterval();
+bri.setMilliseconds(4000L);
+rma.setBaseRetransmissionInterval(bri);
+AcknowledgementInterval ai = new AcknowledgementInterval();
+ai.setMilliseconds(2000L);
+rma.setAcknowledgementInterval(ai);
+feature.setRMAssertion(rma);
+DestinationPolicyType dp = new DestinationPolicyType();
+AcksPolicyType ap = new AcksPolicyType();
+ap.setIntraMessageThreshold(0);
+dp.setAcksPolicy(ap);
+feature.setDestinationPolicy(dp);
+
+SimpleService proxy = (SimpleService)service.getPort(SimpleService.class, feature);
+proxy.echo("Hello World");
+
+
+
+
The same can of course be achieved by factoring the feature into a
+custom pojo extending org.apache.cxf.ws.rm.feature.RMFeature and
+setting the obtained property in a client configuration:
+
+
+
+
packageorg.jboss.test.ws.jaxws.samples.wsrm.client;
+
+importorg.apache.cxf.ws.rm.feature.RMFeature;
+importorg.apache.cxf.ws.rm.manager.AcksPolicyType;
+importorg.apache.cxf.ws.rm.manager.DestinationPolicyType;
+importorg.apache.cxf.ws.rmp.v200502.RMAssertion;
+importorg.apache.cxf.ws.rmp.v200502.RMAssertion.AcknowledgementInterval;
+
+publicclassCustomRMFeatureextends RMFeature
+{
+ public CustomRMFeature() {
+ super();
+ RMAssertion rma = new RMAssertion();
+ RMAssertion.BaseRetransmissionInterval bri = new RMAssertion.BaseRetransmissionInterval();
+ bri.setMilliseconds(4000L);
+ rma.setBaseRetransmissionInterval(bri);
+ AcknowledgementInterval ai = new AcknowledgementInterval();
+ ai.setMilliseconds(2000L);
+ rma.setAcknowledgementInterval(ai);
+ super.setRMAssertion(rma);
+ DestinationPolicyType dp = new DestinationPolicyType();
+ AcksPolicyType ap = new AcksPolicyType();
+ ap.setIntraMessageThreshold(0);
+ dp.setAcksPolicy(ap);
+ super.setDestinationPolicy(dp);
+ }
+}
+
+
+
+
+
+
this is how the jaxws-client-config.xml descriptor would look:
JBoss Web Services allows communication over the Jakarta Messaging transport. The
+functionality comes from Apache CXF support for the
+SOAP over Java Message Service 1.0
+specification, which is aimed at a set of standards for interoperable
+transport of SOAP messages over Jakarta Messaging.
+
+
+
On top of Apache CXF functionalities, the JBossWS integration allows
+users to deploy WS archives containing both Jakarta Messaging and HTTP endpoints
+the same way as they do for basic HTTP WS endpoints (in war
+archives). The webservices layer of WildFly takes care of looking for
+Jakarta Messaging enpdoints in the deployed archive and starts them delegating to
+the Apache CXF core similarly as with HTTP endpoints.
+
+
+
Configuring SOAP over Jakarta Messaging
+
+
As per specification, the SOAP over Jakarta Messaging transport configuration is
+controlled by proper elements and attributes in the binding and
+service elements of the WSDL contract. So a Jakarta Messaging endpoint is usually
+developed using a contract-first approach.
+
+
+
The Apache CXF
+documentation covers all the details of the supported configurations.
+The minimum configuration implies:
+
+
+
+
+
setting a proper Jakarta Messaging URI in the soap:addresslocation [1]
+
+
+
providing a JNDI connection factory name to be used for connecting to
+the queues [2]
Apache CXF takes care of setting up the Jakarta Messaging transport for endpoint
+implementations whose @WebService annotation points to a port declared
+for Jakarta Messaging transport as explained above.
+
+
+
+
+
+
+
+
+JBossWS currently supports POJO endpoints only for Jakarta Messaging transport use.
+The endpoint classes can be deployed as part of jar or war archives.
+
+
+
+
+
+
The web.xml descriptor in war archives doesn’t need any entry for
+Jakarta Messaging endpoints.
+
+
+
+
Examples
+
+
Jakarta Messaging endpoint only deployment
+
+
In this example we create a simple endpoint relying on SOAP over Jakarta Messaging
+and deploy it as part of a jar archive.
+
+
+
The endpoint is created using wsconsume tool from a WSDL contract such
+as:
+The HelloWorldImplPort here is meant for using the testQueue that
+has to be created before deploying the endpoint.
+
+
+
+
+
+
At the time of writing, java:/ConnectionFactory is the default
+connection factory JNDI location on WildFly
+
+
+
For allowing remote JNDI lookup of the connection factory, a specific
+service ( HelloWorldService) for remote clients is added to the WSDL.
+The java:jms/RemoteConnectionFactory is the JNDI location of the same
+connection factory mentioned above, except it’s exposed for remote
+lookup. The soapjms:jndiInitialContextFactory and soap:jmsjndiURL
+complete the remote connection configuration, specifying the initial
+context factory class to use and the JNDI registry address.
+
+
+
+
+
+
+
+
+Have a look at the application server domain for finding out the
+configured connection factory JNDI locations.
+
+
+
+
+
+
The endpoint implementation is a basic Jakarta XML Web Services POJO using @WebService
+annotation to refer to the consumed contract:
+The endpoint implementation references the HelloWorldServiceLocal wsdl
+service, so that the local JNDI connection factory location is used for
+starting the endpoint on server side.
+
+
+
+
+
+
That’s pretty much all. We just need to package the generated service
+endpoint interface, the endpoint implementation and the WSDL file in a
+jar archive and deploy it:
+
+
+
+
alessio@inuyasha /dati/jbossws/stack/cxf/trunk $ jar -tvf ./modules/testsuite/cxf-tests/target/test-libs/jaxws-cxf-jms-only-deployment.jar
+ 0 Thu Jun 23 15:18:44 CEST 2011 META-INF/
+ 129 Thu Jun 23 15:18:42 CEST 2011 META-INF/MANIFEST.MF
+ 0 Thu Jun 23 15:18:42 CEST 2011 org/
+ 0 Thu Jun 23 15:18:42 CEST 2011 org/jboss/
+ 0 Thu Jun 23 15:18:42 CEST 2011 org/jboss/test/
+ 0 Thu Jun 23 15:18:42 CEST 2011 org/jboss/test/ws/
+ 0 Thu Jun 23 15:18:42 CEST 2011 org/jboss/test/ws/jaxws/
+ 0 Thu Jun 23 15:18:42 CEST 2011 org/jboss/test/ws/jaxws/cxf/
+ 0 Thu Jun 23 15:18:42 CEST 2011 org/jboss/test/ws/jaxws/cxf/jms/
+ 313 Thu Jun 23 15:18:42 CEST 2011 org/jboss/test/ws/jaxws/cxf/jms/HelloWorld.class
+ 1173 Thu Jun 23 15:18:42 CEST 2011 org/jboss/test/ws/jaxws/cxf/jms/HelloWorldImpl.class
+ 0 Thu Jun 23 15:18:40 CEST 2011 META-INF/wsdl/
+ 3074 Thu Jun 23 15:18:40 CEST 2011 META-INF/wsdl/HelloWorldService.wsdl
+
+
+
+
+
+
+
+
+
+A dependency on org.hornetq module needs to be added in MANIFEST.MF
+when deploying to WildFly.
+
A Jakarta XML Web Services client can interact with the Jakarta Messaging endpoint the usual way:
+
+
+
+
URL wsdlUrl = ...
+//start another bus to avoid affecting the one that could already be assigned to the current thread - optional but highly suggested
+Bus bus = BusFactory.newInstance().createBus();
+BusFactory.setThreadDefaultBus(bus);
+try
+{
+ QName serviceName = newQName("http://org.jboss.ws/jaxws/cxf/jms", "HelloWorldService");
+ Service service = Service.create(wsdlUrl, serviceName);
+ HelloWorld proxy = (HelloWorld) service.getPort(newQName("http://org.jboss.ws/jaxws/cxf/jms", "HelloWorldImplPort"), HelloWorld.class);
+ setupProxy(proxy);
+ proxy.echo("Hi");
+}
+finally
+{
+ bus.shutdown(true);
+}
+
+
+
+
+
+
+
+
+
+The WSDL location URL needs to be retrieved in a custom way, depending
+on the client application. Given the endpoint is Jakarta Messaging only, there’s no
+automatically published WSDL contract.
+
+
+
+
+
+
in order for performing the remote invocation (which internally goes
+through remote JNDI lookup of the connection factory), the calling user
+credentials need to be set into the Apache CXF JMSConduit:
+Have a look at the WildFly domain and messaging configuration for
+finding out the actual security requirements. At the time of writing, a
+user with guest role is required and that’s internally checked using
+the other security domain.
+
+
+
+
+
+
Of course once the endpoint is exposed over Jakarta Messaging transport, any plain Jakarta Messaging
+client can also be used to send messages to the webservice endpoint. You
+can have a look at the SOAP over Jakarta Messaging spec details and code the client
+similarly to
The same considerations of the previous example regarding the Jakarta Messaging queue
+and JNDI connection factory still apply.
+Here we can implement the endpoint in multiple ways, either with a
+common implementation class that’s extended by the Jakarta Messaging and HTTP ones, or
+keep the two implementation classes independent and just have them
+implement the same service endpoint interface:
Both classes are packaged together the service endpoint interface and
+the WSDL file in a war archive:
+
+
+
+
alessio@inuyasha /dati/jbossws/stack/cxf/trunk $ jar -tvf ./modules/testsuite/cxf-spring-tests/target/test-libs/jaxws-cxf-jms-http-deployment.war
+ 0 Thu Jun 23 15:18:44 CEST 2011 META-INF/
+ 129 Thu Jun 23 15:18:42 CEST 2011 META-INF/MANIFEST.MF
+ 0 Thu Jun 23 15:18:44 CEST 2011 WEB-INF/
+ 569 Thu Jun 23 15:18:40 CEST 2011 WEB-INF/web.xml
+ 0 Thu Jun 23 15:18:44 CEST 2011 WEB-INF/classes/
+ 0 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/
+ 0 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/jboss/
+ 0 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/jboss/test/
+ 0 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/jboss/test/ws/
+ 0 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/
+ 0 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/cxf/
+ 0 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/cxf/jms_http/
+ 318 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/cxf/jms_http/HelloWorld.class
+ 1192 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/cxf/jms_http/HelloWorldImpl.class
+ 1246 Thu Jun 23 15:18:42 CEST 2011 WEB-INF/classes/org/jboss/test/ws/jaxws/cxf/jms_http/HttpHelloWorldImpl.class
+ 0 Thu Jun 23 15:18:40 CEST 2011 WEB-INF/wsdl/
+ 3068 Thu Jun 23 15:18:40 CEST 2011 WEB-INF/wsdl/HelloWorldService.wsdl
+
+
+
+
A trivial web.xml descriptor is also included to trigger the HTTP
+endpoint publish:
+Here too the MANIFEST.MF needs to declare a dependency on org.hornetq
+module when deploying to WildFly.
+
+
+
+
+
+
Finally, the Jakarta XML Web Services client can ineract with both Jakarta Messaging and HTTP endpoints
+as usual:
+
+
+
+
//start another bus to avoid affecting the one that could already be assigned to current thread - optional but highly suggested
+Bus bus = BusFactory.newInstance().createBus();
+BusFactory.setThreadDefaultBus(bus);
+try
+{
+ QName serviceName = newQName("http://org.jboss.ws/jaxws/cxf/jms", "HelloWorldService");
+ Service service = Service.create(wsdlUrl, serviceName);
+
+ //JMS test
+ HelloWorld proxy = (HelloWorld) service.getPort(newQName("http://org.jboss.ws/jaxws/cxf/jms", "HelloWorldImplPort"), HelloWorld.class);
+ setupProxy(proxy);
+ proxy.echo("Hi");
+ //HTTP test
+ HelloWorld httpProxy = (HelloWorld) service.getPort(newQName("http://org.jboss.ws/jaxws/cxf/jms", "HttpHelloWorldImplPort"), HelloWorld.class);
+ httpProxy.echo("Hi");
+}
+finally
+{
+ bus.shutdown(true);
+}
+
+
+
+
+
Use of Endpoint.publish() API
+
+
An alternative to deploying an archive containing Jakarta Messaging endpoints is in
+starting them directly using the Jakarta XML Web Services Endpoint.publish(..) API.
+
+
+
That’s as easy as doing:
+
+
+
+
Object implementor = new HelloWorldImpl();
+Endpoint ep = Endpoint.publish("jms:queue:testQueue", implementor);
+try
+{
+ //use or let others use the endpoint
+}
+finally
+{
+ ep.stop();
+}
+
+
+
+
where HelloWorldImpl is a POJO endpoint implementation referencing a
+Jakarta Messaging port in a given WSDL contract, as explained in the previous
+examples.
+
+
+
The main difference among the deployment approach is in the direct
+control and responsibility over the endpoint lifecycle ( start/publish
+and stop).
+
+
+
+
+
+
17.5.16. HTTP Proxy
+
+
The HTTP Proxy related functionalities of JBoss Web Services are
+provided by the Apache CXF http transport layer.
+
+
+
The suggested configuration mechanism when running JBoss Web Services is
+explained below; for further information please refer to the
+Apache
+CXF documentation.
+
+
+
Configuration
+
+
The HTTP proxy configuration for a given Jakarta XML Web Services client can be set in the
+following ways:
+
+
+
+
+
through the http.proxyHost and http.proxyPort system properties,
+or
+
+
+
leveraging the org.apache.cxf.transport.http.HTTPConduit options
+
+
+
+
+
The former is a JVM level configuration; for instance, assuming the http
+proxy is currently running at http://localhost:9934, here is the setup:
The latter is a client stub/port level configuration: the setup is
+performed on the HTTPConduit object that’s part of the Apache CXF
+Client abstraction.
The ProxyAuthorizationPolicy also allows for setting the authotization
+type as well as the username / password to be used.
+
+
+
Speaking of authorization and authentication, please note that the JDK
+already features the java.net.Authenticator facility, which is used
+whenever opening a connection to a given URL requiring a http proxy.
+Users might want to set a custom Authenticator for instance when needing
+to read WSDL contracts before actually calling into the JBoss Web
+Services / Apache CXF code; here is an example:
Apache CXF includes support for Web Services Dynamic Discovery (
+WS-Discovery),
+which is a protocol to enable dynamic discovery of services available on
+the local network. The protocol implies using a UDP based multicast
+transport to announce new services and probe for existing services. A
+managed mode where a discovery proxy is used to reduce the amount of
+required multicast traffic is also covered by the protocol.
+
+
+
JBossWS integrates the WS-Discovery
+functionalities provided
+by Apache CXF into the application server.
+
+
+
Enabling WS-Discovery
+
+
Apache CXF enables WS-Discovery depending on the availability of its
+runtime component; given that’s always shipped in the application
+server, JBossWS integration requires using the
+cxf.ws-discovery.enabled
+property
+usage for enabling WS-Discovery for a given deployment. By default
+WS-Discovery is disabled on the application server. Below is an
+example of jboss-webservices.xml descriptor to be used for enabling
+WS-Discovery:
By default, a WS-Discovery service endpoint (SOAP-over-UDP bound) will
+be started the first time a WS-Discovery enabled deployment is processed
+on the application server. Every ws endpoint belonging to WS-Discovery
+enabled deployments will be automatically registered into such a
+WS-Discovery service endpoint ( Hello messages). The service will
+reply to Probe and Resolve messages received on UDP port 3702
+(including multicast messages sent to IPv4 address 239.255.255.250,
+as per
+specification).
+Endpoints will eventually be automatically unregistered using Bye
+messages upon undeployment.
+
+
+
+
Probing services
+
+
Apache CXF comes with a WS-Discovery API that can be used to probe /
+resolve services. When running in-container, a JBoss module
+dependency to the org.apache.cxf.impl module is to
+be set to have access to WS-Discovery client functionalities.
+
+
+
The
+org.apache.cxf.ws.discovery.WSDiscoveryClient
+class provides the probe and resolve methods which also accepts
+filters on scopes. Users can rely on them for locating available
+endpoints on the network. Please have a look at the JBossWS testsuite
+which includes a
+sample
+on CXF WS-Discovery usage.
by adding policy assertions to wsdl contracts and letting the runtime
+consume them and behave accordingly;
+
+
+
by specifying endpoint policy attachments using either CXF annotations
+or features.
+
+
+
+
+
Of course users can also make direct use of the Apache CXF policy
+framework,
+defining custom
+assertions, etc.
+
+
+
Finally, JBossWS provides some additional annotations for simplified
+policy attachment.
+
+
+
Contract-first approach
+
+
WS-Policies can be attached and referenced in wsdl elements (the
+specifications describe all possible alternatives). Apache CXF
+automatically recognizes, reads and uses policies defined in the wsdl.
+
+
+
Users should hence develop endpoints using the contract-first
+approach, that is explicitly providing the contract for their services.
+Here is a excerpt taken from a wsdl including a WS-Addressing policy:
Of course, CXF also acts upon policies specified in wsdl documents
+consumed on client side.
+
+
+
+
Code-first approach
+
+
For those preferring code-first (java-first) endpoint development,
+Apache CXF comes with org.apache.cxf.annotations.Policy and
+org.apache.cxf.annotations.Policies annotations to be used for
+attaching policy fragments to the wsdl generated at deploy time.
+
+
+
Here is an example of a code-first endpoint including @Policy
+annotation:
The referenced descriptor is to be added to the deployment and will
+include the policy to be attached; the attachment position in the
+contracts is defined through the placement attribute. Here is a
+descriptor example:
Both approaches above require users to actually write their policies'
+assertions; while this offer great flexibility and control of the actual
+contract, providing the assertions might end up being quite a
+challenging task for complex policies. For this reason, the JBossWS
+integration provides policy sets, which are basically pre-defined
+groups of policy assertions corresponding to well known / common needs.
+Each set has a label allowing users to specify it in the
+@org.jboss.ws.api.annotation.PolicySets annotation to have the policy
+assertions for that set attached to the annotated endpoint. Multiple
+labels can also be specified. Here is an example of the @PolicySets
+annotation on a service endpoint interface:
The three sets specified in @PolicySets will cause the wsdl generated
+for the endpoint having this interface to be enriched with some policy
+assertions for WS-RM, WS-Security and WS-Addressing.
+
+
+
The labels' list of known sets is stored in the
+META-INF/policies/org.jboss.wsf.stack.cxf.extensions.policy.PolicyAttachmentStore
+file within the jbossws-cxf-client.jar (
+org.jboss.ws.cxf:jbossws-cxf-client maven artifact). Actual policy
+fragments for each set are also stored in the same artifact at
+META-INF/policies/<set-label>-<attachment-position>.xml.
+
+
+
Here is a list of the available policy sets:
+
+
+
+
+
+
+
+
+
Label
+
Description
+
+
+
+
+
WS-Addressing
+
Basic WS-Addressing policy
+
+
+
WS-RM_Policy_spec_example
+
The basic WS-RM policy example in the WS-RM
+specification
+
+
+
WS-SP-EX2121_SSL_UT_Supporting_Token
+
The group of policy assertions
+used in the section 2.1.2.1 example of the WS-Security Policy Examples
+1.0 specification
A WS-Security policy for asymmetric binding (encrypt before signing)
+using X.509v1 tokens, 3DES + RSA 1.5 algorithms and with token
+protections enabled
+
+
+
AsymmetricBinding_X509v1_GCM256OAEP_ProtectTokens
+
The same as before,
+but using custom Apache CXF algorithm suite including GCM 256 + RSA OAEP
+algorithms
+
+
+
+
+
+
+
+
+
+
+Always verify the contents of the generated wsdl contract, as policy
+sets are potentially subject to updates between JBossWS releases. This
+is especially important when dealing with security related policies; the
+provided sets are to be considered as convenient configuration options
+only; users remain responsible for the policies in their contracts.
+
+
+
+
+
+
+
+
+
+
+
+The org.jboss.wsf.stack.cxf.extensions.policy.Constants interface has
+convenient String constants for the available policy set labels.
+
+
+
+
+
+
+
+
+
+
+
+If you feel a new set should be added, just propose it by writing the
+user forum!
+
+
+
+
+
+
+
+
+
17.5.19. Published WSDL customization
+
+
Endpoint address rewrite
+
+
JBossWS supports the rewrite of the <soap:address> element of
+endpoints published in WSDL contracts. This feature is useful for
+controlling the server address that is advertised to clients for each
+endpoint. The rewrite mechanism is configured at server level through a
+set of elements in the webservices subsystem of the WildFly management
+model. Please refer to the container documentation for details on the
+options supported in the selected container version. Below is a list of
+the elements available in the latest WildFly sources:
+
+
+
+
+
+
+
+
+
+
Name
+
Type
+
Description
+
+
+
+
+
modify-wsdl-address
+
boolean
+
This boolean enables and disables the
+address rewrite functionality.When modify-wsdl-address is set to true
+and the content of <soap:address> is a valid URL, JBossWS will rewrite
+the URL using the values of wsdl-host and wsdl-port or
+wsdl-secure-port.When modify-wsdl-address is set to false and the
+content of <soap:address> is a valid URL, JBossWS will not rewrite the
+URL. The <soap:address> URL will be used.When the content of
+<soap:address> is not a valid URL, JBossWS will rewrite it no matter
+what the setting of modify-wsdl-address.If modify-wsdl-address is set to
+true and wsdl-host is not defined or explicitly set to
+'jbossws.undefined.host' the content of <soap:address> URL is use.
+JBossWS uses the requester’s host when rewriting the <soap:address>When
+modify-wsdl-address is not defined JBossWS uses a default value of true.
+
+
+
wsdl-host
+
string
+
The hostname / IP address to be used for rewriting
+<soap:address>.If wsdl-host is set to jbossws.undefined.host, JBossWS
+uses the requester’s host when rewriting the <soap:address>When
+wsdl-host is not defined JBossWS uses a default value of
+'jbossws.undefined.host'.
+
+
+
wsdl-port
+
int
+
Set this property to explicitly define the HTTP port
+that will be used for rewriting the SOAP address.Otherwise the HTTP port
+will be identified by querying the list of installed HTTP connectors.
+
+
+
wsdl-secure-port
+
int
+
Set this property to explicitly define the HTTPS
+port that will be used for rewriting the SOAP address.Otherwise the
+HTTPS port will be identified by querying the list of installed HTTPS
+connectors.
+
+
+
wsdl-uri-scheme
+
string
+
This property explicitly sets the URI scheme
+to use for rewriting <soap:address> . Valid values are http and https.
+This configuration overrides scheme computed by processing the endpoint
+(even if a transport guaranteeis specified). The provided values for
+wsdl-port and wsdl-secure-port (or their default values) are used
+depending on specified scheme.
+
+
+
wsdl-path-rewrite-rule
+
string
+
This string defines a SED substitution
+command (e.g., 's/regexp/replacement/g') that JBossWS executes against
+the path component of each <soap:address> URL published from the
+server.When wsdl-path-rewrite-rule is not defined, JBossWS retains the
+original path component of each <soap:address> URL.When
+'modify-wsdl-address' is set to "false" this element is ignored.
+
+
+
+
+
Additionally, users can override the server level configuration by
+requesting a specific rewrite behavior for a given endpoint deployment.
+That is achieved by setting one of the following properties within a
+jboss-webservices.xml descriptor:
+
+
+
+
+
+
+
+
+
Property
+
Corresponding server option
+
+
+
+
+
wsdl.soapAddress.rewrite.modify-wsdl-address
+
modify-wsdl-address
+
+
+
wsdl.soapAddress.rewrite.wsdl-host
+
wsdl-host
+
+
+
wsdl.soapAddress.rewrite.wsdl-port
+
wsdl-port
+
+
+
wsdl.soapAddress.rewrite.wsdl-secure-port
+
wsdl-secure-port
+
+
+
wsdl.soapAddress.rewrite.wsdl-path-rewrite-rule
+
wsdl-path-rewrite-rule
+
+
+
wsdl.soapAddress.rewrite.wsdl-uri-scheme
+
wsdl-uri-scheme
+
+
+
+
+
Here is an example of partial overriding of the default configuration
+for a specific deployment:
System property references wrapped within "@" characters are expanded
+when found in WSDL attribute and element values. This allows for
+instance including multiple WS-Policy declarations in the contract and
+selecting the policy to use depending on a server wide system property;
+here is an example:
If the org.jboss.wsf.test.JBWS3628TestCase.policy system property is
+defined and set to " WS-Addressing_policy ", WS-Addressing will be
+enabled for the endpoint defined by the contract above.
+
+
+
+
+
+
17.6. JBoss Modules and WS applications
+
+
The JBoss Web Services functionalities are provided by a given set of
+modules / libraries installed on WildFly, which are organized into JBoss
+Modules modules. In particular the org.jboss.as.webservices.* and
+org.jboss.ws.* modules belong to the JBossWS - WildFly integration.
+Users should not need to change anything in them.
+
+
+
While users are of course allowed to provide their own modules for their
+custom needs, below is a brief collection of suggestions and hints
+around modules and webservices development on WildFly.
+
+
+
17.6.1. Setting module dependencies
+
+
On WildFly the user deployment classloader does not have any visibility
+over JBoss internals; so for instance you can’t directly use JBossWS
+implementation classes unless you explicitly set a dependency to the
+corresponding module. As a consequence, users need to declare the module
+dependencies they want to be added to their deployment.
+
+
+
+
+
+
+
+
+The JBoss Web Services APIs are always available by default whenever the
+webservices subsystem is available on AS7. So users just use them, no
+need for explicit dependencies declaration for those modules.
+
+
+
+
+
+
Using MANIFEST.MF
+
+
The convenient method for configuring deployment dependencies is adding
+them into the MANIFEST.MF file:
Here above org.jboss.ws.cxf.jbossws-cxf-client and foo.bar are the
+modules you want to set dependencies to; services tells the modules
+framework that you want to also import META-INF/services/..
+declarations from the dependency, while export exports the classes
+from the module to any other module that might be depending on the
+module implicitly created for your deployment.
+
+
+
+
+
+
+
+
+When using annotations on your endpoints / handlers such as the Apache
+CXF ones (@InInterceptor, @GZIP, …) remember to add the proper module
+dependency in your manifest. Otherwise your annotations are not picked
+up and added to the annotation index by WildFly, resulting in them being
+completely and silently ignored.
+
+
+
+
+
+
Using Jakarta XML Binding
+
+
In order for successfully directly using Jakarta XML Binding contexts, etc. in your
+client or endpoint running in-container, you need to properly setup a
+Jakarta XML Binding implementation; that is performed setting the following dependency:
+
+
+
+
Dependencies: com.sun.xml.bind services export
+
+
+
+
+
Using Apache CXF
+
+
In order for using Apache CXF APIs and implementation classes you need
+to add a dependency to the org.apache.cxf (API) module and / or
+org.apache.cxf.impl (implementation) module:
+
+
+
+
Dependencies: org.apache.cxf services
+
+
+
+
However, please note that would not come with any JBossWS-CXF
+customizations nor additional extensions. For this reason, and generally
+speaking for simplifying user configuration, a client side aggregation
+module is available with all the WS dependencies users might need.
+
+
+
+
Client side WS aggregation module
+
+
Whenever you simply want to use all the JBoss Web Services
+feature/functionalities, you can set a dependency to the convenient
+client module.
Please note the services option above: that’s strictly required in
+order for you to get the JBossWS-CXF version of classes that are
+retrieved using the Service API, the org.apache.cxf.Bus for
+instance.
+
+
+
+
+
+
+
+
+Be careful as issues because of misconfiguration here can be quite hard
+to track down, because the Apache CXF behaviour would be sensibly
+different.
+
+
+
+
+
+
+
+
+
+
+
+The services option is almost always needed when declaring
+dependencies on org.jboss.ws.cxf.jbossws-cxf-client and
+org.apache.cxf modules. The reason for this is in it affecting the
+loading of classes through the Service API, which is what is used to
+wire most of the JBossWS components as well as all Apache CXF Bus
+extensions.
+
+
+
+
+
+
+
Annotation scanning
+
+
The application server uses an annotation index for detecting Jakarta XML Web Services
+endpoints in user deployments. When declaring WS endpoints whose class
+belongs to a different module (for instance referring that in the
+web.xml descriptor), be sure to have an annotations type dependency
+in place. Without that, your endpoints would simply be ignored as they
+won’t appear as annotated classes to the webservices subsystem.
+
+
+
+
Dependencies: org.foo annotations
+
+
+
+
+
+
Using jboss-deployment-descriptor.xml
+
+
In some circumstances, the convenient approach of setting module
+dependencies in MANIFEST.MF might not work. An example is the need for
+importing/exporting specific resources from a given module dependency.
+Users should hence add a jboss-deployment-structure.xml descriptor to
+their deployment and set module dependencies in it.
+
+
+
+
+
+
+
+
18. Scoped EJB client contexts
+
+
+
+WildFly 29 introduced the EJB client API for managing remote EJB
+invocations. The EJB client API works off EJBClientContext(s). An
+EJBClientContext can potentially contain any number of EJB receivers. An
+EJB receiver is a component which knows how to communicate with a server
+which is capable of handling the EJB invocation. Typically EJB remote
+applications can be classified into:
+
+
+
+
+
+
A remote client which runs as a standalone Java application
+
+
+
A remote client which runs within another WildFly 29 instance
+
+
+
+
+
Depending on the kind of remote client, from an EJB client API point of
+view, there can potentially be more than 1 EJBClientContext(s) within a
+JVM.
+
+
+
In case of standalone applications, typically a single EJBClientContext
+(backed by any number of EJB receivers) exists. However this isn’t
+mandatory. Certain standalone applications can potentially have more
+than one EJBClientContext(s) and an EJB client context selector will be
+responsible for returning the appropriate context.
+
+
+
In case of remote clients which run within another WildFly 29 instance,
+each deployed application will have a corresponding EJB client context.
+Whenever that application invokes on another EJB, the corresponding EJB
+client context will be used for finding the right EJB receiver and
+letting it handle the invocation.
+
+
+
18.1. Potential shortcomings of a single EJB client context
+
+
In the Overview section we briefly looked at the different types of
+remote clients. Let’s focus on the standalone remote clients (the ones
+that don’t run within another WildFly 29 instance) for some of the next
+sections. Like mentioned earlier, typically a remote standalone client
+has just one EJB client context backed by any number of EJB receivers.
+Consider this example:
+
+
+
+
publicclassMyApplication {
+
+ publicstaticvoid main(String args[]) {
+
+ final javax.naming.Context ctxOne = new javax.naming.InitialContext();
+ final MyBeanInterface beanOne = ctxOne.lookup("ejb:app/module/distinct/bean!interface");
+ beanOne.doSomething();
+ ...
+ }
+}
+
+
+
+
Now, we have seen in this other chapter
+EJB
+invocations from a remote client using JNDI that the JNDI lookups are
+(typically) backed by jboss-ejb-client.properties file which is used to
+setup the EJB client context and the EJB receivers. Let’s assume we have
+a jboss-ejb-client.properties with the relevant receivers
+configurations. These configurations include the security credentials
+that will be used to create an EJB receiver which connects to the AS7
+server. Now when the above code is invoked, the EJB client API looks for
+the EJB client context to pick an EJB receiver, to pass on the EJB
+invocation request. Since we just have a single EJB client context, that
+context is used by the above code to invoke the bean.
+
+
+
Now let’s consider a case where the user application wants to invoke on
+the bean more than once, but wants to connect to the WildFly 29 server
+using different security credentials. Let’s take a look at the following
+code:
+
+
+
+
publicclassMyApplication {
+
+ publicstaticvoid main(String args[]) {
+
+ // let's say we want to use "foo" security credential while connecting to the AS7 server for invoking on this bean instance
+ final javax.naming.Context ctxOne = new javax.naming.InitialContext();
+ final MyBeanInterface beanOne = ctxOne.lookup("ejb:app/module/distinct/bean!interface");
+ beanOne.doSomething();
+ ...
+
+ // let's say we want to use "bar" security credential while connecting to the AS7 server for invoking on this bean instance
+ final javax.naming.Context ctxTwo = new javax.naming.InitialContext();
+ final MyBeanInterface beanTwo = ctxTwo.lookup("ejb:app/module/distinct/bean!interface");
+ beanTwo.doSomething();
+ ...
+
+ }
+}
+
+
+
+
So we have the same application, which wants to connect to the same
+server instance for invoking the EJB(s) hosted on that server, but wants
+to use two different credentials while connecting to the server.
+Remember, the client application has a single EJB client context which
+can have atmost 1 EJB receiver for each server instance. Which
+effectively means that the above code will end up using just one
+credential to connect to the server. So there was no easy way to have
+the above code working.
+
+
+
That was one of the use cases which prompted the
+https://issues.redhat.com/browse/EJBCLIENT-34 feature request. The
+proposal was to introduce a way, where you can have more control over
+the EJB client contexts and their association with JNDI contexts which
+are typically used for EJB invocations.
+
+
+
+
18.2. Scoped EJB client contexts
+
+
Developers familiar with earlier versions of JBoss AS would remember
+that for invoking an EJB, you would typically create a JNDI context
+passing it the PROVIDER_URL which would point to the target server. That
+way any invocation is done on EJB proxies looked up using that JNDI
+context, would end up on that server. If we look back at the example
+above, we’ll realize that, we are ultimately aiming for a similar
+functionality through https://issues.redhat.com/browse/EJBCLIENT-34. We
+want the user applications to have more control over which EJB receiver
+gets used for a specific invocation.
publicclassMyApplication {
+
+ publicstaticvoid main(String args[]) {
+
+ // let's say we want to use "foo" security credential while connecting to the AS7 server for invoking on this bean instance
+ finalProperties ejbClientContextPropsOne = getPropsForEJBClientContextOne():
+ final javax.naming.Context ctxOne = new javax.naming.InitialContext(ejbClientContextPropsOne);
+ final MyBeanInterface beanOne = ctxOne.lookup("ejb:app/module/distinct/bean!interface");
+ beanOne.doSomething();
+ ...
+ closeContext(ctxOne); // read on the entire article to understand more about closing scoped EJB client contexts
+
+ // let's say we want to use "bar" security credential while connecting to the AS7 server for invoking on this bean instance
+ finalProperties ejbClientContextPropsTwo = getPropsForEJBClientContextTwo():
+ final javax.naming.Context ctxTwo = new javax.naming.InitialContext(ejbClientContextPropsTwo);
+ final MyBeanInterface beanTwo = ctxTwo.lookup("ejb:app/module/distinct/bean!interface");
+ beanTwo.doSomething();
+ ...
+ closeContext(ctxTwo); // read on the entire article to understand more about closing scoped EJB client contexts
+ }
+}
+
+
+
+
Notice any difference between this code and the earlier one? We now
+create and pass EJB client context specific properties to the JNDI
+context. So what do the EJB client context properties look like? The
+properties are the same that you would pass through the
+jboss-ejb-client.properties file, except for one additional property
+which is required to scope the EJB client context to the JNDI context.
+The name of the property is:
+
+
+
org.jboss.ejb.client.scoped.context
+
+
+
which is expected to have a value true. This property lets the EJB
+client API know that it has to created an EJB client context (backed by
+EJB receiver(s)) and that created context is then scoped/visible to only
+that JNDI context which created it. Lookup and invocation on any EJB
+proxies looked up using this JNDI context will only know of the EJB
+client context associated with this JNDI context. This effectively means
+that the other JNDI contexts which the application uses to lookup and
+invoke on EJBs will not know about the other scoped EJB client
+contexts at all.
+
+
+
JNDI contexts which aren’t scoped to a EJB client context (for example,
+not passing the org.jboss.ejb.client.scoped.context property) will
+fallback to the default behaviour of using the "current" EJB client
+context which typically is the one tied to the entire application.
+
+
+
This scoping of the EJB client context helps the user applications to
+have more control over which JNDI context "talks to" which server and
+connects to that server in "what way". This gives the user applications
+the flexibility that was associated with the JNP based JNDI invocations
+prior to WildFly 29 versions.
+
+
+
+
+
+
+
+
+IMPORTANT:It is very important to remember that scoped EJB client
+contexts which are scoped to the JNDI contexts are NOT fire and forget
+kind of contexts. What that means is the application program which is
+using these contexts is solely responsible for managing their lifecycle
+and the application itself is responsible for closing the context at the
+right moment. After closing the context the proxies which are bound to
+this context are no longer valid and any invocation will throw an
+Exception. Not closing the context will end in resource problems as the
+underlying physical connection will stay open.
+
+
+
+
+
+
Read the rest of the sections in this article to understand more about
+the lifecycle management of such scoped contexts.
+
+
+
+
18.3. Lifecycle management of scoped EJB client contexts
+
+
Like you saw in the previous sections, in case of scoped EJB client
+contexts, the EJB client context is tied to the JNDI context. It’s very
+important to understand how the lifecycle of the EJB client context
+works in such cases. Especially since any EJB client context is almost
+always backed by connections to the server. Not managing the EJB client
+context lifecycle correctly can lead to connection leaks in some cases.
+
+
+
When you create a scoped EJB client context, the EJB client context
+connects to the server(s) listed in the JNDI properties. An internal
+implementation detail of this logic includes the ability of the EJB
+client context to cache connections based on certain internal algorithm
+it uses. The algorithm itself isn’t publicly documented (yet) since the
+chances of it changing or even removal shouldn’t really affect the
+client application and instead it’s supposed to be transparent to the
+client application.
+
+
+
The connections thus created for an EJB client context are kept open as
+long as the EJB client context is open. This allows the EJB client
+context to be usable for EJB invocations. The connections associated
+with the EJB client context are closed when the EJB client context
+itself is closed.
+
+
+
+
+
+
+
+
+The connections that were manually added by the application to the EJB
+client context are not managed by the EJB client context. i.e. they
+won’t be opened (obviously) nor closed by the EJB client API when the
+EJB client context is closed.
+
+
+
+
+
+
18.3.1. How to close EJB client contexts?
+
+
The answer to that is simple. Use the close() method on the appropriate
+EJB client context.
+
+
+
+
18.3.2. How to close scoped EJB client contexts?
+
+
The answer is the same, use the close() method on the EJB client
+context. But the real question is how do you get the relevant scoped EJB
+client context which is associated with a JNDI context. Before we get to
+that, it’s important to understand how the ejb: JNDI namespace that’s
+used for EJB lookups and how the JNDI context (typically the
+InitialContext that you see in the client code) are related. The JNDI
+API provided by Java language allows "URL context factory" to be
+registered in the JNDI framework (see this for details
+http://docs.oracle.com/javase/jndi/tutorial/provider/url/factory.html).
+Like that documentation states, the URL context factory can be used to
+resolve URL strings during JNDI lookup. That’s what the ejb: prefix is
+when you do a remote EJB lookup. The ejb: URL string is backed by a URL
+context factory.
+
+
+
Internally, when a lookup happens for a ejb: URL string, a relevant
+javax.naming.Context is created for that ejb: lookup. Let’s see some
+code for better understanding:
+
+
+
+
// JNDI context "A"
+Context jndiCtx = newInitialContext(props);
+// Now let's lookup a EJB
+MyBean bean = jndiCtx.lookup("ejb:app/module/distinct/bean!interface");
+
+
+
+
So we first create a JNDI context and then use it to lookup an EJB. The
+bean lookup using the ejb: JNDI name, although, is just one statement,
+involves a few more things under the hood. What’s actually happening
+when you lookup that string is that a separate javax.naming.Context gets
+created for the ejb: URL string. This new javax.naming.Context is then
+used to lookup the rest of the string in that JNDI name.
+
+
+
Let’s break up that one line into multiple statements to understand
+better:
+
+
+
+
// Remember, the ejb: is backed by a URL context factory which returns a Context for the ejb: URL (that's why it's called a context factory)
+finalContext ejbNamingContext = (Context) jndiCtx.lookup("ejb:");
+// Use the returned EJB naming context to lookup the rest of the JNDI string for EJB
+final MyBean bean = ejbNamingContext.lookup("app/module/distinct/bean!interface");
+
+
+
+
As you see above, we split up that single statement into a couple of
+statements for explaining the details better. So as you can see when the
+ejb: URL string is parsed in a JNDI name, it gets hold of a
+javax.naming.Context instance. This instance is different from the one
+which was used to do the lookup (jndiCtx in this example). This is an
+important detail to understand (for reasons explained later). Now this
+returned instance is used to lookup the rest of the JNDI string
+("app/module/distinct/bean!interface"), which then returns the EJB
+proxy. Irrespective of whether the lookup is done in a single statement
+or multiple parts, the code works the same. i.e. an instance of
+javax.naming.Context gets created for the ejb: URL string.
+
+
+
So why am I explaining all this when the section is titled
+"How to close scoped EJB client contexts"? The reason is because
+client applications dealing with scoped EJB client contexts which are
+associated with a JNDI context would expect the following code to close
+the associated EJB client context, but will be surprised that it won’t:
+
+
+
+
finalProperties props = newProperties();
+// mark it for scoped EJB client context
+props.put("org.jboss.ejb.client.scoped.context","true");
+// add other properties
+props.put(....);
+...
+Context jndiCtx = newInitialContext(props);
+try {
+ final MyBean bean = jndiCtx.lookup("ejb:app/module/distinct/bean!interface");
+ bean.doSomething();
+} finally {
+ jndiCtx.close();
+}
+
+
+
+
Applications expect that the call to jndiCtx.close() will effectively
+close the EJB client context associated with the JNDI context. That
+doesn’t happen because as explained previously, the javax.naming.Context
+backing the ejb: URL string is a different instance than the one the
+code is closing. The JNDI implementation in Java, only just closes the
+context on which the close was called. As a result, the other
+javax.naming.Context that backs the ejb: URL string is still not closed,
+which effectively means that the scoped EJB client context is not closed
+too which then ultimately means that the connection to the server(s) in
+the EJB client context are not closed too.
+
+
+
So now let’s see how this can be done properly. We know that the ejb:
+URL string lookup returns us a javax.naming.Context. All we have to do
+is keep a reference to this instance and close it when we are done with
+the EJB invocations. So here’s how it’s going to look:
+
+
+
+
finalProperties props = newProperties();
+// mark it for scoped EJB client context
+props.put("org.jboss.ejb.client.scoped.context","true");
+// add other properties
+props.put(....);
+...
+Context jndiCtx = newInitialContext(props);
+Context ejbRootNamingContext = (Context) jndiCtx.lookup("ejb:");
+try {
+ final MyBean bean = ejbRootNamingContext.lookup("app/module/distinct/bean!interface"); // the rest of the EJB jndi string
+ bean.doSomething();
+} finally {
+ try {
+ // close the EJB naming JNDI context
+ ejbRootNamingContext.close();
+ } catch (Throwable t) {
+ // log and ignore
+ }
+ try {
+ // also close our other JNDI context since we are done with it too
+ jndiCtx.close();
+ } catch (Throwable t) {
+ // log and ignore
+ }
+
+}
+
+
+
+
As you see, we changed the code to first do a lookup on just the "ejb:"
+string to get hold of the EJB naming context and then used that
+ejbRootNamingContext instance to lookup the rest of the EJB JNDI name to
+get hold of the EJB proxy. Then when it was time to close the context,
+we closed the ejbRootNamingContext (as well as the other JNDI context).
+Closing the ejbRootNamingContext ensures that the scoped EJB client
+context associated with that JNDI context is closed too. Effectively,
+this closes the connection(s) to the server(s) within that EJB client
+context.
+
+
+
Can that code be simplified a bit?
+
+
If you are using that JNDI context only for EJB invocations, then yes
+you can get rid of some instances and code from the above code. You can
+change that code to:
+
+
+
+
finalProperties props = newProperties();
+// mark it for scoped EJB client context
+props.put("org.jboss.ejb.client.scoped.context","true");
+// add other properties
+props.put(....);
+...
+Context ejbRootNamingContext = (Context) newInitialContext(props).lookup("ejb:");
+try {
+ final MyBean bean = ejbRootNamingContext.lookup("app/module/distinct/bean!interface"); // the rest of the EJB jndi string
+ bean.doSomething();
+} finally {
+ try {
+ // close the EJB naming JNDI context
+ ejbRootNamingContext.close();
+ } catch (Throwable t) {
+ // log and ignore
+ }
+}
+
+
+
+
Notice that we no longer hold a reference to 2 JNDI contexts and instead
+just keep track of the ejbRootNamingContext which is actually the root
+JNDI context for our "ejb:" URL string. Of course, this means that you
+can only use this context for EJB lookups or any other EJB related JNDI
+lookups. So it depends on your application and how it’s coded.
+
+
+
+
+
18.3.3. Can’t the scoped EJB client context be automatically closed by the
+
+
EJB client API when the JNDI context is no longer in scope (i.e. on GC)?
+
+
+
That’s one of the common questions that gets asked. No, the EJB client
+API can’t take that decision. i.e. it cannot automatically go ahead and
+close the scoped EJB client context by itself when the associated JNDI
+context is eligible for GC. The reason is simple as illustrated by the
+following code:
+
+
+
+
void doEJBInvocation() {
+ final MyBean bean = lookupEJB();
+ bean.doSomething();
+ bean.doSomeOtherThing();
+ ... // do some other work
+ bean.keepDoingSomething();
+}
+
+MyBean lookupEJB() {
+ finalProperties props = newProperties();
+ // mark it for scoped EJB client context
+ props.put("org.jboss.ejb.client.scoped.context","true");
+ // add other properties
+ props.put(....);
+ ...
+ Context ejbRootNamingContext = (Context) newInitialContext(props).lookup("ejb:");
+ final MyBean bean = ejbRootNamingContext.lookup("app/module/distinct/bean!interface"); // rest of the EJB jndi string
+ return bean;
+}
+
+
+
+
As you can see, the doEJBInvocation() method first calls a lookupEJB()
+method which does a lookup of the bean using a JNDI context and then
+returns the bean (proxy). The doEJBInvocation() then uses that returned
+proxy and keeps doing the invocations on the bean. As you might have
+noticed, the JNDI context that was used for lookup (i.e. the
+ejbRootNamingContext) is eligible for GC. If the EJB client API had
+closed the scoped EJB client context associated with that JNDI context,
+when that JNDI context was garbage collected, then the subsequent EJB
+invocations on the returned EJB (proxy) would start failing in
+doEJBInvocation() since the EJB client context is no longer available.
+
+
+
That’s the reason why the EJB client API doesn’t automatically close the
+EJB client context.
+
+
+
+
+
+
+
+
+References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
+
+
+
+
+
+
+
+
+
+
19. EJB invocations from a remote client using JNDI
+
+
+
This chapter explains how to invoke EJBs from a remote client by using
+the JNDI API to first lookup the bean proxy and then invoke on that
+proxy.
Before getting into the details, we would like the users to know that we
+have introduced a new EJB client API, which is a WildFly-specific API
+and allows invocation on remote EJBs. This client API isn’t based on
+JNDI. So remote clients need not rely on JNDI API to invoke on EJBs. A
+separate document covering the EJB remote client API will be made
+available. For now, you can refer to the javadocs of the EJB client
+project at http://docs.jboss.org/ejbclient/. In this document, we’ll
+just concentrate on the traditional JNDI based invocation on EJBs. So
+let’s get started:
+
+
+
19.1. Deploying your EJBs on the server side:
+
+
+
+
+
+
+
+Users who already have EJBs deployed on the server side can just skip to
+the next section.
+
+
+
+
+
+
As a first step, you’ll have to deploy your application containing the
+EJBs on the WildFly server. If you want those EJBs to be remotely
+invocable, then you’ll have to expose at least one remote view for that
+bean. In this example, let’s consider a simple Calculator stateless bean
+which exposes a RemoteCalculator remote business interface. We’ll also
+have a simple stateful CounterBean which exposes a RemoteCounter remote
+business interface. Here’s the code:
+
+
+
+
packageorg.jboss.as.quickstarts.ejb.remote.stateless;
+
+/**
+ * @author Jaikiran Pai
+ */
+publicinterfaceRemoteCalculator {
+
+ int add(int a, int b);
+
+ int subtract(int a, int b);
+}
+
+
+
+
+
packageorg.jboss.as.quickstarts.ejb.remote.stateless;
+
+importjakarta.ejb.Remote;
+importjakarta.ejb.Stateless;
+
+/**
+ * @author Jaikiran Pai
+ */
+@Stateless
+@Remote(RemoteCalculator.class)
+publicclassCalculatorBeanimplements RemoteCalculator {
+
+ @Override
+ publicint add(int a, int b) {
+ return a + b;
+ }
+
+ @Override
+ publicint subtract(int a, int b) {
+ return a - b;
+ }
+}
Let’s package this in a jar (how you package it in a jar is out of scope
+of this chapter) named "jboss-as-ejb-remote-app.jar" and deploy it to
+the server. Make sure that your deployment has been processed
+successfully and there aren’t any errors.
+
+
+
+
19.2. Writing a remote client application for accessing and invoking the
+
+
EJBs deployed on the server
+
+
+
The next step is to write an application which will invoke the EJBs that
+you deployed on the server. In WildFly, you can either choose to use the
+WildFly specific EJB client API to do the invocation or use JNDI to
+lookup a proxy for your bean and invoke on that returned proxy. In this
+chapter we will concentrate on the JNDI lookup and invocation and will
+leave the EJB client API for a separate chapter.
+
+
+
So let’s take a look at what the client code looks like for looking up
+the JNDI proxy and invoking on it. Here’s the entire client code which
+invokes on a stateless bean:
+
+
+
+
packageorg.jboss.as.quickstarts.ejb.remote.client;
+
+importjavax.naming.Context;
+importjavax.naming.InitialContext;
+importjavax.naming.NamingException;
+importjava.security.Security;
+importjava.util.Hashtable;
+
+importorg.jboss.as.quickstarts.ejb.remote.stateful.CounterBean;
+importorg.jboss.as.quickstarts.ejb.remote.stateful.RemoteCounter;
+importorg.jboss.as.quickstarts.ejb.remote.stateless.CalculatorBean;
+importorg.jboss.as.quickstarts.ejb.remote.stateless.RemoteCalculator;
+importorg.jboss.sasl.JBossSaslProvider;
+
+/**
+ * A sample program which acts a remote client for a EJB deployed on WildFly 10 server.
+ * This program shows how to lookup stateful and stateless beans via JNDI and then invoke on them
+ *
+ * @author Jaikiran Pai
+ */
+publicclassRemoteEJBClient {
+
+ publicstaticvoid main(String[] args) throwsException {
+ // Invoke a stateless bean
+ invokeStatelessBean();
+
+ // Invoke a stateful bean
+ invokeStatefulBean();
+ }
+
+ /**
+ * Looks up a stateless bean and invokes on it
+ *
+ * @throws NamingException
+ */
+ privatestaticvoid invokeStatelessBean() throwsNamingException {
+ // Let's lookup the remote stateless calculator
+ final RemoteCalculator statelessRemoteCalculator = lookupRemoteStatelessCalculator();
+ System.out.println("Obtained a remote stateless calculator for invocation");
+ // invoke on the remote calculator
+ int a = 204;
+ int b = 340;
+ System.out.println("Adding " + a + " and " + b + " via the remote stateless calculator deployed on the server");
+ int sum = statelessRemoteCalculator.add(a, b);
+ System.out.println("Remote calculator returned sum = " + sum);
+ if (sum != a + b) {
+ thrownewRuntimeException("Remote stateless calculator returned an incorrect sum " + sum + " ,expected sum was " + (a + b));
+ }
+ // try one more invocation, this time for subtraction
+ int num1 = 3434;
+ int num2 = 2332;
+ System.out.println("Subtracting " + num2 + " from " + num1 + " via the remote stateless calculator deployed on the server");
+ int difference = statelessRemoteCalculator.subtract(num1, num2);
+ System.out.println("Remote calculator returned difference = " + difference);
+ if (difference != num1 - num2) {
+ thrownewRuntimeException("Remote stateless calculator returned an incorrect difference " + difference + " ,expected difference was " + (num1 - num2));
+ }
+ }
+
+ /**
+ * Looks up a stateful bean and invokes on it
+ *
+ * @throws NamingException
+ */
+ privatestaticvoid invokeStatefulBean() throwsNamingException {
+ // Let's lookup the remote stateful counter
+ final RemoteCounter statefulRemoteCounter = lookupRemoteStatefulCounter();
+ System.out.println("Obtained a remote stateful counter for invocation");
+ // invoke on the remote counter bean
+ finalint NUM_TIMES = 20;
+ System.out.println("Counter will now be incremented " + NUM_TIMES + " times");
+ for (int i = 0; i < NUM_TIMES; i++) {
+ System.out.println("Incrementing counter");
+ statefulRemoteCounter.increment();
+ System.out.println("Count after increment is " + statefulRemoteCounter.getCount());
+ }
+ // now decrementing
+ System.out.println("Counter will now be decremented " + NUM_TIMES + " times");
+ for (int i = NUM_TIMES; i > 0; i--) {
+ System.out.println("Decrementing counter");
+ statefulRemoteCounter.decrement();
+ System.out.println("Count after decrement is " + statefulRemoteCounter.getCount());
+ }
+ }
+
+ /**
+ * Looks up and returns the proxy to remote stateless calculator bean
+ *
+ * @return
+ * @throws NamingException
+ */
+ privatestatic RemoteCalculator lookupRemoteStatelessCalculator() throwsNamingException {
+ finalHashtable jndiProperties = newHashtable();
+ jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
+ finalContext context = newInitialContext(jndiProperties);
+ // The app name is the application name of the deployed EJBs. This is typically the ear name
+ // without the .ear suffix. However, the application name could be overridden in the application.xml of the
+ // EJB deployment on the server.
+ // Since we haven't deployed the application as a .ear, the app name for us will be an empty string
+ finalString appName = "";
+ // This is the module name of the deployed EJBs on the server. This is typically the jar name of the
+ // EJB deployment, without the .jar suffix, but can be overridden via the ejb-jar.xml
+ // In this example, we have deployed the EJBs in a jboss-as-ejb-remote-app.jar, so the module name is
+ // jboss-as-ejb-remote-app
+ finalString moduleName = "jboss-as-ejb-remote-app";
+ // AS7 allows each deployment to have an (optional) distinct name. We haven't specified a distinct name for
+ // our EJB deployment, so this is an empty string
+ finalString distinctName = "";
+ // The EJB name which by default is the simple class name of the bean implementation class
+ finalString beanName = CalculatorBean.class.getSimpleName();
+ // the remote view fully qualified class name
+ finalString viewClassName = RemoteCalculator.class.getName();
+ // let's do the lookup
+ return (RemoteCalculator) context.lookup("ejb:" + appName + "/" + moduleName + "/" + distinctName + "/" + beanName + "!" + viewClassName);
+ }
+
+ /**
+ * Looks up and returns the proxy to remote stateful counter bean
+ *
+ * @return
+ * @throws NamingException
+ */
+ privatestatic RemoteCounter lookupRemoteStatefulCounter() throwsNamingException {
+ finalHashtable jndiProperties = newHashtable();
+ jndiProperties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
+ finalContext context = newInitialContext(jndiProperties);
+ // The app name is the application name of the deployed EJBs. This is typically the ear name
+ // without the .ear suffix. However, the application name could be overridden in the application.xml of the
+ // EJB deployment on the server.
+ // Since we haven't deployed the application as a .ear, the app name for us will be an empty string
+ finalString appName = "";
+ // This is the module name of the deployed EJBs on the server. This is typically the jar name of the
+ // EJB deployment, without the .jar suffix, but can be overridden via the ejb-jar.xml
+ // In this example, we have deployed the EJBs in a jboss-as-ejb-remote-app.jar, so the module name is
+ // jboss-as-ejb-remote-app
+ finalString moduleName = "jboss-as-ejb-remote-app";
+ // AS7 allows each deployment to have an (optional) distinct name. We haven't specified a distinct name for
+ // our EJB deployment, so this is an empty string
+ finalString distinctName = "";
+ // The EJB name which by default is the simple class name of the bean implementation class
+ finalString beanName = CounterBean.class.getSimpleName();
+ // the remote view fully qualified class name
+ finalString viewClassName = RemoteCounter.class.getName();
+ // let's do the lookup (notice the ?stateful string as the last part of the jndi name for stateful bean lookup)
+ return (RemoteCounter) context.lookup("ejb:" + appName + "/" + moduleName + "/" + distinctName + "/" + beanName + "!" + viewClassName + "?stateful");
+ }
+}
+
+
+
+
+
+
+
+
+
+The entire server side and client side code is hosted at the github repo
+here
+ejb-remote
+
+
+
+
+
+
The code has some comments which will help you understand each of those
+lines. But we’ll explain here in more detail what the code does. As a
+first step in the client code, we’ll do a lookup of the EJB using a JNDI
+name. In AS7, for remote access to EJBs, you use the ejb: namespace with
+the following syntax:
The ejb: namespace identifies it as a EJB lookup and is a constant (i.e.
+doesn’t change) for doing EJB lookups. The rest of the parts in the jndi
+name are as follows:
+
+
+
app-name : This is the name of the .ear (without the .ear suffix) that
+you have deployed on the server and contains your EJBs.
+
+
+
+
+
Jakarta EE allows you to override the application name, to a name of
+your choice by setting it in the application.xml. If the deployment uses
+uses such an override then the app-name used in the JNDI name should
+match that name.
+
+
+
EJBs can also be deployed in a .war or a plain .jar (like we did in
+step 1). In such cases where the deployment isn’t an .ear file, then the
+app-name must be an empty string, while doing the lookup.
+
+
+
+
+
module-name : This is the name of the .jar (without the .jar suffix)
+that you have deployed on the server and the contains your EJBs. If the
+EJBs are deployed in a .war then the module name is the .war name
+(without the .war suffix).
+
+
+
+
+
Jakarta EE allows you to override the module name, by setting it in the
+ejb-jar.xml/web.xml of your deployment. If the deployment uses such an
+override then the module-name used in the JNDI name should match that
+name.
+
+
+
Module name part cannot be an empty string in the JNDI name
+
+
+
+
+
distinct-name : This is a WildFly-specific name which can be
+optionally assigned to the deployments that are deployed on the server.
+More about the purpose and usage of this will be explained in a separate
+chapter. If a deployment doesn’t use distinct-name then, use an empty
+string in the JNDI name, for distinct-name
+
+
+
bean-name : This is the name of the bean for which you are doing the
+lookup. The bean name is typically the unqualified classname of the bean
+implementation class, but can be overriden through either ejb-jar.xml or
+via annotations. The bean name part cannot be an empty string in the
+JNDI name.
+
+
+
fully-qualified-classname-of-the-remote-interface : This is the fully
+qualified class name of the interface for which you are doing the
+lookup. The interface should be one of the remote interfaces exposed by
+the bean on the server. The fully qualified class name part cannot be an
+empty string in the JNDI name.
+
+
+
For stateful beans, the JNDI name expects an additional "?stateful" to
+be appended after the fully qualified interface name part. This is
+because for stateful beans, a new session gets created on JNDI lookup
+and the EJB client API implementation doesn’t contact the server during
+the JNDI lookup to know what kind of a bean the JNDI name represents
+(we’ll come to this in a while). So the JNDI name itself is expected to
+indicate that the client is looking up a stateful bean, so that an
+appropriate session can be created.
+
+
+
Now that we know the syntax, let’s see our code and check what JNDI name
+it uses. Since our stateless EJB named CalculatorBean is deployed in a
+jboss-as-ejb-remote-app.jar (without any ear) and since we are looking
+up the org.jboss.as.quickstarts.ejb.remote.stateless.RemoteCalculator
+remote interface, our JNDI name will be:
That’s what the lookupRemoteStatelessCalculator() method in the above
+client code uses.
+
+
+
For the stateful EJB named CounterBean which is deployed in hte same
+jboss-as-ejb-remote-app.jar and which exposes the
+org.jboss.as.quickstarts.ejb.remote.stateful.RemoteCounter, the JNDI
+name will be:
Here we are creating a JNDI InitialContext object by passing it some
+JNDI properties. The Context.URL_PKG_PREFIXES is set to
+org.jboss.ejb.client.naming. This is necessary because we should let the
+JNDI API know what handles the ejb: namespace that we use in our JNDI
+names for lookup. The "org.jboss.ejb.client.naming" has a
+URLContextFactory implementation which will be used by the JNDI APIs to
+parse and return an object for ejb: namespace lookups. You can either
+pass these properties to the constructor of the InitialContext class or
+have a jndi.properites file in the classpath of the client application,
+which (atleast) contains the following property:
So at this point, we have setup the InitialContext and also have the
+JNDI name ready to do the lookup. You can now do the lookup and the
+appropriate proxy which will be castable to the remote interface that
+you used as the fully qualified class name in the JNDI name, will be
+returned. Some of you might be wondering, how the JNDI implementation
+knew which server address to look, for your deployed EJBs. The answer is
+in AS7, the proxies returned via JNDI name lookup for ejb: namespace do
+not connect to the server unless an invocation on those proxies is done.
+
+
+
Now let’s get to the point where we invoke on this returned proxy:
+
+
+
+
// Let's lookup the remote stateless calculator
+ final RemoteCalculator statelessRemoteCalculator = lookupRemoteStatelessCalculator();
+ System.out.println("Obtained a remote stateless calculator for invocation");
+ // invoke on the remote calculator
+ int a = 204;
+ int b = 340;
+ System.out.println("Adding " + a + " and " + b + " via the remote stateless calculator deployed on the server");
+ int sum = statelessRemoteCalculator.add(a, b);
+
+
+
+
We can see here that the proxy returned after the lookup is used to
+invoke the add(…) method of the bean. It’s at this point that the JNDI
+implementation (which is backed by the EJB client API) needs to know the
+server details. So let’s now get to the important part of setting up the
+EJB client context properties.
+
+
+
+
19.3. Setting up EJB client context properties
+
+
A EJB client context is a context which contains contextual information
+for carrying out remote invocations on EJBs. This is a WildFly-specific
+API. The EJB client context can be associated with multiple EJB
+receivers. Each EJB receiver is capable of handling invocations on
+different EJBs. For example, an EJB receiver "Foo" might be able to
+handle invocation on a bean identified by
+app-A/module-A/distinctinctName-A/Bar!RemoteBar, whereas a EJB receiver
+named "Blah" might be able to handle invocation on a bean identified by
+app-B/module-B/distinctName-B/BeanB!RemoteBean. Each such EJB receiver
+knows about what set of EJBs it can handle and each of the EJB receiver
+knows which server target to use for handling the invocations on the
+bean. For example, if you have a AS7 server at 10.20.30.40 IP address
+which has its remoting port opened at 4447 and if that’s the server on
+which you deployed that CalculatorBean, then you can setup a EJB
+receiver which knows its target address is 10.20.30.40:4447. Such an EJB
+receiver will be capable enough to communicate to the server via the
+JBoss specific EJB remote client protocol (details of which will be
+explained in-depth in a separate chapter).
+
+
+
Now that we know what a EJB client context is and what a EJB receiver
+is, let’s see how we can setup a client context with 1 EJB receiver
+which can connect to 10.20.30.40 IP address at port 4447. That EJB
+client context will then be used (internally) by the JNDI implementation
+to handle invocations on the bean proxy.
+
+
+
The client will have to place a jboss-ejb-client.properties file in the
+classpath of the application. The jboss-ejb-client.properties can
+contain the following properties:
+This file includes a reference to a default password. Be sure to change
+this as soon as possible.
+
+
+
+
+
+
+
+
+
+
+
+We’ll see what each of it means.
+
+
+
+
+
+
First the endpoint.name property. We mentioned earlier that the EJB
+receivers will communicate with the server for EJB invocations.
+Internally, they use JBoss Remoting project to carry out the
+communication. The endpoint.name property represents the name that will
+be used to create the client side of the enpdoint. The endpoint.name
+property is optional and if not specified in the
+jboss-ejb-client.properties file, it will default to
+"config-based-ejb-client-endpoint" name.
+
+
+
Next is the remote.connectionprovider.create.options.<….> properties:
The "remote.connectionprovider.create.options." property prefix can be
+used to pass the options that will be used while create the connection
+provider which will handle the "remote:" protocol. In this example we
+use the "remote.connectionprovider.create.options." property prefix to
+pass the "org.xnio.Options.SSL_ENABLED" property value as false. That
+property will then be used during the connection provider creation.
+Similarly other properties can be passed too, just append it to the
+"remote.connectionprovider.create.options." prefix
+
+
+
Next we’ll see:
+
+
+
+
remote.connections=default
+
+
+
+
This is where you define the connections that you want to setup for
+communication with the remote server. The "remote.connections" property
+uses a comma separated value of connection "names". The connection names
+are just logical and are used grouping together the connection
+configuration properties later on in the properties file. The example
+above sets up a single remote connection named "default". There can be
+more than one connections that are configured. For example:
+
+
+
+
remote.connections=one, two
+
+
+
+
Here we are listing 2 connections named "one" and "two". Ultimately,
+each of the connections will map to a EJB receiver. So if you have 2
+connections, that will setup 2 EJB receivers that will be added to the
+EJB client context. Each of these connections will be configured with
+the connection specific properties as follows:
As you can see we are using the "remote.connection.<connection-name>."
+prefix for specifying the connection specific property. The connection
+name here is "default" and we are setting the "host" property of that
+connection to point to 10.20.30.40. Similarly we set the "port" for that
+connection to 4447.
+
+
+
By default WildFly uses 8080 as the remoting port. The EJB client API
+uses the http port, with the http-upgrade functionality, for
+communicating with the server for remote invocations, so that’s the port
+we use in our client programs (unless the server is configured for some
+other http port)
The given user/password must be set by using the command bin/add-user.sh
+(or.bat).
+The user and password must be set because the security-realm is enabled
+for the subsystem remoting (see standalone*.xml or domain.xml) by
+default.
+If you do not need the security for remoting you might remove the
+attribute security-realm in the configuration.
+
+
+
security-realm is enabled by default.
+
+
+
+
+
+
+
+
+We then use the "remote.connection.<connection-name>.connect.options."
+property prefix to setup options that will be used during the connection
+creation.
+
+
+
+
+
+
Here’s an example of setting up multiple connections with different
+properties for each of those:
As you can see we setup 2 connections "one" and "two" which both point
+to "localhost" as the "host" but different ports. Each of these
+connections will internally be used to create the EJB receivers in the
+EJB client context.
+
+
+
So that’s how the jboss-ejb-client.properties file can be setup and
+placed in the classpath.
+
+
+
+
+
The EJB client code will by default look for jboss-ejb-client.properties
+in the classpath. However, you can specify a different file of your
+choice by setting the "jboss.ejb.client.properties.file.path" system
+property which points to a properties file on your filesystem,
+containing the client context configurations. An example for that would
+be
+"-Djboss.ejb.client.properties.file.path=/home/me/my-client/custom-jboss-ejb-client.properties"
+
+
+
+
+
A jboss-client jar is shipped in the distribution. It’s available at
+WILDFLY_HOME/bin/client/jboss-client.jar. Place this jar in the
+classpath of your client application.
+
+
+
If you are using Maven to build the client application, then please
+follow the instructions in the WILDFLY_HOME/bin/client/README.txt to add
+this jar as a Maven dependency.
+
+
+
+
Summary
+
+
In the above examples, we saw what it takes to invoke a EJB from a
+remote client. To summarize:
+
+
+
+
+
On the server side you need to deploy EJBs which expose the remote
+views.
+
+
+
On the client side you need a client program which:
+
+
+
+
Has a jboss-ejb-client.properties in its classpath to setup the
+server connection information
+
+
+
Either has a jndi.properties to specify the
+java.naming.factory.url.pkgs property or passes that as a property to
+the InitialContext constructor
+
+
+
Setup the client classpath to include the jboss-client jar that’s
+required for remote invocation of the EJBs. The location of the jar is
+mentioned above. You’ll also need to have your application’s bean
+interface jars and other jars that are required by your application, in
+the client classpath
+
+
+
+
+
+
+
+
+
+
+
+
+
+References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
+
+
+
+
+
+
+
+
+
20. EJB invocations from a remote server instance
+
+
+
The purpose of this chapter is to demonstrate how to lookup and invoke
+on EJBs deployed on an WildFly server instance from another WildFly
+server instance. This is different from invoking the EJBs
+from
+a remote standalone client
+
+
+
Let’s call the server, from which the invocation happens to the EJB, as
+"Client Server" and the server on which the bean is deployed as the
+"Destination Server".
+
+
+
+
+
+
+
+
+Note that this chapter deals with the case where the bean is deployed on
+the "Destination Server" but not on the "Client Server".
+
+
+
+
+
+
20.1. Application packaging
+
+
In this example, we’ll consider a EJB which is packaged in a myejb.jar
+which is within a myapp.ear. Here’s how it would look like:
+Note that packaging itself isn’t really important in the context of this
+article. You can deploy the EJBs in any standard way (.ear, .war or
+.jar).
+
+
+
+
+
+
+
20.2. Beans
+
+
In our example, we’ll consider a simple stateless session bean which is
+as follows:
packageorg.myapp.ejb;
+
+importjakarta.ejb.Remote;
+importjakarta.ejb.Stateless;
+
+@Stateless
+@Remote (Greeter.class)
+publicclassGreeterBeanimplements Greeter {
+
+@Override
+publicString greet(String user) {
+return"Hello " + user + ", have a pleasant day!";
+ }
+}
+
+
+
+
+
20.3. Security
+
+
WildFly 29 is secure by default. What this means is that no communication
+can happen with an WildFly instance from a remote client (irrespective
+of whether it is a standalone client or another server instance) without
+passing the appropriate credentials. Remember that in this example, our
+"client server" will be communicating with the "destination server". So
+in order to allow this communication to happen successfully, we’ll have
+to configure user credentials which we will be using during this
+communication. So let’s start with the necessary configurations for
+this.
+
+
+
+
20.4. Configuring a user on the "Destination Server"
+
+
As a first step we’ll configure a user on the destination server who
+will be allowed to access the destination server. We create the user
+using the add-user script that’s available in the JBOSS_HOME/bin
+folder. In this example, we’ll be configuring a Application User named
+ejb and with a password test in the ApplicationRealm. Running the
+add-user script is an interactive process and you will see
+questions/output as follows:
+
+
+
add-user
+
+
jpai@jpai-laptop:bin$ ./add-user.sh
+
+What type of user do you wish to add?
+ a) Management User (mgmt-users.properties)
+ b) Application User (application-users.properties)
+(a): b
+
+Enter the details of the new user to add.
+Realm (ApplicationRealm) :
+Username : ejb
+Password :
+Re-enter Password :
+What roles do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)\[ \]:
+About to add user 'ejb' for realm 'ApplicationRealm'
+Is this correct yes/no? yes
+Added user 'ejb' to file '/jboss-as-7.1.1.Final/standalone/configuration/application-users.properties'
+Added user 'ejb' to file '/jboss-as-7.1.1.Final/domain/configuration/application-users.properties'
+Added user 'ejb' with roles to file '/jboss-as-7.1.1.Final/standalone/configuration/application-roles.properties'
+Added user 'ejb' with roles to file '/jboss-as-7.1.1.Final/domain/configuration/application-roles.properties'
+
+
+
+
As you can see in the output above we have now configured a user on the
+destination server who’ll be allowed to access this server. We’ll use
+this user credentials later on in the client server for communicating
+with this server. The important bits to remember are the user we have
+created in this example is ejb and the password is test.
+
+
+
+
+
+
+
+
+Note that you can use any username and password combination you want to.
+
+
+
+
+
+
+
+
+
+
+
+You do not require the server to be started to add a user using the
+add-user script.
+
+
+
+
+
+
+
20.5. Start the "Destination Server"
+
+
As a next step towards running this example, we’ll start the
+"Destination Server". In this example, we’ll use the standalone server
+and use the standalone-full.xml configuration. The startup command
+will look like:
Ensure that the server has started without any errors.
+
+
+
+
+
+
+
+
+It’s very important to note that if you are starting both the server
+instances on the same machine, then each of those server instances
+must have a unique jboss.node.name system property. You can do that
+by passing an appropriate value for -Djboss.node.name system property
+to the startup script:
+
+
+
+
+
+
+
./standalone.sh -server-config=standalone-full.xml -Djboss.node.name=<add appropriate value here>
+
+
+
+
+
20.6. Deploying the application
+
+
The application ( myapp.ear in our case) will be deployed to
+"Destination Server". The process of deploying the application is out of
+scope of this chapter. You can either use the Command Line Interface or
+the Admin console or any IDE or manually copy it to
+JBOSS_HOME/standalone/deployments folder (for standalone server). Just
+ensure that the application has been deployed successfully.
+
+
+
So far, we have built a EJB application and deployed it on the
+"Destination Server". Now let’s move to the "Client Server" which acts
+as the client for the deployed EJBs on the "Destination Server".
+
+
+
+
20.7. Configuring the "Client Server" to point to the EJB remoting connector
+
+
on the "Destination Server"
+
+
+
As a first step on the "Client Server", we need to let the server know
+about the "Destination Server"'s EJB remoting connector, over which it
+can communicate during the EJB invocations. To do that, we’ll have to
+add a " remote-outbound-connection" to the remoting subsystem on the
+"Client Server". The " remote-outbound-connection" configuration
+indicates that a outbound connection will be created to a remote server
+instance from that server. The " remote-outbound-connection" will be
+backed by a " outbound-socket-binding" which will point to a remote
+host and a remote port (of the "Destination Server"). So let’s see how
+we create these configurations.
+
+
+
+
20.8. Start the "Client Server"
+
+
In this example, we’ll start the "Client Server" on the same machine as
+the "Destination Server". We have copied the entire server installation
+to a different folder and while starting the "Client Server" we’ll use a
+port-offset (of 100 in this example) to avoid port conflicts:
The above command will create a outbound-socket-binding named "
+remote-ejb" (we can name it anything) which points to "localhost" as
+the host and port 8080 as the destination port. Note that the host
+information should match the host/IP of the "Destination Server" (in
+this example we are running on the same machine so we use "localhost")
+and the port information should match the http-remoting connector port
+used by the EJB subsystem (by default it’s 8080). When this command is
+run successfully, we’ll see that the standalone-full.xml (the file which
+we used to start the server) was updated with the following
+outbound-socket-binding in the socket-binding-group:
20.11. Create a "remote-outbound-connection" which uses this newly created
+
+
"outbound-socket-binding"
+
+
+
Now let’s create a " remote-outbound-connection" which will use the
+newly created outbound-socket-binding (pointing to the EJB remoting
+connector of the "Destination Server"). We’ll continue to use the CLI to
+create this configuration:
The above command creates a remote-outbound-connection, named "
+remote-ejb-connection" (we can name it anything), in the remoting
+subsystem and uses the previously created " remote-ejb"
+outbound-socket-binding (notice the outbound-socket-binding-ref in that
+command) with the http-remoting protocol. Furthermore, we also set the
+authentication-context attribute to point to the authentication-context that we created
+in the previous step.
+
+
+
What this step does is, it creates a outbound connection, on the client
+server, to the remote destination server and sets up the authentication-context which
+will be used for authentication. This way when a connection has to be established
+from the client server to the destination server, the connection creation logic will
+have the necessary security credentials to pass along and setup a successful
+secured connection.
+
+
+
Now let’s run the following two operations to set some default
+connection creation options for the outbound connection:
From a server configuration point of view, that’s all we need on the
+"Client Server". Our next step is to deploy an application on the
+"Client Server" which will invoke on the bean deployed on the
+"Destination Server".
+
+
+
+
20.12. Packaging the client application on the "Client Server"
+
+
Like on the "Destination Server", we’ll use .ear packaging for the
+client application too. But like previously mentioned, that’s not
+mandatory. You can even use a .war or .jar deployments. Here’s how our
+client application packaging will look like:
+
+
+
+
client-app.ear
+|
+|--- META-INF
+| |
+| |--- jboss-ejb-client.xml
+|
+|--- web.war
+| |
+| |--- WEB-INF/classes
+| | |
+| | |---- <org.myapp.FooServlet> // classes in the web app
+
+
+
+
In the client application we’ll use a servlet which invokes on the bean
+deployed on the "Destination Server". We can even invoke the bean on the
+"Destination Server" from a EJB on the "Client Server". The code remains
+the same (JNDI lookup, followed by invocation on the proxy). The
+important part to notice in this client application is the file
+jboss-ejb-client.xml which is packaged in the META-INF folder of a top
+level deployment (in this case our client-app.ear). This
+jboss-ejb-client.xml contains the EJB client configurations which will
+be used during the EJB invocations for finding the appropriate
+destinations (also known as, EJB receivers). The contents of the
+jboss-ejb-client.xml are explained next.
+
+
+
+
+
+
+
+
+If your application is deployed as a top level .war deployment, then the
+jboss-ejb-client.xml is expected to be placed in .war/WEB-INF/ folder
+(i.e. the same location where you place any web.xml file).
+
You’ll notice that we have configured the EJB client context (for this
+application) to use a remoting-ejb-receiver which points to our earlier
+created " remote-outbound-connection" named "
+remote-ejb-connection". This links the EJB client context to use the "
+remote-ejb-connection" which ultimately points to the EJB remoting
+connector on the "Destination Server".
+
+
+
+
20.14. Deploy the client application
+
+
Let’s deploy the client application on the "Client Server". The process
+of deploying the application is out of scope, of this chapter. You can
+use either the CLI or the admin console or a IDE or deploy manually to
+JBOSS_HOME/standalone/deployments folder. Just ensure that the
+application is deployed successfully.
+
+
+
+
20.15. Client code invoking the bean
+
+
We mentioned that we’ll be using a servlet to invoke on the bean, but
+the code to invoke the bean isn’t servlet specific and can be used in
+other components (like EJB) too. So let’s see how it looks like:
+
+
+
+
importjavax.naming.Context;
+importjava.util.Hashtable;
+importjavax.naming.InitialContext;
+
+...
+public void invokeOnBean() {
+ try {
+ finalHashtable props = newHashtable();
+ // setup the ejb: namespace URL factory
+ props.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
+ // create the InitialContext
+ finalContext context = new javax.naming.InitialContext(props);
+
+ // Lookup the Greeter bean using the ejb: namespace syntax which is explained here https://docs.jboss.org/author/display/AS71/EJB+invocations+from+a+remote+client+using+JNDI
+ final Greeter bean = (Greeter) context.lookup("ejb:" + "myapp" + "/" + "myejb" + "/" + "" + "/" + "GreeterBean" + "!" + org.myapp.ejb.Greeter.class.getName());
+
+ // invoke on the bean
+ finalString greeting = bean.greet("Tom");
+
+ System.out.println("Received greeting: " + greeting);
+
+ } catch (Exception e) {
+ thrownewRuntimeException(e);
+ }
+}
+
+
+
+
That’s it! The above code will invoke on the bean deployed on the
+"Destination Server" and return the result.
+
+
+
+
+
+
+
+
+References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
+
+
+
+
+
+
+
+
+
21. Remote Jakarta Enterprise Beans invocations via JNDI - Jakarta Enterprise Beans client API or wildfly-naming-client project
+
+
+
21.1. Purpose
+
+
WildFly provides EJB client API project as well as wildfly-naming-client project(https://github.com/wildfly/wildfly-naming-client)
+for invoking on remote objects exposed via JNDI. This article explains
+which approach to use when and what the differences and scope of each of
+these projects is.
+
+
+
+
21.2. Overview
+
+
Now that we know that for remote client JNDI communication with WildFly
+requires wildfly-naming-client project, let’s quickly see what the code
+looks like.
+
+
+
21.2.1. Client code relying on jndi.properties in classpath
+
+
+
// Create an InitialContext using the javax.naming.* API
+InitialContext ctx = newInitialContext();
+Blah blah = (Blah) ctx.lookup("foo:blah");
+
+
+
+
As you can see, there’s not much here in terms of code. We first create
+a InitialContext which as per the API will look for a jndi.properties in
+the classpath of the application. We’ll see what our jndi.properties looks like, later.
+Once the InitialContext is created, we just use it to do a lookup on a
+JNDI name which we know is bound on the server side. We’ll come back to
+the details of this lookup string in a while.
+
+
+
Let’s now see what the jndi.properties in our client classpath looks
+like:
Those two properties are important for wildfly-naming-client project to be
+used for communicating with the WildFly server. The first property tells
+the JNDI API which initial context factory to use. In this case we are
+pointing it to the WildFlyInitailContextFactory class supplied by the
+wildfly-naming-client project. The other property is the PROVIDER_URL.
+which is remote+http:// for wildfly-naming-client. The rest
+of the PROVIDER_URL part is the server hostname or IP and the port on
+which the remoting connector is exposed on the server side. By default
+the http-remoting connector port in WildFly 29 is 8080. That’s what we
+have used in our example. The hostname we have used is localhost but
+that should point to the server IP or hostname where the server is
+running.
+
+
+
So we saw how to setup the JNDI properties in the jndi.properties file.
+The JNDI API also allows you to pass these properties to the constructor
+of the InitialContext class (please check the javadoc of that class for
+more details). Let’s quickly see what the code would look like:
That’s it! You can see that the values that we pass to those properties
+are the same as what we did via the jndi.properties. It’s upto the
+client application to decide which approach they want to follow.
+
+
+
+
21.2.2. Using the wildfly-config.xml
+
+
The wildfly-config.xml can be used to specify a static configuration for a
+standalone client to use. Below is a simple example specifying plaintext
+username / password and the remote server connection (host/port).
+The wildfly-config.xml goes in the META-INF directory.
Using the wildfly-config.xml, the InitialContext creation does not specify
+the host/port/user/pass since it is already defined in the wildfly-config.xml.
+The EJB lookup
We have so far had an overview of how the client code looks like when
+using the wildfly-naming-client project. Let’s now have a brief look at how the wildfly-naming-client project
+internally establishes the communication with the server and allows JNDI
+operations from the client side.
+
+
+
When the client code creates an InitialContext backed by the
+org.wildfly.naming.client.WildFlyInitialContextFactory class, the
+org.wildfly.naming.client.WildFlyInitialContextFactory internally looks
+for the PROVIDER_URL (and other) properties that are applicable for that
+context ( doesn’t matter whether it comes from the jndi.properties
+file or whether passed explicitly to the constructor of the
+InitialContext). Once it identifies the server and port to connect to,
+the wildfly-naming-client project internally sets up a connection using the
+remoting APIs with the remoting connector which is exposed on that
+port.
+
+
+
It has also increased its support for security configurations.
+Every service including the http+remote connector (which
+listens by default on port 8080), is secured.
+This means that when trying to do JNDI operations like a
+lookup, the client has to pass appropriate user credentials. In our
+examples so far we haven’t passed any username/pass or any other
+credentials while creating the InitialContext. That was just to keep the
+examples simple. But let’s now check and use one
+of the ways how we pass the user credentials. Let’s at the moment just
+assume that the remoting connector on port 8080 is accessible to a user
+named " `ranabir`" whose password is expected to be " `redhat1!`".
+
+
+
+
void doLookup() {
+ Properties props = newProperties();
+ props.put(Context.INITIAL_CONTEXT_FACTORY, "org.wildfly.naming.client.WildFlyInitialContextFactory");
+ props.put(Context.PROVIDER_URL, "remote+https://localhost:8080");
+ // provide an username
+ props.put(Context.SECURITY_PRINCIPAL, "ranabir");
+ // provide a password
+ props.put(Context.SECURITY_CREDENTIALS, "redhat1!");
+ // create a context passing these properties
+ InitialContext ctx = newInitialContext(props);
+ Blah blah = (Blah) ctx.lookup("foo:blah");
+ ...
+}
+
+
+
+
The code is similar to our previous example, except that we now have
+added 2 additional properties that are passed to the InitialContext
+constructor. The first is Context.SECURITY_PRINCIPAL
+which passes the username (ranabir in this case)
+and the second is Context.SECURITY_CREDENTIALS
+which passes the password (redhat1! in this case). Of course the same
+properties can be configured in the jndi.properties file (read the
+javadoc of the Context class for appropriate properties to be used in
+the jndi.properties) and as well as in wildfly-config.xml.
+This is one way of passing the security credentials for JNDI communication with WildFly.
+There are some other ways to do this too.
+
+
+
Moreover In order to manage Lookup High Availability, you can provide a list of remote servers
+that will be checked for the Initial Lookup of the remote+http call. Here is the updated
+PROVIDER_URL format, supposing you were to contact two servers located at localhost:8080 and localhost:8180
21.2.4. JNDI operations allowed using wildfly-naming-client project
+
+
So far we have mainly concentrated on how the naming context is created
+and what it internally does when an instance is created. Let’s now take
+this one step further and see what kind of operations are allowed for a
+JNDI context backed by the wildfly-naming-client project.
+
+
+
The JNDI Context has various methods that
+are exposed for JNDI operations. One important thing to note in case of
+wildfly-naming-client project is that, the project’s scope is to allow a client
+to communicate with the JNDI backend exposed by the server. As such, the
+wildfly-naming-client project does not support many of the methods that are
+exposed by the javax.naming.Context class. The wildfly-naming-client project
+only supports the read-only kind of methods (like the lookup() method)
+and does not support any write kind of methods (like the bind() method).
+The client applications are expected to use the wildfly-naming-client project
+mainly for lookups of JNDI objects. Neither WildFly nor wildfly-naming-client
+project allows writing/binding to the JNDI server from a remote
+application.
+
+
+
+
21.2.5. Pre-requisites of remotely accessible JNDI objects
+
+
On the server side, the JNDI can contain numerous objects that are bound
+to it. However, not all of those are exposed remotely. The two
+conditions that are to be satisfied by the objects bound to JNDI, to be
+remotely accessible are:
+
+
+
1) Such objects should be bound under the java:jboss/exported/
+namespace. For example, java:jboss/exported/foo/bar
+2) Objects bound to the java:jboss/exported/ namespace are expected to
+be serializable. This allows the objects to be sent over the wire to the
+remote clients
+
+
+
Both these conditions are important and are required for the objects to
+be remotely accessible via JNDI.
+
+
+
+
21.2.6. JNDI lookup strings for remote clients backed by the wildfly-naming-client project
+
+
In our examples, so far, we have been consistently using " `foo/bar`" as
+the JNDI name to lookup from a remote client using the wildfly-naming-client
+project. There’s a bit more to understand about the JNDI name and how it
+maps to the JNDI name that’s bound on the server side.
+
+
+
First of all, the JNDI names used while using the wildfly-naming-client project
+are always relative to the java:jboss/exported/ namespace. So in our
+examples, we are using " `foo/bar`" JNDI name for the lookup, that
+actually is (internally) " `java:jboss/exported/foo/bar`". The
+wildfly-naming-client project expects it to always be relative to the "
+`java:jboss/exported/`" namespace. Once connected with the server side,
+the wildfly-naming-client project will lookup for "foo/bar" JNDI name under the
+" `java:jboss/exported/`" namespace of the server.
+
+
+
+
+
+
+
+
+Note: Since the JNDI name that you use on the client side is always
+relative to java:jboss/exported namespace, you shouldn’t be prefixing
+the java:jboss/exported/ string to the JNDI name. For example, if you
+use the following JNDI name:
+
The wildfly-naming-client implementation perhaps should be smart enough to strip
+off the java:jboss/exported/ namespace prefix if supplied. But let’s not
+go into that here.
+
+
+
+
21.2.7. How does wildfly-naming-client project implementation transfer the JNDI
+
+
objects to the clients
+
+
+
When a lookup is done on a JNDI string, the wildfly-naming-client implementation
+internally uses the connection to the remoting connector (which it has
+established based on the properties that were passed to the
+InitialContext) to communicate with the server. On the server side, the
+implementation then looks for the JNDI name under the
+java:jboss/exported/ namespace. Assuming that the JNDI name is
+available, under that namespace, the wildfly-naming-client implementation then
+passes over the object bound at that address to the client. This is
+where the requirement about the JNDI object being serializable comes
+into picture. wildfly-naming-client project internally uses jboss-marshalling
+project to marshal the JNDI object over to the client. On the client
+side the wildfly-naming-client implementation then unmarshalles the object and
+returns it to the client application.
+
+
+
So literally, each lookup backed by the wildfly-naming-client project entails a
+server side communication/interaction and then marshalling/unmarshalling
+of the object graph. This is very important to remember. We’ll come back
+to this later, to see why this is important when it comes to using EJB
+client API project for doing EJB lookups ( EJB
+invocations from a remote client using JNDI) as against using
+wildfly-naming-client project for doing the same thing.
+
+
+
+
21.2.8. Few more things
+
+
Unlike the previous jboss-remote-naming project, the connection to
+the peer is not requested. Until an operation is performed on the connection,
+and all consumers of the same remote URL will share a connection.
+The connection lifecycle is independent of any Context instances which reference it.
+
+
+
Multiple services can be looked up via the same context. To register providers,
+implement the org.wildfly.naming.client.NamingProvider interface and register the
+implementation using the approach described in the java.util.ServiceLoader documentation.
+
+
+
+
+
+
+
+
+Note: One important thing is that jndi.properties should not be packaged in an
+app running in Wildfly though you can put it in a standalone java app.
+The reason is, when you run in Wildfly , if you do new InitialContext() and
+you have jndi.properties in your classpath, it will read those settings
+and change the default configuration for the whole wildfly JVM.
+
+
+
+
+
+
+
+
21.3. Summary
+
+
That pretty much covers whatever is important to know, in the
+wildfly-naming-client project, for a typical client application.
+This simple JNDI/naming client library abstracts away some of the
+pain of JNDI by providing the following features:
+Federation support, Class loader based provider extensibility,
+A replacement implementation of the jboss-remote-naming protocol,
+Abstract context implementations for supporting relative contexts and
+federation in custom naming providers.
+
+
+
Those of you who don’t have client applications doing remote EJB
+invocations, can just skip the rest of this article if you aren’t
+interested in those details.
+
+
+
+
21.4. Remote EJB invocations backed by the wildfly-naming-client project
+
+
In previous sections of this article we saw that whatever is exposed in
+the java:jboss/exported/ namespace is accessible remotely to the client
+applications under the relative JNDI name. Some of you might already
+have started thinking about exposing remote views of EJBs under that
+namespace.
+
+
+
It’s important to note that WildFly server side already by default
+exposes the remote views of a EJB under the java:jboss/exported/
+namespace (although it isn’t logged in the server logs). So assuming
+your server side application has the following stateless bean:
Then the " Foo`" remote view is exposed under the
+`java:jboss/exported/ namespace under the following JNDI name scheme
+(which is similar to that mandated by Jakarta Enterprise Beans 3.2 spec for java:global/
+namespace)
+
+
+
app-name/module-name/bean-name!bean-interface
+
+
+
where,
+
+
+
app-name = the name of the .ear (without the .ear suffix) or the
+application name configured via application.xml deployment descriptor.
+If the application isn’t packaged in a .ear then there will be no
+app-name part to the JNDI string.
+module-name = the name of the .jar or .war (without the .jar/.war
+suffix) in which the bean is deployed or the module-name configured in
+web.xml/ejb-jar.xml of the deployment. The module name is mandatory part
+in the JNDI string.
+bean-name = the name of the bean which by default is the simple name
+of the bean implementation class. Of course it can be overridden either
+by using the "name" attribute of the bean definining annotation
+(@Stateless(name="blah") in this case) or even the ejb-jar.xml
+deployment descriptor.
+bean-interface = the fully qualified class name of the interface being
+exposed by the bean.
+
+
+
So in our example above, let’s assume the bean is packaged in a
+myejbmodule.jar which is within a myapp.ear. So the JNDI name for the
+Foo remote view under the java:jboss/exported/ namespace would be:
That’s where WildFly will automatically expose the remote views of the
+EJBs under the java:jboss/exported/ namespace, in addition to the
+java:global/ java:app/ java:module/ namespaces mandated by the EJB 3.1
+spec.
+
+
+
+
+
+
+
+
+Note that only the java:jboss/exported/ namespace is available to remote
+clients.
+
+
+
+
+
+
So the next logical question would be, are these remote views of EJBs
+accessible and invokable using the wildfly-naming-client project on the client
+application. The answer is yes! Let’s quickly see the client code for
+invoking our FooBean. Again, let’s just use " `ranabir`" and " `redhat1!`"
+as username/password for connecting to the remoting connector.
+
+
+
+
void doBeanLookup() {
+ ...
+ Properties props = newProperties();
+ props.put(Context.INITIAL_CONTEXT_FACTORY, "org.wildfly.naming.client.WildFlyInitialContextFactory");
+ props.put(Context.PROVIDER_URL,"remote+https://localhost:8080");
+ // username
+ props.put(Context.SECURITY_PRINCIPAL, "ranabir");
+ // password
+ props.put(Context.SECURITY_CREDENTIALS, "redhat1!");
+ // This is an important property to set if you want to do EJB invocations via the wildfly-naming-client project
+ props.put("wildfly.naming.client.ejb.context", true);
+ // create a context passing these properties
+ InitialContext ctx = newInitialContext(props);
+ // lookup the bean Foo
+ beanRemoteInterface = (Foo) ctx.lookup("myapp/myejbmodule/FooBean!org.myapp.ejb.Foo");
+ String bar = beanRemoteInterface.sayBar();
+ System.out.println("Remote Foo bean returned " + bar);
+ ctx.close();
+ // after this point the beanRemoteInterface is not longer valid!
+}
+
+
+
+
As you can see, most of the code is similar to what we have been seeing
+so far for setting up a JNDI context backed by the wildfly-naming-client
+project. The only parts that change are:
+
+
+
\1) An additional " `wildfly.naming.client.ejb.context`" property that is
+added to the properties passed to the InitialContext constructor.
+2) The JNDI name used for the lookup
+3) And subsequently the invocation on the bean interface returned by the
+lookup.
+
+
+
Let’s see what the " wildfly.naming.client.ejb.context`" does. In
+WildFly, remote access/invocations on EJBs is facilitated by the JBoss
+specific EJB client API, which is a project on its own
+https://github.com/wildfly/jboss-ejb-client. So no matter, what
+mechanism you use (wildfly-naming-client or core EJB client API), the
+invocations are ultimately routed through the EJB client API project. In
+this case too, the wildfly-naming-client internally uses EJB client API to
+handle EJB invocations. From a EJB client API project perspective, for
+successful communication with the server, the project expects a
+`EJBClientContext backed by (atleast one) EJBReceiver(s). The
+EJBReceiver is responsible for handling the EJB invocations. One type
+of a EJBReceiver is a RemotingConnectionEJBReceiver which internally
+uses jboss-remoting project to communicate with the remote server to
+handle the EJB invocations. Such a EJBReceiver expects a connection
+backed by the jboss-remoting project. Of course to be able to connect to
+the server, such a EJBReceiver would have to know the server address,
+port, security credentials and other similar parameters. If you were
+using the core EJB client API, then you would have configured all these
+properties via the jboss-ejb-client.properties or via programatic API
+usage as explained here EJB invocations from a remote
+client using JNDI. But in the example above, we are using wildfly-naming-client
+project and are not directly interacting with the EJB client API
+project.
+
+
+
If you look closely at what’s being passed, via the JNDI properties, to
+the wildfly-naming-client project and if you remember the details that we
+explained in a previous section about how the wildfly-naming-client project
+establishes a connection to the remote server, you’ll realize that these
+properties are indeed the same as what the
+RemotingConnectionEJBReceiver would expect to be able to establish the
+connection to the server. Now this is where the "
+wildfly.naming.client.ejb.context`" property comes into picture. When
+this is set to true and passed to the InitialContext creation (either
+via jndi.properties or via the constructor of that class), the
+wildfly-naming-client project internally will do whatever is necessary to setup
+a `EJBClientContext, containing a RemotingConnectionEJBReceiver which
+is created using the same remoting connection that is created by and
+being used by wildfly-naming-client project for its own JNDI communication
+usage. So effectively, the InitialContext creation via the wildfly-naming-client
+project has now internally triggered the creation of a
+EJBClientContext containing a EJBReceiver capable of handling the
+EJB invocations (remember, no remote EJB invocations are possible
+without the presence of a EJBClientContext containing a EJBReceiver
+which can handle the EJB).
+
+
+
So we now know the importance of the "
+wildfly.naming.client.ejb.context`" property and its usage. Let’s move on
+the next part in that code, the JNDI name. Notice that we have used the
+JNDI name relative to the `java:jboss/exported/ namespace while doing
+the lookup. And since we know that the Foo view is exposed on that JNDI
+name, we cast the returned object back to the Foo interface. Remember
+that we earlier explained how each lookup via wildfly-naming-client triggers a
+server side communication and a marshalling/unmarshalling process. This
+applies for EJB views too. In fact, the wildfly-naming-client project has no
+clue (since that’s not in the scope of that project to know) whether
+it’s an EJB or some random object.
+
+
+
Once the unmarshalled object is returned (which actually is a proxy to
+the bean), the rest is straightforward, we just invoke on that returned
+object. Now since the wildfly-naming-client implementation has done the
+necessary setup for the EJBClientContext (due to the presence of "
+wildfly.naming.client.ejb.context`" property), the invocation on that
+proxy will internally use the `EJBClientContext (the proxy is smart
+enough to do that) to interact with the server and return back the
+result. We won’t go into the details of how the EJB client API handles
+the communication/invocation.
+
+
+
Long story short, using the wildfly-naming-client project for doing remote EJB
+invocations against WildFly is possible!
+
+
+
+
21.5. Why use the EJB client API approach then?
+
+
I can guess that some of you might already question why/when would one
+use the EJB client API style lookups as explained in the
+EJB invocations from a remote client using JNDI
+article instead of just using (what appears to be a simpler)
+wildfly-naming-client style lookups.
+
+
+
Before we answer that, let’s understand a bit about the EJB client
+project. The EJB client project was implemented keeping in mind various
+optimizations and features that would be possible for handling remote
+invocations. One such optimization was to avoid doing unnecessary server
+side communication(s) which would typically involve network calls,
+marshalling/unmarshalling etc… The easiest place where this
+optimization can be applied, is to the EJB lookup. Consider the
+following code (let’s ignore how the context is created):
+
+
+
+
ctx.lookup("foo/bar");
+
+
+
+
Now foo/bar JNDI name could potentially point to any type of object
+on the server side. The jndi name itself won’t have the type/semantic
+information of the object bound to that name on the server side. If the
+context was setup using the wildfly-naming-client project (like we have seen
+earlier in our examples), then the only way for wildfly-naming-client to return
+an object for that lookup operation is to communicate with the server
+and marshal/unmarshal the object bound on the server side. And that’s
+exactly what it does (remember, we explained this earlier).
+
+
+
21.5.1. Is the lookup optimization applicable for all bean types?
+
+
In the previous section we have mentioned that the lookup
+optimization by the EJB client API project happens for stateless beans.
+This kind of optimization is not possible for stateful beans because
+in case of stateful beans, a lookup is expected to create a session for
+that stateful bean and for session creation we do have to communicate
+with the server since the server is responsible for creating that
+session.
+
+
+
That’s exactly why the EJB client API project expects the JNDI name
+lookup string for stateful beans to include the " `?stateful`" string at
+the end of the JNDI name:
The presence of " ?stateful`" in the JNDI name lookup string is a
+directive to the EJB client API to let it know that a stateful bean is
+being looked up and it’s necessary to communicate with the server and
+create a session during that lookup. Though `?stateful is optional now.
+
+
+
So as you can see, we have managed to optimize certain operations by
+using the EJB client API for EJB lookup/invocation as against using the
+wildfly-naming-client project. There are other EJB client API implementation
+details (and probably more might be added) which are superior when it is
+used for remote EJB invocations in client applications as against
+wildfly-naming-client project which doesn’t have the intelligence to carry out
+such optimizations for EJB invocations. That’s why the wildfly-naming-client
+projectfor remote EJB invocationsis considered "deprecated
+". Note that if you want to use wildfly-naming-client for looking up and
+invoking on non-EJB remote objects then you are free to do so. In fact,
+that’s why that project has been provided. You can even use the
+wildfly-naming-client project for EJB invocations (like we just saw), if you are
+fine with not wanting the optimizations that the EJB client API can do
+for you or if you have other restrictions that force you to use that
+project.
+
+
+
+
+
+
+
+
+References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
+
+
+
+
+
+
+
+
+
+
22. H2 Web Console Integration
+
+
+
The H2 database library provided by WildFly’s com.h2database.h2 module includes an implementation of the Jakarta Servlet HttpServlet interface (org.h2.server.web.JakartaWebServlet) that can be used to expose the H2 project’s web console tool. WildFly users could utilize this servlet in their own application by adding a dependency on the com.h2database.h2 module to their application’s deployment and then adding the servlet to the application’s web.xml. This is certainly not recommended for production use — no use of H2 is recommended in production applications — but developers may find use of the H2 console useful.
+
+
+
WildFly has historically integrated H2 in such a way that this is possible. But beginning with the 26 release, this no longer works out of the box, as the com.h2database.h2 module no longer has out-of-the-box access to the module that exposes the Jakarta Servlet API.
+
+
+
However it is possible for users of WildFly to restore this integration by adding a JBoss Modules module named javax.servlet.api.h2 to their server installation. The steps to do this are as follows:
+
+
+
+
+
cd $WILDFLY_HOME
+
+
+
mkdir -p modules/javax/servlet/api/h2
+
+
+
In that dir create a module.xml file with the following content:
The com.h2database.h2 module optionally depends on the javax.servlet.api.h2 module, so if one exists and it exposes the Jakarta Servlet API, then H2 JakartaWebServlet integration will work.
+
+
+
+
+
+
+
+
+The relevant servlet implementation class is org.h2.server.web.JakartaWebServlet, and not org.h2.server.web.WebServlet. The latter relies on older versions of the Servlet API no longer provided by WildFly.
+
+
+
+
+
+
+
+
23. Example Applications - Migrated to WildFly
+
+
+
23.1. Example Applications Migrated from Previous Releases
+
+
The applications in this section were written for a previous version of
+the server but have been modified to run on WildFly or JBoss AS 7,
+which was based on the same core architecture WildFly uses. Changes were made
+to resolve issues that arose during deployment and runtime or to fix
+problems with application behaviour. Each example below documents the
+changes that were made to get the application to run successfully.
A step by step work through of issues, and their solutions, that might
+crop up when migrating applications to WildFly 29. See the following
+github project for details.
+
+
+
+
+
23.2. Example Applications Based on EE6
+
+
Applications in this section were designed and written specifically to
+use the features and functions of EE6.
+
+
+
+
+
Quickstarts: A number of quickstart applications were written to
+demonstrate Jakarta EE and a few additional technologies. They provide
+small, specific, working examples that can be used as a reference for
+your own project. For more information about the quickstarts, see
+Get Started Developing Applications
+
+
+
+
+
+
+
+
24. Porting the Order Application from EAP 5.1 to JBoss AS 7
+
+
+
Andy Miller ported an example Order application that was used for
+performance testing from EAP 5.1 to JBoss AS 7. These are the notes he
+made during the migration process.
+
+
+
24.1. Overview of the application
+
+
The application is relatively simple. it contains three servlets, some
+stateless session beans, a stateful session bean, and some entities.
+
+
+
In addition to application code changes, modifications were made to the
+way the EAR was packaged. This is because WildFly removed support of
+some proprietary features that were available in EAP 5.1.
+
+
+
+
24.2. Summary of changes
+
+
24.2.1. Code Changes
+
+
Modify JNDI lookup code
+
+
Since this application was first written for EAP 4.2/4.3, which did not
+support EJB reference injection, the servlets were using pre-EE 5
+methods for looking up stateless and stateful session bean interfaces.
+While migrating to WildFly, it seemed a good time to change the code to
+use the @EJB annotation, although this was not a required change.
+
+
+
The real difference is in the lookup name. WildFly only supports the new
+EE 6 portable JNDI names rather than the old EAR structure based names.
+The JNDI lookup code changed as follows:
All the other beans were changed in a similar manner. They are now based
+on the portable JNDI names described in EE 6.
+
+
+
+
+
24.2.2. Modify logging code
+
+
The next major change was to logging within the application. The old
+version was using the commons logging infrastructure and Log4J that is
+bundled in the application server. Rather than bundling third-party
+logging, the application was modified to use the new WildFly Logging
+infrastructure.
+
+
+
The code changes themselves are rather trivial, as this example
+illustrates:
Most of the properties are removed since they will default to the
+correct values for the second level cache. See
+"Using
+the Infinispan second level cache" for more details.
+
+
+
That was the extent of the code changes required to migrate the
+application to AS7.
+
+
+
+
24.2.4. EAR Packaging Changes
+
+
Due to modular class loading changes, the structure of the existing EAR
+failed to deploy successfully in WildFly.
+
+
+
The old structure of the EAR was as follows:
+
+
+
+
$ jar tf OrderManagerApp.ear
+META-INF/MANIFEST.MF
+META-INF/application.xml
+OrderManagerWeb.war
+OrderManagerEntities.jar
+OrderManagerEJB.jar
+META-INF/
+
+
+
+
In this structure, the entities and the persistence.xml were in one
+jar file, OrderManagerEntities.jar, and the stateless and stateful
+session beans were in another jar file, OrderManagerEJB.jar. This did
+not work due to modular class loading changes in WildFly. There are a
+couple of ways to resolve this issue:
+
+
+
+
+
Modify the class path in the MANIFEST.MF
+
+
+
Flatten the code and put all the beans in one JAR file.
+
+
+
+
+
The second approach was selected because it simplified the EAR
+structure:
+
+
+
+
$ jar tf OrderManagerApp.ear
+META-INF/application.xml
+OrderManagerWeb.war
+OrderManagerEJB.jar
+META-INF/
+
+
+
+
Since there is no longer an OrderManagerEntities.jar file, the
+applcation.xml file was modified to remove the entry.
+
+
+
An entry was added to the MANIFEST.MF file in the
+OrderManagerWeb.war to resolve another class loading issue resulting
+from the modification to use EJB reference injection in the servlets.
The Class-Path entry tells the application to look in the
+OrderManagerEJB.jar file for the injected beans.
+
+
+
+
24.2.5. Summary
+
+
Although the existing EAR structure could have worked with additional
+modifications to the MANIFEST.MF file, this approach seemed more
+appealing because it simplified the structure while maintaining the web
+tier in its own WAR.
+
+
+
The source files for both versions is attached so you can view the
+changes that were made to the application.
+
+
+
+
+
+
+
+
+References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
+
+
+
+
+
+
+
+
+
+
25. Spring applications development and migration guide
+
+
+
This document details the main points that need to be considered by
+Spring developers that wish to develop new applications or to migrate
+existing applications to be run into WildFly 29.
+
+
+
25.1. Dependencies and Modularity
+
+
WildFly 29 has a modular class loading strategy, different from previous
+versions of JBoss AS, which enforces a better class loading isolation
+between deployments and the application server itself. A detailed
+description can be found in the documentation dedicated to
+class
+loading in WildFly 29.
+
+
+
This reduces significantly the risk of running into a class loading
+conflict and allows applications to package their own dependencies if
+they choose to do so. This makes it easier for Spring applications that
+package their own dependencies - such as logging frameworks or
+persistence providers to run on WildFly 29.
+
+
+
At the same time, this does not mean that duplications and conflicts
+cannot exist on the classpath. Some module dependencies are implicit,
+depending on the type of deployment as shown
+here.
+
+
+
+
25.2. Persistence usage guide
+
+
Depending on the strategy being used, Spring applications can be:
+
+
+
+
+
native Hibernate applications;
+
+
+
Jakarta Persistence based applications;
+
+
+
native JDBC applications;
+
+
+
+
+
+
25.3. Native Spring/Hibernate applications
+
+
Applications that use the Hibernate API directly with Spring (i.e.
+through either one of LocalSessionFactoryBean or
+AnnotationSessionFactoryBean) may need to use a different version of Hibernate than is provided by WildFly.
+
+
+
+
25.4. Jakarta Persistence based applications
+
+
Spring applications using Jakarta Persistence may choose between:
+
+
+
+
+
using a server-deployed persistence unit;
+
+
+
using a Spring-managed persistence unit.
+
+
+
+
+
25.4.1. Using server-deployed persistence units
+
+
Applications that use a server-deployed persistence unit must observe
+the typical Jakarta EE rules in what concerns dependency management, i.e.
+the jakarta.persistence classes and persistence provider (Hibernate) are
+contained in modules which are added automatically by the application
+when the persistence unit is deployed.
+
+
+
In order to use the server-deployed persistence units from within
+Spring, either the persistence context or the persistence unit need to
+be registered in JNDI via web.xml as follows:
+JNDI binding via persistence.xml properties is not supported in WildFly
+8.
+
+
+
+
+
+
+
25.4.2. Using Spring-managed persistence units
+
+
Spring applications running in WildFly 29 may also create persistence
+units on their own, using the LocalContainerEntityManagerFactoryBean.
+This is what these applications need to consider:
+
+
+
Placement of the persistence unit definitions
+
+
When the application server encounters a deployment that has a file
+named META-INF/persistence.xml (or, for that matter,
+WEB-INF/classes/META-INF/persistence.xml), it will attempt to create a
+persistence unit based on what is provided in the file. In most cases,
+such definition files are not compliant with the Jakarta EE requirements,
+mostly because required elements such as the datasource of the
+persistence unit are supposed to be provided by the Spring context
+definitions, which will fail the deployment of the persistence unit, and
+consequently of the entire deployment.
+
+
+
Spring applications can easily avoid this type of conflict, by using a
+feature of the LocalContainerEntityManagerFactoryBean which is designed
+for this purpose. Persistence unit definition files can exist in other
+locations than META-INF/persistence.xml and the location can be
+indicated through the persistenceXmlLocation property of the factory
+bean class.
+
+
+
Assuming that the persistence unit is in the
+META-INF/jpa-persistence.xml, the corresponding definition can be:
+
+
+
+
<beanid="entityManagerFactory"class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
+ <propertyname="persistenceXmlLocation"value="classpath*:META-INF/jpa-persistence.xml"/>
+ <!-- other definitions -->
+</bean>
+
+
+
+
+
+
25.4.3. Managing dependencies
+
+
To ensure that Spring applications can use a specific version of Hibernate ORM, exclude the WildFly provided Hibernate ORM version,
+instruct the server to exclude the module from
+the deployment’s list of dependencies. In order to do so, include a
+META-INF/jboss-deployment-structure.xml or, for web applications,
+WEB-INF/jboss-deployment-structure.xml with the following content:
26. How do I migrate my application from JBoss AS 7 to WildFly 10
+
+
+
26.1. About this Document
+
+
The purpose of this guide is to document changes that are needed to successfully run and deploy JBoss AS 7 applications on WildFly 10. It provides information on to resolve deployment and runtime problems and how to prevent changes in application behavior. This is the first step in moving to the new platform. Once the application is successfully deployed and running on the new platform, plans can be made to upgrade individual components to use the new functions and features of WildFly.
+
+
+
+
26.2. Overview of WildFly
+
+
The list of WildFly new functionality is extensive, being the most relevant, with respect to server and application migrations:
+
+
+
+
+
Jakarta EE - WildFly is a certified implementation of Jakarta EE, meeting both the Web and the Full Platform, and already includes support for the latest iterations of CDI (1.2) and Web Sockets (1.1).
+
+
+
Undertow - A new cutting-edge web server in WildFly, designed for maximum throughput and scalability, including environments with over a million connections. And the latest web technologies, such as the new HTTP/2 standard, are already onboard.
+
+
+
Apache ActiveMQ Artemis - WildFly’s new Jakarta Messaging broker. Based on an code donation from HornetQ, this Apache subproject provides outstanding performance based on a proven non-blocking architecture.
+
+
+
IronJacamar 1.2 - The latest IronJacamar provides a stable and feature rich Jakarta Connectors & Datasources support.
+
+
+
JBossWS 5 - The fifth generation of JBossWS, a major leap forward, brings new features and performances improvements to WildFly Web Services
+
+
+
RESTEasy - WildFly which goes beyond the standard Jakarta EE REST APIs (Jakarta RESTful Web Services 2.1), by also providing a number of useful extensions, such as JSON Web Encryption, Jackson, Yaml, Jakarta JSON Processing, and reactive facilities.
+
+
+
OpenJDK ORB - WildFly switched the IIOP implementation from JacORB, to a downstream branch of the OpenJDK Orb, leading to better interoperability with the JVM ORB and the Jakarta EE RI.
+
+
+
Feature Rich Clustering - Clustering support was heavily refactored in WildFly, and includes several APIs for applications
+
+
+
Port Reduction - By utilizing HTTP upgrade, WildFly has moved nearly all of its protocols to be multiplexed over just two HTTP ports: a management port (9990), and an application port (8080).
+
+
+
Enhanced Logging - The management API now supports the ability to list and view the available log files on a server, or even define custom formatters other than the default pattern formatter. Deployment’s logging setup is also greatly enhanced.
+
+
+
+
+
The support for some technologies was removed, due to the high maintenance cost, low community interest, and much better alternative solutions:
+
+
+
+
+
CMP EJB - Jakarta Persistence offers a much more performant and flexible API
+
+
+
Jakarta XML RPC - Jakarta XML Web Services offer a much more accurate and complete solution
+
+
+
JSR-88 - With very little adoption, the more complete deployment APIs provided by vendors are preferred
+
+
+
+
+
+
26.3. Server Migration
+
+
Migrating a JBoss AS 7 server to WildFly consists of migrating custom configuration files, and some persisted data that may exist.
+
+
+
26.3.1. JacORB Subsystem
+
+
WildFly ORB support is provided by the JDK itself, instead of relying on JacORB. A subsystem configuration migration is required.
+
+
+
JacORB Subsystem Configuration
+
+
The extension’s module org.jboss.as.jacorb is replaced by module org.wildfly.iiop-openjdk, while the subsystem configuration namespace urn:jboss:domain:jacorb:2.0 is replaced by
+urn:jboss:domain:iiop-openjdk:1.0.
+
+
+
The XML configuration of the new subsystem accepts only a subset of the legacy elements and attributes. Consider the following example of the JacORB subsystem configuration, containing all valid elements and attributes:
In case the legacy subsystem configuration is available, such configuration may be migrated to the new subsystem by invoking its migrate operation, using the management CLI:
+
+
+
+
/subsystem=jacorb:migrate
+
+
+
+
There is also a describe-migration operation that returns a list of all the management operations that are performed to migrate from the legacy subsystem to the new one:
+
+
+
+
/subsystem=jacorb:describe-migration
+
+
+
+
Both migrate and describe-migration will also display a list of migration-warnings if there are some resource or attributes that can not be migrated automatically. The following is a list of these warnings:
+
+
+
+
+
Properties X cannot be emulated using OpenJDK ORB and are not supported
+
+
This warning means that mentioned properties are not supported and won’t be included in the new subsystem configuration. As a result of that admin must be aware that any behavior implied by those properties would be nonexistent. Admin has to check whether subsystem is able to operate
+correctly without that behavior on the new server.Unsupported properties: cache-poa-names, cache-typecodes, chunk-custom-rmi-valuetypes, client-timeout, comet, indirection-encoding-disable, iona, lax-boolean-encoding, max-managed-buf-size, max-server-connections, max-threads, outbuf-cache-timeout, outbuf-size, queue-max, queue-min, poa-monitoring, print-version, retries, retry-interval, queue-wait, server-timeout, strict-check-on-tc-creation, use-bom, use-imr.
+
+
+
+
The properties X use expressions. Configuration properties that are used to resolve those expressions should be transformed manually to the new iiop-openjdk subsystem format.
+
+
Admin has to transform all the configuration files to work correctly with the jacorb subsystem. For example, jacorb has a property giop-minor-version whereas iiop-openjdk uses the property giop-version. Let’s suppose we use 1 minor version in jacorb and have it configured in standalone.conf file as system variable: -Diiop-giop-minor-version=1. Admin is responsible for changing this variable to 1.1 after the migration to make sure that the new subsystem will work correctly.
+
+
+
+
+
+
+
+
26.3.2. JBoss Web Subsystem
+
+
JBoss Web is replaced by Undertow in WildFly, which means that the legacy subsystem configuration should be migrated to WildFly’s Undertow subsystem configuration.
+
+
+
JBoss Web Subsystem Configuration
+
+
The extension’s module org.jboss.as.web is replaced by module org.wildfly.extension.undertow, while the subsystem configuration namespace urn:jboss:domain:web: is replaced by
+urn:jboss:domain:undertow:.
+
+
+
The XML configuration of the new subsystem is relatively different. Consider the following example of the JBoss Web subsystem configuration, containing all valid elements and attributes:
It is possible to do a migration of the legacy subsystem configuration and related persisted data by invoking the legacy subsystem’s migrate operation, using the management CLI:
+
+
+
+
/subsystem=web:migrate
+
+
+
+
There is also a describe-migration operation that returns a list of all the management operations that are performed to migrate from the legacy subsystem to the new one:
+
+
+
+
/subsystem=web:describe-migration
+
+
+
+
Both migrate and describe-migration will also display a list of migration-warnings if there are some resource or attributes that can not be migrated automatically. The following is a list of these warnings:
+
+
+
+
+
Could not migrate resource X
+
+
This warning means that mentioned resource configuration is not supported and won’t be included in the new subsystem configuration. As a result of that admin must be aware that any behavior implied by those resources would be nonexistent. Admin has to check whether subsystem is able to operate correctly without that behavior on the new server.
+
+
+
+
Could not migrate attribute X from resource Y.
+
+
This warning means that mentioned resource configuration property is not supported and won’t be included in the new subsystem configuration. As a result of that admin must be aware that any behavior implied by those properties would be nonexistent. Admin has to check whether subsystem is
+able to operate correctly without that behavior on the new server.
+
+
+
+
Could not migrate SSL connector as no SSL config is defined
+
+
+
Could not migrate verify-client attribute %s to the Undertow equivalent
+
+
+
Could not migrate verify-client expression %s
+
+
+
Could not migrate valve X
+
+
This warning means that mentioned valve configuration is not supported and won’t be included in the new subsystem configuration. As a result of that admin must be aware that any behavior implied by those resources would be nonexistent. Admin has to check whether subsystem is able to operate correctly without that behavior on the new server. This warning may happen for:
+
+
+
+
+
org.apache.catalina.valves.RemoteAddrValve : must have at least one
+allowed or denied value.
+
+
+
org.apache.catalina.valves.RemoteHostValve : must have at least one
+allowed or denied value.
This warning means that mentioned valve configuration property is not supported and won’t be included in the new subsystem configuration. As a result of that admin must be aware that any behavior implied by those properties would be nonexistent. Admin has to check whether subsystem is
+able to operate correctly without that behavior on the new server. This warning may happen for :
+
+
+
+
+
org.apache.catalina.valves.AccessLogValve : if you use the following parameters resolveHosts, fileDateFormat, renameOnRotate,
+encoding, locale, requestAttributesEnabled, buffered.
+
+
+
org.apache.catalina.valves.ExtendedAccessLogValve : if you use the following parameters resolveHosts, fileDateFormat, renameOnRotate, encoding, locale, requestAttributesEnabled, buffered.
+
+
+
org.apache.catalina.valves.RemoteIpValve:
+
+
+
+
if remoteIpHeader is defined and isn’t set to "x-forwarded-for".
+
+
+
if protocolHeader is defined and isn’t set to "x-forwarded-proto".
+
+
+
if you use the following parameters httpServerPort and httpsServerPort .
+
+
+
+
+
+
+
+
+
+
+
Also, note that Undertow doesn’t support JBoss Web valves, but some of these may be migrated to Undertow handlers, and JBoss Web subsystem’s migrate operation do that too.
+
+
+
Here is a list of those valves and their corresponding Undertow handler:
The org.apache.catalina.valves.JDBCAccessLogValve can’t be automatically migrated to io.undertow.server.handlers.JDBCLogHandler as the expectations differ.
+
+
+
The migration can be done manually though :
+
+
+
+
+
Create the driver module and add the driver to the list of available drivers
+
+
+
Create a datasource pointing to the database where the log entries are going to be stored
+
+
+
Add an expression-filter definition with the following expression: "jdbc-access-log(datasource='datasource-jndi-name")
Note that any custom valve won’t be migrated at all and will just be removed from the configuration.
+
+
+
Also the authentication related valves are to be replaced by Undertow authentication mechanisms, and this have to be done manually.
+
+
+
+
WebSockets
+
+
In JBoss AS 7, to use WebSockets, you had to configure the 'http' connector in the web subsystem of the server configuration file to use the NIO2 protocol. The following is an example of the management CLI command to configure WebSockets in the previous releases.
WebSockets are a requirement of the Jakarta EE specification and the default configuration is included in WildFly. More complex WebSocket configuration is done in the servlet-container of the undertow subsystem of the server configuration file.
+
+
+
You no longer need to configure the server for default WebSocket support.
+
+
+
+
+
26.3.3. Messaging Subsystem
+
+
WildFly JMS support is provided by ActiveMQ Artemis, instead of HornetQ. It’s possible to do a migration of the legacy subsystem configuration, and related persisted data.
+
+
+
Messaging Subsystem Configuration
+
+
The extension’s module org.jboss.as.messaging is replaced by module org.wildfly.extension.messaging-activemq, while the subsystem configuration namespace urn:jboss:domain:messaging:3.0 is replaced by urn:jboss:domain:messaging-activemq:1.0.
+
+
+
Management model
+
+
In most cases, an effort was made to keep resource and attribute names as similar as possible to those used in previous releases. The following table lists some of the changes.
+
+
+
+
+
+
+
+
+
HornetQ name
+
ActiveMQ name
+
+
+
+
+
hornetq-server
+
server
+
+
+
hornetq-serverType
+
serverType
+
+
+
connectors
+
connector
+
+
+
discovery-group-name
+
discovery-group
+
+
+
+
+
The management operations invoked on the new messaging-subsystem starts with /subsystem=messaging-activemq/server=X while the legacy messaging subsystem was at /subsystem=messaging/hornetq-server=X.
+
+
+
In case the legacy subsystem configuration is available, such configuration may be migrated to the new subsystem by invoking its migrate operation, using the management CLI:
+
+
+
+
/subsystem=messaging:migrate
+
+
+
+
There is also a describe-migration operation that returns a list of all the management operations that are performed to migrate from the legacy subsystem to the new one:
+
+
+
+
/subsystem=messaging:describe-migration
+
+
+
+
Both migrate and describe-migration will also display a list of migration-warnings if there are some resource or attributes that can not be migrated automatically. The following is a list of these warnings:
+
+
+
+
+
The migrate operation can not be performed: the server must be in admin-only mode
+
+
The migrate operation requires starting the server in admin-only mode, which is done by adding parameter --admin-only to the server start command, e.g.
+
+
+
+
./standalone.sh --admin-only
+
+
+
+
+
Can not migrate attribute local-bind-address from resource X. Use instead the socket-attribute to configure this broadcast-group.
+
+
+
Can not migrate attribute local-bind-port from resource X. Use instead the socket-binding attribute to configure this broadcast-group.
+
+
+
Can not migrate attribute group-address from resource X. Use instead the socket-binding attribute to configure this broadcast-group.
+
+
+
Can not migrate attribute group-port from resource X. Use instead the socket-binding attribute to configure this broadcast-group.
+
+
Broadcast-group resources no longer accept local-bind-address, local-bind-port, group-address, group-port attributes. It only accepts a socket-binding. The warning notifies that resource X has an unsupported attribute. The user will have to set the socket-binding attribute on the resource and ensures it corresponds to a defined socket-binding
+resource.
+
+
+
+
Classes providing the %s are discarded during the migration. To use them in the new messaging-activemq subsystem, you will have to extend the Artemis-based Interceptor.
+
+
Messaging interceptors support is significantly different in WildFly 10, any interceptors configured in the legacy subsystem are discarded during migration. See the Messaging Interceptors section to learn how to migrate legacy Messaging interceptors.
+
+
+
+
Can not migrate the HA configuration of X. Its shared-store and backup attributes holds expressions and it is not possible to determine unambiguously how to create the corresponding ha-policy for the messaging-activemq server.
+
+
If the hornetq-server X’s shared-store or backup attributes hold an expression, such as ${xxx}, then it’s not possible to determine the actual ha-policy of the migrated server. In that case, we discard it and the user will have to add the correct ha-policy afterwards. The ha-policy is a single resource underneath the messaging-activemq server resource.
+
+
+
+
Can not migrate attribute local-bind-address from resource X. Use instead the socket-binding attribute to configure this discovery-group.Can not migrate attribute local-bind-port from resource X. Use instead the socket-binding attribute to configure this discovery-group.
+
+
+
Can not migrate attribute group-address from resource X. Use instead the socket-binding attribute to configure this discovery-group.
+
+
+
Can not migrate attribute group-port from resource X. Use instead the socket-binding attribute to configure this discovery-group.
+
+
The discovery-group resources no longer accept local-bind-address, local-bind-port, group-address, group-port attributes. It only accepts a socket-binding. The warning notifies that resource X has an unsupported attribute.
+
+
+
The user will have to set the socket-binding attribute on the resource and ensures it corresponds to a defined socket-binding resource.
+
+
+
+
Can not create a legacy-connection-factory based on connection-factory X. It uses a HornetQ in-vm connector that is not compatible with Artemis in-vm connector
+
+
Legacy subsystem’s remote connection-factory resources are migrated into legacy-connection-factory resources, to allow old EAP6 clients to connect to EAP7. However a connection-factory using in-vm will not be migrated, because a in-vm client will be based on EAP7, not EAP 6. In other words, legacy-connection-factory are created only when the CF is using remote connectors, and this warning notifies about in-vm connection-factory X not migrated.
+
+
+
+
Can not migrate attribute X from resource Y. The attribute uses an expression that can be resolved differently depending on system properties. After migration, this attribute must be added back with an actual value instead of the expression.
+
+
This warning appears when the migration logic needs to know the concrete value of attribute X during migration, but instead such value includes an expression that’s can’t be resolved, so the actual value can not be determined, and the attribute is discarded. It happens in several cases,
+for instance:
+
+
+
+
+
cluster-connection forward-when-no-consumers. This boolean attribute has been replaced by the message-load-balancing-type attribute (which is an enum of OFF, STRICT, ON_DEMAND)
+
+
+
broadcast-group and discovery-group’s jgroups-stack and jgroups-channel attributes. They reference other resources and we no longer accept expressions for them.
+
+
+
+
+
+
Can not migrate attribute X from resource Y. This attribute is not supported by the new messaging-activemq subsystem.
+
+
Some attributes are no longer supported in the new messaging-activemq subsystem and are simply discarded:
+
+
+
+
+
hornetq-server’s failback-delay
+
+
+
http-connector’s use-nio attribute
+
+
+
http-acceptor’s use-nio attribute
+
+
+
remote-connector’s use-nio attribute
+
+
+
remote-acceptor’s use-nio attribute
+
+
+
+
+
+
+
+
+
XML Configuration
+
+
The XML configuration has changed significantly with the new messaging-activemq subsystem to provide a XML scheme more consistent with other WildFly subsystems.
+
+
+
It is not advised to change the XML configuration of the legacy messaging subsystem to conform to the new messaging-activemq subsystem. Instead, invoke the legacy subsystem migrate operation. This operation will write the XML configuration of the new messaging-activemq subsystem as a part of its execution.
+
+
+
+
Messaging Interceptors
+
+
Messaging Interceptors are significantly different in WildFly 10, requiring both code and configuration changes by the user. In concrete the interceptor base Java class is now org.apache.artemis.activemq.api.core.interceptor.Interceptor, and the user interceptor implementation classes may now be loaded by any server module. Note that prior to WildFly 10 the interceptor classes could only be installed by adding these to the HornetQ module, thus requiring the user to change such module XML descriptor, its module.xml.
+
+
+
With respect to the server XML configuration, the user must now specify the module to load its interceptors in the new messaging-activemq subsystem XML config, e.g:
In previous releases, Jakarta Messaging destination queues were configured in the <jms-destinations> element under the hornetq-server section of the messaging subsystem.
The prefix of messaging log messages in WildFly is WFLYMSGAMQ, instead of WFLYMSG.
+
+
+
+
Messaging Data
+
+
The location of the messaging data has been changed in the new messaging-activemq subsystem:
+
+
+
+
+
messagingbindings/ → activemq/bindings/
+
+
+
messagingjournal/ → activemq/journal/
+
+
+
messaginglargemessages/ → activemq/largemessages/
+
+
+
messagingpaging/ → activemq/paging/
+
+
+
+
+
To migrate legacy messaging data, you will have to export the directories used by the legacy messaging subsystem and import them into the new subsystem’s server by using its import-journal operation:
+
+
+
+
/subsystem=messaging-activemq/server=default:import-journal(file=<path to XML dump>)
+
+
+
+
The XML dump is a XML file generated by HornetQ XmlDataExporter util class.
+
+
+
+
+
+
26.4. Application Migration
+
+
Before you migrate your application, you should be aware that some features that were available in previous releases are now deprecated or missing.
+
+
+
26.4.1. EJBs
+
+
CMP Entity EJBs
+
+
Container-Managed Persistence entity beans support is optional in Jakarta EE, and WildFly does not provide support for these.
+
+
+
CMP entity beans are defined in the ejb-jar.xml descriptor, in concrete an entity bean is CMP only if the <entity/> child element named persistence-type is included and has a value of Container. An example:
In WildFly, the default connector has changed from remoting to http-remoting. This change impacts clients that use libraries from one release of JBoss and to connect to server in a different release.
+
+
+
+
+
If a client application uses the EJB client library from JBoss AS 7 and wants to connect to WildFly 10 server, the server must be configured to expose a remoting connector on a port other than 8080. The client must then connect using that newly configured connector.
+
+
+
A client application that uses the EJB client library from WildFly 10 and wants to connect to a JBoss AS 7 server must be aware that the server instance does not use the http-remoting connector and instead uses a remoting connector. This is achieved by defining a new client-side connection property.
+
+
+
remote.connection.default.protocol=remote
+
+
+
+
+
+
+
External applications using JNDI, to remotely lookup up EJBs in a WildFly 10 server, may also need to be migrated, see #Remote JNDI Clients section for further information.
+
+
+
+
+
+
26.4.2. Jakarta Messaging
+
+
Proprietary Jakarta Messaging Resource Definitions
+
+
The proprietary XML descriptors, previously used to setup Jakarta Messaging resources, are deprecated in WildFly. Jakarta EE (section EE.5.18) standardized such functionality.
+
+
+
The deprecated descriptors are files bundled in the application package, which name ends with -jms.xml. Their namespace has been changed to urn:jboss:messaging-activemq-deployment:1.0.
+
+
+
+
External Jakarta Messaging Clients
+
+
Jakarta Messaging Resources are remotely looked up using JNDI, and looking up resources in a WildFly 10 server may require changes in the application code, see #Remote JNDI Clients section for further information.
+
+
+
+
+
26.4.3. Jakarta Persistence (and Hibernate)
+
+
Applications That Plan to Use Hibernate ORM 5.3.x
+
+
WildFly ships with Hibernate ORM 5.3.x and those libraries are implicitly added to the application classpath when a persistence.xml is detected during deployment. If your application uses Jakarta Persistence, it will default to using the Hibernate ORM 5.3.x libraries.
+
+
+
Hibernate ORM 5.3.x introduces:
+
+
+
+
+
Jakarta Persistence 2.2 support
+
+
+
Redesigned metamodel - Complete replacement for the current org.hibernate.mapping code
+
+
+
Query parser - Improved query parser based on Antlr 3/4
Undertow does not support the JBoss Web Valve functionality. This can be replaced by Undertow Handlers. See the Undertow Handler Authors Guide for more information.
+
+
+
List of valves that were provided with JBoss Web, together with a corresponding Undertow handler, is provided above, in the section on the JBoss Web subsystem.
+
+
+
JBoss Web Valves are specified in the proprietary jboss-web.xml descriptor, through <valve /> element(s). These can be replaced using the <http-handler /> element(s). For example:
The setup of web service’s endpoints and clients, through a Spring XML descriptor, driving a CXF bus creation, is no longer supported in WildFly.
+
+
+
Any application containing a jbossws-cxf.xml must migrate all functionality specified in such XML descriptor, mostly already supported by the Jakarta XML Web Services specification, included in Jakarta EE. It is still possible to rely on direct Apache CXF API usage, loosing the Jakarta EE portability of the application, for instance when specific Apache CXF functionalities are needed. See the Apache CXF Integration document for further information.
+
+
+
+
Jakarta XML RPC
+
+
Jakarta XML RPC is an API for building Web services and clients that used remote procedure calls (RPC) and XML, which was deprecated in Jakarta EE, and is no longer supported by WildFly.
+
+
+
Jakarta XML RPC Web Services may be identified by the presence of the XML descriptor named webservices.xml, containing a <webservice-description/> element that includes a child element named <jaxrpc-mapping-file/>. An example:
Some changes to the MessageBodyWriter interface may represent a backward incompatible change with respect to JAX-RS 1.X.
+
+
+
Be sure to define a @Produces or @Consumes for your endpoints. Failure to do so may result in an error similar to the following.
+
+
+
+
org.jboss.resteasy.core.NoMessageBodyWriterFoundFailure: Could not find MessageBodyWriter for response object of type: <OBJECT> of media type: <CONTENT_TYPE>
+
+
+
+
+
REST Client API
+
+
Some REST Client API classes and methods are deprecated or removed, for example: org.jboss.resteasy.client.ClientRequest and org.jboss.resteasy.client.ClientResponse have been removed. Instead, use
+jakarta.ws.rs.client.Client and jakarta.ws.rs.core.Response. See the resteasy-jaxrs-client quickstart for an example of an external Jakarta RESTful Web Services RESTEasy client that interacts with a Jakarta RESTful Web Services.
+
+
+
+
+
26.4.6. Application Clustering
+
+
HA Singleton
+
+
JBoss AS 7 introduced singleton services - a mechanism for installing an service such that it would only start on one node in the cluster at a time, a HA Singleton. Such mechanism required usage of a private WildFly Clustering API, designed around the class org.jboss.as.clustering.singleton.SingletonService, and was documented in detail at
+https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html/Development_Guide/Implement_an_HA_Singleton.html, and while not difficult to implement, the installation process suffered from a couple shortcomings:
+
+
+
+
+
Installing multiple singleton services within a single deployment caused the deployer to hang.
+
+
+
Installing a singleton service required the user to specify several private module dependencies in /META-INF/MANIFEST.MF
+
+
+
+
+
WildFly 10 introduces a new public API for building such services, which significantly simplifies the process, and solves the issues found in the legacy solution. The WildFly 10 Quickstart application named cluster-ha-singleton examples a HA Singleton implementation using the new API, and may be found at https://github.com/jboss-developer/jboss-eap-quickstarts/tree/7.0.x-develop/cluster-ha-singleton
+.
+
+
+
+
Stateful Session EJB Clustering
+
+
WildFly 10 no longer requires Stateful Session EJBs to use the org.jboss.ejb3.annotation.Clustered annotation to enable clustering behavior. By default, if the server is started using an HA profile, the state of your SFSBs will be replicated automatically. Disabling this behavior is achievable on a per-EJB basis, by annotating your bean using @Stateful(passivationCapable=false), which is new to the EJB 3.2 specification; or globally through the configuration of the EJB3 subsystem, in the server configuration.
+
+
+
Note that the @Clustered annotation, if used by an application, is simply ignored, the application deployment will not fail.
+
+
+
+
Web Session Clustering
+
+
WildFly 10 introduces a new web session clustering implementation, replacing the one found in JBoss AS 7, which has been around for ages (since JBoss AS 3.2!), and was tightly coupled to the legacy JBoss Web subsystem source code. The most relevant changes in the new implementation are:
+
+
+
+
+
Introduction of a proper session manager SPI, and an Infinispan implementation of it, decoupled from the web subsystem implementation
+
+
+
Sessions are implemented as a facade over one or more cache entries, which means that the container’s session manager itself does not retain a separate reference to each HttpSession
+
+
+
Pessimistic locking of cache entries effectively ensures that only a single client on a single node ever accesses a given session at any given time
+
+
+
Usage of cache entry grouping, instead of atomic maps, to ensure that multiple cache entries belonging to the same session are co-located.
+
+
+
Session operations within a request only ever use a single batch/transaction. This results in fewer RPCs per request.
+
+
+
Support for write-through cache stores, as well as passivation-only cache stores.
+
+
+
+
+
With respect to applications, the new web session clustering implementation deprecates/reinterprets much of the related configuration, which is included in JBoss’s proprietary web application
+XML descriptor, jboss-web.xml:
+
+
+
+
+
<max-active-sessions/>
+
+
Previously, session creation would fail if an additional session would cause the number of active sessions to exceed the value specified by <max-active-sessions/>.
+
+
+
In the new implementation, <max-active-sessions/> is used to enable session passivation. If session creation would cause the number of active sessions to exceed <max-active-sessions/>, then the oldest session known to the session manager will passivate to make room for the new session.
+
+
+
+
<passivation-config/>
+
+
This configuration element and its sub-elements are no longer used in WildFly.
+
+
+
+
<use-session-passivation/>
+
+
Previously, passivation was enabled via this attribute, yet in the new implementation, passivation is enabled by specifying a non-negative value for <max-active-sessions/>.
+
+
+
+
<passivation-min-idle-time/>
+
+
Previously, sessions needed to be active for at least a specific amount of time before becoming a candidate for passivation. This could cause session creation to fail, even when passivation was enabled.
+
+
+
The new implementation does not support this logic and thus avoids this DoS vulnerability.
+
+
+
+
<passivation-max-idle-time/>
+
+
Previously, a session would be passivated after it was idle for a specific amount of time.
+
+
+
The new implementation does not support eager passivation - only lazy passivation. Sessions are only passivated when necessary to comply with <max-active-sessions/>.
+
+
+
+
<replication-config/>
+
+
The new implementation deprecates a number of sub-elements.
+
+
+
+
<replication-trigger/>
+
+
Previously, session attributes could be treated as either mutable or immutable depending on the values specified by <replication-trigger/>:
+
+
+
+
+
SET treated all attributes as immutable, requiring a separate HttpSession.setAttribute(…) to indicate that the value changed.
+
+
+
SET_AND_GET treated all session attributes as mutable.
+
+
+
SET_AND_NON_PRIMITIVE_GET recognized a small set of types, for example strings and boxed primitives, as immutable, and assumed that any other attribute was mutable.
+
+
The new implementation replaces this configuration option with a single, robust strategy. Session attributes are assumed to be mutable unless one of the following is true:
The value type is or implements a known immutable type:
+
+
+
+
Boolean, Byte, Character, Double, Float, Integer, Long, Short
+
+
+
java.lang.Enum, StackTraceElement, String
+
+
+
java.io.File, java.nio.file.Path
+
+
+
java.math.BigDecimal, BigInteger, MathContext
+
+
+
java.net.InetAddress, InetSocketAddress, URI, URL
+
+
+
java.security.Permission
+
+
+
java.util.Currency, Locale, TimeZone, UUID
+
+
+
+
+
+
The value type is annotated with @org.wildfly.clustering.web.annotation.Immutable
+
+
+
+
+
+
<use-jk/>
+
+
Previously, the instance-id of the node handling a given request was appended to the jsessionid, for use by load balancers such as mod_jk, mod_proxy_balancer, mod_cluster, etc., depending on the value specified for <use-jk/>. In the new implementation, the instance-id, if defined, is always appended to the jsessionid.
+
+
+
+
<max-unreplicated-interval/>
+
+
Previously, this configuration option was an optimization that would prevent the replicate of a session’s timestamp if no session attribute was changed. While this sounds nice, in practice it doesn’t prevent any RPCs, since session access requires cache transaction RPCs regardless of
+whether any session attributes changed. In the new implementation, the timestamp of a session is replicated on every request. This prevents stale session meta data following failover.
+
+
+
+
<snapshot-mode/>
+
+
Previously, one could configure <snapshot-mode/> as INSTANT or INTERVAL. Infinispan’s replication queue renders this configuration option obsolete.
+
+
+
+
<snapshot-interval/>
+
+
Only relevant for <snapshot-mode>INTERVAL</snapshot-mode>. See above.
+
+
+
+
<session-notification-policy/>
+
+
Previously, the value defined by this attribute defined a policy for triggering session events. In the new implementation, this behavior is spec-driven and not configurable.
+
+
+
+
+
+
+
+
26.4.7. Other Specifications and Frameworks
+
+
Remote JNDI Clients
+
+
WildFly 10’s default JNDI Provider URL has changed, which means that external applications, using JNDI to lookup remote resources, for instance an EJB or a Jakarta Messaging Queue, may need to change the value for the JNDI InitialContext environment’s property named
+java.naming.provider.url. The default URL scheme is now
+http-remoting, and the default URL port is now 8080.
+
+
+
As an example, considering the application server host is localhost,
+then clients previously accessing WildFly 10 would use
The specification which aimed to standardize deployment tasks got very little adoption, due to much more "feature rich" proprietary solutions already included in every vendor application server. It was no surprise that JSR-88 support was dropped from Jakarta EE, and WildFly followed that and dropped support too.
+
+
+
A JSR-88 deployment plan is identified by a XML descriptor named deployment-plan.xml, bundled in a zip/jar archive.
+
+
+
+
Module Dependencies
+
+
Applications defining dependencies to WildFly modules, through the application’s package MANIFEST.MF or jboss-deployment-structure.xml, may be referencing missing modules. When migrating an application, relying on such functionality, the presence of the referenced modules should be validated in advance.
+
+
+
+
+
+
+
+
+References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
+
+
+
+
+
+
+
+
+
+
+
27. How do I migrate my application from WebLogic to WildFly
+
+
+
The purpose of this guide is to document the application changes that
+are needed to successfully run and deploy WebLogic applications on
+WildFly.
+
+
+
+
+
+
+
+
+Feel free to add content in any way you prefer. You do not need to
+follow the template below. This is a work in progress.
+
+
+
+
+
+
27.1. Introduction
+
+
27.1.1. About this Guide
+
+
The purpose of this document is to guide you through the planning
+process and migration of fairly simple and standard Oracle WebLogic
+applications to WildFly. O
+
+
+
+
+
+
+
28. How do I migrate my application from WebSphere to WildFly
+
+
+
The purpose of this guide is to document the application changes that
+are needed to successfully run and deploy WebLogic applications on
+WildFly.
+
+
+
+
+
+
+
+
+Feel free to add content in any way you prefer. You do not need to
+follow the template below. This is a work in progress.
+
+
+
+
+
+
28.1. Introduction
+
+
28.1.1. About this Guide
+
+
The purpose of this document is to guide you through the planning
+process and migration of fairly simple and standard Oracle WebLogic
+applications to WildFly.
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/latest/Extending_WildFly.html b/latest/Extending_WildFly.html
new file mode 100644
index 000000000..023d5e471
--- /dev/null
+++ b/latest/Extending_WildFly.html
@@ -0,0 +1,8758 @@
+
+
+
+
+
+
+
+
+Extending WildFly
+
+
+
+
+
+
+
+
Extending WildFly
+
+WildFly code development team
+version 29.0.0.Final,
+2023-07-20T17:19:12Z
+
In this document we provide an example of how to extend the kernel
+functionality of WildFly via an extension and the subsystem it installs.
+The WildFly kernel is very simple and lightweight; most of the
+capabilities people associate with an application server are provided
+via extensions and their subsystems. The WildFly distribution includes
+many extensions and subsystems; the webserver integration is via a
+subsystem; the transaction manager integration is via a subsystem, the
+Jakarta Enterprise Beans container integration is via a subsystem, etc.
+
+
+
This document is divided into two main sections. The
+first is focused on learning by doing. This
+section will walk you through the steps needed to create your own
+subsystem, and will touch on most of the concepts discussed elsewhere in
+this guide. The
+second
+focuses on a conceptual overview of the key interfaces and classes
+described in the example. Readers should feel free to start with the
+second section if that better fits their learning style. Jumping back
+and forth between the sections is also a good strategy.
+
+
+
+
+
+
1. Target Audience
+
+
+
1.1. Prerequisites
+
+
You should know how to download, install and run WildFly. If not please
+consult the Getting Started Guide. You
+should also be familiar with the management concepts from the
+Admin Guide, particularly the
+Core management concepts section and
+you need Java development experience to follow the example in this
+guide.
+
+
+
+
1.2. Examples in this guide
+
+
Most of the examples in this guide are being expressed as excerpts of
+the XML configuration files or by using a representation of the de-typed
+management model.
+
+
+
+
+
+
2. Example subsystem
+
+
+
Our example subsystem will keep track of all deployments of certain
+types containing a special marker file, and expose operations to see how
+long these deployments have been deployed.
+
+
+
2.1. Create the skeleton project
+
+
To make your life easier we have provided a maven archetype which will
+create a skeleton project for implementing subsystems.
Maven will download the archetype and it’s dependencies, and ask you
+some questions:
+
+
+
+
$ mvn archetype:generate \
+ -DarchetypeArtifactId=wildfly-subsystem \
+ -DarchetypeGroupId=org.wildfly.archetype \
+ -DarchetypeVersion=26.1.0.Final \
+ -DarchetypeRepository=https://repository.jboss.org/nexus/content/groups/public
+[INFO] Scanning for projects...
+[INFO]
+[INFO] ------------------------------------------------------------------------
+[INFO] Building Maven Stub Project (No POM) 1
+[INFO] ------------------------------------------------------------------------
+[INFO]
+
+.........
+
+Define value for property 'module': com.acme.corp.tracker
+Define value for property 'groupId': com.acme.corp
+Define value for property 'artifactId': acme-subsystem
+Define value for property 'version': 1.0-SNAPSHOT: :
+Define value for property 'package': com.acme.corp: : com.acme.corp.tracker
+[INFO] Using property: name = WildFly subsystem project
+Confirm properties configuration:
+groupId: com.acme.corp
+artifactId: acme-subsystem
+version: 1.0-SNAPSHOT
+package: com.acme.corp.tracker
+module: com.acme.corp.tracker
+name: WildFly subsystem project
+ Y: : Y
+[INFO] ------------------------------------------------------------------------
+[INFO] BUILD SUCCESS
+[INFO] ------------------------------------------------------------------------
+[INFO] Total time: 1:42.563s
+[INFO] Finished at: Fri Jul 08 14:30:09 BST 2011
+[INFO] Final Memory: 7M/81M
+[INFO] ------------------------------------------------------------------------
+$
+
+
+
+
+
+
+
+
+
+
+
Instruction
+
+
+
+
+
1
+
Enter the module name you wish to use for your extension.
+
+
+
2
+
Enter the groupId you wish to use
+
+
+
3
+
Enter the artifactId you wish to use
+
+
+
4
+
Enter the version you wish to use, or just hit Enter if you wish to
+accept the default 1.0-SNAPSHOT
+
+
+
5
+
Enter the java package you wish to use, or just hit Enter if you
+wish to accept the default (which is copied from groupId ).
+
+
+
6
+
Finally, if you are happy with your choices, hit Enter and Maven
+will generate the project for you.
+
+
+
+
+
We now have a skeleton project that you can use to
+implement a subsystem. Import the acme-subsystem project into your
+favourite IDE. A nice side-effect of running this in the IDE is that you
+can see the javadoc of WildFly classes and interfaces imported by the
+skeleton code. If you do a mvn install in the project it will work if
+we plug it into WildFly, but before doing that we will change it to do
+something more useful.
+
+
+
The rest of this section modifies the skeleton project created by the
+archetype to do something more useful, and the full code can be found in
+acme-subsystem.zip.
+
+
+
If you do a mvn install in the created project, you will see some
+tests being run
+
+
+
+
$mvn install
+[INFO] Scanning for projects...
+[...]
+[INFO] Surefire report directory: /Users/kabir/sourcecontrol/temp/archetype-test/acme-subsystem/target/surefire-reports
+
+-------------------------------------------------------
+ T E S T S
+-------------------------------------------------------
+Running com.acme.corp.tracker.extension.SubsystemBaseParsingTestCase
+Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.424 sec
+Running com.acme.corp.tracker.extension.SubsystemParsingTestCase
+Tests run: 6, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.074 sec
+
+Results :
+
+Tests run: 3, Failures: 0, Errors: 0, Skipped: 0
+[...]
First, let us define the schema for our subsystem. Rename
+src/main/resources/schema/mysubsystem.xsd to
+src/main/resources/schema/acme.xsd. Then open acme.xsd and modify it
+to the following
Note that we modified the xmlns and targetNamespace values to
+urn.com.acme.corp.tracker:1.0. Our new subsystem element has a child
+called deployment-types, which in turn can have zero or more children
+called deployment-type. Each deployment-type has a required suffix
+attribute, and a tick attribute which defaults to true.
+
+
+
Now modify the com.acme.corp.tracker.extension.SubsystemExtension
+class to contain the new namespace.
+
+
+
+
publicclassSubsystemExtensionimplements Extension {
+
+ /** The name space used for the {@code substystem} element */
+ publicstaticfinalString NAMESPACE = "urn:com.acme.corp.tracker:1.0";
+ ...
+
+
+
+
+
2.3. Design and define the model structure
+
+
The following example xml contains a valid subsystem configuration, we
+will see how to plug this in to WildFly later in this tutorial.
Now when designing our model, we can either do a one to one mapping
+between the schema and the model or come up with something slightly or
+very different. To keep things simple, let us stay pretty true to the
+schema so that when executing a :read-resource(recursive=true) against
+our subsystem we’ll see something like:
Each deployment-type in the xml becomes in the model a child resource
+of the subsystem’s root resource. The child resource’s child-type is
+type, and it is indexed by its suffix. Each type resource then
+contains the tick attribute.
+
+
+
We also need a name for our subsystem, to do that change
+com.acme.corp.tracker.extension.SubsystemExtension:
+
+
+
+
publicclassSubsystemExtensionimplements Extension {
+ ...
+ /** The name of our subsystem within the model. */
+ public staticfinalString SUBSYSTEM_NAME = "tracker";
+ ...
+
+
+
+
Modify the src/main/resources/com/acme/corp/tracker/LocalDescriptions.properties
+with the new extension name, too
+
+
+
+
tracker=My Tracker subsystem
+tracker.add=Operation Adds subsystem
+tracker.remove=Operation Removes subsystem
+tracker.type=The type of file
+tracker.type.add=Operation Adds type child
+tracker.type.remove=Operation Removes type child
+tracker.type.tick=The tick time in millis
+
+
+
+
Once we are finished our subsystem will be available under
+/subsystem=tracker.
+
+
+
The SubsystemExtension.initialize() method defines the model,
+currently it sets up the basics to add our subsystem to the model:
+
+
+
+
@Override
+publicvoid initialize(ExtensionContext context) {
+ //register subsystem with its model version
+final SubsystemRegistration subsystem = context.registerSubsystem(SUBSYSTEM_NAME, ModelVersion.create(1, 0));
+ //register subsystem model with subsystem definition that defines all attributes and operations
+final ManagementResourceRegistration registration = subsystem.registerSubsystemModel(SubsystemDefinition.INSTANCE);
+ //register describe operation, note that this can be also registered in SubsystemDefinition
+ registration.registerOperationHandler(GenericSubsystemDescribeHandler.DEFINITION, GenericSubsystemDescribeHandler.INSTANCE);
+//we can register additional submodels here
+ //
+ subsystem.registerXMLElementWriter(parser);
+}
+
+
+
+
The registerSubsystem() call registers our subsystem with the
+extension context. At the end of the method we register our parser with
+the returned SubsystemRegistration to be able to marshal our
+subsystem’s model back to the main configuration file when it is
+modified. We will add more functionality to this method later.
+
+
+
2.3.1. Registering the core subsystem model
+
+
Next we obtain a ManagementResourceRegistration by registering the
+subsystem model. This is a compulsory step for every new subsystem.
+
+
+
+
final ManagementResourceRegistration registration = subsystem.registerSubsystemModel(SubsystemDefinition.INSTANCE);
+
+
+
+
Its parameter is an implementation of the ResourceDefinition
+interface, which means that when you call
+/subsystem=tracker:read-resource-description the information you see
+comes from model that is defined by SubsystemDefinition.INSTANCE.
+
+
+
+
publicclassSubsystemDefinitionextends PersistentResourceDefinition {
+
+ staticfinal AttributeDefinition[] ATTRIBUTES = { /* you can include attributes here */ };
+
+ staticfinal SubsystemDefinition INSTANCE = new SubsystemDefinition();
+
+ private SubsystemDefinition() {
+ super(SubsystemExtension.SUBSYSTEM_PATH,
+ SubsystemExtension.getResourceDescriptionResolver(null),
+ //We always need to add an 'add' operation
+ SubsystemAdd.INSTANCE,
+ //Every resource that is added, normally needs a remove operation
+ SubsystemRemove.INSTANCE);
+ }
+
+ @Override
+ publicvoid registerOperations(ManagementResourceRegistration resourceRegistration) {
+ super.registerOperations(resourceRegistration);
+ //you can register additional operations here
+ }
+
+ @Override
+ publicCollection<AttributeDefinition> getAttributes() {
+ returnArrays.asList(ATTRIBUTES);
+ }
+}
+
+
+
+
Since we need child resource type we need to add new
+ResourceDefinition,
+
+
+
The ManagementResourceRegistration obtained in
+SubsystemExtension.initialize() is then used to add additional
+operations or to register submodels to the /subsystem=tracker address.
+Every subsystem and resource must have an ADD method which can be
+achieved by providing it in constructor of your ResourceDefinition
+just as we did in example above.
+
+
+
Let us first look at the description provider which is quite simple,
+it provides information (description, list of attributes, list of children)
+describing the structure of an addressable model node or operation.
+
+
+
There are three way to define DescriptionProvider, one is by defining it
+by hand using ModelNode, but as this has show to be very error prone
+there are lots of helper methods to help you automatically describe the
+model. Following example is done by manually defining Description
+provider for ADD operation handler
+
+
+
+
/**
+ * Used to create the description of the subsystem add method
+ */
+ publicstatic DescriptionProvider SUBSYSTEM_ADD = new DescriptionProvider() {
+ public ModelNode getModelDescription(Locale locale) {
+ //The locale is passed in so you can internationalize the strings used in the descriptions
+
+ final ModelNode subsystem = new ModelNode();
+ subsystem.get(OPERATION_NAME).set(ADD);
+ subsystem.get(DESCRIPTION).set("Adds the tracker subsystem");
+
+ return subsystem;
+ }
+ };
+
+
+
+
You can also use API that helps you do that for you. SimpleOperationDefinitionBuilder
+is the class for the case. With a set of fields to build operation’s definitions.
+In case you use PersistentResourceDefinition even that part is hidden from you.
+
+
+
+
// Registration of an add operation
+resourceRegistration.registerOperationHandler(new SimpleOperationDefinitionBuilder(ModelDescriptionConstants.ADD, SubsystemExtension.getResourceDescriptionResolver(null)).build(), SubsystemAdd.INSTANCE);
+// Registration of a remove operation
+resourceRegistration.registerOperationHandler(new SimpleOperationDefinitionBuilder(ModelDescriptionConstants.REMOVE, SubsystemExtension.getResourceDescriptionResolver(null)).build(), SubsystemAdd.INSTANCE);
+// Registration of a custom operation
+resourceRegistration.registerOperationHandler(new SimpleOperationDefinitionBuilder("mime-type", SubsystemExtension.getResourceDescriptionResolver("container.mime-mapping")).build(), new MimeTypeStepOperationHandler());
+
+
+
+
The last one is implicit used when you pass the operation handler through the
+SimpleResourceDefinition class constructor. A DefaultResourceAddDescriptionProvider
+will be create under the hood. For this reason, you don’t need to add a description
+provider explicit in this example
+
+
+
+
// The framework will take care to handle a default `DescriptionProvider`
+private SubsystemDefinition() {
+ super(SubsystemExtension.SUBSYSTEM_PATH,
+ SubsystemExtension.getResourceDescriptionResolver(null),
+ //We always need to add an 'add' operation
+ SubsystemAdd.INSTANCE,
+ //Every resource that is added, normally needs a remove operation
+ SubsystemRemove.INSTANCE);
+}
+
+
+
+
Next we have the actual operation handler instance, note that we have
+changed its populateModel() method to initialize the type child of
+the model.
SubsystemAdd also has a performBoottime() method which is used for
+initializing the deployer chain associated with this subsystem. We will
+talk about the deployers later on. However, the basic idea for all
+operation handlers is that we do any model updates before changing the
+actual runtime state.
+
+
+
SubsystemRemove extends AbstractRemoveStepHandler which takes care
+of removing the resource from the model so we don’t need to override its
+performRemove() operation, also the add handler did not install any
+services (services will be discussed later) so we can delete the methods
+performRuntime() and recoverServices() generated by the archetype.
Now, we need an add operation to add the type child. Create a class
+called com.acme.corp.tracker.extension.TypeAddHandler. In this case we
+extend the org.jboss.as.controller.AbstractAddStepHandler.
+org.jboss.as.controller.OperationStepHandler is the main
+interface for the operation handlers, and AbstractAddStepHandler is an
+implementation of that which does the plumbing work for adding a
+resource to the model.
Which will take care of describing the model for us. As you can see in
+example above we define SimpleAttributeDefinition named TICK, this
+is a mechanism to define Attributes in more type safe way and to add
+more common API to manipulate attributes. As you can see here we define
+default value of 1000 as also other constraints and capabilities. There
+could be other properties set such as validators, alternate names, xml
+name, flags for marking it attribute allows expressions and more.
+
+
+
Then we do the work of updating the model by implementing the
+populateModel() method from the AbstractAddStepHandler, which
+populates the model’s attribute from the operation parameters. First we
+get hold of the model relative to the address of this operation (we will
+see later that we will register it against /subsystem=tracker/type=*),
+so we just specify an empty relative address, and we then populate our
+model with the parameters from the operation. There is operation
+validateAndSet on AttributeDefinition that helps us validate and set
+the model based on definition of the attribute.
We then override the performRuntime() method to perform our runtime
+changes, which in this case involves installing a service into the
+controller at the heart of WildFly. (
+AbstractAddStepHandler.performRuntime() is similar to
+AbstractBoottimeAddStepHandler.performBoottime() in that the model is
+updated before runtime changes are made.
Since the add methods will be of the format
+/subsystem=tracker/suffix=war:add(tick=1234), we look for the last
+element of the operation address, which is war in the example just
+given and use that as our suffix. We then create an instance of
+TrackerService and install that into the service target of the context
+and add the created service controller to the newControllers list.
+
+
+
The tracker service is quite simple. All services installed into WildFly
+must implement the org.jboss.msc.Service interface.
+
+
+
+
publicclassTrackerServiceimplements Service {
+
+
+
+
We then have some fields to keep the tick count and a thread which when
+run outputs all the deployments registered with our service.
Next we have three methods which come from the Service interface.
+getValue() returns this service, start() is called when the service
+is started by the controller, stop is called when the service is
+stopped by the controller, and they start and stop the thread outputting
+the deployments.
Since we are able to add type children, we need a way to be able to
+remove them, so we create a
+com.acme.corp.tracker.extension.TypeRemoveHandler. In this case we
+extend AbstractRemoveStepHandler which takes care of removing the
+resource from the model so we don’t need to override its
+performRemove() operation. Once the add handler installs the TrackerService,
+we need to remove that in the performRuntime() method.
So far TypeDefinition is just a simple Java class, however, it must be an
+addressable management resource. Modify this class to extend SimpleResourceDefinition,
+register the Add and Remove handlers created before and register the TICK attribute:
Then finally we need to specify that our new type child and associated
+handlers go under /subsystem=tracker/type=* in the model by adding
+registering it with the model in SubsystemExtension.initialize(). So
+we add the following just before the end of the method.
+
+
+
+
@Override
+publicvoid initialize(ExtensionContext context){
+ final SubsystemRegistration subsystem = context.registerSubsystem(SUBSYSTEM_NAME, ModelVersion.create(1, 0));
+ final ManagementResourceRegistration registration = subsystem.registerSubsystemModel(SubsystemExtension.INSTANCE);
+ registration.registerOperationHandler(GenericSubsystemDescribeHandler.DEFINITION, GenericSubsystemDescribeHandler.INSTANCE);
+ //Add the type child
+ ManagementResourceRegistration typeChild = registration.registerSubModel(TypeDefinition.INSTANCE);
+ subsystem.registerXMLElementWriter(parser);
+}
+
+
+
+
The above first creates a child of our main subsystem registration for
+the relative address type=*, and gets the typeChild registration.
+To this we add the TypeAddHandler and TypeRemoveHandler.
+The add variety is added under the name add and the remove handler
+under the name remove, and for each registered operation handler we
+use the handler singleton instance as both the handler parameter and as
+the DescriptionProvider.
+
+
+
Finally, we register tick as a read/write attribute, the null
+parameter means we don’t do anything special with regards to reading it,
+for the write handler we supply it with an operation handler called
+TrackerTickHandler.
+Registering it as a read/write attribute means we can use the
+:write-attribute operation to modify the value of the parameter, and
+it will be handled by TrackerTickHandler.
+
+
+
Not registering a write attribute handler makes the attribute read only.
+
+
+
TrackerTickHandler extends AbstractWriteAttributeHandler
+directly, and so must implement its applyUpdateToRuntime and
+revertUpdateToRuntime method.
+This takes care of model manipulation (validation, setting) but leaves
+us to do just to deal with what we need to do.
The operation used to execute this will be of the form
+/subsystem=tracker/type=war:write-attribute(name=tick,value=12345) so
+we first get the suffix from the operation address, and the tick
+value from the operation parameter’s resolvedValue parameter, and use
+that to update the model.
+
+
+
+
+
2.4. Parsing and marshalling of the subsystem xml
+
+
WildFly uses the Stax API to parse the xml files. This is initialized in
+SubsystemExtension by mapping our parser onto our namespace:
+
+
+
+
publicclassSubsystemExtensionimplements Extension {
+
+ /** The name space used for the {@code subsystem} element */
+ publicstaticfinalString NAMESPACE = "urn:com.acme.corp.tracker:1.0";
+ ...
+ protected staticfinal PathElement SUBSYSTEM_PATH = PathElement.pathElement(SUBSYSTEM, SUBSYSTEM_NAME);
+protectedstaticfinal PathElement TYPE_PATH = PathElement.pathElement(TYPE);
+
+ /** The parser used for parsing our subsystem */
+ privatefinal SubsystemParser parser = new SubsystemParser();
+
+ @Override
+ publicvoid initializeParsers(ExtensionParsingContext context) {
+ context.setSubsystemXmlMapping(NAMESPACE, parser);
+ }
+ ...
+
+
+
+
We then need to write the parser. The contract is that we read our
+subsystem’s xml and create the operations that will populate the model
+with the state contained in the xml. These operations will then be
+executed on our behalf as part of the parsing process. The entry point
+is the readElement() method.
+
+
+
+
publicclassSubsystemExtensionimplements Extension {
+
+ /**
+ * The subsystem parser, which uses stax to read and write to and from xml
+ */
+ privatestaticclassSubsystemParserimplements XMLStreamConstants, XMLElementReader<List<ModelNode>>, XMLElementWriter<SubsystemMarshallingContext> {
+
+ /** {@inheritDoc} */
+ @Override
+ publicvoid readElement(XMLExtendedStreamReader reader, List<ModelNode> list) throws XMLStreamException {
+ // Require no attributes
+ ParseUtils.requireNoAttributes(reader);
+
+ //Add the main subsystem 'add' operation
+ final ModelNode subsystem = new ModelNode();
+ subsystem.get(OP).set(ADD);
+ subsystem.get(OP_ADDR).set(PathAddress.pathAddress(SUBSYSTEM_PATH).toModelNode());
+ list.add(subsystem);
+
+ //Read the children
+ while (reader.hasNext() && reader.nextTag() != END_ELEMENT) {
+ if (!reader.getLocalName().equals("deployment-types")) {
+ throw ParseUtils.unexpectedElement(reader);
+ }
+ while (reader.hasNext() && reader.nextTag() != END_ELEMENT) {
+ if (reader.isStartElement()) {
+ readDeploymentType(reader, list);
+ }
+ }
+ }
+ }
+
+ privatevoid readDeploymentType(XMLExtendedStreamReader reader, List<ModelNode> list) throws XMLStreamException {
+if (!reader.getLocalName().equals("deployment-type")) {
+throw ParseUtils.unexpectedElement(reader);
+ }
+ ModelNode addTypeOperation = new ModelNode();
+ addTypeOperation.get(OP).set(ModelDescriptionConstants.ADD);
+
+String suffix = null;
+for (int i = 0; i < reader.getAttributeCount(); i++) {
+String attr = reader.getAttributeLocalName(i);
+String value = reader.getAttributeValue(i);
+if (attr.equals("tick")) {
+ TypeDefinition.TICK.parseAndSetParameter(value, addTypeOperation, reader);
+ } elseif (attr.equals("suffix")) {
+ suffix = value;
+ } else {
+throw ParseUtils.unexpectedAttribute(reader, i);
+ }
+ }
+ ParseUtils.requireNoContent(reader);
+if (suffix == null) {
+throw ParseUtils.missingRequiredElement(reader, Collections.singleton("suffix"));
+ }
+
+//Add the 'add' operation for each 'type' child
+ PathAddress addr = PathAddress.pathAddress(SUBSYSTEM_PATH, PathElement.pathElement(TYPE, suffix));
+ addTypeOperation.get(OP_ADDR).set(addr.toModelNode());
+ list.add(addTypeOperation);
+ }
+ ...
+
+
+
+
So in the above we always create the add operation for our subsystem.
+Due to its address /subsystem=tracker defined by SUBSYSTEM_PATH this
+will trigger the SubsystemAdd we created earlier when we invoke
+/subsystem=tracker:add. We then parse the child elements and create an
+add operation for the child address for each type child. Since the
+address will for example be /subsystem=tracker/type=sar (defined by
+TYPE_PATH ) and TypeAddHandler is registered for all type
+subaddresses the TypeAddHandler will get invoked for those operations.
+Note that when we are parsing attribute tick we are using definition
+of attribute that we defined in TypeDefintion to parse attribute value
+and apply all rules that we specified for this attribute, this also
+enables us to property support expressions on attributes.
+
+
+
The parser is also used to marshal the model to xml whenever something
+modifies the model, for which the entry point is the writeContent()
+method:
+
+
+
+
privatestaticclassSubsystemParserimplements XMLStreamConstants, XMLElementReader<List<ModelNode>>, XMLElementWriter<SubsystemMarshallingContext> {
+ ...
+ /** {@inheritDoc} */
+ @Override
+ publicvoid writeContent(final XMLExtendedStreamWriter writer, final SubsystemMarshallingContext context) throws XMLStreamException {
+//Write out the main subsystem element
+ context.startSubsystemElement(SubsystemExtension.NAMESPACE, false);
+ writer.writeStartElement("deployment-types");
+ ModelNode node = context.getModelNode();
+ ModelNode type = node.get(TYPE);
+for (Property property : type.asPropertyList()) {
+
+//write each child element to xml
+ writer.writeStartElement("deployment-type");
+ writer.writeAttribute("suffix", property.getName());
+ ModelNode entry = property.getValue();
+ TypeDefinition.TICK.marshallAsAttribute(entry, true, writer);
+ writer.writeEndElement();
+ }
+//End deployment-types
+ writer.writeEndElement();
+//End subsystem
+ writer.writeEndElement();
+ }
+ }
+
+
+
+
Then we have to implement the SubsystemDescribeHandler which
+translates the current state of the model into operations similar to the
+ones created by the parser. The SubsystemDescribeHandler is only used
+when running in a managed domain, and is used when the host controller
+queries the domain controller for the configuration of the profile used
+to start up each server. In our case the SubsystemDescribeHandler adds
+the operation to add the subsystem and then adds the operation to add
+each type child. Since we are using ResourceDefinitinon for defining
+subsystem all that is generated for us, but if you want to customize
+that you can do it by implementing it like this.
+
+
+
+
privatestaticclassSubsystemDescribeHandlerimplements OperationStepHandler, DescriptionProvider {
+ staticfinal SubsystemDescribeHandler INSTANCE = new SubsystemDescribeHandler();
+
+ publicvoid execute(OperationContext context, ModelNode operation) throws OperationFailedException {
+ //Add the main operation
+ context.getResult().add(createAddSubsystemOperation());
+
+ //Add the operations to create each child
+
+ ModelNode node = context.readModel(PathAddress.EMPTY_ADDRESS);
+ for (Property property : node.get("type").asPropertyList()) {
+
+ ModelNode addType = new ModelNode();
+ addType.get(OP).set(ModelDescriptionConstants.ADD);
+ PathAddress addr = PathAddress.pathAddress(SUBSYSTEM_PATH, PathElement.pathElement("type", property.getName()));
+ addType.get(OP_ADDR).set(addr.toModelNode());
+ if (property.getValue().hasDefined("tick")) {
+ TypeDefinition.TICK.validateAndSet(property,addType);
+ }
+ context.getResult().add(addType);
+ }
+ context.completeStep();
+ }
+
+
+}
+
+
+
+
2.4.1. Testing the parsers
+
+
From 7.0.1 the testing framework is now brought in via the
+org.jboss.as:jboss-as-subsystem-test maven artifact, and the test’s
+superclass is org.jboss.as.subsystem.test.AbstractSubsystemTest. The
+concepts are the same but more and more functionality will be available
+as JBoss AS 7 is developed.
+
+
+
Now that we have modified our parsers we need to update our tests to
+reflect the new model. There are currently three tests testing the basic
+functionality, something which is a lot easier to debug from your IDE
+before you plug it into the application server. We will talk about these
+tests in turn and they all live in
+com.acme.corp.tracker.extension.SubsystemParsingTestCase.
+SubsystemParsingTestCase extends AbstractSubsystemTest which does a
+lot of the setup for you and contains utility methods for verifying
+things from your test. See the javadoc of that class for more
+information about the functionality available to you. And by all means
+feel free to add more tests for your subsystem, here we are only testing
+for the best case scenario while you will probably want to throw in a
+few tests for edge cases.
+
+
+
The first test we need to modify is testParseSubsystem(). It tests
+that the parsed xml becomes the expected operations that will be parsed
+into the server, so let us tweak this test to match our subsystem. First
+we tell the test to parse the xml into operations
There should be one operation for adding the subsystem itself and an
+operation for adding the deployment-type, so check we got two
+operations
+
+
+
+
///Check that we have the expected number of operations
+Assert.assertEquals(2, operations.size());
+
+
+
+
Now check that the first operation is add for the address
+/subsystem=tracker:
+
+
+
+
//Check that each operation has the correct content
+//The add subsystem operation will happen first
+ModelNode addSubsystem = operations.get(0);
+Assert.assertEquals(ADD, addSubsystem.get(OP).asString());
+PathAddress addr = PathAddress.pathAddress(addSubsystem.get(OP_ADDR));
+Assert.assertEquals(1, addr.size());
+PathElement element = addr.getElement(0);
+Assert.assertEquals(SUBSYSTEM, element.getKey());
+Assert.assertEquals(SubsystemExtension.SUBSYSTEM_NAME, element.getValue());
+
+
+
+
Then check that the second operation is add for the address
+/subsystem=tracker, and that 12345 was picked up for the value of
+the tick parameter:
+
+
+
+
//Then we will get the add type operation
+ ModelNode addType = operations.get(1);
+ Assert.assertEquals(ADD, addType.get(OP).asString());
+ Assert.assertEquals(12345, addType.get("tick").asLong());
+ addr = PathAddress.pathAddress(addType.get(OP_ADDR));
+ Assert.assertEquals(2, addr.size());
+ element = addr.getElement(0);
+ Assert.assertEquals(SUBSYSTEM, element.getKey());
+ Assert.assertEquals(SubsystemExtension.SUBSYSTEM_NAME, element.getValue());
+ element = addr.getElement(1);
+ Assert.assertEquals("type", element.getKey());
+ Assert.assertEquals("tst", element.getValue());
+}
+
+
+
+
The second test we need to modify is testInstallIntoController() which
+tests that the xml installs properly into the controller. In other words
+we are making sure that the add operations we created earlier work
+properly. First we create the xml and install it into the controller.
+Behind the scenes this will parse the xml into operations as we saw in
+the last test, but it will also create a new controller and boot that up
+using the created operations
+
+
+
+
@Test
+publicvoid testInstallIntoController() throwsException {
+ //Parse the subsystem xml and install into the controller
+ String subsystemXml =
+ "<subsystem xmlns=\"" + SubsystemExtension.NAMESPACE + "\">" +
+ " <deployment-types>" +
+ " <deployment-type suffix=\"tst\" tick=\"12345\"/>" +
+ " </deployment-types>" +
+ "</subsystem>";
+ KernelServices services = super.createKernelServicesBuilder(null).setSubsystemXml(subsystemXml).build();
+
+
+
+
The returned KernelServices allow us to execute operations on the
+controller, and to read the whole model.
+
+
+
+
//Read the whole model and make sure it looks as expected
+ModelNode model = services.readWholeModel();
+//Useful for debugging :-)
+//System.out.println(model);
+
+
+
+
Now we make sure that the structure of the model within the controller
+has the expected format and values
The last test provided is called testParseAndMarshalModel(). It’s main
+purpose is to make sure that our SubsystemParser.writeContent() works
+as expected. This is achieved by starting a controller in the same way
+as before
+
+
+
+
@Test
+publicvoid testParseAndMarshalModel() throwsException {
+ //Parse the subsystem xml and install into the first controller
+ String subsystemXml =
+ "<subsystem xmlns=\"" + SubsystemExtension.NAMESPACE + "\">" +
+ " <deployment-types>" +
+ " <deployment-type suffix=\"tst\" tick=\"12345\"/>" +
+ " </deployment-types>" +
+ "</subsystem>";
+ KernelServices servicesA = super.createKernelServicesBuilder(null).setSubsystemXml(subsystemXml).build();
+
+
+
+
Now we read the model and the xml that was persisted from the first
+controller, and use that xml to start a second controller
+
+
+
+
//Get the model and the persisted xml from the first controller
+ModelNode modelA = servicesA.readWholeModel();
+String marshalled = servicesA.getPersistedSubsystemXml();
+
+//Install the persisted xml from the first controller into a second controller
+KernelServices servicesB = super.createKernelServicesBuilder(null).setSubsystemXml(marshalled).build();
+
+
+
+
Finally we read the model from the second controller, and make sure that
+the models are identical by calling compare() on the test superclass.
+
+
+
+
ModelNode modelB = servicesB.readWholeModel();
+
+ //Make sure the models from the two controllers are identical
+ super.compare(modelA, modelB);
+}
+
+
+
+
To test the removal of the the subsystem and child resources we modify
+the testSubsystemRemoval() test provided by the archetype:
+
+
+
+
/**
+ * Tests that the subsystem can be removed
+ */
+ @Test
+ publicvoid testSubsystemRemoval() throwsException {
+ //Parse the subsystem xml and install into the first controller
+
+
+
+
We provide xml for the subsystem installing a child, which in turn
+installs a TrackerService
Having installed the xml into the controller we make sure the
+TrackerService is there
+
+
+
+
//Sanity check to test the service for 'tst' was there
+services.getContainer().getRequiredService(TrackerService.createServiceName("tst"));
+
+
+
+
This call from the subsystem test harness will call remove for each
+level in our subsystem, children first and validate
+that the subsystem model is empty at the end.
+
+
+
+
//Checks that the subsystem was removed from the model
+super.assertRemoveSubsystemResources(services);
+
+
+
+
Finally we check that all the services were removed by the remove
+handlers
+
+
+
+
//Check that any services that were installed were removed here
+ try {
+ services.getContainer().getRequiredService(TrackerService.createServiceName("tst"));
+ Assert.fail("Should have removed services");
+ } catch (Exception expected) {
+ }
+}
+
+
+
+
For good measure let us throw in another test which adds a
+deployment-type and also changes its attribute at runtime. So first of
+all boot up the controller with the same xml we have been using so far
To give you exposure to other ways of doing things, now instead of
+reading the whole model to check the attribute, we call read-attribute
+instead, and make sure it has the value we set it to.
+
+
+
+
//Check that write attribute took effect, this time by calling read-attribute instead of reading the whole model
+ModelNode readOp = new ModelNode();
+readOp.get(OP).set(READ_ATTRIBUTE_OPERATION);
+readOp.get(OP_ADDR).set(fooTypeAddr.toModelNode());
+readOp.get(NAME).set("tick");
+result = services.executeOperation(readOp);
+Assert.assertEquals(3456, checkResultAndGetContents(result).asLong());
+
+
+
+
Since each type installs its own copy of TrackerService, we get the
+TrackerService for type=foo from the service container exposed by
+the kernel services and make sure it has the right value
+
+
+
+
TrackerService service = (TrackerService)services.getContainer().getService(TrackerService.createServiceName("foo")).getValue();
+ Assert.assertEquals(3456, service.getTick());
+}
+
+
+
+
TypeDefinition.TICK.
+
+
+
+
+
2.5. Add the deployers
+
+
When discussing SubsystemAdd we did not mention the work done
+to install the deployers, which is done in the following method:
+
+
+
+
@Override
+ publicvoid performBoottime(OperationContext context, ModelNode operation, ModelNode model,
+ ServiceVerificationHandler verificationHandler, List<ServiceController<?>> newControllers)
+ throws OperationFailedException {
+
+ log.info("Populating the model");
+
+ //Add deployment processors here
+ //Remove this if you don't need to hook into the deployers, or you can add as many as you like
+ //see SubDeploymentProcessor for explanation of the phases
+ context.addStep(new AbstractDeploymentChainStep() {
+ publicvoid execute(DeploymentProcessorTarget processorTarget) {
+ processorTarget.addDeploymentProcessor(SubsystemExtension.SUBSYSTEM_NAME, SubsystemDeploymentProcessor.PHASE, SubsystemDeploymentProcessor.PRIORITY, new SubsystemDeploymentProcessor());
+
+ }
+ }, OperationContext.Stage.RUNTIME);
+
+ }
+
+
+
+
This adds an extra step which is responsible for installing deployment
+processors. You can add as many as you like, or avoid adding any all
+together depending on your needs. Each processor has a Phase and a
+priority. Phases are sequential, and a deployment passes through each
+phases deployment processors. The priority specifies where within a
+phase the processor appears. See org.jboss.as.server.deployment.Phase
+for more information about phases.
+
+
+
In our case we are keeping it simple and staying with one deployment
+processor with the phase and priority created for us by the maven
+archetype. The phases will be explained in the next section. The
+deployment processor is as follows:
The deploy() method is called when a deployment is being deployed. In
+this case we look for the TrackerService instance for the service name
+created from the deployment’s suffix. If there is one it means that we
+are meant to be tracking deployments with this suffix (i.e.
+TypeAddHandler was called for this suffix), and if we find one we add
+the deployment’s name to it. Similarly undeploy() is called when a
+deployment is being undeployed, and if there is a TrackerService
+instance for the deployment’s suffix, we remove the deployment’s name
+from it.
+
+
+
2.5.1. Deployment phases and attachments
+
+
The code in the SubsystemDeploymentProcessor uses an attachment, which
+is the means of communication between the individual deployment
+processors. A deployment processor belonging to a phase may create an
+attachment which is then read further along the chain of deployment unit
+processors. In the above example we look for the
+Attachments.DEPLOYMENT_ROOT attachment, which is a view of the file
+structure of the deployment unit put in place before the chain of
+deployment unit processors is invoked.
+
+
+
As mentioned above, the deployment unit processors are organized in
+phases, and have a relative order within each phase. A deployment unit
+passes through all the deployment unit processors in that order. A
+deployment unit processor may choose to take action or not depending on
+what attachments are available. Let’s take a quick look at what the
+deployment unit processors for in the phases described in
+org.jboss.as.server.deployment.Phase.
+
+
+
STRUCTURE
+
+
The deployment unit processors in this phase determine the structure of
+a deployment, and looks for sub deployments and metadata files.
+
+
+
+
PARSE
+
+
In this phase the deployment unit processors parse the deployment
+descriptors and build up the annotation index. Class-Path entries from
+the META-INF/MANIFEST.MF are added.
+
+
+
+
DEPENDENCIES
+
+
Extra class path dependencies are added. For example if deploying a
+war file, the commonly needed dependencies for a web application are
+added.
+
+
+
+
CONFIGURE_MODULE
+
+
In this phase the modular class loader for the deployment is created. No
+attempt should be made loading classes from the deployment until after
+this phase.
+
+
+
+
POST_MODULE
+
+
Now that our class loader has been constructed we have access to the
+classes. In this stage deployment processors may use the
+Attachments.REFLECTION_INDEX attachment which is a deployment index
+used to obtain members of classes in the deployment, and to invoke upon
+them, bypassing the inefficiencies of using java.lang.reflect
+directly.
+
+
+
+
INSTALL
+
+
Install new services coming from the deployment.
+
+
+
+
CLEANUP
+
+
Attachments put in place earlier in the deployment unit processor chain
+may be removed here.
+
+
+
+
+
+
2.6. Integrate with WildFly
+
+
Now that we have all the code needed for our subsystem, we can build our
+project by running mvn install
+
+
+
+
[kabir ~/sourcecontrol/temp/archetype-test/acme-subsystem]
+$mvn install
+[INFO] Scanning for projects...
+[...]
+main:
+ [delete] Deleting: /Users/kabir/sourcecontrol/temp/archetype-test/acme-subsystem/null1004283288
+ [delete] Deleting directory /Users/kabir/sourcecontrol/temp/archetype-test/acme-subsystem/target/module
+ [copy] Copying 1 file to /Users/kabir/sourcecontrol/temp/archetype-test/acme-subsystem/target/module/com/acme/corp/tracker/main
+ [copy] Copying 1 file to /Users/kabir/sourcecontrol/temp/archetype-test/acme-subsystem/target/module/com/acme/corp/tracker/main
+ [echo] Module com.acme.corp.tracker has been created in the target/module directory. Copy to your JBoss AS 7 installation.
+[INFO] Executed tasks
+[INFO]
+[INFO] --- maven-install-plugin:2.3.1:install (default-install) @ acme-subsystem ---
+[INFO] Installing /Users/kabir/sourcecontrol/temp/archetype-test/acme-subsystem/target/acme-subsystem.jar to /Users/kabir/.m2/repository/com/acme/corp/acme-subsystem/1.0-SNAPSHOT/acme-subsystem-1.0-SNAPSHOT.jar
+[INFO] Installing /Users/kabir/sourcecontrol/temp/archetype-test/acme-subsystem/pom.xml to /Users/kabir/.m2/repository/com/acme/corp/acme-subsystem/1.0-SNAPSHOT/acme-subsystem-1.0-SNAPSHOT.pom
+[INFO] ------------------------------------------------------------------------
+[INFO] BUILD SUCCESS
+[INFO] ------------------------------------------------------------------------
+[INFO] Total time: 5.851s
+[INFO] Finished at: Mon Jul 11 23:24:58 BST 2011
+[INFO] Final Memory: 7M/81M
+[INFO] ------------------------------------------------------------------------
+
+
+
+
This will have built our project and assembled a module for us that can
+be used for installing it into WildFly. If you go to the target/module
+folder where you built the project you will see the module
The module.xml comes from src/main/resources/module/main/module.xml
+and is used to define your module. It says that it contains the
+acme-subsystem.jar:
And has a default set of dependencies needed by every subsystem created.
+If your subsystem requires additional module dependencies you can add
+them here before building and installing.
Note that the name of the module corresponds to the directory structure
+containing it. Now copy the target/module/com/acme/corp/tracker/main/
+directory and its contents to
+$WFLY/modules/com/acme/corp/tracker/main/ (where $WFLY is the root
+of your WildFly install).
+
+
+
Next we need to modify $WFLY/standalone/configuration/standalone.xml.
+First we need to add our new module to the <extensions> section:
Adding this to a managed domain works exactly the same apart from in
+this case you need to modify $WFLY/domain/configuration/domain.xml.
+
+
+
Now start up WildFly by running $WFLY/bin/standalone.sh and you should
+see messages like these after the server has started, which means our
+subsystem has been added and our TrackerService is working:
+
+
+
+
15:27:33,838 INFO [org.jboss.as] (Controller Boot Thread) JBoss AS 7.0.0.Final "Lightning" started in 2861ms - Started 94 of 149 services (55 services are passive or on-demand)
+15:27:42,966 INFO [stdout] (Thread-8) Current deployments deployed while sar tracking active:
+15:27:42,966 INFO [stdout] (Thread-8) []
+15:27:42,967 INFO [stdout] (Thread-8) Cool: 0
+15:27:42,967 INFO [stdout] (Thread-9) Current deployments deployed while war tracking active:
+15:27:42,967 INFO [stdout] (Thread-9) []
+15:27:42,967 INFO [stdout] (Thread-9) Cool: 0
+15:27:52,967 INFO [stdout] (Thread-8) Current deployments deployed while sar tracking active:
+15:27:52,967 INFO [stdout] (Thread-8) []
+15:27:52,967 INFO [stdout] (Thread-8) Cool: 0
+
+
+
+
If you run the command line interface you can execute some commands to
+see more about the subsystem. For example
and the WildFly console should show the messages coming from the war
+TrackerService again.
+
+
+
Now let us deploy something. You can find two maven projects for test
+wars already built at test1.zip and
+test2.zip. If you download them and
+extract them to /Downloads/test1 and /Downloads/test2, you can see
+that /Downloads/test1/target/test1.war contains a META-INF/cool.txt
+while /Downloads/test2/target/test2.war does not contain that file.
+From CLI deploy test1.war first:
And you should now see the output from the war TrackerService list the
+deployments:
+
+
+
+
15:35:03,712 INFO [org.jboss.as.server.deployment] (MSC service thread 1-2) Starting deployment of "test1.war"
+15:35:03,988 INFO [org.jboss.web] (MSC service thread 1-1) registering web context: /test1
+15:35:03,996 INFO [org.jboss.as.server.controller] (pool-2-thread-9) Deployed "test1.war"
+15:35:13,056 INFO [stdout] (Thread-9) Current deployments deployed while war tracking active:
+15:35:13,056 INFO [stdout] (Thread-9) [test1.war]
+15:35:13,057 INFO [stdout] (Thread-9) Cool: 1
+
+
+
+
So our test1.war got picked up as a 'cool' deployment. Now if we
+deploy test2.war
You will see that deployment get picked up as well but since there is no
+META-INF/cool.txt it is not marked as a 'cool' deployment:
+
+
+
+
15:37:05,634 INFO [org.jboss.as.server.deployment] (MSC service thread 1-4) Starting deployment of "test2.war"
+15:37:05,699 INFO [org.jboss.web] (MSC service thread 1-1) registering web context: /test2
+15:37:05,982 INFO [org.jboss.as.server.controller] (pool-2-thread-15) Deployed "test2.war"
+15:37:13,075 INFO [stdout] (Thread-9) Current deployments deployed while war tracking active:
+15:37:13,075 INFO [stdout] (Thread-9) [test1.war, test2.war]
+15:37:13,076 INFO [stdout] (Thread-9) Cool: 1
15:38:47,901 INFO [org.jboss.as.server.controller] (pool-2-thread-21) Undeployed "test1.war"
+15:38:47,934 INFO [org.jboss.as.server.deployment] (MSC service thread 1-3) Stopped deployment test1.war in 40ms
+15:38:53,091 INFO [stdout] (Thread-9) Current deployments deployed while war tracking active:
+15:38:53,092 INFO [stdout] (Thread-9) [test2.war]
+15:38:53,092 INFO [stdout] (Thread-9) Cool: 0
+
+
+
+
Finally, we registered a write attribute handler for the tick property
+of the type so we can change the frequency
You should now see the output from the TrackerService happen every
+second
+
+
+
+
15:39:43,100 INFO [stdout] (Thread-9) Current deployments deployed while war tracking active:
+15:39:43,100 INFO [stdout] (Thread-9) [test2.war]
+15:39:43,101 INFO [stdout] (Thread-9) Cool: 0
+15:39:44,101 INFO [stdout] (Thread-9) Current deployments deployed while war tracking active:
+15:39:44,102 INFO [stdout] (Thread-9) [test2.war]
+15:39:44,105 INFO [stdout] (Thread-9) Cool: 0
+15:39:45,106 INFO [stdout] (Thread-9) Current deployments deployed while war tracking active:
+15:39:45,106 INFO [stdout] (Thread-9) [test2.war]
+
+
+
+
If you open $WFLY/standalone/configuration/standalone.xml you can see
+that our subsystem entry reflects the current state of the subsystem:
Expressions are mechanism that enables you to support variables in your
+attributes, for instance when you want the value of attribute to be
+resolved using system / environment properties.
+
+
+
An example expression is
+
+
+
+
${jboss.bind.address.management:127.0.0.1}
+
+
+
+
which means that the value should be taken from a system property named
+jboss.bind.address.management and if it is not defined use
+127.0.0.1.
+
+
+
2.7.1. What expression types are supported
+
+
+
+
System properties, which are resolved using
+java.lang.System.getProperty(String key)
+
+
+
Environment properties, which are resolved using
+java.lang.System.getEnv(String name).
+
+
+
Encrypted expressions, resolved against the expression
+resolver in the elytron subsystem.
+
+
+
+
+
In all cases, the syntax for the expression is
+
+
+
+
${expression_to_resolve}
+
+
+
+
For an expression meant to be resolved against environment properties,
+the expression_to_resolve must be prefixed with env.. The portion
+after env. will be the name passed to
+java.lang.System.getEnv(String name).
+
+
+
Encrypted expressions do not support default values (i.e. the
+127.0.0.1 in the jboss.bind.address.management:127.0.0.1 example
+above.)
+
+
+
+
2.7.2. How to support expressions in subsystems
+
+
The easiest way is by using AttributeDefinition, which provides support
+for expressions just by using it correctly.
+
+
+
When we create an AttributeDefinition all we need to do is mark that is
+allows expressions. Here is an example how to define an attribute that
+allows expressions to be used.
Then later when you are parsing the xml configuration you should use the
+MY_ATTRIBUTE attribute definition to set the value to the management
+operation ModelNode you are creating.
Note that this just helps you to properly set the value to the model
+node you are working on, so no need to additionally set anything to the
+model for this attribute. Method parseAndSetParameter parses the value
+that was read from xml for possible expressions in it and if it finds
+any it creates special model node that defines that node is of type
+ModelType.EXPRESSION.
+
+
+
Later in your operation handlers where you implement populateModel and
+have to store the value from the operation to the configuration model
+you also use this MY_ATTRIBUTE attribute definition.
This will make sure that the attribute that is stored from the operation
+to the model is valid and nothing is lost. It also checks the value
+stored in the operation ModelNode, and if it isn’t already
+ModelType.EXPRESSION, it checks if the value is a string that contains
+the expression syntax. If so, the value stored in the model will be of
+type ModelType.EXPRESSION. Doing this ensures that expressions are
+properly handled when they appear in operations that weren’t created by
+the subsystem parser, but are instead passed in from CLI or admin
+console users.
+
+
+
As last step we need to use the value of the attribute. This is usually
+needed inside of the performRuntime method
As you can see resolving of attribute’s value is not done until it is
+needed for use in the subsystem’s runtime services. The resolved value
+is not stored in the configuration model, the unresolved expression is.
+That way we do not lose any information in the model and can assure that
+also marshalling is done properly, where we must marshall back the
+unresolved value.
An extension to WildFly will likely want to make use of services
+provided by the WildFly kernel, may want to make use of services
+provided by other subsystems, and may wish to make functionality
+available to other extensions. Each of these cases involves integration
+between different parts of the system. In releases prior to WildFly 10,
+this kind of integration was done on an ad-hoc basis, resulting in
+overly tight coupling between different parts of the system and overly
+weak integration contracts. For example, a service installed by
+subsystem A might depend on a service installed by subsystem B, and to
+record that dependency A’s authors copy a ServiceName from B’s code, or
+even refer to a constant or static method from B’s code. The result is
+B’s code cannot evolve without risking breaking A. And the authors of B
+may not even intend for other subsystems to use its services. There is
+no proper integration contract between the two subsystems.
+
+
+
Beginning with WildFly Core 2 and WildFly 10 the WildFly kernel’s
+management layer provides a mechanism for allowing different parts of
+the system to integrate with each other in a loosely coupled manner.
+This is done via WildFly Capabilities. Use of capabilities provides the
+following benefits:
+
+
+
+
+
A standard way for system components to define integration contracts
+for their use by other system components.
+
+
+
A standard way for system components to access integration contracts
+provided by other system components.
+
+
+
A mechanism for configuration model referential integrity checking,
+such that if one component’s configuration has an attribute that refers
+to an other component (e.g. a socket-binding attribute in a subsystem
+that opens a socket referring to that socket’s configuration), the
+validity of that reference can be checked when validating the
+configuration model.
+
+
+
+
+
3.1. Capabilities
+
+
A capability is a piece of functionality used in a WildFly Core based
+process that is exposed via the WildFly Core management layer.
+Capabilities may depend on other capabilities, and this interaction
+between capabilities is mediated by the WildFly Core management layer.
+
+
+
Some capabilities are automatically part of a WildFly Core based
+process, but in most cases the configuration provided by the end user
+(i.e. in standalone.xml, domain.xml and host.xml) determines what
+capabilities are present at runtime. It is the responsibility of the
+handlers for management operations to register capabilities and to
+register any requirements those capabilities may have for the presence
+of other capabilities. This registration is done during the MODEL stage
+of operation execution
+
+
+
A capability has the following basic characteristics:
+
+
+
+
+
It has a name.
+
+
+
It may install an MSC service that can be depended upon by services
+installed by other capabilities. If it does, it provides a mechanism for
+discovering the name of that service.
+
+
+
It may expose some other API not based on service dependencies
+allowing other capabilities to integrate with it at runtime.
+
+
+
It may depend on, or require other capabilities.
+
+
+
+
+
During boot of the process, and thereafter whenever a management
+operation makes a change to the process' configuration, at the end of
+the MODEL stage of operation execution the kernel management layer will
+validate that all capabilities required by other capabilities are
+present, and will fail any management operation step that introduced an
+unresolvable requirement. This will be done before execution of the
+management operation proceeds to the RUNTIME stage, where interaction
+with the process' MSC Service Container is done. As a result, in the
+RUNTIME stage the handler for an operation can safely assume that the
+runtime services provided by a capability for which it has registered a
+requirement are available.
+
+
+
3.1.1. Comparison to other concepts
+
+
Capabilities vs modules
+
+
A JBoss Modules module is the means of making resources available to the
+classloading system of a WildFly Core based process. To make a
+capability available, you must package its resources in one or more
+modules and make them available to the classloading system. But a module
+is not a capability in and of itself, and simply copying a module to a
+WildFly installation does not mean a capability is available. Modules
+can include resources completely unrelated to management capabilities.
+
+
+
+
Capabilities vs Extensions
+
+
An extension is the means by which the WildFly Core management layer is
+made aware of manageable functionality that is not part of the WildFly
+Core kernel. The extension registers with the kernel new management
+resource types and handlers for operations on those resources. One of
+the things a handler can do is register or unregister a capability and
+its requirements. An extension may register a single capability,
+multiple capabilities, or possibly none at all. Further, not all
+capabilities are registered by extensions; the WildFly Core kernel
+itself may register a number of different capabilities.
+
+
+
+
+
3.1.2. Capability Names
+
+
Capability names are simple strings, with the dot character serving as a
+separator to allow namespacing.
+
+
+
The 'org.wildfly' namespace is reserved for projects associated with the
+WildFly organization on github ( https://github.com/wildfly).
+
+
+
+
3.1.3. Statically vs Dynamically Named Capabilities
+
+
The full name of a capability is either statically known, or it may
+include a statically known base element and then a dynamic element. The
+dynamic part of the name is determined at runtime based on the address
+of the management resource that registers the capability. For example,
+the management resource at the address
+'/socket-binding-group=standard-sockets/socket-binding=web' will
+register a dynamically named capability named
+'org.wildfly.network.socket-binding.web'. The
+'org.wildfly.network.socket-binding' portion is the static part of the
+name.
+
+
+
All dynamically named capabilities that have the same static portion of
+their name should provide a consistent feature set and set of
+requirements.
+
+
+
+
3.1.4. Service provided by a capability
+
+
Typically a capability functions by registering a service with the
+WildFly process' MSC ServiceContainer, and then dependent capabilities
+depend on that service. The WildFly Core management layer orchestrates
+registration of those services and service dependencies by providing a
+means to discover service names.
+
+
+
+
3.1.5. Custom integration APIs provided by a capability
+
+
Instead of or in addition to providing MSC services, a capability may
+expose some other API to dependent capabilities. This API must be
+encapsulated in a single class (although that class can use other
+non-JRE classes as method parameters or return types).
+
+
+
+
3.1.6. Capability Requirements
+
+
A capability may rely on other capabilities in order to provide its
+functionality at runtime. The management operation handlers that
+register capabilities are also required to register their requirements.
+
+
+
There are three basic types of requirements a capability may have:
+
+
+
+
+
Hard requirements. The required capability must always be present for
+the dependent capability to function.
+
+
+
Optional requirements. Some aspect of the configuration of the
+dependent capability controls whether the depended on capability is
+actually necessary. So the requirement cannot be known until the running
+configuration is analyzed.
+
+
+
Runtime-only requirements. The dependent capability will check for the
+presence of the depended upon capability at runtime, and if present it
+will utilize it, but if it is not present it will function properly
+without the capability. There is nothing in the dependent capability’s
+configuration that controls whether the depended on capability must be
+present. Only capabilities that declare themselves as being suitable for
+use as a runtime-only requirement should be depended upon in this
+manner.
+
+
+
+
+
Hard and optional requirements may be for either statically named or
+dynamically named capabilities. Runtime-only requirements can only be
+for statically named capabilities, as such a requirement cannot be
+specified via configuration, and without configuration the dynamic part
+of the required capability name is unknown.
+
+
+
Supporting runtime-only requirements
+
+
Not all capabilities are usable as a runtime-only requirement.
+
+
+
Any dynamically named capability is not usable as a runtime-only
+requirement.
+
+
+
For a capability to support use as a runtime-only requirement, it must
+guarantee that a configuration change to a running process that removes
+the capability will not impact currently running capabilities that have
+a runtime-only requirement for it. This means:
+
+
+
+
+
A capability that supports runtime-only usage must ensure that it
+never removes its runtime service except via a full process reload.
+
+
+
A capability that exposes a custom integration API generally is not
+usable as a runtime-only requirement. If such a capability does support
+use as a runtime-only requirement, it must ensure that any functionality
+provided via its integration API remains available as long as a full
+process reload has not occurred.
+
+
+
+
+
+
+
+
3.2. Capability Contract
+
+
A capability provides a stable contract to users of the capability. The
+contract includes the following:
+
+
+
+
+
The name of the capability (including whether it is dynamically
+named).
+
+
+
Whether it installs an MSC Service, and if it does, the value type of
+the service. That value type then becomes a stable API users of the
+capability can rely upon.
+
+
+
Whether it provides a custom integration API, and if it does, the type
+that represents that API. That type then becomes a stable API users of
+the capability can rely upon.
+
+
+
Whether the capability supports use as a runtime-only requirement.
+
+
+
+
+
Developers can learn about available capabilities and the contracts they
+provide by reading the WildFly capabilty registry.
+
+
+
+
3.3. Capability Registry
+
+
The WildFly organization on github maintains a git repo where
+information about available capabilities is published.
Developers can learn about available capabilities and the contracts they
+provide by reading the WildFly capabilty registry.
+
+
+
The README.md file at the root of that repo explains the how to find out
+information about the registry.
+
+
+
Developers of new capabilities are strongly encouraged to document and
+register their capability by submitting a pull request to the
+wildfly-capabilities github repo. This both allows others to learn about
+your capability and helps prevent capability name collisions.
+Capabilities that are used in the WildFly or WildFly Core code base
+itself must have a registry entry before the code referencing them
+will be merged.
+
+
+
External organizations that create capabilities should include an
+organization-specific namespace as part their capability names to avoid
+name collisions.
+
+
+
+
3.4. Using Capabilities
+
+
Now that all the background information is presented, here are some
+specifics about how to use WildFly capabilities in your code.
+
+
+
3.4.1. Basics of Using Your Own Capability
+
+
Creating your capability
+
+
A capability is an instance of the immutable
+org.jboss.as.controller.capability.RuntimeCapability class. A
+capability is usually registered by a resource, so the usual way to use
+one is to store it in constant in the resource’s ResourceDefinition.
+Use a RuntimeCapability.Builder to create one.
Most capabilities install a service that requiring capabilities can
+depend on. If your capability does this, you need to declare the
+service’s value type (the type of the object returned by
+org.jboss.msc.Service.getValue()). For example, if FOO_CAPABILITY
+provides a Service<javax.sql.DataSource>:
If the capability provides a custom integration API, you need to
+instantiate an instance of that API:
+
+
+
+
publicclassJTSCapability {
+
+ staticfinal JTSCapability INSTANCE = new JTSCapability();
+
+ private JTSCapability() {}
+
+ /**
+ * Gets the names of the {@link org.omg.PortableInterceptor.ORBInitializer} implementations that should be included
+ * as part of the {@link org.omg.CORBA.ORB#init(String[], java.util.Properties) initialization of an ORB}.
+ *
+ * @return the names of the classes implementing {@code ORBInitializer}. Will not be {@code null}.
+ */
+ publicList<String> getORBInitializerClasses() {
+ returnCollections.unmodifiableList(Arrays.asList(
+ "com.arjuna.ats.jts.orbspecific.jacorb.interceptors.interposition.InterpositionORBInitializerImpl",
+ "com.arjuna.ats.jbossatx.jts.InboundTransactionCurrentInitializer"));
+ }
+}
Once you have your capability, you need to ensure it gets registered
+with the WildFly Core kernel when your resource is added. This is easily
+done simply by providing a reference to the capability to the resource’s
+ResourceDefinition. This assumes your resource definition is a
+subclass of the standard
+org.jboss.as.controller.SimpleResourceDefinition.
+SimpleResourceDefinition provides a Parameters class that provides a
+builder-style API for setting up all the data needed by your definition.
+This includes a setCapabilities method that can be used to declare the
+capabilities provided by resources of this type.
`AbstractRemoveStepHandler’s logic will deregister the capability when
+it executes.
+
+
+
If for some reason you cannot base your ResourceDefinition on
+SimpleResourceDefinition or your handlers on AbstractAddStepHandler
+and AbstractRemoveStepHandler then you will need to take
+responsibility for registering the capability yourself. This is not
+expected to be a common situation. See the implementation of those
+classes to see how to do it.
+
+
+
+
Installing, accessing and removing the service provided by your
+
+
capability
+
+
+
If your capability installs a service, you should use the
+RuntimeCapability when you need to determine the service’s name. For
+example in the Stage.RUNTIME handling of your "add" step handler.
+Here’s an example for a statically named capability:
The same patterns should be used when accessing or removing the service
+in handlers for remove, write-attribute and custom operations.
+
+
+
If you use ServiceRemoveStepHandler for the remove operation, simply
+provide your RuntimeCapability to the ServiceRemoveStepHandler
+constructor and it will automatically remove your capability’s service
+when it executes.
+
+
+
+
+
3.4.2. Basics of Using Other Capabilities
+
+
When a capability needs another capability, it only refers to it by its
+string name. A capability should not reference the RuntimeCapability
+object of another capability.
+
+
+
Before a capability can look up the service name for a required
+capability’s service, or access its custom integration API, it must
+first register a requirement for the capability. This must be done in
+Stage.MODEL, while service name lookups and accessing the custom
+integration API is done in Stage.RUNTIME.
+
+
+
Registering a requirement for a capability is simple.
+
+
+
Registering a hard requirement for a static capability
+
+
If your capability has a hard requirement for a statically named
+capability, simply declare that to the builder for your
+RuntimeCapability. For example, WildFly’s JTS capability requires both
+a basic transaction support capability and IIOP capabilities:
When your capability is registered with the system, the WildFly Core
+kernel will automatically register any static hard requirements declared
+this way.
+
+
+
+
Registering a requirement for a dynamically named capability
+
+
If the capability you require is dynamically named, usually your
+capability’s resource will include an attribute whose value is the
+dynamic part of the required capability’s name. You should declare this
+fact in the AttributeDefinition for the attribute using the
+SimpleAttributeDefinitionBuilder.setCapabilityReference method.
+
+
+
For example, the WildFly "remoting" subsystem’s
+"org.wildfly.remoting.connector" capability has a requirement for a
+dynamically named socket-binding capability:
If the "add" operation handler for your resource extends
+AbstractAddStepHandler and the handler for write-attribute extends
+AbstractWriteAttributeHandler, the declaration above is sufficient to
+ensure that the appropriate capability requirement will be registered
+when the attribute is modified.
+
+
+
+
Depending upon a service provided by another capability
+
+
Once the requirement for the capability is registered, your
+OperationStepHandler can use the OperationContext to discover the
+name of the service provided by the required capability.
+
+
+
For example, the "add" handler for a remoting connector uses the
+OperationContext to find the name of the needed \{{SocketBinding}
+service:
That service name is then used to add a dependency on the
+SocketBinding service to the remoting connector service.
+
+
+
If the required capability isn’t dynamically named, OperationContext
+exposes an overloaded getCapabilityServiceName variant. For example,
+if a capability requires a remoting Endpoint:
Using a custom integration API provided by another capability
+
+
In your Stage.RUNTIME handler, use
+OperationContext.getCapabilityRuntimeAPI to get a reference to the
+required capability’s custom integration API. Then use it as necessary.
If your capability has a runtime-only requirement for another
+capability, that means that if that capability is present in
+Stage.RUNTIME you’ll use it, and if not you won’t. There is nothing
+about the configuration of your capability that triggers the need for
+the other capability; you’ll just use it if it’s there.
+
+
+
In this case, use OperationContext.hasOptionalCapability in your
+Stage.RUNTIME handler to check if the capability is present:
+
+
+
+
protectedvoid performRuntime(final OperationContext context, final ModelNode operation, final ModelNode model) throws OperationFailedException {
+
+ ServiceName myServiceName = MyResource.FOO_CAPABILITY.getCapabilityServiceName();
+ Service<DataSource> myService = createService(context, model);
+ ServiceBuilder<DataSource> builder = context.getTarget().addService(myServiceName, myService);
+
+ // Inject a "Bar" into our "Foo" if bar capability is present
+ if (context.hasOptionalCapability("com.example.bar", MyResource.FOO_CAPABILITY.getName(), null) {
+ ServiceName barServiceName = context.getCapabilityServiceName("com.example.bar", Bar.class);
+ builder.addDependency(barServiceName, Bar.class, myService.getBarInjector());
+ }
+
+ builder.install();
+ }
+
+
+
+
The WildFly Core kernel will not register a requirement for the
+"com.example.bar" capability, so if a configuration change occurs that
+means that capability will no longer be present, that change will not be
+rolled back. Because of this, runtime-only requirements can only be used
+with capabilities that declare in their contract that they support such
+use.
+
+
+
+
Using a capability in a DeploymentUnitProcessor
+
+
A DeploymentUnitProcessor is likely to have a need to interact with
+capabilities, in order to create service dependencies from a deployment
+service to a capability provided service or to access some aspect of a
+capability’s custom integration API that relates to deployments.
+
+
+
If a DeploymentUnitProcessor associated with a capability
+implementation needs to utilize its own capability object, the
+DeploymentUnitProcessor authors should simply provide it with a
+reference to the RuntimeCapability instance. Service name lookups or
+access to the capabilities custom integration API can then be performed
+by invoking the methods on the RuntimeCapability.
+
+
+
If you need to access service names or a custom integration API
+associated with a different capability, you will need to use the
+org.jboss.as.controller.capability.CapabilityServiceSupport object
+associated with the deployment unit. This can be found as an attachment
+to the DeploymentPhaseContext:
Once you have the CapabilityServiceSupport you can use it to look up
+service names:
+
+
+
+
ServiceName barSvcName = capSvcSupport.getCapabilityServiceName("com.example.bar");
+ // Determine what 'baz' the user specified in the deployment descriptor
+ String bazDynamicName = getSelectedBaz(phaseContext);
+ ServiceName bazSvcName = capSvcSupport.getCapabilityServiceName("com.example.baz", bazDynamicName);
+
+
+
+
+
+
+
+
+
+It’s important to note that when you request a service name associated
+with a capability, the CapabilityServiceSupport will give you one
+regardless of whether the capability is actually registered with the
+kernel. If the capability isn’t present, any service dependency your DUP
+creates using that service name will eventually result in a service
+start failure, due to the missing dependency. This behavior of not
+failing immediately when the capability service name is requested is
+deliberate. It allows deployment operations that use the
+rollback-on-runtime-failure=false header to successfully install (but
+not start) all of the services related to a deployment. If a subsequent
+operation adds the missing capability, the missing service dependency
+problem will then be resolved and the MSC service container will
+automatically start the deployment services.
+
+
+
+
+
+
You can also use the CapabilityServiceSupport to obtain a reference to
+the capability’s custom integration API:
+
+
+
+
// We need custom integration with the baz capability beyond service injection
+ BazIntegrator bazIntegrator;
+ try {
+ bazIntegrator = capSvcSupport.getCapabilityRuntimeAPI("com.example.baz", bazDynamicName, BazIntegrator.class);
+ } catch (NoSuchCapabilityException e) {
+ //
+ String msg = String.format("Deployment %s requires use of the 'bar' capability but it is not currently registered",
+ phaseContext.getDeploymentUnit().getName());
+ thrownew DeploymentUnitProcessingException(msg);
+ }
+
+
+
+
Note that here, unlike the case with service name lookups, the
+CapabilityServiceSupport will throw a checked exception if the desired
+capability is not installed. This is because the kernel has no way to
+satisfy the request for a custom integration API if the capability is
+not installed. The DeploymentUnitProcessor will need to catch and
+handle the exception.
Many of the methods in OperationContext related to capabilities have
+to do with registering capabilities or registering requirements for
+capabilities. Typically non-kernel developers won’t need to worry about
+these, as the abstract OperationStepHandler implementations provided
+by the kernel take care of this for you, as described in the preceding
+sections. If you do find yourself in a situation where you need to use
+these in an extension, please read the javadoc thoroughly.
+
+
+
+
+
+
+
4. Domain Mode Subsystem Transformers
+
+
+
+A WildFly domain may consist of a new Domain Controller (DC) controlling
+secondary Host Controllers (HC) running older versions. Each secondary HC
+maintains a copy of the centralized domain configuration, which they use
+for controlling their own servers. In order for the secondary HCs to
+understand the configuration from the DC, transformation is needed,
+whereby the DC translates the configuration and operations into
+something the secondary HCs can understand.
+
+
+
+
4.1. Background
+
+
WildFly comes with a domain mode which allows
+you to have one Host Controller acting as the Domain Controller. The
+Domain Controller’s job is to maintain the centralized domain
+configuration. Another term for the DC is 'Primary Host Controller'.
+Before explaining why transformers are important and when they should be
+used, we will revisit how the domain configuration is used in domain
+mode.
+
+
+
The centralized domain configuration is stored in domain.xml. This is
+only ever parsed on the DC, and it has the following structure:
+
+
+
+
+
extensions - contains:
+
+
+
+
extension - a references to a module that bootstraps the
+org.jboss.as.controller.Extension implementation used to bootstrap
+your subsystem parsers and initialize the resource definitions for your
+subsystems.
+
+
+
+
+
+
profiles - contains:
+
+
+
+
profile - a named set of:
+
+
+
+
subsystem - contains the configuration for a subsystem, using the
+parser initialized by the subsystem’s extension.
+
+
+
+
+
+
+
+
+
socket-binding-groups - contains:
+
+
+
+
socket-binding-group - a named set of:
+
+
+
+
socket-binding - A named port on an interface which can be
+referenced from the subsystem configurations for subsystems opening
+sockets.
+
+
+
+
+
+
+
+
+
server-groups - contains
+
+
+
+
server-group - this has a name and references a profile and a
+socket-binding-group. The HCs then reference the server-group name
+from their <servers> section in host.xml.
+
+
+
+
+
+
+
+
When the DC parses domain.xml, it is transformed into add (and in
+some cases write-attribute) operations just as explained in
+Parsing and
+marshalling of the subsystem xml. These operations build up the model
+on the DC.
+
+
+
A HC wishing to join the domain and use the DC’s centralized
+configuration is known as a 'secondary HC'. A secondary HC maintains a copy of
+the DC’s centralized domain configuration. This copy of the domain
+configuration is used to start its servers. This is done by asking the
+domain model to describe itself, which in turn asks the subsystems to
+describe themselves. The describe operation for a subsystem looks at
+the state of the subsystem model and produces the add operations
+necessary to create the subsystem on the server. The same mechanism also
+takes place on the DC (bear in mind that the DC is also a HC, which can
+have its own servers), although of course its copy of the domain
+configuration is the centralized one.
+
+
+
There are two steps involved in keeping the secondary HC’s
+domain configuration in sync with the centralized domain configuration.
+
+
+
+
+
getting the initial domain model
+
+
+
an operation changes something in the domain configuration
+
+
+
+
+
Let’s look a bit closer at what happens in each of these steps.
+
+
+
4.1.1. Getting the initial domain model
+
+
When a secondary HC connects to the DC it obtains a copy of the domain model
+from the DC. This is done in a simpler serialized format, different from
+the operations that built up the model on the DC, or the operations
+resulting from the describe step used to bootstrap the servers. They
+describe each address that exists in the DC’s model, and contain the
+attributes set for the resource at that address. This serialized form
+looks like this:
The secondary HC then applies these one at a time and builds up the initial
+domain model. It needs to do this before it can start any of its
+servers.
+
+
+
+
4.1.2. An operation changes something in the domain configuration
+
+
Once a domain is up and running we can still change things in the domain
+configuration. These changes must happen when connected to the DC, and
+are then propagated to the secondary HCs, which then in turn propagate the
+changes to any servers running in a server group affected by the changes
+made. In this example:
the DC propagates the changes to itself host=primary, which in turn
+propagates it to its two servers belonging to main-server-group which
+uses the full profile. More interestingly, it also propagates it to
+host=secondary which updates its local copy of the domain model, and then
+propagates the change to its server-one which belongs to
+main-server-group which uses the full profile.
+
+
+
+
+
4.2. Versions and backward compatibility
+
+
A HC and its servers will always be the same version of WildFly (they
+use the same module path and jars). However, the DC and the secondary HCs do
+not necessarily need to be the same version. One of the points in the
+original specification for WildFly is that
+
+
+
Important
+
+
+
+
+
+
+
+
+A Domain Controller should be able to manage secondary Host Controllers
+older than itself.
+
+
+
+
+
+
This means that for example a WildFly 10.1 DC should be able to work
+with secondary HCs running WildFly 10. The opposite is not true, the DC must
+be the same or the newest version in the domain.
+
+
+
4.2.1. Versioning of subsystems
+
+
To help with being able to know what is compatible we have versions
+within the subsystems, this is stored in the subsystem’s extension. When
+registering the subsystem you will typically see something like:
+
+
+
+
publicclassSomeExtensionimplements Extension {
+
+ privatestaticfinalString SUBSYSTEM_NAME = "my-subsystem"'
+
+ private static final int MANAGEMENT_API_MAJOR_VERSION = 2;
+ private static final int MANAGEMENT_API_MINOR_VERSION = 0;
+ private static final int MANAGEMENT_API_MICRO_VERSION = 0;
+
+ /**
+ * {@inheritDoc}
+ * @see org.jboss.as.controller.Extension#initialize(org.jboss.as.controller.ExtensionContext)
+ */
+ @Override
+ public void initialize(ExtensionContext context) {
+
+ // IMPORTANT: Management API version != xsd version! Not all Management API changes result in XSD changes
+ SubsystemRegistration registration = context.registerSubsystem(SUBSYSTEM_NAME, MANAGEMENT_API_MAJOR_VERSION,
+ MANAGEMENT_API_MINOR_VERSION, MANAGEMENT_API_MICRO_VERSION);
+
+ //Register the resource definitions
+ ....
+ }
+ ....
+}
+
+
+
+
Which sets the ModelVersion of the subsystem.
+
+
+
Important
+
+
+
+
+
+
+
+
+Whenever something changes in the subsystem, such as:
+
+
+
+
+
+
+
+
an attribute is added or removed from a resource
+
+
+
a attribute is renamed in a resource
+
+
+
an attribute has its type changed
+
+
+
an attribute or operation parameter’s nillable or allows expressions
+is changed
+
+
+
an attribute or operation parameter’s default value changes
+
+
+
a child resource type is added or removed
+
+
+
an operation is added or removed
+
+
+
an operation has its parameters changed
+
+
+
+
+
and the current version of the subsystem has been part of a Final
+release of WildFly, we must bump the version of the subsystem.
+
+
+
Once it has been increased you can of course make more changes until the
+next Final release without more version bumps. It is also worth noting
+that a new WildFly release does not automatically mean a new version for
+the subsystem, the new version is only needed if something was changed.
+For example the jaxrs subsystem remained on 1.0.0 for all versions
+of WildFly and JBoss AS 7 through Wildfly 18.
+
+
+
You can find the ModelVersion of a subsystem by querying its
+extension:
Now that we have mentioned the secondary HCs registration process with the
+DC, and know about ModelVersions, it is time to mention that when
+registering with the DC, the secondary HC will send across a list of all its
+subsystem ModelVersions. The DC maintains this information in a registry
+for each secondary HC, so that it knows which transformers (if any) to
+invoke for a legacy secondary. We will see how to write and register
+transformers later on in
+#How
+do I write a transformer. secondary HCs from version 7.2.0 onwards will
+also include a list of resources that they ignore (see
+#Ignoring
+resources on legacy hosts), and the DC will maintain this information
+in its registry. The DC will not send across any resources that it knows
+a secondary ignores during the initial domain model transfer. When
+forwarding operations onto the secondary HCs, the DC will skip forwarding
+those to secondary HCs ignoring those resources.
+
+
+
There are two kinds of transformers:
+
+
+
+
+
resource transformers
+
+
+
operation transformers
+
+
+
+
+
The main function of transformers is to transform a subsystem to
+something that the legacy secondary HC can understand, or to aggressively
+reject things that the legacy secondary HC will not understand. Rejection,
+in this context, essentially means, that the resource or operation
+cannot safely be transformed to something valid on the secondary HC, so the
+transformation fails. We will see later how to reject attributes in
+#Rejecting
+attributes, and child resources in
+#Reject
+child resource.
+
+
+
Both resource and operation transformers are needed, but take effect at
+different times. Let us use the weld subsystem, which is relatively
+simple, as an example. In JBoss AS 7.2.0 and lower it had a ModelVersion
+of 1.0.0, and its resource description was as follows:
In WildFly 29, it has a ModelVersion of 2.0.0 and has added two
+attributes, require-bean-descriptor and non-portable mode:
+
+
+
+
{
+ "description" => "The configuration of the weld subsystem.",
+ "attributes" => {
+ "require-bean-descriptor" => {
+ "type" => BOOLEAN,
+ "description" => "If true then implicit bean archives without bean descriptor file (beans.xml) are ignored by Weld",
+ "expressions-allowed" => true,
+ "nillable" => true,
+ "default" => false,
+ "access-type" => "read-write",
+ "storage" => "configuration",
+ "restart-required" => "no-services"
+ },
+ "non-portable-mode" => {
+ "type" => BOOLEAN,
+ "description" => "If true then the non-portable mode is enabled. The non-portable mode is suggested by the specification to overcome problems with legacy applications that do not use CDI SPI properly and may be rejected by more strict validation in CDI 1.1.",
+ "expressions-allowed" => true,
+ "nillable" => true,
+ "default" => false,
+ "access-type" => "read-write",
+ "storage" => "configuration",
+ "restart-required" => "no-services"
+ }
+ },
+ "operations" => {
+ "remove" => {
+ "operation-name" => "remove",
+ "description" => "Operation removing the weld subsystem.",
+ "request-properties" => {},
+ "reply-properties" => {}
+ },
+ "add" => {
+ "operation-name" => "add",
+ "description" => "Operation creating the weld subsystem.",
+ "request-properties" => {
+ "require-bean-descriptor" => {
+ "type" => BOOLEAN,
+ "description" => "If true then implicit bean archives without bean descriptor file (beans.xml) are ignored by Weld",
+ "expressions-allowed" => true,
+ "required" => false,
+ "nillable" => true,
+ "default" => false
+ },
+ "non-portable-mode" => {
+ "type" => BOOLEAN,
+ "description" => "If true then the non-portable mode is enabled. The non-portable mode is suggested by the specification to overcome problems with legacy applications that do not use CDI SPI properly and may be rejected by more strict validation in CDI 1.1.",
+ "expressions-allowed" => true,
+ "required" => false,
+ "nillable" => true,
+ "default" => false
+ }
+ },
+ "reply-properties" => {}
+ }
+ },
+ "children" => {}
+ }
+
+
+
+
In the rest of this section we will assume that we are running a DC
+running WildFly 29 so it will have ModelVersion 2.0.0 of the weld
+subsystem, and that we are running a secondary HC using ModelVersion 1.0.0 of
+the weld subsystem.
+
+
+
Important
+
+
+
+
+
+
+
+
+Transformation always takes place on the Domain Controller, and is done
+when sending across the initial domain model AND forwarding on
+operations to legacy secondary HCs.
+
+
+
+
+
+
4.3.1. Resource transformers
+
+
When copying over the centralized domain configuration as mentioned in
+#Getting
+the initial domain model, we need to make sure that the copy of the
+domain model is something that the servers running on the legacy secondary
+HC understand. So if the centralized domain configuration had any of the
+two new attributes set, we would need to reject the transformation in
+the transformers. One reason for this is to keep things consistent, it
+doesn’t look good if you connect to the secondary HC and find attributes
+and/or child resources when doing :read-resource which are not there
+when you do :read-resource-description. Also, to make life easier for
+subsystem writers, most instances of the describe operation use a
+standard implementation which would include these attributes when
+creating the add operation for the server, which could cause problems
+there.
+
+
+
Another, more concrete example from the logging subsystem is that it
+allows a ' %K{…}' in the pattern formatter which makes the formatter
+use color:
This ' %K{…}' however was introduced in JBoss AS < 7.1.3
+(ModelVersion 1.2.0), so if that makes it across to a secondary HC running
+an older version, the servers will fail to start up. So the logging
+extension registers transformers to strip out the ' %K{…}' from the
+attribute value (leaving ' %-5p%c `(%t) %s%E%n"’) so that the old
+secondary HC’s servers can understand it.
+
+
+
Rejection in resource transformers
+
+
Only secondary HCs from JBoss AS 7.2.0 and newer inform the DC about their
+ignored resources (see
+#Ignoring
+resources on legacy hosts). This means that if a transformer on the DC
+rejects transformation for a legacy secondary HC, exactly what happens to
+the secondary HC depends on the version of the secondary HC. If the secondary HC is:
+
+
+
+
+
older than 7.2.0 - the DC has no means of knowing if the secondary HC
+has ignored the resource being rejected or not. So we log a warning on
+the DC, and send over the serialized part of that model anyway. If the
+secondary HC has ignored the resource in question, it does not apply it. If
+the secondary HC has not ignored the resource in question, it will apply it,
+but no failure will happen until it tries to start a server which
+references this bad configuration.
+
+
+
7.2.0 or newer - If a resource is ignored on the secondary HC, the DC
+knows about this, and will not attempt to transform or send the resource
+across to the secondary HC. If the resource transformation is rejected, we
+know the resource was not ignored on the secondary HC and so we can
+aggressively fail the transformation, which in turn will cause the secondary
+HC to fail to start up.
+
+
+
+
+
+
+
4.3.2. Operation transformers
+
+
When
+#An
+operation changes something in the domain configuration the operation
+gets sent across to the secondary HCs to update their copies of the domain
+model. The secondary HCs then forward this operation onto the affected
+servers. The same considerations as in
+#Resource
+transformers are true, although operation transformers give you quicker
+'feedback' if something is not valid. If you try to execute:
This will fail on the legacy secondary HC since its version of the subsystem
+does not contain any such attribute. However, it is best to aggressively
+reject in such cases.
+
+
+
Rejection in operation transformers
+
+
For transformed operations we can always know if the operation is on an
+ignored resource in the legacy secondary HC. In 7.2.0 onwards, we know this
+through the DC’s registry of ignored resources on the secondary HC. In older
+versions of secondary HCs, we send the operation across to the secondary HC, which
+tries to invoke the operation. If the operation is against an ignored
+resource we inform the DC about this fact. So as part of the
+transformation process, if something gets rejected we can (and do!) fail
+the transformation aggressively. If the operation invoked on the DC
+results in the operation being sent across to 10 secondary HCs and one of
+them has a legacy version which ends up rejecting the transformation, we
+rollback the operation across the whole domain.
+
+
+
+
+
4.3.3. Different profiles for different versions
+
+
Now for the weld example we have been using there is a slight twist.
+We have the new require-bean-descriptor and non-portable-mode
+attributes. These have been added in WildFly 29 which supports Jakarta EE,
+and thus CDI.
+In CDI 1.1 the values of these attributes are tweakable, so they can be set
+to either true or false. The default behaviour for these in CDI 1.1,
+if not set, is that they are false. However, for CDI 1.0 these were
+not tweakable, and with the way the subsystem in JBoss AS 7.x worked is
+similar to if they are set to true.
+
+
+
The above discussion implies that to use the weld subsystem on a legacy
+secondary HC, the domain.xml configuration for it must look like:
We will see the exact mechanics for how this is actually done later but
+in short when pushing this to a legacy secondary HC we register transformers
+which reject the transformation if these attributes are not set to
+true since that implies some behavior not supported on the legacy
+secondary HC. If they are true, all is well, and the transformers discard,
+or remove, these attributes since they don’t exist in the legacy model.
+This removal is fine since they have the values which would result in
+the behavior assumed on the legacy secondary HC.
+
+
+
That way the older secondary HCs will work fine. However, we might also have
+WildFly 29 secondary HCs in our domain, and they are missing out on the new
+features introduced by the attributes introduced in ModelVersion 2.0.0.
+If we do
Then have the HCs using WildFly 29 make their servers reference the
+main-server-group server group, and the HCs using older versions of
+WildFly 29 make their servers reference the main-server-group-legacy
+server group.
+
+
+
Ignoring resources on legacy hosts
+
+
Booting the above configuration will still cause problems on legacy
+secondary HCs, especially if they are JBoss AS 7.2.0 or later. The reason
+for this is that when they register themselves with the DC it lets the
+DC know which ignored resources they have. If the DC comes to
+transform something it should reject for a secondary HC and it is not part
+of its ignored resources it will aggressively fail the transformation.
+Versions of JBoss AS older than 7.2.0 still have this ignored resources
+mechanism, but don’t let the DC know about what they have ignored so the
+DC cannot reject aggressively - instead it will log some warnings.
+However, it is still good practice to ignore resources you are not
+interested in regardless of which legacy version the secondary HC is
+running.
+
+
+
To ignore the profile we cannot understand we do the following in the
+legacy secondary HC’s host.xml
+Any top-level resource type can be ignored profile, extension,
+server-group etc. Ignoring a resource instance ignores that resource,
+and all its children.
+
Start the old version of WildFly/JBoss AS 7 using
+--server-config=standalone-full-ha.xml
+
+
+
Run org.wildfly.legacy.util.GrabModelVersionsUtil, which will
+output the subsystem versions to
+target/standalone-model-versions-running.dmr
+
+
+
Run org.wildfly.legacy.util.DumpStandaloneResourceDefinitionUtil
+which will output the full resource definition to
+target/standalone-resource-definition-running.dmr
+
+
+
Stop the running version of WildFly/JBoss AS 7
+
+
+
+
+
+
4.4.2. See what changed
+
+
To do this follow the following steps
+
+
+
+
+
Start the new version of WildFly using
+--server-config=standalone-full-ha.xml
+
+
+
Run org.wildfly.legacy.util.CompareModelVersionsUtil and answer
+the following questions"
+
+
+
+
Enter Legacy AS version:
+
+
+
+
If it is known version in the tools/src/test/resources/legacy-models
+folder, enter the version number.
+
+
+
If it is a not known version, and you got the data yourself in the
+last step, enter ' `running’
+
+
+
+
+
+
Enter type:
+
+
+
+
Answer ' `S’
+
+
+
+
+
+
+
+
+
Read from target directory or from the legacy-models directory:
+
+
+
+
If it is known version in the
+controller/src/test/resources/legacy-models folder, enter ' `l’.
+
+
+
If it is a not known version, and you got the data yourself in the
+last step, enter ' `t’
+
+
+
+
+
+
Report on differences in the model when the management versions are
+different?:
+
+
+
+
Answer ' `y’
+
+
+
+
+
+
+
+
Here is some example output, as a subsystem developer you can ignore
+everything down to ======= Comparing subsystem models ======:
+
+
+
+
Enter legacy AS version: 7.2.0.Final
+Using target model: 7.2.0.Final
+Enter type [S](standalone)/H(host)/D(domain)/F(domain + host):S
+Read from target directory or from the legacy-models directory - t/[l]:
+Report on differences in the model when the management versions are different? y/[n]: y
+Reporting on differences in the model when the management versions are different
+Loading legacy model versions for 7.2.0.Final....
+Loaded legacy model versions
+Loading model versions for currently running server...
+Oct 01, 2013 6:26:03 PM org.xnio.Xnio <clinit>
+INFO: XNIO version 3.1.0.CR7
+Oct 01, 2013 6:26:03 PM org.xnio.nio.NioXnio <clinit>
+INFO: XNIO NIO Implementation Version 3.1.0.CR7
+Oct 01, 2013 6:26:03 PM org.jboss.remoting3.EndpointImpl <clinit>
+INFO: JBoss Remoting version 4.0.0.Beta1
+Loaded current model versions
+Loading legacy resource descriptions for 7.2.0.Final....
+Loaded legacy resource descriptions
+Loading resource descriptions for currently running STANDALONE...
+Loaded current resource descriptions
+Starting comparison of the current....
+
+======= Comparing core models ======
+-- SNIP --
+
+======= Comparing subsystem models ======
+-- SNIP --
+======= Resource root address: ["subsystem" => "remoting"] - Current version: 2.0.0; legacy version: 1.2.0 =======
+--- Problems for relative address to root []:
+Missing child types in current: []; missing in legacy [http-connector]
+--- Problems for relative address to root ["remote-outbound-connection" => "*"]:
+Missing attributes in current: []; missing in legacy [protocol]
+Missing parameters for operation 'add' in current: []; missing in legacy [protocol]
+-- SNIP --
+======= Resource root address: ["subsystem" => "weld"] - Current version: 2.0.0; legacy version: 1.0.0 =======
+--- Problems for relative address to root []:
+Missing attributes in current: []; missing in legacy [require-bean-descriptor, non-portable-mode]
+Missing parameters for operation 'add' in current: []; missing in legacy [require-bean-descriptor, non-portable-mode]
+
+Done comparison of STANDALONE!
+
+
+
+
So we can see that for the remoting subsystem, we have added a child
+type called http-connector, and we have added an attribute called
+protocol (they are missing in legacy).
+in the weld subsystem, we have added the require-bean-descriptor and
+non-portable-mode attributes in the current version. It will also
+point out other issues like changed attribute types, changed defaults
+etc.
+
+
+
Warning
+
+
+
+
+
+
+
+
+Note that CompareModelVersionsUtil simply inspects the raw resource
+descriptions of the specified legacy and current models. Its results
+show the differences between the two. They do not take into account
+whether one or more transformers have already been written for those
+versions differences. You will need to check that transformers are not
+already in place for those versions.
+
+
+
+
+
+
One final point to consider are that some subsystems register
+runtime-only resources and operations. For example the modcluster
+subsystem has a stop method. These do not get registered on the DC,
+e.g. there is no /profile=full-ha/subsystem=modcluster:stop operation,
+it only exists on the servers, for example
+/host=xxx/server=server-one/subsystem=modcluster:stop. What this means
+is that you don’t have to transform such operations and resources. The
+reason is they are not callable on the DC, and so do not need
+propagation to the servers in the domain, which in turn means no
+transformation is needed.
+
+
+
+
+
4.5. How do I write a transformer?
+
+
There are two APIs available to write transformers for a resource. There
+is the original low-level API where you register transformers directly,
+the general idea is that you get hold of a TransformersSubRegistration
+for each level and implement the ResourceTransformer,
+OperationTransformer and PathAddressTransformer interfaces directly.
+It is, however, a pretty complex thing to do, so we recommend the other
+approach. For completeness here is the entry point to handling
+transformation in this way.
+
+
+
+
publicclassSomeExtensionimplements Extension {
+
+ privatestaticfinalString SUBSYSTEM_NAME = "my-subsystem"'
+
+ private static final int MANAGEMENT_API_MAJOR_VERSION = 2;
+ private static final int MANAGEMENT_API_MINOR_VERSION = 0;
+ private static final int MANAGEMENT_API_MICRO_VERSION = 0;
+
+ @Override
+ public void initialize(ExtensionContext context) {
+ SubsystemRegistration registration = context.registerSubsystem(SUBSYSTEM_NAME, MANAGEMENT_API_MAJOR_VERSION,
+ MANAGEMENT_API_MINOR_VERSION, MANAGEMENT_API_MICRO_VERSION);
+ //Register the resource definitions
+ ....
+ }
+
+ static void registerTransformers(final SubsystemRegistration subsystem) {
+ registerTransformers_1_1_0(subsystem);
+ registerTransformers_1_2_0(subsystem);
+ }
+
+ /**
+ * Registers transformers from the current version to ModelVersion 1.1.0
+ */
+ private static void registerTransformers_1_1_0(final SubsystemRegistration subsystem) {
+ final ModelVersion version = ModelVersion.create(1, 1, 0);
+
+ //The default resource transformer forwards all operations
+ final TransformersSubRegistration registration = subsystem.registerModelTransformers(version, ResourceTransformer.DEFAULT);
+ final TransformersSubRegistration child = registration.registerSubResource(PathElement.pathElement("child"));
+ //We can do more things on the TransformersSubRegistation instances
+
+
+ registerRelayTransformers(stack);
+ }
+
+
+
+
Having implemented a number of transformers using the above approach, we
+decided to simplify things, so we introduced the
+org.jboss.as.controller.transform.description.ResourceTransformationDescriptionBuilder
+API. It is a lot simpler and avoids a lot of the duplication of
+functionality required by the low-level API approach. While it doesn’t
+give you the full power that the low-level API does, we found that there
+are very few places in the WildFly codebase where this does not work, so
+we will focus on the ResourceTransformationDescriptionBuilder API
+here. (If you come across a problem where this does not work, get in
+touch with someone from the WildFly Domain Management Team and we should
+be able to help). The builder API makes all the nasty calls to
+TransformersSubRegistration for you under the hood. It also allows you
+to fall back to the low-level API in places, although that will not be
+covered in the current version of this guide. The entry point for using
+the builder API here is taken from the WeldExtension (in current WildFly
+this has ModelVersion 2.0.0).
+
+
+
+
privatevoid registerTransformers(SubsystemRegistration subsystem) {
+ ResourceTransformationDescriptionBuilder builder = TransformationDescriptionBuilder.Factory.createSubsystemInstance();
+ //These new attributes are assumed to be 'true' in the old version but default to false in the current version. So discard if 'true' and reject if 'undefined'.
+ builder.getAttributeBuilder()
+ .setDiscard(new DiscardAttributeChecker.DiscardAttributeValueChecker(false, false, new ModelNode(true)),
+ WeldResourceDefinition.NON_PORTABLE_MODE_ATTRIBUTE, WeldResourceDefinition.REQUIRE_BEAN_DESCRIPTOR_ATTRIBUTE)
+ .addRejectCheck(new RejectAttributeChecker.DefaultRejectAttributeChecker() {
+
+ @Override
+ publicString getRejectionLogMessage(Map<String, ModelNode> attributes) {
+ return WeldMessages.MESSAGES.rejectAttributesMustBeTrue(attributes.keySet());
+ }
+
+ @Override
+ protectedboolean rejectAttribute(PathAddress address, String attributeName, ModelNode attributeValue,
+ TransformationContext context) {
+ //This will not get called if it was discarded, so reject if it is undefined (default==false) or if defined and != 'true'
+ return !attributeValue.isDefined() || !attributeValue.asString().equals("true");
+ }
+ }, WeldResourceDefinition.NON_PORTABLE_MODE_ATTRIBUTE, WeldResourceDefinition.REQUIRE_BEAN_DESCRIPTOR_ATTRIBUTE)
+ .end();
+ TransformationDescription.Tools.register(builder.build(), subsystem, ModelVersion.create(1, 0, 0));
+ }
+
+
+
+
Here we register a discard check and a reject check. As mentioned in
+#Attribute
+transformation lifecycle all attributes are inspected for whether they
+should be discarded first. Then all attributes which were not discarded
+are checked for if they should be rejected. We will dig more into what
+this code means in the next few sections, but in short it means that we
+discard the require-bean-descriptor and non-portable attributes on
+the weld subsystem resource if they have the value true. If they
+have any other value, they will not get discarded and so reach the
+reject check, which will reject the transformation of the attributes if
+they have any other value.
+
+
+
Here we are saying that we should discard the require-bean-descriptor
+and non-portable-mode attributes on the weld subsystem resource if
+they are undefined, and reject them if they are defined. So that means
+that if the weld subsystem looks like
or any other combination (the default values for these attributes if
+undefined is false) we will reject the transformation for the secondary
+legacy HC.
they both get discarded (i.e. removed), so they will not get inspected
+for rejection, and an empty model not containing these attributes gets
+sent to the legacy HC.
+
+
+
Here we will discuss this API a bit more, to outline the most important
+features/most commonly needed tasks.
+
+
+
4.5.1. ResourceTransformationDescriptionBuilder
+
+
The ResourceTransformationDescriptionBuilder contains transformations
+for a resource type. The initial one is for the subsystem, obtained by
+the following call:
The ResourceTransformationDescriptionBuilder contains functionality
+for how to handle child resources, which we will look at in this
+section. It is also the entry point to how to handle transformation of
+attributes as we will see in
+#AttributeTransformationDescriptionBuilder.
+Also, it allows you to further override operation transformation as
+discussed in
+#OperationTransformationOverrideBuilder.
+When we have finished with our builder, we register it with the
+SubsystemRegistration against the target ModelVersion.
+If you have several old ModelVersions you could be transforming to, you
+need a separate builder for each of those.
+
+
+
+
+
+
Silently discard child resources
+
+
To make the ResourceTransformationDescriptionBuilder do something, we
+need to call some of its methods. For example, if we want to silently
+discard a child resource, we can do
This means that any usage of /subsystem=my-subsystem/child=discarded
+never make it to the legacy secondary HC running ModelVersion 1.0.0. During
+the initial domain model transfer, that part of the serialized domain
+model is stripped out, and any operations on this address are not
+forwarded on to the legacy secondary HCs running that version of the
+subsystem. (For brevity this section will leave out the leading
+/profile=xxx part used in domain mode, and use
+/subsystem=my-subsystem as the 'top-level' address).
+
+
+
Warning
+
+
+
+
+
+
+
+
+Note that discarding, although the simplest option in theory, is rarely
+the right thing to do.
+
+
+
+
+
+
The presence of the defined child normally implies some behaviour on the
+DC, and that behaviour is not available on the legacy secondary HC, so
+normally rejection is a better policy for those cases. Remember we can
+have different profiles targeting different groups of versions of legacy
+secondary HCs.
+
+
+
+
Reject child resource
+
+
If we want to reject transformation if a child resource exists, we can
+do
Now, if there are any legacy secondary HCs running ModelVersion 1.0.0, any
+usage of /subsystem=my-subsystem/child=reject will get rejected for
+those secondary HCs. Both during the initial domain model transfer, and if any
+operations are invoked on that address. For example the remoting
+subsystem did not have a http-connector=* child until ModelVersion
+2.0.0, so it is set up to reject that child when transforming to legacy
+HCs for all previous ModelVersions (1.1.0, 1.2.0 and 1.3.0). (See
+#Rejection
+in resource transformers and
+#Rejection
+in operation transformers for exactly what happens when something is
+rejected).
+
+
+
+
Redirect address for child resource
+
+
Sometimes we rename the addresses for a child resource between model
+versions. To do that we use one of the addChildRedirection() methods,
+note that these also return a builder for the child resource (since we
+are not rejecting or discarding it), we can do this for all children of
+a given type:
Now, in the initial domain transfer
+/subsystem=my-subsystem/newChild=test becomes
+/subsystem=my-subsystem/oldChild=test. Similarly all operations
+against the former address get mapped to the latter when executing
+operations on the DC before sending them to the legacy secondary HC running
+ModelVersion 1.1.0 of the subsystem.
Now, /subsystem=my-subsystem/newChild=newName becomes
+/subsystem=my-subsystem/oldChild=oldName both in the initial domain
+transfer, and when mapping operations to the legacy secondary HC. For example,
+under the web subsystem ssl=configuration got renamed to
+configuration=ssl in later versions, meaning we need a redirect from
+configuration=ssl to ssl=configuration in its transformers.
+
+
+
+
Getting a child resource builder
+
+
Sometimes we don’t want to transform the subsystem resource, but we want
+to transform something in one of its child resources. Again, since we
+are not discarding or rejecting, we get a reference to the builder for
+the child resource.
+
+
+
+
ResourceTransformationDescriptionBuilder childBuilder =
+ subsystemBuilder.addChildResource(PathElement.pathElement("some-child"));
+ //We don't actually want to transform anything in /subsystem-my-subsystem/some-child=* either :-)
+ //We are interested in /subsystem-my-subsystem/some-child=*/another-level
+ ResourceTransformationDescriptionBuilder anotherBuilder =
+ childBuilder.addChildResource(PathElement.pathElement("another-level"));
+
+ //Use anotherBuilder to add child-resource and/or attribute transformation
+ ....
+
+
+
+
+
+
4.5.2. AttributeTransformationDescriptionBuilder
+
+
To transform attributes you call
+ResourceTransformationDescriptionBuilder.getAttributeBuilder() which
+returns you a AttributeTransformationDescriptionBuilder which is used
+to define transformation for the resource’s attributes. For example this
+gets the attribute builder for the subsystem resource:
The attribute transformations defined by the
+AttributeTransformationDescriptionBuilder will also impact the
+parameters to all operations defined on the resource. This means that if
+you have defined the example attribute of
+/subsystem=my-subsystem/some-child=* to reject transformation if its
+value is true, the inital domain transfer will reject if it is true,
+also the transformation of the following operations will reject:
The following operations will pass in this example, since the example
+attribute is not getting set to true
+
+
+
+
/subsystem=my-subsystem/some-child=test:add(example=false)
+ /subsystem=my-subsystem/some-child=test:add() //Here it 'example' is simply left undefined
+ /subsystem=my-subsystem:write-attribute(name=example, value=false)
+ /subsystem=my-subsystem:undefine-attribute(name=example) //Again this makes 'example' undefined
+ /subsystem=my-subsystem:custom-operation(example=false)
+
+
+
+
For the rest of the examples in this section we assume that the
+attributeBuilder is for /subsystem=my-subsystem
+
+
+
Attribute transformation lifecycle
+
+
There is a well defined lifecycle used for attribute transformation that
+is worth explaining before jumping into specifics. Transformation is
+done in the following phases, in the following order:
+
+
+
+
+
discard - All attributes in the domain model transfer or invoked
+operation that have been registered for a discard check, are checked to
+see if the attribute should be discarded. If an attribute should be
+discarded, it is removed from the resource’s attributes/operation’s
+parameters and it does not get passed to the next phases. Once discarded
+it does not get sent to the legacy secondary HC.
+
+
+
reject - All attributes that have been registered for a reject
+check (and which not have been discarded) are checked to see if the
+attribute should be rejected. As explained in
+#Rejection
+in resource transformers and
+#Rejection
+in operation transformers exactly what happens when something is
+rejected varies depending on whether we are transforming a resource or
+an operation, and the version of the legacy secondary HC we are transforming
+for. If a transformer rejects an attribute, all other reject
+transformers still get invoked, and the next phases also get invoked.
+This is because we don’t know in all cases what will happen if a reject
+happens. Although this might sound cumbersome, in practice it actually
+makes it easier to write transformers since you only need one kind
+regardless of if it is a resource, an operation, and legacy secondary HC
+version. However, as we will see in
+Common
+transformation use-cases, it means some extra checks are needed when
+writing reject and convert transformers.
+
+
+
convert - All attributes that have been registered for conversion
+are checked to see if the attribute should be converted. If the
+attribute does not exist in the original operation/resource it may be
+introduced. This is useful for setting default values for the target
+legacy secondary HC.
+
+
+
rename - All attributes registered for renaming are renamed.
+
+
+
+
+
Next, let us have a look at how to register attributes for each of these
+phases.
+
+
+
+
Discarding attributes
+
+
The general idea behind a discard is that we remove attributes which do
+not exist in the legacy secondary HC’s model. However, as hopefully
+described below, we normally can’t simply discard everything, we need to
+check the values first.
+
+
+
To discard an attribute we need an instance of
+org.jboss.as.controller.transform.description.DiscardAttributeChecker,
+and call the following method on the
+AttributeTransformationDescriptionBuilder:
As shown, you can register the DiscardAttributeChecker for several
+attributes at once, in the above example both attr1 and attr2 get
+checked for if they should be discarded. You can also register different
+DiscardAttributeChecker instances for different attributes:
Note that you can only have one DiscardAttributeChecker per attribute,
+so the following would cause an error (if running with assertions
+enabled, otherwise discardCheckerB will overwrite discardCheckerA):
org.jboss.as.controller.transform.description.DiscardAttributeChecker
+contains both the DiscardAttributeChecker and some helper
+implementations. The implementations of this interface get called for
+each attribute they are registered against. The interface itself is
+quite simple:
+
+
+
+
publicinterfaceDiscardAttributeChecker {
+
+ /**
+ * Returns {@code true} if the attribute should be discarded if expressions are used
+ *
+ * @return whether to discard if expressions are used
+ */
+ boolean isDiscardExpressions();
+
+
+
+
Return true here to discard the attribute if it is an expression. If
+it is an expression, and this method returns true, the
+isOperationParameterDiscardable and isResourceAttributeDiscardable
+methods will not get called.
+
+
+
+
/**
+ * Returns {@code true} if the attribute should be discarded if it is undefined
+ *
+ * @return whether to discard if the attribute is undefined
+ */
+ boolean isDiscardUndefined();
+
+
+
+
Return true here to discard the attribute if it is undefined. If it
+is undefined, and this method returns true, the
+isDiscardExpressions, isOperationParameterDiscardable and
+isResourceAttributeDiscardable methods will not get called.
+
+
+
+
/**
+ * Gets whether the given operation parameter can be discarded
+ *
+ * @param address the address of the operation
+ * @param attributeName the name of the operation parameter.
+ * @param attributeValue the value of the operation parameter.
+ * @param operation the operation executed. This is unmodifiable.
+ * @param context the context of the transformation
+ *
+ * @return {@code true} if the operation parameter value should be discarded, {@code false} otherwise.
+ */
+ boolean isOperationParameterDiscardable(PathAddress address, String attributeName, ModelNode attributeValue, ModelNode operation, TransformationContext context);
+
+
+
+
If we are transforming an operation, this method gets called for each
+operation parameter. We have access to the address of the operation, the
+name and value of the operation parameter, an unmodifiable copy of the
+original operation and the TransformationContext. The
+TransformationContext allows you access to the original resource the
+operation is working on before any transformation happened, which is
+useful if you want to check other values in the resource if this is, say
+a write-attribute operation. Return true to discard the operation.
+
+
+
+
/**
+ * Gets whether the given attribute can be discarded
+ *
+ * @param address the address of the resource
+ * @param attributeName the name of the attribute
+ * @param attributeValue the value of the attribute
+ * @param context the context of the transformation
+ *
+ * @return {@code true} if the attribute value should be discarded, {@code false} otherwise.
+ */
+ boolean isResourceAttributeDiscardable(PathAddress address, String attributeName, ModelNode attributeValue, TransformationContext context);
+
+
+
+
If we are transforming a resource, this method gets called for each
+attribute in the resource. We have access to the address of the
+resource, the name and value of the attribute, and the
+TransformationContext. Return true to discard the operation.
DiscardAttributeChecker.DefaultDiscardAttributeChecker is an abstract
+convenience class. In most cases you don’t need a separate check for if
+an operation or a resource is being transformed, so it makes both the
+isResourceAttributeDiscardable() and
+isOperationParameterDiscardable() methods call the following method.
All you lose, in the case of an operation transformation, is the name of
+the transformed operation. The constructor of
+DiscardAttributeChecker.DefaultDiscardAttributeChecker also allows you
+to define values for isDiscardExpressions() and
+isDiscardUndefined().
This is another convenience class, which allows you to discard an
+attribute if it has one or more values. Here is a real-world example
+from the jpa subsystem:
We will come back to the reject checks in the
+#Rejecting
+attributes section. We are saying that we should discard the
+JPADefinition.DEFAULT_EXTENDEDPERSISTENCE_INHERITANCE attribute if it
+has the value deep. The reasoning here is that this attribute did not
+exist in the old model, but the legacy secondary HCs implied behaviour is
+that this was deep. In the current version we added the possibility to
+toggle this setting, but only deep is consistent with what is
+available in the legacy secondary HC. In this case we are using the
+constructor for DiscardAttributeChecker.DiscardAttributeValueChecker
+which says don’t discard if it uses expressions, and discard if it is
+undefined. If it is undefined in the current model, looking at the
+default value of
+JPADefinition.DEFAULT_EXTENDEDPERSISTENCE_INHERITANCE, it is deep,
+so a discard is in line with the implied legacy behaviour. If an
+expression is used, we cannot discard since we have no idea what the
+expression will resolve to on the secondary HC.
+
+
+
+DiscardAttributeChecker.ALWAYS
+
+
DiscardAttributeChecker.ALWAYS will always discard an attribute. Use
+this sparingly, since normally the presence of an attribute in the
+current model implies some behaviour should be turned on, and if that
+does not exist in the legacy model it implies that that behaviour does
+not exist in the legacy secondary HC and its servers. Normally the legacy
+secondary HC’s subsystem has some implied behaviour which is better checked
+for by using a DiscardAttributeChecker.DiscardAttributeValueChecker.
+One valid use for DiscardAttributeChecker.ALWAYS can be found in the
+ejb3 subsystem:
+
+
+
+
privatestaticvoid registerTransformers_1_1_0(SubsystemRegistration subsystemRegistration) {
+ ResourceTransformationDescriptionBuilder builder = TransformationDescriptionBuilder.Factory.createSubsystemInstance()
+ .getAttributeBuilder()
+ ...
+ // We can always discard this attribute, because it's meaningless without the security-manager subsystem, and
+ // a legacy secondary HC can't have that subsystem in its profile.
+ .setDiscard(DiscardAttributeChecker.ALWAYS, EJB3SubsystemRootResourceDefinition.DISABLE_DEFAULT_EJB_PERMISSIONS)
+ ...
+
+
+
+
As the comment says, this attribute only makes sense with the
+security-manager susbsystem, which does not exist on legacy secondary HCs
+running ModelVersion 1.1.0 of the ejb3 subsystem.
+
+
+
+DiscardAttributeChecker.UNDEFINED
+
+
DiscardAttributeChecker.UNDEFINED will discard an attribute if it is
+undefined. This is normally safer than
+DiscardAttributeChecker.ALWAYS since the attribute is not set in the
+current model, we don’t need to send it to the legacy model. However,
+you should check that this attribute not existing in the legacy secondary
+HC, implies the same functionality as being undefined in the current DC.
+
+
+
+
+
+
Rejecting attributes
+
+
The next step is to check attributes and values which we know for sure
+will not work on the target legacy secondary HC.
+
+
+
To reject an attribute we need an instance of
+org.jboss.as.controller.transform.description.RejectAttributeChecker,
+and call the following method on the
+AttributeTransformationDescriptionBuilder:
As shown you can register the RejectAttributeChecker for several
+attributes at once, in the above example both attr1 and attr2 get
+checked for if they should be discarded. You can also register different
+RejectAttributeChecker instances for different attributes:
In this case attr1 gets both rejectCheckerA and rejectCheckerB.
+For attributes with several RejectAttributeChecker registered, they
+get processed in the order that they have been added. So when checking
+attr1 for rejection, rejectCheckerA gets run before
+rejectCheckerB. As mentioned in
+#Attribute
+transformation lifecycle, if an attribute is rejected, we still invoke
+the rest of the reject checkers.
+
+
+
The RejectAttributeChecker interface
+
+
org.jboss.as.controller.transform.description.RejectAttributeChecker
+contains both the RejectAttributeChecker and some helper
+implementations. The implementations of this interface get called for
+each attribute they are registered against. The interface itself is
+quite simple, and its main methods are similar to
+DiscardAttributeChecker:
+
+
+
+
publicinterfaceRejectAttributeChecker {
+ /**
+ * Determines whether the given operation parameter value is not understandable by the target process and needs
+ * to be rejected.
+ *
+ * @param address the address of the operation
+ * @param attributeName the name of the attribute
+ * @param attributeValue the value of the attribute
+ * @param operation the operation executed. This is unmodifiable.
+ * @param context the context of the transformation
+ * @return {@code true} if the parameter value is not understandable by the target process and so needs to be rejected, {@code false} otherwise.
+ */
+ boolean rejectOperationParameter(PathAddress address, String attributeName, ModelNode attributeValue, ModelNode operation, TransformationContext context);
+
+
+
+
If we are transforming an operation, this method gets called for each
+operation parameter. We have access to the address of the operation, the
+name and value of the operation parameter, an unmodifiable copy of the
+original operation and the TransformationContext. The
+TransformationContext allows you access to the original resource the
+operation is working on before any transformation happened, which is
+useful if you want to check other values in the resource if this is, say
+a write-attribute operation. Return true to reject the operation.
+
+
+
+
/**
+ * Gets whether the given resource attribute value is not understandable by the target process and needs
+ * to be rejected.
+ *
+ * @param address the address of the resource
+ * @param attributeName the name of the attribute
+ * @param attributeValue the value of the attribute
+ * @param context the context of the transformation
+ * @return {@code true} if the attribute value is not understandable by the target process and so needs to be rejected, {@code false} otherwise.
+ */
+ boolean rejectResourceAttribute(PathAddress address, String attributeName, ModelNode attributeValue, TransformationContext context);
+
+
+
+
If we are transforming a resource, this method gets called for each
+attribute in the resource. We have access to the address of the
+resource, the name and value of the attribute, and the
+TransformationContext. Return true to discard the operation.
+
+
+
+
/**
+ * Returns the log message id used by this checker. This is used to group it so that all attributes failing a type of rejection
+ * end up in the same error message
+ *
+ * @return the log message id
+ */
+ String getRejectionLogMessageId();
+
+
+
+
Here we need a unique id for the log message from the
+RejectAttributeChecker. It is used to group rejected attributes by
+their log message. A typical implementation will contain \{\{return
+getRejectionLogMessage(Collections.<String, ModelNode>emptyMap());}
+
+
+
+
/**
+ * Gets the log message if the attribute failed rejection
+ *
+ * @param attributes a map of all attributes failed in this checker and their values
+ * @return the formatted log message
+ */
+ String getRejectionLogMessage(Map<String, ModelNode> attributes);
+
+
+
+
Here we return a message saying why the attributes were rejected, with
+the possibility to format the message to include the names of all the
+rejected attributes and the values they had.
RejectAttributeChecker.DefaultRejectAttributeChecker is an abstract
+convenience class. In most cases you don’t need a separate check for if
+an operation or a resource is being transformed, so it makes both the
+rejectOperationParameter() and rejectResourceAttribute() methods
+call the following method.
Like DefaultDiscardAttributeChecker, all you loose is the name of the
+transformed operation, in the case of operation transformation.
+
+
+
+RejectAttributeChecker.DEFINED
+
+
RejectAttributeChecker.DEFINED is used to reject any attribute that
+has a defined value. Normally this is because the attribute does not
+exist on the target legacy secondary HC. A typical use case for these is for
+the implied behavior example we looked at in the jpa subsystem in
+#DiscardAttributeChecker.DiscardAttributeValueChecker
So we discard the
+JPADefinition.DEFAULT_EXTENDEDPERSISTENCE_INHERITANCE value if it is
+not an expression, and also has the value deep. Now if it was not
+discarded, it would will still be defined so we reject it.
+
+
+
Important
+
+
+
+
+
+
+
+
+Reject and discard often work in pairs.
+
+
+
+
+
+
+RejectAttributeChecker.SIMPLE_EXPRESSIONS
+
+
RejectAttributeChecker.SIMPLE_EXPRESSIONS can be used to reject an
+attribute that contains expressions. This was used a lot for
+transformations to subsystems in JBoss AS 7.1.x, since we had not fully
+realized the importance of where to support expressions until JBoss AS
+7.2.0 was released, so a lot of attributes in earlier versions were
+missing expressions support.
The
+RejectAttributeChecker}}s we have seen so far work on simple attributes, i.e. where the attribute has a ModelType which is one of the primitives. We also have a {{RejectAttributeChecker.ListRejectAttributeChecker
+which allows you to define a checker for the elements of a list, when
+the type of an attribute is ModelType.LIST.
For attr1 it will check each element of the list and run
+RejectAttributeChecker.EXPRESSIONS to check that each element is not
+an expression. You can of course pass in another kind of
+RejectAttributeChecker to check the elements as well.
For attributes where the type is ModelType.OBJECT we have
+RejectAttributeChecker.ObjectFieldsRejectAttributeChecker which allows
+you to register different reject checkers for the different fields of
+the registered object.
Now if attr1 is a complex type where
+attr1.get("time").getType() == ModelType.EXPRESSION or
+attr1.get("unit").asString().equals("Lunar Month") we reject the
+attribute.
+
+
+
+
+
+
Converting attributes
+
+
To convert an attribute you register an
+org.jboss.as.controller.transform.description.AttributeConverter
+instance against the attributes you want to convert:
Now if attr1 and attr2 get converted with converterA, while
+attr3 gets converted with converterB.
+
+
+
The AttributeConverter interface
+
+
The AttributeConverter interface gets called for each attribute for
+which the AttributeConverter has been registered
+
+
+
+
publicinterfaceAttributeConverter {
+
+ /**
+ * Converts an operation parameter
+ *
+ * @param address the address of the operation
+ * @param attributeName the name of the operation parameter
+ * @param attributeValue the value of the operation parameter to be converted
+ * @param operation the operation executed. This is unmodifiable.
+ * @param context the context of the transformation
+ */
+ void convertOperationParameter(PathAddress address, String attributeName, ModelNode attributeValue, ModelNode operation, TransformationContext context);
+
+
+
+
If we are transforming an operation, this method gets called for each
+operation parameter for which the con. We have access to the address of
+the operation, the name and value of the operation parameter, an
+unmodifiable copy of the original operation and the
+TransformationContext. The TransformationContext allows you access
+to the original resource the operation is working on before any
+transformation happened, which is useful if you want to check other
+values in the resource if this is, say a write-attribute operation. To
+change the attribute value, you modify the attributeValue.
+
+
+
+
/**
+ * Converts a resource attribute
+ *
+ * @param address the address of the operation
+ * @param attributeName the name of the attribute
+ * @param attributeValue the value of the attribute to be converted
+ * @param context the context of the transformation
+ */
+ void convertResourceAttribute(PathAddress address, String attributeName, ModelNode attributeValue, TransformationContext context);
+
+
+
+
If we are transforming a resource, this method gets called for each
+attribute in the resource. We have access to the address of the
+resource, the name and value of the attribute, and the
+TransformationContext. To change the attribute value, you modify the
+attributeValue.
+
+
+
+
}
+
+
+
+
A hypothetical example is if the current and legacy subsystems both
+contain an attribute called timeout. In the legacy model this was
+specified to be milliseconds, however in the current model it has been
+changed to be seconds, hence we need to convert the value when sending
+it to secondary HCs using the legacy model:
We need to be a bit careful here. If the timeout attribute is an
+expression our nice conversion will not work, so we need to add a reject
+check to make sure it is not an expression as well:
AttributeConverter.DefaultAttributeConverter is is an abstract
+convenience class. In most cases you don’t need a separate check for if
+an operation or a resource is being transformed, so it makes both the
+convertOperationParameter() and convertResourceAttribute() methods call
+the following method.
Like DefaultDiscardAttributeChecker and
+DefaultRejectAttributeChecker, all you loose is the name of the
+transformed operation, in the case of operation transformation.
+
+
+Introducing attributes during transformation
+
+
Say both the current and the legacy models have an attribute called
+port. In the legacy version this attribute had to be specified, and
+the default xml configuration had 1234 for its value. In the current
+version this attribute has been made optional with a default value of
+1234 so that it does not need to be specified. When transforming to a
+secondary HC using the old version we will need to introduce this attribute
+if the new model does not contain it:
So what this factory method does is to create an implementation of
+AttributeConverter.DefaultAttributeConverter where in
+convertAttribute() we set attributeValue to have the value 1234 if
+it is undefined. As long as attributeValue gets set in that method
+it will get set in the model, regardless of if it existed already or
+not.
Now, in the initial domain transfer to the legacy secondary HC, we rename
+/subsystem=my-subsystem’s `my-name attribute to legacy-name. Also,
+the operations involving this attribute are affected, so
All operations on a resource automatically get the same transformations
+on their parameters as set up by the
+AttributeTransformationDescriptionBuilder. In some cases you might
+want to change this, so you can use the
+OperationTransformationOverrideBuilder, which is got from:
In this case the operation will now no longer inherit the
+attribute/operation parameter transformations, so they are effectively
+turned off. In other cases you might want to include them by calling
+inheritResourceAttributeDefinitions(), and to include some more checks
+(the OperationTransformationBuilder interface has all the methods
+found in AttributeTransformationBuilder:
You can also rename operations, in this case the operation
+some-operation gets renamed to legacy-operation before getting sent
+to the legacy secondary HC.
4.6. Evolving transformers with subsystem ModelVersions
+
+
Say you have a subsystem with ModelVersions 1.0.0 and 1.1.0. There will
+(hopefully!) already be transformers in place for 1.1.0 to 1.0.0
+transformations. Let’s say that the transformers registration looks
+like:
+
+
+
+
publicclassSomeExtensionimplements Extension {
+
+ privatestaticfinalString SUBSYSTEM_NAME = "my-subsystem"'
+
+ private static final int MANAGEMENT_API_MAJOR_VERSION = 1;
+ private static final int MANAGEMENT_API_MINOR_VERSION = 1;
+ private static final int MANAGEMENT_API_MICRO_VERSION = 0;
+
+ @Override
+ public void initialize(ExtensionContext context) {
+ SubsystemRegistration registration = context.registerSubsystem(SUBSYSTEM_NAME, MANAGEMENT_API_MAJOR_VERSION,
+ MANAGEMENT_API_MINOR_VERSION, MANAGEMENT_API_MICRO_VERSION);
+ //Register the resource definitions
+ ....
+ }
+
+ private void registerTransformers(final SubsystemRegistration subsystem) {
+ registerTransformers_1_0_0(subsystem);
+ }
+
+ /**
+ * Registers transformers from the current version to ModelVersion 1.0.0
+ */
+ private void registerTransformers_1_0_0(SubsystemRegistration subsystem) {
+ ResourceTransformationDescriptionBuilder builder = TransformationDescriptionBuilder.Factory.createSubsystemInstance();
+ builder.getAttributeBuilder()
+ .addRejectCheck(RejectAttributeChecker.DEFINED, "attr1")
+ .end();
+ TransformationDescription.Tools.register(builder.build(), subsystem, ModelVersion.create(1, 0, 0));
+ }
+}
+
+
+
+
Now say we want to do a new version of the model. This new version
+contains a new attribute called 'new-attr' which cannot be defined when
+transforming to 1.1.0, we bump the model version to 2.0.0:
+
+
+
+
publicclassSomeExtensionimplements Extension {
+
+ privatestaticfinalString SUBSYSTEM_NAME = "my-subsystem"'
+
+ private static final int MANAGEMENT_API_MAJOR_VERSION = 2;
+ private static final int MANAGEMENT_API_MINOR_VERSION = 0;
+ private static final int MANAGEMENT_API_MICRO_VERSION = 0;
+
+ @Override
+ public void initialize(ExtensionContext context) {
+ SubsystemRegistration registration = context.registerSubsystem(SUBSYSTEM_NAME, MANAGEMENT_API_MAJOR_VERSION,
+ MANAGEMENT_API_MINOR_VERSION, MANAGEMENT_API_MICRO_VERSION);
+ //Register the resource definitions
+ ....
+ }
This is the way that has been used up to WildFly 29.x. However, in
+WildFly 9 and later, it is strongly recommended to migrate to what is
+mentioned in
+#Chained
+transformers
+
+
+
Now we need some new transformers from the current ModelVersion to 1.1.0
+where we reject any defined occurrances of our new attribute new-attr:
So that is all well and good, however we also need to take into account
+that new-attrdoes not exist in ModelVersion 1.0.0 either, so we
+need to extend our transformer for 1.0.0 to reject it there as well. As
+you can see 1.0.0 also rejects a defined 'attr1' in addition to the
+'new-attr'(which is rejected in both versions).
+
+
+
+
/**
+ * Registers transformers from the current version to ModelVersion 1.0.0
+ */
+ privatevoid registerTransformers_1_0_0(SubsystemRegistration subsystem) {
+ ResourceTransformationDescriptionBuilder builder = TransformationDescriptionBuilder.Factory.createSubsystemInstance();
+ builder.getAttributeBuilder()
+ .addRejectCheck(RejectAttributeChecker.DEFINED, "attr1", "new-attr")
+ .end();
+ TransformationDescription.Tools.register(builder.build(), subsystem, ModelVersion.create(1, 0, 0));
+ }
+}
+
+
+
+
Now new-attr will be rejected if defined for all previous model
+versions.
+
+
+
+
4.6.2. Chained transformers
+
+
Since 'The old way' had a lot of duplication of code, since WildFly 9 we
+now have chained transformers. You obtain a
+ChainedTransformationDescriptionBuilder which is a different entry
+point to the ResourceTransformationDescriptionBuilder we have seen
+earlier. Each ResourceTransformationDescriptionBuilder deals with
+transformation across one version delta.
+
+
+
+
privatevoid registerTransformers(SubsystemRegistration subsystem) {
+ ModelVersion version1_1_0 = ModelVersion.create(1, 1, 0);
+ ModelVersion version1_0_0 = ModelVersion.create(1, 0, 0);
+
+ ChainedTransformationDescriptionBuilder chainedBuilder =
+ TransformationDescriptionBuilder.Factory.createChainedSubystemInstance(subsystem.getSubsystemVersion());
+
+ //Differences between the current version and 1.1.0
+ ResourceTransformationDescriptionBuilder builder110 =
+ chainedBuilder.create(subsystem.getSubsystemVersion(), version1_1_0);
+ builder110.getAttributeBuilder()
+ .addRejectCheck(RejectAttributeChecker.DEFINED, "new-attr")
+ .end();
+
+ //Differences between the 1.1.0 and 1.0.0
+ ResourceTransformationDescriptionBuilder builder100 =
+ chainedBuilder.create(subsystem.getSubsystemVersion(), version1_0_0);
+ builder110.getAttributeBuilder()
+ .addRejectCheck(RejectAttributeChecker.DEFINED, "attr1")
+ .end();
+
+ chainedBuilder.buildAndRegister(subsystem, new ModelVersion[]{version1_0_0, version1_1_0});
+
+
+
+
The buildAndRegister(ModelVersion[]… chains) method registers a
+chain consisting of the built builder110 and builder100 for
+transformation to 1.0.0, and a chain consisting of the built
+builder110 for transformation to 1.1.0. It allows you to specify more
+than one chain.
+
+
+
Now when transforming from the current version to 1.0.0, the resource is
+first transformed from the current version to 1.1.0 (which rejects a
+defined new-attr) and then it is transformed from 1.1.0 to 1.0.0
+(which rejects a defined attr1). So when evolving transformers you
+should normally only need to add things to the last version delta. The
+full current-to-1.1.0 transformation is run before the 1.1.0-to-1.0.0
+transformation is run.
+
+
+
One thing worth pointing out that the value returned by
+TransformationContext.readResource(PathAddress address) and
+TransformationContext.readResourceFromRoot(PathAddress address) which
+you can use from your custom RejectAttributeChecker,
+DiscardAttributeChecker and AttributeConverter behaves slightly
+differently depending on if you are transforming an operation or a
+resource.
+
+
+
During resource transformation this will be the latest model, so in
+our above example, in the current-to-1.1.0 transformation it will be the
+original model. In the 1.1.0-to-1.0.0 transformation, it will be the
+result of the current-to-1.1.0 transformation.
+
+
+
During operation transformation these methods will always return the
+original model (we are transforming operations, not resources!).
+
+
+
In WildFly 9 we are now less aggressive about transforming to all
+previous versions of WildFly, however we still have a lot of good tests
+for running against 7.1.x, 8. Also, for Red Hat employees we have tests
+against EAP versions. These tests no longer get run by default, to run
+them you need to specify some system properties when invoking maven.
+They are:
+
+
+
+
+
-Djboss.test.transformers.subsystem.old - enables the non-default
+subsystem tests.
+
+
+
-Djboss.test.transformers.eap - (Red Hat developers only), enables the
+eap tests, but only the ones run by default. If run in conjunction with
+-Djboss.test.transformers.subsystem.old you get all the possible
+subsystem tests run.
+
+
+
-Djboss.test.transformers.core.old - enables the non-default core
+model tests.
+
+
+
+
+
+
+
4.7. Testing transformers
+
+
To test transformation you need to extend
+org.jboss.as.subsystem.test.AbstractSubsystemTest or
+org.jboss.as.subsystem.test.AbstractSubsystemBaseTest. Then, in order
+to have the best test coverage possible, you should test the fullest
+configuration that will work, and you should also test configurations
+that don’t work if you have rejecting transformers registered. The
+following example is from the threads subsystem, and I have only
+included the tests against 7.1.2 - there are more! First we need to set
+up our test:
So we say that this test is for the threads subsystem, and that it is
+implemented by ThreadsExtension. This is the same test framework as we
+use in
+Example
+subsystem#Testing the parsers, but we will only talk about the parts
+relevant to transformers here.
+
+
+
4.7.1. Testing a configuration that works
+
+
To test a configuration xxx
+
+
+
+
@Test
+ publicvoid testTransformerAS712() throwsException {
+ testTransformer_1_0(ModelTestControllerVersion.V7_1_2_FINAL);
+ }
+ /**
+ * Tests transformation of model from 1.1.0 version into 1.0.0 version.
+ *
+ * @throws Exception
+ */
+ privatevoid testTransformer_1_0(ModelTestControllerVersion controllerVersion) throwsException {
+ String subsystemXml = "threads-transform-1_0.xml"; //This has no expressions not understood by 1.0
+ ModelVersion modelVersion = ModelVersion.create(1, 0, 0); //The old model version
+ //Use the non-runtime version of the extension which will happen on the HC
+ KernelServicesBuilder builder = createKernelServicesBuilder(AdditionalInitialization.MANAGEMENT)
+ .setSubsystemXmlResource(subsystemXml);
+
+ final PathAddress subsystemAddress = PathAddress.pathAddress(PathElement.pathElement(SUBSYSTEM, mainSubsystemName));
+
+ // Add legacy subsystems
+ builder.createLegacyKernelServicesBuilder(null, controllerVersion, modelVersion)
+ .addOperationValidationResolve("add", subsystemAddress.append(PathElement.pathElement("thread-factory")))
+ .addMavenResourceURL("org.jboss.as:jboss-as-threads:" + controllerVersion.getMavenGavVersion())
+ .excludeFromParent(SingleClassFilter.createFilter(ThreadsLogger.class));
+
+ KernelServices mainServices = builder.build();
+ KernelServices legacyServices = mainServices.getLegacyServices(modelVersion);
+ Assert.assertNotNull(legacyServices);
+ checkSubsystemModelTransformation(mainServices, modelVersion);
+ }
+
+
+
+
What this test does is get the builder to configure the test controller
+using threads-transform-1_0.xml. This main builder works with the
+current subsystem version, and the jars in the WildFly checkout.
+
+
+
Next we configure a 'legacy' controller. This will run the version of
+the core libraries (e.g the controller module) as found in the
+targeted legacy version of JBoss AS/WildFly), and the subsystem. We need
+to pass in that it is using the core AS version 7.1.2.Final (i.e. the
+ModelTestControllerVersion.V7_1_2_FINAL part) and that that version is
+ModelVersion 1.0.0. Next we have some addMavenResourceURL() calls
+passing in the Maven GAVs of the old version of the subsystem and any
+dependencies it has needed to boot up. Normally, specifying just the
+Maven GAV of the old version of the subsystem is enough, but that
+depends on your subsystem. In this case the old subsystem GAV is enough.
+When booting up the legacy controller the framework uses the parsed
+operations from the main controller and transforms them using the 1.0.0
+transformer in the threads subsystem. The
+addOperationValidationResolve() and excludeFromParent() calls are
+not normally necessary, see the javadoc for more examples.
+
+
+
The call to KernelServicesBuilder.build() will build both the main
+controller and the legacy controller. As part of that it also boots up a
+second copy of the main controller using the transformed operations to
+make sure that the 'old' ops to boot our subsystem will still work on
+the current controller, which is important for backwards compatibility
+of CLI scripts. To tweak how that is done if you see failures there, see
+LegacyKernelServicesInitializer.skipReverseControllerCheck() and
+LegacyKernelServicesInitializer.configureReverseControllerCheck(). The
+LegacyKernelServicesInitializer is what gets returned by
+KernelServicesBuilder.createLegacyKernelServicesBuilder().
+
+
+
Finally we call checkSubsystemModelTransformation() which reads the
+full legacy subsystem model. The legacy subsystem model will have been
+built up from the transformed boot operations from the parsed xml. The
+operations get transformed by the operation transformers. Then it takes
+the model of the current subsystem and transforms that using the
+resource transformers. Then it compares the two models, which should be
+the same. In some rare cases it is not possible to get those two models
+exactly the same, so there is a version of this method that takes a
+ModelFixer to make adjustments. The
+checkSubsystemModelTransformation() method also makes sure that the
+legacy model is valid according to the legacy subsystem’s resource
+definition.
+
+
+
The legacy subsystem resource definitions are read on demand from the
+legacy controller when the tests run. In some older versions of
+subsystems (before we converted everything to use ResourceDefinition,
+and DescriptionProvider implementations were coded by hand) there were
+occasional problems with the resource definitions and they needed to be
+touched up. In this case you can generate a new one, touch it up and
+store the result in a file in the test resources under
+/same/package/as/the/test/class/{{subsystem-name- model-version.
+This will then prefer the file read from the file system to the one read
+at runtime. To generate the .dmr file, you need to generate it by adding
+a temporary test (make sure that you adjust controllerVersion and
+modelVersion to what you want to generate):
Now run the test and delete it. The legacy .dmr file should be in
+target/test-classes/org/jboss/as/subsystem/test/<your-subsystem-name>-<your-version>.dmr.
+Copy this .dmr file to the correct location in your project’s test
+resources.
+
+
+
+
4.7.2. Testing a configuration that does not work
+
+
The threads subsystem (like several others) did not support the use of
+expression values in the version that came with JBoss AS 7.1.2.Final. So
+we have a test that attempts to use expressions, and then fixes each
+resource and attribute where expressions were not allowed.
Again we boot up a current and a legacy controller. However, note in
+this case that they are both empty, no xml was parsed on boot so there
+are no operations to boot up the model. Instead once the controllers
+have been booted, we call KernelServicesBuilder.parseXmlResource()
+which gets the operations from expressions.xml. expressions.xml uses
+expressions in all the places they were not allowed in 7.1.2.Final. For
+each resource ModelTestUtils.checkFailedTransformedBootOperations()
+will check that the add operation gets rejected, and then correct one
+attribute at a time until the resource has been totally corrected. Once
+the add operation is totally correct, it will check that the add
+operation no longer is rejected. The configuration for this is the
+FailedOperationTransformationConfig returned by the getConfig()
+method:
So what this means is that we expect the allow-core-timeout and
+keepalive-time attributes for the
+blocking-bounded-queue-thread-pool= and bounded-queue-thread-pool=
+add operations to use expressions in the parsed xml. We then expect them
+to fail since there should be transformers in place to reject
+expressions, and correct them one at a time until the add operation
+should pass. As well as doing the add operations the
+ModelTestUtils.checkFailedTransformedBootOperations() method will also
+try calling write-attribute for each attribute, correcting as it goes
+along. As well as allowing you to test rejection of expressions
+FailedOperationTransformationConfig also has some helper classes to
+help testing rejection of other scenarios.
+
+
+
+
+
4.8. Common transformation use-cases
+
+
Most transformations are quite similar, so this section covers some of
+the actual transformation patterns found in the WildFly codebase. We
+will look at the output of CompareModelVersionsUtil, and see what can be
+done to transform for the older secondary HCs. The examples come from the
+WildFly codebase but are stripped down to focus solely on the use-case
+being explained in an attempt to keep things as clear/simple as
+possible.
+
+
+
4.8.1. Child resource type does not exist in legacy model
+
+
Looking at the model comparison between WildFly and JBoss AS 7.2.0,
+there is a change to the remoting subsystem. The relevant part of the
+output is:
+
+
+
+
======= Resource root address: ["subsystem" => "remoting"] - Current version: 2.0.0; legacy version: 1.2.0 =======
+--- Problems for relative address to root []:
+Missing child types in current: []; missing in legacy [http-connector]
+
+
+
+
So our current model has added a child type called http-connector
+which was not there in 7.2.0. This is configurable, and adds new
+behavior, so it can not be part of a configuration sent across to a
+legacy secondary HC running version 1.2.0. So we add the following to
+RemotingExtension to reject all instances of that child type against
+ModelVersion 1.2.0.
Since this child resource type also does not exist in ModelVersion 1.1.0
+we need to reject it there as well using a similar mechanism.
+
+
+
+
4.8.2. Attribute does not exist in the legacy subsystem
+
+
Default value of the attribute is the same as legacy implied
+
+
behavior
+
+
+
This example also comes from the remoting subsystem, and is probably
+the most common type of transformation. The comparison tells us that
+there is now an attribute under
+/subsystem=remoting/remote-outbound-connection=* called protocol
+which did not exist in the older version:
+
+
+
+
======= Resource root address: ["subsystem" => "remoting"] - Current version: 2.0.0; legacy version: 1.2.0 =======
+--- Problems for relative address to root []:
+....
+--- Problems for relative address to root ["remote-outbound-connection" => "*"]:
+Missing attributes in current: []; missing in legacy [protocol]
+Missing parameters for operation 'add' in current: []; missing in legacy [protocol]
+
+
+
+
This difference also affects the add operation. Looking at the current
+model the valid values for the protocol attribute are remote,
+http-remoting and https-remoting. The last two are new protocols
+introduced in WildFly 29, meaning that the implied behaviour in JBoss
+7.2.0 and earlier is the remote protocol. Since this attribute does
+not exist in the legacy model we want to discard this attribute if it is
+undefined or if it has the value remote, both of which are in line
+with what the legacy secondary HC is hardwired to use. Also we want to
+reject it if it has a value different from remote. So what we need to
+do when registering transformers against ModelVersion 1.2.0 to handle
+this attribute:
So the first thing to happens is that we register a
+DiscardAttributeChecker.DiscardAttributeValueChecker which discards
+the attribute if it is either undefined (the default value in the
+current model is remote), or defined and has the value remote.
+Remembering that the discard phase always happens before the reject
+phase, the reject checker checks that the protocol attribute is
+defined, and rejects it if it is. The only reason it would be defined
+in the reject check, is if it was not discarded by the discard check.
+Hopefully this example shows that the discard and reject checkers often
+work in pairs.
+
+
+
An alternative way to write the protocolTransform() method would be:
The reject check remains the same, but we have implemented the discard
+check by using DiscardAttributeChecker.DefaultDiscardAttributeChecker
+instead. However, the effect of the discard check is exactly the same as
+when we used DiscardAttributeChecker.DiscardAttributeValueChecker.
+
+
+
+
Default value of the attribute is different from legacy implied
+
+
behaviour
+
+
+
We touched on this in the weld subsystem example we used earlier in this
+guide, but let’s take a more thorough look. Our comparison tells us that
+we have two new attributes require-bean-descriptor and
+non-portable-mode:
+
+
+
+
====== Resource root address: ["subsystem" => "weld"] - Current version: 2.0.0; legacy version: 1.0.0 =======
+--- Problems for relative address to root []:
+Missing attributes in current: []; missing in legacy [require-bean-descriptor, non-portable-mode]
+Missing parameters for operation 'add' in current: []; missing in legacy [require-bean-descriptor, non-portable-mode]
+
+
+
+
Now when we look at this we see that the default value for both of the
+attributes in the current model is false, which allows us more
+flexible behavior introduced in CDI 1.1 (which was introduced with this
+version of the subsystem). The old model does not have these attributes,
+and implements CDI 1.0, which under the hood (using our weld subsystem
+expertise knowledge) implies the values true for both of these. So our
+transformer must reject anything that is not true for these
+attributes. Let us look at the transformer registered by the
+WeldExtension:
+
+
+
+
privatevoid registerTransformers(SubsystemRegistration subsystem) {
+ ResourceTransformationDescriptionBuilder builder = TransformationDescriptionBuilder.Factory.createSubsystemInstance();
+ //These new attributes are assumed to be 'true' in the old version but default to false in the current version. So discard if 'true' and reject if 'undefined'.
+ builder.getAttributeBuilder()
+ .setDiscard(new DiscardAttributeChecker.DiscardAttributeValueChecker(false, false, new ModelNode(true)),
+ WeldResourceDefinition.NON_PORTABLE_MODE_ATTRIBUTE, WeldResourceDefinition.REQUIRE_BEAN_DESCRIPTOR_ATTRIBUTE)
+ .addRejectCheck(new RejectAttributeChecker.DefaultRejectAttributeChecker() {
+
+ @Override
+ publicString getRejectionLogMessage(Map<String, ModelNode> attributes) {
+ return WeldMessages.MESSAGES.rejectAttributesMustBeTrue(attributes.keySet());
+ }
+
+ @Override
+ protectedboolean rejectAttribute(PathAddress address, String attributeName, ModelNode attributeValue,
+ TransformationContext context) {
+ //This will not get called if it was discarded, so reject if it is undefined (default==false) or if defined and != 'true'
+ return !attributeValue.isDefined() || !attributeValue.asString().equals("true");
+ }
+ }, WeldResourceDefinition.NON_PORTABLE_MODE_ATTRIBUTE, WeldResourceDefinition.REQUIRE_BEAN_DESCRIPTOR_ATTRIBUTE)
+ .end();
+ TransformationDescription.Tools.register(builder.build(), subsystem, ModelVersion.create(1, 0, 0));
+ }
+
+
+
+
This looks a bit more scary than the previous transformer we have seen,
+but isn’t actually too bad. The first thing we do is register a
+DiscardAttributeChecker.DiscardAttributeValueChecker which will
+discard the attribute if it has the value true. It will not discard if
+it is undefined since that defaults to false. This is registered for
+both attributes.
+
+
+
If the attributes had the value true they will get discarded we will
+not hit the reject checker since discarded attributes never get checked
+for rejection. If on the other hand they were an expression (since we
+are interested in the actual value, but cannot evaluate what value an
+expression will resolve to on the target from the DC running the
+transformers), false, or undefined (which will then default to
+false) they will not get discarded and will need to be rejected. So
+our
+RejectAttributeChecker.DefaultRejectAttributeChecker.rejectAttribute()
+method will return true (i.e. reject) if the attribute value is
+undefined (since that defaults to false) or if it is defined and
+'not equal to `true’. It is better to check for 'not equal to `true’
+than to check for 'equal to `false’ since if an expression was used we
+still want to reject, and only the 'not equal to `true’ check would
+actually kick in in that case.
+
+
+
The other thing we need in our
+DiscardAttributeChecker.DiscardAttributeValueChecker is to override
+the getRejectionLogMessage() method to get the message to be displayed
+when rejecting the transformation. In this case it says something along
+the lines "These attributes must be 'true' for use with CDI 1.0 '%s'",
+with the names of the attributes having been rejected substituting the
+%s.
+
+
+
+
+
4.8.3. Attribute has a different default value
+
+
– TODO
+
+
+
(The gist of this is to use a value converter, such that if the
+attribute is undefined, and hence the default value will take effect,
+then the value gets converted to the current version’s default value.
+This ensures that the legacy HC will use the same effective setting as
+current version HCs.
+
+
+
Note however that a change in default values is a form of incompatible
+API change, since CLI scripts written assuming the old defaults will now
+produce a configuration that behaves differently. Transformers make it
+possible to have a consistently configured domain even in the presence
+of this kind of incompatible change, but that doesn’t mean such changes
+are good practice. They are generally unacceptable in WildFly’s own
+subsystems.
+
+
+
One trick to ameliorate the impact of a default value change is to
+modify the xml parser for the old schema version such that if the xml
+attribute is not configured, the parser sets the old default value for
+the attribute, instead of undefined. This approach allows the parsing
+of old config documents to produce results consistent with what happened
+when they were created. It does not help with CLI scripts though.)
+
+
+
+
4.8.4. Attribute has a different type
+
+
Here the example comes from the capacity parameter some way into the
+modcluster subsystem, and the legacy version is AS 7.1.2.Final. There
+are quite a few differences, so I am only showing the ones relevant for
+this example:
+
+
+
+
====== Resource root address: ["subsystem" => "modcluster"] - Current version: 2.0.0; legacy version: 1.2.0 =======
+...
+--- Problems for relative address to root ["mod-cluster-config" => "configuration","dynamic-load-provider" => "configuration","custom-load-m
+etric" => "*"]:
+Different 'type' for attribute 'capacity'. Current: DOUBLE; legacy: INT
+Different 'expressions-allowed' for attribute 'capacity'. Current: true; legacy: false
+...
+Different 'type' for parameter 'capacity' of operation 'add'. Current: DOUBLE; legacy: INT
+Different 'expressions-allowed' for parameter 'capacity' of operation 'add'. Current: true; legacy: false
+
+
+
+
So as we can see expressions are not allowed for the capacity
+attribute, and the current type is double while the legacy subsystem
+is int. So this means that if the value is for example 2.0 we can
+convert this to 2, but 2.5 cannot be converted. The way this is
+solved in the ModClusterExtension is to register the following some
+other attributes are registered here, but hopefully it is clear anyway:
So we register that we should reject expressions, and we also register
+the CapacityCheckerAndConverter for capacity.
+CapacityCheckerAndConverter extends the convenience class
+DefaultCheckersAndConverter which implements the
+DiscardAttributeChecker, RejectAttributeChecker, and
+AttributeConverter interfaces. We have seen DiscardAttributeChecker
+and RejectAttributeChecker in previous examples. Since we now need to
+convert a value we need an instance of AttributeConverter.
Now we check to see if we can convert the attribute to an int and
+reject if not. Note that if it is an expression, we have no idea what
+its value will resolve to on the target host, so we need to reject it.
+Then we try to change it into an int, and reject if that was not
+possible:
+References in this document to Java Persistence API (JPA) refer to the Jakarta Persistence unless otherwise noted.
+
+
+
+
+
+
+
+
+
+
5. Key Interfaces and Classes Relevant to Extension Developers
+
+
+
In the first major section of this guide, we provided an example of how
+to implement an extension to the AS. The emphasis there was learning by
+doing. In this section, we’ll focus a bit more on the major WildFly
+interfaces and classes that most are relevant to extension developers.
+The best way to learn about these interfaces and classes in detail is to
+look at their javadoc. What we’ll try to do here is provide a brief
+introduction of the key items and how they relate to each other.
+
+
+
Before digging into this section, readers are encouraged to read the
+"Core Management Concepts" section of the Admin Guide.
+
+
+
5.1. Extension Interface
+
+
The org.jboss.as.controller.Extension interface is the hook by which
+your extension to the AS kernel is able to integrate with the AS. During
+boot of the AS, when the <extension> element in the AS’s xml
+configuration file naming your extension is parsed, the JBoss Modules
+module named in the element’s name attribute is loaded. The standard JDK
+java.lang.ServiceLoader mechanism is then used to load your module’s
+implementation of this interface.
+
+
+
The function of an Extension implementation is to register with the
+core AS the management API, xml parsers and xml marshallers associated
+with the extension module’s subsystems. An Extension can register
+multiple subsystems, although the usual practice is to register just one
+per extension.
+
+
+
Once the Extension is loaded, the core AS will make two invocations
+upon it:
When this is invoked, it is the Extension implementation’s
+responsibility to initialize the XML parsers for this extension’s
+subsystems and register them with the given ExtensionParsingContext.
+The parser’s job when it is later called is to create
+org.jboss.dmr.ModelNode objects representing WildFly management API
+operations needed make the AS’s running configuration match what is
+described in the xml. Those management operation ModelNode s are added
+to a list passed in to the parser.
+
+
+
A parser for each version of the xml schema used by a subsystem should
+be registered. A well behaved subsystem should be able to parse any
+version of its schema that it has ever published in a final release.
+
+
+
+
+
void initialize(ExtensionContext context)
+
+
+
+
+
When this is invoked, it is the Extension implementation’s
+responsibility to register with the core AS the management API for its
+subsystems, and to register the object that is capable of marshalling
+the subsystem’s in-memory configuration back to XML. Only one XML
+marshaller is registered per subsystem, even though multiple XML parsers
+can be registered. The subsystem should always write documents that
+conform to the latest version of its XML schema.
+
+
+
The registration of a subsystem’s management API is done via the
+ManagementResourceRegistration interface. Before discussing that
+interface in detail, let’s describe how it (and the related Resource
+interface) relate to the notion of managed resources in the AS.
+
+
+
+
5.2. WildFly Managed Resources
+
+
Each subsystem is responsible for managing one or more management
+resources. The conceptual characteristics of a management resource are
+covered in some detail in the Admin
+Guide; here we’ll just summarize the main points. A management resource
+has
+
+
+
+
+
An address consisting of a list of key/value pairs that uniquely
+identifies a resource
+
+
+
Zero or more attributes , the value of which is some sort of
+org.jboss.dmr.ModelNode
+
+
+
Zero or more supported operations . An operation has a string name
+and zero or more parameters, each of which is a key/value pair where the
+key is a string naming the parameter and the value is some sort of
+ModelNode
+
+
+
Zero or more children , each of which in turn is a managed
+resource
+
+
+
+
+
The implementation of a managed resource is somewhat analogous to the
+implementation of a Java object. A managed resource will have a "type",
+which encapsulates API information about that resource and logic used to
+implement that API. And then there are actual instances of the resource,
+which primarily store data representing the current state of a
+particular resource. This is somewhat analogous to the "class" and
+"object" notions in Java.
+
+
+
A managed resource’s type is encapsulated by the
+org.jboss.as.controller.registry.ManagementResourceRegistration the
+core AS creates when the type is registered. The data for a particular
+instance is encapsulated in an implementation of the
+org.jboss.as.controller.registry.Resource interface.
+
+
+
+
5.3. ManagementResourceRegistration Interface
+
+
In the Java analogy used above, the ManagementResourceRegistration is
+analogous to the "class", while the Resource discussed below is
+analogous to an instance of that class.
+
+
+
A ManagementResourceRegistration represents the specification for a
+particular managed resource type. All resources whose address matches
+the same pattern will be of the same type, specified by the type’s
+ManagementResourceRegistration. The MRR encapsulates:
+
+
+
+
+
A PathAddress showing the address pattern that matches resources of
+that type. This PathAddress can and typically does involve wildcards
+in the value of one or more elements of the address. In this case there
+can be more than one instance of the type, i.e. different Resource
+instances.
+
+
+
Definition of the various attributes exposed by resources of this
+type, including the OperationStepHandler implementations used for
+reading and writing the attribute values.
+
+
+
Definition of the various operations exposed by resources of this
+type, including the OperationStepHandler implementations used for
+handling user invocations of those operations.
+
+
+
Definition of child resource types. ManagementResourceRegistration
+instances form a tree.
+
+
+
Definition of management notifications emitted by resources of this
+type.
+
+
+
Definition of
+capabilities provided by
+resources of this type.
+
+
+
Definition of RBAC access constraints that should be
+applied by the management kernel when authorizing operations against
+resources of this type.
+
+
+
Whether the resource type is an alias to another resource type, and if
+so information about that relationship. Aliases are primarily used to
+preserve backwards compatibility of the management API when the location
+of a given type of resources is moved in a newer release.
+
+
+
+
+
The ManagementResourceRegistration interface is a subinterface of
+ImmutableManagementResourceRegistration, which provides a read-only
+view of the information encapsulated by the MRR. The MRR subinterface
+adds the methods needed for registering the attributes, operations,
+children, etc.
+
+
+
Extension developers do not directly instantiate an MRR. Instead they
+create a ResourceDefinition for the root resource type for each
+subsystem, and register it with the ExtensionContext passed in to
+their Extension implementation’s initialize method:
The kernel uses the provided ResourceDefinition to construct a
+ManagementResourceRegistration and then passes that MRR to the various
+registerXXX methods implemented by the ResourceDefinition, giving it
+the change to record the resource type’s attributes, operations and
+children.
+
+
+
+
5.4. ResourceDefinition Interface
+
+
An implementation of ResourceDefinition is the primary class used by
+an extension developer when defining a managed resource type. It
+provides basic information about the type, exposes a
+DescriptionProvider used to generate a DMR description of the type,
+and implements callbacks the kernel can invoke when building up the
+ManagementResourceRegistration to ask for registration of definitions
+of attributes, operations, children, notifications and capabilities.
+
+
+
Almost always an extension author will create their ResourceDefinition
+by creating a subclass of the
+org.jboss.as.controller.SimpleResourceDefinition class or of its
+PersistentResourceDefinition subclass. Both of these classes have
+constructors that take a Parameters object, which is a simple builder
+class to use to provide most of the key information about the resource
+type. The extension-specific subclass would then take responsibility for
+any additional behavior needed by overriding the registerAttributes,
+registerOperations, registerNotifications and registerChildren
+callbacks to do whatever is needed beyond what is provided by the
+superclasses.
+
+
+
For example, to add a writable attribute:
+
+
+
+
@Override
+ publicvoid registerAttributes(ManagementResourceRegistration resourceRegistration) {
+ super.registerAttributes(resourceRegistration);
+ // Now we register the 'foo' attribute
+ AttributeDefinition ad = FOO; // constant declared elsewhere
+ OperationStepHandler writeHandler = new FooWriteAttributeHandler();
+ resourceRegistration.registerReadWriteHandler(ad, null, writeHandler); // null read handler means use default read handling
+ }
+
+
+
+
To register a custom operation:
+
+
+
+
@Override
+ publicvoid registerOperations(ManagementResourceRegistration resourceRegistration) {
+ super.registerOperations(resourceRegistration);
+ // Now we register the 'foo-bar' custom operation
+ OperationDefinition od = FooBarOperationStepHandler.getDefinition();
+ OperationStepHandler osh = new FooBarOperationStepHandler();
+ resourceRegistration.registerOperationHandler(od, osh);
+ }
+
+
+
+
To register a child resource type:
+
+
+
+
@Override
+ publicvoid registerChildren(ManagementResourceRegistration resourceRegistration) {
+ super.registerChildren(resourceRegistration);
+ // Now we register the 'baz=*' child type
+ ResourceDefinition rd = new BazResourceDefinition();
+ resourceRegistration.registerSubmodel(rd);
+ }
+
+
+
+
5.4.1. ResourceDescriptionResolver
+
+
One of the things a ResourceDefinition must be able to do is provide a
+DescriptionProvider that provides a proper DMR description of the
+resource to use as the output for the standard
+read-resource-description management operation. Since you are almost
+certainly going to be using one of the standard ResourceDefinition
+implementations like SimpleResourceDefinition, the creation of this
+DescriptionProvider is largely handled for you. The one thing that is
+not handled for you is providing the localized free form text
+descriptions of the various attributes, operations, operation
+parameters, child types, etc used in creating the resource description.
+
+
+
For this you must provide an implementation of the
+ResourceDescriptionResolver interface, typically passed to the
+Parameters object provided to the SimpleResourceDefinition
+constructor. This interface has various methods that are invoked when a
+piece of localized text description is needed.
+
+
+
Almost certainly you’ll satisfy this requirement by providing an
+instance of the StandardResourceDescriptionResolver class.
+
+
+
StandardResourceDescriptionResolver uses a ResourceBundle to load
+text from a properties file available on the classpath. The keys in the
+properties file must follow patterns expected by
+StandardResourceDescriptionResolver. See the
+StandardResourceDescriptionResolver javadoc for further details.
+
+
+
The biggest task here is to create the properties file and add the text
+descriptions. A text description must be provided for everything. The
+typical thing to do is to store this properties file in the same package
+as your Extension implementation, in a file named
+LocalDescriptions.properties.
+
+
+
+
+
5.5. AttributeDefinition Class
+
+
The AttributeDefinition class is used to create the static definition
+of one of a managed resource’s attributes. It’s a bit poorly named
+though, because the same interface is used to define the details of
+parameters to operations, and to define fields in the result of of
+operations.
+
+
+
The definition includes all the static information about the
+attribute/operation parameter/result field, e.g. the DMR ModelType of
+its value, whether its presence is required, whether it supports
+expressions, etc. See
+Description of the
+Management Model for a description of the metadata available. Almost
+all of this comes from the AttributeDefinition.
+
+
+
Besides basic metadata, the AttributeDefinition can also hold custom
+logic the kernel should use when dealing with the attribute/operation
+parameter/result field. For example, a ParameterValidator to use to
+perform special validation of values (beyond basic things like DMR type
+checks and defined/undefined checks), or an AttributeParser or
+AttributeMarshaller to use to perform customized parsing from and
+marshaling to XML.
+
+
+
WildFly Core’s controller module provides a number of subclasses of
+AttributeDefinition used for the usual kinds of attributes. For each
+there is an associated builder class which you should use to build the
+AttributeDefinition. Most commonly used are
+SimpleAttributeDefinition, built by the associated
+SimpleAttributeDefinitionBuilder. This is used for attributes whose
+values are analogous to java primitives, String or byte[]. For
+collections, there are various subclasses of ListAttributeDefinition
+and MapAttributeDefinition. All have a Builder inner class. For
+complex attributes, i.e. those with a fixed set of fully defined fields,
+use ObjectTypeAttributeDefinition. (Each field in the complex type is
+itself specified by an AttributeDefinition.) Finally there’s
+ObjectListAttributeDefinition and ObjectMapAttributeDefinition for
+lists whose elements are complex types and maps whose values are complex
+types respectively.
+
+
+
Here’s an example of creating a simple attribute definition with extra
+validation of the range of allowed values:
+
+
+
+
staticfinal AttributeDefinition QUEUE_LENGTH = new SimpleAttributeDefinitionBuilder("queue-length", ModelType.INT)
+ .setRequired(true)
+ .setAllowExpression(true)
+ .setValidator(new IntRangeValidator(1, Integer.MAX_VALUE))
+ .setRestartAllServices() // means modification after resource add puts the server in reload-required
+ .build();
+
+
+
+
Via a bit of dark magic, the kernel knows that the IntRangeValidator
+defined here is a reliable source of information on min and max values
+for the attribute, so when creating the read-resource-description
+output for the attribute it will use it and output min and max
+metadata. For STRING attributes, StringLengthValidator can also be
+used, and the kernel will see this and provide min-length and
+max-length metadata. In both cases the kernel is checking for the
+presence of a MinMaxValidator and if found it provides the appropriate
+metadata based on the type of the attribute.
+
+
+
Use EnumValidator to restrict a STRING attribute’s values to a set of
+legal values:
EnumValidator is an implementation of AllowedValuesValidator that
+works with Java enums. You can use other implementations or write your
+own to do other types of restriction to certain values.
+
+
+
Via a bit of dark magic similar to what is done with MinMaxValidator,
+the kernel recognizes the presence of an AllowedValuesValidator and
+uses it to seed the allowed-values metadata in
+read-resource-description output.
+
+
+
5.5.1. Key Uses of AttributeDefinition
+
+
Your AttributeDefinition instances will be some of the most commonly
+used objects in your extension code. Following are the most typical
+uses. In each of these examples assume there is a
+SimpleAttributeDefinition stored in a constant FOO_AD that is
+available to the code. Typically FOO_AD would be a constant in the
+relevant ResourceDefinition implementation class. Assume FOO_AD
+represents an INT attribute.
+
+
+
Note that for all of these cases except for "Use in Extracting Data from
+the Configuration Model for Use in Runtime Services" there may be
+utility code that handles this for you. For example
+PersistentResourceXMLParser can handle the XML cases, and
+AbstractAddStepHandler can handle the "Use in Storing Data Provided by
+the User to the Configuration Model" case.
+
+
+
Use in XML Parsing
+
+
Here we have your extension’s implementation of
+XMLElementReader<List<ModelNode>> that is being used to parse the xml
+for your subsystem and add ModelNode operations to the list that will
+be used to boot the server.
+
+
+
+
@Override
+ publicvoid readElement(final XMLExtendedStreamReader reader, finalList<ModelNode> operationList) throws XMLStreamException {
+ // Create a node for the op to add our subsystem
+ ModelNode addOp = new ModelNode();
+ addOp.get("address").add("subsystem", "mysubsystem");
+ addOp.get("operation").set("add");
+ operationList.add(addOp);
+
+ for (int i = 0; i < reader.getAttributeCount(); i++) {
+ finalString value = reader.getAttributeValue(i);
+ finalString attribute = reader.getAttributeLocalName(i);
+ if (FOO_AD.getXmlName().equals(attribute) {
+ FOO_AD.parseAndSetParameter(value, addOp, reader);
+ } else ....
+ }
+
+ ... more parsing
+ }
+
+
+
+
Note that the parsing code has deliberately been abbreviated. The key
+point is the parseAndSetParameter call. FOO_AD will validate the
+value read from XML, throwing an XMLStreamException with a useful
+message if invalid, including a reference to the current location of the
+reader. If valid, value will be converted to a DMR ModelNode of
+the appropriate type and stored as a parameter field of addOp. The
+name of the parameter will be what FOO_AD.getName() returns.
+
+
+
If you use PersistentResourceXMLParser this parsing logic is handled
+for you and you don’t need to write it yourself.
+
+
+
+
Use in Storing Data Provided by the User to the Configuration Model
+
+
Here we illustrate code in an OperationStepHandler that extracts a
+value from a user-provided operation and stores it in the internal
+model:
+
+
+
+
@Override
+ publicvoid execute(OperationContext context, ModelNode operation) throws OperationFailedException {
+ // Get the Resource targeted by this operation
+ Resource resource = context.readResourceForUpdate(PathAddress.EMPTY_ADDRESS);
+ ModelNode model = resource.getModel();
+ // Store the value of any 'foo' param to the model's 'foo' attribute
+ FOO_AD.validateAndSet(operation, model);
+
+ ... do other stuff
+ }
+
+
+
+
As the name implies validateAndSet will validate the value in
+operation before setting it. A validation failure will result in an
+OperationFailedException with an appropriate message, which the kernel
+will use to provide a failure response to the user.
+
+
+
Note that validateAndSet will not perform expression resolution.
+Expression resolution is not appropriate at this stage, when we are just
+trying to store data to the persistent configuration model. However, it
+will check for expressions and fail validation if found and FOO_AD
+wasn’t built with setAllowExpressions(true).
+
+
+
This work of storing data to the configuration model is usually done in
+handlers for the add and write-attribute operations. If you base
+your handler implementations on the standard classes provided by WildFly
+Core, this part of the work will be handled for you.
+
+
+
+
Use in Extracting Data from the Configuration Model for Use in
+
+
Runtime Services
+
+
+
This is the example you are most likely to use in your code, as this is
+where data needs to be extracted from the configuration model and passed
+to your runtime services. What your services need is custom, so there’s
+no utility code we provide.
+
+
+
Assume as part of … do other stuff in the last example that your
+handler adds a step to do further work once operation execution proceeds
+to RUNTIME state (see Operation Execution and the OperationContext for
+more on what this means):
+
+
+
+
context.addStep(new OperationStepHandler() {
+ @Override
+ publicvoid execute(OperationContext context, ModelNode operation) throws OperationFailedException {
+
+ // Get the Resource targetted by this operation
+ Resource resource = context.readResource(PathAddress.EMPTY_ADDRESS);
+ ModelNode model = resource.getModel();
+ // Extract the value of the 'foo' attribute from the model
+ int foo = FOO_AD.resolveModelAttribute(context, model).asInt();
+
+ Service<XyZ> service = new MyService(foo);
+
+ ... do other stuff, like install 'service' with MSC
+ }
+ }, Stage.RUNTIME);
+
+
+
+
Use resolveModelAttribute to extract data from the model. It does a
+number of things:
+
+
+
+
+
reads the value from the model
+
+
+
if it’s an expression and expressions are supported, resolves it
+
+
+
if it’s undefined and undefined is allowed but FOO_AD was configured
+with a default value, uses the default value
+
+
+
validates the result of that (which is how we check that expressions
+resolve to legal values), throwing OperationFailedException with a
+useful message if invalid
+
+
+
returns that as a ModelNode
+
+
+
+
+
If when you built FOO_AD you configured it such that the user must
+provide a value, or if you configured it with a default value, then you
+know the return value of resolveModelAttribute will be a defined
+ModelNode. Hence you can safely perform type conversions with it, as
+we do in the example above with the call to asInt(). If FOO_AD was
+configured such that it’s possible that the attribute won’t have a
+defined value, you need to guard against that, e.g.:
Your Extension must register an
+XMLElementWriter<SubsystemMarshallingContext> for each subsystem. This
+is used to marshal the subsystem’s configuration to XML. If you don’t
+use PersistentResourceXMLParser for this you’ll need to write your own
+marshaling code, and AttributeDefinition will be used.
+
+
+
+
@Override
+ publicvoid writeContent(XMLExtendedStreamWriter writer, SubsystemMarshallingContext context) throws XMLStreamException {
+ context.startSubsystemElement(Namespace.CURRENT.getUriString(), false);
+
+ ModelNode subsystemModel = context.getModelNode();
+ // we persist foo as an xml attribute
+ FOO_AD.marshalAsAttribute(subsystemModel, writer);
+ // We also have a different attribute that we marshal as an element
+ BAR_AD.marshalAsElement(subsystemModel, writer);
+ }
+
+
+
+
The SubsystemMarshallingContext provides a ModelNode that represents
+the entire resource tree for the subsystem (including child resources).
+Your XMLElementWriter should walk through that model, using
+marshalAsAttribute or marshalAsElement to write the attributes in
+each resource. If the model includes child node trees that represent
+child resources, create child xml elements for those and continue down
+the tree.
+
+
+
+
+
+
5.6. OperationDefinition and OperationStepHandler Interfaces
+
+
OperationDefinition defines an operation, particularly its name, its
+parameters and the details of any result value, with
+AttributeDefinition instances used to define the parameters and result
+details. The OperationDefinition is used to generate the
+read-operation-description output for the operation, and in some cases
+is also used by the kernel to decide details as to how to execute the
+operation.
+
+
+
Typically SimpleOperationDefinitionBuilder is used to create an
+OperationDefinition. Usually you only need to create an
+OperationDefinition for custom operations. For the common add and
+remove operations, if you provide minimal information about your
+handlers to your SimpleResourceDefinition implementation via the
+Parameters object passed to its constructor, then
+SimpleResourceDefinition can generate a correct OperationDefinition
+for those operations.
+
+
+
The OperationStepHandler is what contains the actual logic for doing
+what the user requests when they invoke an operation. As its name
+implies, each OSH is responsible for doing one step in the overall
+sequence of things necessary to give effect to what the user requested.
+One of the things an OSH can do is add other steps, with the result that
+an overall operation can involve a great number of OSHs executing. (See
+Operation Execution and the OperationContext for more on this.)
+
+
+
Each OSH is provided in its execute method with a reference to the
+OperationContext that is controlling the overall operation, plus an
+operationModelNode that represents the operation that particular
+OSH is being asked to deal with. The operation node will be of
+ModelType.OBJECT with the following key/value pairs:
+
+
+
+
+
a key named operation with a value of ModelType.STRING that
+represents the name of the operation. Typically an OSH doesn’t care
+about this information as it is written for an operation with a
+particular name and will only be invoked for that operation.
+
+
+
a key named address with a value of ModelType.LIST with list
+elements of ModelType.PROPERTY. This value represents the address of
+the resource the operation targets. If this key is not present or the
+value is undefined or an empty list, the target is the root resource.
+Typically an OSH doesn’t care about this information as it can more
+efficiently get the address from the OperationContext via its
+getCurrentAddress() method.
+
+
+
other key/value pairs that represent parameters to the operation, with
+the key the name of the parameter. This is the main information an OSH
+would want from the operation node.
+
+
+
+
+
There are a variety of situations where extension code will instantiate
+an OperationStepHandler
+
+
+
+
+
When registering a writable attribute with a
+ManagementResourceRegistration (typically in an implementation of
+ResourceDefinition.registerAttributes), an OSH must be provided to
+handle the write-attribute operation.
+
+
+
When registering a read-only or read-write attribute that needs
+special handling of the read-attribute operation, an OSH must be
+provided.
+
+
+
When registering a metric attribute, an OSH must be provided to handle
+the read-attribute operation.
+
+
+
Most resources need OSHs created for the add and remove
+operations. These are passed to the Parameters object given to the
+SimpleResourceDefinition constructor, for use by the
+SimpleResourceDefinition in its implementation of the
+registerOperations method.
+
+
+
If your resource has custom operations, you will instantiate them to
+register with a ManagementResourceRegistration, typically in an
+implementation of ResourceDefinition.registerOperations
+
+
+
If an OSH needs to tell the OperationContext to add additional steps
+to do further handling, the OSH will create another OSH to execute that
+step. This second OSH is typically an inner class of the first OSH.
+
+
+
+
+
+
5.7. Operation Execution and the OperationContext
+
+
When the ModelController at the heart of the WildFly Core management
+layer handles a request to execute an operation, it instantiates an
+implementation of the OperationContext interface to do the work. The
+OperationContext is configured with an initial list of operation steps
+it must execute. This is done in one of two ways:
+
+
+
+
+
During boot, multiple steps are configured, one for each operation in
+the list generated by the parser of the xml configuration file. For each
+operation, the ModelController finds the
+ManagementResourceRegistration that matches the address of the
+operation and finds the OperationStepHandler registered with that MRR
+for the operation’s name. A step is added to the OperationContext for
+each operation by providing the operation ModelNode itself, plus the
+OperationStepHandler.
+
+
+
After boot, any management request involves only a single operation,
+so only a single step is added. (Note that a composite operation is
+still a single operation; it’s just one that internally executes via
+multiple steps.)
+
+
+
+
+
The ModelController then asks the OperationContext to execute the
+operation.
+
+
+
The OperationContext acts as both the engine for operation execution,
+and as the interface provided to OperationStepHandler implementations
+to let them interact with the rest of the system.
+
+
+
5.7.1. Execution Process
+
+
Operation execution proceeds via execution by the OperationContext of
+a series of "steps" with an OperationStepHandler doing the key work
+for each step. As mentioned above, during boot the OC is initially
+configured with a number of steps, but post boot operations involve only
+a single step initially. But even a post-boot operation can end up
+involving numerous steps before completion. In the case of a
+/:read-resource(recursive=true) operation, thousands of steps might
+execute. This is possible because one of the key things an
+OperationStepHandler can do is ask the OperationContext to add
+additional steps to execute later.
+
+
+
Execution proceeds via a series of "stages", with a queue of steps
+maintained for each stage. An OperationStepHandler can tell the
+OperationContext to add a step for any stage equal to or later than
+the currently executing stage. The instruction can either be to add the
+step to the head of the queue for the stage or to place it at the end of
+the stage’s queue.
+
+
+
Execution of a stage continues until there are no longer any steps in
+the stage’s queue. Then an internal transition task can execute, and the
+processing of the next stage’s steps begins.
+
+
+
Here is some brief information about each stage:
+
+
+
Stage.MODEL
+
+
This stage is concerned with interacting with the persistent
+configuration model, either making changes to it or reading information
+from it. Handlers for this stage should not make changes to the runtime,
+and handlers running after this stage should not make changes to the
+persistent configuration model.
+
+
+
If any step fails during this stage, the operation will automatically
+roll back. Rollback of MODEL stage failures cannot be turned off.
+Rollback during boot results in abort of the process start.
+
+
+
The initial step or steps added to the OperationContext by the
+ModelController all execute in Stage.MODEL. This means that all
+OperationStepHandler instances your extension registers with a
+ManagementResourceRegistration must be designed for execution in
+Stage.MODEL. If you need work done in later stages your Stage.MODEL
+handler must add a step for that work.
+
+
+
When this stage completes, the OperationContext internally performs
+model validation work before proceeding on to the next stage. Validation
+failures will result in rollback.
+
+
+
+
Stage.RUNTIME
+
+
This stage is concerned with interacting with the server runtime, either
+reading from it or modifying it (e.g. installing or removing services or
+updating their configuration.) By the time this stage begins, all model
+changes are complete and model validity has been checked. So typically
+handlers in this stage read their inputs from the model, not from the
+original operationModelNode provided by the user.
+
+
+
Most OperationStepHandler logic written by extension authors will be
+for Stage.RUNTIME. The vast majority of Stage.MODEL handling can best be
+performed by the base handler classes WildFly Core provides in its
+controller module. (See below for more on those.)
+
+
+
During boot failures in Stage.RUNTIME will not trigger rollback and
+abort of the server boot. After boot, by default failures here will
+trigger rollback, but users can prevent that by using the
+rollback-on-runtime-failure header. However, a RuntimeException thrown
+by a handler will trigger rollback.
+
+
+
At the end of Stage.RUNTIME, the OperationContext blocks waiting for
+the MSC service container to stabilize (i.e. for all services to have
+reached a rest state) before moving on to the next stage.
+
+
+
+
Stage.VERIFY
+
+
Service container verification work is performed in this stage, checking
+that any MSC changes made in Stage.RUNTIME had the expected effect.
+Typically extension authors do not add any steps in this stage, as the
+steps automatically added by the OperationContext itself are all that
+are needed. You can add a step here though if you have an unusual use
+case where you need to verify something after MSC has stabilized.
+
+
+
Handlers in this stage should not make any further runtime changes;
+their purpose is simply to do verification work and fail the operation
+if verification is unsuccessful.
+
+
+
During boot failures in Stage.VERIFY will not trigger rollback and
+abort of the server boot. After boot, by default failures here will
+trigger rollback, but users can prevent that by using the
+rollback-on-runtime-failure header. However, a RuntimeException thrown
+by a handler will trigger rollback.
+
+
+
There is no special transition work at the end of this stage.
+
+
+
+
Stage.DOMAIN
+
+
Extension authors should not add steps in this stage; it is only for use
+by the kernel.
+
+
+
Steps needed to execute rollout across the domain of an operation that
+affects multiple processes in a managed domain run here. This stage is
+only run on Host Contoller processes, never on servers.
+
+
+
+
Stage.DONE and ResultHandler / RollbackHandler Execution
+
+
This stage doesn’t maintain a queue of steps; no OperationStepHandler
+executes here. What does happen here is persistence of any configuration
+changes to the xml file and commit or rollback of changes affecting
+multiple processes in a managed domain.
+
+
+
While no OperationStepHandler executes in this stage, following
+persistence and transaction commit all ResultHandler or
+RollbackHandler callbacks registered with the OperationContext by
+the steps that executed are invoked. This is done in the reverse order
+of step execution, so the callback for the last step to run is the first
+to be executed. The most common thing for a callback to do is to respond
+to a rollback by doing whatever is necessary to reverse changes made in
+Stage.RUNTIME. (No reversal of Stage.MODEL changes is needed,
+because if an operation rolls back the updated model produced by the
+operation is simply never published and is discarded.)
+
+
+
+
Tips About Adding Steps
+
+
Here are some useful tips about how to add steps:
+
+
+
+
+
Add a step to the head of the current stage’s queue if you want it to
+execute next, prior to any other steps. Typically you would use this
+technique if you are trying to decompose some complex work into pieces,
+with reusable logic handling each piece. There would be an
+OperationStepHandler for each part of the work, added to the head of
+the queue in the correct sequence. This would be a pretty advanced use
+case for an extension author but is quite common in the handlers
+provided by the kernel.
+
+
+
Add a step to the end of the queue if either you don’t care when it
+executes or if you do care and want to be sure it executes after any
+already registered steps.
+
+
+
+
A very common example of this is a Stage.MODEL handler adding a
+step for its associated Stage.RUNTIME work. If there are multiple
+model steps that will execute (e.g. at boot or as part of handling a
+composite), each will want to add a runtime step, and likely the best
+order for those runtime steps is the same as the order of the model
+steps. So if each adds its runtime step at the end, the desired result
+will be achieved.
+
+
+
A more sophisticated but important scenario is when a step may or may
+not be executing as part of a larger set of steps, i.e. it may be one
+step in a composite or it may not. There is no way for the handler to
+know. But it can assume that if it is part of a composite, the steps for
+the other operations in the composite are already registered in the
+queue. (The handler for the composite op guarantees this.) So, if it
+wants to do some work (say validation of the relationship between
+different attributes or resources) the input to which may be affected by
+possible other already registered steps, instead of doing that work
+itself, it should register a different step at the end of the queue
+and have that step do the work. This will ensure that when the
+validation step runs, the other steps in the composite will have had a
+chance to do their work. Rule of thumb: always doing any extra
+validation work in an added step.
+
+
+
+
+
+
+
+
Passing Data to an Added Step
+
+
Often a handler author will want to share state between the handler for
+a step it adds and the handler that added it. There are a number of ways
+this can be done:
+
+
+
+
+
Very often the OperationStepHandler for the added class is an inner
+class of the handler that adds it. So here sharing state is easily done
+using final variables in the outer class.
+
+
+
The handler for the added step can accept values passed to its
+constructor which can serve as shared state.
+
+
+
The OperationContext includes an Attachment API which allows
+arbitary data to be attached to the context and retrieved by any handler
+that has access to the attachment key.
+
+
+
The OperationContext.addStep methods include overloaded variants
+where the caller can pass in an operationModelNode that will in
+turn be passed to the execute method of the handler for the added
+step. So, state can be passed via this ModelNode. It’s important to
+remember though that the address field of the operation will govern
+what the OperationContext sees as the target of operation when that
+added step’s handler executes.
+
+
+
+
+
+
Controlling Output from an Added Step
+
+
When an OperationStepHandler wants to report an operation result, it
+calls the OperationContext.getResult() method and manipulates the
+returned ModelNode. Similarly for failure messages it can call
+OperationContext.getFailureDescription(). The usual assumption when
+such a call is made is that the result or failure description being
+modified is the one at the root of the response to the end user. But
+this is not necessarily the case.
+
+
+
When an OperationStepHandler adds a step it can use one of the
+overloaded OperationContext.addStep variants that takes a response
+ModelNode parameter. If it does, whatever ModelNode it passes in
+will be what is updated as a result of OperationContext.getResult()
+and OperationContext.getFailureDescription() calls by the step’s
+handler. This node does not need to be one that is directly associated
+with the response to the user.
+
+
+
How then does the handler that adds a step in this manner make use of
+whatever results the added step produces, since the added step will not
+run until the adding step completes execution? There are a couple of
+ways this can be done.
+
+
+
The first is to add yet another step, and provide it a reference to the
+response node used by the second step. It will execute after the
+second step and can read its response and use it in formulating its own
+response.
+
+
+
The second way involves using a ResultHandler. The ResultHandler for
+a step will execute after any step that it adds executes. And, it is
+legal for a ResultHandler to manipulate the "result" value for an
+operation, or its "failure-description" in case of failure. So, the
+handler that adds a step can provide to its ResultHandler a reference
+to the response node it passed to addStep, and the ResultHandler
+can in turn and use its contents to manipulate its own response.
+
+
+
This kind of handling wouldn’t commonly be done by extension authors and
+great care needs to be taken if it is done. It is often done in some of
+the kernel handlers.
+
+
+
+
+
+
5.7.2. OperationStepHandler use of the OperationContext
+
+
All useful work an OperationStepHandler performs is done by invoking
+methods on the OperationContext. The OperationContext interface is
+extensively javadoced, so this section will just provide a brief partial
+overview. The OSH can use the OperationContext to:
+
+
+
+
+
Learn about the environment in which it is executing (
+getProcessType, getRunningMode, isBooting, getCurrentStage,
+getCallEnvironment, getSecurityIdentity, isDefaultRequiresRuntime,
+isNormalServer)
+
+
+
Learn about the operation ( getCurrentAddress,
+getCurrentAddressValue, getAttachmentStream,
+getAttachmentStreamCount)
+
+
+
Read the Resource tree ( readResource, readResourceFromRoot,
+getOriginalRootResource)
+
+
+
Manipulate the Resource tree ( createResource, addResource,
+readResourceForUpdate, removeResource)
+
+
+
Read the resource type information ( getResourceRegistration,
+getRootResourceRegistration)
+
+
+
Manipulate the resource type information (
+getResourceRegistrationForUpdate)
+
+
+
Read the MSC service container ( getServiceRegistry(false))
+
+
+
Manipulate the MSC service container ( getServiceTarget,
+getServiceRegistry(true), removeService)
+
+
+
Manipulate the process state ( reloadRequired,
+revertReloadRequired, restartRequired, revertRestartRequired
+
+
+
Resolve expressions ( resolveExpressions)
+
+
+
Manipulate the operation response ( getResult,
+getFailureDescription, attachResultStream, runtimeUpdateSkipped)
+
+
+
Force operation rollback ( setRollbackOnly)
+
+
+
Add other steps ( addStep)
+
+
+
Share data with other steps ( attach, attachIfAbsent,
+getAttachment, detach)
+
+
+
Work with capabilities (numerous methods)
+
+
+
Emit notifications ( emit)
+
+
+
Request a callback to a ResultHandler or RollbackHandler (
+completeStep)
+
+
+
+
+
+
5.7.3. Locking and Change Visibility
+
+
The ModelController and OperationContext work together to ensure
+that only one operation at a time is modifying the state of the system.
+This is done via an exclusive lock maintained by the ModelController.
+Any operation that does not need to write never requests the lock and is
+able to proceed without being blocked by an operation that holds the
+lock (i.e. writes do not block reads.) If two operations wish to
+concurrently write, one or the other will get the lock and the loser
+will block waiting for the winner to complete and release the lock.
+
+
+
The OperationContext requests the exclusive lock the first time any of
+the following occur:
+
+
+
+
+
A step calls one of its methods that indicates a wish to modify the
+resource tree ( createResource, addResource,
+readResourceForUpdate, removeResource)
+
+
+
A step calls one of its methods that indicates a wish to modify the
+ManagementResourceRegistration tree (
+getResourceRegistrationForUpdate)
+
+
+
A step calls one of its methods that indicates a desire to change MSC
+services ( getServiceTarget, removeService or getServiceRegistry
+with the modify param set to true)
+
+
+
A step calls one of its methods that manipulates the capability
+registry (various)
+
+
+
A step explicitly requests the lock by calling the
+acquireControllerLock method (doing this is discouraged)
+
+
+
+
+
The step that acquired the lock is tracked, and the lock is released
+when the ResultHandler added by that step has executed. (If the step
+doesn’t add a result handler, a default no-op one is automatically
+added).
+
+
+
When an operation first expresses a desire to manipulate the Resource
+tree or the capability registry, a private copy of the tree or registry
+is created and thereafter the OperationContext works with that copy.
+The copy is published back to the ModelController in Stage.DONE if
+the operation commits. Until that happens any changes to the tree or
+capability registry made by the operation are invisible to other
+threads. If the operation does not commit, the private copies are simply
+discarded.
+
+
+
However, the OperationContext does not make a private copy of the
+ManagementResourceRegistration tree before manipulating it, nor is
+there a private copy of the MSC service container. So, any changes made
+by an operation to either of those are immediately visible to other
+threads.
+
+
+
+
+
5.8. Resource Interface
+
+
An instance of the Resource interface holds the state for a particular
+instance of a type defined by a ManagementResourceRegistration.
+Referring back to the analogy mentioned earlier the
+ManagementResourceRegistration is analogous to a Java class while the
+Resource is analogous to an instance of that class.
+
+
+
The Resource makes available state information, primarily
+
+
+
+
+
Some descriptive metadata, such as its address, whether it is
+runtime-only and whether it represents a proxy to a another primary
+resource that resides on another process in a managed domain
+
+
+
A ModelNode of ModelType.OBJECT whose keys are the resource’s
+attributes and whose values are the attribute values
+
+
+
Links to child resources such that the resources form a tree
+
+
+
+
+
5.8.1. Creating Resources
+
+
Typically extensions create resources via OperationStepHandler calls
+to the OperationContext.createResource method. However it is allowed
+for handlers to use their own Resource implementations by
+instantiating the resource and invoking OperationContext.addResource.
+The AbstractModelResource class can be used as a base class.
+
+
+
+
5.8.2. Runtime-Only and Synthetic Resources and the PlaceholderResourceEntry Class
+
+
A runtime-only resource is one whose state is not persisted to the xml
+configuration file. Many runtime-only resources are also "synthetic"
+meaning they are not added or removed as a result of user initiated
+management operations. Rather these resources are "synthesized" in order
+to allow users to use the management API to examine some aspect of the
+internal state of the process. A good example of synthetic resources are
+the resources in the /core-service=platform-mbeans branch of the
+resource tree. There are resources there that represent various aspects
+of the JVM (classloaders, memory pools, etc) but which resources are
+present entirely depends on what the JVM is doing, not on any management
+action. Another example are resources representing "core queues" in the
+WildFly messaging and messaging-artemismq subsystems. Queues are created
+as a result of activity in the message broker which may not involve
+calls to the management API. But for each such queue a management
+resource is available to allow management users to perform management
+operations against the queue.
+
+
+
It is a requirement of execution of a management operation that the
+OperationContext can navigate through the resource tree to a
+Resource object located at the address specified. This requirement
+holds true even for synthetic resources. How can this be handled, given
+the fact these resources are not created in response to management
+operations?
+
+
+
The trick involves using special implementations of Resource. Let’s
+imagine a simple case where we have a parent resource which is fairly
+normal (i.e. it holds persistent configuration and is added via a user’s
+add operation) except for the fact that one of its child types
+represents synthetic resources (e.g. message queues). How would this be
+handled?
+
+
+
First, the parent resource would require a custom implementation of the
+Resource interface. The OperationStepHandler for the add operation
+would instantiate it, providing it with access to whatever API is needed
+for it to work out what items exist for which a synthetic resource
+should be made available (e.g. an API provided by the message broker
+that provides access to its queues). The add handler would use the
+OperationContext.addResource method to tie this custom resource into
+the overall resource tree.
+
+
+
The custom Resource implementation would use special implementations
+of the various methods that relate to accessing children. For all calls
+that relate to the synthetic child type (e.g. core-queue) the custom
+implementation would use whatever API call is needed to provide the
+correct data for that child type (e.g. ask the message broker for the
+names of queues).
+
+
+
A nice strategy for creating such a custom resource is to use
+delegation. Use Resource.Factory.create}() to create a standard
+resource. Then pass it to the constructor of your custom resource type
+for use as a delegate. The custom resource type’s logic is focused on
+the synthetic children; all other work it passes on to the delegate.
+
+
+
What about the synthetic resources themselves, i.e. the leaf nodes in
+this part of the tree? These are created on the fly by the parent
+resource in response to getChild, requireChild, getChildren and
+navigate calls that target the synthetic resource type. These
+created-on-the-fly resources can be very lightweight, since they store
+no configuration model and have no children. The
+PlaceholderResourceEntry class is perfect for this. It’s a very
+lightweight Resource implementation with minimal logic that only
+stores the final element of the resource’s address as state.
+
+
+
See LoggingResource in the WildFly Core logging subsystem for an
+example of this kind of thing. Searching for other uses of
+PlaceholderResourceEntry will show other examples.
+
+
+
+
+
5.9. DeploymentUnitProcessor Interface
+
+
TODO
+
+
+
+
5.10. Useful classes for implementing OperationStepHandler
+
+
The WildFly Core controller module includes a number of
+OperationStepHandler implementations that in some cases you can use
+directly, and that in other cases can serve as the base class for your
+own handler implementation. In all of these a general goal is to
+eliminate the need for your code to do anything in Stage.MODEL while
+providing support for whatever is appropriate for Stage.RUNTIME.
+
+
+
5.10.1. Add Handlers
+
+
AbstractAddStepHandler is a base class for handlers for add
+operations. There are a number of ways you can configure its behavior,
+the most commonly used of which are to:
+
+
+
+
+
Configure its behavior in Stage.MODEL by passing to its constructor
+AttributeDefinition and RuntimeCapability instances for the
+attributes and capabilities provided by the resource. The handler will
+automatically validate the operation parameters whose names match the
+provided attributes and store their values in the model of the newly
+added Resource. It will also record the presence of the given
+capabilities.
+
+
+
Control whether a Stage.RUNTIME step for the operation needs to be
+added, by overriding the
+protected boolean requiresRuntime(OperationContext context) method.
+Doing this is atypical; the standard behavior in the base class is
+appropriate for most cases.
+
+
+
Implement the primary logic of the Stage.RUNTIME step by overriding
+the
+protected void performRuntime(final OperationContext context, final ModelNode operation, final Resource resource)
+method. This is typically the bulk of the code in an
+AbstractAddStepHandler subclass. This is where you read data from the
+Resource model and use it to do things like configure and install MSC
+services.
+
+
+
Handle any unusual needs of any rollback of the Stage.RUNTIME step
+by overriding
+protected void rollbackRuntime(OperationContext context, final ModelNode operation, final Resource resource).
+Doing this is not typically needed, since if the rollback behavior
+needed is simply to remove any MSC services installed in
+performRuntime, the OperationContext will do this for you
+automatically.
+
+
+
+
+
AbstractBoottimeAddStepHandler is a subclass of
+AbstractAddStepHandler meant for use by add operations that should
+only do their normal Stage.RUNTIME work in server, boot, with the
+server being put in reload-required if executed later. Primarily this
+is used for add operations that register DeploymentUnitProcessor
+implementations, as this can only be done at boot.
+
+
+
Usage of AbstractBoottimeAddStepHandler is the same as for
+AbstractAddStepHandler except that instead of overriding
+performRuntime you override
+protected void performBoottime(OperationContext context, ModelNode operation, Resource resource).
+
+
+
A typical thing to do in performBoottime is to add a special step that
+registers one or more DeploymentUnitProcessor s.
+
+
+
+
@Override
+ publicvoid performBoottime(OperationContext context, ModelNode operation, final Resource resource)
+ throws OperationFailedException {
+
+ context.addStep(new AbstractDeploymentChainStep() {
+ @Override
+ protectedvoid execute(DeploymentProcessorTarget processorTarget) {
+
+ processorTarget.addDeploymentProcessor(RequestControllerExtension.SUBSYSTEM_NAME, Phase.STRUCTURE, Phase.STRUCTURE_GLOBAL_REQUEST_CONTROLLER, new RequestControllerDeploymentUnitProcessor());
+ }
+ }, OperationContext.Stage.RUNTIME);
+
+ ... do other things
+
+
+
+
+
5.10.2. Remove Handlers
+
+
TODO AbstractRemoveStepHandlerServiceRemoveStepHandler
Use these for cases where, post-boot, the change to the configuration
+model made by the operation cannot be reflected in the runtime until the
+process is reloaded. These handle the mechanics of recording the need
+for reload and reverting it if the operation rolls back.
Use these in cases where a management resource doesn’t directly control
+any runtime services, but instead simply represents a chunk of
+configuration that a parent resource uses to configure services it
+installs. (Really, this kind of situation is now considered to be a poor
+management API design and is discouraged. Instead of using child
+resources for configuration chunks, complex attributes on the parent
+resource should be used.)
+
+
+
These handlers help you deal with the mechanics of the fact that,
+post-boot, any change to the child resource likely requires a restart of
+the service provided by the parent.
Use these for cases where the operation never affects the runtime, even
+at boot. All it does is update the configuration model. In most cases
+such a thing would be odd. These are primarily useful for legacy
+subsystems that are no longer usable on current version servers and thus
+will never do anything in the runtime. However, current version Domain
+Controllers must be able to understand the subsystem’s configuration
+model to allow them to manage older Host Controllers running previous
+versions where the subsystem is still usable by servers. So these
+handlers allow the DC to maintain the configuration model for the
+subsystem.
+
+
+
+
5.10.7. Misc
+
+
AbstractRuntimeOnlyHandler is used for custom operations that don’t
+involve the configuration model. Create a subclass and implement the
+protected abstract void executeRuntimeStep(OperationContext context, ModelNode operation)
+method. The superclass takes care of adding a Stage.RUNTIME step that
+calls your method.
+
+
+
ReadResourceNameOperationStepHandler is for cases where a resource
+type includes a 'name' attribute whose value is simply the value of the
+last element in the resource’s address. There is no need to store the
+value of such an attribute in the resource’s model, since it can always
+be determined from the resource address. But, if the value is not stored
+in the resource model, when the attribute is registered with
+ManagementResourceRegistration.registerReadAttribute an
+OperationStepHandler to handle the read-attribute operation must be
+provided. Use ReadResourceNameOperationStepHandler for this. (Note
+that including such an attribute in your management API is considered to
+be poor practice as it’s just redundant data.)
+
+
+
+
+
+
+
6. WildFly JNDI Implementation
+
+
+
6.1. Introduction
+
+
This page proposes a reworked WildFly JNDI implementation, and
+new/updated APIs for WildFly subsystem and EE deployment processors
+developers to bind new resources easier.
+
+
+
To support discussion in the community, the content includes a big focus
+on comparing WildFly 29 JNDI implementation with the new proposal, and
+should later evolve to the prime guide for WildFly developers needing to
+interact with JNDI at subsystem level.
+
+
+
+
6.2. Architecture
+
+
WildFly relies on MSC to provide the data source for the JNDI tree. Each
+resource bound in JNDI is stored in a MSC service (BinderService), and
+such services are installed as children of subsystem/deployment
+services, for an automatically unbound as consequence of uninstall of
+the parent services.
+
+
+
Since there is the need to know what entries are bound, and MSC does not
+provides that, there is also the (ServiceBased)NamingStore concept,
+which internally manage the set of service names bound. There are
+multiple naming stores in every WildFly instance, serving different JNDI
+namespaces:
+
+
+
+
+
java:comp - the standard EE namespace for entries scoped to a specific
+component, such as an Jakarta Enterprise Beans
+
+
+
java:module - the standard EE namespace for entries scoped to specific
+module, such as an Jakarta Enterprise Beans jar, and shared by all components in it
+
+
+
java:app - the standard EE namespace for entries scoped to a specific
+application, i.e. EAR, and shared by all modules in it
+
+
+
java:global - the standard EE namespace for entries shared by all
+deployments
+
+
+
java:jboss - a proprietary namespace "global" namespace
+
+
+
java:jboss/exported - a proprietary "global" namespace which entries
+are exposed to remote JNDI
+
+
+
java: - any entries not in the other namespaces
+
+
+
+
+
One particular implementation choice, to save resources, is that JNDI
+contexts by default are not bound, the naming stores will search for any
+entry bound with a name that is a child of the context name, if found
+then its assumed the context exists.
+
+
+
The reworked implementation introduces shared/global java:comp,
+java:module and java:app namespaces. Any entry bound on these will
+automatically be available to every EE deployment scoped instance of
+these namespaces, what should result in a significant reduction of
+binder services, and also of EE deployment processors. Also, the Naming
+subsystem may now configure bind on these shared contexts, and these
+contexts will be available when there is no EE component in the
+invocation, which means that entries such as java:comp/DefaultDatasource
+will always be available.
+
+
+
+
6.3. Binding APIs
+
+
WildFly Naming subsystem exposes high level APIs to bind new JNDI
+resources, there is no need to deal with the low level BinderService
+type anymore.
+
+
+
6.3.1. Subsystem
+
+
At the lowest level a JNDI entry is bound by installing a BinderService
+to a ServiceTarget:
+
+
+
+
+ /**
+ * Binds a new entry to JNDI.
+ * @param serviceTarget the binder service's target
+ * @param name the new JNDI entry's name
+ * @param value the new JNDI entry's value
+ */
+ private ServiceController<?> bind(ServiceTarget serviceTarget, String name, Object value) {
+
+ // the bind info object provides MSC service names to use when creating the binder service
+ final ContextNames.BindInfo bindInfo = ContextNames.bindInfoFor(name);
+ final BinderService binderService = new BinderService(bindInfo.getBindName());
+
+ // the entry's value is provided by a managed reference factory,
+ // since the value may need to be obtained on lookup (e.g. EJB reference)
+ final ManagedReferenceFactory managedReferenceFactory = new ImmediateManagedReferenceFactory(value);
+
+ return serviceTarget
+ // add binder service to specified target
+ .addService(bindInfo.getBinderServiceName(), binderService)
+ // when started the service will be injected with the factory
+ .addInjection(binderService.getManagedObjectInjector(), managedReferenceFactory)
+ // the binder service depends on the related naming store service,
+ // and on start/stop will add/remove its service name
+ .addDependency(bindInfo.getParentContextServiceName(),
+ ServiceBasedNamingStore.class,
+ binderService.getNamingStoreInjector())
+ .install();
+ }
+
+
+
+
But the example above is the simplest usage possible, it may become
+quite complicated if the entry’s value is not immediately available, for
+instance it is a value in another MSC service, or is a value in another
+JNDI entry. It’s also quite easy to introduce bugs when working with the
+service names, or incorrectly assume that other MSC functionality, such
+as alias names, may be used.
+
+
+
Using the new high level API, it’s as simple as:
+
+
+
+
// bind an immediate value
+ContextNames.bindInfoFor("java:comp/ORB").bind(serviceTarget, this.orb);
+
+
+// bind value from another JNDI entry (an alias/linkref)
+ContextNames.bindInfoFor("java:global/x").bind(serviceTarget, new JndiName("java:jboss/x"));
+
+
+// bind value obtained from a MSC service
+ContextNames.bindInfoFor("java:global/z").bind(serviceTarget, serviceName);
+
+
+
+
If there is the need to access the binder’s service builder, perhaps to
+add a service verification handler or simply not install the binder
+service right away:
With respect to EE deployments, the subsystem API should not be used,
+since bindings may need to be discarded/overridden, thus a EE deployment
+processor should add a new binding in the form of a
+BindingConfiguration, to the EeModuleDescription or
+ComponentDescription, depending if the bind is specific to a component
+or not. An example of a deployment processor adding a binding:
+
+
+
+
publicclassModuleNameBindingProcessorimplements DeploymentUnitProcessor {
+
+ // jndi name objects are immutable
+ privatestaticfinal JndiName JNDI_NAME_java_module_ModuleName = new JndiName("java:module/ModuleName");
+
+ @Override
+ publicvoid deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException {
+
+ final DeploymentUnit deploymentUnit = phaseContext.getDeploymentUnit();
+ // skip deployment unit if it's the top level EAR
+ if (DeploymentTypeMarker.isType(DeploymentType.EAR, deploymentUnit)) {
+ return;
+ }
+
+ // the module's description is in the DUs attachments
+ final EEModuleDescription moduleDescription = deploymentUnit
+ .getAttachment(org.jboss.as.ee.component.Attachments.EE_MODULE_DESCRIPTION);
+ if (moduleDescription == null) {
+ return;
+ }
+
+ // add the java:module/ModuleName binding
+ // the value's injection source for an immediate available value
+ final InjectionSource injectionSource = new ImmediateInjectionSource(moduleDescription.getModuleName());
+
+ // add the binding configuration to the module's description bindings configurations
+ moduleDescription.getBindingConfigurations()
+ .addDeploymentBinding(new BindingConfiguration(JNDI_NAME_java_module_ModuleName, injectionSource));
+ }
+
+ //...
+}
+
+
+
+
+
+
+
+
+
+When adding the binding configuration use:
+
+
+
+
+
+
+
+
addDeploymentBinding() for a binding that may not be overriden, such
+as the ones found in xml descriptors
+
+
+
addPlatformBinding() for a binding which may be overriden by a
+deployment descriptor bind or annotation, for instance
+java:comp/DefaultDatasource
+
+
+
+
+
A deployment processor may now also add a binding configuration to all
+components in a module:
+In the reworked implementation there is now no need to behave
+differently considering the deployment type, for instance if deployment
+is a WAR or app client, the Module/Component BindingConfigurations
+objects handle all of that. The processor should simply go for the 3 use
+cases: module binding, component binding or binding shared by all
+components.
+
+
+
+
+
+
+
+
+
+
+
+All deployment binding configurations MUST be added before INSTALL
+phase, this is needed because on such phase, when the bindings are
+actually done, there must be a final set of deployment binding names
+known, such information is need to understand if a resource injection
+targets entries in the global or scoped EE namespaces.
+
+
+
+
+
+
Most cases for adding bindings to EE deployments are in the context of a
+processor deploying a XML descriptor, or scanning deployment classes for
+annotations, and there abstract types, such as the
+AbstractDeploymentDescriptorBindingsProcessor, which simplifies greatly
+the processor code for such use cases.
+
+
+
One particular use case is the parsing of EE Resource Definitions, and
+the reworked implementation provides high level abstract deployment
+processors for both XML descriptor and annotations, an example for each:
+The abstract processors with respect to Resource Definitions are already
+submitted through WFLY-3292’s PR.
+
+
+
+
+
+
+
+
6.4. Resource Ref Processing
+
+
TODO for now no changes on this in the reworked WildFly Naming.
+
+
+
+
+
+
7. CLI extensibility for layered products
+
+
+
In addition to supporting the ServiceLoader extension mechanism to load
+command handlers coming from outside of the CLI codebase, starting from
+the wildfly-core-1.0.0.Beta1 release the CLI running in a modular
+classloading environment can be extended with commands exposed in server
+extension modules. The CLI will look for and register extension commands
+when it (re-)connects to the controller by iterating through the
+registered by that time extensions and using the ServiceLoader mechanism
+on the extension modules. (Note, that this mechanism will work only for
+extensions available in the server installation the CLI is launched
+from.)
+
+
+
Here is an example of a simple command handler and its integration.
The final step is to include
+META-INF/services/org.jboss.as.cli.CommandHandlerProvider entry into
+the JAR file containing the classes above with value
+org.jboss.as.test.cli.extensions.ExtCommandHandlerProvider.
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/latest/Galleon_Guide.html b/latest/Galleon_Guide.html
new file mode 100644
index 000000000..d5705c14a
--- /dev/null
+++ b/latest/Galleon_Guide.html
@@ -0,0 +1,1485 @@
+
+
+
+
+
+
+
+
+Galleon Provisioning Guide
+
+
+
+
+
+
+
+
Galleon Provisioning Guide
+
+WildFly developer team
+version 29.0.0.Final,
+2023-07-20T17:19:12Z
+
As opposed to a using traditional WildFly zip installation that installs it all (all default
+server configurations and all JBoss modules), using Galleon tooling
+you can choose to install a complete or customized WildFly server.
+
+
+
More information on Galleon features and tooling can be found in the Galleon docs.
WildFly provides a Galleon feature-pack maven artifact (a zipped file that contains
+everything needed to dynamically provision a server).
+This feature-pack, as well as the feature-packs on which its depends,
+are deployed in public maven repositories.
+
+
+
When Galleon is used to install WildFly, WildFly feature-packs are retrieved and
+their content is assembled to create an installation.
The Galleon maven plugin or Galleon CLI are used to install WildFly. The latest CLI and documentation can be downloaded
+from the Galleon releases page.
+
+
+
To install the latest final version of WildFly into the directory my-wildfly-server call:
Once installed, the directory my-wildfly-server contains all that is expected to run a complete WildFly server.
+By default, all standalone and domain configurations are installed.
+
+
+
+
+
+
+
+
+
+
Append the release version to install an identified release, for example:
A default configuration is identified by <configuration model>/<configuration name>. WildFly defines standalone and domain models.
+The configuration name is the XML configuration file name (e.g.: standalone.xml, domain.xml, standalone-ha.xml).
WildFly Galleon feature-packs expose some Galleon layers.
+A layer identifies one or more server capabilities that can be installed on its own or
+in combination with other layers. For example, if your application (e.g. a microservice)
+is only making use of Jakarta-RESTful-Web-Services, MicroProfile Config and CDI server capabilities, you can choose to only install
+the jaxrs, microprofile-config and cdi layers. The standalone.xml configuration would then only contain the
+required subsystems and their dependencies.
+
+
+
The benefit to installing WildFly using Galleon layers, in addition to configuration
+trim down, is that Galleon only installs the needed content (JBoss Modules modules, scripts, etc.)
+
+
+
To install a server only configured with the Jakarta-RESTful-Web-Services and CDI capabilities call:
Once installed, the directory my-wildfly-server contains all that is expected to deploy an application
+that depends on Jakarta-RESTful-Web-Services and CDI.
+
+
+
Some layers optionally depend on other layers; i.e. the features provided by layer can and by default do make use
+of those from another layer, but if those are not present things will still work fine. In such a case if you do not
+want the optional capabilities you can exclude the optional layer by prefixing its name with a '-'. For example
+to exclude the optional CDI dependency on Jakarta Bean Validation:
Tools (jboss-cli, add-user, …) are not always installed when installing WildFly using layers.
+In some cases, depending on what layers you use, only server launcher scripts are installed into the bin directory.
+To include these tools include the core-tools layer.
A Galleon layer is a name that identifies a server capability (e.g.: jaxrs,
+ejb, microprofile-config, jpa) or an aggregation of such capabilities. A layer captures a server capability in the form of:
+
+
+
+
+
A piece of server XML configuration (e.g.: extension, configured subsystem, interfaces) that describes the capability.
+
+
+
A set of modules and other filesystem content that implements the capability.
+
+
+
+
+
When you are using a layer, it delivers these pieces of information in order for
+Galleon to assemble a server containing only the required configuration and modules.
+
+
+
In the tables below we provide basic information about all of the layers WildFly provides.
+
+
+
Besides the layer names and a brief description of each, the tables below detail the various dependency relationships
+between layers. If the capabilities provided by a layer A require capabilities provided by another layer B, then layer A will depend on layer B.
+If you ask for layer A, then Galleon will automatically provide B as well. In some cases A’s dependency on B can be optional; that
+is A typically comes with B, but can function without it. In this case if you ask for A by default Galleon will provide B as well,
+but you can tell Galleon to exclude B.
+
+
+
Some layers are logical alternatives to other layers. If two layers are alternatives to each other they both provide the same general
+capabilities, but with different implementation characteristics. For example a number of layers provide the capability to cache different
+types of objects. These layers typically come in pairs of alternatives, where one alternative provides local caching, while the other provides
+distributed caching. If a layer you want has an optional dependency on a layer that has an alternative, you can exclude that dependency
+and instead specify the alternative. If a layer has an alternative the Description column in the tables below will identify it.
+
+
+
+
+
+
+
+
+
+
If the elytron layer is present, security will be handled by the elytron subsystem.
+The undertow and ejb subsystems are configured with an otherapplication-security-domain that references the Elytron ApplicationDomain security domain.
A single Galleon layer can provide a relatively small set of capabilities, but most users will want to start with a broader set
+of capabilities without having to spell out all the details. To help with this WildFly provides a few foundational layers
+all of which provide typical core WildFly capabilities like the logging subsystem and a secure remote management interface.
+
+
+
You don’t have to base your WildFly installation on one of these foundational layers, but doing so may be more convenient.
A typical manageable server core. This layer could serve as a base for a more
+specialized WildFly that doesn’t need the capabilities provided by the other foundational layers.
Support for the Undertow HTTP server. Provides servlet support but does not provide typical EE integration like resource injection.
+Use web-server for a servlet container with EE integration.
Support for distributable web applications. Configures a non-local Infinispan-based container web cache for data session handling suitable to clustering environments.
Support for loading the HAL web console from the /console context on the HTTP
+management interface. Not required to use a HAL console obtained independently
+and configured to connect to the server.
Support for distributable web applications. Configures a local Infinispan-based container web cache for data session handling suitable to single node environments.
+References in this document to Java Persistence API (JPA) refer to the Jakarta Persistence unless otherwise noted.
+ References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
+
This guide will walk you through installing and starting up JBoss WildFly. It will then introduce key features of the Jakarta EE (Web Profile) programming model, of which JBoss WildFly is a certified implementation.
+
+
+
+
+
+
+
+
+
Jakarta EE
+
+
The Jakarta EE platform offers developers the ability to write
+distributed, transactional and portable applications quickly and easily.
+We class applications that require these capabilities "enterprise
+applications". These applications must be fast, secure and reliable.
+
+
+
Jakarta EE has always offered strong messaging (JMS), transactional (JTA)
+and resource (JCA) capabilities as well as exposing web services via
+SOAP (JAX-WS).
+
+
+
+
+
+
+
JBoss WildFly depart from the familiar structure of previous JBoss AS versions, so we recommend all developers follow the steps in Getting Started with JBoss WildFly to install and start up the application server for the first time.
+
+
+
JBoss WildFly come with a series of quickstarts aimed to get you up to writing applications with minimal fuss. We recommend to start by working through the quickstarts in this guide, in the order they are presented. If you have previous experience with Jakarta EE 6, you may wish to skip some or all of the quickstarts.
+
+
+
Core
+
+
+
+
+
Helloworld Quickstart. If you have previously developed applications using technologies such as JSF or Wicket, and EJB or Spring, you may wish to skip this quickstart.
+
+
+
Numberguess Quickstart. If you have previously developed applications using technologies such as JSF or Wicket, EJB or Spring, and JPA or Hibernate you may wish to skip this quickstart.
+
+
+
Greeter Quickstart. If you are a Jakarta EE wizard you may wish to skip this quickstart.
Follow the official Maven installation guide if you don’t already have Maven 3 installed. You can check which version of Maven you have installed (if any) by running mvn --version . If you see a version newer than 3.0.0, you are ready to go.
Download JBoss Tools from http://jboss.org/tools. Make sure you install m2eclipse as well.
+
+
+
+
+
+
+
+
+
+
+
+
JBoss WildFly offer the
+ability to manage multiple AS instances from a single control point.
+A collection of such servers are referred to as members of a "domain",
+with a single Domain Controller process acting as the management control
+point. Domains can span multiple physical (or virtual) machines, with
+all AS instances on a given host under the control of a Host Controller
+process. The Host Controllers interact with the Domain Controller to
+control the lifecycle of the AS instances running on that host and to
+assist the Domain Controller in managing them.
+
+
+
JBoss WildFly also offers a standalone mode, which is perfect for a single
+server. We use this throughout the quickstarts.
+
+
+
+
+
+
+
2.1. Installing and starting the JBoss server on Linux, Unix or Mac OS X
+
+
First, let’s verify that both Java and Maven are correctly
+installed. In a console, type:
+
+
+
+
java -version
+
+
+
+
You should see a version string (at least 1.8.0) printed. If not, contact your provider of Java for assistance. Next, type:
+
+
+
+
mvn --version
+
+
+
+
You should see a version string (at least 3.3.0) printed. If not, contact the Maven community for assistance.
+
+
+
Next, we need to choose a location for WildFly to live. By default, WildFly will be extracted into wildfly-11.x.x.x (where 11.x.x.x matches the version you downloaded):
+
+
+
+
unzip wildfly-11.x.x.x.zip
+
+
+
+
Now, let’s start WildFly in standalone mode:
+
+
+
+
wildfly-11.x.x.x/bin/standalone.sh
+
+
+
+
+
+
+
+
+
+
+
If you want to stop WildFly, simply press Crtl-C whilst the terminal
+has focus.
+
+
+
+
+
+
+
That’s it, WildFly is installed and running! Visit http://localhost:8080/ to check the server has started properly.
2.2. Installing and starting the JBoss server on Windows
+
+
First, let’s verify that both Java and Maven are correctly installed. In a Command Prompt, type:
+
+
+
+
java -version
+
+
+
+
You should see a version string (at least 1.8.0) printed. If not, contact your provider of Java for assistance. Next, type:
+
+
+
+
mvn --version
+
+
+
+
You should see a version string (at least 3.3.0) printed. If not, contact the Maven community for assistance.
+
+
+
Next, we need to choose a location for JBoss WildFly to live. By default, JBoss WildFly will be extracted into wildfly-11.x.x.x (where 11.x.x.x matches the version you downloaded). Unzip JBoss Enterprise Application Platform or JBoss WildFly using your tool of choice.
+
+
+
Finally, let’s start JBoss WildFly in standalone mode. Locate your installation and run standalone.bat located in bin.
+
+
+
+
+
+
+
+
+
+
If you want to stop the server, simply press Crtl-C whilst the terminal
+has focus.
+
+
+
+
+
+
+
That’s it, JBoss WildFly is installed and running! Visit http://localhost:8080/ to check the server has started properly.
2.3. Starting the JBoss server from CodeReady Studio or Eclipse with JBoss Tools
+
+
You may choose to use CodeReady Studio, or Eclipse with JBoss Tools, rather than the command line to run JBoss WildFly, and to deploy the quickstarts. If you don’t wish to use Eclipse, you should skip this section.
+
+
+
Make sure you have installed and started CodeReady Studio or Eclipse. First, we need to add our WildFly instance to it. First, navigate to Preferences:
+
+
+
+
+
+
Now, locate the JBoss Tools Runtime Detection preferences:
+
+
+
+
+
+
Click Add and locate where you put servers on your disk:
+
+
+
+
+
+
Any available servers will be located, now all you need to do is click OK, and then OK on the preferences dialog:
+
+
+
+
+
+
Now, let’s start the server from Eclipse. If you previously started a server from the command line, you should stop it there first.
+
+
+
First, we need to make sure the Server tab is on view. Open the Window → Show View → Other… dialog:
+
+
+
+
+
+
And select the Server view:
+
+
+
+
+
+
You should see the Server View appear with the detected servers:
+
+
+
+
+
+
Now, we can start the server. Right click on the server in the Server view, and select Start :
+
+
+
+
+
+
+
+
+
+
+
+
+
If you want to debug your application, you can simply select Debug
+rather than Start . This will start the server in debug mode, and
+automatically attach the Eclipse debugger.
+
+
+
+
+
+
+
You’ll see the server output in the Console :
+
+
+
+
+
+
That’s it, we now have the server up and running in Eclipse!
+
+
+
+
2.4. Importing the quickstarts into Eclipse
+
+
In order to import the quickstarts into Eclipse, you will need m2eclipse installed. If you have CodeReady Studio, then m2eclipse is already installed.
+
+
+
First, choose File → Import…:
+
+
+
+
+
+
Select Existing Maven Projects:
+
+
+
+
+
+
Click on Browse, and navigate to the quickstarts/ directory:
+
+
+
+
+
+
Finally, make sure all 4 quickstarts are found and selected, and click Finish:
+
+
+
+
+
+
Eclipse should now successfully import 4 projects:
+
+
+
+
+
+
It will take a short time to import the projects, as Maven needs to download the project’s dependencies from remote repositories.
When the server is running, the web management interface can be accessed at http://localhost:9990/console. You can use the web management interface to create datasources, manage deployments and configure the server.
+
+
+
JBoss WildFly also comes with a command line interface. To run it on Linux, Unix or Mac, execute:
+
+
+
+
wildfly-11.x.x.x/bin/jboss-admin.sh --connect
+
+
+
+
Or, on Windows:
+
+
+
+
wildfly-11.x.x.x/bin/jboss-admin.bat --connect
+
+
+
+
Once started, type help to discover the commands available to you.
+
+
+
Throughout this guide we use the wildfly maven plugin to deploy and undeploy applications. This plugin uses the Native Java Detyped Management API to communicate with the server. The Detyped API is used by management tools to control an entire domain of servers, and exposes only a small number of types, allowing for backwards and forwards compatibility.
+
+
+
+
+
+
3. CDI + Servlet: Helloworld quickstart
+
+
+
This quickstart shows you how to deploy a simple servlet to JBoss WildFly. The business logic is encapsulated in a service, which is provided as a CDI bean, and injected into the Servlet.
+
+
+
+
+
+
+
+
+
Contexts and Dependency Injection for Jakarta EE
+
+
CDI is a specification in Jakarta EE, inspired by JBoss Seam and
+Google Guice, and also drawing on lessons learned from frameworks such
+as Spring. It allows application developers to concentrate on developing
+their application logic by providing the ability to wire services
+together, and abstract out orthogonal concerns, all in a type safe
+manner.
+
+
+
+
+
+
+
Switch to the quickstarts/helloworld directory and instruct Maven to build and deploy the application:
Should you wish to undeploy the quickstart, or redeploy after making
+some changes, it’s pretty easy:
+
+
+
+
+
mvn wildfly:deploy - deploy any changes to the application to the
+application server
+
+
+
mvn wildfly:undeploy - undeploy the quickstart
+
+
+
+
+
+
+
+
+
It’s time to pull the covers back and dive into the internals of the quickstart.
+
+
+
Deploying the Helloworld quickstart using CodeReady Studio, or Eclipse with JBoss Tools
+
+
+
+
You may choose to deploy the quickstart using CodeReady Studio, or Eclipse with JBoss Tools. You'll need to have JBoss WildFly started in the IDE (as described in <<GettingStarted-with_jboss_tools, Starting the JBoss server from JBDS or Eclipse with JBoss Tools>>) and to have imported the quickstarts into Eclipse (as described in <<GettingStarted-importing_quickstarts_into_eclipse,Importing the quickstarts into Eclipse>>).
+
+With the quickstarts imported, you can deploy the quickstart by right clicking on the `wildfly-helloworld` project, and choosing _Run As -> Run On Server_:
+
+image:gfx/Eclipse_Helloworld_Deploy_1.jpg[]
+
+Make sure the correct server is selected, and hit Finish:
+
+image:gfx/Eclipse_Deploy_2.jpg[]
+
+You should see the server start up (unless you already started it in <<GettingStarted-with_jboss_tools, Starting the JBoss server from JBDS or Eclipse with JBoss Tools>>) and the application deploy in the Console log
+
+image:gfx/Eclipse_Helloworld_Deploy_3.jpg[]
+
+
+The helloworld quickstart in depth
+----------------------------------
+
+The quickstart is very simple - all it does is print "Hello World" onto a web page.
+
+The helloworld quickstart is comprised of a servlet and a CDI bean. We also include an empty `beans.xml` file, which tells JBoss WildFly to look for beans in this application and to activate the CDI. `beans.xml` is located in `WEB-INF/`, which can be found in the `src/main/webapp` directory. Also in this directory we include `index.html` which uses a simple meta refresh to send the users browser to the Servlet, which is located at http://localhost:8080/wildfly-helloworld/HelloWorld.
+
+All the configuration files for this quickstart are located in `WEB-INF/`, which can be found in the `src/main/webapp` directory.
+
+Notice that we don't even need a `web.xml`!
+
+Let's start by taking a look at the servlet:
+
+.src/main/java/org/jboss/as/quickstarts/helloworld/HelloWorldServlet.java
+[source,java]
+------------------------------------------------------------------------
+@SuppressWarnings("serial")
+@WebServlet("/HelloWorld") (1)
+public class HelloWorldServlet extends HttpServlet {
+
+ static String PAGE_HEADER =
+ "<html><head><title>helloworld</title></head><body>"; (2)
+
+ static String PAGE_FOOTER = "</body></html>";
+
+ @Inject
+ HelloService helloService; (3)
+
+ @Override
+ protected void doGet(HttpServletRequest req,
+ HttpServletResponse resp)
+ throws ServletException, IOException {
+ resp.setContentType("text/html");
+ PrintWriter writer = resp.getWriter();
+ writer.println(PAGE_HEADER);
+ writer.println("<h1>" +
+ helloService.createHelloMessage("World") + (4)
+ "</h1>");
+ writer.println(PAGE_FOOTER);
+ writer.close();
+ }
+
+}
+------------------------------------------------------------------------
+<1> If you've used Servlet before, then you'll remember having to use xml to register your servlets. Fortunately, this is a thing of the past. Now all you need to do is add the @WebServlet annotation, and provide a mapping to a URL used to access the servlet. Much cleaner!
+<2> Every web page needs to be correctly formed HTML. We've created static Strings to hold the minimum header and footer to write out.
+<3> We inject the HelloService (a CDI bean) which generates the actual message. This allows to alter the implementation of HelloService at a later date without changing the view layer at all (assuming we don't alter the API of HelloService ).
+<4> We call into the service to generate the message "Hello World", and write it out to the HTTP request.
+
+[TIP]
+========================================================================
+The package declaration and imports have been excluded from these
+listings. The complete listing is available in the quickstart source.
+========================================================================
+
+Now we understand how the information is sent to the browser, let's take a look at the service.
+
+.src/main/java/org/jboss/as/quickstarts/helloworld/HelloService.java
+------------------------------------------------------------------------
+public class HelloService {
+
+ String createHelloMessage(String name) {
+ return "Hello " + name + "!";
+ }
+
+}
+------------------------------------------------------------------------
+
+The service is very simple - no registration (XML or annotation) is required!
+
+
+CDI + JSF: Numberguess quickstart
+=================================
+:Author: Pete Muir
+
+[[NumberguessQuickstart-]]
+
+This quickstart shows you how to create and deploy a simple application to JBoss WildFly; the application does not persist any information. Information is displayed using a JSF view, and business logic is encapsulated in two CDI beans.
+
+Switch to the `quickstarts/numberguess` directory and instruct Maven to build and deploy the application:
+
+ mvn package wildfly:deploy
+
+The quickstart uses a Maven plugin to deploy the application. The plugin requires JBoss WildFly to be running (you can find out how to start the server in <<GettingStarted-on_linux, Installing and starting the JBoss server on Linux, Unix or Mac OS X>> or <<GettingStarted-on_windows, Installing and starting the JBoss server on Windows>>).
+
+Or you can start the server using an IDE, like CodeReady Studio.
+
+Now, see if you can determine the most efficient approach to pinpoint the random number at the URL http://localhost:8080/wildfly-numberguess.
+
+[TIP]
+========================================================================
+Should you wish to undeploy the quickstart, or redeploy after making
+some changes, it's pretty easy:
+
+* `mvn wildfly:deploy` - deploy any changes to the application to the
+ application server
+* `mvn wildfly:undeploy` - undeploy the quickstart
+========================================================================
+
+It's time to pull the covers back and dive into the internals of the quickstart.
+
+
+Deploying the Numberguess quickstart using Eclipse
+--------------------------------------------------
+
+You may choose to deploy the quickstart using Eclipse. You'll need to have JBoss WildFly started in Eclipse as described in <<GettingStarted-with_jboss_tools, Starting the JBoss server from JBDS or Eclipse with JBoss Tools>>) and to have imported the quickstarts into Eclipse (as described in <<GettingStarted-importing_quickstarts_into_eclipse, Importing the quickstarts into Eclipse>>).
+
+With the quickstarts imported, you can deploy the quickstart by right clicking on the `wildfly-numberguess` project, and choosing _Run As -> Run On Server_:
+
+image:gfx/Eclipse_Numberguess_Deploy_1.jpg[]
+
+Make sure the correct server is selected, and hit Finish:
+
+image:gfx/Eclipse_Deploy_2.jpg[]
+
+You should see the server start up (unless you already started it in <<GettingStarted-with_jboss_tools, Starting the JBoss server from JBDS or Eclipse with JBoss Tools>>) and the application deploy in the Console log:
+
+image:gfx/Eclipse_Numberguess_Deploy_3.jpg[]
+
+
+The numberguess quickstart in depth
+-----------------------------------
+
+In the numberguess application you get 10 attempts to guess a number between 1 and 100. After each attempt, you're told whether your guess was too high or too low.
+
+The quickstart is comprised of a number of beans, configuration files and Facelets (JSF) views, packaged as a war module. Let's start by examining the configuration files.
+
+All the configuration files for this quickstart are located in `WEB-INF/`, which can be found in the `src/main/webapp` directory. First, we have the JSF 2.0 version of `faces-config.xml`. A standardized version of Facelets is the default view handler in JSF 2.0, so there's really nothing that we have to configure. WildFly goes above and beyond Jakarta EE here, and will automatically configure JSF for you if you include this file. Thus, the configuration consists of only the root element.
+
+.src/main/webapp/WEB-INF/faces-config.xml
+[source,xml]
+------------------------------------------------------------------------
+<faces-config version="2.0"
+ xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="
+ http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/web-facesconfig_2_0.xsd">
+
+</faces-config>
+------------------------------------------------------------------------
+
+There's also an empty `beans.xml` file, which tells WildFly to look for beans in this application and to activate the CDI.
+
+Notice that we don't even need a `web.xml`!
+
+Let's take a look at the main JSF view, `src/main/webapp/home.xhtml`.
+
+
+[TIP]
+========================================================================
+JSF uses the .xhtml extension for source files, but serves up the
+rendered views with the .jsf extension.
+========================================================================
+
+.src/main/webapp/WEB-INF/home.xhtml
+[source,html]
+------------------------------------------------------------------------
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"
+ xmlns:ui="http://java.sun.com/jsf/facelets"
+ xmlns:h="http://java.sun.com/jsf/html"
+ xmlns:f="http://java.sun.com/jsf/core">
+
+<head>
+<meta http-equiv="Content-Type" content="text/html;
+ charset=iso-8859-1" />
+<title>numberguess</title>
+</head>
+
+<body>
+ <div id="content">
+ <h1>Guess a number...</h1>
+ <h:form id="numberGuess">
+
+ <!-- Feedback for the user on their guess -->
+ <div style="color: red"> (1)
+ <h:messages id="messages" globalOnly="false" />
+ <h:outputText id="Higher" value="Higher!"
+ rendered="#{game.number gt game.guess and game.guess ne 0}" />
+ <h:outputText id="Lower" value="Lower!"
+ rendered="#{game.number lt game.guess and game.guess ne 0}" />
+ </div>
+
+ <!-- Instructions for the user -->
+ <div> (2)
+ I'm thinking of a number between <span
+ id="numberGuess:smallest">#{game.smallest}</span> and <span
+ id="numberGuess:biggest">#{game.biggest}</span>. You have
+ #{game.remainingGuesses} guesses remaining.
+ </div>
+
+ <!-- Input box for the users guess, plus a button to submit, and reset -->
+ <!-- These are bound using EL to our CDI beans -->
+ <div>
+ Your guess: (3)
+ <h:inputText id="inputGuess" value="#{game.guess}"
+ required="true" size="3"
+ disabled="#{game.number eq game.guess}"
+ validator="#{game.validateNumberRange}" /> (4)
+ <h:commandButton id="guessButton" value="Guess"
+ action="#{game.check}"
+ disabled="#{game.number eq game.guess}" />
+ </div>
+ <div> (5)
+ <h:commandButton id="restartButton" value="Reset"
+ action="#{game.reset}" immediate="true" />
+ </div>
+ </h:form>
+
+ </div>
+
+ <br style="clear: both" />
+
+</body>
+</html>
+------------------------------------------------------------------------
+
+<1> There are a number of messages which can be sent to the user, "Higher!" and "Lower!"
+<2> As the user guesses, the range of numbers they can guess gets smaller - this sentence changes to make sure they know the number range of a valid guess.
+<3> This input field is bound to a bean property using a value expression.
+<4> A validator binding is used to make sure the user doesn't accidentally input a number outside of the range in which they can guess - if the validator wasn't here, the user might use up a guess on an out of bounds number.
+<5> There must be a way for the user to send their guess to the server. Here we bind to an action method on the bean.
+
+The quickstart consists of 4 classes, the first two of which are qualifiers. First, there is the `@Random` qualifier, used for injecting a random number:
+
+[TIP]
+========================================================================
+A _qualifier_ is used to disambiguate between two beans both of which
+are eligible for injection based on their type. For more, see the
+link:http://docs.jboss.org/weld/reference/latest/en-US/html/[Weld Reference Guide].
+========================================================================
+
+.src/main/java/org/jboss/as/quickstarts/numberguess/Random.java
+[source,java]
+------------------------------------------------------------------------
+@Target({ TYPE, METHOD, PARAMETER, FIELD })
+@Retention(RUNTIME)
+@Documented
+@Qualifier
+public @interface Random {
+
+}
+------------------------------------------------------------------------
+
+There is also the `@MaxNumber` qualifier, used for injecting the maximum number that can be injected:
+
+.src/main/java/org/jboss/as/quickstarts/numberguess/MaxNumber.java
+[source,java]
+------------------------------------------------------------------------
+@Retention(RUNTIME)
+@Documented
+@Qualifier
+public @interface MaxNumber {
+
+}
+------------------------------------------------------------------------
+
+The application-scoped `Generator` class is responsible for creating the random number, via a producer method. It also exposes the maximum possible number via a producer method:
+
+.src/main/java/org/jboss/as/quickstarts/numberguess/Generator.java
+[source,java]
+------------------------------------------------------------------------
+@SuppressWarnings("serial")
+@ApplicationScoped
+public class Generator implements Serializable {
+
+ private java.util.Random random = new java.util.Random(System.currentTimeMillis());
+
+ private int maxNumber = 100;
+
+ java.util.Random getRandom() {
+ return random;
+ }
+
+ @Produces
+ @Random
+ int next() {
+ // a number between 1 and 100
+ return getRandom().nextInt(maxNumber - 1) + 1;
+ }
+
+ @Produces
+ @MaxNumber
+ int getMaxNumber() {
+ return maxNumber;
+ }
+}
+------------------------------------------------------------------------
+
+The `Generator` is application scoped, so we don't get a different random each time.
+
+The final bean in the application is the session-scoped `Game` class. This is the primary entry point of the application. It's responsible for setting up or resetting the game, capturing and validating the user's guess and providing feedback to the user with a `FacesMessage`. We've used the post-construct lifecycle method to initialize the game by retrieving a random number from the `@RandomInstance<Integer>` bean.
+
+You'll notice that we've also added the `@Named` annotation to this class. This annotation is only required when you want to make the bean accessible to a JSF view via EL (i.e. `#{game}`)
+
+.src/main/java/org/jboss/as/quickstarts/numberguess/Game.java
+[source,java]
+------------------------------------------------------------------------
+@SuppressWarnings("serial")
+@Named
+@SessionScoped
+public class Game implements Serializable {
+
+ /**
+ * The number that the user needs to guess
+ */
+ private int number;
+
+ /**
+ * The users latest guess
+ */
+ private int guess;
+
+ /**
+ * The smallest number guessed so far (so we can track the valid guess range).
+ */
+ private int smallest;
+
+ /**
+ * The largest number guessed so far
+ */
+ private int biggest;
+
+ /**
+ * The number of guesses remaining
+ */
+ private int remainingGuesses;
+
+ /**
+ * The maximum number we should ask them to guess
+ */
+ @Inject
+ @MaxNumber
+ private int maxNumber;
+
+ /**
+ * The random number to guess
+ */
+ @Inject
+ @Random
+ Instance<Integer> randomNumber;
+
+ public Game() {
+ }
+
+ public int getNumber() {
+ return number;
+ }
+
+ public int getGuess() {
+ return guess;
+ }
+
+ public void setGuess(int guess) {
+ this.guess = guess;
+ }
+
+ public int getSmallest() {
+ return smallest;
+ }
+
+ public int getBiggest() {
+ return biggest;
+ }
+
+ public int getRemainingGuesses() {
+ return remainingGuesses;
+ }
+
+ /**
+ * Check whether the current guess is correct, and update the biggest/smallest guesses as needed.
+ * Give feedback to the user if they are correct.
+ */
+ public void check() {
+ if (guess > number) {
+ biggest = guess - 1;
+ } else if (guess < number) {
+ smallest = guess + 1;
+ } else if (guess == number) {
+ FacesContext.getCurrentInstance().addMessage(null, new FacesMessage("Correct!"));
+ }
+ remainingGuesses--;
+ }
+
+ /**
+ * Reset the game, by putting all values back to their defaults, and getting a new random number.
+ * We also call this method when the user starts playing for the first time using
+ * {@linkplain PostConstruct @PostConstruct} to set the initial values.
+ */
+ @PostConstruct
+ public void reset() {
+ this.smallest = 0;
+ this.guess = 0;
+ this.remainingGuesses = 10;
+ this.biggest = maxNumber;
+ this.number = randomNumber.get();
+ }
+
+ /**
+ * A JSF validation method which checks whether the guess is valid. It might not be valid because
+ * there are no guesses left, or because the guess is not in range.
+ *
+ */
+ public void validateNumberRange(FacesContext context, UIComponent toValidate, Object value) {
+ if (remainingGuesses <= 0) {
+ FacesMessage message = new FacesMessage("No guesses left!");
+ context.addMessage(toValidate.getClientId(context), message);
+ ((UIInput) toValidate).setValid(false);
+ return;
+ }
+ int input = (Integer) value;
+
+ if (input < smallest || input > biggest) {
+ ((UIInput) toValidate).setValid(false);
+
+ FacesMessage message = new FacesMessage("Invalid guess");
+ context.addMessage(toValidate.getClientId(context), message);
+ }
+ }
+}
+
+------------------------------------------------------------------------
+
+
+CDI + JPA + EJB + JTA + JSF: Greeter quickstart
+===============================================
+:Author: Pete Muir
+
+[[GreeterQuickstart-]]
+
+This quickstart shows you how to create and deploy an application which persists information to a database to JBoss WildFly. Information is displayed using JSF views, business logic is encapsulated in CDI beans, information is persisted using JPA, and transactions can be controlled manually or using EJB.
+
+Switch to the `quickstarts/greeter` directory and instruct Maven to build and deploy the application:
+
+ mvn package wildfly:deploy
+
+
+The quickstart uses a Maven plugin to deploy the application. The plugin requires JBoss WildFly to be running (you can find out how to start the server in <<GettingStarted-on_linux, Installing and starting the JBoss server on Linux, Unix or Mac OS X>> or <<GettingStarted-on_windows, Installing and starting the JBoss server on Windows>>).
+
+Or you can start the server using an IDE, like CodeReady Studio. If you are using CodeReady Studio, you can deploy the quickstart by right clicking on the `greeter` project, and choosing _Run As -> Run On Server_:
+
+image:gfx/Eclipse_Greeter_Deploy_1.png[]
+
+Make sure the server is selected, and hit Finish:
+
+image:gfx/Eclipse_Deploy_2.jpg[]
+
+You should see the server start up (unless you already started it in <<GettingStarted-with_jboss_tools,Starting the JBoss server from JBDS or Eclipse with JBoss Tools>>) and the application deploy in the Console log:
+
+image:gfx/Eclipse_Greeter_Deploy_3.png[]
+
+To use the application, visit http://localhost:8080/greeter/.
+
+[[greeter_in_depth]]
+The greeter quickstart in depth
+-------------------------------
+
+In the quickstart, all users are stored in an H2 database (an in-memory, embedded database provided out of the box in JBoss WildFly). Each user is stored as an entity, and entities are mapped to the database using JPA. By default, transactions are managed manually, using the JTA API. Optionally, you can use EJB to manage transactions (we'll look at how to enable that later). We need a transaction in progress in order to read and write any entities.
+
+The quickstart is comprised of two JSF views, an entity, and a number of CDI beans. Additionally, there are the usual configuration files in `WEB-INF/` (which can be found in the `src/main/webapp` directory). Here we find `beans.xml` and `faces-config.xml` which tell JBoss WildFly to enable CDI and JSF for the application. Notice that we don't need a `web.xml`. There are two new configuration files in `WEB-INF/classes/META-INF` (which can be found in the `src/main/resources` directory of the quickstart) — `persistence.xml`, which sets up JPA, and `import.sql` which Hibernate, the JPA provider in JBoss WildFly, will use to load the initial users into the application when the application starts.
+
+`persistence.xml` is pretty straight forward, and links JPA to a datasource:
+
+.src/main/resources/META-INF/persistence.xml
+[source, xml]
+------------------------------------------------------------------------
+<persistence version="2.0"
+ xmlns="http://java.sun.com/xml/ns/persistence"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="
+ http://java.sun.com/xml/ns/persistence
+ http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd">
+ <persistence-unit name="primary"> (1)
+ <!-- If you are running in a production environment, add a
+ managed data source, this example data source is just
+ for development and testing! -->
+ <!-- The datasource is deployed as
+ WEB-INF/greeter-quickstart-ds.xml, you can find it in
+ the source at
+ src/main/webapp/WEB-INF/greeter-quickstart-ds.xml -->
+ <jta-data-source>java:jboss/datasources/GreeterQuickstartDS</jta-data-source> (2)
+ <properties>
+ <!-- Properties for Hibernate --> (3)
+ <property name="hibernate.hbm2ddl.auto"
+ value="create-drop" />
+ <property name="hibernate.show_sql"
+ value="false" />
+ </properties>
+ </persistence-unit>
+</persistence>
+------------------------------------------------------------------------
+
+<1> The persistence unit is given a name, so that the application can use multiple if needed. If only one is defined, JPA will automatically use it.
+<2> The persistence unit references a data source. Here we are using the built in, sample, data source.
+<3> JPA allows us to configure the JPA provider specific properties. Here we tell Hibernate to automatically create any needed tables when the application starts (and drop them when the application is stopped).
+
+[TIP]
+========================================================================
+JBoss WildFly ships with a
+sample datasource `java:jboss/datasources/ExampleDS`. This data source
+is backed by H2, an in-memory database. Whilst this datasource is great
+for quickstarts, you will probably want to use a different datasource in
+your application. The link:http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/6/html/Administration_and_Configuration_Guide/index.html[Administration and Configuration Guide for JBoss Enterprise Application Platform 6] or the
+link:https://docs.jboss.org/author/display/WFLY/Getting+Started+Guide[Getting Started Guide for JBoss WildFly]
+tells you how to create a new datasource.
+========================================================================
+
+Let's take a look at the JSF views. First up is `src/main/webapp/greet.xhtml`:
+
+.src/main/webapp/greet.xhtml
+[source,html]
+------------------------------------------------------------------------
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"
+ xmlns:ui="http://java.sun.com/jsf/facelets"
+ xmlns:h="http://java.sun.com/jsf/html"
+ xmlns:f="http://java.sun.com/jsf/core">
+
+<ui:composition template="template.xhtml"> (1)
+ <ui:define name="content">
+ <h:messages /> (2)
+ <h:form id="greetForm">
+ <h:panelGrid columns="3">
+ <h:outputLabel for="username">Enter username:</h:outputLabel>
+ <h:inputText id="username"
+ value="#{greetController.username}" />
+ <h:message for="username" />
+ </h:panelGrid>
+ <h:commandButton id="greet" value="Greet!"
+ action="#{greetController.greet}" />
+ </h:form>
+ <h:outputText value="#{greetController.greeting}"
+ rendered="#{not empty greetController.greeting}" /> (3)
+ <br />
+ <h:link outcome="/create.xhtml" value="Add a new user" /> (4)
+ </ui:define>
+</ui:composition>
+</html>
+------------------------------------------------------------------------
+
+<1> As we have multiple views in this application, we've created a template that defines the common elements. We'll examine this next. Here we define the "content" section of the page, which will be inserted into the template.
+<2> We output any messages for the user at the top of the form, e.g. when a new user is created.
+<3> The greeting message is only rendered if there is a message.
+<4> We also a link to the page which allows a user to be added.
+
+Now let's take a look at the template. It defines common elements for the page, and allows pages which use it to insert content in various places.
+
+.src/main/webapp/template.xhtml
+[source,html]
+------------------------------------------------------------------------
+<!-- The template for our app, defines some regions -->
+
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
+<title>greeter</title>
+<ui:insert name="head" /> (1)
+</head>
+
+<body>
+
+ <div id="container">
+ <div id="header"></div>
+
+ <div id="sidebar"></div>
+
+ <div id="content">
+ <ui:insert name="content" /> (2)
+ </div>
+
+ <br style="clear: both" />
+ </div>
+
+</body>
+</html>
+------------------------------------------------------------------------
+
+<1> The head, defined in case a page wants to add some content to the head of the page.
+<2> The content, defined by a page using this template, will be inserted here
+
+Finally, let's take a look at the user management page. It provides a form to add users:
+
+.src/main/webapp/create.xhtml
+[source,html]
+------------------------------------------------------------------------
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"
+ xmlns:ui="http://java.sun.com/jsf/facelets"
+ xmlns:h="http://java.sun.com/jsf/html"
+ xmlns:f="http://java.sun.com/jsf/core">
+
+<ui:composition template="template.xhtml">
+ <ui:define name="content">
+ <h:messages />
+ <h:form>
+ <h:panelGrid columns="3">
+ <h:outputLabel for="username">Enter username:</h:outputLabel>
+ <h:inputText id="username" value="#{newUser.username}" />
+ <h:message for="username" />
+
+ <h:outputLabel for="firstName">Enter first name:</h:outputLabel>
+ <h:inputText id="firstName" value="#{newUser.firstName}" />
+ <h:message for="firstName" />
+
+ <h:outputLabel for="lastName">Enter last name:</h:outputLabel>
+ <h:inputText id="lastName" value="#{newUser.lastName}" />
+ <h:message for="lastName" />
+
+ </h:panelGrid>
+ <h:commandButton action="#{createController.create}"
+ value="Add User" />
+ </h:form>
+ <h:link outcome="/greet.xhtml">Greet a user!</h:link>
+ </ui:define>
+</ui:composition>
+</html>
+------------------------------------------------------------------------
+
+The quickstart has one entity, which is mapped via JPA to the relational database:
+
+.src/main/java/org/jboss/as/quickstarts/greeter/domain/User.java
+[source,java]
+------------------------------------------------------------------------
+@Entity (1)
+public class User {
+
+ @Id (2)
+ @GeneratedValue
+ private Long id;
+
+ @Column(unique = true)
+ private String username;
+
+ private String firstName; (3)
+
+ private String lastName;
+
+ public Long getId() { (4)
+ return id;
+ }
+
+ public String getUsername() {
+ return username;
+ }
+
+ public void setUsername(String username) {
+ this.username = username;
+ }
+
+ public String getFirstName() {
+ return firstName;
+ }
+
+ public void setFirstName(String firstName) {
+ this.firstName = firstName;
+ }
+
+ public String getLastName() {
+ return lastName;
+ }
+
+ public void setLastName(String lastName) {
+ this.lastName = lastName;
+ }
+
+}
+------------------------------------------------------------------------
+<1> The `@Entity` annotation used on the class tells JPA that this class should be mapped as a table in the database.
+<2> Every entity requires an id, the `@Id` annotation placed on a field (or a JavaBean mutator/accessor) tells JPA that this property is the id. You can use a synthetic id, or a natural id (as we do here).
+<3> The entity also stores the real name of the user
+<4> As this is Java, every property needs an accessor/mutator!
+
+We use a couple of controller classes to back the JSF pages. First up is `GreetController` which is responsible for getting the user's real name from persistence layer, and then constructing the message.
+
+.src/main/java/org/jboss/as/quickstarts/greeter/web/GreetController.java
+[source,java]
+------------------------------------------------------------------------
+@Named (1)
+@RequestScoped (2)
+public class GreetController {
+
+ @Inject
+ private UserDao userDao; (3)
+
+ private String username;
+
+ private String greeting;
+
+ public void greet() {
+ User user = userDao.getForUsername(username);
+ if (user != null) {
+ greeting = "Hello, " +
+ user.getFirstName() +
+ " " +
+ user.getLastName() +
+ "!";
+ } else {
+ greeting =
+ "No such user exists! Use 'emuster' or 'jdoe'";
+ }
+ }
+
+ public String getUsername() { (4)
+ return username;
+ }
+
+ public void setUsername(String username) {
+ this.username = username;
+ }
+
+ public String getGreeting() {
+ return greeting;
+ }
+
+}
+------------------------------------------------------------------------
+<1> The bean is given a name, so we can access it from JSF
+<2> The bean is request scoped, a different greeting can be made in each request
+<3> We inject the `UserDao`, which handles database abstraction
+<4> We need to expose JavaBean style mutators and accessors for every property the JSF page needs to access to
+
+The second controller class is responsible for adding a new user:
+
+.src/main/java/org/jboss/as/quickstarts/greeter/web/CreateController.java
+[source,java]
+------------------------------------------------------------------------
+@Named (1)
+@RequestScoped (2)
+public class CreateController {
+
+ @Inject (3)
+ private FacesContext facesContext;
+
+ @Inject (4)
+ private UserDao userDao;
+
+ @Named (5)
+ @Produces
+ @RequestScoped
+ private User newUser = new User();
+
+ public void create() {
+ try {
+ userDao.createUser(newUser);
+ String message = "A new user with id " +
+ newUser.getId() +
+ " has been created successfully";
+ facesContext.addMessage(null, new FacesMessage(message));
+ } catch (Exception e) {
+ String message = "An error has occured while creating" +
+ " the user (see log for details)";
+ facesContext.addMessage(null, new FacesMessage(message));
+ }
+ }
+}
+------------------------------------------------------------------------
+<1> The bean is given a name, so we can access it from JSF
+<2> The bean is request scoped, a different user can be added in each request
+<3> We inject the `FacesContext`, to allow us to send messages to the user when the user is created, or if an error occurs
+<4> We inject the `UserDao`, which handles database abstraction
+<5> We expose a prototype user using a named producer, which allows us to access it from a JSF page
+
+Now that we have the controllers in place, let's look at the most interesting part of the application, how we interact with the database. As we mentioned earlier, by default the application uses the JTA API to manually control transactions. To implement both approaches, we've defined a `UserDao` interface, with two implementations, one of which (the EJB variant) is as an alternative which can be enabled via a deployment descriptor. If you were wondering why we "hid" the persistence logic in the `UserDao`, rather than placing it directly in the controller classes, this is why!
+
+Let's first look at the interface, and the manual transaction control variant.
+
+.src/main/java/org/jboss/as/quickstarts/greeter/domain/UserDao.java
+[source,java]
+------------------------------------------------------------------------
+public interface UserDao {
+ User getForUsername(String username);
+
+ void createUser(User user);
+}
+------------------------------------------------------------------------
+
+The methods are fairly self explanatory, so let's move on quickly to the implementation, `ManagedBeanUserDao`:
+
+.src/main/java/org/jboss/as/quickstarts/greeter/domain/ManagedBeanUserDao.java
+[source,java]
+------------------------------------------------------------------------
+public class ManagedBeanUserDao implements UserDao {
+
+ @Inject
+ private EntityManager entityManager; (1)
+
+ @Inject
+ private UserTransaction utx; (2)
+
+ public User getForUsername(String username) { (3)
+ try {
+ User user;
+ try {
+ utx.begin();
+ Query query = entityManager.createQuery("select u from User u where u.username = :username");
+ query.setParameter("username", username);
+ user = (User) query.getSingleResult();
+ } catch (NoResultException e) {
+ user = null;
+ }
+ utx.commit();
+ return user;
+ } catch (Exception e) {
+ try {
+ utx.rollback();
+ } catch (SystemException se) {
+ throw new RuntimeException(se);
+ }
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void createUser(User user) { (4)
+ try {
+ try {
+ utx.begin();
+ entityManager.persist(user);
+ } finally {
+ utx.commit();
+ }
+ } catch (Exception e) {
+ try {
+ utx.rollback();
+ } catch (SystemException se) {
+ throw new RuntimeException(se);
+ }
+ throw new RuntimeException(e);
+ }
+ }
+}
+------------------------------------------------------------------------
+<1> We inject the entity manager. This was set up in `persistence.xml`.
+<2> We inject the `UserTransaction`, to allow us to programmatically control the transaction
+<3> The `getUserForUsername` method can check whether a user with a matching username and password exists, and return it if it does.
+<4> `createUser` persists a new user to the database.
+
+You've probably noticed two things as you've read through this. Firstly, that manually managing transactions is a real pain. Secondly, you may be wondering how the entity manager and the logger are injected. First, let's tidy up the transaction manager, and use EJB to provide us with declarative transaction support.
+
+The class `EJBUserDao` provides this, and is defined as an alternative. Alternatives are disabled by default, and when enabled replace the original implementation. In order to enable this variant of `UserDao`, edit `beans.xml` and uncomment the alternative. Your `beans.xml` should now look like:
+
+.src/main/webapp/WEB-INF/beans.xml
+[source,xml]
+------------------------------------------------------------------------
+<beans xmlns="http://java.sun.com/xml/ns/javaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="
+ http://java.sun.com/xml/ns/javaee
+ http://java.sun.com/xml/ns/javaee/beans_1_0.xsd">
+
+ <!-- Uncomment this alternative to see EJB declarative transactions in use -->
+ <alternatives>
+ <class>org.jboss.as.quickstarts.greeter.domain.EJBUserDao</class>
+ </alternatives>
+</beans>
+------------------------------------------------------------------------
+
+Now, let's look at `EJBUserDao`:
+
+.src/main/java/org/jboss/as/quickstarts/greeter/domain/EJBUserDao.java
+[source,java]
+------------------------------------------------------------------------
+@Stateful
+@Alternative
+public class EJBUserDao implements UserDao {
+
+ @Inject
+ private EntityManager entityManager;
+
+ public User getForUsername(String username) {
+ try {
+ Query query = entityManager.createQuery("select u from User u where u.username = ?");
+ query.setParameter(1, username);
+ return (User) query.getSingleResult();
+ } catch (NoResultException e) {
+ return null;
+ }
+ }
+
+ public void createUser(User user) {
+ entityManager.persist(user);
+ }
+
+}
+------------------------------------------------------------------------
+
+Using declarative transaction management has allowed us to remove a third of the lines of code from the class, but more importantly emphasizes the functionality of the class. Much better!
+
+
+[NOTE]
+========================================================================
+Sharp eyed developers who are used to Jakarta EE will have noticed that we
+have added this EJB to a war. This is the key improvement offered in
+EJB 3.1.
+========================================================================
+
+Finally, let's take a look at the `Resources` class, which provides resources such as the entity manager. CDI recommends using "resource producers", as we do in this quickstart, to alias resources to CDI beans, allowing for a consistent style throughout our application:
+
+.src/main/java/org/jboss/as/quickstarts/greeter/Resources.java
+[source,java]
+------------------------------------------------------------------------
+public class Resources {
+
+ // Expose an entity manager using the resource producer pattern
+ @SuppressWarnings("unused")
+ @PersistenceContext
+ @Produces
+ private EntityManager em; (1)
+
+ @Produces
+ Logger getLogger(InjectionPoint ip) { (2)
+ String category = ip.getMember()
+ .getDeclaringClass()
+ .getName();
+ return Logger.getLogger(category);
+ }
+
+ @Produces
+ FacesContext getFacesContext() { (3)
+ return FacesContext.getCurrentInstance();
+ }
+
+}
+------------------------------------------------------------------------
+<1> We use the "resource producer" pattern, from CDI, to "alias" the old fashioned `@PersistenceContext` injection of the entity manager to a CDI style injection. This allows us to use a consistent injection style (`@Inject`) throughout the application.
+<2> We expose a JDK logger for injection. In order to save a bit more boiler plate, we automatically set the logger category as the class name!
+<3> We expose the `FacesContext` via a producer method, which allows it to be injected. If we were adding tests, we could also then mock it out.
+
+
+That concludes our tour of the greeter application!
+
+
+CDI + JSF + EJB + JTA + Bean Validation + JAX-RS + Arquillian: Kitchensink quickstart
+=====================================================================================
+:Author: Pete Muir
+
+[[KitchensinkQuickstart-]]
+
+This quickstart shows off all the new features of Jakarta EE, and makes a great starting point for your project.
+
+[TIP]
+.Bean Validation
+========================================================================
+Bean Validation is a specification in Jakarta EE, inspired by
+Hibernate Validator. It allows application developers to specify
+constraints once (often in their domain model), and have them applied in
+all layers of the application, protecting data and giving useful
+feedback to users.
+========================================================================
+
+[TIP]
+.JAX-RS: The Java API for RESTful Web Services
+========================================================================
+JAX-RS is a specification in Jakarta EE. It allows application
+developers to easily expose Java services as RESTful web services.
+========================================================================
+
+Switch to the `quickstarts/kitchensink` directory and instruct Maven to build and deploy the application:
+
+ mvn package wildfly:deploy
+
+The quickstart uses a Maven plugin to deploy the application. The plugin requires JBoss WildFly to be running (you can find out how to start the server in <<GettingStarted-on_linux, Installing and starting the JBoss server on Linux, Unix or Mac OS X>> or <<GettingStarted-on_windows, Installing and starting the JBoss server on Windows>>).
+
+Or you can start the server using an IDE, like Eclipse.
+
+Now, check if the application has deployed properly by clicking http://localhost:8080/wildfly-kitchensink. If you see a splash page it's all working!
+
+
+[TIP]
+========================================================================
+Should you wish to undeploy the quickstart, or redeploy after making
+some changes, it's pretty easy:
+
+* `mvn wildfly:deploy` - deploy any changes to the application to the
+ application server
+* `mvn wildfly:undeploy` - undeploy the quickstart
+========================================================================
+
+It's time to pull the covers back and dive into the internals of the application.
+
+Deploying the Kitchensink quickstart using CodeReady Studio, or Eclipse with JBoss Tools
+----------------------------------------------------------------------------------------------
+
+You may choose to deploy the quickstart using CodeReady Studio, or Eclipse with JBoss Tools. You'll need to have JBoss WildFly started in the IDE (as described in <<GettingStarted-with_jboss_tools, Starting the JBoss server from JBDS or Eclipse with JBoss Tools>>) and to have imported the quickstarts into Eclipse (as described in <<GettingStarted-importing_quickstarts_into_eclipse,Importing the quickstarts into Eclipse>>).
+
+With the quickstarts imported, you can deploy the quickstart by right clicking on the `wildfly-kitchensink` project, and choosing _Run As -> Run On Server_:
+
+image:gfx/Eclipse_KitchenSink_Deploy_1.jpg[]
+
+Make sure the server is selected, and hit Finish:
+
+image:gfx/Eclipse_Deploy_2.jpg[]
+
+You should see the server start up (unless you already started it in <<GettingStarted-with_jboss_tools, Starting the JBoss server from JBDS or Eclipse with JBoss Tools>>) and the application deploy in the Console log:
+
+image:gfx/Eclipse_KitchenSink_Deploy_3.jpg[]
+
+
+The kitchensink quickstart in depth
+-----------------------------------
+
+The kitchensink application shows off a number of Jakarta EE technologies such as CDI, JSF, EJB, JTA, JAX-RS and Arquillian. It does this by providing a member registration database, available via JSF and JAX-RS.
+
+As usual, let's start by looking at the necessary deployment descriptors. By now, we're very used to seeing `beans.xml` and `faces-config.xml` in `WEB-INF/` (which can be found in the `src/main/webapp` directory). Notice that, once again, we don't need a `web.xml`. There are two configuration files in `WEB-INF/classes/META-INF` (which can be found in the `src/main/resources` directory) — `persistence.xml`, which sets up JPA, and `import.sql` which Hibernate, the JPA provider in JBoss WildFly, will use to load the initial users into the application when the application starts. We discussed both of these files in detail in <<GreeterQuickstart-,the Greeter Quickstart>>, and these are largely the same.
+
+Next, let's take a look at the JSF view the user sees. As usual, we use a template to provide the sidebar and footer. This one lives in `src/main/webapp/WEB-INF/templates/default.xhtml`:
+
+.src/main/webapp/WEB-INF/templates/default.xhtml
+[source,html]
+------------------------------------------------------------------------
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"
+ xmlns:h="http://java.sun.com/jsf/html"
+ xmlns:ui="http://java.sun.com/jsf/facelets">
+<h:head> (1)
+ <title>kitchensink</title>
+ <meta http-equiv="Content-Type"
+ content="text/html; charset=utf-8" />
+ <h:outputStylesheet name="css/screen.css" />
+</h:head>
+<h:body>
+ <div id="container">
+ <div class="dualbrand">
+ <img src="resources/gfx/dualbrand_logo.png" />
+ </div>
+ <div id="content">
+ <ui:insert name="content"> (2)
+ [Template content will be inserted here]
+ </ui:insert>
+ </div>
+ <div id="aside"> (3)
+ <p>Learn more about JBoss Enterprise Application
+ Platform 6.</p>
+ <ul>
+ <li>
+ <a href="http://red.ht/jbeap-6-docs">
+ Documentation
+ </a>
+ </li>
+ <li>
+ <a href="http://red.ht/jbeap-6">
+ Product Information
+ </a>
+ </li>
+ </ul>
+ <p>Learn more about JBoss WildFly.</p>
+ <ul>
+ <li>
+ <a href="http://jboss.org/jdf/quickstarts/wildfly-quickstart/guide">
+ Getting Started Developing Applications Guide
+ </a>
+ </li>
+ <li>
+ <a href="http://jboss.org/jbossas">
+ Community Project Information
+ </a>
+ </li>
+ </ul>
+ </div>
+ <div id="footer">
+ <p>
+ This project was generated from a Maven archetype from
+ JBoss.<br />
+ </p>
+ </div>
+ </div>
+</h:body>
+</html>
+------------------------------------------------------------------------
+<1> We have a common `<head>` element, where we define styles and more
+<2> The content is inserted here, and defined by views using this template
+<3> This application defines a common sidebar and footer, putting them in the template means we only have to define them once
+
+That leaves the main page, index.xhtml , in which we place the content unique to the main page:
+
+.src/main/webapp/index.xhtml
+[source,html]
+------------------------------------------------------------------------
+<?xml version="1.0" encoding="UTF-8"?>
+<ui:composition xmlns="http://www.w3.org/1999/xhtml"
+ xmlns:ui="http://java.sun.com/jsf/facelets"
+ xmlns:f="http://java.sun.com/jsf/core"
+ xmlns:h="http://java.sun.com/jsf/html"
+ template="/WEB-INF/templates/default.xhtml">
+ <ui:define name="content">
+ <h1>Welcome to JBoss!</h1>
+
+ <h:form id="reg"> (1)
+ <h2>Member Registration</h2>
+ <p>Enforces annotation-based constraints defined on the
+ model class.</p>
+ <h:panelGrid columns="3" columnClasses="titleCell">
+ <h:outputLabel for="name" value="Name:" />
+ <h:inputText id="name" value="#{newMember.name}" /> (2)
+ <h:message for="name" errorClass="invalid" />
+
+ <h:outputLabel for="email" value="Email:" />
+ <h:inputText id="email"
+ value="#{newMember.email}" /> (2)
+ <h:message for="email" errorClass="invalid" />
+
+ <h:outputLabel for="phoneNumber" value="Phone #:" />
+ <h:inputText id="phoneNumber"
+ value="#{newMember.phoneNumber}" /> (2)
+ <h:message for="phoneNumber" errorClass="invalid" />
+ </h:panelGrid>
+
+ <p>
+ <h:panelGrid columns="2">
+ <h:commandButton id="register"
+ action="#{memberController.register}"
+ value="Register" styleClass="register" />
+ <h:messages styleClass="messages"
+ errorClass="invalid" infoClass="valid"
+ warnClass="warning" globalOnly="true" />
+ </h:panelGrid>
+ </p>
+ </h:form>
+ <h2>Members</h2>
+ <h:panelGroup rendered="#{empty members}">
+ <em>No registered members.</em>
+ </h:panelGroup>
+ <h:dataTable var="_member" value="#{members}"
+ rendered="#{not empty members}"
+ styleClass="simpletablestyle"> (3)
+ <h:column>
+ <f:facet name="header">Id</f:facet>
+ #{_member.id}
+ </h:column>
+ <h:column>
+ <f:facet name="header">Name</f:facet>
+ #{_member.name}
+ </h:column>
+ <h:column>
+ <f:facet name="header">Email</f:facet>
+ #{_member.email}
+ </h:column>
+ <h:column>
+ <f:facet name="header">Phone #</f:facet>
+ #{_member.phoneNumber}
+ </h:column>
+ <h:column>
+ <f:facet name="header">REST URL</f:facet>
+ <a href="#{request.contextPath}/rest/members/#{_member.id}">
+ /rest/members/#{_member.id}
+ </a>
+ </h:column>
+ <f:facet name="footer">
+ REST URL for all members:
+ <a href="#{request.contextPath}/rest/members">
+ /rest/members
+ </a>
+ </f:facet>
+ </h:dataTable>
+ </ui:define>
+</ui:composition>
+
+------------------------------------------------------------------------
+<1> The JSF form allows us to register new users. There should be one already created when the application started.
+<2> The application uses Bean Validation to validate data entry. The error messages from Bean Validation are automatically attached to the relevant field by JSF, and adding a messages JSF component will display them.
+<3> This application exposes REST endpoints for each registered member. The application helpfully displays the URL to the REST endpoint on this page.
+
+Next, let's take a look at the Member entity, before we look at how the application is wired together:
+
+.src/main/java/org/jboss/as/quickstarts/kitchensink/model/Member.java
+[source,java]
+------------------------------------------------------------------------
+SuppressWarnings("serial")
+@Entity (1)
+@XmlRootElement (2)
+@Table(uniqueConstraints = @UniqueConstraint(columnNames = "email"))
+public class Member implements Serializable {
+
+ @Id
+ @GeneratedValue
+ private Long id;
+
+ @NotNull
+ @Size(min = 1, max = 25)
+ @Pattern(regexp = "[A-Za-z ]*",
+ message = "must contain only letters and spaces") (3)
+ private String name;
+
+ @NotNull
+ @NotEmpty
+ @Email (4)
+ private String email;
+
+ @NotNull
+ @Size(min = 10, max = 12)
+ @Digits(fraction = 0, integer = 12) (5)
+ @Column(name = "phone_number")
+ private String phoneNumber;
+
+ public Long getId() {
+ return id;
+ }
+
+ public void setId(Long id) {
+ this.id = id;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ public String getEmail() {
+ return email;
+ }
+
+ public void setEmail(String email) {
+ this.email = email;
+ }
+
+ public String getPhoneNumber() {
+ return phoneNumber;
+ }
+
+ public void setPhoneNumber(String phoneNumber) {
+ this.phoneNumber = phoneNumber;
+ }
+}
+------------------------------------------------------------------------
+<1> As usual with JPA, we define that the class is an entity by adding @Entity
+<2> Members are exposed as a RESTful service using JAX-RS. We can use JAXB to map the object to XML and to do this we need to add @XmlRootElement
+<3> Bean Validation allows constraints to be defined once (on the entity) and applied everywhere. Here we constrain the person's name to a certain size and regular expression
+<4> Hibernate Validator also offers some extra validations such as @Email
+<5> @Digits , @NotNull and @Size are further examples of constraints
+
+Let's take a look at `MemberRepository`, which is responsible for interactions with the persistence layer:
+
+.src/main/java/org/jboss/as/quickstarts/kitchensink/data/MemberRepository.java
+[source,java]
+------------------------------------------------------------------------
+@ApplicationScoped (1)
+public class MemberRepository {
+
+ @Inject (2)
+ private EntityManager em;
+
+ public Member findById(Long id) {
+ return em.find(Member.class, id);
+ }
+
+ public Member findByEmail(String email) {
+ CriteriaBuilder cb = em.getCriteriaBuilder(); (3)
+ CriteriaQuery<Member> c = cb.createQuery(Member.class);
+ Root<Member> member = c.from(Member.class);
+ c.select(member).where(cb.equal(member.get("email"), email));
+ return em.createQuery(c).getSingleResult();
+ }
+
+ public List<Member> findAllOrderedByName() {
+ CriteriaBuilder cb = em.getCriteriaBuilder();
+ CriteriaQuery<Member> criteria = cb.createQuery(Member.class);
+ Root<Member> member = criteria.from(Member.class);
+ criteria.select(member).orderBy(cb.asc(member.get("name")));
+ return em.createQuery(criteria).getResultList(); (4)
+ }
+}
+------------------------------------------------------------------------
+<1> The bean is application scoped, as it is a singleton
+<2> The entity manager is injected, to allow interaction with JPA
+<3> The JPA criteria api is used to load a member by their unique identifier, their email address
+<4> The criteria api can also be used to load lists of entities
+
+Let's take a look at `MemberListProducer`, which is responsible for managing the list of registered members.
+
+.src/main/java/org/jboss/as/quickstarts/kitchensink/data/MemberListProducer.java
+[source,java]
+------------------------------------------------------------------------
+@RequestScoped (1)
+public class MemberListProducer {
+
+ @Inject (2)
+ private MemberRepository memberRepository;
+
+ private List<Member> members;
+
+ // @Named provides access the return value via the EL variable
+ // name "members" in the UI (e.g. Facelets or JSP view)
+ @Produces (3)
+ @Named
+ public List<Member> getMembers() {
+ return members;
+ }
+
+ public void onMemberListChanged( (4)
+ @Observes(notifyObserver = Reception.IF_EXISTS)
+ final Member member) {
+ retrieveAllMembersOrderedByName();
+ }
+
+ @PostConstruct
+ public void retrieveAllMembersOrderedByName() {
+ members = memberRepository.findAllOrderedByName();
+ }
+}
+------------------------------------------------------------------------
+<1> This bean is request scoped, meaning that any fields (such as members ) will be stored for the entire request
+<2> The `MemberRepository` is responsible or interactions with the persistence layer
+<3> The list of members is exposed as a producer method, it's also available via EL
+<4> The observer method is notified whenever a member is created, removed, or updated. This allows us to refresh the list of members whenever they are needed. This is a good approach as it allows us to cache the list of members, but keep it up to date at the same time
+
+Let's now look at MemberRegistration, the service that allows us to create new members:
+
+.src/main/java/org/jboss/as/quickstarts/kitchensink/service/MemberRegistration.java
+[source,java]
+------------------------------------------------------------------------
+@Stateless (1)
+public class MemberRegistration {
+
+ @Inject (2)
+ private Logger log;
+
+ @Inject
+ private EntityManager em;
+
+ @Inject
+ private Event<Member> memberEventSrc;
+
+ public void register(Member member) throws Exception {
+ log.info("Registering " + member.getName());
+ em.persist(member);
+ memberEventSrc.fire(member); (3)
+ }
+}
+------------------------------------------------------------------------
+<1> This bean requires transactions as it needs to write to the database. Making this an EJB gives us access to declarative transactions - much simpler than manual transaction control!
+<2> Here we inject a JDK logger, defined in the `Resources` class
+<3> An event is sent every time a member is updated. This allows other pieces of code (in this quickstart the member list is refreshed) to react to changes in the member list without any coupling to this class.
+
+Now, let's take a look at the `Resources` class, which provides resources such as the entity manager. CDI recommends using "resource producers", as we do in this quickstart, to alias resources to CDI beans, allowing for a consistent style throughout our application:
+
+.src/main/java/org/jboss/as/quickstarts/kitchensink/util/Resources.java
+[source,java]
+------------------------------------------------------------------------
+public class Resources {
+ // use @SuppressWarnings to tell IDE to ignore warnings about
+ // field not being referenced directly
+ @SuppressWarnings("unused") (1)
+ @Produces
+ @PersistenceContext
+ private EntityManager em;
+
+ @Produces (2)
+ public Logger produceLog(InjectionPoint injectionPoint) {
+ return Logger.getLogger(injectionPoint.getMember()
+ .getDeclaringClass()
+ .getName());
+ }
+
+ @Produces (3)
+ @RequestScoped
+ public FacesContext produceFacesContext() {
+ return FacesContext.getCurrentInstance();
+ }
+
+}
+------------------------------------------------------------------------
+<1> We use the "resource producer" pattern, from CDI, to "alias" the old fashioned `@PersistenceContext` injection of the entity manager to a CDI style injection. This allows us to use a consistent injection style (`@Inject`) throughout the application.
+<2> We expose a JDK logger for injection. In order to save a bit more boiler plate, we automatically set the logger category as the class name!
+<3> We expose the `FacesContext` via a producer method, which allows it to be injected. If we were adding tests, we could also then mock it out.
+
+If you want to define your own datasource, take a look at the link:http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/6/html/Administration_and_Configuration_Guide/index.html[Administration and Configuration Guide for JBoss Enterprise Application Platform 6] or the link:https://docs.jboss.org/author/display/AS71/Getting+Started+Guide[Getting Started Guide].
+
+Of course, we need to allow JSF to interact with the services. The `MemberController` class is responsible for this:
+
+.src/main/java/org/jboss/as/quickstarts/kitchensink/controller/MemberController.java
+[source,java]
+------------------------------------------------------------------------
+@Model (1)
+public class MemberController {
+
+ @Inject (2)
+ private FacesContext facesContext;
+
+ @Inject (3)
+ private MemberRegistration memberRegistration;
+
+ @Produces (4)
+ @Named
+ private Member newMember;
+
+ @PostConstruct (5)
+ public void initNewMember() {
+ newMember = new Member();
+ }
+
+ public void register() throws Exception {
+ try {
+ memberRegistration.register(newMember); (6)
+ FacesMessage m =
+ new FacesMessage(FacesMessage.SEVERITY_INFO,
+ "Registered!",
+ "Registration successful");
+ facesContext.addMessage(null, m); (7)
+ initNewMember(); (8)
+ } catch (Exception e) {
+ String errorMessage = getRootErrorMessage(e);
+ FacesMessage m =
+ new FacesMessage(FacesMessage.SEVERITY_ERROR,
+ errorMessage,
+ "Registration unsuccessful");
+ facesContext.addMessage(null, m);
+ }
+ }
+
+ private String getRootErrorMessage(Exception e) {
+ // Default to general error message that registration failed.
+ String errorMessage = "Registration failed. See server log for more information";
+ if (e == null) {
+ // This shouldn't happen, but return the default messages
+ return errorMessage;
+ }
+
+ // Start with the exception and recurse to find the root cause
+ Throwable t = e;
+ while (t != null) {
+ // Get the message from the Throwable class instance
+ errorMessage = t.getLocalizedMessage();
+ t = t.getCause();
+ }
+ // This is the root cause message
+ return errorMessage;
+ }
+
+}
+------------------------------------------------------------------------
+<1> The `MemberController` class uses the `@Model` stereotype, which adds `@Named` and `@RequestScoped` to the class
+<2> The `FacesContext` is injected, so that messages can be sent to the user
+<3> The `MemberRegistration` bean is injected, to allow the controller to interact with the database
+<4> The `Member` class is exposed using a named producer field, which allows access from JSF. Note that that the named producer field has dependent scope, so every time it is injected, the field will be read
+<5> The `@PostConstruct` annotation causes a new member object to be placed in the `newMember` field when the bean is instantiated
+<6> When the register method is called, the `newMember` object is passed to the persistence service
+<7> We also send a message to the user, to give them feedback on their actions
+<8> Finally, we replace the `newMember` with a new object, thus blanking out the data the user has added so far. This works as the producer field is dependent scoped
+
+Before we wrap up our tour of the kitchensink application, let's take a look at how the JAX-RS endpoints are created. Firstly, `JaxRSActivator`, which extends `Application` and is annotated with `@ApplicationPath`, is the Jakarta EE "no XML" approach to activating JAX-RS.
+
+.src/main/java/org/jboss/as/quickstarts/kitchensink/rest/JaxRsActivator.java
+[source,java]
+------------------------------------------------------------------------
+@ApplicationPath("/rest")
+public class JaxRsActivator extends Application {
+ /* class body intentionally left blank */
+}
+------------------------------------------------------------------------
+
+The real work goes in `MemberResourceRESTService`, which produces the endpoint:
+
+.src/main/java/org/jboss/as/quickstarts/kitchensink/rest/MemberResourceRESTService.java
+[source,java]
+------------------------------------------------------------------------
+@Path("/members") (1)
+@RequestScoped (2)
+public class MemberResourceRESTService {
+
+ @Inject (3)
+ private Logger log;
+
+ @Inject (4)
+ private Validator validator;
+
+ @Inject (5)
+ private MemberRepository repository;
+
+ @Inject (6)
+ private MemberRegistration registration;
+
+ @GET (7)
+ @Produces(MediaType.APPLICATION_JSON)
+ public List<Member> listAllMembers() {
+ return repository.findAllOrderedByName();
+ }
+
+ @GET (8)
+ @Path("/{id:[0-9][0-9]*}")
+ @Produces(MediaType.APPLICATION_JSON)
+ public Member lookupMemberById(@PathParam("id") long id) {
+ Member member = repository.findById(id);
+ if (member == null) {
+ throw new
+ WebApplicationException(Response.Status.NOT_FOUND);
+ }
+ return member;
+ }
+
+ /**
+ * Creates a new member from the values provided. Performs
+ * validation, and will return a JAX-RS response with either
+ * 200 ok, or with a map of fields, and related errors.
+ */
+ @POST
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
+ public Response createMember(Member member) { (9)
+ Response.ResponseBuilder builder = null;
+
+ try {
+ // Validates member using bean validation
+ validateMember(member); (10)
+
+ registration.register(member); (11)
+
+ //Create an "ok" response
+ builder = Response.ok();
+ } catch (ConstraintViolationException ce) { (12)
+ //Handle bean validation issues
+ builder = createViolationResponse(
+ ce.getConstraintViolations());
+ } catch (ValidationException e) {
+ //Handle the unique constrain violation
+ Map<String, String> responseObj =
+ new HashMap<String, String>();
+ responseObj.put("email", "Email taken");
+ builder = Response.status(Response.Status.CONFLICT)
+ .entity(responseObj);
+ } catch (Exception e) {
+ // Handle generic exceptions
+ Map<String, String> responseObj
+ = new HashMap<String, String>();
+ responseObj.put("error", e.getMessage());
+ builder = Response.status(Response.Status.BAD_REQUEST)
+ .entity(responseObj);
+ }
+
+ return builder.build();
+ }
+
+
+ /**
+ * <p>
+ * Validates the given Member variable and throws validation
+ * exceptions based on the type of error. If the error is
+ * standard bean validation errors then it will throw a
+ * ConstraintValidationException with the set of the
+ * constraints violated.
+ * </p>
+ * <p>
+ * If the error is caused because an existing member with the
+ * same email is registered it throws a regular validation
+ * exception so that it can be interpreted separately.
+ * </p>
+ *
+ * @param member Member to be validated
+ * @throws ConstraintViolationException
+ * If Bean Validation errors exist
+ * @throws ValidationException
+ * If member with the same email already exists
+ */
+ private void validateMember(Member member)
+ throws ConstraintViolationException,
+ ValidationException {
+ //Create a bean validator and check for issues.
+ Set<ConstraintViolation<Member>> violations =
+ validator.validate(member);
+
+ if (!violations.isEmpty()) {
+ throw new ConstraintViolationException(
+ new HashSet<ConstraintViolation<?>>(violations));
+ }
+
+ //Check the uniqueness of the email address
+ if (emailAlreadyExists(member.getEmail())) {
+ throw new ValidationException("Unique Email Violation");
+ }
+ }
+
+ /**
+ * Creates a JAX-RS "Bad Request" response including a map of
+ * all violation fields, and their message. This can then be
+ * used by clients to show violations.
+ *
+ * @param violations A set of violations that needs to be
+ * reported
+ * @return JAX-RS response containing all violations
+ */
+ private Response.ResponseBuilder createViolationResponse
+ (Set<ConstraintViolation<?>> violations) {
+ log.fine("Validation completed. violations found: "
+ + violations.size());
+
+ Map<String, String> responseObj =
+ new HashMap<String, String>();
+
+ for (ConstraintViolation<?> violation : violations) {
+ responseObj.put(violation.getPropertyPath().toString(),
+ violation.getMessage());
+ }
+
+ return Response.status(Response.Status.BAD_REQUEST)
+ .entity(responseObj);
+ }
+
+ /**
+ * Checks if a member with the same email address is already
+ * registered. This is the only way to easily capture the
+ * "@UniqueConstraint(columnNames = "email")" constraint from
+ * the Member class.
+ *
+ * @param email The email to check
+ * @return True if the email already exists, and false
+ otherwise
+ */
+ public boolean emailAlreadyExists(String email) {
+ Member member = null;
+ try {
+ member = repository.findByEmail(email);
+ } catch (NoResultException e) {
+ // ignore
+ }
+ return member != null;
+ }
+}
+------------------------------------------------------------------------
+<1> The `@Path` annotation tells JAX-RS that this class provides a REST endpoint mapped to `rest/members` (concatenating the path from the activator with the path for this endpoint).
+<2> The bean is request scoped, as JAX-RS interactions typically don't hold state between requests
+<3> JAX-RS endpoints are CDI enabled, and can use CDI-style injection.
+<4> CDI allows us to inject a Bean Validation `Validator` instance, which is used to validate the POSTed member before it is persisted
+<5> `MemberRegistration` is injected to allow us to alter the member database
+<6> `MemberRepository` is injected to allow us to query the member database
+<7> The `listAllMembers()` method is called when the raw endpoint is accessed and offers up a list of endpoints. Notice that the object is automatically marshalled to JSON by RESTEasy (the JAX-RS implementation included in JBoss WildFly).
+<8> The `lookupMemberById()` method is called when the endpoint is accessed with a member id parameter appended (for example `rest/members/1)`. Again, the object is automatically marshalled to JSON by RESTEasy.
+<9> `createMember()` is called when a POST is performed on the URL. Once again, the object is automatically unmarshalled from JSON.
+<10> In order to ensure that the member is valid, we call the `validateMember` method, which validates the object, and adds any constraint violations to the response. These can then be handled on the client side, and displayed to the user
+<11> The object is then passed to the `MemberRegistration` service to be persisted
+<12> We then handle any remaining issues with validating the object, which are raised when the object is persisted
+
+
+Arquillian
+~~~~~~~~~~
+
+If you've been following along with the Test Driven Development craze of the past few years, you're probably getting a bit nervous by now, wondering how on earth you are going to test your application. Lucky for you, the Arquillian project is here to help!
+
+Arquillian provides all the boiler plate for running your test inside JBoss WildFly, allowing you to concentrate on testing your application. In order to do that, it utilizes Shrinkwrap, a fluent API for defining packaging, to create an archive to deploy. We'll go through the testcase, and how you configure Arquillian in just a moment, but first let's run the test.
+
+Before we start, we need to let Arquillian know the path to our server. Open up `src/test/resources/arquillian.xml`, uncomment the `<configuration>` elements, and set the `jbossHome` property to the path to the server:
+
+image:gfx/eclipse_arquillian_0.png[]
+
+Now, make sure the server is not running (so that the instance started for running the test does not interfere), and then run the tests from the command line by typing:
+
+ mvn clean test -Parq-managed
+
+You should see the server start up, a `test.war` deployed, test executed, and then the results displayed to you on the console:
+
+------------------------------------------------------------------------
+$ > mvn clean test -Parq-managed
+
+
+[INFO] Scanning for projects...
+[INFO]
+[INFO] ------------------------------------------------------------------------
+[INFO] Building WildFly Quickstarts: Kitchensink 7.0.0-SNAPSHOT
+[INFO] ------------------------------------------------------------------------
+[INFO]
+[INFO] --- maven-clean-plugin:2.4.1:clean (default-clean) @ wildfly-kitchensink ---
+[INFO] Deleting /Users/pmuir/workspace/wildfly-docs/quickstarts/kitchensink/target
+[INFO]
+[INFO] --- maven-resources-plugin:2.4.3:resources (default-resources) @ wildfly-kitchensink ---
+[INFO] Using 'UTF-8' encoding to copy filtered resources.
+[INFO] Copying 2 resources
+[INFO]
+[INFO] --- maven-compiler-plugin:2.3.1:compile (default-compile) @ wildfly-kitchensink ---
+[INFO] Compiling 6 source files to /Users/pmuir/workspace/wildfly-docs/quickstarts/kitchensink/target/classes
+[INFO]
+[INFO] --- maven-resources-plugin:2.4.3:testResources (default-testResources) @ wildfly-kitchensink ---
+[INFO] Using 'UTF-8' encoding to copy filtered resources.
+[INFO] Copying 1 resource
+[INFO]
+[INFO] --- maven-compiler-plugin:2.3.1:testCompile (default-testCompile) @ wildfly-kitchensink ---
+[INFO] Compiling 1 source file to /Users/pmuir/workspace/wildfly-docs/quickstarts/kitchensink/target/test-classes
+[INFO]
+[INFO] --- maven-surefire-plugin:2.7.2:test (default-test) @ wildfly-kitchensink ---
+[INFO] Surefire report directory: /Users/pmuir/workspace/wildfly-docs/quickstarts/kitchensink/target/surefire-reports
+
+-------------------------------------------------------
+ T E S T S
+-------------------------------------------------------
+Running org.jboss.as.quickstarts.kitchensink.test.MemberRegistrationTest
+Jun 25, 2011 7:17:49 PM org.jboss.arquillian.container.impl.client.container.ContainerRegistryCreator getActivatedConfiguration
+INFO: Could not read active container configuration: null
+log4j:WARN No appenders could be found for logger (org.jboss.remoting).
+log4j:WARN Please initialize the log4j system properly.
+Jun 25, 2011 7:17:54 PM org.jboss.as.arquillian.container.managed.ManagedDeployableContainer startInternal
+INFO: Starting container with: [java, -Djboss.home.dir=/Users/pmuir/development/jboss, -Dorg.jboss.boot.log.file=/Users/pmuir/development/jboss/standalone/log/boot.log, -Dlogging.configuration=file:/Users/pmuir/development/jboss/standalone/configuration/logging.properties, -jar, /Users/pmuir/development/jboss/jboss-modules.jar, -mp, /Users/pmuir/development/jboss/modules, -logmodule, org.jboss.logmanager, -jaxpmodule, javax.xml.jaxp-provider, org.jboss.as.standalone, -server-config, standalone.xml]
+19:17:55,107 INFO [org.jboss.modules] JBoss Modules version 1.0.0.CR4
+19:17:55,329 INFO [org.jboss.msc] JBoss MSC version 1.0.0.CR2
+19:17:55,386 INFO [org.jboss.as] JBoss WildFly.0.0.Beta4-SNAPSHOT "(TBD)" starting
+19:17:56,159 INFO [org.jboss.as] creating http management service using network interface (management) port (9990) securePort (-1)
+19:17:56,181 INFO [org.jboss.as.logging] Removing bootstrap log handlers
+19:17:56,189 INFO [org.jboss.as.naming] (Controller Boot Thread) Activating Naming Subsystem
+19:17:56,203 INFO [org.jboss.as.naming] (MSC service thread 1-4) Starting Naming Service
+19:17:56,269 INFO [org.jboss.as.security] (Controller Boot Thread) Activating Security Subsystem
+19:17:56,305 INFO [org.jboss.remoting] (MSC service thread 1-1) JBoss Remoting version 3.2.0.Beta2
+19:17:56,317 INFO [org.xnio] (MSC service thread 1-1) XNIO Version 3.0.0.Beta3
+19:17:56,331 INFO [org.xnio.nio] (MSC service thread 1-1) XNIO NIO Implementation Version 3.0.0.Beta3
+19:17:56,522 INFO [org.jboss.as.connector.subsystems.datasources] (Controller Boot Thread) Deploying JDBC-compliant driver class org.h2.Driver (version 1.2)
+19:17:56,572 INFO [org.apache.catalina.core.AprLifecycleListener] (MSC service thread 1-7) The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: .:/Library/Java/Extensions:/System/Library/Java/Extensions:/usr/lib/java
+19:17:56,627 INFO [org.jboss.as.remoting] (MSC service thread 1-3) Listening on /127.0.0.1:9999
+19:17:56,641 INFO [org.jboss.as.jmx.JMXConnectorService] (MSC service thread 1-2) Starting remote JMX connector
+19:17:56,705 INFO [org.jboss.as.ee] (Controller Boot Thread) Activating EE subsystem
+19:17:56,761 INFO [org.apache.coyote.http11.Http11Protocol] (MSC service thread 1-7) Starting Coyote HTTP/1.1 on http--127.0.0.1-8080
+19:17:56,793 INFO [org.jboss.as.connector] (MSC service thread 1-3) Starting JCA Subsystem (JBoss IronJacamar 1.0.0.CR2)
+19:17:56,837 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-2) Bound data source [java:jboss/datasources/ExampleDS]
+19:17:57,335 INFO [org.jboss.as.server.deployment] (MSC service thread 1-1) Starting deployment of "arquillian-service"
+19:17:57,348 INFO [org.jboss.as.deployment] (MSC service thread 1-7) Started FileSystemDeploymentService for directory /Users/pmuir/development/jboss/standalone/deployments
+19:17:57,693 INFO [org.jboss.as] (Controller Boot Thread) JBoss WildFly.0.0.Beta4-SNAPSHOT "(TBD)" started in 2806ms - Started 111 of 138 services (27 services are passive or on-demand)
+19:18:00,596 INFO [org.jboss.as.server.deployment] (MSC service thread 1-6) Stopped deployment arquillian-service in 8ms
+19:18:01,394 INFO [org.jboss.as.server.deployment] (pool-2-thread-7) Content added at location /Users/pmuir/development/jboss/standalone/data/content/0a/9e20b7bc978fd2778b89c7c06e4d3e1f308dfe/content
+19:18:01,403 INFO [org.jboss.as.server.deployment] (MSC service thread 1-7) Starting deployment of "arquillian-service"
+19:18:01,650 INFO [org.jboss.as.server.deployment] (pool-2-thread-6) Content added at location /Users/pmuir/development/jboss/standalone/data/content/94/8324ab8f5a693c67fa57b59323304d3947bbf6/content
+19:18:01,659 INFO [org.jboss.as.server.deployment] (MSC service thread 1-5) Starting deployment of "test.war"
+19:18:01,741 INFO [org.jboss.jpa] (MSC service thread 1-7) read persistence.xml for primary
+19:18:01,764 INFO [org.jboss.weld] (MSC service thread 1-3) Processing CDI deployment: test.war
+19:18:01,774 INFO [org.jboss.as.ejb3.deployment.processors.EjbJndiBindingsDeploymentUnitProcessor] (MSC service thread 1-3) JNDI bindings for session bean named MemberRegistration in deployment unit deployment "test.war" are as follows:
+
+ java:global/test/MemberRegistration!org.jboss.as.quickstarts.kitchensink.controller.MemberRegistration
+ java:app/test/MemberRegistration!org.jboss.as.quickstarts.kitchensink.controller.MemberRegistration
+ java:module/MemberRegistration!org.jboss.as.quickstarts.kitchensink.controller.MemberRegistration
+ java:global/test/MemberRegistration
+ java:app/test/MemberRegistration
+ java:module/MemberRegistration
+
+19:18:01,908 INFO [org.jboss.weld] (MSC service thread 1-5) Starting Services for CDI deployment: test.war
+19:18:02,131 INFO [org.jboss.weld.Version] (MSC service thread 1-5) WELD-000900 1.1.1 (Final)
+19:18:02,169 INFO [org.jboss.weld] (MSC service thread 1-2) Starting weld service
+19:18:02,174 INFO [org.jboss.as.arquillian] (MSC service thread 1-3) Arquillian deployment detected: ArquillianConfig[service=jboss.arquillian.config."test.war",unit=test.war,tests=[org.jboss.as.quickstarts.kitchensink.test.MemberRegistrationTest]]
+19:18:02,179 INFO [org.jboss.jpa] (MSC service thread 1-6) starting Persistence Unit Service 'test.war#primary'
+19:18:02,322 INFO [org.hibernate.annotations.common.Version] (MSC service thread 1-6) Hibernate Commons Annotations 3.2.0.Final
+19:18:02,328 INFO [org.hibernate.cfg.Environment] (MSC service thread 1-6) HHH00412:Hibernate [WORKING]
+19:18:02,330 INFO [org.hibernate.cfg.Environment] (MSC service thread 1-6) HHH00206:hibernate.properties not found
+19:18:02,332 INFO [org.hibernate.cfg.Environment] (MSC service thread 1-6) HHH00021:Bytecode provider name : javassist
+19:18:02,354 INFO [org.hibernate.ejb.Ejb3Configuration] (MSC service thread 1-6) HHH00204:Processing PersistenceUnitInfo [
+ name: primary
+ ...]
+19:18:02,400 WARN [org.hibernate.cfg.AnnotationBinder] (MSC service thread 1-6) HHH00194:Package not found or wo package-info.java: org.jboss.as.quickstarts.kitchensink.test
+19:18:02,400 WARN [org.hibernate.cfg.AnnotationBinder] (MSC service thread 1-6) HHH00194:Package not found or wo package-info.java: org.jboss.as.quickstarts.kitchensink.controller
+19:18:02,401 WARN [org.hibernate.cfg.AnnotationBinder] (MSC service thread 1-6) HHH00194:Package not found or wo package-info.java: org.jboss.as.quickstarts.kitchensink.util
+19:18:02,401 WARN [org.hibernate.cfg.AnnotationBinder] (MSC service thread 1-6) HHH00194:Package not found or wo package-info.java: org.jboss.as.quickstarts.kitchensink.model
+19:18:02,592 INFO [org.hibernate.service.jdbc.connections.internal.ConnectionProviderInitiator] (MSC service thread 1-6) HHH00130:Instantiating explicit connection provider: org.hibernate.ejb.connection.InjectedDataSourceConnectionProvider
+19:18:02,852 INFO [org.hibernate.dialect.Dialect] (MSC service thread 1-6) HHH00400:Using dialect: org.hibernate.dialect.H2Dialect
+19:18:02,858 WARN [org.hibernate.dialect.H2Dialect] (MSC service thread 1-6) HHH00431:Unable to determine H2 database version, certain features may not work
+19:18:02,862 INFO [org.hibernate.engine.jdbc.internal.LobCreatorBuilder] (MSC service thread 1-6) HHH00423:Disabling contextual LOB creation as JDBC driver reported JDBC version [3] less than 4
+19:18:02,870 INFO [org.hibernate.engine.transaction.internal.TransactionFactoryInitiator] (MSC service thread 1-6) HHH00268:Transaction strategy: org.hibernate.engine.transaction.internal.jta.CMTTransactionFactory
+19:18:02,874 INFO [org.hibernate.hql.internal.ast.ASTQueryTranslatorFactory] (MSC service thread 1-6) HHH00397:Using ASTQueryTranslatorFactory
+19:18:02,911 INFO [org.hibernate.validator.util.Version] (MSC service thread 1-6) Hibernate Validator 4.1.0.Final
+19:18:02,917 INFO [org.hibernate.validator.engine.resolver.DefaultTraversableResolver] (MSC service thread 1-6) Instantiated an instance of org.hibernate.validator.engine.resolver.JPATraversableResolver.
+19:18:03,079 INFO [org.hibernate.tool.hbm2ddl.SchemaExport] (MSC service thread 1-6) HHH00227:Running hbm2ddl schema export
+19:18:03,093 INFO [org.hibernate.tool.hbm2ddl.SchemaExport] (MSC service thread 1-6) HHH00230:Schema export complete
+19:18:03,217 INFO [org.jboss.web] (MSC service thread 1-5) registering web context: /test
+19:18:03,407 WARN [org.jboss.weld.Bean] (RMI TCP Connection(3)-127.0.0.1) WELD-000018 Executing producer field or method [method] @Produces public org.jboss.as.quickstarts.kitchensink.test.MemberRegistrationTest.produceLog(InjectionPoint) on incomplete declaring bean Managed Bean [class org.jboss.as.quickstarts.kitchensink.test.MemberRegistrationTest] with qualifiers [@Any @Default] due to circular injection
+19:18:03,427 WARN [org.jboss.weld.Bean] (RMI TCP Connection(3)-127.0.0.1) WELD-000018 Executing producer field or method [method] @Produces public org.jboss.as.quickstarts.kitchensink.test.MemberRegistrationTest.produceLog(InjectionPoint) on incomplete declaring bean Managed Bean [class org.jboss.as.quickstarts.kitchensink.test.MemberRegistrationTest] with qualifiers [@Any @Default] due to circular injection
+19:18:03,450 WARN [org.jboss.as.ejb3.component.EJBComponent] (RMI TCP Connection(3)-127.0.0.1) EJBTHREE-2120: deprecated getTransactionAttributeType method called (dev problem)
+19:18:03,459 INFO [org.jboss.as.quickstarts.kitchensink.controller.MemberRegistration] (RMI TCP Connection(3)-127.0.0.1) Registering Jane Doe
+19:18:03,616 INFO [org.jboss.as.quickstarts.kitchensink.test.MemberRegistrationTest] (RMI TCP Connection(3)-127.0.0.1) Jane Doe was persisted with id 1
+19:18:03,686 INFO [org.jboss.jpa] (MSC service thread 1-1) stopping Persistence Unit Service 'test.war#primary'
+19:18:03,687 INFO [org.hibernate.tool.hbm2ddl.SchemaExport] (MSC service thread 1-1) HHH00227:Running hbm2ddl schema export
+19:18:03,690 INFO [org.jboss.weld] (MSC service thread 1-3) Stopping weld service
+19:18:03,692 INFO [org.hibernate.tool.hbm2ddl.SchemaExport] (MSC service thread 1-1) HHH00230:Schema export complete
+19:18:03,704 INFO [org.jboss.as.server.deployment] (MSC service thread 1-8) Stopped deployment test.war in 52ms
+Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 14.859 sec
+
+Results :
+
+Tests run: 1, Failures: 0, Errors: 0, Skipped: 0
+
+[INFO] ------------------------------------------------------------------------
+[INFO] BUILD SUCCESS
+[INFO] ------------------------------------------------------------------------
+[INFO] Total time: 22.305s
+[INFO] Finished at: Sat Jun 25 19:18:04 BST 2011
+[INFO] Final Memory: 17M/125M
+[INFO] ------------------------------------------------------------------------
+
+------------------------------------------------------------------------
+
+As you can see, that didn't take too long (approximately 15s), and is great for running in your QA environment, but if you running locally, you might prefer to connect to a running server. To do that, start up JBoss WildFly (as described in <<GettingStarted-, Getting Started with JBoss Enterprise Application Platform of WildFly>>. Now, run your test, but use the `arq-wildfly-remote` profile:
+
+ mvn clean test -Parq-remote
+
+------------------------------------------------------------------------
+$ > mvn clean test -Parq-remote
+
+
+[INFO] Scanning for projects...
+[INFO]
+[INFO] ------------------------------------------------------------------------
+[INFO] Building WildFly Quickstarts: Kitchensink 7.0.0-SNAPSHOT
+[INFO] ------------------------------------------------------------------------
+[INFO]
+[INFO] --- maven-clean-plugin:2.4.1:clean (default-clean) @ wildfly-kitchensink ---
+[INFO] Deleting /Users/pmuir/workspace/wildfly-docs/quickstarts/kitchensink/target
+[INFO]
+[INFO] --- maven-resources-plugin:2.4.3:resources (default-resources) @ wildfly-kitchensink ---
+[INFO] Using 'UTF-8' encoding to copy filtered resources.
+[INFO] Copying 2 resources
+[INFO]
+[INFO] --- maven-compiler-plugin:2.3.1:compile (default-compile) @ wildfly-kitchensink ---
+[INFO] Compiling 6 source files to /Users/pmuir/workspace/wildfly-docs/quickstarts/kitchensink/target/classes
+[INFO]
+[INFO] --- maven-resources-plugin:2.4.3:testResources (default-testResources) @ wildfly-kitchensink ---
+[INFO] Using 'UTF-8' encoding to copy filtered resources.
+[INFO] Copying 1 resource
+[INFO]
+[INFO] --- maven-compiler-plugin:2.3.1:testCompile (default-testCompile) @ wildfly-kitchensink ---
+[INFO] Compiling 1 source file to /Users/pmuir/workspace/wildfly-docs/quickstarts/kitchensink/target/test-classes
+[INFO]
+[INFO] --- maven-surefire-plugin:2.7.2:test (default-test) @ wildfly-kitchensink ---
+[INFO] Surefire report directory: /Users/pmuir/workspace/wildfly-docs/quickstarts/kitchensink/target/surefire-reports
+
+------------------------------------------------------
+ T E S T S
+-------------------------------------------------------
+Running org.jboss.as.quickstarts.kitchensink.test.MemberRegistrationTest
+Jun 25, 2011 7:22:28 PM org.jboss.arquillian.container.impl.client.container.ContainerRegistryCreator getActivatedConfiguration
+INFO: Could not read active container configuration: null
+log4j:WARN No appenders could be found for logger (org.jboss.as.arquillian.container.MBeanServerConnectionProvider).
+log4j:WARN Please initialize the log4j system properly.
+Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 4.13 sec
+
+Results :
+
+Tests run: 1, Failures: 0, Errors: 0, Skipped: 0
+
+[INFO] ------------------------------------------------------------------------
+[INFO] BUILD SUCCESS
+[INFO] ------------------------------------------------------------------------
+[INFO] Total time: 10.474s
+[INFO] Finished at: Sat Jun 25 19:22:33 BST 2011
+[INFO] Final Memory: 17M/125M
+[INFO] ------------------------------------------------------------------------
+$ >
+------------------------------------------------------------------------
+
+
+[IMPORTANT]
+========================================================================
+Arquillian defines two modes, _managed_ and _remote_ . The _managed_
+mode will take care of starting and stopping the server for you, whilst
+the _remote_ mode connects to an already running server.
+========================================================================
+
+This time you can see the test didn't start the server (if you check the instance you started, you will see the application was deployed there), and the test ran a lot faster (approximately 4s).
+
+We can also run the test from Eclipse, in both managed and remote modes. First, we'll run in in managed mode. In order to set up the correct dependencies on your classpath, right click on the project, and select Properties :
+
+image:gfx/eclipse_arquillian_1.png[]
+
+Now, locate the Maven panel:
+
+image:gfx/eclipse_arquillian_2.png[]
+
+And activate the `arq-managed` profile:
+
+image:gfx/eclipse_arquillian_3.png[]
+
+Finally, hit _Ok_, and then confirm you want to update the project configuration:
+
+image:gfx/eclipse_arquillian_4.png[]
+
+Once the project has built, locate the `MemberRegistrationTest` in `src/test/java`, right click on the test, and choose _Run As -> JUnit Test...`_:
+
+image:gfx/eclipse_arquillian_12.png[]
+
+You should see the server start in the Eclipse Console, the test be deployed, and finally the JUnit View pop up with the result (a pass of course!).
+
+We can also run the test in an already running instance of Eclipse. Simply change the active profile to `arq-remote`:
+
+image:gfx/eclipse_arquillian_11.png[]
+
+Now, make sure the server is running, right click on the test case and choose _Run As -> JUnit Test..._:
+
+image:gfx/eclipse_arquillian_12.png[]
+
+Again, you'll see the test run in the server, and the JUnit View pop up, with the test passing.
+
+So far so good, the test is running in both Eclipse and from the command line. But what does the test look like?
+
+.src/test/java/org/jboss/as/quickstarts/kitchensink/test/MemberRegistrationTest.java
+[source,java]
+------------------------------------------------------------------------
+@RunWith(Arquillian.class) (1)
+public class MemberRegistrationTest {
+ @Deployment (2)
+ public static Archive<?> createTestArchive() {
+ return ShrinkWrap.create(WebArchive.class, "test.war")
+ .addClasses(Member.class,
+ MemberRegistration.class,
+ Resources.class) (3)
+ .addAsResource("META-INF/test-persistence.xml",
+ "META-INF/persistence.xml") (4)
+ .addAsWebInfResource(EmptyAsset.INSTANCE,
+ "beans.xml") (5)
+ // Deploy our test datasource
+ .addAsWebInfResource("test-ds.xml"); (6)
+ }
+
+ @Inject (7)
+ MemberRegistration memberRegistration;
+
+ @Inject
+ Logger log;
+
+ @Test
+ public void testRegister() throws Exception { (8)
+ Member newMember = new Member();
+ newMember.setName("Jane Doe");
+ newMember.setEmail("jane@mailinator.com");
+ newMember.setPhoneNumber("2125551234");
+ memberRegistration.register(newMember);
+ assertNotNull(newMember.getId());
+ log.info(newMember.getName() +
+ " was persisted with id " +
+ newMember.getId());
+ }
+
+}
+------------------------------------------------------------------------
+<1> `@RunWith(Arquillian.class)` tells JUnit to hand control over to Arquillian when executing tests
+<2> The `@Deployment` annotation identifies the `createTestArchive()` static method to Arquillian as the one to use to determine which resources and classes to deploy
+<3> We add just the classes needed for the test, no more
+<4> We also add persistence.xml as our test is going to use the database
+<5> Of course, we must add beans.xml to enable CDI
+<6> Finally, we add a test datasource, so that test data doesn't overwrite production data
+<7> Arquillian allows us to inject beans into the test case
+<8> The test method works as you would expect - creates a new member, registers them, and then verifies that the member was created
+
+As you can see, Arquillian has lived up to the promise - the test case is focused on _what_ to test (the `@Deployment` method) and _how_ to test (the `@Test` method). It's also worth noting that this isn't a simplistic unit test - this is a fully fledged integration test that uses the database.
+
+Now, let's look at how we configure Arquillian. First of all, let's take a look at `arquillian.xml` in `src/test/resources`.
+
+
+.src/test/resources/META-INF/arquillian.xml
+[source,xml]
+------------------------------------------------------------------------
+<arquillian xmlns="http://jboss.org/schema/arquillian"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://jboss.org/schema/arquillian
+ http://jboss.org/schema/arquillian/arquillian_1_0.xsd">
+
+ <!-- Uncomment to have test archives exported to the
+ file system for inspection -->
+<!-- <engine> --> (1)
+<!-- <property name="deploymentExportPath">
+ target/
+ </property> -->
+<!-- </engine> -->
+
+ <!-- Force the use of the Servlet 3.0 protocol with all
+ containers, as it is the most mature -->
+ <defaultProtocol type="Servlet 3.0" /> (2)
+
+ <!-- Example configuration for a remote JBoss WildFly instance -->
+ <container qualifier="jboss" default="true">
+ <!-- If you want to use the JBOSS_HOME environment variable,
+ just delete the jbossHome property -->
+ <configuration>
+ <property name="jbossHome">/path/to/wildfly</property>
+ </configuration>
+ </container>
+
+</arquillian>
+------------------------------------------------------------------------
+<1> Arquillian deploys the test war, and doesn't write it to disk. For debugging, it can be very useful to see exactly what is in your war, so Arquillian allows you to export the war when the tests runs
+<2> Arquillian currently needs configuring to use the Servlet protocol to connect to the server
+
+Now, we need to look at how we select between containers in the `pom.xml`:
+
+.pom.xml
+[source,xml]
+------------------------------------------------------------------------
+<profile>
+ <!-- An optional Arquillian testing profile that executes tests
+ in your WildFly instance -->
+ <!-- This profile will start a new WildFly instance, and
+ execute the test, shutting it down when done -->
+ <!-- Run with: mvn clean test -Parq-managed -->
+ <id>arq-wildfly-managed</id> (1)
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.as</groupId>
+ <artifactId> (2)
+ wildfly-arquillian-container-managed
+ </artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</profile>
+
+<profile>
+ <!-- An optional Arquillian testing profile that executes
+ tests in a remote WildFly instance -->
+ <!-- Run with: mvn clean test -Parq-remote -->
+ <id>arq-wildfly-remote</id>
+ <dependencies>
+ <dependency>
+ <groupId>org.jboss.as</groupId>
+ <artifactId> (3)
+ wildfly-arquillian-container-remote
+ </artifactId>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+</profile>
+------------------------------------------------------------------------
+<1> The profile needs an id so we can activate from Eclipse or the command line
+<2> Arquillian decides which container to use depending on your classpath. Here we define the managed container
+<3> Arquillian decides which container to use depending on your classpath. Here we define the remote container
+
+And that's it! As you can see Arquillian delivers simple and true testing. You can concentrate on writing your test functionality, and run your tests in the same environment in which you will run your application.
+
+
+[TIP]
+========================================================================
+Arquillian also offers other containers, allowing you to run your tests
+against Weld Embedded (super fast, but your enterprise services are
+mocked), GlassFish, and more
+========================================================================
+
+That concludes our tour of the kitchensink quickstart. If you would like to use this project as a basis for your own application, you can of course copy this application sources and modify it.
+
+
+= Creating your own application
+:Author: Pete Muir
+
+[[Archetype-]]
+
+What we didn't tell you about the kitchensink quickstart is that it is generated from a Maven archetype. Using this archetype offers you the perfect opportunity to generate your own project.
+
+You can create a project from the archetype using Red Hat CodeReady Studio, or Eclipse with JBoss Tools. First, open up _JBoss Central_, if it isn't already open. Hit _Cmd-3_ (Mac) or _Ctrl-3_ (Windows, Linux) and type _JBoss Central_:
+
+image:gfx/Eclipse_JBoss_Central_1.png[]
+
+You will now be shown _JBoss Central_, an excellent place to find about all things JBoss!
+
+image:gfx/Eclipse_JBoss_Central_2.png[]
+
+To create a new project, based on the kitchensink quickstart, click on _Create Projects | Jakarta EE Web Project_:
+
+image:gfx/Eclipse_JavaEEWebProject_1.png[]
+
+Red Hat CodeReady Studio will then check that you have the necessary pre-requisites to create the project. If you are using CodeReady, then you should, otherwise, JBoss Tools will help you install the necessary pre-requisites. See link:http://jboss.org/tools[JBoss Tools] for more information.
+
+Hit _Next >_. On the next screen you can enter a project name, package for sample code, and finally select a target runtime:
+
+image:gfx/Eclipse_JavaEEWebProject_2.png[]
+
+Finally, hit _Finish_. You'll be presented with the _New Project Example_ dialog, in which you can simply hit _Finish_:
+
+image:gfx/Eclipse_JavaEEWebProject_3.png[]
+
+You should now have a brand new project:
+
+image:gfx/Eclipse_JavaEEWebProject_4.png[]
+
+Enjoy!
+
+
+To use the archetype to generate a new project, you should run:
+
+ mvn archetype:generate \
+ -DarchetypeArtifactId=jboss-javaee7-webapp-archetype \
+ -DarchetypeGroupId=org.jboss.spec.archetypes \
+ -DarchetypeVersion=7.1.1.CR2 \
+
+Maven will download the archetype and it's dependencies, and ask you some questions:
+
+------------------------------------------------------------------------
+$ > mvn archetype:generate \
+ -DarchetypeArtifactId=jboss-javaee7-webapp-archetype \
+ -DarchetypeGroupId=org.jboss.spec.archetypes \
+ -DarchetypeVersion=7.1.1.CR2
+[INFO] Scanning for projects...
+[INFO]
+[INFO] ------------------------------------------------------------------------
+[INFO] Building Maven Stub Project (No POM) 1
+[INFO] ------------------------------------------------------------------------
+[INFO]
+
+.........
+
+Define value for property 'groupId': : com.acme.corp (1)
+Define value for property 'artifactId': : acme-sales (2)
+Define value for property 'version': 1.0-SNAPSHOT: : (3)
+Define value for property 'package': com.acme.corp: : (4)
+[INFO] Using property: name = Jakarta EE webapp project (5)
+Confirm properties configuration:
+groupId: com.acme.corp
+artifactId: acme-sales
+version: 1.0-SNAPSHOT
+package: com.acme.corp
+name: Jakarta EE webapp project
+ Y: :
+[WARNING] CP Don't override file /Users/pmuir/tmp/acme-sales/.settings/org.eclipse.jdt.apt.core.prefs
+[INFO] ------------------------------------------------------------------------
+[INFO] BUILD SUCCESS
+[INFO] ------------------------------------------------------------------------
+[INFO] Total time: 14.774s
+[INFO] Finished at: Mon Jun 06 18:53:38 BST 2011
+[INFO] Final Memory: 7M/125M
+[INFO] ------------------------------------------------------------------------
+$ >
+------------------------------------------------------------------------
+<1> Enter the groupId you wish to use
+<2> Enter the artifactId you wish to use
+<3> Enter the version you wish to use, or just hit Enter if you wish to accept the default 1.0-SNAPSHOT
+<4> Enter the java package you wish to use, or just hit Enter if you wish to accept the default (which is copied from groupId ).
+<5> Finally, if you are happy with your choices, hit Enter and Maven will generate the project for you.
+
+And that's it, you now have a brand new project with the same functionality as `kitchensink`, but customized with your details.
+
+[IMPORTANT]
+========================================================================
+The archetype contains some sample code to get you started. If you
+would prefer a blank canvas, with only a project skeleton, then use
+`jboss-javaee7-webapp-blank-archetype` as your archetype id.
+========================================================================
+
+[IMPORTANT]
+.Prefer Enterprise Applications (EARs)?
+========================================================================
+The archetype generates a WAR project. With Jakarta EE, you can include
+EJBs in your WAR, meaning you won't need an EAR until you need to divide
+your code into modules. If you would like to create an EAR based project
+then use `jboss-javaee7-webapp-ear-archetype`
+as your archetype id (or if you want a blank EAR, then
+`jboss-javaee7-webapp-ear-blank-archetype`).
+========================================================================
+
+
+
+
+= More Resources
+
+[cols=","]
+|=======================================================================
+| link:Getting_Started_Guide{outfilesuffix}[Getting Started Guide] |The Getting Started Guide covers topics such as
+server layout (what you can configure where), data source definition,
+and using the web management interface.
+
+|=======================================================================
+
+:leveloffset: +1
+
+[[Developing_Jakarta_Faces_Project_Using,_Maven_and_IntelliJ]]
+= Developing Jakarta Faces Project Using JBoss AS7, Maven and IntelliJ
+
+
+JBoss AS7 is a very 'modern' application server that has very fast
+startup speed. So it's an excellent container to test your Jakarta Faces project.
+In this article, I'd like to show you how to use AS7, maven and IntelliJ
+together to develop your Jakarta Faces project.
+
+In this article I'd like to introduce the following things:
+
+* Create a project using Maven
+* Add Jakarta Faces into project
+* Writing Code
+* Add JBoss AS 7 deploy plugin into project
+* Deploy project to JBoss AS 7
+* Import project into IntelliJ
+* Add IntelliJ Jakarta Faces support to project
+* Add JBoss AS7 to IntelliJ
+* Debugging project with IntelliJ and AS7
+
+I won't explain many basic concepts about AS7, maven and IntelliJ in
+this article because there are already many good introductions on these
+topics. So before doing the real work, there some preparations should be
+done firstly:
+
+*Download JBoss AS7*
+
+It could be downloaded from here:
+https://www.jboss.org/jbossas/downloads/
+
+Using the latest release would be fine. When I'm writing this article
+the latest version is 7.1.1.Final.
+
+*Install Maven*
+
+Please make sure you have maven installed on your machine. Here is my
+environment:
+
+[source,options="nowrap"]
+----
+weli@power:~$ mvn -version
+Apache Maven 3.0.3 (r1075438; 2011-03-01 01:31:09+0800)
+Maven home: /usr/share/maven
+Java version: 1.6.0_33, vendor: Apple Inc.
+Java home: /System/Library/Java/JavaVirtualMachines/1.6.0.jdk/Contents/Home
+Default locale: en_US, platform encoding: MacRoman
+OS name: "mac os x", version: "10.8", arch: "x86_64", family: "mac"
+----
+
+*Get IntelliJ*
+
+In this article I'd like to use IntelliJ Ultimate Edition as the IDE for
+development, it's a commercial software and can be downloaded from:
+https://www.jetbrains.com/idea/
+
+The version I'm using is IntelliJ IDEA Ultimate 11.1
+
+After all of these prepared, we can dive into the real work:
+
+[[create-a-project-using-maven]]
+== Create a project using Maven
+
+Use the following maven command to create a web project:
+
+[source,options="nowrap"]
+----
+mvn archetype:create -DarchetypeGroupId=org.apache.maven.archetypes \
+-DarchetypeArtifactId=maven-archetype-webapp \
+-DarchetypeVersion=1.0 \
+-DgroupId=net.bluedash \
+-DartifactId=jsfdemo \
+-Dversion=1.0-SNAPSHOT
+----
+
+If everything goes fine maven will generate the project for us:
+
+image:images/jsf/8108c4f111aab2c3465472eb84cf1d9b7cf912d0.jpg[alt=jsf/8108c4f111aab2c3465472eb84cf1d9b7cf912d0.jpg]
+
+The contents of the project is shown as above.
+
+[[add-Jakarta-Faces-into-project]]
+== Add Jakarta Faces into project
+
+The Jakarta Faces library is now included in maven repo, so we can let maven to
+manage the download for us. First is to add repository into our pom.xml:
+
+[source,java,options="nowrap"]
+----
+<repository>
+ <id>jvnet-nexus-releases</id>
+ <name>jvnet-nexus-releases</name>
+ <url>https://maven.java.net/content/repositories/releases/</url>
+</repository>
+----
+
+Then we add Jakarta Faces dependency into pom.xml:
+
+[source,xml,options="nowrap"]
+----
+<dependency>
+ <groupId>jakarta.faces</groupId>
+ <artifactId>jakarta.faces-api</artifactId>
+ <version>4.0.1</version>
+ <scope>provided</scope>
+</dependency>
+----
+
+Please note the 'scope' is 'provided', because we don't want to bundle
+the jsf.jar into the war produced by our project later, as JBoss AS7
+already have Jakarta Faces bundled in.
+
+Then we run 'mvn install' to update the project, and maven will download
+jsf-api for us automatically.
+
+[[writing-code]]
+== Writing Code
+
+Writing Jakarta Faces code in this article is trivial, so I've put written a
+project called 'jsfdemo' onto github:
+
+https://github.com/liweinan/jsfdemo
+
+Please clone this project into your local machine, and import it into
+IntelliJ following the steps described as above.
+
+[[add-jboss-as-7-deploy-plugin-into-project]]
+== Add JBoss AS 7 deploy plugin into project
+
+JBoss AS7 has provide a set of convenient maven plugins to perform daily
+tasks such as deploying project into AS7. In this step let's see how to
+use it in our project.
+
+We should put AS7's repository into pom.xml:
+
+[source,xml,options="nowrap"]
+----
+<repository>
+ <id>jboss-public-repository-group</id>
+ <name>JBoss Public Repository Group</name>
+ <url>https://repository.jboss.org/nexus/content/groups/public/</url>
+ <layout>default</layout>
+ <releases>
+ <enabled>true</enabled>
+ <updatePolicy>never</updatePolicy>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ <updatePolicy>never</updatePolicy>
+ </snapshots>
+</repository>
+----
+
+And also the plugin repository:
+
+[source,java,options="nowrap"]
+----
+<pluginRepository>
+ <id>jboss-public-repository-group</id>
+ <name>JBoss Public Repository Group</name>
+ <url>https://repository.jboss.org/nexus/content/groups/public/</url>
+ <releases>
+ <enabled>true</enabled>
+ </releases>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+</pluginRepository>
+----
+
+And put jboss deploy plugin into 'build' section:
+
+[source,java,options="nowrap"]
+----
+<plugin>
+ <groupId>org.jboss.as.plugins</groupId>
+ <artifactId>jboss-as-maven-plugin</artifactId>
+ <executions>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>deploy</goal>
+ </goals>
+ </execution>
+ </executions>
+</plugin>
+----
+
+I've put the final version pom.xml here to check whether your
+modification is correct:
+
+https://github.com/liweinan/jsfdemo/blob/master/pom.xml
+
+Now we have finished the setup work for maven.
+
+[[deploy-project-to-jboss-as-7]]
+== Deploy project to JBoss AS 7
+
+To deploy the project to JBoss AS7, we should start AS7 firstly. In
+JBoss AS7 directory, run following command:
+
+[source,java,options="nowrap"]
+----
+bin/standalone.sh
+----
+
+AS7 should start in a short time. Then let's go back to our project
+directory and run maven command:
+
+[source,java,options="nowrap"]
+----
+mvn -q jboss-as:deploy
+----
+
+Maven will use some time to download necessary components for a while,
+so please wait patiently. After a while, we can see the result:
+
+image:images/jsf/97d781c6be9db755aef80a110f1d9b29590610d6.jpg[alt=jsf/97d781c6be9db755aef80a110f1d9b29590610d6.jpg]
+
+And if you check the console output of AS7, you can see the project is
+deployed:
+
+image:images/jsf/2._java.jpg[alt=jsf/2._java.jpg]
+
+Now we have learnt how to create a Jakarta Faces project and deploy it to AS7
+without any help from graphical tools. Next let's see how to use
+IntelliJ IDEA to go on developing/debugging our project.
+
+[[import-project-into-intellij]]
+== Import project into IntelliJ
+
+Now it's time to import the project into IntelliJ. Now let's open
+IntelliJ, and choose 'New Project...':
+
+image:images/jsf/05222f3059e387df96ce04d2aea156c82af15096.jpg[alt=jsf/05222f3059e387df96ce04d2aea156c82af15096.jpg]
+
+The we choose 'Import project from external model':
+
+image:images/jsf/d68a0cdbc8c90db3db8af998f34616f73c7fe809.jpg[alt=jsf/d68a0cdbc8c90db3db8af998f34616f73c7fe809.jpg]
+
+Next step is choosing 'Maven':
+
+image:images/jsf/0b3d1cb5794fb54a2465da93648b5a0d1a6643f3.jpg[alt=jsf/0b3d1cb5794fb54a2465da93648b5a0d1a6643f3.jpg]
+
+Then IntelliJ will ask you the position of the project you want to
+import. In 'Root directory' input your project's directory and leave
+other options as default:
+
+image:images/jsf/2f192d02993248c97e2ac42ea8f3105d855e5cdf.jpg[alt=jsf/2f192d02993248c97e2ac42ea8f3105d855e5cdf.jpg]
+
+For next step, just click 'Next':
+
+image:images/jsf/3a3ee36eb581930822c4a66362795345f5d2f9a7.jpg[alt=jsf/3a3ee36eb581930822c4a66362795345f5d2f9a7.jpg]
+
+Finally click 'Finish':
+
+image:images/jsf/91e40cd0b1545cff4622857d6dc9959f96faf056.jpg[alt=jsf/91e40cd0b1545cff4622857d6dc9959f96faf056.jpg]
+
+Hooray! We've imported the project into IntelliJ now icon:smile-o[role="yellow"]
+
+[[adding-intellij-Jakarta-Faces-support-to-project]]
+== Adding IntelliJ Jakarta Faces support to project
+
+Let's see how to use IntelliJ and AS7 to debug the project. First we
+need to add 'Jakarta Faces' facet into project. Open project setting:
+
+image:images/jsf/8b8d0051f4f15033f17cb859c65f2d8481914678.jpg[alt=jsf/8b8d0051f4f15033f17cb859c65f2d8481914678.jpg]
+
+Click on 'Facets' section on left; Select 'Web' facet that we already
+have, and click the '+' on top, choose 'Jakarta Faces':
+
+image:images/jsf/e6947b84a56a698ca1392a440081bddfb5cae284.jpg[alt=jsf/e6947b84a56a698ca1392a440081bddfb5cae284.jpg]
+
+Select 'Web' as parent facet:
+
+image:images/jsf/6b2296be1bb2d8a81952caef0f025a139a39b381.jpg[alt=jsf/6b2296be1bb2d8a81952caef0f025a139a39b381.jpg]
+
+Click 'Ok':
+
+image:images/jsf/9988c572bad281146f405e9287f645a3da201885.jpg[alt=jsf/9988c572bad281146f405e9287f645a3da201885.jpg]
+
+Now we have enabled IntelliJ's Jakarta Faces support for project.
+
+[[add-jboss-as7-to-intellij]]
+== Add JBoss AS7 to IntelliJ
+
+Let's add JBoss AS7 into IntelliJ and use it to debug our project. First
+please choose 'Edit Configuration' in menu tab:
+
+image:images/jsf/dc0550785aae11f9d3eb439fdc0c51069affd25d.jpg[alt=jsf/dc0550785aae11f9d3eb439fdc0c51069affd25d.jpg]
+
+Click '+' and choose 'JBoss Server' -> 'Local':
+
+image:images/jsf/1231420c938f087030cb3dcd37237b5585beb154.jpg[alt=jsf/1231420c938f087030cb3dcd37237b5585beb154.jpg]
+
+Click 'configure':
+
+image:images/jsf/d7e6ab58230b2d31fdcd8fd5f14cd4eb47b05f64.jpg[alt=jsf/d7e6ab58230b2d31fdcd8fd5f14cd4eb47b05f64.jpg]
+
+and choose your JBoss AS7:
+
+image:images/jsf/f7b29ac8009f04fc7f209222ced0bcf54f4b8d9a.jpg[alt=jsf/f7b29ac8009f04fc7f209222ced0bcf54f4b8d9a.jpg]
+
+Now we need to add our project into deployment. Click the 'Deployment'
+tab:
+
+image:images/jsf/6802fb7e29283d0e064a7cc4466b918995ba5645.jpg[alt=jsf/6802fb7e29283d0e064a7cc4466b918995ba5645.jpg]
+
+Choose 'Artifact', and add our project:
+
+image:images/jsf/359484b8f6f2c655d94132e9cb6f9dbe5a058656.jpg[alt=jsf/359484b8f6f2c655d94132e9cb6f9dbe5a058656.jpg]
+
+Leave everything as default and click 'Ok', now we've added JBoss AS7
+into IntelliJ
+
+[[debugging-project-with-intellij-and-as7]]
+== Debugging project with IntelliJ and AS7
+
+Now comes the fun part. To debug our project, we cannot directly use the
+'debug' feature provided by IntelliJ right now(maybe in the future
+version this problem could be fixed). So now we should use the debugging
+config provided by AS7 itself to enable JPDA feature, and then use the
+remote debug function provided by IntelliJ to get things done. Let's
+dive into the details now:
+
+First we need to enable JPDA config inside AS7, open
+'bin/standalone.conf' and find following lines:
+
+[source,java,options="nowrap"]
+----
+# Sample JPDA settings for remote socket debugging
+#JAVA_OPTS="$JAVA_OPTS -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n"
+----
+
+Enable the above config by removing the leading hash sign:
+
+[source,java,options="nowrap"]
+----
+# Sample JPDA settings for remote socket debugging
+JAVA_OPTS="$JAVA_OPTS -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n"
+----
+
+[IMPORTANT]
+
+With WildFly you can directly start the server in debug mode:
+
+[source,java,options="nowrap"]
+----
+bin/standalone.sh --debug --server-config=standalone.xml
+----
+
+Now we start AS7 in IntelliJ:
+
+image:images/jsf/52369d67f9117c924213de24dd6642b48e47a436.png[alt=jsf/52369d67f9117c924213de24dd6642b48e47a436.png]
+
+Please note we should undeploy the existing 'jsfdemo' project in AS7 as
+we've added by maven jboss deploy plugin before. Or AS7 will tell us
+there is already existing project with same name so IntelliJ could not
+deploy the project anymore.
+
+If the project start correctly we can see from the IntelliJ console
+window, and please check the debug option is enabled:
+
+image:images/jsf/eaac5cb1a836809ab29513346b527fe051b7c7ac.png[alt=jsf/eaac5cb1a836809ab29513346b527fe051b7c7ac.png]
+
+Now we will setup the debug configuration, click 'debug' option on menu:
+
+image:images/jsf/b8323caf6980c40c3d635db5e308b03847618d06.jpg[alt=jsf/b8323caf6980c40c3d635db5e308b03847618d06.jpg]
+
+Choose 'Edit Configurations':
+
+image:images/jsf/8327bbe0e83cb7170dd84767631c98956e91c42c.jpg[alt=jsf/8327bbe0e83cb7170dd84767631c98956e91c42c.jpg]
+
+Then we click 'Add' and choose Remote:
+
+image:images/jsf/7103da6b6323e515a03a04cafe111aa7c6b3169d.jpg[alt=jsf/7103da6b6323e515a03a04cafe111aa7c6b3169d.jpg]
+
+Set the 'port' to the one you used in AS7 config file 'standalone.conf':
+
+image:images/jsf/30bbef45137c7d45ae300ba8d551423d1feefc96.png[alt=jsf/30bbef45137c7d45ae300ba8d551423d1feefc96.png]
+
+Leave other configurations as default and click 'Ok'. Now we need to set
+breakpoints in project, let's choose TimeBean.java and set a breakpoint
+on 'getNow()' method by clicking the left side of that line of code:
+
+image:images/jsf/a96b7d32e04aa67956bd00a187f09b75a5af241e.jpg[alt=jsf/a96b7d32e04aa67956bd00a187f09b75a5af241e.jpg]
+
+Now we can use the profile to do debug:
+
+image:images/jsf/5ea6987d1635c2c58d3ccdb1f5718f29d6a0fac3.png[alt=jsf/5ea6987d1635c2c58d3ccdb1f5718f29d6a0fac3.png]
+
+If everything goes fine we can see the console output:
+
+image:images/jsf/1096ebbbf2b29e694e300e02a48d0fa4207cb746.jpg[alt=jsf/1096ebbbf2b29e694e300e02a48d0fa4207cb746.jpg]
+
+Now we go to web browser and see our project's main page, try to click
+on 'Get current time':
+
+image:images/jsf/5ad5d0216d3326e9bc29705042db59f11c3c1e70.png[alt=jsf/5ad5d0216d3326e9bc29705042db59f11c3c1e70.png]
+
+Then IntelliJ will popup and the code is pausing on break point:
+
+image:images/jsf/2499d43c0dce2cab72ba472c8452a2b57999ac84.jpg[alt=jsf/2499d43c0dce2cab72ba472c8452a2b57999ac84.jpg]
+
+And we could inspect our project now.
+
+[[conclusion]]
+== Conclusion
+
+In this article I've shown to you how to use maven to create a project
+using Jakarta Faces and deploy it in JBoss AS7, and I've also talked about the
+usage of IntelliJ during project development phase. Hope the contents
+are practical and helpful to you icon:smile-o[role="yellow"]
+
+[[references]]
+== References
+
+* _https://developer.jboss.org/wiki/JBossAS7UsingJPDAToDebugTheASSourceCode[JBoss
+AS7: Using JPDA to debug the AS source code]_
+* _https://developer.jboss.org/wiki/MavenGettingStarted-Developers[Maven
+Getting Started - Developers]_
+* _https://blog.v-s-f.co.uk/2010/09/jsf-2-1-project-using-eclipse-and-maven-2/[JSF
+2.1 project using Eclipse and Maven 2:http]_
+* _https://www.amazon.com/Practical-RichFaces-Max-Katz/dp/1430234490/ref=dp_ob_title_bk[Practical
+RichFaces]_
+* _https://javaserverfaces.java.net/download.html[Oracle Mojarra
+JavaServer Faces]_
+* _https://github.com/jbossas/jboss-as-maven-plugin[JBoss AS7 Maven
+Plugin]_
+
+[[Getting_Started_Developing_Applications_Presentation_Demo]]
+= Getting Started Developing Applications Presentation & Demo
+
+
+This document is a "script" for use with the quickstarts associated with
+the link:Getting_Started_Developing_Applications_Guide.html[Getting
+Started Developing Applications Guide]. It can be used as the basis for
+demoing/explaining the Jakarta EE programming model with JBoss AS 7.
+
+There is an associated presentation – JBoss AS - Getting Started
+Developing Applications – which can be used to introduce the Jakarta EE
+ecosystem.
+
+The emphasis here is on the programming model, not on OAM/dev-ops,
+performance etc.
+
+[[prerequisites-for-using-the-script]]
+== Prerequisites for using the script
+
+* JBoss AS 7 downloaded and installed
+* Eclipse Indigo with m2eclipse and JBoss Tools installed
+* The quickstarts downloaded and imported into Eclipse
+* Make sure `$JBOSS_HOME` is set.
+* Make sure `src/test/resources/arquillian.xml` has the correct path to
+your JBoss AS install for kitchensink
+* Make sure your font size is set in Eclipse so everyone can read the
+text!
+
+[[import-examples-into-eclipse-and-set-up-jboss-as]]
+== Import examples into Eclipse and set up JBoss AS
+
+TODO
+
+[[the-helloworld-quickstart]]
+== The Helloworld Quickstart
+
+[[introduction-1]]
+=== Introduction
+
+This quickstart is extremely basic, and is really useful for nothing
+more than showing than the app server is working properly, and our
+deployment mechanism is working. We recommend you use this quickstart to
+demonstrate the various ways you can deploy apps to JBoss AS 7.
+
+[[using-maven]]
+=== Using Maven
+
+. Start JBoss AS 7 from the console
++
+[source,options="nowrap"]
+----
+$ JBOSS_HOME/bin/standalone.sh
+----
+
+. Deploy the app using Maven
++
+[source,options="nowrap"]
+----
+$ mvn clean package jboss-as:deploy
+----
++
+[IMPORTANT]
+====
+The quickstarts use the jboss-as maven plugin to deploy and undeploy
+applications. This plugin uses the JBoss AS Native Java Detyped
+Management API to communicate with the server. The Detyped API is used
+by management tools to control an entire domain of servers, and exposes
+only a small number of types, allowing for backwards and forwards
+compatibility.
+====
+
+. Show the app has deployed in the terminal.
++
+Visit http://localhost:8080/jboss-as-helloworld
+
+. Undeploy the app using Maven
++
+[source,options="nowrap"]
+----
+$ mvn jboss-as:undeploy
+----
+
+[[using-the-command-line-interface-cli]]
+=== Using the Command Line Interface (CLI)
+
+. Start JBoss AS 7 from the console (if not already running)
++
+[source,options="nowrap"]
+----
+$ JBOSS_HOME/bin/standalone.sh
+----
+
+. Build the war
++
+[source,options="nowrap"]
+----
+$ mvn clean package
+----
+
+. Start the CLI
++
+[source,options="nowrap"]
+----
+$ JBOSS_HOME/bin/jboss-admin.sh --connect
+----
++
+[IMPORTANT]
++
+The command line also uses the Deptyped Management API to communicate
+with the server. It's designed to be as "unixy" as possible, allowing
+you to "cd" into nodes, with full tab completion etc. The CLI allows you
+to deploy and undeploy applications, create Jakarta Messaging queues, topics etc.,
+create datasources (normal and XA). It also fully supports the domain
+node.
+
+. Deploy the app
++
+[source,options="nowrap"]
+----
+$ deploy target/jboss-as-helloworld.war
+----
+
+. Show the app has deployed
++
+[source,java,options="nowrap"]
+----
+$ undeploy jboss-as-helloworld.war
+----
+
+[[using-the-web-management-interface]]
+=== Using the web management interface
+
+. Start JBoss AS 7 from the console (if not already running)
++
+[source,options="nowrap"]
+----
+$ JBOSS_HOME/bin/standalone.sh
+----
+
+. Build the war
++
+[source,options="nowrap"]
+----
+$ mvn clean package
+----
+
+. Open up the web management interface http://localhost:9990/console
++
+[IMPORTANT]
+====
+The web management interface offers the same functionality as the CLI
+(and again uses the Detyped Management API), but does so using a pretty
+GWT interface! You can set up virtual servers, interrogate sub systems
+and more.
+====
+
+. Navigate `Manage Deployments -> Add content`. Click on choose file and
+locate `helloworld/target/jboss-as-helloworld.war`.
+
+. Click `Next` and `Finish` to upload the war to the server.
+
+. Now click `Enable` and `Ok` to start the application
+
+. Switch to the console to show it deployed
+
+. Now click `Remove`
+
+[[using-the-filesystem]]
+=== Using the filesystem
+
+. Start JBoss AS 7 from the console (if not already running)
++
+[source,options="nowrap"]
+----
+$ JBOSS_HOME/bin/standalone.sh
+----
+
+. Build the war
++
+[source,options="nowrap"]
+----
+$ mvn clean package
+----
++
+[IMPORTANT]
+====
+Of course, you can still use the good ol' file system to deploy. Just
+copy the file to `$JBOSS_HOME/standalone/deployments`.
+====
+
+. Copy the war
++
+[source,options="nowrap"]
+----
+$ cp target/jboss-as-helloworld.war $JBOSS_HOME/standalone/deployments
+----
+
+. Show the war deployed
++
+[IMPORTANT]
+====
+The filesystem deployment uses marker files to indicate the status of a
+deployment. As this deployment succeeded we get a
+`$JBOSS_HOME/standalone/deployments/jboss-as-helloworld.war.deployed`
+file. If the deployment failed, you would get a `.failed` file etc.
+====
+
+. Undeploy the war
++
+[source,options="nowrap"]
+----
+rm $JBOSS_HOME/standalone/deployments/jboss-as-helloworld.war.deployed
+----
+
+. Show the deployment stopping!
+
+. Start and stop the app server, show that the deployment really is gone!
++
+[IMPORTANT]
+====
+This gives you much more precise control over deployments than before
+====
+
+[[using-eclipse]]
+=== Using Eclipse
+
+. Add a JBoss AS server
+.. Bring up the Server view
+.. Right click in it, and choose `New -> Server`
+. Choose JBoss AS 7.0 and hit Next
+.. Locate the server on your disc
+.. Hit Finish
+. Start JBoss AS in Eclipse
+.. Select the server
+.. Click the Run button
+.. Deploy the app
+. right click on the app, choose `Run As -> Run On Server`
+.. Select the AS 7 instance you want to use
+.. Hit finish
+. Load the app at http://localhost:8080/jboss-as-helloworld
+
+[[digging-into-the-app]]
+=== Digging into the app
+
+. Open up the helloworld quickstart in Eclipse, and open up
+`src/main/webapp`.
+. Point out that we don't require a `web.xml` anymore!
+. Show `beans.xml` and explain it's a marker file used to JBoss AS to
+enable CDI (open it, show that it is empty)
+. Show `index.html`, and explain it is just used to kick the user into
+the app (open it, show the meta-refresh)
+. Open up the `pom.xm` - and emphasise that it's pretty simple.
+.. There is no parent pom, everything for the build is *here*
+.. Show that we are enabling the JBoss Maven repo - explain you can do
+this in your POM or in system wide ( `settings.xml`)
+.. Show the `dependencyManagement` section. Here we import the JBoss AS
+7 Web Profile API. Explain that this gives you all the versions for all
+of the JBoss AS 7 APIs that are in the web profile. Explain we could
+also depend on this directly, which would give us the whole set of APIs,
+but that here we've decided to go for slightly tighter control and
+specify each dependency ourselves
+.. Show the import for CDI, JSR-250 and Servlet API. Show that these
+are all provided - we are depending on build in server implementations,
+not packaging this stuff!
+.. Show the plugin sections - nothing that exciting here, the war
+plugin is out of date and requires you to provide `web.xml` icon:smile-o[role="yellow"]
+, configure the JBoss AS Maven Plugin, set the Java version to 6.
+. Open up `src/main/java` and open up the `HelloWorldServlet`.
+.. Point out the `@WebServlet` - explain this one annotation removes
+about 8 lines of XML - no need to separately map a path either. This is
+much more refactor safe
+.. Show that we can inject services into a Servlet
+.. Show that we use the service (line 41) +
+#Cmd-click on `HelloService`
+.. This is a CDI bean - very simple, no annotations required!
+.. Explain injection
+... Probably used to string based bean resolution
+... This is typesafe (refactor safe, take advantage of the compiler and
+the IDE - we just saw that!)
+... When CDI needs to inject something, the first thing it looks at is
+the type - and if the type of the injection point is assignable from a
+bean, CDI will inject that bean
+
+[[the-numberguess-quickstart]]
+== The numberguess quickstart
+
+[[introduction-2]]
+=== Introduction
+
+This quickstart adds in a "complete" view layer into the mix. Jakarta EE
+ships with a Jakarta Faces. Jakarta Faces is a server side rendering, component orientated
+framework, where you write markup using an HTML like language, adding in
+dynamic behavior by binding components to beans in the back end. The
+quickstart also makes more use of CDI to wire the application together.
+
+[[run-the-app]]
+=== Run the app
+
+. Start JBoss AS in Eclipse
+. Deploy it using Eclipse - just right click on the app, choose
+`Run As -> Run On Server`
+. Select the AS 7 instance you want to use
+. Hit finish
+. Load the app at http://localhost:8080/jboss-as-numberguess
+. Make a few guesses
+
+[[deployment-descriptors-srcmainwebappweb-inf]]
+=== Deployment descriptors src/main/webapp/WEB-INF
+
+Emphasize the lack of them!
+
+No need to open any of them, just point them out
+
+. `web.xml` - don't need it!
+. `beans.xml` - as before, marker file
+. `faces-config.xml` - nice feature from AS7 - we can just put
+`faces-config.xml` into the WEB-INF and it enables Jakarta Faces (inspiration from
+CDI)
+. `pom.xml` we saw this before, this time it's the same but adds in
+Jakarta Faces API
+
+[[views]]
+=== Views
+
+. `index.html` - same as before, just kicks us into the app
+. `home.xhtml`
+.. Lines 19 - 25 – these are messages output depending on state of
+beans (minimise coupling between controller and view layer by
+interrogating state, not pushing)
+. Line 20 – output any messages pushed out by the controller
+. Line 39 - 42 – the input field is bound to the guess field on the
+game bean. We validate the input by calling a method on the game bean.
+. Line 43 - 45 – the command button is used to submit the form, and
+calls a method on the game bean
+. Line 48, 49, The reset button again calls a method on the game bean
+
+[[beans]]
+=== Beans
+
+. `Game.java` – this is the main controller for the game. App has no
+persistence etc.
+.. `@Named` – As we discussed CDI is typesafe, (beans are injected by
+type) but sometimes need to access in a non-typesafe fashion. @Named
+exposes the Bean in EL - and allows us to access it from Jakarta Faces
+.. `@SessionScoped` – really simple app, we keep the game data in the
+session - to play two concurrent games, need two sessions. This is not a
+limitation of CDI, but simply keeps this demo very simple. CDI will
+create a bean instance the first time the game bean is accessed, and
+then always load that for you
+.. `@Inject maxNumber` – here we inject the maximum number we can
+guess. This allows us to externalize the config of the game
+.. `@Inject rnadomNumber` – here we inject the random number we need to
+guess. Two things to discuss here
+.. Instance - normally we can inject the object itself, but sometimes
+it's useful to inject a "provider" of the object (in this case so that
+we can get a new random number when the game is reset!). Instance allows
+us to `get()` a new instance when needed
+.. Qualifiers - now we have two types of Integer (CDI auto-boxes types
+when doing injection) so we need to disambiguate. Explain qualifiers and
+development time approach to disambiguation. You will want to open up
+`@MaxNumber` and `@Random` here.
+.. `@PostConstruct` – here is our reset method - we also call it on
+startup to set up initial values. Show use of `Instance.get()`.
+. `Generator.java` This bean acts as our random number generator.
+. `@ApplicationScoped` explain about other scopes available in CDI +
+extensibility.
+.. `next()` Explain about producers being useful for determining bean
+instance at runtime
+.. `getMaxNumber()` Explain about producers allowing for loose coupling
+
+[[the-login-quickstart]]
+== The login quickstart
+
+[[introduction-3]]
+=== Introduction
+
+The login quickstart builds on the knowledge of CDI and Jakarta Faces we have got
+from numberguess. New stuff we will learn about is how to use Jakarta Persistence to
+store data in a database, how to use Jakarta Transactions to control transactions, and
+how to use Jakarta Enterprise Beans for declarative TX control.
+
+[[run-the-app-1]]
+=== Run the app
+
+. Start JBoss AS in Eclipse
+. Deploy it using Eclipse - just right click on the app, choose
+`Run As -> Run On Server`
+. Select the AS 7 instance you want to use
+. Hit finish
+. Load the app at http://localhost:8080/jboss-as-login
+. Login as admin/admin
+. Create a new user
+
+[[deployment-descriptors]]
+=== Deployment Descriptors
+
+. Show that we have the same ones we are used in `src/main/webapp` –
+`beans.xml`, `faces-config.xml`
+. We have a couple of new ones in `src/main/resources`
+.. `persistence.xml`. Not too exciting. We are using a datasource that
+AS7 ships with. It's backed by the H2 database and is purely a sample
+datasource to use in sample applications. We also tell Hibernate to
+auto-create tables - as you always have.
+.. `import.sql` Again, the same old thing you are used to in Hibernate
+- auto-import data when the app starts.
+. `pom.xml` is the same again, but just adds in dependencies for Jakarta Persistence,
+Jakarta Transactions and Jakarta Enterprise Beans
+
+[[views-1]]
+=== Views
+
+. `template.xhtml` One of the updates added to Jakarta Faces was templating
+ability. We take advantage of that in this app, as we have multiple
+views
+.. Actually nothing too major here, we define the app "title" and we
+could easily define a common footer etc. (we can see this done in the
+kitchensink app)
+.. The `ui:insert` command inserts the actual content from the
+templated page. +
+# `home.xhtml`
+.. Uses the template
+.. Has some input fields for the login form, button to login and
+logout, link to add users.
+.. Binds fields to credentials bean}}
+.. Buttons link to login bean which is the controller
+. `users.xhtml`
+.. Uses the template
+.. Displays all users using a table
+.. Has a form with input fields to add users.
+.. Binds fields to the newUser bean
+.. Methods call on userManager bean
+
+[[beans-1]]
+=== Beans
+
+. `Credentials.java` Backing bean for the login form field, pretty
+trivial. It's request scoped (natural for a login field) and named so we
+can get it from Jakarta Faces.
+. `Login.java`
+.. Is session scoped (a user is logged in for the length of their
+session or until they log out}}
+.. Is accessible from EL
+.. Injects the current credentials
+.. Uses the userManager service to load the user, and sends any
+messages to Jakarta Faces as needed
+.. Uses a producer method to expose the @LoggedIn user (producer
+methods used as we don't know which user at development time)
+. `User.java` Is a pretty straightforward Jakarta Persistence entity. Mapped with
+`@Entity`, has an natural id.
+. `UserManager.java` This is an interface, and by default we use the
+ManagedBean version, which requires manual TX control
+. `ManagedBeanUserManager.java` - accessible from EL, request scoped.
+.. Injects a logger (we'll see how that is produced in a minute)
+.. Injects the entity manager (again, just a min)
+.. Inject the UserTransaction (this is provided by CDI)
+.. `getUsers()` standard Jakarta Persistence-QL that we know and love - but lots of
+ugly TX handling code.
+.. Same for `addUser()` and `findUser()` methods - very simple Jakarta Persistence
+but...
+.. Got a couple of producer methods.
+... `getUsers()` is obvious - loads all the users in the database. No
+ambiguity - CDI takes into account generic types when injecting. Also
+note that CDI names respect JavaBean naming conventions
+... `getNewUser()` is used to bind the new user form to from the view
+layer - very nice as it decreases coupling - we could completely change
+the wiring on the server side (different approach to creating the
+newUser bean) and no need to change the view layer.
+. `EJBUserManager.java`
+.. It's an alternative – explain alternatives, and that they allow
+selection of beans at deployment time
+.. Much simple now we have declarative TX control.
+.. Start to see how we can introduce Jakarta Enterprise Beans to get useful enterprise
+services such as declarative TX control
+. `Resources.java`
+.. `{EntityManager}` - explain resource producer pattern
+
+[[the-kitchensink-quickstart]]
+== The kitchensink quickstart
+
+[[introduction-4]]
+=== Introduction
+
+The kitchensink quickstart is generated from an archetype available for
+JBoss AS (tell people to check the
+link:/pages/createpage.action?spaceKey=WFLY&title=Getting+Started+Developing+Applications&linkCreation=true&fromPageId=557131[Getting
+Started Developing Applications] Guide for details). It demonstrates
+CDI, Jakarta Faces, Jakarta Enterprise Beans, Jakarta Persistence (which we've seen before) and Jakarta RESTful Web Services and Bean
+Validation as well. We add in Arquillian for testing.
+
+[[run-the-app-2]]
+=== Run the app
+
+. Start JBoss AS in Eclipse
+. Deploy it using Eclipse - just right click on the app, choose
+`Run As -> Run On Server`
+. Select the AS 7 instance you want to use
+. Hit finish
+. Load the app at http://localhost:8080/jboss-as-kitchensink
+. Register a member - make sure to enter an invalid email and phone -
+show Jakarta Bean Validation at work
+. Click on the member URL and show the output from Jakarta RESTful Web Services
+
+[[Jakarta-Bean-Validation]]
+=== Jakarta Bean Validation
+
+. Explain the benefits of Jakarta Bean Validation - need your data always
+valid (protect your data) AND good errors for your user. BV allows you
+to express once, apply often.
+. `index.xhtml`
+.. Show the input fields – no validators attached
+.. Show the message output
+. `Member.java`
+... Hightlight the various validation annotations
+. Jakarta EE automatically applies the validators in both the persistence
+layer and in your views
+
+[[Jakarta-RESTful-Web-Services]]
+=== Jakarta RESTful Web Services
+
+. `index.xhtml` - Show that URL generation is just manual
+. `JaxRsActivator.java` - simply activates Jakarta RESTful Web Services
+. `Member.java` - add Jakarta XML Binding annotation to make Jakarta XML Binding process the class properly
+. `MemberResourceRESTService.java`
+.. `@Path` sets the Jakarta RESTful Web Services resource
+.. Jakarta RESTful Web Services services can use injection
+.. `@GET` methods are auto transformed to XML using Jakarta XML Binding
+. And that is it!
+
+[[arquillian-getting-started]]
+=== Arquillian
+
+. Make sure JBoss AS is running
++
+[source,options="nowrap"]
+----
+mvn clean test -Parq-jbossas-remote
+----
+
+. Explain the difference between managed and remote
+
+. Make sure JBoss AS is stopped
++
+[source,options="nowrap"]
+----
+mvn clean test -Parq-jbossas-managed
+----
+
+. Start JBoss AS in Eclipse
+
+. Update the project to use the `arq-jbossas-remote` profile
+
+. Run the test from Eclipse
++
+Right click on test, `Run As -> JUnit Test`
++
+`MemberRegistrationTest.java`
+
+. Discuss micro deployments
+. Explain Arquilian allows you to use injection
+. Explain that Arquillian allows you to concentrate just on your test
+logic
+
+NOTE: References in this document to CDI refer to Jakarta Contexts and Dependency Injection unless otherwise noted.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/latest/Getting_Started_Guide.html b/latest/Getting_Started_Guide.html
new file mode 100644
index 000000000..9e1aabf5d
--- /dev/null
+++ b/latest/Getting_Started_Guide.html
@@ -0,0 +1,1739 @@
+
+
+
+
+
+
+
+
+Getting Started Guide
+
+
+
+
+
+
+
+
Getting Started Guide
+
+WildFly team
+version 29.0.0.Final,
+2023-07-20T17:19:12Z
+
WildFly 29 is the latest release in a series of JBoss open-source
+application server offerings. WildFly 29 is an exceptionally fast,
+lightweight and powerful implementation of the Jakarta
+Enterprise Edition 10 specifications. WildFly’s modular architecture built on the
+JBoss Modules and JBoss Modular Service Container projects enables services on-demand when your
+application requires them. The table below lists the technologies available in WildFly 29
+server configuration profiles.
+
+
+
+
+
+
+
+
+
+
+
+
Jakarta EE Platform Technology
+
Jakarta EE Full Platform
+
Jakarta EE Web
+Profile
+
WildFly 29 Full Configuration
+
WildFly 29 Default Configuration
+
+
+
+
+
Jakarta Activation 2.1
+
X
+
—
+
X
+
X
+
+
+
Jakarta Annotations 2.1
+
X
+
X
+
X
+
X
+
+
+
Jakarta Authentication 3.0
+
X
+
X
+
X
+
X
+
+
+
Jakarta Authorization 2.1
+
X
+
—
+
X
+
—
+
+
+
Jakarta Batch 2.1
+
X
+
—
+
X
+
—
+
+
+
Jakarta Bean Validation 3.0
+
X
+
X
+
X
+
X
+
+
+
Jakarta Concurrency 3.0
+
X
+
X
+
X
+
X
+
+
+
Jakarta Connectors 2.1
+
X
+
—
+
X
+
X
+
+
+
Jakarta Contexts and Dependency Injection 4.0
+
X
+
X
+
X
+
X
+
+
+
Jakarta Debugging Support for Other Languages 2.0
+
X
+
X
+
X
+
X
+
+
+
Jakarta Dependency Injection 2.0
+
X
+
X
+
X
+
X
+
+
+
Jakarta Enterprise Beans 4.0
+
X
+
X(Lite)
+
X
+
X(Lite)
+
+
+
Jakarta Enterprise Web Services 2.0
+
Optional
+
—
+
X
+
X
+
+
+
Jakarta Expression Language 5.0
+
X
+
X
+
X
+
X
+
+
+
Jakarta Interceptors 2.1
+
X
+
X
+
X
+
X
+
+
+
Jakarta JSON Binding 3.0
+
X
+
X
+
X
+
X
+
+
+
Jakarta JSON Processing 2.1
+
X
+
X
+
X
+
X
+
+
+
Jakarta Mail 2.1
+
X
+
—
+
X
+
X
+
+
+
Jakarta Messaging 3.1
+
X
+
—
+
X
+
—
+
+
+
Jakarta Persistence 3.1
+
X
+
X
+
X
+
X
+
+
+
Jakarta RESTful Web Services 3.1
+
X
+
X
+
X
+
X
+
+
+
Jakarta Security 3.0
+
X
+
X
+
X
+
X
+
+
+
Jakarta Faces 4.0
+
X
+
X
+
X
+
X
+
+
+
Jakarta Server Pages 3.1
+
X
+
X
+
X
+
X
+
+
+
Jakarta Servlet 6.0
+
X
+
X
+
X
+
X
+
+
+
Jakarta SOAP with Attachments 1.3
+
Optional
+
—
+
X
+
X
+
+
+
Jakarta Standard Tag Library 3.0
+
X
+
X
+
X
+
X
+
+
+
Jakarta Transactions 2.0
+
X
+
X
+
X
+
X
+
+
+
Jakarta WebSocket 2.1
+
X
+
X
+
X
+
X
+
+
+
Jakarta XML Binding 4.0
+
Optional
+
X
+
X
+
X
+
+
+
Jakarta XML Web Services 4.0
+
Optional
+
—
+
X
+
X
+
+
+
+
+
WildFly 29 also provides support for a number of MicroProfile technologies:
+
+
+
+
+
+
+
+
+
+
MicroProfile Technology
+
WildFly 29 Default Configuration
+
WildFly 29 MicroProfile Configuration
+
+
+
+
+
MicroProfile Config 3.0
+
X
+
X
+
+
+
MicroProfile Fault Tolerance 4.0
+
—
+
X
+
+
+
MicroProfile Health 4.0
+
—
+
X
+
+
+
MicroProfile JWT Authentication 2.0
+
X
+
X
+
+
+
MicroProfile Metrics 4.0 (deprecated in WildFly; will be replaced by Micrometer)
+
—
+
X
+
+
+
MicroProfile OpenAPI 3.0
+
—
+
X
+
+
+
MicroProfile Reactive Messaging 3.0
+
—
+
—
+
+
+
MicroProfile Streams Operators 3.0
+
—
+
—
+
+
+
MicroProfile Rest Client 3.0
+
X
+
X
+
+
+
+
+
Missing ActiveMQ Artemis and Jakarta Messaging?
+
+
+
+
+
+
+
+
+WildFly’s default configuration provides Jakarta EE Web Profile support and thus
+doesn’t include Jakarta Messaging (provided by ActiveMQ Artemis). As noted in the
+WildFly Configurations section, other configuration
+profiles do provide all features required by the Jakarta EE Full Platform. If you
+want to use messaging, make sure you
+start the server using an alternate configuration
+that provides the Jakarta EE Full Platform.
+
+
+
+
+
+
This document provides a quick overview on how to download and get
+started using WildFly 29 for your application development. For in-depth
+content on administrative features, refer to the WildFly 29 Admin Guide.
+
+
+
+
+
2. Requirements
+
+
+
+
+
Java SE 11 or later. We recommend that you use the latest available update
+of the current long-term support Java release.
+
+
+
+
+
+
+
3. Installation Options
+
+
+
There are a number of ways you can install WildFly, including unzipping our traditional download zip, provisioning a
+custom installation using Galleon, or building a bootable jar. There are also two variants of the server: the standard "WildFly" variant and the tech-preview "WildFly Preview" variant used to showcase things in the works for future release of standard WildFly.
+
+
+
The Installation Guide
+helps you identify the kind of WildFly installation that best fits your application’s deployment needs. In this guide
+we’ll focus on the common approach of installing the download zip of standard WildFly.
Standard WildFly 29 provides a single distribution available in zip or tar file
+formats.
+
+
+
+
+
wildfly-29.0.0.Final.zip
+
+
+
wildfly-29.0.0.Final.tar.gz
+
+
+
+
+
WildFly Preview 29 also provides a single distribution available in zip or tar file
+formats.
+
+
+
+
+
wildfly-preview-29.0.0.Final.zip
+
+
+
wildfly-preview-29.0.0.Final.tar.gz
+
+
+
+
+
+
3.2. Installation
+
+
Simply extract your chosen download to the directory of your choice. You
+can install WildFly 29 on any operating system that supports the zip or
+tar formats. Refer to the Release Notes for additional information
+related to the release.
+
+
+
+
+
+
4. WildFly - A Quick Tour
+
+
+
Now that you’ve downloaded WildFly 29, the next thing to discuss is the
+layout of the distribution and explore the server directory structure,
+key configuration files, log files, user deployments and so on. It’s
+worth familiarizing yourself with the layout so that you’ll be able to
+find your way around when it comes to deploying your own applications.
+
+
+
4.1. WildFly Directory Structure
+
+
+
+
+
+
+
+
DIRECTORY
+
DESCRIPTION
+
+
+
+
+
appclient
+
Configuration files, deployment content, and writable areas
+used by the application client container run from this installation.
+
+
+
bin
+
Start up scripts, start up configuration files and various command
+line utilities like elytron-tool, add-user and Java diagnostic report available
+for Unix and Windows environments
+
+
+
bin/client
+
Contains a client jar for use by non-maven based clients.
+
+
+
docs/schema
+
XML schema definition files
+
+
+
docs/examples/configs
+
Example configuration files representing
+specific use cases
+
+
+
domain
+
Configuration files, deployment content, and writable areas
+used by the domain mode processes run from this installation.
+
+
+
modules
+
WildFly is based on a modular classloading architecture.
+The various modules used in the server are stored here.
+
+
+
standalone
+
Configuration files, deployment content, and writable areas
+used by the single standalone server run from this installation.
+
+
+
welcome-content
+
Default Welcome Page content
+
+
+
+
+
4.1.1. Standalone Directory Structure
+
+
In " standalone " mode each WildFly 29 server instance is an
+independent process (similar to previous JBoss AS versions; e.g., 3, 4,
+5, or 6). The configuration files, deployment content and writable areas
+used by the single standalone server run from a WildFly installation are
+found in the following subdirectories under the top level "standalone"
+directory:
+
+
+
+
+
+
+
+
+
DIRECTORY
+
DESCRIPTION
+
+
+
+
+
configuration
+
Configuration files for the standalone server that runs
+off of this installation. All configuration information for the running
+server is located here and is the single place for configuration
+modifications for the standalone server.
+
+
+
data
+
Persistent information written by the server to survive a restart
+of the server
+
+
+
deployments
+
End user deployment content can be placed in this
+directory for automatic detection and deployment of that content into
+the server’s runtime.NOTE: The server’s management API is recommended
+for installing deployment content. File system based deployment scanning
+capabilities remain for developer convenience.
+
+
+
lib/ext
+
Location for installed library jars referenced by applications
+using the Extension-List mechanism
+
+
+
log
+
standalone server log files
+
+
+
tmp
+
location for temporary files written by the server
+
+
+
tmp/auth
+
Special location used to exchange authentication tokens with
+local clients so they can confirm that they are local to the running AS
+process.
+
+
+
+
+
+
4.1.2. Domain Directory Structure
+
+
A key feature of WildFly 29 is the managing multiple servers from a
+single control point. A collection of multiple servers are referred to
+as a " domain ". Domains can span multiple physical (or virtual)
+machines with all WildFly instances on a given host under the control of
+a Host Controller process. The Host Controllers interact with the Domain
+Controller to control the lifecycle of the WildFly instances running on
+that host and to assist the Domain Controller in managing them. The
+configuration files, deployment content and writeable areas used by
+domain mode processes run from a WildFly installation are found in the
+following subdirectories under the top level "domain" directory:
+
+
+
+
+
+
+
+
+
DIRECTORY
+
DESCRIPTION
+
+
+
+
+
configuration
+
Configuration files for the domain and for the Host
+Controller and any servers running off of this installation. All
+configuration information for the servers managed wtihin the domain is
+located here and is the single place for configuration information.
+
+
+
content
+
an internal working area for the Host Controller that controls
+this installation. This is where it internally stores deployment
+content. This directory is not meant to be manipulated by end users.Note
+that "domain" mode does not support deploying content based on scanning
+a file system.
+
+
+
lib/ext
+
Location for installed library jars referenced by applications
+using the Extension-List mechanism
+
+
+
log
+
Location where the Host Controller process writes its logs. The
+Process Controller, a small lightweight process that actually spawns the
+other Host Controller process and any Application Server processes also
+writes a log here.
+
+
+
servers
+
Writable area used by each Application Server instance that
+runs from this installation. Each Application Server instance will have
+its own subdirectory, created when the server is first started. In each
+server’s subdirectory there will be the following subdirectories:data — information written by the server that needs to survive a restart of the
+serverlog — the server’s log filestmp — location for temporary files
+written by the server
+
+
+
tmp
+
location for temporary files written by the server
+
+
+
tmp/auth
+
Special location used to exchange authentication tokens with
+local clients so they can confirm that they are local to the running AS
+process.
+
+
+
+
+
+
+
4.2. WildFly 29 Configurations
+
+
4.2.1. Standalone Server Configurations
+
+
+
+
standalone.xml (default)
+
+
+
+
Jakarta web profile certified configuration with
+the required technologies plus those noted in the table above.
+
+
+
+
+
+
standalone-ha.xml
+
+
+
+
Jakarta web profile certified configuration with
+high availability
+
+
+
+
+
+
standalone-full.xml
+
+
+
+
Jakarta Full Platform certified configuration
+including all the required technologies
+
+
+
+
+
+
standalone-full-ha.xml
+
+
+
+
Jakarta Full Platform certified configuration with
+high availability
+
+
+
+
+
+
standalone-microprofile.xml
+
+
+
+
A configuration oriented toward microservices, providing our
+MicroProfile platform implementations combined with Jakarta RESTful Web Services and
+technologies Jakarta RESTful Web Services applications commonly use to integrate with
+external services.
+
+
+
+
+
+
standalone-microprofile-ha.xml
+
+
+
+
A configuration oriented toward microservices, similar to
+standalone-microprofile.xml but with support for high availability
+web sessions and distributed Hibernate second level caching.
+
+
+
+
+
+
+
+
+
4.2.2. Domain Server Configurations
+
+
+
+
domain.xml
+
+
+
+
Jakarta full and web profiles available with or
+without high availability
+
+
+
+
+
+
+
+
Important to note is that the domain and standalone modes
+determine how the servers are managed not what capabilities they
+provide.
+
+
+
+
+
+
+
5. Starting WildFly 29
+
+
+
To start WildFly 29 using the default web profile configuration in "
+standalone" mode, change directory to $JBOSS_HOME/bin.
+
+
+
+
./standalone.sh
+
+
+
+
To start the default web profile configuration using domain management
+capabilities,
+
+
+
+
./domain.sh
+
+
+
+
5.1. Starting WildFly with an Alternate Configuration
+
+
If you choose to start your server with one of the other provided
+configurations, they can be accessed by passing the --server-config
+argument with the server-config file to be used.
+
+
+
To use the Full Platform with clustering capabilities, use the following
+syntax from $JBOSS_HOME/bin:
Alternatively, you can create your own selecting the additional
+subsystems you want to add, remove, or modify.
+
+
+
+
5.2. Test Your Installation
+
+
After executing one of the above commands, you should see output similar
+to what’s shown below.
+
+
+
+
=========================================================================
+
+ JBoss Bootstrap Environment
+
+ JBOSS_HOME: /opt/wildfly-10.0.0.Final
+
+ JAVA: java
+
+ JAVA_OPTS: -server -Xms64m -Xmx512m -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=com.yourkit,org.jboss.byteman -Djava.awt.headless=true
+
+=========================================================================
+
+11:46:11,161 INFO [org.jboss.modules] (main) JBoss Modules version 1.5.1.Final
+11:46:11,331 INFO [org.jboss.msc] (main) JBoss MSC version 1.2.6.Final
+11:46:11,391 INFO [org.jboss.as] (MSC service thread 1-6) WFLYSRV0049: WildFly Full 10.0.0.Final (WildFly Core 2.0.10.Final) starting
+<snip>
+11:46:14,300 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: WildFly Full 10.0.0.Final (WildFly Core 2.0.10.Final) started in 1909ms - Started 267 of 553 services (371 services are lazy, passive or on-demand)
+
+
+
+
As with previous WildFly releases, you can point your browser to
+http://localhost:8080 (if using the default configured http port)
+which brings you to the Welcome Screen:
+
+
+
+
+
+
From here you can access links to the WildFly community documentation
+set, stay up-to-date on the latest project information, have a
+discussion in the user forum and access the enhanced web-based
+Administration Console. Or, if you uncover a defect while using WildFly,
+report an issue to inform us (attached patches will be reviewed). This
+landing page is recommended for convenient access to information about
+WildFly 29 but can easily be replaced with your own if desired.
+
+
+
+
+
+
6. Managing your WildFly 29
+
+
+
WildFly 29 offers two administrative mechanisms for managing your
+running instance:
+
+
+
+
+
a web-based Administration Console
+
+
+
a command-line interface
+
+
+
+
+
The Admin Guide covers the details on managing your WildFly
+installation. Here we’ll just touch on some of the basics.
+
+
+
6.1. Authentication
+
+
By default WildFly 29 is distributed with security enabled for the
+management interfaces. This means that before you connect using the
+administration console or remotely using the CLI you will need to add a
+new user. This can be achieved simply by using the add-user.sh script
+in the bin folder.
+
+
+
After starting the script you will be guided through the process to add
+a new user: -
+
+
+
+
./add-user.sh
+What type of user do you wish to add?
+ a) Management User (mgmt-users.properties)
+ b) Application User (application-users.properties)
+(a):
+
+
+
+
In this case a new user is being added for the purpose of managing the
+servers so select option a.
+
+
+
You will then be prompted to enter the details of the new user being
+added: -
+
+
+
+
Enter the details of the new user to add.
+Realm (ManagementRealm) :
+Username :
+Password :
+Re-enter Password :
+
+
+
+
It is important to leave the name of the realm as 'ManagementRealm' as
+this needs to match the name used in the server’s configuration. For the
+remaining fields enter the new username, password and password
+confirmation.
+
+
+
Users can be associated with arbitrary groups of your choosing, so you will be prompted if you would like
+to do this.
+
+
+
+
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[ ]:
+
+
+
+
Groups can be useful for simplified administration of things like access permissions, but for simply getting
+started, leaving this blank is fine.
+
+
+
Provided there are no errors in the values entered you will then be
+asked to confirm that you want to add the user, the user will be written
+to the properties files used for authentication and a confirmation
+message will be displayed.
+
+
+
The modified time of the properties files are inspected at the time of
+authentication and the files reloaded if they have changed. For this
+reason you do not need to re-start the server after adding a new user.
+
+
+
Finally, you will be asked whether the account you’ve added is going to be to used
+to identify one WildFly process to another, typically in a WildFly managed domain:
+
+
+
+
Is this new user going to be used for one AS process to connect to another AS process?
+e.g. for a secondary host controller connecting to the primary or for a Remoting connection for server to server Jakarta Enterprise Beans calls.
+yes/no?
+
+
+
+
The answer for this should be no; the account you are adding here is for use by a human administrator.
+
+
+
+
6.2. Administration Console
+
+
To access the web-based Administration Console, simply follow the link
+from the Welcome Screen. To directly access the Management Console,
+point your browser at:
If you modify the management-http socket binding in your running
+configuration: adjust the above command accordingly. If such
+modifications are made, then the link from the Welcome Screen will also
+be inaccessible.
+
+
+
+
6.3. Command-Line Interface
+
+
If you prefer to manage your server from the command line (or batching),
+the jboss-cli.sh script provides the same capabilities available via
+the web-based UI. This script is accessed from $JBOSS_HOME/bin
+directory; e.g.,
+
+
+
+
$JBOSS_HOME/bin/jboss-cli.sh --connect
+Connected to standalone controller at localhost:9990
+
+
+
+
Notice if no host or port information provided, it will default to
+localhost:9990.
+
+
+
When running locally to the WildFly process the CLI will silently
+authenticate against the server by exchanging tokens on the file system,
+the purpose of this exchange is to verify that the client does have
+access to the local file system. If the CLI is connecting to a remote
+WildFly installation then you will be prompted to enter the username and
+password of a user already added to the realm.
+
+
+
Once connected you can add, modify, remove resources and deploy or
+undeploy applications. For a complete list of commands and command
+syntax, type help once connected.
+
+
+
+
6.4. Deploying an Application
+
+
WildFly provides a number of ways you can deploy your application into the server.
+These are covered in detail in the Admin Guide.
+
+
+
If you are running a standalone WildFly server, the simplest way to deploy
+your application is to copy the application archive (war/ear/jar) into the $JBOSS_HOME/standalone/deployments
+directory in the server installation. The server’s deployment-scanner subsystem will detect
+the new file and deploy it.
+
+
+
+
+
+
+
+
+If you are running a WildFly managed domain, the deployment-scanner subsystem is not
+available so you will need to use the CLI or web console to deploy your application. For more,
+see the Admin Guide.
+
+
+
+
+
+
+
6.5. Modifying the Example DataSource
+
+
As with previous JBoss application server releases, a default data
+source, ExampleDS , is configured using the embedded H2 database for
+developer convenience. There are two ways to define datasource
+configurations:
+
+
+
+
+
as a module
+
+
+
as a deployment
+
+
+
+
+
In the provided configurations, H2 is configured as a module. The module
+is located in the $JBOSS_HOME/modules/com/h2database/h2 directory. The
+H2 datasource configuration is shown below.
The datasource subsystem is provided by the
+IronJacamar project. For a detailed
+description of the available configuration properties, please consult
+the project documentation.
In the example above the org.jboss.as log category was configured. Use a different value
+for the logger key to configure a different log category.
+
+
+
By default, the server.log is configured to include all levels in its
+log output. In the above example we changed the console to also display
+debug messages.
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/latest/Getting_Started_on_OpenShift.html b/latest/Getting_Started_on_OpenShift.html
new file mode 100644
index 000000000..4528a4428
--- /dev/null
+++ b/latest/Getting_Started_on_OpenShift.html
@@ -0,0 +1,887 @@
+
+
+
+
+
+
+
+Getting Started with WildFly on OpenShift
+
+
+
+
+
+
+
This guide is designed to assist you through obtaining an OpenShift instance and installing WildFly, complete with a deployed application. It is not intended to cover all possible configurations, as links to more detailed documentation will be provided.
+
+
+
+
+
Obtaining an OpenShift Instance
+
+
There are many options available for running OpenShift. This guide will mention two.
+
+
+
Code-ready-containers
+
+
If you wish to run a local development environment, then CRC is likely to be a good starting point.
+
+
+
+
Developer sandbox
+
+
The Red Hat OpenShift Developer Sandbox is a hosted environment, and is free to use for development purposes.
+
+
+
This guide will focus on usage of the hosted developer sandbox environment. The sandbox should be provisioned from the page above before proceeding further.
+
+
+
+
+
OpenShift
+
+
In order to use OpenShift effectively, in addition to a running instance, you will need the OpenShift web console. To access this tool, from your OpenShift sandbox click the terminal icon (i.e. >_) at the top right of your sandbox portal. A terminal tab will pop up at the bottom of the page.
+
+
+
It is also possible to use the OpenShift command line terminal locally (oc command). This may be obtained from your package manager or downloaded from your OpenShift sandbox (in your control panel, clicking on the question mark icon at the top right of the console presents a drop-down menu where Command line tools takes you to the latest version of oc).
+
+
+
+
+
+
+
+
+If you have already installed oc on your machine, make sure that its version matches the version of the sandbox. You can use oc version to check both the version of oc and the version of the sandbox. Another way to check the version of the sandbox is by clicking on the question mark icon at the top right of the web console and then clicking on About in the drop-down menu: the OpenShift version will be listed there.
+
+
+
+
+
+
Once you have downloaded and installed/unpacked the client, you can authenticate to your running sandbox OpenShift instance by using the Copy Login Command from the upper right menu in the sandbox user-interface (your username is displayed there.)
We’ll be using the someuser-dev project for this example (someuser should be replaced with the username of the user):
+
+
+
+
oc project someuser-dev
+Already on project "someuser-dev" on server "https://api.sandbox.x8i5.p1.openshiftapps.com:6443"
+
+
+
+
In the OpenShift sandbox, it is not possible to create a new project but, in case you are running your own OpenShift, the command to create a new project is:
+
+
+
+
oc new-project <project name>
+
+
+
+
+
Helm Charts
+
+
Helm provides an easy way to manage and share applications on Kubernetes and OpenShift. We will use it to deploy our example applications to OpenShift.
+
+
+
Install Helm and Helm Charts
+
+
See the instructions for installing Helm here. Helm is installed on your local system as a command, which we will use to install the WildFly Charts. Once Helm is installed, we can proceed to use it to install the Helm Charts in our OpenShift instance:
The first example we will build and deploy to OpenShift is the todo-backend quickstart. This quickstart provides documentation for installing via Helm, so only a brief version is detailed below.
+
+
+
First, we need to provision a database instance, in this case PostgresSQL:
+Note that your Deployment will report "ErrImagePull" and "ImagePullBackOff" until the build is complete. Once the build is complete, your image will be automatically rolled out.
+
+
+
+
+
+
It is possible to use a specific quickstart tag in case the user does not want to use the main branch. To do so, add the following option to the above command:
+
+
+
+
--set build.ref={WildFlyQuickStartRepoTag}
+
+
+
+
Take a look at the bootable-jar-openshift profile configuration in the todo-backend quickstart’s pom.xml. The Maven profile named bootable-jar-openshift is used by the Helm chart to provision the server with the quickstart deployed. Notice the wildfly-jar-maven-plugin configuration defined in this profile. It specifies the layer that should be used when provisioning WildFly. For more details about this, take a look at the Architecture section in the quickstart’s README.
+
+
+
We have named this application todo-backend. This may be changed to a different name, if desired.
+
+
+
The application will now begin to build. The build can be observed via:
+
+
+
+
oc get build -w
+
+
+
+
It may take few minutes to build the application. Once the build is complete, deployment will begin and can be observed via:
+
+
+
+
oc get deployment todo-backend -w
+
+
+
+
Once deployment is complete, we need to query the route for this application to access it on the Internet. To do so, run:
+
+
+
+
oc get route todo-backend -o jsonpath="{.spec.host}"
The WildFly Helm Charts are used to build and deploy jaxrs-client. The following command installs a Helm Release from the WildFly Helm Charts into an OpenShift cluster:
+Note that your Deployment will report "ErrImagePull" and "ImagePullBackOff" until the build is complete. Once the build is complete, your image will be automatically rolled out.
+
+
+
+
+
+
This time, the name of the Helm Chart app is jaxrs-client-from-chart. (Of course, this may be changed to a different name, if desired.)
+
+
+
The application will now begin to build. The build can be observed via:
+
+
+
+
oc get build -w
+
+
+
+
It may take few minutes to build the application. Once the build is complete, to follow the deployment of the application, run:
+
+
+
+
oc get deployment jaxrs-client-from-chart -w
+
+
+
+
Once deployment is complete, we need to query the route for this application to access it on the Internet. To do so, run:
+
+
+
+
oc get route jaxrs-client-from-chart -o jsonpath="{.spec.host}"
+
+
+
+
The above command returns back a public address that points to the application deployed to the OpenShift cluster of the user (for example):
Take a look at the openshift profile configuration in the jaxrs-client quickstart’s pom.xml. The Maven profile named openshift is used by the Helm chart to provision the server with the quickstart deployed. Notice the wildfly-maven-plugin configuration defined in this profile. It specifies the layer that should be used when provisioning WildFly. For more details about this, take a look at the wildfly-maven-plugindocumentation.
+
+
+
If you wish to remove the application when you are done with it, simply run:
(--rebase will automatically move your local commits, if you have any, on top of the latest branch you pull from, you can leave it off if you do not).
+
+
+
Best practice is to never add your own commits to your local 'main' branch. Instead create a topic branch from 'main' and add commits to your topic branch. Only use your local 'main' to track the current state of the 'upstream' remote’s 'main' branch.
+
+
+
Please note that --rebase is very important if you do have commits. What happens is that when git pull can’t fast forward, it does a merge commit, and a merge commit puts the sucked in changes ON TOP of yours whereas a rebase puts them BELOW yours. In other words a merge commit makes the history a graph, and we prefer a cleaner, easier to follow linear history (hence the rebasing). Further once you do a merge commit it will be difficult to rebase the history before that commit (say you want to combine two commits to one later) as described in "Commit and push". Luckily the option set in step Safety will prevent this from happening.
+
+
+
One way to not forget --rebase the rebase option is you may want to create an alias
+
+
+
+
$ git config --global alias.up "pull --rebase"
+
+
+
+
and then just use the new alias instead of pull
+
+
+
+
$ git up upstream main
+
+
+
+
One last option, which some prefer, is to avoid using pull altogether, and just use fetch + rebase (this is of course more typing)
+For some reasons tags are not updated (e.g. not part of an active branch). Update the tags with
Assume you have a feature branch WFLY-815_upgrade_sample_dep and you have rebased the local main branch to be up to date with upstream main as described before.
+
+
+
+
git checkout -f WFLY-815_upgrade_sample_dep
+git rebase upstream/main
+
+
+
+
Do not pull the upstream main to your local feature branch! You’ll be stuck in duplicate commit hell.
Use maven. Simplest is to use the build.sh or build.bat scripts in the root of the source tree. If you don’t use those scripts and use the mvn command directly, note that WildFly’s root pom will enforce a minimum maven version.
+
+
+
Building WildFly requires Java 11 or newer. Make sure you have JAVA_HOME set to point to the JDK11 installation. Build uses Maven 3.
Getting feedback first is recommended before starting on any large-scale work. Large scale could mean many things including a complex change in a focused area, or a simple change made in many different parts of the code base.
+
+
+
Getting feedback first is strongly recommended before beginning work on a new feature. Any change that introduces new user-controllable behavior will be regarded as a new feature. Before merging new features we require a larger set of inputs than are required for other types of fixes, including a formal requirements analysis, a more formally considered plan for testing, and appropriate additions to the WildFly documentation. Before getting too far along with a feature it is best to discuss with other WildFly developers what’s needed and how best to ensure those things can be delivered.
Before importing you have to set the VM Options of the IntelliJ Maven importer. Please follow this guide https://www.jetbrains.com/help/idea/maven-importing.html and add -DallTests to the field VM options for importer.
+This is necessary because the testsuite poms do not contain all necessary modules by default.
Want to contribute to the WildFly project but aren’t quite sure where to start? Check out our issues with the good-first-issue label. These are a triaged set of issues that are great for getting started on our project.
+
+
+
Once you have selected an issue you’d like to work on, make sure it’s not already assigned to someone else. If you’ve resolved a WildFly issue before, to assign an issue to yourself, you should be able to simply click on "Start Progress" or Change the assignee by clicking on "Assign to me". This will automatically assign the issue to you. If you haven’t resolved an issue before, please start a thread expressing your interest in the issue in the wildfly-developers stream in zulip.
For component upgrades select this type for the Jira. The title must reflect the library and the new version.
+In the description please offer a links to the release notes, the git tag diff.
+
+
+
If you are aware that the component upgrade brings a fix for CVE, it’s good to note that in the JIRA title, as later that will make this information more visible in the WildFly release notes.
Take care that maintainers agree to pick up a new dependency.
+
+
+
+
+
Edit pom.xml and add a property of the form "version.groupId.artifactId" which contains the Maven version of the dependency. Add your new property in the proper alphabetical order with respect to the existing version properties. Add your dependency to the <dependencyManagement> section, and use the property for the version. If your new dependency has any transitive dependencies, be sure to <exclude> them (or if possible, update the project so that all its dependencies are of provided scope).
+
+
+
Add your dependency to any AS modules that require it, but only with group/artifact. If your dependency will be provided by an existing WildFly module, add a new artifact element to the module.xml file for the existing module, with the value of the element’s name attribute an expression of the form ${groupId:artifactId}
+
+
+
In the pom.xml file for the maven module where you added a new module.xml or updated an existing one for your new dependency, add a new dependency entry to the pom’s dependencies section.
+
+
+
If your dependency will be provided by a new WildFly module, create a directory in the relevant feature-pack maven module, e.g. ee-feature-pack/common/src/main/resources/modules/system/layers/base/ corresponding to the module’s name (which will differ from the Maven group/artifact name; look at other modules to get a feel for the naming scheme), with a version of "main", like this: modules/system/layers/base/org/jboss/foo/main. If the correct maven module to choose for your new directory is unclear, be sure to ask!
+
+
+
Create a module.xml file inside the "main" directory. Use a module.xml from another similar module as a template. JBoss Modules Reference Documentation
+
+
+
Important: Make sure you did not introduce any transitive dependencies by using "mvn dependency:tree". If you did, be sure to add <exclusion>s for each of them to your dependency as described above.
+
+
+
Important: Do not introduce a dependency on the "system" module. The JBoss Modules reference manual lists JDK packages. Please avoid deprecated packages.
+
+
+
Add license information to the license declaration file located in the maven module whose pom you just updated. For example, if you added a dependency entry to ee-feature-pack/common/pom.xml, please add an entry to ee-feature-pack/common/src/license/ee-feature-pack-common-licenses.xml. Add a new element in the appropriate spot. The elements are ordered by the maven groupId and artifactId of the entries. If the needed content for the entry is unclear, be sure to ask!
Rebase your branch against the latest main (applies your patches on top of main)
+
+
+
+
git fetch upstream
+git rebase -i upstream/main
+# if you have conflicts fix them and rerun rebase
+# The -f, forces the push, alters history, see note below
+git push -f origin WFLY-XXXX_my_cool_feature
+
+
+
+
The -i triggers an interactive update which also allows you to combine commits, alter commit messages etc. It’s a good idea to make the commit log very nice for external consumption. Note that this alters history, which while great for making a clean patch, is unfriendly to anyone who has forked your branch. Therefore you want to make sure that you either work in a branch that you don’t share, or if you do share it, tell them you are about to revise the branch history (and thus, they will then need to rebase on top of your branch once you push it out).
First try to run the tests as part of the build before sending a pull request.
+
+
+
+
$> ./build.sh clean install -DallTests
+
+
+
+
Sometimes there are test failures that are not related to your code changes. Most times it’s your code change. Try to discuss this on Zulip.
+
+
+
You can get a full run using
+
+
+
+
$> ./build.sh clean install -DallTests -fae
+
+
+
+
This additional option will allow the build to continue even when there are test failures. Doing this, you can get a stock of all the test failures and figure out how many are related to your code changes.
Make sure your repo is in sync with other unrelated changes in upstream before requesting your changes be merged into upstream by repeating Rebase topic branch on latest main.
In general, WildFly maintainers are watching the project, so they will receive a notification on each new PR.
+
+
+
As part of the review you may see an automated test run comment on your request.
+
+
+
After review a maintainer will merge your patch, update/resolve issues by request, and reply when complete
+
+
+
Don’t forget to switch back to main and pull the updates
+
+
+
+
+
+
git checkout main
+git pull --ff-only upstream main
+
+
+
+
Update the main branch of your github repository (otherwise you will see a message like 'Your branch is ahead of 'origin/main' by XXX commits.'
+if you use 'git status' on your local main branch.
The PR title should include a JIRA number directly from the project in question, whose corresponding JIRA issue will in turn have been linked to the pull request you are just now creating. The description should include a link to the JIRA. The description should also include a decent, human-readable summary of what is changing. Proper spelling and grammar is a plus!
It is highly annoying to reviewers when they find they’ve spent a great deal of time reviewing some code only to discover that it doesn’t even compile. In particular, it’s common for a patch to trip CheckStyle if it hadn’t been previously compile-tested at the least.
+
+
+
While it is tempting to rely on the automated CI/GitHub integration to do our build and test for us (and I’m guilty of having done this too), it generally just causes trouble, so please don’t do it!
This comes directly from [1], and I agree with it 100% (where the source document says "patch", think "commit"):
+
+
+
+
+
Separate each logical change into a separate patch.
+For example, if your changes include both bug fixes and performance enhancements for a single driver, separate those changes into two or more patches. If your changes include an API update, and a new driver which uses that new API, separate those into two patches.
+On the other hand, if you make a single change to numerous files, group those changes into a single patch. Thus a single logical change is contained within a single patch.
+The point to remember is that each patch should make an easily understood change that can be verified by reviewers. Each patch should be justifiable on its own merits.
+If one patch depends on another patch in order for a change to be complete, that is OK. Simply note "this patch depends on patch X" in your patch description.
+When dividing your change into a series of patches, take special care to ensure that [WildFly] builds and runs properly after each patch in the series. Developers using "git bisect" to track down a problem can end up splitting your patch series at any point; they will not thank you if you introduce bugs in the middle. If you cannot condense your patch set into a smaller set of patches, then only post say 15 or so at a time and wait for review and integration.
+
+
+
+
+
I also want to emphasize how important it is to separate functional and non-functional changes. The latter category includes reformatting (which generally should not be done without a strong justification).
If you have one logical change (for example you’re removing manual null checks and put a JDK or utility method instead) which affects more than one top-level maven module, please split them by top-level maven module.
+For the logical change description use a top level JIRA (Bug, task, enhancement) and add sub-task for each top-level maven module.
+
+
+
Reason behind: WildFly and WildFly Core have a really huge codebase with several different full-time maintainers to review and approve the code. Afterward different project leads and/or release stewards do merge and Jira management work.
+
+
+
If there is a serious reason to deviate from this rule, please ask before on Zulip.
We all know that development can sometimes be an iterative process, and we learn as we go. Nonetheless, we do not need or want a complete record of all the highs and lows in the history of every change (for example, an "add foobar" commit followed later by a "remove foobar" commit in the same PR) - particularly for large changes or in large projects (like WildFly proper). It is good practice for such change authors to go back and rearrange and/or restructure the commits of a pull request such that they incrementally introduce the change in a logical manner, as one single conceptual change per PR.
+
+
+
Note that this advice is not meant to discourage multiple commits in a single PR that are all steps on the way to an overall complex change. To the contrary, multiple well structured commits are sometimes critical to getting proper review of complex changes. For example a PR to refactor code away from an ill-fitting set of abstractions and to a new set can be difficult to review in a single commit. But doing so can be quite straightforward when broken up into, for example, four commits, one to make some small change to clean up something that would get in the way of the overall change, one introducing the new abstractions, one moving the implementation to the new abstractions, and one removing the old abstractions.
+
+
+
If a PR consists of dozens or hundreds of nontrivial commits, you will want to strongly consider dividing it up into multiple PRs, as PRs of this size simply cannot be effectively reviewed. They will either be merged without adequate review, or outright ignored or closed. Which one is worse, I leave to your imagination.
While in general it is my experience that WildFly contributors are good about this, I’m going to quote this passage from [1] regardless:
+
+
+
+
+
Your patch will almost certainly get comments from reviewers on ways in which the patch can be improved. You must respond to those comments; ignoring reviewers is a good way to get ignored in return. […]
+Be sure to tell the reviewers what changes you are making and to thank them for their time. Code review is a tiring and time-consuming process, and reviewers sometimes get grumpy. Even in that case, though, respond politely and address the problems they have pointed out.
+
+
+
+
+
In addition, when something needs to be changed, the proper manner to do so is generally to modify the original commit, not to add more commits to the chain to fix issues as they’re reported. See Avoid massive and/or "stream of consciousness" branches.
It may come to pass that you have to iterate on your pull request many times before it is considered acceptable. Don’t be discouraged by this - instead, consider that to be a sign that the reviewers care highly about the quality of the code base. At the same time though, consider that it is frustrating for reviewers to have to say the same things over and over again, so please do take care to provide as high-quality submissions as possible, and see Pay attention and respond to review comments!
You don’t have to be an official reviewer in order to review a pull request. If you see a pull request dealing with an area you are familiar with, feel free to examine it and comment as needed. In addition, all pull requests need to be reviewed for basic (non-machine-verifiable) correctness, including noticing bad code, NPE risks, and anti-patterns as well as "boring stuff" like spelling and grammar and documentation.
+
+
+
If you review a PR and you feel you understand it in total and that it is correct, it is helpful to the WildFly mergers if you use the 'Approve' option discussed in the Github pull request review documentation. Don’t worry that your approval will trigger automatic merging; it won’t. It’s just easier for others to see that you regard the PR as correct if you use the Github workflow. (Please don’t, however, use the 'Approve' option if you are not expressing an approval of the PR overall; e.g. if you only looked at one part and made some comments that were addressed. Use comments for that kind of input.)
+
+
+
If you do review a pull request and make suggestions for changes, please do pay attention to the PR and try to acknowledge if your suggestions have been resolved. This is particularly important if it won’t be quickly obvious to others if your input was addressed.
When doing major and/or long-term refactors, while rare, it is possible that the above constraints become impractical, especially with regard to grouping changes. In this case, you can use a work branch on a (GitHub) fork of WildFly, applying the above rules in micro-scale to just that branch. In this case you could possibly ask a reviewer to also review some or all of the pull requests to that branch. Merge commits would then be used to periodically synchronize with upstream.
+
+
+
In this way, when the long-term branch is ready to "come home" to the main branch, the reviewers may have a good idea that the (potentially quite numerous) changes in the work branch have been reviewed already.
WildFly’s High Availability services are used to guarantee availability
+of a deployed Jakarta EE application.
+
+
+
Deploying critical applications on a single node suffers from two
+potential problems:
+
+
+
+
+
loss of application availability when the node hosting the application
+crashes (single point of failure)
+
+
+
loss of application availability in the form of extreme delays in
+response time during high volumes of requests (overwhelmed server)
+
+
+
+
+
WildFly supports two features which ensure high availability of critical
+Jakarta EE applications:
+
+
+
+
+
fail-over: allows a client interacting with a Jakarta EE application to
+have uninterrupted access to that application, even in the presence of
+node failures
+
+
+
load balancing: allows a client to have timely responses from the
+application, even in the presence of high-volumes of requests
+
+
+
+
+
+
+
+
+
+
+These two independent high availability services can very effectively
+inter-operate when making use of mod_cluster for load balancing!
+
+
+
+
+
+
Taking advantage of WildFly’s high availability services is easy, and
+simply involves deploying WildFly on a cluster of nodes, making a small
+number of application configuration changes, and then deploying the
+application in the cluster.
+
+
+
We now take a brief look at what these services can guarantee.
+
+
+
+
1.2. High Availability through fail-over
+
+
Fail-over allows a client interacting with a Jakarta EE application to have
+uninterrupted access to that application, even in the presence of node
+failures. For example, consider a Jakarta EE application which makes use of
+the following features:
+
+
+
+
+
session-oriented servlets to provide user interaction
+
+
+
session-oriented Jakarta Enterprise Beans to perform state-dependent business computation
+
+
+
Jakarta Enterprise Beans entity beans to store critical data in a persistent store (e.g.
+database)
+
+
+
SSO login to the application
+
+
+
+
+
If the application makes use of WildFly’s fail-over services, a client
+interacting with an instance of that application will not be interrupted
+even when the node on which that instance executes crashes. Behind the
+scenes, WildFly makes sure that all of the user data that the
+application make use of (HTTP session data, Jakarta Enterprise Beans SFSB sessions,
+Jakarta Enterprise Beans entities and SSO credentials) are available at other nodes in the
+cluster, so that when a failure occurs and the client is redirected to
+that new node for continuation of processing (i.e. the client "fails
+over" to the new node), the user’s data is available and processing can
+continue.
+
+
+
The Infinispan and JGroups subsystems are instrumental in providing
+these data availability guarantees and will be discussed in detail later
+in the guide.
+
+
+
+
1.3. High Availability through load balancing
+
+
Load balancing enables the application to respond to client requests in
+a timely fashion, even when subjected to a high-volume of requests.
+Using a load balancer as a front-end, each incoming HTTP request can be
+directed to one node in the cluster for processing. In this way, the
+cluster acts as a pool of processing nodes and the load is "balanced"
+over the pool, achieving scalability and, as a consequence,
+availability. Requests involving session-oriented servlets are directed
+to the the same application instance in the pool for efficiency of
+processing (sticky sessions). Using mod_cluster has the advantage that
+changes in cluster topology (scaling the pool up or down, servers
+crashing) are communicated back to the load balancer and used to update
+in real time the load balancing activity and avoid requests being
+directed to application instances which are no longer available.
+
+
+
The mod_cluster subsystem is instrumental in providing support for this
+High Availability feature of WildFly and will be discussed in detail
+later in this guide.
+
+
+
+
1.4. Aims of the guide
+
+
This guide aims to:
+
+
+
+
+
provide a description of the high-availability features available in
+WildFly and the services they depend on
+
+
+
show how the various high availability services can be configured for
+particular application use cases
+
+
+
identify default behavior for features relating to
+high-availability/clustering
+
+
+
+
+
+
1.5. Organization of the guide
+
+
As high availability features and their configuration depend on the
+particular component they affect (e.g. HTTP sessions, Jakarta Enterprise Beans SFSB sessions,
+Hibernate), we organize the discussion around those Jakarta EE features. We
+strive to make each section as self-contained as possible. Also, when
+discussing a feature, we will introduce any WildFly subsystems upon
+which the feature depends.
+
+
+
+
+
+
2. Distributable Web Applications
+
+
+
In a standard web application, session state does not survive beyond the lifespan of the servlet container.
+A distributable web application allows session state to survive beyond the lifespan of a single server, either via persistence or by replicating state to other nodes in the cluster.
+A web application indicates its intention to be distributable via the <distributable/> element within the web application’s deployment descriptor.
The distributable-web subsystem manages a set of session management profiles that encapsulate the configuration of a distributable session manager.
+One of these profiles will be designated as the default profile (via the "default-session-management" attribute) and thus defines the default behavior of a distributable web application.
The infinispan-session-management resource configures a distributable session manager that uses an embedded Infinispan cache.
+
+
+
+
cache-container
+
+
This references a cache-container defined in the Infinispan subsystem into which session data will be stored.
+
+
cache
+
+
This references a cache within associated cache-container upon whose configuration the web application’s cache will be based.
+If undefined, the default cache of the associated cache container will be used.
+
+
granularity
+
+
This defines how the session manager will map a session into individual cache entries.
+Possible values are:
+
+
+
SESSION
+
+
Stores all session attributes within a single cache entry.
+This is generally more expensive than ATTRIBUTE granularity, but preserves any cross-attribute object references.
+
+
ATTRIBUTE
+
+
Stores each session attribute within a separate cache entry.
+This is generally more efficient than SESSION granularity, but does not preserve any cross-attribute object references.
+
+
+
+
+
affinity
+
+
This resource defines the affinity that a web request should have for a given server.
+The affinity of the associated web session determines the algorithm for generating the route to be appended onto the session ID (within the JSESSIONID cookie, or when encoding URLs).
+This annotation of the session ID is used by load balancers to advise how future requests for existing sessions should be directed.
+Routing is designed to be opaque to application code such that calls to HttpSession.getId() always return an unmodified session ID.
+This is only generated when creating/updating the JSESSIONID cookie, or when encoding URLs via HttpServletResponse.encodeURL() and encodeRedirectURL().
+Possible values are:
+
+
+
affinity=none
+
+
Web requests will have no affinity to any particular node.
+This option is intended for use cases where web session state is not maintained within the application server.
+
+
affinity=local
+
+
Web requests will have an affinity to the server that last handled a request for a given session.
+This option corresponds to traditional sticky session behavior.
+
+
affinity=primary-owner
+
+
Web requests will have an affinity to the primary owner of a given session.
+This is the default affinity for this distributed session manager.
+Behaves the same as affinity=local if the backing cache is not distributed nor replicated.
+
+
affinity=ranked
+
+
Web requests will have an affinity to the first available node in a ranked list comprised of: primary owner, backup nodes, local node (if not a primary nor backup owner).
+Only for use with load balancers that support multiple routes.
+Behaves the same as affinity=local if cache is not distributed nor replicated.
+
+
+
+
+
marshaller
+
+
Specifies the marshalling implementation used to serialize session attributes.
The hotrod-session-management resource configures a distributable session manager where session data is stored in a remote infinispan-server cluster via the HotRod protocol.
+
+
+
+
remote-cache-container
+
+
This references a remote-cache-container defined in the Infinispan subsystem into which session data will be stored.
+
+
cache-configuration
+
+
If a remote cache whose name matches the deployment name does not exist, this attribute defines a cache configuration within the remote infinispan server, from which an application-specific cache will be created.
+
+
granularity
+
+
This defines how the session manager will map a session into individual cache entries.
+Possible values are:
+
+
+
SESSION
+
+
Stores all session attributes within a single cache entry.
+This is generally more expensive than ATTRIBUTE granularity, but preserves any cross-attribute object references.
+
+
ATTRIBUTE
+
+
Stores each session attribute within a separate cache entry.
+This is generally more efficient than SESSION granularity, but does not preserve any cross-attribute object references.
+
+
+
+
+
affinity
+
+
This resource defines the affinity that a web request should have for a given server.
+The affinity of the associated web session determines the algorithm for generating the route to be appended onto the session ID (within the JSESSIONID cookie, or when encoding URLs).
+This annotation of the session ID is used by load balancers to advise how future requests for existing sessions should be directed.
+Routing is designed to be opaque to application code such that calls to HttpSession.getId() always return an unmodified session ID.
+This is only generated when creating/updating the JSESSIONID cookie, or when encoding URLs via HttpServletResponse.encodeURL() and encodeRedirectURL().
+Possible values are:
+
+
+
affinity=none
+
+
Web requests will have no affinity to any particular node.
+This option is intended for use cases where web session state is not maintained within the application server.
+
+
affinity=local
+
+
Web requests will have an affinity to the server that last handled a request for a given session.
+This option corresponds to traditional sticky session behavior.
+
+
+
+
+
marshaller
+
+
Specifies the marshalling implementation used to serialize session attributes.
e.g. Creating a new session management profile "foo" using the cache configuration "bar" defined on a remote infinispan server "datagrid" with ATTRIBUTE granularity:
A web application can override the default distributable session management behavior in 1 of 2 ways:
+
+
+
+
+
Reference a session-management profile by name
+
+
+
Provide deployment-specific session management configuration
+
+
+
+
+
2.2.1. Referencing an existing session management profile
+
+
To use an existing distributed session management profile, a web application should include a distributable-web.xml deployment descriptor located within the application’s /WEB-INF directory.
2.2.2. Using a deployment-specific session management profile
+
+
If custom session management configuration will only be used by a single web application, you may find it more convenient to define the configuration within the deployment descriptor itself.
+Ad hoc configuration looks identical to the configuration used by the distributable-web subsystem.
WildFly supports the ability to share sessions across web applications within an enterprise archive.
+In previous releases, WildFly always presumed distributable session management of shared sessions.
+Version 2.0 of the shared-session-config deployment descriptor was updated to allow an EAR to opt-in to this behavior using the familiar <distributable/> element.
+Additionally, you can customize the behavior of the distributable session manager used for session sharing via the same configuration mechanism described in the above sections.
2.4. Optimizing performance of distributed web applications
+
+
One of the primary design goals of WildFly’s distributed session manager was the parity of HttpSession semantics between distributable and non-distributable web applications.
+In order to provide predictable behavior suitable for most web applications, the default distributed session manager configuration is quite conservative, generally favoring consistency over availability.
+However, these defaults may not be appropriate for your application.
+In general, the effective performance of the distributed session manager is constrained by:
+
+
+
+
+
Replication/persistence payload size
+
+
+
Locking/isolation of a given session
+
+
+
+
+
To optimize the configuration of the distributed session manager for your application, you can address the above constraints by tuning one or more of the following:
By default, WildFly’s distributed session manager uses SESSION granularity, meaning that all session attributes are stored within a single cache entry.
+While this ensures that any object references shared between session attributes are preserved following replication/persistence, it means that a change to a single attribute results in the replication/persistence of all attributes.
+
+
+
If your application does not share any object references between attributes, users are strongly advised to use ATTRIBUTE granularity.
+Using ATTRIBUTE granularity, each session attribute is stored in a separate cache entry.
+This means that a given request is only required to replicate/persist those attributes that were added/modified/removed/mutated in a given request.
+For read-heavy applications, this can dramatically reduce the replication/persistence payload per request.
+
+
+
+
2.4.2. Session concurrency
+
+
WildFly’s default distributed session manager behavior is also conservative with respect to concurrent access to a given session.
+By default, a request acquires exclusive access to its associated session for the duration of a request, and until any async child context is complete.
+This maximizes the performance of a single request, as each request corresponds to a single cache transaction; allows for repeatable read semantics to the session; and ensures that subsequent requests are not prone to stale reads, even when handled by another cluster member.
+
+
+
However, if multiple requests attempt to access the same session concurrently, their processing will be effectively serialized. This might not be feasible, especially for heavily asynchronous web applications.
+
+
+
Relaxing transaction isolation from REPEATABLE_READ to READ_COMMITTED on the associated cache configuration will allow concurrent requests to perform lock-free (but potentially stale) reads by deferring locking to the first attempt to write to the session.
+This improves the throughput of requests for the same session for highly asynchronous web applications whose session access is read-heavy.
For asynchronous web applications whose session access is write-heavy, merely relaxing transaction isolation is not likely to be sufficient.
+These web applications will likely benefit from disabling cache transactions altogether.
+When transactions are disabled, cache entries are locked and released for every write to the session, resulting in last-write-wins semantics.
+For write-heavy applications, this typically improves the throughput of concurrent requests for the same session, at the cost of longer response times for individual requests.
+Relaxing transaction isolation currently prevents WildFly from enforcing that a given session is handled by one JVM at a time, a constraint dictated by the servlet specification.
+
+
+
+
+
+
+
2.4.3. Session attribute immutability
+
+
In WildFly, distributed session attributes are presumed to be mutable objects, unless of a known immutable type, or unless otherwise specified.
By default, WildFly replicates/persists the mutable session attributes at the end of the request, ensuring that a subsequent request will read the mutated value, not the original value.
+However, the replication/persistence of mutable session attributes at the end of the request happens whether or not these objects were actually mutated.
+To avoid redundant session writes, users are strongly encouraged to store immutable objects in the session whenever possible.
+This allows the application more control over when session attributes will replicate/persist, since immutable session attributes will only update upon explicit calls to HttpSession.setAttribute(…).
+
+
+
WildFly can determine whether most JDK types are immutable, but any unrecognized/custom types are presumed to be mutable.
+To indicate that a given session attribute of a custom type should be treated as immutable by the distributed session manager, annotate the class with one of the following annotations:
Minimizing the replication/persistence payload for individual session attributes has a direct impact on performance by reducing the number of bytes sent over the network or persisted to storage.
+See the Marshalling section for more details.
+
+
+
+
+
+
+
3. Distributable Jakarta Enterprise Beans Applications
+
+
+
Just as with standard web applications, session state of stateful session beans (SFSB) contained in a standard EJB application
+is not guaranteed to survive beyond the lifespan of the Jakarta Enterprise Beans container. And, as with standard web applications, there is a way to
+allow session state of SFSBs to survive beyond the lifespan of a single server, either through persistence or by replicating state to
+other nodes in the cluster.
+
+
+
A distributable SFSB is one whose state is made available on multiple nodes in a cluster and which supports failover of invocation attempts: if the node
+on which the SFSB was created fails, the invocation will be retried on another node in the cluster where the SFSB state is present.
+
+
+
In the case of Jakarta Enterprise Beans applications, whether or not a bean is distributable is determined globally or on a per-bean basis, rather than on
+an application-wide basis as in the case of distributed HttpSessions.
+
+
+
A stateful session bean within an Jakarta Enterprise Beans application indicates its intention to be distributable by using a passivation-capable cache
+to store its session state. Cache factories were discussed in the Jakarta Enterprise Beans section of the Wildfly Admin Guide.
+Additionally, the EJB application needs to be deployed into a server which uses an High Availability (HA) server profile, such as standalone-ha.xml
+or standalone-full-ha.xml.
+
+
+
Since Jakarta Enterprise Beans are passivation-capable by default, generally, users already using an HA profile will not need to make any configuration changes
+for their beans to be distributable and, consequently, to support failover. More fine-grained control over whether a bean is distributable can be
+achieved using the passivationCapable attribute of the @Stateful annotation (or the equivalent deployment descriptor override). A bean which is marked as
+@Stateful(passivationCapable=false) will not exhibit distributable behavior (i.e. failover), even when the application containing it is deployed in a cluster.
+
+
+
+
+
+
+
+
+More information on passivation-capable beans can be found in Section 4.6.5 of the Jakarta Enterprise Beans specification.
+
+
+
+
+
+
In the sections that follow, we discuss some aspects of configuring distributable Jakarta Enterprise Beans applications in Wildfly.
+
+
+
3.1. Distributable EJB Subsystem
+
+
The purpose of the distributable-ejb subsystem is to permit configuration of clustering abstractions
+required to support those resources of the ejb3 subsystem which support clustered operation. The key resources
+of the ejb3 subsystem which require clustering abstractions are:
+
+
+
+
+
cache factories
+Passivating cache factories depend on a bean management provider to provide passivation and persistence of SFSB
+session states in a local or distributed environment.
+
+
+
client mappings registries
+Supporting remote invocation on SFSB deployed in a cluster require storing client mappings information in a
+ client mappings registry. The registry may be tailored for a local or a distributed environment.
+
+
+
+
+
These clustering abstractions are made available to the ejb3 subsystem via the specification and configuration of
+clustering abstraction 'providers'. We describe the available providers below.
+
+
+
3.1.1. Bean management providers
+
+
A bean management provider provides access to a given implementation of a bean manager,
+used by passivation-capable cache factories defined in the ejb3 subsystem to manage passivation and persistence.
+
+
+
Bean management provider elements are named, and represent different implementation and configuration choices for bean management.
+At least one named bean management provider must be defined in the distributable-ejb subsystem and of those, one
+instance must be identified as the default bean management provider, using the default-bean-management attribute of
+the distributable-ejb subsystem.
+
+
+
The available bean management provider is:
+
+
+
infinispan-bean-management
+
+
The infinispan-bean-management provider element represents a bean manager implementation based on an Infinispan cache. The
+attributes for the infinispan-bean-manager element are:
+
+
+
+
cache-container
+
+
Specifies a cache container defined in the Infinispan subsystem used to support the session state cache
+
+
cache
+
+
Specifies the session state cache and its configured properties
+
+
max-active-beans
+
+
Specifies the maximum number of non-passivated session state entries allowed in the cache
+
+
+
+
+
+
+
3.1.2. Client mappings registries
+
+
A client mappings registry provider provides access to a given implementation of a client mappings registry, used by
+the EJB client invocation mechanism to store information about client mappings for each node in the cluster. Client mappings
+are defined in the socket bindings configuration of a server and required to allow an EJB client application to connect
+to servers which are multi-homed (i.e. clients may access the same server from different networks using a different IP address
+ad port for each interface on the multi-homed server).
+
+
+
The available client mappings registry providers are:
+
+
+
infinispan-client-mappings-registry
+
+
The infinispan-client-mappings-registry provider is a provider based on an Infinispan cache and suitable for a clustered server.
+
+
+
+
cache-container
+
+
Specifies a cache container defined in the Infinispan subsystem used to support the client mappings registry
+
+
cache
+
+
Specifies the cache and its configured properties used to support the client mappings registry
+
+
+
+
+
+
local-client-mappings-registry
+
+
The client mappings registry provider suitable for a local, non-clustered server.
+
+
+
+
+
3.1.3. Timer management
+
+
The distributable-ejb subsystem defines a set of timer management resources that define behavior for persistent or non-persistent EJB timers.
This provider stores timer metadata within an embedded Infinispan cache, and utilizes consistent hashing to distribute timer execution between cluster members.
+
+
+
+
cache-container
+
+
Specifies a cache container defined in the Infinispan subsystem
+
+
cache
+
+
Specifies the a cache configuration within the specified cache-container
+
+
max-active-timers
+
+
Specifies the maximum number active timers to retain in memory at a time, after which the least recently used will passivate
+
+
marshaller
+
+
Specifies the marshalling implementation used to serialize the timeout context of a timer.
To ensure proper functioning, the associated cache configuration, regardless of type, should use:
+
+
+
+
+
BATCH transaction mode
+
+
+
REPEATABLE_READ lock isolation
+
+
+
+
+
Generally, persistent timers will leverage a distributed or replicated cache configuration if in a cluster, or a local, persistent cache configuration if on a single server;
+while transient timers will leverage a local, passivating cache configuration.
+
+
+
By default, all cluster members will be eligible for timer execution.
+A given cluster member exclude itself from timer execution by using a cache capacity-factor of 0.
+
+
+
+
+
+
3.2. Deploying clustered EJBs
+
+
Clustering support is available in the HA profiles of WildFly. In this
+chapter we’ll be using the standalone server for explaining the details.
+However, the same applies to servers in a domain mode. Starting the
+standalone server with HA capabilities enabled, involves starting it
+with the standalone-ha.xml (or even standalone-full-ha.xml):
+
+
+
+
./standalone.sh -server-config=standalone-ha.xml
+
+
+
+
This will start a single instance of the server with HA capabilities.
+Deploying the EJBs to this instance doesn’t involve anything special
+and is the same as explained in the application
+deployment chapter.
+
+
+
Obviously, to be able to see the benefits of clustering, you’ll need
+more than one instance of the server. So let’s start another server with
+HA capabilities. That another instance of the server can either be on
+the same machine or on some other machine. If it’s on the same machine,
+the two things you have to make sure is that you pass the port offset
+for the second instance and also make sure that each of the server
+instances have a unique jboss.node.name system property. You can do
+that by passing the following two system properties to the startup
+command:
+
+
+
+
./standalone.sh -server-config=standalone-ha.xml -Djboss.socket.binding.port-offset=<offset of your choice> -Djboss.node.name=<unique node name>
+
+
+
+
Follow whichever approach you feel comfortable with for deploying the
+EJB deployment to this instance too.
+
+
+
+
+
+
+
+
+Deploying the application on just one node of a standalone instance of a
+clustered server does not mean that it will be automatically deployed
+to the other clustered instance. You will have to do deploy it
+explicitly on the other standalone clustered instance too. Or you can
+start the servers in domain mode so that the deployment can be deployed
+to all the server within a server group. See the
+admin guide for
+more details on domain setup.
+
+
+
+
+
+
Now that you have deployed an application with clustered EJBs on both
+the instances, the EJBs are now capable of making use of the clustering
+features.
+
+
+
3.2.1. Failover for clustered EJBs
+
+
Clustered EJBs have failover capability. The state of the @Stateful
+@Clustered EJBs is replicated across the cluster nodes so that if one of
+the nodes in the cluster goes down, some other node will be able to take
+over the invocations. Let’s see how it’s implemented in WildFly. In
+the next few sections we’ll see how it works for remote (standalone)
+clients and for clients in another remote WildFly server instance.
+Although, there isn’t a difference in how it works in both these cases,
+we’ll still explain it separately so as to make sure there aren’t any
+unanswered questions.
+
+
+
+
3.2.2. Remote standalone clients
+
+
In this section we’ll consider a remote standalone client (i.e. a client
+which runs in a separate JVM and isn’t running within another WildFly
+8 instance). Let’s consider that we have 2 servers, server X and server
+Y which we started earlier. Each of these servers has the clustered EJB
+deployment. A standalone remote client can use either the
+JNDI approach or native JBoss EJB client APIs to
+communicate with the servers. The important thing to note is that when
+you are invoking clustered EJB deployments, you do not have to list
+all the servers within the cluster (which obviously wouldn’t have been
+feasible due the dynamic nature of cluster node additions within a
+cluster).
+
+
+
The remote client just has to list only one of the servers with the
+clustering capability. In this case, we can either list server X (in
+jboss-ejb-client.properties) or server Y. This server will act as the
+starting point for cluster topology communication between the client and
+the clustered nodes.
+
+
+
Note that you have to configure the ejb cluster in the
+jboss-ejb-client.properties configuration file, like so:
When a client connects to a server, the JBoss EJB client implementation
+(internally) communicates with the server for cluster topology
+information, if the server had clustering capability. In our example
+above, let’s assume we listed server X as the initial server to connect
+to. When the client connects to server X, the server will send back an
+(asynchronous) cluster topology message to the client. This topology
+message consists of the cluster name(s) and the information of the nodes
+that belong to the cluster. The node information includes the node
+address and port number to connect to (whenever necessary). So in this
+example, the server X will send back the cluster topology consisting of
+the other server Y which belongs to the cluster.
+
+
+
In case of stateful (clustered) EJBs, a typical invocation flow involves
+creating of a session for the stateful bean, which happens when you do a
+JNDI lookup for that bean, and then invoking on the returned proxy. The
+lookup for stateful bean, internally, triggers a (synchronous) session
+creation request from the client to the server. In this case, the
+session creation request goes to server X since that’s the initial
+connection that we have configured in our jboss-ejb-client.properties.
+Since server X is clustered, it will return back a session id and along
+with send back an "affinity" of that session. In case of clustered
+servers, the affinity equals to the name of the cluster to which the
+stateful bean belongs on the server side. For non-clustered beans, the
+affinity is just the node name on which the session was created. This
+affinity will later help the EJB client to route the invocations on
+the proxy, appropriately to either a node within a cluster (for
+clustered beans) or to a specific node (for non-clustered beans). While
+this session creation request is going on, the server X will also send
+back an asynchronous message which contains the cluster topology. The
+JBoss EJB client implementation will take note of this topology
+information and will later use it for connection creation to nodes
+within the cluster and routing invocations to those nodes, whenever
+necessary.
+
+
+
Now that we know how the cluster topology information is communicated
+from the server to the client, let see how failover works. Let’s
+continue with the example of server X being our starting point and a
+client application looking up a stateful bean and invoking on it. During
+these invocations, the client side will have collected the cluster
+topology information from the server. Now let’s assume for some reason,
+server X goes down and the client application subsequent invokes on the
+proxy. The JBoss EJB client implementation, at this stage will be aware
+of the affinity and in this case it’s a cluster affinity. Because of the
+cluster topology information it has, it knows that the cluster has two
+nodes server X and server Y. When the invocation now arrives, it sees
+that the server X is down. So it uses a selector to fetch a suitable
+node from among the cluster nodes. The selector itself is configurable,
+but we’ll leave it from discussion for now. When the selector returns a
+node from among the cluster, the JBoss EJB client implementation creates
+a connection to that node (if not already created earlier) and creates a
+EJB receiver out of it. Since in our example, the only other node in the
+cluster is server Y, the selector will return that node and the JBoss
+EJB client implementation will use it to create a EJB receiver out of it
+and use that receiver to pass on the invocation on the proxy.
+Effectively, the invocation has now failed over to a different node
+within the cluster.
+
+
+
+
3.2.4. Remote clients on another instance of WildFly
+
+
So far we discussed remote standalone clients which typically use either
+the EJB client API or the jboss-ejb-client.properties based approach to
+configure and communicate with the servers where the clustered beans are
+deployed. Now let’s consider the case where the client is an application
+deployed another AS7 instance and it wants to invoke on a clustered
+stateful bean which is deployed on another instance of WildFly. In
+this example let’s consider a case where we have 3 servers involved.
+Server X and Server Y both belong to a cluster and have clustered EJB
+deployed on them. Let’s consider another server instance Server C (which
+may or may not have clustering capability) which acts as a client on
+which there’s a deployment which wants to invoke on the clustered beans
+deployed on server X and Y and achieve failover.
+
+
+
The configurations required to achieve this are explained in
+this chapter. As you can see the configurations are
+done in a jboss-ejb-client.xml which points to a remote outbound
+connection to the other server. This jboss-ejb-client.xml goes in the
+deployment of server C (since that’s our client). As explained earlier,
+the client configuration need not point to all clustered nodes.
+Instead it just has to point to one of them which will act as a start
+point for communication. So in this case, we can create a remote
+outbound connection on server C to server X and use server X as our
+starting point for communication. Just like in the case of remote
+standalone clients, when the application on server C (client) looks up a
+stateful bean, a session creation request will be sent to server X which
+will send back a session id and the cluster affinity for it.
+Furthermore, server X asynchronously send back a message to server C
+(client) containing the cluster topology. This topology information will
+include the node information of server Y (since that belongs to the
+cluster along with server X). Subsequent invocations on the proxy will
+be routed appropriately to the nodes in the cluster. If server X goes
+down, as explained earlier, a different node from the cluster will be
+selected and the invocation will be forwarded to that node.
+
+
+
As can be seen both remote standalone client and remote clients on
+another WildFly instance act similar in terms of failover.
+
+
+
+
+
+
+
+
+References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
+
+
+
+
+
+
+
+
+
+
4. Messaging
+
+
+
This section is under development intending to describe high availability features and configuration pertaining to Jakarta Messaging (JMS).
+
+
+
+
+
5. Load Balancing
+
+
+
5.1. mod_cluster Subsystem
+
+
The mod_cluster integration is done via the mod_cluster subsystem.
+
+
+
5.1.1. Configuration
+
+
Instance ID or JVMRoute
+
+
The instance-id or JVMRoute defaults to jboss.node.name property passed
+on server startup (e.g. via -Djboss.node.name=XYZ).
By default, mod_cluster is configured for multicast-based discovery. To
+specify a static list of proxies, create a remote-socket-binding for
+each proxy and then reference them in the 'proxies' attribute. See the
+following example for configuration in the domain mode:
Since WildFly 14 mod_cluster subsystem supports multiple named proxy configurations also allowing for registering
+non-default Undertow servers with the reverse proxies. Moreover, this allows single application server node to register with
+different groups of proxy servers.
+
+
+
See the following example which adds another Undertow AJP listener, server and a host and adds a new mod_cluster configuration
+which registers this host using advertise mechanism.
The operations specific to the modcluster subsystem are divided in 3
+categories the ones that affects the configuration and require a restart
+of the subsystem, the one that just modify the behaviour temporarily and
+the ones that display information from the httpd part.
+
+
+
operations displaying httpd information
+
+
There are 2 operations that display how Apache httpd sees the node:
+
+
+
read-proxies-configuration
+
+
Send a DUMP message to all Apache httpd the node is connected to and
+display the message received from Apache httpd.
Those operations are like the context operation but they apply to all
+webapps running on the node and operation that affect the whole node.
+
+
+
refresh
+
+
Refresh the node by sending a new CONFIG message to Apache httpd.
+
+
+
+
reset
+
+
Reset the connection between Apache httpd and the node.
+
+
+
+
+
Configuration
+
+
Metric configuration
+
+
There are 4 metric operations corresponding to add and remove load
+metrics to the dynamic-load-provider. Note that when nothing is defined
+a simple-load-provider is use with a fixed load factor of one.
like the add-metric and remove-metric except they require a class
+parameter instead the type. Usually they needed additional properties
+which can be specified
+This section provides information how to configure mod_cluster
+subsystem to protect communication between mod_cluster and load balancer
+using SSL/TLS using Elytron Subsystem.
+
+
+
+
Overview
+
+
Elytron subsystem provides a powerful and flexible model to configure
+different security aspects for applications and the application server
+itself. At its core, Elytron subsystem exposes different capabilities to
+the application server in order centralize security related
+configuration in a single place and to allow other subsystems to consume
+these capabilities. One of the security capabilities exposed by Elytron
+subsystem is a Client ssl-context that can be used to configure
+mod_cluster subsystem to communicate with a load balancer using SSL/TLS.
+
+
+
When protecting the communication between the application server and the
+load balancer, you need do define a Client ssl-context in order to:
+
+
+
+
+
Define a trust store holding the certificate chain that will be used
+to validate load balancer’s certificate
+
+
+
Define a trust manager to perform validations against the load
+balancer’s certificate
+
+
+
+
+
+
Defining a Trust Store with the Trusted Certificates
+
+
To define a trust store in Elytron you can execute the following CLI
+command:
In order to successfully execute the command above you must have a
+application.truststore file inside your
+JBOSS_HOME/standalone/configuration directory. Where the trust store
+is protected by a password with a value password. The trust store must
+contain the certificates associated with the load balancer or a
+certificate chain in case the load balancer’s certificate is signed by a
+CA.
+
+
+
We strongly recommend you to avoid using self-signed certificates with
+your load balancer. Ideally, certificates should be signed by a CA and
+your trust store should contain a certificate chain representing your
+ROOT and Intermediary CAs.
+
+
+
+
Defining a Trust Manager To Validate Certificates
+
+
To define a trust manager in Elytron you can execute the following CLI
+command:
Here we are setting the default-trust-store as the source of the
+certificates that the application server trusts.
+
+
+
+
Defining a Client SSL Context and Configuring mod_cluster Subsystem
+
+
Finally, you can create the Client SSL Context that is going to be used
+by the mod_cluster subsystem when connecting to the load balancer using
+SSL/TLS:
Once you execute the last command above, reload the server:
+
+
+
+
reload
+
+
+
+
+
Using a Certificate Revocation List
+
+
In case you want to validate the load balancer certificate against a
+Certificate Revocation List (CRL), you can configure the trust-manager
+in Elytron subsystem as follows:
To use a CRL your trust store must contain the certificate chain in
+order to check validity of both CRL list and the load balancer`s
+certificate.
+
+
+
A different way to configure a CRL is using the Distribution Points
+embedded in your certificates. For that, you need to configure a
+certificate-revocation-list as follows:
It is possible to accept a REMOTE_USER already authenticated by the Apache httpd server with Elytron via the AJP protocol.
+This can be done by setting up Elytron to secure a WildFly deployment and specifying for the External HTTP mechanism to
+be used. This is done by creating a security domain and specifying the External mechanism as one of the mechanism
+configurations to be used by the http-authentication-factory:
Elytron will accept the externally authenticated user and use the specified security domain to perform role mapping to
+complete authorization.
+
+
+
+
+
5.2. Enabling ranked affinity support in load balancer
+
+
Enabling ranked affinity support in the server must be accompanied by a compatible load balancer with ranked affinity support enabled.
+When using WildFly as a load balancer ranked routing can be enabled with the following CLI command:
The default delimiter which delimiters the node routes is "." which encodes multiple routes as node1.node2.node3.
+Should the delimiter be required to be different, this is configurable by the delimiter attribute of the affinity resource.
+See the following CLI command:
5.3. Support for load-balancers relying on affinity cookie
+
+
While the Apache family of load-balancers relies on attaching session affinity (routing) information by default to a JSESSIONID cookie or a jsessionid path parameter,
+there are other load-balancers that rely on a cookie to drive session affinity.
+
+
+
In order to configure the cookie name and other properties use the following CLI script:
Notice that the proxy server defined cookie names need to correspond with the application server’s instance-id.
+
+
+
+
+
+
+
6. HA Singleton Features
+
+
+
In general, an HA or clustered singleton is a service that exists on
+multiple nodes in a cluster, but is active on just a single node at any
+given time. If the node providing the service fails or is shut down, a
+new singleton provider is chosen and started. Thus, other than a brief
+interval when one provider has stopped and another has yet to start, the
+service is always running on one node.
+
+
+
6.1. Singleton subsystem
+
+
WildFly 10 introduced a "singleton" subsystem, which defines a set of
+policies that define how an HA singleton should behave. A singleton
+policy can be used to instrument singleton deployments or to create
+singleton MSC services.
The cache-container and cache attributes of a singleton policy must
+reference a valid cache from the Infinispan subsystem. If no specific
+cache is defined, the default cache of the cache container is assumed.
+This cache is used as a registry of which nodes can provide a given
+service and will typically use a replicated-cache configuration.
+
+
+
+
Election policies
+
+
WildFly includes two singleton election policy implementations:
+
+
+
+
+
simple
+Elects the provider (a.k.a. primary provider) of a singleton service based on a
+specified position in a circular linked list of eligible nodes sorted by
+descending age. Position=0, the default value, refers to the oldest
+node, 1 is second oldest, etc. ; while position=-1 refers to the
+youngest node, -2 to the second youngest, etc.
+e.g.
Additionally, any singleton election policy may indicate a preference
+for one or more members of a cluster. Preferences may be defined either
+via node name or via outbound socket binding name. Node preferences
+always take precedent over the results of an election policy.
+e.g.
Network partitions are particularly problematic for singleton services,
+since they can trigger multiple singleton providers for the same service
+to run at the same time. To defend against this scenario, a singleton
+policy may define a quorum that requires a minimum number of nodes to be
+present before a singleton provider election can take place. A typical
+deployment scenario uses a quorum of N/2 + 1, where N is the anticipated
+cluster size. This value can be updated at runtime, and will immediately
+affect any active singleton services.
+e.g.
The singleton subsystem can be used in a non-HA profile, so long as the
+cache that it references uses a local-cache configuration. In this
+manner, an application leveraging singleton functionality (via the
+singleton API or using a singleton deployment descriptor) will continue
+function as if the server was a sole member of a cluster. For obvious
+reasons, the use of a quorum does not make sense in such a
+configuration.
+
+
+
+
+
6.2. Singleton deployments
+
+
WildFly 10 resurrected the ability to start a given deployment on a
+single node in the cluster at any given time. If that node shuts down,
+or fails, the application will automatically start on another node on
+which the given deployment exists. Long time users of JBoss AS will
+recognize this functionality as being akin to the
+HASingletonDeployer,
+a.k.a. "
+deploy-hasingleton",
+feature of AS6 and earlier.
+
+
+
6.2.1. Usage
+
+
A deployment indicates that it should be deployed as a singleton via a
+deployment descriptor. This can either be a standalone
+/META-INF/singleton-deployment.xml file or embedded within an existing
+jboss-all.xml descriptor. This descriptor may be applied to any
+deployment type, e.g. JAR, WAR, EAR, etc., with the exception of a
+subdeployment within an EAR.
+e.g.
The singleton deployment descriptor defines which
+singleton policy should be used to deploy the
+application. If undefined, the default singleton policy is used, as
+defined by the singleton subsystem.
+
+
+
Using a standalone descriptor is often preferable, since it may be
+overlaid onto an existing deployment archive.
+e.g.
The singleton service facility exposes a mechanism for installing an MSC service such that the service only starts on a single member of a cluster at a time.
+If the member providing the singleton service is shutdown or crashes, the facility automatically elects a new primary provider and starts the service on that node.
+In general, a singleton election happens in response to any change of membership, where the membership is defined as the set of cluster nodes on which the given service was installed.
+
+
+
6.3.1. Installing an MSC service using an existing singleton policy
+
+
While singleton MSC services have been around since AS7, WildFly adds the ability to leverage the singleton subsystem to create singleton MSC services from existing singleton policies.
+
+
+
The singleton subsystem exposes capabilities for each singleton policy it defines.
+
+
+
These policies, encapsulated by the org.wildfly.clustering.singleton.service.SingletonPolicy interface, can be referenced via the following capability name:
+"org.wildfly.clustering.singleton.policy" + policy-name
+
+
+
You can reference the default singleton policy of the server via the name:
+"org.wildfly.clustering.singleton.default-policy"
+e.g.
+
+
+
+
publicclassMyServiceActivatorimplements ServiceActivator {
+ @Override
+ publicvoid activate(ServiceActivatorContext context) {
+ ServiceName name = ServiceName.parse("my.service.name");
+ // Use default singleton policy
+ Supplier<SingletonPolicy> policy = new ActiveServiceSupplier<>(context.getServiceTarget(), ServiceName.parse(SingletonDefaultRequirement.SINGLETON_POLICY.getName()));
+ ServiceBuilder<?> builder = policy.get().createSingletonServiceConfigurator(name).build(context.getServiceTarget());
+ Service service = new MyService();
+ builder.setInstance(service).install();
+ }
+}
+
+
+
+
+
6.3.2. Singleton MSC Service metrics
+
+
The singleton subsystem registers a set of runtime metrics for each singleton MSC service installed via a given singleton policy.
+
+
+
+
is-primary
+
+
Indicates whether the node on which the operation was performed is the primary provider of the given singleton service
+
+
primary-provider
+
+
Identifies the node currently operating as the primary provider for the given singleton service
+
+
providers
+
+
Identifies the set of nodes on which the given singleton service is installed.
6.3.3. Installing an MSC service using dynamic singleton policy
+
+
Alternatively, you can configure a singleton policy dynamically, which is particularly useful if you want to use a custom singleton election policy.
+org.wildfly.clustering.singleton.service.SingletonPolicy is a generalization of the org.wildfly.clustering.singleton.service.SingletonServiceConfiguratorFactory interface,
+which includes support for specifying an election policy, an election listener, and, optionally, a quorum.
+
+
+
The SingletonElectionPolicy is responsible for electing a member to operate as the primary singleton service provider following any change in the set of singleton service providers.
+Following the election of a new primary singleton service provider, any registered SingletonElectionListener is triggered on every member of the cluster.
+
+
+
The 'SingletonServiceConfiguratorFactory' capability may be referenced using the following capability name:
+"org.wildfly.clustering.cache.singleton-service-configurator-factory" + container-name + "." + cache-name
+
+
+
You can reference a 'SingletonServiceConfiguratorFactory' using the default cache of a given cache container via the name:
+"org.wildfly.clustering.cache.default-singleton-service-configurator-factory" + container-name
+
+
+
e.g.
+
+
+
+
publicclassMySingletonElectionPolicyimplements SingletonElectionPolicy {
+ @Override
+ public Node elect(List<Node> candidates) {
+ // ...
+ return ...;
+ }
+}
+
+publicclassMySingletonElectionListenerimplements SingletonElectionListener {
+ @Override
+ publicvoid elected(List<Node> candidates, Node primary) {
+ // ...
+ }
+}
+
+publicclassMyServiceActivatorimplements ServiceActivator {
+ @Override
+ publicvoid activate(ServiceActivatorContext context) {
+ String containerName = "foo";
+ SingletonElectionPolicy policy = new MySingletonElectionPolicy();
+ SingletonElectionListener listener = new MySingletonElectionListener();
+ int quorum = 3;
+ ServiceName name = ServiceName.parse("my.service.name");
+ // Use a SingletonServiceConfiguratorFactory backed by default cache of "foo" container
+ Supplier<SingletonServiceConfiguratorFactory> factory = new ActiveServiceSupplier<>(context.getServiceTarget(), ServiceName.parse(SingletonDefaultCacheRequirement.SINGLETON_SERVICE_CONFIGURATOR_FACTORY.resolve(containerName).getName()));
+ ServiceBuilder<?> builder = factory.get().createSingletonServiceConfigurator(name)
+ .electionListener(listener)
+ .electionPolicy(policy)
+ .requireQuorum(quorum)
+ .build(context.getServiceTarget());
+ Service service = new MyService();
+ builder.setInstance(service).install();
+ }
+}
+
+
+
+
+
+
+
+
7. Clustering API
+
+
+
WildFly exposes a public API to deployments for performing common clustering operations, such as:
This zero-dependency API allows an application to perform basic clustering tasks, while remaining decoupled from the libraries that implement WildFly’s clustering logic.
+
+
+
7.1. Group membership
+
+
The Group abstraction represents a logical cluster of nodes.
+The Group service provides the following capabilities:
+
+
+
+
+
View the current membership of a group.
+
+
+
Identifies a designated coordinator for a given group membership. This designated coordinator will be the same on every node for a given membership. Traditionally, the oldest member of the cluster is chosen as the coordinator.
+
+
+
Registration facility for notifications of changes to group membership.
+
+
+
+
+
WildFly creates a Group instance for every defined channel defined in the JGroups subsystem, as well as a local implementation.
+The local Group implementation is effectively a singleton membership containing only the current node.
+e.g.
+
+
+
+
@Resource(lookup = "java:jboss/clustering/group/ee") // A Group representing the cluster of the "ee" channel
+privateGroup group;
+
+@Resource(lookup = "java:jboss/clustering/group/local") // A non-clustered Group
+privateGroup localGroup;
+
+
+
+
To ensure that your application operates consistently regardless of server configuration, you are strongly recommended to reference a given Group using an alias.
+Most users should use the "default" alias, which references either:
+
+
+
+
+
A Group backed by the default channel of the server, if the JGroups subsystem is present
+
+
+
A non-clustered Group, if the JGroups subsystem is not present
Additionally, WildFly creates a Group alias for every Infinispan cache-container, which references:
+
+
+
+
+
A Group backed by the transport channel of the cache container
+
+
+
A non-clustered Group, if the cache container has no transport
+
+
+
+
+
This is useful when using a Group within the context of an Infinispan cache.
+
+
+
e.g.
+
+
+
+
@Resource(lookup = "java:jboss/clustering/group/server") // Backed by the transport of the "server" cache-container
+privateGroup group;
+
+
+
+
7.1.1. Node
+
+
A Node encapsulates a member of a group (i.e. a JGroups address).
+A Node has the following distinct characteristics, which will be unique for each member of the group:
+
+
+
+
getName
+
+
The distinct logical name of this group member.
+This value inherently defaults to the hostname of the machine, and can be overridden via the "jboss.node.name" system property.
+You must override this value if you run multiple servers on the same host.
+
+
getSocketAddress()
+
+
The distinct bind address/port used by this group member.
+This will be null if the group is non-clustered.
+
+
+
+
+
+
7.1.2. Membership
+
+
A Membership is an immutable encapsulation of a group membership (i.e. a JGroups view).
+Membership exposes the following properties:
+
+
+
+
getMembers()
+
+
Returns the list of members comprising this group membership. The order of this list will be consistent on all nodes in the cluster.
+
+
isCoordinator()
+
+
Indicates whether the current member is the coordinator of the group.
+
+
getCoordinator()
+
+
Returns the member designated as coordinator of this group. This methods will return a consistent value for all nodes in the cluster.
+
+
+
+
+
+
7.1.3. Usage
+
+
The Group abstract is effectively a volatile reference to the current membership, and provides a facility for notification of membership changes.
+It exposes the following properties and operations:
+
+
+
+
getName()
+
+
The logical name of this group.
+
+
getLocalMember()
+
+
The Node instance corresponding to the local member.
+
+
getMembership()
+
+
Returns the current membership of this group.
+
+
register(GroupListener)
+
+
Registers the specific listener to be notified of changes to group membership.
+
+
isSingleton()
+
+
Indicates whether the groups membership is non-clustered, i.e. will only ever contain a single member.
+
+
+
+
+
+
7.1.4. Example
+
+
A distributed "Hello world" example that prints joiners and leavers of a group membership:
A command dispatcher is a mechanism for dispatching commands to be executed on members of a group.
+
+
+
7.2.1. CommandDispatcherFactory
+
+
A command dispatcher is created from a CommandDispatcherFactory, an instance of which is created for every defined channel defined in the JGroups subsystem, as well as a local implementation.
+e.g.
+
+
+
+
@Resource(lookup = "java:jboss/clustering/dispatcher/ee") // A command dispatcher factory backed by the "ee" channel
+private CommandDispatcherFactory factory;
+
+@Resource(lookup = "java:jboss/clustering/dispatcher/local") // The non-clustered command dispatcher factory
+private CommandDispatcherFactory localFactory;
+
+
+
+
To ensure that your application functions consistently regardless of server configuration, we recommended that you reference the CommandDispatcherFactory using an alias.
+Most users should use the "default" alias, which references either:
+
+
+
+
+
A CommandDispatcherFactory backed by the default channel of the server, if the JGroups subsystem is present
+
+
+
A non-clustered CommandDispatcherFactory, if the JGroups subsystem is not present
Additionally, WildFly creates a CommandDispatcherFactory alias for every Infinispan cache-container, which references:
+
+
+
+
+
A CommandDispatcherFactory backed by the transport channel of the cache container
+
+
+
A non-clustered CommandDispatcherFactory, if the cache container has no transport
+
+
+
+
+
This is useful in the case where a CommandDispatcher is used to communicate with members on which a given cache is deployed.
+
+
+
e.g.
+
+
+
+
@Resource(lookup = "java:jboss/clustering/dispatcher/server") // Backed by the transport of the "server" cache-container
+private CommandDispatcherFactory factory;
+
+
+
+
+
7.2.2. Command
+
+
A Command encapsulates logic to be executed on a group member.
+A Command can leverage 2 type of parameters during execution:
+
+
+
+
Sender supplied parameters
+
+
These are member variables of the Command implementation itself, and are provided during construction of the Command object.
+As properties of a serializable object, these must also be serializable.
+
+
Receiver supplied parameters, i.e. local context
+
+
These are encapsulated in a single object, supplied during construction of the CommandDispatcher.
+The command dispatcher passes the local context as a parameter to the Command.execute(…) method.
+
+
+
+
+
+
7.2.3. CommandDispatcher
+
+
The CommandDispatcherFactory creates a CommandDispatcher using a service identifier and a local context.
+This service identifier is used to segregate commands from multiple command dispatchers.
+A CommandDispatcher will only receive commands dispatched by a CommandDispatcher with the same service identifier.
+
+
+
Once created, a CommandDispatcher will locally execute any received commands until it is closed.
+Once closed, a CommandDispatcher is no longer allowed to dispatch commands.
+
+
+
The functionality of a CommandDispatcher boils down to 2 operations:
+
+
+
+
executeOnMember(Command, Node)
+
+
Executes a given command on a specific group member.
+
+
executeOnGroup(Command, Node…)
+
+
Executes a given command on all members of the group, optionally excluding specific members
+
+
+
+
+
Both methods return responses as a CompletionStage, allowing for asynchronous processing of responses as they complete.
+
+
+
+
7.2.4. Example
+
+
To demonstrate how to use a CommandDispatcher, let’s create a distributed "hello world" application.
+
+
+
First, let’s create a simple HelloWorld interface which enables the caller to send a specific message to the entire group:
Next, we need to define a local command execution context.
+This should encapsulate any local information we need to make available to the execution of any command received by our CommandDispatcher.
+For demonstration purposes, let’s make this a separate interface:
Uses the default CommandDispatcherFactory of the server
+
+
+
2
+
Don’t forget to close your CommandDispatcher!
+
+
+
3
+
We don’t want to send the message to ourselves, so we exclude the local member
+
+
+
+
+
Now you can use the HelloWorld.send(…) operation to say hello to your cluster.
+
+
+
+
+
7.3. Service Provider Registry
+
+
A service provider registry is a specialized cache that tracks the group members that provide a given service.
+The ServiceProviderRegistry might be used in concert with a CommandDispatcher to communicate between a subset of group members on which a given service is installed.
+It includes a registration facility to receive notifications when the set of nodes providing a given service changes.
+WildFly uses this internally in its Singleton service/deployment implementation to drive the primary election process.
+
+
+
WildFly exposes a ServiceProviderRegistry (from which a ServiceProviderRegistration is created) for each cache defined by the Infinispan subsystem.
+
+
+
7.3.1. Example
+
+
The following is an example of using a ServiceProviderRegistry to publish the availability of a given singleton Jakarta Enterprise Beans.
+The getProviders() method will return the set of nodes on which the ServiceProviderRegistrationBean is deployed.
Uses the default cache of the "server" cache container.
+
+
+
2
+
Remember to close the registration!
+
+
+
+
+
+
+
7.4. Registry
+
+
A registry is a specialized cache for storing a unique key/value pair for each member of a group.
+This is useful to bridge WildFly’s Group members to an internal identification system used by an application.
+The Registry service includes a facility for notifying group members of new, updated, or obsolete registry entries.
+
+
+
WildFly exposes a RegistryFactory (from which a Registry is created) for each cache defined by the Infinispan subsystem.
+
+
+
7.4.1. Example
+
+
The following Registry example assigns a UUID to each group member, allowing each member to query the identifier of any other member:
Uses the default cache of the "server" cache container.
+
+
+
2
+
Remember to close the registry!
+
+
+
+
+
+
+
+
+
8. JGroups
+
+
+
8.1. JGroups Subsystem
+
+
8.1.1. Purpose
+
+
The JGroups subsystem provides group communication support for HA
+services in the form of JGroups channels.
+
+
+
Named channel instances permit application peers in a cluster to
+communicate as a group and in such a way that the communication
+satisfies defined properties (e.g. reliable, ordered,
+failure-sensitive). Communication properties are configurable for each
+channel and are defined by the protocol stack used to create the
+channel. Protocol stacks consist of a base transport layer (used to
+transport messages around the cluster) together with a user-defined,
+ordered stack of protocol layers, where each protocol layer supports a
+given communication property.
+
+
+
The JGroups subsystem provides the following features:
+
+
+
+
+
allows definition of named protocol stacks
+
+
+
view run-time metrics associated with channels
+
+
+
specify a default stack for general use
+
+
+
+
+
In the following sections, we describe the JGroups subsystem.
+
+
+
+
+
+
+
+
+JGroups channels are created transparently as part of the clustering
+functionality (e.g. on clustered application deployment, channels will
+be created behind the scenes to support clustered features such as
+session replication or transmission of SSO contexts around the cluster).
+
+
+
+
+
+
+
8.1.2. Configuration example
+
+
What follows is a sample JGroups subsystem configuration showing all of
+the possible elements and attributes which may be configured. We shall
+use this example to explain the meaning of the various elements and
+attributes.
+
+
+
+
+
+
+
+
+The schema for the subsystem, describing all valid elements and
+attributes, can be found in the WildFly distribution, in the docs/schema
+directory.
+
This element is used to configure the subsystem within a WildFly system
+profile.
+
+
+
+
+
xmlns This attribute specifies the XML namespace of the JGroups
+subsystem and, in particular, its version.
+
+
+
default-stack This attribute is used to specify a default stack for
+the JGroups subsystem. This default stack will be used whenever a stack
+is required but no stack is specified.
+
+
+
+
+
+
<stack>
+
+
This element is used to configure a JGroups protocol stack.
+
+
+
+
+
name This attribute is used to specify the name of the stack.
+
+
+
+
+
+
<transport>
+
+
This element is used to configure the transport layer (required) of the
+protocol stack.
+
+
+
+
+
type This attribute specifies the transport type (e.g. UDP, TCP,
+TCPGOSSIP)
+
+
+
socket-binding This attribute references a defined socket binding in
+the server profile. It is used when JGroups needs to create general
+sockets internally.
+
+
+
diagnostics-socket-binding This attribute references a defined
+socket binding in the server profile. It is used when JGroups needs to
+create sockets for use with the diagnostics program. For more about the
+use of diagnostics, see the JGroups documentation for probe.sh.
+
+
+
default-executor This attribute references a defined thread pool
+executor in the threads subsystem. It governs the allocation and
+execution of runnable tasks to handle incoming JGroups messages.
+
+
+
oob-executor This attribute references a defined thread pool
+executor in the threads subsystem. It governs the allocation and
+execution of runnable tasks to handle incoming JGroups OOB
+(out-of-bound) messages.
+
+
+
timer-executor This attribute references a defined thread pool
+executor in the threads subsystem. It governs the allocation and
+execution of runnable timer-related tasks.
+
+
+
shared This attribute indicates whether or not this transport is
+shared amongst several JGroups stacks or not.
+
+
+
thread-factory This attribute references a defined thread factory in
+the threads subsystem. It governs the allocation of threads for running
+tasks which are not handled by the executors above.
+
+
+
site This attribute defines a site (data centre) id for this node.
+
+
+
rack This attribute defines a rack (server rack) id for this node.
+
+
+
machine This attribute defines a machine (host) is for this node.
+
+
+
+
+
+
+
+
+
+
+site, rack and machine ids are used by the Infinispan topology-aware
+consistent hash function, which when using dist mode, prevents dist mode
+replicas from being stored on the same host, rack or site
+
+
+
+
+
+
.
+
+
+
<property>
+
+
This element is used to configure a transport property.
+
+
+
+
+
name This attribute specifies the name of the protocol property. The
+value is provided as text for the property element.
+
+
+
+
+
+
+
<protocol>
+
+
This element is used to configure a (non-transport) protocol layer in
+the JGroups stack. Protocol layers are ordered within the stack.
+
+
+
+
+
type This attribute specifies the name of the JGroups protocol
+implementation (e.g. MPING, pbcast.GMS), with the package prefix
+org.jgroups.protocols removed.
+
+
+
socket-binding This attribute references a defined socket binding in
+the server profile. It is used when JGroups needs to create general
+sockets internally for this protocol instance.
+
+
+
+
+
+
<relay>
+
+
This element is used to configure the RELAY protocol for a JGroups
+stack. RELAY is a protocol which provides cross-site replication between
+defined sites (data centres). In the RELAY protocol, defined sites
+specify the names of remote sites (backup sites) to which their data
+should be backed up. Channels are defined between sites to permit the
+RELAY protocol to transport the data from the current site to a backup
+site.
+
+
+
+
+
site This attribute specifies the name of the current site. Site
+names can be referenced elsewhere (e.g. in the JGroups remote-site
+configuration elements, as well as backup configuration elements in the
+Infinispan subsystem)
+
+
+
+
+
<remote-site>
+
+
This element is used to configure a remote site for the RELAY protocol.
+
+
+
+
+
name This attribute specifies the name of the remote site to which
+this configuration applies.
+
+
+
stack This attribute specifies a JGroups protocol stack to use for
+communication between this site and the remote site.
+
+
+
cluster This attribute specifies the name of the JGroups channel to
+use for communication between this site and the remote site.
+
+
+
+
+
+
+
+
8.1.3. Use Cases
+
+
In many cases, channels will be configured via XML as in the example
+above, so that the channels will be available upon server startup.
+However, channels may also be added, removed or have their
+configurations changed in a running server by making use of the WildFly
+management API command-line interface (CLI). In this section, we present
+some key use cases for the JGroups management API.
+
+
+
The key use cases covered are:
+
+
+
+
+
adding a stack
+
+
+
adding a protocol to an existing stack
+
+
+
adding a property to a protocol
+
+
+
+
+
+
+
+
+
+
+The WildFly management API command-line interface (CLI) itself can be
+used to provide extensive information on the attributes and commands
+available in the JGroups subsystem interface used in these examples.
+
KUBE_PING is a discovery protocol for JGroups cluster nodes managed by Kubernetes.
+Since Kubernetes is in charge of launching nodes, it knows the addresses of all pods it started,
+and is therefore an ideal place to ask for cluster discovery.
+Discovery is therefore done by asking Kubernetes for a list of addresses of all cluster nodes.
+Combined with bind_port / port_range, the protocol will then send a discovery request to all instances and wait for the responses.
+
+
+
To reconfigure an existing server profile with KUBE_PING use the following CLI batch replacing the namespace,
+labels and stack name (tcp) with the target stack:
The S3 client used by the protocol uses the default credential store provider.
+Refer to AWS documentation how to generate and supply appropriate credentials.
+For instance, credentials can be provided by Java system properties (aws.accessKeyId and aws.secretAccessKey),
+environmental properties (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY), etc.
+
+
+
For advanced configuration options, please visit protocol’s documentation here.
+
+
+
+
+
+
+
9. Infinispan
+
+
+
9.1. Infinispan Subsystem
+
+
The Infinispan subsystem configures a set of Infinispan cache containers and cache configurations for use by WildFly clustering services.
+
+
+
9.1.1. Cache container
+
+
A cache container manages a set of cache configurations that share the same transport and marshalling configuration.
+Cache containers returned by the Infinispan subsystem are auto-configured with the following customizations:
+
+
+
+
+
A custom transport capable of sharing a JGroups channel defined by the JGroups subsystem.
+
+
+
Uses WildFly’s mbean server, if the org.jboss.as.jmx extension is present.
+
+
+
Marshaller configured to resolve classes using JBoss Modules.
+
+
+
Marshaller configured with a set of marshalling optimizations for common JDK classes
+
+
+
Marshaller configured with additional Externalizers loadable from the configured module attribute.
+
+
+
+
+
e.g. To create a new cache container that loads marshallers from the "org.bar" module:
Note that the server will not manage the lifecycle of any caches created from the injected cache manager.
+The application is responsible for managing the lifecycle of manually created caches.
+
+
+
Transport
+
+
Configures the mechanism used by clustered caches to communicate with each other.
+It is only necessary to define a transport if the cache container contains clustered caches.
+
+
+
To create a JGroups transport using the default channel of the server:
Infinispan supports a number of cache types for use in both HA and non-HA server profiles.
+
+
+
Local
+
+
A local cache stores a given cache entry only on the local node.
+A local cache does not require a transport, as cache reads and writes are always local.
A replicated cache stores a given cache entry on every node in the cluster.
+A replicated cache requires a transport, as cache writes are replicated to all nodes in the cluster on which the associated cache is running.
A distributed cache stores a given cache entry on a configurable number of nodes in the cluster, assigned via an algorithm based on consistent hashing.
+A distributed cache requires a transport, as cache writes need to forward to each owner, and cache reads from a non-owner require a remote request.
A scattered cache is a variation of a distributed cache that maintains 2 copies of a particular cache entry.
+Consequently, it can only tolerate failure of a single node at a time.
+Primary ownership of a cache entry is determined by the same mechanism used by a distributed cache,
+while the backup copy is the node that last updated the entry.
+
+
+
This design means that a scattered cache only requires 1 remote invocation to write a given cache entry, regardless of which node initiated the cache operation.
+By comparison, a distributed cache (with 2 owners) uses 1 remote invocation to write a cache entry if and only if the primary owner initiated the cache operation, and otherwise requires 2 remote invocations.
An invalidation cache is a special type of clustered cache that does not share state, but instead ensures that remote state is invalidated any time a given entry is updated locally.
+An invalidation cache requires a transport, as cache writes trigger invalidation on remote nodes on which the associated cache is running.
The configuration of a cache is divided into several components, each defining a specific cache feature.
+Because a given cache configuration requires each component relevant to its cache type, cache add operations and cache component add operations are typically batched.
+Any undefined components are auto-created using their defaults.
An Infinispan cache can be configured to store cache entries as Java objects or as binary data (i.e. byte[]), either on or off the JVM heap.
+The type of storage used has semantic implications for the user of the cache.
+When using object storage, the cache has store-as-reference semantics, whereas when using binary storage the cache has call-by-value semantics.
+Consider the following logic:
+
+
+
+
List<String> list = newArrayList<>();
+cache.startBatch();
+cache.put("a", list);
+list.add("test");
+cache.endBatch(true);
+
+List<String> result = cache.get("a");
+System.out.println(result.size());
+
+
+
+
How many elements are in the "result" list? The answer depends on how the cache is configured.
+
+
+
When the cache is configured to use object memory, our result list has 1 element.
+When the cache is configured to use binary (or off-heap) memory, our result list is empty.
+When using binary memory, the cache value must be marshalled to a byte[] on write and unmarshalled on read, thus any mutations of the cache value in the interim are not reflected in the cache.
+
+
+Object storage
+
+
When using object storage, cache keys and values are stored as Java object references.
+Object storage may be configured with a maximum size.
+When the number of entries in the cache exceeds this threshold, the least recently used entries are evicted from memory.
+
+
+
e.g. To store a maximum of 100 objects in the Java heap:
When using binary storage, each cache entry is stored as a byte[] within the JVM heap.
+Binary storage may also be configured with a maximum size.
+This size can be specified either as a maximum number of entries (i.e. COUNT), or as a maximum number of bytes (i.e. MEMORY).
+When the number of entries in the cache exceeds this threshold, the least recently used entries are evicted from memory.
+
+
+
e.g. To store a maximum of 1 MB of binary data in the Java heap:
When using off-heap storage, each cache entry is stored as a byte[] in native memory allocated via sun.misc.Unsafe.
+Off-heap memory storage may also be configured with a maximum size, specified either as a maximum number of entries (i.e. COUNT), or as a maximum number of bytes (i.e. MEMORY).
+When the number of entries in the cache exceeds this threshold, the least recently used entries are evicted from memory.
+
+
+
e.g. To store a maximum of 1 GB of binary data in native memory outside of the Java heap:
An Infinispan cache can be configured as transactional or non-transactional.
+This behavior is determined by the mode attribute, which supports the following values:
+
+
+
+
NONE
+
+
Non-transactional cache (the default behavior).
+
+
BATCH
+
+
Transactional cache using a local Infinispan transaction manager.
+Infinispan transactions are started/committed/rolled-back using Infinispan’s batching API.
+
+
NON_XA
+
+
Transactional cache configured to use the server’s transaction manager, registering as a Synchronization to the current transaction.
+Cache commit/rollback happens after the associated transaction completes.
+
+
NON_DURABLE_XA
+
+
Transactional cache configured to use the server’s transaction manager, enlisting as an XAResource to the current transaction, but without transaction recovery support.
+
+
FULL_XA
+
+
Transactional cache configured to use the server’s transaction manager, with full transaction recovery support.
+
+
+
+
+
Within the context of a transaction, cache write operations must obtain a lock on the affected keys.
+Locks may be acquired either pessimistically (the default), i.e. before invoking the operation, or optimistically, i.e. before transaction commit.
+
+
+
e.g. To configure a transactional cache using local Infinispan transactions with OPTIMISTIC locking:
Within the context of a transaction, entries read from the cache are isolated from other concurrent transactions according to the configured isolation level.
+Infinispan supports the following transaction isolation levels:
+
+
+
+
READ_COMMITTED
+
+
A cache read may return a different value than a previous read within the same transaction, even if a concurrent transaction updated the entry.
+This is the default isolation level.
+
+
REPEATABLE_READ
+
+
A cache read will return the same value as a previous read within the same transaction, even if a concurrent transaction updated the entry.
+
+
+
+
+
+
+
+
+
+
+Cache reads are always lock-free unless invoked using Flag.FORCE_WRITE_LOCK.
+
+
+
+
+
+
e.g. To configure a cache using REPEATABLE_READ isolation:
The expiration component configures expiration defaults for cache entries.
+Cache entries may be configured to expire after some duration since creation (i.e. lifespan) or since last accessed (i.e. max-idle).
+
+
+
e.g. To configure expiration of entries older than 1 day, or that have not been accessed within the past hour:
+max-idle based expiration is not generally safe for use with clustered caches, as the meta data of a cache entry is not replicated by cache read operations
+
An Infinispan cache can optionally load/store cache entries from an external storage.
+All cache stores support the following attributes:
+
+
+
+
fetch-state
+
+
Indicates whether to refresh persistent state from cluster members on cache start.
+Does not apply to a local or invalidation cache, nor a shared store.
+Default is true.
+
+
passivation
+
+
Indicates whether cache entries should only be persisted upon eviction from memory.
+Default is true.
+
+
preload
+
+
Indicates whether cache entries should be loaded into memory on cache start.
+Default is false.
+
+
purge
+
+
Indicates whether the cache store should be purged on cache start.
+Purge should never be enabled on a shared store.
+Default is true.
+
+
shared
+
+
Indicates that the same cache store endpoint (e.g. database, data grid, etc.) is used by all members of the cluster.
+When using a shared cache store, cache entries are only persisted by the primary owner of a given cache entry.
+Default is false.
+
+
+
+
+
To remove an existing cache store, you can either use the standard resource remove operation:
A file store persists cache entries to the local filesystem.
+By default, files are stored in a file named "cache-name.dat" within a subdirectory named "infinispan/container-name" relative to the server’s data directory.
+
+
+
e.g. To persist cache entries to $HOME/foo/bar.dat:
The HotRod store uses one dedicated remote cache for each cache created by the server.
+For Infinispan Server versions supporting protocol version 2.7 and above (Infinispan Server version 9.2)
+a persistent remote cache will be automatically created based on default configuration.
+The recommended configuration for the remote cache where session data will be offloaded is transactional distribution mode cache with pessimistic locking.
+When using Infinispan Server version prior to 9.2, the caches need to be configured manually on the server where cache names correspond to the deployment file names (e.g. test.war).
+
+
+
Once a Remote Cache Container is configured a hotrod store can be configured replacing any existing store.
+The following CLI script demonstrates a typical use case for offloading sessions using an invalidation-cache with a shared, persistent infinispan-server store referencing an existing remote-cache-container:
The state transfer component defines the behavior for the initial transfer of state from remote caches on cache start.
+State transfer is only applicable to distributed and replicated caches.
+When configured with a timeout, a cache is only available after its initial state transfer completes.
+If state transfer does not complete within the configured timeout, the cache will fail to start.
+
+
+
e.g. To configure a state-transfer timeout of 1 minute:
Alternatively, state transfer can be configured to be non-blocking, by configuring a timeout of 0.
+While this prevents timeouts due to large state transfers, cache operations on the new node will require remote invocations to retrieve the requisite state until state transfer is complete.
While Infinispan project is used as a library internally by WildFly to provide data distribution, Infinispan project is also distributed in a standalone server mode.
+The Infinispan Server cluster operates as a language-independent service accessed remotely over a number of protocols (HotRod, REST, etc).
+
+
+
HotRod is Infinispan’s custom optimized binary protocol which was designed to:
+
+
+
+
+
enable faster client/server interactions compared to other existing text-based protocols,
+
+
+
allow clients to make more intelligent decisions with regards to load-balancing, failover,
+
+
+
and provide advanced cache operations.
+
+
+
+
+
To learn more about the HotRod protocol itself and how to setup and run Infinispan Server,
+refer to Infinispan documentation for the appropriate version.
+
+
+
Configuration
+
+
To configure a remote-cache-container ensure you have a list of available Infinispan Server nodes.
+The following example CLI script first adds socket bindings to two known Infinispan Server nodes,
+followed by configuration of the cluster.
Upon reload, this will register necessary services for the client.
+A HotRod client can be injected directly into Jakarta EE applications using the @Resource annotation.
Securing the store is just a matter of configuring the remote-cache-container with an SSL context.
+Please follow the Elytron security guide on how to configure new SSL context
+and Infinispan documentation on how to secure Infinispan Server instances.
+
+
+
Once the SSL Context is configured, use the following CLI script to configure remote-cache-container:
The Infinispan subsystem additionally exposes a runtime resource for each started remote cache instance.
+The runtime remote cache resource exposes usage metrics (e.g. reads, writes, removes, etc) as well as metrics for tuning near-cache sizes (e.g. hits vs misses).
If a remote-cache-container configures multiple remote-clusters (e.g. when the infinispan servers are configured with cross site replication),
+the hotrod client can toggle the remote-cluster with which it interacts via a runtime management operation.
+
+
+
For example, when the client is configured with multiple remote clusters, typically representing multiple data centers (this presumes that the infinispan servers are configured with cross-site replication),
+if connectivity to the default remote cluster fails, the client will automatically fail over to a backup remote cluster.
+Once the underlying connectivity issue is resolved, a user can manually fail back to the local site via the switch-cluster operation:
This operation returns true if the switch was successful, or false otherwise.
+See the server log for specifics in the event that the switch was unsuccessful.
+
+
+
+
+
+
+
+
+
10. Advanced Topics
+
+
+
This section aims to describe cross-cutting topics, such as marshalling.
+
+
+
10.1. Marshalling
+
+
In general, the most effective way to improve the scalability of a system with persistent or distributed state is to reduce the number of bytes needed to be sent over the network or persisted to storage.
+Marshalling is the process by which Java objects in heap space are converted to a byte buffer for replication to other JVMs or for persistence to local or shared storage.
+
+
+
WildFly generally supports 2 marshalling mechanisms for use with its clustering modules: JBoss Marshalling and ProtoStream.
+
+
+
10.1.1. JBoss Marshalling
+
+
JBoss Marshalling is a serialization library for objects implementing java.io.Serializable.
+
+
+
When configured to use JBoss Marshalling, an application can optimize the marshalling of a given object, either through custom JDK serialization logic, or by implementing a custom externalizer.
+An externalizer is an implementation of the org.wildfly.clustering.marshalling.Externalizer interface, which dictates how a given class should be marshalled.
+An externalizer reads/writes the state of an object directly from/to an input/output stream, but also:
+
+
+
+
+
Allows an application to replicate/persist an object that does not implement java.io.Serializable
+
+
+
Eliminates the need to serialize the class descriptor of an object along with its state
Externalizers are dynamically loaded during deployment via the service loader mechanism.
+Implementations should be enumerated within a file named:
+/META-INF/services/org.wildfly.clustering.marshalling.Externalizer
+
+
+
+
10.1.2. ProtoStream
+
+
ProtoStream is serialization library based on the Protobuf data format.
+The nature of the Protobuf data format makes it very easy to evolve classes without breaking serialization compatibility.
+When compared to JBoss Marshalling, ProtoStream is generally more efficient and generates smaller payloads, especially for objects containing fields that are either optional or have a default value.
+Since marshallable classes are explicitly enumerated, ProtoStream is not vulnerable to the same arbitrary code execution exploits that affect JDK serialization.
+
+
+
When configured to use ProtoStream, a web application will need to register ProtoStream marshallers/schemas for every application-specific type.
+WildFly initializes its ProtoStream marshaller using all instances of org.infinispan.protostream.SerializationContextInitializer that are visible to the deployment classpath.
+Implementations should be enumerated within a file named:
+/META-INF/services/org.infinispan.protostream.SerializationContextInitializer
Sufficiently complex objects may require a custom org.infinispan.protostream.SerializationContextInitializer implementation to register custom marshaller implementations and schemas.
+Refer to the Infinispan documentation for details.
+
+
+
+
+
+
+
11. Clustering and Domain Setup Walkthrough
+
+
+
In this article, I’d like to show you how to setup WildFly in domain
+mode and enable clustering so we could get HA and session replication
+among the nodes. It’s a step to step guide so you can follow the
+instructions in this article and build the sandbox by yourself.
+
+
+
11.1. Preparation & Scenario
+
+
11.1.1. Preparation
+
+
We need to prepare two hosts (or virtual hosts) to do the experiment. We
+will use these two hosts as following:
+
+
+
+
+
Install Fedora on them (Other linux version may also fine but I’ll
+use Fedora in this article)
+
+
+
Make sure that they are in same local network
+
+
+
Make sure that they can access each other via different TCP/UDP
+ports (better turn off firewall and disable SELinux during the experiment
+or they will cause network problems).
+
+
+
+
+
+
11.1.2. Scenario
+
+
Here are some details on what we are going to do:
+
+
+
+
+
Let’s call one host as 'primary', the other one as 'secondary'.
+
+
+
Both primary and secondary hosts will run WildFly, and the primary host
+will run as a domain controller, the secondary host will under the domain management of primary host.
+
+
+
Apache httpd will be run on the primary host, and in httpd we will enable the
+mod_cluster module. The WildFly on primary and secondary hosts will form a
+cluster and discovered by httpd.
+
+
+
+
+
+
+
+
+
+
We will deploy a demo project into the domain, and verify that the project
+is deployed into both primary and secondary Host Controllers by the domain controller.
+Thus we could see that domain management provide us a single point to manage the
+deployments across multiple hosts in a single domain.
+
+
+
We will access the cluster URL and verify that httpd has distributed
+the request to one of the WildFly hosts. So we could see the cluster is
+working properly.
+
+
+
We will try to make a request on cluster, and if the request is
+forwarded to the Domain Controller, we then kill the WildFly process on the primary host. After
+that we will go on requesting cluster and we should see the request is
+forwarded to the secondary Host Controller, but the session is not lost. Our goal is to verify
+the HA is working and sessions are replicated.
+
+
+
After previous step finished, we reconnect the Domain Controller by restarting
+it. We should see the Domain Controller is registered back into cluster, also we
+should see the secondary Host Controller sees the primary Host Controller as a domain controller again and connect to it.
+
+
+
+
+
+
+
+
Please don’t worry if you cannot digest so many details currently. Let’s
+move on and you will get the points step by step.
If everything ok we should see WildFly successfully startup in domain
+mode:
+
+
+
+
wildfly-29.0.0.Final/bin$ ./domain.sh
+=========================================================================
+
+ JBoss Bootstrap Environment
+
+ JBOSS_HOME: /Users/weli/Downloads/wildfly-29.0.0.Final
+
+ JAVA: /Library/Java/Home/bin/java
+
+ JAVA_OPTS: -Xms64m -Xmx512m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
+
+=========================================================================
+...
+
+[Server:server-two] 14:46:12,375 INFO [org.jboss.as] (Controller Boot Thread) JBAS015874: WildFly 29.0.0.Final "Kenny" started in 8860ms - Started 210 of 258 services (829 services are lazy, passive or on-demand)
+
+
+
+
Now exit from the primary host and let’s repeat the same steps on the secondary host. Finally,
+we get WildFly run on both primary and secondary hosts, then we could move on to
+next step.
+
+
+
+
11.3. Domain Configuration
+
+
11.3.1. Interface config on the Primary Host Controller
+
+
In this section we’ll setup both the primary and secondary hosts for them to run in
+domain mode. And we will configure the primary host to be the domain controller.
+
+
+
First open the host.xml in the primary host for editing:
+
+
+
+
vi domain/configuration/host.xml
+
+
+
+
The default settings for interface in this file is like:
We need to change the address to the management interface so the secondary Host Controller could
+connect to the primary Host Controller. The public interface allows the application to be
+accessed by non-local HTTP, and the unsecured interface allows remote
+RMI access. My primary host’s ip address is 10.211.55.7, so I change the
+config to:
11.3.2. Interface config on the Secondary Host Controller
+
+
Now we will setup interfaces on the secondary host. Let’s edit host.xml. Similar to
+the steps on the primary host, open host.xml first:
+
+
+
+
vi domain/configuration/host.xml
+
+
+
+
The configuration we’ll use on the secondary host is a little bit different, because
+we need to let the secondary Host Controller connect to the primary Host Controller. First we need to set the
+hostname. We change the name property from:
As we know, 10.211.55.7 is the ip address of the primary host.
+You may use discovery options to define multiple mechanisms to connect
+to the remote domain controller:
10.211.55.2 is the ip address of the secondary host. Refer to the domain
+controller configuration above for an explanation of the management,
+public, and unsecured interfaces.
+
+
+
+
+
+
+
+
+It is easier to turn off all firewalls for testing, but in production,
+you need to enable the firewall and allow access to the following ports:
+9999.
+
+
+
+
+
+
Dry Run
+
+
Now everything is set for the two hosts to run in domain mode. Let’s
+start them by running domain.sh on both hosts. If everything goes fine,
+we could see from the log on the primary Host Controller:
In this demo project we have a very simple web application. In web.xml
+we’ve enabled session replication by adding following entry:
+
+
+
+
<distributable/>
+
+
+
+
And it contains a jsp page called put.jsp which will put current time to
+a session entry called 'current.time':
+
+
+
+
<%
+ session.setAttribute("current.time", new java.util.Date());
+%>
+
+
+
+
Then we could fetch this value from get.jsp:
+
+
+
+
The time is <%= session.getAttribute("current.time") %>
+
+
+
+
It’s an extremely simple project but it could help us to test the
+cluster later: We will access put.jsp from cluster and see the request
+are distributed to the primary host, then we disconnect the primary Host Controller and access get.jsp.
+We should see the request is forwarded to secondary host but the 'current.time'
+value is held by session replication. We’ll cover more details on this
+one later.
+
+
+
Let’s go back to this demo project. Now we need to create a war from it.
+In the project directory, run the following command to get the war:
+
+
+
+
mvn package
+
+
+
+
It will generate cluster-demo.war. Then we need to deploy the war into
+domain. First we should access the http management console on
+primary host (Because primary host is acting as domain controller):
+
+
+
+
http://10.211.55.7:9990
+
+
+
+
It will popup a windows ask you to input account name and password, we
+can use the 'admin' account we’ve added just now. After logging in we
+could see the 'Server Instances' window. By default there are three
+servers listed, which are:
+
+
+
+
+
server-one
+
+
+
server-two
+
+
+
server-three
+
+
+
+
+
We could see server-one and server-two are in running status and they
+belong to main-server-group; server-three is in idle status, and it
+belongs to other-server-group.
+
+
+
All these servers and server groups are set in domain.xml on the primary host.
+What we are interested in is the 'other-server-group' in domain.xml:
We could see this server-group is using 'ha' profile, which then uses
+'ha-sockets' socket binding group. It enables all the modules we need to
+establish cluster later (including infinispan, jgroup and mod_cluster
+modules). So we will deploy our demo project into a server that belongs
+to 'other-server-group', so 'server-three' is our choice.
+
+
+
+
+
+
+
+
+In newer version of WildFly, the profile 'ha' changes to 'full-ha':
+
Let’s go back to domain controller’s management console:
+
+
+
+
http://10.211.55.7:9990
+
+
+
+
Now server-three is not running, so let’s click on 'server-three' and
+then click the 'start' button at bottom right of the server list. Wait a
+moment and server-three should start now.
+
+
+
Now we should also enable 'server-three' on the secondary Host Controller: From the top of menu
+list on left side of the page, we could see now we are managing the primary Host Controller
+currently. Click on the list, and click 'secondary', then choose
+'server-three', and we are in secondary Host Controller management page now.
+
+
+
Then repeat the steps we’ve done on the primary host to start 'server-three' on
+secondary host.
+
+
+
+
+
+
+
+
+server-three on primary and secondary host are two different hosts, their names
+can be different.
+
+
+
+
+
+
After server-three on both primary and secondary hosts are started, we will add our
+cluster-demo.war for deployment. Click on the 'Manage Deployments' link
+at the bottom of left menu list.
+
+
+
+(We should ensure the server-three should be started on both primary and
+secondary hosts)
+
+
+
After enter 'Manage Deployments' page, click 'Add Content' at top right
+corner. Then we should choose our cluster-demo.war, and follow the
+instruction to add it into our content repository.
+
+
+
Now we can see cluster-demo.war is added. Next we click 'Add to Groups'
+button and add the war to 'other-server-group' and then click 'save'.
+
+
+
Wait a few seconds, management console will tell you that the project is
+deployed into 'other-server-group'.:
+
+
+
+
+
+
Please note we have two hosts participate in this server group, so the
+project should be deployed in both primary and secondary hosts now - that’s the
+power of domain management.
+
+
+
Now let’s verify this, trying to access cluster-demo from both primary
+and secondary hosts, and they should all work now:
+
+
+
+
http://10.211.55.7:8330/cluster-demo/
+
+
+
+
+
+
+
+
http://10.211.55.2:8330/cluster-demo/
+
+
+
+
+
+
+
Now that we have finished the project deployment and see the usages of
+domain controller, we will then head up for using these two hosts to
+establish a cluster
+
+
+
+
+
+
+
+
+Why is the port number 8330 instead of 8080? Please check the settings
+in host.xml on both primary and secondary hosts:
+
+
+
+
+
+
+
<servername="server-three"group="other-server-group"auto-start="false">
+ <!-- server-three avoids port conflicts by incrementing the ports in
+ the default socket-group declared in the server-group -->
+ <socket-bindingsport-offset="250"/>
+</server>
+
+
+
+
The port-offset is set to 250, so 8080 + 250 = 8330
+
+
+
Now we quit the WildFly process on both primary and secondary hosts. We have some
+work left on host.xml configurations. Open the host.xml of primary host, and
+do some modifications the servers section from:
+
+
+
+
<servername="server-three"group="other-server-group"auto-start="false">
+ <!-- server-three avoids port conflicts by incrementing the ports in
+ the default socket-group declared in the server-group -->
+ <socket-bindingsport-offset="250"/>
+</server>
+
+
+
+
to:
+
+
+
+
<servername="server-three"group="other-server-group"auto-start="true">
+ <!-- server-three avoids port conflicts by incrementing the ports in
+ the default socket-group declared in the server-group -->
+ <socket-bindingsport-offset="250"/>
+</server>
+
+
+
+
We’ve set auto-start to true so we don’t need to enable it in management
+console each time WildFly restart. Now open secondary’s host.xml, and modify
+the server-three section:
+
+
+
+
<servername="server-three-secondary"group="other-server-group"auto-start="true">
+ <!-- server-three avoids port conflicts by incrementing the ports in
+ the default socket-group declared in the server-group -->
+ <socket-bindingsport-offset="250"/>
+</server>
+
+
+
+
Besides setting auto-start to true, we’ve renamed the 'server-three' to
+'server-three-secondary'. We need to do this because mod_cluster will fail
+to register the hosts with same name in a single server group. It will
+cause name conflict.
+
+
+
After finishing the above configuration, let’s restart two as7 hosts and
+go on cluster configuration.
+
+
+
+
11.5. Cluster Configuration
+
+
We will use mod_cluster + apache httpd on primary host as our cluster
+controller here. Because WildFly has been configured to support
+mod_cluster out of box so it’s the easiest way.
+
+
+
+
+
+
+
+
+The WildFly domain controller and httpd are not necessary to be on
+same host. But in this article I just install them all on primary host for
+convenience.
+
+
+
+
+
+
First we need to ensure that httpd is installed:
+
+
+
+
sudo yum install httpd
+
+
+
+
And then we need to download newer version of mod_cluster from its
+website:
This is conflicted with cluster module. And then we need to make httpd
+to listen to public address so we could do the testing. Because we
+installed httpd on primary host so we know the ip address of it:
+
+
+
+
Listen 10.211.55.7:80
+
+
+
+
Then we do the necessary configuration at the bottom of httpd.conf:
+
+
+
+
# This Listen port is for the mod_cluster-manager, where you can see the status of mod_cluster.
+# Port 10001 is not a reserved port, so this prevents problems with SELinux.
+Listen 10.211.55.7:10001
+# This directive only applies to Red Hat Enterprise Linux. It prevents the temmporary
+# files from being written to /etc/httpd/logs/ which is not an appropriate location.
+MemManagerFile /var/cache/httpd
+
+<VirtualHost 10.211.55.7:10001>
+
+ <Directory />
+ Order deny,allow
+ Deny from all
+ Allow from 10.211.55.
+ </Directory>
+
+
+ # This directive allows you to view mod_cluster status at URL http://10.211.55.4:10001/mod_cluster-manager
+ <Location /mod_cluster-manager>
+ SetHandler mod_cluster-manager
+ Order deny,allow
+ Deny from all
+ Allow from 10.211.55.
+ </Location>
+
+ KeepAliveTimeout 60
+ MaxKeepAliveRequests 0
+
+ ManagerBalancerName other-server-group
+ AdvertiseFrequency 5
+
+</VirtualHost>
+
+
+
+
+
+
+
+
+
+For more details on mod_cluster configurations please see this document:
+
If everything goes fine we can start httpd service now:
+
+
+
+
service httpd start
+
+
+
+
Now we access the cluster:
+
+
+
+
http://10.211.55.7/cluster-demo/put.jsp
+
+
+
+
+
+
+
We should see the request is distributed to one of the hosts (primary or
+secondary) from the WildFly log. For me the request is sent to primary host:
+
+
+
+
[Server:server-three] 16:06:22,256 INFO [stdout] (http-10.211.55.7-10.211.55.7-8330-4) Putting date now
+
+
+
+
Now I disconnect the Domain Controller by using the management interface. Select
+'runtime' and the server 'primary' in the upper corners.
+
+
+
Select 'server-three' and kick the stop button, the active-icon should
+change.
+
+
+
Killing the server by using system commands will have the effect that
+the Host-Controller restart the instance immediately!
+
+
+
Then wait for a few seconds and access cluster:
+
+
+
+
http://10.211.55.7/cluster-demo/get.jsp
+
+
+
+
+
+
+
Now the request should be served by the secondary host and we should see the log from
+the secondary Host Controller:
+
+
+
+
[Server:server-three-secondary] 16:08:29,860 INFO [stdout] (http-10.211.55.2-10.211.55.2-8330-1) Getting date now
+
+
+
+
And from the get.jsp we should see that the time we get is the same
+we’ve put by 'put.jsp'. Thus it’s proven that the session is correctly
+replicated to the secondary host.
+
+
+
Now we restart the primary Host Controller and should see the host is registered back to
+cluster.
+
+
+
+
+
+
+
+
+It doesn’t matter if you found the request is distributed to the secondary host at
+first time. Then just disconnect the secondary Host Controller and do the testing, the request
+should be sent to the primary host instead. The point is we should see the request
+is redirect from one host to another and the session is held.
+
+
+
+
+
+
+
11.7. Special Thanks
+
+
Wolf-Dieter Fink has
+contributed the updated add-user.sh usages and configs in host.xml from
+7.1.0.Final.
+Jean-Frederic Clere provided
+the mod_cluster 1.2.0 usages.
+Misty Stanley-Jones has given a lot of suggestions and helps to make
+this document readable.
+
+
+
+
+
+
+
+
+References in this document to JavaServer Pages (JSP) refer to the Jakarta Server Pages unless otherwise noted
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/latest/Installation_Guide.html b/latest/Installation_Guide.html
new file mode 100644
index 000000000..8455f99e4
--- /dev/null
+++ b/latest/Installation_Guide.html
@@ -0,0 +1,638 @@
+
+
+
+
+
+
+
+
+Installation Guide
+
+
+
+
+
+
+
Installation Guide
+
+WildFly team
+version 29.0.0.Final,
+2023-07-20T17:19:12Z
+
The WildFly project now produces two appserver variants, standard WildFly and WildFly Preview,
+so you’ll want to decide which is right for you. For most users the standard WildFly variant is the right choice,
+but if you’d like a technical preview look at what’s coming in the future, try out WildFly Preview.
+
+
+
+
+
2. Installing WildFly from a zipped distribution
+
+
+
Downloading the WildFly release zip and unzipping it is the traditional way to install
+a complete WildFly server with support for both standalone and managed domain operating modes. A WildFly distribution
+contains a large number of default configurations allowing you to select the server features and operating modes.
+
+
+
A WildFly distribution based installation is well suited when:
+
+
+
+
+
You want to rely on a traditional Jakarta EE application deployment.
+
+
+
You want a Jakarta EE or MicroProfile platform compliant server that offers all Jakarta EE or MicroProfile features.
+
+
+
You are not (yet) concerned by server installation size and memory footprint.
+
+
+
You are not yet sure of the kind of operating mode and application you are targeting.
+
+
+
Your server instances will contain one or more application deployments.
+
+
+
+
+
If that is the kind of installation you are aiming at, the guides that you should read next are:
+
+
+
+
+
The Getting Started Guide shows you
+how to install, start and configure the server.
Galleon provisioning tooling allows you to construct a customized WildFly installation according to your application needs.
+Some applications don’t need a fully featured server supporting all operating modes and containing all Jakarta EE capabilities.
+Galleon tooling allows you to select the server capabilities you want to see installed.
+
+
+
A WildFly server provisioned with Galleon is well suited when:
+
+
+
+
+
You want to rely on a traditional Jakarta EE application deployment.
+
+
+
You want to easily update an installation to the latest WildFly version.
+
+
+
Your application requires only a subset of the Jakarta EE or MicroProfile platform APIs
+(although Galleon can provision a server that supports the full set of Jakarta EE and MicroProfile platform APIs).
+
+
+
You are concerned by server installation size and memory footprint.
+
+
+
You are only using standalone operating mode (with support for High Availability or not).
+
+
+
Your server instances will contain one or more application deployments.
+
+
+
+
+
If that is the kind of installation you are aiming at, the guides that you should read next are:
A bootable JAR contains both a customized WildFly server and your deployment. Such a JAR can
+then run with a simple java command such as java -jar myapp-bootable.jar
+
+
+
A bootable JAR is built using Maven. You need to integrate the
+bootable JAR Maven plugin
+in the Maven project of your application.
+
+
+
A Bootable JAR is well suited when:
+
+
+
+
+
You want to leverage your existing WildFly applications.
+
+
+
You want to build a microservice composed of a server and a single application deployment.
+
+
+
You are concerned by JAR size and memory footprint.
+
+
+
You are only using standalone operating mode (with support for High Availability or not).
+
+
+
You are building your application using Maven.
+
+
+
+
+
If that is the kind of installation you are aiming at, the guide that you should read next is:
+
+
+
+
+
The Bootable JAR Guide shows you how to package your application and the WildFly server
+into a bootable JAR.
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/latest/JavaEE_Tutorial.html b/latest/JavaEE_Tutorial.html
new file mode 100644
index 000000000..606b7eca2
--- /dev/null
+++ b/latest/JavaEE_Tutorial.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
Since the initial development of JBoss AS7 the features added to WildFly have been continuing to
+increase, some of the older features are now being removed to make way for new features. This
+guide contains information about the removed features and their alternatives.
WildFly Elytron has made available a new credential store which replaces the PicketBox vault. The
+credential store can be used for credentials to be directly looked up for use by resources or it
+can be used to store a SecretKey which can be used by an expression resolver to decrypt
+previously encrypted expressions in the management model.
The first option is to use the Elytron command line utility to create a new store.
+
+
+
+
bin/elytron-tool.sh credential-store --create \
+ --location=standalone/configuration/credentials.store
+Credential store password:
+Confirm credential store password:
+Credential Store has been successfully created
+
+
+
+
The creation process prompts for a password for the store twice and automatically creates the
+store.
However the store was created credentials can be added using either the command line utility or a
+management operation. If using the command line utility it is recommended that this is performed
+when no running server is using the store to prevent accidental overwrites.
The following command will add a new entry to the store under the alias example.
+
+
+
+
bin/elytron-tool.sh credential-store --add=example \
+ --location=standalone/configuration/credentials.store
+Credential store password:
+Secret to store:
+Confirm secret to store:
+Alias "example" has been successfully stored
+
+
+
+
This command prompts for the credential store password once followed by promting for the secret to
+store twice.
The aliases in the credential store can be listed with the following command:
+
+
+
+
bin/elytron-tool.sh credential-store --aliases \
+ --location=standalone/configuration/credentials.store
+Credential store password:
+Credential store contains following aliases: example
This will convert all of the contents of the vault to a new credential store. Vault entries were
+identified using a BLOCK and a NAME, the resulting alias in the credential store will be in the
+format BLOCK::NAME.
Resources in the management model which can reference credentials from the credential store use a
+credential-reference attribute, in defining the credential store previously this was used with
+a clear-password but it can also be used to reference an alias stored within a credential store.
+
+
+
The following managment operation demonstrates defining a new key-store resource using a
+credential store entry for the password.
In addition to using direct references to credentials it is also possible to use a SecretKey to
+handle previously encrypted expressions directly within the management model.
Before encrypted expressions can be used an AESSecretKey is required. The previous vault
+password making made use of a well known password for obfuscating, by using a SecretKey instead
+users can manage their own key.
The easiest way to create an encrupted expression is using a management operation as the result
+takes into account the configured expression=encryption resource.
The resulting expression ${ENC::RUxZAUMQ5Z7mXbyrCtv2kZlwHHpyJ//ma49gMAUnbmTfv2pGs30=} can now be
+used as the value for any other attribute in the management model which supports expressions.
WildFly ships with a number of quickstarts that show you how to get
+started with a variety of technologies in WildFly. You’ll find out how
+to write a web application using the latest Jakarta EE technologies like
+Jakarta Contexts and Dependency Injection and Jakarta RESTful Web Services.
+How to write client libraries to talk to WildFly using web services, Jakarta Messaging or Jakarta Enterprise Beans.
+How to set up a distributed transaction, and how to recover from a
+transaction failure. And much, much more.
+
+
+
+
+
1. Getting Started
+
+
+
Some of the quickstarts are described in great detail in the
+Getting Started
+Developing Applications Guide, which focuses on how get WildFly and
+Eclipse, with JBoss Tools set up, and how to build web applications.
+
+
+
The other quickstarts are all described in README files and code
+comments, including what to look out for, how to install and start
+WildFly, and how to deploy and test the quickstart.
+This section has not been updated for a long time and some sections are out of date. Contributions are welcome.
+
+
+
+
+
+
This document will detail the implementation of the testsuite
+integration submodule as it guides you on adding your own test cases.
+
+
+
The WildFly integration test suite has been designed with the following
+goals:
+
+
+
+
+
support execution of all identified test case use cases
+
+
+
employ a design/organization which is scalable and maintainable
+
+
+
provide support for the automated measurement of test suite quality
+(generation of feature coverage reports, code coverage reports)
+
+
+
+
+
In addition, these requirements were considered:
+
+
+
+
+
identifying distinct test case runs of the same test case with a
+different set of client side parameters and server side parameters
+
+
+
separately maintaining server side execution results (e.g. logs, the
+original server configuration) for post-execution debugging
+
+
+
running the testsuite in conjunction with a debugger
+
+
+
the execution of a single test (for debugging purposes)
+
+
+
running test cases against different container modes (managed in the
+main, but also remote and embedded)
+
+
+
configuring client and server JVMs separately (e.g., IPv6 testing)
+
+
+
+
+
1.1. Test Suite Organization
+
+
The testsuite module has a few submodules:
+
+
+
+
+
benchmark - holds all benchmark tests intended to assess relative
+performance of specific feature
+
+
+
domain - holds all domain management tests
+
+
+
integration - holds all integration tests
+
+
+
stress - holds all stress tests
+
+
+
+
+
It is expected that test contributions fit into one of these categories.
+
+
+
The pom.xml file located in the testsuite module is inherited by all
+submodules and is used to do the following:
+
+
+
+
+
set defaults for common testsuite system properties (which can then be
+overridden on the command line)
+
+
+
define dependencies common to all tests (Arquillian, junit or testng,
+and container type)
+
+
+
provide a workaround for @Resource(lookup=…) which requires
+libraries in jbossas/endorsed
+
+
+
+
+
It should not:
+
+
+
+
+
define module-specific server configuration build steps
+
+
+
define module-specific surefire executions
+
+
+
+
+
These elements should be defined in logical profiles associated with
+each logical grouping of tests; e.g., in the pom for the module which
+contains the tests. The submodule poms contain additional details of
+their function and purpose as well as expanded information as shown in
+this document.
+
+
+
+
1.2. Profiles
+
+
You should not activate the abovementioned profiles by -P, because that
+disables other profiles which are activated by default.
+
+
+
Instead, you should always use activating properties, which are in
+parentheses in the lists below.
+
+
+
Testsuite profiles are used to group tests into logical groups.
+
+
+
+
+
all-modules.module.profile (all-modules)
+
+
+
integration.module.profile (integration.module)
+
+
+
compat.module.profile (compat.module)
+
+
+
domain.module.profile (domain.module)
+
+
+
benchmark.module.profile (benchmark.module)
+
+
+
stress.module.profile (stress.module)
+
+
+
+
+
They also prepare WildFly instances and resources for respective
+testsuite submodules.
+
+
+
+
+
jpda.profile - sets surefire.jpda.args (debug)
+
+
+
ds.profile - sets database properties and prepares the datasource (ds=<db id>)
+
+
+
+
Has related database-specific profiles, like mysql51.profile etc.
Runs by default; use -Dts.noSmoke to prevent running.
+
+
+
Tests should execute quickly.
+
+
+
Divided into two Surefire executions:
+
+
+
+
+
One with full platform
+
+
+
Second with web profile (majority of tests).
+
+
+
+
+
+
1.3.2. Basic -Dts.basic
+
+
Basic integration tests - those which do not need a special configuration
+like cluster.
+
+
+
Divided into three Surefire executions:
+
+
+
+
+
One with full platform,
+
+
+
Second with web profile (majority of tests).
+
+
+
Third with web profile, but needs to be run after server restart to
+check whether persistent data are really persisted.
+
+
+
+
+
+
1.3.3. Clustering -Dts.clustering
+
+
Contains all tests relating to clustering aspects of the application server, such as:
+
+
+
+
+
web session clustering,
+
+
+
Jakarta Enterprise Beans session clustering,
+
+
+
command dispatcher,
+
+
+
web session affinity handling,
+
+
+
and other areas.
+
+
+
+
+
Tests should leverage shared testing logic by extending org.jboss.as.test.clustering.cluster.AbstractClusteringTestCase.
+The test case contract is that before executing the test method, all specified servers are started and all specified
+deployments are deployed. This allows Arquillian resource injection into the test case.
+
+
+
There are four WildFly server instances, one load-balancer (Undertow) and one datagrid (Infinispan server) available
+for the tests.
+
+
+
Maven profiles and Parallelization
+
+
There are maven profiles that might come in handy for testing:
+
+
+
+
+
ts.clustering.common.profile prepares server configurations used by test execution profiles
+
+
+
ts.clustering.cluster.ha.profile runs tests against standalone-ha.xml profile
+
+
+
ts.clustering.cluster.fullha.profile runs tests which require standalone-full-ha.xml profile; e.g. tests requiring JMS subsystem
+
+
+
ts.clustering.cluster.ha-infinispan-server.profile runs tests against standalone-ha.xml profile with Infinispan Server provisioned via @ClassRule
+
+
+
ts.clustering.single.profile runs clustering tests that are using a non-HA server profile
+
+
+
ts.clustering.byteman.profile runs clustering tests that require installation of byteman rules
+
+
+
+
+
For instance, to only run tests that run against full-ha profile, activate clustering tests with -Dts.clustering and exclude
+the other profiles with -P:
If the testsuite can be run on multiple runners in parallel, the main execution (which takes the majority of the execution time)
+can be split by packages using -Dts.surefire.clustering.ha.additionalExcludes property.
+This property feeds a regular expression to exclude sub-packages of the org.jboss.as.test.clustering.cluster package.
+The sub-packages at the time of writing are affinity, cdi, dispatcher, ejb, ejb2, group, jms, jpa,
+jsf, provider, registry, singleton, sso, web, and xsite.
+For instance, to parallelize testsuite execution on two machines (e.g. when using GitHub actions scripting or alike) the following commands
+could be used to split the clustering tests into two executions of similar execution time, the first node can run the first half of the tests in sub-packages, e.g.:
If the test packages get out of sync with the excludes this will result in a test running multiple times, rather than tests being omitted.
+
+
+
+
Running a single test
+
+
To run a single test, specifying -Dtest=foo is the standard way to do this. However, this overrides the includes/excludes
+section of the surefire maven plugin execution. So, in case of the clustering testsuite, the profile which this test belongs
+to, needs to be specified as well. For instance, to run a single test from the 'single' test execution, exclude the other
+test profiles:
1.3.4. Running Infinispan Server tests against custom distribution
+
+
To run the Infinispan Server-based tests against a custom distribution, a custom location can be specified with -Dinfinispan.server.home.override=/foo/bar
+and -Dinfinispan.server.profile.override=infinispan-13.0.xml to use a corresponding server profile.
+The distribution is then copied over to the build directories and patched with user credentials.
Target Audience: Those interested in running the testsuite or a subset
+thereof, with various configuration options.
+
+
+
2.1. Running the testsuite
+
+
The tests can be run using:
+
+
+
+
+
build.sh or build.bat, as a part of WildFly build.
+
+
+
+
By default, only smoke tests are run. To run all tests, run build.sh
+install -DallTests.
+
+
+
+
+
+
integration-tests.sh or integration-tests.bat, a convenience
+script which uses bundled Maven (currently 3.0.3), and runs all parent
+testsuite modules (which configure the AS server).
+
+
+
pure maven run, using mvn install.
+
+
+
+
+
The scripts are wrappers around Maven-based build. Their arguments are
+passed to Maven (with few exceptions described below). This means you
+can use:
+
+
+
+
+
build.sh (defaults to install)
+
+
+
build.sh install
+
+
+
build.sh clean install
+
+
+
integration-tests.sh install
+
+
+
…etc.
+
+
+
+
+
2.1.1. Supported Maven phases
+
+
Testsuite actions are bounds to various Maven phases up to verify.
+Running the build with earlier phases may fail in the submodules due to
+missed configuration steps. Therefore, the only Maven phases you may
+safely run, are:
+
+
+
+
+
clean
+
+
+
install
+
+
+
site
+
+
+
+
+
The test phase is not recommended to be used for scripted jobs as we
+are planning to switch to the failsafe plugin bound to the
+integration-test and verify phases. See
+WFLY-625 and
+WFLY-228.
Pure maven - if you prefer not to use scripts, you may achieve the
+same result with:
+
+
+
+
+
mvn … -rf testsuite
+
+
+
+
+
The -rf … parameter stands for "resume from" and causes Maven to run
+the specified module and all successive.
+
+
+
It’s possible to run only a single module (provided the ancestor modules
+were already run to create the AS copies) :
+
+
+
+
+
mvn … -pl testsuite/integration/cluster
+
+
+
+
+
The -pl … parameter stands for "project list" and causes Maven to
+run the specified module only.
+
+
+
2.2.1. Output to console
+
+
+
-DtestLogToFile
+
+
+
+
+
2.2.2. Other options
+
+
-DnoWebProfile - Run all tests with the full profile (
+standalone-full.xml). By default, most tests are run under web
+profile ( standalone.xml).
+
+
+
-Dts.skipTests - Skip testsuite’s tests. Defaults to the value of
+-DskipTests, which defaults to false. To build AS, skip unit tests
+and run testsuite, use -DskipTests -Dts.skipTests=false.
+
+
+
+
2.2.3. Timeouts
+
+
Surefire execution timeout
+
+
Unfortunatelly, no math can be done in Maven, so instead of applying a
+timeout ratio, you need to specify timeout manually for Surefire.
+
+
+
+
-Dsurefire.forked.process.timeout=900
+
+
+
+
+
In-test timeout ratios
+
+
Ratio in prercent - 100 = default, 200 = two times longer timeouts for
+given category.
+
+
+
Currently we have five different ratios. Later, it could be replaced
+with just one generic, one for database and one for deployment
+operations.
cd testsuite; mvn install-Dtest='*Clustered*'
+-Dts.basic
+# No need for -Dintegration.module - integration module is active by default.
+
+
+
+
+
The same shortcuts listed in "Test groups" may be used to activate the
+module and group profile.
+
+
+
Note that -Dtest= overrides <includes> and <exludes> defined in
+pom.xml, so do not rely on them when using wildcards - all compiled test
+classes matching the wildcard will be run.
+
+
+
Which Surefire execution is used?
+
+
+
Due to Surefire’s design flaw, tests run multiple times if there are
+multiple surefire executions.
+To prevent this, if -Dtest=… is specified, non-default executions
+are disabled, and standalone-full is used for all tests.
+If you need it other way, you can overcome that need:
+
+
+
+
+
basic-integration-web.surefire with standalone.xml - Configure standalone.xml to be used as server config.
+
+
+
basic-integration-non-web.surefire - For tests included here, technically nothing changes.
+
+
+
basic-integration-2nd.surefire - Simply run the second test in another invocation of Maven.
+
+
+
+
+
+
2.2.5. Running against existing AS copy (not the one from
+
+
build/target/jboss-as-*)
+
+
+
-Djboss.dist=<path/to/jboss-as> will tell the testsuite to copy that
+AS into submodules to run the tests against.
+
+
+
For example, you might want to run the testsuite against AS located in
+/opt/wildfly-8 :
jboss.dist is the location of the tested binaries. It gets copied to
+testsuite submodules.
+
+
+
jboss.home is internally used and points to those copied AS instances
+(for multinode tests, may be even different for each AS started by
+Arquillian).
+
+
+
Running against a running JBoss AS instance
+
+
Arquillian’s WildFly 29 container adapter allows specifying
+allowConnectingToRunningServer in arquillian.xml, which makes it
+check whether AS is listening at managementAddress:managementPort, and
+if so, it uses that server instead of launching a new one, and doesn’t
+shut it down at the end.
+
+
+
All arquillian.xml’s in the testsuite specify this parameter. Thus, if
+you have a server already running, it will be re-used.
+
+
+
+
Running against JBoss Enterprise Application Platform (EAP) 6.0
+
+
To run the testsuite against AS included JBoss Enterprise Application
+Platform 6.x (EAP), special steps are needed.
+
+
+
Assuming you already have the sources available, and the distributed EAP
+maven repository unzipped in e.g. /opt/jboss/eap6-maven-repo/ :
+
+
+
1) Configure maven in settings.xml to use only the EAP repository. This
+repo contains all artifacts necessary for building EAP, including maven
+plugins.
+The build (unlike running testsuite) may be done offline.
+The recommended way of configuring is to use special settings.xml, not
+your local one (typically in .m2/settings.xml).
For further information on building EAP and running the testsuite
+against it, see the official EAP documentation (link to be added)
+.
+
+
+
How-to for EAP QA can be found
+here (Red Hat internal
+only).
+
+
+
+
+
2.2.6. Running with a debugger
+
+
+
+
+
+
+
+
+
+
Argument
+
What will start with debugger
+
Default port
+
Port change arg.
+
+
+
+
+
-Ddebug
+
AS instances run by Arquillian
+
8787
+
-Das.debug.port=…
+
+
+
-Djpda
+
alias for -Ddebug
+
+
+
+
+
-DdebugClient
+
Test JVMs (currently Surefire)
+
5050
+
-Ddebug.port.surefire=…
+
+
+
-DdebugCLI
+
AS CLI
+
5051
+
-Ddebug.port.cli=…
+
+
+
+
+
Examples
+
+
+
./integration-tests.sh install -DdebugClient -Ddebug.port.surefire=4040
+
+...
+
+-------------------------------------------------------
+ T E S T S
+-------------------------------------------------------
+Listening for transport dt_socket at address: 4040
+
+
+
+
+
./integration-tests.sh install -DdebugClient -Ddebug.port.surefire
+
+...
+
+-------------------------------------------------------
+ T E S T S
+-------------------------------------------------------
+Listening for transport dt_socket at address: 5050
+JBoss AS is started by Arquillian, when the first test which requires
+given instance is run. Unless you pass -DtestLogToFile=false,there’s
+(currently) no challenge text in the console; it will look like the
+first test is stuck. This is being solved in
+http://jira.codehaus.org/browse/SUREFIRE-781.
+
+
+
+
+
+
+
+
+
+
+
+Depending on which test group(s) you run, multiple AS instances may be
+started. In that case, you need to attach the debugger multiple times.
+
+
+
+
+
+
+
+
2.2.7. Running tests with custom database
+
+
To run with different database, specify the -Dds and use these
+properties (with the following defaults):
The ds.db value is set depending on ds. E.g. -Dds=mssql2005 sets
+ds.db=mssql (since they have the same driver). -Dds.db may be
+overriden to use different driver.
+
+
+
In case you don’t want to use such driver, set just
+-Dds.db= (empty) and provide the driver to the AS manually.
+Not supported; work in progress on parameter to provide JDBC Driver
+jar.
+
+
+
Default values
+
+
For WildFly continuous integration, there are some predefined values for
+some of databases, which can be set using:
+
+
+
+
-Dds.db=<database-identifier>
+
+
+
+
Where database-identifier is one of: h2, mysql51
+
+
+
+
+
2.2.8. Running tests with IPv6
+
+
-Dipv6 - Runs AS with
+-Djava.net.preferIPv4Stack=false -Djava.net.preferIPv6Addresses=true
+
+
+
and the following defaults, overridable by respective parameter:
+
+
+
+
+
+
+
+
+
+
+
Parameter
+
IPv4 default
+
IPv6 default
+
+
+
+
+
+
-Dnode0
+
127.0.0.1
+
::1
+
Single-node tests.
+
+
+
-Dnode1
+
127.0.0.1
+
::1
+
Two-node tests (e.g. cluster) use this for the
+2nd node.
+
+
+
-Dmcast
+
230.0.0.4
+
ff01::1
+
ff01::1 is IPv6 Node-Local scope mcast
+addr.
+
+
+
-Dmcast.jgroupsDiag
+
224.0.75.75
+
ff01::2
+
JGroups diagnostics
+multicast address.
+
+
+
-Dmcast.modcluster
+
224.0.1.105
+
ff01::3
+
mod_cluster multicast
+address.
+
+
+
+
+
Values are set in AS configuration XML, replaced in resources (like
+ejb-jar.xml) and used in tests.
+
+
+
+
2.2.9. Running tests with security manager / custom security policy
+
+
-Dsecurity.manager - Run with default policy.
+
+
+
-Dsecurity.policy=<path> - Run with the given policy.
+
+
+
-Dsecurity.manager.other=<set of Java properties> - Run with the given
+properties. Whole set is included in all server startup parameters.
During the integration tests, Arquillian is passed a JVM argument which
+makes it run with JaCoCo agent, which records the executions into
+${basedir}/target/jacoco .
+
+
+
In the site phase, a HTML, XML and CSV reports are generated. That is
+done using jacoco:report Ant task in maven-ant-plugin since JaCoCo’s
+maven report goal doesn’t support getting classes outside
+target/classes.
+
+
+
Usage
+
+
+
./build.sh clean install -DskipTests
+./integration-tests.sh clean install -DallTests -Dcoverage
+./integration-tests.sh site -DallTests -Dcoverage ## Must run in separatedly.
<targetname="build-basic-integration"description="Builds server configuration for basic-integration tests">
+ <build-server-configname="jbossas"/>
+
+
+
+
Which invokes
+
+
+
+
<!-- Copy the base distribution. -->
+<!-- We exclude modules and bundles as they are read-only and we locate the via sys props. -->
+<copytodir="@{output.dir}/@{name}">
+ <filesetdir="@{jboss.dist}">
+ <excludename="**/modules/**"/>
+ <excludename="**/bundles/**"/>
+ </fileset>
+</copy>
+
+<!-- overwrite with configs from test-configs and apply property filtering -->
+<copytodir="@{output.dir}/@{name}"overwrite="true"failonerror="false">
+ <filesetdir="@{test.configs.dir}/@{name}"/>
+ <filtersetbegintoken="${"endtoken="}">
+ <filtertoken="node0"value="${node0}"/>
+ <filtertoken="node1"value="${node1}"/>
+ <filtertoken="udpGroup"value="${udpGroup}"/>
+ <filter-elements/>
+ </filterset>
+</copy>
Note to @ServerSetup annotation: It works as expected only on non-manual
+containers. In case of manual mode containers it calls setup() method
+after each server start up which is right (or actually before
+deployment), but the tearDown() method is called only at AfterClass
+event, i.e. usually after your manual shutdown of the server. Which
+limits you on the ability to revert some configuration changes on the
+server and so on. I cloned the annotation and changed it to fit the
+manual mode, but it is still in my github branch :)
+
+
+
+
7.5. Properties available in tests
+
+
7.5.1. Directories
+
+
+
+
jbosssa.project.dir - Project’s root dir (where ./build.sh is).
+
+
+
jbossas.ts.dir - Testsuite dir.
+
+
+
jbossas.ts.integ.dir - Testsuite’s integration module dir.
+
+
+
jboss.dist - Path to AS distribution, either built
+(build/target/jboss-as-…) or user-provided via -Djboss.dist
+
+
+
jboss.inst - (Arquillian in-container only) Path to the AS instance in
+which the test is running (until ARQ-650 is possibly done)
+
+
+
jboss.home - Deprecated as it’s name is unclear and
+confusing. Use jboss.dist or jboss.inst.
+
+
+
+
+
+
7.5.2. Networking
+
+
+
+
node0
+
+
+
node1
+
+
+
230.0.0.4
+
+
+
+
+
+
7.5.3. Time-related coefficients (ratios)
+
+
In case some of the following causes timeouts, you may prolong the
+timeouts by setting value >= 100:
+
+
+
100 = leave as is,
+150 = 50 % longer, etc.
+
+
+
+
+
timeout.ratio.gen - General ratio - can be used to adjust all
+timeouts.When this and specific are defined, both apply.
+
+
+
timeout.ratio.fs- Filesystem IO
+
+
+
timeout.ratio.net - Network IO
+
+
+
timeout.ratio.mem - Memory IO
+
+
+
timeout.ratio.cpu - Processor
+
+
+
timeout.ratio.db - Database
+
+
+
+
+
Time ratios will soon be provided by
+org.jboss.as.test.shared.time.TimeRatio.for*() methods.
+
+
+
+
+
7.6. Negative tests
+
+
To test invalid deployment handling: @ShouldThrowException
If any tests fail and they do not fail in main, fix it and go back
+to the "Fetch" step.
+
+
+
+
+
+
Push to a new branch in your GitHub repo:
+git push origin WFLY-1234-new-XY-tests
+
+
+
Create a pull-request on GitHub. Go to your branch and click on
+"Pull Request".
+
+
+
+
If you have a jira, start the title with it, like - WFLY-1234 New
+tests for XYZ.
+
+
+
If you don’t, write some apposite title. In the description, describe
+in detail what was done and why should it be merged. Keep in mind that
+the diff will be visible under your description.
+
+
+
+
+
+
Keep the branch rebased daily until it’s merged (see the Fetch
+step). If you don’t, you’re dramatically decreasing chance to get it
+merged.
+
+
+
There’s a mailing list, jbossas-pull-requests, which is notified of
+every pull-request.
+
+
+
You might have someone with merge privileges to cooperate with you, so
+they know what you’re doing, and expect your pull request.
+
+
+
When your pull request is reviewed and merged, you’ll be notified by
+mail from GitHub.
+
+
+
You may also check if it was merged by the following:
+git fetch upstream; git cherry<branch> ## Or git branch
+--contains\{\{<branch> - see}} here
+
+
+
Your commits will appear in main. They will have the same hash as in
+your branch.
+
+
+
+
You are now safe to delete both your local and remote branches:
+git branch -D WFLY-1234-your-branch; git push origin :WFLY-1234-your-branch
+
+
+
+
+
+
+
+
+
+
+
8. How to Add a Test Case
+
+
+
(Please don’t (re)move - this is a landing page from a Jira link.)
+
+
+
Thank you for finding time to contribute to WildFly 29 quality.
+Covering corner cases found by community users with tests is very
+important to increase stability.
+If you’re providing a test case to support your bug report, it’s very
+likely that your bug will be fixed much sooner.
+
+
+
8.1. 1) Create a test case.
+
+
It’s quite easy - a simple use case may even consist of one short .java
+file.
Ask for help at WildFly 29 forum or at IRC - #wildfly @ FreeNode.
+
+
+
+
8.2. 2) Push your test case to GitHub and create a pull request.
+
+
For information on how to create a GitHub account and push your code
+therein, see Hacking
+on WildFly.
+
+
+
If you’re not into Git, send a diff file to JBoss forums, someone might
+pick it up.
+
+
+
+
8.3. 3) Wait for the outcome.
+
+
Your test case will be reviewed and eventually added. It may take few
+days.
+
+
+
When something happens, you’ll receive a notification e-mail.
+
+
+
+
+
+
9. Before you add a test
+
+
+
Every added test, whether ported or new should follow the same
+guidelines:
+
+
+
9.1. Verify the test belongs in WildFly
+
+
AS6 has a lot of tests for things that are discontinued. For example
+the
+legacy JBoss Transaction Manager which was replaced by Arjuna. Also we
+had tests for SPIs that no longer exist. None of these things should
+be
+migrated.
+
+
+
+
9.2. Only add CORRECT and UNDERSTANDABLE tests
+
+
If you don’t understand what a test is doing (perhaps too complex), or
+it’s going about things in a strange way that might not be correct,
+THEN
+DO NOT PORT IT. Instead we should have a simpler, understandable, and
+correct test. Write a new one, ping the author, or skip it altogether.
+
+
+
+
9.3. Do not add duplicate tests
+
+
Always check that the test you are adding doesn’t have coverage
+elsewhere (try using "git grep"). As mentioned above we have some
+overlap between 6 and 7. The 7 test version will likely be better.
+
+
+
+
9.4. Don’t name tests after JIRAs
+
+
A JIRA number is useless without an internet connection, and they are
+hard to read. If I get a test failure thats XDGR-843534578 I have to
+dig
+to figure out the context. It’s perfectly fine though to link to a
+JIRA
+number in the comments of the test. Also the commit log is always
+available.
+
+
+
+
9.5. Tests should contain javadoc that explains what is being tested
+
+
This is especially critical if the test is non-trivial
+
+
+
+
9.6. Prefer expanding an EXISTING test over a new test class
+
+
If you are looking at migrating or creating a test with similar
+functionality to an exiting test, it is better to
+expand upon the existing one by adding more test methods, rather than
+creating a whole new test. In general each
+new test class adds at least 300ms to execution time, so as long as it
+makes sense it is better to add it to an
+existing test case.
+
+
+
+
9.7. Organize tests by subsystem
+
+
Integration tests should be packaged in subpackages under the relevant
+subsystem (e.g org.jboss.as.test.integration.ejb.async). When a test
+impacts multiple subsystems this is a bit of a judgement call, but in
+general the tests should go into the package of
+the spec that defines the functionality (e.g. Jakarta Contexts and Dependency Injection based constructor
+injection into an Jakarta Enterprise Beans, even though this involves Jakarta Contexts and Dependency Injection and Jakarta Enterprise Beans,
+the Jakarta Contexts and Dependency Injection spec defines this behaviour)
+
+
+
+
9.8. Explain non-obvious spec behavior in comments
+
+
The EE spec is full of odd requirements. If the test is covering
+behavior that is not obvious then please add something like "Verifies
+EE
+X.T.Z - The widget can’t have a foobar if it is declared like blah"
+
+
+
+
9.9. Put integration test resources in the source directory of the test
+
+
At the moment there is not real organization of these files. It makes
+sense for most apps to have this separation, however the testsuite is
+different. e.g. most apps will have a single deployment descriptor of
+a
+given type, for the testsuite will have hundreds, and maintaining
+mirroring
+package structures is error prone.
+This also makes the tests easier to understand, as all the artifacts
+in
+the deployment are in one place, and that place tends to be small
+(only
+a handful of files).
+
+
+
+
9.10. Do not hard-code values likely to need configuration (URLs, ports, …)
+
+
URLs hardcoded to certain address (localhost) or port (like the default
+8080 for web) prevent running the test against different address or with
+IPv6 adress.
+Always use the configurable values provided by Arquillian or as a system
+property.
+If you come across a value which is not configurable but you think it
+should be, file an WildFly 29 jira issue with component "Test suite".
+See
+@ArquillianResourrce
+usage example.
+
+
+
+
9.11. Follow best committing practices
+
+
+
+
Only do changes related to the topic of the jira/pull request.
+
+
+
Do not clutter your pull request with e.g. reformatting, fixing typos
+spotted along the way - do another pull request for such.
+
+
+
Prefer smaller changes in more pull request over one big pull request
+which are difficult to merge.
+
+
+
Keep the code consistent across commits - e.g. when renaming
+something, be sure to update all references to it.
+
+
+
Describe your commits properly as they will appear in main’s linear
+history.
+
+
+
If you’re working on a jira issue, include it’s ID in the commit
+message(s).
+
+
+
+
+
+
9.12. Do not use blind timeouts
+
+
Do not use Thread.sleep() without checking for the actual condition you
+need to be fulfilled.
+You may use active waiting with a timeout, but prefer using timeouts of
+the API/SPI you test where available.
+
+
+
Make the timeouts configurable: For a group of similar test, use a
+configurable timeout value with a default if not set.
+
+
+
+
9.13. Provide messages in assert*() and fail() calls
+
+
Definitely, it’s better to see "File x/y/z.xml not found" instead of:
+
+
+
+
junit.framework.AssertionFailedError
+ at junit.framework.Assert.fail(Assert.java:48) [arquillian-service:]
+ at junit.framework.Assert.assertTrue(Assert.java:20) [arquillian-service:]
+ at junit.framework.Assert.assertTrue(Assert.java:27) [arquillian-service:]
+ at org.jboss.as.test.smoke.embedded.parse.ParseAndMarshalModelsTestCase.getOriginalStandaloneXml(ParseAndMarshalModelsTestCase.java:554) [bogus.jar:]
+
+
+
+
+
9.14. Provide configuration properties hints in exceptions
+
+
If your test uses some configuration property and it fails possibly due
+to misconfiguration, note the property and it’s value in the exception:
Don’t put much data to static fields, or clean them in a finaly {…} block.
+
+
+
Don’t alter AS config (unless you are absolutely sure that it will
+reload in a final \{…} block or an @After* method)
+
+
+
+
+
+
9.16. Keep the tests configurable
+
+
Keep these things in properties, set them at the beginning of the test:
+* Timeouts
+* Paths
+* URLs
+* Numbers (of whatever)
+
+
+
They either will be or already are provided in form of system
+properties, or a simple testsuite until API (soon to come).
+
+
+
+
+
+
10. Shared Test Classes and Resources
+
+
+
10.1. Among Testsuite Modules
+
+
Use the testsuite/shared module.
+
+
+
Classes and resources in this module are available in all testsuite
+modules - i.e. in testsuite/* .
+
+
+
Only use it if necessary - don’t put things "for future use" in there.
+
+
+
Don’t split packages across modules.Make sure the java package is
+unique in the WildFly project.
+
+
+
Document your util classes (javadoc) so they can be easily found and
+reused! A generated list will be put here.
+
+
+
+
10.2. Between Components and Testsuite Modules
+
+
To share component’s test classes with some module in testsuite, you
+don’t need to split to submodules.
+You can create a jar with classifier using this:
WildFly Elytron brings to WildFly a single unified security framework across
+the whole of the application server. As a single framework it will be usable
+both for configuring management access to the server and for applications
+deployed to the server. It will also be usable across all process types so
+there will be no need to learn a different security framework for host
+controllers in a domain compared to configuring a standalone server.
+
+
+
The project covers these main areas:
+
+
+
+
+
Authentication
+
+
+
Authorization
+
+
+
SSL / TLS
+
+
+
Secure Credential Storage
+
+
+
+
+
1.1. Authentication
+
+
One of the fundamental objectives of the project was to ensure that we
+can use stronger authentication mechanisms for both HTTP and SASL based
+authentication, in both cases the new framework also makes it possible
+to bring in new implementations opening up various integration
+opportunities with external solutions.
+
+
+
+
1.2. Authorization
+
+
The architecture of the project makes a very clear distinction between
+the raw representation of the identity as returned by a SecurityRealm
+from the repository of identities and the final representation as a
+SecurityIdentity after roles have been decoded and mapped and
+permissions have been mapped.
+
+
+
Custom implementations of the components to perform role decoding and
+mapping, and permission mapping can be provided allowing for further
+flexibility beyond the default set of components provided by the
+project.
+
+
+
+
1.3. SSL / TLS
+
+
The project becomes the centralised point within the application server
+for configuring SSL related resources meaning they can be configured in
+a central location and referenced by resources across the application
+server. The centralised configuration also covers advanced options such
+as configuration of enabled cipher suites and protocols without this
+information needing to be distributed across the management model.
+
+
+
The SSL / TLS implementation also includes an optimisation where it can
+be closely tied to authentication allowing for permissions checks to be
+performed on establishment of a connection before the first request is
+received and the eager construction of a SecurityIdentity eliminating
+the need for it to be constructed on a per-request basis.
+
+
+
+
1.4. Secure Credential Storage
+
+
The previous vault used for plain text String encryption is replaced
+with a newly designed credential store. in addition to the protection it
+offers for the credentials stored within it, the store currently
+supports storage of clear text credentials.
+
+
+
+
+
+
2. General Elytron Architecture
+
+
+
The overall architecture for WildFly Elytron is building up a full
+security policy from assembling smaller components together, by default
+we include various implementations of the components - in addition to
+this, custom implementations of many components can be provided in order
+to provide more specialised implementations.
+
+
+
Within WildFly the different Elytron components are handled as
+capabilities meaning that different implementations can be mixed and
+matched, however the different implementations are modelled using
+distinct resources. This section contains a number of diagrams to show
+the general relationships between different components to provide a high
+level view, however the different resource definitions may use different
+dependencies depending on their purpose.
+
+
+
2.1. Security Domains
+
+
Within WildFly Elytron a SecurityDomain can be considered as a security
+policy backed by one or more SecurityRealm instances. Resources that
+make authorization decisions will be associated with a SecurityDomain,
+from the SecurityDomain a SecurityIdentity can be obtained which is a
+representation of the current identity, from this the identity’s roles
+and permissions can be checked to make the authorization decision for
+the resource.
+
+
+
The SecurityDomain is the general wrapper around the policy describing a
+resulting SecurityIdentity and makes use of the following components to
+define this policy.
+
+
+
+
+
NameRewriter
+
+
+
+
+
NameRewriters are used in multiple places within the Elytron
+configuration, as their name implies, their purpose is to take a name
+and map it to another representation of the name or perform some
+normalisation or clean up of the name.
+
+
+
+
+
RealmMapper
+
+
+
+
+
As a SecurityDomain is able to reference multiple SecurityRealms the
+RealmMapper is responsible for identifying which SecurityRealm to use
+based on the supplied name for authentication.
+
+
+
+
+
SecurityRealm
+
+
+
+
+
One or more named SecurityRealms are associated with a SecurityDomain.
+A SecurityRealm provides access to the underlying repository of
+identities. It is used for obtaining credentials to allow
+authentication mechanisms to perform verification, for validation of
+Evidence, and for obtaining the raw AuthorizationIdentity performing the
+authentication.
+
+
+
Some SecurityRealm implementations are also modifiable and therefore
+expose an API that allows for updates to be made to the repository
+containing the identities.
+
+
+
+
+
RoleDecoder
+
+
+
+
+
Along with the SecurityRealm association is also a reference to a
+RoleDecoder, the RoleDecoder takes the raw AuthorizationIdentity
+returned from the SecurityRealm and converts its attributes into roles.
+
+
+
+
+
RoleMapper
+
+
+
+
+
After the roles have been decoded for an identity, further mapping can be
+applied. This could be as simple as normalising the format of role names,
+or perhaps adding or removing specific role names. If a RoleMapper is
+referenced by a SecurityRealm association, that RoleMapper is applied
+first before applying the RoleMapper associated with the SecurityDomain.
+
+
+
+
+
PrincipalDecoder
+
+
+
+
+
A PrincipalDecoder converts from a Principal to a String representation
+of a name. One example for this is the X500PrincipalDecoder, which
+is able to extract an attribute from a distinguished name.
+
+
+
+
+
PermissionMapper
+
+
+
+
+
In addition to having roles, a SecurityIdentity can also have a set of
+permissions. The PermissionMapper assigns those permissions to the
+identity.
+
+
+
Different secured resources can be associated with different
+SecurityDomains for their authorization decisions. Within WildFly
+Elytron we have the ability to configure inflow between different
+SecurityDomains. The inflow process means that a SecurityIdentity
+inflowed into a second SecurityDomain has the mappings of the new
+SecurityDomain applied to it. So although a common identity may be
+calling different resources, each of those resources could have a very
+different view of the roles and permissions associated with the
+identity.
+
+
+
+
2.2. SASL Authentication
+
+
The SaslAuthenticationFactory is an authentication policy for
+authentication using SASL authentication mechanisms. In addition to
+being a policy it is also a factory for configured authentication
+mechanisms backed by a SecurityDomain.
+
+
+
The SaslAuthenticationFactory references the following: -
+
+
+
+
+
SecurityDomain
+
+
+
+
+
This is the security domain that any mechanism authentication will be
+performed against.
+
+
+
+
+
SaslServerFactory
+
+
+
+
+
This is the general factory for server side SASL authentication
+mechanisms.
+
+
+
+
+
MechanismConfigurationSelector
+
+
+
+
+
Additional configuration can be supplied for the authentication
+mechanisms. The configuration will be described in more detail later but
+the purpose of the MechanismConfigurationSelector is to obtain
+configuration specific to the mechanism selected. This can include
+information about realm names a mechanism should present to a remote
+client plus additional NameRewriters and RealmMappers to use during the
+authentication process.
+
+
+
The reason some components referenced by the SecurityDomain are
+duplicated is so that mechanism-specific mappings can be applied.
+
+
+
+
2.3. HTTP Authentication
+
+
The HttpAuthenticationFactory is an authentication policy for
+authentication using HTTP authentication mechanisms, including the BASIC,
+DIGEST, EXTERNAL, FORM, SPNEGO, and CLIENT_CERT mechanisms. In addition to
+being a policy, it is also a factory for configured authentication
+mechanisms backed by a SecurityDomain.
+
+
+
The HttpAuthenticationFactory references the following:
+
+
+
+
+
SecurityDomain
+
+
+
+
+
This is the security domain that any mechanism authentication will be
+performed against.
+
+
+
+
+
HttpServerAuthenticationMechanismFactory
+
+
+
+
+
This is the general factory for server side HTTP authentication
+mechanisms.
+
+
+
+
+
MechanismConfigurationSelector
+
+
+
+
+
Additional configuration can be supplied for the authentication
+mechanisms. The configuration will be described in more detail later but
+the purpose of the MechanismConfigurationSelector is to obtain
+configuration specific to the mechanism selected. This can include
+information about realm names a mechanism should present to a remote
+client plus additional NameRewriters and RealmMappers to use during the
+authentication process.
+
+
+
The reason some components referenced by the SecurityDomain are
+duplicated is so that mechanism-specific mappings can be applied.
+
+
+
+
2.4. SSL / TLS
+
+
The SSLContext defined within Elytron is a javax.net.ssl.SSLContext
+meaning it can be used by anything that uses an SSLContext directly.
+
+
+
In addition to the usual configuration for an SSLContext it is possible
+to configure additional items such as cipher suites and protocols and
+the SSLContext returned will wrap any engines created to set these
+values.
+
+
+
The SSLContext within Elytron can also reference the following:
+
+
+
+
+
KeyManagers
+
+
+
+
+
An array of KeyManager instances to be used by the SSLContext, this in
+turn can reference a KeyStore to load the keys.
+
+
+
+
+
TrustManagers
+
+
+
+
+
An array of TrustManager instances to be used by the SSLContext, this in
+turn can also reference a KeyStore to load the certificates.
+
+
+
+
+
SecurityDomain
+
+
+
+
+
If an SSLContext is (optionally) configured to reference a
+SecurityDomain then verification of a client’s certificate can be
+performed as an authentication ensuring the appropriate permissions to
+Logon are assigned before even allowing the connection to be fully
+opened. Additionally, the SecurityIdentity can be established at the time
+the connection is opened and used for any invocations over the
+connection.
+
+
+
+
2.5. Passwords
+
+
One of the core features of WildFly Elytron is the ability to work with many different formats for representing passwords, WildFly Elytron also contains APIs that can be used to convert from clear text passwords to these representations that can be stored in the underlying identity stores.
+
+
+
This section will document how these APIs can be used to work with the different password types.
+
+
+
2.5.1. PasswordFactory
+
+
Working with passwords will require interaction with the org.wildfly.security.password.PasswordFactory API, this obtains access to implementations from java.security.Provider instances, there are two different ways these can be identified: -
+
+
+
+
+
By querying the globally installed Providers
+
+
+
By passing in the Provider to the getInstance method of the PasswordFactory API.
+
+
+
+
+
In both cases the WildFly Elytron implementations are provided by the org.wildfly.security.WildFlyElytronProvider provider.
+
+
+
When relying on the Provider being globally registered the PasswordFactory for a specific algorithm can be obtained as: -
A second approach is to obtain a raw representation of the ClearPassword, however this will need to be translated into the PasswordFactory if it will be used for evidence validation but if the Password is not being used for verification this can be a suitable alternative provided the parameters have been pre-verified.
The raw password can be used for other areas of the Elytron APIs however if it is used for validation an error similar to the following will be thrown.
+
+
+
+
Exception in thread "main" java.security.InvalidKeyException
+ at org.wildfly.security.password.impl.PasswordFactorySpiImpl.engineVerify(PasswordFactorySpiImpl.java:762)
+ at org.wildfly.security.password.PasswordFactory.verify(PasswordFactory.java:210)
+[source,java]
+
+
+
+
+
2.5.3. Simple Digest
+
+
The next type of password is the simple digest, for this password type the clear text password id digested using the specified algorithm however no salt is used.
+
+
+
The following algorithms are applicable to this type of encoding.
+
+
+
+
+
simple-digest-md2
+
+
+
simple-digest-md5
+
+
+
simple-digest-sha-1
+
+
+
simple-digest-sha-256
+
+
+
simple-digest-sha-384
+
+
+
simple-digest-sha-512
+
+
+
+
+
The following example illustrates how the Password instance can be created starting from the clear text password,from this the digested representation of the password can be obtained which could be used to store the password. The digested representation is then used to create a further Password instance.
Two variations of salted digests are supported, these can either be digested with the salt first or the password first. The following algorithms are supported: -
+
+
+
+
+
password-salt-digest-md5
+
+
+
password-salt-digest-sha-1
+
+
+
password-salt-digest-sha-256
+
+
+
password-salt-digest-sha-384
+
+
+
password-salt-digest-sha-512
+
+
+
salt-password-digest-md5
+
+
+
salt-password-digest-sha-1
+
+
+
salt-password-digest-sha-256
+
+
+
salt-password-digest-sha-384
+
+
+
salt-password-digest-sha-512
+
+
+
+
+
The following example shows how using a generated salt the password can be created from a clear text password and then subsequently how the password can be recreated from the salt and digest.
The Digest passwords are an alternative form of digest where the username, realm and password are digested together delimited with a ':', these are usable with clear text authentication mechanisms but also usable with the digest authentication mechanisms also eliminating the transmission of clear text passwords during authentication. The following algorithms are supported: -
+
+
+
+
+
digest-md5
+
+
+
digest-sha
+
+
+
digest-sha-256
+
+
+
digest-sha-384
+
+
+
digest-sha-512
+
+
+
digest-sha-512-256
+
+
+
+
+
The following example illustrates how a password can be created from the username, realm, and password and then how it can be recreated from the digest, realm, and password.
For this password type is not possible to create the password from the ClearPasswordSpec as additional information always needs to be specified and can not be dynamically or randomly generated, however the raw APIs can still be used.
Another set of passwords more tightly tied to a specific authentication mechanism are the SCRAM password types, the following algorithms are supported: -
+
+
+
+
+
scram-sha-1
+
+
+
scram-sha-256
+
+
+
scram-sha-384
+
+
+
scram-sha-512
+
+
+
+
+
The following demonstrates how a clear password can be converted to a scram password using a specified salt and iteration count and how this can be recreated from the digested value.
Alternatively instead of using the IteratedSaltedPasswordAlgorithmSpec is it also possible to use a SaltedPasswordAlgorithmSpec when converting from the clear text password and a default iteration count will be used instead, this is similar to how the conversion happens for salted digest passwords.
+
+
+
It is also possible to omit the salt and iteration count and these will be generated.
+
+
+
+
ClearPasswordSpec clearSpec = new ClearPasswordSpec(TEST_PASSWORD.toCharArray());
+
+ScramDigestPassword original = (ScramDigestPassword) passwordFactory.generatePassword(clearSpec);
+
+byte[] salt = original.getSalt();
+byte[] digest = original.getDigest();
+int iterationCount = original.getIterationCount();
+
+
+
+
Starting with a digest, salt, and iteration count the raw APIs can also be used.
One more type of mechanism specific password is the one time password type. The following algorithms are supported: -
+
+
+
+
+
otp-md5
+
+
+
otp-sha1
+
+
+
otp-sha256
+
+
+
otp-sha384
+
+
+
otp-sha512
+
+
+
+
+
The following demonstrates how a clear password can be converted to a one time password using a specified seed and iteration count and how this can be recreated from the hashed value.
This example does not include verification as that is handled by the SASL mechanism which also increments the sequence and replaces the hash, this does mean this password type needs to be used with a security realm which also supports updates.
+
+
+
Starting with the hash and sequence number the raw APIs can also be used.
The following algorithms are also supported for alternative iterated salted password types: -
+
+
+
+
+
bcrypt
+
+
+
sun-crypt-md5
+
+
+
sun-crypt-md5-bare-salt
+
+
+
crypt-sha-256
+
+
+
crypt-sha-512
+
+
+
bsd-crypt-des
+
+
+
+
+
The general pattern for working with these password types is the same as was used for Scram password types if an interaction count is specified or the same as salted digest password types if a default iteration count is to be used instead.
+
+
+
+
2.5.9. Other Salted Types
+
+
The following algorithms are also supported for salted password types: -
+
+
+
+
+
crypt-md5
+
+
+
crypt-des
+
+
+
+
+
The general pattern for working with these password types is the same as was used for salted digest password types as no iteration count is required.
+
+
+
+
2.5.10. Masked Password Types
+
+
Finally a set of masked password types are also supported to add support for legacy password types which were previously supported within PicketBox, the following algorithms are supported.
A number of password types can be encoded using modular crypt allowing information such as the password type, the hash or digest, the salt, and the iteration count to be encoded in a single String, this can make storage and retrieval of passwords easier as multiple pieces of related data can be handled as one.
+
+
+
Within the WildFly Elytron project the utility org.wildfly.security.password.util.ModularCrypt can be used to handle the encoding and decoding.
+
+
+
The following password types can be encoded and decoded: -
+
+
+
+
+
BCryptPassword
+
+
+
BSDUnixDESCryptPassword
+
+
+
UnixDESCryptPassword
+
+
+
UnixMD5CryptPassword
+
+
+
SunUnixMD5CryptPassword
+
+
+
UnixSHACryptPassword
+
+
+
+
+
The following code demonstrates this for a BSDUnixDESCryptPassword: -
+The Password returned from the call to ModularCrypt.decode(…) is a raw password so needs translating by the PasswordFactory.
+
+
+
+
+
+
+
+
+
+
3. Elytron Subsystem
+
+
+
WildFly Elytron is a security framework used to unify security across
+the entire application server. The elytron subsystem enables a single
+point of configuration for securing both applications and the management
+interfaces. WildFly Elytron also provides a set of APIs and SPIs for
+providing custom implementations of functionality and integrating with
+the elytron subsystem.
+
+
+
In addition, there are several other important features of the WildFly
+Elytron:
+
+
+
+
+
Stronger authentication mechanisms for HTTP and SASL authentication.
+
+
+
Improved architecture that allows for SecurityIdentities to be
+propagated across security domains and transparently transformed ready
+to be used for authorization. This transformation takes place using
+configurable role decoders, role mappers, and permission mappers.
+
+
+
Centralized point for SSL/TLS configuration including cipher suites
+and protocols.
+
+
+
SSL/TLS optimizations such as eager SecureIdentity construction and
+closely tying authorization to establishing an SSL/TLS connection. Eager
+SecureIdentity construction eliminates the need for a SecureIdentity
+to be constructed on a per-request basis. Closely tying authentication
+to establishing an SSL/TLS connection enables permission checks to
+happen BEFORE the first request is received.
+
+
+
A secure credential store that replaces the previous vault
+implementation to store clear text credentials.
+
+
+
+
+
The new elytron subsystem exists in parallel to the legacy security
+subsystem and legacy core management authentication. Both the legacy and
+Elytron methods may be used for securing the management interfaces as
+well as providing security for applications.
+
+
+
3.1. Get Started using the Elytron Subsystem
+
+
To get started using Elytron, refer to these topics:
+
+
+
+
+
Use the default Elytron components for
+application
+and
+management
+authentication
+
+
+
Secure an application with a new identity store stored in a
+filesystem
+or
+database.
WildFly Elytron provides a default set of implementations in the
+elytron subsystem.
+
+
+
3.2.1. Factories
+
+
+
+
+
+
+
+
Component
+
Description
+
+
+
+
+
aggregate-http-server-mechanism-factory
+
An HTTP server factory
+definition where the HTTP server factory is an aggregation of other HTTP
+server factories.
+
+
+
aggregate-sasl-server-factory
+
A SASL server factory definition where
+the SASL server factory is an aggregation of other SASL server
+factories.
+
+
+
configurable-http-server-mechanism-factory
+
A SASL server factory
+definition where the SASL server factory is an aggregation of other SASL
+server factories.
+
+
+
configurable-sasl-server-factory
+
A SASL server factory definition
+where the SASL server factory is an aggregation of other SASL server
+factories.
+
+
+
custom-credential-security-factory
+
A custom credential SecurityFactory
+definition.
+
+
+
http-authentication-factory
+
Resource containing the association of a
+security domain with a HttpServerAuthenticationMechanismFactory.
+
+
+
kerberos-security-factory
+
A security factory for obtaining a
+GSSCredential for use during authentication.
+
+
+
mechanism-provider-filtering-sasl-server-factory
+
A SASL server factory
+definition that enables filtering by provider where the factory was
+loaded using a provider.
+
+
+
provider-http-server-mechanism-factory
+
An HTTP server factory
+definition where the HTTP server factory is an aggregation of factories
+from the provider list.
+
+
+
provider-sasl-server-factory
+
A SASL server factory definition where
+the SASL server factory is an aggregation of factories from the provider
+list.
+
+
+
sasl-authentication-factory
+
Resource containing the association of a
+security domain with a SaslServerFactory.
+
+
+
service-loader-http-server-mechanism-factory
+
An HTTP server factory
+definition where the HTTP server factory is an aggregation of factories
+identified using a ServiceLoader
+
+
+
service-loader-sasl-server-factory
+
A SASL server factory definition
+where the SASL server factory is an aggregation of factories identified
+using a ServiceLoader
+
+
+
+
+
+
3.2.2. Principal Transformers
+
+
+
+
+
+
+
+
Component
+
Description
+
+
+
+
+
aggregate-principal-transformer
+
A principal transformer definition
+where the principal transformer is an aggregation of other principal
+transformers.
+
+
+
case-principal-transformer
+
A principal transformer definition where
+the principal is adjusted to upper or lower case.
+
+
+
chained-principal-transformer
+
A principal transformer definition where
+the principal transformer is a chaining of other principal transformers.
+
+
+
constant-principal-transformer
+
A principal transformer definition
+where the principal transformer always returns the same constant.
+
+
+
custom-principal-transformer
+
A custom principal transformer
+definition.
+
+
+
regex-principal-transformer
+
A regular expression based principal
+transformer
+
+
+
regex-validating-principal-transformer
+
A regular expression based
+principal transformer which uses the regular expression to validate the
+name.
+
+
+
+
+
+
3.2.3. Principal Decoders
+
+
+
+
+
+
+
+
Component
+
Description
+
+
+
+
+
aggregate-principal-decoder
+
A principal decoder definition where the
+principal decoder is an aggregation of other principal decoders.
+
+
+
concatenating-principal-decoder
+
A principal decoder definition where
+the principal decoder is a concatenation of other principal decoders.
+
+
+
constant-principal-decoder
+
Definition of a principal decoder that
+always returns the same constant.
+
+
+
custom-principal-decoder
+
Definition of a custom principal decoder.
+
+
+
x500-attribute-principal-decoder
+
Definition of a X500 attribute based
+principal decoder.
+
+
+
+
+
+
3.2.4. Evidence Decoders
+
+
+
+
+
+
+
+
Component
+
Description
+
+
+
+
+
x509-subject-alt-name-evidence-decoder
+
An evidence decoder that derives the
+principal associated with a certificate chain from an X.509 subject alternative
+name from the first certificate in the given chain.
+
+
+
x500-subject-evidence-decoder
+
An evidence decoder that derives the principal
+associated with a certificate chain from the subject from the first certificate
+in the given chain.
+
+
+
custom-evidence-decoder
+
Definition of a custom evidence decoder.
+
+
+
aggregate-evidence-decoder
+
An evidence decoder that is an aggregation of other
+evidence decoders. Given evidence, these evidence decoders will be attempted in
+order until one returns a non-null principal or until there are no more evidence
+decoders left to try.
+
+
+
+
+
+
3.2.5. Realm Mappers
+
+
+
+
+
+
+
+
Component
+
Description
+
+
+
+
+
constant-realm-mapper
+
Definition of a constant realm mapper that
+always returns the same value.
+
+
+
custom-realm-mapper
+
Definition of a custom realm mapper
+
+
+
mapped-regex-realm-mapper
+
Definition of a realm mapper implementation
+that first uses a regular expression to extract the realm name, this is
+then converted using the configured mapping of realm names.
+
+
+
simple-regex-realm-mapper
+
Definition of a simple realm mapper that
+attempts to extract the realm name using the capture group from the
+regular expression, if that does not provide a match then the delegate
+realm mapper is used instead.
A realm definition that is an aggregation of two
+or more realms, one for the authentication steps and one or more for loading the
+identity for the authorization steps and aggregating the resulting attributes.
+
+
+
caching-realm
+
A realm definition that enables caching to another
+security realm. Caching strategy is Least Recently Used where least
+accessed entries are discarded when maximum number of entries is
+reached.
+
+
+
custom-modifiable-realm
+
Custom realm configured as being modifiable
+will be expected to implement the ModifiableSecurityRealm interface. By
+configuring a realm as being modifiable management operations will be
+made available to manipulate the realm.
+
+
+
custom-realm
+
A custom realm definitions can implement either the s
+SecurityRealm interface or the ModifiableSecurityRealm interface.
+Regardless of which interface is implemented management operations will
+not be exposed to manage the realm. However other services that depend
+on the realm will still be able to perform a type check and cast to gain
+access to the modification API.
A security realm definition that uses JAAS configuration file to initialize LoginContext that is used to obtain identities.
+
+
+
+
+
+
3.2.7. Permission Mappers
+
+
+
+
+
+
+
+
Component
+
Description
+
+
+
+
+
custom-permission-mapper
+
Definition of a custom permission mapper.
+
+
+
logical-permission-mapper
+
Definition of a logical permission mapper.
+
+
+
simple-permission-mapper
+
Definition of a simple configured permission
+mapper.
+
+
+
constant-permission-mapper
+
Definition of a permission mapper that
+always returns the same constant.
+
+
+
+
+
+
3.2.8. Role Decoders
+
+
+
+
+
+
+
+
Component
+
Description
+
+
+
+
+
custom-role-decoder
+
Definition of a custom RoleDecoder
+
+
+
simple-role-decoder
+
Definition of a simple RoleDecoder that takes a
+single attribute and maps it directly to roles.
+
+
+
source-address-role-decoder
+
Definition of a RoleDecoder that maps roles
+based on the IP address of the remote client.
+
+
+
aggregate-role-decoder
+
A role decoder that is an aggregation of other
+role decoders. An aggregate role decoder combines the roles obtained using
+each role decoder.
+
+
+
+
+
+
3.2.9. Role Mappers
+
+
+
+
+
+
+
+
Component
+
Description
+
+
+
+
+
add-prefix-role-mapper
+
A role mapper definition for a role mapper that
+adds a prefix to each provided.
+
+
+
add-suffix-role-mapper
+
A role mapper definition for a role mapper that
+adds a suffix to each provided.
+
+
+
constant-role-mapper
+
A role mapper definition where a constant set of
+roles is always returned.
+
+
+
aggregate-role-mapper
+
A role mapper definition where the role mapper
+is an aggregation of other role mappers.
+
+
+
logical-role-mapper
+
A role mapper definition for a role mapper that
+performs a logical operation using two referenced role mappers.
+
+
+
custom-role-mapper
+
Definition of a custom role mapper
+
+
+
mapped-role-mapper
+
A role mapper definition for a role mapper that uses
+configured mapping of role names to map role names.
+
+
+
regex-role-mapper
+
A role mapper definition for a role mapper that
+performs a regex matching and maps matching roles with provided pattern.
+Regex can capture groups that replacement pattern can make use of.
+
+
+
+
+
+
3.2.10. SSL Components
+
+
+
+
+
+
+
+
Component
+
Description
+
+
+
+
+
client-ssl-context
+
An SSLContext for use on the client side of a
+connection.
+
+
+
filtering-key-store
+
A filtering keystore definition, which provides a
+keystore by filtering a key-store.
+
+
+
key-manager
+
A key manager definition for creating the key manager
+list as used to create an SSL context.
+
+
+
key-store
+
A keystore definition.
+
+
+
ldap-key-store
+
An LDAP keystore definition, which loads a keystore
+from an LDAP server.
+
+
+
server-ssl-context
+
An SSL context for use on the server side of a
+connection.
+
+
+
trust-manager
+
A trust manager definition for creating the
+TrustManager list as used to create an SSL context.
+
+
+
certificate-authority-account
+
A certificate authority account which can
+be used to obtain and revoke signed certificates.
+
+
+
+
+
+
3.2.11. Other
+
+
+
+
+
+
+
+
Component
+
Description
+
+
+
+
+
aggregate-providers
+
An aggregation of two or more Provider[]
+resources.
+
+
+
authentication-configuration
+
An individual authentication
+configuration definition, which is used by clients deployed to WildFly
+and other resources for authenticating when making a remote connection.
+
+
+
authentication-context
+
An individual authentication context
+definition, which is used to supply an ssl-context and
+authentication-configuration when clients deployed to WildFly and other
+resources make a remoting connection.
+
+
+
credential-store
+
Credential store to keep alias for sensitive
+information such as passwords for external services.
+
+
+
dir-context
+
The configuration to connect to a directory (LDAP) server.
+
+
+
provider-loader
+
A definition for a provider loader.
+
+
+
security-domain
+
A security domain definition.
+
+
+
security-property
+
A definition of a security property to be set.
+
+
+
+
+
+
+
3.3. Out of the Box Configuration
+
+
WildFly provides a set of components configured by default. While these
+components are ready to use, the legacy security subsystem and legacy
+core management authentication is still used by default. To configure
+WildFly to use the these configured components as well as create new
+ones, see the Using the Elytron
+Subsystem section.
+
+
+
+
+
+
+
+
+
Default Component
+
Description
+
+
+
+
+
ApplicationDomain
+
The ApplicationDomain security domain uses
+ApplicationRealm and groups-to-roles for authentication. It also uses
+default-permission-mapper to assign the login permission.
+
+
+
ManagementDomain
+
The ManagementDomain security domain uses two
+security realms for authentication: ManagementRealm with groups-to-roles
+and local with super-user-mapper. It also uses default-permission-mapper
+to assign the login permission.
+
+
+
local (security realm)
+
The local security realm does no authentication
+and sets the identity of principals to $local
+
+
+
ApplicationRealm
+
The ApplicationRealm security realm is a properties
+realm that authenticates principals using application-users.properties
+and assigns roles using application-roles.properties. These files are
+located under jboss.server.config.dir, which by default, maps to
+EAP_HOME/standalone/configuration. They are also the same files used by
+the legacy security default configuration.
+
+
+
ManagementRealm
+
The ManagementRealm security realm is a properties
+realm that authenticates principals using mgmt-users.properties and
+assigns roles using mgmt-groups.properties. These files are located
+under jboss.server.config.dir, which by default, maps to
+EAP_HOME/standalone/configuration. They are also the same files used by
+the legacy security default configuration.
+
+
+
default-permission-mapper
+
The default-permission-mapper mapper is a
+simple permission mapper that uses the default-permissions permission set
+to assign the full set of permissions that an identity would require to
+access any services on the server. For example, the default-permission-mapper
+mapper uses org.wildfly.extension.batch.jberet.deployment.BatchPermission
+specified by the default-permissions permission set to assign permission for
+batch jobs. The batch permissions are start, stop, restart, abandon, and read
+which aligns with jakarta.batch.operations.JobOperator. The default-permission-mapper
+mapper also uses org.wildfly.security.auth.permission.LoginPermission specified
+by the the login-permission permission set to assign the login permission.
+
+
+
local (mapper)
+
The local mapper is a constant role mapper that maps to
+the local security realm. This is used to map authentication to the
+local security realm.
+
+
+
groups-to-roles
+
The groups-to-roles mapper is a simple-role-decoder
+that will decode the groups information of a principal and use it for
+the role information.
+
+
+
super-user-mapper
+
The super-user-mapper mapper is a constant role
+mapper that maps the SuperUser role to a principal.
+
+
+
management-http-authentication
+
The management-http-authentication
+http-authentication-factory can be used for doing authentication over
+http. It uses the global provider-http-server-mechanism-factory to
+filter authentication mechanism and uses ManagementDomain for
+authenticating principals. It accepts the DIGEST authentication
+mechanisms and exposes it as ManagementRealm to applications.
+
+
+
global (provider-http-server-mechanism-factory)
+
This is the HTTP
+server factory mechanism definition used to list the provided
+authentication mechanisms when creating an http authentication factory.
+
+
+
management-sasl-authentication
+
The management-sasl-authentication
+sasl-authentication-factory can be used for authentication using SASL.
+It uses the configured sasl-server-factory to filter authentication
+mechanisms, which also uses the global provider-sasl-server-factory to
+filter by provider names. management-sasl-authentication uses the
+ManagementDomain security domain for authentication of principals. It
+also maps authentication using JBOSS-LOCAL-USER mechanisms using the
+local realm mapper and authentication using DIGEST-MD5 to
+ManagementRealm.
+
+
+
application-sasl-authentication
+
The application-sasl-authentication
+sasl-authentication-factory can be used for authentication using SASL.
+It uses the configured sasl-server-factory to filter authentication
+mechanisms, which also uses the global provider-sasl-server-factory to
+filter by provider names. application-sasl-authentication uses the
+ApplicationDomain security domain for authentication of principals.
+
+
+
global (provider-sasl-server-factory)
+
This is the SASL server factory
+definition used to create SASL authentication factories.
This is used
+to filter which sasl-authentication-factory is used based on the
+provider. In this case, elytron will match on the WildFlyElytron
+provider name.
+
+
+
configured (configurable-sasl-server-factory)
+
This is used to filter
+sasl-authentication-factory is used based on the mechanism name. In this
+case, configured will match on JBOSS-LOCAL-USER and DIGEST-MD5. It also
+sets the wildfly.sasl.local-user.default-user to $local.
+
+
+
applicationSSC
+
The applicationSSC server SSL context can be used
+to automatically generate a self-signed certificate the first time
+the HTTPS interface is accessed. This server SSL context should only
+be used for testing purposes. It should never be used in a production
+environment.
+
+
+
combined-providers
+
Is an aggregate provider that aggregates the elytron
+and openssl provider loaders.
By default, applications are secured using legacy security domains.
+Applications must specify a security domain in their web.xml as well
+as the authentication method. If no security domain is specified by the
+application, WildFly will use the provided other legacy security
+domain.
+
+
+
3.4.1. Update WildFly to Use the Default Elytron Components for Application
When the applicationSSC server SSL context is used by Undertow, a self-signed certificate will automatically
+be generated the first time the HTTPS interface is accessed if the file that backs the applicationKS key store
+doesn’t exist. This self-signed certificate will then be persisted to the file that backs the applicationKS key
+store. The generate-self-signed-certificate-host value, localhost, will be used as the Common Name (CN) value
+in the generated self-signed certificate. The following messages will appear in the server log file:
+
+
+
+
13:21:39,197 WARN [org.wildfly.extension.elytron] (MSC service thread 1-6) WFLYELY01083: KeyStore /wildfly/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self-signed certificate for host localhost
+...
+13:39:57,152 WARN [org.wildfly.extension.elytron] (default task-1) WFLYELY01084: Generated self-signed certificate at /wildfly/dist/target/wildfly-21.0.0.Beta1-SNAPSHOT/standalone/configuration/application.keystore. Please note that self-signed certificates are not secure and should only be used for testing purposes. Do not use this self-signed certificate in production.
+SHA-1 fingerprint of the generated key is fc:16:cf:bf:de:3a:6d:d6:fe:ec:f9:cd:9d:22:c9:3d:43:d7:e3:57
+SHA-256 fingerprint of the generated key is 38:69:00:4e:39:e2:40:e2:ef:b6:95:58:c6:ba:d0:0f:56:c5:7c:5d:fc:d5:c3:b9:b0:94:80:9c:f5:45:9d:40
+
+
+
+
NOTE To disable the automatic self-signed certificate generation, undefine the generate-self-signed-certificate-host
+attribute on the applicationKM key manager.
+
+
+
WARNING This self-signed certificate is only intended to be used for testing purposes. This self-signed certificate
+should never be used in a production environment. For more information on configuring an ssl-context,
+see Configuring a server SSLContext. For more information on how to
+easily obtain a signed certificate using the WildFly CLI, see Obtain a signed certificate from Let’s Encrypt.
When you access the management interface over HTTP, for example when
+using the web-based management console, WildFly will use the
+management-http-authentication http-authentication-factory.
By default, the management CLI ( jboss-cli.sh) is configured to
+connect over remote+http.
+
+
+
Default jboss-cli.xml
+
+
+
+
<jboss-clixmlns="urn:jboss:cli:3.3">
+
+ <default-protocoluse-legacy-override="true">remote+http</default-protocol>
+
+ <!-- The default controller to connect to when 'connect' command is executed w/o arguments -->
+ <default-controller>
+ <protocol>remote+http</protocol>
+ <host>localhost</host>
+ <port>9990</port>
+ </default-controller>
+
+
+
+
This will establish a connection over HTTP and use HTTP upgrade to
+change the communication protocol to native. The HTTP upgrade
+connection is secured in the http-upgrade section of the
+http-interface using a sasl-authentication-factory.
Configure Authentication with an LDAP-Based Identity Store
+
+
+
Certificate, Certificate Roles Login Module
+
Configure Authentication
+with Certificates
+
+
+
Kerberos, SPNEGO Login Modules
+
Configure Authentication with a
+Kerberos-Based Identity Store
+
+
+
Kerberos, SPNEGO Login Modules with Fallback
+
Configure Authentication
+with a Form as a Fallback for Kerberos
+
+
+
RoleMapping Login Module
+
Configure Authentication
+with a Mapped Role Mapper
+
+
+
Vault
+
Create and Use a Credential Store
+
+
+
Legacy Security Realms
+
Secure the Management Interfaces with a New
+Identity Store, Silent Authentication
+
+
+
RBAC
+
Using RBAC with Elytron
+
+
+
Legacy Security Realms for One-way and Two-way SSL/TLS for Applications
+
Enable One-way SSL/TLS for Applications, Enable Two-way SSL/TLS in
+WildFly for Applications
+
+
+
Legacy Security Realms for One-way and Two-way SSL/TLS for Management
+Interfaces
+
Enable One-way for the Management Interfaces Using the
+Elytron Subsystem, Enable Two-way SSL/TLS for the Management Interfaces
+using the Elytron Subsystem
+
+
+
+
+
+
+
+
4. Using the Elytron Subsystem
+
+
+
4.1. Set Up and Configure Authentication for Applications
+
+
4.1.1. Configure Authentication with a Properties File-Based Identity Store
+
+
Create properties files:
+
+
You need to create two properties files: one that maps user to passwords
+and another that maps users to roles. Usually these files are located in
+the jboss.server.config.dir directory and follow the naming convention
+*-users.properties and *-roles.properties, but other locations and
+names may be used. The *-users.properties file must also contain a
+reference to the properties-realm, which you will create in the next
+step: #$REALM_NAME=YOUR_PROPERTIES_REALM_NAME$
+
+
+
Example user to password file: example-users.properties
Example user to roles file: example-roles.properties
+
+
+
+
user1=Admin
+user2=Guest
+
+
+
+
The Properties Realm also supports storing hashed passwords in the properties
+files, namely DIGEST passwords. Learn how to specify the encoding and character set for these passwords
+in the next section.
The name of the properties-realm is examplePropRealm, which is used
+in the previous step in the example-users.properties file. Also, if
+your properties files are located outside of jboss.server.config.dir,
+then you need to change the path and relative-to values
+appropriately.
+
+
+
Additionally, if storing hashed passwords in the properties file, you can specify the following
+attributes:
+
+
+
+
+
hash-encoding: This attribute specifies the string format for the password if it is not stored in plain
+text. It is set to hex encoding by default, but base64 is also supported.
+
+
+
hash-charset: This attribute specifies the character set to use when converting the password string to a
+byte array. It is set to UTF-8 by default.
+
+
+
+
+
For example, the following properties realm is configured to use base64 encoding and the character set
+GB2312.
Configure your application’s web.xml and jboss-web.xml.
+
+
Your application’s web.xml and jboss-web.xml must be updated to use
+the application-security-domain you configured in WildFly. An example
+of this is available in the
+Configure Applications to Use Elytron for Authentication
+section.
+
+
+
+
+
4.1.2. Configure Authentication with a Filesystem-Based Identity Store
+
+
Chose a directory for users:
+
+
You need a directory where your users will be stored. In this example,
+we are using a directory called fs-realm-users located in
+jboss.server.config.dir.
It is also possible to enable support for integrity checking on the filesystem realm by configuring the key-store and key-store-alias attributes for the realm.
+
+
+
When enabling integrity checking on a filesystem realm, you will have to specify the following 2 attributes
+
+
+
+
+
key-store: This attribute specifies the key-store that contains the key pair (private key and public key) that’s used for signing each identity file and for integrity checking.
+
+
+
key-store-alias: This attribute specifies the alias within the key-store that identifies the PrivateKeyEntry to use to sign identity files and perform filesystem integrity checks.
+
+
+
+
+
To create a key-store and a key-pair for the attributes above, you can create a key-store resource using the following commands. This will create a key-store called keystore with the alias localhost, and the password secret.
To create an integrity enabled filesystem realm with a key-store called keystore and the key-store-alias localhost, the following command would be used
Integrity and Encryption can be used in conjuction together. To create an encrypted filesystem realm with integrity enabled, the following command would be used
Configure your application’s web.xml and jboss-web.xml.
+
+
Your application’s web.xml and jboss-web.xml must be updated to use
+the application-security-domain you configured in WildFly. An example
+of this is available in the
+Configure Applications to Use Elytron for Authentication
+section.
+
+
+
Your application is now using a filesystem-based identity store for
+authentication.
+
+
+
+
+
4.1.3. Configure Authentication with a Database Identity Store
+
+
Determine your database format for usernames, passwords, and roles:
+
+
To set up authentication using a database for an identity store, you
+need to determine how your usernames, passwords, and roles are stored in
+that database. In this example, we are using a single table with the
+following sample data:
+
+
+
+
+
+
+
+
+
+
username
+
password
+
roles
+
+
+
+
+
user1
+
password123
+
Admin
+
+
+
user2
+
password123
+
Guest
+
+
+
+
+
+
Configure a datasource:
+
+
To connect to a database from WildFly, you must have the appropriate
+database driver deployed as well as a datasource configured. This
+example shows deploying the driver for postgres and configuring a
+datasource in WildFly:
/subsystem=elytron/jdbc-realm=exampleDbRealm:add(principal-query=[{sql="SELECT password,roles FROM wildfly_users WHERE username=?",data-source=examplePostgresDS,clear-password-mapper={password-index=1},attribute-mapping=[{index=2,to=groups}]}])
+
+
+
+
NOTE: The above example shows how to obtain passwords and roles from a
+single principal-query. You can also create additional
+principal-query with attribute-mapping attributes if you require
+multiple queries to obtain roles or additional authentication or
+authorization information.
Configure your application’s web.xml and jboss-web.xml.
+
+
Your application’s web.xml and jboss-web.xml must be updated to use
+the application-security-domain you configured in WildFly. An example
+of this is available in the
+Configure Applications to Use Elytron for Authentication
+section.
+
+
+
+
+
4.1.4. Configure Authentication with an LDAP-Based Identity Store
+
+
Determine your LDAP format for usernames, passwords, and roles:
+
+
To set up authentication using an LDAP server for an identity store, you
+need to determine how your usernames, passwords, and roles are stored.
+In this example, we are using the following structure:
+
+
+
+
dn: dc=wildfly,dc=org
+dc: wildfly
+objectClass: top
+objectClass: domain
+
+dn: ou=Users,dc=wildfly,dc=org
+objectClass: organizationalUnit
+objectClass: top
+ou: Users
+
+dn: uid=jsmith,ou=Users,dc=wildfly,dc=org
+objectClass: top
+objectClass: person
+objectClass: inetOrgPerson
+cn: John Smith
+sn: smith
+uid: jsmith
+userPassword: password123
+
+dn: ou=Roles,dc=wildfly,dc=org
+objectclass: top
+objectclass: organizationalUnit
+ou: Roles
+
+dn: cn=Admin,ou=Roles,dc=wildfly,dc=org
+objectClass: top
+objectClass: groupOfNames
+cn: Admin
+member: uid=jsmith,ou=Users,dc=wildfly,dc=org
+
+
+
+
+
Configure a dir-context:
+
+
To connect to the LDAP server from WildFly, you need to configure a
+dir-context that provides the URL as well as the principal used to
+connect to the server.
Additionally, if storing hashed passwords in the LDIF file, you can specify the following
+attributes:
+
+
+
+
+
hash-encoding: This attribute specifies the string format for the password if it is not stored in plain
+text. It is set to base64 encoding by default, but hex is also supported.
+
+
+
hash-charset: This attribute specifies the character set to use when converting the password string to a
+byte array. It is set to UTF-8 by default.
+
+
+
+
+
For example, the following LDAP realm is storing hexadecimal encoded strings hashed using the GB2312 character set:
Configure your application’s web.xml and jboss-web.xml.
+
+
Your application’s web.xml and jboss-web.xml must be updated to use
+the application-security-domain you configured in WildFly. An example
+of this is available in the
+Configure Applications to Use Elytron for Authentication
+section.
+
+
+
IMPORTANT: In cases where you configure an LDAP server in the
+elytron subsystem for authentication and that LDAP server then becomes
+unreachable, WildFly will return a 500, or internal server error,
+error code when attempting authentication using that unreachable LDAP
+server. This behavior differs from the legacy security subsystem,
+which will return a 401, or unauthorized, error code under the same
+conditions.
+
+
+
+
+
4.1.5. Configure Authentication with Certificates
+
+
IMPORTANT: Before you can set up certificate-based authentication, you
+must have two-way SSL configured.
You must configure this realm with a truststore that contains the
+client’s certificate. The authentication process uses the same
+certificate presented by the client during the two-way SSL handshake.
+
+
+
+
Create a Decoder.
+
+
You need to create a x500-attribute-principal-decoder to decode the
+principal you get from your certificate. The below example will decode
+the principal based on the first CN value.
For example, if the full DN was
+CN=client,CN=client-certificate,DC=example,DC=jboss,DC=org,
+CNDecoder would decode the principal as client. This decoded
+principal is used as the alias value to lookup a certificate in the
+truststore configured in ksRealm.
+
+
+
IMPORTANT: The decoded principal * MUST* must be the alias value
+you set in your server’s truststore for the client’s certificate.
+
+
+
+
Configure an evidence-decoder
+
+
By default, the principal associated with a certificate will be the subject name
+from the certificate. This subject name will then be rewritten using any configured
+principal decoders and principal transformers to obtain the name that should be used
+when locating and loading the identity from the underlying identity store.
+
+
+
To specify that a subject alternative name from a certificate should be used as the
+principal associated with that certificate, an x509-subject-alt-name-evidence-decoder
+needs to be configured. This element has two attributes:
+
+
+
+
+
alt-name-type - The subject alternative name type to decode. This attribute is
+required. Must be one of the subject alternative name types that can be represented
+as a String:
+
+
+
+
rfc822Name
+
+
+
dNSName
+
+
+
uniformResourceIdentifier
+
+
+
iPAddress
+
+
+
registeredID
+
+
+
directoryName
+
+
+
+
+
+
segment - The 0-based occurrence of the subject alternative name to map. This
+attribute is optional and only used when there is more than one subject alternative
+name of the given alt-name-type. The default value is 0.
+
+
+
+
+
For example, consider the following X.509 v3 Subject Alternative Name extension from
+the first certificate in an X.509 certificate chain:
+
+
+
+
X509v3 Subject Alternative Name:
+DNS:one.example.org, IP Address:127.0.0.1
+
+
+
+
To associate the certificate chain evidence with the principal "one.example.org", the
+following x509-subject-alt-name-evidence-decoder could be configured:
It is also possible to configure an x500-subject-evidence-decoder. This evidence decoder
+will extract the subject from the first certificate in the certificate chain, as an X500Principal.
+Example configuration:
To make use of a custom org.wildfly.security.auth.server.EvidenceDecoder implementation, a
+custom-evidence-decoder can be configured. The custom implementation class needs to first be
+packaged in a JAR. A module can then be added to WildFly that contains this JAR. See
+Custom Components for more information on how to add a custom Elytron
+component to WildFly.
Finally, it is also possible to configure an aggregate-evidence-decoder. This consists of
+two or more evidence-decoder elements where each element is reference to a configured
+evidence decoder. Given evidence, these evidence decoders will be attempted in order until
+one returns a non-null principal or until there are no more evidence decoders left to try.
If no evidence-decoder is specified for a security-domain, then the principal associated with the evidence will
+just be the default principal for the evidence type, i.e., for an X.509 certificate chain, this would continue to
+default to the subject from the first certificate in the certificate chain.
+
+
+
+
Add a constant-role-mapper for assigning roles.
+
+
This is example uses a constant-role-mapper to assign roles to a
+principal from ksRealm but other approaches may also be used.
Configure your application’s web.xml and jboss-web.xml.
+
+
Your application’s web.xml and jboss-web.xml must be updated to use
+the application-security-domain you configured in WildFly. An example
+of this is available in the
+Configure Applications to Use Elytron for Authentication
+section.
+
+
+
In addition, you need to update your web.xml to use CLIENT-CERT as
+its authentication method.
Configure an Elytron security realm for assigning roles.
+
+
The the client’s Kerberos token will provide the principal, but you need
+a way to map that principal to a role for your application. There are
+several ways to accomplish this, but this example creates a
+filesystem-realm, adds a user to the realm that matches the principal
+from the Kerberos token, and assigns roles to that user.
Configure your application’s web.xml, jboss-web.xml and
+
+
jboss-deployment-structure.xml.
+
+
+
Your application’s web.xml and jboss-web.xml must be updated to use
+the application-security-domain you configured in WildFly. An example
+of this is available in the
+Configure Applications to Use Elytron for Authentication
+section.
+
+
+
In addition, you need to update your web.xml to use SPNEGO as its
+authentication method.
4.1.7. Configure Authentication with a Form as a Fallback for Kerberos
+
+
Configure kerberos-based authentication.
+
+
Configuring kerberos-based authentication is covered in a previous
+section.
+
+
+
+
Add a mechanism for FORM authentication in the
+
+
http-authentication-factory.
+
+
+
You can use the existing http-authentication-factory you configured
+for kerberos-based authentication and and an additional mechanism for
+FORM authentication.
The existing configuration for kerberos-based authentication should
+already have a security realm configured for mapping principals from
+kerberos token to roles for the application. You can add additional
+users for fallback authentication to that realm. For example if you used
+a filesystem-realm, you can simply create a new user with the
+appropriate roles:
You need to update the web.xml to use the value SPNEGO,FORM for the
+auth-method, which will use FORM as a fallback authentication method
+if SPNEGO fails. You also need to specify the location of your login
+and error pages.
4.1.8. Configure Applications to Use Elytron for Authentication
+
+
After you have configured the elytron subsystem
+for authentication, you need to configure your application to use it.
+
+
+
Configure your application’s web.xml.
+
+
Your application’s web.xml needs to be configured to use the
+appropriate authentication method. When using elytron, this is defined
+in the http-authentication-factory you created.
+
+
+
Example web.xml with BASIC Authentication
+
+
+
+
<web-app>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>secure</web-resource-name>
+ <url-pattern>/secure/*</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>Admin</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <security-role>
+ <description>The role that is required to log in to /secure/*</description>
+ <role-name>Admin</role-name>
+ </security-role>
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>exampleApplicationDomain</realm-name>
+ </login-config>
+</web-app>
+
+
+
+
BASIC Authentication can be configured to be silent
+
+
+
+
<auth-method>BASIC?silent=true</auth-method>
+
+
+
+
Basic authentication in silent mode will send challenge to authenticate only if the request
+contained authorization header, otherwise it is assumed another method will send the challenge.
+
+
+
+
Configure your application to use a security domain.
+
+
You can configure your application’s jboss-web.xml to specify the
+security domain you want to use for authentication. When using the
+elytron subsystem, this is defined when you created the
+application-security-domain.
Using jboss-web.xml allows you to configure the security domain for a
+single application only. Alternatively, you can specify a default
+security domain for all applications using the undertow subsystem.
+This allows you to omit using jboss-web.xml to configure a security
+domain for an individual application.
IMPORTANT: Setting default-security-domain in the undertow
+subsystem will apply to ALL applications. If default-security-domain
+is set and an application specifies a security domain in a
+jboss-web.xml file, the configuration in jboss-web.xml will override
+the default-security-domain in the undertow subsystem.
+
+
+
+
+
4.1.9. Override an Application’s Authentication Configuration
+
+
You can override the authentication configuration of an application with
+one configured in WildFly. To do this, use the
+override-deployment-configuration property in the
+application-security-domain section of the undertow subsystem:
By enabling override-deployment-configuration, you can create a new
+http-authentication-factory that specifies a different authentication
+mechanism such as BASIC.
This will override the authentication mechanism defined in the
+application’s jboss-web.xml and attempt to authenticate a user using
+BASIC instead of FORM.
By default, WildFly provides an authentication mechanism for local
+users, also know as silent authentication, through the local security
+realm.
+
+
+
Silent authentication must be used via a sasl-authentication-factory.
+
+
+
IMPORTANT: When enabling silent authentication, you must ensure the
+security domain referenced by your sasl-authentication-factory
+references a security realm that contains the $local user. By default,
+WildFly provides the local identity realm that provides this user.
RBAC can be configured to automatically assign or exclude roles for
+users that are members of groups. This is configured in the
+access-control section of the core management. When the management
+interfaces are secured with the elytron subsystem, and users are
+assigned groups when they authenticate. You can also configure roles to
+be assigned to authenticated users in a variety of ways using the
+elytron subsystem, for example using a role mapper or a role decoder.
+
+
+
+
+
4.3. Configure SSL/TLS
+
+
4.3.1. Enable One-way SSL/TLS for Applications
+
+
There are a couple ways to enable one-way SSL/TLS for deployed applications.
+
+
+
Using a security command:
+
+
The security enable-ssl-http-server command can be used to enable one-way
+SSL/TLS for deployed applications. Example of wizard usage:
+
+
+
+
security enable-ssl-http-server --interactive --override-ssl-context
+Please provide required pieces of information to enable SSL:
+Key-store file name (defaultdefault-server.keystore): keystore.pkcs12
+Password (blank generated): secret
+What is your first and last name? [Unknown]: localhost
+What is the name of your organizational unit? [Unknown]:
+What is the name of your organization? [Unknown]:
+What is the name of your City or Locality? [Unknown]:
+What is the name of your State or Province? [Unknown]:
+What is the two-letter country code forthis unit? [Unknown]:
+Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct y/n [y]?
+Validity (in days, blank default): 365
+Alias (blank generated): localhost
+Enable SSL Mutual Authentication y/n (blank n): n
+
+SSL options:
+key store file: keystore.pkcs12
+distinguished name: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
+password: secret
+validity: 365
+alias: localhost
+Server keystore file keystore.pkcs12, certificate file keystore.pem and keystore.csr file
+will be generated in server configuration directory.
+Do you confirm y/n: y
+
+
+
+
NB: Once the command is executed, the CLI will reload the server.
+
+
+
HTTPS is now enabled for applications.
+
+
+
+
Using Elytron subsystem commands:
+
+
You can also use the Elytron subsystem, along with the Undertow subsystem, to
+enable HTTPS for deployed applications.
The previous command uses an absolute path to the keystore.
+Alternatively you can use the relative-to attribute to specify the
+base directory variable and path specify a relative path.
+Also, in case of file-based keystore the type attribute can be omitted and
+the keystore type will be automatically detected.
The above command shows that the https-listener is configured to use
+the ApplicationRealm legacy security realm for its SSL configuration.
+Undertow cannot reference both a legacy security realm and an
+ssl-context in Elytron at the same time so you must remove the
+reference to the legacy security realm. Also there has to be always
+configured either ssl-context or security-realm. Thus when changing
+between those, you have to use batch operation:
+
+
+
Remove the reference to the legacy security realm and update the
+https-listenerto use thessl-contextfrom Elytron:
There are a couple ways to enable two-way SSL/TLS for deployed applications.
+
+
+
Using a security command:
+
+
The security enable-ssl-http-server command can be used to enable two-way
+SSL/TLS for the deployed applications. Example of wizard usage:
+
+
+
+
+
+
+
+
+
+
In the following example, we enter n when propmted with Validate certificate because the example uses a self-signed certificate. If you use Cretificate Authority (CA) signed certificates, enter y when prompted.
+
+
+
+
+
+
+
+
security enable-ssl-http-server --interactive --override-ssl-context
+Please provide required pieces of information to enable SSL:
+Key-store file name (defaultdefault-server.keystore): server.keystore.pkcs12
+Password (blank generated): secret
+What is your first and last name? [Unknown]: localhost
+What is the name of your organizational unit? [Unknown]:
+What is the name of your organization? [Unknown]:
+What is the name of your City or Locality? [Unknown]:
+What is the name of your State or Province? [Unknown]:
+What is the two-letter country code forthis unit? [Unknown]:
+Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct y/n [y]?
+Validity (in days, blank default): 365
+Alias (blank generated): localhost
+Enable SSL Mutual Authentication y/n (blank n): y
+Client certificate (path to pem file): /path/to/client.cer
+Validate certificate y/n (blank y): n
+Trust-store file name (management.truststore): server.truststore.pkcs12
+Password (blank generated): secret
+
+SSL options:
+key store file: server.keystore.pkcs12
+distinguished name: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
+password: secret
+validity: 365
+alias: localhost
+client certificate: /path/to/client.cer
+trust store file: server.trustore.pkcs12
+trust store password: secret
+Server keystore file server.keystore.pkcs12, certificate file server.pem and server.csr file will be generated in server configuration directory.
+Server truststore file server.trustore.pkcs12 will be generated in server configuration directory.
+Do you confirm y/n: y
+
+
+
+
NB: Once the command is executed, the CLI will reload the server. To complete
+the two-way SSL/TLS authentication, you need to
+import the server certificate
+into the client truststore and
+configure your client
+to present the client certificate.
+
+
+
+
Using Elytron subsystem commands:
+
+
You can also use the Elytron subsystem, along with the Undertow subsystem,
+to enable two-way SSL/TLS for deployed applications.
+
+
+
Obtain or generate your key stores:
+
+
Before enabling HTTPS in WildFly, you must obtain or generate the server key
+store and trust store you plan on using. To generate an example key store and
+trust store, use the following commands.
NOTE
+The first command above uses an absolute path to the keystore.
+Alternatively you can use the relative-to attribute to specify the
+base directory variable and path specify a relative path.
Create a key-store for the server truststore and import the client certificate
+into the server truststore:
+
+
+
+
+
+
+
+
+
+
In the following example, we enter validate=false in the import-certificate command because the example uses a self-signed certificate. If you use Certificate Authority (CA) signed certificates, omit validate=false.
The above command shows that the https-listener is configured to use
+the ApplicationRealm legacy security realm for its SSL configuration.
+Undertow cannot reference both a legacy security realm and an
+ssl-context in Elytron at the same time so you must remove the
+reference to the legacy security realm. Also there has to be always
+configured either ssl-context or security-realm. Thus when changing
+between those, you have to use batch operation:
+
+
+
+
Remove the reference to the legacy security realm and update the https-listener to use the ssl-context from Elytron:
Configure your client to use the client certificate
+
+
You need to configure your client to present the trusted client
+certificate to the server to complete the two-way SSL/TLS
+authentication. For example, if using a browser, you need to import the
+trusted certificate into the browser’s truststore.
+
+
+
Two-Way HTTPS is now enabled for applications.
+
+
+
+
+
4.3.3. Configure certificate revocation in trust-manager
+
+
Configure Certificate Revocation List:
+
+
You can configure your trust-manager to use certificate-revocation-list (CRL) to check revocation status of obtained certificates.
+
+
+
The supported attributes for a certificate-revocation-list include:
+
+
+
+
+
path: The path to the configuration file that is used to initialize the certificate revocation list.
+
+
+
relative-to: The base path of the certificate revocation list file.
+
+
+
maximum-cert-path: The maximum number of non-self-issued intermediate certificates that can exist in a certification path.
+The default value is 5. (Deprecated. Use maximum-cert-path in trust-manager).
Alternatively, you can configure multiple certificate revocation lists in your trust-manager using
+the certificate-revocation-lists attribute as follows:
This will enable OCSP certificate revocation by using OCSP responder inside the certificate. In case the responder is known but OCSP revocation status is unknown, the verification will fail.
+
+
+
Override OCSP responder URI extracted from certificate:
4.3.4. Enable One-way SSL/TLS for the Management Interfaces
+
+
There are a couple ways to enable one-way SSL/TLS for the management interfaces.
+
+
+
Using a security command:
+
+
The security enable-ssl-management command can be used to enable one-way
+SSL/TLS for the management interfaces. Example of wizard usage:
+
+
+
+
security enable-ssl-management --interactive
+Please provide required pieces of information to enable SSL:
+Key-store file name (default management.keystore): keystore.pkcs12
+Password (blank generated): secret
+What is your first and last name? [Unknown]: localhost
+What is the name of your organizational unit? [Unknown]:
+What is the name of your organization? [Unknown]:
+What is the name of your City or Locality? [Unknown]:
+What is the name of your State or Province? [Unknown]:
+What is the two-letter country code forthis unit? [Unknown]:
+Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct y/n [y]?
+Validity (in days, blank default): 365
+Alias (blank generated): localhost
+Enable SSL Mutual Authentication y/n (blank n): n
+
+SSL options:
+key store file: keystore.pkcs12
+distinguished name: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
+password: secret
+validity: 365
+alias: localhost
+Server keystore file keystore.pkcs12, certificate file keystore.pem and keystore.csr file
+will be generated in server configuration directory.
+Do you confirm y/n :y
+
+
+
+
NB: Once the command is executed, the CLI will reload the server and reconnect to it.
+
+
+
HTTPS is now enabled for the management interfaces.
+
+
+
+
Using Elytron subsystem commands:
+
+
Elytron subsystem commands can also be used to enable one-way SSL/TLS for the
+management interfaces.
NOTE: The above command uses relative-to to reference the location
+of the keystore file. Alternatively, you can specify the full path to
+the keystore in path and omit relative-to.
+
+
+
If the keystore file does not exist yet, the following commands can be used to
+generate an example key pair:
There are a couple ways to enable two-way SSL/TLS for the management interfaces.
+
+
+
Using a security command:
+
+
The security enable-ssl-management command can be used to enable two-way
+SSL/TLS for the management interfaces. Example of wizard usage:
+
+
+
+
+
+
+
+
+
+
In the following example, we enter n when propmted with Validate certificate because the example uses a self-signed certificate. If you use Certificate Authority (CA) signed certificates, enter y when prompted.
+
+
+
+
+
+
+
+
security enable-ssl-management --interactive
+Please provide required pieces of information to enable SSL:
+Key-store file name (default management.keystore): server.keystore.pkcs12
+Password (blank generated): secret
+What is your first and last name? [Unknown]: localhost
+What is the name of your organizational unit? [Unknown]:
+What is the name of your organization? [Unknown]:
+What is the name of your City or Locality? [Unknown]:
+What is the name of your State or Province? [Unknown]:
+What is the two-letter country code forthis unit? [Unknown]:
+Is CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct y/n [y]?
+Validity (in days, blank default): 365
+Alias (blank generated): localhost
+Enable SSL Mutual Authentication y/n (blank n): y
+Client certificate (path to pem file): /path/to/client.cer
+Validate certificate y/n (blank y): n
+Trust-store file name (management.truststore): server.truststore.pkcs12
+Password (blank generated): secret
+
+SSL options:
+key store file: server.keystore.pkcs12
+distinguished name: CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
+password: secret
+validity: 365
+alias: localhost
+client certificate: /path/to/client.cer
+trust store file: server.trustore.pkcs12
+trust store password: secret
+Server keystore file server.keystore.pkcs12, certificate file server.pem and server.csr file will be generated in server configuration directory.
+Server truststore file server.trustore.pkcs12 will be generated in server configuration directory.
+Do you confirm y/n: y
+
+
+
+
NB: Once the command is executed, the CLI will reload the server and
+attempt to reconnect to it. To complete the two-way SSL/TLS authentication,
+you need to import the server certificate
+into the client truststore and
+configure your client
+to present the client certificate.
+
+
+
+
Using Elytron subsystem commands:
+
+
Elytron subsystem commands can also be used to enable two-way SSL/TLS for the
+management interfaces.
+
+
+
Obtain or generate your key stores.
+
+
Before enabling HTTPS in WildFly, you must obtain or generate the server
+key store and trust store you plan on using. To generate an example key
+store and trust store, use the following commands.
NOTE: The above command uses relative-to to reference the location
+of the keystore file. Alternatively, you can specify the full path to
+the keystore in path and omit relative-to.
Create a key-store for the server trust store and import the client certificate
+into the server trust store.
+
+
+
+
+
+
+
+
+
+
In the following example, we enter validate=false in the import-certificate command because the example uses a self-signed certificate. If you use Certificate Authority (CA) signed certificates, omit validate=false.
Configure your client to use the client certificate.
+
+
You need to configure your client to present the trusted client
+certificate to the server to complete the two-way SSL/TLS
+authentication. For example, if using a browser, you need to import the
+trusted certificate into the browser’s trust store.
+
+
+
Two-way SSL/TLS is now enabled for the management interfaces.
+
+
+
+
+
4.3.6. KeyStore manipulation operations
+
+
It is possible to perform various KeyStore manipulation operations on an
+Elytron key-store resource using the management CLI.
+
+
+
Generate a key pair
+
+
The generate-key-pair command generates a key pair and wraps the resulting
+public key in a self-signed X.509 certificate. The generated private key and
+self-signed certificate will be added to the KeyStore.
The generate-certificate-signing-request command generates a PKCS #10
+certificate signing request using a PrivateKeyEntry from the KeyStore. The
+generated certificate signing request will be output to a file.
Note: Let’s Encrypt is the default certificate authority and therefore the certificate-authority attribute can be omitted when creating a certificate-authority-account.
+It is also possible to configure an account with different certificate authority than Let’s Encrypt by adding custom certificate-authority resource and passing it to certificate-authority-account.
The obtain-certificate command creates an account with Let’s Encrypt, if such an account does not already exist,
+obtains a signed certificate from Let’s Encrypt, and stores it in the KeyStore.
The should-renew-certificate command checks if a certificate is due for renewal. In particular, it will return true if the certificate expires in less than the given number of days and false otherwise.
The get-metadata command retrieves the metadata (e.g., terms of service URL, website URL, CAA identities,
+and whether or not an external account is required), if any, associated with the certificate authority.
An ldap-key-store allows you to use a keystore stored in an LDAP
+server. You can use an ldap-key-store in same way you can use a
+key-store.
+
+
+
To create and use an ldap-key-store:
+
+
+
Configure a dir-context.
+
+
To connect to the LDAP server from WildFly, you need to configure a
+dir-context that provides the URL as well as the principal used to
+connect to the server.
When configure an ldap-key-store, you need to specify both the
+dir-context used to connect to the LDAP server as well as how to
+locate the keystore stored in the LDAP server. At a minimum, this
+requires you specify a search-path.
Once you have defined your ldap-key-store, you can use it in the same
+places where a key-store could be used. For example, you could use an
+ldap-key-store when configuring HTTPS and Two-Way HTTPS for
+applications.
+
+
+
+
+
4.3.9. Using a filtering-key-store
+
+
A filtering-key-store allows you to expose a subset of aliases from an
+existing key-store, and use it in the same places you could use a
+key-store. For example, if a keystore contained alias1, alias2,
+and alias3, but you only wanted to expose alias1 and alias3, a
+filtering-key-store provides you several ways to do that.
When you configure a filtering-key-store, you specify which
+key-store you want to filter and the alias-filter for filtering
+aliases from the key-store. The filter can be specified in one of the
+following formats:
+
+
+
+
+
alias1,alias3, which is a comma-delimited list of aliases to expose.
+
+
+
ALL:-alias2, which exposes all aliases in the keystore except the
+ones listed.
+
+
+
NONE:+alias1:+alias3, which exposes no aliases in the keystore
+except the ones listed.
+
+
+
+
+
This example uses a comma-delimted list to expose alias1 and alias3.
Once you have defined your filtering-key-store, you can use it in the
+same places where a key-store could be used. For example, you could
+use a filtering-key-store when configuring HTTPS and Two-Way HTTPS for
+applications.
+
+
+
+
+
4.3.10. Reload a Keystore
+
+
You can reload a keystore configured in WildFly from the management CLI.
+This is useful in cases where you have made changes to certificates
+referenced by a keystore.
+
+
+
To reload a keystore.
+
+
+
+
/subsystem=elytron/key-store=httpsKS:load
+
+
+
+
+
4.3.11. Reinitialize a Key Manager
+
+
You can reinitialize a key-manager configured in WildFly from the management CLI.
+This is useful in cases where you have made changes in certificates provided by keystore
+resource and you want to apply this change to new SSL connections without restarting the server.
+
+
+
If the key-store is file based then it must be loaded first.
+
+
+
+
/subsystem=elytron/key-store=httpsKS:load()
+
+
+
+
To reinitialize a key-manager.
+
+
+
+
/subsystem=elytron/key-manager=httpsKM:init()
+
+
+
+
+
4.3.12. Reinitialize a Trust Manager
+
+
You can reinitialize a trust-manager configured in WildFly from the management CLI.
+This is useful in cases where you have made changes to certificates provided by keystore
+resource and you want to apply this change to new SSL connections without restarting the server.
+
+
+
If the key-store is file based then it must be loaded first.
+
+
+
+
/subsystem=elytron/key-store=httpsKS:load()
+
+
+
+
To reinitialize a trust-manager.
+
+
+
+
/subsystem=elytron/trust-manager=httpsTM:init()
+
+
+
+
+
4.3.13. Check the Content of a Keystore by Alias
+
+
If you add a keystore to the elytron subsystem using the key-store
+component, you can check the keystore’s contents using the alias child
+element and reading its attributes.
The certificate associated with the alias. If the alias
+has a certificate chain this will always be undefined.
+
+
+
certificate-chain
+
The certificate chain associated with the alias.
+
+
+
creation-date
+
The creation date of the entry represented by this
+alias.
+
+
+
entry-type
+
The type of the entry for this alias. Available types:
+PasswordEntry, PrivateKeyEntry, SecretKeyEntry, TrustedCertificateEntry,
+and Other. Unrecognized types will be reported as Other.
+
+
+
+
+
+
4.3.14. Custom Components
+
+
When configuring SSL/TLS in the elytron subsystem, you can provide and
+use custom implementations of the following components:
+
+
+
+
+
key-store
+
+
+
key-manager
+
+
+
trust-manager
+
+
+
client-ssl-context
+
+
+
server-ssl-context
+
+
+
certificate-authority-account
+
+
+
+
+
When creating custom implementations of Elytron components, they must
+present the appropriate capabilities and requirements.
+
+
+
+
4.3.15. Configuring a server SSLContext
+
+
Using the Elytron subsystem, it is possible to configure an SSLContext for use on the server side of a connection.
+
+
+
Adding a server SSLContext takes the general form:
The following attributes can be specified when creating a server-ssl-context:
+
+
+
+
security-domain
+
+
(Optional) A reference to the security-domain to use for authentication during SSL session
+establishment.
+
+
key-manager
+
+
(Optional) A reference to the KeyManager to be used by this SSLContext.
+
+
trust-manager
+
+
(Optional) A reference to the TrustManager to be used by this SSLContext.
+
+
cipher-suite-filter
+
+
(Optional) The filter to be applied to the cipher suites for TLSv1.2 and below made available
+by this SSLContext. The format of this attribute is described in detail in
+org.wildfly.security.ssl.CipherSuiteSelector.fromString(selector).
+The default value is DEFAULT, which corresponds to all known cipher suites that do not have NULL encryption and
+excludes any cipher suites that have no authentication.
+
+
cipher-suite-names
+
+
(Optional) The enabled cipher suites for TLSv1.3. The format of this attribute is a simple colon
+(":") separated list of TLSv1.3 cipher suite names (e.g., TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256).
+This attribute must be specified in order for TLSv1.3 to be enabled.
+
+
protocols
+
+
(Optional) A space separated list of the protocols to be supported by this SSLContext. The default value
+is TLSv1 TLSv1.1 TLSv1.2 TLSv1.3. Note that the TLSv1.3 protocol will only be usable when running against JDK 11 or
+higher.
+
+
want-client-auth
+
+
(Optional) To request (but not to require) a client certificate on SSL handshake. If a
+security-domain is configured and supports X509 evidence, this will be set to true automatically. Ignored when
+need-client-auth is set. The default value is false.
+
+
need-client-auth
+
+
(Optional) If true, a client certificate is required on SSL handshake. A connection without a
+trusted client certificate will be rejected. The default value is false.
+
+
authentication-optional
+
+
(Optional) Rejection of the client certificate by the configured security-domain will not
+prevent the connection. This allows a fall through to use other authentication mechanisms (like form login) when the
+client certificate is rejected by the
+security-domain. This has an effect only when the security-domain is configured. The default value is false.
+
+
use-cipher-suites-order
+
+
(Optional) If true, the cipher suites order defined on the server will be used. If false,
+the cipher suites order presented by the client will be used. The default value is true.
+
+
provider-name
+
+
(Optional) The name of the provider to use. If not specified, all providers from providers will be
+passed to the SSLContext.
+
+
providers
+
+
(Optional) The name of the providers to obtain the Provider[] to use to load the SSLContext.
+
+
maximum-session-cache-size
+
+
(Optional) The maximum number of SSL sessions to be cached. The default value -1
+indicates that the JVM default value should be used. A value of 0 means there is no limit.
+
+
session-timeout
+
+
(Optional) The timeout for SSL sessions. The default value -1 indicates that the JVM default value
+should be used. A value of 0 means there is no limit.
+
+
wrap
+
+
(Optional) If true, the returned SSLEngine, SSLSocket, and SSLServerSocket instances will be wrapped to
+protect against further modification. The default value is false.
+
+
pre-realm-principal-transformer
+
+
(Optional) A principal transformer to apply before the realm is selected.
+
+
post-realm-principal-transformer
+
+
(Optional) A principal transformer to apply after the realm is selected.
+
+
final-principal-transformer
+
+
(Optional) A final principal transformer to apply for this mechanism realm.
+
+
realm-mapper
+
+
(Optional) The realm mapper to be used for SSL authentication.
+
+
+
+
+
+
4.3.16. Configuring a client SSLContext
+
+
Using the Elytron subsystem, it is possible to configure an SSLContext for use on the client side of a connection.
+
+
+
Adding a client SSLContext takes the general form:
The following attributes can be specified when creating a client-ssl-context:
+
+
+
+
key-manager
+
+
(Optional) A reference to the KeyManager to be used by this SSLContext.
+
+
trust-manager
+
+
(Optional) A reference to the TrustManager to be used by this SSLContext.
+
+
cipher-suite-filter
+
+
(Optional) The filter to be applied to the cipher suites for TLSv1.2 and below made available
+by this SSLContext. The format of this attribute is described in detail in
+org.wildfly.security.ssl.CipherSuiteSelector.fromString(selector).
+The default value is DEFAULT, which corresponds to all known cipher suites that do not have NULL encryption and
+excludes any cipher suites that have no authentication.
+
+
cipher-suite-names
+
+
(Optional) The enabled cipher suites for TLSv1.3. The format of this attribute is a simple colon
+(":") separated list of TLSv1.3 cipher suite names (e.g., TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256).
+This attribute must be specified in order for TLSv1.3 to be enabled.
+
+
protocols
+
+
(Optional) A space separated list of the protocols to be supported by this SSLContext. The default value
+is TLSv1 TLSv1.1 TLSv1.2 TLSv1.3. Note that the TLSv1.3 protocol will only be usable when running against JDK 11 or higher.
+
+
provider-name
+
+
(Optional) The name of the provider to use. If not specified, all providers from providers will be
+passed to the SSLContext.
+
+
providers
+
+
(Optional) The name of the providers to obtain the Provider[] to use to load the SSLContext.
+
+
+
+
+
WARNING It is possible to use TLSv1.3 with WildFly when running against JDK 11 or higher. However, if JDK 11
+is in use and if there is a very large number of TLSv1.3 requests being made, it is possible that a drop in
+performance (throughput and response time) will occur compared to TLSv1.2. Upgrading to newer JDK versions
+should improve performance. For this reason, the use of TLSv1.3 is currently disabled by default. TLSv1.3 can
+be enabled by configuring the new cipher-suite-names attribute in the SSL Context resource definition in the
+Elytron subsystem as described in the previous two sections. It is recommended to test for performance
+degradation prior to enabling TLSv1.3 in a production environment. See WFWIP-160
+for more details.
+
+
+
Note: When using TLSv1.3, it is important to keep in mind that session IDs have become essentially obsolete.
+This means that the session ID can no longer reliably be used to test if a session was resumed. Instead,
+creation time can be used to test if a session was resumed. Currently, clients need to read from the server after
+the first handshake in order to receive the NewSessionTicket that can be used for resumption. However, this may
+change once JDK-8209953 is resolved.
+
+
+
+
4.3.17. Configuring SSLv2Hello
+
+
Older JDK versions use SSLv2Hello during the initial SSL handshake message
+where the SSL/TLS version that will be used for the rest of the communication is
+negotiated.
+
+
+
Using SSLv2Hello is discouraged, therefore newer JDK versions disable this protocol
+on the client by default. However, they do provide the ability to re-enable it if necessary.
+
+
+
SSLv2Hello can be configured as a supported protocol for the server SSL context as follows:
SSLv2Hello cannot be configured by itself, as its purpose is to determine
+which encryption protocols are supported by the server it connects to. It always
+needs to be configured along side another encryption protocol.
+
+
+
Additionally, IBM JDK does not support specifying SSLv2Hello in its client, although a
+server side connection always accepts this protocol.
+
+
+
+
+
+
+
4.3.18. Default SSLContext
+
+
Many libraries that can be used within deployments may require SSL configuration for any connections they establish, these libraries tend to be configurable by the caller or if no configuration is provided fall back to using the default SSLContext for the process available from: -
+
+
+
+
javax.net.ssl.SSLContext.getDefault();
+
+
+
+
By default this SSLContext is configured using system properties, however within the WildFly Elytron subsystem it is possible to specify that one of the configured contexts should be associated and used as the default.
+
+
+
To make use of this feature configure your SSLContext as normal, the following command can then be used to specify which SSLContext should be used as the default.
As existing services and deployments could have cached the default SSLContext prior to this being set a reload is required to ensure the default gets set before the deployments are activated.
+
+
+
+
:reload
+
+
+
+
Note: If the default-ssl-context attribute is subsequently 'undefined' the standard APIs do not provide us with a mechanism to revert the default so in this situation the Java process would need be restarted.
Using the WildFly Elytron subsystem it is possible to configure an SSL context which supports SNI. By supporting SNI if an SNI host name is available whilst the SSLSession is being negotiated a host specific SSLContext will be selected. If no host specific SSLContext is identified either because no host name was received or because there is no match a default SSLContext will be used instead. By identifying a host specific SSLContext it means that a certificate appropriate for that host can be used.
+
+
+
The following command demonstrates how an SNI aware SSLContext can be added: -
This example assumes that three SSLContexts have been previously defined following the steps available previously in this document, those contexts are jboss, localhost, and wildfly.
+
+
+
During negotiation of the SSLSession if the SNI host name received is localhost then the localhost SSLContext will be used, if the SNI host name is wildfly.org then the wildfly SSLContext will be used. If no SNI host name is received or if we receive a name that does not match this will fallback and use the jboss SSLContext.
Within the host-context-map it is also possible to define wildcard mappings such as * and *.wildfly.org.
+
+
+
+
4.3.20. Use the Elytron Subsystem
+
+
For authentication in applications, you can use the
+application-security-domain property in the undertow subsystem to
+configure a security domain in the elytron subsystem.
Security realms in the Elytron subsystem, when used in conjunction with
+security domains, are use for both core management authentication as
+well as for authentication with applications. Security realms are also
+specifically typed based on their identity store, for example
+jdbc-realm, filesystem-realm, properties-realm, etc.
Examples of adding specific realms, such as jdbc-realm,
+filesystem-realm, and properties-realm can be found in previous
+sections.
+
+
+
+
4.4.2. Create an Elytron Role Decoder
+
+
A role decoder converts attributes from the identity provided by the
+security realm into roles. Role decoders are also specifically typed
+based on their functionality, for example empty-role-decoder,
+simple-role-decoder, custom-role-decoder, and aggregate-role-decoder.
Create an Elytron Role Decoder that makes use of the IP Address of the Remote Client
+
+
A role decoder that is configured on a security realm assigns roles to
+an identity based on attributes provided by the security realm. It is
+also possible to configure a role decoder that makes use of the IP
+address of the remote client when determining the roles associated
+with an identity. As an example, we might want to make use of the IP
+address of the remote client in order to assign a user a particular
+role when establishing a connection to the server from a corporate
+network and a different role when establishing a connection to the
+server from a different network.
+
+
+
Adding a role decoder that makes use of the remote client’s IP
+address takes the general form:
In particular, a source-address-role-decoder has the following attributes:
+
+
+
+
+
source-address - The IP address of the remote client.
+
+
+
pattern - A regular expression that specifies the IP address to match.
+
+
+
roles - The list of roles to assign if the source IP address matches the given address.
+
+
+
+
+
Only one of source-address and pattern should be specified.
+
+
+
For example, the following source-address-role-decoder could be configured to specify
+that a user should be assigned the "Administrator" role when establishing a connection
+to the server from the 10.10.10.10 IP address:
The above example configures a security domain with a source address role decoder that
+will assign the "Administrator" role when the IP address of the remote client matches
+the configured address and a simple permission mapper that only assigns the
+"LoginPermission" if the identity has the "Administrator" role. Thus, authentication
+will succeed if the IP address of the remote client matches the configured address.
+
+
+
It is also possible to configure an aggregate-role-decoder. This consists of
+two or more role-decoder elements where each element is a reference to a configured
+role decoder. Each role decoder will be applied and the returned value will be a union of
+the roles returned by each decoder.
where permissions consists of a set of permissions, where each permission has the following attributes:
+
+
+
+
+
class-name is the fully qualified class name of the permission. This is the only permission attribute that is required.
+
+
+
module is the optional module to use to load the permission.
+
+
+
target-name is the optional target name to pass to the permission as it is constructed.
+
+
+
action is the optional action to pass to the permission as it is constructed.
+
+
+
+
+
+
4.4.4. Create an Elytron Permission Mapper
+
+
In addition to roles being assigned to a identity, permissions may also
+be assigned. A permission mapper assigns permissions to an identity.
+Permission mappers are also specifically typed based on their
+functionality, for example logical-permission-mapper,
+simple-permission-mapper, and custom-permission-mapper.
+
+
+
Adding a permission mapper takes the general form:
A role mapper maps roles after they have been decoded to other roles.
+Examples include normalizing role names or adding and removing specific
+roles from principals after they have been decoded. Role mappers are
+also specifically typed based on their functionality, for example
+add-prefix-role-mapper, add-suffix-role-mapper, and
+constant-role-mapper.
Security domains in the Elytron subsystem, when used in conjunction with
+security realms, are use for both core management authentication as well
+as for authentication with applications.
An authentication factory is an authentication policy used for specific
+authentication mechanisms. Authentication factories are specifically
+based on the authentication mechanism, for example
+http-authentication-factory and
+sasl-authentication-factory and kerberos-security-factory.
+
+
+
Adding an authentication factory takes the general form:
Elytron subsystem provides a specific resource definition that can be
+used to configure a default ruby Policy provider. The subsystem allows
+you to define multiple policy providers but select a single one as the
+default:
4.4.9. Create an Elytron Case Principal Transformer
+
+
Principal transformers can take a name and map it to another representation of the name or perform
+some normalisation. A case-principal-transformer converts a principal to upper or lower case.
+As an example, we might want to convert our principal to upper case if the identities in our realm
+are stored in upper case.
+
+
+
Adding a case-principal-transformer that converts a principal to upper/lower case takes the
+general form:
In particular, a case-principal-transformer has the following attribute:
+
+
+
+
+
upper-case - A boolean value to indicate whether the principal should be converted to upper case.
+Indicating false for this attribute converts the principal to lower case.
+
+
+
+
+
For example, the following case-principal-transformer could be configured to specify that
+a principal should be transformed to lower case:
The primary responsibility of a security realm is the ability to load identities with associated attributes, these identities are then used within the authentication process for credential validation and subsequently wrapped to represent the SecurityIdentity instances using within applications for authorization.
+
+
+
Generally a security realm operates in one of three modes, in the first mode on loading an identity from its store the security realm also loads one or more credential representations from the store and holds these within the identity. During authentication the credentials within the identity can be used to verify the connection attempt. The reason multiple credentials are loaded is because specific types may be applicable to specific mechanisms so an appropriate credential representation can be selected at the time of authentication.
+
+
+
In the second mode the identity is loaded as in the first mode however no credentials are loaded, in this mode evidence can be passed in to the identity for verification. This mode is sometimes the only mode available where it is not possible to load the representation of a credential from its store.
+
+
+
In the third mode evidence is passed to the security realm and used to construct the resulting identity, this mode is predominantly used with certificate and token based authentication mechanisms where the verified certificate or token can be used to construct the resulting identity.
+
+
+
Once an identity has been loaded for authorization decisions the identity will have a set of associated attributes, these will subsequent be mapped using role decoders, role mappers, and permission mappers as required for identity specific authorization decisions.
+
+
+
+
4.5.2. Aggregate Security Realm
+
+
The aggregate security realm allows for two or more security realms to be aggregated into a single security realm allowing one to be used during the authentication steps and one or more to be used to assemble the identity used for authorization decisions and aggregating any associated attributes.
+
+
+
The aggregate-realm resource contains the following attributes: -
+
+
+
+
+
authentication-realm - This realm use used to load the credentials of the identity or perform evidence verification.
+
+
+
authorization-realm - The realm to use to load the identities attributes used for authorization.
+
+
+
authorization-realms - A list of one or more realms to use to load the identities attributes and aggregate into a single set of attributes.
+
+
+
principal-transformer - A principal transformer that can be used to transform the principal after loading the credentials
+for authentication but before loading the identities attributes for authorization. This attribute is optional.
+
+
+
+
+
+
+
+
+
+
+authorization-realm and authorization-realms are mutually exclusive so exactly one of these must be specified.
+
+
+
+
+
+
Defining a Simple Aggregation
+
+
Assuming two realms properties-realm and jdbc-realm already exist an aggregate-realm combining these two can be created with the following command.
Where this realm is used the properties-realm will be used to load an identity’s credentials and the jdbc-realm will be used to load the attributes for the identity.
+
+
+
The following command is exactly the same except the authorization-realms attribute is used instead.
The following command will reference a principal transformer defined in the mappers configuration to be used to transform the principal
+after authentication.
If a third realm ldap-realm also exists that shoud also be used for the loading of attributes an aggregate-realm can be defined using the following command: -
As before the properties-realm will be used to load the identity’s credentials or perform evidence verification but the attributes for the identity will be loaded both from the jdbc-realm and ldap-realm then combined together.
+
+
+
The approach taken to combine attributes makes use of the first instance of each attribute, if the same attribute is loaded by multiple realms only the first occurrence will be used. Later occurrences of an existing attribtue will be ignored.
+
+
+
As an example if the following attributes were loaded from the jdbc-realm: -
The filesystem security realm is a security realm developed to support storing of identities in a filesystem with the option of associating multiple credentials and multiple attributes with each identity. Both credentials and attributes can contain multiple values.
+
+
+
Create and Populate Filesystem Security Realm
+
+
Every identity is stored in an XML file where the name of the file is the name of the identity. It is sufficient to just specify the path to the directory where identity files will be stored. There are other optional attributes.
+
+
+
+
+
path The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path.
+
+
+
relative-to If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.
+
+
+
levels The number of levels of directory hashing to apply. When this attribute is set to positive value, filesystem realm will store identities in directory structure where the name of subdirectories will be derived from first characters of identity name. For example, location of identity named "alex" could be a/l/alex.xml. This is useful not only because some filesystems can limit the amount of files that can be stored in a single directory, but also for performance reasons, because that might be influenced by the number of entries in a single directory as well. Default value is 2.
+
+
+
encoded When encoding is set to true, the identity names will be BASE32 encoded before they are used as filenames. This is beneficial, because some filesystems are case-insensitive or might restrict set of characters allowed in a filename. Default value is true.
+
+
+
hash-encoding specifies the string format for the password if it is not stored in plain text. Set to BASE64 bt default, but HEX is also supported.
+
+
+
hash-charset specifies the character set to use when converting the password string to a byte array. Set to UTF-8 by default.
+
+
+
credential-store specifies the credential store where the secret key is stored if the filesystem realm is to be encrypted. This attribute is optional.
+
+
+
secret-key specifies the alias of the secret key that is stored in the previously specified credential store. This attribute is optional.
+
+
+
key-store specifies the key store where the key pair is stored if the integrity is to be enabled on the filesystem realm. This attribute is optional.
+
+
+
key-store-alias specifies the alias of the key pair that is stored in the previously specified key store. This attribute is optional.
+
+
+
+
+
Filesystem security realm can be added with WildFly management CLI or with Elytron API.
+
+
+
WildFly management CLI
+
+
The following command creates realm with name fsRealm that resides in directory fs-realm-users inside the base configuration directory defined by jboss.server.config.dir property. The levels number is 2 and encoded value is true.
+The charset is UTF-8 and the string encoding is BASE64.
+
+
+
The credential-store being referenced is called mycredstore and the alias of the secret-key in that credential-store is key. The secret key will be used to encrypt and decrypt the filesystem realm.
+
+
+
The key-store being referenced is called keystore and the alias of the key pair in that key-store is localhost. The localhost key pair will be used to sign identity files and verify the pre-existing signatures to ensure that the filesystem realm has not been tampered with.
+Although identities stored within the same realm can be hashed using different algorithms, they are all
+hashed using the same character set and stored using the same string encoding across the whole realm.
+
+
+
+
+
+
To add identity with the name "alex" to this filesystem realm:
It’s possible to update the key-store or key-store-alias to use for integrity checking using the update-key-pair command as shown below. These commands will also update the signature in any existing identity files.
When creating filesystem realm with Elytron API, you can specify name rewriter in the constructor. The name rewriter will be applied to identity names to transform them from one form to another. It can be used to normalize the case, trim extra whitespaces, map one naming scheme to another, remove realm component from identity name (e.g. "user@realm" to "user") or to perform validation step on the syntax of the name.
+
+
+
To enable encryption for a filesystem realm programmatically, you can specify a SecretKey when instantiating the realm.
+
+
+
To enable integrity for the filesystem realm programmatically, you can specify a PublicKey and PrivateKey when instantiating the realm.
+
+
+
A org.wildfly.security.auth.realm.FileSystemSecurityRealm can be instantiated using a builder() method as shown in the example below.
org.wildfly.security.auth.server.NameRewriter.IDENTITY_REWRITER is a simple identity name rewriter that does no rewriting. You can implement the NameRewriter interface and use your own rewriter.
+
+
+
Class org.wildfly.security.auth.principal.NamePrincipal represents principal comprised of a simple name. Handle for the identity can be obtained by passing the NamePrincipal instance to the getRealmIdentity or getRealmIdentityForUpdate method. Received identity for the given principal might or might not exist in the filesystem realm. Method exists can be called to check whether the received identity exists. If it does not, you cannot modify its credentials or attributes.
+
+
+
To add non existent identity to the filesystem realm, create method must be called. After this call, credentials and roles of this identity are empty. The exception will be thrown if method create is called on an existing identity.
Note: Operation set-password` replaces any existing credential(s) with the new value.
+
+
+
+
Programmatic approach
+
+
When using Elytron API, working with passwords require interaction with the org.wildfly.security.password.PasswordFactory API. Here is the simplest example that will store password in clear text in identity’s file. Examples on how to work with other types of passwords can be found in Passwords section of this documentation.
To update attributes you can use ModifiableRealmIdentity instance. Class org.wildfly.security.authz.MapAttributes represents collection of attributes backed by java.util.Map:
Converting legacy properties file into Filesystem realm
+
+
WildFly can use authentication with a properties file based identity store. One properties file maps users to passwords and another maps users to roles. You can use Elytron Tool to convert these properties files into a filesystem realm. Below is an example of how to run this tool from the command line:
This command creates new filesystem realm with users taken from users.properties file and roles taken from roles.properties file. Script example-fs-realm.sh that contains the commands for WildFly CLI is generated as well. The script adds this filesystem realm to the Elytron subsystem and also adds new security domain that uses this filesystem realm as a default realm.
+
+
+
+
Converting an unencrypted filesystem realm into an encrypted filesystem realm
+
+
It is possible to convert an unencrypted filesystem realm into an encrypted one using the Elytron Tool. In particular, the filesystem-realm-encrypt command can be used as shown below:
This command creates a new filesystem realm by taking the existing filesystem realm from the specified input location, ./standalone/configuration/fs-realm-plain, and encrypting its contents using the secret key with alias key from the specified credential store, ./mycredstore.cs. The new filesystem realm is stored in the specified output location, ./standalone/configuration/fs-realm-enc.
+
+
+
A .cli script will also be generated at the root of the filesystem realm. The script contains WildFly CLI commands that can be used to configure a secret-key-credential-store resource and a filesystem-realm resource in the Elytron subsystem that makes use of the newly encrypted realm content.
+
+
+
+
+
4.5.4. JDBC Security Realm
+
+
The JDBC security realm is a security realm developed to support loading identities from a database with the option of multiple credentials and multiple attributes each with the option of containing multiple values.
+
+
+
When defining the JDBC security realm one or more principal queries can be defined, each of these can load a credential and / or attributes for the resulting identity. Each defined principal query is associated with it’s own datasource, this means quite a complex configuration can be created loading the different aspects of an identity from multiple locations.
+
+
+
Each of the examples documented within this section will be making use of pre-configured datasources, please refer to the datasources subsystem documentation for more information relating to how to define datasources.
+
+
+
Loading a Single Clear Text Password
+
+
The simplest configuration is to load a clear text password for an identity. This approach would not be recommended at all in a production set up, however it does make a suitable starting point to illustrate how the JDBC security realm can be configured.
+
+
+
Table 4. Example Table
+
+
+
+
+
+
+
NAME
+
PASSWORD
+
+
+
+
+
test
+
myPassword
+
+
+
+
+
A JDBC security realm can be defined as: -
+
+
+
+
/subsystem=elytron/jdbc-realm=demo-realm:add(
+ principal-query=[{data-source=Identities,
+ sql="select PASSWORD from IDENTITIES where NAME = ?",
+ clear-password-mapper={password-index=1}}])
+
+
+
+
This realm is defined within a single principal-query against the Identities datasource. For the user test the result of the query would be: -
+
+
+
Table 5. Query Results
+
+
+
+
+
+
1
+
+
+
+
+
myPassword
+
+
+
+
+
The principal query can be defined with password mappers which define which columns should be used to construct the password for the identity being loaded, in this example a clear-password-mapper is used: -
+
+
+
+
clear-password-mapper={password-index=1}
+
+
+
+
+
+
+
+
+
+The index of the first column is 1
+
+
+
+
+
+
+
Alternative Password Mappers
+
+
The WildFly Elytron project supports a variety of password types as described within Passwords, some of these password types require multiple values to be loaded from the database to reconstruct the password so alternative password mappers are made available. More than one password mapper can be defined on a single principal-query to support loading multiple passwords simultaneously.
+
+
+
+
+
+
+
+
+Where the various password mappers load encoded representations of passwords and salts from the database these can either be encoded using Base64 or Hexadecimal, by default unless specified Base64 is assumed.
+
+
+
+
+
+
clear-password-mapper
+
+
This mapper is used to load a clear text password directly from the database.
+
+
+
The following attribute is supported for this password mapper: -
+
+
+
+
+
password-index - The index of the column containing the clear text password.
+
+
+
+
+
+
bcrypt-password-mapper
+
+
The bcrypt-password-mapper can be used for passwords to be loaded using the bcrypt algorithm, as an iterated salted password type the iteration count and salt are also loaded from the database query.
+
+
+
+
+
password-index - The index of the column containing the encoded password.
+
+
+
hash-encoding - The encoding of the hash, either base64 or hex.
+
+
+
salt-index - The index of the column containing the encoded salt.
+
+
+
salt-encoding - The encoding of the salt, either base64 or hex.
+
+
+
iteration-count-index - The index of the column containing the iteration count.
+
+
+
+
+
+
modular-crypt-mapper
+
+
The modular-crypt-mapper can be used for passwords encoded using modular crypt, this encoding allows for multiple pieces of information to be encoded in single String such as the password type, the hash or digest, the salt, and the iteraction count.
+
+
+
Information on how to encode and decode modular crypt representations can be seen in Modular Crypt Encoding.
+
+
+
The following attribute is supported for this password mapper: -
+
+
+
+
+
password-index - The index of the column containing the modular crypt encoded password.
+
+
+
+
+
+
salted-simple-digest-mapper
+
+
The salted-simple-digest-mapper supports the password types hashed with a salt as described in Salted Digest, for this type of password the encoded form of the password is loaded in addition to the salt.
+
+
+
+
+
algorithm - The algorithm of the password type, the supported values are listed at Salted Digest.
+
+
+
password-index - The index of the column containing the encoded password.
+
+
+
hash-encoding - The encoding of the hash, either base64 or hex.
+
+
+
salt-index - The index of the column containing the encoded salt.
+
+
+
salt-encoding - The encoding of the salt, either base64 or hex.
+
+
+
+
+
+
simple-digest-mapper
+
+
The simple-digest-mapper supports the loading of passwords which have been simply hashed without any salt as described in Simple Digest.
+
+
+
+
+
algorithm - The algorithm of the password type, the supported values are listed at Simple Digest.
+
+
+
password-index - The index of the column containing the encoded password.
+
+
+
hash-encoding - The encoding of the hash, either base64 or hex.
+
+
+
+
+
+
scram-mapper
+
+
The scram-mapper supports the loading of SCRAM passwords which use both a salt and an interation count as described in Scram.
+
+
+
+
+
algorithm - The algorithm of the password type, the supported values are listed at Scram.
+
+
+
password-index - The index of the column containing the encoded password.
+
+
+
hash-encoding - The encoding of the hash, either base64 or hex.
+
+
+
salt-index - The index of the column containing the encoded salt.
+
+
+
salt-encoding - The encoding of the salt, either base64 or hex.
+
+
+
iteration-count-index - The index of the column containing the iteration count.
+
+
+
+
+
+
+
Hash Character Sets
+
+
The various password mappers allow loading multiples values from the database to hash the client provided password in order
+to compare against the password stored in the database.
+
+
+
The JDBC realm supports specifying the character set via the attribute hash-charset to use when converting
+the client provided password string to a byte array. This is useful when our database is storing
+hashed passwords using a charset other than UTF-8, as the JDBC realm assumes that is the charset being used by default.
+
+
+
+
+
+
+
+
+Although more than one password mapper can be defined on a single principal-query, only one hash-charset
+can be defined across the whole realm.
+
+
+
+
+
+
For example, the following JDBC realm is configured using the GB2312 charset:
+
+
+
+
/subsystem=elytron/jdbc-realm=exampleDbRealm:add(principal-query=[{sql="SELECT password FROM all_users WHERE user=?",data-source=exampleDS,simple-digest-mapper={algorithm=password-salt-digest-md5,password-index=1}}])
+
+
+
+
+
Using a Hashed Password Representation
+
+
The same approach can be taken for all hashed password representations, for illustration purposes this section will illustrate how a bcrypt password can be prepared to be stored in a database and the subsequent realm configuration to make use of it. Examples uising the APIs for the different password types can be found in the Passwords section of this documentation.
+
+
+
The following example takes the password myPassword, generates a random salt an produces a bcrypt representation of the password.
+It is worth noting that as the hash-encoding and salt-encoding are specified separately one could use Base64 whilst the other uses hexadecimal.
+
+
+
+
+
+
+
Loading Passwords from Different Queries / Datasources
+
+
It is also possible to combine both of the example so far and define two separate principal-query instances to attempt to load both password types from different locations.
+
+
+
Here is an example configuration loading a clear text password from one datasource / table and loading a bcrypt password from a second datasource / table.
+
+
+
+
/subsystem=elytron/jdbc-realm=demo-realm:add(
+ principal-query=[
+ {data-source=LegacyIdentities,
+ sql="select PASSWORD from LEGACY_IDENTITIES where NAME = ?",
+ clear-password-mapper={password-index=1}},
+ {data-source=NewIdentities,
+ sql="select PASSWORD, SALT, ITERATION_COUNT from NEW_IDENTITIES where NAME = ?",
+ bcrypt-mapper={password-index=1, salt-index=2, iteration-count-index=3}}
+ ])
+
+
+
+
+
+
+
+
+
+It is not required that the identity is found from both of the queries, this can be useful in situations where identities are being migrated from one location to another or for aggregating two together.
+
+
+
+
+
+
+
Loading Attributes
+
+
The examples so far have focussed on the loading of passwords from the database, the principal queries can also be used to load attributes for the resulting identities.
+
+
+
The loading of attributes can either be defined to happen within the principal queries being used to load the passwords or attribute specific principal queries can be defined, as each principal-query can be defined with it’s own datasource reference this means attributes can also be loaded from alternative locations.
+
+
+
The loaded attributes can then be used for mapping to roles and permissions which should be granted to the identity or they can be obtained programatically within the deployment to identify information about the currently authenticated identity.
+
+
+
Loading Attributes with Passwords
+
+
For single valued attributes these can often be loaded using the same principal-query used to load an identities password, as an example if an identities e-mail address or department is to be loaded from the database these can be loaded at the same time as the password.
This means the contents of column 2 will be mapped to the email attribute and the contents of column 3 will be mapped to the department attribute.
+
+
+
+
Loading Attributes Separately.
+
+
For multi-valued attributes such as a list of groups it can often make sense to define a separate principal query.
+
+
+
A list of groups could be represented as follows in a table.
+
+
+
Table 10. Example Table
+
+
+
+
+
+
+
NAME
+
TEAM
+
+
+
+
+
test
+
Users
+
+
+
test
+
Supervisors
+
+
+
+
+
A realm can now be defined with a second principal query to load the groups into an attribute.
+
+
+
+
/subsystem=elytron/jdbc-realm=demo-realm:add(
+ principal-query=[
+ {data-source=Identities,
+ sql="select PASSWORD from IDENTITIES where NAME = ?",
+ clear-password-mapper={password-index=1}
+ },{data-source=Identities,
+ sql="select TEAM from MEMBERSHIP where NAME = ?",
+ attribute-mapping=[{index=1, to=groups}]
+ }])
+
+
+
+
Within this definition the second principal-query will load the attribute groups: -
+
+
+
+
{data-source=Identities,
+ sql="select TEAM from MEMBERSHIP where NAME = ?",
+ attribute-mapping=[{index=1, to=groups}]
+}
+
+
+
+
For the user test the results would be: -
+
+
+
Table 11. Query Results
+
+
+
+
+
+
1
+
+
+
+
+
Users
+
+
+
Supervisors
+
+
+
+
+
The end result would be that the identity contains the attribute groups with the values Users, and Supervisors
The jaas-realm resource contains the following attributes: -
+
+
+
+
+
entry JAAS configuration file entry name
+
+
+
path Path to the JAAS configuration file. You can also specify the location of the configuration with java system property "java.security.auth.login.config" or with java security property "login.config.url"
+
+
+
relative-to Optional base folder for the path.
+
+
+
module The WildFly module with Login Module implementations and Callback Handler implementation.
+
+
+
callback-handler Callback handler to use with the Login Context. Security property "auth.login.defaultCallbackHandler" can be used instead. The default callback handler of the realm will be used if none of these are defined.
+
+
+
+
+
All attributes but entry are optional.
+
+
+
Example of jaas-realm configuration via WildFly CLI:
Login Modules use Subjects to represent the user currently being authenticated. Subject’s
+principals are mapped to user’s attributes with the following rule:
+
+
+
+
+
key of the attribute is principal’s simple classname, so the value of principal.getClass().getSimpleName())
+
+
+
value is principal’s name, so the result of principal.getName() call. For principals of the same type / key, the values will be appended to the collection under this attribute key.
+
+
+
+
+
Attributes can be used to associate roles in the Elytron subsystem. Roles is the default attribute name used for this purpose. You can configure a role-decoder to use a different attribute. This means you can add roles to authenticated user by associating principals with the Subject in a Login Module imlpementations.
+
+
+
+
+
+
+
+
5. Using Elytron within WildFly
+
+
+
5.1. Using the Out of the Box Elytron Components
+
+
5.1.1. Securing Management Interfaces
+
+
You can find more details on the enabling WildFly to use the out of the
+box Elytron components for securing the management interfaces in the
+Default
+Management Authentication Configuration section.
+
+
+
+
5.1.2. Securing Applications
+
+
The elytron subsystem provides application-security-domain by
+default which can be used to secure applications. For more details on
+how application-security-domain is configured, see the
+Default
+Application Authentication Configuration section.
WildFly does provide a default one-way SSL/TLS configuration using the
+legacy core management authentication but does not provide one in the
+elytron subsystem. You can find more details on configuring SSL/TLS
+using the elytron subsystem for both the management interfaces as well
+as for applications in
+Configure
+SSL/TLS
+
+
+
+
5.1.4. Using Elytron with Other Subsystems
+
+
In addition to securing applications and management interfaces, Elytron
+also integrates with other subsystems in WildFly.
+
+
+
+
+
+
+
+
+
Subsystem
+
Details
+
+
+
+
+
batch-jberet
+
You can configure the batch-jberet to run batch jobs
+using an Elytron security domain.
+
+
+
datasources
+
You can use a credential store or an Elytron security
+domain to provide authentication information in a datasource definition.
+
+
+
messaging-activemq
+
You can secure remote connections to the remote
+connections used by the messaging-activemq subsystem.
+
+
+
iiop-openjdk
+
You can use the elytron subsystem to configure SSL/TLS
+between clients and servers using the iiop-openjdk subsystem.
+
+
+
mail
+
You can use a credential store to provide authentication
+information in a server definition in the mail subsystem.
+
+
+
undertow
+
You can use the elytron subsystem to configure both SSL/TLS
+and application authentication.
+
+
+
+
+
+
+
5.2. Undertow Subsystem
+
+
As a web application is deployed the name of the security domain required by that application will be identified, this will either be from within the deployment or if the deployment does not have a security domain the default-security-domain as defined on the Undertow subsystem will be assumed. An application-security-domain resource can be added to the Undertow subsystem which maps from the name of the security domain required by the application to the appropriate WildFly Elytron configuration.
+
+
+
As an example in it’s simplest form a mapping can be added as: -
Note: If the deployment was already deployed at this point the
+application server should be reloaded or the deployment redeployed for
+the application security domain mapping to take effect.
+
+
+
Here we are mapping from the applications security domain MyAppSecurity to the WildFly Elytron defined domain ApplicationDomain.
+
+
+
This simple form is suitable where a deployment is using the standard HTTP mechanisms as defined within the Servlet specification i.e. BASIC, CLIENT_CERT, DIGEST, FORM and authentication will be performed against the ApplicationDomain security domain. This form is also suitable where an application is not using any authentication mechanisms and instead is using programatic authentication or even wishes to obtain the SecurityDomain associated with the deployment and use it directly.
+
+
+
An advanced form of the mapping can be added as: -
In this form of the configuration instead of referencing a security domain a http-authentication-factory is referenced instead, this is the factory that will be used to obtain the instances of the authentication mechansisms and is in turn associated with the security domain. The standard mechanisms as defined in the Servlet specification can be used in this way but this approach also allows for other mechanisms to be used such as SPNEGO which requires additional configuration or even plug-in custom mechanism implementations.
+
+
+
When the advanced form of the mapping is used a further configuration option is available: -
+
+
+
+
+
override-deployment-config
+
+
+
+
+
The referenced http-authentication-factory can return a complete set of authentication mechanisms, by default these are filtered to just match the mechanisms requested by the application - if this option is set to true then the mechanisms offered by the factory will override the mechanisms requested by the application. One example of where this could be useful is say an application has been developed to support FORM authentication, by overriding the mechanisms the application could be updated to support SPNEGO, and FORM authentication without any modifications to the deployment.
+
+
+
The application-security-domain resource also has one additional option enable-jacc, if this is set to true JACC will be enabled for any deployments matching against this mapping.
+
+
+
5.2.1. Runtime Information
+
+
Where an application-security-domain mapping is in use it can be useful to double check that deployments did match against it as expected, if the resource is read with include-runtime=true the deployments that are associated with the mapping will also be shown: -
In this output the referencing-deployments attribute shows that the deployment simple-webapp.war has been deployed using this mapping.
+
+
+
+
+
5.3. Jakarta Enterprise Beans Subsystem
+
+
Configuration can be added to the Jakarta Enterprise Beans subsystem to map a security domain
+name referenced in a deployment to an Elytron security domain:
Note: If the deployment was already deployed at this point the
+application server should be reloaded or the deployment redeployed for
+the application security domain mapping to take effect.
+
+
+
An application-security-domain has two main attributes:
+
+
+
+
+
name - the name of the security domain as specified in a deployment
+
+
+
security-domain - a reference to the Elytron security domain that
+should be used
+
+
+
+
+
There is another attribute called legacy-compliant-principal-propagation.
+If it is set to true and there is no incoming run-as identity,
+then the principal of the local unsecured bean is the current authenticated identity. This was the case
+for legacy PicketBox security. If this attribute is set to false, the behaviour will comply with the Elytron’s previous
+behaviour and if there is no incoming run-as identity then the principal of the local unsecured bean is anonymous.
+This attribute is optional and the default value is true.
+
+
+
When an application security domain mapping is configured for a bean in
+a deployment, this indicates that security should be handled by Elytron.
+
+
+
+
5.4. WebServices Subsystem
+
+
There is adapter in webservices subsystem to make authentication works
+for elytron security domain automatically. Like configure with legacy
+security domain, you can configure elytron security domain in deployment
+descriptor or annotation to secure webservice endpoint.
+
+
+
When Elytron security is enabled, JAAS subject or principal can be pushed
+to jbossws-cxf endpoint’s SecurityContext to propagate authenticated
+identity to Jakarta Enterprise Beans container. Here is a CXF interceptor example to
+propagate authenticated information to Jakarta Enterprise Beans container :
+
+
+
+
publicclassPropagateSecurityInterceptorextends WSS4JInInterceptor {
+
+ public PropagateSecurityInterceptor() {
+ super();
+ getAfter().add(PolicyBasedWSS4JInInterceptor.class.getName());
+ }
+
+ @Override
+ publicvoid handleMessage(SoapMessage message) throws Fault {
+ ...
+ final Endpoint endpoint = message.getExchange().get(Endpoint.class);
+ final SecurityDomainContext securityDomainContext = endpoint.getSecurityDomainContext();
+ //push subject principal retrieved from CXF to ElytronSecurityDomainContext
+ securityDomainContext.pushSubjectContext(subject, principal, null)
+ }
+
+}
+
+
+
+
+
+
+
6. Client Authentication with Elytron Client
+
+
+
WildFly Elytron uses the Elytron Client project to enable remote clients
+to authenticate using Elytron. Elytron Client has the following
+components:
+
+
+
+
+
+
+
+
+
Component
+
Description
+
+
+
+
+
Authentication Configuration
+
Contains authentication information such
+as usernames, passwords, allowed SASL mechanisms, and the security realm
+to use during digest authentication.
+
+
+
MatchRule
+
Rule used for deciding which authentication configuration to
+use.
+
+
+
Authentication Context
+
Set of rules and authentication configurations
+to use with a client for establishing a connection.
+
+
+
+
+
When a connection is established, the client makes use of an
+authentication context, which gives rules that match which
+authentication configuration is used with an outbound connection. For
+example, you could have a rule that use one authentication
+configuration when connecting to server1 and another authentication
+configuration when connecting with server2. The authentication context
+is comprised of a set of authentication configurations and a set of
+rules that define how they are selected when establishing a connection.
+An authentication context can also reference ssl-context and can be
+matched with rules.
+
+
+
To create a client that uses security information when establishing a
+connection:
+
+
+
+
+
Create one or more authentication configurations.
+
+
+
Create an authentication context by creating rule and authentication
+configuration pairs.
+
+
+
Create a runnable for establishing your connection.
+
+
+
Use your authentication context to run your runnable.
+
+
+
+
+
When you establish your connection, Elytron Client will use the set of
+rules provided by the authentication context to match the correct
+authentication configuration to use during authentication.
+
+
+
You can use one of the following approaches to use security information
+when establishing a client connection.
+
+
+
IMPORTANT: When using Elytron Client to make Jakarta Enterprise Beans calls, any hard-coded
+programatic authentication information, such as setting
+Context.SECURITY_PRINCIPAL in the javax.naming.InitialContext, will
+override the Elytron Client configuration.
+
+
+
6.1. The Configuration File Approach
+
+
The configuration file approach involves creating an XML file with your
+authentication configuration, authentication context, and match rules.
The above example shows how the password for authentication can be specified in the clear. However, it’s also possible
+to use a masked password instead.
IMPORTANT: If you use the
+The
+Programmatic Approach, it will override any provided configuration
+files even if the wildfly.config.url system property is set.
+
+
+
When creating rules, you can look for matches on various parameters such
+as hostname, port, protocol, or username. A full list of options for
+MatchRule are available in the
+Javadocs.
+Rules are evaluated in the order in which they are configured.
+
+
+
Common Rules
+
+
+
+
+
+
+
+
+
Rule
+
Description
+
+
+
+
+
match-domain
+
Takes a single name attribute specifying the security
+domain to match against.
+
+
+
match-host
+
Takes a single name attribute specifying the hostname to
+match against. For example, the host 127.0.0.1 would match on
+http://127.0.0.1:9990/my/path .
+
+
+
match-no-user
+
Matches against URIs with no user.
+
+
+
match-path
+
Takes a single name attribute specifying the path to match
+against. For example, the path /my/path/ would match on
+http://127.0.0.1:9990/my/path .
+
+
+
match-port
+
Takes a single name attribute specifying the port to match
+against. For example, the port 9990 would match on
+http://127.0.0.1:9990/my/path .
+
+
+
match-protocol
+
Takes a single name attribute specifying the protocol
+to match against. For example, the protocol http would match on
+http://127.0.0.1:9990/my/path .
+
+
+
match-purpose
+
Takes a names attribute specifying the list of purposes
+to match against.
+
+
+
match-urn
+
Takes a single name attribute specifying the URN to match
+against.
+
+
+
match-user
+
Takes a single name attribute specifying the user
+to match against.
+
+
+
+
+
+
6.2. The Programmatic Approach
+
+
The programatic approach configures all the Elytron Client configuration
+in the client’s code:
+
+
+
+
//create your authentication configuration
+AuthenticationConfiguration adminConfig =
+ AuthenticationConfiguration.empty()
+ .useProviders(() -> newProvider[] { new WildFlyElytronProvider() })
+ .allowSaslMechanisms("DIGEST-MD5")
+ .useRealm("ManagementRealm")
+ .useName("administrator")
+ .usePassword("password1!");
+
+//create your authentication context
+AuthenticationContext context = AuthenticationContext.empty();
+context = context.with(MatchRule.ALL.matchHost("127.0.0.1"), adminConfig);
+
+
+//create your runnable for establishing a connection
+Runnable runnable =
+ newRunnable() {
+ publicvoid run() {
+ try {
+ //Establish your connection and do some work
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ };
+
+//use your authentication context to run your client
+context.run(runnable);
+
+
+
+
The above example shows how the password for authentication can be specified in the clear. However, it’s also possible
+to use a masked password instead.
+
+
+
+
//create your authentication configuration
+AuthenticationConfiguration adminConfig =
+ AuthenticationConfiguration.empty()
+ .useProviders(() -> newProvider[] { new WildFlyElytronProvider() })
+ .allowSaslMechanisms("DIGEST-MD5")
+ .useRealm("ManagementRealm")
+ .useName("administrator")
+ .usePassword("/Nym2s/dssMrabfdIGsZfQ==", null, null, "100", "12345678", null);
+
+//create your authentication context
+AuthenticationContext context = AuthenticationContext.empty();
+context = context.with(MatchRule.ALL.matchHost("127.0.0.1"), adminConfig);
+
+
+//create your runnable for establishing a connection
+Runnable runnable =
+ newRunnable() {
+ publicvoid run() {
+ try {
+ //Establish your connection and do some work
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ };
+
+//use your authentication context to run your client
+context.run(runnable);
+
+
+
+
When adding configuration details to AuthenticationConfiguration and
+AuthenticationContext, each method call returns a new instance of that
+object. For example, if you wanted separate configurations when
+connecting over different hostnames, you could do the following:
This is the same as match-domain
+in the configuration file approach.
+
+
+
matchNoUser()
+
This is the same as match-no-user in the configuration
+file approach.
+
+
+
matchPath(String pathSpec)
+
This is the same as match-path in the
+configuration file approach.
+
+
+
matchPort(int port)
+
This is the same as match-port in the
+configuration file approach.
+
+
+
matchProtocol(String protoName)
+
This is the same as match-port in the
+configuration file approach.
+
+
+
matchPurpose(String purpose)
+
Create a new rule which is the same as
+this rule, but also matches the given purpose name.
+
+
+
matchPurposes(String… purposes)
+
This is the same as match-purpose in
+the configuration file approach.
+
+
+
matchUrnName(String name)
+
This is the same as match-urn in the
+configuration file approach.
+
+
+
matchUser(String userSpec)
+
This is the same as match-user in the
+configuration file approach.
+
+
+
+
+
Also, instead of starting with an empty authentication configuration,
+you can start with the current configured one by using
+captureCurrent().
+
+
+
+
//create your authentication configuration
+AuthenticationConfiguration commonConfig = AuthenticationConfiguration.captureCurrent();
+
+
+
+
Using captureCurrent() will capture any previously established
+authentication context and use it as your new base configuration.
+An authentication context is established once it’s been activated by calling
+run(). If captureCurrent() is called and no context is currently
+active, it will try and use the default authentication if available. You
+can find more details about this in
+The
+Configuration File Approach,
+The
+Default Configuration Approach, and
+Using Elytron Client
+with Clients Deployed to WildFly sections.
+
+
+
Using AuthenticationConfiguration.empty() should only be used as a base
+to build a configuration on top of and should not be used on its own. It
+provides a configuration that uses the JVM-wide registered providers and
+enables anonymous authentication.
+
+
+
When specifying the providers on top of the
+AuthenticationConfiguration.empty() configuration, you can specify a
+custom list, but most users should use WildFlyElytronProvider()
+providers.
+
+
+
When creating an authentication context, using the context.with(…)
+will create a new context that merges the rules and authentication
+configuration from the current context with the provided rule and
+authentication configuration. The provided rule and authentication
+configuration will appear after the ones in the current context.
+
+
+
+
6.3. The Default Configuration Approach
+
+
The default configuration approach relies completely on the
+configuration provided by Elytron Client:
+
+
+
+
//create your runnable for establishing a connection
+Runnable runnable =
+ newRunnable() {
+ publicvoid run() {
+ try {
+ //Establish your connection and do some work
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ };
+
+// run runnable directly
+runnable.run();
+
+
+
+
To provide a default configuration, Elytron Client tries to
+auto-discover a wildfly-config.xml file on the filesystem. It looks in
+the following locations:
+
+
+
+
+
Location specified by the wildfly.config.url system property set
+outside of the client code.
+
+
+
The classpath root directory.
+
+
+
The META-INF directory on the classpath.
+
+
+
+
+
If it does not find one, it will try and use the default
+wildfly-config.xml provided in the
+$WILDFLY_HOME/bin/client/jboss-client.jar.
6.4. Using Elytron Client with Clients Deployed to WildFly
+
+
Clients deployed to WildFly can also make use of Elytron Client. In
+cases where you have included a wildfly-config.xml with your
+deployment or the system property has been set, an
+AuthenticationContext is automatically parsed and created from that
+file.
+
+
+
To load a configuration file outside of the deployment, you can use the
+parseAuthenticationClientConfiguration(URI) method. This method will
+return an AuthenticationContext which you can then use in your client’s
+code using the
+The
+Programmatic Approach.
+
+
+
Additionally, clients will also automatically parse and create an
+AuthenticationContext from the client configuration provided by the
+elytron subsystem. The client configuration in the elytron subsystem
+can also take advantage of other components defined in the elytron
+subsystem such as credential stores. If client configuration is provided
+by BOTH the deployment and the elytron subsystem, the elytron
+subsystem’s configuration is used.
+
+
+
+
6.5. Client configuration using wildfly-config.xml
+
+
Prior to WildFly 11, many WildFly client libraries used different configuration strategies. WildFly 11 introduces a new wildfly-config.xml file which unifies all client configuration in a single place. In addition to being able to configure authentication using Elytron as described in the previous section, a wildfly-config.xml file can also be used to:
+
+
+
6.5.1. Configure Jakarta Enterprise Beans client connections, global interceptors, and invocation timeout
RESTEasy client will automatically load credentials, bearer token and SSL context from wildfly-config.xml. Credentials will be used for HTTP Basic authentication and bearer token for Bearer token authentication.
+Note that WildFly client libraries do have reasonable default configuration. Thus, adding configuration for these clients to wildfly-config.xml isn’t mandatory.
+
+
+
+
+
+
+
+
+
+
7. Elytron and Java Authorization Contract for Containers (JACC)
+
+
+
+This document will guide you on how to enable JACC for your deployments
+using the default policy defined in the Elytron subsystem.
+
+
+
+
7.1. Defining a JACC Policy Provider
+
+
Elytron subsystem provides a built-in policy provider based on JACC
+specification. This policy provider is active by default in the
+default configuration.
+
+
+
+
7.2. Enabling JACC to a Web Deployment
+
+
You can enable JACC to web
+deployments by executing the following command:
The command above defines a default security domain for applications if
+none is provided in jboss-web.xml. In case you already have a
+application-security-domain defined and just want to enable JACC you
+can execute a command as follows:
The command above defines a default security domain for EJBs. In case
+you already have an application-security-domain defined and just want
+to enable JACC you can execute a command as follows:
+References in this document to Java Authorization Contract for Containers (JACC) refer to Jakarta Authorization unless otherwise noted.
+ References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
+
+
+
+
+
+
+
+
+
8. Elytron and Java Authentication SPI for Containers (JASPI)
+
+
+
+Starting from WildFly 15 an implementation of the Servlet profile from the Java Authentication SPI for Containers (JSR-196 / JASPI) is also provided by the WildFly Elytron subsystem allowing tighter integration with the security features provided by WildFly Elytron. This JASPI implementation is available out of the box with minimal steps required to use it for deployments, this section of the documentation describes how to make use of it and the features it provides.
+
+
+
+
8.1. Activation
+
+
Presently it is the Servlet profile from the JASPI specification which is supported by this integration, the following information applies to web applications deployed to WildFly.
+
+
+
For the JASPI integration to be enabled for a web application that web application needs to be associated with either an Elytron http-authentication-factory or a security-domain - by doing this the WildFly Elytron security handlers will be installed for the deployment and the WildFly Elytron security framework activated for the deployment. This is all that is required for a deployment to be 'securable' using a JASPI configuration.
+
+
+
Once the WildFly Elytron security framework is activate for a deployment at the time requests are being handled the globally registered AuthConfigFactory will be queried to identify if an AuthConfigProvider has been registered which should be used for that deployment - if an AuthConfigProvider is found then JASPI authentication will be used instead of the deployments authentication configuration. If no AuthConfigProvider is found then the authentication configuration for the deployment will be used instead, this could mean authentication mechanisms from a http-authentication-factory are used or mechanisms specified in the web.xml are used or it could even mean no authentication is performed if the application does not have any mechanisms defined.
+
+
+
Any updates made to the AuthConfigFactory are immediately available, this means that if an AuthConfigProvider is registered which is a match for an existing application it will start to be used immediately without requiring redeployment of the application.
+
+
+
All web applications deployed to WildFly have a security domain which will be resolved in the following order: -
+
+
+
+
+
From the deployment descriptors / annotations of the deployment being deployed.
+
+
+
The value defined on the default-security-domain attribute on the Undertow subsystem.
+
+
+
Default to 'other'.
+
+
+
+
+
We assume that this security domain is a reference to a PicketBox security domain so the final step in activation is ensuring this is mapped to WildFly Elytron using an application-security-domain resource in the Undertow subsystem. This mapping can either reference a WildFly Elytron security domain directly or it can reference a http-authentication-factory resource to obtain instances of authentication mechanisms.
Although this latter form references a http-authentication-factory that in turn will reference a security domain - for both examples the referenced security domain is associated with the deployment.
+
+
+
The minimal steps to enable the JASPI integration are: -
+ . Leave the default-security-domain attribute on the Undertow subsystem undefined so it defaults to 'other'.
+ . Add an application-security-domain mapping from 'other' to a WildFly Elytron security domain.
+
+
+
All deployments that do not specify their own security domain will be assigned this default mapping automatically which will activate the WildFly Elytron handlers and subsequently make JASPI available for that deployment.
+
+
+
The security domain associated with a deployment in these steps is the security domain that will be wrapped in a CallbackHandler to be passed into the ServerAuthModule instances used for authentication.
+
+
+
8.1.1. Additional Options
+
+
On the application-security-domain resource two additional attributes have been added to allow some further control of the JASPI behaviour.
+
+
+
+
+
enable-jaspi - Can be set to false to disable JASPI support for all deployments using this mapping.
+
+
+
integrated-jaspi - By default all identities are loaded from the security domain, if set to false ad-hoc identities will be created instead.
+
+
+
+
+
+
+
8.2. Subsystem Configuration
+
+
One way to register a configuration which will result in an AuthConfigProvider being returned for a deployment is to register a jaspi-configuration in the Elytron subsystem.
+
+
+
The following command demonstrates how to add a configuration containing two ServerAuthModule definitions: -
The name attribute is just a name that allows the resource to be referenced in the management model.
+
+
+
The layer and application-context attributes are used when registering this configuration with the AuthConfigFactory - both of these attributes can be omitted allowing wildcard matching. The description attribute is also optional and is used to provide a description to the AuthConfigFactory.
+
+
+
Within the configuration one or more server-auth-module instances can be defined with the following attributes.
+ * class-name - The fully qualified class name of the ServerAuthModule.
+ * module - The module to load the ServerAuthModule from.
+ * flag - The control flag to indicate how this module operates in relation to the other modules.
+ * options - Configuration options to be passed into the ServerAuthModule on initialisation.
+
+
+
Configuration defined in this way is immediately registered with the AuthConfigFactory so any existing deployments using the WildFly Elytron security framework that match against the layer and application-context will immediately start to make use of the configuration.
+
+
+
+
8.3. Programmatic Configuration
+
+
The APIs defined within the JASPI specification allow for applications to dynamically register custom AuthConfigProvider instances, however the specification does not provide the actual implementations to use or a standard way to create instances of the implementations, the WildFly Elytron project contains a simple utility that can be used by deployments to help with this: -
As an example this code could be executed within the init() method of a Servlet to register the AuthConfigProvider specific for that deployment, in this code example the application context has also been assembled by consulting the ServletContext.
+
+
+
The register method returns the resulting registration ID that can also be used to subsequently remove this registration directly from the AuthConfigFactory.
+
+
+
As with the subsystem configuration this call has an immediate effect and will be live for all web applications using the WildFly Elytron security framework immediately.
+
+
+
+
8.4. Authentication Process
+
+
8.4.1. CallbackHandler
+
+
Based on the configuration on the application-security-domain resource in the Undertow subsystem the CallbackHandler passed to the ServerAuthModule in an integrated or non-integrated mode.
+
+
+
+
8.4.2. Integrated
+
+
When operating in integrated mode although the ServerAuthModule instances will be handling the actual authentication the resulting identity will be loaded from the referenced SecurityDomain using the SecurityRealms referenced by that SecurityDomain, it is still possible in this mode to override the roles that will be assigned within the Servlet container.
+
+
+
The advantage of this mode is that ServerAuthModules are able to take advantage of the WildFly Elytron configuration for the loading of identities so identities stored in usual locations such as databases and LDAP can be loaded without the ServerAuthModule needing to be aware of these locations, additionally other WildFly Elytron configuration can be applied such as role and permission mapping. The referenced SecurityDomain can also be referenced in other places such as for SASL authentication or other non JASPI applications all backed by a common repository of identities.
+
+
+
In this mode the CallbackHandlers operate as follows: -
+
+
+
+
+
PasswordValidationCallback
+
+
+
The username and password will be used with the SecurityDomain to perform an authentication, if successful there is now an authenticated identity.
+
+
+
+
+
CallerPrincipalCallback
+
+
+
This Callback is used to establish the authorized identity / the identity that will be seen once the request reached the web application.
+
+
+
+
+
If an authenticated identity has already been established via the PasswordValidationCallback this Callback is interpreted as a run-as request and authorization checks are performed to ensure the authenticated identity is authorized to run as the identity specified in this Callback. If no authenticated identity has been established by a PasswordValidationCallback it is assumed the ServerAuthModule has handled the authentication step so this Callback will cause the specified identity to be loaded from the SecurityDomain and an authorization check to verify this identity has the LoginPermission.
+
+
+
+
+
If a Callback is received with a null Principal and name then if an authenticated identity has already been established authorization will be performed as that identity, if no identity has been established then authorization of the anonymous identity will be performed. Where authorization of the anonymous identity is performed the SecurityDomain must have been configured to grant the anonymous identity the LoginPermission otherwise authorization will fail.
+
+
+
+
+
GroupPrincipalCallback
+
+
+
By default in this mode the attribute loading, role decoding, and role mapping configured on the security domain will be used to establish the identity - if this Callback is received the groups specified will be taken as the roles that will be assigned to the identity whilst the request is in the servlet container. These roles will be visible in the servlet container only.
+
+
+
+
+
+
+
+
8.4.3. Non Integrated
+
+
When operating in non-integrated mode the ServerAuthModules are completely responsible for all authentication AND identity management, the Callbacks specified in the specification can be used to establish an identity. The resulting identity will be created on the SecurityDomain but it will be independent of any identities stored in referenced SecurityRealms.
+
+
+
The advantage of this mode is that JASPI configurations that are able to 100% handle the identities can be deployed to the application server without requiring anything beyond a simple SecurityDomain definitions, there is no need for this SecurityDomain to actually contain the identities that will be used at runtime. The disadvantage of this mode is that the ServerAuthModule is now reposible for all identity handling potenitally making the implementation much more complex.
+
+
+
In this mode the CallbackHandlers operate as follows: -
+
+
+
+
+
PasswordValidationCallback
+
+
+
The Callback is not supported in this mode, the purpose of this mode is for the ServerAuthModule to operate independently of the referenced SecurityDomain so requesting a password to be validated would not be suitable.
+
+
+
+
+
CallerPrincipalCallback
+
+
+
This Callback is used to establish the Principal for the resulting identity, as the ServerAuthModule is handling all of the identity checking requirements no checks are performed to verify if the identity exists in the security domain and no authorization checks are performed.
+
+
+
+
+
If a Callback is received with a null Principal and name then then the identity will be established as the anonymous identity, as the ServerAuthModule is making the decisions no authorizaton check will be performed with the SecurityDomain.
+
+
+
+
+
GroupPrincipalCallback
+
+
+
As the identity is created in this mode without loading from the SecurityDomain it will by default have no roles assigned, if this Callback is received the groups will be taken and assigned to the resulting identity whilst the request is in the servlet container. These roles will be visible in the servlet container only.
+
+
+
+
+
+
+
+
8.4.4. validateRequest
+
+
During the call to validateRequest on the ServerAuthContext the individual ServerAuthModule instances will be called in the order they are defined. A control flag can also be specified for each module, this defines how the response should be interpreted and if processing should continue to the next auth module or return immediately.
+
+
+
Control Flags
+
+
Where the configuration was provided either within the WildFly Elytron subsystem or using the JaspiConfigurationBuilder API it is possible to associate a control flag with each ServerAuthModule - if one is not specified we assume REQUIRED. The flags have the following meanings depending on their result.
+
+
+
+
+
+
+
+
+
+
Flag
+
AuthStatus.SEND_SUCCESS
+
AuthStatus.SEND_FAILURE, AuthStatus.SEND_CONTINUE
+
+
+
Required
+
Validation will continue to the remaining modules, provided the requirements of the remaining modules are satisfied the request will be allowed to proceed to authorization.
+
Validation will continue to the remaining modules, however regardless of their outcome the validation is not successful so control will return to the client.
+
+
+
Requisite
+
Validation will continue to the remaining modules, provided the requirements of the remaining modules are satisfied the request will be allowed to proceed to authorization.
+
The request will return immediately to the client.
+
+
+
Sufficient
+
Validation is deemed successful and complete, provided no previous Required or Requisite module has returned an AuthStatus other than AuthStatus.SUCCESS the request will proceed to authorization of the secured resource.
+
Validation will continue down the list of remaining modules, this status will only affect the decision if there are no REQUIRED or REQUISITE modules.
+
+
+
Optional
+
Validation will continue to the remaining modules, provided no 'Required' or 'Requisite' modules have not returned SUCCESS this will be sufficient for validation to be deemed successful and for the request to proceed to the authorization stage and the secured resource.
+
Validation will continue down the list of remaining modules, this status will only affect the decision if there are no REQUIRED or REQUISITE modules.
+
+
+
+
+
For all ServerAuthModule instances if they throw an AuthException an error will be immediately reported to the client without further modules being called.
+
+
+
+
+
8.4.5. secureResponse
+
+
During the call to secureResponse each ServerAuthMdoule is called but this time in reverse order. Where a module only undertakes an action in secureResponse if it undertook an action in validateResponse it is the responsibility of the module to track this.
+
+
+
The control flag has no effect on secureResponse processing, processing ends when one of the following is true: -
+. All of the ServerAuthModule instances have been called.
+. A module returns AuthStatus.SEND_FAILURE.
+. A module throws an AuthException.
+
+
+
+
8.4.6. SecurityIdentity
+
+
Once the authentication process has completed a org.wildfly.security.auth.server.SecurityIdentity for the deployments SecurityDomain will have been created as a result of the Callbacks to the CallbackHandler, depending on the Callbacks this will either be an identity loaded directly from the SecurityDomain or will be an ad-hoc identity described by the callbacks. This SecurityIdentity will be associated with the request as we do for other authentication mechanisms
+
+
+
+
+
+
+
9. Elytron and Jakarta EE Security
+
+
+
+Starting from WildFly 15 an implementation of the Servlet Profile from Java Authentication SPI for Containers (JSR-196 / JASPI) specification has been included in the application server, in addition to making JASPI available for deployments using WildFly Elytron it also makes it possible to make use of EE Security with WildFly Elytron.
+
+
+
+
9.1. Activation
+
+
EE Security with WildFly Elytron is available out of the box with just a couple of small steps required.
+
+
+
9.1.1. Define JACC Policy
+
+
The SecurityContext API makes use of JACC to access the current authenticated identity, if deployments are going to make use of this API then a JACC policy needs to be activated in the WildFly Elytron subsystem. If this API is not being used then the activation can be skipped.
As is shown in the example no specific configuration is required other than the presence of a default JACC policy, additionally after making these changes the server needs to be reloaded to ensure the new policy activates correctly.
+
+
+
+
9.1.2. Add application-security-domain mapping
+
+
As with all deployments a mapping is required from the security domain defined for the deployment to either a WildFly Elytron security domain or http authentication factory to activate security backed by WildFly Elytron.
+
+
+
All web applications deployed to WildFly have a security domain which will be resolved in the following order: -
+
+
+
+
+
From the deployment descriptors / annotations of the deployment being deployed.
+
+
+
The value defined on the default-security-domain attribute on the Undertow subsystem.
+
+
+
Default to 'other'.
+
+
+
+
+
An application-security-domain resource then needs to be added to map from the deployment’s security domain.
+
+
+
The simplest approach is to add a mapping for other, then no further configuration will be required and provided the deployment does not define it’s own security domain and provided no alternative default is specified all deployments will match this mapping.
The EE Security API is built on JASPI. Within JASPI we support two different modes of operation 'integrated', and 'non-integrated'. In integrated mode any identity being established during authentication is expected to exist in the associated security domain. With the EE Security APIs however it is quite likely an alternative store will be in use so configuration the mapping to use 'non-integrated' JASPI allows for identities to be dynamically created as required.
+
+
+
+
+
+
+
+
+References in this document to Java Authorization Contract for Containers (JACC) refer to the Jakarta Authorization unless otherwise noted
+
+
+
+
+
+
+
+
+
+
10. Using Keycloak SAML
+
+
+
To secure applications deployed to WildFly using Keycloak SAML, a Galleon feature pack provided
+by the Keycloak project needs to be used. This feature pack automatically installs the Keycloak
+SAML adapter that results in the keycloak-saml subsystem being added to WildFly.
+
+
+
There are a few ways to install the Keycloak Galleon Feature Pack that provides the SAML adapter.
+
+
+
10.1. Galleon CLI
+
+
A server installation can be provisioned using the Galleon CLI.
+
+
+
More information can be found in the Provisioning WildFly with Galleon
+documentation, but assuming you have provisioned a WildFly installation containing the web-server layer
+with a command similar to the following:
Unlike the WildFly feature pack, this Keycloak feature pack is not part of a universe and so a fully
+qualified group:artifact:version reference to the feature pack is required.
+
+
+
+
+
+
+
From this point, applications can be configured as described in the
+Keycloak documentation.
+
+
+
+
10.2. Bootable JAR
+
+
The next installation option is if you are creating a bootable JAR for your deployment and want to
+add the Keycloak SAML adapter to secure the deployment. More details about bootable JAR support can
+be found in the Bootable JAR Guide.
+
+
+
The following is an example plug-in configuration to create a bootable JAR for a web application
+using both the web-server and keycloak-client-saml layers:
As with using the CLI, the latest version of WildFly in the universe can be dynamically selected but the
+Keycloak feature pack requires the complete groupId, artifactId, and version to be specified.
+
+
+
+
+
+
+
The approaches to configure the web application are the same as described in the
+Keycloak documentation.
+In this example, a CLI script, configure-saml.cli, is executed to update the Keycloak SAML subsystem
+with relevant configuration.
Instead of adding configuration in the Keycloak SAML subsystem, configuration can be added in the deployment
+instead. In particular, the auth-method of the web application could be set to KEYCLOAK-SAML and
+adapter configuration could be provided in a keycloak-saml.json descriptor placed within the WEB-INF directory
+of the deployment.
+
+
+
+
10.3. WildFly Maven Plugin
+
+
The final installation option is to use the wildfly-maven-plugin to provision a server containing
+the Keycloak SAML subsystem.
+
+
+
The following is an example plug-in configuration to create a server for a web application
+using both the web-server and keycloak-client-saml layers:
As with the bootable JAR configuration, note that the latest version of WildFly in the universe can be dynamically
+selected but the Keycloak feature pack requires the complete groupId, artifactId, and version to be
+specified.
+
+
+
+
+
+
+
+
10.4. Propagating the Security Context to EJBs
+
+
The sample configuration in the above sections has referenced the keycloak-client-saml layer.
+If the security context for the application that is being secured with Keycloak SAML needs to
+be propagated to the EJB tier, the keycloak-client-saml-ejb layer should be used instead.
+This layer adds an application-security-domain mapping in the EJB3 subsystem to map the default
+security domain name other to the KeycloakDomain that is installed by the Keycloak feature pack.
+
+
+
+
+
+
11. Using Keycloak with WildFly Elytron
+
+
+
The ability to secure applications using OpenID Connect is provided by the elytron-oidc-client subsystem. For details about securing applications deployed on WildFly with OpenID Connect, by using Keycloak as the OpenID provider, see the Elytron OIDC Client documentation.
+
+
+
+
+
12. Bearer Token Authorization
+
+
+
Bearer Token Authorization is the process of authorizing HTTP requests based on the existence and validity of a bearer
+token representing a subject and his access context, where the token provides valuable information to determine the subject of the call as well whether or not a HTTP resource
+can be accessed.
+
+
+
Elytron supports bearer token authorization by providing a BEARER_TOKEN HTTP authentication mechanism based on RFC-6750 and
+an specific realm implementation, the token-realm, to validate tokens using the JWT format (for instance, OpenID Connect ID Tokens) or opaque tokens issued by any OAuth2 compliant
+authorization server.
+
+
+
12.1. How it Works
+
+
When a HTTP request arrives to your application, the BEARER_TOKEN mechanism will check if a bearer token was provided by checking the existence of an Authorization HTTP header with the following format:
+
+
+
+
GET /resource HTTP/1.1
+Host: server.example.com
+Authorization: Bearer mF_9.B5f-4.1JqM
+
+
+
+
If no bearer token was provided, the mechanism will respond with a 401 HTTP status code as follows:
When a bearer token is provided, the mechanism will extract the token from the request (in the example above, the token is represented by the string mF_9.B5f-4.1JqM) and pass it over
+to the token-realm in order to check if the token is valid and can be used to build a security context based on its information. Note that the BEARER_TOKEN mechanism is only responsible to
+check and extract bearer tokens from an HTTP request, whereas the token-realm is the one responsible for validating the token.
+
+
+
If validation succeeds, a security context will be created based on the information represented by the token and the application can use the newly created
+security context to obtain information about the subject making the request as well decide whether or not the request should be full filled. In case the validation fails,
+the mechanism will respond with a 403 HTTP status code as follows:
+
+
+
+
HTTP/1.1 403 Forbidden
+
+
+
+
+
12.2. Validating JWT Tokens
+
+
Elytron provides built-in support for JWT tokens, which can be enabled by defining a realm in the Elytron subsystem as follows:
+
+
+
+
<token-realmname="JwtRealm"principal-claim="sub">
+ <jwtissuer="as.example.com"
+ audience="api.example.com"
+ public-key="-----BEGIN PUBLIC KEY-----MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB-----END PUBLIC KEY-----"/>
+ </token-realm>
+
+
+
+
In the example above, the token-realm is defined with a principal-claim attribute. This attribute specifies which claim
+within the token should be used to identity the principal. If you have a token as follows:
Elytron will use the value associated with the sub claim as the identifier of the subject represented by the token.
+
+
+
The jwt element within the token-realm specifies that tokens should be validated as JWT and provides different configuration options on how they
+should be validated:
+
+
+
+
+
issuer
+
+
A list of strings representing the issuers supported by this configuration. During validation JWT tokens must have an "iss" claim that contains one of the values defined here
+
+
+
+
audience
+
+
A list of strings representing the audiences supported by this configuration. During validation JWT tokens must have an "aud" claim that contains one of the values defined here
+
+
+
+
public-key
+
+
A public key in PEM Format. During validation, if a public key is provided, signature will be verified based on the key you provided here. Alternatively,
+you can define a key-store and certificate attributes to configure the public key. This key will be used to verify tokens without "kid" claim.
+
+
+
+
key-store
+
+
As an alternative to public-key, you can also define a key store from where the certificate with a public key should be loaded from
+
+
+
+
certificate
+
+
The name of the certificate with a public key to load from the key store in case you defined the key-store attribute
+
+
+
+
client-ssl-context
+
+
The SSL context to be used if if you want to use remote JSON Web Keys. This enables you to use url from "jku" token claim to
+fetch public keys for token verification.
+
+
+
+
host-name-verification-policy
+
+
A policy that defines how host names should be verified when using remote JSON Web Keys. Allowed values: "ANY", "DEFAULT".
+
+
+
+
+
+
For being able to use different key pairs for signing / verification and for easier key rotation you can define key map. This will take the "kid" claim
+from the token and use corresponding public key for verification.
+
+
+
+
<token-realmname="JwtRealm"principal-claim="sub">
+ <jwtissuer="as.example.com"audience="api.example.com">
+ <keykid="1"public-key="-----BEGIN PUBLIC KEY-----MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANc4VlnN6oZwe1PoQQeJsTwu7LGS+eEbgYMNYXahidga4+BhdGKwzMZU54ABFQ11tUMJSENQ6o3n1YKVgMnxvcMCAwEAAQ==-----END PUBLIC KEY-----"/>
+ <keykid="2"public-key="-----BEGIN PUBLIC KEY-----MFswDQYJKoZIhvcNAQEBBQADSgAwRwJAcNpXy6psxC21DdnTtAdlgsEwEuJh/earH3q7xJPjmsygmrlpC66MG4/A/J9Gai2Hp+QdCSEVpBWkIoVff3sIlwIDAQAB-----END PUBLIC KEY-----"/>
+ </jwt>
+ </token-realm>
+
+
+
+
This token-realm will verify tokens with "kid" claims of value "1" or "2" using corresponding key.
+
+
+
Tokens without "kid" claim will be verified using the 'public-key' attribute of 'jwt', or in this case invalidated, as there is
+no key specified.
+
+
+
The jwt validator performs different checks in order to determine the validity of a JWT:
+
+
+
+
+
Expiration checks based on the values of the exp and nbf claims
+
+
+
Signature checks based on the public key provided via public-key or certificate attributes, key map with named public keys, or by fetching remote JSON Web Key Set
+using provided client-ssl-context. You can skip token signature verification by not defining any of these.
+
+
+
+
+
It is strongly recommended that you use signed JWTs in order to guarantee authenticity of tokens and make sure they were not tampered.
+
+
+
+
12.3. Validating OAuth2 Bearer Tokens
+
+
Elytron provides built-in support for tokens issued by an OAuth2 compliant authorization server, where these tokens are validated
+using a token introspection endpoint as defined by OAuth2 specification.
The auth2-introspection element within the token-realm specifies that tokens should be validated using an OAuth2 Token Introspection Endpoint and provides different configuration options on how they
+should be validated:
+
+
+
+
+
client-id
+
+
The identifier of the client on the OAuth2 Authorization Server
+
+
+
+
client-secret
+
+
The secret of the client
+
+
+
+
introspection-url
+
+
The URL of token introspection endpoint
+
+
+
+
client-ssl-context
+
+
The SSL context to be used if the introspection endpoint is using HTTPS.
+
+
+
+
host-name-verification-policy
+
+
A policy that defines how host names should be verified when using HTTPS. Allowed values: "ANY", "DEFAULT".
13.1.2. Configure the OpenSSL TLS provider on an SSL context
+
+
Instead of configuring the Elytron subsystem to use the OpenSSL TLS provider by default,
+it is also possible to specify that the OpenSSL TLS provider should be used for a specific
+SSL context. For example, the following command can be used to create a server-ssl-context
+that will use the OpenSSL TLS provider:
WildFly will search for the OpenSSL library using the standard system library search path. If you’d like to specify a
+custom location for the OpenSSL library, the org.wildfly.openssl.path property can be specified during WildFly startup.
+
+
+
If OpenSSL was loaded successfully, a message similar to the one below will occur in the server.log file on startup:
+
+
+
+
15:37:59,814 INFO [org.wildfly.openssl.SSL] (MSC service thread 1-7) WFOPENSSL0002 OpenSSL Version OpenSSL 1.1.1d FIPS 10 Sep 2019
+
+
+
+
+
13.3. Enabling TLSv1.3
+
+
WARNING It is possible to use TLSv1.3 with the OpenSSL TLS provider when using OpenSSL 1.1.1 or higher and
+when running against JDK 11 or higher. However, if JDK 11 is in use and if there is a very large number of
+TLSv1.3 requests being made, it is possible that a drop in performance (throughput and response time) will occur
+compared to TLSv1.2. For this reason, the use of TLSv1.3 is currently disabled by default. TLSv1.3 can be enabled
+by configuring the cipher-suite-names attribute for an SSL context. See the sections on
+Configuring a server SSLContext and
+Configuring a client SSLContext for more details. It is recommended to test
+for performance degradation prior to enabling TLSv1.3 in a production environment.
+
+
+
+
13.4. Adding Additional Native Libraries
+
+
By default, WildFly includes WildFly OpenSSL native libraries for commonly used platforms (Linux x86_64, Windows x86_64,
+Mac OS X x86_64, and Linux s390). However, the WildFly OpenSSL Natives project
+contains modules that can be used to build WildFly OpenSSL native libraries for other platforms as well. The steps needed to build and make
+use of a WildFly OpenSSL native library for a different platform than the ones provided by default will be described below.
+
+
+
13.4.1. Building the Native Library
+
+
Make sure you have cloned the WildFly OpenSSL Natives project
+locally. We’ll use $WILDFLY_OPENSSL_NATIVES to denote the path to this project. Next, cd to the module that you want
+to build. In this example, we’ll use the linux-i386 module but similar steps can be used to build and make use of another
+module instead.
+
+
+
+
cd $WILDFLY_OPENSSL_NATIVES/linux-i386
+mvn clean install
+
+
+
+
Notice that this now results in a wildfly-openssl-linux-i386-VERSION.jar in the $WILDFLY_OPENSSL_NATIVES/linux-i386/target directory.
+We’ll make use of this in the next step.
+
+
+
+
13.4.2. Overriding the Existing WildFly OpenSSL Module
+
+
We’re going to add a new module that will override the existing WildFly OpenSSL module that’s found in the
+$WILDFLY_HOME/modules/system/layers/base/org/wildfly/openssl directory. Notice that the existing module
+contains a Java artifact in its main directory and native libraries for the default platforms in its
+main/lib directory.
+
+
+
First, create a new module that contains the WildFly OpenSSL Java artifact from the existing module:
You should now see a libwfssl.so file in the $WILDFLY_HOME/modules/org/wildfly/openssl/main/lib/linux-i386 directory.
+
+
+
That’s it, WildFly will now make use of the newly added WildFly OpenSSL module instead of the existing one,
+allowing it to make use of the new native library when running on the Linux i386 platform. Additional
+native libraries can be added to the $WILDFLY_HOME/modules/org/wildfly/openssl/main/lib directory
+if desired.
+
+
+
+
+
+
+
14. Web Single Sign-On
+
+
+
This document will guide on how to enable single sign-on across different applications deployed into different servers, where these applications belong to same security domain.
+
+
+
14.1. Create a Server Configuration Template
+
+
For this document, you’ll need to run at least two server instances in order to check single sign-on and how it affect usability in your applications. Users should be able to log in once and have access to any application using the same security domain.
+
+
+
All configuration described in the next sections should be done with a server instance using standalone-ha.xml (or standalone-full-ha.xml).
+
+
+
Run a server instance using the following command:
+
+
+
+
bin/standalone.sh -c standalone-ha.xml
+
+
+
+
14.1.1. Create a HTTP Authentication Factory
+
+
+
+
+
+
+
+If you already have a http-authentication-factory defined in Elytron subsystem and just want to use it to enable single sign-on to your applications, please skip this section.{info}
+First, you need a security-domain which we’ll use to authenticate users. Please, execute the following CLI commands:
+
+
+
+
+
+
+
# Creates a FileSystem Realm, an identity store where users are stored in the local filesystem
+/subsystem=elytron/filesystem-realm=example-realm:add(path=/tmp/example-realm)
+
+# Creates a Security Domain
+/subsystem=elytron/security-domain=example-domain:add(default-realm=example-realm, permission-mapper=default-permission-mapper,realms=[{realm=example-realm, role-decoder=groups-to-roles}]
+
+# Creates an user that you can use to access your applications
+/subsystem=elytron/filesystem-realm=example-realm:add-identity(identity=alice)
+/subsystem=elytron/filesystem-realm=example-realm:add-identity-attribute(identity=alice, name=groups, value=["user"])
+/subsystem=elytron/filesystem-realm=example-realm:set-password(identity=alice, clear={password=alice})
+
+
+
+
Now you can create a http-authentication-factory that you’ll use to actually protect your web applications using Undertow:
+
+
+
+
# Create a Http Authentication Factory
+/subsystem=elytron/http-authentication-factory=example-http-authentication:add(security-domain=example-domain, http-server-mechanism-factory=global, mechanism-configurations=[{mechanism-name=FORM}]
+
+
+
+
+
14.1.2. Create a Application Security Domain in Undertow
+
+
+
+
+
+
+
+If you already have a _application-security-domain_ defined in Undertow subsystem and just want to use it to enable single sign-on to your applications, please skip this section.
+
+
+
+
+
+
In order to protect applications using the configuration defined in Elytron subsystem, you should create a application-security-domain definition in Undertow subsystem as follows:
By default, if your application does not define any specific security-domain in jboss-web.xml, the application server will choose one with a name other.
+
+
+
+
14.1.3. Create a Key Store
+
+
In order to create a key-store in Elytron subsystem, first create a Java Key Store as follows:
Single Sign-On is enabled to a specific application-security-domain definition in Undertow subsystem. It is important that the servers you will be using to deploy applications are using the same configuration.
+
+
+
To enable single-sign on, just change an existing application-security-domain in Undertow subsystem as follows:
After restarting the servers, users should be able to log in once and have access to any application using the same application-security-domain.
+
+
+
+
+
14.2. Create Two Server Instances
+
+
All configuration you did so far should be reflected in $JBOSS_HOME/standalone/standalone-ha.xml. You can now create two distinct server configuration directories_:\_
+Make sure you have at least a welcome file (e.g.: index.html\|jsp).
+
+
+
+
+
+
+
+
Deploy your application into both server instances and try to log in using the user you created at the beginning of this document:
+
+
+
+
+
Username: alice
+
+
+
Password: alice
+
+
+
+
+
+
+
+
+
+
15. Audit
+
+
+
WildFly Elytron supports audit using security event listeners - components
+which captures security events, like successful or unsuccessful login attempts.
+
+
+
15.1. File audit log
+
+
File audit log logs security events into a local file.
+It requires to define path to the log file, which can be relative-to a system property.
+It also allows to set the file format - human readable SIMPLE or JSON.
+The encoding used by the audit file can be set using encoding. The default value is UTF-8. Possible values: UTF-8, UTF-16BE, UTF-16LE, UTF-16, US-ASCII or ISO-8859-1.
+While in WildFly 14 there was only one attribute synchronized, which had influence on data reliability, now there is possible more fine grained performance and reliability tunning:
+* autoflush defines whether should be output stream flushed after every audit event (guarantees that the log message is passed to the operating system immediately)
+* synchonized defines whether should be file descriptor synchronized after every audit event (guarantees that all system buffers are synchronized with the underlying device)
+
+
+
+
15.2. Syslog Audit Logging
+
+
Syslog audit logging logs security events to a syslog server using a transmission protocol.
+WildFly Elytron supports using UDP, TCP, or TCP with SSL, with the latter protocol requiring
+a SSLContext to be defined. When syslog audit logging is first defined, Elytron will send
+an INFORMATIONAL priority event to the defined syslog server containing the message
+"Elytron audit logging enabled with RFC format: <format>", where <format> is the
+RFC format that the audit logging handler has been defined with, defaulting to RFC5424.
+If the given syslog server is not defined, resulting in Elytron being unable to send the
+message, then Elytron will keep track of the amount of attempts that sending a message has
+failed, up to a maximum defined by the reconnect-attempts parameter, before
+closing the endpoint and reporting an error. It is possible to define this value
+as infinite, by specifying -1, in which case Elytron will never close the
+endpoint and so will always attempt to send audit messages despite previous failures.
+
+
+
15.2.1. Required Parameters
+
+
+
+
+
+
+
+
Parameter
+
Value
+
+
+
+
+
server-address
+
String consisting of the IP address, or a name recognized by Java’s InetAddress.getByName(), of the syslog server
+
+
+
port
+
int of the listening port on the syslog server
+
+
+
host-name
+
String of the host name that will be embedded into all events sent to the syslog server
+
+
+
ssl-context
+
The SSLContext used to connect to the syslog server, only required if transport is set to SSL_TCP
+
+
+
+
+
+
15.2.2. Optional Parameters
+
+
+
+
+
+
+
+
+
+
Parameter
+
Description
+
Possible Values
+
Default Value
+
+
+
+
+
transport
+
The transport protocol to be used to connect to the syslog server
+
String of: UDP, TCP, or SSL_TCP
+
TCP
+
+
+
format
+
The format that audit events should be recorded in
+
String of SIMPLE or JSON
+
SIMPLE
+
+
+
syslog-format
+
The RFC format to be used for describing the audit event
+
String of RFC5424 or RFC3164
+
RFC5424
+
+
+
reconnect-attempts
+
The maximum number of times that elytron will attempt to send successive messages to a syslog server before closing the endpoint to disallow further attempts to send messages.
+
int of -1 (infinite attempts) or higher
+
0
+
+
+
+
+
+
15.2.3. Defining Syslog Audit Logging
+
+
Syslog audit logging can be defined under the elytron subsystem resource. Some
+examples syslog audit logging resources can be created with the following commands:
+
+
+
Minimum Resource Definition
+
+
Using the following command will generate a syslog audit logging resource that connects with
+TCP, records audit events in a simple format, and uses RFC5424 to describe the audit event.
Default Format and Reconnect Attempts with UDP and RFC3164
+
+
Using the following command will generate a syslog audit logging resource that connects with
+UDP, does not send any further messages to the syslog server if there is an error sending,
+records audit events in a simple format, and uses RFC3164 to describe the audit event.
Full UDP Definition with RFC5424 Explicitly Set and 10 Reconnect Attempts
+
+
Using the following command will generate a syslog audit logging resource that connects with
+UDP, attempts to send messages 10 times if there is an error sending before no longer sending messages,
+records audit events in a simple format, and uses RFC5424 to describe the audit event.
Full UDP Definition with Infinite Reconnect Attempts and JSON Format
+
+
Using the following command will generate a syslog audit logging resource that connects with
+UDP, always attempts to send messages despite previous failures sending messages, records audit
+events in a JSON format, and uses RFC5424 to describe the audit event.
One new component included with WildFly Elytron for the secure storage of credentials is the Credential Store. Previous versions of the application server made use of the Vault which was used for the secure storage of clear text strings; the credential store moves forward a step to focus on the secure storage of credentials. As with the Vault the stored credentials could be clear text passwords however other formats are also supported.
+
+
+
WildFly Elytron contains two default credential store implementations. The first implementation is the KeyStoreCredentialStore which is an
+implementation backed by a KeyStore. The KeyStoreCredentialStore implementation supports the storage of various credential types,
+PasswordCredential, KeyPairCredential, and SecretKeyCredential. The second implementation is the PropertiesCredentialStore. This credential
+store is dedicated to the storage of SecretKeyCredential instances using a properties file. The PropertiesCredentialStore does not offer any protection
+of the credentials it stores so its primary purpose is to provide an initial key to a server environment.
+
+
+
This documentation is primarily focused on the KeyStoreCredentialStore and PropertiesCredentialStore; however the section Custom CredentialStore describes the SPIs for implementing a custom credential store and the section Migrating Existing Vaults describes how to convert a vault to a credential store.
+
+
+
It is possible to operate on credential stores using either a standalone command line tool elytron-tool.sh which is included with WildFly or by using management operations through the jboss-cli.sh, management console or other management client calling the management interface directly.
+
+
+
The elytron-tool.sh script to execute the command line tool can be found within the bin folder of the application server installation.
+
+
+
The WildFly Elytron tool supports a number of commands, one of which being credential-store which operates on a credential store. The commands in this documentation are making use of the .sh script on linux; the elytron-tool.bat and elytron-tools.ps1 scripts can be used on Microsoft Windows.
+
+
+
The following command provides a summary of the command line arguments which can be used with the credential-store command:
The KeyStoreCredentialStore supports the largest number of credential types which can be stored within a credential store, additionally as the implementation is backed by a Java KeyStore the storage is protected using the mechanisms provided by the KeyStore implementations.
+
+
+
Command Line
+
+
When using the credential-store command of the elytron-tool.sh script by default, this command assumes the type of the store is a KeyStoreCredentialStore backed by a JCEKSKeyStore.
+
+
+
A new credential store can be created using the following command: -
+
+
+
+
]$ bin/elytron-tool.sh credential-store --create --location=standalone/configuration/mycredstore.cs
+Credential store password:
+Confirm credential store password:
+Credential Store has been successfully created
+
+
+
+
This command prompts twice for the password that should be used to secure the store. Alternatively the password can be passed in using the --password argument however that may mean the password is cached in the local command history or visible to other users viewing the list of running processes.
+
+
+
+
+
+
+
+
+The command line tool only creates the instance of the credential store on the underlying file system; the management operation is still required to define the credential store in the elytron subsystem.
+
+
+
+
+
+
+
Management Operation
+
+
It is also possible to operate on a credential store using management operations against a running server using the application server’s CLI.
+
+
+
The following operation can be used to add a credential-store resource to the elytron subsystem referencing this newly created credential store.
In this example the resource was added to reference an existing credential store, however with a small change this command can also automatically create the store if it does not exist.
+The file representing the credential store is not created immediately, it will instead be created the first time a credential is added.
+
+
+
+
+
+
Previous versions of the application server supported a single vault definition only; credential stores however are cross-referenced by name so multiple credential stores can be defined simultaneously.
This is a simple credential store implementation which can only be used to store SecretKey instances. This credential store also does not offer any protection of the contents.
+Within an application server environment it is always possible to get into a cycle of how is an initial secret provided to unlock further resources, this is primarily the purpose
+of this credential store. The strategy in the past had been to use masking of a password using password based encryption, the down side of this approach was the password used for
+the masking was stored in the source code and being an open source project this means the password is well known. By using the PropertiesCredentialStore installations are back
+in control of the initial secret. Although this credential store does not offer its own protection filesystem level access control can still be used to restrict access ideally to
+just the application server process.
+
+
+
Command Line
+
+
A new credential store can be created using the following command: -
+
+
+
+
]$ bin/elytron-tool.sh credential-store --create --location=standalone/configuration/propcredstore.cs --type PropertiesCredentialStore
+Credential Store has been successfully created
+
+
+
+
+
Management Operation
+
+
It is also possible to operate on a credential store using management operations against a running server using the application server’s CLI.
+
+
+
The following operation can be used to add a secret-key-credential-store resource to the elytron subsystem referencing this newly created credential store.
In this example the resource was added to reference an existing credential store, however with a small change this command can also automatically create the store if it does not exist, and
+populate it with a generated SecretKey under the alias key if it does not already exist.
+If you rely on automatic generation of a SecretKey be sure to create a backup of the key as soon as possible. If you were to loose the key we do not have a mechanism to decrypt anything
+encrypted with the lost key.
+
+
+
+
+
+
+
+
+
16.2. Credential Manipulation
+
+
The contents of the credential stores can be manipulated using either the command line tool or by using management operations. Unlike key stores the credential store APIs allow for multiple entries to be stored under a single alias provided each entry is of a different credential type.
+
+
+
16.2.1. Adding Credentials
+
+
The different credential store implementations support different credential types as illustrated in this table.
+
+
+
+
+
+
+
+
+
+
Credential Type
+
KeyStoreCredentialStore
+
PropertiesCredentialStore
+
+
+
+
+
PasswordCredential
+
Supported
+
Unsupported
+
+
+
KeyPairCredential
+
Supported
+
Unsupported
+
+
+
SecretKeyCredential
+
Supported
+
Supported
+
+
+
+
+
As with all the manipulation options it is possible to use either the command line tool or management operations against a running server to modify the contents of the store.
+
+
+
+
+
+
+
+
+Care should be taken when using the command line tool to ensure the store is not currently in use by any other processes. If the store is in use by another process which updates the contents of the store changes made by the tool could be lost.
+
+
+
+
+
+
PasswordCredential
+
+
Using the tooling it is possible to add a clear text password as a credential.
+
+
+
Command Line
+
+
The following command adds a new credential with an alias of example to the store using the command line tool: -
+
+
+
+
]$ bin/elytron-tool.sh credential-store --add=example --location=standalone/configuration/mycredstore.cs
+Credential store password:
+Secret to store:
+Confirm secret to store:
+Alias "example" has been successfully stored
+
+
+
+
+
Management Operation
+
+
Using a management operation the following command can be used to add a new alias of example to the credential store.
The following command allows you to import a key pair credential with an alias of example from a file containing
+a private key in OpenSSH format:
+
+
+
+
]$ bin/elytron-tool.sh credential-store --import-key-pair example --private-key-location /home/user/.ssh/id_rsa --location=standalone/configuration/mycredstore.cs
+Credential store password:
+Confirm credential store password:
+Passphrase to be used to decrypt private key (can be nothing if no passphrase was used to encrypt the key): secret
+Confirm passphrase to be used to decrypt private key (can be nothing if no passphrase was used to encrypt the key): secret
+Alias "example" has been successfully stored
+
+
+
+
The following command allows you to import a key pair credential with an alias of example by specifying a private key in OpenSSH format :
+
+
+
+
]$ bin/elytron-tool.sh credential-store --import-key-pair example --private-key-string="-----BEGIN OPENSSH PRIVATE KEY-----
+ b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCdRswttV
+ UNQ6nKb6ojozTGAAAAEAAAAAEAAABoAAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
+ dHAyNTYAAABBBAKxnsRT7n6qJLKoD3mFfAvcH5ZFUyTzJVW8t60pNgNaXO4q5S4qL9yCCZ
+ cKyg6QtVgRuVxkUSseuR3fiubyTnkAAADQq3vrkvuSfm4n345STr/i/29FZEFUd0qD++B2
+ ZoWGPKU/xzvxH7S2GxREb5oXcIYO889jY6mdZT8LZm6ZZig3rqoEAqdPyllHmEadb7hY+y
+ jwcQ4Wr1ekGgVwNHCNu2in3cYXxbrYGMHc33WmdNrbGRDUzK+EEUM2cwUiM7Pkrw5s88Ff
+ IWI0V+567Ob9LxxIUO/QvSbKMJGbMM4jZ1V9V2Ti/GziGJ107CBudZr/7wNwxIK86BBAEg
+ hfnrhYBIaOLrtP8R+96i8iu4iZAvcIbQ==
+ -----END OPENSSH PRIVATE KEY-----"
+ --location=standalone/configuration/mycredstore.cs
+Credential store password:
+Confirm credential store password:
+Passphrase to be used to decrypt private key (can be nothing if no passphrase was used to encrypt the key): secret
+Confirm passphrase to be used to decrypt private key (can be nothing if no passphrase was used to encrypt the key): secret
+Alias "example" has been successfully stored
+
+
+
+
+
+
+
+
+
+If specifying your key in PKCS format rather than OpenSSH format, you must specify both the private and public key. The
+PKCS private key must also not be encrypted with a passphrase.
+
+
+
+
+
+
Alternatively to importing, you may use the command line tool to generate and store a key pair credential in a credential store.
+The following command allows you to generate and store a key pair credential under the alias example using the ecdsa algorithm:
+
+
+
+
]$ bin/elytron-tool.sh credential-store --generate-key-pair example --algorithm EC --location=standalone/configuration/mycredstore.cs
+Credential store password:
+Confirm credential store password:
+Alias "example" has been successfully stored
+
+
+
+
You can then export the public key generated in OpenSSH format using the following command:
+
+
+
+
]$ bin/elytron-tool.sh credential-store --export-key-pair-public-key example
+Credential store password:
+Confirm credential store password:
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMfncZuHmR7uglb0M96ieArRFtp42xPn9+ugukbY8dyjOXoi
+cZrYRyy9+X68fylEWBMzyg+nhjWkxJlJ2M2LAGY=
+
+
+
+
+
+
SecretKeyCredential
+
+
Command Line
+
+
Each of the examples in this section uses the KeyStoreCredentialStore to use the PropertiesCredentialStore this can be specified on the command line by adding the --type PropertiesCredentialStore parameter to the command line.
+
+
+
A new secret key can be generated with the following command.
+
+
+
+
]$ bin/elytron-tool.sh credential-store --generate-secret-key=example --location=standalone/configuration/mycredstore.cs
+Credential store password:
+Alias "example" has been successfully stored
+
+
+
+
By default this will create a 256 bit secret key, if either a 128 bit or 192 bit secret key is desired this can be specified with the --size=128 or --size=192 parameters respectively.
+
+
+
An existing secret key can be exported with the following command.
+
+
+
+
]$ bin/elytron-tool.sh credential-store --export-secret-key=example --location=standalone/configuration/mycredstore.cs
+Credential store password:
+Exported SecretKey for alias example=RUxZAUucgH8RSMNvoUj/rMz+pBZddttGCuT9of4TgfYLnN5Z1w==
+
+
+
+
+
+
+
+
+
+The exported key uses a custom representation to allow Elytron to recognise exported keys.
+
+
+
+
+
+
Finally a previously exported secret key can be imported with the following command.
+
+
+
+
]$ bin/elytron-tool.sh credential-store --import-secret-key=imported --location=standalone/configuration/mycredstore.cs
+Credential store password:
+SecretKey to import: RUxZAUucgH8RSMNvoUj/rMz+pBZddttGCuT9of4TgfYLnN5Z1w==
+Alias "imported" has been successfully stored
+
+
+
+
It is possible to also specify the key to import on the command line e.g. --key=RUxZAUucgH8RSMNvoUj/rMz+pBZddttGCuT9of4TgfYLnN5Z1w== but this would be vieweable by others users that can consult running processes and might also be cached in the history of the shell executing the commands.
+
+
+
+
Management Operations
+
+
For secret key manipulation the same set of command are available for both the credential-store resource and the secret-key-credential-store resource.
+
+
+
A new secret key can be generated with the following command.
Finally a previously exported secret key can be imported with the following commands.
+
+[standalone@localhost:9990 /] history --disable
+[standalone@localhost:9990 /] /subsystem=elytron/credential-store=mycredstore:import-secret-key(alias=imported, key="RUxZAUs+Y1CzEPw0g2AHHOZ+oTKhT9osSabWQtoxR+O+42o11g==")
+{"outcome" => "success"}
+[standalone@localhost:9990 /] history --enable
+
+
+
+
In this last example we also temporarily disable the history in the CLI to prevent the key from being cached in the CLI hisory.
+
+
+
+
+
+
16.2.2. Listing Aliases
+
+
It is possible to list the aliases contained within the credential store, however it is not possible to list the actual values stored.
+
+
+
Command Line
+
+
Using the command line tool will show a list of aliases stored within the credential store:
+
+
+
+
]$ bin/elytron-tool.sh credential-store --aliases --location=standalone/configuration/mycredstore.cs
+Credential store password:
+Credential store contains following aliases: example
+
+
+
+
+
Management Operation
+
+
The following management operation will also show the aliases contained within the credential store.
Finally, it is also possible to remove an alias from the credential store.
+
+
+
Command Line
+
+
Using the WildFly Elytron Tool the following command will remove an alias from the store.
+
+
+
+
]$ bin/elytron-tool.sh credential-store --remove=example --location=standalone/configuration/mycredstore.cs
+Credential store password:
+Confirm credential store password:
+Alias "example" has been successfully removed
+
+
+
+
+
Management Operation
+
+
The following management operation can be used to remove an alias from the credential store.
By default the credential-store resource assumes the type to be removed is PasswordCredential. If a different type is to be removed it can be specified with the entry-type=SecretKeyCredential parameter. The secret-key-credential-store only holds secret keys so the entry type never needs to be specified.
+
+
+
+
+
+
16.3. Referencing Credentials
+
+
After being able to populate and manipulate a credential store the next step is being able to reference the stored credential so that it can be used.
+
+
+
16.3.1. Management Model References
+
+
Various resources that make use of credentials across the application server’s management model contain credential-reference attributes that can be used either to specify a clear-password or to cross-reference a credential from within a configured credential store.
+
+
+
The following is an example of how to define a key-store within the Elytron subsystem specifying a clear text password to access the store.
The above command assumes that the referenced credential already exists in the previously defined credential store.
+The next section will describe how credentials can automatically be added to the previously defined credential store.
+
+
+
+
16.3.2. Automatic Updates of Credential Stores
+
+
Instead of needing to add a credential to a previously defined credential store in order to reference it from a credential-reference,
+it is possible to have the credential get added automatically to the previously defined credential store by specifying both
+the store and clear-text attributes for the credential-reference. In particular, when adding a new credential-reference
+with both the store and clear-text attributes specified:
+
+
+
+
+
If the alias attribute is also specified, then one of the following will occur:
+
+
+
+
If the previously defined credential store does not contain an entry for the given alias, a new entry will be added
+to the credential store to hold the clear text password that was specified. The clear-text attribute will then be
+removed from the management model.
+
+
+
If the credential store does contain an entry for the given alias, the existing credential will be replaced with the
+clear text password that was specified. The clear-text attribute will then be removed from the management model.
+
+
+
+
+
+
If the alias attribute is not specified, an alias will be generated and a new entry will be added to the credential
+store to hold the clear text password that was specified. The clear-text attribute will then be removed from the
+management model.
+
+
+
+
+
As an example, the following CLI command will result in a new entry being added to the previously defined credential
+store, mycredstore, with alias myNewAlias and credential myNewPassword:
When updating an existing credential-reference that contains both the alias and store attributes to also specify
+the clear-text attribute:
+
+
+
+
+
The existing credential in the previously defined credential store will be replaced with the clear text password that
+was specified. The clear-text attribute will then be removed from the management model.
+
+
+
+
+
As an example, the following CLI command will result in updating the credential for the myNewAlias entry that was just
+added to the previously defined credential store:
+If an operation that includes a credential-reference parameter fails for any reason,
+ no automatic credential store update will take place, i.e., any credential store that was
+ specified via the credential-reference attribute will contain the same contents as it
+ did before the operation was executed.
+
+
+
+
+
+
+
16.3.3. wildfly-config.xml
+
+
If you are making use of the wildfly-config.xml descriptor it is also possible to define a credential store within this descriptor to obtain credentials without requiring them to be in-lined within the configuration.
+
+
+
As an example the CLI can be executed with a configuration:
Within this second example the key changes being the addition of the <credential-stores /> section and updating the <credentials/> section to use a <credential-store-reference/> to specify which credential store should be used and which alias from that credential store should be used.
+
+
+
In the above example, the credential store’s protection parameter is specified as a clear password, but it is also possible
+to specify it as a masked password.
It is also possible to make use of the CredentialStore APIs directly. This could be useful for applications that require access to securely stored credentials. This could also be an option for an application to populate a credential store for use elsewhere.
+
+
+
The following code demonstrates how to obtain an initialised instance of KeyStoreCredentialStore so it can be used to store and retrieve credentials.
+As the type is specified when retrieving a credential it is possible to store multiple credentials under the same alias.
+
+
+
+
+
+
Please use the published javadoc for more information in relation to the APIs and the credential types supported within WildFly Elytron.
+
+
+
+
16.5. Migrating Existing Vaults
+
+
If migrating from a prior version of the application server it is possible that you already are making use of a PicketBox vault for the storage of clear text passwords. The tooling provided can be used to convert the vault to the format used by the KeyStoreCredentialStore.
+
+
+
Within the WildFly Elytron command line tool an additional command vault is available specifically for the conversion of legacy vaults to a credential store. A complete vault can be converted to a credential store with the following command: -
When executing this command the destination credential store must not already exist. The password used for the credential store will be the password originally used for the vault.
+
+
+
Entries stored within the vault would have been stored specifying a "block" and "alias" value; within the credential store the new alias will be block::alias.
+
+
+
+
16.6. Custom Credential Store
+
+
It is also possible to provide custom credential store implementations. Overall the pattern to implementing a custom credential store is very similar to the pattern that would be followed to implement a custom key store.
+
+
+
+
+
Extend the SPI
+
+
+
Implement a java.security.Provider to register the implementation.
+
+
+
+
+
The SPI to be extended is org.wildfly.security.credential.store.CredentialStoreSpi. The custom implementation will be required to implement the following methods.
This method is required to perform the initialisation of the credential store, by taking in a Map of attributes it allows for custom configuration to be provided as required by the store.
+
+
+
+
publicabstractboolean isModifiable();
+
+
+
+
A credential store needs to advertise if it supports modifications so clients can determine if the modification APIs can be used.
A default implementation of exists already is implemented which checks if a call to retrieve returns a credential as requested. However it could be optimal to check the existence of a credential without actually loading it. The getAliases method is optional as some implementations may only be able to retrieve a credential by name rather than query all available credentials.
+
+
+
The next set of methods to implement are the methods needed for updates to be applied to the underlying credential store.
The store and remove methods either add credentials to a credential store or remove them. Implementing the flush method is optional but this method can be used as a trigger for a store to persist its state.
+
+
+
The final stage is to provide an implementation of java.security.Provider which can return an instance of the SPI for the CredentialStore service type. The WildFly Elytron provider which makes the Elytron implementations available is org.wildfly.security.credential.store.WildFlyElytronCredentialStoreProvider. The source code for this provider can be used as an example.
+
+
+
+
16.7. Reference
+
+
The previous sections have made use of either the WildFly Elytron Tool or the management operations and specified the arguments and configuration options required for the action being performed. These operations and tools however support a variety of other options so this section provides some additional detail.
+
+
+
16.7.1. Elytron Tool - credential-store Command
+
+
Examples of how to structure calling the credential-store command were provided earlier. When using the credential-store command the following actions are possible: -
+
+
+
Table 12. credential-store Actions
+
+
+
+
+
+
+
Action
+
Description
+
+
+
+
+
-a,--add <alias>
+
Add a new entry to the credential store using the specified alias.
+
+
+
-c,--create
+
Create a new credential store instance.
+
+
+
-e,--exists <alias>
+
Test if the specified alias already exists in the credential store.
+
+
+
-r,--remove <alias>
+
Remove the alias specified from the credential store.
+
+
+
-g,--generate-key-pair <alias>
+
Generate a new key pair credential and add it as an entry to the credential store using the specified alias.
+
+
+
--generate-secret-key <alias>
+
Generate a new secret key credential and add it as an entry to the credential store using the specified alias.
+
+
+
--export-secret-key <alias>
+
Export a secret key credential identified using the specified alias.
+
+
+
-xp,--export-key-pair-public-key <alias>
+
Display the public key of a key pair credential entry under the specified alias in OpenSSH format.
+
+
+
--import-secret-key <alias>
+
Import a secret key credential and add it as an entry to the credential store using the specified alias.
+
+
+
-ikp,--import-key-pair <alias>
+
Add a new key pair credential entry to the credential store using the specified alias.
+
+
+
--encrypt <alias>
+
Encrypt a clear text string using the secret key stored under the specified alias.
+
+
+
-v,--aliases
+
Display all aliases
+
+
+
-f,--summary
+
Print summary, especially command how to create this credential store
+
+
+
-h,--help
+
Get help with usage of this command
+
+
+
+
+
The following parameters can be provided for each action to specify how to load the store.
+
+
+
Table 13. credential-store Parameters
+
+
+
+
+
+
+
Parameter
+
Description
+
+
+
+
+
-d,--debug
+
Print stack trace when error occurs.
+
+
+
-i,--iteration <arg>
+
Iteration count for final masked password of the credential store
+
+
+
-l,--location <loc>
+
Location of credential store storage file
+
+
+
-n,--entry-type <type>
+
Type of entry in credential store
+
+
+
-o,--other-providers <providers>
+
Comma separated list of Jakarta Connectors provider names. Providers will be supplied to the credential store instance. Each provider must be installed through java.security file or through service loader from properly packaged jar file on classpath.
+
+
+
-p,--password <pwd>
+
Password for credential store
+
+
+
-q,--credential-store-provider <cs-provider>
+
Provider name containing CredentialStoreSpi implementation. Provider must be installed through java.security file or through service loader from properly packaged jar file on classpath.
+
+
+
-s,--salt <arg>
+
Salt to apply for final masked password of the credential store
+
+
+
-t,--type <type>
+
Credential store type
+
+
+
-u,--properties <arg>
+
Implementation properties for credential store type in form of "prop1=value1; … ;propN=valueN"
+
+
+
-x,--secret <secret to store>
+
Password credential value
+
+
+
+
+
The following parameters can be provided for the generate-key-pair command:
+
+
+
Table 14. generate-key-pair Parameters
+
+
+
+
+
+
+
+
Parameter
+
Description
+
Default Value
+
+
+
+
+
-k, --algorithm <algorithm name>
+
The encryption algorithm to be used. One of: RSA, DSA, or EC
+
RSA
+
+
+
-j,--size <size in bytes>
+
Size of the private key in bytes
+
RSA: 2048, DSA: 2048, EC: 256
+
+
+
+
+
The following parameter can be provided for the generate-secret-key command:
+
+
+
Table 15. generate-secret-key Parameter
+
+
+
+
+
+
+
+
Parameter
+
Description
+
Default Value
+
+
+
+
+
--size
+
Size of the secret key in bits, can be one of 128, 192, or 256.
+
256
+
+
+
+
+
The following parameters can be provided for the import-key-pair command:
+
+
+
Table 16. import-key-pair Parameters
+
+
+
+
+
+
+
Parameter
+
Description
+
+
+
+
+
-pvk, --private-key-string <private key to store>
+
The private key as a string. Alternative to private-key-location
+
+
+
-pvl, --private-key-location <path>
+
The path to a file containing a private key. Alternative to private-key-string
+
+
+
-pbk, --public-key-string <public key to store>
+
The public key as a string. Alternative to public-key-location
+
+
+
-pbl, --public-key-location <path>
+
The path to a file containing a public key. Alternative to public-key-string
+
+
+
-kp, --key-passphrase <passphrase>
+
The passphrase used to decrypt the private key if needed. Can also be specified via prompt
+
+
+
+
+
The following parameter can be provided for the import-secret-key command:
+
+
+
Table 17. import-secret-key Parameter
+
+
+
+
+
+
+
+
Parameter
+
Description
+
Default Value
+
+
+
+
+
--key
+
The secret key to be imported, if not specified the key will be prompted for.
+
N/A
+
+
+
+
+
The following parameters can be provided for the encrypt command:
+
+
+
Table 18. encrypt Parameters
+
+
+
+
+
+
+
+
Parameter
+
Description
+
Default Value
+
+
+
+
+
--clear-text <clear text>
+
The clear text string to encrypt, if omitted this wil be prompted for.
+
N/AThe following parameters can be provided for the generate-key-pair command:
+
.generate-key-pair Parameters
+
+
+
+
+
|Parameter |Description |Default Value
+
+
+
|-k, --algorithm <algorithm name>
+|The encryption algorithm to be used. One of: RSA, DSA, or EC
+|RSA
+
+
+
+
16.7.2. Elytron Tool - vault Command
+
+
The vault command is used to convert a legacy vault to a credential store and supports the following parameters.
+
+
+
Table 19. vault Parameters
+
+
+
+
+
+
+
Parameter
+
Description
+
+
+
+
+
-b,--bulk-convert <description file>
+
Bulk conversion with options listed in description file.
+
+
+
-d,--debug
+
Print stack trace when error occurs.
+
+
+
-e,--enc-dir <dir>
+
Vault directory containing encrypted files (defaults to "vault")
+
+
+
-f,--summary
+
Print summary of conversion
+
+
+
-h,--help
+
Get help with usage of this command
+
+
+
-i,--iteration <arg>
+
Iteration count (defaults to "23")
+
+
+
-k,--keystore <keystore>
+
Vault keystore URL (defaults to "vault.keystore")
+
+
+
-l,--location <loc>
+
Location of credential store storage file (defaults to "converted-vault.cr-store" in vault encryption directory)
+
+
+
-o,--other-providers <providers>
+
Comma separated list of Jakarta Connectors provider names. Providers will be supplied to the credential store instance. Each provider must be installed through java.security file or through service loader from properly packaged jar file on classpath.
+
+
+
-p,--keystore-password <pwd>
+
Vault keystore password, used to open original vault key store, and used as password for new converted credential store
+
+
+
-q,--credential-store-provider <cs-provider>
+
Provider name containing CredentialStoreSpi implementation. Provider must be installed through java.security file or through service loader from properly packaged jar file on classpath.
+
+
+
-s,--salt <salt>
+
8 character salt (defaults to "12345678")
+
+
+
-t,--type <type>
+
Converted credential store type (defaults to "KeyStoreCredentialStore")
+
+
+
-u,--properties <arg>
+
Configuration parameters for credential store in form of: "parameter1=value1; … ;parameterN=valueN"
+
+
+
-v,--alias <arg>
+
Vault key alias within key store (defaults to "vault")
+
+
+
+
+
+
16.7.3. KeyStoreCredentialStore
+
+
When configuring the KeyStoreCredentialStore the following configuration options are supported.
+
+
+
Table 20. KeyStoreCredentialStore Configuration
+
+
+
+
+
+
+
+
Name
+
Default
+
Description
+
+
+
+
+
create
+
false
+
If the credential store does not exist should it be created?
+
+
+
cryptographicAlgorithm
+
AES/CBC/NoPadding
+
The algorithm to use when using an external store.
+
+
+
external
+
false
+
Should external storage be used?
+
+
+
externalPath
+
N/A
+
Path to external storage.
+
+
+
keyAlias
+
cs_key
+
The alias to use from the KeyStore when working with external storage.
+
+
+
keyStoreType
+
KeyStore.getDefault()
+
The type of the key store used for the credential store.
+
+
+
location
+
N/A
+
The location of the credential store.
+
+
+
modifiable
+
true
+
Should the store be modifiable via the exposed API.
+
+
+
+
+
+
+
+
+
17. Encrypted Expressions
+
+
+
WildFly Elytron provides support for handling encrypted expressions in the management model using a SecretKey from a CredentialStore to decrypt the expression at runtime.
+
+
+
For information regarding how to create, configure, and populate credential stores including the manipulation of secret keys please refer to the Credential Store chapter.
+
+
+
Within the elytron subsystem one or more resolvers can be defined to handle the decryption of a previously encrypted expression. Each resolver will reference a single secret key in a
+single credential store which it will use to decrypt the expressions. Encrypted expressions can take one of two forms:
In both cases the ENC prefix is used to identify the expression is an encrypted expression. This prefix is the default however it is possible to define an alternative prefix for use
+across the configuration.
+
+
+
Within the first example the ResolverName is the name of an individual resolver definition. The name of the resolver has been omitted in the second example as it is also possible
+to define a default resolver which will be used if no resolver is specified within the expression.
+
+
+
17.1. expression=encryption resource
+
+
Support for decrypting expressions is enabled by defining a singleton expression=encryption resource within the elytron subsystem.
+
+
+
This resource can be defined with the following attributes.
+
+
+
+
+
prefix (Default ENC) - The prefix used within the encrypted expressions.
+
+
+
default-resolver (Optional) - For expressions that do not define a resolver, the default resolver to use.
+
+
+
resolvers - A lit of one more named resolver definitions.
+
+
+
+
+
An individual resolver is defined with three attributes:
+
+
+
+
+
name - The name of the individual configuration used to reference it.
+
+
+
credential-store - Reference to the credential store instance that contains the secret key this resolver will use.
+
+
+
secret-key - The alias of the secret key within the credential store to use.
+
+
+
+
+
The following is an example CLI command to define an expression=encryption resource in the elytron subsystem with two resolver definitions one if which is a
+default and an alternative prefix.
+The following section illustrates how to create an encrypted expression. If you repeat the same command for the same clear text it is normal that a different
+result is returned for the same key. This is because a unique initialisation vector is used for each call.
+
+
+
+
+
+
17.2.1. Management Operation
+
+
Once the expression=encryption resource has been defined the create-expression management operation can be called to generate an expression using the referenced
+secret key.
+
+
+
+
+
+
+
+
+When using management operations to create expressions from a clear-text string remember to disable the history in the CLI first otherwise the clear text string will be cached.
+
+
+
+
+
+
In these examples the expression=encryption resource has been configured to use the default prefix.
In both cases the resulting expression can be used on any attribute of a resource which supports the use of expressions.
+
+
+
+
17.2.2. Command Line Tool
+
+
Once a credential store has been populated with a secret key the credential-store command of the elytron-tool can also be used to create the encrypted string to include in an expression.
+
+
+
+
]$ bin/elytron-tool.sh credential-store --location standalone/configuration/store-one.cs --type PropertiesCredentialStore --encrypt key
+Clear text value:
+Confirm clear text value:
+Clear text encrypted to token 'RUxZAUMQvGzk6Vaadp2cahhZ6rlPhHOZcWyjXALlAthrENvRTvQ=' using alias 'key'.
+
+
+
+
The --encrypt action is used with the credential-store command, the argument to this action is the alias of the secret key to use. In this form the tool will prompt
+twice for the clear text which is being encrypted. When using the command line tool the output is just the Base64 encoded encrypted ciphertext. To use this in the management model
+it will need to be included in an expression as described earlier i.e. using the appropriate prefix and if required resolver name.
+
+
+
When using the --encrypt action it is also possible to pass in --clear-text parameter to pass in the clear text directly but this may be visible to other users and may also
+be cached in the command history of your shell.
+
+
+
+
+
17.3. Domain Mode
+
+
When using encrypted expressions in domain mode things are slightly different to how the legacy vault may have been used in the past.
+
+
+
To make use of encrypted expressions in the host controller configuration the expression=encryption resource and relevant *credential-store definitions must be defined
+within the elytron subsystem definition of the host controller i.e. in the same host.xml configuration.
+
+
+
For expressions within a domain profile being used to configure one or more servers the expression=encryption resource and relevant *credential-store definitions must be defined within the elytron subsystem
+definition of the same profile.
+
+
+
The runtime management operations are not supported against the expression=encryption or *credential-store when defined within a domain profile so for these environments the credential store and relevant
+expressions should be created offline before defining in the model. It is possible to reference a common credential store file shared between the host controller management model and the domain profile but after making
+any updates to the credential store from the host controller the application server processes will need to be restarted to force them to reload the credential store.
+
+
+
+
+
+
18. Custom Components
+
+
+
WildFly Elytron subsystem allows adding custom implementation of different
+components in form of WildFly modules into the WildFly instance and use them
+by the same way as built-in Elytron subsystem components.
+For example, you can create custom security event listener to develop custom
+audit mechanisms and store information about user authentication attempts in
+custom storage structure. Or you can create custom security realm to
+authenticate users against your own identities storage.
+
+
+
To find what types of custom components you can implement you can use Tab
+completion:
This section describes how to add a custom security event listener. Similar steps can be followed to add another
+custom component type.
+
+
+
To create custom security event listener you need to implement java.util.function.Consumer<org.wildfly.security.auth.server.event.SecurityEvent> interface.
+Resulting class needs to be packed into JAR and WildFly module created.
+You can create appropriate directory structure and module descriptor manually, or you can use following command of WildFly CLI:
The Java Enterprise Edition (EE) 7 specification introduced a new feature which allows application developers to specify a Java Security Manager (JSM) policy for their Java EE applications, when deployed to a compliant Java EE Application Server such as WildFly. Until now, writing JSM policies has been pretty tedious. Now a new tool has been developed which allows the generation of a JSM policy for deployments running on WildFly. It is possible that running with JSM enabled may affect performance, JEP 232 indicates the performance impact would be 10-15%, but it is still recommended to test the impact per application.
+
+
+
Elytron WildFly Java Security Manager basic enhancements are
Running a JSM will not fully protect the server from malicious attackers exploiting security vulnerabilities. It does, however, offer another layer of protection which can help reduce the impact of serious security vulnerabilities, such as deserialization attacks. For example, most of the recent attacks against Jackson Databind rely on making a Socket connection to an attacker-controlled JNDI Server to load malicious code. This article provides information on how this issue potentially affects an application written for JBoss EAP, which would be same for WildFly. The Security Manager could block the socket creation, and potentially thwart the attack.
+
+
+
+
JavaSE 17 Deprecate the Security Manager for Removal
+
+
The community decided to deprecate the Java Security Manager with Java 17. The full details are described in JEP 411: Deprecate the Security Manager for Removal. WildFly 29 still tests and actively supports the Security Manager. Used in conjunction with other tools such as Serialization Filtering the JSM is still a good defense in depth measure.
You can still utilize a custom security policy file with the -Djava.security.policy option. This is useful for special cases, for example a java agent. The default is the JVM provided policy.
-Djava.security.policy= with one equal sign (=) utilizes the default policy plus the custom policy.
+-Djava.security.policy== with two equal signs (==) utilizes only the custom policy, take care for the necessary rights of the JVM in this case.
+
+
+
Property replacement in security policies
+
+
You can use variables in custom security policies which are resolved at runtime. You have to specify them on the command line or in the $JBOSS_HOME/bin/standalone.conf file. Properties in the server configuration are not available at the time of variable resolution on startup for the JSM.
+
+
+
+
+
19.2.3. Log-only mode
+
+
The log-only mode could be described as JSM simulation mode: Every permission check will be done but the result will not be propagated to the system - no SecurityException will be thrown. It is NOT about enabling or disabling log entries, which is solely driven by the logging configuration. The log-only mode is controlled with the -Dorg.wildfly.security.manager.log-only option. The default is false.
Do NOT use this option in production environments.
+
+
+
+
19.2.4. Logging Debug and trace
+
+
You can find a detailed description and how to about the command line interface and the logging configuration in the Admin Guide. The logger name to configure for the Elytron WildFly Security Manager is org.wildfly.security.access.
DEBUG [org.wildfly.security.access] (Batch Thread - 1) Permission check failed (permission "("java.util.PropertyPermission" "java.io.tmpdir" "read")" in code source "(vfs:/content/batch-processing.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.batch-processing.war" from Service Module Loader")
+
+
+
+
+
WildFly Security Manager Trace logging
+
+
You might have a case where you need to find out what exactly caused a certain permission request. Or you have an error case with an null classloader or null codesource. To get a stacktrace you can enable org.wildfly.security.access on log level TRACE.
Attention: This generates a lot of log output and has a severe performance impact. It’s not intended for permanent activation in development or testing but for special cases only.
+
+
+
+
Logging Profiles
+
+
If you are using one or more logging profiles it is strongly recommended to configure the org.wildfly.security.access logger for the server AND all logging profiles. If not, you might miss a relevant output.
+
+
+
+
+
19.2.5. Minimum and maximum permissions
+
+
The security-manager subsystem configures a maximum-set with the AllPermission by default:
If you cannot configure a third-party blackbox deployment unit or you want to share a common set of permissions across multiple deployments you can add a minimum-set of permissions.
+You could modify the maximum-set, remove the AllPermission and setup further restrictions to permissions you are willing to grant to deployments.
The permissions.xml file has to be placed below META-INF of deployment unit. The following example shows some entries, including
+property replacement. This is especially useful for immutable artifacts.
+
+
+
+
<?xml version="1.0" encoding="UTF-8"?>
+<permissionsxmlns="https://jakarta.ee/xml/ns/jakartaee"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee
+ https://jakarta.ee/xml/ns/jakartaee/permissions_10.xsd"
+ version="10">
+ <permission>
+ <class-name>java.util.PropertyPermission</class-name>
+ <name>*</name><!-- many 3rd party APIs cache and require access to all properties -->
+ <actions>read, write</actions>
+ </permission>
+ <permission>
+ <class-name>java.lang.RuntimePermission</class-name>
+ <name>getClassLoader</name>
+ </permission>
+ <permission>
+ <class-name>java.io.FilePermission</class-name>
+ <name>${install.app.home}/a/folder/-</name><!-- recursive in and below folder -->
+ <actions>read</actions><!-- but not write, delete, execute -->
+ </permission>
+ <permission>
+ <class-name>java.io.FilePermission</class-name>
+ <name>${install.app.home}/b/folder</name><!-- folder itself -->
+ <actions>read, write, delete</actions><!-- but not execute -->
+ </permission>
+ <permission>
+ <class-name>java.io.FilePermission</class-name>
+ <name>${install.app.home}/b/folder/*</name><!-- all IN the folder -->
+ <actions>read, write, delete</actions><!-- but not execute -->
+ </permission>
+ <permission>
+ <class-name>java.net.URLPermission</class-name>
+ <name>${myserver.prot}://${myserver.hostname}:${myserver.port}/c/path/-</name><!-- recursive in and below path -->
+ <actions>POST,GET,DELETE:*</actions><!-- refer to JavaDoc for more samples -->
+ </permission>
+</permissions>
+
+
+
+
+
+
19.3. How to generate a Java Security Manager Policy
Comprehensive test plan which exercises every "normal" function of the application.
+
+
+
+
+
If a comprehensive test plan isn’t available, a policy could be generated in a production environment, as long as some extra disk space for logging is available and there is confidence the security of the application is not going to be compromised while generating policies.
+
+
+
+
19.3.2. Setup 'Log Only' mode and 'debug' logging for the Security Manager
19.3.3. Test the application to generate policy violations
+
+
For this example we’ll use the batch-processing quickstart. Follow the README to deploy the application and access it running on the application server at http://localhost:8080/batch-processing. Click the 'Generate a new file and start import job' button in the Web UI and notice some policy violations are logged to the $JBOSS_HOME/standalone/log/server.log file, for example:
+
+
+
+
DEBUG [org.wildfly.security.access] (Batch Thread - 1) Permission check failed (permission "("java.util.PropertyPermission" "java.io.tmpdir" "read")" in code source "(vfs:/content/batch-processing.war/WEB-INF/classes <no signer certificates>)" of "ModuleClassLoader for Module "deployment.batch-processing.war" from Service Module Loader")
+
+
+
+
+
19.3.4. Generate a policy file for the application
+
+
Checkout the source code for the wildfly-policygen project written by Red Hat Product Security.
A permissions.xml file should be generated in the current directory. Using the example application, the file is called batch-processing.war.permissions.xml. Copy that file to src/main/webapp/META-INF/permissions.xml, build, and redeploy the application, for example:
Where APP_HOME is an environment variable pointing to the batch-processing application’s home directory.
+
+
+
+
19.3.5. Run with the security manager in enforcing mode
+
+
Recall that we set the org.wildfly.security.manager.log-only system property in order to log permission violations. Remove that system property or set it to false in order to enforce the JSM policy that’s been added to the deployment. Once that line has been changed or removed from bin/standalone.conf, restart the application server, build, and redeploy the application.
+
+
+
Also go ahead and remove the extra logging category that was added previously using the CLI, e.g.:
This time there shouldn’t be any permission violations logged in the server.log file.
+
+
+
+
+
19.4. Conclusion
+
+
While the Java Security Manager will not prevent all security vulnerabilities possible against an application deployed to WildFly, it will add another layer of protection, which could mitigate the impact of serious security vulnerabilities such as deserialization attacks. If running with Security Manager enabled, be sure to check the impact on the performance of the application to make sure it’s within acceptable limits. Finally, use of the wildfly-policygen tool is not officially supported by Red Hat, however issues can be raised for the project in Github or in the WildFly User Forum.
+
+
+
+
19.5. Further background
+
+
Additionally to the documentation of JBoss Modules and the Security Manager the following explanations have been extracted from an WildFly developer conversation.
+
+
+
19.5.1. Elytron WildFly Security Manager and Protection Domains
+
+
Within WildFly there are two types of ProtectionDomain:
+
+
+
+
+
Server module (everything under the modules folder).
+
+
+
Deployment.
+
+
+
+
+
Server modules automatically have the AllPermission granted.
+Deployments have a combination of their permission.xml as well as possibly the minimal permission set from the security manager subsystem.
+
+
+
Permission checks
+
+
As a call progresses from class to class, module to module, deployment to module a list of all of the protection domains of each of these builds up.
+When a permission check is performed it will only succeed if each and every protection domain on the call stack has been granted the permission.
+
+
+
This is where doPrivileged comes in, this is effectively saying "At this point in the callstack it is verified safe, forget the protection domains that called me."
+So when a deployment calls into a server module and that server module calls doPrivileged then the deployments module will not longer be a part of the permission check.
+
+
+
Adding a doPrivileged seems an obvious solution but when added one also need to think about how deployments could abuse this to get their protection domain dropped from the permissions check.
+
+
+
+
Privileged blocks in dependencies
+
+
Adding the privileged block in a dependency used by WildFly works because the protection domain of the server modules has all the permissions. It is important to understand how module all permissions and doPrivileged checks work combined for a deployment.
+
+
+
One point to start with there is nothing special about a PrivilegedAction: PrivilegedAction is an interface which allows a Runnable class to be passed in and also has a return type. If this was added later it could have been implemented with the functional interfaces. The special part is the doPrivileged call.
+Under normal circumstances every jar would be represented by it’s own protection domain and each jar could be assigned it’s own permissions. When the security manager performs it’s permissions check it would make sure every protection domain in the call stack has been granted that permission.
+
+
+
The WildFly modules case is slightly special as all the modules just get granted AllPermission, so we end up in a situation where deployments have a defined set of permissions and the WildFly modules have all - by default the security manager checks the permissions of both of these during a permission check that spans them - the WildFly module will of course always pass.
+
+
+
Because of WildFly’s model it is easy to get into the assumption that it is the doPrivileged call which is doing something special to bypass the security manager permissions check, it is not - all it is doing is dropping the protection domains from the call stack prior to that point, so we just end up with the protection domains for WildFly modules on the call stack which have the all permission.
+
+
+
So where you say the current protection domain where the dependency is has all permissions granted - yes that is it - the remaining protections domains on the call stack have the appropriate permissions granted.
+
+
+
The documentation might lead to the view the doPriviledge does some magical things that allowed your code run as trusted code that can bypass the permissions, for example at What It Means to Have Privileged Code, with sentences as:
+
+
+
+
+
Marking code as "privileged" enables a piece of trusted code to temporarily enable access to more resources than are available directly to the code that called it. This is necessary in some situations. For example, an application may not be allowed direct access to files that contain fonts, but the system utility to display a document must obtain those fonts, on behalf of the user. In order to do this, the system utility becomes privileged while obtaining the fonts.
+
+
+
+
+
This is all part of the argument for removing it, the confusion around how to apply the APIs - one could say the following sentence is correct but hides the important detail. "Marking code as "privileged" enables a piece of trusted code to temporarily enable access to more resources than are available directly to the code that called it."
+
+
+
If we have module A calling module B - by default the permissions check checks both.
+If module B contains a doPrivileged before the permission check then only module B’s protection domain will be checked.
+
+
+
The reason for using the doPrivileged is the assumption module B has the greater (or more appropriate permissions) and just want these compared without those from A.
+
+
+
But it is also possible that A actually had the required permissions and B does not do even though one adds a doPrivileged it still fails as B does not have sufficient permissions anyway.
+
+
+
The reason for using the doPrivileged is the assumption module B has the greater (or more appropriate permissions) and just want these compared without those from A.
+
+
+
+
Privileged blocks implications for third party libraries
+
+
It is not a requirement for a developer of a third-party library to add a doProviledge block and configure the corresponding protection domain with the permissions the library requires for doing the work.
+
+
+
A third-party developer of a library could add a doPrivileged block to allow the consumers of the library to have the freedom to not require all the permissions needed available on all the protection domains. However, consumers have to at least give the required permissions to the protection domain where the third-party library is. This is just to add a possibility for the consumers of the library.
+
+
+
+
Privileged blocks implications for WildFly modules
+
+
Without WildFly’s special AllPermission assignment each module should specify the permissions that it needs.
+
+
+
But this is where the permissions get even more complex. Let’s say in that example module B needs to read a file, the developer of module B may not know where that file will exist as it is not until the module is used in another project (like an app server we know file locations).
+
+
+
One way is avoiding doPrivileged:
+
+
+
+
+
Module B has the permission to access all files.
+
+
+
Module A has the permission to access just a specific file.
+
+
+
+
+
Combined a permission check would pass.
+
+
+
Second is module B contains a doPrivileged.
+
+
+
If module B still has the permission to access all files but module A has no file permission. If module A can pass the path of the file to module B one now has the problem that modules can potentially use this to bypass permissions and get access to all files.
+
+
+
The next variation is the permissions for module B need adjusting in context, i.e. it now needs to specify which file module B can access so there is no way for A to abuse it.
+
+
+
WildFly developers should not need to specify permissions for all modules in the app server, and if they need context that would be even more difficult.
+
+
+
The first example would be the equivalent of all deployments now needing the permissions granted but deployments are not supposed to need to be aware of the inner workings of the application server to decide what permissions they need.
+
+
+
So it ends up in that middle ground where if WildFly developers are not careful it could be open to abuse from deployments.
+
+
+
+
+
+
+
+
20. Migrate Legacy Security to Elytron Security
+
+
+
20.1. Authentication Configuration
+
+
+
+
20.2. Properties Based Authentication / Authorization
+
+
20.2.1. PicketBox Based Configuration
+
+
This migration example assumes a deployed web application is configured
+to require authentication using FORM based authentication and is
+referencing a PicketBox based security domain using the
+UsersRolesLoginModule to load user information from a pair or properties
+files.
+
+
+
Original Configuration
+
+
A security domain can be defined in the legacy security subsystem using
+the following management operations: -
It is possible to take a previously defined PicketBox security domain
+and expose it as an Elytron security realm so it can be wired into a
+complete Elytron based configuration, if only properties based
+authentication was to be migrated it would be recommended to jump to the
+fully migration configuration and avoid the unnecessary dependency on
+the legacy security subsystem but for situations where that is not
+immediately possible these commands illustrate an intermediate solution.
+
+
+
These steps assume the original configuration is already in place.
+
+
+
The first step is to add a mapping to an Elytron security realm within
+the legacy security subsystem.
Within the Elytron subsystem a security domain can be defined which
+references the exported security realm and also a http authentication
+factory which supports FORM based authentication.
Finally configuration needs to be added to the Undertow subsystem to map
+the security domain referenced by the deployment to the newly defined
+http authentication factory.
Note: If the deployment was already deployed at this point the
+application server should be reloaded or the deployment redeployed for
+the application security domain mapping to take effect.
+
+
+
The following command can then be used to verify the mapping was applied
+to the deployment.
The deployment being tested here is 'HelloWorld.war' and the output from
+the previous command shows this deployment is referencing the mapping.
+
+
+
At this stage the previously defined security domain is used for it’s
+LoginModule configuration but this is wrapped by Elytron components
+which take over authentication.
+
+
+
+
Fully Migrated Configuration
+
+
Alternatively the configuration can be completely defined within the
+Elytron subsystem, in this case it is assumed none of the previous
+commands have been executed and this is started from a clean
+configuration - however if the security domain definition does exist in
+the legacy security subsystem that will remain completely independent.
+
+
+
First a new security realm can be defined within the Elytron subsystem
+referencing the files referenced previously: -
As before the application-security-domain mapping should be added to the
+Undertow subsystem and the server reloaded or the deployment redeployed
+as required.
At this stage the authentication is the equivalent of the original
+configuration however now Elytron components are used exclusively.
+
+
+
+
+
20.2.2. Migrating to FileSystemRealm Based Authentication
+
+
An alternative to using a legacy properties-realm in Elytron is to use
+the new filesystem-realm. An Elytron filesystem-realm will use file-backed
+authentication methods to secure the server. It is now easy to migrate from a
+legacy properties-realm to an Elytron filesystem-realm by using the
+Elytron Tool. The new Elytron Tool command, FileSystemRealmCommand, will convert
+the given properties files and create an Elytron FileSystemRealm, along with a script
+with the WildFly CLI commands for registering the FileSystemRealm and Security Domain
+on the WildFly server. After using the tool, it will still be necessary to configure
+an authentication-factory and an application-security-domain, as in the steps
+above.
+
+
+
Single User-Roles Conversion
+
+
To convert a single user-roles properties files combination, the parameters
+can be passed directly into the command:
This will then configure a filesystem-realm in filesystem_realm_dir and
+will create a script converted-properties-filesystem-realm.sh in
+filesystem_realm_dir with the WildFly CLI commands to register the filesystem-realm
+and the security-domain, with the security-domain named
+converted-properties-security-domain. To customize the filesystem-realm name
+and the security-domain name, the --filesystem-realm-name and
+--security-domain-name parameters can be used.
+
+
+
Use elytron-tool.sh filesystem-realm --help to get description of all parameters.
+
+
+
Notes:
+
+
+
+
The short form options, as shown in the --help option, can be used, such as
+-u in place of --users-file.
+
+
+
When the --summary parameter is specified, an output of operations performed
+during conversion, including warnings and errors, will be shown once the
+command finishes conversion.
+
+
+
When the --silent parameter is specified, Elytron Tool will not give no
+information output, as compared to normal operation where warnings are shown.
+The --silent command will not override --summary, resulting in the ability to
+hide output until the command finishes conversion.
+
+
+
Elytron Tool will not configure the filesystem-realm and security-domain
+within WildFly itself, it will just provide the necessary commands in the
+output script file.
+
+
+
+
+
+
+
Bulk User-Roles Conversion
+
+
It is possible to convert multiple users-roles files combinations at once
+by using --bulk-convert parameter with a descriptor file.
Each blank line starts a new conversion operation. As with a single conversion,
+the users-file, roles-file, and output-location are required parameters while
+the filesystem-realm-name and security-domain-name are optional parameters.
+
+
+
Execute the following command to convert with the descriptor file:
For bulk conversion, only the long form option can be used, unlike the CLI
+mode where both long and short form options can be used.
+
+
+
The --summary and --silent parameters can be used here too. However, they
+must be specified while executing the command and apply to all conversions
+specified in the descriptor file.
+
+
+
If the --summary parameter is used, then a summary will be provided
+after each execution as opposed to after the command finishes all conversions.
+
+
+
As with the single conversion, absolute or relative paths can be used for
+users-file, roles-file, and output-location.
+
+
+
Each execution of the command will produce a separate script in the given
+output-location directory.
+
+
+
Repeated output-location paths can result in an error
+
+
+
If there is an error in one users-roles files combination then Elytron Tool
+will report the issue, such as a missing required parameter, and continue
+with the conversion of all remaining combinations.
+
+
+
+
+
+
+
+
20.2.3. Legacy Security Realm
+
+
Original Configuration
+
+
A legacy security realm can be defined using the following commands to
+load users passwords and group information from properties files.
A legacy security realm would typically be used to secure either the
+management interfaces or remoting connectors.
+
+
+
+
Migrated Configuration
+
+
One of the motivations for adding the Elytron based security to the
+application server is to allow a consistent security solution to be used
+across the server, to replace the security realm the same steps as
+described in the previous 'Fully Migrated' section can be followed again
+up until the http-authentication-factory is defined.
+
+
+
A legacy security realm can also be used for SASL based authentication
+so a sasl-authentication-factory should also be defined.
If this new configuration was to be used to secure the management
+interfaces more suitable names should be chosen but the following
+commands illustrate how to set the two authentication factories and
+clear the existing security realm reference.
The section describing how to migrate from properties based
+authentication using either PicketBox or legacy security realms to
+Elytron also contained a lot of additional information regarding
+defining security domains, authentication factories, and how these are
+mapped to be used for authentication. This section will illustrate some
+equivalent LDAP configuration using legacy security realms and PicketBox
+security domains and show the equivalent configuration using Elytron but
+will not repeat the steps to wire it all together covered in the
+previous section.
+
+
+
These configuration examples are developed against a test LDAP sever
+with user entries like: -
+
+
+
+
dn: uid=TestUserOne,ou=users,dc=group-to-principal,dc=wildfly,dc=org
+objectClass: top
+objectClass: inetOrgPerson
+objectClass: uidObject
+objectClass: person
+objectClass: organizationalPerson
+cn: Test User One
+sn: Test User One
+uid: TestUserOne
+userPassword: {SSHA}UG8ov2rnrnBKakcARVvraZHqTa7mFWJZlWt2HA==
+
+
+
+
The group entries then look like: -
+
+
+
+
dn: uid=GroupOne,ou=groups,dc=group-to-principal,dc=wildfly,dc=org
+objectClass: top
+objectClass: groupOfUniqueNames
+objectClass: uidObject
+cn: Group One
+uid: GroupOne
+uniqueMember: uid=TestUserOne,ou=users,dc=group-to-principal,dc=wildfly,dc=org
+
+
+
+
For authentication purposes the username will be matched against the
+'uid' attribute, also the resulting group name will be taken from the
+'uid' attribute of the group entry.
+
+
+
20.3.1. Legacy Security Realm
+
+
A connection to the LDAP server and related security realm can be
+created with the following commands: -
In the prior two examples information is loaded from LDAP to use
+directly as groups or roles, in the Elytron case information can be
+loaded from LDAP to associate with the identity as attributes - these
+can subsequently be mapped to roles but attributes can be loaded for
+other purposes as well.
+
+
+
+
+
+
+
+
+By default, if no role-decoder is defined for given security-domain,
+identity attribute " `Roles`" is mapped to the identity roles.
+
When using either PicketBox or the legacy security realms it is possible to define a configuration where authentication is performed against one identity store whilst the information used for authorization is loaded from a different store, when using WildFly Elytron this can be achieved by using an aggregate security realm.
+
+
+
The example here makes use of a properties file for authentication and then searches LDAP to load group / role information. Both of these are based on the previous examples within this document so the environmental information is not repeated here.
During an authentication attempt the 'UsersRoles' login module will first be called to perform authentication based on the supplied credential, then the 'LdapExtLoginModule' will be called which will proceed to query LDAP to load the roles for the identity.
Within the WildFly Elytron example a new security realm 'aggregate-realm' has been defined, this definition specifies which of the defined security realms should be used for the authentication step and which of the security realms should be used for the loading of the identity used for subsequent authorization decisions.
+
+
+
+
+
20.5. Database Authentication
+
+
The section describing how to migrate from database accessible via JDBC
+datasource based authentication using PicketBox to Elytron. This section
+will illustrate some equivalent configuration using PicketBox security
+domains and show the equivalent configuration using Elytron but will not
+repeat the steps to wire it all together covered in the previous
+sections.
+
+
+
These configuration examples are developed against a test database with
+users table like:
+
+
+
+
CREATETABLE User (
+ id BIGINTNOTNULL,
+ username VARCHAR(255),
+ password VARCHAR(255),
+ role ENUM('admin', 'manager', 'user'),
+ PRIMARYKEY (id),
+ UNIQUE (username)
+)
+
+
+
+
For authentication purposes the username will be matched against the '
+`username’ column, password will be expected in hex-encoded MD5 hash in
+' `password’ column. User role for authorization purposes will be taken
+from ' `role’ column.
+
+
+
20.5.1. PicketBox Database LoginModule
+
+
The following commands can create a PicketBox security domain configured
+to use database accessible via JDBC datasource to verify a username and
+password and to assign roles.
+
+
+
+
./subsystem=security/security-domain=application-security/:add
+./subsystem=security/security-domain=application-security/authentication=classic:add(login-modules=[{code=Database, flag=Required, module-options={ \
+ dsJndiName="java:jboss/datasources/ExampleDS", \
+ principalsQuery="SELECT password FROM User WHERE username = ?", \
+ rolesQuery="SELECT role, 'Roles' FROM User WHERE username = ?", \
+ hashAlgorithm=MD5, \
+ hashEncoding=base64 \
+}}])
+
+
+
+
This results in the following configuration.
+
+
+
+
<subsystemxmlns="urn:jboss:domain:security:2.0">
+ <security-domains>
+ ...
+ <security-domainname="application-security">
+ <authentication>
+ <login-modulecode="Database"flag="required">
+ <module-optionname="dsJndiName"value="java:jboss/datasources/ExampleDS"/>
+ <module-optionname="principalsQuery"value="SELECT password FROM User WHERE username = ?"/>
+ <module-optionname="rolesQuery"value="SELECT role, 'Roles' FROM User WHERE username = ?"/>
+ <module-optionname="hashAlgorithm"value="MD5"/>
+ <module-optionname="hashEncoding"value="base64"/>
+ </login-module>
+ </authentication>
+ </security-domain>
+ </security-domains>
+ </subsystem>
+
+
+
+
+
20.5.2. Migrated
+
+
Within the Elytron subsystem to use database accesible via JDBC you need
+to define jdbc-realm:
+
+
+
+
./subsystem=elytron/jdbc-realm=jdbc-realm:add(principal-query=[{ \
+ data-source=ExampleDS, \
+ sql="SELECT role, password FROM User WHERE username = ?", \
+ attribute-mapping=[{index=1, to=Roles}] \
+ simple-digest-mapper={algorithm=simple-digest-md5, password-index=2}, \
+}])
+
+
+
+
This results in the following overall configuration:
In comparison with PicketBox solution, Elytron jdbc-realm use one SQL
+query to obtain all user attributes and credentials. Their extraction
+from SQL result specifies mappers.
+
+
+
+
20.5.3. N-M relation beetween user and roles
+
+
When using a n:m-relation beetween user and roles (which means: the user has multiple roles), the previous configuration does not work.
Here you need two configure two principal queries:
+
+
+
+
<jdbc-realmname="jdbc-realm">
+ <principal-querysql="SELECT PASSWORD FROM USER WHERE USERNAME = ?"data-source="ExampleDS">
+ <clear-password-mapperpassword-index="1"/>
+ </principal-query>
+ <principal-querysql="SELECT R.ROLENAME from ROLE AS R, USERROLE AS UR, USER AS U WHERE U.USERNAME=? AND UR.ROLEID = R.ID AND UR.USERID = U.ID"data-source="ExampleDS">
+ <attribute-mapping>
+ <attributeto="roles"index="1"/>
+ </attribute-mapping>
+ </principal-query>
+</jdbc-realm>
+
+
+
+
The second query needs an attribute mapping to decode the selected rolename column (index 1):
When working with Kerberos configuration it is possible for the
+application server to rely on configuration from the environment or the
+key configuration can be specified using system properties, for the
+purpose of these examples I define system properties - these properties
+are applicable to both the legacy configuration and the migrated Elytron
+configuration.
An application can now be deployed referencing the SPNEGO security
+domain and secured with SPNEGO mechanism.
+
+
+
+
Migrated SPNEGO
+
+
The equivalent configuration can be achieved with WildFly Elytron by
+first defining a security realm which will be used to load identity
+information.
As with the previous examples we define a security realm to pull
+together the policy as well as a HTTP authentication factory for the
+authentication policy.
Now, to enable SPNEGO authentication for the HTTP management interface,
+update this interface to reference the http-authentication-factory
+defined above, as described in the
+properties
+authentication section.
+
+
+
Alternatively, to secure an application using SPNEGO authentication, an
+application security domain can be defined in the Undertow subsystem to
+map security domains to the http-authentication-factory defined above,
+as described in the
+properties
+authentication section.
+
+
+
+
+
20.6.2. Remoting / SASL Authentication
+
+
Legacy Security Realm
+
+
It is also possible to define a legacy security realm for Kerberos /
+GSSAPI SASL authenticatio for Remoting authentication such as the native
+management interface.
The management interface or Remoting connectors can now be updated to
+reference the SASL authentication factory.
+
+
+
The two Elytron examples defined here could also be combined into one to
+use a shared security domain and security realm and just use protocol
+specific authentication factories each referencing their own Kerberos
+security factory.
+
+
+
+
+
+
20.7. Caching Migration
+
+
Where a PicketBox based security domain is defined it is possible to enable caching for that security domain, this enables subsequent hits to the identity store to be avoided as an in memory cache can be used instead, this example demonstrates how caching can be used with a WildFly Elytron based configuration.
+
+
+
The purpose of this chapter is to highlight the migration of a configuration with caching enabled, this example is based in the previous LDAP example but with caching enabled.
+
+
+
20.7.1. PicketBox Example
+
+
A PicketBox based security domain can be defined with the following commands.
When using WildFly Elytron where caching is required the individual security realm is wrapped using a cache, a migrated configuration can be defined with the following commands:
This migration example assumes a client application performs a remote
+JNDI lookup using an InitialContext backed by the
+org.wildfly.naming.client.WildFlyInitialContextFactory class.
+
+
+
Original Configuration
+
+
An InitialContext backed by the
+org.wildfly.naming.client.WildFlyInitialContextFactory class can be
+created by specifying properties that contain the URL of the naming
+provider to connect to along with appropriate user credentials:
An InitialContext backed by the
+org.wildfly.naming.client.WildFlyInitialContextFactory class can be
+created by specifying a property that contains the URL of the naming
+provider to connect to. The user credentials can be specified using a
+WildFly client configuration file or programmatically.
+
+
+
Configuration File Approach
+
+
A wildfly-config.xml file that contains the user credentials to use
+when establishing a connection to the naming provider can be added to
+the client application’s META-INF directory:
The user credentials to use when establishing a connection to the naming
+provider can be specified directly in the client application’s code:
+
+
+
+
// create your authentication configuration
+AuthenticationConfiguration namingConfig = AuthenticationConfiguration.empty().useName("bob").usePassword("secret");
+
+// create your authentication context
+AuthenticationContext context = AuthenticationContext.empty().with(MatchRule.ALL.matchHost("127.0.0.1"), namingConfig);
+
+// create a callable that creates and uses an InitialContext
+Callable<Void> callable = () -> {
+ Properties properties = newProperties();
+ properties.put(Context.INITIAL_CONTEXT_FACTORY, "org.wildfly.naming.client.WildFlyInitialContextFactory");
+ properties.put(Context.PROVIDER_URL, "remote+http://127.0.0.1:8080");
+ InitialContext context = newInitialContext(properties);
+ Bar bar = (Bar) context.lookup("foo/bar");
+ ...
+ return null;
+};
+
+// use your authentication context to run your callable
+context.runCallable(callable);
+
+
+
+
+
+
+
20.9.2. EJB Client
+
+
This migration example assumes a client application is configured to
+invoke an EJB deployed on a remote server using a
+jboss-ejb-client.properties file.
+
+
+
Original Configuration
+
+
A jboss-ejb-client.properties file that contains the information
+needed to connect to the remote server can be specified in a client
+application’s META-INF directory:
An EJB can then be looked up and a method can be invoked on it as
+follows:
+
+
+
+
// create an InitialContext
+Properties properties = newProperties();
+properties.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.remote.client.InitialContextFactory");
+properties.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
+InitialContext context = newInitialContext(properties);
+
+// look up an EJB and invoke one of its methods
+RemoteCalculator statelessRemoteCalculator = (RemoteCalculator) context.lookup(
+ "ejb:/ejb-remote-server-side//CalculatorBean!" + RemoteCalculator.class.getName());
+int sum = statelessRemoteCalculator.add(101, 202);
+
+
+
+
+
Migrated Configuration
+
+
The information needed to connect to the remote server can be specified
+using a WildFly client configuration file or programmatically.
+
+
+
Configuration File Approach
+
+
A wildfly-config.xml file that contains the information needed to
+connect to the remote server can be added to the client application’s
+META-INF directory:
An EJB can then be looked up and a method can be invoked on it as
+follows:
+
+
+
+
// create an InitialContext
+Properties properties = newProperties();
+properties.put(Context.INITIAL_CONTEXT_FACTORY, "org.wildfly.naming.client.WildFlyInitialContextFactory");
+InitialContext context = newInitialContext(properties);
+
+// look up an EJB and invoke one of its methods (same as before)
+RemoteCalculator statelessRemoteCalculator = (RemoteCalculator) context.lookup(
+ "ejb:/ejb-remote-server-side//CalculatorBean!" + RemoteCalculator.class.getName());
+int sum = statelessRemoteCalculator.add(101, 202);
+
+
+
+
+
Programmatic Approach
+
+
The information needed to connect to the remote server can be specified
+directly in the client application’s code:
+
+
+
+
// create your authentication configuration
+AuthenticationConfiguration ejbConfig = AuthenticationConfiguration.empty().useName("bob").usePassword("secret");
+
+// create your authentication context
+AuthenticationContext context = AuthenticationContext.empty().with(MatchRule.ALL.matchHost("127.0.0.1"), ejbConfig);
+
+// create a callable that invokes an EJB
+Callable<Void> callable = () -> {
+
+ // create an InitialContext
+ Properties properties = newProperties();
+ properties.put(Context.INITIAL_CONTEXT_FACTORY, "org.wildfly.naming.client.WildFlyInitialContextFactory");
+ properties.put(Context.PROVIDER_URL, "remote+http://127.0.0.1:8080");
+ InitialContext context = newInitialContext(properties);
+
+ // look up an EJB and invoke one of its methods (same as before)
+ RemoteCalculator statelessRemoteCalculator = (RemoteCalculator) context.lookup(
+ "ejb:/ejb-remote-server-side//CalculatorBean!" + RemoteCalculator.class.getName());
+ int sum = statelessRemoteCalculator.add(101, 202);
+ ...
+ return null;
+};
+
+// use your authentication context to run your callable
+context.runCallable(callable);
+
+
+
+
+
+
+
+
+
+References in this document to Enterprise JavaBeans (EJB) refer to the Jakarta Enterprise Beans unless otherwise noted.
+:leveloffset: -1
+
+
+
+
+
+
+
+
+
20.9.3. General Utilities
+
+
+
+
20.9.4. Security Vault Migration
+
+
Security Vault is primarily used in legacy configurations, a vault is
+used to store sensitive strings outside of the configuration files.
+WildFly server may only contain a single security vault.
+
+
+
Credential Store introduced in WildFly 11 is meant to expand Security
+Vault in terms of storing different credential types and introduce easy
+to implemnent SPI which allows to deploy custom implemenations of
+CredentialStore SPI. Credentials are stored safely encrypted in storage
+file outside WildFly configuration files. Each WildFly server may
+contain multiple credential stores.
+
+
+
To easily migrate vault content into credential store we have added
+"vault" command into WildFly Elytron Tool. The tool could be found at
+$JBOSS_HOME/bin directory. It has several scripts named "elytron-tool.*"
+dependent on your platform of choice.
+
+
+
Single Security Vault Conversion
+
+
To convert single security vault credential store use following
+example:
+
+
+
+
+
to get sample vault use testing resources of Elytron Tool project from
+GitHub
Vault (enc-dir="vault_data/";keystore="vault-jceks.keystore") converted to credential store "cs-v1.store"
+Vault Conversion summary:
+--------------------------------------
+Vault Conversion Successful
+CLI command to add new credential store:
+/subsystem=elytron/credential-store=test:add(relative-to=jboss.server.data.dir,create=true,modifiable=true,location="cs-v1.store",implementation-properties={"keyStoreType"⇒"JCEKS"},credential-reference={clear-text="MASK-2hKo56F1a3jYGnJwhPmiF5;12345678;34"})
+
+
+
+
+
Use elytron-tool.sh vault --help to get description of all parameters.
+
+
+
Notes:
+
+
+
+
Elytron Tool cannot handle very first version of Security Vault data
+file.
+
+
+
--keystore-password can come in two forms (1) masked as shown in the
+example or (2) clear text. Parameter --salt and --iteration are there to
+supply information to decrypt the masked password or to generate masked
+password in output. In case --salt and --iteration are omitted default
+values are used.
+
+
+
When --summary parameter is specified, one can see nice output with
+CLI command to be used in WildFly console to add converted credential
+store to the configuration.
+
+
+
+
+
+
+
Bulk Security Vault Conversion
+
+
There is possibility to convert multiple vaults to credential store
+using --bulk-convert parameter with description file.
+Example of description file from our tests:
This section describe securing HTTP connections to the server using SSL
+using Elytron.
+It suppose you have already configured SSL using legacy
+security-realm, for example by
+Admin Guide#Enable
+SSL, and your configuration looks like:
Create Elytron key-store - specifying where is the keystore file stored and password by which it is encrypted. Default type of keystore generated using keytool is PKCS12:
This suppose you have already configured Client-Cert SSL authentication
+using truststore in legacy security-realm, for example by
+Admin
+Guide#Add Client-Cert to SSL, and your configuration looks like:
+Following configuration is sufficient to prevent users without valid
+certificate and private key to access the server, but it does not
+provide user identity to the application. That require to define
+CLIENT_CERT HTTP mechanism / EXTERNAL SASL mechanism, which will be
+described later.)
+
+
+
+
+
+
At first use steps above to migrate basic part of the configuration.
+Then continue by following:
+
+
+
+
+
Create key-store of truststore - like for keystore above:
As this documentation is primarily intended for users migrating to WildFly Elytron I am going to jump straight into the configuration required with WildFly Elytron.
+
+
+
This section will cover how to create the various resources required to achieve CLIENT_CERT authentication with fallback to username / password authentication for both HTTP and SASL (i.e. Remoting) - both are being covered at the same time as predominantly they require the same core configuration, it is not until the definition of the authentication factories that the configuration becomes really specific.
+
+
+
This suppose you have configured legacy Client-Cert SSL authentication using truststore in legacy security-realm, for example by Admin Guide#Add Client-Cert to SSL, and your configuration looks like:
The security realm will be used in two situations:
+* Authentication in password fallback case, when certificate authentication fails
+* Authorization in both - password and certificate auth - cases - the realm will provide roles of individual users
+
+
+
This mean, for any client certificate there have to exists user in the security realm.
+
+
+
+
Principal decoder
+
+
When certificate authentication is used and the security realm accepts usernames to resolve an identity, there have to be defined way to obtain username from a client certificate.
+In this case we will use first CN attribute in certificate subject:
For the HTTP connections we now define a HTTP authentication factory using the previously defined resources and it is configured to support CLIENT_CERT and DIGEST authentication.
+
+
+
Because our security realm is not able to verify client certificates (properties realm verifies passwords only), we need to add configuring mechanism factory first, which will disable certificate verification against the security realm:
The architecture of the two authentication factories if very similar so a SASL authentication factory can be defined in the same way as the HTTP equivalent.
+However, as EXTERNAL SASL mechanism does not do any certificate verification, there is no need for configuring SASL server factory.
There is used the same principal transformer as defined for HTTP.
+
+
+
+
SSL Context
+
+
The SSL context was already defined, but we need to modify it to not fail on client certificate authentication failure, but to fallback to password authentication.
As we will be supporting fallback to username/password authentication need-client-auth is set to false. This allows connections to be established but an alternative form of authentication will be required.
+
+
+
+
Using for Management
+
+
At this point the management interfaces can be updated to use the newly defined resources, we need to add references to the two new authentication factories and the SSL context, we can also remove the existing reference to the legacy security realm. As this is modifying existing interfaces a server reload will also be required.
At this stage assuming the same files have been used as in this example it should be possible to connect to the management interface of the server either using a web browser or the JBoss CLI with username and password from your original mgmt-users.properties file.
+
+
+
For certificate based authentication certificates signed by your CA, whose subject DN resolves to username existing in properties realm will be accepted.
+
+
+CLI Client Configuration
+
+
This suppose you have used following configuration in bin/jboss-cli.xml:
You can stay using this configuration, but since the integration of WildFly Elytron it is possible with the CLI to use a configuration file wildfly-config.xml to define the security settings including the settings for the client side SSL context.
+
+
+
In such case, following wildfly-config.xml can be created in the location the JBoss CLI is being started from: -
Beginning with the WildFly 22 release, the WildFly project began producing two variants of
+its landmark application server — the standard "WildFly" variant and the new "WildFly Preview".
+
+
+
The standard "WildFly" variant is the classic server that users have been familiar with for many
+years now. It’s a very mature server, with a lot of care taken to ensure new features are fully
+realized and to limit the number of incompatible changes between releases.
+
+
+
WildFly Preview is a tech preview variant of the server. The goal of WildFly Preview is to give
+the WildFly community a look at changes that are likely to appear in future releases of the standard
+WildFly server. The aim is to get feedback on in-progress work, so it is more likely that features
+will not be fully realized, and a greater number of incompatible changes may appear from release
+to release. The amount of testing WildFly Preview undergoes will generally not be as high as the
+standard WildFly variant.
+
+
+
The expectation is on any given release date, both standard WildFly and WildFly Preview will be released.
+
+
+
+
+
+
+
+
+
+
A WildFly Preview release will have the same version number and suffix (Beta, Final, etc) as the
+main WildFly release, but regardless of the suffix, a WildFly Preview release should be treated
+as a Technical Preview release.
+
+
+
+
+
+
+
+
+
1. Getting WildFly Preview
+
+
+
The zip or tar.gz file for WildFly Preview is available at https://wildfly.org/downloads
+right next to the main WildFly release files for the same version.
+
+
+
For bootable jar users and Galleon CLI users, we provide a Galleon feature pack for WildFly Preview. The
+Galleon feature pack location for the feature pack is wildfly-preview@maven(org.jboss.universe:community-universe).
+This feature pack is the WildFly Preview analogue to main WildFly’s wildfly@maven(org.jboss.universe:community-universe).
+
+
+
+
+
2. WildFly Preview and Jakarta EE
+
+
+
Prior to WildFly 27, the primary difference between standard WildFly and WildFly Preview was that standard WildFly
+supported Jakarta EE 8, while WildFly Preview supported Jakarta EE 9. However, beginning with the 27 release both
+standard WildFly and WildFly Preview support Jakarta EE 10, so this is no longer a difference between the two variants.
+
+
+
Note that formally certifying WildFly Preview as compatible implementation of Jakarta EE is not a priority
+for the WildFly project and may not happen at the time of a release, or ever. Users interested in formal EE
+compliance of WildFly Preview should check the WildFly Certifications repository.
+
+
+
2.1. WildFly Preview Support for EE 8 Deployments
+
+
The APIs that WildFly Preview exposes to deployments are the EE 10 APIs, so all the classes and interfaces are in the
+jakarta.* packages. But you may be able to run an existing EE 8 application on WildFly Preview.
+
+
+
What we’ve done is we’ve added to the server’s handling of managed deployments a bytecode and text file transformation
+process to convert EE 8 content into EE 9. It bytecode transforms deployment jars to alter
+references to EE 8 packages in the class file constant tables to change from javax.* to jakarta.*. The transformation
+goes beyond simple package renames; a number of other known differences between EE 8 and EE 9 are handled. We owe a
+great deal of thanks to the community behind the Eclipse Transformer
+project for their work on the underlying transformation tool.
+
+
+
As noted above, this handling is only applied to managed deployments. A managed deployment is one where a management
+client (the CLI, HAL console or the deployment scanner) presents deployment content to the server and the server makes
+a copy of it in its internal deployment content repository. The content that gets installed into the runtime is that internal copy.
+Unmanaged deployments that use EE 8 APIs will not work. We transform managed deployments when we copy the deployment
+content into the internal content repo. For unmanaged deployments we use the original content file(s) the user provides,
+and WildFly Preview won’t modify those files as we don’t regard them as being 'owned' by the server.
+
+
+
Note that the deployment transformation feature will not update the deployment to adapt to any API differences between
+Jakarta EE 9 and EE 10. It only covers the javax to jakarta name changes that came with EE 9.
+
+
+
In the long run it’s better for users if they either convert their application source to EE 10 APIs, or use build-time
+tooling that we expect the Jakarta ecosystem to provide over time to do transformation at build time. But some
+applications just can’t be changed, so the server-side solution WildFly Preview provides can handle those cases.
+
+
+
This deployment transformation feature will be removed from WildFly Preview in a future release. However it is likely
+that the WildFly developers will offer a separate Galleon feature pack that can be used to add this behavior into both
+standard WildFly and WildFly Preview.
+
+
+
+
+
+
3. Other Differences in WildFly Preview
+
+
+
WildFly Preview is intended to help get community exposure for other changes we plan to
+make in the server. Here are the key differencs between standard WildFly and WildFly Preview:
+
+
+
+
+
WildFly Preview is not a Jakarta EE 10 compatible implementation. It also is not a MicroProfile platform compatible
+implementation. Most EE 10 and MicroProfile applications are expected to run well on WildFly Preview, but it is not
+certified compatible.
+
+
+
The standard configuration files do not configure an embedded messaging broker. Instead they configure the
+messaging-activemq subsystem to provide connections to a remote ActiveMQ Artemis broker. (It’s a task for the user to
+run such a broker or to update the config to integrate with a different broker.) We want WildFly out-of-the-box to be
+more of a cloud native appserver and having an embedded messaging broker in the default configuration is not cloud native.
+A WildFly container in the cloud running an embedded broker is not scalable, as multiple broker instances need separate
+configuration to act as a primary or backup. An embedded messaging broker also has more advanced persistent storage
+requirements than a server primarily dedicated to handling HTTP requests would have. Note however that running an
+embedded broker is still supported. We’ve added to the $WILDFLY_HOME/docs/examples/configs folder an example
+standalone-activemq-embedded.xml configuration showing its use.
The Hibernate ORM integration used by the JPA subsystem’s Hibernate Search feature supports using outbox polling as coordination strategy for automatic indexing.
+
+
+
The jaxrs Galleon layer depends on (and thus brings in) the microprofile-rest-client layer. This dependency is optional, so it can be excluded when provisioning a custom WildFly Preview installation.
+
+
+
RESTEasy Spring support only comes with WildFly Preview. Typically standard WildFly provides RESTEasy Spring support, but at the time of the WildFly 27 release the Spring libraries it integrates with had not yet
+produced final releases. So to avoid possible incompatible changes in a future standard WildFly release, support
+for RESTEasy Spring was moved to WildFly Preview only.
+
+
+
The extensions providing the legacy subsystems 'cmp', 'config-admin', 'jacorb', 'jaxr', 'jsr-77', 'messaging' (HornetQ based),
+'security' (not 'elytron'), and 'web' (not 'undertow') are removed. These were only used for domain mode to allow a Domain Controller to control
+hosts running much earlier WildFly versions where servers using these subsystems were supported.
+
+
+
Alternate JPA and JSF providers that you can install with standard WildFly are not supported.
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/latest/common_attributes.html b/latest/common_attributes.html
new file mode 100644
index 000000000..03612f711
--- /dev/null
+++ b/latest/common_attributes.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/29/downloads/acme-subsystem.zip b/latest/downloads/acme-subsystem.zip
similarity index 100%
rename from 29/downloads/acme-subsystem.zip
rename to latest/downloads/acme-subsystem.zip
diff --git a/29/downloads/test1.zip b/latest/downloads/test1.zip
similarity index 100%
rename from 29/downloads/test1.zip
rename to latest/downloads/test1.zip
diff --git a/29/downloads/test2.zip b/latest/downloads/test2.zip
similarity index 100%
rename from 29/downloads/test2.zip
rename to latest/downloads/test2.zip
diff --git a/29/images/250px-Public_key_making.svg.png b/latest/images/250px-Public_key_making.svg.png
similarity index 100%
rename from 29/images/250px-Public_key_making.svg.png
rename to latest/images/250px-Public_key_making.svg.png
diff --git a/29/images/DC-HC-Server.png b/latest/images/DC-HC-Server.png
similarity index 100%
rename from 29/images/DC-HC-Server.png
rename to latest/images/DC-HC-Server.png
diff --git a/29/images/Public_key_encryption-mod.svg.png b/latest/images/Public_key_encryption-mod.svg.png
similarity index 100%
rename from 29/images/Public_key_encryption-mod.svg.png
rename to latest/images/Public_key_encryption-mod.svg.png
diff --git a/29/images/Public_key_making.png b/latest/images/Public_key_making.png
similarity index 100%
rename from 29/images/Public_key_making.png
rename to latest/images/Public_key_making.png
diff --git a/29/images/add-app-user-interactive.png b/latest/images/add-app-user-interactive.png
similarity index 100%
rename from 29/images/add-app-user-interactive.png
rename to latest/images/add-app-user-interactive.png
diff --git a/29/images/add-app-user-non-interactive.png b/latest/images/add-app-user-non-interactive.png
similarity index 100%
rename from 29/images/add-app-user-non-interactive.png
rename to latest/images/add-app-user-non-interactive.png
diff --git a/29/images/add-mgmt-user-interactive.png b/latest/images/add-mgmt-user-interactive.png
similarity index 100%
rename from 29/images/add-mgmt-user-interactive.png
rename to latest/images/add-mgmt-user-interactive.png
diff --git a/29/images/add-mgmt-user-non-interactive.png b/latest/images/add-mgmt-user-non-interactive.png
similarity index 100%
rename from 29/images/add-mgmt-user-non-interactive.png
rename to latest/images/add-mgmt-user-non-interactive.png
diff --git a/29/images/add-user.png b/latest/images/add-user.png
similarity index 100%
rename from 29/images/add-user.png
rename to latest/images/add-user.png
diff --git a/29/images/addscopedrole.png b/latest/images/addscopedrole.png
similarity index 100%
rename from 29/images/addscopedrole.png
rename to latest/images/addscopedrole.png
diff --git a/29/images/callersroles.png b/latest/images/callersroles.png
similarity index 100%
rename from 29/images/callersroles.png
rename to latest/images/callersroles.png
diff --git a/29/images/clustering/Clustering.jpg b/latest/images/clustering/Clustering.jpg
similarity index 100%
rename from 29/images/clustering/Clustering.jpg
rename to latest/images/clustering/Clustering.jpg
diff --git a/29/images/clustering/JBoss_Management.png b/latest/images/clustering/JBoss_Management.png
similarity index 100%
rename from 29/images/clustering/JBoss_Management.png
rename to latest/images/clustering/JBoss_Management.png
diff --git a/29/images/clustering/JBoss_Management_2.png b/latest/images/clustering/JBoss_Management_2.png
similarity index 100%
rename from 29/images/clustering/JBoss_Management_2.png
rename to latest/images/clustering/JBoss_Management_2.png
diff --git a/29/images/clustering/http---10.211.55.2-8330-cluster-demo-.png b/latest/images/clustering/http---10.211.55.2-8330-cluster-demo-.png
similarity index 100%
rename from 29/images/clustering/http---10.211.55.2-8330-cluster-demo-.png
rename to latest/images/clustering/http---10.211.55.2-8330-cluster-demo-.png
diff --git a/29/images/clustering/http---10.211.55.7-8330-cluster-demo-.png b/latest/images/clustering/http---10.211.55.7-8330-cluster-demo-.png
similarity index 100%
rename from 29/images/clustering/http---10.211.55.7-8330-cluster-demo-.png
rename to latest/images/clustering/http---10.211.55.7-8330-cluster-demo-.png
diff --git a/29/images/clustering/http---10.211.55.7-cluster-demo-get.jsp.png b/latest/images/clustering/http---10.211.55.7-cluster-demo-get.jsp.png
similarity index 100%
rename from 29/images/clustering/http---10.211.55.7-cluster-demo-get.jsp.png
rename to latest/images/clustering/http---10.211.55.7-cluster-demo-get.jsp.png
diff --git a/29/images/clustering/http---10.211.55.7-cluster-demo-put.jsp.png b/latest/images/clustering/http---10.211.55.7-cluster-demo-put.jsp.png
similarity index 100%
rename from 29/images/clustering/http---10.211.55.7-cluster-demo-put.jsp.png
rename to latest/images/clustering/http---10.211.55.7-cluster-demo-put.jsp.png
diff --git a/29/images/clustering/test_scenario.jpg b/latest/images/clustering/test_scenario.jpg
similarity index 100%
rename from 29/images/clustering/test_scenario.jpg
rename to latest/images/clustering/test_scenario.jpg
diff --git a/29/images/ejb/mdb-management-resource.png b/latest/images/ejb/mdb-management-resource.png
similarity index 100%
rename from 29/images/ejb/mdb-management-resource.png
rename to latest/images/ejb/mdb-management-resource.png
diff --git a/29/images/ejb/singleton-management-resource.png b/latest/images/ejb/singleton-management-resource.png
similarity index 100%
rename from 29/images/ejb/singleton-management-resource.png
rename to latest/images/ejb/singleton-management-resource.png
diff --git a/29/images/ejb/stateful-management-resource.png b/latest/images/ejb/stateful-management-resource.png
similarity index 100%
rename from 29/images/ejb/stateful-management-resource.png
rename to latest/images/ejb/stateful-management-resource.png
diff --git a/29/images/ejb/stateless-management-resource.png b/latest/images/ejb/stateless-management-resource.png
similarity index 100%
rename from 29/images/ejb/stateless-management-resource.png
rename to latest/images/ejb/stateless-management-resource.png
diff --git a/29/images/excludemapping.png b/latest/images/excludemapping.png
similarity index 100%
rename from 29/images/excludemapping.png
rename to latest/images/excludemapping.png
diff --git a/29/images/gfx/Activator.png b/latest/images/gfx/Activator.png
similarity index 100%
rename from 29/images/gfx/Activator.png
rename to latest/images/gfx/Activator.png
diff --git a/29/images/gfx/Eclipse_Deploy_2.jpg b/latest/images/gfx/Eclipse_Deploy_2.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_Deploy_2.jpg
rename to latest/images/gfx/Eclipse_Deploy_2.jpg
diff --git a/29/images/gfx/Eclipse_Detect_Servers_1.png b/latest/images/gfx/Eclipse_Detect_Servers_1.png
similarity index 100%
rename from 29/images/gfx/Eclipse_Detect_Servers_1.png
rename to latest/images/gfx/Eclipse_Detect_Servers_1.png
diff --git a/29/images/gfx/Eclipse_Detect_Servers_2.png b/latest/images/gfx/Eclipse_Detect_Servers_2.png
similarity index 100%
rename from 29/images/gfx/Eclipse_Detect_Servers_2.png
rename to latest/images/gfx/Eclipse_Detect_Servers_2.png
diff --git a/29/images/gfx/Eclipse_Detect_Servers_3.png b/latest/images/gfx/Eclipse_Detect_Servers_3.png
similarity index 100%
rename from 29/images/gfx/Eclipse_Detect_Servers_3.png
rename to latest/images/gfx/Eclipse_Detect_Servers_3.png
diff --git a/29/images/gfx/Eclipse_Detect_Servers_4.png b/latest/images/gfx/Eclipse_Detect_Servers_4.png
similarity index 100%
rename from 29/images/gfx/Eclipse_Detect_Servers_4.png
rename to latest/images/gfx/Eclipse_Detect_Servers_4.png
diff --git a/29/images/gfx/Eclipse_Greeter_Deploy_1.png b/latest/images/gfx/Eclipse_Greeter_Deploy_1.png
similarity index 100%
rename from 29/images/gfx/Eclipse_Greeter_Deploy_1.png
rename to latest/images/gfx/Eclipse_Greeter_Deploy_1.png
diff --git a/29/images/gfx/Eclipse_Greeter_Deploy_3.png b/latest/images/gfx/Eclipse_Greeter_Deploy_3.png
similarity index 100%
rename from 29/images/gfx/Eclipse_Greeter_Deploy_3.png
rename to latest/images/gfx/Eclipse_Greeter_Deploy_3.png
diff --git a/29/images/gfx/Eclipse_Helloworld_Deploy_1.jpg b/latest/images/gfx/Eclipse_Helloworld_Deploy_1.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_Helloworld_Deploy_1.jpg
rename to latest/images/gfx/Eclipse_Helloworld_Deploy_1.jpg
diff --git a/29/images/gfx/Eclipse_Helloworld_Deploy_3.jpg b/latest/images/gfx/Eclipse_Helloworld_Deploy_3.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_Helloworld_Deploy_3.jpg
rename to latest/images/gfx/Eclipse_Helloworld_Deploy_3.jpg
diff --git a/29/images/gfx/Eclipse_JBoss_Central_1.png b/latest/images/gfx/Eclipse_JBoss_Central_1.png
similarity index 100%
rename from 29/images/gfx/Eclipse_JBoss_Central_1.png
rename to latest/images/gfx/Eclipse_JBoss_Central_1.png
diff --git a/29/images/gfx/Eclipse_JBoss_Central_2.png b/latest/images/gfx/Eclipse_JBoss_Central_2.png
similarity index 100%
rename from 29/images/gfx/Eclipse_JBoss_Central_2.png
rename to latest/images/gfx/Eclipse_JBoss_Central_2.png
diff --git a/29/images/gfx/Eclipse_JavaEEWebProject_1.png b/latest/images/gfx/Eclipse_JavaEEWebProject_1.png
similarity index 100%
rename from 29/images/gfx/Eclipse_JavaEEWebProject_1.png
rename to latest/images/gfx/Eclipse_JavaEEWebProject_1.png
diff --git a/29/images/gfx/Eclipse_JavaEEWebProject_2.png b/latest/images/gfx/Eclipse_JavaEEWebProject_2.png
similarity index 100%
rename from 29/images/gfx/Eclipse_JavaEEWebProject_2.png
rename to latest/images/gfx/Eclipse_JavaEEWebProject_2.png
diff --git a/29/images/gfx/Eclipse_JavaEEWebProject_3.png b/latest/images/gfx/Eclipse_JavaEEWebProject_3.png
similarity index 100%
rename from 29/images/gfx/Eclipse_JavaEEWebProject_3.png
rename to latest/images/gfx/Eclipse_JavaEEWebProject_3.png
diff --git a/29/images/gfx/Eclipse_JavaEEWebProject_4.png b/latest/images/gfx/Eclipse_JavaEEWebProject_4.png
similarity index 100%
rename from 29/images/gfx/Eclipse_JavaEEWebProject_4.png
rename to latest/images/gfx/Eclipse_JavaEEWebProject_4.png
diff --git a/29/images/gfx/Eclipse_KitchenSink_Deploy_1.jpg b/latest/images/gfx/Eclipse_KitchenSink_Deploy_1.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_KitchenSink_Deploy_1.jpg
rename to latest/images/gfx/Eclipse_KitchenSink_Deploy_1.jpg
diff --git a/29/images/gfx/Eclipse_KitchenSink_Deploy_3.jpg b/latest/images/gfx/Eclipse_KitchenSink_Deploy_3.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_KitchenSink_Deploy_3.jpg
rename to latest/images/gfx/Eclipse_KitchenSink_Deploy_3.jpg
diff --git a/29/images/gfx/Eclipse_Login_Deploy_1.jpg b/latest/images/gfx/Eclipse_Login_Deploy_1.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_Login_Deploy_1.jpg
rename to latest/images/gfx/Eclipse_Login_Deploy_1.jpg
diff --git a/29/images/gfx/Eclipse_Login_Deploy_3.jpg b/latest/images/gfx/Eclipse_Login_Deploy_3.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_Login_Deploy_3.jpg
rename to latest/images/gfx/Eclipse_Login_Deploy_3.jpg
diff --git a/29/images/gfx/Eclipse_New_Server_1.jpg b/latest/images/gfx/Eclipse_New_Server_1.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_New_Server_1.jpg
rename to latest/images/gfx/Eclipse_New_Server_1.jpg
diff --git a/29/images/gfx/Eclipse_New_Server_2.jpg b/latest/images/gfx/Eclipse_New_Server_2.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_New_Server_2.jpg
rename to latest/images/gfx/Eclipse_New_Server_2.jpg
diff --git a/29/images/gfx/Eclipse_New_Server_3.jpg b/latest/images/gfx/Eclipse_New_Server_3.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_New_Server_3.jpg
rename to latest/images/gfx/Eclipse_New_Server_3.jpg
diff --git a/29/images/gfx/Eclipse_New_Server_4.jpg b/latest/images/gfx/Eclipse_New_Server_4.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_New_Server_4.jpg
rename to latest/images/gfx/Eclipse_New_Server_4.jpg
diff --git a/29/images/gfx/Eclipse_New_Server_5.jpg b/latest/images/gfx/Eclipse_New_Server_5.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_New_Server_5.jpg
rename to latest/images/gfx/Eclipse_New_Server_5.jpg
diff --git a/29/images/gfx/Eclipse_New_Server_6.jpg b/latest/images/gfx/Eclipse_New_Server_6.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_New_Server_6.jpg
rename to latest/images/gfx/Eclipse_New_Server_6.jpg
diff --git a/29/images/gfx/Eclipse_Numberguess_Deploy_1.jpg b/latest/images/gfx/Eclipse_Numberguess_Deploy_1.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_Numberguess_Deploy_1.jpg
rename to latest/images/gfx/Eclipse_Numberguess_Deploy_1.jpg
diff --git a/29/images/gfx/Eclipse_Numberguess_Deploy_3.jpg b/latest/images/gfx/Eclipse_Numberguess_Deploy_3.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_Numberguess_Deploy_3.jpg
rename to latest/images/gfx/Eclipse_Numberguess_Deploy_3.jpg
diff --git a/29/images/gfx/Eclipse_Server_Start_1.jpg b/latest/images/gfx/Eclipse_Server_Start_1.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_Server_Start_1.jpg
rename to latest/images/gfx/Eclipse_Server_Start_1.jpg
diff --git a/29/images/gfx/Eclipse_Server_Start_2.jpg b/latest/images/gfx/Eclipse_Server_Start_2.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_Server_Start_2.jpg
rename to latest/images/gfx/Eclipse_Server_Start_2.jpg
diff --git a/29/images/gfx/Eclipse_Server_Tab_1.jpg b/latest/images/gfx/Eclipse_Server_Tab_1.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_Server_Tab_1.jpg
rename to latest/images/gfx/Eclipse_Server_Tab_1.jpg
diff --git a/29/images/gfx/Eclipse_Server_Tab_2.jpg b/latest/images/gfx/Eclipse_Server_Tab_2.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_Server_Tab_2.jpg
rename to latest/images/gfx/Eclipse_Server_Tab_2.jpg
diff --git a/29/images/gfx/Eclipse_Server_Tab_3.jpg b/latest/images/gfx/Eclipse_Server_Tab_3.jpg
similarity index 100%
rename from 29/images/gfx/Eclipse_Server_Tab_3.jpg
rename to latest/images/gfx/Eclipse_Server_Tab_3.jpg
diff --git a/29/images/gfx/Export.png b/latest/images/gfx/Export.png
similarity index 100%
rename from 29/images/gfx/Export.png
rename to latest/images/gfx/Export.png
diff --git a/29/images/gfx/Import_Quickstarts_1.jpg b/latest/images/gfx/Import_Quickstarts_1.jpg
similarity index 100%
rename from 29/images/gfx/Import_Quickstarts_1.jpg
rename to latest/images/gfx/Import_Quickstarts_1.jpg
diff --git a/29/images/gfx/Import_Quickstarts_2.jpg b/latest/images/gfx/Import_Quickstarts_2.jpg
similarity index 100%
rename from 29/images/gfx/Import_Quickstarts_2.jpg
rename to latest/images/gfx/Import_Quickstarts_2.jpg
diff --git a/29/images/gfx/Import_Quickstarts_3.jpg b/latest/images/gfx/Import_Quickstarts_3.jpg
similarity index 100%
rename from 29/images/gfx/Import_Quickstarts_3.jpg
rename to latest/images/gfx/Import_Quickstarts_3.jpg
diff --git a/29/images/gfx/Import_Quickstarts_4.jpg b/latest/images/gfx/Import_Quickstarts_4.jpg
similarity index 100%
rename from 29/images/gfx/Import_Quickstarts_4.jpg
rename to latest/images/gfx/Import_Quickstarts_4.jpg
diff --git a/29/images/gfx/Import_Quickstarts_5.jpg b/latest/images/gfx/Import_Quickstarts_5.jpg
similarity index 100%
rename from 29/images/gfx/Import_Quickstarts_5.jpg
rename to latest/images/gfx/Import_Quickstarts_5.jpg
diff --git a/29/images/gfx/Manifest.png b/latest/images/gfx/Manifest.png
similarity index 100%
rename from 29/images/gfx/Manifest.png
rename to latest/images/gfx/Manifest.png
diff --git a/29/images/gfx/Template.png b/latest/images/gfx/Template.png
similarity index 100%
rename from 29/images/gfx/Template.png
rename to latest/images/gfx/Template.png
diff --git a/29/images/gfx/console.png b/latest/images/gfx/console.png
similarity index 100%
rename from 29/images/gfx/console.png
rename to latest/images/gfx/console.png
diff --git a/29/images/gfx/eclipse_arquillian_0.png b/latest/images/gfx/eclipse_arquillian_0.png
similarity index 100%
rename from 29/images/gfx/eclipse_arquillian_0.png
rename to latest/images/gfx/eclipse_arquillian_0.png
diff --git a/29/images/gfx/eclipse_arquillian_1.png b/latest/images/gfx/eclipse_arquillian_1.png
similarity index 100%
rename from 29/images/gfx/eclipse_arquillian_1.png
rename to latest/images/gfx/eclipse_arquillian_1.png
diff --git a/29/images/gfx/eclipse_arquillian_11.png b/latest/images/gfx/eclipse_arquillian_11.png
similarity index 100%
rename from 29/images/gfx/eclipse_arquillian_11.png
rename to latest/images/gfx/eclipse_arquillian_11.png
diff --git a/29/images/gfx/eclipse_arquillian_12.png b/latest/images/gfx/eclipse_arquillian_12.png
similarity index 100%
rename from 29/images/gfx/eclipse_arquillian_12.png
rename to latest/images/gfx/eclipse_arquillian_12.png
diff --git a/29/images/gfx/eclipse_arquillian_2.png b/latest/images/gfx/eclipse_arquillian_2.png
similarity index 100%
rename from 29/images/gfx/eclipse_arquillian_2.png
rename to latest/images/gfx/eclipse_arquillian_2.png
diff --git a/29/images/gfx/eclipse_arquillian_3.png b/latest/images/gfx/eclipse_arquillian_3.png
similarity index 100%
rename from 29/images/gfx/eclipse_arquillian_3.png
rename to latest/images/gfx/eclipse_arquillian_3.png
diff --git a/29/images/gfx/eclipse_arquillian_4.png b/latest/images/gfx/eclipse_arquillian_4.png
similarity index 100%
rename from 29/images/gfx/eclipse_arquillian_4.png
rename to latest/images/gfx/eclipse_arquillian_4.png
diff --git a/29/images/gfx/icons/callouts/1.png b/latest/images/gfx/icons/callouts/1.png
similarity index 100%
rename from 29/images/gfx/icons/callouts/1.png
rename to latest/images/gfx/icons/callouts/1.png
diff --git a/29/images/gfx/icons/callouts/10.png b/latest/images/gfx/icons/callouts/10.png
similarity index 100%
rename from 29/images/gfx/icons/callouts/10.png
rename to latest/images/gfx/icons/callouts/10.png
diff --git a/29/images/gfx/icons/callouts/11.png b/latest/images/gfx/icons/callouts/11.png
similarity index 100%
rename from 29/images/gfx/icons/callouts/11.png
rename to latest/images/gfx/icons/callouts/11.png
diff --git a/29/images/gfx/icons/callouts/12.png b/latest/images/gfx/icons/callouts/12.png
similarity index 100%
rename from 29/images/gfx/icons/callouts/12.png
rename to latest/images/gfx/icons/callouts/12.png
diff --git a/29/images/gfx/icons/callouts/13.png b/latest/images/gfx/icons/callouts/13.png
similarity index 100%
rename from 29/images/gfx/icons/callouts/13.png
rename to latest/images/gfx/icons/callouts/13.png
diff --git a/29/images/gfx/icons/callouts/14.png b/latest/images/gfx/icons/callouts/14.png
similarity index 100%
rename from 29/images/gfx/icons/callouts/14.png
rename to latest/images/gfx/icons/callouts/14.png
diff --git a/29/images/gfx/icons/callouts/15.png b/latest/images/gfx/icons/callouts/15.png
similarity index 100%
rename from 29/images/gfx/icons/callouts/15.png
rename to latest/images/gfx/icons/callouts/15.png
diff --git a/29/images/gfx/icons/callouts/2.png b/latest/images/gfx/icons/callouts/2.png
similarity index 100%
rename from 29/images/gfx/icons/callouts/2.png
rename to latest/images/gfx/icons/callouts/2.png
diff --git a/29/images/gfx/icons/callouts/3.png b/latest/images/gfx/icons/callouts/3.png
similarity index 100%
rename from 29/images/gfx/icons/callouts/3.png
rename to latest/images/gfx/icons/callouts/3.png
diff --git a/29/images/gfx/icons/callouts/4.png b/latest/images/gfx/icons/callouts/4.png
similarity index 100%
rename from 29/images/gfx/icons/callouts/4.png
rename to latest/images/gfx/icons/callouts/4.png
diff --git a/29/images/gfx/icons/callouts/5.png b/latest/images/gfx/icons/callouts/5.png
similarity index 100%
rename from 29/images/gfx/icons/callouts/5.png
rename to latest/images/gfx/icons/callouts/5.png
diff --git a/29/images/gfx/icons/callouts/6.png b/latest/images/gfx/icons/callouts/6.png
similarity index 100%
rename from 29/images/gfx/icons/callouts/6.png
rename to latest/images/gfx/icons/callouts/6.png
diff --git a/29/images/gfx/icons/callouts/7.png b/latest/images/gfx/icons/callouts/7.png
similarity index 100%
rename from 29/images/gfx/icons/callouts/7.png
rename to latest/images/gfx/icons/callouts/7.png
diff --git a/29/images/gfx/icons/callouts/8.png b/latest/images/gfx/icons/callouts/8.png
similarity index 100%
rename from 29/images/gfx/icons/callouts/8.png
rename to latest/images/gfx/icons/callouts/8.png
diff --git a/29/images/gfx/icons/callouts/9.png b/latest/images/gfx/icons/callouts/9.png
similarity index 100%
rename from 29/images/gfx/icons/callouts/9.png
rename to latest/images/gfx/icons/callouts/9.png
diff --git a/29/images/gfx/icons/caution.png b/latest/images/gfx/icons/caution.png
similarity index 100%
rename from 29/images/gfx/icons/caution.png
rename to latest/images/gfx/icons/caution.png
diff --git a/29/images/gfx/icons/example.png b/latest/images/gfx/icons/example.png
similarity index 100%
rename from 29/images/gfx/icons/example.png
rename to latest/images/gfx/icons/example.png
diff --git a/29/images/gfx/icons/home.png b/latest/images/gfx/icons/home.png
similarity index 100%
rename from 29/images/gfx/icons/home.png
rename to latest/images/gfx/icons/home.png
diff --git a/29/images/gfx/icons/important.png b/latest/images/gfx/icons/important.png
similarity index 100%
rename from 29/images/gfx/icons/important.png
rename to latest/images/gfx/icons/important.png
diff --git a/29/images/gfx/icons/next.png b/latest/images/gfx/icons/next.png
similarity index 100%
rename from 29/images/gfx/icons/next.png
rename to latest/images/gfx/icons/next.png
diff --git a/29/images/gfx/icons/note.png b/latest/images/gfx/icons/note.png
similarity index 100%
rename from 29/images/gfx/icons/note.png
rename to latest/images/gfx/icons/note.png
diff --git a/29/images/gfx/icons/prev.png b/latest/images/gfx/icons/prev.png
similarity index 100%
rename from 29/images/gfx/icons/prev.png
rename to latest/images/gfx/icons/prev.png
diff --git a/29/images/gfx/icons/tip.png b/latest/images/gfx/icons/tip.png
similarity index 100%
rename from 29/images/gfx/icons/tip.png
rename to latest/images/gfx/icons/tip.png
diff --git a/29/images/gfx/icons/up.png b/latest/images/gfx/icons/up.png
similarity index 100%
rename from 29/images/gfx/icons/up.png
rename to latest/images/gfx/icons/up.png
diff --git a/29/images/gfx/icons/warning.png b/latest/images/gfx/icons/warning.png
similarity index 100%
rename from 29/images/gfx/icons/warning.png
rename to latest/images/gfx/icons/warning.png
diff --git a/29/images/gfx/new.png b/latest/images/gfx/new.png
similarity index 100%
rename from 29/images/gfx/new.png
rename to latest/images/gfx/new.png
diff --git a/29/images/groupmapping.png b/latest/images/groupmapping.png
similarity index 100%
rename from 29/images/groupmapping.png
rename to latest/images/groupmapping.png
diff --git a/29/images/includeall.png b/latest/images/includeall.png
similarity index 100%
rename from 29/images/includeall.png
rename to latest/images/includeall.png
diff --git a/29/images/jaxrs/2_2_HVGA_Final.png b/latest/images/jaxrs/2_2_HVGA_Final.png
similarity index 100%
rename from 29/images/jaxrs/2_2_HVGA_Final.png
rename to latest/images/jaxrs/2_2_HVGA_Final.png
diff --git a/29/images/jaxrs/2_2_HVGA_Initial.png b/latest/images/jaxrs/2_2_HVGA_Initial.png
similarity index 100%
rename from 29/images/jaxrs/2_2_HVGA_Initial.png
rename to latest/images/jaxrs/2_2_HVGA_Initial.png
diff --git a/29/images/jaxrs/2_2_HVGA_Next.png b/latest/images/jaxrs/2_2_HVGA_Next.png
similarity index 100%
rename from 29/images/jaxrs/2_2_HVGA_Next.png
rename to latest/images/jaxrs/2_2_HVGA_Next.png
diff --git a/29/images/jaxrs/AndroidLibraries.png b/latest/images/jaxrs/AndroidLibraries.png
similarity index 100%
rename from 29/images/jaxrs/AndroidLibraries.png
rename to latest/images/jaxrs/AndroidLibraries.png
diff --git a/29/images/jaxrs/CreateAVD_.png b/latest/images/jaxrs/CreateAVD_.png
similarity index 100%
rename from 29/images/jaxrs/CreateAVD_.png
rename to latest/images/jaxrs/CreateAVD_.png
diff --git a/29/images/jaxrs/HostSettings.png b/latest/images/jaxrs/HostSettings.png
similarity index 100%
rename from 29/images/jaxrs/HostSettings.png
rename to latest/images/jaxrs/HostSettings.png
diff --git a/29/images/jaxrs/ImportExistingMavenProject.png b/latest/images/jaxrs/ImportExistingMavenProject.png
similarity index 100%
rename from 29/images/jaxrs/ImportExistingMavenProject.png
rename to latest/images/jaxrs/ImportExistingMavenProject.png
diff --git a/29/images/jaxrs/ListOfBooks.png b/latest/images/jaxrs/ListOfBooks.png
similarity index 100%
rename from 29/images/jaxrs/ListOfBooks.png
rename to latest/images/jaxrs/ListOfBooks.png
diff --git a/29/images/jaxrs/NewAndroidProject.png b/latest/images/jaxrs/NewAndroidProject.png
similarity index 100%
rename from 29/images/jaxrs/NewAndroidProject.png
rename to latest/images/jaxrs/NewAndroidProject.png
diff --git a/29/images/jaxrs/NoBooks.png b/latest/images/jaxrs/NoBooks.png
similarity index 100%
rename from 29/images/jaxrs/NoBooks.png
rename to latest/images/jaxrs/NoBooks.png
diff --git a/29/images/jaxrs/ProjectExplorerA.png b/latest/images/jaxrs/ProjectExplorerA.png
similarity index 100%
rename from 29/images/jaxrs/ProjectExplorerA.png
rename to latest/images/jaxrs/ProjectExplorerA.png
diff --git a/29/images/jaxrs/ProjectExplorerB.png b/latest/images/jaxrs/ProjectExplorerB.png
similarity index 100%
rename from 29/images/jaxrs/ProjectExplorerB.png
rename to latest/images/jaxrs/ProjectExplorerB.png
diff --git a/29/images/jaxrs/RunConfiguration.png b/latest/images/jaxrs/RunConfiguration.png
similarity index 100%
rename from 29/images/jaxrs/RunConfiguration.png
rename to latest/images/jaxrs/RunConfiguration.png
diff --git a/29/images/jsf/05222f3059e387df96ce04d2aea156c82af15096.jpg b/latest/images/jsf/05222f3059e387df96ce04d2aea156c82af15096.jpg
similarity index 100%
rename from 29/images/jsf/05222f3059e387df96ce04d2aea156c82af15096.jpg
rename to latest/images/jsf/05222f3059e387df96ce04d2aea156c82af15096.jpg
diff --git a/29/images/jsf/0b3d1cb5794fb54a2465da93648b5a0d1a6643f3.jpg b/latest/images/jsf/0b3d1cb5794fb54a2465da93648b5a0d1a6643f3.jpg
similarity index 100%
rename from 29/images/jsf/0b3d1cb5794fb54a2465da93648b5a0d1a6643f3.jpg
rename to latest/images/jsf/0b3d1cb5794fb54a2465da93648b5a0d1a6643f3.jpg
diff --git a/29/images/jsf/1096ebbbf2b29e694e300e02a48d0fa4207cb746.jpg b/latest/images/jsf/1096ebbbf2b29e694e300e02a48d0fa4207cb746.jpg
similarity index 100%
rename from 29/images/jsf/1096ebbbf2b29e694e300e02a48d0fa4207cb746.jpg
rename to latest/images/jsf/1096ebbbf2b29e694e300e02a48d0fa4207cb746.jpg
diff --git a/29/images/jsf/1231420c938f087030cb3dcd37237b5585beb154.jpg b/latest/images/jsf/1231420c938f087030cb3dcd37237b5585beb154.jpg
similarity index 100%
rename from 29/images/jsf/1231420c938f087030cb3dcd37237b5585beb154.jpg
rename to latest/images/jsf/1231420c938f087030cb3dcd37237b5585beb154.jpg
diff --git a/29/images/jsf/2._java.jpg b/latest/images/jsf/2._java.jpg
similarity index 100%
rename from 29/images/jsf/2._java.jpg
rename to latest/images/jsf/2._java.jpg
diff --git a/29/images/jsf/2499d43c0dce2cab72ba472c8452a2b57999ac84.jpg b/latest/images/jsf/2499d43c0dce2cab72ba472c8452a2b57999ac84.jpg
similarity index 100%
rename from 29/images/jsf/2499d43c0dce2cab72ba472c8452a2b57999ac84.jpg
rename to latest/images/jsf/2499d43c0dce2cab72ba472c8452a2b57999ac84.jpg
diff --git a/29/images/jsf/2f192d02993248c97e2ac42ea8f3105d855e5cdf.jpg b/latest/images/jsf/2f192d02993248c97e2ac42ea8f3105d855e5cdf.jpg
similarity index 100%
rename from 29/images/jsf/2f192d02993248c97e2ac42ea8f3105d855e5cdf.jpg
rename to latest/images/jsf/2f192d02993248c97e2ac42ea8f3105d855e5cdf.jpg
diff --git a/29/images/jsf/30bbef45137c7d45ae300ba8d551423d1feefc96.png b/latest/images/jsf/30bbef45137c7d45ae300ba8d551423d1feefc96.png
similarity index 100%
rename from 29/images/jsf/30bbef45137c7d45ae300ba8d551423d1feefc96.png
rename to latest/images/jsf/30bbef45137c7d45ae300ba8d551423d1feefc96.png
diff --git a/29/images/jsf/359484b8f6f2c655d94132e9cb6f9dbe5a058656.jpg b/latest/images/jsf/359484b8f6f2c655d94132e9cb6f9dbe5a058656.jpg
similarity index 100%
rename from 29/images/jsf/359484b8f6f2c655d94132e9cb6f9dbe5a058656.jpg
rename to latest/images/jsf/359484b8f6f2c655d94132e9cb6f9dbe5a058656.jpg
diff --git a/29/images/jsf/3a3ee36eb581930822c4a66362795345f5d2f9a7.jpg b/latest/images/jsf/3a3ee36eb581930822c4a66362795345f5d2f9a7.jpg
similarity index 100%
rename from 29/images/jsf/3a3ee36eb581930822c4a66362795345f5d2f9a7.jpg
rename to latest/images/jsf/3a3ee36eb581930822c4a66362795345f5d2f9a7.jpg
diff --git a/29/images/jsf/52369d67f9117c924213de24dd6642b48e47a436.png b/latest/images/jsf/52369d67f9117c924213de24dd6642b48e47a436.png
similarity index 100%
rename from 29/images/jsf/52369d67f9117c924213de24dd6642b48e47a436.png
rename to latest/images/jsf/52369d67f9117c924213de24dd6642b48e47a436.png
diff --git a/29/images/jsf/5ad5d0216d3326e9bc29705042db59f11c3c1e70.png b/latest/images/jsf/5ad5d0216d3326e9bc29705042db59f11c3c1e70.png
similarity index 100%
rename from 29/images/jsf/5ad5d0216d3326e9bc29705042db59f11c3c1e70.png
rename to latest/images/jsf/5ad5d0216d3326e9bc29705042db59f11c3c1e70.png
diff --git a/29/images/jsf/5ea6987d1635c2c58d3ccdb1f5718f29d6a0fac3.png b/latest/images/jsf/5ea6987d1635c2c58d3ccdb1f5718f29d6a0fac3.png
similarity index 100%
rename from 29/images/jsf/5ea6987d1635c2c58d3ccdb1f5718f29d6a0fac3.png
rename to latest/images/jsf/5ea6987d1635c2c58d3ccdb1f5718f29d6a0fac3.png
diff --git a/29/images/jsf/6802fb7e29283d0e064a7cc4466b918995ba5645.jpg b/latest/images/jsf/6802fb7e29283d0e064a7cc4466b918995ba5645.jpg
similarity index 100%
rename from 29/images/jsf/6802fb7e29283d0e064a7cc4466b918995ba5645.jpg
rename to latest/images/jsf/6802fb7e29283d0e064a7cc4466b918995ba5645.jpg
diff --git a/29/images/jsf/6b2296be1bb2d8a81952caef0f025a139a39b381.jpg b/latest/images/jsf/6b2296be1bb2d8a81952caef0f025a139a39b381.jpg
similarity index 100%
rename from 29/images/jsf/6b2296be1bb2d8a81952caef0f025a139a39b381.jpg
rename to latest/images/jsf/6b2296be1bb2d8a81952caef0f025a139a39b381.jpg
diff --git a/29/images/jsf/7103da6b6323e515a03a04cafe111aa7c6b3169d.jpg b/latest/images/jsf/7103da6b6323e515a03a04cafe111aa7c6b3169d.jpg
similarity index 100%
rename from 29/images/jsf/7103da6b6323e515a03a04cafe111aa7c6b3169d.jpg
rename to latest/images/jsf/7103da6b6323e515a03a04cafe111aa7c6b3169d.jpg
diff --git a/29/images/jsf/8108c4f111aab2c3465472eb84cf1d9b7cf912d0.jpg b/latest/images/jsf/8108c4f111aab2c3465472eb84cf1d9b7cf912d0.jpg
similarity index 100%
rename from 29/images/jsf/8108c4f111aab2c3465472eb84cf1d9b7cf912d0.jpg
rename to latest/images/jsf/8108c4f111aab2c3465472eb84cf1d9b7cf912d0.jpg
diff --git a/29/images/jsf/8327bbe0e83cb7170dd84767631c98956e91c42c.jpg b/latest/images/jsf/8327bbe0e83cb7170dd84767631c98956e91c42c.jpg
similarity index 100%
rename from 29/images/jsf/8327bbe0e83cb7170dd84767631c98956e91c42c.jpg
rename to latest/images/jsf/8327bbe0e83cb7170dd84767631c98956e91c42c.jpg
diff --git a/29/images/jsf/8b8d0051f4f15033f17cb859c65f2d8481914678.jpg b/latest/images/jsf/8b8d0051f4f15033f17cb859c65f2d8481914678.jpg
similarity index 100%
rename from 29/images/jsf/8b8d0051f4f15033f17cb859c65f2d8481914678.jpg
rename to latest/images/jsf/8b8d0051f4f15033f17cb859c65f2d8481914678.jpg
diff --git a/29/images/jsf/91e40cd0b1545cff4622857d6dc9959f96faf056.jpg b/latest/images/jsf/91e40cd0b1545cff4622857d6dc9959f96faf056.jpg
similarity index 100%
rename from 29/images/jsf/91e40cd0b1545cff4622857d6dc9959f96faf056.jpg
rename to latest/images/jsf/91e40cd0b1545cff4622857d6dc9959f96faf056.jpg
diff --git a/29/images/jsf/97d781c6be9db755aef80a110f1d9b29590610d6.jpg b/latest/images/jsf/97d781c6be9db755aef80a110f1d9b29590610d6.jpg
similarity index 100%
rename from 29/images/jsf/97d781c6be9db755aef80a110f1d9b29590610d6.jpg
rename to latest/images/jsf/97d781c6be9db755aef80a110f1d9b29590610d6.jpg
diff --git a/29/images/jsf/9988c572bad281146f405e9287f645a3da201885.jpg b/latest/images/jsf/9988c572bad281146f405e9287f645a3da201885.jpg
similarity index 100%
rename from 29/images/jsf/9988c572bad281146f405e9287f645a3da201885.jpg
rename to latest/images/jsf/9988c572bad281146f405e9287f645a3da201885.jpg
diff --git a/29/images/jsf/a96b7d32e04aa67956bd00a187f09b75a5af241e.jpg b/latest/images/jsf/a96b7d32e04aa67956bd00a187f09b75a5af241e.jpg
similarity index 100%
rename from 29/images/jsf/a96b7d32e04aa67956bd00a187f09b75a5af241e.jpg
rename to latest/images/jsf/a96b7d32e04aa67956bd00a187f09b75a5af241e.jpg
diff --git a/29/images/jsf/b8323caf6980c40c3d635db5e308b03847618d06.jpg b/latest/images/jsf/b8323caf6980c40c3d635db5e308b03847618d06.jpg
similarity index 100%
rename from 29/images/jsf/b8323caf6980c40c3d635db5e308b03847618d06.jpg
rename to latest/images/jsf/b8323caf6980c40c3d635db5e308b03847618d06.jpg
diff --git a/29/images/jsf/d68a0cdbc8c90db3db8af998f34616f73c7fe809.jpg b/latest/images/jsf/d68a0cdbc8c90db3db8af998f34616f73c7fe809.jpg
similarity index 100%
rename from 29/images/jsf/d68a0cdbc8c90db3db8af998f34616f73c7fe809.jpg
rename to latest/images/jsf/d68a0cdbc8c90db3db8af998f34616f73c7fe809.jpg
diff --git a/29/images/jsf/d7e6ab58230b2d31fdcd8fd5f14cd4eb47b05f64.jpg b/latest/images/jsf/d7e6ab58230b2d31fdcd8fd5f14cd4eb47b05f64.jpg
similarity index 100%
rename from 29/images/jsf/d7e6ab58230b2d31fdcd8fd5f14cd4eb47b05f64.jpg
rename to latest/images/jsf/d7e6ab58230b2d31fdcd8fd5f14cd4eb47b05f64.jpg
diff --git a/29/images/jsf/dc0550785aae11f9d3eb439fdc0c51069affd25d.jpg b/latest/images/jsf/dc0550785aae11f9d3eb439fdc0c51069affd25d.jpg
similarity index 100%
rename from 29/images/jsf/dc0550785aae11f9d3eb439fdc0c51069affd25d.jpg
rename to latest/images/jsf/dc0550785aae11f9d3eb439fdc0c51069affd25d.jpg
diff --git a/29/images/jsf/e6947b84a56a698ca1392a440081bddfb5cae284.jpg b/latest/images/jsf/e6947b84a56a698ca1392a440081bddfb5cae284.jpg
similarity index 100%
rename from 29/images/jsf/e6947b84a56a698ca1392a440081bddfb5cae284.jpg
rename to latest/images/jsf/e6947b84a56a698ca1392a440081bddfb5cae284.jpg
diff --git a/29/images/jsf/eaac5cb1a836809ab29513346b527fe051b7c7ac.png b/latest/images/jsf/eaac5cb1a836809ab29513346b527fe051b7c7ac.png
similarity index 100%
rename from 29/images/jsf/eaac5cb1a836809ab29513346b527fe051b7c7ac.png
rename to latest/images/jsf/eaac5cb1a836809ab29513346b527fe051b7c7ac.png
diff --git a/29/images/jsf/f7b29ac8009f04fc7f209222ced0bcf54f4b8d9a.jpg b/latest/images/jsf/f7b29ac8009f04fc7f209222ced0bcf54f4b8d9a.jpg
similarity index 100%
rename from 29/images/jsf/f7b29ac8009f04fc7f209222ced0bcf54f4b8d9a.jpg
rename to latest/images/jsf/f7b29ac8009f04fc7f209222ced0bcf54f4b8d9a.jpg
diff --git a/29/images/no-users.png b/latest/images/no-users.png
similarity index 100%
rename from 29/images/no-users.png
rename to latest/images/no-users.png
diff --git a/29/images/runasrole.png b/latest/images/runasrole.png
similarity index 100%
rename from 29/images/runasrole.png
rename to latest/images/runasrole.png
diff --git a/29/images/scopedroles.png b/latest/images/scopedroles.png
similarity index 100%
rename from 29/images/scopedroles.png
rename to latest/images/scopedroles.png
diff --git a/29/images/splash_wildflylogo_small.png b/latest/images/splash_wildflylogo_small.png
similarity index 100%
rename from 29/images/splash_wildflylogo_small.png
rename to latest/images/splash_wildflylogo_small.png
diff --git a/29/images/update-app-user-interactive.png b/latest/images/update-app-user-interactive.png
similarity index 100%
rename from 29/images/update-app-user-interactive.png
rename to latest/images/update-app-user-interactive.png
diff --git a/29/images/update-mgmt-user-interactive.png b/latest/images/update-mgmt-user-interactive.png
similarity index 100%
rename from 29/images/update-mgmt-user-interactive.png
rename to latest/images/update-mgmt-user-interactive.png
diff --git a/29/images/usermapping.png b/latest/images/usermapping.png
similarity index 100%
rename from 29/images/usermapping.png
rename to latest/images/usermapping.png
diff --git a/29/images/wildfly.png b/latest/images/wildfly.png
similarity index 100%
rename from 29/images/wildfly.png
rename to latest/images/wildfly.png
diff --git a/latest/index.html b/latest/index.html
new file mode 100644
index 000000000..4ee30c1e3
--- /dev/null
+++ b/latest/index.html
@@ -0,0 +1,696 @@
+
+
+
+
+
+
+
+WildFly Documentation
+
+
+
+
+
+
Welcome to the WildFly documentation. The documentation for WildFly is
+split into multiple categories:
+
+
+
+
+
Installation Guides for those wanting to understand the flexibility
+that WildFly offers when it comes to server installation and application deployment.
+
+
+
Administrator Guides for those wanting to understand how to install
+and configure the server.
+
+
+
Developer Guides for those wanting to understand how to develop
+applications for the server.
+
+
+
Migration Guide for information related to migrating away from removed features.
+
+
+
Model Reference for those wanting information about all
+of configuration options available via the WildFly management model.
+
+
+
Security Guide for those wanting to understand how to secure the WildFly server and applications.
+
+
+
Client Guide for those wanting to understand configuration of WildFly clients.
+
+
+
Quickstarts for those wanting to jump into code and start using WildFly.
+
+
+
+
+
+
+
Installation Guides
+
+
+
+
+
The WildFly and WildFly Preview document introduces the different
+appserver variants produced by the WildFly project: the standard WildFly variant and the early-look tech preview
+WildFly Preview variant.
+
+
+
The Installation Guide helps you identify
+the kind of WildFly installation that best fits your application’s deployment needs:
+a WildFly zip installation, a WildFly server provisioned with Galleon or a WildFly bootable JAR.
+
+
+
The Bootable JAR Guide shows you how to package your application and the WildFly server
+into a bootable JAR.
The Getting Started Guide shows you
+how to install and start the server, how to configure logging, how to
+deploy an application, how to deploy a datasource, and how to get
+started using the command line interface and web management interface.
+
+
+
The Admin Guide provides detailed information
+on using the CLI and web management interface, shows you how to administer a WildFly managed
+domain, and shows you how to configure key subsystems.
+
+
+
The High Availability Guide shows
+you how to create a cluster, how to configure the web container and Jakarta Enterprise Beans
+container for clustering and how to configure load balancing
+and failover.
+
+
+
+
+
+
+
Developer Guides
+
+
+
+
+
The Getting
+Started Developing Applications Guide shows you how to build Jakarta EE
+applications and deploy them to WildFly. The guide starts by showing you
+the simplest helloworld application using just Servlet and Jakarta Contexts and Dependency Injection, and
+then adds in Jakarta Faces, persistence and transactions, Jakarta Enterprise Beans, Bean Validation,
+RESTful web services and more. Finally, you’ll get the opportunity to create
+your own skeleton project. Each tutorial is accompanied by a quickstart,
+which contains the source code, deployment descriptors and a Maven based
+build.
+
+
+
The Developer Guide ( in progress) takes
+you through every deployment descriptor and every annotation offered by
+WildFly.
+
+
+
The Extending WildFly guide walks you
+through creating a new WildFly subsystem extension, in order to add more
+functionality to WildFly, and shows how to test it before plugging it
+into WildFly.
The Migration Guide describes alternative options for
+features which have been removed from WildFly.
+
+
+
+
+
+
+
Model Reference
+
+
+
+
+
The WildFly model reference provides information about all standalone server and managed domain
+configuration options, using information generated directly from the WildFly management model.
+
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/capability-registry/index.html b/latest/wildscribe/core-service/capability-registry/index.html
new file mode 100644
index 000000000..d120e90fb
--- /dev/null
+++ b/latest/wildscribe/core-service/capability-registry/index.html
@@ -0,0 +1,37 @@
+ WildFly Full 29 Model Reference
Address of the dependent resource that references the capability.
Reply properties
type
LIST
Value Type
STRING
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/audit/file-handler/index.html b/latest/wildscribe/core-service/management/access/audit/file-handler/index.html
new file mode 100644
index 000000000..bc3d9407b
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/audit/file-handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
rotate-at-startup Whether the old log file should be rotated at server startup.
The maximum number of logging failures before disabling this handler.
path
STRING
true
true
The path of the audit log file.
relative-to
STRING
false
false
The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.
rotate-at-startup
BOOLEAN
false
false
true
Whether the old log file should be rotated at server startup.
recycle Resets the file handler failure count, and backs up the current log file.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/audit/in-memory-handler/index.html b/latest/wildscribe/core-service/management/access/audit/in-memory-handler/index.html
new file mode 100644
index 000000000..87df1b8ce
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/audit/in-memory-handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/audit/index.html b/latest/wildscribe/core-service/management/access/audit/index.html
new file mode 100644
index 000000000..810fb1be8
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/audit/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove Removes the management audit top-level resource.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/audit/json-formatter/index.html b/latest/wildscribe/core-service/management/access/audit/json-formatter/index.html
new file mode 100644
index 000000000..81a1c6bce
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/audit/json-formatter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The management audit log configuration is deprecated and may be removed or moved in future versions.
A json formatter for audit log messages.
Attributes (6)
compact If true will format the JSON on one line. There may still be values containing new lines, so if having the whole record on one line is important, set escape-new-line or escape-control-characters to true.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
date-format The date format to use as understood by java.text.SimpleDateFormat. Will be ignored if include-date="false".
Attribute
Value
Default Value
yyyy-MM-dd HH:mm:ss
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
date-separator The separator between the date and the rest of the formatted log message. Will be ignored if include-date="false".
Attribute
Value
Default Value
-
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
escape-control-characters If true will escape all control characters (ascii entries with a decimal value < 32) with the ascii code in octal, e.g.' becomes '#012'. If this is true, it will override escape-new-line="false".
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
escape-new-line If true will escape all new lines with the ascii code in octal, e.g. "#012".
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
include-date Whether or not to include the date in the formatted log record.
If true will format the JSON on one line. There may still be values containing new lines, so if having the whole record on one line is important, set escape-new-line or escape-control-characters to true.
date-format
STRING
false
true
yyyy-MM-dd HH:mm:ss
The date format to use as understood by java.text.SimpleDateFormat. Will be ignored if include-date="false".
date-separator
STRING
false
true
-
The separator between the date and the rest of the formatted log message. Will be ignored if include-date="false".
escape-control-characters
BOOLEAN
false
true
false
If true will escape all control characters (ascii entries with a decimal value < 32) with the ascii code in octal, e.g.' becomes '#012'. If this is true, it will override escape-new-line="false".
escape-new-line
BOOLEAN
false
true
false
If true will escape all new lines with the ascii code in octal, e.g. "#012".
include-date
BOOLEAN
false
true
true
Whether or not to include the date in the formatted log record.
remove Removes a json formatter for the audit logging.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/audit/logger/audit-log/handler/index.html b/latest/wildscribe/core-service/management/access/audit/logger/audit-log/handler/index.html
new file mode 100644
index 000000000..2d0d1b205
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/audit/logger/audit-log/handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The management audit log configuration is deprecated and may be removed or moved in future versions.
A reference to a file or syslog audit log handler. The name of the handler is denoted by the value of the address.
Operations (2)
add Adds a reference to a file or syslog audit log handler.
remove Removes a reference to a file or syslog audit log handler.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/audit/logger/audit-log/index.html b/latest/wildscribe/core-service/management/access/audit/logger/audit-log/index.html
new file mode 100644
index 000000000..7da3f4044
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/audit/logger/audit-log/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Whether operations should be logged on server boot.
log-read-only
BOOLEAN
false
true
false
Whether operations that do not modify the configuration or any runtime services should be logged.
remove Removes the management audit top-level resource.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/audit/periodic-rotating-file-handler/index.html b/latest/wildscribe/core-service/management/access/audit/periodic-rotating-file-handler/index.html
new file mode 100644
index 000000000..6d18e08ae
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/audit/periodic-rotating-file-handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A management audit log handler which writes to a file, rotating the log after a time period derived from the given suffix string, which should be in a format understood by java.text.SimpleDateFormat.
relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
suffix The suffix string in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (3)
add Adds an audit log periodic-rotating file handler.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
formatter
STRING
true
false
The formatter used to format the log messages.
max-failure-count
INT
false
true
10
The maximum number of logging failures before disabling this handler.
path
STRING
true
true
The path of the audit log file.
relative-to
STRING
false
false
The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.
suffix
STRING
true
true
The suffix string in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
recycle Resets the file handler failure count, and backs up the current log file.
remove Removes an audit log periodic-rotating file handler.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/audit/size-rotating-file-handler/index.html b/latest/wildscribe/core-service/management/access/audit/size-rotating-file-handler/index.html
new file mode 100644
index 000000000..fe96dc4a9
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/audit/size-rotating-file-handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A management audit log handler which writes to a file, rotating the log after the size of the file grows beyond a certain point and keeping a fixed number of backups.
relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
rotate-size The size at which to rotate the log file.
The maximum number of logging failures before disabling this handler.
path
STRING
true
true
The path of the audit log file.
relative-to
STRING
false
false
The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.
rotate-size
STRING
false
true
10m
The size at which to rotate the log file.
recycle Resets the file handler failure count, and backs up the current log file.
remove Removes an audit log size-rotating file handler.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/audit/syslog-handler/index.html b/latest/wildscribe/core-service/management/access/audit/syslog-handler/index.html
new file mode 100644
index 000000000..b76d8ade0
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/audit/syslog-handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The management audit log configuration is deprecated and may be removed or moved in future versions.
A syslog handler for use with the management audit logging service.
Children (1)
protocol The protocol to use for the syslog handler. Must be one and only one of 'udp', 'tcp' or 'tls'.
tcp Configuration to append to syslog over tcp/ip.
tls Configuration to append to syslog over tls over tcp/ip.
udp Configuration to append to syslog over udp/ip.
Attributes (9)
app-name The application name to add to the syslog records as defined in section 6.2.5 of RFC-5424. If not specified it will default to the name of the product.
failure-count The number of logging failures since the handler was initialized.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
formatter The formatter used to format the log messages.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-failure-count The maximum number of logging failures before disabling this handler.
Attribute
Value
Default Value
10
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-length The maximum length in bytes a log message, including the header, is allowed to be. If undefined, it will default to 1024 bytes if the syslog-format is RFC3164, or 2048 bytes if the syslog-format is RFC5424.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
syslog-format Whether to set the syslog format to the one specified in RFC-5424 or RFC-3164.
Attribute
Value
Default Value
RFC5424
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
RFC5424 RFC3164
truncate Whether or not a message, including the header, should truncate the message if the length in bytes is greater than the maximum length. If set to false messages will be split and sent with the same header values.
The application name to add to the syslog records as defined in section 6.2.5 of RFC-5424. If not specified it will default to the name of the product.
facility
STRING
false
true
USER_LEVEL
The facility to use for syslog logging as defined in section 6.2.1 of RFC-5424, and section 4.1.1 of RFC-3164.
formatter
STRING
true
false
The formatter used to format the log messages.
max-failure-count
INT
false
true
10
The maximum number of logging failures before disabling this handler.
max-length
INT
false
true
The maximum length in bytes a log message, including the header, is allowed to be. If undefined, it will default to 1024 bytes if the syslog-format is RFC3164, or 2048 bytes if the syslog-format is RFC5424.
syslog-format
STRING
false
true
RFC5424
Whether to set the syslog format to the one specified in RFC-5424 or RFC-3164.
truncate
BOOLEAN
false
true
false
Whether or not a message, including the header, should truncate the message if the length in bytes is greater than the maximum length. If set to false messages will be split and sent with the same header values.
recycle Resets the syslog handler failure count, disconnects and reconnects to the syslog server.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tcp/index.html b/latest/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tcp/index.html
new file mode 100644
index 000000000..9ed6518fb
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tcp/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The management audit log configuration is deprecated and may be removed or moved in future versions.
Configuration to append to syslog over tcp/ip.
Attributes (4)
host The host of the syslog server for the tcp requests.
Attribute
Value
Default Value
localhost
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
message-transfer The message transfer setting as described in section 3.4 of RFC-6587. This can either be OCTET_COUNTING as described in section 3.4.1 of RFC-6587, or NON_TRANSPARENT_FRAMING as described in section 3.4.1 of RFC-6587. See your syslog provider's documentation for what is supported.
Attribute
Value
Default Value
NON_TRANSPARENT_FRAMING
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
port The port of the syslog server for the tcp requests.
Attribute
Value
Default Value
514
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
reconnect-timeout If a connection drop is detected, the number of seconds to wait before reconnecting. A negative number means don't reconnect automatically.
The host of the syslog server for the tcp requests.
message-transfer
STRING
false
true
NON_TRANSPARENT_FRAMING
The message transfer setting as described in section 3.4 of RFC-6587. This can either be OCTET_COUNTING as described in section 3.4.1 of RFC-6587, or NON_TRANSPARENT_FRAMING as described in section 3.4.1 of RFC-6587. See your syslog provider's documentation for what is supported.
port
INT
false
true
514
The port of the syslog server for the tcp requests.
reconnect-timeout
INT
false
true
-1
If a connection drop is detected, the number of seconds to wait before reconnecting. A negative number means don't reconnect automatically.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/authentication/client-certificate-store/index.html b/latest/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/authentication/client-certificate-store/index.html
new file mode 100644
index 000000000..fac349b50
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/authentication/client-certificate-store/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
key-password-credential-reference The reference to credential for the keystore key stored in CredentialStore under defined alias or clear text password.
keystore-password-credential-reference The reference to credential for the keystore password stored in CredentialStore under defined alias or clear text password.
keystore-relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'keystore-relative-to' is provided, the value of the 'keystore-path' attribute is treated as relative to the path specified by this attribute.
The reference to credential for the keystore key stored in CredentialStore under defined alias or clear text password.
keystore-password
STRING
false
true
The password for the keystore.
keystore-password-credential-reference
OBJECT
true
false
The reference to credential for the keystore password stored in CredentialStore under defined alias or clear text password.
keystore-path
STRING
false
true
The path of the keystore.
keystore-relative-to
STRING
false
false
The name of another previously named path, or of one of the standard paths provided by the system. If 'keystore-relative-to' is provided, the value of the 'keystore-path' attribute is treated as relative to the path specified by this attribute.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/authentication/truststore/index.html b/latest/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/authentication/truststore/index.html
new file mode 100644
index 000000000..488478e0b
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/authentication/truststore/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
keystore-password-credential-reference The reference to credential for the truststore password stored in CredentialStore under defined alias or clear text password.
keystore-relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'keystore-relative-to' is provided, the value of the 'keystore-path' attribute is treated as relative to the path specified by this attribute.
The reference to credential for the truststore password stored in CredentialStore under defined alias or clear text password.
keystore-path
STRING
false
true
The path of the truststore.
keystore-relative-to
STRING
false
false
The name of another previously named path, or of one of the standard paths provided by the system. If 'keystore-relative-to' is provided, the value of the 'keystore-path' attribute is treated as relative to the path specified by this attribute.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/index.html b/latest/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/index.html
new file mode 100644
index 000000000..071017250
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/audit/syslog-handler/protocol/tls/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The management audit log configuration is deprecated and may be removed or moved in future versions.
Configuration to append to syslog over tls over tcp/ip.
Children (1)
authentication Configuration for the truststore for the server certificate if not signed by an authority, and the keystore containing the client certificate if the syslog server is set up to require client authentication.
client-certificate-store Configuration for the keystore containing the client certificate if the syslog server requires authentication.
truststore Configuration for the truststore for the server certificate, if not signed by an authority.
Attributes (4)
host The host of the syslog server for the tls over tcp requests.
Attribute
Value
Default Value
localhost
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
message-transfer The message transfer setting as described in section 3.4 of RFC-6587. This can either be OCTET_COUNTING as described in section 3.4.1 of RFC-6587, or NON_TRANSPARENT_FRAMING as described in section 3.4.1 of RFC-6587. See your syslog provider's documentation for what is supported.
Attribute
Value
Default Value
NON_TRANSPARENT_FRAMING
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
port The port of the syslog server for the tls over tcp requests.
Attribute
Value
Default Value
514
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
reconnect-timeout If a connection drop is detected, the number of seconds to wait before reconnecting. A negative number means don't reconnect automatically.
The host of the syslog server for the tls over tcp requests.
message-transfer
STRING
false
true
NON_TRANSPARENT_FRAMING
The message transfer setting as described in section 3.4 of RFC-6587. This can either be OCTET_COUNTING as described in section 3.4.1 of RFC-6587, or NON_TRANSPARENT_FRAMING as described in section 3.4.1 of RFC-6587. See your syslog provider's documentation for what is supported.
port
INT
false
true
514
The port of the syslog server for the tls over tcp requests.
reconnect-timeout
INT
false
true
-1
If a connection drop is detected, the number of seconds to wait before reconnecting. A negative number means don't reconnect automatically.
remove Remove the syslog tls over tcp/ip protocol.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/audit/syslog-handler/protocol/udp/index.html b/latest/wildscribe/core-service/management/access/audit/syslog-handler/protocol/udp/index.html
new file mode 100644
index 000000000..53b48cc68
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/audit/syslog-handler/protocol/udp/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/authorization/constraint/application-classification/index.html b/latest/wildscribe/core-service/management/access/authorization/constraint/application-classification/index.html
new file mode 100644
index 000000000..6f5f43b55
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/authorization/constraint/application-classification/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configuration of the application classification constraints.
Children (1)
type The named application classifications grouped by the constraint's subsystem, or 'core' if it comes from the core model.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/classification/applies-to/index.html b/latest/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/classification/applies-to/index.html
new file mode 100644
index 000000000..abfe7e883
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/classification/applies-to/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Information about the resources, attributes and operations to which an access control constraint applies.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (4)
address Address pattern describing a resource or resources to which the constraint applies.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
attributes List of the names of attributes to which the constraint specifically applies.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
entire-resource True if the constraint applies to the resource as a whole; false if it only applies to one or more attributes or operations.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
operations List of the names of operations to which the constraint specifically applies.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/classification/index.html b/latest/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/classification/index.html
new file mode 100644
index 000000000..5c09a956b
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/classification/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configuration of an application classification constraint.
Children (1)
applies-to Information about the resources, attributes and operations to which this application classification constraint applies.
Attributes (2)
configured-application Set to override the default as to whether the constraint is considered an application resource.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
default-application Whether targets having this application type constraint are considered application resources.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/index.html b/latest/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/index.html
new file mode 100644
index 000000000..06ead99eb
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/authorization/constraint/application-classification/type/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The application classification constraints by type. Type is either 'core' or the name of a subsystem.
Children (1)
classification The application classification constraints by type.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/index.html b/latest/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/index.html
new file mode 100644
index 000000000..f9ebda911
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
type The named application classifications grouped by the constraint's subsystem, or 'core' if it comes from the core model.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/classification/applies-to/index.html b/latest/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/classification/applies-to/index.html
new file mode 100644
index 000000000..7e6629345
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/classification/applies-to/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Information about the resources, attributes and operations to which an access control constraint applies.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (4)
address Address pattern describing a resource or resources to which the constraint applies.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
attributes List of the names of attributes to which the constraint specifically applies.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
entire-resource True if the constraint applies to the resource as a whole; false if it only applies to one or more attributes or operations.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
operations List of the names of operations to which the constraint specifically applies.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/classification/index.html b/latest/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/classification/index.html
new file mode 100644
index 000000000..8b12ff632
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/classification/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
applies-to Information about the resources, attributes and operations to which this sensitivity classification constraint applies.
Attributes (6)
configured-requires-addressable Set to override the default as to whether the visibility of resources annotated with this sensitivity constraint should be considered sensitive.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
configured-requires-read Set to override the default as to whether reading attributes annotated with this sensitivity constraint should be considered sensitive.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
configured-requires-write Set to override the default as to whether writing attributes annotated with this sensitivity constraint should be considered sensitive.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
default-requires-addressable Whether the visibility of resources annotated with this sensitivity constraint should be considered sensitive.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
default-requires-read Whether reading attributes annotated with this sensitivity constraint should be considered sensitive.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
default-requires-write Whether writing attributes annotated with this sensitivity constraint should be considered sensitive.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/index.html b/latest/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/index.html
new file mode 100644
index 000000000..6d14d70ae
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/authorization/constraint/sensitivity-classification/type/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/authorization/constraint/vault-expression/index.html b/latest/wildscribe/core-service/management/access/authorization/constraint/vault-expression/index.html
new file mode 100644
index 000000000..c2fbd69fd
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/authorization/constraint/vault-expression/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configuration of whether vault expressions should be considered sensitive.
Attributes (4)
configured-requires-read Set to override the default as to whether reading attributes containing vault expressions should be considered sensitive.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
configured-requires-write Set to override the default as to whether writing attributes containing vault expressions should be considered sensitive.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
default-requires-read Whether reading attributes containing vault expressions should be considered sensitive.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
default-requires-write Whether writing attributes containing vault expressions should be considered sensitive.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/authorization/index.html b/latest/wildscribe/core-service/management/access/authorization/index.html
new file mode 100644
index 000000000..ac790e5aa
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/authorization/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
vault-expression Configuration of whether vault expressions should be considered sensitive.
role-mapping A mapping of users and groups to a specific role.
Attributes (5)
all-role-names The official names of all roles supported by the current management access control provider. This includes any standard roles as well as any user-defined roles.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
permission-combination-policy The policy for combining access control permissions when the authorization policy grants the user more than one type of permission for a given action. In the standard role based authorization policy, this would occur when a user maps to multiple roles. The 'permissive' policy means if any of the permissions allow the action, the action is allowed. The 'rejecting' policy means the existence of multiple permissions should result in an error.
Attribute
Value
Default Value
permissive
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
permissive rejecting
provider The provider to use for management access control decisions.
Attribute
Value
Default Value
simple
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
simple rbac
standard-role-names The official names of the standard roles supported by the current management access control provider.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
use-identity-roles Should the raw roles obtained from the underlying security identity be used directly?
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/authorization/role-mapping/exclude/index.html b/latest/wildscribe/core-service/management/access/authorization/role-mapping/exclude/index.html
new file mode 100644
index 000000000..a35c84a6d
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/authorization/role-mapping/exclude/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
An optional attribute to map based on the realm used for authentication.
type
STRING
true
false
The type of the Principal being mapped, either 'group' or 'user'.
remove Remove an existing principal to role mapping.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/authorization/role-mapping/include/index.html b/latest/wildscribe/core-service/management/access/authorization/role-mapping/include/index.html
new file mode 100644
index 000000000..9b47ca3ed
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/authorization/role-mapping/include/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
An optional attribute to map based on the realm used for authentication.
type
STRING
true
false
The type of the Principal being mapped, either 'group' or 'user'.
remove Remove an existing principal to role mapping.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/authorization/role-mapping/index.html b/latest/wildscribe/core-service/management/access/authorization/role-mapping/index.html
new file mode 100644
index 000000000..62dd5e554
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/authorization/role-mapping/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configure if all authenticated users should be automatically assigned this role.
is-caller-in-role Test if the current caller is a member of the role.
Reply properties
type
BOOLEAN
remove Remove an existing role mapping definition.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/access/identity/index.html b/latest/wildscribe/core-service/management/access/identity/index.html
new file mode 100644
index 000000000..983a5d8db
--- /dev/null
+++ b/latest/wildscribe/core-service/management/access/identity/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/index.html b/latest/wildscribe/core-service/management/index.html
new file mode 100644
index 000000000..b62468f50
--- /dev/null
+++ b/latest/wildscribe/core-service/management/index.html
@@ -0,0 +1,88 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/management-interface/http-interface/index.html b/latest/wildscribe/core-service/management/management-interface/http-interface/index.html
new file mode 100644
index 000000000..ad9221e2b
--- /dev/null
+++ b/latest/wildscribe/core-service/management/management-interface/http-interface/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allowed-origins Comma separated list of trusted Origins for sending Cross-Origin Resource Sharing requests on the management API once the user is authenticated.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
console-enabled Flag that indicates admin console is enabled
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
constant-headers The set of constant HTTP headers to apply to response messages.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
resource-services
http-authentication-factory The authentication policy to use to secure the interface for normal HTTP requests.
http-upgrade-enabled Flag that indicates HTTP Upgrade is enabled, which allows HTTP requests to be upgraded to native remoting connections
Deprecated Since 5.0.0
Instead use http-upgrade.enabled
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
sasl-protocol The name of the protocol to be passed to the SASL mechanisms used for authentication.
Deprecated Since 5.0.0
Only for use with the legacy security realms.
Attribute
Value
Default Value
remote
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
secure-socket-binding The name of the socket binding configuration to use for the HTTPS management interface's socket. When defined at least one of ssl-context or security-realm must also be defined.
add Adds the configuration of the server's HTTP management interface
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
allowed-origins
LIST
false
true
Comma separated list of trusted Origins for sending Cross-Origin Resource Sharing requests on the management API once the user is authenticated.
console-enabled
BOOLEAN
false
true
true
Flag that indicates admin console is enabled
constant-headers
LIST
false
false
The set of constant HTTP headers to apply to response messages.
http-authentication-factory
STRING
false
false
The authentication policy to use to secure the interface for normal HTTP requests.
http-upgrade
OBJECT
false
false
HTTP Upgrade specific configuration
http-upgrade-enabled
BOOLEAN
false
false
Flag that indicates HTTP Upgrade is enabled, which allows HTTP requests to be upgraded to native remoting connections
sasl-protocol
STRING
false
true
remote
The name of the protocol to be passed to the SASL mechanisms used for authentication.
secure-socket-binding
STRING
false
false
The name of the socket binding configuration to use for the HTTPS management interface's socket. When defined at least one of ssl-context or security-realm must also be defined.
server-name
STRING
false
true
The name of the server used in the initial Remoting exchange and within the SASL mechanisms.
socket-binding
STRING
false
false
The name of the socket binding configuration to use for the HTTP management interface's socket.
ssl-context
STRING
false
false
Reference to the SSLContext to use for this management interface.
remove Adds the configuration of the server's HTTP management interface
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/management-interface/native-interface/index.html b/latest/wildscribe/core-service/management/management-interface/native-interface/index.html
new file mode 100644
index 000000000..c3dbbfc63
--- /dev/null
+++ b/latest/wildscribe/core-service/management/management-interface/native-interface/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The SASL authentication policy to use to secure this interface.
sasl-protocol
STRING
false
true
remote
The name of the protocol to be passed to the SASL mechanisms used for authentication.
server-name
STRING
false
true
The name of the server used in the initial Remoting exchange and within the SASL mechanisms.
socket-binding
STRING
true
false
The name of the socket binding configuration to use for the native management interface's socket.
ssl-context
STRING
false
false
Reference to the SSLContext to use for this management interface.
remove Removes the server's native management interface
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/management-interface/native-remoting-interface/index.html b/latest/wildscribe/core-service/management/management-interface/native-remoting-interface/index.html
new file mode 100644
index 000000000..4401243fe
--- /dev/null
+++ b/latest/wildscribe/core-service/management/management-interface/native-remoting-interface/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/service/configuration-changes/index.html b/latest/wildscribe/core-service/management/service/configuration-changes/index.html
new file mode 100644
index 000000000..a0a2143b5
--- /dev/null
+++ b/latest/wildscribe/core-service/management/service/configuration-changes/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove Remove the configuration changes and clear the history.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/service/management-operations/active-operation/index.html b/latest/wildscribe/core-service/management/service/management-operations/active-operation/index.html
new file mode 100644
index 000000000..a9ee30204
--- /dev/null
+++ b/latest/wildscribe/core-service/management/service/management-operations/active-operation/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (10)
access-mechanism The mechanism used to submit a request to the server.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
Allowed Values
NATIVE HTTP JMX IN_VM_USER
address The address of the resource targeted by the operation. The value in the final element of the address will be '' if the caller is not authorized to address the operation's target resource.
Attribute
Value
Type
OBJECT
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
caller-thread The name of the thread that is executing the operation.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
cancelled Whether the operation has been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
domain-rollout True if the operation is a subsidiary request on a domain process other than the one directly handling the original operation, executing locally as part of the rollout of the original operation across the domain.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
domain-uuid Identifier of an overall multi-process domain operation of which this operation is a part, or undefined if this operation is not associated with such a domain operation.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
exclusive-running-time Amount of time the operation has been executing with the exclusive operation execution lock held, or -1 if the operation does not hold the exclusive execution lock.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/management/service/management-operations/index.html b/latest/wildscribe/core-service/management/service/management-operations/index.html
new file mode 100644
index 000000000..bcf4cb4b4
--- /dev/null
+++ b/latest/wildscribe/core-service/management/service/management-operations/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
cancel-non-progressing-operation Check for an operation that has been holding the exclusive operation execution lock for greater than the provided timeout period, and if found cancel it.
Reply properties
type
STRING
find-non-progressing-operation Check for an operation that has been holding the exclusive operation execution lock for greater than the provided timeout period, and if found return its id.
Reply properties
type
STRING
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/module-loading/index.html b/latest/wildscribe/core-service/module-loading/index.html
new file mode 100644
index 000000000..5d9986bbd
--- /dev/null
+++ b/latest/wildscribe/core-service/module-loading/index.html
@@ -0,0 +1,132 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/platform-mbean/index.html b/latest/wildscribe/core-service/platform-mbean/index.html
new file mode 100644
index 000000000..d7082f828
--- /dev/null
+++ b/latest/wildscribe/core-service/platform-mbean/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Provides the management interface for monitoring and management of the Java virtual machine as well as the operating system on which the Java virtual machine is running. Exposes the JDK-provided JMX MBeans in the java.lang and java.nio JMX domains.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
type The platform MBeans, organized by the value of the 'type' property in the MBean's ObjectName.
buffer-pool The management interface for a buffer pool, for example a pool of direct or mapped buffers.
class-loading The management interface for the class loading system of the Java virtual machine.
compilation The management interface for the compilation system of the Java virtual machine
garbage-collector Parent resource for the resources providing the management interface for the garbage collection of the Java virtual machine.
memory The management interface for the memory system of the Java virtual machine.
memory-manager The management interface for a memory manager. A memory manager manages one or more memory pools of the Java virtual machine.
memory-pool The management interface for a memory pool. A memory pool represents the memory resource managed by the Java virtual machine and is managed by one or more memory managers.
operating-system The management interface for the operating system on which the Java virtual machine is running.
runtime The management interface for the runtime system of the Java virtual machine.
threading The management interface for the thread system of the Java virtual machine.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/platform-mbean/type/buffer-pool/index.html b/latest/wildscribe/core-service/platform-mbean/type/buffer-pool/index.html
new file mode 100644
index 000000000..fae510b08
--- /dev/null
+++ b/latest/wildscribe/core-service/platform-mbean/type/buffer-pool/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/platform-mbean/type/buffer-pool/name/index.html b/latest/wildscribe/core-service/platform-mbean/type/buffer-pool/name/index.html
new file mode 100644
index 000000000..c230dc5b0
--- /dev/null
+++ b/latest/wildscribe/core-service/platform-mbean/type/buffer-pool/name/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The management interface for a buffer pool, for example a pool of direct or mapped buffers.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (5)
count An estimate of the number of buffers in the pool.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
memory-used An estimate of the memory that the Java virtual machine is using for this buffer pool in bytes, or -1 if an estimate of the memory usage is not available.
object-name String representation the object name of this platform managed object.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
total-capacity An estimate of the total capacity of the buffers in this pool. A buffer's capacity is the number of elements it contains and the value of this attribute is an estimate of the total capacity of buffers in the pool in bytes.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
BYTES
Storage
runtime
Access Type
metric
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/platform-mbean/type/class-loading/index.html b/latest/wildscribe/core-service/platform-mbean/type/class-loading/index.html
new file mode 100644
index 000000000..70bb67621
--- /dev/null
+++ b/latest/wildscribe/core-service/platform-mbean/type/class-loading/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The management interface for the class loading system of the Java virtual machine.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (5)
loaded-class-count The number of classes that are currently loaded in the Java virtual machine.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
object-name String representation the object name of this platform managed object.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
total-loaded-class-count The total number of classes that have been loaded since the Java virtual machine has started execution.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
unloaded-class-count The total number of classes unloaded since the Java virtual machine has started execution.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
verbose Whether the verbose output for the class loading system is enabled.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-write
Restart Required
no-services
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/platform-mbean/type/compilation/index.html b/latest/wildscribe/core-service/platform-mbean/type/compilation/index.html
new file mode 100644
index 000000000..15a8de7e3
--- /dev/null
+++ b/latest/wildscribe/core-service/platform-mbean/type/compilation/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
object-name String representation the object name of this platform managed object.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
total-compilation-time The approximate accumulated elapsed time (in milliseconds) spent in compilation. A Java virtual machine implementation may not support compilation time monitoring. If "compilation-time-monitoring-supported", is "false" trying to read this attribute via the "read-attribute" operation will result in failure, and the value of this attribute in the result of a "read-resource" operation will be "undefined".
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Unit
MILLISECONDS
Storage
runtime
Access Type
metric
Operations (1)
read-resource Reads a model resource's attribute values along with either basic or complete information about any child resources
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
recursive
BOOLEAN
false
false
Whether to include complete information about child resources, recursively. If absent, false is the default
recursive-depth
INT
false
false
The depth to which information about child resources should be included.
proxies
BOOLEAN
false
false
false
Whether to include remote resources in a recursive query (i.e. host level resources in a query of the domain root; running server resources in a query of a host). If absent, false is the default.
include-runtime
BOOLEAN
false
false
false
Whether to include runtime attributes (i.e. those whose value does not come from the persistent configuration) in the response. If absent, false is the default.
include-defaults
BOOLEAN
false
false
true
Boolean to enable/disable default reading. In case it is set to false only attribute set by user are returned ignoring undefined.
attributes-only
BOOLEAN
false
false
false
Whether or not to only read the attributes on the specified resource. Cannot be used in conjunction with 'recursive' or 'recursive-depth'.
include-aliases
BOOLEAN
false
false
false
If 'true' and recursive, include children which are aliases.
include-undefined-metric-values
BOOLEAN
false
false
false
Whether to include undefined metric values. If the underlying metric value can not be computed, this flag ensures that the value will remain undefined (without being replaced by a possible 'undefined metric value' from the attribute definition.
Reply properties
The resource's attribute values along with information about any child resources
type
OBJECT
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/platform-mbean/type/garbage-collector/index.html b/latest/wildscribe/core-service/platform-mbean/type/garbage-collector/index.html
new file mode 100644
index 000000000..597cc937c
--- /dev/null
+++ b/latest/wildscribe/core-service/platform-mbean/type/garbage-collector/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Parent resource for the resources providing the management interface for the garbage collection of the Java virtual machine.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
name The GarbageCollectorMXBean platform MBeans, organized by the value of the 'name' property in the MBean's ObjectName.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/platform-mbean/type/garbage-collector/name/index.html b/latest/wildscribe/core-service/platform-mbean/type/garbage-collector/name/index.html
new file mode 100644
index 000000000..fa5a7789d
--- /dev/null
+++ b/latest/wildscribe/core-service/platform-mbean/type/garbage-collector/name/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The management interface for one of the garbage collectors in the Java virtual machine.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (6)
collection-count The total number of collections that have occurred.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
collection-time The approximate accumulated collection elapsed time in milliseconds.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
MILLISECONDS
Storage
runtime
Access Type
metric
memory-pool-names The name of memory pools that this garbage collector manages.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
name The name representing this garbage collector.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
object-name String representation the object name of this platform managed object.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
valid Whether this memory manager is valid in the Java virtual machine.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/platform-mbean/type/memory-manager/index.html b/latest/wildscribe/core-service/platform-mbean/type/memory-manager/index.html
new file mode 100644
index 000000000..0c84b7a78
--- /dev/null
+++ b/latest/wildscribe/core-service/platform-mbean/type/memory-manager/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/platform-mbean/type/memory-manager/name/index.html b/latest/wildscribe/core-service/platform-mbean/type/memory-manager/name/index.html
new file mode 100644
index 000000000..849372453
--- /dev/null
+++ b/latest/wildscribe/core-service/platform-mbean/type/memory-manager/name/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
object-name String representation the object name of this platform managed object.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
valid Whether this memory manager is valid in the Java virtual machine.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/platform-mbean/type/memory-pool/index.html b/latest/wildscribe/core-service/platform-mbean/type/memory-pool/index.html
new file mode 100644
index 000000000..158f312ad
--- /dev/null
+++ b/latest/wildscribe/core-service/platform-mbean/type/memory-pool/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The management interface for a memory pool. A memory pool represents the memory resource managed by the Java virtual machine and is managed by one or more memory managers.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/platform-mbean/type/memory-pool/name/index.html b/latest/wildscribe/core-service/platform-mbean/type/memory-pool/name/index.html
new file mode 100644
index 000000000..3a371bacb
--- /dev/null
+++ b/latest/wildscribe/core-service/platform-mbean/type/memory-pool/name/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The management interface for a memory pool. A memory pool represents the memory resource managed by the Java virtual machine and is managed by one or more memory managers.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (16)
collection-usage The memory usage after the Java virtual machine most recently expended effort in recycling unused objects in this memory pool, or "undefined" if this attribute is not supported.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
collection-usage-threshold The collection usage threshold value of this memory pool in bytes. A memory pool may not support a collection usage threshold. If "collection-usage-threshold-supported", is "false" trying to read this attribute via the "read-attribute" operation will result in failure, and the value of this attribute in the result of a "read-resource" operation will be "undefined".
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Min
0
Max
2,147,483,647
Unit
BYTES
Storage
runtime
Access Type
read-write
Restart Required
no-services
collection-usage-threshold-count The number of times that the Java virtual machine has detected that the memory usage has reached or exceeded the collection usage threshold. A memory pool may not support a collection usage threshold. If "collection-usage-threshold-supported", is "false" trying to read this attribute via the "read-attribute" operation will result in failure, and the value of this attribute in the result of a "read-resource" operation will be "undefined".
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
collection-usage-threshold-exceeded Whether the memory usage of this memory pool after the most recent collection on which the Java virtual machine has expended effort has reached or exceeded its collection usage threshold. A memory pool may not support a collection usage threshold. If "collection-usage-threshold-supported", is "false" trying to read this attribute via the "read-attribute" operation will result in failure, and the value of this attribute in the result of a "read-resource" operation will be "undefined".
object-name String representation the object name of this platform managed object.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
peak-usage The peak memory usage of this memory pool since the Java virtual machine was started or since the peak was reset. May be "undefined" if attribute "valid" is "false".
usage An estimate of the memory usage of this memory pool. May be "undefined" if attribute "valid" is "false".
Attribute
Value
Type
OBJECT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
usage-threshold The usage threshold value of this memory pool in bytes. A memory pool may not support a usage threshold. If "usage-threshold-supported", is "false" trying to read this attribute via the "read-attribute" operation will result in failure, and the value of this attribute in the result of a "read-resource" operation will be "undefined".
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Min
0
Max
2,147,483,647
Unit
BYTES
Storage
runtime
Access Type
read-write
Restart Required
no-services
usage-threshold-count The number of times that the memory usage has crossed the usage threshold. A memory pool may not support a usage threshold. If "usage-threshold-supported", is "false" trying to read this attribute via the "read-attribute" operation will result in failure, and the value of this attribute in the result of a "read-resource" operation will be "undefined".
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
usage-threshold-exceeded Whether the memory usage of this memory pool reaches or exceeds its usage threshold value. A memory pool may not support a usage threshold. If "usage-threshold-supported", is "false" trying to read this attribute via the "read-attribute" operation will result in failure, and the value of this attribute in the result of a "read-resource" operation will be "undefined".
valid Whether this memory pool is valid in the Java virtual machine. A memory pool becomes invalid once the Java virtual machine removes it from the memory system.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (2)
read-resource Reads a model resource's attribute values along with either basic or complete information about any child resources
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
recursive
BOOLEAN
false
false
Whether to include complete information about child resources, recursively. If absent, false is the default
recursive-depth
INT
false
false
The depth to which information about child resources should be included.
proxies
BOOLEAN
false
false
false
Whether to include remote resources in a recursive query (i.e. host level resources in a query of the domain root; running server resources in a query of a host). If absent, false is the default.
include-runtime
BOOLEAN
false
false
false
Whether to include runtime attributes (i.e. those whose value does not come from the persistent configuration) in the response. If absent, false is the default.
include-defaults
BOOLEAN
false
false
true
Boolean to enable/disable default reading. In case it is set to false only attribute set by user are returned ignoring undefined.
attributes-only
BOOLEAN
false
false
false
Whether or not to only read the attributes on the specified resource. Cannot be used in conjunction with 'recursive' or 'recursive-depth'.
include-aliases
BOOLEAN
false
false
false
If 'true' and recursive, include children which are aliases.
include-undefined-metric-values
BOOLEAN
false
false
false
Whether to include undefined metric values. If the underlying metric value can not be computed, this flag ensures that the value will remain undefined (without being replaced by a possible 'undefined metric value' from the attribute definition.
Reply properties
The resource's attribute values along with information about any child resources
type
OBJECT
reset-peak-usage Resets the peak memory usage statistic of this memory pool to the current memory usage.
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/platform-mbean/type/memory/index.html b/latest/wildscribe/core-service/platform-mbean/type/memory/index.html
new file mode 100644
index 000000000..5b900e186
--- /dev/null
+++ b/latest/wildscribe/core-service/platform-mbean/type/memory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/platform-mbean/type/operating-system/index.html b/latest/wildscribe/core-service/platform-mbean/type/operating-system/index.html
new file mode 100644
index 000000000..7c293704e
--- /dev/null
+++ b/latest/wildscribe/core-service/platform-mbean/type/operating-system/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The management interface for the operating system on which the Java virtual machine is running.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (6)
arch The operating system architecture. If a security manager is installed and it does not allow access to system property "os.arch", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
available-processors The number of processors available to the Java virtual machine.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
name The operating system name. If a security manager is installed and it does not allow access to system property "os.name", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
object-name String representation the object name of this platform managed object.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
system-load-average The system load average for the last minute. The load average may not be available on some platforms; if the load average is not available, a negative value is returned.
Attribute
Value
Type
DOUBLE
Nillable
false
Expressions Allowed
false
Unit
PERCENTAGE
Storage
runtime
Access Type
metric
version The operating system version. If a security manager is installed and it does not allow access to system property "os.version", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (1)
read-resource Reads a model resource's attribute values along with either basic or complete information about any child resources
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
recursive
BOOLEAN
false
false
Whether to include complete information about child resources, recursively. If absent, false is the default
recursive-depth
INT
false
false
The depth to which information about child resources should be included.
proxies
BOOLEAN
false
false
false
Whether to include remote resources in a recursive query (i.e. host level resources in a query of the domain root; running server resources in a query of a host). If absent, false is the default.
include-runtime
BOOLEAN
false
false
false
Whether to include runtime attributes (i.e. those whose value does not come from the persistent configuration) in the response. If absent, false is the default.
include-defaults
BOOLEAN
false
false
true
Boolean to enable/disable default reading. In case it is set to false only attribute set by user are returned ignoring undefined.
attributes-only
BOOLEAN
false
false
false
Whether or not to only read the attributes on the specified resource. Cannot be used in conjunction with 'recursive' or 'recursive-depth'.
include-aliases
BOOLEAN
false
false
false
If 'true' and recursive, include children which are aliases.
include-undefined-metric-values
BOOLEAN
false
false
false
Whether to include undefined metric values. If the underlying metric value can not be computed, this flag ensures that the value will remain undefined (without being replaced by a possible 'undefined metric value' from the attribute definition.
Reply properties
The resource's attribute values along with information about any child resources
type
OBJECT
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/platform-mbean/type/runtime/index.html b/latest/wildscribe/core-service/platform-mbean/type/runtime/index.html
new file mode 100644
index 000000000..c7a134d2b
--- /dev/null
+++ b/latest/wildscribe/core-service/platform-mbean/type/runtime/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The management interface for the runtime system of the Java virtual machine.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (17)
boot-class-path The boot class path that is used by the bootstrap class loader to search for class files. If attribute "boot-class-path-supported" is "false" or if a security manager is installed and the caller does not have ManagementPermission("monitor"), then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
boot-class-path-supported Whether the Java virtual machine supports the boot class path mechanism used by the bootstrap class loader to search for class files.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
class-path The Java class path that is used by the system class loader to search for class files. If a security manager is installed and it does not allow access to system property "java.class.path", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
input-arguments The input arguments passed to the Java virtual machine which does not include the arguments to the main method. If a security manager is installed and the caller does not have ManagementPermission("monitor"), then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
library-path The Java library path. If a security manager is installed and it does not allow access to system property "java.library.path", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
management-spec-version The version of the specification for the management interface implemented by the running Java virtual machine.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
name The name representing the running Java virtual machine.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
object-name String representation the object name of this platform managed object.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
spec-name The Java virtual machine specification name. If a security manager is installed and it does not allow access to system property "java.vm.specification.name", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
spec-vendor The Java virtual machine specification vendor. If a security manager is installed and it does not allow access to system property "java.vm.specification.vendor", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
spec-version The Java virtual machine specification version. If a security manager is installed and it does not allow access to system property "java.vm.specification.version", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
start-time The start time of the Java virtual machine in milliseconds.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
MILLISECONDS
Storage
runtime
Access Type
read-only
system-properties A map of names and values of all system properties. If a security manager is installed and its "checkPropertiesAccess" method does not allow access to system properties, then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
uptime The uptime of the Java virtual machine in milliseconds.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
MILLISECONDS
Storage
runtime
Access Type
metric
vm-name The Java virtual machine implementation name. If a security manager is installed and it does not allow access to system property "java.vm.name", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
vm-vendor The Java virtual machine implementation vendor. If a security manager is installed and it does not allow access to system property "java.vm.vendor", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
vm-version The Java virtual machine implementation version. If a security manager is installed and it does not allow access to system property "java.vm.version", then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (1)
read-resource Reads a model resource's attribute values along with either basic or complete information about any child resources
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
recursive
BOOLEAN
false
false
Whether to include complete information about child resources, recursively. If absent, false is the default
recursive-depth
INT
false
false
The depth to which information about child resources should be included.
proxies
BOOLEAN
false
false
false
Whether to include remote resources in a recursive query (i.e. host level resources in a query of the domain root; running server resources in a query of a host). If absent, false is the default.
include-runtime
BOOLEAN
false
false
false
Whether to include runtime attributes (i.e. those whose value does not come from the persistent configuration) in the response. If absent, false is the default.
include-defaults
BOOLEAN
false
false
true
Boolean to enable/disable default reading. In case it is set to false only attribute set by user are returned ignoring undefined.
attributes-only
BOOLEAN
false
false
false
Whether or not to only read the attributes on the specified resource. Cannot be used in conjunction with 'recursive' or 'recursive-depth'.
include-aliases
BOOLEAN
false
false
false
If 'true' and recursive, include children which are aliases.
include-undefined-metric-values
BOOLEAN
false
false
false
Whether to include undefined metric values. If the underlying metric value can not be computed, this flag ensures that the value will remain undefined (without being replaced by a possible 'undefined metric value' from the attribute definition.
Reply properties
The resource's attribute values along with information about any child resources
type
OBJECT
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/platform-mbean/type/threading/index.html b/latest/wildscribe/core-service/platform-mbean/type/threading/index.html
new file mode 100644
index 000000000..90d63d266
--- /dev/null
+++ b/latest/wildscribe/core-service/platform-mbean/type/threading/index.html
@@ -0,0 +1,808 @@
+ WildFly Full 29 Model Reference
The management interface for the thread system of the Java virtual machine.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (15)
all-thread-ids All live thread IDs. If a security manager is installed and the caller does not have ManagementPermission("monitor"), then a "read-attribute" operation reading this attribute will fail, and the value for this attribute in the result for the "read-resource" operation will be "undefined".
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
current-thread-cpu-time The total CPU time for the current thread in nanoseconds, or -1 if "thread-cpu-time-enabled" is "false". A Java virtual machine implementation may not support CPU time measurement. If "thread-cpu-time-supported", is "false" trying to read this attribute via the "read-attribute" operation will result in failure, and the value of this attribute in the result of a "read-resource" operation will be "undefined".
current-thread-user-time The CPU time that the current thread has executed in user mode in nanoseconds, or -1 if "thread-cpu-time-enabled" is "false". A Java virtual machine implementation may not support CPU time measurement. If "thread-cpu-time-supported", is "false" trying to read this attribute via the "read-attribute" operation will result in failure, and the value of this attribute in the result of a "read-resource" operation will be "undefined".
thread-cpu-time-supported Whether the Java virtual machine implementation supports CPU time measurement for any thread.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
total-started-thread-count The total number of threads created and also started since the Java virtual machine started.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
Operations (9)
dump-all-threads Returns the thread info for all live threads with stack trace and synchronization information.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
locked-monitors
BOOLEAN
false
false
false
A list of detyped representations java.lang.management.MonitorInfo objects, each of which represents an object monitor currently locked by the thread.
locked-synchronizers
BOOLEAN
false
false
false
A list of detyped representations java.lang.management.LockInfo objects, each of which represents an ownable synchronizer currently locked by the thread.
Reply properties
type
LIST
Value Type
{
+ "thread-id" => {
+ "type" => LONG,
+ "description" => "The ID of the thread.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "thread-name" => {
+ "type" => STRING,
+ "description" => "The name of the thread.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "thread-state" => {
+ "type" => STRING,
+ "description" => "The state of the thread.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "blocked-time" => {
+ "type" => LONG,
+ "description" => "The approximate accumulated elapsed time (in milliseconds) that the thread has blocked to enter or reenter a monitor since thread contention monitoring is enabled, or -1 if thread contention monitoring is not enabled.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "MILLISECONDS"
+ },
+ "blocked-count" => {
+ "type" => LONG,
+ "description" => "The total number of times that the thread blocked to enter or reenter a monitor.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "waited-time" => {
+ "type" => LONG,
+ "description" => "The approximate accumulated elapsed time (in milliseconds) that the thread has waited for notification since thread contention monitoring was enabled.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "MILLISECONDS"
+ },
+ "waited-count" => {
+ "type" => LONG,
+ "description" => "The total number of times that the thread has waited for notification.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "lock-info" => {
+ "type" => OBJECT,
+ "description" => "A detyped representation of the java.lang.management.LockInfo of an object for which the thread is blocked waiting.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "value-type" => {
+ "class-name" => {
+ "type" => STRING,
+ "description" => "The fully qualified name of the class of the lock object.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "identity-hash-code" => {
+ "type" => INT,
+ "description" => "The identity hash code of the lock object returned from the System.identityHashCode(java.lang.Object) method.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ }
+ }
+ },
+ "lock-name" => {
+ "type" => STRING,
+ "description" => "The string representation of an object for which the thread is blocked waiting.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "lock-owner-id" => {
+ "type" => LONG,
+ "description" => "The ID of the thread which owns the object for which the thread is blocked waiting.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "lock-owner-name" => {
+ "type" => STRING,
+ "description" => "The name of the thread which owns the object for which the thread is blocked waiting.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "stack-trace" => {
+ "type" => LIST,
+ "description" => "The stack trace of the thread.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 0L,
+ "max-length" => 2147483647L,
+ "value-type" => {
+ "file-name" => {
+ "type" => STRING,
+ "description" => "The name of the source file containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "line-number" => {
+ "type" => INT,
+ "description" => "The line number of the source line containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "class-name" => {
+ "type" => STRING,
+ "description" => "The fully qualified name of the class containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "method-name" => {
+ "type" => STRING,
+ "description" => "The name of the method containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "native-method" => {
+ "type" => STRING,
+ "description" => "Whether the method containing the execution point represented by this stack trace element is a native method.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ }
+ }
+ },
+ "suspended" => {
+ "type" => BOOLEAN,
+ "description" => "Whether the thread is suspended.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "in-native" => {
+ "type" => BOOLEAN,
+ "description" => "Whether the thread associated is executing native code via the Java Native Interface (JNI).",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "locked-monitors" => {
+ "type" => LIST,
+ "description" => "A list of detyped representations java.lang.management.MonitorInfo objects, each of which represents an object monitor currently locked by the thread.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 0L,
+ "max-length" => 2147483647L,
+ "value-type" => {
+ "locked-stack-depth" => {
+ "type" => INT,
+ "description" => "The depth in the stack trace where the object monitor was locked.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "locked-stack-frame" => {
+ "type" => OBJECT,
+ "description" => "The stack frame that locked the object monitor.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "value-type" => {
+ "file-name" => {
+ "type" => STRING,
+ "description" => "The name of the source file containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "line-number" => {
+ "type" => INT,
+ "description" => "The line number of the source line containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "class-name" => {
+ "type" => STRING,
+ "description" => "The fully qualified name of the class containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "method-name" => {
+ "type" => STRING,
+ "description" => "The name of the method containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "native-method" => {
+ "type" => STRING,
+ "description" => "Whether the method containing the execution point represented by this stack trace element is a native method.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ }
+ }
+ }
+ }
+ },
+ "locked-synchronizers" => {
+ "type" => LIST,
+ "description" => "A list of detyped representations java.lang.management.LockInfo objects, each of which represents an ownable synchronizer currently locked by the thread.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 0L,
+ "max-length" => 2147483647L,
+ "value-type" => {
+ "class-name" => {
+ "type" => STRING,
+ "description" => "The fully qualified name of the class of the lock object.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "identity-hash-code" => {
+ "type" => INT,
+ "description" => "The identity hash code of the lock object returned from the System.identityHashCode(java.lang.Object) method.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ }
+ }
+ }
+}
find-deadlocked-threads Finds cycles of threads that are in deadlock waiting to acquire object monitors or ownable synchronizers.
get-thread-cpu-time Returns the total CPU time for a thread of the specified ID in nanoseconds.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
id
LONG
true
false
The thread ID of the thread. Must be positive.
Reply properties
type
LONG
get-thread-info Returns the thread info for a thread of the specified id. The stack trace, locked monitors, and locked synchronizers in the returned reply object will be empty.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
id
LONG
true
false
The thread ID of the thread. Must be positive.
max-depth
INT
false
false
0
The maximum number of entries in the stack trace to be dumped. Integer.MAX_VALUE could be used to request the entire stack to be dumped.
Reply properties
Detyped representation of a java.lang.management.ThreadInfo object for the thread of the given ID; "undefined" if the thread of the given ID is not alive or it does not exist.
type
OBJECT
Value Type
{
+ "thread-id" => {
+ "type" => LONG,
+ "description" => "The ID of the thread.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "thread-name" => {
+ "type" => STRING,
+ "description" => "The name of the thread.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "thread-state" => {
+ "type" => STRING,
+ "description" => "The state of the thread.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "blocked-time" => {
+ "type" => LONG,
+ "description" => "The approximate accumulated elapsed time (in milliseconds) that the thread has blocked to enter or reenter a monitor since thread contention monitoring is enabled, or -1 if thread contention monitoring is not enabled.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "MILLISECONDS"
+ },
+ "blocked-count" => {
+ "type" => LONG,
+ "description" => "The total number of times that the thread blocked to enter or reenter a monitor.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "waited-time" => {
+ "type" => LONG,
+ "description" => "The approximate accumulated elapsed time (in milliseconds) that the thread has waited for notification since thread contention monitoring was enabled.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "MILLISECONDS"
+ },
+ "waited-count" => {
+ "type" => LONG,
+ "description" => "The total number of times that the thread has waited for notification.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "lock-info" => {
+ "type" => OBJECT,
+ "description" => "A detyped representation of the java.lang.management.LockInfo of an object for which the thread is blocked waiting.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "value-type" => {
+ "class-name" => {
+ "type" => STRING,
+ "description" => "The fully qualified name of the class of the lock object.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "identity-hash-code" => {
+ "type" => INT,
+ "description" => "The identity hash code of the lock object returned from the System.identityHashCode(java.lang.Object) method.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ }
+ }
+ },
+ "lock-name" => {
+ "type" => STRING,
+ "description" => "The string representation of an object for which the thread is blocked waiting.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "lock-owner-id" => {
+ "type" => LONG,
+ "description" => "The ID of the thread which owns the object for which the thread is blocked waiting.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "lock-owner-name" => {
+ "type" => STRING,
+ "description" => "The name of the thread which owns the object for which the thread is blocked waiting.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "stack-trace" => {
+ "type" => LIST,
+ "description" => "The stack trace of the thread.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 0L,
+ "max-length" => 2147483647L,
+ "value-type" => {
+ "file-name" => {
+ "type" => STRING,
+ "description" => "The name of the source file containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "line-number" => {
+ "type" => INT,
+ "description" => "The line number of the source line containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "class-name" => {
+ "type" => STRING,
+ "description" => "The fully qualified name of the class containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "method-name" => {
+ "type" => STRING,
+ "description" => "The name of the method containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "native-method" => {
+ "type" => STRING,
+ "description" => "Whether the method containing the execution point represented by this stack trace element is a native method.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ }
+ }
+ },
+ "suspended" => {
+ "type" => BOOLEAN,
+ "description" => "Whether the thread is suspended.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "in-native" => {
+ "type" => BOOLEAN,
+ "description" => "Whether the thread associated is executing native code via the Java Native Interface (JNI).",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "locked-monitors" => {
+ "type" => LIST,
+ "description" => "A list of detyped representations java.lang.management.MonitorInfo objects, each of which represents an object monitor currently locked by the thread.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 0L,
+ "max-length" => 2147483647L,
+ "value-type" => {
+ "locked-stack-depth" => {
+ "type" => INT,
+ "description" => "The depth in the stack trace where the object monitor was locked.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "locked-stack-frame" => {
+ "type" => OBJECT,
+ "description" => "The stack frame that locked the object monitor.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "value-type" => {
+ "file-name" => {
+ "type" => STRING,
+ "description" => "The name of the source file containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "line-number" => {
+ "type" => INT,
+ "description" => "The line number of the source line containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "class-name" => {
+ "type" => STRING,
+ "description" => "The fully qualified name of the class containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "method-name" => {
+ "type" => STRING,
+ "description" => "The name of the method containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "native-method" => {
+ "type" => STRING,
+ "description" => "Whether the method containing the execution point represented by this stack trace element is a native method.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ }
+ }
+ }
+ }
+ },
+ "locked-synchronizers" => {
+ "type" => LIST,
+ "description" => "A list of detyped representations java.lang.management.LockInfo objects, each of which represents an ownable synchronizer currently locked by the thread.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 0L,
+ "max-length" => 2147483647L,
+ "value-type" => {
+ "class-name" => {
+ "type" => STRING,
+ "description" => "The fully qualified name of the class of the lock object.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "identity-hash-code" => {
+ "type" => INT,
+ "description" => "The identity hash code of the lock object returned from the System.identityHashCode(java.lang.Object) method.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ }
+ }
+ }
+}
get-thread-infos Returns the thread info for each thread whose ID is in the input list.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
ids
LIST
true
false
A list of thread ids.
max-depth
INT
false
false
0
The maximum number of entries in the stack trace to be dumped. Integer.MAX_VALUE could be used to request the entire stack to be dumped.
locked-monitors
BOOLEAN
false
false
false
A list of detyped representations java.lang.management.MonitorInfo objects, each of which represents an object monitor currently locked by the thread.
locked-synchronizers
BOOLEAN
false
false
false
A list of detyped representations java.lang.management.LockInfo objects, each of which represents an ownable synchronizer currently locked by the thread.
Reply properties
A list of detyped representations of java.lang.management.ThreadInfo objects, each containing information about a thread whose ID is in the corresponding element of the input list of IDs. An element will be "undefined" if the thread of the given ID is not alive or it does not exist.
type
LIST
Value Type
{
+ "thread-id" => {
+ "type" => LONG,
+ "description" => "The ID of the thread.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "thread-name" => {
+ "type" => STRING,
+ "description" => "The name of the thread.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "thread-state" => {
+ "type" => STRING,
+ "description" => "The state of the thread.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "blocked-time" => {
+ "type" => LONG,
+ "description" => "The approximate accumulated elapsed time (in milliseconds) that the thread has blocked to enter or reenter a monitor since thread contention monitoring is enabled, or -1 if thread contention monitoring is not enabled.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "MILLISECONDS"
+ },
+ "blocked-count" => {
+ "type" => LONG,
+ "description" => "The total number of times that the thread blocked to enter or reenter a monitor.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "waited-time" => {
+ "type" => LONG,
+ "description" => "The approximate accumulated elapsed time (in milliseconds) that the thread has waited for notification since thread contention monitoring was enabled.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "MILLISECONDS"
+ },
+ "waited-count" => {
+ "type" => LONG,
+ "description" => "The total number of times that the thread has waited for notification.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "lock-info" => {
+ "type" => OBJECT,
+ "description" => "A detyped representation of the java.lang.management.LockInfo of an object for which the thread is blocked waiting.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "value-type" => {
+ "class-name" => {
+ "type" => STRING,
+ "description" => "The fully qualified name of the class of the lock object.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "identity-hash-code" => {
+ "type" => INT,
+ "description" => "The identity hash code of the lock object returned from the System.identityHashCode(java.lang.Object) method.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ }
+ }
+ },
+ "lock-name" => {
+ "type" => STRING,
+ "description" => "The string representation of an object for which the thread is blocked waiting.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "lock-owner-id" => {
+ "type" => LONG,
+ "description" => "The ID of the thread which owns the object for which the thread is blocked waiting.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "lock-owner-name" => {
+ "type" => STRING,
+ "description" => "The name of the thread which owns the object for which the thread is blocked waiting.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "stack-trace" => {
+ "type" => LIST,
+ "description" => "The stack trace of the thread.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 0L,
+ "max-length" => 2147483647L,
+ "value-type" => {
+ "file-name" => {
+ "type" => STRING,
+ "description" => "The name of the source file containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "line-number" => {
+ "type" => INT,
+ "description" => "The line number of the source line containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "class-name" => {
+ "type" => STRING,
+ "description" => "The fully qualified name of the class containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "method-name" => {
+ "type" => STRING,
+ "description" => "The name of the method containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "native-method" => {
+ "type" => STRING,
+ "description" => "Whether the method containing the execution point represented by this stack trace element is a native method.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ }
+ }
+ },
+ "suspended" => {
+ "type" => BOOLEAN,
+ "description" => "Whether the thread is suspended.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "in-native" => {
+ "type" => BOOLEAN,
+ "description" => "Whether the thread associated is executing native code via the Java Native Interface (JNI).",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "locked-monitors" => {
+ "type" => LIST,
+ "description" => "A list of detyped representations java.lang.management.MonitorInfo objects, each of which represents an object monitor currently locked by the thread.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 0L,
+ "max-length" => 2147483647L,
+ "value-type" => {
+ "locked-stack-depth" => {
+ "type" => INT,
+ "description" => "The depth in the stack trace where the object monitor was locked.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "locked-stack-frame" => {
+ "type" => OBJECT,
+ "description" => "The stack frame that locked the object monitor.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "value-type" => {
+ "file-name" => {
+ "type" => STRING,
+ "description" => "The name of the source file containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "line-number" => {
+ "type" => INT,
+ "description" => "The line number of the source line containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ },
+ "class-name" => {
+ "type" => STRING,
+ "description" => "The fully qualified name of the class containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "method-name" => {
+ "type" => STRING,
+ "description" => "The name of the method containing the execution point represented by this stack trace element.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "native-method" => {
+ "type" => STRING,
+ "description" => "Whether the method containing the execution point represented by this stack trace element is a native method.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ }
+ }
+ }
+ }
+ },
+ "locked-synchronizers" => {
+ "type" => LIST,
+ "description" => "A list of detyped representations java.lang.management.LockInfo objects, each of which represents an ownable synchronizer currently locked by the thread.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 0L,
+ "max-length" => 2147483647L,
+ "value-type" => {
+ "class-name" => {
+ "type" => STRING,
+ "description" => "The fully qualified name of the class of the lock object.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "identity-hash-code" => {
+ "type" => INT,
+ "description" => "The identity hash code of the lock object returned from the System.identityHashCode(java.lang.Object) method.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true
+ }
+ }
+ }
+}
get-thread-user-time Returns the CPU time that a thread of the specified ID has executed in user mode in nanoseconds.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
id
LONG
true
false
The thread ID of the thread. Must be positive.
Reply properties
type
LONG
read-resource Reads a model resource's attribute values along with either basic or complete information about any child resources
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
recursive
BOOLEAN
false
false
Whether to include complete information about child resources, recursively. If absent, false is the default
recursive-depth
INT
false
false
The depth to which information about child resources should be included.
proxies
BOOLEAN
false
false
false
Whether to include remote resources in a recursive query (i.e. host level resources in a query of the domain root; running server resources in a query of a host). If absent, false is the default.
include-runtime
BOOLEAN
false
false
false
Whether to include runtime attributes (i.e. those whose value does not come from the persistent configuration) in the response. If absent, false is the default.
include-defaults
BOOLEAN
false
false
true
Boolean to enable/disable default reading. In case it is set to false only attribute set by user are returned ignoring undefined.
attributes-only
BOOLEAN
false
false
false
Whether or not to only read the attributes on the specified resource. Cannot be used in conjunction with 'recursive' or 'recursive-depth'.
include-aliases
BOOLEAN
false
false
false
If 'true' and recursive, include children which are aliases.
include-undefined-metric-values
BOOLEAN
false
false
false
Whether to include undefined metric values. If the underlying metric value can not be computed, this flag ensures that the value will remain undefined (without being replaced by a possible 'undefined metric value' from the attribute definition.
Reply properties
The resource's attribute values along with information about any child resources
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/server-environment/index.html b/latest/wildscribe/core-service/server-environment/index.html
new file mode 100644
index 000000000..005b94a86
--- /dev/null
+++ b/latest/wildscribe/core-service/server-environment/index.html
@@ -0,0 +1,210 @@
+ WildFly Full 29 Model Reference
initial-running-mode The initial running mode of the server, when the server process was launched. Either NORMAL or ADMIN_ONLY. An ADMIN_ONLY server will start any configured management interfaces and accept management requests, but will not start services used for handling end user requests.
path-info Obtain the informations for a filesystem path.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
unit
STRING
false
false
BYTES
Disk space unit to display disk usage.
Reply properties
Filesystem path for which to obtain disk usage.
type
OBJECT
Value Type
{
+ "content-dir" => {
+ "type" => OBJECT,
+ "description" => "Disk usage informations for the content directory.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "value-type" => {
+ "used-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of the contents of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ },
+ "creation-time" => {
+ "type" => STRING,
+ "description" => "The creation time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "last-modified" => {
+ "type" => STRING,
+ "description" => "The last modified time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "resolved-path" => {
+ "type" => STRING,
+ "description" => "The resolved filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "available-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of available space for the partition containing a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ }
+ }
+ },
+ "data-dir" => {
+ "type" => OBJECT,
+ "description" => "Disk usage informations for the data directory.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "value-type" => {
+ "used-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of the contents of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ },
+ "creation-time" => {
+ "type" => STRING,
+ "description" => "The creation time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "last-modified" => {
+ "type" => STRING,
+ "description" => "The last modified time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "resolved-path" => {
+ "type" => STRING,
+ "description" => "The resolved filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "available-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of available space for the partition containing a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ }
+ }
+ },
+ "temp-dir" => {
+ "type" => OBJECT,
+ "description" => "Disk usage informations for the temporary directory.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "value-type" => {
+ "used-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of the contents of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ },
+ "creation-time" => {
+ "type" => STRING,
+ "description" => "The creation time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "last-modified" => {
+ "type" => STRING,
+ "description" => "The last modified time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "resolved-path" => {
+ "type" => STRING,
+ "description" => "The resolved filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "available-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of available space for the partition containing a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ }
+ }
+ },
+ "log-dir" => {
+ "type" => OBJECT,
+ "description" => "Disk usage informations for the log directory.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "value-type" => {
+ "used-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of the contents of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ },
+ "creation-time" => {
+ "type" => STRING,
+ "description" => "The creation time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "last-modified" => {
+ "type" => STRING,
+ "description" => "The last modified time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "resolved-path" => {
+ "type" => STRING,
+ "description" => "The resolved filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "available-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of available space for the partition containing a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/latest/wildscribe/core-service/service-container/index.html b/latest/wildscribe/core-service/service-container/index.html
new file mode 100644
index 000000000..259a6b53b
--- /dev/null
+++ b/latest/wildscribe/core-service/service-container/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/29/wildscribe/css/bootstrap-grid.css.map b/latest/wildscribe/css/bootstrap-grid.css.map
similarity index 100%
rename from 29/wildscribe/css/bootstrap-grid.css.map
rename to latest/wildscribe/css/bootstrap-grid.css.map
diff --git a/29/wildscribe/css/bootstrap-grid.min.css b/latest/wildscribe/css/bootstrap-grid.min.css
similarity index 100%
rename from 29/wildscribe/css/bootstrap-grid.min.css
rename to latest/wildscribe/css/bootstrap-grid.min.css
diff --git a/29/wildscribe/css/bootstrap-reboot.min.css b/latest/wildscribe/css/bootstrap-reboot.min.css
similarity index 100%
rename from 29/wildscribe/css/bootstrap-reboot.min.css
rename to latest/wildscribe/css/bootstrap-reboot.min.css
diff --git a/29/wildscribe/css/bootstrap-reboot.min.css.map b/latest/wildscribe/css/bootstrap-reboot.min.css.map
similarity index 100%
rename from 29/wildscribe/css/bootstrap-reboot.min.css.map
rename to latest/wildscribe/css/bootstrap-reboot.min.css.map
diff --git a/29/wildscribe/css/bootstrap.min.css b/latest/wildscribe/css/bootstrap.min.css
similarity index 100%
rename from 29/wildscribe/css/bootstrap.min.css
rename to latest/wildscribe/css/bootstrap.min.css
diff --git a/29/wildscribe/css/bootstrap.min.css.map b/latest/wildscribe/css/bootstrap.min.css.map
similarity index 100%
rename from 29/wildscribe/css/bootstrap.min.css.map
rename to latest/wildscribe/css/bootstrap.min.css.map
diff --git a/29/wildscribe/css/main.css b/latest/wildscribe/css/main.css
similarity index 100%
rename from 29/wildscribe/css/main.css
rename to latest/wildscribe/css/main.css
diff --git a/latest/wildscribe/deployment-overlay/content/index.html b/latest/wildscribe/deployment-overlay/content/index.html
new file mode 100644
index 000000000..1aed8c5aa
--- /dev/null
+++ b/latest/wildscribe/deployment-overlay/content/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment-overlay/deployment/index.html b/latest/wildscribe/deployment-overlay/deployment/index.html
new file mode 100644
index 000000000..2c16ce1d2
--- /dev/null
+++ b/latest/wildscribe/deployment-overlay/deployment/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
If set to 'true', redeploy the deployments affected by this overlay after removal.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment-overlay/index.html b/latest/wildscribe/deployment-overlay/index.html
new file mode 100644
index 000000000..d9ac65db0
--- /dev/null
+++ b/latest/wildscribe/deployment-overlay/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/index.html b/latest/wildscribe/deployment/index.html
new file mode 100644
index 000000000..c8c87aaae
--- /dev/null
+++ b/latest/wildscribe/deployment/index.html
@@ -0,0 +1,26 @@
+ WildFly Full 29 Model Reference
A deployment represents anything that can be deployed (e.g. an application such as Jakarta Enterprise Beans-JAR, WAR, EAR, any kind of standard archive such as RAR or JBoss-specific deployment) into a server.
Children (2)
subdeployment Runtime resources associated with a child deployment packaged inside another deployment; for example a war packaged inside an ear.
subsystem Runtime resources created when the deployment is deployed, organized by the subsystem responsible for the runtime resource.
batch-jberet Information about the batch subsystem for the deployment.
datasources The data-sources subsystem, used to declare JDBC data-sources
ejb3 Runtime resources exposed by Jakarta Enterprise Beans components included in this deployment.
jaxrs The configuration of the Jakarta RESTful Web Services subsystem.
jpa The configuration of the Jakarta Persistence subsystem.
logging Information about the logging configuration for this deployment. Note that this may not be accurate if the deployment is using some other means of configuring a log manager such as logback. The resolved configuration is what loggers not covered by the deployments specific log manager would use.
messaging-activemq Runtime resources exposed by messaging resources included in this deployment.
resource-adapters Runtime statistics provided by the resource adapter.
undertow Information about the web container handling of this deployment
webservices Runtime resources exposed by web service components in the deployment.
Attributes (12)
content List of pieces of content that comprise the deployment.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
disabled-time Last time the application was disabled
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Unit
MILLISECONDS
Storage
runtime
Access Type
read-only
disabled-timestamp Last timestamp the application was disabled. Format is yyyy-MM-dd HH:mm:ss,SSS zzz.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
enabled Boolean indicating whether the deployment content is currently deployed in the runtime (or should be deployed in the runtime the next time the server starts.)
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
enabled-time Last time the application was enabled
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Unit
MILLISECONDS
Storage
runtime
Access Type
read-only
enabled-timestamp Last timestamp the application was enabled. Format is yyyy-MM-dd HH:mm:ss,SSS zzz.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
managed Indicates if the deployment is managed (aka uses the ContentRepository).
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
name Unique identifier of the deployment. Must be unique across all deployments.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
owner Address of a resource that has indicated it controls the lifecycle of this deployment (e.g. a deployment scanner resource.) Will be undefined if no resource claimed ownership when the deployment was added.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
persistent Boolean indicating whether the existence of the deployment should be recorded in the persistent server configuration. Only relevant to a standalone mode server. Default is 'true'. A deployment managed by a deployment scanner would have this set to 'false' to ensure the deployment is only deployed at server start if the scanner again detects the deployment.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
runtime-name Name by which the deployment should be known within a server's runtime. This would be equivalent to the file name of a deployment file, and would form the basis for such things as default Java Enterprise Edition application and module names. This would typically be the same as 'name', but in some cases users may wish to have two deployments with the same 'runtime-name' (e.g. two versions of "foo.war") both available in the deployment content repository, in which case the deployments would need to have distinct 'name' values but would have the same 'runtime-name'.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
status The current runtime status of a deployment. Possible status modes are OK, FAILED, and STOPPED. FAILED indicates a dependency is missing or a service could not start. STOPPED indicates that the deployment was not enabled or was manually stopped.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
Operations (11)
add Adds previously uploaded content to the list of content available for use. Does not actually deploy the content unless the 'enabled' parameter is 'true'.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
runtime-name
STRING
false
false
Name by which the deployment should be known within a server's runtime. This would be equivalent to the file name of a deployment file, and would form the basis for such things as default Java Enterprise Edition application and module names. This would typically be the same as 'name', but in some cases users may wish to have two deployments with the same 'runtime-name' (e.g. two versions of "foo.war") both available in the deployment content repository, in which case the deployments would need to have distinct 'name' values but would have the same 'runtime-name'.
content
LIST
true
false
List of pieces of content that comprise the deployment.
enabled
BOOLEAN
false
false
false
Boolean indicating whether the deployment content is currently deployed in the runtime (or should be deployed in the runtime the next time the server starts.)
add-content Add contents to an existing deployment.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
content
LIST
true
false
List of pieces of content to be added to the deployment.
overwrite
BOOLEAN
false
false
true
Indicates if added content should overwrite existing content.
browse-content List the pieces of content of a deployment.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
path
STRING
false
false
The relative path from a deployment to list the contents of.
archive
BOOLEAN
false
false
false
If set to true, only the relative paths to archive files will be returned.
depth
INT
false
false
-1
The depth to browse.
Reply properties
The pieces of content of a deployment and some information about them.
type
OBJECT
Value Type
{
+ "directory" => {
+ "type" => BOOLEAN,
+ "description" => "Indicates if the content is a folder or not.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false
+ },
+ "path" => {
+ "type" => STRING,
+ "description" => "Path (relative or absolute) to unmanaged content that is part of the deployment.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "file-size" => {
+ "type" => LONG,
+ "description" => "The size of the content if it is a file.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "unit" => "BYTES"
+ }
+}
deploy Deploy the specified deployment content into the runtime, optionally replacing existing content.
explode Convert zip format managed deployment content to exploded format.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
path
STRING
false
false
Relative path to an archive in a deployment to be exploded.
list-modules List all module dependencies of the current deployment.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
verbose
BOOLEAN
false
false
false
Optional, default is false and results in brief info about the module dependencies, true to include detailed information about the module dependencies added to the current deployment.
read-content Read the content of an existing deployment.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
path
STRING
false
false
The relative path of the content to be read from an existing deployment.
Reply properties
The uuid of the attached stream.
type
STRING
redeploy Undeploy existing content from the runtime and deploy it again.
remove Remove a deployment from the list of content available for use. If the deployment is currently deployed in the runtime it will first be undeployed.
remove-content Remove contents from an existing deployment.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
paths
LIST
true
true
List of paths of content to be removed from the deployment.
undeploy Undeploy content from the runtime. The content remains in the list of content available for use.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/index.html b/latest/wildscribe/deployment/subdeployment/index.html
new file mode 100644
index 000000000..7e1595b82
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A deployment represents anything that can be deployed (e.g. an application such as Jakarta Enterprise Beans-JAR, WAR, EAR, any kind of standard archive such as RAR or JBoss-specific deployment) into a server.
Children (1)
subsystem Runtime resources created when the deployment is deployed, organized by the subsystem responsible for the runtime resource.
batch-jberet Information about the batch subsystem for the deployment.
datasources The data-sources subsystem, used to declare JDBC data-sources
ejb3 Runtime resources exposed by Jakarta Enterprise Beans components included in this deployment.
jaxrs The configuration of the Jakarta RESTful Web Services subsystem.
jpa The configuration of the Jakarta Persistence subsystem.
logging Information about the logging configuration for this deployment. Note that this may not be accurate if the deployment is using some other means of configuring a log manager such as logback. The resolved configuration is what loggers not covered by the deployments specific log manager would use.
messaging-activemq Runtime resources exposed by messaging resources included in this deployment.
resource-adapters Runtime statistics provided by the resource adapter.
undertow Information about the web container handling of this deployment
webservices Runtime resources exposed by web service components in the deployment.
Operations (1)
list-modules List all module dependencies of the current deployment.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
verbose
BOOLEAN
false
false
false
Optional, default is false and results in brief info about the module dependencies, true to include detailed information about the module dependencies added to the current deployment.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/batch-jberet/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/batch-jberet/index.html
new file mode 100644
index 000000000..999ec6597
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/batch-jberet/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/batch-jberet/job/execution/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/batch-jberet/job/execution/index.html
new file mode 100644
index 000000000..413cecd89
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/batch-jberet/job/execution/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/batch-jberet/job/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/batch-jberet/job/index.html
new file mode 100644
index 000000000..09cc65e57
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/batch-jberet/job/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
job-xml-names A list of job XML job descriptors found that describe this job.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
running-executions The number of currently running executions for the job.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/datasources/data-source/connection-properties/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/datasources/data-source/connection-properties/index.html
new file mode 100644
index 000000000..77b383da8
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/datasources/data-source/connection-properties/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The connection-properties element allows you to pass in arbitrary connection properties to the Driver.connect(url, props) method
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (1)
value Each connection-property specifies a string name/value pair with the property name coming from the name attribute and the value coming from the element content
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/datasources/data-source/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/datasources/data-source/index.html
new file mode 100644
index 000000000..c2e1c0fc1
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/datasources/data-source/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
connection-properties The connection-properties element allows you to pass in arbitrary connection properties to the Driver.connect(url, props) method
Attributes (65)
allocation-retry The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
allocation-retry-wait-millis The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
allow-multiple-users Specifies if multiple users will access the datasource through the getConnection(user, password) method and hence if the internal pool type should account for that
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
background-validation An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
background-validation-millis The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value can be done only on disabled datasource, requires a server restart otherwise
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
MILLISECONDS
Storage
runtime
Access Type
read-only
blocking-timeout-wait-millis The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time
capacity-incrementer-properties Properties to be injected in class defining the policy for incrementing connections in the pool
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
check-valid-connection-sql Specify an SQL statement to check validity of a pool connection. This may be called when managed connection is obtained from the pool
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
connectable Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
connection-listener-class Speciefies class name extending org.jboss.jca.adapters.jdbc.spi.listener.ConnectionListener that provides a possible to listen for connection activation and passivation in order to perform actions before the connection is returned to the application or returned to the pool.
credential-reference Credential (from Credential Store) to authenticate on data source
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
datasource-class The fully qualified name of the JDBC datasource class
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
driver-class The fully qualified name of the JDBC driver class
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
driver-name Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
runtime
Access Type
read-only
elytron-enabled Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
enabled Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Deprecated Since 3.0.0
Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
enlistment-trace Defines if WildFly/IronJacamar should record enlistment traces
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
exception-sorter-class-name An org.jboss.jca.adapters.jdbc.ExceptionSorter that provides an isExceptionFatal(SQLException) method to validate if an exception should broadcast an error
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
exception-sorter-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ExceptionSorter available
idle-timeout-minutes The idle-timeout-minutes elements specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
MINUTES
Storage
runtime
Access Type
read-only
initial-pool-size The initial-pool-size element indicates the initial number of connections a pool should hold.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
jndi-name Specifies the JNDI name for the datasource
security-domain Specifies the PicketBox security domain which defines the PicketBox javax.security.auth.Subject that are used to distinguish connections in the pool
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
set-tx-query-timeout Whether to set the query timeout based on the time remaining until transaction timeout. Any configured query timeout will be used if there is no transaction
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
share-prepared-statements Whether to share prepared statements, i.e. whether asking for same statement twice without closing uses the same underlying prepared statement
stale-connection-checker-class-name An org.jboss.jca.adapters.jdbc.StaleConnectionChecker that provides an isStaleConnection(SQLException) method which if it returns true will wrap the exception in an org.jboss.jca.adapters.jdbc.StaleConnectionException
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
stale-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.StaleConnectionChecker available
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
track-statements Whether to check for unclosed statements when a connection is returned to the pool, result sets are closed, a statement is closed or return to the prepared statement cache. Valid values are: "false" - do not track statements, "true" - track statements and result sets and warn when they are not closed, "nowarn" - track statements but do not warn about them being unclosed
Attribute
Value
Default Value
NOWARN
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
tracking Defines if IronJacamar should track connection handles across transaction boundaries
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
transaction-isolation Set the java.sql.Connection transaction isolation level. Valid values are: TRANSACTION_READ_UNCOMMITTED, TRANSACTION_READ_COMMITTED, TRANSACTION_REPEATABLE_READ, TRANSACTION_SERIALIZABLE and TRANSACTION_NONE. Different values are used to set customLevel using TransactionIsolation#customLevel
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
url-delimiter Specifies the delimiter for URLs in connection-url for HA datasources
use-ccm Enable the use of a cached connection manager
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-fast-fail Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false)
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-java-context Setting this to false will bind the datasource into global JNDI
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-try-lock Any configured timeout for internal locks on the resource adapter objects in seconds
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
user-name Specify the user name used when creating a new connection
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
valid-connection-checker-class-name An org.jboss.jca.adapters.jdbc.ValidConnectionChecker that provides an isValidConnection(Connection) method to validate a connection. If an exception is returned that means the connection is invalid. This overrides the check-valid-connection-sql element
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
valid-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ValidConnectionChecker available
validate-on-match The validate-on-match element specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/datasources/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/datasources/index.html
new file mode 100644
index 000000000..c0bb2b7c1
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/datasources/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/datasources/xa-data-source/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/datasources/xa-data-source/index.html
new file mode 100644
index 000000000..f42b152ef
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/datasources/xa-data-source/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allocation-retry The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
allocation-retry-wait-millis The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
allow-multiple-users Specifies if multiple users will access the datasource through the getConnection(user, password) method and hence if the internal pool type should account for that
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
background-validation An element to specify that connections should be validated on a background thread versus being validated prior to use.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
background-validation-millis The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
MILLISECONDS
Storage
runtime
Access Type
read-only
blocking-timeout-wait-millis The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time
check-valid-connection-sql Specify an SQL statement to check validity of a pool connection. This may be called when managed connection is obtained from the pool
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
connectable Enable the use of CMR for this datasource. This feature means that a local resource can reliably participate in an XA transaction.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
connection-listener-class Speciefies class name extending org.jboss.jca.adapters.jdbc.spi.listener.ConnectionListener that provides a possible to listen for connection activation and passivation in order to perform actions before the connection is returned to the application or returned to the pool.
credential-reference Credential (from Credential Store) to authenticate on data source
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
driver-name Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
runtime
Access Type
read-only
elytron-enabled Enables Elytron security for handling authentication of connections for recovery. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
enabled Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Deprecated Since 3.0.0
Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
enlistment-trace Defines if WildFly/IronJacamar should record enlistment traces
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
exception-sorter-class-name An org.jboss.jca.adapters.jdbc.ExceptionSorter that provides an isExceptionFatal(SQLException) method to validate if an exception should broadcast an error
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
exception-sorter-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ExceptionSorter available
idle-timeout-minutes The idle-timeout-minutes elements specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
MINUTES
Storage
runtime
Access Type
read-only
initial-pool-size The initial-pool-size element indicates the initial number of connections a pool should hold.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
interleaving An element to enable interleaving for XA connections
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
jndi-name Specifies the JNDI name for the datasource
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
runtime
Access Type
read-only
max-pool-size The max-pool-size element specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool
Attribute
Value
Default Value
20
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
mcp Defines the ManagedConnectionPool implementation, f.ex. org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool
min-pool-size The min-pool-size element specifies the minimum number of connections for a pool
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
new-connection-sql Specifies an SQL statement to execute whenever a connection is added to the connection pool
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
no-recovery Specifies if the connection pool should be excluded from recovery
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
no-tx-separate-pool Oracle does not like XA connections getting used both inside and outside a Jakarta Transactions transaction. To workaround the problem you can create separate sub-pools for the different contexts
recovery-authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
recovery-elytron-enabled Enables Elytron security for handling authentication of connections for recovery. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
same-rm-override The is-same-rm-override element allows one to unconditionally set whether the javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
security-domain Specifies the PicketBox security domain which defines the javax.security.auth.Subject that are used to distinguish connections in the pool
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
set-tx-query-timeout Whether to set the query timeout based on the time remaining until transaction timeout. Any configured query timeout will be used if there is no transaction
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
share-prepared-statements Whether to share prepared statements, i.e. whether asking for same statement twice without closing uses the same underlying prepared statement
stale-connection-checker-class-name An org.jboss.jca.adapters.jdbc.StaleConnectionChecker that provides an isStaleConnection(SQLException) method which if it returns true will wrap the exception in an org.jboss.jca.adapters.jdbc.StaleConnectionException
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
stale-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.StaleConnectionChecker available
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
track-statements Whether to check for unclosed statements when a connection is returned to the pool, result sets are closed, a statement is closed or return to the prepared statement cache. Valid values are: "false" - do not track statements, "true" - track statements and result sets and warn when they are not closed, "nowarn" - track statements but do not warn about them being unclosed
Attribute
Value
Default Value
NOWARN
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
tracking Defines if IronJacamar should track connection handles across transaction boundaries
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
transaction-isolation Set the java.sql.Connection transaction isolation level. Valid values are: TRANSACTION_READ_UNCOMMITTED, TRANSACTION_READ_COMMITTED, TRANSACTION_REPEATABLE_READ, TRANSACTION_SERIALIZABLE and TRANSACTION_NONE. Different values are used to set customLevel using TransactionIsolation#customLevel.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
url-delimiter Specifies the delimiter for URLs in connection-url for HA datasources
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
url-property Specifies the property for the URL property in the xa-datasource-property values
use-ccm Enable the use of a cached connection manager
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-fast-fail Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false)
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-java-context Setting this to false will bind the datasource into global JNDI
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-try-lock Any configured timeout for internal locks on the resource adapter objects in seconds
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
user-name Specify the user name used when creating a new connection
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
valid-connection-checker-class-name An org.jboss.jca.adapters.jdbc.ValidConnectionChecker that provides an isValidConnection(Connection) method to validate a connection. If an exception is returned that means the connection is invalid. This overrides the check-valid-connection-sql element
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
valid-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ValidConnectionChecker available
validate-on-match The validate-on-match element specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
wrap-xa-resource Should the XAResource instances be wrapped in an org.jboss.tm.XAResourceWrapper instance
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
xa-datasource-class The fully qualified name of the javax.sql.XADataSource implementation
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
xa-resource-timeout The value is passed to XAResource.setTransactionTimeout(), in seconds. Default is zero
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html
new file mode 100644
index 000000000..7060abd5c
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (1)
value Specifies a property value to assign to the XADataSource implementation class. Each property is identified by the name attribute and the property value is given by the xa-datasource-property element content. The property is mapped onto the XADataSource implementation by looking for a JavaBeans style getter method for the property name. If found, the value of the property is set using the JavaBeans setter with the element text translated to the true property type using the java.beans.PropertyEditor
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/index.html
new file mode 100644
index 000000000..683d77bfd
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/index.html
new file mode 100644
index 000000000..a0a4d4baa
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
pool-remove-count The number of bean instances that have been removed.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
run-as-role The run-as role (if any) for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
security-domain The security domain for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
timeout-method The timeout method for handling programmatically created timers.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
timers Jakarta Enterprise Beans timers associated with the component.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
transaction-type The transaction management type of the Jakarta Enterprise Beans component (Container or Bean).
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
wait-time Time spend waiting to obtain an instance.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
Operations (2)
start-delivery Start delivering messages to this message-driven bean.
stop-delivery Stop delivering messages to this message-driven bean.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/service/timer-service/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/service/timer-service/index.html
new file mode 100644
index 000000000..cdc03e039
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/service/timer-service/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
timer Actual timer running for Jakarta Enterprise Beans
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/service/timer-service/timer/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/service/timer-service/timer/index.html
new file mode 100644
index 000000000..ec83d23ea
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/message-driven-bean/service/timer-service/timer/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (8)
active Indicates whether this timer is active or suspended.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
calendar-timer Whether this timer is a calendar-based timer, or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
info Serializable information associated with timer.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
next-timeout The point in time (in ms since the epoch) at which the next timer expiration is scheduled to occur, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
persistent Whether this timer has persistent semantics or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
primary-key Primary key of Jakarta Enterprise Beans instance which started the timer.
Deprecated Since 9.0.0
Deprecated since entity beans are no longer supported.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
schedule The schedule expression corresponding to this timer or "undefined" if the timer was not created using a schedule expression, is expired, or has been cancelled.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
time-remaining The number of milliseconds that will elapse before the next scheduled timer expiration, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (4)
activate Activates timer after it has been suspended.
cancel Cancels timer and removes it from container.
suspend Suspends timer. No timeout will occur after this operation has been invoked. To reanimate timer, 'activate' operation is present.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/index.html
new file mode 100644
index 000000000..9d57b548f
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
run-as-role The run-as role (if any) for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
security-domain The security domain for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
timeout-method The timeout method for handling programmatically created timers.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
timers Jakarta Enterprise Beans timers associated with the component.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
transaction-type The transaction management type of the Jakarta Enterprise Beans component (Container or Bean).
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
wait-time Time spend waiting to obtain an instance.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/service/timer-service/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/service/timer-service/index.html
new file mode 100644
index 000000000..d12b97469
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/service/timer-service/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
timer Actual timer running for Jakarta Enterprise Beans
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/service/timer-service/timer/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/service/timer-service/timer/index.html
new file mode 100644
index 000000000..1379d9e76
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/singleton-bean/service/timer-service/timer/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (8)
active Indicates whether this timer is active or suspended.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
calendar-timer Whether this timer is a calendar-based timer, or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
info Serializable information associated with timer.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
next-timeout The point in time (in ms since the epoch) at which the next timer expiration is scheduled to occur, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
persistent Whether this timer has persistent semantics or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
primary-key Primary key of Jakarta Enterprise Beans instance which started the timer.
Deprecated Since 9.0.0
Deprecated since entity beans are no longer supported.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
schedule The schedule expression corresponding to this timer or "undefined" if the timer was not created using a schedule expression, is expired, or has been cancelled.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
time-remaining The number of milliseconds that will elapse before the next scheduled timer expiration, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (4)
activate Activates timer after it has been suspended.
cancel Cancels timer and removes it from container.
suspend Suspends timer. No timeout will occur after this operation has been invoked. To reanimate timer, 'activate' operation is present.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/stateful-session-bean/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/stateful-session-bean/index.html
new file mode 100644
index 000000000..ab6345eb9
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/stateful-session-bean/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove-methods The business methods of the stateful session bean indicating that the bean instance is to be removed after the completion of this method.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
run-as-role The run-as role (if any) for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
security-domain The security domain for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
stateful-timeout The amount of time a stateful session bean can be idle before it is eligible for removal by the container.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/index.html
new file mode 100644
index 000000000..ebbf0c897
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
pool-remove-count The number of bean instances that have been removed.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
run-as-role The run-as role (if any) for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
security-domain The security domain for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
timeout-method The timeout method for handling programmatically created timers.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
timers Jakarta Enterprise Beans timers associated with the component.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
transaction-type The transaction management type of the Jakarta Enterprise Beans component (Container or Bean).
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
wait-time Time spend waiting to obtain an instance.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/service/timer-service/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/service/timer-service/index.html
new file mode 100644
index 000000000..16e1df1cc
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/service/timer-service/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
timer Actual timer running for Jakarta Enterprise Beans
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/service/timer-service/timer/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/service/timer-service/timer/index.html
new file mode 100644
index 000000000..6a67426f5
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/ejb3/stateless-session-bean/service/timer-service/timer/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (8)
active Indicates whether this timer is active or suspended.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
calendar-timer Whether this timer is a calendar-based timer, or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
info Serializable information associated with timer.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
next-timeout The point in time (in ms since the epoch) at which the next timer expiration is scheduled to occur, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
persistent Whether this timer has persistent semantics or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
primary-key Primary key of Jakarta Enterprise Beans instance which started the timer.
Deprecated Since 9.0.0
Deprecated since entity beans are no longer supported.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
schedule The schedule expression corresponding to this timer or "undefined" if the timer was not created using a schedule expression, is expired, or has been cancelled.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
time-remaining The number of milliseconds that will elapse before the next scheduled timer expiration, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (4)
activate Activates timer after it has been suspended.
cancel Cancels timer and removes it from container.
suspend Suspends timer. No timeout will occur after this operation has been invoked. To reanimate timer, 'activate' operation is present.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/jaxrs/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/jaxrs/index.html
new file mode 100644
index 000000000..b422de235
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/jaxrs/index.html
@@ -0,0 +1,37 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/jaxrs/rest-resource/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/jaxrs/rest-resource/index.html
new file mode 100644
index 000000000..93e56428e
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/jaxrs/rest-resource/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (3)
resource-class Class for the Jakarta RESTful Web Services resource.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
rest-resource-paths REST resource paths of the Jakarta RESTful Web Services resource.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
sub-resource-locators REST resource paths of the Jakarta RESTful Web Services resource.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/jpa/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/jpa/index.html
new file mode 100644
index 000000000..3dc12ab46
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/jpa/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
default-extended-persistence-inheritance Controls how Jakarta Persistence extended persistence context (XPC) inheritance is performed. 'DEEP' shares the extended persistence context at top bean level. 'SHALLOW' the extended persistece context is only shared with the parent bean (never with sibling beans).
Attribute
Value
Default Value
DEEP
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
Allowed Values
DEEP SHALLOW
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/error-manager/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/error-manager/index.html
new file mode 100644
index 000000000..119004c14
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/error-manager/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
module The module name the error manager was set to use.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
properties Additional properties that were set on the error manager.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/filter/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/filter/index.html
new file mode 100644
index 000000000..6af901110
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/filter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
properties Additional properties that were set on the filter.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/formatter/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/formatter/index.html
new file mode 100644
index 000000000..de58040a6
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/formatter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
module The module name the formatter was set to use.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
properties Additional properties that were set on the formatter.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/handler/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/handler/index.html
new file mode 100644
index 000000000..9e73f4121
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
level The log level specifying which message levels will be logged by this handler. Message levels lower than this value will be discarded.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
module The module name the handler was set to use.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
properties Additional properties that were set on the handler.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/index.html
new file mode 100644
index 000000000..307d3c844
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Information about the logging configuration for this deployment. Note that this may not be accurate if the deployment is using some other means of configuring a log manager such as logback. The resolved configuration is what loggers not covered by the deployments specific log manager would use.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (6)
error-manager Describes the configured error managers being used on a deployment.
filter Describes the configured filters being used on a deployment.
formatter Describes the configured formatters being used on a deployment.
handler Describes the configured handlers being used on a deployment.
logger Describes the configured loggers being used on a deployment.
pojo Describes the configured POJO's being used on a deployment.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/logger/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/logger/index.html
new file mode 100644
index 000000000..2b505ee97
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/logger/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
level The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
use-parent-handlers Specifies whether or not this logger sends its output to parent loggers.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/pojo/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/pojo/index.html
new file mode 100644
index 000000000..6f17dae04
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/logging/configuration/pojo/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
properties Additional properties that were set on the POJO.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/logging/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/logging/index.html
new file mode 100644
index 000000000..55e4caed0
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/logging/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Information about the logging configuration for this deployment. Note that this may not be accurate if the deployment is using some other means of configuring a log manager such as logback. The resolved configuration is what loggers not covered by the deployments specific log manager would use.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
configuration The configuration being used for the deployment. For configurations within the deployment this is the path to the configuration file used. For logging profiles it's "profile-" followed by the name of the profile. Otherwise the value will be "default" to indicate it's using the logging configuration as defined by the logging subsystem.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/connection-factory/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/connection-factory/index.html
new file mode 100644
index 000000000..cf2fe725b
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/connection-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
protocol-manager-factory The protocol manager factory used by this connection factory (it must implement org.apache.activemq.artemis.spi.core.remoting.ClientProtocolManagerFactory).
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
false
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
true
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
enable-amq1-prefix
BOOLEAN
false
true
true
Enable the use of ActiveMQ 1.5.x prefixes in the addresses.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
factory-type
STRING
false
true
GENERIC
The type of connection factory.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
false
Whether the connection factory supports High Availability.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this connection factory (it must implement org.apache.activemq.artemis.spi.core.remoting.ClientProtocolManagerFactory).
reconnect-attempts
INT
false
true
0
The reconnect attempts.
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/external-jms-queue/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/external-jms-queue/index.html
new file mode 100644
index 000000000..4b75b1665
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/external-jms-queue/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/external-jms-topic/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/external-jms-topic/index.html
new file mode 100644
index 000000000..ed7a4abd1
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/external-jms-topic/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/index.html
new file mode 100644
index 000000000..3fb034b60
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/pooled-connection-factory/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/pooled-connection-factory/index.html
new file mode 100644
index 000000000..7edffd093
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/pooled-connection-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allow-local-transactions Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
credential-reference Credential (from Credential Store) to authenticate the pooled connection factory
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
enable-amq1-prefix Enable the use of ActiveMQ 1.5.x prefixes in the addresses.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
enlistment-trace Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
entries The jndi names the connection factory should be bound to.
use-jndi Use JNDI to locate the destination for incoming connections
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
use-local-tx Use a local transaction for incoming sessions
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
user The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
true
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate the pooled connection factory
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
false
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
enable-amq1-prefix
BOOLEAN
false
true
true
Enable the use of ActiveMQ 1.5.x prefixes in the addresses.
enlistment-trace
BOOLEAN
false
true
Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
true
Whether the connection factory supports High Availability.
initial-connect-attempts
INT
false
true
-1
The number of attempts to connect initially with this factory.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
managed-connection-pool
STRING
false
true
The class name of the managed connection pool used by this pooled-connection-factory.
max-pool-size
INT
false
true
20
The maximum size for the pool
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
min-pool-size
INT
false
true
0
The minimum size for the pool
password
STRING
false
true
The default password to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this pooled connection factory.
reconnect-attempts
INT
false
true
-1
The reconnect attempts. By default, a pooled connection factory will try to reconnect infinitely to the messaging server(s).
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction
STRING
false
true
xa
The type of transaction supported by this pooled connection factory (can be LOCAL, NONE or XA, default is XA).
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-auto-recovery
BOOLEAN
false
true
true
True to use auto recovery.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
user
STRING
false
true
The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
jndi-params
STRING
false
true
The JNDI params to use for locating the destination for incoming connections.
rebalance-connections
BOOLEAN
false
true
false
Rebalance inbound connections when cluster topology changes.
setup-attempts
INT
false
true
The number of times to set up an MDB endpoint
setup-interval
LONG
false
true
The interval between attempts at setting up an MDB endpoint.
use-jndi
BOOLEAN
false
true
Use JNDI to locate the destination for incoming connections
use-local-tx
BOOLEAN
false
true
Use a local transaction for incoming sessions
allow-local-transactions
BOOLEAN
false
true
false
Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/index.html
new file mode 100644
index 000000000..a132c17bd
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/jms-queue/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/jms-queue/index.html
new file mode 100644
index 000000000..20baf634a
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/jms-queue/index.html
@@ -0,0 +1,159 @@
+ WildFly Full 29 Model Reference
A message filter. An undefined or empty filter will match all messages.
Reply properties
The number of sent messages.
type
INT
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/jms-topic/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/jms-topic/index.html
new file mode 100644
index 000000000..93bdb31b9
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/jms-topic/index.html
@@ -0,0 +1,377 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/pooled-connection-factory/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/pooled-connection-factory/index.html
new file mode 100644
index 000000000..b9ee3c36a
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/messaging-activemq/server/pooled-connection-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allow-local-transactions Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
credential-reference Credential (from Credential Store) to authenticate the pooled connection factory
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
enlistment-trace Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
entries The jndi names the connection factory should be bound to.
use-jndi Use JNDI to locate the destination for incoming connections
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
use-local-tx Use a local transaction for incoming sessions
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
user The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
true
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate the pooled connection factory
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
false
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
enlistment-trace
BOOLEAN
false
true
Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
false
Whether the connection factory supports High Availability.
initial-connect-attempts
INT
false
true
1
The number of attempts to connect initially with this factory.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
managed-connection-pool
STRING
false
true
The class name of the managed connection pool used by this pooled-connection-factory.
max-pool-size
INT
false
true
20
The maximum size for the pool
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
min-pool-size
INT
false
true
0
The minimum size for the pool
password
STRING
false
true
The default password to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this pooled connection factory.
reconnect-attempts
INT
false
true
-1
The reconnect attempts. By default, a pooled connection factory will try to reconnect infinitely to the messaging server(s).
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction
STRING
false
true
xa
The type of transaction supported by this pooled connection factory (can be LOCAL, NONE or XA, default is XA).
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-auto-recovery
BOOLEAN
false
true
true
True to use auto recovery.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
user
STRING
false
true
The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
jndi-params
STRING
false
true
The JNDI params to use for locating the destination for incoming connections.
rebalance-connections
BOOLEAN
false
true
false
Rebalance inbound connections when cluster topology changes.
setup-attempts
INT
false
true
The number of times to set up an MDB endpoint
setup-interval
LONG
false
true
The interval between attempts at setting up an MDB endpoint.
use-jndi
BOOLEAN
false
true
Use JNDI to locate the destination for incoming connections
use-local-tx
BOOLEAN
false
true
Use a local transaction for incoming sessions
allow-local-transactions
BOOLEAN
false
true
false
Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/index.html
new file mode 100644
index 000000000..14384dcd7
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime statistics provided by the resource adapter.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
ironjacamar Model representing resource adapters activated by ironjacamar.xml file inside rar.
ironjacamar Model representing resource adapters activated by ironjacamar.xml file inside rar.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/index.html
new file mode 100644
index 000000000..ed8bc5682
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/config-properties/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/config-properties/index.html
new file mode 100644
index 000000000..5cee86f61
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/config-properties/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/index.html
new file mode 100644
index 000000000..a2fdf5ccc
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/config-properties/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/config-properties/index.html
new file mode 100644
index 000000000..636979ec4
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/config-properties/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/config-properties/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/config-properties/index.html
new file mode 100644
index 000000000..6ee798745
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/config-properties/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/index.html
new file mode 100644
index 000000000..f40df83f2
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allocation-retry The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
allocation-retry-wait-millis The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-context-and-application Indicates that either application-supplied parameters, such as from getConnection(user, pw), or Subject (provided by Elytron after authenticating using configured authentication-context), are used to distinguish connections in the pool.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
background-validation An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value requires a server restart.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
background-validation-millis The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value requires a server restart.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
blocking-timeout-wait-millis The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time.
class-name Specifies the fully qualified class name of a managed connection factory or admin object.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
connectable Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
elytron-enabled Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enabled Specifies if the resource adapter should be enabled.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enlistment Defines if lazy enlistment should be used if supported by the resource adapter.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enlistment-trace Defines if WildFly/IronJacamar should record enlistment traces.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
flush-strategy Specifies how the pool should be flushed in case of an error.
idle-timeout-minutes Specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value requires a server restart.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
MINUTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
initial-pool-size Specifies the initial number of connections a pool should hold.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
interleaving An element to enable interleaving for XA connections.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
jndi-name Specifies the JNDI name for the connection factory.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-pool-size Specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool.
Attribute
Value
Default Value
20
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
mcp Defines the ManagedConnectionPool implementation. For example: org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
min-pool-size Specifies the minimum number of connections for a pool.
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
no-recovery Specifies if the connection pool should be excluded from recovery.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
no-tx-separate-pool Oracle does not like XA connections getting used both inside and outside a JTA transaction. To workaround the problem you can create separate sub-pools for the different contexts.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
pad-xid Specifies whether the Xid should be padded.
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
same-rm-override Using this attribute, you can unconditionally set whether javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-application Indicates that application-supplied parameters, such as from getConnection(user, pw), are used to distinguish connections in the pool.
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-domain Specifies the PicketBox security domain which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-domain-and-application Indicates that either application-supplied parameters, such as from getConnection(user, pw) are used to distinguish connections in the pool.
Deprecated Since 6.1.0
PicketBox is no longer supported. Use Elytron configuration instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
sharable Enable the use of sharable connections, which allows lazy association to be enabled if supported.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
tracking Defines if IronJacamar should track connection handles across transaction boundaries.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-ccm Enable the use of a cached connection manager.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-fast-fail Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false).
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-java-context Setting this to false will bind the object into global JNDI.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
validate-on-match This specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
wrap-xa-resource Specifies whether XAResource instances should be wrapped in an org.jboss.tm.XAResourceWrapper instance.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
xa-resource-timeout The value is passed to XAResource.setTransactionTimeout(), in seconds.
The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception.
allocation-retry-wait-millis
LONG
false
true
The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection.
authentication-context
STRING
false
false
The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
authentication-context-and-application
STRING
false
false
Indicates that either application-supplied parameters, such as from getConnection(user, pw), or Subject (provided by Elytron after authenticating using configured authentication-context), are used to distinguish connections in the pool.
background-validation
BOOLEAN
false
true
An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value requires a server restart.
background-validation-millis
LONG
false
true
The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value requires a server restart.
blocking-timeout-wait-millis
LONG
false
true
The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time.
capacity-decrementer-class
STRING
false
true
Class defining the policy for decrementing connections in the pool.
capacity-decrementer-properties
OBJECT
false
true
Properties to inject in class defining the policy for decrementing connections in the pool.
capacity-incrementer-class
STRING
false
true
Class defining the policy for incrementing connections in the pool.
capacity-incrementer-properties
OBJECT
false
true
Properties to inject in class defining the policy for incrementing connections in the pool.
class-name
STRING
true
true
Specifies the fully qualified class name of a managed connection factory or admin object.
connectable
BOOLEAN
false
true
false
Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
elytron-enabled
BOOLEAN
false
true
false
Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
enabled
BOOLEAN
false
true
true
Specifies if the resource adapter should be enabled.
enlistment
BOOLEAN
false
true
true
Defines if lazy enlistment should be used if supported by the resource adapter.
enlistment-trace
BOOLEAN
false
true
false
Defines if WildFly/IronJacamar should record enlistment traces.
flush-strategy
STRING
false
true
FailingConnectionOnly
Specifies how the pool should be flushed in case of an error.
idle-timeout-minutes
LONG
false
true
Specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value requires a server restart.
initial-pool-size
INT
false
true
Specifies the initial number of connections a pool should hold.
interleaving
BOOLEAN
false
true
false
An element to enable interleaving for XA connections.
jndi-name
STRING
true
true
Specifies the JNDI name for the connection factory.
max-pool-size
INT
false
true
20
Specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool.
mcp
STRING
false
true
Defines the ManagedConnectionPool implementation. For example: org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.
min-pool-size
INT
false
true
0
Specifies the minimum number of connections for a pool.
no-recovery
BOOLEAN
false
true
false
Specifies if the connection pool should be excluded from recovery.
no-tx-separate-pool
BOOLEAN
false
true
false
Oracle does not like XA connections getting used both inside and outside a JTA transaction. To workaround the problem you can create separate sub-pools for the different contexts.
pad-xid
BOOLEAN
false
true
false
Specifies whether the Xid should be padded.
pool-fair
BOOLEAN
false
true
true
Defines if pool use should be fair.
pool-prefill
BOOLEAN
false
true
false
Specifies if the pool should be prefilled. Changing this value requires a server restart.
pool-use-strict-min
BOOLEAN
false
true
false
Specifies if the min-pool-size should be considered strict.
recovery-authentication-context
STRING
false
false
The Elytron authentication context used for recovery (current authentication-context will be used if unspecified).
recovery-credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate on recovery connection
recovery-elytron-enabled
BOOLEAN
false
true
false
Indicates that an Elytron authentication context will be used for recovery.
recovery-password
STRING
false
true
The password used for recovery.
recovery-plugin-class-name
STRING
false
true
The fully qualified class name of the recovery plugin implementation.
recovery-plugin-properties
OBJECT
false
true
The properties for the recovery plugin.
recovery-security-domain
STRING
false
true
The PicketBox security domain used for recovery.
recovery-username
STRING
false
true
The user name used for recovery.
same-rm-override
BOOLEAN
false
true
Using this attribute, you can unconditionally set whether javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false.
security-application
BOOLEAN
false
true
false
Indicates that application-supplied parameters, such as from getConnection(user, pw), are used to distinguish connections in the pool.
security-domain
STRING
false
true
Specifies the PicketBox security domain which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
security-domain-and-application
STRING
false
true
Indicates that either application-supplied parameters, such as from getConnection(user, pw) are used to distinguish connections in the pool.
sharable
BOOLEAN
false
true
true
Enable the use of sharable connections, which allows lazy association to be enabled if supported.
tracking
BOOLEAN
false
true
Defines if IronJacamar should track connection handles across transaction boundaries.
use-ccm
BOOLEAN
false
true
true
Enable the use of a cached connection manager.
use-fast-fail
BOOLEAN
false
true
false
Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false).
use-java-context
BOOLEAN
false
true
true
Setting this to false will bind the object into global JNDI.
validate-on-match
BOOLEAN
false
true
This specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation.
wrap-xa-resource
BOOLEAN
false
true
true
Specifies whether XAResource instances should be wrapped in an org.jboss.tm.XAResourceWrapper instance.
xa-resource-timeout
INT
false
true
The value is passed to XAResource.setTransactionTimeout(), in seconds.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/index.html
new file mode 100644
index 000000000..adc722042
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
beanvalidationgroups Specifies the Jakarta Bean Validation groups that should be used.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
bootstrap-context Specifies the unique name of the bootstrap context that should be used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
module Specifies the module from which resource adapter will be loaded
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
transaction-support Specifies the transaction support level of the resource adapter. This attribute allows expressions, but only simple expressions resolved from environment variables or system properties are supported. Nested expressions and resolution from vaults or credential stores are not supported.
wm-security-domain Defines the name of the PicketBox security domain that should be used.
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security
activate Force the resource adapter config activation without server reload.
add Add a new resource adapter. At least one of ARCHIVE or MODULE is required.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
archive
STRING
false
false
Specifies the resource adapter archive.
beanvalidationgroups
LIST
false
true
Specifies the Jakarta Bean Validation groups that should be used.
bootstrap-context
STRING
false
true
Specifies the unique name of the bootstrap context that should be used.
module
STRING
false
false
Specifies the module from which resource adapter will be loaded
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled or not.
transaction-support
STRING
false
true
Specifies the transaction support level of the resource adapter. This attribute allows expressions, but only simple expressions resolved from environment variables or system properties are supported. Nested expressions and resolution from vaults or credential stores are not supported.
wm-elytron-security-domain
STRING
false
true
Defines the name of the Elytron security domain that should be used.
wm-security
BOOLEAN
false
true
false
Toggle on/off wm.security for this resource adapter. In case of false all wm-security-* parameters are ignored, even the defaults.
wm-security-default-groups
LIST
false
true
Defines a default groups list that should be added to the used Subject instance.
wm-security-default-principal
STRING
false
true
Defines a default principal name that should be added to the used Subject instance.
wm-security-domain
STRING
false
true
other
Defines the name of the PicketBox security domain that should be used.
wm-security-mapping-groups
LIST
false
false
List of groups mappings.
wm-security-mapping-required
BOOLEAN
false
true
false
Defines if a mapping is required for security credentials.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/undertow/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/undertow/index.html
new file mode 100644
index 000000000..589992046
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/undertow/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/undertow/servlet/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/undertow/servlet/index.html
new file mode 100644
index 000000000..c460b1b0a
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/undertow/servlet/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/undertow/websocket/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/undertow/websocket/index.html
new file mode 100644
index 000000000..a5bf9abb0
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/undertow/websocket/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/webservices/endpoint/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/webservices/endpoint/index.html
new file mode 100644
index 000000000..ba7da7947
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/webservices/endpoint/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
wsdl-url Webservice endpoint WSDL URL. If wsdl-host is set to jbossws.undefined.host, JBossWS uses the requester host when rewriting the
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subdeployment/subsystem/webservices/index.html b/latest/wildscribe/deployment/subdeployment/subsystem/webservices/index.html
new file mode 100644
index 000000000..5f97c63a2
--- /dev/null
+++ b/latest/wildscribe/deployment/subdeployment/subsystem/webservices/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/batch-jberet/index.html b/latest/wildscribe/deployment/subsystem/batch-jberet/index.html
new file mode 100644
index 000000000..928aabd0b
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/batch-jberet/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/batch-jberet/job/execution/index.html b/latest/wildscribe/deployment/subsystem/batch-jberet/job/execution/index.html
new file mode 100644
index 000000000..7eb57ab56
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/batch-jberet/job/execution/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/batch-jberet/job/index.html b/latest/wildscribe/deployment/subsystem/batch-jberet/job/index.html
new file mode 100644
index 000000000..bbc7f179f
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/batch-jberet/job/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
job-xml-names A list of job XML job descriptors found that describe this job.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
running-executions The number of currently running executions for the job.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/datasources/data-source/connection-properties/index.html b/latest/wildscribe/deployment/subsystem/datasources/data-source/connection-properties/index.html
new file mode 100644
index 000000000..d7f0e60da
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/datasources/data-source/connection-properties/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The connection-properties element allows you to pass in arbitrary connection properties to the Driver.connect(url, props) method
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (1)
value Each connection-property specifies a string name/value pair with the property name coming from the name attribute and the value coming from the element content
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/datasources/data-source/index.html b/latest/wildscribe/deployment/subsystem/datasources/data-source/index.html
new file mode 100644
index 000000000..3fccedb5b
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/datasources/data-source/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
connection-properties The connection-properties element allows you to pass in arbitrary connection properties to the Driver.connect(url, props) method
Attributes (65)
allocation-retry The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
allocation-retry-wait-millis The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
allow-multiple-users Specifies if multiple users will access the datasource through the getConnection(user, password) method and hence if the internal pool type should account for that
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
background-validation An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
background-validation-millis The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value can be done only on disabled datasource, requires a server restart otherwise
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
MILLISECONDS
Storage
runtime
Access Type
read-only
blocking-timeout-wait-millis The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time
capacity-incrementer-properties Properties to be injected in class defining the policy for incrementing connections in the pool
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
check-valid-connection-sql Specify an SQL statement to check validity of a pool connection. This may be called when managed connection is obtained from the pool
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
connectable Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
connection-listener-class Speciefies class name extending org.jboss.jca.adapters.jdbc.spi.listener.ConnectionListener that provides a possible to listen for connection activation and passivation in order to perform actions before the connection is returned to the application or returned to the pool.
credential-reference Credential (from Credential Store) to authenticate on data source
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
datasource-class The fully qualified name of the JDBC datasource class
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
driver-class The fully qualified name of the JDBC driver class
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
driver-name Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
runtime
Access Type
read-only
elytron-enabled Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
enabled Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Deprecated Since 3.0.0
Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
enlistment-trace Defines if WildFly/IronJacamar should record enlistment traces
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
exception-sorter-class-name An org.jboss.jca.adapters.jdbc.ExceptionSorter that provides an isExceptionFatal(SQLException) method to validate if an exception should broadcast an error
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
exception-sorter-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ExceptionSorter available
idle-timeout-minutes The idle-timeout-minutes elements specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
MINUTES
Storage
runtime
Access Type
read-only
initial-pool-size The initial-pool-size element indicates the initial number of connections a pool should hold.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
jndi-name Specifies the JNDI name for the datasource
security-domain Specifies the PicketBox security domain which defines the PicketBox javax.security.auth.Subject that are used to distinguish connections in the pool
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
set-tx-query-timeout Whether to set the query timeout based on the time remaining until transaction timeout. Any configured query timeout will be used if there is no transaction
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
share-prepared-statements Whether to share prepared statements, i.e. whether asking for same statement twice without closing uses the same underlying prepared statement
stale-connection-checker-class-name An org.jboss.jca.adapters.jdbc.StaleConnectionChecker that provides an isStaleConnection(SQLException) method which if it returns true will wrap the exception in an org.jboss.jca.adapters.jdbc.StaleConnectionException
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
stale-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.StaleConnectionChecker available
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
track-statements Whether to check for unclosed statements when a connection is returned to the pool, result sets are closed, a statement is closed or return to the prepared statement cache. Valid values are: "false" - do not track statements, "true" - track statements and result sets and warn when they are not closed, "nowarn" - track statements but do not warn about them being unclosed
Attribute
Value
Default Value
NOWARN
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
tracking Defines if IronJacamar should track connection handles across transaction boundaries
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
transaction-isolation Set the java.sql.Connection transaction isolation level. Valid values are: TRANSACTION_READ_UNCOMMITTED, TRANSACTION_READ_COMMITTED, TRANSACTION_REPEATABLE_READ, TRANSACTION_SERIALIZABLE and TRANSACTION_NONE. Different values are used to set customLevel using TransactionIsolation#customLevel
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
url-delimiter Specifies the delimiter for URLs in connection-url for HA datasources
use-ccm Enable the use of a cached connection manager
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-fast-fail Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false)
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-java-context Setting this to false will bind the datasource into global JNDI
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-try-lock Any configured timeout for internal locks on the resource adapter objects in seconds
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
user-name Specify the user name used when creating a new connection
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
valid-connection-checker-class-name An org.jboss.jca.adapters.jdbc.ValidConnectionChecker that provides an isValidConnection(Connection) method to validate a connection. If an exception is returned that means the connection is invalid. This overrides the check-valid-connection-sql element
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
valid-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ValidConnectionChecker available
validate-on-match The validate-on-match element specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/datasources/index.html b/latest/wildscribe/deployment/subsystem/datasources/index.html
new file mode 100644
index 000000000..96b05d851
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/datasources/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/datasources/xa-data-source/index.html b/latest/wildscribe/deployment/subsystem/datasources/xa-data-source/index.html
new file mode 100644
index 000000000..de3ea999a
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/datasources/xa-data-source/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allocation-retry The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
allocation-retry-wait-millis The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
allow-multiple-users Specifies if multiple users will access the datasource through the getConnection(user, password) method and hence if the internal pool type should account for that
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
background-validation An element to specify that connections should be validated on a background thread versus being validated prior to use.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
background-validation-millis The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
MILLISECONDS
Storage
runtime
Access Type
read-only
blocking-timeout-wait-millis The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time
check-valid-connection-sql Specify an SQL statement to check validity of a pool connection. This may be called when managed connection is obtained from the pool
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
connectable Enable the use of CMR for this datasource. This feature means that a local resource can reliably participate in an XA transaction.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
connection-listener-class Speciefies class name extending org.jboss.jca.adapters.jdbc.spi.listener.ConnectionListener that provides a possible to listen for connection activation and passivation in order to perform actions before the connection is returned to the application or returned to the pool.
credential-reference Credential (from Credential Store) to authenticate on data source
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
driver-name Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
runtime
Access Type
read-only
elytron-enabled Enables Elytron security for handling authentication of connections for recovery. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
enabled Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Deprecated Since 3.0.0
Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
enlistment-trace Defines if WildFly/IronJacamar should record enlistment traces
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
exception-sorter-class-name An org.jboss.jca.adapters.jdbc.ExceptionSorter that provides an isExceptionFatal(SQLException) method to validate if an exception should broadcast an error
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
exception-sorter-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ExceptionSorter available
idle-timeout-minutes The idle-timeout-minutes elements specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
MINUTES
Storage
runtime
Access Type
read-only
initial-pool-size The initial-pool-size element indicates the initial number of connections a pool should hold.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
interleaving An element to enable interleaving for XA connections
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
jndi-name Specifies the JNDI name for the datasource
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
runtime
Access Type
read-only
max-pool-size The max-pool-size element specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool
Attribute
Value
Default Value
20
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
mcp Defines the ManagedConnectionPool implementation, f.ex. org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool
min-pool-size The min-pool-size element specifies the minimum number of connections for a pool
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
new-connection-sql Specifies an SQL statement to execute whenever a connection is added to the connection pool
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
no-recovery Specifies if the connection pool should be excluded from recovery
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
no-tx-separate-pool Oracle does not like XA connections getting used both inside and outside a Jakarta Transactions transaction. To workaround the problem you can create separate sub-pools for the different contexts
recovery-authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
recovery-elytron-enabled Enables Elytron security for handling authentication of connections for recovery. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
same-rm-override The is-same-rm-override element allows one to unconditionally set whether the javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
security-domain Specifies the PicketBox security domain which defines the javax.security.auth.Subject that are used to distinguish connections in the pool
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
set-tx-query-timeout Whether to set the query timeout based on the time remaining until transaction timeout. Any configured query timeout will be used if there is no transaction
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
share-prepared-statements Whether to share prepared statements, i.e. whether asking for same statement twice without closing uses the same underlying prepared statement
stale-connection-checker-class-name An org.jboss.jca.adapters.jdbc.StaleConnectionChecker that provides an isStaleConnection(SQLException) method which if it returns true will wrap the exception in an org.jboss.jca.adapters.jdbc.StaleConnectionException
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
stale-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.StaleConnectionChecker available
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
track-statements Whether to check for unclosed statements when a connection is returned to the pool, result sets are closed, a statement is closed or return to the prepared statement cache. Valid values are: "false" - do not track statements, "true" - track statements and result sets and warn when they are not closed, "nowarn" - track statements but do not warn about them being unclosed
Attribute
Value
Default Value
NOWARN
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
tracking Defines if IronJacamar should track connection handles across transaction boundaries
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
transaction-isolation Set the java.sql.Connection transaction isolation level. Valid values are: TRANSACTION_READ_UNCOMMITTED, TRANSACTION_READ_COMMITTED, TRANSACTION_REPEATABLE_READ, TRANSACTION_SERIALIZABLE and TRANSACTION_NONE. Different values are used to set customLevel using TransactionIsolation#customLevel.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
url-delimiter Specifies the delimiter for URLs in connection-url for HA datasources
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
url-property Specifies the property for the URL property in the xa-datasource-property values
use-ccm Enable the use of a cached connection manager
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-fast-fail Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false)
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-java-context Setting this to false will bind the datasource into global JNDI
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
use-try-lock Any configured timeout for internal locks on the resource adapter objects in seconds
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
user-name Specify the user name used when creating a new connection
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
valid-connection-checker-class-name An org.jboss.jca.adapters.jdbc.ValidConnectionChecker that provides an isValidConnection(Connection) method to validate a connection. If an exception is returned that means the connection is invalid. This overrides the check-valid-connection-sql element
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
valid-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ValidConnectionChecker available
validate-on-match The validate-on-match element specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
wrap-xa-resource Should the XAResource instances be wrapped in an org.jboss.tm.XAResourceWrapper instance
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
xa-datasource-class The fully qualified name of the javax.sql.XADataSource implementation
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
xa-resource-timeout The value is passed to XAResource.setTransactionTimeout(), in seconds. Default is zero
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html b/latest/wildscribe/deployment/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html
new file mode 100644
index 000000000..81892aa26
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (1)
value Specifies a property value to assign to the XADataSource implementation class. Each property is identified by the name attribute and the property value is given by the xa-datasource-property element content. The property is mapped onto the XADataSource implementation by looking for a JavaBeans style getter method for the property name. If found, the value of the property is set using the JavaBeans setter with the element text translated to the true property type using the java.beans.PropertyEditor
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/ejb3/index.html b/latest/wildscribe/deployment/subsystem/ejb3/index.html
new file mode 100644
index 000000000..407be74cd
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/ejb3/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/ejb3/message-driven-bean/index.html b/latest/wildscribe/deployment/subsystem/ejb3/message-driven-bean/index.html
new file mode 100644
index 000000000..0344306dd
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/ejb3/message-driven-bean/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
pool-remove-count The number of bean instances that have been removed.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
run-as-role The run-as role (if any) for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
security-domain The security domain for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
timeout-method The timeout method for handling programmatically created timers.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
timers Jakarta Enterprise Beans timers associated with the component.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
transaction-type The transaction management type of the Jakarta Enterprise Beans component (Container or Bean).
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
wait-time Time spend waiting to obtain an instance.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
Operations (2)
start-delivery Start delivering messages to this message-driven bean.
stop-delivery Stop delivering messages to this message-driven bean.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/ejb3/message-driven-bean/service/timer-service/index.html b/latest/wildscribe/deployment/subsystem/ejb3/message-driven-bean/service/timer-service/index.html
new file mode 100644
index 000000000..1a701cb7e
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/ejb3/message-driven-bean/service/timer-service/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
timer Actual timer running for Jakarta Enterprise Beans
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/ejb3/message-driven-bean/service/timer-service/timer/index.html b/latest/wildscribe/deployment/subsystem/ejb3/message-driven-bean/service/timer-service/timer/index.html
new file mode 100644
index 000000000..4c86f08f0
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/ejb3/message-driven-bean/service/timer-service/timer/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (8)
active Indicates whether this timer is active or suspended.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
calendar-timer Whether this timer is a calendar-based timer, or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
info Serializable information associated with timer.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
next-timeout The point in time (in ms since the epoch) at which the next timer expiration is scheduled to occur, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
persistent Whether this timer has persistent semantics or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
primary-key Primary key of Jakarta Enterprise Beans instance which started the timer.
Deprecated Since 9.0.0
Deprecated since entity beans are no longer supported.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
schedule The schedule expression corresponding to this timer or "undefined" if the timer was not created using a schedule expression, is expired, or has been cancelled.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
time-remaining The number of milliseconds that will elapse before the next scheduled timer expiration, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (4)
activate Activates timer after it has been suspended.
cancel Cancels timer and removes it from container.
suspend Suspends timer. No timeout will occur after this operation has been invoked. To reanimate timer, 'activate' operation is present.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/ejb3/singleton-bean/index.html b/latest/wildscribe/deployment/subsystem/ejb3/singleton-bean/index.html
new file mode 100644
index 000000000..dcc1baceb
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/ejb3/singleton-bean/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
run-as-role The run-as role (if any) for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
security-domain The security domain for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
timeout-method The timeout method for handling programmatically created timers.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
timers Jakarta Enterprise Beans timers associated with the component.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
transaction-type The transaction management type of the Jakarta Enterprise Beans component (Container or Bean).
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
wait-time Time spend waiting to obtain an instance.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/ejb3/singleton-bean/service/timer-service/index.html b/latest/wildscribe/deployment/subsystem/ejb3/singleton-bean/service/timer-service/index.html
new file mode 100644
index 000000000..69d679d30
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/ejb3/singleton-bean/service/timer-service/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
timer Actual timer running for Jakarta Enterprise Beans
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/ejb3/singleton-bean/service/timer-service/timer/index.html b/latest/wildscribe/deployment/subsystem/ejb3/singleton-bean/service/timer-service/timer/index.html
new file mode 100644
index 000000000..c08462335
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/ejb3/singleton-bean/service/timer-service/timer/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (8)
active Indicates whether this timer is active or suspended.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
calendar-timer Whether this timer is a calendar-based timer, or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
info Serializable information associated with timer.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
next-timeout The point in time (in ms since the epoch) at which the next timer expiration is scheduled to occur, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
persistent Whether this timer has persistent semantics or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
primary-key Primary key of Jakarta Enterprise Beans instance which started the timer.
Deprecated Since 9.0.0
Deprecated since entity beans are no longer supported.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
schedule The schedule expression corresponding to this timer or "undefined" if the timer was not created using a schedule expression, is expired, or has been cancelled.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
time-remaining The number of milliseconds that will elapse before the next scheduled timer expiration, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (4)
activate Activates timer after it has been suspended.
cancel Cancels timer and removes it from container.
suspend Suspends timer. No timeout will occur after this operation has been invoked. To reanimate timer, 'activate' operation is present.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/ejb3/stateful-session-bean/index.html b/latest/wildscribe/deployment/subsystem/ejb3/stateful-session-bean/index.html
new file mode 100644
index 000000000..09164d352
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/ejb3/stateful-session-bean/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove-methods The business methods of the stateful session bean indicating that the bean instance is to be removed after the completion of this method.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
run-as-role The run-as role (if any) for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
security-domain The security domain for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
stateful-timeout The amount of time a stateful session bean can be idle before it is eligible for removal by the container.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/index.html b/latest/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/index.html
new file mode 100644
index 000000000..9d5e0f825
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
pool-remove-count The number of bean instances that have been removed.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
run-as-role The run-as role (if any) for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
security-domain The security domain for this Jakarta Enterprise Beans component.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
timeout-method The timeout method for handling programmatically created timers.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
timers Jakarta Enterprise Beans timers associated with the component.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
transaction-type The transaction management type of the Jakarta Enterprise Beans component (Container or Bean).
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
wait-time Time spend waiting to obtain an instance.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/service/timer-service/index.html b/latest/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/service/timer-service/index.html
new file mode 100644
index 000000000..0e5527893
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/service/timer-service/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
timer Actual timer running for Jakarta Enterprise Beans
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/service/timer-service/timer/index.html b/latest/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/service/timer-service/timer/index.html
new file mode 100644
index 000000000..aa0dd66b7
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/ejb3/stateless-session-bean/service/timer-service/timer/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (8)
active Indicates whether this timer is active or suspended.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
calendar-timer Whether this timer is a calendar-based timer, or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
info Serializable information associated with timer.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
next-timeout The point in time (in ms since the epoch) at which the next timer expiration is scheduled to occur, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
persistent Whether this timer has persistent semantics or "undefined" if the timer has expired or been cancelled.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
primary-key Primary key of Jakarta Enterprise Beans instance which started the timer.
Deprecated Since 9.0.0
Deprecated since entity beans are no longer supported.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
schedule The schedule expression corresponding to this timer or "undefined" if the timer was not created using a schedule expression, is expired, or has been cancelled.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
time-remaining The number of milliseconds that will elapse before the next scheduled timer expiration, or "undefined" if the timer has no future timeouts, is expired, or has been cancelled.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (4)
activate Activates timer after it has been suspended.
cancel Cancels timer and removes it from container.
suspend Suspends timer. No timeout will occur after this operation has been invoked. To reanimate timer, 'activate' operation is present.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/jaxrs/index.html b/latest/wildscribe/deployment/subsystem/jaxrs/index.html
new file mode 100644
index 000000000..05062c727
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/jaxrs/index.html
@@ -0,0 +1,37 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/jaxrs/rest-resource/index.html b/latest/wildscribe/deployment/subsystem/jaxrs/rest-resource/index.html
new file mode 100644
index 000000000..b4e8d7fa5
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/jaxrs/rest-resource/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (3)
resource-class Class for the Jakarta RESTful Web Services resource.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
rest-resource-paths REST resource paths of the Jakarta RESTful Web Services resource.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
sub-resource-locators REST resource paths of the Jakarta RESTful Web Services resource.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/jpa/index.html b/latest/wildscribe/deployment/subsystem/jpa/index.html
new file mode 100644
index 000000000..2a3bede6f
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/jpa/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
default-extended-persistence-inheritance Controls how Jakarta Persistence extended persistence context (XPC) inheritance is performed. 'DEEP' shares the extended persistence context at top bean level. 'SHALLOW' the extended persistece context is only shared with the parent bean (never with sibling beans).
Attribute
Value
Default Value
DEEP
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
Allowed Values
DEEP SHALLOW
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/logging/configuration/error-manager/index.html b/latest/wildscribe/deployment/subsystem/logging/configuration/error-manager/index.html
new file mode 100644
index 000000000..dfa021d4d
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/logging/configuration/error-manager/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
module The module name the error manager was set to use.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
properties Additional properties that were set on the error manager.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/logging/configuration/filter/index.html b/latest/wildscribe/deployment/subsystem/logging/configuration/filter/index.html
new file mode 100644
index 000000000..e923048eb
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/logging/configuration/filter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
properties Additional properties that were set on the filter.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/logging/configuration/formatter/index.html b/latest/wildscribe/deployment/subsystem/logging/configuration/formatter/index.html
new file mode 100644
index 000000000..8ef12e6a5
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/logging/configuration/formatter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
module The module name the formatter was set to use.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
properties Additional properties that were set on the formatter.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/logging/configuration/handler/index.html b/latest/wildscribe/deployment/subsystem/logging/configuration/handler/index.html
new file mode 100644
index 000000000..91b456556
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/logging/configuration/handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
level The log level specifying which message levels will be logged by this handler. Message levels lower than this value will be discarded.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
module The module name the handler was set to use.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
properties Additional properties that were set on the handler.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/logging/configuration/index.html b/latest/wildscribe/deployment/subsystem/logging/configuration/index.html
new file mode 100644
index 000000000..18db31319
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/logging/configuration/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Information about the logging configuration for this deployment. Note that this may not be accurate if the deployment is using some other means of configuring a log manager such as logback. The resolved configuration is what loggers not covered by the deployments specific log manager would use.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (6)
error-manager Describes the configured error managers being used on a deployment.
filter Describes the configured filters being used on a deployment.
formatter Describes the configured formatters being used on a deployment.
handler Describes the configured handlers being used on a deployment.
logger Describes the configured loggers being used on a deployment.
pojo Describes the configured POJO's being used on a deployment.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/logging/configuration/logger/index.html b/latest/wildscribe/deployment/subsystem/logging/configuration/logger/index.html
new file mode 100644
index 000000000..8302a87f7
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/logging/configuration/logger/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
level The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
use-parent-handlers Specifies whether or not this logger sends its output to parent loggers.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/logging/configuration/pojo/index.html b/latest/wildscribe/deployment/subsystem/logging/configuration/pojo/index.html
new file mode 100644
index 000000000..443a450c3
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/logging/configuration/pojo/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
properties Additional properties that were set on the POJO.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/logging/index.html b/latest/wildscribe/deployment/subsystem/logging/index.html
new file mode 100644
index 000000000..13a5d9b57
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/logging/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Information about the logging configuration for this deployment. Note that this may not be accurate if the deployment is using some other means of configuring a log manager such as logback. The resolved configuration is what loggers not covered by the deployments specific log manager would use.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
configuration The configuration being used for the deployment. For configurations within the deployment this is the path to the configuration file used. For logging profiles it's "profile-" followed by the name of the profile. Otherwise the value will be "default" to indicate it's using the logging configuration as defined by the logging subsystem.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/messaging-activemq/connection-factory/index.html b/latest/wildscribe/deployment/subsystem/messaging-activemq/connection-factory/index.html
new file mode 100644
index 000000000..8d144cbf2
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/messaging-activemq/connection-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
protocol-manager-factory The protocol manager factory used by this connection factory (it must implement org.apache.activemq.artemis.spi.core.remoting.ClientProtocolManagerFactory).
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
false
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
true
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
enable-amq1-prefix
BOOLEAN
false
true
true
Enable the use of ActiveMQ 1.5.x prefixes in the addresses.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
factory-type
STRING
false
true
GENERIC
The type of connection factory.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
false
Whether the connection factory supports High Availability.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this connection factory (it must implement org.apache.activemq.artemis.spi.core.remoting.ClientProtocolManagerFactory).
reconnect-attempts
INT
false
true
0
The reconnect attempts.
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/messaging-activemq/external-jms-queue/index.html b/latest/wildscribe/deployment/subsystem/messaging-activemq/external-jms-queue/index.html
new file mode 100644
index 000000000..c063ef652
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/messaging-activemq/external-jms-queue/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/messaging-activemq/external-jms-topic/index.html b/latest/wildscribe/deployment/subsystem/messaging-activemq/external-jms-topic/index.html
new file mode 100644
index 000000000..f035d5b8c
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/messaging-activemq/external-jms-topic/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/messaging-activemq/index.html b/latest/wildscribe/deployment/subsystem/messaging-activemq/index.html
new file mode 100644
index 000000000..6e5daad68
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/messaging-activemq/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/messaging-activemq/pooled-connection-factory/index.html b/latest/wildscribe/deployment/subsystem/messaging-activemq/pooled-connection-factory/index.html
new file mode 100644
index 000000000..b65611bf2
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/messaging-activemq/pooled-connection-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allow-local-transactions Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
credential-reference Credential (from Credential Store) to authenticate the pooled connection factory
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
enable-amq1-prefix Enable the use of ActiveMQ 1.5.x prefixes in the addresses.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
enlistment-trace Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
entries The jndi names the connection factory should be bound to.
use-jndi Use JNDI to locate the destination for incoming connections
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
use-local-tx Use a local transaction for incoming sessions
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
user The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
true
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate the pooled connection factory
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
false
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
enable-amq1-prefix
BOOLEAN
false
true
true
Enable the use of ActiveMQ 1.5.x prefixes in the addresses.
enlistment-trace
BOOLEAN
false
true
Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
true
Whether the connection factory supports High Availability.
initial-connect-attempts
INT
false
true
-1
The number of attempts to connect initially with this factory.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
managed-connection-pool
STRING
false
true
The class name of the managed connection pool used by this pooled-connection-factory.
max-pool-size
INT
false
true
20
The maximum size for the pool
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
min-pool-size
INT
false
true
0
The minimum size for the pool
password
STRING
false
true
The default password to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this pooled connection factory.
reconnect-attempts
INT
false
true
-1
The reconnect attempts. By default, a pooled connection factory will try to reconnect infinitely to the messaging server(s).
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction
STRING
false
true
xa
The type of transaction supported by this pooled connection factory (can be LOCAL, NONE or XA, default is XA).
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-auto-recovery
BOOLEAN
false
true
true
True to use auto recovery.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
user
STRING
false
true
The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
jndi-params
STRING
false
true
The JNDI params to use for locating the destination for incoming connections.
rebalance-connections
BOOLEAN
false
true
false
Rebalance inbound connections when cluster topology changes.
setup-attempts
INT
false
true
The number of times to set up an MDB endpoint
setup-interval
LONG
false
true
The interval between attempts at setting up an MDB endpoint.
use-jndi
BOOLEAN
false
true
Use JNDI to locate the destination for incoming connections
use-local-tx
BOOLEAN
false
true
Use a local transaction for incoming sessions
allow-local-transactions
BOOLEAN
false
true
false
Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/messaging-activemq/server/index.html b/latest/wildscribe/deployment/subsystem/messaging-activemq/server/index.html
new file mode 100644
index 000000000..77d13f947
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/messaging-activemq/server/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/messaging-activemq/server/jms-queue/index.html b/latest/wildscribe/deployment/subsystem/messaging-activemq/server/jms-queue/index.html
new file mode 100644
index 000000000..2898569bf
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/messaging-activemq/server/jms-queue/index.html
@@ -0,0 +1,159 @@
+ WildFly Full 29 Model Reference
A message filter. An undefined or empty filter will match all messages.
Reply properties
The number of sent messages.
type
INT
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/messaging-activemq/server/jms-topic/index.html b/latest/wildscribe/deployment/subsystem/messaging-activemq/server/jms-topic/index.html
new file mode 100644
index 000000000..62e921a61
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/messaging-activemq/server/jms-topic/index.html
@@ -0,0 +1,377 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/messaging-activemq/server/pooled-connection-factory/index.html b/latest/wildscribe/deployment/subsystem/messaging-activemq/server/pooled-connection-factory/index.html
new file mode 100644
index 000000000..70bf35df4
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/messaging-activemq/server/pooled-connection-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allow-local-transactions Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
credential-reference Credential (from Credential Store) to authenticate the pooled connection factory
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
enlistment-trace Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
entries The jndi names the connection factory should be bound to.
use-jndi Use JNDI to locate the destination for incoming connections
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
use-local-tx Use a local transaction for incoming sessions
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
user The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
true
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate the pooled connection factory
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
false
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
enlistment-trace
BOOLEAN
false
true
Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
false
Whether the connection factory supports High Availability.
initial-connect-attempts
INT
false
true
1
The number of attempts to connect initially with this factory.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
managed-connection-pool
STRING
false
true
The class name of the managed connection pool used by this pooled-connection-factory.
max-pool-size
INT
false
true
20
The maximum size for the pool
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
min-pool-size
INT
false
true
0
The minimum size for the pool
password
STRING
false
true
The default password to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this pooled connection factory.
reconnect-attempts
INT
false
true
-1
The reconnect attempts. By default, a pooled connection factory will try to reconnect infinitely to the messaging server(s).
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction
STRING
false
true
xa
The type of transaction supported by this pooled connection factory (can be LOCAL, NONE or XA, default is XA).
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-auto-recovery
BOOLEAN
false
true
true
True to use auto recovery.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
user
STRING
false
true
The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
jndi-params
STRING
false
true
The JNDI params to use for locating the destination for incoming connections.
rebalance-connections
BOOLEAN
false
true
false
Rebalance inbound connections when cluster topology changes.
setup-attempts
INT
false
true
The number of times to set up an MDB endpoint
setup-interval
LONG
false
true
The interval between attempts at setting up an MDB endpoint.
use-jndi
BOOLEAN
false
true
Use JNDI to locate the destination for incoming connections
use-local-tx
BOOLEAN
false
true
Use a local transaction for incoming sessions
allow-local-transactions
BOOLEAN
false
true
false
Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/resource-adapters/index.html b/latest/wildscribe/deployment/subsystem/resource-adapters/index.html
new file mode 100644
index 000000000..c7a60909b
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/resource-adapters/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime statistics provided by the resource adapter.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
ironjacamar Model representing resource adapters activated by ironjacamar.xml file inside rar.
ironjacamar Model representing resource adapters activated by ironjacamar.xml file inside rar.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/index.html b/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/index.html
new file mode 100644
index 000000000..51e63969f
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/config-properties/index.html b/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/config-properties/index.html
new file mode 100644
index 000000000..4989c8508
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/config-properties/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/index.html b/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/index.html
new file mode 100644
index 000000000..99e7f17ce
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/admin-objects/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/config-properties/index.html b/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/config-properties/index.html
new file mode 100644
index 000000000..9348e5255
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/config-properties/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/config-properties/index.html b/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/config-properties/index.html
new file mode 100644
index 000000000..93922ad5c
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/config-properties/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/index.html b/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/index.html
new file mode 100644
index 000000000..635422a64
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/connection-definitions/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allocation-retry The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
allocation-retry-wait-millis The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-context-and-application Indicates that either application-supplied parameters, such as from getConnection(user, pw), or Subject (provided by Elytron after authenticating using configured authentication-context), are used to distinguish connections in the pool.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
background-validation An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value requires a server restart.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
background-validation-millis The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value requires a server restart.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
blocking-timeout-wait-millis The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time.
class-name Specifies the fully qualified class name of a managed connection factory or admin object.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
connectable Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
elytron-enabled Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enabled Specifies if the resource adapter should be enabled.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enlistment Defines if lazy enlistment should be used if supported by the resource adapter.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enlistment-trace Defines if WildFly/IronJacamar should record enlistment traces.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
flush-strategy Specifies how the pool should be flushed in case of an error.
idle-timeout-minutes Specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value requires a server restart.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
MINUTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
initial-pool-size Specifies the initial number of connections a pool should hold.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
interleaving An element to enable interleaving for XA connections.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
jndi-name Specifies the JNDI name for the connection factory.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-pool-size Specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool.
Attribute
Value
Default Value
20
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
mcp Defines the ManagedConnectionPool implementation. For example: org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
min-pool-size Specifies the minimum number of connections for a pool.
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
no-recovery Specifies if the connection pool should be excluded from recovery.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
no-tx-separate-pool Oracle does not like XA connections getting used both inside and outside a JTA transaction. To workaround the problem you can create separate sub-pools for the different contexts.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
pad-xid Specifies whether the Xid should be padded.
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
same-rm-override Using this attribute, you can unconditionally set whether javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-application Indicates that application-supplied parameters, such as from getConnection(user, pw), are used to distinguish connections in the pool.
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-domain Specifies the PicketBox security domain which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-domain-and-application Indicates that either application-supplied parameters, such as from getConnection(user, pw) are used to distinguish connections in the pool.
Deprecated Since 6.1.0
PicketBox is no longer supported. Use Elytron configuration instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
sharable Enable the use of sharable connections, which allows lazy association to be enabled if supported.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
tracking Defines if IronJacamar should track connection handles across transaction boundaries.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-ccm Enable the use of a cached connection manager.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-fast-fail Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false).
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-java-context Setting this to false will bind the object into global JNDI.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
validate-on-match This specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
wrap-xa-resource Specifies whether XAResource instances should be wrapped in an org.jboss.tm.XAResourceWrapper instance.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
xa-resource-timeout The value is passed to XAResource.setTransactionTimeout(), in seconds.
The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception.
allocation-retry-wait-millis
LONG
false
true
The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection.
authentication-context
STRING
false
false
The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
authentication-context-and-application
STRING
false
false
Indicates that either application-supplied parameters, such as from getConnection(user, pw), or Subject (provided by Elytron after authenticating using configured authentication-context), are used to distinguish connections in the pool.
background-validation
BOOLEAN
false
true
An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value requires a server restart.
background-validation-millis
LONG
false
true
The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value requires a server restart.
blocking-timeout-wait-millis
LONG
false
true
The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time.
capacity-decrementer-class
STRING
false
true
Class defining the policy for decrementing connections in the pool.
capacity-decrementer-properties
OBJECT
false
true
Properties to inject in class defining the policy for decrementing connections in the pool.
capacity-incrementer-class
STRING
false
true
Class defining the policy for incrementing connections in the pool.
capacity-incrementer-properties
OBJECT
false
true
Properties to inject in class defining the policy for incrementing connections in the pool.
class-name
STRING
true
true
Specifies the fully qualified class name of a managed connection factory or admin object.
connectable
BOOLEAN
false
true
false
Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
elytron-enabled
BOOLEAN
false
true
false
Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
enabled
BOOLEAN
false
true
true
Specifies if the resource adapter should be enabled.
enlistment
BOOLEAN
false
true
true
Defines if lazy enlistment should be used if supported by the resource adapter.
enlistment-trace
BOOLEAN
false
true
false
Defines if WildFly/IronJacamar should record enlistment traces.
flush-strategy
STRING
false
true
FailingConnectionOnly
Specifies how the pool should be flushed in case of an error.
idle-timeout-minutes
LONG
false
true
Specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value requires a server restart.
initial-pool-size
INT
false
true
Specifies the initial number of connections a pool should hold.
interleaving
BOOLEAN
false
true
false
An element to enable interleaving for XA connections.
jndi-name
STRING
true
true
Specifies the JNDI name for the connection factory.
max-pool-size
INT
false
true
20
Specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool.
mcp
STRING
false
true
Defines the ManagedConnectionPool implementation. For example: org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.
min-pool-size
INT
false
true
0
Specifies the minimum number of connections for a pool.
no-recovery
BOOLEAN
false
true
false
Specifies if the connection pool should be excluded from recovery.
no-tx-separate-pool
BOOLEAN
false
true
false
Oracle does not like XA connections getting used both inside and outside a JTA transaction. To workaround the problem you can create separate sub-pools for the different contexts.
pad-xid
BOOLEAN
false
true
false
Specifies whether the Xid should be padded.
pool-fair
BOOLEAN
false
true
true
Defines if pool use should be fair.
pool-prefill
BOOLEAN
false
true
false
Specifies if the pool should be prefilled. Changing this value requires a server restart.
pool-use-strict-min
BOOLEAN
false
true
false
Specifies if the min-pool-size should be considered strict.
recovery-authentication-context
STRING
false
false
The Elytron authentication context used for recovery (current authentication-context will be used if unspecified).
recovery-credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate on recovery connection
recovery-elytron-enabled
BOOLEAN
false
true
false
Indicates that an Elytron authentication context will be used for recovery.
recovery-password
STRING
false
true
The password used for recovery.
recovery-plugin-class-name
STRING
false
true
The fully qualified class name of the recovery plugin implementation.
recovery-plugin-properties
OBJECT
false
true
The properties for the recovery plugin.
recovery-security-domain
STRING
false
true
The PicketBox security domain used for recovery.
recovery-username
STRING
false
true
The user name used for recovery.
same-rm-override
BOOLEAN
false
true
Using this attribute, you can unconditionally set whether javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false.
security-application
BOOLEAN
false
true
false
Indicates that application-supplied parameters, such as from getConnection(user, pw), are used to distinguish connections in the pool.
security-domain
STRING
false
true
Specifies the PicketBox security domain which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
security-domain-and-application
STRING
false
true
Indicates that either application-supplied parameters, such as from getConnection(user, pw) are used to distinguish connections in the pool.
sharable
BOOLEAN
false
true
true
Enable the use of sharable connections, which allows lazy association to be enabled if supported.
tracking
BOOLEAN
false
true
Defines if IronJacamar should track connection handles across transaction boundaries.
use-ccm
BOOLEAN
false
true
true
Enable the use of a cached connection manager.
use-fast-fail
BOOLEAN
false
true
false
Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false).
use-java-context
BOOLEAN
false
true
true
Setting this to false will bind the object into global JNDI.
validate-on-match
BOOLEAN
false
true
This specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation.
wrap-xa-resource
BOOLEAN
false
true
true
Specifies whether XAResource instances should be wrapped in an org.jboss.tm.XAResourceWrapper instance.
xa-resource-timeout
INT
false
true
The value is passed to XAResource.setTransactionTimeout(), in seconds.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/index.html b/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/index.html
new file mode 100644
index 000000000..d1c003613
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/resource-adapters/ironjacamar/ironjacamar/resource-adapter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
beanvalidationgroups Specifies the Jakarta Bean Validation groups that should be used.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
bootstrap-context Specifies the unique name of the bootstrap context that should be used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
module Specifies the module from which resource adapter will be loaded
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
transaction-support Specifies the transaction support level of the resource adapter. This attribute allows expressions, but only simple expressions resolved from environment variables or system properties are supported. Nested expressions and resolution from vaults or credential stores are not supported.
wm-security-domain Defines the name of the PicketBox security domain that should be used.
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security
activate Force the resource adapter config activation without server reload.
add Add a new resource adapter. At least one of ARCHIVE or MODULE is required.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
archive
STRING
false
false
Specifies the resource adapter archive.
beanvalidationgroups
LIST
false
true
Specifies the Jakarta Bean Validation groups that should be used.
bootstrap-context
STRING
false
true
Specifies the unique name of the bootstrap context that should be used.
module
STRING
false
false
Specifies the module from which resource adapter will be loaded
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled or not.
transaction-support
STRING
false
true
Specifies the transaction support level of the resource adapter. This attribute allows expressions, but only simple expressions resolved from environment variables or system properties are supported. Nested expressions and resolution from vaults or credential stores are not supported.
wm-elytron-security-domain
STRING
false
true
Defines the name of the Elytron security domain that should be used.
wm-security
BOOLEAN
false
true
false
Toggle on/off wm.security for this resource adapter. In case of false all wm-security-* parameters are ignored, even the defaults.
wm-security-default-groups
LIST
false
true
Defines a default groups list that should be added to the used Subject instance.
wm-security-default-principal
STRING
false
true
Defines a default principal name that should be added to the used Subject instance.
wm-security-domain
STRING
false
true
other
Defines the name of the PicketBox security domain that should be used.
wm-security-mapping-groups
LIST
false
false
List of groups mappings.
wm-security-mapping-required
BOOLEAN
false
true
false
Defines if a mapping is required for security credentials.
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/undertow/index.html b/latest/wildscribe/deployment/subsystem/undertow/index.html
new file mode 100644
index 000000000..218342c12
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/undertow/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/undertow/servlet/index.html b/latest/wildscribe/deployment/subsystem/undertow/servlet/index.html
new file mode 100644
index 000000000..0f2bfec4a
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/undertow/servlet/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/undertow/websocket/index.html b/latest/wildscribe/deployment/subsystem/undertow/websocket/index.html
new file mode 100644
index 000000000..b96be7927
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/undertow/websocket/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/webservices/endpoint/index.html b/latest/wildscribe/deployment/subsystem/webservices/endpoint/index.html
new file mode 100644
index 000000000..9800dfee7
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/webservices/endpoint/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
wsdl-url Webservice endpoint WSDL URL. If wsdl-host is set to jbossws.undefined.host, JBossWS uses the requester host when rewriting the
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/deployment/subsystem/webservices/index.html b/latest/wildscribe/deployment/subsystem/webservices/index.html
new file mode 100644
index 000000000..8a5c4defa
--- /dev/null
+++ b/latest/wildscribe/deployment/subsystem/webservices/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/extension/index.html b/latest/wildscribe/extension/index.html
new file mode 100644
index 000000000..89ad29ef6
--- /dev/null
+++ b/latest/wildscribe/extension/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A module that extends the standard capabilities of a domain or a standalone server.
Children (1)
subsystem A subsystem provided by the extension. What is provided here is information about the xml schema and management interface provided by the subsystem, not the configuration of the subsystem itself.
\ No newline at end of file
diff --git a/latest/wildscribe/extension/subsystem/index.html b/latest/wildscribe/extension/subsystem/index.html
new file mode 100644
index 000000000..fdb9bd851
--- /dev/null
+++ b/latest/wildscribe/extension/subsystem/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A subsystem provided by the extension. What is provided here is information about the xml schema and management interface provided by the subsystem, not the configuration of the subsystem itself.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (4)
management-major-version Major version of the subsystem's management interface. May be undefined if the subsystem does not currently provide a versioned management interface.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
management-micro-version Micro version of the subsystem's management interface. May be undefined if the subsystem does not currently provide a versioned management interface.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Min
0
Max
2,147,483,647
Storage
runtime
Access Type
read-only
management-minor-version Minor version of the subsystem's management interface. May be undefined if the subsystem does not currently provide a versioned management interface.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Min
0
Max
2,147,483,647
Storage
runtime
Access Type
read-only
xml-namespaces A list of URIs for the XML namespaces supported by the subsystem's XML parser. May be empty if the extension did not clearly associate an XML namespace with a particular subsystem.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/29/wildscribe/favicon.ico b/latest/wildscribe/favicon.ico
similarity index 100%
rename from 29/wildscribe/favicon.ico
rename to latest/wildscribe/favicon.ico
diff --git a/latest/wildscribe/index.html b/latest/wildscribe/index.html
new file mode 100644
index 000000000..7dad92891
--- /dev/null
+++ b/latest/wildscribe/index.html
@@ -0,0 +1,232 @@
+ WildFly Full 29 Model Reference
WildFly Full 29 Model Reference
home
The root node of the server-level management model.
Children (9)
core-service Core services provided by the server.
platform-mbean Provides the management interface for monitoring and management of the Java virtual machine as well as the operating system on which the Java virtual machine is running. Exposes the JDK-provided JMX MBeans in the java.lang and java.nio JMX domains.
launch-type The manner in which the server process was launched. Either "DOMAIN" for a domain mode server launched by a Host Controller, "STANDALONE" for a standalone server launched from the command line, or "EMBEDDED" for a standalone server launched as an embedded part of an application running in the same virtual machine.
management-major-version The major version of the WildFly Core kernel management interface that is provided by this server.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-only
management-micro-version The micro version of the WildFly Core kernel management interface that is provided by this server.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-only
management-minor-version The minor version of the WildFly Core kernel management interface that is provided by this server.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-only
name The name of this server. If not set, defaults to the runtime value of InetAddress.getLocalHost().getHostName().
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
namespaces Map of namespaces used in the configuration XML document, where keys are namespace prefixes and values are schema URIs.
Attribute
Value
Type
OBJECT
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
organization Identification of the current organization running this server.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
process-type The type of process represented by this root resource. Always has a value of "Server" for a server resource.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
product-name The name of the WildFly Core based product that is being run by this server.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
product-version The version of the WildFly Core based product release that is being run by this server.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
profile-name The name of the server's configuration profile.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
release-codename The codename of the WildFly Core release this server is running.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
release-version The version of the WildFly Core release this server is running.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
running-mode The current running mode of the server. Either NORMAL (normal operations) or ADMIN_ONLY. An ADMIN_ONLY server will start any configured management interfaces and accept management requests, but will not start services used for handling end user requests.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Allowed Values
NORMAL ADMIN_ONLY
runtime-configuration-state The current persistent configuration state, one of starting, ok, reload-required, restart-required, stopping or stopped.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
schema-locations Map of locations of XML schemas used in the configuration XML document, where keys are schema URIs and values are locations where the schema can be found.
Attribute
Value
Type
OBJECT
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
server-state The current state of the server controller; either STARTING, RUNNING, RESTART_REQUIRED, RELOAD_REQUIRED or STOPPING.
add-namespace Adds a namespace prefix mapping to the namespaces attribute's map.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
namespace
STRING
true
false
The prefix of the namespace to add
uri
STRING
true
false
The schema uri of the namespace to add.
add-schema-location Adds a schema location mapping to the schema-locations attribute's map.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
schema-location
STRING
true
false
The location where the added schema can be found.
uri
STRING
true
false
The uri of the schema location to add
clean-obsolete-content Clean contents that are not referenced anymore from the content repository.
Reply properties
Two lists of hashes of content items: those that were marked as obsolete and those that were removed from the repository.
type
OBJECT
Value Type
{
+ "marked-contents" => {
+ "type" => LIST,
+ "description" => "List of hashes of content items that were marked as obsolete, making the eligible for future removal from the content repository",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 0L,
+ "max-length" => 2147483647L,
+ "value-type" => STRING
+ },
+ "deleted-contents" => {
+ "type" => LIST,
+ "description" => "List of hashes of content items that were removed from the content repository",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 0L,
+ "max-length" => 2147483647L,
+ "value-type" => STRING
+ }
+}
composite An operation that groups multiple operation requests into a single operation request.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
steps
LIST
true
false
A list of the operation requests that constitute the composite request.
Reply properties
A composite operation response that consists of all the step results.
type
OBJECT
Value Type
OBJECT
delete-snapshot Deletes a snapshot from the snapshots directory
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
name
STRING
true
false
The name of the snapshot to delete. The whole name is not needed, as long as what is passed in uniquely identifies a snapshot within the snapshots directory. If 'all' is used, all snapshots in the snapshot directory will be deleted.
full-replace-deployment Add previously uploaded deployment content to the list of content available for use, replace existing content of the same name in the runtime, and remove the replaced content from the list of content available for use. This is equivalent to an 'add', 'undeploy', 'deploy', 'remove' sequence where the new content has the same name as the content being replaced. Precisely one of 'runtime-name', 'hash', 'input-stream-index', 'bytes' or 'url' must be specified.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
name
STRING
true
false
Unique identifier of the deployment. Must be unique across all deployments.
runtime-name
STRING
false
false
Name by which the deployment should be known within a server's runtime. This would be equivalent to the file name of a deployment file, and would form the basis for such things as default Java Enterprise Edition application and module names. This would typically be the same as 'name', but in some cases users may wish to have two deployments with the same 'runtime-name' (e.g. two versions of "foo.war") both available in the deployment content repository, in which case the deployments would need to have distinct 'name' values but would have the same 'runtime-name'.
content
LIST
true
false
List of pieces of content that comprise the deployment.
enabled
BOOLEAN
false
false
false
Boolean indicating whether the replacement deployment content should be deployed in the runtime (or should be deployed in the runtime the next time the server starts.) An undefined value indicates the state of the existing deployment should be retained.
a list of filter criteria tuples (i.e. 'running=true')
Reply properties
type
LIST
Value Type
OBJECT
read-attribute Gets the value of an attribute for the selected resource
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
resolve-expressions
BOOLEAN
false
false
false
Resolves expressions to current runtime values. Will only resolve against basic resolution sources like system properties and environment variables; expressions requiring resolution using other sources will not be resolved.
name
STRING
true
false
The name of the attribute to get the value for under the selected resource
include-defaults
BOOLEAN
false
false
true
Boolean to enable/disable default reading. In case it is set to false only attribute set by user are returned ignoring undefined.
Reply properties
The value of the attribute. The type will be that of the attribute found
Whether to include runtime attributes (i.e. those whose value does not come from the persistent configuration) in the response. If absent, false is the default.
include-defaults
BOOLEAN
false
false
true
Boolean to enable/disable default reading. In case it is set to false only attribute set by user are returned ignoring undefined.
read-children-names Gets the names of all children under the selected resource with the given type
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
child-type
STRING
true
false
The name of the node under which to get the children names
include-singletons
BOOLEAN
false
false
false
If 'true' include the allowed values for any singleton registration, even if no resource currently exists with that name.
Reply properties
The children names
type
LIST
Value Type
STRING
read-children-resources Reads information about all of a resource's children that are of a given type
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
child-type
STRING
true
false
The name of the resource under which to get the child resources
recursive
BOOLEAN
false
false
Whether to get the children recursively. If absent, false is the default
recursive-depth
INT
false
false
The depth to which information about child resources should be included.
proxies
BOOLEAN
false
false
false
Whether to include remote resources in a recursive query (i.e. host level resources in a query of the domain root; running server resources in a query of a host). If absent, false is the default
include-runtime
BOOLEAN
false
false
false
Whether to include runtime attributes (i.e. those whose value does not come from the persistent configuration) in the response. If absent, false is the default. Ignored if the 'recursive' parameter is set to 'true'; i.e. runtime attributes can only be read in non-recursive queries.
include-defaults
BOOLEAN
false
false
true
Boolean to enable/disable default reading. In case it is set to false only attribute set by user are returned ignoring undefined.
Reply properties
The children resources
type
LIST
Value Type
OBJECT
read-children-types Gets the type names of all the children under the selected resource
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
include-aliases
BOOLEAN
false
false
false
If 'true' include children which are aliases.
include-singletons
BOOLEAN
false
false
false
If 'true' include the full key/value pair for any singleton registration.
Reply properties
The children types
type
LIST
Value Type
STRING
read-config-as-xml Reads the current configuration and returns it in XML format.
Whether or not to include information about what rights the current user has on the operation.
Reply properties
type
OBJECT
read-operation-names Gets the names of all the operations for the given resource
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
access-control
BOOLEAN
false
false
false
If 'true' only operations the user is allowed to see are returned, and filtered operations are listed in the 'access-control' response header.
Reply properties
The operation names
type
LIST
Value Type
STRING
read-resource Reads a model resource's attribute values along with either basic or complete information about any child resources
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
resolve-expressions
BOOLEAN
false
false
false
Resolves expressions to current runtime values. Will only resolve against basic resolution sources like system properties and environment variables; expressions requiring resolution using other sources will not be resolved.
recursive
BOOLEAN
false
false
Whether to include complete information about child resources, recursively. If absent, false is the default
recursive-depth
INT
false
false
The depth to which information about child resources should be included.
proxies
BOOLEAN
false
false
false
Whether to include remote resources in a recursive query (i.e. host level resources in a query of the domain root; running server resources in a query of a host). If absent, false is the default.
include-runtime
BOOLEAN
false
false
false
Whether to include runtime attributes (i.e. those whose value does not come from the persistent configuration) in the response. If absent, false is the default.
include-defaults
BOOLEAN
false
false
true
Boolean to enable/disable default reading. In case it is set to false only attribute set by user are returned ignoring undefined.
attributes-only
BOOLEAN
false
false
false
Whether or not to only read the attributes on the specified resource. Cannot be used in conjunction with 'recursive' or 'recursive-depth'.
include-aliases
BOOLEAN
false
false
false
If 'true' and recursive, include children which are aliases.
Reply properties
The resource's attribute values along with information about any child resources
type
OBJECT
read-resource-description Gets the description of a resource's attributes, types of children and, optionally, operations
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
operations
BOOLEAN
false
false
false
Whether to include descriptions of the resource's operations. Default is false
notifications
BOOLEAN
false
false
false
Whether to include descriptions of the resource's notifications. Default is false
inherited
BOOLEAN
false
false
true
If 'operations' is true, whether to include descriptions of the resource's inherited operations. Default is true.
recursive
BOOLEAN
false
false
Whether to include recursively descriptions of child resources. Default is false.
recursive-depth
INT
false
false
The depth to which information about child resources should be included.
proxies
BOOLEAN
false
false
false
Whether to include remote resources in a recursive query (i.e. host level resources in a query of the domain root; running server resources in a query of a host). If absent, false is the default
include-aliases
BOOLEAN
false
false
false
If 'true' and recursive, include children which are aliases.
access-control
STRING
false
false
none
Include information about what rights the current user has on the actual resources, attributes and operations.
locale
STRING
false
false
The locale to get the resource description in. If null, the default locale will be used
Reply properties
The description of the resource
type
OBJECT
reload Reloads the server by shutting down all its services and starting again. The JVM itself is not restarted.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
admin-only
BOOLEAN
false
false
false
Whether the server should start in running mode ADMIN_ONLY when it restarts. An ADMIN_ONLY server will start any configured management interfaces and accept management requests, but will not start services used for handling end user requests.
use-current-server-config
BOOLEAN
false
false
true
Only has an effect if --read-only-server-config was specified when starting the server. In that case, if this parameter is set to false the reloaded server loads the original configuration version; if null or true the current runtime version of the model is used.
server-config
STRING
false
false
Use to override the name of the server config to use for the reloaded server. When making changes to the model after the reload, the changes will still be persisted to the original server configuration file that was first used to boot up the server. This parameter is resolved the same way as the --server-config command-line option.
start-mode
STRING
false
false
normal
Can be either normal, suspend or admin-only. If it is suspend the server will be started in suspended mode, if it is admin only the server will be started in admin-only mode.
remove-namespace Removes a namespace prefix mapping from the namespaces attribute's map.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
namespace
STRING
true
false
The prefix of the namespace to remove.
remove-schema-location Removes a schema location mapping from the schema-locations attribute's map.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
uri
STRING
true
false
The URI of the schema location to remove.
replace-deployment Replace existing content in the runtime with new content. The new content must have been previously uploaded to the deployment content repository.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
to-replace
STRING
true
false
The name of the content that is to be replaced.
name
STRING
true
false
The name of the new content.
runtime-name
STRING
false
false
Name by which the deployment should be known within a server's runtime. This would be equivalent to the file name of a deployment file, and would form the basis for such things as default Java Enterprise Edition application and module names. This would typically be the same as 'name', but in some cases users may wish to have two deployments with the same 'runtime-name' (e.g. two versions of "foo.war") both available in the deployment content repository, in which case the deployments would need to have distinct 'name' values but would have the same 'runtime-name'.
content
LIST
false
false
List of pieces of content that comprise the deployment.
resolve-expression Operation that accepts an expression as input (or a string that can be parsed into an expression) and resolves it against the local system properties and environment variables. Expressions requiring resolution using other sources will not be resolved.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
expression
STRING
false
true
The expression to resolve.
Reply properties
The resolved expression, or the string form of the original input value if it did not represent an expression that could be resolved against the local system properties and environment variables.
type
STRING
resolve-internet-address Takes a set of interface resolution criteria and finds an IP address on the local machine that matches the criteria, or fails if no matching IP address can be found.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
any-address
BOOLEAN
false
false
Any address
inet-address
STRING
false
true
Inet address
link-local-address
BOOLEAN
false
false
Link local address
loopback
BOOLEAN
false
false
Loopback
loopback-address
STRING
false
true
Loopback address
multicast
BOOLEAN
false
false
Multicast
nic
STRING
false
true
NIC
nic-match
STRING
false
true
NIC match
point-to-point
BOOLEAN
false
false
Point to point
public-address
BOOLEAN
false
false
Public address
site-local-address
BOOLEAN
false
false
Site local address
subnet-match
STRING
false
true
Subnet match
up
BOOLEAN
false
false
Up
virtual
BOOLEAN
false
false
Virtual
any
OBJECT
false
false
any
not
OBJECT
false
false
Not
Reply properties
type
STRING
resume Resumes normal operations on a suspended server.
shutdown Shuts down the server via a call to System.exit(0)
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
restart
BOOLEAN
false
false
false
If true, once shutdown the server will be restarted again
timeout
INT
false
false
0
If this timeout is set a graceful shutdown will be attempted. If this is zero (the default) then the server will shutdown immediately. A value larger than zero means the server will wait up to this many seconds for all active requests to finish. A value smaller than zero means that the server will wait indefinitely for all active requests to finish.
suspend-timeout
INT
false
false
0
The graceful shutdown timeout in seconds. If this is zero (the default) then the server will shutdown immediately. A value larger than zero means the server will wait up to this many seconds for all active requests to finish. A value smaller than zero means that the server will wait indefinitely for all active requests to finish.
perform-installation
BOOLEAN
false
false
false
Restart the server and perform any pending installation.
suspend Suspends server operations gracefully. All current requests will complete normally, however no new requests will be accepted.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
timeout
INT
false
false
0
The timeout that a suspend operation will wait for the suspend operation to complete before returning. If this is zero the operation will return immediately, -1 means that it will wait indefinitely. Note that the operation will not roll back if the timeout is exceeded, it just means that not all current requests completed in the specified timeout.
suspend-timeout
INT
false
false
0
The suspend operation timeout in seconds. If this is zero (the default) the operation will return immediately. A value larger than zero means the operation will wait up to this many seconds to complete before returning. A value smaller than zero means that the operation will wait indefinitely for all active requests to finish. Note that the operation will not roll back if the timeout is exceeded, it just means that not all current requests completed in the specified timeout.
take-snapshot Takes a snapshot of the current configuration
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
comment
STRING
false
false
Comment on the snapshot being taken.
name
STRING
false
false
The name of the snapshot being taken.
Reply properties
The location of the file on the machine the configuration belongs
type
STRING
undefine-attribute Sets the value of an attribute of the selected resource to 'undefined'
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
name
STRING
true
false
The name of the attribute which should be set to 'undefined'
upload-deployment-bytes Indicates that the deployment content in the included byte array should be added to the deployment content repository. Note that this operation does not indicate the content should be deployed into the runtime.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
bytes
BYTES
true
false
Byte array containing the deployment content that should uploaded to the domain's or standalone server's deployment content repository.
Reply properties
The hash of managed deployment content that has been uploaded to the domain's or standalone server's deployment content repository.
type
BYTES
upload-deployment-stream Indicates that the deployment content available at the included input stream index should be added to the deployment content repository. Note that this operation does not indicate the content should be deployed into the runtime.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
input-stream-index
INT
true
false
The index into the operation's attached input streams of the input stream that contains deployment content that should be uploaded to the domain's or standalone server's deployment content repository.
Reply properties
The hash of managed deployment content that has been uploaded to the domain's or standalone server's deployment content repository.
type
BYTES
upload-deployment-url Indicates that the deployment content available at the included URL should be added to the deployment content repository. Note that this operation does not indicate the content should be deployed into the runtime.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
url
STRING
true
false
The URL at which the deployment content is available for upload to the domain's or standalone server's deployment content repository.. Note that the URL must be accessible from the target of the operation (i.e. the Domain Controller or standalone server).
Reply properties
The hash of managed deployment content that has been uploaded to the domain's or standalone server's deployment content repository.
type
BYTES
validate-address Checks whether a resource with the address passed in as the argument exists.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
value
OBJECT
true
false
The address to check.
Reply properties
Report of checking the address.
type
OBJECT
Value Type
{
+ "valid" => {
+ "type" => BOOLEAN,
+ "description" => "Indicates whether a resource with the address passed in as the argument exists.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false
+ },
+ "problem" => {
+ "type" => STRING,
+ "description" => "Is included only if the address is not valid and describes what's wrong with the address.",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ }
+}
validate-operation Validates that an operation is valid according to its description. Any errors present will be shown in the operation's failure-description.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
value
OBJECT
true
false
The operation to validate.
whoami Returns the identity of the currently authenticated user.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
verbose
BOOLEAN
false
false
false
If set to true whoami also returns the users roles.
Reply properties
The identify of the authenticated user and their roles if requested.
type
STRING
write-attribute Sets the value of an attribute for the selected resource
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
name
STRING
true
false
The name of the attribute to set the value for under the selected resource
value
STRING
false
false
The value of the attribute to set the value for under the selected resource. May be null if the underlying model supports null values.
write-config An operation to force the server to write its config file, without making any actual config change.
\ No newline at end of file
diff --git a/latest/wildscribe/interface/index.html b/latest/wildscribe/interface/index.html
new file mode 100644
index 000000000..3a1e20b18
--- /dev/null
+++ b/latest/wildscribe/interface/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
any Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be that the IP address meets at least one of a nested set of criteria, but not necessarily all of the nested criteria. The value of the attribute is a set of criteria. An 'undefined' value means this attribute is not relevant to the IP address selection.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
any-address Attribute indicating that sockets using this interface should be bound to a wildcard address. The IPv6 wildcard address (::) will be used unless the java.net.preferIpV4Stack system property is set to true, in which case the IPv4 wildcard address (0.0.0.0) will be used. If a socket is bound to an IPv6 anylocal address on a dual-stack machine, it can accept both IPv6 and IPv4 traffic; if it is bound to an IPv4 (IPv4-mapped) anylocal address, it can only accept IPv4 traffic.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
inet-address Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not the address matches the given value. Value is either an IP address in IPv6 or IPv4 dotted decimal notation, or a hostname that can be resolved to an IP address. An 'undefined' value means this attribute is not relevant to the IP address selection.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
link-local-address Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not the address is link-local. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
loopback Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not it is a loopback address. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
loopback-address Attribute indicating that the IP address for this interface should be the given value, if a loopback interface exists on the machine. A 'loopback address' may not actually be configured on the machine's loopback interface. Differs from inet-address in that the given value will be used even if no NIC can be found that has the IP specified address associated with it. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
multicast Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not its network interface supports multicast. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection.
nic Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether its network interface has the given name. The name of a network interface (e.g. eth0, eth1, lo). An 'undefined' value means this attribute is not relevant to the IP address selection.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
nic-match Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether its network interface has a name that matches the given regular expression. Value is a regular expression against which the names of the network interfaces available on the machine can be matched to find an acceptable interface. An 'undefined' value means this attribute is not relevant to the IP address selection.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
not Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be that the IP address *does not* meet any of a nested set of criteria. The value of the attribute is a set of criteria (e.g. 'loopback') whose normal meaning is reversed. An 'undefined' value means this attribute is not relevant to the IP address selection.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
point-to-point Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not its network interface is a point-to-point interface. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
public-address Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not it is a publicly routable address. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
resolved-address Attribute showing the resolved ip address for this interface.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
site-local-address Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or it is a site-local address. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
subnet-match Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or it the address fits in the given subnet definition. Value is a network IP address and the number of bits in the address' network prefix, written in "slash notation"; e.g. "192.168.0.0/16". An 'undefined' value means this attribute is not relevant to the IP address selection.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
up Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether its network interface is currently up. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
virtual Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether its network interface is a virtual interface. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be that the IP address meets at least one of a nested set of criteria, but not necessarily all of the nested criteria. The value of the attribute is a set of criteria. An 'undefined' value means this attribute is not relevant to the IP address selection.
any-address
BOOLEAN
false
false
Attribute indicating that sockets using this interface should be bound to a wildcard address. The IPv6 wildcard address (::) will be used unless the java.net.preferIpV4Stack system property is set to true, in which case the IPv4 wildcard address (0.0.0.0) will be used. If a socket is bound to an IPv6 anylocal address on a dual-stack machine, it can accept both IPv6 and IPv4 traffic; if it is bound to an IPv4 (IPv4-mapped) anylocal address, it can only accept IPv4 traffic.
inet-address
STRING
false
true
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not the address matches the given value. Value is either an IP address in IPv6 or IPv4 dotted decimal notation, or a hostname that can be resolved to an IP address. An 'undefined' value means this attribute is not relevant to the IP address selection.
link-local-address
BOOLEAN
false
false
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not the address is link-local. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection.
loopback
BOOLEAN
false
false
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not it is a loopback address. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection.
loopback-address
STRING
false
true
Attribute indicating that the IP address for this interface should be the given value, if a loopback interface exists on the machine. A 'loopback address' may not actually be configured on the machine's loopback interface. Differs from inet-address in that the given value will be used even if no NIC can be found that has the IP specified address associated with it. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection.
multicast
BOOLEAN
false
false
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not its network interface supports multicast. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection.
nic
STRING
false
true
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether its network interface has the given name. The name of a network interface (e.g. eth0, eth1, lo). An 'undefined' value means this attribute is not relevant to the IP address selection.
nic-match
STRING
false
true
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether its network interface has a name that matches the given regular expression. Value is a regular expression against which the names of the network interfaces available on the machine can be matched to find an acceptable interface. An 'undefined' value means this attribute is not relevant to the IP address selection.
not
OBJECT
false
false
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be that the IP address *does not* meet any of a nested set of criteria. The value of the attribute is a set of criteria (e.g. 'loopback') whose normal meaning is reversed. An 'undefined' value means this attribute is not relevant to the IP address selection.
point-to-point
BOOLEAN
false
false
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not its network interface is a point-to-point interface. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
public-address
BOOLEAN
false
false
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or not it is a publicly routable address. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
site-local-address
BOOLEAN
false
false
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or it is a site-local address. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
subnet-match
STRING
false
true
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether or it the address fits in the given subnet definition. Value is a network IP address and the number of bits in the address' network prefix, written in "slash notation"; e.g. "192.168.0.0/16". An 'undefined' value means this attribute is not relevant to the IP address selection.
up
BOOLEAN
false
false
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether its network interface is currently up. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
virtual
BOOLEAN
false
false
Attribute indicating that part of the selection criteria for choosing an IP address for this interface should be whether its network interface is a virtual interface. An 'undefined' or 'false' value means this attribute is not relevant to the IP address selection
resolve-internet-address Takes a set of interface resolution criteria and finds an IP address on the local machine that matches the criteria, or fails if no matching IP address can be found.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
any-address
BOOLEAN
false
false
Any address
inet-address
STRING
false
true
Inet address
link-local-address
BOOLEAN
false
false
Link local address
loopback
BOOLEAN
false
false
Loopback
loopback-address
STRING
false
true
Loopback address
multicast
BOOLEAN
false
false
Multicast
nic
STRING
false
true
NIC
nic-match
STRING
false
true
NIC match
point-to-point
BOOLEAN
false
false
Point to point
public-address
BOOLEAN
false
false
Public address
site-local-address
BOOLEAN
false
false
Site local address
subnet-match
STRING
false
true
Subnet match
up
BOOLEAN
false
false
Up
virtual
BOOLEAN
false
false
Virtual
any
OBJECT
false
false
any
not
OBJECT
false
false
Not
Reply properties
type
STRING
\ No newline at end of file
diff --git a/29/wildscribe/js/main.js b/latest/wildscribe/js/main.js
similarity index 100%
rename from 29/wildscribe/js/main.js
rename to latest/wildscribe/js/main.js
diff --git a/29/wildscribe/js/vendor/bootstrap.bundle.min.js b/latest/wildscribe/js/vendor/bootstrap.bundle.min.js
similarity index 100%
rename from 29/wildscribe/js/vendor/bootstrap.bundle.min.js
rename to latest/wildscribe/js/vendor/bootstrap.bundle.min.js
diff --git a/29/wildscribe/js/vendor/bootstrap.bundle.min.js.map b/latest/wildscribe/js/vendor/bootstrap.bundle.min.js.map
similarity index 100%
rename from 29/wildscribe/js/vendor/bootstrap.bundle.min.js.map
rename to latest/wildscribe/js/vendor/bootstrap.bundle.min.js.map
diff --git a/29/wildscribe/js/vendor/ie10-viewport-bug-workaround.js b/latest/wildscribe/js/vendor/ie10-viewport-bug-workaround.js
similarity index 100%
rename from 29/wildscribe/js/vendor/ie10-viewport-bug-workaround.js
rename to latest/wildscribe/js/vendor/ie10-viewport-bug-workaround.js
diff --git a/29/wildscribe/js/vendor/jquery-3.4.1.slim.min.js b/latest/wildscribe/js/vendor/jquery-3.4.1.slim.min.js
similarity index 100%
rename from 29/wildscribe/js/vendor/jquery-3.4.1.slim.min.js
rename to latest/wildscribe/js/vendor/jquery-3.4.1.slim.min.js
diff --git a/latest/wildscribe/log-message-reference.html b/latest/wildscribe/log-message-reference.html
new file mode 100644
index 000000000..adf21b8c3
--- /dev/null
+++ b/latest/wildscribe/log-message-reference.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Message ack in prepared tx for queue {0} which does not exist. This ack will be ignored.
AMQ022273
WARN
Address "{0}" is full. Bridge {1} will disconnect
AMQ101000
INFO
Starting ActiveMQ Artemis Server
AMQ101001
INFO
Stopping ActiveMQ Artemis Server
AMQ101002
INFO
Starting Naming server on {0}:{1,number,#} (rmi {2}:{3,number,#})
AMQ101003
INFO
Halting ActiveMQ Artemis Server after user request
AMQ101005
DEBUG
Using broker configuration: {0}
AMQ102000
WARN
Error during undeployment: {0}
AMQ104000
ERROR
Failed to delete file {0}
AMQ104001
ERROR
Failed to start server
AMQ104002
ERROR
The print data operation failed: {0}
AMQ111000
WARN
Scheduled task can't be removed from scheduledPool.
AMQ111001
WARN
******************************************************************************************************************************* Could not re-establish AMQP Server Connection {0} on {1} after {2} retries *******************************************************************************************************************************
AMQ111002
INFO
******************************************************************************************************************************* Retrying Server AMQP Connection {0} on {1} retry {2} of {3} *******************************************************************************************************************************
AMQ111003
INFO
******************************************************************************************************************************* Connected on Server AMQP Connection {0} on {1} after {2} retries *******************************************************************************************************************************
AMQ111004
WARN
AddressFullPolicy clash on an anonymous producer between destinations {0}(addressFullPolicy={1}) and {2}(addressFullPolicy={3}). This could lead to semantic inconsistencies on your clients. Notice you could have other instances of this scenario however this message will only be logged once. log.debug output would show all instances of this event.
AMQ121003
INFO
JMS Server Manager Running cached command for {0}
AMQ121004
INFO
JMS Server Manager Caching command for {0} since the JMS Server is not active yet
AMQ121004
INFO
JMS Server Manager Caching command for {0} since the JMS Server is not active.
AMQ121005
INFO
Invalid "host" value "0.0.0.0" detected for "{0}" connector. Switching to "{1}". If this new address is incorrect please manually configure the connector to use the proper one.
AMQ122005
WARN
Invalid "host" value "0.0.0.0" detected for "{0}" connector. Switching to "{1}". If this new address is incorrect please manually configure the connector to use the proper one.
AMQ122007
WARN
Queue {0} does not exist on the topic {1}. It was deleted manually probably.
AMQ122007
WARN
Queue {0} does not exist on the topic {1}. It was deleted manually probably.
AMQ122008
WARN
XA Recovery can not connect to any ActiveMQ server on recovery {0}
AMQ122008
WARN
XA Recovery can not connect to any broker on recovery {0}
AMQ122011
WARN
error unbinding {0} from JNDI
AMQ122011
WARN
error unbinding {0} from Registry
AMQ122012
WARN
JMS Server Manager error
AMQ122012
WARN
JMS Server Manager error
AMQ122013
WARN
Error in XA Recovery recover
AMQ122013
WARN
Error in XA Recovery recover
AMQ122014
WARN
Notified of connection failure in xa recovery connectionFactory for provider {0} will attempt reconnect on next pass
AMQ122014
WARN
Notified of connection failure in xa recovery connectionFactory for provider {0} will attempt reconnect on next pass
AMQ122015
WARN
Can not connect to {0} on auto-generated resource recovery
AMQ122016
DEBUG
Error in XA Recovery
AMQ122016
DEBUG
Error in XA Recovery
AMQ122017
WARN
Tried to correct invalid "host" value "0.0.0.0" for "{0}" connector, but received an exception.
AMQ122017
WARN
Tried to correct invalid "host" value "0.0.0.0" for "{0}" connector, but received an exception.
AMQ122018
WARN
Could not start recovery discovery on {0}, we will retry every recovery scan until the server is available
AMQ122018
WARN
Failed to send notification: {0}
AMQ122019
WARN
Unable to deactivate server
AMQ123000
DEBUG
JMS Server Manager Running cached command for {0}.(In the event of failover after failback has occurred, this message may be output multiple times.)
AMQ124000
ERROR
key attribute missing for JMS configuration {0}
AMQ124000
ERROR
key attribute missing for JMS configuration {0}
AMQ124002
ERROR
Failed to start JMS deployer
AMQ124002
ERROR
Failed to start JMS deployer
AMQ131001
INFO
Security Context Setting Subject = {0}
AMQ132000
WARN
I''m closing a JMS connection you left open. Please make sure you close all JMS connections explicitly before letting them go out of scope! see stacktrace to find out where it was created
AMQ132001
WARN
An error happened while setting the context
AMQ132001
WARN
Unhandled exception thrown from onMessage
AMQ134000
ERROR
Failed to call JMS exception listener
AMQ134002
ERROR
Queue Browser failed to create message {0}
AMQ134003
ERROR
Message Listener failed to prepare message for receipt, message={0}
AMQ134004
ERROR
Message Listener failed to process message
AMQ134005
ERROR
Message Listener failed to recover session
AMQ134006
ERROR
Failed to call Failover listener
AMQ141000
INFO
*** running direct journal blast: {0}
AMQ141002
INFO
starting thread for sync speed test
AMQ141003
INFO
Write rate = {0} bytes / sec or {1} MiB / sec
AMQ141004
INFO
Flush rate = {0} flushes / sec
AMQ141005
INFO
Check Data Files:
AMQ141006
INFO
Sequence out of order on journal
AMQ141007
INFO
Current File on the journal is <= the sequence file.getFileID={0} on the dataFiles Currentfile.getFileId={1} while the file.getFileID()={2} Is same = ({3})
AMQ141008
INFO
Free File ID out of order
AMQ141009
INFO
A Free File is less than the maximum data
AMQ141010
INFO
Initialising JDBC data source {0} with properties {1}
AMQ142000
WARN
You have a native library with a different version than expected
AMQ142001
WARN
Could not get lock after 60 seconds on closing Asynchronous File: {0}
AMQ142002
WARN
Asynchronous File: {0} being finalized with opened state
AMQ142003
WARN
AIO Callback Error: {0}
AMQ142004
WARN
Inconsistency during compacting: CommitRecord ID = {0} for an already committed transaction during compacting
AMQ142005
WARN
Inconsistency during compacting: Delete record being read on an existent record (id={0})
AMQ142006
WARN
Could not find add Record information for record {0} during compacting
AMQ142007
WARN
Can not find record {0} during compact replay
AMQ142008
WARN
Could not remove file {0} from the list of data files
AMQ142009
WARN
******************************************************************************************************************************* The File Storage Attic is full, as the file {0} does not have the configured size, and the file will be removed *******************************************************************************************************************************
AMQ142010
WARN
Failed to add file to opened files queue: {0}. This should NOT happen!
AMQ142011
WARN
Error on reading compacting for {0}
AMQ142012
WARN
Couldn''t find tx={0} to merge after compacting
AMQ142013
WARN
Prepared transaction {0} was not considered completed, it will be ignored
AMQ142014
WARN
Transaction {0} is missing elements so the transaction is being ignored
AMQ142015
WARN
Uncommitted transaction with id {0} found and discarded
AMQ142016
WARN
Could not stop compactor executor after 120 seconds
AMQ142017
WARN
Could not stop journal executor after 60 seconds
AMQ142018
WARN
Temporary files were left unattended after a crash on journal directory, deleting invalid files now
AMQ142019
WARN
Deleting orphaned file {0}
AMQ142020
WARN
Could not get lock after 60 seconds on closing Asynchronous File: {0}
AMQ142021
WARN
Error on IO callback, {0}
AMQ142022
WARN
Timed out on AIO poller shutdown
AMQ142023
WARN
Executor on file {0} couldn''t complete its tasks in 60 seconds.
AMQ142024
WARN
Error completing callback
AMQ142025
WARN
Error calling onError callback
AMQ142026
WARN
Timed out on AIO writer shutdown
AMQ142027
WARN
Error on writing data! {0} code - {1}
AMQ142028
WARN
Error replaying pending commands after compacting
AMQ142029
WARN
Error closing file
AMQ142030
WARN
Could not open a file in 60 Seconds
AMQ142031
WARN
Error retrieving ID part of the file name {0}
AMQ142032
WARN
Error reading journal file
AMQ142033
WARN
Error reinitializing file {0}
AMQ142034
WARN
Exception on submitting write
AMQ142035
WARN
Could not stop journal append executor after 60 seconds
AMQ144000
ERROR
Failed to delete file {0}
AMQ144001
ERROR
Error starting poller
AMQ144002
ERROR
Error pushing opened file
AMQ144003
ERROR
Error compacting
AMQ144004
ERROR
Error scheduling compacting
AMQ144005
ERROR
Failed to performance blast
AMQ144006
ERROR
IOError code {0}, {1}
AMQ144007
WARN
Ignoring journal file {0}: file is shorter then minimum header size. This file is being removed.
AMQ144008
WARN
******************************************************************************************************************************* File {0}: was moved under attic, please review it and remove it. *******************************************************************************************************************************
AMQ144009
WARN
Could not get a file in {0} seconds, System will retry the open but you may see increased latency in your system
AMQ144010
WARN
Critical IO Exception happened: {0}
AMQ151000
INFO
awaiting topic/queue creation {0}
AMQ151001
INFO
Attempting to reconnect {0}
AMQ151002
INFO
Reconnected with broker
AMQ151003
INFO
resource adaptor stopped
AMQ151004
INFO
Instantiating {0} "{1}" directly since UseJNDI=false.
AMQ151005
INFO
awaiting server availability
AMQ151006
INFO
Cluster topology change detected. Re-balancing connections on even {0}.
AMQ151007
INFO
Resource adaptor started
AMQ152001
WARN
problem resetting xa session after failure
AMQ152002
WARN
Unable to roll local transaction back
AMQ152003
WARN
unable to reset session after failure, we will place the MDB Inflow now in setup mode for activation={0}
AMQ152004
WARN
Handling JMS exception failure
AMQ152005
WARN
Failure in broker activation {0}
AMQ152006
WARN
Unable to call after delivery
AMQ152007
WARN
Thread {0} could not be finished
AMQ152008
WARN
Error interrupting handler on endpoint {0} handler = {1}
AMQ152009
WARN
Unable to validate properties
AMQ152010
WARN
Unable to clear the transaction
AMQ152011
WARN
Unable to close the factory
AMQ153001
DEBUG
using different ActiveMQRAConnectionFactory
AMQ153002
jakarta.jms.IllegalStateException
Cannot create a subscriber on the durable subscription since it already has subscriber(s)
AMQ153003
WARN
Unsupported acknowledgement mode {0}
AMQ153004
WARN
Invalid number of session (negative) {0}, defaulting to {1}.
AMQ153005
WARN
Unable to retrieve "{0}" from JNDI. Creating a new "{1}" named "{2}" to be used by the MDB.
AMQ154000
ERROR
Error while creating object Reference.
AMQ154001
ERROR
Unable to stop resource adapter.
AMQ154003
ERROR
Unable to reconnect {0}
AMQ154004
ERROR
Failed to deliver message
AMQ171003
INFO
JMS Server Manager Running cached command for {0}
AMQ171004
INFO
JMS Server Manager Caching command for {0} since the JMS Server is not active.
AMQ172005
WARN
Invalid "host" value "0.0.0.0" detected for "{0}" connector. Switching to "{1}". If this new address is incorrect please manually configure the connector to use the proper one.
AMQ172007
WARN
Queue {0} does not exist on the topic {1}. It was deleted manually probably.
AMQ172008
WARN
XA Recovery can not connect to any broker on recovery {0}
AMQ172011
WARN
error unbinding {0} from JNDI
AMQ172012
WARN
JMS Server Manager error
AMQ172013
WARN
Error in XA Recovery recover
AMQ172014
WARN
Notified of connection failure in xa recovery connectionFactory for provider {0} will attempt reconnect on next pass
AMQ172015
WARN
Can not connect to {0} on auto-generated resource recovery
AMQ172016
DEBUG
Error in XA Recovery
AMQ172017
WARN
Tried to correct invalid "host" value "0.0.0.0" for "{0}" connector, but received an exception.
AMQ172018
WARN
Could not start recovery discovery on {0}, we will retry every recovery scan until the server is available
AMQ174000
ERROR
key attribute missing for JMS configuration {0}
AMQ174002
ERROR
Failed to start JMS deployer
AMQ201000
INFO
Network is healthy, starting service {0}
AMQ201001
INFO
Network is unhealthy, stopping service {0}
AMQ202000
WARN
Missing privileges to set Thread Context Class Loader on Thread Factory. Using current Thread Context Class Loader
AMQ202001
WARN
{0} is a loopback address and will be discarded.
AMQ202002
WARN
Ping Address {0} wasn't reacheable.
AMQ202003
WARN
Ping Url {0} wasn't reacheable.
AMQ202004
WARN
Error starting component {0}
AMQ202005
WARN
Error stopping component {0}
AMQ202006
WARN
Failed to check Url {0}.
AMQ202007
WARN
Failed to check Address {0}.
AMQ202008
WARN
Failed to check Address list {0}.
AMQ202009
WARN
Failed to check Url list {0}.
AMQ202010
WARN
Failed to set NIC {0}.
AMQ202011
WARN
Failed to read from stream {0}.
AMQ202012
WARN
Object cannot be serialized.
AMQ202013
WARN
Unable to deserialize object.
AMQ202014
WARN
Unable to encode byte array into Base64 notation.
AMQ202015
WARN
Failed to clean up file {0}
AMQ202016
WARN
Could not list files to clean up in {0}
AMQ211000
INFO
**** Dumping session creation stacks ****
AMQ211001
INFO
session created
AMQ211002
DEBUG
Started {0} Netty Connector version {1} to {2}:{3,number,#}
AMQ211003
DEBUG
Started InVM Connector
AMQ212000
WARN
{0}
AMQ212001
WARN
Error on clearing messages
AMQ212002
WARN
Timed out waiting for handler to complete processing
AMQ212003
WARN
Unable to close session
AMQ212004
WARN
Failed to connect to server.
AMQ212005
WARN
Tried {0} times to connect. Now giving up on reconnecting it.
AMQ212007
WARN
connector.create or connectorFactory.createConnector should never throw an exception, implementation is badly behaved, but we will deal with it anyway.
AMQ212008
WARN
I am closing a core ClientSessionFactory you left open. Please make sure you close all ClientSessionFactories explicitly before letting them go out of scope! {0}
AMQ212009
WARN
resetting session after failure
AMQ212010
WARN
Server is starting, retry to create the session {0}
AMQ212011
WARN
committing transaction after failover occurred, any non persistent messages may be lost
AMQ212012
WARN
failure occurred during commit throwing XAException
AMQ212014
WARN
failover occurred during prepare rolling back
AMQ212015
WARN
failover occurred during prepare rolling back
AMQ212016
WARN
I am closing a core ClientSession you left open. Please make sure you close all ClientSessions explicitly before letting them go out of scope! {0}
AMQ212017
WARN
error adding packet
AMQ212018
WARN
error calling cancel
AMQ212019
WARN
error reading index
AMQ212020
WARN
error setting index
AMQ212021
WARN
error resetting index
AMQ212022
WARN
error reading LargeMessage file cache
AMQ212023
WARN
error closing LargeMessage file cache
AMQ212024
WARN
Exception during finalization for LargeMessage file cache
AMQ212025
WARN
did not connect the cluster connection to other nodes
AMQ212026
WARN
Timed out waiting for pool to terminate
AMQ212027
WARN
Timed out waiting for scheduled pool to terminate
AMQ212028
WARN
error starting server locator
AMQ212029
DEBUG
Closing a Server Locator left open. Please make sure you close all Server Locators explicitly before letting them go out of scope! {0}
AMQ212030
WARN
error sending topology
AMQ212031
WARN
error sending topology
AMQ212032
WARN
Timed out waiting to stop discovery thread
AMQ212033
WARN
unable to send notification when discovery group is stopped
AMQ212034
WARN
There are more than one servers on the network broadcasting the same node id. You will see this message exactly once (per node) if a node is restarted, in which case it can be safely ignored. But if it is logged continuously it means you really do have more than one node on the same network active concurrently with the same node id. This could occur if you have a backup node active at the same time as its live node. nodeID={0}
AMQ212035
WARN
error receiving packet in discovery
AMQ212036
WARN
Can not find packet to clear: {0} last received command id first stored command id {1}
AMQ212037
WARN
Connection failure to {0} has been detected: {1} [code={2}]
AMQ212038
WARN
Failure in calling interceptor: {0}
AMQ212040
WARN
Timed out waiting for netty ssl close future to complete
AMQ212041
WARN
Timed out waiting for netty channel to close
AMQ212042
WARN
Timed out waiting for packet to be flushed
AMQ212043
WARN
Property {0} must be an Integer, it is {1}
AMQ212044
WARN
Property {0} must be a Long, it is {1}
AMQ212045
WARN
Property {0} must be a Boolean, it is {1}
AMQ212046
WARN
Cannot find activemq-version.properties on classpath: {0}
AMQ212047
WARN
Warning: JVM allocated more data what would make results invalid {0}:{1}
AMQ212048
WARN
Random address ({0}) was already in use, trying another time
AMQ212049
WARN
Could not bind to {0} ({1} address); make sure your discovery group-address is of the same type as the IP stack (IPv4 or IPv6). Ignoring discovery group-address, but this may lead to cross talking.
AMQ212050
WARN
Compressed large message tried to read {0} bytes from stream {1}
AMQ212051
WARN
Invalid concurrent session usage. Sessions are not supposed to be used by more than one thread concurrently.
AMQ212052
WARN
Packet {0} was answered out of sequence due to a previous server timeout and it''s being ignored
AMQ212053
WARN
CompletionListener/SendAcknowledgementHandler used with confirmationWindowSize=-1. Enable confirmationWindowSize to receive acks from server!
AMQ212054
WARN
Destination address={0} is blocked. If the system is configured to block make sure you consume messages on this configuration.
AMQ212055
WARN
Unable to close consumer
AMQ212056
WARN
local-bind-address specified for broadcast group but no local-bind-port. Using random port for UDP Broadcast ({0})
AMQ212057
WARN
Large Message Streaming is taking too long to flush on back pressure.
AMQ212058
WARN
Unable to get a message.
AMQ212059
WARN
Failed to clean up: {0}
AMQ212060
WARN
Unexpected null data received from DiscoveryEndpoint
AMQ212061
WARN
Failed to perform force close
AMQ212062
WARN
Failed to perform post actions on message processing
AMQ212063
WARN
Unable to handle connection failure
AMQ212064
WARN
Unable to receive cluster topology
AMQ212065
WARN
{0} getting exception when receiving broadcasting
AMQ212066
WARN
failed to parse int property
AMQ212067
WARN
failed to get system property
AMQ212068
WARN
Couldn't finish the client globalThreadPool in less than 10 seconds, interrupting it now
AMQ212069
WARN
Couldn't finish the client scheduled in less than 10 seconds, interrupting it now
AMQ212070
WARN
Unable to initialize VersionLoader
AMQ212071
WARN
Unable to check Epoll availability
AMQ212072
WARN
Failed to change channel state to ReadyForWriting
AMQ212073
WARN
Unable to check KQueue availability
AMQ212074
WARN
SendAcknowledgementHandler will not be asynchronous without setting up confirmation window size
AMQ212074
WARN
channel group did not completely close
AMQ212075
WARN
KQueue is not available, please add to the classpath or configure useKQueue=false to remove this warning
AMQ212076
WARN
Epoll is not available, please add to the classpath or configure useEpoll=false to remove this warning
AMQ212077
WARN
Timed out waiting to receive initial broadcast from cluster. Retry {0} of {1}
AMQ212079
WARN
The upstream connector from the downstream federation will ignore url parameter {0}
AMQ212080
WARN
Using legacy SSL store provider value: {0}. Please use either ''keyStoreType'' or ''trustStoreType'' instead as appropriate.
AMQ214000
ERROR
Failed to call onMessage
AMQ214001
ERROR
failed to cleanup session
AMQ214002
ERROR
Failed to execute failure listener
AMQ214003
ERROR
Failed to handle failover
AMQ214004
ERROR
XA end operation failed
AMQ214005
ERROR
XA start operation failed {0} code:{1}
AMQ214006
ERROR
Session is not XA
AMQ214007
ERROR
Received exception asynchronously from server
AMQ214008
ERROR
Failed to handle packet
AMQ214009
ERROR
Failed to stop discovery group
AMQ214010
ERROR
Failed to receive datagram
AMQ214011
ERROR
Failed to call discovery listener
AMQ214012
ERROR
Unexpected error handling packet {0}
AMQ214013
ERROR
Failed to decode packet
AMQ214014
ERROR
Failed to execute failure listener
AMQ214015
ERROR
Failed to execute connection life cycle listener
AMQ214016
ERROR
Failed to create netty connection
AMQ214017
ERROR
Caught unexpected Throwable
AMQ214018
ERROR
Failed to invoke getTextContent() on node {0}
AMQ214019
ERROR
Invalid configuration
AMQ214020
ERROR
Exception happened while stopping Discovery BroadcastEndpoint {0}
AMQ214021
ERROR
Invalid cipher suite specified. Supported cipher suites are: {0}
Deleting pending large message as it was not completed: {0}
AMQ221006
INFO
Waiting to obtain live lock
AMQ221007
INFO
Server is now live
AMQ221008
INFO
live server wants to restart, restarting server in backup
AMQ221010
INFO
Backup Server is now live
AMQ221011
INFO
Server {0} is now live
AMQ221012
INFO
Using AIO Journal
AMQ221013
INFO
Using NIO Journal
AMQ221014
INFO
{0}% loaded
AMQ221015
INFO
Can not find queue {0} while reloading ACKNOWLEDGE_CURSOR, deleting record now
AMQ221016
INFO
Can not find queue {0} while reloading PAGE_CURSOR_COUNTER_VALUE, deleting record now
AMQ221017
INFO
Can not find queue {0} while reloading PAGE_CURSOR_COUNTER_INC, deleting record now
AMQ221018
INFO
Large message: {0} did not have any associated reference, file will be deleted
AMQ221019
INFO
Deleting unreferenced message id={0} from the journal
AMQ221020
INFO
Started {0} Acceptor at {1}:{2,number,#} for protocols [{3}]
AMQ221021
INFO
failed to remove connection
AMQ221022
INFO
unable to start connector service: {0}
AMQ221023
INFO
unable to stop connector service: {0}
AMQ221024
INFO
Backup server {0} is synchronized with live server, nodeID={1}.
AMQ221025
INFO
Replication: sending {0} (size={1}) to replica.
AMQ221026
INFO
Bridge {0} connected to forwardingAddress={1}. {2} does not have any bindings. Messages will be ignored until a binding is created.
AMQ221027
INFO
Bridge {0} is connected
AMQ221028
INFO
Bridge is stopping, will not retry
AMQ221029
INFO
stopped bridge {0}
AMQ221030
INFO
paused bridge {0}
AMQ221031
INFO
backup announced
AMQ221032
INFO
Waiting to become backup node
AMQ221033
INFO
** got backup lock
AMQ221034
INFO
Waiting {0} to obtain live lock
AMQ221035
INFO
Live Server Obtained live lock
AMQ221036
INFO
Message with duplicate ID {0} was already set at {1}. Move from {2} being ignored and message removed from {3}
AMQ221037
INFO
{0} to become ''live''
AMQ221038
INFO
Configuration option ''{0}'' is deprecated. Consult the manual for details.
AMQ221039
INFO
Restarting as Replicating backup server after live restart
AMQ221040
INFO
Remote group coordinators has not started.
AMQ221041
INFO
Cannot find queue {0} while reloading PAGE_CURSOR_COMPLETE, deleting record now
AMQ221042
INFO
Bridge {0} timed out waiting for the completion of {1} messages, we will just shutdown the bridge after 10 seconds wait
AMQ221043
INFO
Protocol module found: [{1}]. Adding protocol support for: {0}
AMQ221045
INFO
libaio is not available, switching the configuration into NIO
AMQ221046
INFO
Unblocking message production on address ''{0}''; {1}
AMQ221047
INFO
Backup Server has scaled down to live server
AMQ221048
INFO
Consumer {0}:{1} attached to queue ''{2}'' from {3} identified as ''slow.'' Expected consumption rate: {4} msgs/second; actual consumption rate: {5} msgs/second.
AMQ221049
INFO
Activating Replica for node: {0}
AMQ221050
INFO
Activating Shared Store Slave
AMQ221051
INFO
Populating security roles from LDAP at: {0}
AMQ221052
INFO
Deploying topic {0}
AMQ221053
INFO
Disallowing use of vulnerable protocol ''{0}'' on acceptor ''{1}''. See http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html for more details.
AMQ221054
INFO
libaio was found but the filesystem does not support AIO. Switching the configuration into NIO. Journal path: {0}
AMQ221055
INFO
There were too many old replicated folders upon startup, removing {0}
AMQ221056
INFO
Reloading configuration: {0}
AMQ221057
INFO
Global Max Size is being adjusted to 1/2 of the JVM max size (-Xmx). being defined as {0}
AMQ221058
INFO
resetting Journal File size from {0} to {1} to fit with alignment of {2}
AMQ221059
INFO
Deleting old data directory {0} as the max folders is set to 0
AMQ221060
INFO
Sending quorum vote request to {0}: {1}
AMQ221061
INFO
Received quorum vote response from {0}: {1}
AMQ221062
INFO
Received quorum vote request: {0}
AMQ221063
INFO
Sending quorum vote response: {0}
AMQ221064
INFO
Node {0} found in cluster topology
AMQ221065
INFO
Node {0} not found in cluster topology
AMQ221066
INFO
Initiating quorum vote: {0}
AMQ221067
INFO
Waiting {0} {1} for quorum vote results.
AMQ221068
INFO
Received all quorum votes.
AMQ221069
INFO
Timeout waiting for quorum vote responses.
AMQ221070
INFO
Restarting as backup based on quorum vote results.
AMQ221071
INFO
Failing over based on quorum vote results.
AMQ221072
INFO
Can't find roles for the subject.
AMQ221073
INFO
Can't add role principal.
AMQ221074
INFO
Debug started : size = {0} bytes, messages = {1}
AMQ221075
INFO
Usage of wildcardRoutingEnabled configuration property is deprecated, please use wildCardConfiguration.enabled instead
AMQ221076
INFO
{0}
AMQ221077
INFO
There is no queue with ID {0}, deleting record {1}
AMQ221078
INFO
Scaled down {0} messages total.
AMQ221079
INFO
Ignoring prepare on xid as already called : {0}
AMQ221080
INFO
Deploying address {0} supporting {1}
AMQ221081
INFO
There is no address with ID {0}, deleting record {1}
AMQ221082
INFO
Initializing metrics plugin {0} with properties: {1}
AMQ221083
INFO
ignoring quorum vote as max cluster size is {0}.
AMQ221084
INFO
Requested {0} quorum votes
AMQ221085
INFO
Route {0} to {1}
AMQ221086
INFO
Cannot route {0}
AMQ221109
INFO
Apache ActiveMQ Artemis Backup Server version {0} [{1}] started, waiting live to fail before it gets active
AMQ222000
WARN
ActiveMQServer is being finalized and has not been stopped. Please remember to stop the server before letting it go out of scope
AMQ222001
WARN
Error closing sessions while stopping server
AMQ222002
WARN
Timed out waiting for pool to terminate {0}. Interrupting all its threads!
AMQ222004
WARN
Must specify an address for each divert. This one will not be deployed.
AMQ222005
WARN
Must specify a forwarding address for each divert. This one will not be deployed.
AMQ222006
WARN
Binding already exists with name {0}, divert will not be deployed
AMQ222007
WARN
Security risk! Apache ActiveMQ Artemis is running with the default cluster admin user and default password. Please see the cluster chapter in the ActiveMQ Artemis User Guide for instructions on how to change this.
AMQ222008
WARN
unable to restart server, please kill and restart manually
AMQ222009
WARN
Unable to announce backup for replication. Trying to stop the server.
AMQ222010
ERROR
Critical IO Error, shutting down the server. file={1}, message={0}
AMQ222011
WARN
Error stopping server
AMQ222012
WARN
Timed out waiting for backup activation to exit
AMQ222013
WARN
Error when trying to start replication
AMQ222014
WARN
Error when trying to stop replication
AMQ222016
WARN
Cannot deploy a connector with no name specified.
AMQ222017
WARN
There is already a connector with name {0} deployed. This one will not be deployed.
AMQ222018
WARN
AIO was not located on this platform, it will fall back to using pure Java NIO. If your platform is Linux, install LibAIO to enable the AIO journal
AMQ222019
WARN
There is already a discovery group with name {0} deployed. This one will not be deployed.
AMQ222020
WARN
error scanning for URL''s
AMQ222021
WARN
problem undeploying {0}
AMQ222022
WARN
Timed out waiting for paging cursor to stop {0}
AMQ222023
WARN
problem cleaning page address {0}
AMQ222024
WARN
Could not complete operations on IO context {0}
AMQ222025
WARN
Problem cleaning page subscription counter
AMQ222026
WARN
Error on cleaning up cursor pages
AMQ222027
WARN
Timed out flushing executors for paging cursor to stop {0}
AMQ222028
WARN
Could not find page cache for page {0}, on queue {1}/{2} removing it from the journal
AMQ222029
WARN
Could not locate page transaction {0}, ignoring message on position {1} on address={2} queue={3}
AMQ222030
WARN
File {0} being renamed to {1}.invalidPage as it was loaded partially. Please verify your data.
AMQ222031
WARN
Error while deleting page file
AMQ222032
WARN
page finalise error
AMQ222033
WARN
Page file {0} had incomplete records at position {1} at record number {2}
AMQ222034
WARN
Can not delete page transaction id={0}
AMQ222035
WARN
Directory {0} did not have an identification file {1}
AMQ222036
WARN
Timed out on waiting PagingStore {0} to shutdown
AMQ222037
WARN
IO Error, impossible to start paging
AMQ222038
INFO
Starting paging on address ''{0}''; {1}
AMQ222039
WARN
Messages sent to address ''{0}'' are being dropped; {1}
AMQ222040
WARN
Server is stopped
AMQ222041
WARN
Cannot find queue {0} to update delivery count
AMQ222042
WARN
Cannot find message {0} to update delivery count
AMQ222043
WARN
Message for queue {0} which does not exist. This message will be ignored.
AMQ222044
WARN
It was not possible to delete message {0}
AMQ222045
WARN
Message in prepared tx for queue {0} which does not exist. This message will be ignored.
AMQ222046
WARN
Failed to remove reference for {0}
AMQ222047
WARN
Can not find queue {0} while reloading ACKNOWLEDGE_CURSOR
AMQ222048
WARN
PAGE_CURSOR_COUNTER_VALUE record used on a prepared statement, invalid state
AMQ222049
WARN
InternalError: Record type {0} not recognized. Maybe you are using journal files created on a different version
AMQ222050
WARN
Can not locate recordType={0} on loadPreparedTransaction//deleteRecords
AMQ222051
WARN
Journal Error
AMQ222052
WARN
error incrementing delay detection
AMQ222053
WARN
Error on copying large message {0} for DLA or Expiry
AMQ222054
WARN
Error on executing IOCallback
AMQ222055
WARN
Error on deleting duplicate cache
AMQ222056
WARN
Did not route to any bindings for address {0} and sendToDLAOnNoRoute is true but there is no DLA configured for the address, the message will be ignored.
AMQ222057
WARN
It was not possible to add references due to an IO error code {0} message = {1}
AMQ222059
WARN
Duplicate message detected - message will not be routed. Message information: {0}
AMQ222060
WARN
Error while confirming large message completion on rollback for recordID={0}
AMQ222061
WARN
Client connection failed, clearing up resources for session {0}
On ManagementService stop, there are {0} unexpected registered MBeans: {1}
AMQ222114
WARN
Unable to delete group binding info {0}
AMQ222115
WARN
Error closing serverLocator={0}
AMQ222116
WARN
unable to start broadcast group {0}
AMQ222117
WARN
unable to start cluster connection {0}
AMQ222118
WARN
unable to start Bridge {0}
AMQ222119
WARN
No connector with name {0}. backup cannot be announced.
AMQ222120
WARN
no cluster connections defined, unable to announce backup
AMQ222121
WARN
Must specify a unique name for each bridge. This one will not be deployed.
AMQ222122
WARN
Must specify a queue name for each bridge. This one {0} will not be deployed.
AMQ222123
WARN
Forward address is not specified on bridge {0}. Will use original message address instead
AMQ222124
WARN
There is already a bridge with name {0} deployed. This one will not be deployed.
AMQ222125
WARN
No queue found with name {0} bridge {1} will not be deployed.
AMQ222126
WARN
No discovery group found with name {0} bridge will not be deployed.
AMQ222127
WARN
Must specify a unique name for each cluster connection. This one will not be deployed.
AMQ222128
WARN
Must specify an address for each cluster connection. This one will not be deployed.
AMQ222129
WARN
No connector with name {0}. The cluster connection will not be deployed.
AMQ222130
WARN
Cluster Configuration {0} already exists. The cluster connection will not be deployed.
AMQ222131
WARN
No discovery group with name {0}. The cluster connection will not be deployed.
AMQ222132
WARN
There is already a broadcast-group with name {0} deployed. This one will not be deployed.
AMQ222133
WARN
There is no connector deployed with name {0}. The broadcast group with name {1} will not be deployed.
AMQ222134
WARN
No connector defined with name {0}. The bridge will not be deployed.
AMQ222135
WARN
Stopping Redistributor, Timed out waiting for tasks to complete
AMQ222136
WARN
IO Error during redistribution, errorCode = {0} message = {1}
AMQ222137
WARN
Unable to announce backup, retrying
AMQ222138
WARN
Local Member is not set at on ClusterConnection {0}
AMQ222139
WARN
{0}::Remote queue binding {1} has already been bound in the post office. Most likely cause for this is you have a loop in your cluster due to cluster max-hops being too large or you have multiple cluster connections to the same nodes using overlapping addresses
AMQ222141
WARN
Node Manager can not open file {0}
AMQ222142
WARN
Error on resetting large message deliver - {0}
AMQ222143
WARN
Timed out waiting for executor to complete
AMQ222144
WARN
Queue could not finish waiting executors. Try increasing the thread pool size
AMQ222145
WARN
Error expiring reference {0} on queue
AMQ222146
WARN
Message has expired. No bindings for Expiry Address {0} so dropping it
AMQ222147
WARN
Messages are being expired on queue {0}, but there is no Expiry Address configured so messages will be dropped.
AMQ222148
WARN
Message {0} has exceeded max delivery attempts. No bindings for Dead Letter Address {1} so dropping it
AMQ222149
WARN
Message {0} has reached maximum delivery attempts, sending it to Dead Letter Address {1} from {2}
AMQ222150
WARN
Message {0} has exceeded max delivery attempts. No Dead Letter Address configured for queue {1} so dropping it
AMQ222151
WARN
removing consumer which did not handle a message, consumer={0}, message={1}
AMQ222152
WARN
Unable to decrement reference counting on queue
AMQ222153
WARN
Cannot locate record for message id = {0} on Journal
AMQ222154
WARN
Error checking DLQ
AMQ222155
WARN
Failed to register as backup. Stopping the server.
AMQ222156
WARN
Less than {0}% {1} You are in danger of running out of RAM. Have you set paging parameters on your addresses? (See user manual "Paging" chapter)
AMQ222157
WARN
Error completing callback on replication manager
AMQ222158
WARN
{0} activation thread did not finish.
AMQ222159
WARN
unable to send notification when broadcast group is stopped
AMQ222160
WARN
unable to send notification when broadcast group is stopped
AMQ222161
WARN
Group Handler timed-out waiting for sendCondition
AMQ222162
INFO
Moving data directory {0} to {1}
AMQ222163
WARN
Server is being completely stopped, since this was a replicated backup there may be journal files that need cleaning up. The Apache ActiveMQ Artemis broker will have to be manually restarted.
AMQ222164
WARN
Error when trying to start replication {0}
AMQ222165
WARN
No Dead Letter Address configured for queue {0} in AddressSettings
AMQ222166
WARN
No Expiry Address configured for queue {0} in AddressSettings
AMQ222167
WARN
Group Binding not available so deleting {0} groups from {1}, groups will be bound to another node
AMQ222168
WARN
The ''protocol'' property is deprecated. If you want this Acceptor to support multiple protocols, use the ''protocols'' property, e.g. with value ''CORE,AMQP,STOMP''
AMQ222169
WARN
You have old legacy clients connected to the queue {0} and we can''t disconnect them, these clients may just hang
AMQ222170
WARN
Bridge {0} forwarding address {1} has confirmation-window-size ({2}) greater than address'' max-size-bytes'' ({3})
AMQ222171
WARN
Bridge {0} forwarding address {1} could not be resolved on address-settings configuration
AMQ222172
WARN
Queue {0} was busy for more than {1} milliseconds. There are possibly consumers hanging on a network operation
AMQ222173
WARN
Queue {0} is duplicated during reload. This queue will be renamed as {1}
AMQ222174
WARN
Queue {0}, on address={1}, is taking too long to flush deliveries. Watch out for frozen clients.
AMQ222175
WARN
Bridge {0} could not find configured connectors
AMQ222176
WARN
A session that was already doing XA work on {0} is replacing the xid by {1} . This was most likely caused from a previous communication timeout
AMQ222177
WARN
Wrong configuration for role, {0} is not a valid permission
AMQ222178
WARN
Error during recovery of page counters
AMQ222181
WARN
Unable to scaleDown messages
AMQ222182
WARN
Missing cluster-configuration for scale-down-clustername {0}
AMQ222183
WARN
Blocking message production on address ''{0}''; {1}
AMQ222184
WARN
Unable to recover group bindings in SCALE_DOWN mode, only FULL backup server can do this
AMQ222185
WARN
no cluster connection for specified replication cluster
AMQ222186
WARN
unable to authorise cluster control: {0}
AMQ222187
WARN
Failed to activate replicated backup
AMQ222188
WARN
Unable to find target queue for node {0}
AMQ222189
WARN
Failed to activate shared store slave
AMQ222191
WARN
Could not find any configured role for user {0}.
AMQ222192
WARN
Could not delete: {0}
AMQ222193
WARN
Memory Limit reached. Producer ({0}) stopped to prevent flooding {1} (blocking for {2}s). See http://activemq.apache.org/producer-flow-control.html for more info.
Large message {0} wasn''t found when dealing with add pending large message
AMQ222196
WARN
Could not find binding with id={0} on routeFromCluster for message={1} binding = {2}
AMQ222197
WARN
Internal error! Delivery logic has identified a non delivery and still handled a consumer!
AMQ222198
WARN
Could not flush ClusterManager executor ({0}) in 10 seconds, verify your thread pool size
AMQ222199
WARN
Thread dump: {0}
AMQ222200
WARN
Could not finish executor on {0}
AMQ222201
WARN
Timed out waiting for activation to exit
AMQ222202
WARN
{0}: <{1}> should not be set to the same value as <{2}>. If a system is under high load, or there is a minor network delay, there is a high probability of a cluster split/failure due to connection timeout.
AMQ222203
WARN
Classpath lacks a protocol-manager for protocol {0}, Protocol being ignored on acceptor {1}
AMQ222204
WARN
Duplicated Acceptor {0} with parameters {1} classFactory={2} duplicated on the configuration
AMQ222205
WARN
OutOfMemoryError possible! There are currently {0} addresses with a total max-size-bytes of {1} bytes, but the maximum memory available is {2} bytes.
AMQ222206
WARN
Connection limit of {0} reached. Refusing connection from {1}.
AMQ222207
WARN
The backup server is not responding promptly introducing latency beyond the limit. Replication server being disconnected now.
AMQ222208
WARN
SSL handshake failed for client from {0}: {1}.
AMQ222209
WARN
Could not contact group handler coordinator after 10 retries, message being routed without grouping information
AMQ222210
WARN
Free storage space is at {0} of {1} total. Usage rate is {2} which is beyond the configured . System will start blocking producers.
AMQ222211
INFO
Free storage space is at {0} of {1} total. Usage rate is {2} which is below the configured .
AMQ222212
WARN
Disk Full! Blocking message production on address ''{0}''. Clients will report blocked.
AMQ222213
WARN
There was an issue on the network, server is isolated!
AMQ222214
WARN
Destination {1} has an inconsistent and negative address size={0}.
AMQ222215
WARN
Global Address Size has negative and inconsistent value as {0}
AMQ222216
WARN
Security problem while authenticating: {0}
AMQ222217
WARN
Cannot find connector-ref {0}. The cluster-connection {1} will not be deployed.
AMQ222218
WARN
Server disconnecting: {0}
AMQ222219
WARN
File {0} does not exist
AMQ222220
WARN
Error while cleaning paging on queue {0}
AMQ222221
WARN
Error while cleaning page, during the commit
AMQ222222
WARN
Error while deleting page-complete-record
AMQ222223
WARN
Failed to calculate message memory estimate
AMQ222224
WARN
Failed to calculate scheduled delivery time
AMQ222225
WARN
Sending unexpected exception to the client
AMQ222226
WARN
Connection configuration is null for connectorName {0}
AMQ222227
WARN
Failed to process an event
AMQ222228
WARN
Missing replication token on queue
AMQ222229
WARN
Failed to perform rollback
AMQ222230
WARN
Failed to send notification
AMQ222231
WARN
Failed to flush outstanding data from the connection
AMQ222232
WARN
Unable to acquire lock
AMQ222233
WARN
Unable to destroy connection with session metadata
AMQ222234
WARN
Unable to invoke a callback
AMQ222235
WARN
Unable to inject a monitor
AMQ222236
WARN
Unable to flush deliveries
AMQ222237
WARN
Unable to stop redistributor
AMQ222238
WARN
Unable to commit transaction
AMQ222239
WARN
Unable to delete Queue status
AMQ222240
WARN
Unable to pause a Queue
AMQ222241
WARN
Unable to resume a Queue
AMQ222242
WARN
Unable to obtain message priority, using default
AMQ222243
WARN
Unable to extract GroupID from message
AMQ222244
WARN
Unable to check if message expired
AMQ222245
WARN
Unable to perform post acknowledge
AMQ222246
WARN
Unable to rollback on close
AMQ222247
WARN
Unable to close consumer
AMQ222248
WARN
Unable to remove consumer
AMQ222249
WARN
Unable to rollback on TX timed out
AMQ222250
WARN
Unable to delete heuristic completion from storage manager
AMQ222251
WARN
Unable to start replication
AMQ222252
WARN
Unable to calculate file size
AMQ222253
WARN
Error while syncing data on largeMessageInSync:: {0}
AMQ222254
WARN
Invalid record type {0}
AMQ222255
WARN
Unable to calculate file store usage
AMQ222256
WARN
Failed to unregister acceptors
AMQ222257
WARN
Failed to decrement message reference count
AMQ222258
WARN
Error on deleting queue {0}
AMQ222259
WARN
Failed to flush the executor
AMQ222260
WARN
Failed to perform rollback
AMQ222261
WARN
Failed to activate a backup
AMQ222262
WARN
Failed to stop cluster manager
AMQ222263
WARN
Failed to stop cluster connection
AMQ222264
WARN
Failed to process message reference after rollback
AMQ222265
WARN
Failed to finish delivery, unable to lock delivery
AMQ222266
WARN
Failed to send request to the node
AMQ222267
WARN
Failed to disconnect bindings
AMQ222268
WARN
Failed to remove a record
AMQ222269
WARN
Please use a fixed value for "journal-pool-files". Default changed per https://issues.apache.org/jira/browse/ARTEMIS-1628
AMQ222270
WARN
Unable to create management notification address: {0}
AMQ222274
WARN
Failed to deploy address {0}: {1}
AMQ222275
WARN
Failed to deploy queue {0}: {1}
AMQ222276
WARN
Failed to process changes to the logging configuration file: {0}
AMQ222277
WARN
Problem initializing automatic logging configuration reload for {0}
AMQ222278
WARN
Unable to extract GroupSequence from message
AMQ222279
WARN
Federation upstream {0} policy ref {1} could not be resolved in federation configuration
AMQ222280
WARN
Federation upstream {0} policy ref {1} is of unknown type in federation configuration
AMQ222281
WARN
Federation upstream {0} policy ref {1} are too self referential, avoiding stack overflow ,
AMQ222282
WARN
Federation downstream {0} upstream transport configuration ref {1} could not be resolved in federation configuration
AMQ222283
INFO
Federation downstream {0} has been deployed
AMQ222284
INFO
Federation downstream {0} has been undeployed
AMQ222285
WARN
File {0} at {1} is empty. Delete the empty file to stop this message.
AMQ222286
WARN
Error executing {0} federation plugin method.
AMQ222287
WARN
Error looking up bindings for address {}.
AMQ222288
WARN
Page {0}, message {1} could not be found on offset {2}, with starting message {3}. This represents a logic error or inconsistency on the data, and the system will try once again from the beggining of the page file.
AMQ222289
WARN
Did not route to any matching bindings on dead-letter-address {0} and auto-create-dead-letter-resources is true; dropping message: {1}
AMQ222290
WARN
Failed to find cluster-connection when handling cluster-connect packet. Ignoring: {0}
AMQ222291
WARN
The metrics-plugin element is deprecated and replaced by the metrics element
AMQ222292
WARN
The metrics-plugin element is ignored because the metrics element is defined
AMQ222294
WARN
There is a possible split brain on nodeID {0}, coming from connectors {1}. Topology update ignored.
AMQ222295
WARN
There is a possible split brain on nodeID {0}. Topology update ignored
AMQ222296
WARN
Unable to deploy Hawtio MBeam, console client side RBAC not available
AMQ222297
WARN
Unable to start Management Context, RBAC not available
AMQ222298
WARN
Failed to create bootstrap user "{0}". User management may not function.
AMQ222299
WARN
No bootstrap credentials found. User management may not function.
AMQ222300
WARN
Getting SSL handler failed when serving client from {0}: {1}.
AMQ222301
WARN
Duplicate address-setting match found: {0}. These settings will be ignored! Please review your broker.xml and consolidate any duplicate address-setting elements.
AMQ222302
WARN
Failed to deal with property {0} when converting message from core to OpenWire: {1}
AMQ222303
WARN
Redistribution by {0} of messageID = {1} failed
AMQ222304
WARN
Unable to load message from journal
AMQ222305
WARN
Error federating message {0}.
AMQ222306
WARN
Failed to load prepared TX and it will be rolled back: {0}
AMQ222307
WARN
The queues element is deprecated and replaced by the addresses element
AMQ222308
WARN
Unable to listen for incoming fail-back request because {0} is null. Ensure the broker has the proper cluster-connection configuration.
AMQ223000
DEBUG
Received Interrupt Exception whilst waiting for component to shutdown: {0}
AMQ223001
DEBUG
Ignored quorum vote due to quorum reached or vote casted: {0}
AMQ224000
ERROR
Failure in initialisation
AMQ224001
ERROR
Error deploying URI {0}
AMQ224002
ERROR
Error deploying URI
AMQ224003
ERROR
Error undeploying URI {0}
AMQ224005
ERROR
Unable to deploy node {0}
AMQ224006
ERROR
Invalid filter: {0}
AMQ224007
ERROR
page subscription = {0} error={1}
AMQ224008
ERROR
Failed to store id
AMQ224009
ERROR
Cannot find message {0}
AMQ224010
ERROR
Cannot find queue messages for queueID={0} on ack for messageID={1}
AMQ224011
ERROR
Cannot find queue messages {0} for message {1} while processing scheduled messages
AMQ224012
ERROR
error releasing resources
AMQ224014
ERROR
Failed to close session
AMQ224015
ERROR
Caught XA exception
AMQ224016
ERROR
Caught exception
AMQ224017
ERROR
Invalid packet {0}
AMQ224018
ERROR
Failed to create session
AMQ224019
ERROR
Failed to reattach session
AMQ224020
ERROR
Failed to handle create queue
AMQ224021
ERROR
Failed to decode packet
AMQ224022
ERROR
Failed to execute failure listener
AMQ224024
ERROR
Stomp Error, tx already exist! {0}
AMQ224027
ERROR
Failed to write to handler on invm connector {0}
AMQ224028
ERROR
Failed to stop acceptor {0}
AMQ224029
ERROR
large message sync: largeMessage instance is incompatible with it, ignoring data
AMQ224030
ERROR
Could not cancel reference {0}
AMQ224032
ERROR
Failed to pause bridge
AMQ224033
ERROR
Failed to broadcast connector configs
AMQ224034
ERROR
Failed to close consumer
AMQ224035
ERROR
Failed to close cluster connection flow record
AMQ224036
ERROR
Failed to update cluster connection topology
AMQ224037
ERROR
cluster connection Failed to handle message
AMQ224038
ERROR
Failed to ack old reference
AMQ224039
ERROR
Failed to expire message reference
AMQ224040
ERROR
Failed to remove consumer
AMQ224041
ERROR
Failed to deliver
AMQ224042
ERROR
Error while restarting the backup server: {0}
AMQ224043
ERROR
Failed to send forced delivery message
AMQ224044
ERROR
error acknowledging message
AMQ224045
ERROR
Failed to run large message deliverer
AMQ224046
ERROR
Exception while browser handled from {0}
AMQ224047
ERROR
Failed to delete large message file
AMQ224048
ERROR
Failed to remove temporary queue {0}
AMQ224049
ERROR
Cannot find consumer with id {0}
AMQ224050
ERROR
Failed to close connection {0}
AMQ224051
ERROR
Failed to call notification listener
AMQ224052
ERROR
Unable to call Hierarchical Repository Change Listener
AMQ224053
ERROR
failed to timeout transaction, xid:{0}
AMQ224054
ERROR
exception while stopping the replication manager
AMQ224055
ERROR
Bridge Failed to ack
AMQ224056
ERROR
Live server will not fail-back automatically
AMQ224057
ERROR
Backup server that requested fail-back was not announced. Server will not stop for fail-back.
AMQ224058
ERROR
Stopping ClusterManager. As it failed to authenticate with the cluster: {0}
AMQ224059
ERROR
Invalid cipher suite specified. Supported cipher suites are: {0}
Setting both <{0}> and is invalid. Please use exclusively as <{0}> is deprecated. Ignoring <{0}> value.
AMQ224062
ERROR
Failed to send SLOW_CONSUMER notification: {0}
AMQ224063
ERROR
Failed to close consumer connections for address {0}
AMQ224064
ERROR
Setting <{0}> is invalid with this HA Policy Configuration. Please use exclusively or remove. Ignoring <{0}> value.
AMQ224065
ERROR
Failed to remove auto-created {1} {0}
AMQ224066
ERROR
Error opening context for LDAP
AMQ224067
ERROR
Error populating security roles from LDAP
AMQ224068
ERROR
Unable to stop component: {0}
AMQ224069
ERROR
Change detected in broker configuration file, but reload failed
AMQ224072
WARN
Message Counter Sample Period too short: {0}
AMQ224073
INFO
Using MAPPED Journal
AMQ224074
ERROR
Failed to purge queue {0} on no consumers
AMQ224075
ERROR
Cannot find pageTX id = {0}
AMQ224076
INFO
Undeploying address {0}
AMQ224077
INFO
Undeploying queue {0}
AMQ224078
WARN
The size of duplicate cache detection () appears to be too large {0}. It should be no greater than the number of messages that can be squeezed into confirmation window buffer () {1}.
AMQ224079
ERROR
The process for the virtual machine will be killed, as component {0} is not responsive
AMQ224080
ERROR
The server process will now be stopped, as component {0} is not responsive
AMQ224081
WARN
The component {0} is not responsive
AMQ224082
ERROR
Failed to invoke an interceptor
AMQ224083
ERROR
Failed to close context
AMQ224084
ERROR
Failed to open context
AMQ224085
ERROR
Failed to load property {0}, reason: {1}
AMQ224086
ERROR
Caught unexpected exception
AMQ224087
ERROR
Error announcing backup: backupServerLocator is null. {0}
AMQ224088
ERROR
Timeout ({0} seconds) on acceptor "{1}" during protocol handshake with {2} has occurred.
AMQ224089
WARN
Failed to calculate persistent size
AMQ224090
WARN
This node is not configured for Quorum Voting, all nodes must be configured for HA
AMQ224091
WARN
Bridge {0} is unable to connect to destination. Retrying
AMQ224092
INFO
Despite disabled persistence, page files will be persisted.
AMQ224093
ERROR
Reference to message is null
AMQ224094
TRACE
Quorum vote result await is interrupted
AMQ224095
ERROR
Error updating Consumer Count: {0}
AMQ224096
ERROR
Error setting up connection from {0} to {1}; protocol {2} not found in map: {3}
AMQ224097
ERROR
Failed to start server
AMQ224098
INFO
Received a vote saying the backup is live with connector: {0}
AMQ224099
WARN
Message with ID {0} has a header too large. More information available on debug level for class {1}
AMQ224100
INFO
Timed out waiting for large messages deletion with IDs {0}, might not be deleted if broker crashes atm
AMQ224101
WARN
Apache ActiveMQ Artemis is using a scheduled pool without remove on cancel policy, so a cancelled task could be not automatically removed from the work queue, it may also cause unbounded retention of cancelled tasks.
AMQ224102
INFO
unable to undeploy address {0} : reason {1}
AMQ224103
INFO
unable to undeploy queue {0} : reason {1}
AMQ224104
ERROR
Error starting the Acceptor {0} {1}
AMQ224105
WARN
Connecting to cluster failed
AMQ224106
ERROR
failed to remove transaction, xid:{0}
AMQ224107
INFO
The Critical Analyzer detected slow paths on the broker. It is recommended that you enable trace logs on org.apache.activemq.artemis.utils.critical while you troubleshoot this issue. You should disable the trace logs when you have finished troubleshooting.
AMQ224108
INFO
Stopped paging on address ''{0}''; {1}
AMQ224109
WARN
ConnectionRouter {0} not found
AMQ224110
WARN
Configuration 'whitelist' is deprecated, please use the 'allowlist' configuration
AMQ224111
WARN
Both 'whitelist' and 'allowlist' detected. Configuration 'whitelist' is deprecated, please use only the 'allowlist' configuration
AMQ224112
INFO
Auto removing Queue {0} with queueID={1} on address={2}
AMQ224113
INFO
Auto removing Address {0}
AMQ224114
INFO
Address control block, blocking message production on address ''{0}''. Clients will not get further credit.
AMQ224115
INFO
Address control unblock of address ''{0}''. Clients will be granted credit as normal.
AMQ224116
WARN
The component {0} is not responsive during start up. The Server may be taking too long to start
AMQ224117
INFO
"page-max-cache-size" being used on broker.xml. This configuration attribute is no longer used and it will be ignored.
AMQ332068
WARN
connection closed {0}
AMQ332069
WARN
Sent ERROR frame to STOMP client {0}: {1}
AMQ334023
ERROR
Unable to send frame {0}
AMQ341000
INFO
Failed to set up JMS bridge {1} connections. Most probably the source or target servers are unavailable. Will retry after a pause of {0} ms
AMQ341001
INFO
JMS Bridge {0} succeeded in reconnecting to servers
AMQ341002
INFO
JMSBridge {0} succeeded in connecting to servers
AMQ342000
WARN
Attempt to start JMS Bridge {0}, but is already started
AMQ342001
WARN
Failed to start JMS Bridge {0}
AMQ342002
WARN
Failed to unregisted JMS Bridge {0} - {1}
AMQ342003
WARN
JMS Bridge {0} unable to set up connections, bridge will be stopped
AMQ342004
WARN
JMS Bridge {1}, will retry after a pause of {0} ms
AMQ342005
WARN
JMS Bridge {0} unable to set up connections, bridge will not be started
AMQ342006
WARN
JMS Bridge {0}, detected failure on bridge connection
beforeMessageRoute called with message: {0}, context: {1}, direct: {2}, rejectDuplicates: {3}
AMQ843011
DEBUG
afterMessageRoute message: {0}, with context: {1}, direct: {2}, rejectDuplicates: {3}
AMQ843012
DEBUG
beforeDeliver called with consumer: {0}, reference: {1}
AMQ843013
DEBUG
delivered message with message ID: {0} to consumer on address: {1}, queue: {2}, consumer sessionID: {3}, consumerID: {4}, full message reference: {5}, full consumer: {6}
TransactionReaper::check worker {0} not responding to interrupt when cancelling TX {1} -- worker marked as zombie and TX scheduled for mark-as-rollback
TwoPhaseCoordinator.beforeCompletion - failed for {0}
ARJUNA012126
WARN
TwoPhaseCoordinator.beforeCompletion TwoPhaseCoordinator.afterCompletion called on still running transaction!
ARJUNA012127
WARN
TwoPhaseCoordinator.afterCompletion - returned failure for {0}
ARJUNA012128
WARN
TwoPhaseCoordinator.afterCompletion - failed for {0} with exception
ARJUNA012129
WARN
TwoPhaseCoordinator.afterCompletion - failed for {0} with error
ARJUNA012130
WARN
Name of XA node not defined. Using {0}
ARJUNA012131
WARN
Supplied name of node is too long. Using {0}
ARJUNA012132
WARN
Supplied name of node contains reserved character ''-''. Using {0}
ARJUNA012135
java.lang.String
Could not create Store type:
ARJUNA012136
WARN
Could not recreate abstract record {0}
ARJUNA012137
WARN
Cannot begin new transaction as TM is disabled. Marking as rollback-only.
ARJUNA012138
WARN
Node name cannot exceed {0} bytes!
ARJUNA012139
WARN
You have chosen to disable the Multiple Last Resources warning. You will see it only once.
ARJUNA012140
WARN
Adding multiple last resources is disallowed. Trying to add {0}, but already have {1}
ARJUNA012141
WARN
Multiple last resources have been added to the current transaction. This is transactionally unsafe and should not be relied upon. Current resource is {0}
ARJUNA012142
WARN
You have chosen to enable multiple last resources in the transaction manager. This is transactionally unsafe and should not be relied upon.
invalid number of hash directories: {0}. Will use default.
ARJUNA012237
java.lang.String
HashedStore.allObjUids - could not pack Uid.
ARJUNA012238
java.lang.String
HashedStore.allObjUids - could not pack end of list Uid.
ARJUNA012239
WARN
hide_state caught exception
ARJUNA012240
WARN
remove_state - type() operation of object with uid {0} returns NULL
ARJUNA012241
WARN
invalid initial pool size: {0}
ARJUNA012242
WARN
invalid maximum pool size: {0}
ARJUNA012243
WARN
initialise caught exceptionatorLoader_3
ARJUNA012244
WARN
getState caught exception
ARJUNA012245
WARN
removeFromCache - no entry for {0}
ARJUNA012246
WARN
getPool caught exception
ARJUNA012247
INFO
getPool - interrupted while waiting for a free connection
ARJUNA012248
WARN
freePool - freeing a connection which is already free!
ARJUNA012249
WARN
reveal_state caught exception
ARJUNA012250
WARN
currentState caught exception
ARJUNA012251
WARN
allObjUids caught exception
ARJUNA012252
WARN
allObjUids - pack of Uid failed
ARJUNA012253
WARN
allTypes caught exception
ARJUNA012254
WARN
allTypes - pack of Uid failed
ARJUNA012255
WARN
remove_state caught exception
ARJUNA012256
WARN
remove_state() attempted removal of {0} state for object with uid {1}
ARJUNA012257
WARN
JDBCImple:read_state failed
ARJUNA012258
WARN
JDBCImple:write_state caught exception
ARJUNA012259
FATAL
JDBCStore could not setup store < {0} , {1}>
ARJUNA012260
FATAL
Received exception for {0}
ARJUNA012261
WARN
JDBCStore.setupStore failed to initialise!
ARJUNA012263
java.lang.String
No JDBCAccess implementation provided!
ARJUNA012265
WARN
ShadowingStore::remove_state() - state {0} does not exist for type {1}
ARJUNA012266
WARN
ShadowingStore::remove_state() - unlink failed on {0}
ARJUNA012267
WARN
ShadowingStore.remove_state() - fd error for {0}
ARJUNA012269
INFO
UNKNOWN state for object with uid {0} , type {1}
ARJUNA012270
INFO
HIDDEN state for object with uid {0} , type {1}
ARJUNA012272
WARN
ShadowingStore.remove_state - type() operation of object with uid {0} returns NULL
ARJUNA012273
WARN
ShadowingStore::write_state() - openAndLock failed for {0}
ARJUNA012274
WARN
ShadowingStore::write_state - unlock or close of {0} failed.
ARJUNA012275
WARN
ShadowStore::commit_state - failed to rename {0} to {1}
ARJUNA012278
WARN
ShadowStore::hide_state - failed to rename {0} to {1}
ARJUNA012279
WARN
ShadowStore::reveal_state - failed to rename {0} to {1}
ARJUNA012280
WARN
ShadowingStore::read_state() - openAndLock failed for {0}
ARJUNA012282
WARN
ShadowingStore::read_state() failed
ARJUNA012283
WARN
ShadowingStore::read_state - unlock or close of {0} failed
ARJUNA012284
WARN
ShadowingStore::remove_state() - access problems on {0} and {1}
ARJUNA012285
WARN
oracle:read_state failed
ARJUNA012286
WARN
oracle:write_state caught exception
ARJUNA012287
java.lang.String
No typename for object:
ARJUNA012288
java.lang.String
allTypes - could not pack end of list string.
ARJUNA012289
WARN
RecoveryManagerStatusModule: Object store exception
ARJUNA012290
WARN
failed to recover Transaction {0}
ARJUNA012291
WARN
failed to access transaction store {0}
ARJUNA012292
WARN
Connection error on running a work on the socket. IOException: {0}
ARJUNA012293
WARN
Setting timeout exception.
ARJUNA012297
INFO
ExpiredEntryMonitor - no scans on first iteration
ARJUNA012301
WARN
ExpiredTransactionScanner - exception during attempted move {0}
ARJUNA012303
INFO
ExpiredTransactionScanner - log {0} is assumed complete and will be moved.
ARJUNA012310
INFO
Recovery manager listening on endpoint {0}:{1}
ARJUNA012318
WARN
Could not create recovery listener
ARJUNA012326
WARN
socket I/O exception
ARJUNA012327
WARN
TransactionStatusConnector.delete called erroneously
ARJUNA012328
WARN
Connection lost to TransactionStatusManagers'' process
ARJUNA012329
WARN
Connection lost to TransactionStatusManagers'' process
ARJUNA012330
INFO
TransactionStatusManager process for uid {0} is ALIVE. connected to host: {1}, port: {2} on socket: {3}
ARJUNA012331
INFO
TransactionStatusManager process for uid {0} is DEAD.
ARJUNA012332
INFO
Failed to establish connection to server
ARJUNA012333
WARN
Problem with removing host/port item
ARJUNA012334
WARN
Problem with storing host/port
ARJUNA012335
WARN
Problem retrieving host/port
ARJUNA012336
WARN
Failed to obtain host
ARJUNA012338
WARN
Other Exception:
ARJUNA012339
WARN
Cannot read line from the socket. IOException: {0}
ARJUNA012340
INFO
RecoveryManager scan scheduled to begin.
ARJUNA012341
INFO
RecoveryManager scan completed.
ARJUNA012342
FATAL
RecoveryManagerImple: cannot bind to socket on address {0} and port {1}
ARJUNA012344
INFO
RecoveryManagerImple is ready on port {0}
ARJUNA012345
WARN
Transaction {0} and {1} not activate.
ARJUNA012346
WARN
Error - could not get resource to forget heuristic. Left on Heuristic List.
ARJUNA012347
java.lang.String
Could not get back a valid pid.
ARJUNA012348
java.lang.String
Problem executing getpids utility:
ARJUNA012349
java.lang.String
Problem executing command:
ARJUNA012350
java.lang.String
Problem getting pid information from stream:
ARJUNA012351
WARN
Encountered a problem when closing the data stream
ARJUNA012352
java.lang.String
FileProcessId.getpid - could not locate temporary directory.
ARJUNA012353
java.lang.String
FileProcessId.getpid could not create unique file.
ARJUNA012354
java.lang.String
Could not get back a valid pid.
ARJUNA012355
java.lang.String
getName returned unrecognized format:
ARJUNA012356
java.lang.String
Could not get back a valid pid.
ARJUNA012359
java.lang.String
SocketProcessId.getpid could not get unique port.
ARJUNA012361
INFO
Error constructing mbean
ARJUNA012362
INFO
Failed to create StateManagerWrapper
ARJUNA012363
java.lang.String
Invalid rootName. Expected {0} but was {1}
ARJUNA012364
java.lang.String
RecoveryActivator init failed for {0}
ARJUNA012365
java.lang.String
Method not implemented
ARJUNA012366
WARN
Unexpected data read from journal - file may be corrupt.
ARJUNA012367
java.lang.String
Failed to create store dir {0}
ARJUNA012368
java.lang.String
Node identifiers must be an integer and must be 1 or greater: {0}
ARJUNA012369
java.lang.String
The node identifier was already set
ARJUNA012370
TRACE
Previously committed row(s) deleted {0}
ARJUNA012371
WARN
Image size {0} is greater than max allowed {1}
ARJUNA012372
FATAL
The node identifier {0} was too long {1}, aborting initialization
ARJUNA012373
java.lang.String
The node identifier {0} was too long {1}, aborting initialization
ARJUNA012374
FATAL
The node identifier cannot be null, aborting initialization
ARJUNA012375
java.lang.String
The node identifier cannot be null, aborting initialization
ARJUNA012376
WARN
ObjectStore remove_state caught exception:
ARJUNA012377
WARN
HornetqObjectStore remove_state caught exception:
ARJUNA012378
WARN
ReaperElement appears to be wedged: {0}
ARJUNA012379
WARN
ExpiredTransactionScanner - {0} is assumed complete and will be moved.
ARJUNA012380
INFO
OSB: Error constructing record header reader
ARJUNA012381
WARN
Action id {0} completed with multiple threads - thread {1} was in progress with {2}
ARJUNA012382
WARN
Action id {0} could not be transitioned to committed
ARJUNA012383
WARN
Action id {0} could not be updated during write_state
ARJUNA012384
WARN
Action id {0} could not be inserted during write_state
ARJUNA012385
java.lang.String
Could not read from object store
ARJUNA012386
java.lang.String
Unexpected state type {0}
ARJUNA012387
FATAL
Encoding {0} is not supported
ARJUNA012388
java.lang.String
Encoding {0} is not supported
ARJUNA012389
INFO
OSB: Error constructing record header reader: {0}
ARJUNA012390
WARN
Error constructing mbean
ARJUNA012391
java.lang.String
Could not initialize object store ''{0}'' of type ''{1}''
ARJUNA012392
WARN
AbstractRecord.create {0} failed to create record class {1}.
ARJUNA012393
WARN
The Artemis journal was requested to be AIO version but this is not available on your machine
ARJUNA012394
WARN
Could not close transaction listener server socket ''{0}''
ARJUNA012395
WARN
Could not close transaction listener socket connection ''{0}''
ARJUNA012396
WARN
Cannot activate type ''{0}'' at object store ''{1}''
ARJUNA012397
WARN
Could not extract elements from the cache store list
ARJUNA012398
WARN
ObjectStoreException in doWork of CacheStore trying to perform state management
ARJUNA012399
WARN
Problem in doWork of CacheStore trying to perform state management
ARJUNA012400
java.lang.String
Cannot terminate the recovery manager as the implementation is not known. Could be the recovery manager was not started yet?
ARJUNA012401
java.lang.String
There is already started a recovery manager in mode ''{0}'' which is different from the requested mode ''{1}''.If you consider starting in a different mode then first terminate the currently running recovery manager.
ARJUNA012402
java.lang.String
PMemSlots instance already initialized, can't call init again
ARJUNA012403
java.lang.String
Can't create pmem store in ''{0}'' - may not be an fs-dax location
ARJUNA012404
INFO
Action id {0} - thread {1} at time {2} had stackTrace {3}
ARJUNA012405
INFO
The asyncIO mode for the Artemis journal does not support maxIO=1, using the nearest value which is 2
ARJUNA012406
WARN
Invalid class type in system property ObjStoreBrowserHandlers: ''{0}''
ARJUNA015001
WARN
LockManagerFriend.getLink
ARJUNA015002
WARN
LockManagerFriend.setLink
ARJUNA015004
WARN
Object store exception on committing {0}
ARJUNA015009
WARN
RecoveredTransactionalObject tried to access object store
LockManager::setlock() cannot load existing lock states
ARJUNA015034
WARN
LockManager::setlock() cannot activate object
ARJUNA015035
WARN
LockManager::setlock() cannot save new lock states
ARJUNA015036
WARN
Lockmanager::releaselock() could not load old lock states
ARJUNA015037
WARN
Lockmanager::releaselock() could not unload new lock states
ARJUNA015038
WARN
LockRecord::set_value() called illegally
ARJUNA015039
WARN
LockRecord - release failed for action {0}
ARJUNA015040
WARN
LockRecord::nestedAbort - no current action
ARJUNA015041
WARN
LockRecord::nestedCommit - no current action
ARJUNA015042
WARN
LockRecord - release failed for action {0}
ARJUNA015043
WARN
LockRecord::topLevelCommit - no current action
ARJUNA015044
WARN
Invocation of LockRecord::restore_state for {0} inappropriate - ignored for {1}
ARJUNA015050
WARN
OptimisticLockRecord.topLevelPrepare state check failed for {0} will force rollback.
ARJUNA015051
WARN
OptimisticLockRecord.topLevelCommit state check failed for {0} will force rollback.
ARJUNA015052
WARN
LockManager::initialise() could not initialise lock store
ARJUNA016001
WARN
could not get all object Uids.
ARJUNA016002
WARN
Cannot add resource to table: no XID value available.
ARJUNA016004
WARN
XARecoveryModule setup failed
ARJUNA016005
WARN
{0} - failed to recover XAResource. status is {1}
ARJUNA016006
WARN
{0} - forget threw exception
ARJUNA016008
WARN
{0} - caught exception
ARJUNA016009
WARN
Caught:
ARJUNA016013
INFO
Rolling back {0}
ARJUNA016016
INFO
{0} not an Arjuna XID
ARJUNA016017
INFO
No XA recovery nodes specified. May not recover orphans.
ARJUNA016018
WARN
XARecoveryModule periodicWork failed
ARJUNA016019
WARN
{0} exception
ARJUNA016020
WARN
{0} exception
ARJUNA016021
INFO
JTA recovery delayed for {0}; got status {1} so waiting for coordinator driven recovery
ARJUNA016022
WARN
Recovery threw:
ARJUNA016023
WARN
JTA failed to recovery {0}; got status {1}
ARJUNA016025
WARN
Unexpected recovery error
ARJUNA016027
WARN
{0} got XA exception {1}
ARJUNA016028
WARN
{0} got exception
ARJUNA016029
WARN
SynchronizationImple.afterCompletion - failed for {0} with exception
ARJUNA016030
java.lang.String
XAOnePhaseResource.pack failed to serialise resource
ARJUNA016031
WARN
XAOnePhaseResource.rollback for {0} failed with exception
ARJUNA016032
java.lang.String
failed to deserialise resource
ARJUNA016033
java.lang.String
Unknown recovery type {0}
ARJUNA016034
INFO
Being told to assume complete on Xid {0}
ARJUNA016035
WARN
{0} - null transaction!
ARJUNA016036
WARN
commit on {0} ({1}) failed with exception ${2}
ARJUNA016037
WARN
Could not find new XAResource to use for recovering non-serializable XAResource {0}
ARJUNA016038
WARN
No XAResource to recover {0}
ARJUNA016039
WARN
onePhaseCommit on {0} ({1}) failed with exception {2}
ARJUNA016040
WARN
{0} - null transaction!
ARJUNA016041
WARN
prepare on {0} ({1}) failed with exception {2}
ARJUNA016042
WARN
{0} - null transaction!
ARJUNA016043
WARN
Exception on attempting to restore XAResource
ARJUNA016044
WARN
An error occurred during restore_state for XAResource {0} and transaction {1}
ARJUNA016045
WARN
attempted rollback of {0} ({1}) failed with exception code {2}
ARJUNA016046
WARN
{0} - null transaction!
ARJUNA016047
WARN
Could not serialize a Serializable XAResource!
ARJUNA016048
WARN
An error occurred during save_state for XAResource {0} and transaction {1}
ARJUNA016049
WARN
{0} called illegally.
ARJUNA016051
java.lang.String
thread is already associated with a transaction!
ARJUNA016053
java.lang.String
Could not commit transaction.
ARJUNA016054
java.lang.String
could not register transaction
ARJUNA016055
WARN
{0} caught exception
ARJUNA016056
WARN
{0} - caught exception during delist : {1}
ARJUNA016058
WARN
Ending suspended RMs failed when rolling back the transaction!
ARJUNA016059
java.lang.String
Ending suspended RMs failed when rolling back the transaction, but transaction rolled back.
ARJUNA016060
WARN
{0} - caught: {1}
ARJUNA016061
WARN
{0} - XAResource.start returned: {2} for {1}
ARJUNA016062
java.lang.String
illegal resource state
ARJUNA016063
java.lang.String
The transaction is not active!
ARJUNA016064
java.lang.String
The transaction is in an invalid state!
ARJUNA016066
ERROR
Failed to create instance of TransactionImporter
ARJUNA016067
ERROR
Failed to create instance of XATerminator
ARJUNA016068
java.lang.String
Work already active!
ARJUNA016069
WARN
failed to load Last Resource Optimisation Interface {0}
ARJUNA016070
WARN
{0} - could not mark {1} as rollback only
ARJUNA016071
WARN
{0} caught XAException: {1}
ARJUNA016072
java.lang.String
No such transaction!
ARJUNA016073
WARN
Current transaction is not an AtomicAction!
ARJUNA016074
java.lang.String
no transaction!
ARJUNA016075
java.lang.String
null synchronization parameter!
ARJUNA016076
java.lang.String
Resource paramater is null!
ARJUNA016078
java.lang.String
resource already suspended.
ARJUNA016079
java.lang.String
Transaction rollback status is:
ARJUNA016080
java.lang.String
Not allowed to terminate subordinate transaction directly.
ARJUNA016081
java.lang.String
The transaction implementation threw a RollbackException
ARJUNA016082
java.lang.String
Synchronizations are not allowed! Transaction status is
ARJUNA016083
java.lang.String
Cannot register synchronization because the transaction is in aborted state
ARJUNA016084
java.lang.String
The transaction implementation threw a SystemException
ARJUNA016085
WARN
Caught the following error
ARJUNA016086
WARN
{0} setTransactionTimeout on XAResource {1} threw: {2}
ARJUNA016087
WARN
{0} - unknown resource
ARJUNA016088
WARN
Could not call end on a suspended resource!
ARJUNA016089
WARN
{0} - caught: {2} for {1}
ARJUNA016091
WARN
Failed to lookup transaction manager in JNDI context
ARJUNA016093
WARN
Failed to lookup user transaction in JNDI context
ARJUNA016096
java.lang.String
Unable to instantiate TransactionSynchronizationRegistry implementation class!
ARJUNA016098
java.lang.String
Null exception!
ARJUNA016099
java.lang.String
Unknown error code:
ARJUNA016100
java.lang.String
Xid unset
ARJUNA016101
java.lang.String
Could not pack XidImple {0}
ARJUNA016102
java.lang.String
The transaction is not active! Uid is {0}
ARJUNA016103
java.lang.String
Error getting the status of the current transaction
ARJUNA016104
java.lang.String
Error getting the current transaction
ARJUNA016105
java.lang.String
Could not lookup the TransactionManager
ARJUNA016106
java.lang.String
Could not lookup the TransactionSynchronizationRegistry
ARJUNA016107
java.lang.String
Expected an @Transactional annotation at class and/or method level
ARJUNA016108
java.lang.String
Wrong transaction on thread
ARJUNA016109
java.lang.String
Contextual is null
ARJUNA016110
java.lang.String
Transaction is required for invocation
ARJUNA016111
java.lang.String
The node identifier cannot be null
ARJUNA016112
WARN
Could not determine commit status of CMR resource {0} and transaction {1}
ARJUNA016113
INFO
Xid {0} was committed by resource manager
ARJUNA016114
WARN
Could not load {0} will try to get XAResource from the recovery helpers
ARJUNA016115
WARN
Could not access object store to check for log so will leave record alone
ARJUNA016116
WARN
Failed to create JMS connection
ARJUNA016117
WARN
Failed to close JMS connection {0}
ARJUNA016118
WARN
Failed to close JMS session {0}
ARJUNA016119
java.lang.String
Failed to get transaction
ARJUNA016120
WARN
Failed to get transaction
ARJUNA016121
java.lang.String
Failed to get transaction status
ARJUNA016122
WARN
Failed to get transaction status
ARJUNA016123
java.lang.String
Failed to register synchronization
ARJUNA016124
WARN
Failed to register synchronization
ARJUNA016125
java.lang.String
Failed to enlist XA resource
ARJUNA016126
WARN
Failed to enlist XA resource
ARJUNA016127
java.lang.String
Failed to delist XA resource
ARJUNA016128
WARN
Failed to delist XA resource
ARJUNA016129
WARN
Could not end XA resource {0}
ARJUNA016130
FATAL
Subordinate transaction was committed during prepare, this will look like a rollback {0}
ARJUNA016131
FATAL
Subordinate transaction was not recovered successfully {0}
ARJUNA016132
WARN
Cannot packt into output object state {0}
ARJUNA016133
WARN
Cannot create a new instance of Xid of uid {0}, is branch: {1}, eisname: {2}
ARJUNA016134
WARN
Cannot create a new instance of Xid of base xid {0}, is branch: {1}, eisname: {2}
ARJUNA016135
WARN
Cannot read object {0} store for xid {1}
ARJUNA016136
WARN
Cannot unpact state of the xid {0} loaded from recovery store {1} of txn type {2}
ARJUNA016137
ERROR
Failed to get transaction status of {0}
ARJUNA016138
WARN
Failed to enlist XA resource {0}
ARJUNA016139
ERROR
Fail to cast class of transaction action {0}
ARJUNA016140
java.lang.String
No subordinate transaction to drive for commit with xid: {0}
ARJUNA016141
java.lang.String
Error committing transaction ''{0}'' for xid: {1}
ARJUNA016142
java.lang.String
Not actived transaction ''{0}'' for xid: {1}
ARJUNA016143
WARN
Problem during waiting for lock ''{0}'' whilst in state {1}
ARJUNA016144
java.lang.String
No subordinate transaction to drive {0}, xid: {1}
ARJUNA016145
java.lang.String
One phase commit for transaction ''{0}'' does not store data in the object store. Recovery is won''t able to decide about outcome. Transaction is marked as heuristic to be decided by administrator.
ARJUNA016146
java.lang.String
Cannot work with the imported transaction as UID is null.
ARJUNA016147
java.lang.String
Cannot recover imported transaction of UID ''{0}'' of transaction ''{1}'' as transaction base Xid is null.
ARJUNA016148
java.lang.String
Cannot work further as the argument Xid is null.
ARJUNA016149
WARN
Returned global transaction identifier and branch qualifier are null but format id is not -1. {0}
ARJUNA016150
INFO
Returned global transaction identifier or branch qualifier is null. {0}
ARJUNA016151
java.lang.String
Not supported for interception factory with non-weld CDI implementation for bean {0}.
ARJUNA016152
java.lang.String
TransactionScoped context is not active as there is no active transaction on the thread
ARJUNA016153
java.lang.String
Transaction is not allowed for invocation
ARJUNA017001
java.lang.String
Rollback not allowed by transaction service.
ARJUNA017002
java.lang.String
Connection is already associated with a different transaction! Obtain a new connection for this transaction.
ARJUNA017003
java.lang.String
Checking transaction and found that this connection is already associated with a different transaction! Obtain a new connection for this transaction.
ARJUNA017004
java.lang.String
AutoCommit is not allowed by the transaction service.
ARJUNA017005
java.lang.String
An error occurred during close:
ARJUNA017006
java.lang.String
Invalid transaction during close {0}
ARJUNA017007
DEBUG
Connection will be closed now. Indications are that this db does not allow multiple connections in the same transaction {0}
ARJUNA017008
INFO
No modifier information found for db. Connection will be closed immediately {0}
ARJUNA017009
java.lang.String
Commit not allowed by transaction service.
ARJUNA017010
java.lang.String
JDBC2 connection initialisation problem
ARJUNA017011
java.lang.String
Delist of resource failed.
ARJUNA017013
WARN
Caught exception
ARJUNA017016
java.lang.String
Failed to load dynamic class
ARJUNA017017
java.lang.String
enlist of resource failed
ARJUNA017018
WARN
Failed to get modifier for driver:
ARJUNA017020
java.lang.String
Transaction is not active on the thread!
ARJUNA017021
java.lang.String
Could not get transaction information.
ARJUNA017024
WARN
{0} - failed to set isolation level
ARJUNA017025
java.lang.String
Could not resolve JNDI XADataSource
ARJUNA017027
WARN
An exception occurred during initialisation.
ARJUNA017028
WARN
{0} could not find information for connection!
ARJUNA017029
WARN
An exception occurred during initialisation.
ARJUNA017031
java.lang.String
rollback(Savepoint) not allowed inside distributed tx.
ARJUNA017032
WARN
{0} - could not mark transaction rollback
ARJUNA017033
java.lang.String
rollback(Savepoint) not allowed inside distributed tx.
ARJUNA017034
java.lang.String
Cannot set readonly when within a transaction!
ARJUNA017035
java.lang.String
setSavepoint not allowed inside distributed tx.
ARJUNA017037
java.lang.String
Could not resolve JNDI XADataSource
ARJUNA017038
WARN
ConnectionSynchronization could not close connection
ARJUNA017039
java.lang.String
BasicXARecovery did not have enough connection configuration
ARJUNA017040
ERROR
Cannot create JDBCXARecovery datasource of jndi name ''{0}''
TransactionRecoveryModule: transaction type not set
ARJUNA022217
WARN
TransactionRecoveryModule: Object store exception
ARJUNA022219
INFO
Transaction {0} still in ActionStore
ARJUNA022223
WARN
{0} caught exception
ARJUNA022224
WARN
{0} - no parent!
ARJUNA022225
WARN
{0} called without a resource reference!
ARJUNA022226
WARN
{0} failed. Returning default value: {1}
ARJUNA022227
WARN
{0} called illegally!
ARJUNA022228
WARN
{0} failed. Returning default value: {1}
ARJUNA022229
WARN
{0} has no parent transaction!
ARJUNA022230
WARN
{0} caught exception
ARJUNA022231
WARN
{0} called illegally.
ARJUNA022232
WARN
{0} called without a resource!
ARJUNA022233
WARN
{0} caught unexpected exception
ARJUNA022234
WARN
{0} called multiple times.
ARJUNA022235
WARN
Could not rollback transaction {0}
ARJUNA022236
WARN
Could not rollback transaction {0} as it does not exist!
ARJUNA022237
WARN
{0} - cannot rollback {1}
ARJUNA022239
WARN
{0} caught unexpected exception
ARJUNA022240
WARN
{0} - no transaction!
ARJUNA022241
WARN
{0} - terminated out of sequence {1}
ARJUNA022242
WARN
{0} - running atomic transaction going out of scope. Will roll back. {1}
ARJUNA022243
WARN
{0} - transaction unavailable.
ARJUNA022244
WARN
Will roll back. Current transaction is {0}
ARJUNA022245
WARN
Cannot determine transaction name!
ARJUNA022246
WARN
{0} caught exception
ARJUNA022247
WARN
Top-level transaction going out of scope with nested transaction {0} still set.
ARJUNA022248
WARN
{0} - could not unregister from transaction!
ARJUNA022249
WARN
{0} - could not resume transaction
ARJUNA022250
java.lang.String
could not resume transaction:
ARJUNA022251
INFO
The ORBManager is already associated with an ORB/OA.
ARJUNA022252
WARN
Failed to remove old ObjectStore entry
ARJUNA022255
java.lang.String
A client-side request interceptor already exists with that name.
ARJUNA022256
java.lang.String
A client-side request interceptor already exists with that name.
ARJUNA022257
WARN
{0} - unknown interposition type: {1}
ARJUNA022258
java.lang.String
Transaction was inactive
ARJUNA022259
WARN
ExtendedResourceRecord detected that the remote side had cleaned up, assuming 1PC resource
ARJUNA022260
DEBUG
{0} caught exception
ARJUNA022261
WARN
ServerTopLevelAction detected that the transaction was inactive
ARJUNA022262
java.lang.String
The node identifier cannot be null
ARJUNA022263
INFO
rollback for {0} was already rolled back
ARJUNA022264
INFO
cannot read subordinate uid from object store {0} on input object state {1}
ARJUNA022265
INFO
failure on processing doRecover for xid {0} and parent node name {1}
ARJUNA022266
WARN
topLevelCommit of resource {0} failed
ARJUNA024001
INFO
XA recovery committing {0}
ARJUNA024002
INFO
XA recovery rolling back {0}
ARJUNA024004
WARN
Caught the following error while trying to single phase complete resource
ARJUNA024005
WARN
Committing of resource state failed.
ARJUNA024006
WARN
{0} caused an error from resource {1} in transaction {2}
ARJUNA024007
WARN
You have chosen to disable the Multiple Last Resources warning. You will see it only once.
ARJUNA024008
WARN
Adding multiple last resources is disallowed. Current resource is {0}
ARJUNA024009
WARN
Multiple last resources have been added to the current transaction. This is transactionally unsafe and should not be relied upon. Current resource is {0}
ARJUNA024010
WARN
You have chosen to enable multiple last resources in the transaction manager. This is transactionally unsafe and should not be relied upon.
ARJUNA024011
WARN
Reading state caught exception
ARJUNA024012
WARN
Could not find new XAResource to use for recovering non-serializable XAResource {0}
ARJUNA024013
WARN
{0} caught NotPrepared exception during recovery phase!
ARJUNA024014
WARN
{0} - null or invalid transaction!
ARJUNA024015
WARN
XAResource prepare failed on resource {0} for transaction {1} with: {2}
ARJUNA024016
WARN
Recovery of resource failed when trying to call {0} got exception
ARJUNA024017
WARN
Attempted shutdown of resource failed with exception
ARJUNA024018
WARN
Exception on attempting to resource XAResource
ARJUNA024019
WARN
Unexpected exception on attempting to resource XAResource
ARJUNA024020
WARN
Could not serialize a serializable XAResource!
ARJUNA024021
WARN
{0} caught unexpected exception during recovery phase!
ARJUNA024022
WARN
Updating of resource state failed.
ARJUNA024023
WARN
{0} caused an XA error: {1} from resource {2} in transaction {3}
ARJUNA024024
java.lang.String
thread is already associated with a transaction and subtransaction support is not enabled!
ARJUNA024025
WARN
Delist of resource failed with exception
ARJUNA024026
WARN
Ending suspended RMs failed when rolling back the transaction!
ARJUNA024027
java.lang.String
Ending suspended RMs failed when rolling back the transaction, but transaction rolled back.
ARJUNA024028
java.lang.String
illegal resource state:
ARJUNA024029
java.lang.String
Transaction is not active.
ARJUNA024031
java.lang.String
Invalid transaction.
ARJUNA024032
java.lang.String
Work already active!
ARJUNA024033
WARN
failed to load Last Resource Optimisation Interface {0}
ARJUNA024034
java.lang.String
Could not enlist resource because the transaction is marked for rollback.
ARJUNA024035
java.lang.String
No such transaction!
ARJUNA024036
WARN
Current transaction is not a TransactionImple
ARJUNA024037
java.lang.String
no transaction!
ARJUNA024038
java.lang.String
no transaction! Caught:
ARJUNA024040
java.lang.String
paramater is null!
ARJUNA024042
java.lang.String
is already suspended!
ARJUNA024043
WARN
An error occurred while checking if this is a new resource manager:
ARJUNA024044
WARN
{0} could not mark the transaction as rollback only
ARJUNA024046
WARN
{0} returned XA error {1} for transaction {2}
ARJUNA024048
java.lang.String
Synchronizations are not allowed!
ARJUNA024049
WARN
cleanup synchronization failed to register:
ARJUNA024050
java.lang.String
The transaction implementation threw a RollbackException
ARJUNA024051
java.lang.String
The transaction implementation threw a SystemException
ARJUNA024052
WARN
Active thread error:
ARJUNA024053
WARN
{0} attempt to delist unknown resource!
ARJUNA024054
java.lang.String
The current transaction does not match this transaction!
ARJUNA024055
WARN
Could not call end on a suspended resource!
ARJUNA024056
WARN
{0} caught XA exception: {1}
ARJUNA024057
WARN
{0} setTransactionTimeout on XAResource {2} threw: {1}
ARJUNA024058
WARN
Could not deserialize class. Will wait for bottom up recovery
ARJUNA024059
java.lang.String
Inflow recovery is not supported for JTS mode
ARJUNA024060
WARN
Could not end XA resource {0}
ARJUNA024061
WARN
Could not enlist XA resource {0} with params {1}
ARJUNA024062
WARN
ORB ''{0}'' occured on one phase commit for xid {1}
ARJUNA024063
WARN
Cannot save state of xid {0}
ARJUNA024064
java.lang.String
The current transaction {0} does not match this transaction
ARJUNA024065
WARN
Cannot save state of output object state {0} of object type {1}
ARJUNA024066
WARN
Cannot restore state of input object state {0} of object type {1}
ARJUNA032001
ERROR
createConnection got exception
ARJUNA032002
ERROR
createDataSource got exception during getXADataSource call
ARJUNA032003
WARN
InstanceNotFound. Datasource {0} not deployed, or wrong name?
ARJUNA032004
ERROR
createDataSource {0} got exception
ARJUNA032005
ERROR
Unexpected exception occurred
ARJUNA032006
ERROR
unknown Tx PropagationContext
ARJUNA032007
ERROR
getCurrentTransaction() failed
ARJUNA032008
ERROR
unknown Tx PropagationContext
ARJUNA032009
ERROR
Unexpected exception occurred
ARJUNA032010
INFO
JBossTS Recovery Service (tag: {0}) - JBoss Inc.
ARJUNA032011
java.lang.String
No suitable recovery module in which to register XAResourceRecovery instance
ARJUNA032012
java.lang.String
No recovery system in which to register XAResourceRecovery instance
ARJUNA032013
INFO
Starting transaction recovery manager
ARJUNA032014
INFO
Stopping transaction recovery manager
ARJUNA032015
java.lang.String
Transaction has or will rollback.
ARJUNA032016
java.lang.String
Unexpected error retrieving transaction status
ARJUNA032017
INFO
JBossTS Transaction Service ({0} version - tag: {1}) - JBoss Inc.
ARJUNA032018
INFO
Destroying TransactionManagerService
ARJUNA032019
WARN
XAExceptionFormatters are not supported by the JBossTS Transaction Service - this warning can safely be ignored
ARJUNA032020
java.lang.String
Transaction is completing!
ARJUNA032021
java.lang.String
Transaction is inactive!
ARJUNA032022
java.lang.String
Unexpected error!
ARJUNA032023
java.lang.String
Work not registered!
ARJUNA032024
INFO
JTS transaction recovery manager
ARJUNA032025
java.lang.String
Transaction has or will rollback.
ARJUNA032026
java.lang.String
Unexpected error retrieving transaction status
ARJUNA032027
java.lang.String
Problem encountered while trying to register transaction manager with ORB!
ARJUNA032028
INFO
registering transaction manager
ARJUNA032029
java.lang.String
Transaction is completing!
ARJUNA032030
java.lang.String
Transaction is inactive!
ARJUNA032031
java.lang.String
Unexpected error!
ARJUNA032032
java.lang.String
Work not registered!
ARJUNA032033
WARN
AppServerJDBCXARecovery should no longer be used. See jira.jboss.org/browse/JBTM-756
ARJUNA032034
INFO
Suspending transaction recovery manager
ARJUNA032035
INFO
Resuming transaction recovery manager
ARJUNA032036
java.lang.String
Unsupported transaction type. Transaction type is {0}
ARJUNA032037
java.lang.String
Transaction listeners are disabled and should not be used. If you need them they can be enabled via -D{0}=true
ARJUNA032038
java.lang.String
Invalid transaction local resource [{0}] associated with key {1}.
ARJUNA032039
java.lang.String
Cannot lock a TransactionLocal after the Transaction [{0}] has ended
ARJUNA032040
java.lang.String
Cannot store value in a TransactionLocal after the Transaction [{0}] has ended
ARJUNA032041
java.lang.String
Unlock called from wrong thread. Locking thread: {0}, current thread: {1}
ARJUNA033001
ERROR
Unable to get subordinate transaction id
ARJUNA033002
ERROR
Unable to recover subordinate transaction id {0}
ARJUNA033003
WARN
prepare on Xid={0} returning Aborted
ARJUNA033004
ERROR
commit on Xid={0} failed
ARJUNA033005
ERROR
rollback on Xid={0} failed
ARJUNA033006
INFO
InboundBridgeRecoveryManager starting
ARJUNA033007
INFO
InboundBridgeRecoveryManager stopping
ARJUNA033008
ERROR
problem rolling back orphaned subordinate tx {0}
ARJUNA033009
ERROR
Problem whilst scanning for in-doubt subordinate transactions
ARJUNA033010
WARN
prepare on Xid={0} failed, setting RollbackOnly
ARJUNA033011
WARN
setRollbackOnly failed
ARJUNA033012
WARN
stop failed for Xid {0}
ARJUNA033013
INFO
OutboundBridgeRecoveryManager starting
ARJUNA033014
INFO
OutboundBridgeRecoveryManager stopping
ARJUNA033015
WARN
unexpected Status {0}, treating as ROLLEDBACK
ARJUNA033016
ERROR
Unable to recover subordinate transaction id={0},
ARJUNA033017
ERROR
Unable to enlist BridgeXAResource or register BridgeSynchronization
ARJUNA033018
ERROR
Error on prepareVolatile of bridge wrapper {0}
ARJUNA041001
WARN
allHighLevelServices threw exception
ARJUNA041002
WARN
assembling contexts and received exception
ARJUNA041004
java.lang.String
Failed to create doc
ARJUNA041005
WARN
Activity.start caught exception
ARJUNA041006
WARN
currentActivity.end threw:
ARJUNA041007
WARN
Activity.completed caught exception
ARJUNA041008
WARN
Activity.suspended caught:
ARJUNA041009
WARN
Activity.resumed caught exception
ARJUNA041010
java.lang.String
Unknown activity implementation!
ARJUNA041011
java.lang.String
State incompatible to start activity:
ARJUNA041012
java.lang.String
Cannot remove child activity from parent as parent''s status is:
ARJUNA041013
java.lang.String
Activity cannot complete as it has active children:
ARJUNA041014
java.lang.String
Cannot complete activity in status:
ARJUNA041015
java.lang.String
Cannot set completion status on activity as the status is incompatible:
ARJUNA041016
java.lang.String
Cannot change completion status, value is incompatible:
ARJUNA041017
java.lang.String
Cannot enlist null child!
ARJUNA041018
java.lang.String
Cannot enlist child activity with parent as parent''s status is:
ARJUNA041019
java.lang.String
Cannot remove null child!
ARJUNA041020
java.lang.String
The following child activity is unknown to the parent:
ARJUNA041021
WARN
ActivityReaper: could not terminate.
ARJUNA041022
java.lang.String
HLS not found!
ARJUNA042001
ERROR
Unhandled error executing task
ARJUNA042002
java.lang.String
Invalid fault type enumeration: {0}
ARJUNA042003
java.lang.String
setNamespaceContext unsupported
ARJUNA042004
java.lang.String
writeEndDocument unsupported
ARJUNA042005
java.lang.String
close unsupported
ARJUNA042006
java.lang.String
writeComment unsupported
ARJUNA042007
java.lang.String
writeProcessingInstruction unsupported
ARJUNA042008
java.lang.String
writeProcessingInstruction unsupported
ARJUNA042009
java.lang.String
writeEntityRef unsupported
ARJUNA042010
java.lang.String
writeDTD unsupported
ARJUNA042011
java.lang.String
writeStartDocument unsupported
ARJUNA042012
java.lang.String
writeStartDocument unsupported
ARJUNA042013
java.lang.String
writeStartDocument unsupported
ARJUNA042014
java.lang.String
End of stream
ARJUNA042015
java.lang.String
Unexpected child node: {0}
ARJUNA042016
java.lang.String
Unexpected type: {0}
ARJUNA042017
java.lang.String
Unexpected type: {0}
ARJUNA042018
java.lang.String
Unexpected event type
ARJUNA042019
java.lang.String
Unsupported operation
ARJUNA042020
java.lang.String
Unsupported operation
ARJUNA042021
java.lang.String
CData sections not currently supported.
ARJUNA042022
WARN
Service {0} received unexpected fault: {1}
ARJUNA042023
java.lang.String
Unexpected start element: {0}
ARJUNA042024
java.lang.String
Unexpected start element: {0}
ARJUNA042025
java.lang.String
NotUnderstood elements cannot have embedded elements.
ARJUNA042026
java.lang.String
Unexpected element: {0}
ARJUNA042027
java.lang.String
Unexpected body element: {0}
ARJUNA042028
java.lang.String
Did not understand header: {0}
ARJUNA042029
java.lang.String
Encountered unexpected event type: {0}
ARJUNA042030
java.lang.String
Text elements cannot have embedded elements.
ARJUNA042031
java.lang.String
No response from RPC request
ARJUNA042032
java.lang.String
Invalid destination URL
ARJUNA042033
java.lang.String
Unsupported URL type, not HTTP or HTTPS
ARJUNA042034
java.lang.String
Invalid response code returned: {0}
ARJUNA042035
java.lang.String
Unexpected end element: {0}
ARJUNA042036
java.lang.String
Unexpected end of document reached
ARJUNA042037
java.lang.String
Unexpected start element: {0}
ARJUNA042038
java.lang.String
Addressing context is not valid
ARJUNA042039
java.lang.String
Unexpected element name: {0}
ARJUNA042040
java.lang.String
Invalid QName value for attributed QName
ARJUNA042041
java.lang.String
Unexpected element name: {0}
ARJUNA042043
java.lang.String
Unexpected element name: {0}
ARJUNA042044
java.lang.String
Unexpected second element name: {0}
ARJUNA042045
java.lang.String
Invalid QName value for attributed QName
ARJUNA042046
java.lang.String
Unexpected element name: {0}
ARJUNA042047
java.lang.String
Unexpected element name: {0}
ARJUNA042048
java.lang.String
Addressing context does not specify destination.
ARJUNA042049
java.lang.String
Invalid destination specified in addressing context.
ARJUNA042050
java.lang.String
No SOAP client registered for scheme: {0}.
ARJUNA042051
java.lang.String
Invalid replyTo specified in addressing context.
ARJUNA042052
java.lang.String
Unexpected SOAP message type returned.
ARJUNA042053
ERROR
Unhandled SOAP fault {0} during asynchronous execution of service.
ARJUNA042054
java.lang.String
Arjuna context is not valid
ARJUNA042055
java.lang.String
Unexpected element name: {0}
ARJUNA042056
java.lang.String
InstanceIdentifier elements cannot have embedded elements.
ARJUNA042057
java.lang.String
non numerical value: {0}
ARJUNA042058
java.lang.String
Coordination Context is not valid
ARJUNA042059
java.lang.String
Unexpected element name: {0}
ARJUNA042060
java.lang.String
Create Coordination Context Response is not valid
ARJUNA042061
java.lang.String
Unexpected element name: {0}
ARJUNA042062
java.lang.String
Create Coordination Context is not valid
ARJUNA042063
java.lang.String
Unexpected element name: {0}
ARJUNA042064
java.lang.String
Register is not valid
ARJUNA042065
java.lang.String
Unexpected element name: {0}
ARJUNA042066
java.lang.String
Register is not valid
ARJUNA042067
java.lang.String
Unexpected element name: {0}
ARJUNA042071
java.lang.String
Callback execution failed
ARJUNA042072
java.lang.String
Callback was not triggered
ARJUNA042073
java.lang.String
Callback execution failed
ARJUNA042074
java.lang.String
Callback was not triggered
ARJUNA042075
java.lang.String
Invalid create coordination context parameters
ARJUNA042076
java.lang.String
Participant already registered
ARJUNA042077
java.lang.String
Invalid protocol identifier
ARJUNA042078
java.lang.String
Invalid coordination context state
ARJUNA042079
java.lang.String
Unknown activity identifier
ARJUNA042080
java.lang.String
Invalid create coordination context parameters
ARJUNA042081
java.lang.String
Participant already registered for this protocol identifier
ARJUNA042082
java.lang.String
Invalid protocol identifier
ARJUNA042083
java.lang.String
Invalid coordination context state
ARJUNA042084
java.lang.String
Unknown activity identifier
ARJUNA042085
WARN
Failed to create service instance: {0}
ARJUNA042086
ERROR
Empty messageId received by an async endpoint
ARJUNA042087
ERROR
Failure to register protocol {0} and instance {1}
ARJUNA042088
ERROR
Failure to create coordination context of type {0}
ARJUNA043001
java.lang.String
Invalid outcome enumeration: {0}
ARJUNA043002
java.lang.String
PrepareResponse elements cannot have embedded elements.
ARJUNA043003
java.lang.String
ReplayResponse elements cannot have embedded elements.
ARJUNA043004
java.lang.String
Invalid fault type enumeration: {0}
ARJUNA043005
java.lang.String
Invalid vote enumeration: {0}
ARJUNA043006
java.lang.String
State elements cannot have embedded elements.
ARJUNA043007
java.lang.String
Invalid state enumeration: {0}
ARJUNA043008
java.lang.String
Invalid soap fault type
ARJUNA043009
java.lang.String
Invalid fault type enumeration: {0}
ARJUNA043010
java.lang.String
Invalid state enumeration: {0}
ARJUNA043011
java.lang.String
Unknown transaction
ARJUNA043012
java.lang.String
Unknown participant
ARJUNA043013
java.lang.String
Unknown error
ARJUNA043014
java.lang.String
Unknown participant
ARJUNA043015
java.lang.String
Unknown transaction
ARJUNA043016
java.lang.String
Unknown error
ARJUNA043017
INFO
Unexpected exception while sending InvalidStateFault to participant {0}
ARJUNA043018
java.lang.String
GetStatus requested for unknown coordinator completion participant
ARJUNA043020
java.lang.String
Complete called on unknown participant
ARJUNA043021
INFO
Unexpected exception while sending InvalidStateFault to coordinator for participant {0}
ARJUNA043022
java.lang.String
GetStatus requested for unknown coordinator completion participant
ARJUNA043023
WARN
Unexpected exception thrown from aborted:
ARJUNA043024
WARN
Aborted called on unknown coordinator: {0}
ARJUNA043025
WARN
Unexpected exception thrown from committed:
ARJUNA043026
WARN
Committed called on unknown coordinator: {0}
ARJUNA043027
WARN
Unexpected exception thrown from prepared
ARJUNA043028
WARN
Prepared called on unknown coordinator: {0}
ARJUNA043029
WARN
Ignoring prepared called on unidentified coordinator until recovery pass is complete: {0}
ARJUNA043030
WARN
Unexpected exception thrown from readOnly
ARJUNA043031
WARN
ReadOnly called on unknown coordinator: {0}
ARJUNA043032
WARN
Unexpected exception thrown from replay
ARJUNA043033
WARN
Replay called on unknown coordinator: {0}
ARJUNA043034
java.lang.String
Unknown Transaction.
ARJUNA043035
WARN
Unexpected exception thrown from soapFault
ARJUNA043036
WARN
SoapFault called on unknown coordinator: {0}
ARJUNA043038
INFO
Unexpected exception while sending InvalidStateFault to participant {0}
ARJUNA043039
java.lang.String
GetStatus requested for unknown coordinator completion participant
ARJUNA043041
INFO
Unexpected exception while sending InvalidStateFault to coordinator for participant {0}
ARJUNA043042
java.lang.String
GetStatus requested for unknown coordinator completion participant
Unable to instantiate XTS initialisation class {0}
ARJUNA047004
ERROR
Unable to access XTS initialisation class {0}
ARJUNA048001
WARN
Could not find manifest {0}
ARJUNA048002
WARN
Could not find configuration file, URL was: {0}
ARJUNA048003
WARN
className is null
ARJUNA048004
WARN
attempt to load {0} threw ClassNotFound. Wrong classloader?
ARJUNA048005
WARN
class {0} does not implement {1}
ARJUNA048006
WARN
cannot create new instance of {0}
ARJUNA048007
WARN
cannot access {0}
ARJUNA048008
WARN
cannot initialize from string {0}
AT
Code
Level
Return Type
Message
AT027001
WARN
Failure while removing participant information from the object store. '%s'
AT027002
WARN
Failure while synchronizing participant url with RecoveryManager. '%s'
AT027003
WARN
Failed to start the bridge. '%s'
AT027004
WARN
Failed to stop the bridge. '%s'
AT027005
WARN
Failed to enlist inbound bridge to the transaction '%s'
AT027006
WARN
Failed to import transaction. '%s'
AT027007
ERROR
FATAL System Exception '%s'
AT027008
WARN
Exception while verifying/loading id isInStore InboundBridgeOrphanFilter.
AT027009
WARN
Exception while verifying id isInStore InboundBridgeOrphanFilter.
AT027010
WARN
XAException occured while subordinate rollback. '%s'
AT027011
WARN
XAException occured while subordinate commit. '%s'
AT027012
WARN
XAException occured while subordinate vote. '%s'
AT027013
WARN
XAException occured while InboundBridgeRecoveryModule periodicWorkSecondPass. '%s'
AT027014
WARN
XAException occured while InboundBridgeRecoveryModule addBridgesToMapping. '%s'
AT027015
WARN
Exception occured while InboundBridgeRecoveryModule getUidsToRecover. '%s'
AT027016
WARN
Exception occured while Tx Support getIntValue. '%s'
AT027017
DEBUG
Exception occured while Tx Support HttpRequest. '%s'
AT027018
WARN
Exception occured while Tx Support AddLocationHeader. '%s'
AT027019
WARN
Exception occured while InboundBridgeParticipantDeserializer Participant deserialize. '%s'
AT027020
WARN
Exception while recovering participant in Recovery Manager. '%s'
AT027021
WARN
Exception while recovering participant in Recovery Manager. '%s'
AT027022
WARN
Heuristic Exception while recreateParticipantInformation in Recovery Manager. '%s'
AT027023
WARN
Participant Exception while recreateParticipantInformation in Recovery Manager. '%s'
AT027024
WARN
Failure while persisting participant information. '%s'
AT027025
WARN
Participant Exception while participant rollback in ParticipantResource. '%s'
AT027026
WARN
Exception while participant rollback in ParticipantResource. '%s'
AT027027
WARN
Exception while readOnly participant info in ParticipantResource. '%s'
AT027028
WARN
ParticipantException while commitOnePhase in ParticipantResource. '%s'
AT027029
WARN
ParticipantException while prepare in ParticipantResource. '%s'
AT027030
WARN
Exception Before completion failed in VolatileParticipantResource. '%s'
AT027031
WARN
Exception After completion failed in VolatileParticipantResource. '%s'
AT027032
WARN
Exception while getUids in VolatileParticipantResource. '%s'
AT027033
WARN
Exception could not reactivate pending transaction.'%s','%s'
AT027034
WARN
Exception TM JAX-RS application failed to start.'%s'
AT027035
DEBUG
Exception TM JAX-RS application failed to start.
COM
Code
Level
Return Type
Message
COM03000
DEBUG
Reaping a reference failed
COM03100
WARN
Property or feature %s not supported by %s
EJBCLIENT
Code
Level
Return Type
Message
EJBCLIENT-00001
INFO
JBoss EJB Client version %s
EJBCLIENT-00001
java.lang.String
No such EJB: %s
EJBCLIENT-00001
java.lang.String
EJB is not stateful: %s
EJBCLIENT-00001
java.lang.String
No such EJB method %s found on %s
EJBCLIENT-00001
java.lang.String
Session is not active for invocation of method %s on %s
EJBCLIENT-00001
java.lang.String
EJB view is not remote: %s
EJBCLIENT-00001
java.lang.IllegalStateException
Context data under org.jboss.private.data was not of type Set
EJBCLIENT-00001
jakarta.ejb.EJBException
IO channel timed out or closed. Check server endpoint read or write timeout settings
EJBCLIENT000000
java.lang.IllegalArgumentException
Module name cannot be null or empty
EJBCLIENT000001
java.lang.IllegalArgumentException
Bean name cannot be null or empty
EJBCLIENT000002
java.lang.IllegalArgumentException
Bean interface type cannot be null
EJBCLIENT000003
INFO
Incorrect max-allowed-connected-nodes value %s specified for cluster named %s. Defaulting to %s
EJBCLIENT000004
INFO
Incorrect connection timeout value %s specified for cluster named %s. Defaulting to %s
EJBCLIENT000005
INFO
Incorrect connection timeout value %s specified for node %s in cluster named %s. Defaulting to %s
EJBCLIENT000006
INFO
No host/port configured for connection named %s. Skipping connection creation
EJBCLIENT000007
INFO
Incorrect port value %s specified for connection named %s. Skipping connection creation
EJBCLIENT000008
INFO
Incorrect connection timeout value %s specified for connection named %s. Defaulting to %s
EJBCLIENT000009
INFO
Incorrect invocation timeout value %s specified. Defaulting to %s
EJBCLIENT000010
INFO
Incorrect reconnect tasks timeout value %s specified. Defaulting to %s
EJBCLIENT000011
INFO
Discarding result for invocation id %s since no waiting context found
EJBCLIENT000012
INFO
Cannot create a EJB receiver for %s since there was no match for a target destination
EJBCLIENT000015
INFO
Initial module availability report for %s wasn't received during the receiver context association
EJBCLIENT000016
INFO
Channel %s can no longer process messages
EJBCLIENT000017
INFO
Received server version %d and marshalling strategies %s
EJBCLIENT000022
java.lang.IllegalStateException
No EJB client context is available
EJBCLIENT000024
jakarta.ejb.NoSuchEJBException
No EJB receiver available for handling destination "%s"
EJBCLIENT000027
java.lang.IllegalStateException
No EJBReceiver available for node name %s
EJBCLIENT000028
java.lang.IllegalStateException
No EJB receiver contexts available in cluster %s
EJBCLIENT000029
java.lang.IllegalStateException
No cluster context available for cluster named %s
EJBCLIENT000030
java.lang.IllegalStateException
sendRequest() called during wrong phase
EJBCLIENT000031
java.lang.IllegalStateException
No receiver associated with invocation
EJBCLIENT000032
java.lang.IllegalStateException
Cannot retry a request which hasn't previously been completed
EJBCLIENT000033
java.lang.IllegalStateException
getResult() called during wrong phase
EJBCLIENT000034
java.lang.IllegalStateException
discardResult() called during wrong phase
EJBCLIENT000035
javax.naming.NamingException
Not supported
EJBCLIENT000036
javax.naming.NamingException
Read only naming context, operation not supported
EJBCLIENT000037
javax.naming.NamingException
Could not load ejb proxy class %s
EJBCLIENT000038
java.lang.IllegalStateException
Transaction enlistment did not yield a transaction ID
EJBCLIENT000039
java.lang.IllegalStateException
Cannot enlist transaction
EJBCLIENT000041
java.lang.RuntimeException
A session bean does not have a primary key class
EJBCLIENT000042
WARN
Failed to load EJB client configuration file specified in %s system property: %s
EJBCLIENT000043
java.lang.RuntimeException
Error reading EJB client properties file %s
EJBCLIENT000044
java.lang.IllegalStateException
No transaction context available
EJBCLIENT000045
java.lang.IllegalStateException
User transactions not supported by this context
EJBCLIENT000046
jakarta.transaction.NotSupportedException
A transaction is already associated with this thread
EJBCLIENT000047
java.lang.IllegalStateException
A transaction is not associated with this thread
EJBCLIENT000048
java.lang.IllegalStateException
Transaction for this thread is not active
EJBCLIENT000049
java.lang.IllegalStateException
Cannot proceed with invocation since transaction is pinned to node %s which has been excluded from handling invocation for the current invocation context %s
EJBCLIENT000050
java.lang.IllegalStateException
Node of the current transaction %s does not accept %s
EJBCLIENT000051
java.lang.IllegalStateException
Cannot proceed with invocation since the locator %s has an affinity on node %s which has been excluded from current invocation context %s
EJBCLIENT000052
java.lang.RuntimeException
%s for cluster %s is not of type org.jboss.ejb.client.ClusterNodeSelector
EJBCLIENT000053
java.lang.RuntimeException
Could not create the cluster node selector for cluster %s
EJBCLIENT000054
java.lang.IllegalStateException
Cannot specify both a callback handler and a username/password
EJBCLIENT000055
java.lang.RuntimeException
Could not decode base64 encoded password
EJBCLIENT000056
java.lang.IllegalStateException
Cannot specify both a plain text and base64 encoded password
EJBCLIENT000058
java.lang.IllegalArgumentException
Failed to instantiate deployment node selector class "%s"
EJBCLIENT000059
WARN
Could not send a message over remoting channel, to cancel invocation for invocation id %s
EJBCLIENT000060
java.lang.RuntimeException
Failed to create scoped EJB client context
EJBCLIENT000061
WARN
Cannot send a transaction recovery message to the server since the protocol version of EJBReceiver %s doesn't support it
EJBCLIENT000062
javax.naming.CommunicationException
Failed to look up "%s"
EJBCLIENT000063
java.lang.IllegalArgumentException
EJB proxy is already stateful
EJBCLIENT000064
INFO
org.jboss.ejb.client.naming.ejb.ejbURLContextFactory is deprecated; new applications should use org.wildfly.naming.client.WildFlyInitialContextFactory instead
EJBCLIENT000065
javax.naming.CommunicationException
Null session was created for "%s", affinity %s, identifier %s
EJBCLIENT000066
jakarta.ejb.EJBException
Operation interrupted
EJBCLIENT000067
java.lang.IllegalArgumentException
Cannot convert %s to stateful
EJBCLIENT000068
java.lang.IllegalArgumentException
Failed to instantiate callback handler class "%s"
EJBCLIENT000069
INFO
Using legacy jboss-ejb-client.properties security configuration
EJBCLIENT000070
INFO
Using legacy jboss-ejb-client.properties Remoting configuration
EJBCLIENT000071
INFO
Using legacy jboss-ejb-client.properties discovery configuration
EJBCLIENT000072
INFO
Using legacy jboss-ejb-client.properties EJB client configuration
EJBCLIENT000073
java.lang.IllegalStateException
Failed to construct Remoting endpoint
EJBCLIENT000074
java.lang.IllegalStateException
Configured selector "%s" returned null
EJBCLIENT000075
jakarta.ejb.NoSuchEJBException
No transport provider available for URI scheme %2$s for locator %1$s
EJBCLIENT000076
java.lang.IllegalStateException
Configured selector "%s" returned unknown node "%s"
EJBCLIENT000077
java.lang.IllegalArgumentException
EJB receiver "%s" returned a null session ID for EJB "%s"
EJBCLIENT000078
java.lang.IllegalArgumentException
EJB receiver "%s" returned a stateful locator with the wrong view type (expected %s, but actual was %s)
EJBCLIENT000079
jakarta.ejb.NoSuchEJBException
Unable to discover destination for request for EJB %s
EJBCLIENT000080
java.lang.IllegalStateException
Request not sent
EJBCLIENT000081
java.lang.IllegalArgumentException
Failed to instantiate cluster node selector class "%s"
EJBCLIENT000082
jakarta.transaction.SystemException
Cannot outflow the remote transaction "%s" as its timeout elapsed
EJBCLIENT000100
java.lang.IllegalArgumentException
Object '%s' is not a valid proxy object
EJBCLIENT000101
java.lang.IllegalArgumentException
Proxy object '%s' was not generated by %s
EJBCLIENT000102
java.lang.IllegalStateException
No asynchronous operation in progress
EJBCLIENT000200
org.wildfly.client.config.ConfigXMLParseException
Cannot load from a module when jboss-modules is not available
EJBCLIENT000300
java.lang.IllegalArgumentException
No valid no-argument constructor on interceptor %s
EJBCLIENT000301
java.lang.IllegalArgumentException
Constructor is not accessible on interceptor %s
EJBCLIENT000302
java.lang.IllegalStateException
Construction of interceptor %s failed
EJBCLIENT000400
java.util.concurrent.ExecutionException
Remote invocation failed due to an exception
EJBCLIENT000401
java.lang.IllegalStateException
Result was discarded (one-way invocation)
EJBCLIENT000402
java.util.concurrent.CancellationException
Remote invocation request was cancelled
EJBCLIENT000403
java.util.concurrent.TimeoutException
Timed out
EJBCLIENT000408
jakarta.transaction.SystemException
Inflowed transaction is no longer active
EJBCLIENT000409
org.jboss.ejb.client.RequestSendFailedException
No more destinations are available
EJBCLIENT000500
java.io.InvalidObjectException
Protocol error: mismatched method location
EJBCLIENT000501
DEBUG
Protocol error: invalid message ID %02x received
EJBCLIENT000502
java.io.IOException
Protocol error: invalid transaction type %02x received
EJBCLIENT000503
java.io.IOException
Protocol error: unable to inflow remote transaction
EJBCLIENT000504
java.lang.IllegalStateException
Server error: no session was created
EJBCLIENT000505
java.lang.IllegalStateException
No remote transport is present on the current EJB client context
EJBCLIENT000506
jakarta.ejb.EJBException
Server error (invalid view): %s
EJBCLIENT000507
jakarta.transaction.SystemException
Internal server error occurred while processing a transaction
EJBCLIENT000508
ERROR
Failed to execute Runnable %s
EJBCLIENT000509
ERROR
Unexpected exception processing EJB request
EJBCLIENT000510
java.io.IOException
Failed to configure SSL context
EJBCLIENT000511
java.lang.IllegalArgumentException
Cannot automatically convert stateless EJB to stateful with this protocol version
EJBCLIENT000512
jakarta.ejb.EJBException
Server error (remote EJB is not stateful): %s
EJBCLIENT000513
ERROR
Exception occurred when trying to close the transport provider
EJBCLIENT000514
INFO
No URI configured for HTTP connection named %s. Skipping connection creation
EJBCLIENT000515
INFO
HTTP connection was configured with invalid URI: %s .
EJBCLIENT000516
java.io.InvalidClassException
Exception resolving class %s for unmarshalling; it has either been blocklisted or not allowlisted
EJBCLIENT000517
WARN
Exception occurred when writing EJB transaction response to invocation %s over channel %s
EJBCLIENT000518
WARN
Exception occurred when writing EJB transaction recovery response for invocation %s over channel %s
EJBCLIENT000519
WARN
Exception occurred when writing EJB response to invocation %s over channel %s
EJBCLIENT000520
WARN
Exception occurred when writing EJB session open response to invocation %s over channel %s
EJBCLIENT000521
WARN
Exception occurred when writing proceed async response to invocation %s over channel %s
EJBCLIENT000522
WARN
Exception occurred when writing EJB cluster message to channel %s
EJBCLIENT000523
WARN
Exception occurred when writing module availability message, closing channel %s
EJBCLIENT000524
DEBUG
JavaEE to JakartaEE backward compatibility layer have been installed
ELY
Code
Level
Return Type
Message
ELY00000
java.lang.String
Unexpected value for azp (issued for) claim
ELY00001
INFO
WildFly Elytron version %s
ELY00002
java.lang.IllegalArgumentException
Parameter %s is empty
ELY00002
java.lang.IllegalArgumentException
Parameter %s is empty
ELY00002
java.lang.IllegalArgumentException
Parameter %s is empty
ELY00003
java.lang.IllegalStateException
This builder has already been built
ELY00003
java.lang.IllegalStateException
This builder has already been built
ELY00003
java.lang.IllegalStateException
This builder has already been built
ELY00003
java.lang.IllegalStateException
This builder has already been built
ELY00004
java.lang.IllegalArgumentException
Unrecognized algorithm "%s"
ELY00004
java.lang.IllegalArgumentException
Unrecognized algorithm "%s"
ELY00004
java.lang.IllegalArgumentException
Unrecognized algorithm "%s"
ELY00005
java.lang.IllegalStateException
Cannot instantiate self-referential factory
ELY00006
java.lang.IllegalArgumentException
Unexpected trailing garbage in X.500 principal
ELY00007
WARN
Credential destroying failed
ELY00007
WARN
Credential destroying failed
ELY00008
java.lang.IllegalArgumentException
The given credential is not supported here
ELY00009
java.lang.IllegalArgumentException
Invalid name "%s"
ELY00011
java.security.NoSuchAlgorithmException
Unable to create service for '%s.%s'
ELY00012
java.lang.IllegalStateException
Unable to load OIDs database from properties file
ELY01000
java.lang.IllegalStateException
Authentication name was already set on this context
ELY01001
org.wildfly.client.config.ConfigXMLParseException
No module found for identifier "%s"
ELY01002
org.wildfly.client.config.ConfigXMLParseException
Invalid port number "%s" specified for attribute "%s" of element "%s"; expected a numerical value between 1 and 65535 (inclusive)
ELY01003
java.lang.IllegalStateException
No authentication is in progress
ELY01005
java.lang.IllegalArgumentException
Realm map does not contain mapping for default realm '%s'
Changing the session ID has been disabled, ensure session tracking uses cookies only to avoid session fixation.
ELY22500
WARN
Changing the session ID has been disabled, ensure session tracking uses cookies only to avoid session fixation.
ELY23000
org.wildfly.security.http.oidc.OidcException
Unexpected HTTP status code in response from OIDC provider "%d"
ELY23001
org.wildfly.security.http.oidc.OidcException
No entity in response from OIDC provider
ELY23002
org.wildfly.security.http.oidc.OidcException
Unexpected error sending request to OIDC provider
ELY23003
java.lang.IllegalArgumentException
Either provider-url or auth-server-url needs to be configured
ELY23004
INFO
Loaded OpenID provider metadata from '%s'
ELY23005
WARN
Unable to load OpenID provider metadata from %s
ELY23006
java.lang.RuntimeException
Failed to decode request URI
ELY23007
java.lang.RuntimeException
Failed to write to response output stream
ELY23008
java.lang.IllegalArgumentException
Unable to parse token
ELY23009
java.lang.RuntimeException
OIDC client configuration file not found
ELY23010
ERROR
Failed to invoke remote logout
ELY23011
ERROR
Refresh token failure
ELY23012
ERROR
Refresh token failure status: %d %s
ELY23013
ERROR
Failed verification of token: %s
ELY23014
ERROR
Failed to refresh the token with a longer time-to-live than the minimum
ELY23015
java.lang.IllegalArgumentException
No expected issuer given
ELY23016
java.lang.IllegalArgumentException
No client ID given
ELY23017
java.lang.IllegalArgumentException
No expected JWS algorithm given
ELY23018
java.lang.IllegalArgumentException
No JWKS public key or client secret key given
ELY23019
org.wildfly.security.http.oidc.OidcException
Invalid ID token
ELY23020
java.lang.IllegalArgumentException
Invalid token claim value
ELY23021
org.wildfly.security.http.oidc.OidcException
Invalid ID token claims
ELY23022
java.lang.RuntimeException
Must set 'realm' in config
ELY23023
java.lang.RuntimeException
Must set 'resource' or 'client-id'
ELY23024
java.lang.IllegalArgumentException
For bearer auth, you must set the 'realm-public-key' or one of 'auth-server-url' and 'provider-url'
ELY23025
java.lang.RuntimeException
Must set 'auth-server-url' or 'provider-url'
ELY23026
WARN
Client '%s' does not have a secret configured
ELY23027
java.lang.IllegalArgumentException
Unsupported public key
ELY23028
java.lang.IllegalArgumentException
Unable to create signed token
ELY23029
java.lang.RuntimeException
Configuration of jwt credentials is missing or incorrect for client '%s'
ELY23030
java.lang.RuntimeException
Missing parameter '%s' in jwt credentials for client %s
ELY23031
java.lang.IllegalArgumentException
Unable to parse key '%s' with value '%s'
ELY23032
java.lang.RuntimeException
Unable to load key with alias '%s' from keystore
ELY23033
java.lang.RuntimeException
Unable to load private key from keystore
ELY23034
java.lang.RuntimeException
Unable to find keystore file '%s'
ELY23035
java.lang.RuntimeException
Configuration of secret jwt client credentials is missing or incorrect for client '%s'
ELY23036
java.lang.RuntimeException
Invalid value for 'algorithm' in secret jwt client credentials configuration for client '%s'
ELY23037
java.lang.RuntimeException
Unable to determine client credentials provider type for client '%s'
ELY23038
java.lang.RuntimeException
Unable to find client credentials provider '%s'
ELY23039
java.lang.RuntimeException
Unable to load keystore
ELY23040
java.lang.RuntimeException
Unable to load truststore
ELY23041
java.lang.RuntimeException
Unable to find truststore file '%s'
ELY23042
java.lang.String
Unexpected value for at_hash claim
ELY23043
java.lang.IllegalArgumentException
Uknown algorithm: '%s'
ELY23044
WARN
Failed to parse token from cookie
ELY23045
java.lang.IllegalArgumentException
Unable to create redirect response
ELY23046
java.lang.RuntimeException
Unable to set auth server URL
ELY23047
java.lang.RuntimeException
Unable resolve a relative URL
ELY23048
java.lang.RuntimeException
Invalid URI: '%s'
ELY23049
WARN
Invalid 'auth-server-url' or 'provider-url': '%s'
ELY23050
org.wildfly.security.http.oidc.OidcException
Invalid bearer token claims
ELY23051
org.wildfly.security.http.oidc.OidcException
Invalid bearer token
ELY23052
WARN
No trusted certificates in token
ELY23053
WARN
No peer certificates established on the connection
ELY23054
java.lang.String
Unexpected value for typ claim
ELY23055
java.io.IOException
Unable to obtain token: %d
ELY23056
java.io.IOException
No message entity
ELY24000
java.lang.IllegalArgumentException
Unable to parse string JWK
ELY24001
java.lang.IllegalArgumentException
Unsupported key type for JWK: "%s"
ELY24002
java.lang.IllegalArgumentException
Unsupported curve
ELY24003
java.lang.RuntimeException
Unable to create public key from JWK
ELY24004
java.lang.RuntimeException
Unable to generate thumbprint for the certificate
ELY26000
java.lang.RuntimeException
JsonNode ["%s"] is not a object.
ELY40000
java.lang.IllegalArgumentException
Malformed OpenSSH Private Key: %s
ELY40001
java.lang.IllegalArgumentException
Unable to Generate Key: %s
ELY40002
java.lang.IllegalArgumentException
Malformed PEM content when parsing SSH at offset %d
ELYEE
Code
Level
Return Type
Message
ELYEE00001
java.lang.IllegalStateException
No ThreadLocal CallbackHandler available.
ELYEE00002
java.lang.IllegalStateException
Unrecognised context type '%s'.
ELYEE00003
java.lang.IllegalStateException
No registration for '%s'.
ELYTOOL
Code
Level
Return Type
Message
ELYTOOL00000
java.lang.String
Command or alias "%s" not found.
ELYTOOL00000
java.lang.String
Input data not confirmed. Exiting.
ELYTOOL00000
java.lang.String
%s %s
ELYTOOL00000
java.lang.String
Exception encountered executing the command:
ELYTOOL00000
java.lang.String
Printing general help message:
ELYTOOL00000
java.lang.String
Location of credential store storage file
ELYTOOL00000
java.lang.String
"credential-store" command is used to perform various operations on credential store.
ELYTOOL00000
java.lang.String
Implementation properties for credential store type in form of "prop1=value1; ... ;propN=valueN" .%nSupported properties are dependent on credential store type%nKeyStoreCredentialStore (default implementation) supports following additional properties (all are optional):%nkeyStoreType - specifies the key store type to use (defaults to "JCEKS")%nkeyAlias - specifies the secret key alias within the key store to use for encrypt/decrypt of data in external storage (defaults to "cs_key")%nexternal - specifies whether to store data to external storage and encrypted by keyAlias key (defaults to "false")%ncryptoAlg - cryptographic algorithm name to be used to encrypt/decrypt entries at external storage "external" has to be set to "true"
ELYTOOL00000
java.lang.String
Password for credential store
ELYTOOL00000
java.lang.String
Password for KeyStore. Can also be provided by console prompt.
ELYTOOL00000
java.lang.String
Name of an environment variable from which to resolve the KeyStore password.
ELYTOOL00000
java.lang.String
Salt to apply for final masked password of the credential store
ELYTOOL00000
java.lang.String
Iteration count for final masked password of the credential store
ELYTOOL00000
java.lang.String
Password credential value
ELYTOOL00000
java.lang.String
The alias of the existing password entry to encrypt
ELYTOOL00000
java.lang.String
Type of entry in credential store
ELYTOOL00000
java.lang.String
Comma separated list of JCA provider names. Providers will be supplied to the credential store instance.%nEach provider must be installed through java.security file or through service loader from properly packaged jar file on classpath.
ELYTOOL00000
java.lang.String
Provider name containing CredentialStoreSpi implementation.%nProvider must be installed through java.security file or through service loader from properly packaged jar file on classpath.
ELYTOOL00000
java.lang.String
Create credential store (Action)
ELYTOOL00000
java.lang.String
Credential store type
ELYTOOL00000
java.lang.String
Add new alias to the credential store (Action)
ELYTOOL00000
java.lang.String
Remove alias from the credential store (Action)
ELYTOOL00000
java.lang.String
Check if alias exists within the credential store (Action)
ELYTOOL00000
java.lang.String
Display all aliases (Action)
ELYTOOL00000
java.lang.String
Display all types of stored credentials for given alias (Action)
ELYTOOL00000
java.lang.String
Generate private and public key pair and store them as a KeyPairCredential
ELYTOOL00000
java.lang.String
Size (number of bytes) of the keys when generating a KeyPairCredential.
ELYTOOL00000
java.lang.String
Encryption algorithm to be used when generating a KeyPairCredential: RSA, DSA, or EC. Default RSA
ELYTOOL00000
java.lang.String
Prints the public key stored under a KeyPairCredential as Base64 encoded String, in OpenSSH format.
ELYTOOL00000
java.lang.String
Import a KeyPairCredential into the credential store.
ELYTOOL00000
java.lang.String
The location of a file containing a private key.
ELYTOOL00000
java.lang.String
The location of a file containing a public key.
ELYTOOL00000
java.lang.String
The passphrase used to decrypt the private key.
ELYTOOL00000
java.lang.String
A private key specified as a String.
ELYTOOL00000
java.lang.String
A public key specified as a String.
ELYTOOL00000
java.lang.String
Print summary, especially command how to create this credential store
ELYTOOL00000
java.lang.String
Get help with usage of this command (Action)
ELYTOOL00000
java.lang.String
Alias "%s" exists
ELYTOOL00000
java.lang.String
Alias "%s" does not exist
ELYTOOL00000
java.lang.String
Alias "%s" of type "%s" does not exist
ELYTOOL00000
java.lang.String
Alias "%s" has been successfully stored
ELYTOOL00000
java.lang.String
Alias "%s" of type "%s" has been successfully stored
ELYTOOL00000
java.lang.String
Alias "%s" has been successfully removed
ELYTOOL00000
java.lang.String
Alias "%s" of type "%s" has been successfully removed
ELYTOOL00000
java.lang.String
Credential store command summary:%n--------------------------------------%n%s
ELYTOOL00000
java.lang.String
Credential store contains following aliases: %s
ELYTOOL00000
java.lang.String
Credential store contains no aliases
ELYTOOL00000
java.lang.Exception
Action to perform on the credential store is not defined
ELYTOOL00000
java.lang.String
Credential store password:
ELYTOOL00000
java.lang.String
Confirm credential store password:
ELYTOOL00000
java.lang.String
Passphrase to be used to decrypt private key (can be nothing if no passphrase was used to encrypt the key):
ELYTOOL00000
java.lang.String
Confirm passphrase to be used to decrypt private key (can be nothing if no passphrase was used to encrypt the key):
ELYTOOL00000
java.lang.String
Secret to store:
ELYTOOL00000
java.lang.String
Confirm secret to store:
ELYTOOL00000
java.lang.String
The retrieved PasswordCredential does not contain a ClearTextPassword
ELYTOOL00000
java.lang.String
"mask" command is used to get MASK- string encrypted using PBEWithMD5AndDES in PicketBox compatible way.
ELYTOOL00000
java.lang.String
Salt to apply to masked string
ELYTOOL00000
java.lang.String
Iteration count for masked string
ELYTOOL00000
java.lang.String
Secret to be encrypted
ELYTOOL00000
org.apache.commons.cli.MissingArgumentException
Secret not specified.
ELYTOOL00000
java.lang.String
"vault" command is used convert PicketBox Security Vault to credential store using default implementation (KeyStoreCredentialStore) or custom implementation set with the "type" option.
ELYTOOL00000
java.lang.String
Vault keystore URL (defaults to "vault.keystore")
ELYTOOL00000
java.lang.String
Vault keystore password:%n- used to open original vault key store%n- used as password for new converted credential store
ELYTOOL00000
java.lang.String
Vault directory containing encrypted files (defaults to "vault")
ELYTOOL00000
java.lang.String
8 character salt (defaults to "12345678")
ELYTOOL00000
java.lang.String
Iteration count (defaults to "23")
ELYTOOL00000
java.lang.String
Vault key alias within key store (defaults to "vault")
ELYTOOL00000
java.lang.String
Configuration parameters for credential store in form of: "parameter1=value1; ... ;parameterN=valueN"%nSupported parameters are dependent on credential store type%nGenerally supported parameters for default credential store implementation (all are optional):%ncreate - automatically creates credential store file (true/false)%nmodifiable - is the credential modifiable (true/false)%nlocation - file location of credential store%nkeyStoreType - specify the key store type to use
Bulk conversion with options listed in description file. All options have no default value and should be set in the file. (Action)%nAll options are required with the exceptions:%n - "properties" option%n - "type" option (defaults to "KeyStoreCredentialStore")%n - "credential-store-provider" option%n - "other-providers" option%n - "salt" and "iteration" options can be omitted when plain-text password is used%nEach set of options must start with the "keystore" option in the following format:%n keystore:%nkeystore-password:%nenc-dir:%nsalt:%niteration:%nlocation:%nalias:%nproperties:=; ... ;=%ntype:%ncredential-store-provider:%nother-providers:
ELYTOOL00000
java.lang.String
Print summary of conversion
ELYTOOL00000
java.lang.String
Converted credential store type (defaults to "KeyStoreCredentialStore")
ELYTOOL00000
java.lang.String
Location of credential store storage file (defaults to "converted-vault.cr-store" in vault encryption directory)
ELYTOOL00000
java.lang.String
Vault (enc-dir="%s";keystore="%s") converted to credential store "%s"
ELYTOOL00000
java.lang.String
Credential Store has been successfully created
ELYTOOL00000
java.lang.String
Vault password:
ELYTOOL00000
java.lang.String
Mask secret:
ELYTOOL00000
java.lang.String
Confirm mask secret:
ELYTOOL00000
java.lang.String
Print stack trace when error occurs.
ELYTOOL00000
java.lang.String
Exception encountered executing the command. Use option "--debug" for complete exception stack trace.
ELYTOOL00000
java.lang.String
In the message below, option '%s' refers to long option '%s'.
ELYTOOL00000
java.lang.String
'FileSystemRealm' command is used to convert legacy properties files and scripts to an Elytron FileSystemRealm.
ELYTOOL00000
java.lang.String
The relative or absolute path to the users file.
ELYTOOL00000
java.lang.String
The relative or absolute path to the credential store file that contains the secret key.
ELYTOOL00000
java.lang.String
The alias of the secret key stored in the credential store file. Set to key by default
ELYTOOL00000
java.lang.String
Whether or not the credential store should be populated with a Secret Key. Set to true by default.
ELYTOOL00000
java.lang.String
Whether or not the credential store should be dynamically created if it doesn't exist. Set to true by default.
ELYTOOL00000
java.lang.String
The relative or absolute path to the KeyStore file that contains the key pair. Only %napplicable if the filesystem realm has integrity verification enabled.
ELYTOOL00000
java.lang.String
The type of KeyStore to be used. Optional, only applicable if the filesystem %nrealm has integrity verification enabled.
ELYTOOL00000
java.lang.String
The alias of the key pair to be used, within the KeyStore. Set to integrity-key by default, only %napplicable if the filesystem realm has integrity verification enabled.
ELYTOOL00000
java.lang.String
Password for KeyStore. Can also be provided by console prompt. Only applicable if %nthe filesystem realm has integrity verification enabled.
ELYTOOL00000
java.lang.String
Name of an environment variable from which to resolve the KeyStore password. Only %napplicable if the filesystem realm has integrity verification enabled.
ELYTOOL00000
org.apache.commons.cli.MissingArgumentException
Input Realm location not specified.
ELYTOOL00000
org.apache.commons.cli.MissingArgumentException
Input Realm location directory does not exist.
ELYTOOL00000
org.apache.commons.cli.MissingArgumentException
Output Realm location not specified.
ELYTOOL00000
org.apache.commons.cli.MissingArgumentException
Credential Store location not specified.
ELYTOOL00000
java.lang.String
A required parameter is not specified.
ELYTOOL00000
java.lang.String
The hash encoding to be used in the filesystem realm. Set to BASE64 by default.
ELYTOOL00000
java.lang.String
If the original realm has encoded set to true. Set to true by default.
ELYTOOL00000
java.lang.String
The levels to be used in the filesystem realm. Set to 2 by default.
ELYTOOL00000
java.lang.String
The absolute or relative location of the original filesystem realm.
ELYTOOL00000
java.lang.String
The directory where the new filesystem realm resides.
ELYTOOL00000
java.lang.String
The name of the new filesystem-realm.
ELYTOOL00000
java.lang.String
The relative or absolute path to the roles file.
ELYTOOL00000
java.lang.String
The relative or absolute path to the output directory.
ELYTOOL00000
java.lang.String
Name of the filesystem-realm to be configured.
ELYTOOL00000
java.lang.String
Name of the security-domain to be configured.
ELYTOOL00000
java.lang.String
Bulk conversion with options listed in description file. Optional options have default values, required options do not. (Action) %nThe options fileSystemRealmName and securityDomainName are optional. %nThese optional options have default values of: converted-properties-filesystem-realm and converted-properties-security-domain. %nValues are required for the following options: users-file, roles-file, and output-location. %nIf one or more these required values are not set, the corresponding block is skipped. %nEach option must be specified in the following format:
ELYTOOL00000
java.lang.String
Bulk conversion with options listed in description file. Optional options have default values, required options do not. (Action) %nThe options realm-name, hash-encoding, levels, secret-key, create, populate, keystore, type, password, password-env, and key-pair are optional. %nValues are required for the following options: input-location, output-location, and credential-store. %nThe default values of realm-name, hash-encoding, hash-charset, levels, secret-key, create, and populate are encrypted-filesystem-realm, BASE64, UTF-8, 2, key, true, and true respectively. %nIf one or more these required values are not set, the corresponding block is skipped. %nIf keystore is provided, then either password or password-env are required. %nEach option must be specified in the following format:
ELYTOOL00000
java.lang.String
Bulk conversion with options listed in description file. (Action)Optional options have defaults and can be skipped ([type, default_or_NULL]), required options do not (). %nOne of either password or password-env is required. %nBlocks of options must be separated by a blank line; order is not important. Syntax: %ninput-location:%noutput-location:[directory,NULL]%nrealm-name:[name,filesystem-realm-with-integrity]%nkeystore:%ntype:[name,NULL]%npassword:[password,NULL]%npassword-env:[name,NULL]%nkey-pair:[name,integrity-key]%ncredential-store:[file,NULL]%nsecret-key:[name,NULL]%nlevels:[number,2]%nhash-encoding:[name,BASE64]%nhash-charset:[name,UTF-8]%nencoded:[bool,true]
ELYTOOL00000
java.lang.String
'FileSystemRealmEncrypt' command is used to convert non-empty, un-encrypted FileSystemSecurityRealm(s) to encrypted FileSystemSecurityRealm(s) with a SecretKey.
ELYTOOL00000
java.lang.String
Secret Key was not found in the Credential Store at %s, and populate option was not set. Skipping descriptor file block number %d.
ELYTOOL00000
java.lang.String
The directory where the new filesystem realm resides. If not provided, realm will be upgraded in-place (with backup), %nand realm-name option will not be used in file path.
ELYTOOL00000
java.lang.String
The name of the new filesystem-realm. Will be appended to output-location path (if output-location is provided). %nWhen not set, nothing is appended to the path, and `filesystem-realm-with-integrity` is used for the WildFly resource name.%n
ELYTOOL00000
java.lang.String
The relative or absolute path to the KeyStore file that contains the key pair.
ELYTOOL00000
java.lang.String
The type of KeyStore to be used. Optional.
ELYTOOL00000
java.lang.String
The alias of the key pair to be used, within the KeyStore. Set to integrity-key by default.
ELYTOOL00000
java.lang.String
The relative or absolute path to the secret-key-credential-store file. Only %napplicable if the filesystem realm is encrypted.
ELYTOOL00000
java.lang.String
The alias of the secret key stored in the credential store file. Set to key by default, only %napplicable if the filesystem realm is encrypted.
ELYTOOL00000
java.lang.String
The number of levels used in the input filesystem realm. Set to 2 by default.
ELYTOOL00000
java.lang.String
The hash encoding used in the input filesystem realm. Set to BASE64 by default.%nRegardless of setting, the output realm will always be BASE64-encoded.
ELYTOOL00000
java.lang.String
The character set used to convert the password string to a byte array. Defaults to UTF-8.
ELYTOOL00000
java.lang.String
Indicates if the original realm used Base32-encoded identities as file names.%nSet to true by default. Regardless of setting, the output realm will always use Base32-encoding in file names.
ELYTOOL00000
org.apache.commons.cli.MissingOptionException
Both --bulk-convert and at least one other realm configuration option was specified. %nThe bulk-convert option may only be used with --help, --debug, --silent, and --summary options.
ELYTOOL00000
java.lang.String
'FileSystem Realm Integrity' command is used to sign existing, non-empty FileSystem Security Realms with a key pair, for future integrity validation.
ELYTOOL00000
java.lang.String
KeyStore password:
ELYTOOL00000
org.apache.commons.cli.MissingArgumentException
KeyStore path not specified.
ELYTOOL00000
org.apache.commons.cli.MissingArgumentException
KeyStore does not exist.
ELYTOOL00000
java.lang.IllegalArgumentException
Encoded option must be set to 'true' or 'false'.
ELYTOOL00000
java.lang.String
Suppresses all output except errors and prompts.
ELYTOOL00000
java.lang.String
Provides a detailed summary of all operations performed, once the command finishes.
ELYTOOL00000
org.apache.commons.cli.MissingOptionException
No users file specified. Please use either --bulk-convert or specify a users file using --users-file
ELYTOOL00000
org.apache.commons.cli.MissingOptionException
No roles file specified. Please use either --bulk-convert or specify a roles file using --roles-file
ELYTOOL00000
org.apache.commons.cli.MissingOptionException
No output location specified. Please use either --bulk-convert or specify an output location using --output-location
ELYTOOL00000
org.apache.commons.cli.MissingOptionException
Both --bulk-convert and one or more of --users-file, --roles-file, and/or --output-location were specified. Please only use --bulk-convert or all of --users-file, --roles-file, and --output-location.
ELYTOOL00000
org.apache.commons.cli.MissingOptionException
Both --bulk-convert and one or more of --old-realm-name, --new-realm-name, --input-location, --output-location, --credential-store, --secret-key, --keystore, --type, --key-pair, --password and/or --password-env were specified. Please only use --bulk-convert or all of the other others.
ELYTOOL00000
java.lang.String
No value found for %s.
ELYTOOL00000
java.io.FileNotFoundException
Could not find the specified file %s.
ELYTOOL00000
java.lang.String
Could not copy input filesystem realm at %s for in-place upgrade.%nOutput filesystem will be placed at %s
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to %s.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to missing input realm location.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to missing credential store location.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to missing output realm location.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to missing KeyStore path.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to missing KeyStore password.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to invalid KeyStore path.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to failure to load KeyStore.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to failure to load key pair.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to missing private key.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to missing public key.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to missing new filesystem realm name.
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to no identities present in filesystem realm.%nKeys for this realm can be added via the management client.
ELYTOOL00000
java.lang.String
Creating encrypted realm for: %s
ELYTOOL00000
java.lang.String
Creating filesystem realm with integrity verification for: %s
ELYTOOL00000
java.lang.String
In-place upgrade for descriptor block %d: filesystem realm backed up at %s%nRealm name will not be used in output realm path.
ELYTOOL00000
java.lang.String
Should file %s be overwritten? (y/n)
ELYTOOL00000
java.lang.String
Some of the parameters below are mutually exclusive actions which are marked with (Action) in the description.
ELYTOOL00000
java.lang.String
Key size (bits).
ELYTOOL00000
java.lang.String
Generate a new SecretKey and store it in the credential store.
ELYTOOL00000
java.lang.String
Export existing SecretKey stored in the credential store.
ELYTOOL00000
java.lang.String
Exported SecretKey for alias %s=%s
ELYTOOL00000
java.lang.String
The encoded Key to import.
ELYTOOL00000
java.lang.String
Import an existing encoded SecretKey to the credential store.
ELYTOOL00000
java.lang.String
SecretKey to import:
ELYTOOL00000
java.lang.String
Encrypt a clear text string using the SecretKey specified by .
ELYTOOL00000
java.lang.String
The clear text to encrypt.
ELYTOOL00000
java.lang.String
Clear text value:
ELYTOOL00000
java.lang.String
Confirm clear text value:
ELYTOOL00000
java.lang.String
Clear text encrypted to token '%s' using alias '%s'.
ELYTOOL00000
java.lang.IllegalArgumentException
Location that has been specified '%s' does not exist and automatic storage creation for the Credential Store is disabled.
ELYTOOL00000
java.lang.String
Credential store contains credentials of types:%s for alias '%s'
ELYTOOL00000
java.lang.String
Invalid "%s" parameter. Default value "%s" will be used.
ELYTOOL00000
java.lang.String
Invalid "%s" parameter. Generated value "%s" will be used.
ELYTOOL00000
java.lang.String
Mask password operation is not allowed in FIPS mode.
ELYTOOL00000
java.lang.String
Found credential store and alias, using pre-existing key
ELYTOOL00000
java.lang.String
Skipping descriptor file block number %d due to failure to load Credential Store.
ELYTOOL00000
java.lang.String
Credential Store at %s does not support SecretKey. Skipping descriptor file block number %d.
ELYTOOL00000
java.lang.String
Exception was thrown while populating Credential Store at %s. Skipping descriptor file block number %d.
ELYTOOL00000
org.apache.commons.cli.MissingOptionException
No Credential Store location or Secret Key Alias specified.
ELYTOOL00006
org.apache.commons.cli.MissingArgumentException
Salt not specified.
ELYTOOL00007
java.lang.IllegalArgumentException
Invalid "%s" value. Must be an integer between %d and %d, inclusive
ELYTOOL00008
java.lang.RuntimeException
Cannot locate admin key with alias "%s" or it is of improper type
ELYTOOL00009
java.lang.RuntimeException
Cannot parse credential store implementation properties from supplied parameter
ELYTOOL00010
java.io.IOException
Cannot parse conversion descriptor file "%s" missing colon at line %s
ELYTOOL00011
java.io.IOException
Unrecognized descriptor attribute at line %s
ELYTOOL00012
java.lang.Exception
Problem converting vault (enc-dir="%s";keystore="%s")
ELYTOOL00013
java.lang.Exception
Invalid option "%s" when performing bulk conversion. Use bulk conversion descriptor file.
ELYTOOL00014
java.lang.IllegalArgumentException
Unknown entry-type "%s"
ELYTOOL00015
java.lang.IllegalArgumentException
Unknown provider "%s"
ELYTOOL00016
org.apache.commons.cli.MissingArgumentException
Option "%s" is not specified.
ELYTOOL00017
java.lang.String
Option "%s" specified more than once. Only the first occurrence will be used.
ELYTOOL00018
org.apache.commons.cli.MissingArgumentException
Option "%s" does not expect any arguments.
ELYTOOL00019
java.lang.IllegalArgumentException
Encryption directory "%s" does not contain "VAULT.dat" file.
ELYTOOL00020
org.apache.commons.cli.MissingArgumentException
Alias was not defined.
ELYTOOL00021
org.apache.commons.cli.MissingArgumentException
Location of the output file was not defined.
ELYTOOL00022
org.apache.commons.cli.MissingArgumentException
Encryption directory was not defined.
ELYTOOL00023
org.apache.commons.cli.MissingArgumentException
Vault password was not defined
ELYTOOL00024
java.io.IOException
Cannot parse conversion descriptor file "%s". No keystore specified.
ELYTOOL00025
java.lang.IllegalArgumentException
Credential store storage file "%s" does not exist.
ELYTOOL00026
java.lang.IllegalArgumentException
Credential store storage file "%s" already exists.
ELYTOOL00027
java.lang.IllegalArgumentException
Wrong masked password format. Expected format is "MASK-;;"
ELYTOOL00028
org.apache.commons.cli.MissingArgumentException
Location parameter is not specified for filebased keystore type '%s'
ELYTOOL00029
java.security.NoSuchAlgorithmException
Key Pair Algorithm: '%s' is not supported.
ELYTOOL00030
java.lang.IllegalArgumentException
Key file '%s' does not exist.
ELYTOOL00031
org.apache.commons.cli.MissingArgumentException
No private key specified for importing.
ELYTOOL00032
org.apache.commons.cli.MissingArgumentException
No public key specified for importing.
ELYTOOL00033
org.apache.commons.cli.MissingArgumentException
No PEM content found
ELYTOOL00034
java.security.InvalidParameterException
Invalid keysize provided: %s
ELYTOOL00035
java.lang.IllegalArgumentException
Only one of '%s' and '%s' can be specified at the same time
HHH
Code
Level
Return Type
Message
HHH000002
WARN
Already session bound on call to bind(); make sure you clean up your sessions
HHH000006
INFO
Autocommit mode: %s
HHH000008
WARN
JTASessionContext being used with JDBC transactions; auto-flush will not operate correctly with getCurrentSession()
HHH000010
INFO
On release of batch it still contained JDBC statements
HHH000021
INFO
Bytecode provider name : %s
HHH000022
WARN
c3p0 properties were encountered, but the %s provider class was not found on the classpath; these properties are going to be ignored.
HHH000023
WARN
I/O reported cached file could not be found : %s : %s
HHH000024
INFO
Cache provider: %s
HHH000027
WARN
Calling joinTransaction() on a non JTA EntityManager
HHH000031
DEBUG
Closing
HHH000032
INFO
Collections fetched (minimize this): %s
HHH000033
INFO
Collections loaded: %s
HHH000034
INFO
Collections recreated: %s
HHH000035
INFO
Collections removed: %s
HHH000036
INFO
Collections updated: %s
HHH000037
INFO
Columns: %s
HHH000038
WARN
Composite-id class does not override equals(): %s
HHH000039
WARN
Composite-id class does not override hashCode(): %s
HHH000040
INFO
Configuration resource: %s
HHH000041
INFO
Configured SessionFactory: %s
HHH000042
INFO
Configuring from file: %s
HHH000043
INFO
Configuring from resource: %s
HHH000044
INFO
Configuring from URL: %s
HHH000045
INFO
Configuring from XML document
HHH000048
INFO
Connections obtained: %s
HHH000050
ERROR
Container is providing a null PersistenceUnitRootUrl: discovery impossible
HHH000051
WARN
Ignoring bag join fetch [%s] due to prior collection join fetch
HHH000053
INFO
Creating subcontext: %s
HHH000059
WARN
Defining %s=true ignored in HEM
HHH000065
WARN
DEPRECATED : use [%s] instead with custom [%s] implementation
HHH000067
INFO
Disallowing insert statement comment for select-identity due to Oracle driver bug
HHH000069
WARN
Duplicate generator name %s
HHH000070
WARN
Duplicate generator table: %s
HHH000071
INFO
Duplicate import: %s -> %s
HHH000072
WARN
Duplicate joins for class: %s
HHH000073
INFO
entity-listener duplication, first event definition will be used: %s
HHH000074
WARN
Found more than one , subsequent ignored
HHH000076
INFO
Entities deleted: %s
HHH000077
INFO
Entities fetched (minimize this): %s
HHH000078
INFO
Entities inserted: %s
HHH000079
INFO
Entities loaded: %s
HHH000080
INFO
Entities updated: %s
HHH000082
WARN
Entity Manager closed by someone else (%s must not be used)
HHH000084
WARN
Entity [%s] is abstract-class/interface explicitly mapped as non-abstract; be sure to supply entity-names
HHH000085
INFO
%s %s found
HHH000086
INFO
%s No %s found
HHH000087
ERROR
Exception in interceptor afterTransactionCompletion()
HHH000088
ERROR
Exception in interceptor beforeTransactionCompletion()
HHH000089
INFO
Sub-resolver threw unexpected exception, continuing to next : %s
HHH000091
ERROR
Expected type: %s, actual value: %s
HHH000092
WARN
An item was expired by the cache while it was locked (increase your cache timeout): %s
HHH000094
INFO
Bound factory to JNDI name: %s
HHH000096
INFO
A factory was renamed from [%s] to [%s] in JNDI
HHH000097
INFO
Unbound factory from JNDI name: %s
HHH000098
INFO
A factory was unbound from name: %s
HHH000099
ERROR
an assertion failure occurred (this may indicate a bug in Hibernate, but is more likely due to unsafe use of the session): %s
HHH000102
INFO
Fetching database metadata
HHH000105
INFO
Flushes: %s
HHH000106
INFO
Forcing container resource cleanup on transaction completion
HHH000107
INFO
Forcing table use for sequence-style generator due to pooled optimizer selection where db does not support pooled sequences
HHH000108
INFO
Foreign keys: %s
HHH000109
INFO
Found mapping document in jar: %s
HHH000113
WARN
GUID identifier generated: %s
HHH000114
INFO
Handling transient entity in delete processing
HHH000116
WARN
Config specified explicit optimizer of [%s], but [%s=%s]; using optimizer [%s] increment default of [%s].
HHH000117
DEBUG
HQL: %s, time: %sms, rows: %s
HHH000118
WARN
HSQLDB supports only READ_UNCOMMITTED isolation
HHH000119
WARN
On EntityLoadContext#clear, hydratingEntities contained [%s] entries
HHH000120
WARN
Ignoring unique constraints specified on table generator [%s]
HHH000122
ERROR
IllegalArgumentException in class: %s, getter method of property: %s
HHH000123
ERROR
IllegalArgumentException in class: %s, setter method of property: %s
HHH000124
WARN
@Immutable used on a non root entity: ignored for %s
HHH000125
WARN
Mapping metadata cache was not completely processed
HHH000126
INFO
Indexes: %s
HHH000127
DEBUG
Could not bind JNDI listener
HHH000130
INFO
Instantiating explicit connection provider: %s
HHH000132
ERROR
Array element type error %s
HHH000133
WARN
Discriminator column has to be defined in the root entity, it will be ignored in subclass: %s
HHH000134
ERROR
Application attempted to edit read only item: %s
HHH000135
ERROR
Invalid JNDI name: %s
HHH000136
WARN
Inapropriate use of @OnDelete on entity, annotation ignored: %s
HHH000137
WARN
Root entity should not hold a PrimaryKeyJoinColum(s), will be ignored: %s
HHH000138
WARN
Mixing inheritance strategy in a entity hierarchy is not allowed, ignoring sub strategy in: %s
HHH000139
WARN
Illegal use of @Table in a subclass of a SINGLE_TABLE hierarchy: %s
HHH000140
INFO
JACC contextID: %s
HHH000141
INFO
java.sql.Types mapped the same code [%s] multiple times; was [%s]; now [%s]
HHH000142
java.lang.String
Bytecode enhancement failed: %s
HHH000143
java.lang.String
Bytecode enhancement failed because no public, protected or package-private default constructor was found for entity: %s. Private constructors don't work with runtime proxies
HHH000144
WARN
%s = false breaks the EJB3 specification
HHH000151
java.lang.String
JDBC rollback failed
HHH000154
INFO
JNDI InitialContext properties:%s
HHH000155
ERROR
JNDI name %s does not handle a session factory reference
HHH000157
INFO
Lazy property fetching available for: %s
HHH000159
WARN
In CollectionLoadContext#endLoadingCollections, localLoadingCollectionKeys contained [%s], but no LoadingCollectionEntry was found in loadContexts
HHH000160
WARN
On CollectionLoadContext#cleanup, localLoadingCollectionKeys contained [%s] entries
HHH000161
INFO
Logging statistics....
HHH000162
DEBUG
*** Logical connection closed ***
HHH000163
DEBUG
Logical connection releasing its physical connection
HHH000173
INFO
Max query time: %sms
HHH000174
WARN
Function template anticipated %s arguments, but %s arguments encountered
HHH000177
ERROR
Error in named query: %s
HHH000178
WARN
Naming exception occurred accessing factory: %s
HHH000179
WARN
Narrowing proxy to %s - this operation breaks ==
HHH000180
WARN
FirstResult/maxResults specified on polymorphic query; applying in memory
HHH000181
WARN
No appropriate connection provider encountered, assuming application will be supplying connections
HHH000182
INFO
No default (no-argument) constructor for class: %s (class must be instantiated by Interceptor)
HHH000183
WARN
no persistent classes found for query class: %s
HHH000184
ERROR
No session factory with JNDI name %s
HHH000187
INFO
Optimistic lock failures: %s
HHH000189
WARN
@OrderBy not allowed for an indexed collection, annotation ignored.
HHH000193
WARN
Overriding %s is dangerous, this might break the EJB3 specification implementation
HHH000194
DEBUG
Package not found or wo package-info.java: %s
HHH000196
ERROR
Error parsing XML (%s) : %s
HHH000197
ERROR
Error parsing XML: %s(%s) %s
HHH000198
ERROR
Warning parsing XML (%s) : %s
HHH000199
WARN
Warning parsing XML: %s(%s) %s
HHH000200
WARN
Persistence provider caller does not implement the EJB3 spec correctly.PersistenceUnitInfo.getNewTempClassLoader() is null.
HHH000201
INFO
Pooled optimizer source reported [%s] as the initial value; use of 1 or greater highly recommended
HHH000202
ERROR
PreparedStatement was already in the batch, [%s].
HHH000203
WARN
processEqualityExpression() : No expression to process
HHH000204
INFO
Processing PersistenceUnitInfo [name: %s]
HHH000205
INFO
Loaded properties from resource hibernate.properties: %s
HHH000206
DEBUG
hibernate.properties not found
HHH000207
WARN
Property %s not found in class but described in (possible typo error)
HHH000209
WARN
proxool properties were encountered, but the %s provider class was not found on the classpath; these properties are going to be ignored.
HHH000210
INFO
Queries executed to database: %s
HHH000213
INFO
Query cache hits: %s
HHH000214
INFO
Query cache misses: %s
HHH000215
INFO
Query cache puts: %s
HHH000218
INFO
RDMSOS2200Dialect version: 1.0
HHH000219
INFO
Reading mappings from cache file: %s
HHH000220
INFO
Reading mappings from file: %s
HHH000221
INFO
Reading mappings from resource: %s
HHH000222
WARN
read-only cache configured for mutable collection [%s]
HHH000223
WARN
Recognized obsolete hibernate namespace %s. Use namespace %s instead. Refer to Hibernate 3.6 Migration Guide
HHH000225
WARN
Property [%s] has been renamed to [%s]; update your properties appropriately
HHH000226
INFO
Required a different provider: %s
HHH000227
INFO
Running hbm2ddl schema export
HHH000228
INFO
Running hbm2ddl schema update
HHH000229
INFO
Running schema validator
HHH000230
INFO
Schema export complete
HHH000231
ERROR
Schema export unsuccessful
HHH000232
INFO
Schema update complete
HHH000233
WARN
Scoping types to session factory %s after already scoped %s
HHH000235
INFO
Searching for mapping documents in jar: %s
HHH000237
INFO
Second level cache hits: %s
HHH000238
INFO
Second level cache misses: %s
HHH000239
INFO
Second level cache puts: %s
HHH000240
INFO
Service properties: %s
HHH000241
INFO
Sessions closed: %s
HHH000242
INFO
Sessions opened: %s
HHH000244
WARN
@Sort not allowed for an indexed collection, annotation ignored.
HHH000245
WARN
Manipulation query [%s] resulted in [%s] split queries
HHH000247
WARN
SQL Error: %s, SQLState: %s
HHH000248
INFO
Starting query cache at region: %s
HHH000249
INFO
Starting service at JNDI name: %s
HHH000250
INFO
Starting update timestamps cache at region: %s
HHH000251
INFO
Start time: %s
HHH000252
INFO
Statements closed: %s
HHH000253
INFO
Statements prepared: %s
HHH000255
INFO
Stopping service
HHH000257
INFO
sub-resolver threw unexpected exception, continuing to next : %s
HHH000258
INFO
Successful transactions: %s
HHH000259
INFO
Synchronization [%s] was already registered
HHH000260
ERROR
Exception calling user Synchronization [%s] : %s
HHH000261
INFO
Table found: %s
HHH000262
INFO
Table not found: %s
HHH000263
INFO
More than one table found: %s
HHH000266
INFO
Transactions: %s
HHH000267
WARN
Transaction started on non-root session
HHH000268
INFO
Transaction strategy: %s
HHH000269
WARN
Type [%s] defined no registration keys; ignoring
HHH000270
DEBUG
Type registration key [%s] overrode previous key : %s
Error while accessing session factory with JNDI name %s
HHH000273
WARN
Error accessing type info result set : %s
HHH000274
WARN
Unable to apply constraints on DDL for %s
HHH000276
WARN
Could not bind Ejb3Configuration to JNDI
HHH000277
WARN
Could not bind factory to JNDI
HHH000278
INFO
Could not bind value '%s' to parameter: %s; %s
HHH000279
ERROR
Unable to build enhancement metamodel for %s
HHH000280
INFO
Could not build SessionFactory using the MBean classpath - will try again using client classpath: %s
HHH000281
WARN
Unable to clean up callable statement
HHH000282
WARN
Unable to clean up prepared statement
HHH000283
WARN
Unable to cleanup temporary id table after use [%s]
HHH000285
INFO
Error closing InitialContext [%s]
HHH000286
ERROR
Error closing input files: %s
HHH000287
WARN
Could not close input stream
HHH000288
WARN
Could not close input stream for %s
HHH000289
INFO
Unable to close iterator
HHH000290
ERROR
Could not close jar: %s
HHH000291
ERROR
Error closing output file: %s
HHH000292
WARN
IOException occurred closing output stream
HHH000294
ERROR
Could not close session
HHH000295
ERROR
Could not close session during rollback
HHH000296
WARN
IOException occurred closing stream
HHH000297
ERROR
Could not close stream on hibernate.properties: %s
HHH000298
java.lang.String
JTA commit failed
HHH000299
ERROR
Could not complete schema update
HHH000300
ERROR
Could not complete schema validation
HHH000301
WARN
Unable to configure SQLExceptionConverter : %s
HHH000302
ERROR
Unable to construct current session context [%s]
HHH000303
WARN
Unable to construct instance of specified SQLExceptionConverter : %s
HHH000304
WARN
Could not copy system properties, system properties will be ignored
HHH000305
WARN
Could not create proxy factory for:%s
HHH000306
ERROR
Error creating schema
HHH000307
WARN
Could not deserialize cache file: %s : %s
HHH000308
WARN
Unable to destroy cache: %s
HHH000309
WARN
Unable to destroy query cache: %s: %s
HHH000310
WARN
Unable to destroy update timestamps cache: %s: %s
HHH000312
java.lang.String
Could not determine transaction status
HHH000313
java.lang.String
Could not determine transaction status after commit
HHH000314
WARN
Unable to evictData temporary id table after use [%s]
HHH000315
ERROR
Exception executing batch [%s], SQL: %s
HHH000316
WARN
Error executing resolver [%s] : %s
HHH000318
INFO
Could not find any META-INF/persistence.xml file in the classpath
HHH000319
ERROR
Could not get database metadata
HHH000320
WARN
Unable to instantiate configured schema name resolver [%s] %s
HHH000321
WARN
Unable to interpret specified optimizer [%s], falling back to noop
HHH000322
WARN
Unable to instantiate specified optimizer [%s], falling back to noop
HHH000325
WARN
Unable to instantiate UUID generation strategy class : %s
HHH000326
WARN
Cannot join transaction: do not override %s
HHH000327
INFO
Error performing load command
HHH000328
WARN
Unable to load/access derby driver class sysinfo to check versions : %s
HHH000329
ERROR
Problem loading properties from hibernate.properties
HHH000330
java.lang.String
Unable to locate config file: %s
HHH000331
WARN
Unable to locate configured schema name resolver class [%s] %s
HHH000332
WARN
Unable to locate MBeanServer on JMX service shutdown
HHH000334
WARN
Unable to locate requested UUID generation strategy class : %s
HHH000335
WARN
Unable to log SQLWarnings : %s
HHH000336
WARN
Could not log warnings
HHH000337
ERROR
Unable to mark for rollback on PersistenceException:
HHH000338
ERROR
Unable to mark for rollback on TransientObjectException:
HHH000339
WARN
Could not obtain connection metadata: %s
HHH000342
WARN
Could not obtain connection to query metadata
HHH000343
ERROR
Could not obtain initial context
HHH000344
ERROR
Could not parse the package-level metadata [%s]
HHH000345
java.lang.String
JDBC commit failed
HHH000346
ERROR
Error during managed flush [%s]
HHH000347
java.lang.String
Unable to query java.sql.DatabaseMetaData
HHH000348
ERROR
Unable to read class: %s
HHH000349
INFO
Could not read column value from result set: %s; %s
HHH000350
java.lang.String
Could not read a hi value - you need to populate the table: %s
HHH000351
ERROR
Could not read or init a hi value
HHH000352
ERROR
Unable to release batch statement...
HHH000353
ERROR
Could not release a cache lock : %s
HHH000354
INFO
Unable to release initial context: %s
HHH000355
WARN
Unable to release created MBeanServer : %s
HHH000356
INFO
Unable to release isolated connection [%s]
HHH000357
WARN
Unable to release type info result set
HHH000358
WARN
Unable to erase previously added bag join fetch
HHH000359
INFO
Could not resolve aggregate function [%s]; using standard definition
HHH000360
INFO
Unable to resolve mapping file [%s]
HHH000361
INFO
Unable to retrieve cache from JNDI [%s]: %s
HHH000362
WARN
Unable to retrieve type info result set : %s
HHH000363
INFO
Unable to rollback connection on exception [%s]
HHH000364
INFO
Unable to rollback isolated transaction on error [%s] : [%s]
HHH000365
java.lang.String
JTA rollback failed
HHH000366
ERROR
Error running schema update
HHH000367
ERROR
Could not set transaction to rollback only
HHH000368
WARN
Exception while stopping service
HHH000369
INFO
Error stopping service [%s]
HHH000370
WARN
Exception switching from method: [%s] to a method using the column index. Reverting to using: [%
HHH000371
ERROR
Could not synchronize database state with session: %s
HHH000372
ERROR
Could not toggle autocommit
HHH000373
ERROR
Unable to transform class: %s
HHH000374
WARN
Could not unbind factory from JNDI
HHH000375
java.lang.String
Could not update hi value in: %s
HHH000376
ERROR
Could not updateQuery hi value in: %s
HHH000377
INFO
Error wrapping result set
HHH000378
WARN
I/O reported error writing cached file : %s: %s
HHH000380
WARN
Unexpected literal token type [%s] passed for numeric processing
HHH000381
WARN
JDBC driver did not return the expected number of row counts
HHH000382
WARN
Unrecognized bytecode provider [%s]; using the default implementation [%s]
HHH000383
WARN
Unknown Ingres major version [%s]; using Ingres 9.2 dialect
HHH000384
WARN
Unknown Oracle major version [%s]
HHH000385
WARN
Unknown Microsoft SQL Server major version [%s] using [%s] dialect
HHH000386
WARN
ResultSet had no statement associated with it, but was not yet registered
HHH000387
DEBUG
ResultSet's statement was not registered
HHH000388
ERROR
Unsuccessful: %s
HHH000390
WARN
Overriding release mode as connection provider does not support 'after_statement'
HHH000391
WARN
Ingres 10 is not yet fully supported; using Ingres 9.3 dialect
HHH000392
WARN
Hibernate does not support SequenceGenerator.initialValue() unless '%s' set
HHH000393
WARN
The %s.%s.%s version of H2 implements temporary table creation such that it commits current transaction; multi-table, bulk hql/jpaql will not work properly
HHH000394
WARN
Oracle 11g is not yet fully supported; using Oracle 10g dialect
HHH000396
INFO
Updating schema
HHH000398
INFO
Explicit segment value for id generator [%s.%s] suggested; using default [%s]
HHH000399
INFO
Using default transaction strategy (direct JDBC transactions)
HHH000400
DEBUG
Using dialect: %s
HHH000404
ERROR
Don't use old DTDs, read the Hibernate 3.x Migration Guide
HHH000406
INFO
Using bytecode reflection optimizer
HHH000409
WARN
Using %s which does not generate IETF RFC 4122 compliant UUID values; consider using %s instead
HHH000410
INFO
Hibernate Validator not found: ignoring
HHH000412
INFO
Hibernate ORM core version %s
HHH000413
WARN
Warnings creating temp table : %s
HHH000414
INFO
Property hibernate.search.autoregister_listeners is set to false. No attempt will be made to register Hibernate Search event listeners.
HHH000416
WARN
Write locks via update not supported for non-versioned entities [%s]
HHH000417
INFO
Writing generated schema to file: %s
HHH000418
INFO
Adding override for %s: %s
HHH000419
WARN
Resolved SqlTypeDescriptor is for a different SQL code. %s has sqlCode=%s; type override %s has sqlCode=%s
HHH000420
DEBUG
Closing un-released batch
HHH000421
DEBUG
Disabling contextual LOB creation as %s is true
HHH000422
DEBUG
Disabling contextual LOB creation as connection was null
HHH000423
DEBUG
Disabling contextual LOB creation as JDBC driver reported JDBC version [%s] less than 4
Could not close session; swallowing exception[%s] as transaction completed
HHH000426
WARN
You should set hibernate.transaction.jta.platform if cache is enabled
HHH000428
INFO
Encountered legacy TransactionManagerLookup specified; convert to newer %s contract specified via %s setting
HHH000429
WARN
Setting entity-identifier value binding where one already existed : %s.
HHH000432
WARN
There were not column names specified for index %s on table %s
HHH000433
INFO
update timestamps cache puts: %s
HHH000434
INFO
update timestamps cache hits: %s
HHH000435
INFO
update timestamps cache misses: %s
HHH000436
WARN
Entity manager factory name (%s) is already registered. If entity manager will be clustered or passivated, specify a unique value for property '%s'
HHH000437
WARN
Attempting to save one or more entities that have a non-nullable association with an unsaved transient entity. The unsaved transient entity must be saved in an operation prior to saving these dependent entities. Unsaved transient entity: (%s) Dependent entities: (%s) Non-nullable association(s): (%s)
HHH000438
INFO
NaturalId cache puts: %s
HHH000439
INFO
NaturalId cache hits: %s
HHH000440
INFO
NaturalId cache misses: %s
HHH000441
INFO
Max NaturalId query time: %sms
HHH000442
INFO
NaturalId queries executed to database: %s
HHH000443
WARN
Dialect [%s] limits the number of elements in an IN predicate to %s entries. However, the given parameter list [%s] contained %s entries, which will likely cause failures to execute the query in the database
HHH000444
WARN
Encountered request for locking however dialect reports that database prefers locking be done in a separate select (follow-on locking); results will be locked after initial query executes
HHH000445
WARN
Alias-specific lock modes requested, which is not currently supported with follow-on locking; all acquired locks will be [%s]
HHH000446
WARN
embed-xml attributes were intended to be used for DOM4J entity mode. Since that entity mode has been removed, embed-xml attributes are no longer supported and should be removed from mappings.
HHH000447
WARN
Explicit use of UPGRADE_SKIPLOCKED in lock() calls is not recommended; use normal UPGRADE locking instead
HHH000448
INFO
'jakarta.persistence.validation.mode' named multiple values : %s
HHH000449
WARN
@Convert annotation applied to Map attribute [%s] did not explicitly specify attributeName using 'key'/'value' as required by spec; attempting to DoTheRightThing
HHH000450
WARN
Encountered request for Service by non-primary service role [%s -> %s]; please update usage
HHH000451
WARN
Transaction afterCompletion called by a background thread; delaying afterCompletion processing until the original thread can handle it. [status=%s]
HHH000452
WARN
Exception while loading a class or resource found during scanning
HHH000453
WARN
Exception while discovering OSGi service implementations : %s
HHH000456
WARN
Named parameters are used for a callable statement, but database metadata indicates named parameters are not supported.
HHH000457
WARN
Joined inheritance hierarchy [%1$s] defined explicit @DiscriminatorColumn. Legacy Hibernate behavior was to ignore the @DiscriminatorColumn. However, as part of issue HHH-6911 we now apply the explicit @DiscriminatorColumn. If you would prefer the legacy behavior, enable the `%2$s` setting (%2$s=true)
HHH000467
DEBUG
Creating pooled optimizer (lo) with [incrementSize=%s; returnClass=%s]
HHH000468
WARN
Unable to interpret type [%s] as an AttributeConverter due to an exception : %s
HHH000469
org.hibernate.HibernateException
The ClassLoaderService can not be reused. This instance was stopped already.
HHH000470
WARN
An unexpected session is defined for a collection, but the collection is not connected to that session. A persistent collection may only be associated with one session at a time. Overwriting session. %s
HHH000471
WARN
Cannot unset session in a collection because an unexpected session is defined. A persistent collection may only be associated with one session at a time. %s
HHH000472
WARN
Hikari properties were encountered, but the Hikari ConnectionProvider was not found on the classpath; these properties are going to be ignored.
HHH000473
INFO
Omitting cached file [%s] as the mapping file is newer
HHH000474
java.lang.String
Ambiguous persistent property methods detected on %s; mark one as @Transient : [%s] and [%s]
HHH000475
INFO
Cannot locate column information using identifier [%s]; ignoring index [%s]
HHH000476
DEBUG
Executing script '%s'
HHH000477
DEBUG
Starting delayed evictData of schema as part of SessionFactory shut-down'
HHH000478
ERROR
Unsuccessful: %s
HHH000479
java.lang.String
Collection [%s] was not processed by flush(). This is likely due to unsafe use of the session (e.g. used in multiple threads concurrently, updates during entity lifecycle hooks).
HHH000480
WARN
A ManagedEntity was associated with a stale PersistenceContext. A ManagedEntity may only be associated with one PersistenceContext at a time; %s
HHH000481
WARN
Encountered Java type [%s] for which we could not locate a JavaType and which does not appear to implement equals and/or hashCode. This can lead to significant performance problems when performing equality/dirty checking involving this Java type. Consider registering a custom JavaType or at least implementing equals/hashCode.
HHH000482
WARN
@org.hibernate.annotations.Cache used on a non-root entity: ignored for [%s]. Please see the Hibernate documentation for proper usage.
HHH000483
WARN
An experimental - and now also deprecated - feature has been enabled (hibernate.create_empty_composites.enabled=true) that instantiates empty composite/embedded objects when all of its attribute values are null. This feature has known issues and should not be used in production. See Hibernate Jira issue HHH-11936 for details.
HHH000484
WARN
Vibur properties were encountered, but the Vibur ConnectionProvider was not found on the classpath; these properties are going to be ignored.
HHH000485
ERROR
Illegally attempted to associate a proxy for entity [%s] with id [%s] with two open sessions.
HHH000486
WARN
Agroal properties were encountered, but the Agroal ConnectionProvider was not found on the classpath; these properties are going to be ignored.
HHH000487
WARN
The query: [%s] attempts to update an immutable entity: %s
HHH000488
java.lang.String
Bytecode enhancement failed for class: %1$s. It might be due to the Java module system preventing Hibernate ORM from defining an enhanced class in the same package as class %1$s. In this case, the class should be opened and exported to Hibernate ORM.
HHH000490
INFO
Using JtaPlatform implementation: [%s]
HHH000491
WARN
'%1$s.%2$s' uses both @NotFound and FetchType.LAZY. @ManyToOne and @OneToOne associations mapped with @NotFound are forced to EAGER fetching.
HHH000492
INFO
Query plan cache hits: %s
HHH000493
INFO
Query plan cache misses: %s
HHH000494
WARN
Attempt to merge an uninitialized collection with queued operations; queued operations will be ignored: %s
HHH000495
WARN
Attaching an uninitialized collection with queued operations to a session: %s
HHH000496
INFO
Detaching an uninitialized collection with queued operations from a session: %s
HHH000497
WARN
The increment size of the [%s] sequence is set to [%d] in the entity mapping while the associated database sequence increment size is [%d]. The database sequence increment size will take precedence to avoid identifier allocation conflicts.
HHH000498
DEBUG
Detaching an uninitialized collection with queued operations from a session due to rollback: %s
HHH000499
WARN
Using @AttributeOverride or @AttributeOverrides in conjunction with entity inheritance is not supported: %s. The overriding definitions are ignored.
HHH000502
WARN
The [%s] property of the [%s] entity was modified, but it won't be updated because the property is immutable.
HHH000503
WARN
A class should not be annotated with both @Inheritance and @MappedSuperclass. @Inheritance will be ignored for: %s.
HHH000504
WARN
Multiple configuration properties defined to create schema. Choose at most one among 'jakarta.persistence.create-database-schemas' or 'hibernate.hbm2ddl.create_namespaces'.
HHH000505
WARN
Ignoring ServiceConfigurationError caught while trying to instantiate service '%s'.
HHH000506
WARN
Detaching an uninitialized collection with enabled filters from a session: %s
HHH000508
org.hibernate.HibernateException
The Javassist based BytecodeProvider has been removed: remove the `hibernate.bytecode.provider` configuration property to switch to the default provider
HHH000509
WARN
Multi-table insert is not available due to missing identity and window function support for: %s
HHH000510
WARN
Association with `fetch="join"`/`@Fetch(FetchMode.JOIN)` and `lazy="true"`/`FetchType.LAZY` found. This will be interpreted as lazy: %s
HHH000511
WARN
The %2$s version for [%s] is no longer supported, hence certain features may not work properly. The minimum supported version is %3$s. Check the community dialects project for available legacy versions.
HHH000512
WARN
The database version version for the Cockroach Dialect could not be determined. The minimum supported version (%s) has been set instead.
HHH000513
DEBUG
Unable to create the ReflectionOptimizer for [%s]
HHH000514
WARN
PostgreSQL JDBC driver classes are inaccessible and thus, certain DDL types like JSONB, JSON, GEOMETRY can not be used.
HHH000515
org.hibernate.HibernateException
Can't retrieve the generated identity value, because the dialect does not support selecting the last generated identity and 'hibernate.jdbc.use_get_generated_keys' was disabled
HHH015001
INFO
Bound Ejb3Configuration to JNDI name: %s
HHH015002
INFO
Ejb3Configuration name: %s
HHH015003
INFO
An Ejb3Configuration was renamed from name: %s
HHH015004
INFO
An Ejb3Configuration was unbound from name: %s
HHH015005
WARN
Exploded jar file does not exist (ignored): %s
HHH015006
WARN
Exploded jar file not a directory (ignored): %s
HHH015007
ERROR
Illegal argument on static metamodel field injection : %s#%s; expected type : %s; encountered type : %s
HHH015008
ERROR
Malformed URL: %s
HHH015009
WARN
Malformed URL: %s
HHH015010
WARN
Unable to find file (ignored): %s
HHH015011
WARN
Unable to locate static metamodel field : %s#%s; this may or may not indicate a problem with the static metamodel
HHH015012
INFO
Using provided datasource
HHH015013
DEBUG
Returning null (as required by JPA spec) rather than throwing EntityNotFoundException, as the entity (type=%s, id=%s) does not exist
HHH015014
WARN
DEPRECATION - attempt to refer to JPA positional parameter [?%1$s] using String name ["%1$s"] rather than int position [%1$s] (generally in Query#setParameter, Query#getParameter or Query#getParameterValue calls). Hibernate previously allowed such usage, but it is considered deprecated.
HHH015015
INFO
Encountered a MappedSuperclass [%s] not used in any entity hierarchy
HHH015016
WARN
Encountered a deprecated jakarta.persistence.spi.PersistenceProvider [%s]; [%s] will be used instead.
HHH015017
WARN
'hibernate.ejb.use_class_enhancer' property is deprecated. Use 'hibernate.enhance.enable[...]' properties instead to enable each individual feature.
HHH015018
WARN
Encountered multiple persistence-unit stanzas defining same name [%s]; persistence-unit names must be unique
HHH025001
org.hibernate.cache.CacheException
Pending-puts cache must not be clustered!
HHH025002
org.hibernate.cache.CacheException
Pending-puts cache must not be transactional!
HHH025003
WARN
Pending-puts cache configuration should be a template.
HHH025004
org.hibernate.cache.CacheException
Pending-puts cache must have expiration.max-idle set
HHH025005
WARN
Property 'hibernate.cache.infinispan.use_synchronization' is deprecated; 2LC with transactional cache must always use synchronizations.
HHH025006
ERROR
Custom cache configuration '%s' was requested for type %s but it was not found!
HHH025007
ERROR
Custom cache configuration '%s' was requested for region %s but it was not found - using configuration by type (%s).
HHH025008
org.hibernate.cache.CacheException
Timestamps cache must not use eviction!
HHH025009
org.hibernate.cache.CacheException
Unable to start region factory
HHH025010
org.hibernate.cache.CacheException
Unable to create default cache manager
HHH025011
org.hibernate.cache.CacheException
Infinispan custom cache command factory not installed (possibly because the classloader where Infinispan lives couldn't find the Hibernate Infinispan cache provider)
HHH025012
WARN
Requesting TRANSACTIONAL cache concurrency strategy but the cache is not configured as transactional.
HHH025013
WARN
Requesting READ_WRITE cache concurrency strategy but the cache was configured as transactional.
HHH025014
WARN
Setting eviction on cache using tombstones can introduce inconsistencies!
HHH025015
ERROR
Failure updating cache in afterCompletion, will retry
HHH025016
ERROR
Failed to end invalidating pending putFromLoad calls for key %s from region %s; the key won't be cached until invalidation expires.
HHH025017
org.hibernate.cache.CacheException
Unable to retrieve CacheManager from JNDI [%s]
HHH025018
WARN
Unable to release initial context
HHH025019
WARN
Use non-transactional query caches for best performance!
HHH025020
ERROR
Unable to broadcast invalidations as a part of the prepare phase. Rolling back.
HHH025021
org.hibernate.cache.CacheException
Could not suspend transaction
HHH025022
org.hibernate.cache.CacheException
Could not resume transaction
HHH025023
org.hibernate.cache.CacheException
Unable to get current transaction
HHH025024
org.hibernate.cache.CacheException
Failed to invalidate pending putFromLoad calls for key %s from region %s
HHH025025
ERROR
Failed to invalidate pending putFromLoad calls for region %s
HHH025026
org.hibernate.cache.CacheException
Property 'hibernate.cache.infinispan.cachemanager' not set
HHH025027
org.hibernate.cache.CacheException
Timestamp cache cannot be configured with invalidation
HHH025028
WARN
Ignoring deprecated property '%s'
HHH025029
WARN
Property '%s' is deprecated, please use '%s' instead
HHH025030
WARN
Transactional caches are not supported. The configuration option will be ignored; please unset.
HHH025031
WARN
Configuration for pending-puts cache '%s' is already defined - another instance of SessionFactory was not closed properly.
HHH025032
WARN
Cache configuration '%s' is present but the use has not been defined through hibernate.cache.infinispan.%s.cfg=%s
HHH025033
WARN
Configuration properties contain record for unqualified region name '%s' but it should contain qualified region name '%s'
HHH025034
WARN
Configuration for unqualified region name '%s' is defined but the cache will use qualified name '%s'
HHH025035
ERROR
Operation #%d scheduled to complete before transaction completion failed
HHH025036
ERROR
Operation #%d scheduled after transaction completion failed (transaction successful? %s)
HHH035001
DEBUG
Using dialect: %s
HHH100001
WARN
JDBC driver did not return the expected number of row counts (%s) - expected %s, but received %s
HHH100501
ERROR
Exception executing batch [%s], SQL: %s
HHH100502
ERROR
Unable to release batch statement...
HHH100503
INFO
On release of batch it still contained JDBC statements
HHH10000001
WARN
Malformed URL: %s
HHH10000002
WARN
File or directory named by URL [%s] could not be found. URL will be ignored
HHH10000003
WARN
File or directory named by URL [%s] did not exist. URL will be ignored
HHH10000004
WARN
Expecting resource named by URL [%s] to be a directory, but it was not. URL will be ignored
HHH10000005
java.lang.String
File [%s] referenced by given URL [%s] does not exist
HHH10001001
INFO
Connection properties: %s
HHH10001002
WARN
Using built-in connection pool (not intended for production use)
HHH10001003
INFO
Autocommit mode: %s
HHH10001004
java.lang.String
No JDBC URL specified by property %s
HHH10001005
INFO
Loaded JDBC driver class: %s
HHH10001006
WARN
No JDBC Driver class was specified by property %s
HHH10001007
INFO
JDBC isolation level: %s
HHH10001008
INFO
Cleaning up connection pool [%s]
HHH10001009
WARN
Problem closing pooled connection
HHH10001010
INFO
No JDBC driver class specified by %s
HHH10001011
INFO
Loaded JDBC drivers: %s
HHH10001012
INFO
Connecting with JDBC URL [%s]
HHH10001115
INFO
Connection pool size: %s (min=%s)
HHH10001284
ERROR
Error closing connection
HHH10001501
INFO
Connection obtained from JdbcConnectionAccess [%s] for (non-JTA) DDL execution was not in auto-commit mode; the Connection 'local transaction' will be committed and the Connection will be set into auto-commit mode.
HHH10005001
WARN
An explicit CDI BeanManager reference [%s] was passed to Hibernate, but CDI is not available on the Hibernate ClassLoader. This is likely going to lead to exceptions later on in bootstrap
HHH10005002
INFO
No explicit CDI BeanManager reference was passed to Hibernate, but CDI is available on the Hibernate ClassLoader.
HHH10005003
INFO
Stopping ManagedBeanRegistry : %s
HHH10005004
INFO
Stopping BeanContainer : %s
HHH10010001
DEBUG
Disabling contextual LOB creation as %s is true
HHH10010002
DEBUG
Disabling contextual LOB creation as connection was null
HHH10010003
DEBUG
Disabling contextual LOB creation as JDBC driver reported JDBC version [%s] less than 4
HHH10010004
DEBUG
Disabling contextual LOB creation as Dialect reported it is not supported
embed-xml attributes were intended to be used for DOM4J entity mode. Since that entity mode has been removed, embed-xml attributes are no longer supported and should be removed from mappings.
HHH90000005
WARN
Defining an entity [%s] with no physical id attribute is no longer supported; please map the identifier to a physical entity attribute
HHH90000007
WARN
Attempted to specify unsupported NamingStrategy via command-line argument [--naming]. NamingStrategy has been removed in favor of the split ImplicitNamingStrategy and PhysicalNamingStrategy; use [--implicit-naming] or [--physical-naming], respectively, instead.
HHH90000008
WARN
Attempted to specify unsupported NamingStrategy via Ant task argument. NamingStrategy has been removed in favor of the split ImplicitNamingStrategy and PhysicalNamingStrategy.
HHH90000009
WARN
The outer-join attribute on has been deprecated. Instead of outer-join="false", use lazy="extra" with
HHH90000010
WARN
The fetch attribute on has been deprecated. Instead of fetch="select", use lazy="extra" with
HHH90000012
WARN
Recognized obsolete hibernate namespace %s. Use namespace %s instead. Support for obsolete DTD/XSD namespaces may be removed at any time.
HHH90000013
WARN
Named ConnectionProvider [%s] has been deprecated in favor of %s; that provider will be used instead. Update your settings
HHH90000014
WARN
Found use of deprecated [%s] sequence-based id generator; use org.hibernate.id.enhanced.SequenceStyleGenerator instead. See Hibernate Domain Model Mapping Guide for details.
HHH90000015
WARN
Found use of deprecated [%s] table-based id generator; use org.hibernate.id.enhanced.TableGenerator instead. See Hibernate Domain Model Mapping Guide for details.
HHH90000018
WARN
Found use of deprecated transaction factory setting [%s]; use the new TransactionCoordinatorBuilder settings [%s] instead
HHH90000021
WARN
Encountered deprecated setting [%s], use [%s] instead
HHH90000026
WARN
%s has been deprecated
HHH90000026
WARN
%s has been deprecated; use %s instead
HHH90000027
WARN
Encountered deprecated setting [%s]; instead %s
HHH90000028
WARN
Support for `` is deprecated [%s : %s]; migrate to orm.xml or mapping.xml, or enable `hibernate.transform_hbm_xml.enabled` for on the fly transformation
HHH90000029
WARN
The [%s] configuration is deprecated and will be removed. Set the value to [%s] to get rid of this warning
HHH90000030
WARN
The [%s] configuration is deprecated and will be removed.
HHH90001001
WARN
Attempt to restart an already started RegionFactory. Use sessionFactory.close() between repeated calls to buildSessionFactory. Using previously created RegionFactory.
HHH90001002
WARN
Attempt to restop an already stopped JCacheRegionFactory.
HHH90001003
WARN
Read-only caching was requested for mutable entity [%s]
HHH90001004
WARN
Read-only caching was requested for mutable natural-id for entity [%s]
HHH90001005
INFO
Cache[%s] Key[%s] A soft-locked cache entry was expired by the underlying cache. If this happens regularly you should consider increasing the cache timeouts and/or capacity limits
HHH90001006
WARN
Missing cache[%1$s] was created on-the-fly. The created cache will use a provider-specific default configuration: make sure you defined one. You can disable this warning by setting '%2$s' to '%3$s'.
HHH90001007
WARN
Using legacy cache name [%2$s] because configuration could not be found for cache [%1$s]. Update your configuration to rename cache [%2$s] to [%1$s].
HHH90001008
WARN
Cache [%1$s] uses the [%2$s] access type, but [%3$s] does not support it natively. Make sure your cache implementation supports JTA transactions.
HHH90003001
ERROR
Error in named query: %s
HHH90003002
INFO
Unable to determine lock mode value : %s -> %s
HHH90003003
INFO
Ignoring unrecognized query hint [%s]
HHH90003004
WARN
firstResult/maxResults specified with collection fetch; applying in memory
HHH90003501
ERROR
Error in named query: %s
HHH90005601
INFO
Envers-generated HBM mapping...%n%s
HHH90005901
WARN
`%s#%s` was mapped with explicit lazy-group (`%s`). Hibernate will ignore the lazy-group - this is generally not a good idea for to-one associations as it would lead to 2 separate SQL selects to initialize the association. This is expected to be improved in future versions of Hibernate
HHH90006001
WARN
Encountered incubating setting [%s]. See javadoc on corresponding `org.hibernate.cfg.AvailableSettings` constant for details.
HSEARCH
Code
Level
Return Type
Message
HSEARCH-00001
java.lang.String
MassIndexer operation
HSEARCH-00001
java.lang.String
Indexing instance of entity '%s' during mass indexing
HSEARCH-00001
java.lang.String
Fetching identifiers of entities to index for entity '%s' during mass indexing
HSEARCH-00001
java.lang.String
Loading and extracting entity data for entity '%s' during mass indexing
This multi-valued field has a 'FLATTENED' structure, which means the structure of objects is not preserved upon indexing, making object projections impossible. Try setting the field structure to 'NESTED' and reindexing all your data.
HSEARCH-00001
java.lang.String
The default backend can be retrieved
HSEARCH-00001
java.lang.String
The default backend cannot be retrieved, because no entity is mapped to that backend
HSEARCH-00001
java.lang.String
Failed to resolve bean from Hibernate Search's internal registry with exception: %1$s
HSEARCH-00001
java.lang.String
Failed to resolve bean from bean manager with exception: %1$s
HSEARCH-00001
java.lang.String
Failed to resolve bean using reflection with exception: %1$s
HSEARCH-00001
java.lang.String
Make sure the field is marked as searchable/sortable/projectable/aggregable/highlightable (whichever is relevant). If it already is, then '%1$s' is not available for fields of this type.
HSEARCH-00001
java.lang.String
Some object field features require a nested structure; try setting the field structure to 'NESTED' and reindexing all your data. If you are trying to use another feature, it probably isn't available for this field.
HSEARCH-00001
java.lang.String
Make sure the field is marked as searchable/sortable/projectable/aggregable/highlightable (whichever is relevant) in all indexes, and that the field has the same type in all indexes.
HSEARCH-00001
java.lang.String
If you are trying to use the 'nested' predicate, set the field structure is to 'NESTED' in all indexes, then reindex all your data.
HSEARCH000017
ERROR
Work discarded, thread was interrupted while waiting for space to schedule: %1$s
HSEARCH000027
INFO
Mass indexing is going to index %d entities.
HSEARCH000028
INFO
Mass indexing complete. Indexed %1$d entities.
HSEARCH000030
INFO
Mass indexing progress: indexed %1$d entities in %2$d ms.
HSEARCH000031
INFO
Mass indexing progress: %3$.2f%%. Mass indexing speed: %1$f documents/second since last message, %2$f documents/second since start.
HSEARCH000034
INFO
Hibernate Search version %1$s
HSEARCH000036
WARN
Unable to guess the transaction status: not starting a JTA transaction.
HSEARCH000039
WARN
Unable to properly close scroll in ScrollableResults.
HSEARCH000041
INFO
Index directory does not exist, creating: '%1$s'
HSEARCH000052
WARN
An index writer operation failed. Resetting the index writer and forcing release of locks. %1$s
HSEARCH000055
WARN
Unable to close the index reader. %1$s
HSEARCH000058
ERROR
%1$s
HSEARCH000062
ERROR
Mass indexing received interrupt signal: aborting.
HSEARCH000075
WARN
Missing value for configuration property '%1$s': using LATEST (currently '%2$s'). %3$s
HSEARCH000114
org.hibernate.search.util.common.SearchException
Resource does not exist in classpath: '%1$s'
HSEARCH000135
org.hibernate.search.util.common.SearchException
No default value bridge implementation for type '%1$s'. Use a custom bridge.
HSEARCH000159
org.hibernate.search.util.common.SearchException
No property annotated with %1$s(markerSet = "%3$s"). There must be exactly one such property in order to map it to geo-point field '%2$s'.
HSEARCH000160
org.hibernate.search.util.common.SearchException
Multiple properties annotated with %1$s(markerSet = "%3$s"). There must be exactly one such property in order to map it to geo-point field '%2$s'.
HSEARCH000177
org.hibernate.search.util.common.SearchException
Unable to define a document identifier for indexed type '%1$s', The property representing the entity identifier is unknown. Define the document identifier explicitly by annotating a property whose values are unique with @DocumentId.
HSEARCH000216
org.hibernate.search.util.common.SearchException
%1$s defines includePaths filters that do not match anything. Non-matching includePaths filters: %2$s. Encountered field paths: %3$s. Check the filters for typos, or remove them if they are not useful.
HSEARCH000221
org.hibernate.search.util.common.SearchException
Infinite embedded recursion involving path '%2$s' on type '%1$s'
HSEARCH000225
WARN
Unable to acquire lock on the index while initializing directory '%s'. Either the directory wasn't properly closed last time it was used due to a critical failure, or another instance of Hibernate Search is using it concurrently (which is not supported). If you experience indexing failures on this index you will need to remove the lock, and might need to rebuild the index.
HSEARCH000226
TRACE
%s: %s
HSEARCH000228
org.hibernate.search.util.common.SearchException
Unable to parse '%1$ss' into a Lucene version: %2$s
HSEARCH000230
DEBUG
Starting executor '%1$s'
HSEARCH000231
DEBUG
Stopping executor '%1$s'
HSEARCH000234
org.hibernate.search.util.common.SearchException
No matching indexed entity types for types: %1$s These types are not indexed entity types, nor is any of their subtypes. Valid indexed entity classes, superclasses and superinterfaces are: %2$s.
HSEARCH000237
org.hibernate.search.util.common.SearchException
Invalid range: at least one bound in range predicates must be non-null.
HSEARCH000242
org.hibernate.search.util.common.SearchException
Invalid type '%1$s': missing constructor. The type must expose a public, no-arguments constructor.
HSEARCH000274
TRACE
Executing Lucene query: %s
HSEARCH000276
org.hibernate.search.util.common.SearchException
No transaction active. Consider increasing the connection time-out.
HSEARCH000284
org.hibernate.search.util.common.SearchException
Unable to open index readers: %1$s
HSEARCH000295
org.hibernate.search.util.common.SearchException
Invalid value for type '$2%s': '$1%s'. %3$s
HSEARCH000297
org.hibernate.search.util.common.SearchException
Unable to convert '%2$s' into type '%1$s': value is too large.
HSEARCH000329
org.hibernate.search.util.common.SearchException
Unable to apply analysis configuration: %1$s
HSEARCH000337
org.hibernate.search.util.common.SearchException
Conflicting usage of @Param annotation for parameter name: '%1$s'. Can't assign both value '%2$s' and '%3$s'
HSEARCH000337
org.hibernate.search.util.common.SearchException
Ambiguous value for parameter '%1$s': this parameter is set to two different values '%2$s' and '%3$s'.
HSEARCH000342
org.hibernate.search.util.common.SearchException
Invalid index field type: both analyzer '%1$s' and normalizer '%2$s' are assigned to this type. Either an analyzer or a normalizer can be assigned, but not both.
HSEARCH000344
WARN
Invalid normalizer implementation: the normalizer for definition '%s' produced %d tokens. Normalizers should never produce more than one token. The tokens have been concatenated by Hibernate Search, but you should fix your normalizer definition.
HSEARCH000345
org.hibernate.search.util.common.SearchException
Invalid index field type: both analyzer '%1$s' and sorts are enabled. Sorts are not supported on analyzed fields. If you need an analyzer simply to transform the text (lowercasing, ...) without splitting it into tokens, use a normalizer instead. If you need an actual analyzer (with tokenization), define two separate fields: one with an analyzer that is not sortable, and one with a normalizer that is sortable.
HSEARCH000353
org.hibernate.search.util.common.SearchException
Unknown analyzer: '%1$s'. Make sure you defined this analyzer.
HSEARCH000501
org.hibernate.search.util.common.SearchException
Invalid value for configuration property '%1$s': '%2$s'. %3$s
HSEARCH000502
org.hibernate.search.util.common.SearchException
Invalid value: expected either an instance of '%1$s' or a String that can be parsed into that type. %2$s
HSEARCH000503
org.hibernate.search.util.common.SearchException
Invalid Boolean value: expected either a Boolean, the String 'true' or the String 'false'. %1$s
HSEARCH000504
org.hibernate.search.util.common.SearchException
Invalid Integer value: expected either a Number or a String that can be parsed into an Integer. %1$s
HSEARCH000505
org.hibernate.search.util.common.SearchException
Invalid Long value: expected either a Number or a String that can be parsed into a Long. %1$s
HSEARCH000506
org.hibernate.search.util.common.SearchException
Invalid multi value: expected either a single value of the correct type, a Collection, or a String, and interpreting as a single value failed with the following exception. %1$s
HSEARCH000514
org.hibernate.search.util.common.SearchException
Invalid index field name '%1$s': field names cannot be null or empty.
HSEARCH000515
org.hibernate.search.util.common.SearchException
Invalid index field name '%1$s': field names cannot contain a dot ('.'). Remove the dot from your field name, or if you are declaring the field in a bridge and want a tree of fields, declare an object field using the objectField() method.
HSEARCH000516
java.lang.IllegalArgumentException
Invalid polygon: the first point '%1$s' should be identical to the last point '%2$s' to properly close the polygon.
HSEARCH000519
java.lang.String
Hibernate Search encountered %3$s failures during %1$s. Only the first %2$s failures are displayed here. See the logs for extra failures.
HSEARCH000520
org.hibernate.search.util.common.SearchException
Hibernate Search encountered failures during %1$s. Failures: %2$s
HSEARCH000521
ERROR
Hibernate Search encountered a failure during %1$s; continuing for now to list all problems, but the process will ultimately be aborted. Context: %2$s Failure:
HSEARCH000522
WARN
Exception while collecting a failure -- this may indicate a bug or a missing test in Hibernate Search. Please report it: https://hibernate.org/community/ Nested exception: %1$s
HSEARCH000525
org.hibernate.search.util.common.SearchException
Invalid call of ifSupported(...) after orElse(...). Use a separate extension() context, or move the orElse(...) call last.
HSEARCH000526
org.hibernate.search.util.common.SearchException
None of the provided extensions can be applied to the current context. Attempted extensions: %1$s. If you want to ignore this, use .extension().ifSupported(...).orElse(ignored -> { }).
HSEARCH000528
org.hibernate.search.util.common.SearchException
Security manager does not allow access to the constructor of type '%1$s': %2$s
No backend with name '%1$s'. Check that at least one entity is configured to target that backend. The following backends can be retrieved by name: %2$s. %3$s
HSEARCH000534
org.hibernate.search.util.common.SearchException
No index manager with name '%1$s'. Check that at least one entity is configured to target that index. The following indexes can be retrieved by name: %2$s.
HSEARCH000540
org.hibernate.search.util.common.SearchException
Unable to instantiate class '%1$s': %2$s
HSEARCH000542
org.hibernate.search.util.common.SearchException
Invalid type '%1$s': this type cannot be assigned to type '%2$s'.
HSEARCH000543
org.hibernate.search.util.common.SearchException
Invalid type '%1$s': this type is an interface. An implementation class is required.
HSEARCH000544
org.hibernate.search.util.common.SearchException
Invalid type '%1$s': missing constructor. The type must expose a public constructor with a single parameter of type Map.
HSEARCH000546
org.hibernate.search.util.common.SearchException
Cyclic recursion starting from '%1$s' on %2$s. Index field path starting from that location and ending with a cycle: '%3$s'. A type cannot declare an unrestricted @IndexedEmbedded to itself, even indirectly. To break the cycle, you should consider adding filters to your @IndexedEmbedded: includePaths, includeDepth, excludePaths, ...
HSEARCH000547
org.hibernate.search.util.common.SearchException
Invalid BeanReference value: expected an instance of '%1$s', BeanReference, String or Class. %2$s
HSEARCH000551
org.hibernate.search.util.common.SearchException
Invalid use of per-field boost: the predicate score is constant. Cannot assign a different boost to each field when the predicate score is constant.
HSEARCH000553
org.hibernate.search.util.common.SearchException
Invalid slop: %1$d. The slop must be positive or zero.
HSEARCH000554
org.hibernate.search.util.common.SearchException
Invalid maximum edit distance: %1$d. The value must be 0, 1 or 2.
HSEARCH000555
org.hibernate.search.util.common.SearchException
Invalid exact prefix length: %1$d. The value must be positive or zero.
HSEARCH000557
org.hibernate.search.util.common.SearchException
Invalid value for type '%1$s': '%2$s'. The expected format is '%3$s'.
HSEARCH000558
org.hibernate.search.util.common.SearchException
Invalid %1$s value: expected either a Number or a String that can be parsed into a %1$s. %2$s
HSEARCH000559
org.hibernate.search.util.common.SearchException
Invalid string for type '%2$s': '%1$s'. %3$s
HSEARCH000560
org.hibernate.search.util.common.SearchException
Invalid value for enum '%2$s': '%1$s'.
HSEARCH000561
org.hibernate.search.util.common.SearchException
Multiple hits when a single hit was expected.
HSEARCH000562
org.hibernate.search.util.common.SearchException
Unable to submit work to '%1$s': thread received interrupt signal. The work has been discarded.
HSEARCH000563
org.hibernate.search.util.common.SearchException
Unable to submit work to '%1$s': this orchestrator is stopped. The work has been discarded.
HSEARCH000564
org.hibernate.search.util.common.SearchException
Invalid geo-point value: '%1$s'. The expected format is ', '.
HSEARCH000565
org.hibernate.search.util.common.SearchException
Unknown aggregation key '%1$s'. This key was not used when building the search query.
Configuration property tracking is disabled; unused properties will not be logged.
HSEARCH000568
WARN
Invalid configuration passed to Hibernate Search: some properties in the given configuration are not used. There might be misspelled property keys in your configuration. Unused properties: %1$s. To disable this warning, set the property '%2$s' to '%3$s'.
HSEARCH000569
ERROR
The background failure handler threw an exception while handling a previous failure. The failure may not have been reported.
HSEARCH000570
org.hibernate.search.util.common.SearchException
Invalid index field template name '%1$s': field template names cannot be null or empty.
HSEARCH000571
org.hibernate.search.util.common.SearchException
Invalid index field template name '%1$s': field template names cannot contain a dot ('.').
HSEARCH000572
org.hibernate.search.util.common.SearchException
Inconsistent index data: a supposedly single-valued field returned multiple values. Values: [%1$s, %2$s].
HSEARCH000573
org.hibernate.search.util.common.SearchException
Invalid configuration passed to Hibernate Search: some properties in the given configuration are obsolete.Configuration properties changed between Hibernate Search 5 and Hibernate Search 6 Check out the reference documentation and upgrade your configuration. Obsolete properties: %1$s.
HSEARCH000575
org.hibernate.search.util.common.SearchException
No default backend. Check that at least one entity is configured to target the default backend. The following backends can be retrieved by name: %1$s.
Ambiguous bean reference to type '%1$s': multiple beans are explicitly defined for this type in Hibernate Search's internal registry. Explicitly defined beans: %2$s.
Unable to resolve bean reference to type '%1$s'. %2$s
HSEARCH000581
org.hibernate.search.util.common.SearchException
Unable to resolve backend type: configuration property '%1$s' is not set, and there isn't any backend in the classpath. Check that you added the desired backend to your project's dependencies.
HSEARCH000582
org.hibernate.search.util.common.SearchException
Ambiguous backend type: configuration property '%1$s' is not set, and multiple backend types are present in the classpath. Set property '%1$s' to one of the following to select the backend type: %2$s
HSEARCH000583
org.hibernate.search.util.common.SearchException
Invalid type for DSL arguments: '%1$s'. Expected '%2$s' or a subtype.
HSEARCH000584
org.hibernate.search.util.common.SearchException
Invalid type for returned values: '%1$s'. Expected '%2$s' or a supertype.
Unable to provide the exact total hit count: only a lower-bound approximation is available. This is generally the result of setting query options such as a timeout or the total hit count threshold. Either unset these options, or retrieve the lower-bound hit count approximation through '.total().hitCountLowerBound()'.
HSEARCH000588
org.hibernate.search.util.common.SearchException
Multiple entity types mapped to index '%1$s': '%2$s', '%3$s'. Each indexed type must be mapped to its own, dedicated index.
Invalid bean reference: '%1$s'. The reference is prefixed with '%2$s', which is not a valid bean retrieval prefix. If you want to reference a bean by name, and the name contains a colon, use 'bean:%1$s'. Otherwise, use a valid bean retrieval prefix among the following: %3$s.
HSEARCH000593
org.hibernate.search.util.common.SearchException
Named predicate name '%1$s' is invalid: field names cannot be null or empty.
HSEARCH000594
org.hibernate.search.util.common.SearchException
Named predicate name '%1$s' is invalid: field names cannot contain a dot ('.'). Remove the dot from your named predicate name.
HSEARCH000596
org.hibernate.search.util.common.SearchException
Different mappings trying to define two backends with the same name '%1$s' but having different expectations on multi-tenancy.
HSEARCH000597
org.hibernate.search.util.common.SearchException
Different mappings trying to define default backends having different expectations on multi-tenancy.
HSEARCH000598
org.hibernate.search.util.common.SearchException
Invalid type: %1$s is not composite.
HSEARCH000599
org.hibernate.search.util.common.SearchException
Invalid type: %1$s is not an object field.
HSEARCH000600
org.hibernate.search.util.common.SearchException
Invalid type: %1$s is not a value field.
HSEARCH000601
org.hibernate.search.util.common.SearchException
Inconsistent configuration for %1$s in a search query across multiple indexes: %2$s
HSEARCH000602
org.hibernate.search.util.common.SearchException
Inconsistent support for '%1$s': %2$s
HSEARCH000603
org.hibernate.search.util.common.SearchException
Attribute '%1$s' differs: '%2$s' vs. '%3$s'.
HSEARCH000604
org.hibernate.search.util.common.SearchException
Cannot use '%2$s' on %1$s: %3$s
HSEARCH000606
org.hibernate.search.util.common.SearchException
'%1$s' can be used in some of the targeted indexes, but not all of them. %2$s
HSEARCH000609
org.hibernate.search.util.common.SearchException
This field is a value field in some indexes, but an object field in other indexes.
HSEARCH000610
org.hibernate.search.util.common.SearchException
Unknown field '%1$s'.
HSEARCH000611
org.hibernate.search.util.common.SearchException
Invalid target fields: fields [%1$s, %3$s] are in different nested documents (%2$s vs. %4$s). All target fields must be in the same document.
HSEARCH000612
org.hibernate.search.util.common.SearchException
Unable to close saved value for key %1$s: %2$s
HSEARCH000613
org.hibernate.search.util.common.SearchException
Unable to access the Search integration: initialization hasn't completed yet.
HSEARCH000614
org.hibernate.search.util.common.SearchException
Cannot project on entity type '%1$s': this type cannot be loaded from an external datasource, and the documents from the index cannot be projected to its Java class '%2$s'. %3$s
HSEARCH000615
org.hibernate.search.util.common.SearchException
Unable to resolve field '%1$s': %2$s
HSEARCH000616
DEBUG
Ignoring ServiceConfigurationError caught while trying to instantiate service '%s'.
HSEARCH000617
org.hibernate.search.util.common.SearchException
Parameter with name '%1$s' was not defined on projection definition '%2$s'.
HSEARCH000618
org.hibernate.search.util.common.SearchException
Invalid type for entity projection on type '%1$s': the entity type's Java class '%2$s' does not extend the requested projection type '%3$s'.
HSEARCH000619
org.hibernate.search.util.common.SearchException
'includePaths' and 'excludePaths' cannot be used together in the same filter. Use either `includePaths` or `excludePaths` leaving the other one empty. Included paths are: '%1$s', excluded paths are: '%2$s'.
Elasticsearch response indicates a timeout (HTTP status 408)
HSEARCH400020
org.hibernate.search.util.common.SearchException
Unable to update mapping for index '%1$s': %2$s
HSEARCH400022
org.hibernate.search.util.common.SearchException
Invalid index status: '%1$s'. Valid statuses are: %2$s.
HSEARCH400024
org.hibernate.search.util.common.SearchException
Index '%1$s' failed to reach status '%2$s' after %3$sms.
HSEARCH400034
org.hibernate.search.util.common.SearchException
Unable to retrieve index metadata from Elasticsearch: %1$s
HSEARCH400035
org.hibernate.search.util.common.SearchException
Unable to update schema for index '%1$s': %2$s
HSEARCH400050
org.hibernate.search.util.common.SearchException
Missing index: index names [%1$s, %2$s] do not point to any index in the Elasticsearch cluster.
HSEARCH400053
TRACE
Executing Elasticsearch query on '%s' with parameters '%s': <%s>
HSEARCH400055
org.hibernate.search.util.common.SearchException
Duplicate tokenizer definitions: '%1$s'. Tokenizer names must be unique.
HSEARCH400056
org.hibernate.search.util.common.SearchException
Duplicate char filter definitions: '%1$s'. Char filter names must be unique.
HSEARCH400057
org.hibernate.search.util.common.SearchException
Duplicate token filter definitions: '%1$s'. Token filter names must be unique.
HSEARCH400067
org.hibernate.search.util.common.SearchException
Unable to update settings for index '%1$s': %2$s
HSEARCH400069
INFO
Closed Elasticsearch index '%1$s' automatically.
HSEARCH400070
INFO
Opened Elasticsearch index '%1$s' automatically.
HSEARCH400073
WARN
Hibernate Search will connect to Elasticsearch with authentication over plain HTTP (not HTTPS). The password will be sent in clear text over the network.
HSEARCH400075
org.hibernate.search.util.common.SearchException
Unable to apply analysis configuration: %1$s
HSEARCH400076
org.hibernate.search.util.common.SearchException
Invalid analyzer definition for name '%1$s'. Analyzer definitions must at least define the tokenizer.
HSEARCH400077
org.hibernate.search.util.common.SearchException
Invalid tokenizer definition for name '%1$s'. Tokenizer definitions must at least define the tokenizer type.
HSEARCH400078
org.hibernate.search.util.common.SearchException
Invalid char filter definition for name '%1$s'. Char filter definitions must at least define the char filter type.
HSEARCH400079
org.hibernate.search.util.common.SearchException
Invalid token filter definition for name '%1$s'. Token filter definitions must at least define the token filter type.
HSEARCH400080
org.hibernate.search.util.common.SearchException
Unable to detect the Elasticsearch version running on the cluster: %s
HSEARCH400081
org.hibernate.search.util.common.SearchException
Incompatible Elasticsearch version running on the cluster: '%s'. Refer to the documentation to know which versions of Elasticsearch are compatible with Hibernate Search.
HSEARCH400082
DEBUG
Executed Elasticsearch HTTP %s request to '%s' with path '%s', query parameters %s and %d objects in payload in %dms. Response had status %d '%s'. Request body: <%s>. Response body: <%s>
HSEARCH400085
WARN
Unknown Elasticsearch version running on the cluster: '%s'. Hibernate Search may not work correctly. Consider updating to a newer version of Hibernate Search, if any.
HSEARCH400089
org.hibernate.search.util.common.SearchException
Unable to parse Elasticsearch response. Status code was '%1$d', status phrase was '%2$s'. Nested exception: %3$s
HSEARCH400090
org.hibernate.search.util.common.SearchException
Elasticsearch response indicates a failure.
HSEARCH400093
TRACE
Executed Elasticsearch HTTP %s request to '%s' with path '%s', query parameters %s and %d objects in payload in %dms. Response had status %d '%s'. Request body: <%s>. Response body: <%s>
HSEARCH400502
org.hibernate.search.util.common.SearchException
Invalid multi-index scope: a scope cannot span both a Elasticsearch index and another type of index. Base scope: '%1$s', incompatible (Elasticsearch) index: '%2$s'.
HSEARCH400503
org.hibernate.search.util.common.SearchException
Invalid multi-index scope: a scope cannot span multiple Elasticsearch backends. Base scope: '%1$s', incompatible index (from another backend): '%2$s'.
HSEARCH400506
org.hibernate.search.util.common.SearchException
Invalid target for Elasticsearch extension: '%1$s'. This extension can only be applied to components created by an Elasticsearch backend.
HSEARCH400508
org.hibernate.search.util.common.SearchException
Invalid search predicate: '%1$s'. You must build the predicate from an Elasticsearch search scope.
HSEARCH400511
org.hibernate.search.util.common.SearchException
Invalid search sort: '%1$s'. You must build the sort from an Elasticsearch search scope.
Invalid tenant identifiers: '%1$s'. No tenant identifier is expected, because multi-tenancy is disabled for this backend.
HSEARCH400517
org.hibernate.search.util.common.SearchException
Missing tenant identifier. A tenant identifier is expected, because multi-tenancy is enabled for this backend.
HSEARCH400518
org.hibernate.search.util.common.SearchException
Invalid requested type for client: '%1$s'. The Elasticsearch low-level client can only be unwrapped to '%2$s'.
HSEARCH400519
org.hibernate.search.util.common.SearchException
Invalid requested type for this backend: '%1$s'. Elasticsearch backends can only be unwrapped to '%2$s'.
HSEARCH400520
org.hibernate.search.util.common.SearchException
Duplicate index field definition: '%1$s'. Index field names must be unique. Look for two property mappings with the same field name, or two indexed-embeddeds with prefixes that lead to conflicting index field names, or two custom bridges declaring index fields with the same name.
HSEARCH400525
org.hibernate.search.util.common.SearchException
Invalid field reference for this document element: this document element has path '%1$s', but the referenced field has a parent with path '%2$s'.
HSEARCH400526
org.hibernate.search.util.common.AssertionFailure
Missing data in the Elasticsearch response.
HSEARCH400529
org.hibernate.search.util.common.SearchException
Multiple conflicting minimumShouldMatch constraints for ceiling '%1$s'
HSEARCH400530
org.hibernate.search.util.common.SearchException
Conflicting index names: Hibernate Search indexes '%1$s' and '%2$s' both target the Elasticsearch index name or alias '%3$s'
HSEARCH400531
org.hibernate.search.util.common.SearchException
Unable to resolve index name '%1$s' to an entity type: %2$s
HSEARCH400532
org.hibernate.search.util.common.SearchException
Unable to convert DSL argument: %1$s
HSEARCH400533
org.hibernate.search.util.common.SearchException
Invalid requested type for this index manager: '%1$s'. Elasticsearch index managers can only be unwrapped to '%2$s'.
HSEARCH400534
org.hibernate.search.util.common.SearchException
Invalid typed analyzer definition for name '%1$s'. Typed analyzer definitions must at least define the analyzer type.
HSEARCH400535
org.hibernate.search.util.common.SearchException
Invalid index field type: both analyzer '%1$s' and normalizer '%2$s' are assigned to this type. Either an analyzer or a normalizer can be assigned, but not both.
HSEARCH400536
org.hibernate.search.util.common.SearchException
Invalid index field type: both analyzer '%1$s' and sorts are enabled. Sorts are not supported on analyzed fields. If you need an analyzer simply to transform the text (lowercasing, ...) without splitting it into tokens, use a normalizer instead. If you need an actual analyzer (with tokenization), define two separate fields: one with an analyzer that is not sortable, and one with a normalizer that is sortable.
HSEARCH400537
org.hibernate.search.util.common.SearchException
Ambiguous value for parameter '%1$s': this parameter is set to two different values '%2$s' and '%3$s'.
HSEARCH400538
org.hibernate.search.util.common.SearchException
Invalid search projection: '%1$s'. You must build the projection from an Elasticsearch search scope.
HSEARCH400544
org.hibernate.search.util.common.SearchException
Unable to shut down the Elasticsearch client: %1$s
HSEARCH400545
org.hibernate.search.util.common.SearchException
No built-in index field type for class: '%1$s'.
HSEARCH400553
org.hibernate.search.util.common.SearchException
Full-text features (analysis, fuzziness) are not supported for fields of this type.
HSEARCH400554
org.hibernate.search.util.common.SearchException
Incomplete field definition. You must call toReference() to complete the field definition.
HSEARCH400555
org.hibernate.search.util.common.SearchException
Multiple calls to toReference() for the same field definition. You must call toReference() exactly once.
HSEARCH400556
org.hibernate.search.util.common.SearchException
Invalid Elasticsearch version: '%1$s'. Expected format is 'x.y.z-qualifier', where 'x', 'y' and 'z' are integers, and 'qualifier' is an string of word characters (alphanumeric or '_'). Incomplete versions are allowed, for example '7.0' or just '7'.
HSEARCH400557
org.hibernate.search.util.common.SearchException
Invalid Elasticsearch version: '%1$s'. Expected format is 'x.y.z-qualifier' or ':x.y.z-qualifier', where '' is one of %2$s (defaults to '%3$s'), 'x', 'y' and 'z' are integers, and 'qualifier' is an string of word characters (alphanumeric or '_'). Incomplete versions are allowed, for example 'elastic:7.0', '7.0' or just '7'.
HSEARCH400558
org.hibernate.search.util.common.SearchException
Invalid Elasticsearch distribution name: '%1$s'. Valid names are: %2$s.
HSEARCH400559
org.hibernate.search.util.common.SearchException
Unexpected Elasticsearch version running on the cluster: '%2$s'. Hibernate Search was configured for Elasticsearch '%1$s'.
HSEARCH400560
org.hibernate.search.util.common.SearchException
Cannot skip analysis on field '%1$s': the Elasticsearch backend will always normalize arguments before attempting matches on normalized fields.
HSEARCH400561
org.hibernate.search.util.common.SearchException
Ambiguous Elasticsearch version: '%s'. This version matches multiple dialects. Please use a more precise version to remove the ambiguity.
HSEARCH400562
org.hibernate.search.util.common.SearchException
Invalid index field type: both null token '%2$s' ('indexNullAs') and analyzer '%1$s' are assigned to this type. 'indexNullAs' is not supported on analyzed fields.
HSEARCH400563
org.hibernate.search.util.common.SearchException
Multiple values assigned to field '%1$s': this field is single-valued. Declare the field as multi-valued in order to allow this.
HSEARCH400564
org.hibernate.search.util.common.SearchException
Invalid use of explain(Object id) on a query targeting multiple types. Use explain(String typeName, Object id) and pass one of %1$s as the type name.
HSEARCH400565
org.hibernate.search.util.common.SearchException
Invalid mapped type name: '%2$s'. This type is not among the mapped types targeted by this query: %1$s.
HSEARCH400566
org.hibernate.search.util.common.SearchException
Invalid document identifier: '%2$s'. No such document in index '%1$s'.
HSEARCH400567
org.hibernate.search.util.common.SearchException
Invalid index field type: missing decimal scale. Define the decimal scale explicitly. %1$s
HSEARCH400569
org.hibernate.search.util.common.SearchException
Unable to encode value '%1$s': this field type only supports values ranging from '%2$s' to '%3$s'. If you want to encode values that are outside this range, change the decimal scale for this field. Do not forget to reindex all your data after changing the decimal scale.
HSEARCH400570
org.hibernate.search.util.common.SearchException
Invalid index field type: decimal scale '%1$s' is positive. The decimal scale of BigInteger fields must be zero or negative.
HSEARCH400572
org.hibernate.search.util.common.SearchException
Invalid search predicate: '%1$s'. You must build the predicate from a scope targeting indexes %3$s, but the given predicate was built from a scope targeting indexes %2$s.
HSEARCH400573
org.hibernate.search.util.common.SearchException
Invalid search sort: '%1$s'. You must build the sort from a scope targeting indexes %3$s, but the given sort was built from a scope targeting indexes %2$s.
HSEARCH400574
org.hibernate.search.util.common.SearchException
Invalid search projection: '%1$s'. You must build the projection from a scope targeting indexes %3$s, but the given projection was built from a scope targeting indexes %2$s.
HSEARCH400576
org.hibernate.search.util.common.SearchException
Invalid index field type: both analyzer '%1$s' and aggregations are enabled. Aggregations are not supported on analyzed fields. If you need an analyzer simply to transform the text (lowercasing, ...) without splitting it into tokens, use a normalizer instead. If you need an actual analyzer (with tokenization), define two separate fields: one with an analyzer that is not aggregable, and one with a normalizer that is aggregable.
HSEARCH400580
org.hibernate.search.util.common.SearchException
Invalid range: '%1$s'. Elasticsearch range aggregations only accept ranges in the canonical form: (-Infinity, ) or [, ) or [, +Infinity). Call Range.canonical(...) to be sure to create such a range.
HSEARCH400581
org.hibernate.search.util.common.SearchException
Invalid search aggregation: '%1$s'. You must build the aggregation from an Elasticsearch search scope.
HSEARCH400582
org.hibernate.search.util.common.SearchException
Invalid search aggregation: '%1$s'. You must build the aggregation from a scope targeting indexes %3$s, but the given aggregation was built from a scope targeting indexes %2$s.
HSEARCH400585
org.hibernate.search.util.common.SearchException
Duplicate aggregation definitions for key: '%1$s'
HSEARCH400587
org.hibernate.search.util.common.SearchException
Invalid index field type: search analyzer '%1$s' is assigned to this type, but the indexing analyzer is missing. Assign an indexing analyzer and a search analyzer, or remove the search analyzer.
HSEARCH400588
org.hibernate.search.util.common.SearchException
Call to the bulk REST API failed: %1$s
HSEARCH400589
org.hibernate.search.util.common.SearchException
Invalid host/port: '%1$s'. The host/port string must use the format 'host:port', for example 'mycompany.com:9200' The URI scheme ('http://', 'https://') must not be included.
Request execution exceeded the timeout of %1$s. Request was %2$s
HSEARCH400591
org.hibernate.search.util.common.SearchException
Invalid name for the type-name mapping strategy: '%1$s'. Valid names are: %2$s.
HSEARCH400592
org.hibernate.search.util.common.SearchException
Missing field '%1$s' for one of the search hits. The document was probably indexed with a different configuration: full reindexing is necessary.
HSEARCH400593
org.hibernate.search.util.common.SearchException
Invalid Elasticsearch index layout: index names [%1$s, %2$s] resolve to multiple distinct indexes %3$s. These names must resolve to a single index.
HSEARCH400594
org.hibernate.search.util.common.SearchException
Invalid Elasticsearch index layout: primary (non-alias) name for existing Elasticsearch index '%1$s' does not match the expected pattern '%2$s'.
HSEARCH400595
org.hibernate.search.util.common.SearchException
Invalid Elasticsearch index layout: unique key '%1$s' extracted from the index name does not match any of %2$s.
HSEARCH400596
org.hibernate.search.util.common.SearchException
Invalid Elasticsearch index layout: the write alias and read alias are set to the same value: '%1$s'. The write alias and read alias must be different.
HSEARCH400597
org.hibernate.search.util.common.SearchException
Missing or imprecise Elasticsearch version: when configuration property '%1$s' is set to 'false', the version is mandatory and must be at least as precise as 'x.y', where 'x' and 'y' are integers.
HSEARCH400598
org.hibernate.search.util.common.SearchException
The lifecycle strategy cannot be set at the index level anymore. Set the schema management strategy via the property 'hibernate.search.schema_management.strategy' instead.
HSEARCH400600
org.hibernate.search.util.common.SearchException
Invalid sort mode: %1$s. This sort mode is not supported for fields in nested documents.
HSEARCH400601
org.hibernate.search.util.common.SearchException
Invalid sort mode: %1$s. This sort mode is not supported for String fields. Only MIN and MAX are supported.
HSEARCH400602
org.hibernate.search.util.common.SearchException
Invalid sort mode: %1$s. This sort mode is not supported for temporal fields. Only MIN, MAX, AVG and MEDIAN are supported.
HSEARCH400603
org.hibernate.search.util.common.SearchException
Invalid sort mode: %1$s. This sort mode is not supported for a distance sort. Only MIN, MAX, AVG and MEDIAN are supported.
HSEARCH400604
org.hibernate.search.util.common.SearchException
Invalid sort filter: field '%1$s' is not contained in a nested object. Sort filters are only available if the field to sort on is contained in a nested object.
HSEARCH400605
org.hibernate.search.util.common.SearchException
Invalid search predicate: %1$s. This predicate targets fields %3$s, but only fields that are contained in the nested object with path '%2$s' are allowed here.
HSEARCH400606
org.hibernate.search.util.common.SearchException
Invalid aggregation filter: field '%1$s' is not contained in a nested object. Aggregation filters are only available if the field to aggregate on is contained in a nested object.
HSEARCH400607
org.hibernate.search.util.common.SearchException
Duplicate index field template definition: '%1$s'. Multiple bridges may be trying to access the same index field template, or two indexed-embeddeds may have prefixes that lead to conflicting field names, or you may have declared multiple conflicting mappings. In any case, there is something wrong with your mapping and you should fix it.
HSEARCH400608
org.hibernate.search.util.common.SearchException
Invalid value type. This field's values are of type '%1$s', which is not assignable from '%2$s'.
HSEARCH400609
org.hibernate.search.util.common.SearchException
Unknown field '%1$s'.
HSEARCH400613
org.hibernate.search.util.common.SearchException
Invalid cardinality for projection on field '%1$s': the projection is single-valued, but this field is multi-valued. Make sure to call '.multi()' when you create the projection.
Invalid target hosts configuration: both the 'uris' property and the 'protocol' property are set. Uris: '%1$s'. Protocol: '%2$s'. Either set the protocol and hosts simultaneously using the 'uris' property, or set them separately using the 'protocol' property and the 'hosts' property.
HSEARCH400627
org.hibernate.search.util.common.SearchException
Invalid target hosts configuration: both the 'uris' property and the 'hosts' property are set. Uris: '%1$s'. Hosts: '%2$s'. Either set the protocol and hosts simultaneously using the 'uris' property, or set them separately using the 'protocol' property and the 'hosts' property.
HSEARCH400628
org.hibernate.search.util.common.SearchException
Invalid target hosts configuration: the 'uris' use different protocols (http, https). All URIs must use the same protocol. Uris: '%1$s'.
HSEARCH400629
org.hibernate.search.util.common.SearchException
Invalid target hosts configuration: the list of hosts must not be empty.
HSEARCH400630
org.hibernate.search.util.common.SearchException
Invalid target hosts configuration: the list of URIs must not be empty.
HSEARCH400631
org.hibernate.search.util.common.SearchException
Unable to find the given custom index settings file: '%1$s'.
HSEARCH400632
org.hibernate.search.util.common.SearchException
Error on loading the given custom index settings file '%1$s': %2$s
HSEARCH400633
org.hibernate.search.util.common.SearchException
There are some JSON syntax errors on the given custom index settings file '%1$s': %2$s
HSEARCH400634
org.hibernate.search.util.common.SearchException
Invalid use of 'missing().first()' for an ascending distance sort. Elasticsearch always assumes missing values have a distance of '+Infinity', and this behavior cannot be customized.
HSEARCH400635
org.hibernate.search.util.common.SearchException
Invalid use of 'missing().last()' for a descending distance sort. Elasticsearch always assumes missing values have a distance of '+Infinity', and this behavior cannot be customized.
HSEARCH400636
org.hibernate.search.util.common.SearchException
Invalid use of 'missing().use(...)' for a distance sort. Elasticsearch always assumes missing values have a distance of '+Infinity', and this behavior cannot be customized.
HSEARCH400637
org.hibernate.search.util.common.SearchException
The index schema named predicate '%1$s' was added twice.
HSEARCH400638
org.hibernate.search.util.common.SearchException
Predicate definition differs: '%1$s' vs. '%2$s'.
HSEARCH400640
WARN
A search query fetching all hits was requested, but only '%2$s' hits were retrieved because the maximum result window size forces a limit of '%1$s' hits. Refer to Elasticsearch's 'max_result_window_size' setting for more information.
HSEARCH400641
org.hibernate.search.util.common.SearchException
Incompatible Elasticsearch version: version '%2$s' does not match version '%1$s' that was provided when the backend was created. You can provide a more precise version on startup, but you cannot override the version that was provided when the backend was created.
HSEARCH400648
org.hibernate.search.util.common.SearchException
Invalid backend configuration: mapping requires multi-tenancy but no multi-tenancy strategy is set.
HSEARCH400649
org.hibernate.search.util.common.SearchException
Invalid backend configuration: mapping requires single-tenancy but multi-tenancy strategy is set.
HSEARCH400650
org.hibernate.search.util.common.SearchException
Param with name '%1$s' has not been defined for the named predicate '%2$s'.
HSEARCH400651
org.hibernate.search.util.common.SearchException
Unable to find the given custom index mapping file: '%1$s'.
HSEARCH400652
org.hibernate.search.util.common.SearchException
Error on loading the given custom index mapping file '%1$s': %2$s
HSEARCH400653
org.hibernate.search.util.common.SearchException
There are some JSON syntax errors on the given custom index mapping file '%1$s': %2$s
HSEARCH400654
org.hibernate.search.util.common.SearchException
Invalid context for projection on field '%1$s': the surrounding projection is executed for each object in field '%2$s', which is not a parent of field '%1$s'. Check the structure of your projections.
HSEARCH400655
org.hibernate.search.util.common.SearchException
Invalid cardinality for projection on field '%1$s': the projection is single-valued, but this field is effectively multi-valued in this context, because parent object field '%2$s' is multi-valued. Either call '.multi()' when you create the projection on field '%1$s', or wrap that projection in an object projection like this: 'f.object("%2$s").from().as(...).multi()'.
HSEARCH400656
org.hibernate.search.util.common.SearchException
Unexpected mapped type name extracted from hits: '%1$s'. Expected one of: %2$s. The document was probably indexed with a different configuration: full reindexing is necessary.
HSEARCH400657
org.hibernate.search.util.common.SearchException
Unable to export the schema for '%1$s' index: %2$s
HSEARCH400658
org.hibernate.search.util.common.SearchException
Invalid use of 'missing().lowest()' for an ascending distance sort. Elasticsearch always assumes missing values have a distance of '+Infinity', and this behavior cannot be customized.
HSEARCH400659
org.hibernate.search.util.common.SearchException
Invalid use of 'missing().lowest()' for a descending distance sort. Elasticsearch always assumes missing values have a distance of '+Infinity', and this behavior cannot be customized.
HSEARCH400660
org.hibernate.search.util.common.SearchException
Invalid highlighter: '%1$s'. You must build the highlighter from an Elasticsearch search scope.
HSEARCH400661
org.hibernate.search.util.common.SearchException
Invalid highlighter: '%1$s'. You must build the highlighter from a scope targeting indexes %3$s, but the given highlighter was built from a scope targeting indexes %2$s.
HSEARCH400662
WARN
No fields were added to be highlighted, but some query level highlighters were provided. These highlighters will be ignored.
HSEARCH400663
org.hibernate.search.util.common.SearchException
Cannot find a highlighter with name '%1$s'. Available highlighters are: %2$s. Was it configured with `highlighter("%1$s", highlighterContributor)`?
HSEARCH400664
org.hibernate.search.util.common.SearchException
Named highlighters cannot use a blank string as name.
HSEARCH400665
org.hibernate.search.util.common.SearchException
Highlighter with name '%1$s' is already defined. Use a different name to add another highlighter.
HSEARCH400666
org.hibernate.search.util.common.SearchException
'%1$s' highlighter type cannot be applied to '%2$s' field. '%2$s' must have either 'ANY' or '%1$s' among the configured highlightable values.
HSEARCH400667
org.hibernate.search.util.common.SearchException
Cannot use 'NO' in combination with other highlightable values. Applied values are: '%1$s'
HSEARCH400668
org.hibernate.search.util.common.SearchException
The '%1$s' term vector storage strategy is not compatible with the fast vector highlighter. Either change the strategy to one of `WITH_POSITIONS_PAYLOADS`/`WITH_POSITIONS_OFFSETS_PAYLOADS` or remove the requirement for the fast vector highlighter support.
HSEARCH400669
org.hibernate.search.util.common.SearchException
Setting the `highlightable` attribute to an empty array is not supported. Set the value to `NO` if the field does not require the highlight projection.
HSEARCH400670
org.hibernate.search.util.common.SearchException
Highlight projection cannot be applied within nested context of '%1$s'.
HSEARCH400671
org.hibernate.search.util.common.SearchException
The highlight projection cannot be applied to a field from an object using `ObjectStructure.NESTED` structure.
HSEARCH400672
org.hibernate.search.util.common.SearchException
'%1$s' cannot be nested in an object projection. %2$s
HSEARCH600001
org.hibernate.search.util.common.SearchException
Path '%1$s' exists but does not point to a writable directory.
HSEARCH600005
org.hibernate.search.util.common.SearchException
Invalid target for Lucene extension: '%1$s'. This extension can only be applied to components created by a Lucene backend.
HSEARCH600010
org.hibernate.search.util.common.SearchException
Invalid search predicate: '%1$s'. You must build the predicate from a Lucene search scope.
HSEARCH600014
org.hibernate.search.util.common.SearchException
Invalid search sort: '%1$s'. You must build the sort from a Lucene search scope.
HSEARCH600015
org.hibernate.search.util.common.SearchException
Unable to initialize index directory: %1$s
HSEARCH600016
org.hibernate.search.util.common.SearchException
Unable to index entity of type '%2$s' with identifier '%3$s' and tenant identifier '%1$s': %4$s
HSEARCH600017
org.hibernate.search.util.common.SearchException
Unable to delete entity of type '%2$s' with identifier '%3$s' and tenant identifier '%1$s': %4$s
HSEARCH600019
org.hibernate.search.util.common.SearchException
Unable to commit: %1$s
HSEARCH600024
org.hibernate.search.util.common.SearchException
Invalid multi-index scope: a scope cannot span both a Lucene index and another type of index. Base scope: '%1$s', incompatible (Lucene) index: '%2$s'.
HSEARCH600025
org.hibernate.search.util.common.SearchException
Invalid multi-index scope: a scope cannot span multiple Lucene backends. Base scope: '%1$s', incompatible index (from another backend): '%2$s'.
Invalid tenant identifiers: '%1$s'. No tenant identifier is expected, because multi-tenancy is disabled for this backend.
HSEARCH600032
org.hibernate.search.util.common.SearchException
Missing tenant identifier. A tenant identifier is expected, because multi-tenancy is enabled for this backend.
HSEARCH600033
org.hibernate.search.util.common.SearchException
Invalid requested type for this backend: '%1$s'. Lucene backends can only be unwrapped to '%2$s'.
HSEARCH600034
org.hibernate.search.util.common.SearchException
Duplicate index field definition: '%1$s'. Index field names must be unique. Look for two property mappings with the same field name, or two indexed-embeddeds with prefixes that lead to conflicting index field names, or two custom bridges declaring index fields with the same name.
HSEARCH600039
org.hibernate.search.util.common.SearchException
Invalid field reference for this document element: this document element has path '%1$s', but the referenced field has a parent with path '%2$s'.
HSEARCH600044
org.hibernate.search.util.common.SearchException
Computed minimum for minimumShouldMatch constraint is out of bounds: expected a number between '1' and '%1$s', got '%2$s'.
HSEARCH600045
org.hibernate.search.util.common.SearchException
Multiple conflicting minimumShouldMatch constraints for ceiling '%1$s'
HSEARCH600049
org.hibernate.search.util.common.SearchException
Invalid field path; expected path '%1$s', got '%2$s'.
HSEARCH600050
org.hibernate.search.util.common.SearchException
Unable to convert DSL argument: %1$s
HSEARCH600051
org.hibernate.search.util.common.SearchException
Invalid requested type for this index manager: '%1$s'. Lucene index managers can only be unwrapped to '%2$s'.
HSEARCH600052
org.hibernate.search.util.common.SearchException
Unable to create analyzer for name '%1$s': %2$s
HSEARCH600053
org.hibernate.search.util.common.SearchException
Unable to create normalizer for name '%1$s': %2$s
HSEARCH600054
org.hibernate.search.util.common.SearchException
Unknown normalizer: '%1$s'. Make sure you defined this normalizer.
HSEARCH600055
org.hibernate.search.util.common.SearchException
Invalid search projection: '%1$s'. You must build the projection from a Lucene search scope.
HSEARCH600061
org.hibernate.search.util.common.SearchException
Unable to shut down index: %1$s
HSEARCH600062
org.hibernate.search.util.common.SearchException
No built-in index field type for class: '%1$s'.
HSEARCH600067
org.hibernate.search.util.common.SearchException
Unable to delete all entries matching query '%1$s': %2$s
HSEARCH600070
org.hibernate.search.util.common.SearchException
Full-text features (analysis, fuzziness) are not supported for fields of this type.
HSEARCH600071
org.hibernate.search.util.common.SearchException
Incomplete field definition. You must call toReference() to complete the field definition.
HSEARCH600072
org.hibernate.search.util.common.SearchException
Multiple calls to toReference() for the same field definition. You must call toReference() exactly once.
HSEARCH600073
org.hibernate.search.util.common.SearchException
Invalid index field type: both null token '%2$s' ('indexNullAs') and analyzer '%1$s' are assigned to this type. 'indexNullAs' is not supported on analyzed fields.
HSEARCH600074
org.hibernate.search.util.common.SearchException
Multiple values assigned to field '%1$s': this field is single-valued. Declare the field as multi-valued in order to allow this.
HSEARCH600075
org.hibernate.search.util.common.SearchException
Invalid use of explain(Object id) on a query targeting multiple types. Use explain(String typeName, Object id) and pass one of %1$s as the type name.
HSEARCH600076
org.hibernate.search.util.common.SearchException
Invalid mapped type name: '%2$s'. This type is not among the mapped types targeted by this query: %1$s.
HSEARCH600077
org.hibernate.search.util.common.SearchException
Invalid document identifier: '%2$s'. No such document for type '%1$s'.
HSEARCH600078
org.hibernate.search.util.common.SearchException
Unable to merge index segments: %1$s
HSEARCH600079
org.hibernate.search.util.common.SearchException
Unable to close the index writer after write failures: %1$s
HSEARCH600080
org.hibernate.search.util.common.SearchException
Invalid index field type: missing decimal scale. Define the decimal scale explicitly. %1$s
HSEARCH600081
org.hibernate.search.util.common.SearchException
Unable to encode value '%1$s': this field type only supports values ranging from '%2$s' to '%3$s'. If you want to encode values that are outside this range, change the decimal scale for this field. Do not forget to reindex all your data after changing the decimal scale.
HSEARCH600082
org.hibernate.search.util.common.SearchException
Invalid index field type: decimal scale '%1$s' is positive. The decimal scale of BigInteger fields must be zero or negative.
HSEARCH600084
org.hibernate.search.util.common.SearchException
Invalid search predicate: '%1$s'. You must build the predicate from a scope targeting indexes %3$s, but the given predicate was built from a scope targeting indexes %2$s.
HSEARCH600085
org.hibernate.search.util.common.SearchException
Invalid search sort: '%1$s'. You must build the sort from a scope targeting indexes %3$s, but the given sort was built from a scope targeting indexes %2$s.
HSEARCH600086
org.hibernate.search.util.common.SearchException
Invalid search projection: '%1$s'. You must build the projection from a scope targeting indexes %3$s, but the given projection was built from a scope targeting indexes %2$s.
Incorrect sharding strategy implementation: strategy '%1$s' did not declare any shard identifiers during initialization. Declare shard identifiers using context.shardIdentifiers(...) or, if sharding is disabled, call context.disableSharding().
HSEARCH600090
org.hibernate.search.util.common.SearchException
When using sharding strategy '%1$s', this configuration property must be set.
Invalid index field type: both analyzer '%1$s' and aggregations are enabled. Aggregations are not supported on analyzed fields. If you need an analyzer simply to transform the text (lowercasing, ...) without splitting it into tokens, use a normalizer instead. If you need an actual analyzer (with tokenization), define two separate fields: one with an analyzer that is not aggregable, and one with a normalizer that is aggregable.
HSEARCH600098
org.hibernate.search.util.common.SearchException
Invalid search aggregation: '%1$s'. You must build the aggregation from a Lucene search scope.
HSEARCH600099
org.hibernate.search.util.common.SearchException
Invalid search aggregation: '%1$s'. You must build the aggregation from a scope targeting indexes %3$s, but the given aggregation was built from a scope targeting indexes %2$s.
HSEARCH600102
org.hibernate.search.util.common.SearchException
Duplicate aggregation definitions for key: '%1$s'
HSEARCH600104
org.hibernate.search.util.common.SearchException
Invalid index field type: search analyzer '%1$s' is assigned to this type, but the indexing analyzer is missing. Assign an indexing analyzer and a search analyzer, or remove the search analyzer.
Invalid sort mode: %1$s. This sort mode is not supported for fields in nested documents.
HSEARCH600115
org.hibernate.search.util.common.SearchException
Invalid sort mode: %1$s. This sort mode is not supported for String fields. Only MIN and MAX are supported.
HSEARCH600116
org.hibernate.search.util.common.SearchException
Invalid sort mode: %1$s. This sort mode is not supported for temporal fields. Only MIN, MAX, AVG and MEDIAN are supported.
HSEARCH600117
org.hibernate.search.util.common.SearchException
Invalid sort mode: %1$s. This sort mode is not supported for a distance sort. Only MIN, MAX, AVG and MEDIAN are supported.
HSEARCH600118
org.hibernate.search.util.common.SearchException
A failure occurred during a low-level write operation and the index writer had to be reset. Some write operations may have been lost as a result. Failure: %1$s
HSEARCH600120
org.hibernate.search.util.common.SearchException
Invalid sort filter: field '%1$s' is not contained in a nested object. Sort filters are only available if the field to sort on is contained in a nested object.
HSEARCH600121
org.hibernate.search.util.common.SearchException
Invalid search predicate: %1$s. This predicate targets fields %3$s, but only fields that are contained in the nested object with path '%2$s' are allowed here.
HSEARCH600122
org.hibernate.search.util.common.SearchException
Invalid aggregation filter: field '%1$s' is not contained in a nested object. Aggregation filters are only available if the field to aggregate on is contained in a nested object.
HSEARCH600123
org.hibernate.search.util.common.SearchException
Invalid value for IndexWriter setting '%1$s': '%2$s'. %3$s
HSEARCH600124
org.hibernate.search.util.common.SearchException
Invalid value for merge policy setting '%1$s': '%2$s'. %3$s
HSEARCH600125
org.hibernate.search.util.common.SearchException
Duplicate index field template definition: '%1$s'. Multiple bridges may be trying to access the same index field template, or two indexed-embeddeds may have prefixes that lead to conflicting field names, or you may have declared multiple conflicting mappings. In any case, there is something wrong with your mapping and you should fix it.
HSEARCH600126
org.hibernate.search.util.common.SearchException
Invalid value type. This field's values are of type '%1$s', which is not assignable from '%2$s'.
HSEARCH600127
org.hibernate.search.util.common.SearchException
Unknown field '%1$s'.
HSEARCH600131
org.hibernate.search.util.common.SearchException
Invalid cardinality for projection on field '%1$s': the projection is single-valued, but this field is multi-valued. Make sure to call '.multi()' when you create the projection.
HSEARCH600135
org.hibernate.search.util.common.SearchException
Implementation class differs: '%1$s' vs. '%2$s'.
HSEARCH600136
org.hibernate.search.util.common.SearchException
Field codec differs: '%1$s' vs. '%2$s'.
HSEARCH600138
WARN
Using deprecated filesystem access strategy '%1$s', which will be removed in a future version of Lucene. %2$s
HSEARCH600141
org.hibernate.search.util.common.SearchException
Unable to compute size of index: %1$s
HSEARCH600142
org.hibernate.search.util.common.SearchException
Unable to create instance of analysis component '%1$s': %2$s
HSEARCH600143
org.hibernate.search.util.common.SearchException
The index schema named predicate '%1$s' was added twice.
HSEARCH600144
org.hibernate.search.util.common.SearchException
Predicate definition differs: '%1$s' vs. '%2$s'.
HSEARCH600146
org.hibernate.search.util.common.SearchException
Unable to apply query caching configuration: %1$s
HSEARCH600148
org.hibernate.search.util.common.SearchException
Invalid backend configuration: mapping requires multi-tenancy but no multi-tenancy strategy is set.
HSEARCH600149
org.hibernate.search.util.common.SearchException
Invalid backend configuration: mapping requires single-tenancy but multi-tenancy strategy is set.
HSEARCH600150
org.hibernate.search.util.common.SearchException
Param with name '%1$s' has not been defined for the named predicate '%2$s'.
HSEARCH600151
java.io.IOException
Offset + limit should be lower than Integer.MAX_VALUE, offset: '%1$s', limit: '%2$s'.
HSEARCH600152
org.hibernate.search.util.common.SearchException
Invalid context for projection on field '%1$s': the surrounding projection is executed for each object in field '%2$s', which is not a parent of field '%1$s'. Check the structure of your projections.
HSEARCH600153
org.hibernate.search.util.common.SearchException
Invalid cardinality for projection on field '%1$s': the projection is single-valued, but this field is effectively multi-valued in this context, because parent object field '%2$s' is multi-valued. Either call '.multi()' when you create the projection on field '%1$s', or wrap that projection in an object projection like this: 'f.object("%2$s").from().as(...).multi()'.
HSEARCH600154
org.hibernate.search.util.common.SearchException
Unable to start index: %1$s
HSEARCH600155
org.hibernate.search.util.common.SearchException
Unexpected mapped type name extracted from hits: '%1$s'. Expected one of: %2$s. The document was probably indexed with a different configuration: full reindexing is necessary.
HSEARCH600156
org.hibernate.search.util.common.SearchException
Nonblocking operation submitter is not supported.
HSEARCH600157
org.hibernate.search.util.common.SearchException
Unable to export the schema for '%1$s' index: %2$s
HSEARCH600158
org.hibernate.search.util.common.SearchException
Invalid highlighter: '%1$s'. You must build the highlighter from a Lucene search scope.
HSEARCH600159
org.hibernate.search.util.common.SearchException
Invalid highlighter: '%1$s'. You must build the highlighter from a scope targeting indexes %3$s, but the given highlighter was built from a scope targeting indexes %2$s.
HSEARCH600160
org.hibernate.search.util.common.SearchException
Overriding a '%2$s' highlighter with a '%1$s' is not supported. Overriding highlighters should be of the same type as the global is if the global highlighter was configured.
HSEARCH600161
org.hibernate.search.util.common.SearchException
Cannot find a highlighter with name '%1$s'. Available highlighters are: %2$s. Was it configured with `highlighter("%1$s", highlighterContributor)`?
HSEARCH600162
org.hibernate.search.util.common.SearchException
'%1$s' highlighter does not support '%2$s' boundary scanner type.
HSEARCH600163
org.hibernate.search.util.common.SearchException
Named highlighters cannot use a blank string as name.
HSEARCH600164
org.hibernate.search.util.common.SearchException
Highlighter with name '%1$s' is already defined. Use a different name to add another highlighter.
HSEARCH600165
org.hibernate.search.util.common.SearchException
'%1$s' highlighter type cannot be applied to '%2$s' field. '%2$s' must have either 'ANY' or '%1$s' among the configured highlightable values.
HSEARCH600166
org.hibernate.search.util.common.SearchException
Cannot use 'NO' in combination with other highlightable values. Applied values are: '%1$s'
HSEARCH600167
org.hibernate.search.util.common.SearchException
The '%1$s' term vector storage strategy is not compatible with the fast vector highlighter. Either change the strategy to one of `WITH_POSITIONS_PAYLOADS`/`WITH_POSITIONS_OFFSETS_PAYLOADS` or remove the requirement for the fast vector highlighter support.
HSEARCH600168
org.hibernate.search.util.common.SearchException
Setting the `highlightable` attribute to an empty array is not supported. Set the value to `NO` if the field does not require the highlight projection.
HSEARCH600169
WARN
Lucene's unified highlighter cannot limit the size of a fragment returned when no match is found. Instead if no match size was set to any positive integer - all text will be returned. Configured value '%1$s' will be ignored, and the fragment will not be limited. If you don't want to see this warning set the value to Integer.MAX_VALUE.
HSEARCH600170
org.hibernate.search.util.common.SearchException
Lucene's unified highlighter does not support the size fragment setting. Either use a plain or fast vector highlighters, or do not set this setting.
HSEARCH600171
org.hibernate.search.util.common.SearchException
Highlight projection cannot be applied within nested context of '%1$s'.
HSEARCH600172
org.hibernate.search.util.common.SearchException
The highlight projection cannot be applied to a field from an object using `ObjectStructure.NESTED` structure.
HSEARCH600173
org.hibernate.search.util.common.SearchException
'%1$s' cannot be nested in an object projection. %2$s
No default identifier bridge implementation for type '%1$s'. Implement a custom bridge and assign it to the identifier property with @DocumentId(identifierBridge = ...). See the reference documentation for more information about bridges.
HSEARCH700003
org.hibernate.search.util.common.SearchException
Empty binder reference.
HSEARCH700005
org.hibernate.search.util.common.SearchException
Ambiguous value bridge reference: both 'valueBridge' and 'valueBinder' are set. Only one can be set.
HSEARCH700006
org.hibernate.search.util.common.SearchException
Ambiguous identifier bridge reference: both 'identifierBridge' and 'identifierBinder' are set. Only one can be set.
HSEARCH700007
org.hibernate.search.util.common.SearchException
Empty scope. If you want to target all indexes, pass 'Object.class' as the target type.
HSEARCH700010
org.hibernate.search.util.common.SearchException
Invalid bridge for input type '%2$s': '%1$s'. This bridge expects an input of type '%3$s'.
HSEARCH700011
org.hibernate.search.util.common.SearchException
Missing field name for @GeoPointBinding on type %1$s. The field name is mandatory when the bridge is applied to a type, optional when applied to a property.
HSEARCH700015
org.hibernate.search.util.common.SearchException
Unable to interpret the type arguments to the ContainerExtractor interface in implementation '%1$s'. Only the following implementations of ContainerExtractor are valid: 1) implementations setting both type parameters to *raw* types, e.g. class MyExtractor implements ContainerExtractor; 2) implementations setting the first type parameter to an array of an unbounded type variable, and setting the second parameter to the same type variable, e.g. MyExtractor implements ContainerExtractor 3) implementations setting the first type parameter to a parameterized type with one argument set to an unbounded type variable and the other to unbounded wildcards, and setting the second type parameter to the same type variable, e.g. MyExtractor implements ContainerExtractor, T>
HSEARCH700016
org.hibernate.search.util.common.SearchException
Invalid container extractor for type '%3$s': '%1$s' (implementation class: '%2$s')
Unable to find the inverse side of the association on type '%2$s' at path '%3$s'. Hibernate Search needs this information in order to reindex '%2$s' when '%1$s' is modified. You can solve this error by defining the inverse side of this association, either with annotations specific to your integration (@OneToMany(mappedBy = ...) in Hibernate ORM) or with the Hibernate Search @AssociationInverseSide annotation. Alternatively, if you do not need to reindex '%2$s' when '%1$s' is modified, you can disable automatic reindexing with @IndexingDependency(reindexOnUpdate = ReindexOnUpdate.SHALLOW).
HSEARCH700021
org.hibernate.search.util.common.SearchException
Unable to apply path '%2$s' to type '%1$s'. This path was resolved as the inverse side of the association '%4$s' on type '%3$s'. Hibernate Search needs to apply this path in order to reindex '%3$s' when '%1$s' is modified. Nested exception: %5$s
HSEARCH700022
org.hibernate.search.util.common.SearchException
The inverse association targets type '%1$s', but a supertype or subtype of '%2$s' was expected.
HSEARCH700023
org.hibernate.search.util.common.SearchException
@AssociationInverseSide.inversePath is empty.
HSEARCH700027
org.hibernate.search.util.common.SearchException
Unable to index type '%1$s': this type is not an entity type. If you only expect subtypes to be instantiated, make this type abstract. If you expect this exact type to be instantiated and want it to be indexed, make it an entity type. Otherwise, ensure this type and its subtypes are never indexed by removing the @Indexed annotation or by annotating the type with @Indexed(enabled = false).
HSEARCH700029
org.hibernate.search.util.common.SearchException
@IndexingDependency.derivedFrom contains an empty path.
HSEARCH700030
org.hibernate.search.util.common.SearchException
Unable to resolve dependencies of a derived property: there is a cyclic dependency starting from type '%1$s'. Derivation chain starting from that type and ending with a cycle:%2$s A derived property cannot be marked as derived from itself, even indirectly through other derived properties. If your model actually contains such cyclic dependency, you should consider disabling automatic reindexing, at least partially using @IndexingDependency(reindexOnUpdate = ReindexOnUpdate.NO) on one of the properties in the cycle.
HSEARCH700031
org.hibernate.search.util.common.SearchException
Unable to apply property mapping: this property mapping must target an index field of standard String type, but the resolved field type is non-standard or non-String. This generally means you need to use a different field annotation or to convert property values using a custom ValueBridge or ValueBinder. If you are already using a custom ValueBridge or ValueBinder, check its field type. Details: encountered type DSL step '%1$s', which does not extend the expected interface '%2$s'.
HSEARCH700037
org.hibernate.search.util.common.SearchException
No matching entity type for type identifier '%1$s'. Either this type is not an entity type, or the entity type is not mapped in Hibernate Search. Valid identifiers for mapped entity types are: %2$s
HSEARCH700038
org.hibernate.search.util.common.SearchException
The entity identifier must not be null.
HSEARCH700039
org.hibernate.search.util.common.SearchException
'%1$s' cannot be assigned to '%2$s'
HSEARCH700040
org.hibernate.search.util.common.SearchException
No matching indexed entity type for type identifier '%1$s'. Either this type is not an entity type, or the entity type is not indexed in Hibernate Search. Valid identifiers for indexed entity types are: %2$s
HSEARCH700041
org.hibernate.search.util.common.SearchException
Invalid reference to default extractors: a chain of multiple container extractors must not include the default extractors. Either use only the default extractors, or explicitly reference every single extractor to be applied.
HSEARCH700042
org.hibernate.search.util.common.SearchException
%1$s failure(s) occurred during mass indexing. See the logs for details. First failure: %2$s
HSEARCH700043
org.hibernate.search.util.common.SearchException
Exception creating URL from String '%1$s'.
HSEARCH700044
org.hibernate.search.util.common.SearchException
Exception creating URI from String '%1$s'.
HSEARCH700045
org.hibernate.search.util.common.SearchException
A PojoModelPath must include at least one property.
HSEARCH700046
org.hibernate.search.util.common.SearchException
Unable to apply path '%2$s' to type '%1$s'. This path was declared as a path to collect entities of type '%3$s' to be reindexed. Hibernate Search needs to apply this path in order to reindex '%3$s' when '%1$s' is modified. Nested exception: %4$s
HSEARCH700047
org.hibernate.search.util.common.SearchException
Invalid use of 'fromOtherEntity': this method can only be used when the bridged element has an entity type, but the bridged element has type '%1$s', which is not an entity type.
HSEARCH700048
org.hibernate.search.util.common.SearchException
Invalid type passed to 'fromOtherEntity': the type must be an entity type. Type '%1$s' is not an entity type.
HSEARCH700049
org.hibernate.search.util.common.SearchException
Incorrect binder implementation: the binder did not declare any dependency to the entity model during binding. Declare dependencies using context.dependencies().use(...) or, if the bridge really does not depend on the entity model, context.dependencies().useRootOnly().
HSEARCH700050
org.hibernate.search.util.common.SearchException
Incorrect binder implementation: the binder called context.dependencies().useRootOnly() during binding, but also declared extra dependencies to the entity model.
HSEARCH700051
org.hibernate.search.util.common.SearchException
Unable to apply property mapping: this property mapping must target an index field of standard, scaled-number type (BigDecimal or BigInteger), but the resolved field type is non-standard or non-scaled. This generally means you need to use a different field annotation or to convert property values using a custom ValueBridge or ValueBinder. If you are already using a custom ValueBridge or ValueBinder, check its field type. Details: encountered type DSL step '%1$s', which does not extend the expected interface '%2$s'.
HSEARCH700052
org.hibernate.search.util.common.SearchException
Unexpected extractor references: extractors cannot be defined explicitly when extract = ContainerExtract.NO. Either leave 'extract' to its default value to define extractors explicitly or leave the 'extractor' list to its default, empty value to disable extraction.
HSEARCH700053
org.hibernate.search.util.common.SearchException
No container extractor with name '%1$s'. Check that this name matches a container extractor, either a builtin one whose name is a constant in '%2$s' or a custom one that was properly registered.
HSEARCH700058
org.hibernate.search.util.common.SearchException
Incorrect binder implementation: binder '%1$s' did not call context.bridge(...).
HSEARCH700059
org.hibernate.search.util.common.SearchException
Incorrect binder implementation: binder '%1$s' did not call context.marker(...).
HSEARCH700060
org.hibernate.search.util.common.SearchException
Unable to trigger entity processing while already processing entities. Make sure you do not change entities within an entity getter or a custom bridge used for indexing, and avoid any event that could trigger entity processing. Hibernate ORM flushes, in particular, must be avoided in entity getters and bridges.
HSEARCH700061
org.hibernate.search.util.common.SearchException
Unable to index-embed type '%1$s': no index mapping (@GenericField, @FullTextField, custom bridges, ...) is defined for that type.
HSEARCH700064
org.hibernate.search.util.common.SearchException
Multiple entity names assigned to the same type: '%1$s', '%2$s'.
HSEARCH700065
org.hibernate.search.util.common.SearchException
Unable to apply property mapping: this property mapping must target an index field of standard type, but the resolved field type is non-standard. This generally means you need to use a different field annotation or to convert property values using a custom ValueBridge or ValueBinder. If you are already using a custom ValueBridge or ValueBinder, check its field type. Details: encountered type DSL step '%1$s', which does not extend the expected interface '%2$s'.
HSEARCH700066
org.hibernate.search.util.common.SearchException
Unable to apply property mapping: this property mapping must target an index field of non-standard type, but the resolved field type is standard. Switch to a standard field annotation such as @GenericField. Details: encountered type DSL step '%1$s', which does extend the interface '%2$s'.
HSEARCH700067
org.hibernate.search.util.common.SearchException
Invalid annotation processor: '%1$s'. This processor expects annotations of a different type: '%2$s'.
HSEARCH700068
org.hibernate.search.util.common.SearchException
Empty annotation processor reference in meta-annotation '%1$s'.
HSEARCH700069
org.hibernate.search.util.common.SearchException
Ambiguous @IndexedEmbedded name: both 'name' and 'prefix' are set. Only one can be set. Name is '%1$s', prefix is '%2$s'.
HSEARCH700070
org.hibernate.search.util.common.SearchException
Invalid index field name '%1$s': field names cannot contain a dot ('.').
HSEARCH700071
org.hibernate.search.util.common.SearchException
No property annotated with @Alternative(id = %1$s). There must be exactly one such property in order to map property '%2$s' to multi-alternative fields.
HSEARCH700072
org.hibernate.search.util.common.SearchException
Multiple properties annotated with @Alternative(id = %1$s). There must be exactly one such property in order to map property '%2$s' to multi-alternative fields.
HSEARCH700073
org.hibernate.search.util.common.SearchException
Invalid routing bridge for entity type '%2$s': '%1$s' This bridge expects an entity type extending '%3$s'.
HSEARCH700075
org.hibernate.search.util.common.SearchException
Incorrect routing bridge implementation: routing bridge '%1$s' did not define any current route. In the implementation of RoutingBridge.route(...), define exactly one current route by calling 'routes.addRoute()', or explicitly indicate indexing is not required by calling 'routes.notIndexed()'.
HSEARCH700076
org.hibernate.search.util.common.SearchException
Incorrect routing bridge implementation: routing bridge '%1$s' defined multiple current routes. In the implementation of RoutingBridge.route(...), define at most one current route by calling 'routes.addRoute()' at most once.
HSEARCH700077
org.hibernate.search.util.common.SearchException
Incorrect routing bridge implementation: routing bridge '%1$s' did not define any previous route. In the implementation of RoutingBridge.previousRoutes(...), define at least one previous route by calling 'routes.addRoute()' at least once, or explicitly indicate no prior indexing was performed by calling 'routes.notIndexed()'.
HSEARCH700078
org.hibernate.search.util.common.SearchException
No readable property named '%2$s' on type '%1$s'.
HSEARCH700079
org.hibernate.search.util.common.SearchException
Exception while retrieving property type model for '%1$s' on '%2$s'.
HSEARCH700080
org.hibernate.search.util.common.SearchException
Unable to infer index field type for value bridge '%1$s': this bridge implements ValueBridge, but sets the generic type parameter F to '%2$s'. The index field type can only be inferred automatically when this type parameter is set to a raw class. Use a ValueBinder to set the index field type explicitly, or set the type parameter F to a definite, raw type.
HSEARCH700081
org.hibernate.search.util.common.SearchException
Unable to infer expected identifier type for identifier bridge '%1$s': this bridge implements IdentifierBridge, but sets the generic type parameter I to '%2$s'. The expected identifier type can only be inferred automatically when this type parameter is set to a raw class. Use an IdentifierBinder to set the expected identifier type explicitly, or set the type parameter I to a definite, raw type.
HSEARCH700082
org.hibernate.search.util.common.SearchException
Unable to infer expected value type for value bridge '%1$s': this bridge implements ValueBridge, but sets the generic type parameter V to '%2$s'. The expected value type can only be inferred automatically when this type parameter is set to a raw class. Use a ValueBinder to set the expected value type explicitly, or set the type parameter V to a definite, raw type.
HSEARCH700083
org.hibernate.search.util.common.SearchException
Exception while building document for entity '%1$s': %2$s
HSEARCH700084
org.hibernate.search.util.common.SearchException
Exception while resolving other entities to reindex as a result of changes on entity '%1$s': %2$s
HSEARCH700085
WARN
Multiple getters exist for property named '%2$s' on type '%1$s'. Hibernate Search will use '%3$s' and ignore %4$s. The selected getter may change from one startup to the next. To get rid of this warning, either remove the extra getters or configure the access type for this property to 'FIELD'.
HSEARCH700086
org.hibernate.search.util.common.SearchException
Unexpected entity name for entity loading: '%1$s'. Expected one of %2$s.
HSEARCH700087
org.hibernate.search.util.common.SearchException
Invalid indexing request: if the entity is null, the identifier must be provided explicitly.
HSEARCH700088
org.hibernate.search.util.common.SearchException
Invalid indexing request: the add and update operations require a non-null entity.
HSEARCH700089
org.hibernate.search.util.common.SearchException
No matching entity type for name '%1$s'. Either this is not the name of an entity type, or the entity type is not mapped in Hibernate Search. Valid names for mapped entity types are: %2$s
HSEARCH700090
org.hibernate.search.util.common.SearchException
The required identifier type '%1$s' does not match the actual identifier type '%2$s': the required identifier must be a superclass of the actual identifier.
HSEARCH700101
org.hibernate.search.util.common.SearchException
%1$s failure(s) occurred during mass indexing. See the logs for details. First failure on entity '%2$s': %3$s
HSEARCH700102
ERROR
The mass indexing failure handler threw an exception while handling a previous failure. The failure may not have been reported.
HSEARCH700103
org.hibernate.search.util.common.SearchException
Mass indexing received interrupt signal. The index is left in an unknown state!
HSEARCH700104
org.hibernate.search.util.common.SearchException
Param with name '%1$s' has not been defined for the binder.
HSEARCH700105
org.hibernate.search.util.common.SearchException
Cannot work with the identifier of entities of type '%1$s': identifier mapping (@DocumentId, ...) is not configured for this type.
HSEARCH700107
org.hibernate.search.util.common.SearchException
No main constructor for type '%1$s': this type does not declare exactly one constructor.
HSEARCH700109
org.hibernate.search.util.common.SearchException
No constructor with parameter types %2$s on type '%1$s'. Available constructors: %3$s
HSEARCH700110
org.hibernate.search.util.common.SearchException
Exception while retrieving parameter type model for parameter #%1$s of '%2$s'.
HSEARCH700111
org.hibernate.search.util.common.SearchException
Exception while retrieving constructor handle for '%1$s' on '%2$s'.
HSEARCH700112
org.hibernate.search.util.common.SearchException
Invalid object class for projection: %1$s. Make sure that this class is mapped correctly, either through annotations (@ProjectionConstructor) or programmatic mapping. If it is, make sure the class is included in a Jandex index made available to Hibernate Search.
HSEARCH700113
org.hibernate.search.util.common.SearchException
Invalid declaring type for projection constructor: type '%1$s' is abstract. Projection constructors can only be declared on concrete types.
HSEARCH700114
org.hibernate.search.util.common.SearchException
Missing parameter names in Java metadata for projection constructor. When inferring inner projections from constructor parameters, constructor parameter names must be known. Either make sure this class was compiled with the '-parameters' compiler flag, or set the path explicitly with '@FieldProjection(path = ...)' or '@ObjectProjection(path = ...)'.
HSEARCH700115
org.hibernate.search.util.common.SearchException
Invalid parameter type for projection constructor: %1$s. When inferring the cardinality of inner projections from constructor parameters, multi-valued constructor parameters must be lists (java.util.List<...>) or list supertypes (java.lang.Iterable<...>, java.util.Collection<...>)
HSEARCH700116
org.hibernate.search.util.common.SearchException
Multiple projection constructor are mapped for type '%1$s'. At most one projection constructor is allowed for each type.
HSEARCH700117
DEBUG
Constructor projection for type '%1$s': %2$s
HSEARCH700118
org.hibernate.search.util.common.SearchException
Cyclic recursion starting from '%1$s' on %2$s. Index field path starting from that location and ending with a cycle: '%3$s'. A projection constructor cannot declare an unrestricted @ObjectProjection to itself, even indirectly. To break the cycle, you should consider adding filters to your @ObjectProjection: includePaths, includeDepth, excludePaths, ...
HSEARCH700119
org.hibernate.search.util.common.SearchException
Exception while retrieving the Jandex index for code source location '%1$s': %2$s
HSEARCH700120
WARN
Both "dropAndCreateSchemaOnStart()" and "purgeAllOnStart()" are enabled. Consider having just one setting enabled as after the index is recreated there is nothing to purge.
HSEARCH700121
org.hibernate.search.util.common.SearchException
Invalid ObjectPath encountered '%1$s': %2$s
HSEARCH700122
WARN
An unexpected failure occurred while configuring resolution of association inverse side for reindexing. This may lead to incomplete reindexing and thus out-of-sync indexes. The exception is being ignored to preserve backwards compatibility with earlier versions of Hibernate Search. Failure: %3$s %2$s Association inverse side: %1$s.
Indexing failure: %1$s. The following entities may not have been updated correctly in the index: %2$s.
HSEARCH700125
org.hibernate.search.util.common.SearchException
%1$s failures went unreported for this operation to avoid flooding. To disable flooding protection, use 'massIndexer.failureFloodingThreshold(Long.MAX_VALUE)'.
HSEARCH700126
org.hibernate.search.util.common.SearchException
Target path '%1$s' already exists and is not an empty directory. Use a path to an empty or non-existing directory.
HSEARCH700127
org.hibernate.search.util.common.SearchException
Unable to export the schema: %1$s
HSEARCH700128
org.hibernate.search.util.common.SearchException
Indexing plan for '%1$s' cannot be created as this type is excluded by the indexing plan filter.
HSEARCH700129
org.hibernate.search.util.common.SearchException
'%1$s' cannot be included and excluded at the same time within one filter. Already included types: '%2$s'. Already excluded types: '%3$s'.
HSEARCH700130
org.hibernate.search.util.common.SearchException
No matching entity type for class '%1$s'. This class is neither an entity type mapped in Hibernate Search nor a superclass of such entity type. Note interfaces are not considered superclasses and are not permitted here. Valid classes are: %2$s
HSEARCH700131
org.hibernate.search.util.common.SearchException
No matching entity type for the name '%1$s'. This name represents neither an entity type mapped in Hibernate Search nor a superclass of such entity type. Valid entity type names are: %2$s
HSEARCH700132
org.hibernate.search.util.common.SearchException
No matching supertype type for type identifier '%1$s'. Valid identifiers for indexed entity types are: %2$s
HSEARCH700133
org.hibernate.search.util.common.SearchException
No parameter at index '%2$s' for constructor '%1$s'.
HSEARCH700134
org.hibernate.search.util.common.SearchException
Multiple projections are mapped for this parameter. At most one projection is allowed for each parameter.
HSEARCH700135
org.hibernate.search.util.common.SearchException
Incorrect binder implementation: binder '%1$s' did not call context.definition(...).
HSEARCH700136
org.hibernate.search.util.common.SearchException
Invalid projection definition for constructor parameter type '%2$s': '%1$s'. This projection results in values of type '%3$s'.
HSEARCH700137
org.hibernate.search.util.common.SearchException
Invalid multi-valued projection definition for constructor parameter type '%2$s': '%1$s'. This projection results in values of type '%3$s'.
HSEARCH700138
org.hibernate.search.util.common.SearchException
Missing parameter names in Java metadata for projection constructor. When mapping a projection constructor parameter to a field projection without providing a field path, constructor parameter names must be known. Either make sure this class was compiled with the '-parameters' compiler flag, or set the path explicitly with '@FieldProjection(path = ...)'.
HSEARCH700139
org.hibernate.search.util.common.SearchException
Missing parameter names in Java metadata for projection constructor. When mapping a projection constructor parameter to an object projection without providing a field path, constructor parameter names must be known. Either make sure this class was compiled with the '-parameters' compiler flag, or set the path explicitly with '@ObjectProjection(path = ...)'.
HSEARCH700140
org.hibernate.search.util.common.SearchException
Missing parameter names in Java metadata for projection constructor. When mapping a projection constructor parameter to a highlight projection without providing a field path, constructor parameter names must be known. Either make sure this class was compiled with the '-parameters' compiler flag, or set the path explicitly with '@HighlightProjection(path = ...)'.
HSEARCH700141
org.hibernate.search.util.common.SearchException
Invalid constructor parameter type: '%1$s'. The highlight projection results in values of type 'List'.
HSEARCH700142
org.hibernate.search.util.common.SearchException
%1$s defines excludePaths filters that do not match anything. Non-matching excludePaths filters: %2$s. Encountered field paths: %3$s. Check the filters for typos, or remove them if they are not useful.
Unable to resolve path '%1$s' to a persisted attribute in Hibernate ORM metadata. If this path points to a transient attribute, use @IndexingDependency(derivedFrom = ...) to specify which persisted attributes it is derived from. See the reference documentation for more information.
HSEARCH800008
org.hibernate.search.util.common.SearchException
Path '%1$s' points to attribute '%2$s' that will never be reported as dirty by Hibernate ORM. Check that you didn't declare an invalid indexing dependency.
HSEARCH800009
org.hibernate.search.util.common.SearchException
Unable to apply container value extractor with name '%2$s' to Hibernate ORM metadata node of type '%1$s'.
HSEARCH800011
org.hibernate.search.util.common.SearchException
Unable to create a SearchSession for sessions created using a different session factory. Expected: '%1$s'. In use: '%2$s'.
HSEARCH800012
org.hibernate.search.util.common.SearchException
Unable to retrieve property type model for '%1$s' on '%2$s': %3$s
The entity loader for '%1$s' is ignoring the cache lookup strategy '%2$s', because document IDs are distinct from entity IDs and thus cannot be used for persistence context or second level cache lookups.
HSEARCH800020
DEBUG
The entity loader for '%1$s' is ignoring the second-level cache even though it was instructed to use it, because caching is not enabled for this entity type.
HSEARCH800021
org.hibernate.search.util.common.SearchException
Unable to access Hibernate ORM session factory: %1$s
HSEARCH800022
org.hibernate.search.util.common.SearchException
Indexing failure: %1$s. The following entities may not have been updated correctly in the index: %2$s.
HSEARCH800023
org.hibernate.search.util.common.SearchException
Unable to process entities for indexing before transaction completion: %1$s
HSEARCH800024
org.hibernate.search.util.common.SearchException
Unable to index documents for indexing after transaction completion: %1$s
HSEARCH800025
org.hibernate.search.util.common.SearchException
Unable to handle transaction: %1$s
HSEARCH800027
org.hibernate.search.util.common.SearchException
Unknown type: '%1$s'. Available named types: %2$s. For entity types, the correct type name is the entity name. For component types (embeddeds, ...) in dynamic-map entities, the correct type name is name of the owner entity followed by a dot ('.') followed by the dot-separated path to the component, e.g. 'MyEntity.myEmbedded' or 'MyEntity.myEmbedded.myNestedEmbedded'.
HSEARCH800028
org.hibernate.search.util.common.SearchException
No matching entity type for name '%1$s'. This is not the name of a Hibernate ORM entity type. Valid names for Hibernate ORM entity types are: %2$s
HSEARCH800029
org.hibernate.search.util.common.SearchException
Invalid type for '%1$s': the entity type must extend '%2$s', but entity type '%3$s' does not.
No matching indexed entity type for class '%1$s'. Either this class is not an entity type, or the entity type is not indexed in Hibernate Search. Valid classes for indexed entity types are: %2$s
HSEARCH800034
org.hibernate.search.util.common.SearchException
No matching indexed entity type for name '%1$s'. Either this is not the name of an entity type, or the entity type is not indexed in Hibernate Search. Valid names for indexed entity types are: %2$s
HSEARCH800035
ERROR
Unable to shut down Hibernate Search: %1$s
HSEARCH800036
org.hibernate.search.util.common.SearchException
Cannot use scroll() with scroll mode '%1$s' with Hibernate Search queries: only ScrollMode.FORWARDS_ONLY is supported.
HSEARCH800037
org.hibernate.search.util.common.SearchException
Cannot scroll backwards with Hibernate Search scrolls: they are forwards-only. Ensure you always increment the scroll position, and never decrement it.
HSEARCH800038
org.hibernate.search.util.common.SearchException
Cannot set the scroll position relative to the end with Hibernate Search scrolls. Ensure you always pass a positive number to setRowNumber().
HSEARCH800039
org.hibernate.search.util.common.SearchException
Cannot use this ScrollableResults instance: it is closed.
HSEARCH800040
org.hibernate.search.util.common.SearchException
Multiple instances of entity type '%1$s' have their property '%2$s' set to '%3$s'. '%2$s' is the document ID and must be assigned unique values.
Cannot customize the indexing plan synchronization strategy: the selected coordination strategy always processes events asynchronously, through a queue.
HSEARCH800053
WARN
Configuration property '%1$s' is deprecated; use '%2$s' instead.
HSEARCH800054
org.hibernate.search.util.common.SearchException
Cannot determine the set of all possible tenant identifiers. You must provide this information by setting configuration property '%1$s' to a comma-separated string containing all possible tenant identifiers.
HSEARCH800055
org.hibernate.search.util.common.SearchException
Cannot target tenant '%1$s' because this tenant identifier was not listed in the configuration provided on startup. To target this tenant, you must provide the tenant identifier through configuration property '%3$s', which should be set to a comma-separated string containing all possible tenant identifiers. Currently configured tenant identifiers: %2$s.
HSEARCH800056
INFO
Ignoring unrecognized query hint [%s]
HSEARCH800057
org.hibernate.search.util.common.SearchException
Cannot set the fetch size of Hibernate Search ScrollableResults after having created them. If you want to define the size of batches for entity loading, set loading options when defining the query instead, for example with .loading(o -> o.fetchSize(50)). See the reference documentation for more information.
HSEARCH800058
org.hibernate.search.util.common.SearchException
No matching entity type for type identifier '%1$s'. Either this type is not an entity type, or the entity type is not mapped in Hibernate Search. Valid identifiers for mapped entity types are: %2$s
HSEARCH800059
org.hibernate.search.util.common.SearchException
No matching indexed entity type for type identifier '%1$s'. Either this type is not an entity type, or the entity type is not indexed in Hibernate Search. Valid identifiers for indexed entity types are: %2$s
HSEARCH800060
org.hibernate.search.util.common.SearchException
No matching entity type for class '%1$s'. Either this class is not an entity type, or the entity type is not mapped in Hibernate Search. Valid classes for mapped entity types are: %2$s
HSEARCH800061
org.hibernate.search.util.common.SearchException
No matching entity type for name '%1$s'. Either this is not the name of an entity type, or the entity type is not mapped in Hibernate Search. Valid names for mapped entity types are: %2$s
HSEARCH800062
org.hibernate.search.util.common.SearchException
No matching entity type for name '%1$s'. Either this is not the JPA name of an entity type, or the entity type is not mapped in Hibernate Search. Valid JPA names for mapped entities are: %2$s
HSEARCH800063
org.hibernate.search.util.common.SearchException
No matching indexed entity type for name '%1$s'. Either this is not the JPA name of an entity type, or the entity type is not indexed in Hibernate Search. Valid JPA names for indexed entities are: %2$s
HSEARCH800064
org.hibernate.search.util.common.SearchException
No matching entity type for name '%1$s'. Either this is not the Hibernate ORM name of an entity type, or the entity type is not mapped in Hibernate Search. Valid Hibernate ORM names for mapped entities are: %2$s
HSEARCH800121
WARN
An unexpected failure occurred while resolving the representation of path '%1$s' in the entity state array, which is necessary to configure resolution of association inverse side for reindexing. This may lead to incomplete reindexing and thus out-of-sync indexes. The exception is being ignored to preserve backwards compatibility with earlier versions of Hibernate Search. Failure: %3$s %2$s
HSEARCH800122
org.hibernate.search.util.common.SearchException
Both '%1$s' and '%2$s' are configured. Use only '%1$s' to set the indexing plan synchronization strategy.
HSEARCH800123
WARN
Configuration property '%1$s' is deprecated; use '%2$s' instead.
HSEARCH800124
org.hibernate.search.util.common.SearchException
Unable to apply the given filter at the session level with the outbox polling coordination strategy. With this coordination strategy, applying a session-level indexing plan filter is only allowed if it excludes all types.
HSEARCH800125
WARN
Configuration property '%1$s' is deprecated. This setting will be removed in a future version. There will be no alternative provided to replace it. A dirty check will always be performed when considering triggering the reindexing.
HSEARCH800126
org.hibernate.search.util.common.SearchException
Both '%1$s' and '%2$s' are configured. Use only '%2$s' to enable indexing listeners.
HSEARCH900000
java.lang.IllegalArgumentException
'%1$s' must not be null.
HSEARCH900001
java.lang.IllegalArgumentException
'%1$s' must not be null or empty.
HSEARCH900002
java.lang.IllegalArgumentException
'%1$s' must be positive or zero.
HSEARCH900003
java.lang.IllegalArgumentException
'%1$s' must not be null or empty.
HSEARCH900004
java.lang.IllegalArgumentException
'%1$s' must not be null or empty.
HSEARCH900005
org.hibernate.search.util.common.SearchException
Exception while invoking '%1$s' on '%2$s': %3$s.
HSEARCH900006
java.lang.IllegalArgumentException
Requested type argument %3$s to type %2$s in implementing type %1$s, but %2$s doesn't declare any type parameter.
HSEARCH900007
java.lang.IllegalArgumentException
Requested type argument %3$s to type %2$s in implementing type %1$s, but %2$s only declares %4$s type parameter(s).
HSEARCH900008
java.lang.IllegalArgumentException
Requested type argument index %3$s to type %2$s in implementing type %1$s should be 0 or greater.
HSEARCH900009
INFO
Unable to access the value of containing annotation '%1$s'. Ignoring annotation.
HSEARCH900010
java.lang.IllegalArgumentException
'%1$s' must be strictly positive.
HSEARCH900011
java.lang.IllegalArgumentException
'%1$s' must not contain any null element.
HSEARCH900012
org.hibernate.search.util.common.SearchException
Exception while invoking '%1$s' with arguments %2$s: %3$s
HSEARCH900013
org.hibernate.search.util.common.SearchException
Exception while accessing Jandex index for '%1$s': %2$s
HSEARCH900014
org.hibernate.search.util.common.SearchException
Exception while building Jandex index for '%1$s': %2$s
HSEARCH900015
java.lang.IllegalArgumentException
Property name '%1$s' cannot contain dots.
HSEARCH900016
java.io.IOException
Cannot open filesystem for code source at '%1$s': %2$s
HSEARCH900017
java.io.IOException
Cannot interpret '%1$s' as a local directory or JAR.
HSEARCH900018
java.io.IOException
Cannot open a ZIP filesystem for code source at '%1$s', because the URI points to content inside a nested JAR.
HV
Code
Level
Return Type
Message
HV000001
INFO
Hibernate Validator %s
HV000002
DEBUG
Ignoring XML configuration.
HV000003
DEBUG
Using %s as constraint validator factory.
HV000004
DEBUG
Using %s as message interpolator.
HV000005
DEBUG
Using %s as traversable resolver.
HV000006
DEBUG
Using %s as validation provider.
HV000007
DEBUG
%s found. Parsing XML based configuration.
HV000008
WARN
Unable to close input stream.
HV000010
WARN
Unable to close input stream for %s.
HV000011
WARN
Unable to create schema for %1$s: %2$s
HV000012
jakarta.validation.ValidationException
Unable to create annotation for configured constraint
HV000013
jakarta.validation.ValidationException
The class %1$s does not have a property '%2$s' with access %3$s.
HV000016
java.lang.IllegalArgumentException
%s does not represent a valid BigDecimal format.
HV000017
java.lang.IllegalArgumentException
The length of the integer part cannot be negative.
HV000018
java.lang.IllegalArgumentException
The length of the fraction part cannot be negative.
HV000019
java.lang.IllegalArgumentException
The min parameter cannot be negative.
HV000020
java.lang.IllegalArgumentException
The max parameter cannot be negative.
HV000021
java.lang.IllegalArgumentException
The length cannot be negative.
HV000022
java.lang.IllegalArgumentException
Invalid regular expression.
HV000023
jakarta.validation.ConstraintDeclarationException
Error during execution of script "%s" occurred.
HV000024
jakarta.validation.ConstraintDeclarationException
Script "%s" returned null, but must return either true or false.
HV000025
jakarta.validation.ConstraintDeclarationException
Script "%1$s" returned %2$s (of type %3$s), but must return either true or false.
Constraint factory returned null when trying to create instance of %s.
HV000030
jakarta.validation.UnexpectedTypeException
No validator could be found for constraint '%s' validating type '%s'. Check configuration for '%s'
HV000031
jakarta.validation.UnexpectedTypeException
There are multiple validator classes which could validate the type %1$s. The validator classes are: %2$s.
HV000032
jakarta.validation.ValidationException
Unable to initialize %s.
HV000033
jakarta.validation.ValidationException
At least one custom message must be created if the default error message gets disabled.
HV000034
java.lang.IllegalArgumentException
%s is not a valid Java Identifier.
HV000035
java.lang.IllegalArgumentException
Unable to parse property path %s.
HV000036
jakarta.validation.ValidationException
Type %s not supported for unwrapping.
HV000037
jakarta.validation.ValidationException
Inconsistent fail fast configuration. Fail fast enabled via programmatic API, but explicitly disabled via properties.
HV000038
java.lang.IllegalArgumentException
Invalid property path.
HV000039
java.lang.IllegalArgumentException
Invalid property path. Either there is no property %2$s in entity %1$s or it is not possible to cascade to the property.
HV000040
java.lang.IllegalArgumentException
Property path must provide index or map key.
HV000041
jakarta.validation.ValidationException
Call to TraversableResolver.isReachable() threw an exception.
HV000042
jakarta.validation.ValidationException
Call to TraversableResolver.isCascadable() threw an exception.
HV000043
jakarta.validation.GroupDefinitionException
Unable to expand default group list %1$s into sequence %2$s.
HV000044
java.lang.IllegalArgumentException
At least one group has to be specified.
HV000045
jakarta.validation.ValidationException
A group has to be an interface. %s is not.
HV000046
jakarta.validation.GroupDefinitionException
Sequence definitions are not allowed as composing parts of a sequence.
HV000047
jakarta.validation.GroupDefinitionException
Cyclic dependency in groups definition
HV000048
jakarta.validation.GroupDefinitionException
Unable to expand group sequence.
HV000052
jakarta.validation.GroupDefinitionException
Default group sequence and default group sequence provider cannot be defined at the same time.
HV000053
jakarta.validation.GroupDefinitionException
'Default.class' cannot appear in default group sequence list.
HV000054
jakarta.validation.GroupDefinitionException
%s must be part of the redefined default group sequence.
HV000055
jakarta.validation.GroupDefinitionException
The default group sequence provider defined for %s has the wrong type
HV000056
java.lang.IllegalArgumentException
Method or constructor %1$s doesn't have a parameter with index %2$d.
HV000059
jakarta.validation.ValidationException
Unable to retrieve annotation parameter value.
HV000062
java.lang.IllegalArgumentException
Method or constructor %1$s has %2$s parameters, but the passed list of parameter meta data has a size of %3$s.
HV000063
jakarta.validation.ValidationException
Unable to instantiate %s.
HV000064
jakarta.validation.ValidationException
Unable to instantiate %1$s: %2$s.
HV000065
jakarta.validation.ValidationException
Unable to load class: %s from %s.
HV000068
java.lang.IllegalArgumentException
Start index cannot be negative: %d.
HV000069
java.lang.IllegalArgumentException
End index cannot be negative: %d.
HV000070
java.lang.IllegalArgumentException
Invalid Range: %1$d > %2$d.
HV000071
java.lang.IllegalArgumentException
A explicitly specified check digit must lie outside the interval: [%1$d, %2$d].
HV000072
java.lang.NumberFormatException
'%c' is not a digit.
HV000073
jakarta.validation.ConstraintDefinitionException
Parameters starting with 'valid' are not allowed in a constraint.
HV000074
jakarta.validation.ConstraintDefinitionException
%2$s contains Constraint annotation, but does not contain a %1$s parameter.
HV000075
jakarta.validation.ConstraintDefinitionException
%s contains Constraint annotation, but the payload parameter default value is not the empty array.
HV000076
jakarta.validation.ConstraintDefinitionException
%s contains Constraint annotation, but the payload parameter is of wrong type.
HV000077
jakarta.validation.ConstraintDefinitionException
%s contains Constraint annotation, but the groups parameter default value is not the empty array.
HV000078
jakarta.validation.ConstraintDefinitionException
%s contains Constraint annotation, but the groups parameter is of wrong type.
HV000079
jakarta.validation.ConstraintDefinitionException
%s contains Constraint annotation, but the message parameter is not of type java.lang.String.
HV000080
jakarta.validation.ConstraintDefinitionException
Overridden constraint does not define an attribute with name %s.
HV000081
jakarta.validation.ConstraintDefinitionException
The overriding type of a composite constraint must be identical to the overridden one. Expected %1$s found %2$s.
HV000082
jakarta.validation.ValidationException
Wrong type for attribute '%2$s' of annotation %1$s. Expected: %3$s. Actual: %4$s.
HV000083
jakarta.validation.ValidationException
The specified annotation %1$s defines no attribute '%2$s'.
HV000084
jakarta.validation.ValidationException
Unable to get attribute '%2$s' from annotation %1$s.
HV000085
java.lang.IllegalArgumentException
No value provided for attribute '%1$s' of annotation @%2$s.
HV000086
java.lang.RuntimeException
Trying to instantiate annotation %1$s with unknown attribute(s): %2$s.
HV000087
java.lang.IllegalArgumentException
Property name cannot be null or empty.
HV000088
java.lang.IllegalArgumentException
Element type has to be FIELD or METHOD.
HV000089
java.lang.IllegalArgumentException
Member %s is neither a field nor a method.
HV000090
jakarta.validation.ValidationException
Unable to access %s.
HV000091
java.lang.IllegalArgumentException
%s has to be a primitive type.
HV000093
jakarta.validation.ValidationException
null is an invalid type for a constraint validator.
HV000094
java.lang.IllegalArgumentException
Missing actual type argument for type parameter: %s.
HV000095
jakarta.validation.ValidationException
Unable to instantiate constraint factory class %s.
HV000096
jakarta.validation.ValidationException
Unable to open input stream for mapping file %s.
HV000097
jakarta.validation.ValidationException
Unable to instantiate message interpolator class %s.
HV000098
jakarta.validation.ValidationException
Unable to instantiate traversable resolver class %s.
HV000099
jakarta.validation.ValidationException
Unable to instantiate validation provider class %s.
HV000100
jakarta.validation.ValidationException
Unable to parse %s.
HV000101
jakarta.validation.ValidationException
%s is not an annotation.
HV000102
jakarta.validation.ValidationException
%s is not a constraint validator class.
HV000103
jakarta.validation.ValidationException
%s is configured at least twice in xml.
HV000104
jakarta.validation.ValidationException
%1$s is defined twice in mapping xml for bean %2$s.
HV000105
jakarta.validation.ValidationException
%1$s does not contain the fieldType %2$s.
HV000106
jakarta.validation.ValidationException
%1$s does not contain the property %2$s.
HV000107
jakarta.validation.ValidationException
Annotation of type %1$s does not contain a parameter %2$s.
HV000108
jakarta.validation.ValidationException
Attempt to specify an array where single value is expected.
HV000109
jakarta.validation.ValidationException
Unexpected parameter value.
HV000110
jakarta.validation.ValidationException
Invalid %s format.
HV000111
jakarta.validation.ValidationException
Invalid char value: %s.
HV000112
jakarta.validation.ValidationException
Invalid return type: %s. Should be a enumeration type.
HV000113
jakarta.validation.ValidationException
%s, %s, %s are reserved parameter names.
HV000114
jakarta.validation.ValidationException
Specified payload class %s does not implement jakarta.validation.Payload
HV000115
jakarta.validation.ValidationException
Error parsing mapping file.
HV000116
java.lang.IllegalArgumentException
%s
HV000118
java.lang.ClassCastException
Unable to cast %s (with element kind %s) to %s
HV000119
DEBUG
Using %s as parameter name provider.
HV000120
jakarta.validation.ValidationException
Unable to instantiate parameter name provider class %s.
HV000121
jakarta.validation.ValidationException
Unable to parse %s.
HV000122
jakarta.validation.ValidationException
Unsupported schema version for %s: %s.
HV000124
jakarta.validation.ConstraintDeclarationException
Found multiple group conversions for source group %s: %s.
HV000125
jakarta.validation.ConstraintDeclarationException
Found group conversions for non-cascading element at: %s.
HV000127
jakarta.validation.ConstraintDeclarationException
Found group conversion using a group sequence as source at: %s.
HV000129
WARN
EL expression '%s' references an unknown property
HV000130
WARN
Error in EL expression '%s'
HV000131
jakarta.validation.ConstraintDeclarationException
A method return value must not be marked for cascaded validation more than once in a class hierarchy, but the following two methods are marked as such: %s, %s.
HV000132
jakarta.validation.ConstraintDeclarationException
Void methods must not be constrained or marked for cascaded validation, but method %s is.
HV000133
jakarta.validation.ValidationException
%1$s does not contain a constructor with the parameter types %2$s.
HV000134
jakarta.validation.ValidationException
Unable to load parameter of type '%1$s' in %2$s.
HV000135
jakarta.validation.ValidationException
%1$s does not contain a method with the name '%2$s' and parameter types %3$s.
HV000136
jakarta.validation.ValidationException
The specified constraint annotation class %1$s cannot be loaded.
HV000137
jakarta.validation.ValidationException
The method '%1$s' is defined twice in the mapping xml for bean %2$s.
HV000138
jakarta.validation.ValidationException
The constructor '%1$s' is defined twice in the mapping xml for bean %2$s.
HV000139
jakarta.validation.ConstraintDefinitionException
The constraint '%1$s' defines multiple cross parameter validators. Only one is allowed.
HV000141
jakarta.validation.ConstraintDeclarationException
The constraint %1$s used ConstraintTarget#IMPLICIT where the target cannot be inferred.
HV000142
jakarta.validation.ConstraintDeclarationException
Cross parameter constraint %1$s is illegally placed on a parameterless method or constructor '%2$s'.
HV000143
jakarta.validation.ConstraintDeclarationException
Cross parameter constraint %1$s is illegally placed on class level.
HV000144
jakarta.validation.ConstraintDeclarationException
Cross parameter constraint %1$s is illegally placed on field '%2$s'.
HV000146
java.lang.IllegalStateException
No parameter nodes may be added since path %s doesn't refer to a cross-parameter constraint.
HV000147
jakarta.validation.ValidationException
%1$s is configured multiple times (note, and nodes for the same method are not allowed)
HV000148
WARN
An exception occurred during evaluation of EL expression '%s'
HV000149
jakarta.validation.ValidationException
An exception occurred during message interpolation
HV000150
jakarta.validation.UnexpectedTypeException
The constraint %1$s defines multiple validators for the type %2$s: %3$s, %4$s. Only one is allowed.
HV000151
jakarta.validation.ConstraintDeclarationException
A method overriding another method must not redefine the parameter constraint configuration, but method %2$s redefines the configuration of %1$s.
HV000152
jakarta.validation.ConstraintDeclarationException
Two methods defined in parallel types must not declare parameter constraints, if they are overridden by the same method, but methods %s and %s both define parameter constraints.
HV000153
jakarta.validation.ConstraintDeclarationException
The constraint %1$s used ConstraintTarget#%2$s but is not specified on a method or constructor.
HV000154
jakarta.validation.ConstraintDefinitionException
Cross parameter constraint %1$s has no cross-parameter validator.
HV000155
jakarta.validation.ConstraintDefinitionException
Composed and composing constraints must have the same constraint type, but composed constraint %1$s has type %3$s, while composing constraint %2$s has type %4$s.
HV000156
jakarta.validation.ConstraintDefinitionException
Constraints with generic as well as cross-parameter validators must define an attribute validationAppliesTo(), but constraint %s doesn't.
HV000157
jakarta.validation.ConstraintDefinitionException
Return type of the attribute validationAppliesTo() of the constraint %s must be jakarta.validation.ConstraintTarget.
HV000158
jakarta.validation.ConstraintDefinitionException
Default value of the attribute validationAppliesTo() of the constraint %s must be ConstraintTarget#IMPLICIT.
HV000159
jakarta.validation.ConstraintDefinitionException
Only constraints with generic as well as cross-parameter validators must define an attribute validationAppliesTo(), but constraint %s does.
HV000160
jakarta.validation.ConstraintDefinitionException
Validator for cross-parameter constraint %s does not validate Object nor Object[].
HV000161
jakarta.validation.ConstraintDeclarationException
Two methods defined in parallel types must not define group conversions for a cascaded method return value, if they are overridden by the same method, but methods %s and %s both define parameter constraints.
HV000162
java.lang.IllegalArgumentException
The validated type %1$s does not specify the constructor/method: %2$s
HV000163
java.lang.IllegalArgumentException
The actual parameter type '%1$s' is not assignable to the expected one '%2$s' for parameter %3$d of '%4$s'
HV000164
java.lang.IllegalArgumentException
%s has to be a auto-boxed type.
HV000165
java.lang.IllegalArgumentException
Mixing IMPLICIT and other executable types is not allowed.
HV000166
jakarta.validation.ValidationException
@ValidateOnExecution is not allowed on methods overriding a superclass method or implementing an interface. Check configuration for %1$s
HV000167
jakarta.validation.ValidationException
A given constraint definition can only be overridden in one mapping file. %1$s is overridden in multiple files
The message descriptor '%1$s' has nested parameters.
HV000170
jakarta.validation.ConstraintDeclarationException
No JSR-223 scripting engine could be bootstrapped for language "%s".
HV000171
jakarta.validation.ValidationException
%s is configured more than once via the programmatic constraint declaration API.
HV000172
jakarta.validation.ValidationException
Property "%2$s" of type %1$s is configured more than once via the programmatic constraint declaration API.
HV000173
jakarta.validation.ValidationException
Method %2$s of type %1$s is configured more than once via the programmatic constraint declaration API.
HV000174
jakarta.validation.ValidationException
Parameter %3$s of method or constructor %2$s of type %1$s is configured more than once via the programmatic constraint declaration API.
HV000175
jakarta.validation.ValidationException
The return value of method or constructor %2$s of type %1$s is configured more than once via the programmatic constraint declaration API.
HV000176
jakarta.validation.ValidationException
Constructor %2$s of type %1$s is configured more than once via the programmatic constraint declaration API.
HV000177
jakarta.validation.ValidationException
Cross-parameter constraints for the method or constructor %2$s of type %1$s are declared more than once via the programmatic constraint declaration API.
HV000178
java.lang.IllegalArgumentException
Multiplier cannot be negative: %d.
HV000179
java.lang.IllegalArgumentException
Weight cannot be negative: %d.
HV000180
java.lang.IllegalArgumentException
'%c' is not a digit nor a letter.
HV000181
java.lang.IllegalArgumentException
Wrong number of parameters. Method or constructor %1$s expects %2$d parameters, but got %3$d.
HV000182
jakarta.validation.ValidationException
No validation value unwrapper is registered for type '%1$s'.
HV000183
jakarta.validation.ValidationException
Unable to initialize 'jakarta.el.ExpressionFactory'. Check that you have the EL dependencies on the classpath, or use ParameterMessageInterpolator instead
HV000185
WARN
Message contains EL expression: %1s, which is not supported by the selected message interpolator
HV000189
jakarta.validation.ConstraintDeclarationException
The configuration of value unwrapping for property '%s' of bean '%s' is inconsistent between the field and its getter.
HV000190
jakarta.validation.ValidationException
Unable to parse %s.
HV000192
WARN
Couldn't determine Java version from value %1s; Not enabling features requiring Java 8
HV000193
jakarta.validation.ValidationException
%s is configured more than once via the programmatic constraint definition API.
HV000194
jakarta.validation.ValidationException
An empty element is only supported when a CharSequence is expected.
HV000195
jakarta.validation.ValidationException
Unable to reach the property to validate for the bean %s and the property path %s. A property is null along the way.
HV000196
jakarta.validation.ValidationException
Unable to convert the Type %s to a Class.
HV000197
jakarta.validation.ConstraintDeclarationException
No value extractor found for type parameter '%2$s' of type %1$s.
HV000198
jakarta.validation.ConstraintDeclarationException
No suitable value extractor found for type %1$s.
HV000200
DEBUG
Using %s as clock provider.
HV000201
jakarta.validation.ValidationException
Unable to instantiate clock provider class %s.
HV000202
jakarta.validation.ValidationException
Unable to get the current time from the clock provider
Given value extractor %2$s handles the same type and type use as previously given value extractor %1$s.
HV000209
jakarta.validation.ConstraintDeclarationException
A composing constraint (%2$s) must not be given directly on the composed constraint (%1$s) and using the corresponding List annotation at the same time.
HV000210
java.lang.IllegalArgumentException
Unable to find the type parameter %2$s in class %1$s.
HV000211
jakarta.validation.ValidationException
Given type is neither a parameterized nor an array type: %s.
HV000212
jakarta.validation.ValidationException
Given type has no type argument with index %2$s: %1$s.
HV000213
jakarta.validation.ValidationException
Given type has more than one type argument, hence an argument index must be specified: %s.
HV000214
jakarta.validation.ValidationException
The same container element type of type %1$s is configured more than once via the programmatic constraint declaration API.
HV000215
jakarta.validation.ValidationException
Calling parameter() is not allowed for the current element.
HV000216
jakarta.validation.ValidationException
Calling returnValue() is not allowed for the current element.
HV000217
jakarta.validation.ValidationException
The same container element type %2$s is configured more than once for location %1$s via the XML mapping configuration.
An error occurred while executing the script: "%s".
HV000234
DEBUG
Using %1$s as ValidatorFactory-scoped %2$s.
HV000235
jakarta.validation.ValidationException
Unable to create an annotation descriptor for %1$s.
HV000236
jakarta.validation.ValidationException
Unable to find the method required to create the constraint annotation descriptor.
HV000237
jakarta.validation.ValidationException
Unable to access method %3$s of class %2$s with parameters %4$s using lookup %1$s.
HV000238
DEBUG
Temporal validation tolerance set to %1$s.
HV000239
jakarta.validation.ValidationException
Unable to parse the temporal validation tolerance property %s. It should be a duration represented in milliseconds.
HV000240
DEBUG
Constraint validator payload set to %1$s.
HV000241
jakarta.validation.ValidationException
Encountered unsupported element %1$s while parsing the XML configuration.
HV000242
WARN
Unable to load or instantiate JPA aware resolver %1$s. All properties will per default be traversable.
HV000243
jakarta.validation.ConstraintDefinitionException
Constraint %2$s references constraint validator type %1$s, but this validator is defined for constraint type %3$s.
HV000244
java.lang.AssertionError
ConstrainedElement expected class was %1$s, but instead received %2$s.
HV000245
java.lang.AssertionError
Allowed constraint element types are FIELD and GETTER, but instead received %1$s.
HV000246
DEBUG
Using %s as getter property selection strategy.
HV000247
jakarta.validation.ValidationException
Unable to instantiate getter property selection strategy class %s.
HV000248
jakarta.validation.ValidationException
Unable to get an XML schema named %s.
HV000250
jakarta.validation.ValidationException
Uninitialized locale: %s. Please register your locale as a locale to initialize when initializing your ValidatorFactory.
HV000251
ERROR
An error occurred while loading an instance of service %s.
HV000252
DEBUG
Using %s as property node name provider.
HV000253
jakarta.validation.ValidationException
Unable to instantiate property node name provider class %s.
HV000254
WARN
Missing parameter metadata for %s, which declares implicit or synthetic parameters. Automatic resolution of generic type information for method parameters may yield incorrect results if multiple parameters have the same erasure. To solve this, compile your code with the '-parameters' flag.
HV000255
DEBUG
Using %s as locale resolver.
HV000256
jakarta.validation.ValidationException
Unable to instantiate locale resolver class %s.
HV000257
WARN
Expression variables have been defined for constraint %1$s while Expression Language is not enabled.
HV000258
java.lang.IllegalStateException
Expressions should not be resolved when Expression Language features are disabled.
HV000259
java.lang.IllegalStateException
Provided Expression Language feature level is not supported.
HV000260
DEBUG
Expression Language feature level for constraints set to %1$s.
HV000261
DEBUG
Expression Language feature level for custom violations set to %1$s.
HV000262
jakarta.validation.ValidationException
Unable to find an expression language feature level for value %s.
HV000263
WARN
EL expression '%s' references an unknown method.
HV000264
ERROR
Unable to interpolate EL expression '%s' as it uses a disabled feature.
HV000265
jakarta.validation.ValidationException
Inconsistent show validation value in trace logs configuration. It is enabled via programmatic API, but explicitly disabled via properties.
IJ
Code
Level
Return Type
Message
IJ000100
INFO
Closing a connection for you. Please close them yourself: %s
IJ000102
INFO
Throwable trying to close a connection for you, please close it yourself
IJ000103
INFO
Could not find a close method on alleged connection object (%s). Please close your own connections
IJ000201
ERROR
SecurityContext setup failed: %s
IJ000202
ERROR
SecurityContext setup failed since CallbackSecurity was null
IJ000301
INFO
Registered a null handle for managed connection: %s
IJ000302
INFO
Unregistered handle that was not registered: %s for managed connection: %s
IJ000303
INFO
Unregistered a null handle for managed connection: %s
IJ000305
WARN
Connection error occured: %s
IJ000306
WARN
Unknown connection error occured: %s
IJ000307
WARN
Notified of error on a different managed connection
IJ000311
INFO
Throwable from unregister connection
IJ000312
ERROR
Error while closing connection handle
IJ000313
ERROR
There is something wrong with the pooling
IJ000314
WARN
Error during beforeCompletion: %s
IJ000315
ERROR
Pool %s has %d active handles
IJ000316
ERROR
Handle allocation: %s
IJ000317
ERROR
Transaction boundary
IJ000318
ERROR
Delisting resource in pool %s failed
IJ000401
WARN
Error during tidy up connection: %s
IJ000402
WARN
ResourceException in returning connection: %s
IJ000403
WARN
Reconnecting a connection handle that still has a managed connection: %s %s
IJ000404
WARN
Unchecked throwable in managedConnectionDisconnected() cl=%s
IJ000405
WARN
Multiple LocalTransaction connection listeners enlisted for %s, cl=%s
Throwable while attempting to get a new connection: %s
IJ000605
WARN
Destroying connection that could not be successfully matched %s for %s
IJ000606
WARN
Throwable while trying to match managed connection, destroying connection: %s
IJ000607
WARN
ResourceException cleaning up managed connection: %s
IJ000608
WARN
Destroying returned connection, maximum pool size exceeded %s
IJ000609
WARN
Attempt to return connection twice: %s
IJ000610
WARN
Unable to fill pool: %s
IJ000611
WARN
Warning: Background validation was specified with a non compliant ManagedConnectionFactory interface
IJ000612
WARN
Destroying connection that could not be successfully matched: %s
IJ000613
WARN
Throwable while trying to match managed connection, destroying connection: %s
IJ000614
ERROR
Exception during createSubject() for %s: %s
IJ000615
WARN
Destroying active connection in pool: %s (%s)
IJ000616
ERROR
Leak detected in pool: %s (%s) (%d)
IJ000617
WARN
Invalid incrementer capacity policy: %s
IJ000618
WARN
Invalid decrementer capacity policy: %s
IJ000619
WARN
Invalid property '%s' with value '%s' for %s
IJ000620
WARN
Warning: ValidateOnMatch validation was specified with a non compliant ManagedConnectionFactory: %s
IJ000621
WARN
Destroying connection that could not be validated: %s
IJ000622
WARN
Unsupported pool implementation: %s
IJ000701
WARN
Exception during unbind
IJ000901
WARN
Error during connection close
IJ000902
ERROR
Error during inflow crash recovery for '%s' (%s)
IJ000903
ERROR
Error creating Subject for crash recovery: %s (%s)
IJ000904
WARN
No security domain defined for crash recovery: %s
IJ000905
WARN
Subject for crash recovery was null: %s
IJ000906
ERROR
Error during crash recovery: %s (%s)
IJ001001
WARN
No users.properties were found
IJ001002
ERROR
Error while loading users.properties
IJ001003
WARN
No roles.properties were found
IJ001004
ERROR
Error while loading roles.properties
IJ001005
WARN
No callback.properties were found
IJ001006
ERROR
Error while loading callback.properties
IJ001101
WARN
Prepare called on a local tx. Use of local transactions on a JTA transaction with more than one branch may result in inconsistent data in some cases of failure
IJ010001
ERROR
Parsing error of ra.xml file: %s
IJ010002
ERROR
Parsing error of ironjacamar.xml file: %s
IJ010003
ERROR
No @Connector was found and no definition in the ra.xml metadata either
IJ010004
ERROR
More than one @Connector was found but the correct one wasn't defined in the ra.xml metadata
IJ010005
WARN
Datasource pools with allow-multiple-users cannot be prefilled. Prefill setting will be ignored.
IJ020001
INFO
Required license terms for %s
IJ020002
INFO
Deployed: %s
IJ020003
WARN
Failure during validation report generation: %s
IJ020004
WARN
Only one connection definition found with a mismatch in class-name: %s
IJ020005
WARN
Only one admin object found with a mismatch in class-name: %s
IJ020006
ERROR
ConnectionFactory is null
IJ020007
ERROR
Exception during createSubject(): %s
IJ020008
WARN
Invalid config-property: %s
IJ020009
WARN
Invalid connection definition with class-name: %s
IJ020010
ERROR
Connection definition with missing class-name
IJ020011
ERROR
Admin object with missing class-name
IJ020012
WARN
Admin object not bound: %s
IJ020013
WARN
Connection factory not bound: %s
IJ020014
INFO
Admin object not specification compliant. See 13.4.2.3 for additional details: %s
IJ020015
INFO
Connection factory not specification compliant. See 6.5.1.3 for additional details: %s
IJ020016
WARN
Missing element. XA recovery disabled for: %s
IJ020017
WARN
Invalid archive: %s
IJ020018
INFO
Enabling for %s
IJ020019
INFO
Changed TransactionSupport for %s
IJ020020
WARN
Connection Properties for DataSource: '%s' is empty, try to use driver-class: '%s' and connection-url: '%s' to connect database
IJ030000
WARN
Unable to load connection listener: %s
IJ030001
WARN
Disabling exception sorter for: %s
IJ030002
WARN
Disabling exception sorter for: %s
IJ030003
WARN
Error checking exception fatality for: %s
IJ030004
WARN
Disabling validation connection checker for: %s
IJ030005
WARN
Disabling validation connection checker for: %s
IJ030006
WARN
Disabling stale connection checker for: %s
IJ030007
WARN
Disabling stale connection checker for: %s
IJ030008
WARN
HA setup detected for %s
IJ030020
WARN
Detected queued threads during cleanup from: %s
IJ030021
WARN
Queued thread: %s
IJ030022
WARN
Lock owned during cleanup: %s
IJ030023
WARN
Lock is locked during cleanup without an owner
IJ030024
WARN
Error resetting transaction isolation for: %s
IJ030025
WARN
Error during connection listener activation for: %s
IJ030026
WARN
Error during connection listener passivation for: %s
IJ030027
WARN
Destroying connection that is not valid, due to the following exception: %s
IJ030028
WARN
Error notifying of connection error for listener: %s
IJ030040
WARN
Closing a statement you left open, please do your own housekeeping for: %s
IJ030041
WARN
Error during closing a statement for: %s
IJ030042
WARN
Closing a result set you left open, please do your own housekeeping for: %s
IJ030043
WARN
Error during closing a result set for: %s
IJ030050
WARN
Error creating connection for: %s
IJ030051
ERROR
Unable to load undefined URLSelectStrategy for: %s
IJ030052
ERROR
Unable to load %s URLSelectStrategy for: %s
IJ030053
ERROR
Unable to load %s URLSelectStrategy for: %s
IJ030054
WARN
Error creating XA connection for: %s
IJ030055
ERROR
Unable to load undefined URLXASelectStrategy for: %s
IJ030056
ERROR
Unable to load %s URLXASelectStrategy for: %s
IJ030057
ERROR
Unable to load %s URLXASelectStrategy for: %s
IJ030060
WARN
Error checking state
IJ030061
WARN
Error resetting auto-commit for: %s
IPROTO
Code
Level
Return Type
Message
IPROTO000001
WARN
Field %s was read out of sequence leading to sub-optimal performance
IPROTO000002
WARN
Field %s was written out of sequence and will lead to sub-optimal read performance
The nested message depth appears to be larger than the configured limit of '%s'.It is possible that the entity to marshall with type '%s' can have some circular dependencies.
Directory %s does not exist and cannot be created!
ISPN000242
org.infinispan.commons.CacheException
Missing foreign externalizer with id=%s, either externalizer was not configured by client, or module lifecycle implementation adding externalizer was not loaded properly
ISPN000243
org.infinispan.commons.CacheException
Type of data read is unknown. Id=%d is not amongst known reader indexes.
%s is in 'STOPPING' state and this is an invocation not belonging to an on-going transaction, so it does not accept new invocations. Either restart it or recreate the cache container.
ISPN000325
java.lang.RuntimeException
Creating tmp cache %s timed out waiting for rebalancing to complete on node %s
ISPN000326
WARN
Remote transaction %s timed out. Rolling back after %d ms
Cannot find a parser for element '%s' in namespace '%s' at %s. Check that your configuration is up-to-date for Infinispan '%s' and you have the proper dependency in the classpath
ISPN000328
DEBUG
Rebalance phase %s confirmed for cache %s on node %s, topology id = %d
ISPN000329
WARN
Unable to read rebalancing status from coordinator %s
Transaction notifications are disabled. This prevents cluster listeners from working properly!
ISPN000396
DEBUG
Received unsolicited state from node %s for segment %d of cache %s
ISPN000397
org.infinispan.commons.CacheException
Could not migrate data for cache %s, check remote store config in the target cluster. Make sure only one remote store is present and is pointing to the source cluster
ISPN000398
java.lang.IllegalStateException
CH Factory '%s' cannot restore a persisted CH of class '%s'
ISPN000399
org.infinispan.util.concurrent.TimeoutException
Timeout while waiting for %d members in cluster. Last view had %s
Invalidation mode only supports when-split=ALLOW_READ_WRITES
ISPN000551
WARN
The custom interceptors configuration has been deprecated and will be ignored in the future
ISPN000553
WARN
Ignoring 'marshaller' attribute. Common marshallers are already available at runtime, and to deploy a custom marshaller, consult the 'Encoding' section in the user guide
ISPN000554
WARN
jboss-marshalling is deprecated and planned for removal
RELAY2 not found in the protocol stack. Cannot perform cross-site operations.
ISPN000572
WARN
index mode attribute is deprecated and should no longer be specified because its value is automatically detected. Most previously supported values are no longer supported. Please check the upgrade guide.
A single indexing directory provider is allowed per cache configuration. Setting multiple individual providers for the indexes belonging to a cache is not allowed.
Store '%s' must specify the '%s' attribute when global state is disabled
ISPN000599
WARN
Configuration for cache '%s' does not define the encoding for keys or values. If you use operations that require data conversion or queries, you should configure the cache with a specific MediaType for keys or values.
Store %s cannot be configured to be segmented as it does not contain the SEGMENTABLE characteristic
ISPN000602
WARN
Conversions between JSON and Java Objects are deprecated and will be removed in a future version. To read/write values as JSON, it is recommended to define a protobuf schema and store data in the cache using 'application/x-protostream' as MediaType
Indexing configuration using properties has been deprecated and will be removed in a future version, please consult the docs for the replacements. The following properties have been found: '%s'
ISPN000613
WARN
Indexing configuration using properties has been deprecated and will be removed in a future version, please use the and elements to configure indexing behavior.
Cleanup failed for cross-site state transfer. Invoke the cancel-push-state(%s) command if any nodes indicate pending operations to push state.
ISPN000619
WARN
Cleanup failed for cross-site state transfer. Invoke the cancel-receive(%s) command in site %s if any nodes indicate pending operations to receive state.
Cannot specify both template name and configuration for '%s'
ISPN004095
java.lang.IllegalArgumentException
Not a Hot Rod URI: %s
ISPN004096
java.lang.IllegalArgumentException
Invalid property format in URI: %s
ISPN004097
java.lang.IllegalArgumentException
Illegal attempt to redefine an already existing cache configuration: %s
ISPN004098
WARN
Closing connection %s due to transport error
ISPN004099
WARN
Remote iteration over the entire result set of query '%s' without using pagination options is inefficient for large result sets. Please consider using 'startOffset' and 'maxResults' options.
Near cache with bloom filter requires pool max active to be 1, was %s, and exhausted action to be WAIT, was %s
ISPN004104
WARN
Failed to load and create an optional ProtoStream serialization context initializer: %s
ISPN004105
WARN
Reverting to the initial server list for caches %s
ISPN004106
WARN
Invalid active count after closing channel %s
ISPN004107
WARN
Invalid created count after closing channel %s
ISPN004108
INFO
Native IOUring transport not available, using NIO instead: %s
ISPN004109
DEBUG
OpenTelemetry API is not present in the classpath. Client context tracing will not be propagated.
ISPN004110
DEBUG
OpenTelemetry API is present in the classpath and the tracing propagation is enabled. Client context tracing will be propagated.
ISPN004111
DEBUG
OpenTelemetry API is present in the classpath, but the tracing propagation is not enabled. Client context tracing will not be propagated.
ISPN008001
ERROR
Failed clearing cache store
ISPN008003
ERROR
SQL failure while integrating state into store
ISPN008009
ERROR
I/O error while unmarshalling from stream
ISPN008010
ERROR
*UNEXPECTED* ClassNotFoundException.
ISPN008011
ERROR
Error while creating table; used DDL statement: '%s'
ISPN008015
ERROR
Could not find a connection in jndi under the name '%s'
ISPN008016
ERROR
Could not lookup connection with datasource %s
ISPN008017
WARN
Failed to close naming context.
ISPN008018
ERROR
Sql failure retrieving connection from datasource
ISPN008019
ERROR
Issues while closing connection %s
ISPN008022
WARN
Unexpected sql failure
ISPN008023
WARN
Failure while closing the connection to the database
ISPN008024
ERROR
Error while storing string key to database; key: '%s'
ISPN008025
ERROR
Error while removing string keys from database
ISPN008026
ERROR
In order for JdbcStringBasedStore to support %s, the Key2StringMapper needs to implement TwoWayKey2StringMapper. You should either make %s implement TwoWayKey2StringMapper or disable the sql. See [https://jira.jboss.org/browse/ISPN-579] for more details.
ISPN008027
ERROR
SQL error while fetching stored entry with key: %s, lockingKey: %s
Unable to detect database dialect from JDBC driver name or connection metadata. Please provide this manually using the 'dialect' property in your configuration. Supported database dialect strings are %s
Cannot execute query: cluster is operating in degraded mode and partition handling configuration doesn't allow reads and writes.
ISPN014043
org.infinispan.commons.CacheException
Cannot find an appropriate Transformer for key type %s. Indexing only works with entries keyed on Strings, primitives, byte[], UUID, classes that have the @Transformable annotation or classes for which you have defined a suitable Transformer in the indexing configuration. Alternatively, see org.infinispan.query.spi.SearchManagerImplementor.registerKeyTransformer.
ISPN014044
ERROR
Failed to parse system property %s
ISPN014046
INFO
Setting org.apache.lucene.search.BooleanQuery.setMaxClauseCount from system property %s to value %d
ISPN014047
WARN
Ignoring system property %s because the value %d is smaller than the current value (%d) of org.apache.lucene.search.BooleanQuery.getMaxClauseCount()
ISPN014050
org.infinispan.commons.CacheException
Interrupted while waiting for completions of some batch indexing operations.
ISPN014051
org.hibernate.search.util.common.SearchException
%1$s entities could not be indexed. See the logs for details. First failure on entity '%2$s': %3$s
ISPN014052
java.lang.String
Indexing instance of entity '%s' during mass indexing
ISPN014053
org.infinispan.commons.CacheException
Invalid property key '%1$s`, it's not a string.
ISPN014054
org.infinispan.commons.CacheException
Trying to execute query `%1$s`, but no type is indexed on cache.
ISPN014055
org.infinispan.commons.CacheException
Cannot index entry since the search mapping failed to initialize.
ISPN014056
org.infinispan.commons.CacheException
Only DELETE statements are supported by executeStatement
ISPN014057
org.infinispan.commons.CacheException
DELETE statements cannot use paging (firstResult/maxResults)
ISPN014058
org.infinispan.commons.CacheException
Projections are not supported with entryIterator()
ISPN014059
WARN
The indexing engine is restarting, index updates will be skipped for the current data changes.
ISPN014060
INFO
We're getting some errors from Hibernate Search or Lucene while we compute the index count/size for statistics. There is probably a concurrent reindexing ongoing.
ISPN014062
DEBUG
Search engine is reloaded before the reindexing.
ISPN014063
INFO
Reindexing starting.
ISPN014501
org.hibernate.search.util.common.SearchException
Exception while retrieving the type model for '%1$s'.
ISPN014502
org.hibernate.search.util.common.SearchException
Multiple entity types configured with the same name '%1$s': '%2$s', '%3$s'
ISPN014503
org.hibernate.search.util.common.SearchException
Infinispan Search Mapper does not support named types. The type with name '%1$s' does not exist.
Class %s is not assignable from %s due to conflicting classloaders: %s and %s
JBWS022011
TRACE
Could not clear blacklist for classloader %s
JBWS022012
DEBUG
Could not load %s
JBWS022013
ERROR
Cannot parse: %s
JBWS022021
ERROR
Cannot read resource: %s
JBWS022022
WARN
Cannot load ID '%s' as URL (protocol = %s)
JBWS022025
DEBUG
WSDL import published to %s
JBWS022026
DEBUG
XMLSchema import published to %s
JBWS022027
WARN
Cannot delete published wsdl document: %s
JBWS022042
DEBUG
Cannot register processor %s with JMX server, will be trying using the default managed implementation.
JBWS022043
ERROR
Cannot register processor %s with JMX server
JBWS022044
ERROR
Cannot unregister processor %s with JMX server
JBWS022052
INFO
Starting %s %s
JBWS022053
DEBUG
Unable to calculate webservices port, using default %s
JBWS022054
DEBUG
Unable to calculate webservices secure port, using default %s
JBWS022055
DEBUG
Using undefined webservices host: %s
JBWS022056
DEBUG
Setting webservices host to localhost: %s
JBWS022057
DEBUG
Could not get address for host: %s
JBWS022058
WARN
Could not get port for webservices configuration from configured HTTP connector
JBWS022059
WARN
Unable to read from the http servlet request
JBWS022060
ERROR
Cannot trace SOAP message
JBWS022061
WARN
Method invocation failed with exception
JBWS022090
TRACE
Cannot get %s from root file, trying with additional metadata files
JBWS022098
TRACE
Cannot get %s from %s
JBWS022099
DEBUG
Error during deployment: %s
JBWS022100
ERROR
Error while destroying deployment %s due to previous exception
JBWS022102
ERROR
Cannot stop endpoint in state %s: %s
JBWS022103
ERROR
Cannot start endpoint in state %s: %s
JBWS022110
WARN
Could not add handler %s as part of client or endpoint configuration
JBWS022111
WARN
PortNamePattern and ServiceNamePattern filters not supported; adding handlers anyway
JBWS022112
WARN
Init params not supported; adding handler anyway
JBWS022113
ERROR
Error closing JAXBIntro configuration stream: %s
JBWS022114
TRACE
%s doesn't work on %s
JBWS022115
TRACE
Cannot get URL for %s
JBWS022116
TRACE
Could not find %s in the additional metadatafiles
JBWS022118
WARN
Cannot obtain host for vituralHost %s, use default host
JBWS022119
WARN
Cannot obtain port for vituralHost %s, use default port
JBWS024015
INFO
Cannot use the bus associated to the current deployment for starting a new endpoint, creating a new bus...
JBWS024016
TRACE
Unable to retrieve server config; this is an expected condition for jboss-modules enabled client.
JBWS024018
WARN
Unable to retrieve port QName from %s, trying matching port using endpoint interface name only.
JBWS024033
DEBUG
Setting new service endpoint address in wsdl: %s
JBWS024034
DEBUG
WSDL service endpoint address rewrite required because of server configuration: %s
JBWS024035
DEBUG
WSDL service endpoint address rewrite required because of invalid URL: %s
JBWS024036
DEBUG
WSDL service endpoint address rewrite not required: %s
JBWS024037
DEBUG
Rewritten new candidate WSDL service endpoint address '%s' to '%s'
JBWS024038
DEBUG
Invalid url '%s' provided, using original one without rewriting: %s
JBWS024040
TRACE
About to authenticate, using security domain %s
JBWS024041
TRACE
Authenticated, principal=%s
JBWS024042
TRACE
Security context propagated for principal %s
JBWS024054
ERROR
User principal is not available on the current message
JBWS024059
WARN
%s cannot open stream for resource: %s
JBWS024060
DEBUG
%s cannot resolve resource: %s
JBWS024061
INFO
Adding service endpoint metadata: %s
JBWS024062
DEBUG
id %s, overriding portName %s with %s
JBWS024063
DEBUG
id %s, overriding portName %s with %s
JBWS024064
DEBUG
id %s, enabling MTOM...
JBWS024065
DEBUG
id %s, enabling Addressing...
JBWS024066
DEBUG
id %s, enabling RespectBinding...
JBWS024067
DEBUG
id %s, overriding wsdlFile location with %s
JBWS024068
WARN
Handler chain deployment descriptor contribution: PortNamePattern, ServiceNamePattern and ProtocolBindings filters not supported; adding handlers anyway.
JBWS024069
WARN
Init params not supported, handler: %s
JBWS024073
ERROR
Error registering bus for management: %s
JBWS024074
INFO
WSDL published to: %s
JBWS024077
WARN
Cannot get wsdl publish location for null wsdl location and serviceName
JBWS024078
WARN
WSDL publisher not configured, unable to publish contract for endpoint class %s
JBWS024080
DEBUG
Actual configuration from file: %s
JBWS024086
TRACE
Error while getting default WSSConfig
JBWS024087
WARN
Could not early initialize security engine
JBWS024089
TRACE
Unable to load additional configuration from %s
JBWS024091
DEBUG
Could not get WSDL from %s, aborting soap:address rewrite.
JBWS024092
INFO
Adding %s policy attachment with id='%s' to honor requirement from %s.
JBWS024095
WARN
Unknown strategy '%s' requested for selecting the Apache CXF Bus to be used for building JAXWS clients; default strategy will be used.
JBWS024097
WARN
Could not delete wsdl file %s
JBWS024098
DEBUG
Deleted wsdl file %s
JBWS024099
WARN
Could not create wsdl data path.
JBWS024100
WARN
Could not delete wsdl directory %s
JBWS024102
DEBUG
JASPI authentication isn't enabled, can not find JASPI modules and classes
JBWS024103
DEBUG
Could not load BouncyCastle security provider; either setup your classpath properly or prevent loading by using the '%s' system property.
JBWS024105
WARN
Could not create instance of specified ClientBusSelector: %s
JBWS024106
WARN
Could not remove previuosly set features on client: %s
JBWS024110
ERROR
Unable to process handler element: %s
JBWS024112
WARN
Could not construct reference for config: %s
JBWS024114
ERROR
No security domain associated
JBWS024115
ERROR
Failed to compute UsernameToken profile digest from expected password
JIPI
Code
Level
Return Type
Message
JIPI020200
WARN
Could not load entity class '%s', ignoring this error and continuing with application deployment
JIPI020201
java.lang.IllegalArgumentException
Cannot change input stream reference.
JIPI020202
java.lang.IllegalArgumentException
Parameter %s is empty
JIPI020203
java.lang.RuntimeException
Missing PersistenceUnitMetadata (thread local wasn't set)
JIPI020204
java.lang.RuntimeException
Not yet implemented
JIPI020205
java.lang.IllegalArgumentException
Parameter %s is null
JIPI020250
java.lang.RuntimeException
Unable to open VirtualFile-based InputStream %s
JIPI020251
java.lang.IllegalArgumentException
URI syntax error
JIPI020252
WARN
second level cache not integrated - %s
JIPIORMV6
Code
Level
Return Type
Message
JIPIORMV6020260
INFO
Second level cache enabled for %s
JIPIORMV6020261
java.lang.IllegalStateException
Hibernate ORM did not register LifeCycleListener
JIPIORMV6020263
java.lang.IllegalStateException
hibernate.id.new_generator_mappings set to false is not supported, remove the setting or set to true. Refer to Hibernate ORM migration documentation for how to update the next id state in the application database.
JIPISEARCH
Code
Level
Return Type
Message
JIPISEARCH020290
java.lang.IllegalStateException
Failed to parse property '%2$s' while integrating Hibernate Search into persistence unit '%1$s
JNDIWFHTTP
Code
Level
Return Type
Message
JNDIWFHTTP000001
javax.naming.NamingException
Unexpected data in response
JNDIWFHTTP000002
javax.naming.NamingException
At least one URI must be provided
JNDIWFHTTP000003
java.io.InvalidClassException
Exception resolving class %s for unmarshalling; it has either been blocklisted or not allowlisted
KEYCLOAK
Code
Level
Return Type
Message
KEYCLOAK000001
org.jboss.as.controller.OperationFailedException
The migrate operation can not be performed: the server must be in admin-only mode
KEYCLOAK000002
java.lang.String
Migration failed, see results for more details.
LITE-EXTENSION-TRANSLATOR-
Code
Level
Return Type
Message
LITE-EXTENSION-TRANSLATOR-000000
org.jboss.weld.exceptions.IllegalStateException
Unable to instantiate object from class {0} via no-args constructor. The exception was: {1}
Provided type {0} is illegal because it doesn't match an of known annotation member types.
LITE-EXTENSION-TRANSLATOR-000016
WARN
AnnotationBuilderFactoryImpl wasn't initialized properly before using it. This can be caused by attempted usage outside of build compatible extension cycle. The init process will use a fallback method.
LITE-EXTENSION-TRANSLATOR-000017
org.jboss.weld.exceptions.DeploymentException
There was a problem executing Build Compatible Extension method {0} during phase {1}. The exception was: {2}
LRA
Code
Level
Return Type
Message
LRA025001
java.lang.String
LRA created with an unexpected status code: %d, coordinator response '%s'
LRA025001
java.lang.String
LRA created with an unexpected status code: %d, coordinator response '%s'
LRA025002
java.lang.String
Leaving LRA: %s, ends with an unexpected status code: %d, coordinator response '%s'
LRA025002
java.lang.String
Leaving LRA: %s, ends with an unexpected status code: %d, coordinator response '%s'
LRA025003
java.lang.String
LRA participant class '%s' with asynchronous temination but no @Status or @Forget annotations
LRA025003
java.lang.String
LRA participant class '%s' with asynchronous temination but no @Status or @Forget annotations
LRA025004
java.lang.String
LRA finished with an unexpected status code: %d, coordinator response '%s'
LRA025004
java.lang.String
LRA finished with an unexpected status code: %d, coordinator response '%s'
LRA025005
java.lang.String
LRA coordinator '%s' returned an invalid status code '%s' for LRA '%s'
LRA025005
java.lang.String
LRA coordinator '%s' returned an invalid status code '%s' for LRA '%s'
LRA025006
java.lang.String
LRA coordinator '%s' returned no content on #getStatus call for LRA '%s'
LRA025006
java.lang.String
LRA coordinator '%s' returned no content on #getStatus call for LRA '%s'
LRA025007
java.lang.String
LRA coordinator '%s' returned an invalid status for LRA '%s'
LRA025007
java.lang.String
LRA coordinator '%s' returned an invalid status for LRA '%s'
LRA025008
java.lang.String
Too late to join with the LRA '%s', coordinator response: '%s'
LRA025008
java.lang.String
Too late to join with the LRA '%s', coordinator response: '%s'
LRA025009
java.lang.String
Failed enlisting to LRA '%s', coordinator '%s' responded with status '%s'
LRA025009
java.lang.String
Failed enlisting to LRA '%s', coordinator '%s' responded with status '%s'
LRA025010
java.lang.String
Error when converting String '%s' to URL
LRA025010
java.lang.String
Error when converting String '%s' to URL
LRA025011
java.lang.String
Invalid LRA id format to create LRA record from LRA id '%s', link URI '%s' (reason: %s)
LRA025011
java.lang.String
Invalid LRA id format to create LRA record from LRA id '%s', link URI '%s' (reason: %s)
LRA025012
java.lang.String
Cannot found compensator url '%s' for lra '%s'
LRA025012
java.lang.String
Cannot found compensator url '%s' for lra '%s'
LRA025013
WARN
Could not recreate abstract record '%s'
LRA025013
WARN
Could not recreate abstract record '%s'
LRA025014
WARN
reason '%s': container request for method '%s': lra: '%s'
LRA025014
WARN
reason '%s': container request for method '%s': lra: '%s'
LRA025015
WARN
LRA participant completion for asynchronous method %s#%s should return %d and not %d
LRA025015
WARN
LRA participant completion for asynchronous method %s#%s should return %d and not %d
LRA025016
java.lang.String
Cannot get status of nested lra '%s' as outer one '%s' is still active
LRA025016
java.lang.String
Cannot get status of nested lra '%s' as outer one '%s' is still active
LRA025017
java.lang.String
Invalid recovery url '%s' to join lra '%s'
LRA025017
java.lang.String
Invalid recovery url '%s' to join lra '%s'
LRA025018
ERROR
Invalid format of lra id '%s' to replace compensator '%s'
LRA025018
ERROR
Invalid format of lra id '%s' to replace compensator '%s'
LRA025019
WARN
LRA participant `%s` returned immediate state (Compensating/Completing) from CompletionStage. LRA id: %s
LRA025019
WARN
LRA participant `%s` returned immediate state (Compensating/Completing) from CompletionStage. LRA id: %s
LRA025020
ERROR
Cannot process non JAX-RS LRA participant
LRA025020
ERROR
Cannot process non JAX-RS LRA participant
LRA025021
java.lang.String
Invalid format of LRA id to be converted to LRA coordinator url, was '%s'
LRA025021
java.lang.String
Invalid format of LRA id to be converted to LRA coordinator url, was '%s'
LRA025022
java.lang.String
Failed enlisting to LRA '%s', coordinator '%s' responded with status '%d (%s)'. Returning '%d (%s)'.
LRA025022
java.lang.String
Failed enlisting to LRA '%s', coordinator '%s' responded with status '%d (%s)'. Returning '%d (%s)'.
LRA025023
java.lang.String
Could not %s LRA '%s': coordinator '%s' responded with status '%s'
LRA025023
java.lang.String
Could not %s LRA '%s': coordinator '%s' responded with status '%s'
LRA025024
java.lang.String
Error when encoding parent LRA id URL '%s' to String
LRA025024
java.lang.String
Error when encoding parent LRA id URL '%s' to String
LRA025025
java.lang.String
Unable to process LRA annotations: %s'
LRA025025
java.lang.String
Unable to process LRA annotations: %s'
LRA025026
WARN
Unable to remove the failed duplicate failed LRA record (Uid: '%s') (which is already present in the failedLRA record location type: '%s'.) from LRA Record location: '%s'
LRA025026
WARN
Unable to remove the failed duplicate failed LRA record (Uid: '%s') (which is already present in the failedLRA record location type: '%s'.) from LRA Record location: '%s'
LRA025027
WARN
An exception was thrown while moving failed LRA record (Uid: '%s'). Reason: '%s'
LRA025027
WARN
An exception was thrown while moving failed LRA record (Uid: '%s'). Reason: '%s'
LRA025028
java.lang.String
Demanded API version '%s' is not in the list of the supported versions '%s'. Please, provide the right version for the API.
LRA025028
java.lang.String
Demanded API version '%s' is not in the list of the supported versions '%s'. Please, provide the right version for the API.
LRA025029
WARN
Cannot notify AfterLRA URL at %s
LRA025029
WARN
Cannot notify AfterLRA URL at %s
LRA025030
java.lang.String
%s: Invalid link URI (%s): %s
LRA025030
java.lang.String
%s: Invalid link URI (%s): %s
LRA025031
java.lang.String
%s: Invalid link URI (%s): missing compensator or after LRA callback
LRA025031
java.lang.String
%s: Invalid link URI (%s): missing compensator or after LRA callback
LRA025032
WARN
LRA Record: Cannot save state (reason: %s
LRA025032
WARN
LRA Record: Cannot save state (reason: %s
LRA025033
WARN
LRA Record: Cannot restore state (reason: %s)
LRA025033
WARN
LRA Record: Cannot restore state (reason: %s)
LRA025034
WARN
LRA Recovery cannot remove LRA id %s from the object store. The uid segment '%s' is probably invalid.
LRA025034
WARN
LRA Recovery cannot remove LRA id %s from the object store. The uid segment '%s' is probably invalid.
LRA025035
WARN
The start LRA call failed with cause: %s
LRA025035
WARN
The start LRA call failed with cause: %s
LRA025036
java.lang.String
CDI Context not available: %s
LRA025036
java.lang.String
CDI Context not available: %s
LRA025037
WARN
Participant `%s` is not registered
LRA025037
WARN
Participant `%s` is not registered
LRA025038
java.lang.String
Invalid participant enlistment with LRA %s: participant data is disabled
LRA025038
java.lang.String
Invalid participant enlistment with LRA %s: participant data is disabled
LRAPROXY
Code
Level
Return Type
Message
LRAPROXY025001
ERROR
Participant '%s' serialization problem
LRAPROXY025002
ERROR
Participant '%s' exception during completion
LRAPROXY025003
java.lang.String
Cannot get status of participant '%s' of lra id '%s'
MODCLUSTER
Code
Level
Return Type
Message
MODCLUSTER000000
DEBUG
Catching
MODCLUSTER000001
INFO
Initializing mod_cluster version %s
MODCLUSTER000002
INFO
Initiating mod_cluster shutdown
MODCLUSTER000003
DEBUG
Received server start event
MODCLUSTER000004
DEBUG
Received server stop event
MODCLUSTER000005
DEBUG
Received add context event for %s:%s
MODCLUSTER000006
DEBUG
Received remove context event for %s:%s
MODCLUSTER000007
DEBUG
Received start context event for %s:%s
MODCLUSTER000008
DEBUG
Received stop context event for %s:%s
MODCLUSTER000009
DEBUG
Sending %s for %s
MODCLUSTER000010
DEBUG
Sending %s for %s:%s
MODCLUSTER000011
INFO
%s will use %s as jvm-route
MODCLUSTER000012
INFO
%s connector will use %s
MODCLUSTER000020
DEBUG
Waiting to drain %d pending requests from %s:%s
MODCLUSTER000021
INFO
All pending requests drained from %s:%s in %.1f seconds
MODCLUSTER000022
WARN
Failed to drain %d remaining pending requests from %s:%s within %.1f seconds
MODCLUSTER000023
DEBUG
Waiting to drain %d active sessions from %s:%s
MODCLUSTER000024
INFO
All active sessions drained from %s:%s in %.1f seconds
MODCLUSTER000025
WARN
Failed to drain %d remaining active sessions from %s:%s within %.1f seconds
MODCLUSTER000031
WARN
Could not bind multicast socket to %s (%s address): %s; make sure your multicast address is of the same type as the IP stack (IPv4 or IPv6). Multicast socket will not be bound to an address, but this may lead to cross talking (see https://developer.jboss.org/docs/DOC-9469 for details).
MODCLUSTER000032
INFO
Listening to proxy advertisements on %s
MODCLUSTER000034
ERROR
Failed to start advertise listener
MODCLUSTER000040
ERROR
Failed to parse response header from %2$s for %1$s command
MODCLUSTER000041
ERROR
Unrecoverable syntax error %s sending %s command to %s: %s
MODCLUSTER000042
ERROR
Error %s sending %s command to %s, configuration will be reset: %s
MODCLUSTER000043
ERROR
Failed to send %s command to %s: %s
MODCLUSTER000045
WARN
%s is not supported on this system and will be disabled.
MODCLUSTER000046
INFO
Starting to drain %d active sessions from %s:%s in %d seconds.
MODCLUSTER000048
java.lang.RuntimeException
Multiple connectors match specified host:port (%s)! Ensure connectorPort and/or connectorAddress are configured.
MODCLUSTER000049
java.lang.RuntimeException
Could not resolve configured connector address (%d)!
MODCLUSTER000050
java.lang.RuntimeException
Initial load must be within the range [0..100] or -1 to not prepopulate with initial load, but was: %d
MODCLUSTER000051
java.lang.RuntimeException
No valid advertise interface configured! Disabling multicast advertise mechanism.
MODCLUSTER000052
java.lang.RuntimeException
Attempted to create multicast socket without multicast address specified! Disabling multicast advertise mechanism.
MODCLUSTER000053
java.lang.RuntimeException
Attempted to create multicast socket with unicast address (%s)! Disabling multicast advertise mechanism.
MODCLUSTER000054
INFO
Starting to drain %d active sessions from %s:%s waiting indefinitely until all remaining sessions are drained or expired.
MODCLUSTER000055
WARN
No configured connector for engine %s. If this engine should be used with mod_cluster check connector, connectorPort and/or connectorAddress configuration.
MSC
Code
Level
Return Type
Message
MSC-00001
INFO
JBoss MSC version %s
MSC000001
ERROR
Failed to start %s
MSC000002
ERROR
Invocation of listener "%s" failed
MSC000003
WARN
Exception thrown after start was already completed in %s
MSC000004
WARN
Failure during stop of %s
MSC000005
WARN
Unexpected disappearance of %s during stop
MSC000006
WARN
Uninjection "%2$s" of %1$s failed unexpectedly
MSC000007
WARN
An internal service error has occurred while processing an operation on %s
MSC000008
ERROR
Worker thread %s threw an uncaught exception
MSC000009
WARN
An error occurred while trying to close the profile output file: %s
MSC000010
ERROR
Failed to register MBean with MBeanServer
MSC000011
java.lang.IllegalStateException
Service not started
MSC000012
ERROR
Injection failed for service %s
MSC000013
WARN
Failed to retrieve platform MBeanServer
RESTEASY
Code
Level
Return Type
Message
RESTEASY-00001
DEBUG
Unable to extract parameter from http request: %s value is '%s' for %s
RESTEASY-00001
ERROR
Error processing request %s
RESTEASY002000
ERROR
Error resuming failed async operation
RESTEASY002005
ERROR
Failed executing {0} {1}
RESTEASY002010
ERROR
Failed to execute
RESTEASY002015
ERROR
Failed to invoke asynchronously
RESTEASY002020
ERROR
Unhandled asynchronous exception, sending back 500
RESTEASY002025
ERROR
Unknown exception while executing {0} {1}
RESTEASY002030
DEBUG
Failed to write event {0}
RESTEASY002035
ERROR
Cannot register {0} as HeaderDelegate: it has no type parameter
RESTEASY002040
ERROR
GET method returns the patch/merge json object target for request {0} not found
RESTEASY002041
ERROR
Failed to get the patch/merge target for request {0}
RESTEASY002050
ERROR
The set instance of %s for property %s is not a valid %s.
RESTEASY002100
WARN
Accept extensions not supported.
RESTEASY002105
WARN
Ambiguity constructors are found in %s. More details please refer to http://jsr311.java.net/nonav/releases/1.1/spec/spec.html
RESTEASY002110
WARN
Attempting to register empty contracts for %s
RESTEASY002115
WARN
Attempting to register unassignable contract for %s
RESTEASY002117
WARN
Charset %s unavailable.
RESTEASY002120
WARN
ClassNotFoundException: Unable to load builtin provider {0} from {1}
RESTEASY002123
WARN
Could not bind to specified download directory %s so will use temp dir.
RESTEASY002125
WARN
Marking file '%s' to be deleted, as it could not be deleted while processing request:
RESTEASY002130
WARN
Failed to parse request.
RESTEASY002135
WARN
Ignoring unsupported locale: %s
RESTEASY002137
WARN
Invalid format for {0}, using default value {1}
RESTEASY002138
WARN
Invalid regex for {0}: {2}
RESTEASY002140
WARN
Qualifying annotations found at non-public method: {0}.{1}(); Only public methods may be exposed as resource methods.
Neither mpJwtPublicKey nor mpJwtLocation properties are configured, JWTAuthContextInfo will not be available
SRJWT03002
DEBUG
mpJwtPublicKey parsed as JWK(S)
SRJWT03003
DEBUG
mpJwtPublicKey failed as JWK(S), %s
SRJWT03004
DEBUG
mpJwtPublicKey parsed as PEM
SRJWT03005
DEBUG
Unsupported key format
SRJWT03006
WARN
'%s' property is deprecated and will be removed in a future version. Use '%s ' property instead
SRJWT06000
DEBUG
tokenHeaderName = %s
SRJWT06001
DEBUG
Header %s was null
SRJWT06002
DEBUG
tokenCookieName = %s
SRJWT06003
DEBUG
Cookie %s was null
SRJWT06004
DEBUG
Authorization header does not contain a Bearer prefix
SRJWT06005
DEBUG
Authorization header was null
SRJWT08000
DEBUG
getAudience failure
SRJWT08001
WARN
getGroups failure:
SRJWT08002
WARN
getClaimValue failure for: %s
SRJWT08003
WARN
replaceClaimValueWithJsonValue failure for: %s
SRJWT08004
DEBUG
Token is invalid
SRJWT08005
DEBUG
Verification key is unresolvable
SRJWT08006
DEBUG
Claim value at the path %s is not a String
SRJWT08007
DEBUG
Claim value at the path %s is not an array of strings
SRJWT08008
DEBUG
Claim value at the path %s is neither an array of strings nor string
SRJWT08009
TRACE
Updated groups to: %s
SRJWT08010
DEBUG
Failed to access rolesMapping claim
SRJWT08011
DEBUG
No claim exists at the path %s at segment %s
SRJWT08012
DEBUG
Claim value at the path %s is not a json object
SRJWT08014
DEBUG
Required claims %s are not present in the JWT
SRJWT08015
DEBUG
loadSpi, cl=%s, u=%s, sl=%s
SRJWT08016
WARN
Multiple JWTCallerPrincipalFactory implementations found: %s and %s
SRJWT08017
DEBUG
sl=%s, loaded=%s
SRJWT08018
WARN
Failed to locate JWTCallerPrincipalFactory provider
SRJWT08019
DEBUG
AuthContextInfo is: %s
SRJWT08020
DEBUG
Failed to create a key from the HTTPS JWK Set
SRJWT08021
DEBUG
JWK with a matching 'kid' is not available, refreshing HTTPS JWK Set
SRJWT08022
DEBUG
Failed to refresh HTTPS JWK Set
SRJWT08023
DEBUG
JWK with a matching 'kid' is not available but HTTPS JWK Set has been refreshed less than %d minutes ago, trying to create a key from the HTTPS JWK Set one more time
SRJWT08024
DEBUG
Trying to create a key from the HTTPS JWK Set after the refresh
SRJWT08025
DEBUG
Failed to create a key from the HTTPS JWK Set after the refresh
SRJWT08026
DEBUG
Trying to create a key from the JWK(S)
SRJWT08027
DEBUG
Failed to create a key from the JWK(S)
SRJWT08028
DEBUG
Invalid token 'kid' header: %s, expected: %s
SRJWT08029
DEBUG
Trying to load the keys from the HTTPS JWK(S)
SRJWT08030
DEBUG
Checking if the key content is a JWK key or JWK key set
SRJWT08031
DEBUG
Checking if the key content is a Base64URL encoded JWK key or JWK key set
SRJWT08032
DEBUG
Unable to decode content using Base64 decoder
SRJWT08033
DEBUG
Key has been created from the encoded JWK key or JWK key set
SRJWT08034
DEBUG
Key has been created from the JWK key or JWK key set
SRJWT08035
DEBUG
Checking if the key content is a Base64 encoded PEM key
SRJWT08036
DEBUG
Key has been created from the encoded PEM key
SRJWT08037
DEBUG
The key content is not a valid encoded PEM key
SRJWT08038
DEBUG
Checking if the key content is a Base64 encoded PEM certificate
SRJWT08039
DEBUG
PublicKey has been created from the encoded PEM certificate
SRJWT08040
DEBUG
The key content is not a valid encoded PEM certificate
SRJWT08041
DEBUG
Decryption key is unresolvable
SRJWT08042
DEBUG
Encrypted token sequence is invalid
SRJWT08043
DEBUG
Trying to create a key from the HTTPS JWK(S)
SRJWT08044
DEBUG
Encrypted token headers must contain a content type header
SRJWT11000
DEBUG
Success
SRJWT11001
DEBUG
Unable to validate bearer token
SRJWT11002
DEBUG
No usable bearer token was found in the request, continuing unauthenticated
SRJWT11003
DEBUG
Failed to resolve the key. Either corrupt or unavailable.
SRJWT12000
DEBUG
getValue(%s), null JsonWebToken
SRJWT12001
DEBUG
Failed to find Claim for: %s
SRJWT12002
DEBUG
getValue(%s), isOptional=%s, claimValue=%s
SRJWT12003
DEBUG
JsonValueProducer(%s).produce
SRJWT12004
DEBUG
getOptionalString(%s)
SRJWT12005
DEBUG
getOptionalStringSet(%s)
SRJWT12006
DEBUG
getOptionalLong(%s)
SRJWT12007
DEBUG
getOptionalBoolean(%s)
SRJWT12008
DEBUG
addTypeToClaimProducer(%s)
SRJWT12009
DEBUG
Checking Provider Claim(%s), ip: %s
SRJWT12010
DEBUG
pip: %s
SRJWT12011
DEBUG
getClaimAsSet(%s)
SRJWT12012
DEBUG
getClaimAsString(%s)
SRJWT12013
DEBUG
getClaimAsLong(%s)
SRJWT12014
DEBUG
getClaimAsDouble(%s)
SRJWT12015
DEBUG
getClaimAsBoolean(%s)
SRJWT12016
DEBUG
getOptionalValue(%s)
SRJWT12017
DEBUG
beforeBeanDiscovery(%s)
SRJWT12018
DEBUG
EE Security is available, JWTHttpAuthenticationMechanism has been registered
SRJWT12019
INFO
EE Security is NOT available, JWTAuthenticationFilter has been registered
SRJWT12020
DEBUG
Added type: %s
SRMSG
Code
Level
Return Type
Message
SRMSG00200
ERROR
The method %s has thrown an exception
SRMSG00201
ERROR
Error caught while processing a message in method %s
SRMSG00202
INFO
Created new Vertx instance
SRMSG00203
INFO
Created worker pool named %s with concurrency of %d
SRMSG00204
WARN
Multiple publisher found for %s, using the merge policy `ONE` takes the first found
SRMSG00205
DEBUG
Strict mode enabled
SRMSG00206
DEBUG
Scanning Type: %s
SRMSG00207
WARN
%s
SRMSG00208
WARN
The connector '%s' has no downstreams
SRMSG00209
DEBUG
Beginning graph resolution, number of components detected: %d
SRMSG00210
DEBUG
Graph resolution completed in %d ns
SRMSG00211
ERROR
Unable to create invoker instance of %s
SRMSG00212
ERROR
Unable to initialize mediator: %s
SRMSG00224
INFO
Analyzing mediator bean: %s
SRMSG00226
DEBUG
Found incoming connectors: %s
SRMSG00227
DEBUG
Found outgoing connectors: %s
SRMSG00228
INFO
No MicroProfile Config found, skipping
SRMSG00229
DEBUG
Channel manager initializing...
SRMSG00230
ERROR
Unable to create the publisher or subscriber during initialization
SRMSG00231
INFO
Incoming channel `%s` disabled by configuration
SRMSG00232
INFO
Outgoing channel `%s` disabled by configuration
SRMSG00233
WARN
Unable to extract the ingested payload type for method `%s`, the reason is: %s
SRMSG00234
WARN
Failed to emit a Message to the channel
SRMSG00235
DEBUG
Beginning materialization
SRMSG00236
DEBUG
Materialization completed in %d ns
SRMSG00237
WARN
Use of @jakarta.inject.Named in Reactive Messaging is deprecated, use @io.smallrye.common.annotation.Identifier instead
SRMSG00238
INFO
No ExecutionHolder, disabling @Blocking support
SRMSG00239
java.lang.IllegalStateException
Cannot specify both client-options-name and client-ssl-context-name
SRMSG00240
java.lang.IllegalStateException
Could not find an SSLContext bean with the @Identifier=%s
SRMSG18201
DEBUG
Dead queue letter configured with: topic: `%s`, key serializer: `%s`, value serializer: `%s`
SRMSG18202
INFO
A message sent to channel `%s` has been nacked, sending the record to a dead letter topic %s
SRMSG18203
ERROR
A message sent to channel `%s` has been nacked, fail-stop
SRMSG18204
WARN
A message sent to channel `%s` has been nacked, ignored failure is: %s.
SRMSG18205
DEBUG
The full ignored failure is
SRMSG18206
ERROR
Unable to write to Kafka from channel %s (topic: %s)
SRMSG18206
ERROR
Unable to write to Kafka from channel %s (no topic set)
SRMSG18207
ERROR
Unable to dispatch message to Kafka
SRMSG18209
DEBUG
Sending message %s to Kafka topic '%s'
SRMSG18210
ERROR
Unable to send a record to Kafka
SRMSG18211
DEBUG
Message %s sent successfully to Kafka topic-partition '%s-%d', with offset %d
SRMSG18212
ERROR
Message %s was not sent to Kafka topic '%s' - nacking message
SRMSG18213
INFO
Setting %s to %s
SRMSG18214
INFO
Key deserializer omitted, using String as default
SRMSG18215
DEBUG
An error has been caught while closing the Kafka Write Stream
SRMSG18216
WARN
No `group.id` set in the configuration, generate a random id: %s
SRMSG18217
ERROR
Unable to read a record from Kafka topics '%s'
SRMSG18218
DEBUG
An exception has been caught while closing the Kafka consumer
SRMSG18219
INFO
Loading KafkaConsumerRebalanceListener from configured name '%s'
SRMSG18220
INFO
Loading KafkaConsumerRebalanceListener from group id '%s'
SRMSG18222
ERROR
Unable to execute consumer revoked re-balance listener for group '%s'
SRMSG18224
INFO
Executing consumer revoked re-balance listener for group '%s'
SRMSG18225
INFO
Executed consumer assigned re-balance listener for group '%s'
SRMSG18226
INFO
Executed consumer revoked re-balance listener for group '%s'
SRMSG18227
WARN
Re-enabling consumer for group '%s'. This consumer was paused because of a re-balance failure.
SRMSG18228
WARN
A failure has been reported for Kafka topics '%s'
SRMSG18229
INFO
Configured topics for channel '%s': %s
SRMSG18230
INFO
Configured topics matching pattern for channel '%s': %s
SRMSG18231
WARN
The record %d from topic-partition '%s' has waited for %s seconds to be acknowledged. This waiting time is greater than the configured threshold (%d ms). At the moment %d messages from this partition are awaiting acknowledgement. The last committed offset for this partition was %d. This error is due to a potential issue in the application which does not acknowledged the records in a timely fashion. The connector cannot commit as a record processing has not completed.
SRMSG18232
DEBUG
Will commit for group '%s' every %d milliseconds.
SRMSG18233
ERROR
Invalid value serializer to write a structured Cloud Event. Found %s, expected the org.apache.kafka.common.serialization.StringSerializer
SRMSG18234
DEBUG
Auto-commit disabled for channel %s
SRMSG18235
WARN
Will not health check throttled commit strategy for group '%s'.
SRMSG18236
DEBUG
Will mark throttled commit strategy for group '%s' as unhealthy if records go more than %d milliseconds without being processed.
SRMSG18237
DEBUG
Setting client.id for Kafka producer to %s
SRMSG18239
DEBUG
Received acknowledgement for record %d on '%s' (consumer group: '%s'). Ignoring it because the partition is not assigned to the consume anymore. Record will likely be processed again. Current assignments are %s.
SRMSG18240
DEBUG
'%s' commit strategy used for channel '%s'
SRMSG18241
FATAL
The deserialization failure handler `%s` throws an exception
SRMSG18242
WARN
A failure has been reported during a rebalance - the operation will be retried: '%s'
SRMSG18243
DEBUG
Shutting down - Pausing all topic-partitions
SRMSG18244
DEBUG
Shutting down - Waiting for message processing to complete, %d messages still in processing
SRMSG18245
WARN
There are still %d unprocessed messages after the closing timeout
Unable to recover from the deserialization failure (topic: %s), configure a DeserializationFailureHandler to recover from errors.
SRMSG18250
WARN
The configuration property '%s' is deprecated and is replaced by '%s'.
SRMSG18251
DEBUG
Committed %s
SRMSG18252
WARN
Failed to commit %s, it will be re-attempted
SRMSG18253
DEBUG
Removing topic-partition '%s' from the store - the partition is not assigned to the consumer anymore. Current assignments are: %s
SRMSG18254
DEBUG
Topic-partition '%s' has been revoked - going to commit offset %d
SRMSG18255
DEBUG
Received a record from topic-partition '%s' at offset %d, while the last committed offset is %d - Ignoring record
SRMSG18256
INFO
Initialize record store for topic-partition '%s' at position %d.
SRMSG18257
INFO
Kafka consumer %s, connected to Kafka brokers '%s', belongs to the '%s' consumer group and is configured to poll records from %s
SRMSG18258
INFO
Kafka producer %s, connected to Kafka brokers '%s', is configured to write records to '%s'
SRMSG18259
WARN
Kafka latest commit strategy failed to commit record from topic-partition '%s' at offset %d
SRMSG18260
ERROR
Unable to recover from the serialization failure (topic: %s), configure a SerializationFailureHandler to recover from errors.
SRMSG18261
ERROR
Unable to initialize producer from channel %s.
SRMSG18262
WARN
Aborting transaction for producer id %s in channel %s.
SRMSG18263
FATAL
The serialization failure handler `%s` throws an exception
SRMSG18264
WARN
No `checkpoint.state-store` given to use with checkpoint commit strategy. `file` will be used.
SRMSG18265
WARN
Will not health check checkpoint commit strategy for consumer '%s'.
SRMSG18266
DEBUG
Will mark checkpoint commit strategy for consumer '%s' as unhealthy if processing state go more than %d milliseconds without being persisted.
SRMSG18267
DEBUG
Partitions assigned to client %s : %s with initial state %s
SRMSG18268
ERROR
Failed fetching state on partitions assigned to client %s : %s
SRMSG18269
DEBUG
Partitions revoked from client %s: %s with state to persist %s
SRMSG18270
DEBUG
Persisted state for client %s : %s
SRMSG18271
WARN
Failed persisting state for %s : %s
SRMSG18272
DEBUG
Failed persisting state but can be retried for %s : %s
SRMSG18273
WARN
Checkpoint commit strategy processing state type not found for channel %s : %s
SRMSG18274
INFO
Error caught in producer interceptor `onSend` for channel %s
SRMSG18275
TRACE
Error caught in producer interceptor `onAcknowledge` for channel %s
SRMSG18276
TRACE
Error caught in producer interceptor `close` for channel %s
SRMSG18277
INFO
Delayed retry topics configured for channel `%s` with topics `%s`, max retries, `%d`, timeout `%d`ms, dlq topic `%s`
SRMSG18278
INFO
A message sent to channel `%s` has been nacked, sending the record to topic %s
SRMSG18279
WARN
A message sent to channel `%s` reached delayed retry timeout `%s` milliseconds reached for record `%s`
SRMSG18280
WARN
A message sent to channel `%s` has been nacked and won't be retried again. Configure `dead-letter-queue.topic` for sending the record to a dead letter topic
SROAP
Code
Level
Return Type
Message
SROAP01000
ERROR
Failed to introspect BeanInfo for: %s
SROAP01001
INFO
Schema with zero references removed from #/components/schemas: %s
SROAP01002
INFO
Cyclic object reference detected in OpenAPI model, skipping current node
SROAP01003
WARN
Merge of property would result in cyclic object reference in OpenAPI model, skipping property '%s' in type %s
SROAP02000
DEBUG
Processing a map of %s annotations.
SROAP02001
DEBUG
Processing a json map of %s nodes.
SROAP02002
DEBUG
Processing a list of %s annotations.
SROAP02003
DEBUG
Processing a json list of %s.
SROAP02004
DEBUG
Processing a single %s annotation.
SROAP02005
DEBUG
Processing an %s annotation.
SROAP02006
DEBUG
Processing a single %s annotation as a %s.
SROAP02007
DEBUG
Processing a single %s json node.
SROAP02008
DEBUG
Processing an %s json node.
SROAP02009
DEBUG
Processing a single %s json object.
SROAP02010
DEBUG
Processing a json map of %s.
SROAP02011
ERROR
Error reading a CallbackOperation annotation.
SROAP02012
DEBUG
Processing a list of %s annotations into an %s.
SROAP02013
DEBUG
Processing an enum %s
SROAP02014
DEBUG
Processing an array of %s annotations.
SROAP02015
DEBUG
Processing a json array of %s json nodes.
SROAP02016
WARN
Failed to read enumeration values from enum %s method %s with `@JsonValue`: %s
SROAP04000
DEBUG
Scanning deployment for %s Annotations.
SROAP04001
DEBUG
Starting processing with root: %s
SROAP04002
DEBUG
Getting all fields for: %s in class: %s
SROAP04003
WARN
Configured schema for %s could not be parsed
SROAP04004
INFO
Configured schema for %s has been registered
SROAP04005
WARN
Could not find schema class in index: %s
SROAP06000
DEBUG
Processing @Schema annotation %s on a field %s
SROAP06001
DEBUG
Annotation value has invalid format: %s
SROAP06002
DEBUG
Possible cycle was detected at: %s. Will not search further.
Could not bind multicast socket to %s (%s address): %s; make sure your multicast address is of the same type as the IP stack (IPv4 or IPv6). Multicast socket will not be bound to an address, but this may lead to cross talking (see http://www.jboss.org/community/docs/DOC-9469 for details).
UT005060
WARN
Predicate %s uses old style square braces to define predicates, which will be removed in a future release. predicate[value] should be changed to predicate(value)
UT005061
java.lang.IllegalStateException
More than %s restarts detected, breaking assumed infinite loop
UT005062
ERROR
Pattern parse error
UT005063
ERROR
Unable to decode with rest of chars starting: %s
UT005064
ERROR
No closing ) found for in decode
UT005065
ERROR
The next characters couldn't be decoded: %s
UT005066
ERROR
X param for servlet request, couldn't decode value: %s
UT005067
ERROR
X param in wrong format. Needs to be 'x-#(...)'
UT005068
INFO
Pattern was just empty or whitespace
UT005069
ERROR
Failed to write JDBC access log
UT005070
ERROR
Failed to write pre-cached file
UT005071
ERROR
Undertow request failed %s
UT005072
WARN
Thread %s (id=%s) has been active for %s milliseconds (since %s) to serve the same request for %s and may be stuck (configured threshold for this StuckThreadDetectionValve is %s seconds). There is/are %s thread(s) in total that are monitored by this Valve and may be stuck.
UT005073
WARN
Thread %s (id=%s) was previously reported to be stuck but has completed. It was active for approximately %s milliseconds. There is/are still %s thread(s) that are monitored by this Valve and may be stuck.
UT005074
ERROR
Failed to invoke error callback %s for SSE task
UT005075
java.lang.IllegalStateException
Unable to resolve mod_cluster management host's address for '%s'
UT005076
ERROR
SSL read loop detected. This should not happen, please report this to the Undertow developers. Current state %s
UT005077
ERROR
SSL unwrap buffer overflow detected. This should not happen, please report this to the Undertow developers. Current state %s
UT005079
ERROR
ALPN negotiation on %s failed
UT005080
ERROR
HttpServerExchange cannot have both async IO resumed and dispatch() called in the same cycle
UT005081
ERROR
Response has already been started, cannot proxy request %s
UT005082
java.lang.IllegalArgumentException
Configured mod_cluster management host address cannot be a wildcard address (%s)!
UT005083
java.io.IOException
Unexpected end of compressed input
UT005084
java.io.IOException
Attempted to write %s bytes however content-length has been set to %s
UT005085
DEBUG
Connection %s for exchange %s was not closed cleanly, forcibly closing connection
UT005086
ERROR
Failed to accept SSL request
UT005088
ERROR
Failed to execute ServletOutputStream.closeAsync() on IO thread
UT005089
java.lang.IllegalArgumentException
Method parameter '%s' cannot be null
UT005090
ERROR
Unexpected failure
UT005091
ERROR
Failed to initialize DirectByteBufferDeallocator
UT005092
DEBUG
Failed to free direct buffer
UT005093
DEBUG
Blocking read timed out
UT005094
DEBUG
Blocking write timed out
UT005095
DEBUG
SSLEngine delegated task was rejected
UT005096
DEBUG
Authentication failed for digest header %s in %s
UT005097
DEBUG
Failed to obtain subject for %s
UT005098
DEBUG
GSSAPI negotiation failed for %s
UT005099
WARN
Failed to create SSO for session '%s'
UT005100
DEBUG
Failed to list paths for '%s'
UT005101
DEBUG
No source to list resources from
UT005102
WARN
Flushing waiting in a frame more than %s miliseconds. The framed channel will be forcibly closed.
UT015002
ERROR
Stopping servlet %s due to permanent unavailability
UT015003
ERROR
Stopping servlet %s till %s due to temporary unavailability
UT015005
ERROR
Error invoking method %s on listener %s
UT015006
ERROR
IOException dispatching async event
UT015007
WARN
Stack trace on error enabled for deployment %s, please do not enable for production use
UT015008
WARN
Failed to load development mode persistent sessions
UT015009
WARN
Failed to persist session attribute %s with value %s for session %s
UT015010
WARN
Failed to persist sessions
UT015012
ERROR
Failed to generate error page %s for original exception: %s. Generating error page resulted in a %s.
UT015014
ERROR
Error reading rewrite configuration
UT015015
java.lang.IllegalArgumentException
Error reading rewrite configuration: %s
UT015016
java.lang.IllegalArgumentException
Invalid rewrite map class: %s
UT015017
java.lang.IllegalArgumentException
Error reading rewrite flags in line %s as %s
UT015018
java.lang.IllegalArgumentException
Error reading rewrite flags in line %s
UT015019
ERROR
Failed to destroy %s
UT015020
WARN
Path %s is secured for some HTTP methods, however it is not secured for %s
UT015021
ERROR
Failure dispatching async event
UT015022
WARN
Requested resource at %s does not exist for include method
UT015023
java.lang.IllegalStateException
This Context has been already destroyed
UT015024
ERROR
Servlet %s init() method in web application %s threw exception
UT025003
DEBUG
Decoding WebSocket Frame with opCode %s
UT025007
ERROR
Unhandled exception for annotated endpoint %s
UT025008
WARN
Incorrect parameter %s for extension
UT026001
ERROR
Unable to instantiate endpoint
UT026002
ERROR
Unable to instantiate server configuration %s
UT026003
INFO
Adding annotated server endpoint %s for path %s
UT026004
INFO
Adding annotated client endpoint %s
UT026005
INFO
Adding programmatic server endpoint %s for path %s
UT026006
ERROR
Exception running web socket method
UT026007
WARN
On Endpoint class %s path param %s on method %s does not reference a valid parameter, valid parameters are %s.
UT026008
ERROR
Could not close endpoint on undeploy.
UT026009
WARN
XNIO worker was not set on WebSocketDeploymentInfo, the default worker will be used
UT026010
WARN
Buffer pool was not set on WebSocketDeploymentInfo, the default pool will be used
UT026011
java.lang.IllegalArgumentException
XNIO worker was not set on WebSocketDeploymentInfo, and there is no default to use
UT026012
java.lang.IllegalArgumentException
Buffer pool was not set on WebSocketDeploymentInfo, and there is no default to use
VFS
Code
Level
Return Type
Message
VFS000001
WARN
A VFS mount (%s) was leaked!
VFS000002
INFO
Failed to clean existing content for temp file provider of type %s. Enable DEBUG level log to find what caused this
WELD-
Code
Level
Return Type
Message
WELD-000000
DEBUG
Catching
WELD-000000
TRACE
No PAT observers resolved for {0}. Skipping.
WELD-000000
TRACE
Sending PAT using the default event resolver: {0}
WELD-000000
TRACE
Sending PAT using the fast event resolver: {0}
WELD-000001
TRACE
Exactly one constructor ({0}) annotated with @Inject defined, using it as the bean constructor for {1}
WELD-000002
TRACE
Exactly one constructor ({0}) defined, using it as the bean constructor for {1}
WELD-000004
TRACE
Exactly one post construct method ({0}) for {1}
WELD-000006
TRACE
Exactly one pre destroy method ({0}) for {1}
WELD-000007
TRACE
Created session bean proxy for {0}
WELD-000008
TRACE
Called {0} on {1} with parameters {2} which returned {3}
A bean class that is not a decorator has an injection point annotated @Delegate at injection point {0} at {1} StackTrace:
WELD-000039
org.jboss.weld.exceptions.DefinitionException
@Typed class {0} not present in the set of bean types of {1} [{2}]
WELD-000040
org.jboss.weld.exceptions.DefinitionException
All stereotypes must specify the same scope or the bean must declare a scope - declared on {0}, declared stereotypes [{1}], possible scopes {2}{3}
WELD-000041
org.jboss.weld.exceptions.DefinitionException
Specializing bean may not declare a bean name if it is declared by specialized bean specializing: {0} specialized: {1}
WELD-000042
org.jboss.weld.exceptions.IllegalStateException
Cannot operate on non container provided decorator {0}
WELD-000043
org.jboss.weld.exceptions.IllegalStateException
The following bean is not an EE resource producer: {0}
WELD-000044
org.jboss.weld.exceptions.NullInstanceException
Unable to obtain instance from {0}
WELD-000045
org.jboss.weld.exceptions.InvalidObjectException
Unable to deserialize object - serialization proxy is required
WELD-000046
org.jboss.weld.exceptions.DefinitionException
At most one scope may be specified on {0}
WELD-000047
org.jboss.weld.exceptions.DefinitionException
Specializing bean must extend another bean: {0}
WELD-000048
java.lang.String
Conflicting interceptor bindings found on {0}
WELD-000049
org.jboss.weld.exceptions.WeldException
Unable to invoke {0} on {1}
WELD-000050
org.jboss.weld.exceptions.WeldException
Cannot cast producer type {0} to bean type {1}
WELD-000052
org.jboss.weld.exceptions.IllegalProductException
Cannot return null from a non-dependent producer method: {0} at {1} StackTrace:
WELD-000053
org.jboss.weld.exceptions.IllegalProductException
Producers cannot declare passivating scope and return a non-serializable class: {0} at {1} StackTrace:
WELD-000054
org.jboss.weld.exceptions.IllegalProductException
Producers cannot produce unserializable instances for injection into an injection point that requires a passivation capable dependency Producer: {0} at {1} Injection Point: {2} at {3} StackTrace:
WELD-000059
org.jboss.weld.exceptions.DefinitionException
No delegate injection point defined for {0}
WELD-000060
org.jboss.weld.exceptions.DefinitionException
Too many delegate injection points defined for {0}
WELD-000061
org.jboss.weld.exceptions.DefinitionException
The delegate type does not extend or implement the decorated type. Decorated type: {0} Decorator: {1}
WELD-000064
org.jboss.weld.exceptions.IllegalStateException
Unable to process decorated type: {0}
WELD-000066
org.jboss.weld.exceptions.DefinitionException
{0} has more than one @Dispose parameter at {1} StackTrace:
WELD-000067
org.jboss.weld.exceptions.DefinitionException
{0} is not allowed on same method as {1}, see {2} at {3} StackTrace:
WELD-000068
org.jboss.weld.exceptions.DefinitionException
{0} method {1} is not a business method of {2} at {3} StackTrace:
WELD-000070
org.jboss.weld.exceptions.DefinitionException
Simple bean {0} cannot be a non-static inner class
WELD-000071
org.jboss.weld.exceptions.DefinitionException
Managed bean with a parameterized bean class must be @Dependent: {0}
WELD-000072
org.jboss.weld.exceptions.DeploymentException
Bean declaring a passivating scope must be passivation capable. Bean: {0}
WELD-000073
org.jboss.weld.exceptions.DeploymentException
Bean class which has decorators cannot be declared final: {0}
WELD-000075
org.jboss.weld.exceptions.DefinitionException
Normal scoped managed bean implementation class has a public field: {0}
WELD-000076
org.jboss.weld.exceptions.DefinitionException
Bean constructor must not have a parameter annotated with {0}: {1} at {2} StackTrace:
WELD-000077
org.jboss.weld.exceptions.DefinitionException
Cannot declare multiple disposal methods for this producer method. Producer method: {0} Disposal methods: {1}
WELD-000078
org.jboss.weld.exceptions.DefinitionException
Specialized producer method does not override another producer method: {0} at {1} StackTrace:
WELD-000079
org.jboss.weld.exceptions.CreationException
Could not instantiate a proxy for a session bean: {0} Proxy: {1}
WELD-000080
org.jboss.weld.exceptions.DefinitionException
Enterprise beans cannot be interceptors: {0}
WELD-000081
org.jboss.weld.exceptions.DefinitionException
Enterprise beans cannot be decorators: {0}
WELD-000082
org.jboss.weld.exceptions.DefinitionException
Scope {0} is not allowed on stateless session beans for {1}. Only @Dependent is allowed.
WELD-000083
org.jboss.weld.exceptions.DefinitionException
Scope {0} is not allowed on singleton session beans for {1}. Only @Dependent and @ApplicationScoped is allowed.
WELD-000084
org.jboss.weld.exceptions.DefinitionException
Specializing enterprise bean must extend another enterprise bean: {0}
Required service {0} has not been specified for {1}
WELD-000118
org.jboss.weld.exceptions.DeploymentException
Only normal scopes can be passivating. Scope {0}
WELD-000119
INFO
Not generating any bean definitions from {0} because of underlying class loading error: Type {1} not found. If this is unexpected, enable DEBUG logging to see the full error.
ProcessBeanAttributes.veto() called by {0} for {1}
WELD-000166
DEBUG
AfterTypeDiscovery.{3} modified by {0} {2} {1}
WELD-000167
WARN
Class {0} is annotated with @{1} but it does not declare an appropriate constructor therefore is not registered as a bean!
WELD-000168
DEBUG
Extension bean deployed: {0}
WELD-000169
INFO
Jandex cannot distinguish inner and static nested classes! Update Jandex to 2.0.3.Final version or newer to improve scanning performance.
WELD-000170
org.jboss.weld.exceptions.IllegalStateException
{0} observer cannot call both the configurator and set methods. Extension {1} StackTrace:
WELD-000171
DEBUG
BeforeBeanDiscovery.configureQualifier() called by {0} for {1}
WELD-000172
DEBUG
BeforeBeanDiscovery.configureInterceptorBinding() called by {0} for {1}
WELD-000173
DEBUG
ProcessProducer.configureProducer() called by {0} for {1}
WELD-000174
DEBUG
ProcessBeanAttributes.configureBeanAttributes() called by {0} for {1}
WELD-000175
DEBUG
ProcessBeanAttributes.isIgnoreFinalMethods() called by {0} for {1}
WELD-000176
DEBUG
ProcessAnnotatedType.configureAnnotatedType() called by {0} for {1}
WELD-000177
DEBUG
ProcessObserverMethod.configureObserverMethod() called by {0} for {1}
WELD-000178
DEBUG
ProcessInjectionPoint.configureInjectionPoint() called by {0} for {1}
WELD-000179
org.jboss.weld.exceptions.DeploymentException
{0} created by {1} cannot be processed
WELD-000180
DEBUG
Drop unused bean metadata: {0}
WELD-000181
WARN
org.jboss.weld.executor.threadPoolType=COMMON detected but ForkJoinPool.commonPool() does not work with SecurityManager enabled, switching to {0} thread pool
WELD-000183
org.jboss.weld.exceptions.DefinitionException
Multiple different @Priority values derived from stereotype annotations for annotated type - {0}
Updating underlying store with contextual {0} under ID {1}
WELD-000217
TRACE
Adding detached contextual {0} under ID {1}
WELD-000218
TRACE
Removed {0} from session {1}
WELD-000219
TRACE
Unable to remove {0} from non-existent session
WELD-000220
TRACE
Added {0} to session {1}
WELD-000221
TRACE
Unable to add {0} to session as no session could be obtained
WELD-000222
TRACE
Loading bean store {0} map from session {1}
WELD-000223
org.jboss.weld.exceptions.DefinitionException
Context.getScope() returned null for {0}
WELD-000224
WARN
Unable to clear the bean store {0}.
WELD-000225
WARN
Bean store leak detected during {0} association: {1}
WELD-000226
org.jboss.weld.exceptions.DeploymentException
Cannot register additional context for scope: {0}, {1}
WELD-000227
org.jboss.weld.exceptions.IllegalStateException
Bean identifier index inconsistency detected - the distributed container probably does not work with identical applications Expected hash: {0} Current index: {1}
WELD-000228
DEBUG
Bean store leak detected during {0} association - instances of beans with the following identifiers might not be destroyed correctly: {1}
WELD-000229
org.jboss.weld.exceptions.IllegalStateException
Contextual reference of {0} is not valid after container {1} shutdown
WELD-000304
TRACE
Cleaning up conversation {0}
WELD-000313
TRACE
Lock acquired on conversation {0}
WELD-000314
TRACE
Lock released on conversation {0}
WELD-000315
WARN
Failed to acquire conversation lock in {0} ms for {1}
WELD-000316
WARN
Attempt to release lock on conversation {0} failed because {1}
WELD-000317
DEBUG
Promoted conversation {0} to long-running
WELD-000318
DEBUG
Returned long-running conversation {0} to transient
{0} is not a valid notification mode for asynchronous observers
WELD-000420
java.lang.UnsupportedOperationException
Asynchronous observer notification with timeout option requires an implementation of ExecutorServices which provides an instance of ScheduledExecutorServices.
Invalid input value for asynchronous observer notification timeout. Has to be parseable String, java.lang.Long or long. Original exception: {0}
WELD-000422
java.lang.IllegalStateException
WeldEvent.select(Type subtype, Annotation... qualifiers) can be invoked only on an instance of WeldEvent
WELD-000600
DEBUG
{0} is missing @Retention(RUNTIME). Weld will use this annotation, however this may make the application unportable.
WELD-000601
DEBUG
{0} is missing @Target. Weld will use this annotation, however this may make the application unportable.
WELD-000602
DEBUG
{0} is not declared @Target(TYPE, METHOD) or @Target(TYPE). Weld will use this annotation, however this may make the application unportable.
WELD-000604
DEBUG
{0} is not declared @Target(METHOD, FIELD, TYPE). Weld will use this annotation, however this may make the application unportable.
WELD-000605
DEBUG
{0} is not declared @Target(METHOD, FIELD, TYPE, PARAMETER), @Target(METHOD, TYPE), @Target(METHOD), @Target(TYPE) or @Target(FIELD). Weld will use this annotation, however this may make the application unportable.
Context activation pattern {0} ignored as it is overriden by the integrator.
WELD-000712
WARN
Unable to dissociate context {0} from the storage {1}
WELD-000713
org.jboss.weld.exceptions.IllegalStateException
Unable to inject ServletContext. None is associated with {0}, {1}
WELD-000714
WARN
HttpContextLifecycle guard leak detected. The Servlet container is not fully compliant. The value was {0}
WELD-000715
WARN
HttpContextLifecycle guard not set. The Servlet container is not fully compliant.
WELD-000716
INFO
Running in Servlet 2.x environment. Asynchronous request support is disabled.
WELD-000717
WARN
Unable to deactivate context {0} when destroying request {1}
WELD-000718
WARN
No EEModuleDescriptor defined for bean archive with ID: {0}. @Initialized and @Destroyed events for ApplicationScoped may be fired twice.
WELD-000719
DEBUG
An active HttpSessionDestructionContext detected. This is likely a leftover from previous sessions that ended exceptionally. This context will be terminated.
The bean {0} declares a passivating scope but has a non-passivation-capable dependency {1}
WELD-001414
org.jboss.weld.exceptions.DeploymentException
Bean name is ambiguous. Name {0} resolves to beans: {1}
WELD-001415
org.jboss.weld.exceptions.DeploymentException
Bean name is identical to a bean name prefix used elsewhere. Name {0}
WELD-001416
org.jboss.weld.exceptions.DeploymentException
Enabled interceptor class {0} specified twice: - {1}, - {2}
WELD-001417
org.jboss.weld.exceptions.DeploymentException
Enabled interceptor class {0} ({1}) does not match an interceptor bean: the class is not found, or not annotated with @Interceptor and still not registered through a portable extension, or not annotated with @Dependent inside an implicit bean archive
WELD-001418
org.jboss.weld.exceptions.DeploymentException
Enabled decorator class {0} specified twice: - {1}, - {2}
WELD-001419
org.jboss.weld.exceptions.DeploymentException
Enabled decorator class {0} is not the bean class of at least one decorator bean (detected decorator beans: {1})
WELD-001420
org.jboss.weld.exceptions.DeploymentException
Enabled alternative {0} is not a stereotype
WELD-001421
org.jboss.weld.exceptions.DeploymentException
Cannot enable the same alternative stereotype {0} in beans.xml: - {1}, - {2}
WELD-001422
org.jboss.weld.exceptions.DeploymentException
Enabled alternative class {0} ({1}) does not match any bean, or is not annotated with @Alternative or an @Alternative stereotype, or does not declare a producer annotated with @Alternative or an @Alternative stereotype
WELD-001424
org.jboss.weld.exceptions.DefinitionException
The following disposal methods were declared but did not resolve to a producer method: {0}
WELD-001425
org.jboss.weld.exceptions.DefinitionException
An injection point cannot have a wildcard type parameter: {0} at {1} StackTrace
WELD-001426
org.jboss.weld.exceptions.DefinitionException
An injection point must have a type parameter: {0} at {1} StackTrace
WELD-001427
org.jboss.weld.exceptions.DefinitionException
Only field injection points can use the @Named qualifier with no value: {0} at {1} StackTrace
WELD-001428
org.jboss.weld.exceptions.DefinitionException
A decorator cannot have producer methods, but at least one was found on {0}.
WELD-001429
org.jboss.weld.exceptions.DefinitionException
A decorator cannot have producer fields, but at least one was found on {0}.
WELD-001430
org.jboss.weld.exceptions.DefinitionException
A decorator cannot have disposer methods, but at least one was found on {0}.
WELD-001431
org.jboss.weld.exceptions.DefinitionException
An interceptor cannot have producer methods, but at least one was found on {0}.
WELD-001432
org.jboss.weld.exceptions.DefinitionException
An interceptor cannot have producer fields, but at least one was found on {0}.
WELD-001433
org.jboss.weld.exceptions.DefinitionException
An interceptor cannot have disposer methods, but at least one was found on {0}.
Bean type {0} is not proxyable because it is an array type - {1}.
WELD-001440
WARN
Scope type {0} used on injection point {1} at {2} StackTrace
WELD-001441
org.jboss.weld.exceptions.DeploymentException
Enabled alternative {0} is not a class
WELD-001442
org.jboss.weld.exceptions.DeploymentException
Enabled alternative {0} is not annotated @Alternative
WELD-001443
org.jboss.weld.exceptions.DeploymentException
Pseudo scoped bean has circular dependencies. Dependency path: {0}
WELD-001445
org.jboss.weld.exceptions.DefinitionException
An interceptor cannot have observer methods, but at least one was found on {0}.
WELD-001446
org.jboss.weld.exceptions.DefinitionException
A decorator cannot have observer methods, but at least one was found on {0}.
WELD-001447
org.jboss.weld.exceptions.DefinitionException
Method {0} defined on class {1} is not defined according to the specification. It is annotated with @{2} but it does not return {3} at {4} StackTrace
WELD-001448
org.jboss.weld.exceptions.DefinitionException
Method {0} defined on class {1} is not defined according to the specification. It is annotated with @{2} but it does not have exactly one parameter at {3} StackTrace
WELD-001449
org.jboss.weld.exceptions.DefinitionException
Method {0} defined on class {1} is not defined according to the specification. It is annotated with @{2} but its single parameter is not a {3} at {4} StackTrace
WELD-001451
org.jboss.weld.exceptions.DefinitionException
jakarta.transaction.UserTransaction cannot be injected into an enterprise bean with container-managed transactions: {0} at {1} StackTrace
WELD-001452
org.jboss.weld.exceptions.DefinitionException
{0} is not a valid type for a Bean metadata injection point {1} at {2} StackTrace
WELD-001453
org.jboss.weld.exceptions.DefinitionException
{0} is not a valid type argument for a Bean metadata injection point {1} at {2} StackTrace
WELD-001454
org.jboss.weld.exceptions.DefinitionException
{0} cannot be used at a Bean metadata injection point of a bean which is not {1}, {2} at {3} StackTrace
{0} for a built-in bean {1} must be passivation capable.
WELD-001466
org.jboss.weld.exceptions.DefinitionException
Invalid injection point found in a disposer method: {0} at {1} StackTrace
WELD-001467
org.jboss.weld.exceptions.DefinitionException
Method {0} defined on class {1} is not defined according to the specification. It is annotated with @{2} but it does not return {3} or {4}. at {5} StackTrace
WELD-001468
org.jboss.weld.exceptions.DefinitionException
Method {0} defined on class {1} is not defined according to the specification. It is annotated with @{2} but it does not have a {3} return type. at {4} StackTrace
WELD-001469
WARN
Method {0} defined on class {1} is not defined according to the specification. It is annotated with @{2} but it does not have zero parameters.
WELD-001471
WARN
Interceptor method {0} defined on class {1} is not defined according to the specification. It should not throw {2}, which is a checked exception. at {3} StackTrace
WELD-001472
org.jboss.weld.exceptions.DefinitionException
EventMetadata can only be injected into an observer method: {0} at {1} StackTrace
WELD-001473
WARN
jakarta.enterprise.inject.spi.Bean implementation {0} declared a normal scope but does not implementjakarta.enterprise.inject.spi.PassivationCapable. It won'''t be possible to inject this bean into a bean with a passivating scope (@SessionScoped, @ConversationScoped). This can be fixed by assigning the Bean implementation a unique id by implementing the PassivationCapable interface.
WELD-001474
java.lang.String
Class {0} is on the classpath, but was ignored because a class it references was not found: {1}.
WELD-001475
java.lang.String
The following beans match by type, but none have matching qualifiers:{0}
Method {0} defined on class {1} is not defined according to the specification. It is annotated with @{2} and it declares more than one parameter. at {3} StackTrace
WELD-001500
org.jboss.weld.exceptions.WeldException
Failed to deserialize proxy object with beanId {0}
WELD-001501
org.jboss.weld.exceptions.WeldException
Method call requires a BeanInstance which has not been set for this proxy {0}
WELD-001502
org.jboss.weld.exceptions.DefinitionException
Resource producer field [{0}] must be @Dependent scoped
WELD-001503
org.jboss.weld.exceptions.DeploymentException
Bean class which has interceptors cannot be declared final: {0}
WELD-001504
org.jboss.weld.exceptions.DeploymentException
Intercepted bean method {0} (intercepted by {1}) cannot be declared final
WELD-001505
WARN
Method {0} cannot be intercepted by {1} - will be ignored by interceptors and should never be invoked upon the proxy instance!
WELD-001506
TRACE
Created new client proxy of type {0} for bean {1} with ID {2}
WELD-001507
TRACE
Located client proxy of type {0} for bean {1}
WELD-001508
org.jboss.weld.exceptions.DefinitionException
Cannot create an InjectionTarget from {0} as it is an interface
WELD-001510
org.jboss.weld.exceptions.WeldException
Non passivation capable bean serialized with ProxyMethodHandler
WELD-001511
org.jboss.weld.exceptions.DefinitionException
Specializing bean {0} does not have bean type {1} of specialized bean {2}
Cannot inject injection point metadata in a non @Dependent bean: {0}
WELD-001570
org.jboss.weld.exceptions.IllegalStateException
Invalid BeanConfigurator setup - no callback was specified for {0}
WELD-001571
INFO
Proxy for {0} created in {1} because {2}.
WELD-001572
org.jboss.weld.exceptions.CreationException
Cannot create instance of session bean from Annotated Type {0} before AfterDeploymentValidation phase.
WELD-001573
org.jboss.weld.exceptions.IllegalStateException
Cannot obtain contextual reference for {0} - producing WeldInstance does not exist anymore
WELD-001574
WARN
Cannot destroy contextual instance for {0} - producing WeldInstance does not exist anymore
WELD-001575
org.jboss.weld.exceptions.IllegalStateException
WeldInstance.select(Type subtype, Annotation... qualifiers) can be invoked only on an instance of WeldInstance
WELD-001576
DEBUG
Using {1} to instantiate a shared proxy class {0}; the deployment implementation [{2}] does not match the instantiator the proxy was created with
WELD-001577
INFO
Detected private final method: {1} on an intercepted bean: {0} Weld will ignore this method during interception.
WELD-001578
org.jboss.weld.exceptions.IllegalStateException
WeldDefaultProxyServices failed to load/define a class with name {0} whose original class was {1} because all attempts to determine a class loader ended with null.
The service JobOperatorService has been stopped and cannot execute operations.
WFLYBATCH000005
jakarta.batch.operations.NoSuchJobException
The job name '%s' was not found for the deployment.
WFLYBATCH000006
jakarta.batch.operations.JobStartException
Could not find the job XML file in the deployment: %s
WFLYBATCH000007
WARN
Failed processing the job XML file %s. Attempting to execute this job may result in errors.
WFLYBATCH000008
WARN
Empty job-repository element found in deployment descriptor. Using the default job repository for deployment %s.
WFLYBATCH000009
java.lang.IllegalStateException
Indexed child resources can only be registered if the parent resource supports ordered children. The parent of '%s' is not indexed
WFLYBATCH000011
org.jboss.msc.service.StartException
Failed to create %s job repository.
WFLYBATCH000013
ERROR
Only one job repository can be defined in the jboss-all.xml deployment descriptor. The first job repository will be used.
WFLYBATCH000014
WARN
Stopping execution %d of %s for deployment %s
WFLYBATCH000015
ERROR
Failed to stop execution %d for job %s on deployment %s
WFLYBATCH000016
ERROR
Failed to restart execution %d for job %s on deployment %s
WFLYBATCH000017
INFO
Restarting previously stopped batch job %s. Previous execution id %d. New execution id %d.
WFLYBATCH000019
jakarta.batch.operations.BatchRuntimeException
No batch environment was found for class loader: %s
WFLYBATCH000020
jakarta.batch.operations.JobSecurityException
Permission denied. User %s does not have %s permissions.
WFLYCC
Code
Level
Return Type
Message
WFLYCC0001
java.lang.IllegalStateException
Cannot add deployment actions after starting creation of a rollout plan
WFLYCC0002
java.lang.IllegalStateException
Cannot add deployment actions after starting creation of a rollout plan
WFLYCC0003
java.lang.String
Cannot convert %s to %s
WFLYCC0004
java.lang.IllegalArgumentException
Cannot derive a deployment name from %s -- use an overloaded method variant that takes a 'name' parameter
WFLYCC0005
java.lang.IllegalArgumentException
Cannot use a DeploymentPlan not created by this manager
WFLYCC0007
java.lang.String
Deployment with name %s already present in the domain
WFLYCC0008
java.lang.String
failed
WFLYCC0009
java.lang.IllegalStateException
Global rollback is not compatible with a server restart
WFLYCC0010
java.lang.IllegalStateException
Graceful shutdown already configured with a timeout of %d ms
WFLYCC0011
java.lang.String
Only one version of deployment with a given unique name can exist in the domain. The deployment plan specified that a new version of deployment %s replace an existing deployment with the same unique name, but did not apply the replacement to all server groups. Missing server groups were: %s
WFLYCC0012
java.lang.IllegalStateException
Invalid action type %s
WFLYCC0013
java.lang.IllegalStateException
Preceding action was not a %s
WFLYCC0014
java.lang.IllegalArgumentException
%s is not a valid URI
WFLYCC0015
java.lang.IllegalArgumentException
Illegal %s value %d -- must be greater than %d
WFLYCC0016
java.lang.IllegalArgumentException
Illegal %s value %d -- must be greater than %d and less than %d
WFLYCC0017
java.lang.RuntimeException
Screen real estate is expensive; displayUnits must be 5 characters or less
WFLYCC0019
java.lang.String
No failure details provided
WFLYCC0020
java.lang.IllegalStateException
No %s is configured
WFLYCC0022
java.lang.IllegalStateException
%s is closed
WFLYCC0023
java.lang.RuntimeException
Operation outcome is %s
WFLYCC0024
java.lang.IllegalStateException
%s operations are not allowed after content and deployment modifications
Specified HotRod protocol version %s does not support creating caches automatically. Cache named '%s' must be already created on the Infinispan Server!
WFLYCLINF0033
WARN
Attribute '%s' is configured to use a deprecated value: %s; use one of the following values instead: %s
WFLYCLJG
Code
Level
Return Type
Message
WFLYCLJG0001
INFO
Activating JGroups subsystem. JGroups version %s
WFLYCLJG0007
java.lang.String
Failed to parse %s
WFLYCLJG0008
java.lang.String
Failed to locate %s
WFLYCLJG0010
org.jboss.as.controller.OperationFailedException
Transport for stack %s is not defined. Please specify both a transport and protocol list, either as optional parameters to add() or via batching.
WFLYCLJG0015
java.lang.String
Unknown metric %s
WFLYCLJG0016
org.jboss.as.controller.OperationFailedException
Unable to load protocol class %s
WFLYCLJG0022
java.lang.IllegalArgumentException
%s entry not found in configured key store
WFLYCLJG0023
java.lang.IllegalArgumentException
%s key store entry is not of the expected type: %s
WFLYCLJG0025
java.lang.IllegalArgumentException
Configured credential source does not reference a clear-text password credential
WFLYCLJG0028
java.lang.IllegalArgumentException
Could not resolve destination address for outbound socket binding named '%s'
WFLYCLJG0030
WARN
Protocol %s is obsolete and will be auto-updated to %s
WFLYCLJG0031
WARN
Ignoring unrecognized %s property: %s
WFLYCLJG0032
INFO
Connecting '%s' channel. '%s' joining cluster '%s' via %s
WFLYCLJG0033
INFO
Connected '%s' channel. '%s' joined cluster '%s' with view: %s
WFLYCLJG0034
INFO
Disconnecting '%s' channel. '%s' leaving cluster '%s' with view: %s
WFLYCLJG0035
INFO
Disconnected '%s' channel. '%s' left cluster '%s'
WFLYCLSN
Code
Level
Return Type
Message
WFLYCLSN0001
INFO
This node will now operate as the singleton provider of the %s service
WFLYCLSN0002
INFO
This node will no longer operate as the singleton provider of the %s service
WFLYCLSN0003
INFO
%s elected as the singleton provider of the %s service
WFLYCLSN0004
java.lang.IllegalStateException
No response received from primary provider of the %s service, retrying...
WFLYCLSN0005
ERROR
Failed to start %s service
WFLYCLSN0006
WARN
Failed to reach quorum of %2$d for %1$s service. No primary singleton provider will be elected.
WFLYCLSN0007
INFO
Just reached required quorum of %2$d for %1$s service. If this cluster loses another member, no node will be chosen to provide this service.
WFLYCLSN0008
java.lang.IllegalArgumentException
Detected multiple primary providers for %s service: %s
WFLYCLSN0009
java.lang.IllegalStateException
Singleton service %s is not started.
WFLYCLSN0010
WARN
No node was elected as the singleton provider of the %s service
WFLYCLSN0011
java.lang.IllegalArgumentException
Specified quorum %d must be greater than zero
WFLYCLSNG
Code
Level
Return Type
Message
WFLYCLSNG0001
INFO
Singleton deployment detected. Deployment will reset using %s policy.
WFLYCLSV
Code
Level
Return Type
Message
WFLYCLSV0001
java.lang.IllegalArgumentException
A command dispatcher already exists for %s
WFLYCLSV0020
WARN
Failed to purge %s/%s registry of old registry entries for: %s
WFLYCLSV0021
WARN
Failed to notify %s/%s registry listener of %s(%s) event
WFLYCLSV0022
WARN
Failed to restore local %s/%s registry entry following network partititon merge
WFLYCLSV0030
WARN
Failed to notify %s/%s service provider registration listener of new providers: %s
WFLYCLWEB
Code
Level
Return Type
Message
WFLYCLWEB0001
java.lang.IllegalStateException
Session %s is not valid
WFLYCLWEBHR
Code
Level
Return Type
Message
WFLYCLWEBHR0001
WARN
Failed to expire session %s
WFLYCLWEBHR0007
WARN
Failed to activate attributes of session %s
WFLYCLWEBHR0008
WARN
Failed to activate attribute %2$s of session %1$s
WFLYCLWEBHR0009
java.lang.IllegalStateException
Failed to read attribute %2$s of session %1$s
WFLYCLWEBHR0010
WARN
Failed to activate authentication for single sign on %s
WFLYCLWEBHR0011
WARN
Session %s is missing cache entry for attribute %s
WFLYCLWEBINF
Code
Level
Return Type
Message
WFLYCLWEBINF0001
WARN
Failed to passivate attributes of session %s
WFLYCLWEBINF0002
WARN
Failed to passivate attribute %2$s of session %1$s
WFLYCLWEBINF0003
java.lang.IllegalStateException
Session %s is not valid
WFLYCLWEBINF0004
WARN
Failed to expire session %s
WFLYCLWEBINF0005
DEBUG
Failed to cancel expiration/passivation of session %s on primary owner.
WFLYCLWEBINF0006
DEBUG
Failed to schedule expiration/passivation of session %s on primary owner.
WFLYCLWEBINF0007
WARN
Failed to activate attributes of session %s
WFLYCLWEBINF0008
WARN
Failed to activate attribute %2$s of session %1$s
WFLYCLWEBINF0009
java.lang.IllegalStateException
Failed to read attribute %2$s of session %1$s
WFLYCLWEBINF0010
WARN
Failed to activate authentication for single sign on %s
WFLYCLWEBINF0011
WARN
Session %s is missing cache entry for attribute %s
WFLYCLWEBINF0012
WARN
Disabling eviction for cache '%s'. Web session passivation should be configured via in jboss-web.xml.
WFLYCLWEBINF0013
WARN
Disabling expiration for cache '%s'. Web session expiration should be configured per §7.5 of the servlet specification.
WFLYCLWEBUT
Code
Level
Return Type
Message
WFLYCLWEBUT0001
java.lang.IllegalStateException
Session %s is invalid
WFLYCLWEBUT0002
java.lang.IllegalStateException
Session %s already exists
WFLYCLWEBUT0003
java.lang.IllegalStateException
Session manager was stopped
WFLYCLWEBUT0004
WARN
Legacy overriding attached distributable session management provider for %s
WFLYCLWEBUT0005
WARN
No distributable session management provider found for %s; using legacy provider based on
WFLYCLWEBUT0007
WARN
No routing provider found for %s; using legacy provider based on static configuration
WFLYCLWEBUT0008
WARN
No distributable single sign-on management provider found for %s; using legacy provider based on static configuration
WFLYCLWEBUT0009
java.lang.IllegalStateException
Invalidation attempted for session %s after the response was committed (e.g. after HttpServletResponse.sendRedirect or sendError)
WFLYCM
Code
Level
Return Type
Message
WFLYCM0002
java.lang.String
Error initializing the process state listener %s
WFLYCM0003
ERROR
Error invoking the process state listener %s
WFLYCM0004
ERROR
The process state listener %s took to much time to complete.
WFLYCM0005
ERROR
Error cleaning up for the process state listener %s
WFLYCM0006
org.jboss.as.controller.OperationFailedException
Error to load module %s
WFLYCM0007
org.jboss.as.controller.OperationFailedException
Error to load class %s from module %s
WFLYCM0008
org.jboss.as.controller.OperationFailedException
Error to instantiate instance of class %s from module %s
WFLYCNT
Code
Level
Return Type
Message
WFLYCNT0001
org.jboss.as.controller.OperationFailedException
Invalid hash '%s' for content at address %s; current hash is '%s' -- perhaps the content has been updated by another caller?
WFLYCNT0002
java.lang.IllegalStateException
Cannot obtain Message Digest algorithm SHA-1
WFLYCNT0003
java.lang.IllegalArgumentException
Illegal child type %s -- must be %s
WFLYCNT0004
java.lang.IllegalArgumentException
Illegal child resource class %s
WFLYCNT0005
java.lang.IllegalStateException
No content found with hash %s
WFLYCNT0006
java.lang.IllegalStateException
null parent
WFLYCONF
Code
Level
Return Type
Message
WFLYCONF0001
INFO
Activating MicroProfile Config Subsystem
WFLYCONF0002
org.jboss.as.controller.OperationFailedException
Unable to load class %s from module %s
WFLYCONF0003
DEBUG
Use directory for MicroProfile Config Source: %s
WFLYCONF0004
DEBUG
Use class for MicroProfile Config Source: %s
WFLYCONF0009
DEBUG
Use directory for MicroProfile Config Source Root: %s
WFLYCONF0010
INFO
The MicroProfile Config Source root directory '%s' contains the following directories which will be used as MicroProfile Config Sources: %s
capability '%s' requires it for attribute '%s' at address '%s'
WFLYCTL0000
java.lang.String
%s
WFLYCTL0000
java.lang.String
%s in context '%s'
WFLYCTL0000
java.lang.String
; Possible registration points for this capability: %s
WFLYCTL0000
java.lang.String
; There are no known registration points which can provide this capability.
WFLYCTL0000
java.lang.String
; This unresolvable capability likely is due to the use of an expression string in a configuration attribute that does not support expressions.
WFLYCTL0000
java.lang.String
Couldn't convert %s to %s
WFLYCTL0000
java.lang.String
While constructing a mapping; %s; expected a mapping for merging, but found %s
WFLYCTL0000
java.lang.String
The yaml configuration files for customizing the configuration. Paths can be absolute, relative to the current execution directory or relative to the standalone configuration directory.
WFLYCTL0001
WARN
Cannot resolve address %s, so cannot match it to any InetAddress
WFLYCTL0002
ERROR
Error booting the container
WFLYCTL0003
ERROR
Error booting the container due to insufficient stack space for the thread used to execute boot operations. The thread was configured with a stack size of [%1$d]. Setting system property %2$s to a value higher than [%1$d] may resolve this problem.
WFLYCTL0004
ERROR
%s caught exception attempting to revert operation %s at address %s
WFLYCTL0005
ERROR
Failed executing operation %s at address %s
WFLYCTL0006
ERROR
Failed executing subsystem %s boot operations
WFLYCTL0007
ERROR
Failed to close resource %s
WFLYCTL0008
ERROR
Failed to persist configuration change
WFLYCTL0009
ERROR
Failed to store configuration to %s
WFLYCTL0010
ERROR
Invalid value %s for system property %s -- using default value [%d]
WFLYCTL0011
WARN
Address %1$s is a wildcard address, which will not match against any specific address. Do not use the '%2$s' configuration element to specify that an interface should use a wildcard address; use '%3$s'
WFLYCTL0013
ERROR
Operation (%s) failed - address: (%s)
WFLYCTL0015
WARN
Wildcard address detected - will ignore other interface criteria.
WFLYCTL0016
ERROR
Received no final outcome response for operation %s with address %s from remote process at address %s. The result of this operation will only include the remote process' preliminary response to the request.
Graceful shutdown of the handler used for native management requests did not complete within [%d] ms but shutdown of the underlying communication channel is proceeding
WFLYCTL0020
WARN
Graceful shutdown of the handler used for native management requests failed but shutdown of the underlying communication channel is proceeding
WFLYCTL0021
WARN
Invalid value '%s' for system property '%s' -- value must be convertible into an int
WFLYCTL0022
WARN
Multiple addresses or network interfaces matched the selection criteria for interface '%s'. Matching addresses: %s. Matching network interfaces: %s. The interface will use address %s and network interface %s.
WFLYCTL0023
WARN
Value '%s' for interface selection criteria 'inet-address' is ambiguous, as more than one address or network interface available on the machine matches it. Because of this ambiguity, no address will be selected as a match. Matching addresses: %s. Matching network interfaces: %s.
WFLYCTL0024
ERROR
Could not read target definition!
WFLYCTL0027
ERROR
Operation was interrupted before service container stability could be reached. Process should be restarted. Step that first updated the service container was '%s' at address '%s'
WFLYCTL0028
INFO
Attribute '%s' in the resource at address '%s' is deprecated, and may be removed in a future version. See the attribute description in the output of the read-resource-description operation to learn more about the deprecation.
WFLYCTL0029
WARN
Cannot delete temp file %s, will be deleted on exit
WFLYCTL0030
java.lang.String
No resource definition is registered for address %s
WFLYCTL0031
java.lang.String
No operation named '%s' exists at address %s
WFLYCTL0032
WARN
There were problems during the transformation process for target host: '%s' %nProblems found: %n%s
WFLYCTL0033
INFO
Extension '%s' is deprecated and may not be supported in future versions
WFLYCTL0034
INFO
Subsystems %s provided by legacy extension '%s' are not supported on servers running this version. The extension is only supported for use by hosts running a previous release in a mixed-version managed domain. On this server the extension will not register any subsystems, and future attempts to create or address subsystem resources on this server will result in failure.
WFLYCTL0035
ERROR
Update of the management operation audit log failed
Could not load configuration file: %s. The configuration file argument must specify the path to a file located in the configuration directory. The path must be a relative path, and must be relative to the configuration directory %s.
WFLYCTL0215
java.lang.IllegalStateException
Could not load configuration file: %s. The configuration file argument must specify one of the following: 1) an absolute path to an existing file; 2) a relative path to an existing file, relative to the current working directory; or 3) a relative path to a file located in the configuration directory. In the latter case, it must be a path relative to the configuration directory %s.
Operation '%s' targeted at resource '%s' was directly invoked by a user. User operations are not permitted to directly update the persistent configuration of a server in a managed domain.
WFLYCTL0250
java.lang.IllegalStateException
An operation handler attempted to access the operation response server results object on a process type other than '%s'. The current process type is '%s'
WFLYCTL0251
java.lang.String
Can't have both loopback and inet-address criteria
WFLYCTL0253
java.lang.String
Can't have same criteria for both not and inclusion %s
WFLYCTL0254
org.jboss.as.controller.OperationFailedException
Invalid value '%s' for attribute '%s' -- no interface configuration with that name exists
WFLYCTL0256
java.lang.IllegalArgumentException
Could not find a path called '%s'
WFLYCTL0257
java.lang.IllegalArgumentException
Path entry is read-only: '%s'
WFLYCTL0258
java.lang.IllegalArgumentException
There is already a path entry called: '%s'
WFLYCTL0260
java.lang.IllegalArgumentException
Invalid relativePath value '%s'
WFLYCTL0261
java.lang.IllegalArgumentException
'%s' is a Windows absolute path
WFLYCTL0262
org.jboss.as.controller.OperationFailedException
Path '%s' is read-only; it cannot be removed
WFLYCTL0263
org.jboss.as.controller.OperationFailedException
Path '%s' is read-only; it cannot be modified
WFLYCTL0264
org.jboss.as.controller.OperationFailedException
%s may not be ModelType.EXPRESSION
WFLYCTL0265
java.lang.IllegalStateException
PathManager not available on processes of type '%s'
WFLYCTL0266
org.jboss.as.controller.OperationFailedException
Value %s for attribute %s is not a valid multicast address
WFLYCTL0267
org.jboss.as.controller.OperationFailedException
Path '%s' cannot be removed, since the following paths depend on it: %s
No operation called '%s' found for alias address '%s' which maps to '%s'
WFLYCTL0281
java.lang.IllegalStateException
Resource registration is not an alias
WFLYCTL0282
java.lang.RuntimeException
Model contains fields that are not known in definition, fields: %s, path: %s
WFLYCTL0283
java.lang.UnsupportedOperationException
Could not marshal attribute as element: %s
WFLYCTL0284
java.lang.UnsupportedOperationException
Could not marshal attribute as attribute: %s
WFLYCTL0285
java.lang.String
Operation %s invoked against multiple target addresses failed at address %s with failure description %s
WFLYCTL0286
java.lang.String
Operation %s invoked against multiple target addresses failed at address %s. See the operation result for details.
WFLYCTL0287
java.lang.String
Operation %s invoked against multiple target addresses failed at addresses %s. See the operation result for details.
WFLYCTL0288
java.lang.String
One or more services were unable to start due to one or more indirect dependencies not being available.
WFLYCTL0289
java.lang.String
No operation entry called '%s' registered at '%s'
WFLYCTL0290
java.lang.String
No operation handler called '%s' registered at '%s'
WFLYCTL0291
java.lang.IllegalStateException
There is no registered path to resolve with path attribute '%s' and/or relative-to attribute '%s on: %s
WFLYCTL0292
java.lang.String
Attributes do not support expressions in the target model version and this resource will need to be ignored on the target host.
WFLYCTL0293
java.lang.String
Attributes are not understood in the target model version and this resource will need to be ignored on the target host.
WFLYCTL0294
java.lang.String
Transforming resource %s to core model version '%s' -- %s %s
WFLYCTL0295
java.lang.String
Transforming operation %s at resource %s to core model version '%s' -- %s %s
WFLYCTL0296
java.lang.String
Transforming resource %s to subsystem '%s' model version '%s' -- %s %s
WFLYCTL0297
java.lang.String
Transforming operation %s at resource %s to subsystem '%s' model version '%s' -- %s %s
WFLYCTL0298
org.jboss.as.controller.OperationFailedException
Node contains an unresolved expression %s -- a resolved model is required
WFLYCTL0299
org.jboss.as.controller.OperationFailedException
Transforming resource %s for host controller '%s' to core model version '%s' -- there were problems with some of the attributes and this resource will need to be ignored on that host. Details of the problems: %s
WFLYCTL0300
org.jboss.as.controller.OperationFailedException
Transforming resource %s for host controller '%s' to subsystem '%s' model version '%s' --there were problems with some of the attributes and this resource will need to be ignored on that host. Details of problems: %s
WFLYCTL0301
java.lang.String
The following attributes do not support expressions: %s
WFLYCTL0302
java.lang.String
The following attributes are not understood in the target model version and this resource will need to be ignored on the target host: %s
WFLYCTL0303
java.lang.String
Resource %s is rejected on the target host, and will need to be ignored on the host
WFLYCTL0304
java.lang.String
Operation %2$s at %1s is rejected on the target host and will need to be ignored on the host
WFLYCTL0305
javax.xml.stream.XMLStreamException
Unless the Host Controller is started with command line option %s and the %s attribute is not set to %s, %s must be declared or the %s and the %s need to be provided.
WFLYCTL0306
java.lang.IllegalStateException
read only context
WFLYCTL0307
java.lang.String
We are trying to read data from the domain controller, which is currently busy executing another set of operations. This is a temporary situation, please retry
WFLYCTL0309
java.lang.String
Legacy extension '%s' is not supported on servers running this version. The extension is only supported for use by hosts running a previous release in a mixed-version managed domain
Can only create child audit logger for main audit logger
WFLYCTL0332
java.lang.String
Permission denied
WFLYCTL0333
java.lang.SecurityException
Cannot add a Permission to a readonly PermissionCollection
WFLYCTL0334
java.lang.IllegalArgumentException
Incompatible permission type %s
WFLYCTL0335
java.lang.String
Management resource '%s' not found
WFLYCTL0336
java.lang.String
The following attributes are nillable in the current model but must be defined in the target model version: %s
WFLYCTL0337
java.io.IOException
Unsupported Identity type '%X' received.
WFLYCTL0338
java.io.IOException
Unsupported Identity parameter '%X' received parsing identity type '%X'.
WFLYCTL0339
java.lang.String
The following attributes must be defined as %s in the current model: %s
WFLYCTL0340
java.lang.String
The following attributes must NOT be defined as %s in the current model: %s
WFLYCTL0341
org.jboss.as.controller.OperationFailedException
A uri with bad syntax '%s' was passed for validation.
WFLYCTL0342
org.jboss.as.controller.OperationFailedException
Illegal value %d for operation header %s; value must be greater than zero
WFLYCTL0343
java.lang.String
The service container has been destabilized by a previous operation and further runtime updates cannot be processed. Restart is required.
WFLYCTL0344
java.lang.String
Operation timed out awaiting service container stability
WFLYCTL0345
java.lang.IllegalStateException
Timeout after %d seconds waiting for existing service %s to be removed so a new instance can be installed.
WFLYCTL0346
ERROR
Invalid value %s for property %s; must be a numeric value greater than zero. Default value of %d will be used.
WFLYCTL0347
DEBUG
Timeout after [%d] seconds waiting for initial service container stability before allowing runtime changes for operation '%s' at address '%s'. Operation will roll back; process restart is required.
WFLYCTL0348
ERROR
Timeout after [%d] seconds waiting for service container stability. Operation will roll back. Step that first updated the service container was '%s' at address '%s'
WFLYCTL0349
ERROR
Timeout after [%d] seconds waiting for service container stability while finalizing an operation. Process must be restarted. Step that first updated the service container was '%s' at address '%s'
WFLYCTL0350
INFO
Execution of operation '%s' on remote process at address '%s' interrupted while awaiting initial response; remote process has been notified to cancel operation
WFLYCTL0351
INFO
Execution of operation '%s' on remote process at address '%s' interrupted while awaiting final response; remote process has been notified to terminate operation
WFLYCTL0352
INFO
Cancelling operation '%s' with id '%d' running on thread '%s'
WFLYCTL0353
java.io.IOException
No response handler for request %s
WFLYCTL0354
INFO
Attempting reconnect to syslog handler '%s; after timeout of %d seconds
WFLYCTL0355
INFO
Reconnecting to syslog handler '%s failed
WFLYCTL0356
WARN
Failed to emit notification %s
WFLYCTL0357
java.lang.String
Notification of type %s is not described for the resource at the address %s
WFLYCTL0358
java.lang.String
The resource was added at the address %s.
WFLYCTL0359
java.lang.String
The resource was removed at the address %s.
WFLYCTL0360
java.lang.String
The attribute %s value has been changed from %s to %s.
WFLYCTL0361
java.lang.IllegalStateException
Capabilities cannot be queried in stage '%s'; they are not available until stage '%s'.
WFLYCTL0362
java.lang.String
Capabilities required by resource '%s' are not available:
WFLYCTL0363
java.lang.IllegalStateException
Capability '%s' is already registered in context '%s'.
WFLYCTL0364
java.lang.IllegalStateException
Capability '%s' is unknown.
WFLYCTL0365
java.lang.IllegalStateException
Capability '%s' is unknown in context '%s'.
WFLYCTL0366
java.lang.IllegalArgumentException
Capability '%s' does not expose a runtime API.
WFLYCTL0367
java.lang.String
Cannot remove capability '%s' as it is required by other capabilities:
WFLYCTL0368
java.lang.String
Cannot remove capability '%s' from context '%s' as it is required by other capabilities:
Unexpected element '%s' encountered. Valid elements are: '%s'
WFLYCTL0378
org.jboss.as.controller.OperationFailedException
Attribute '%s' is not of type '%s', it is type '%s'
WFLYCTL0379
java.lang.String
System boot is in process; execution of remote management operations is not currently available
WFLYCTL0380
org.jboss.as.controller.OperationFailedException
Attribute '%s' needs to be set or passed before attribute '%s' can be correctly set
WFLYCTL0381
java.lang.IllegalArgumentException
Illegal permission name '%s'
WFLYCTL0382
java.lang.IllegalArgumentException
Illegal permission actions '%s'
WFLYCTL0383
java.lang.String
No operation is defined %s
WFLYCTL0385
java.lang.IllegalStateException
An attempt was made to register the non-host capable subsystem '%s' from extension module '%s' in the host model.
WFLYCTL0386
org.jboss.as.controller.OperationFailedException
The host controller info can only be accessed after the model stage on boot
WFLYCTL0387
java.lang.IllegalArgumentException
Illegal path address '%s' , it is not in a correct CLI format
WFLYCTL0388
java.lang.IllegalStateException
Could not create empty configuration file %s
WFLYCTL0389
java.lang.IllegalStateException
Could not create an empty configuration at file %s as there is an existing non-empty configuration there
WFLYCTL0391
org.jboss.as.controller.OperationFailedException
Could not resolve attribute expression: '%s', invalid index '%d'
WFLYCTL0392
org.jboss.as.controller.OperationFailedException
Could not resolve attribute expression: '%s', type is not a list
WFLYCTL0393
org.jboss.as.controller.OperationFailedException
Could not resolve attribute expression: '%s'
WFLYCTL0394
java.lang.IllegalArgumentException
Capability '%s' does not provide services of type '%s'
WFLYCTL0395
INFO
Operation %s against the resource at address %s is deprecated, and it might be removed in future version. See the the output of the read-operation-description operation to learn more about the deprecation.
WFLYCTL0396
java.lang.String
Resource %s is discarded on the target host %s
WFLYCTL0397
java.lang.IllegalStateException
Indexed child resources can only be registered if the parent resource supports ordered children. The parent of '%s' is not indexed
An attempt was made to rename the resource found at %s to %s. However, '%s' is one of the resource types defined to be ordered on the parent resource %s
WFLYCTL0399
java.lang.String
The capability '%s' required by capability '%s' in context '%s' is available in one or more socket binding groups, but not all socket binding capabilities required by '%s' can be resolved from a single socket binding group, so this configuration is invalid
WFLYCTL0400
ERROR
Capability '%s' in context '%s' associated with resource '%s' requires capability '%s'. It is available in one or more socket binding groups, but not all socket binding capabilities required by '%s' can be resolved from a single socket binding group, so this configuration is invalid
WFLYCTL0401
java.lang.RuntimeException
Couldn't build the report
WFLYCTL0402
ERROR
Subsystems %s provided by legacy extension '%s' are not supported on servers running this version. Both the subsystem and the extension must be removed or migrated before the server will function.
WFLYCTL0403
ERROR
Unexpected failure during execution of the following operation(s): %s
WFLYCTL0404
java.lang.String
Unexpected exception during execution: %s
WFLYCTL0405
WARN
Couldn't find a transformer to %s, falling back to %s
WFLYCTL0406
org.jboss.as.controller.OperationFailedException
Could not convert the attribute '%s' to a %s
WFLYCTL0407
ERROR
Failed sending completed response %s for %d
WFLYCTL0408
ERROR
Failed sending failure response %s for %d
WFLYCTL0409
java.lang.String
Execution of operation '%s' on remote process at address '%s' timed out after %d ms while awaiting initial response; remote process has been notified to terminate operation
WFLYCTL0410
INFO
Execution of operation '%s' on remote process at address '%s' timed out after %d ms while awaiting final response; remote process has been notified to terminate operation
WFLYCTL0411
WARN
Failed to parse element '%s', ignoring ...
WFLYCTL0412
java.lang.String
Required services that are not installed:
WFLYCTL0413
org.jboss.as.controller.OperationFailedException
The deprecated parameter %s has been set in addition to the current parameter %s but with different values
WFLYCTL0414
WARN
Could not create a timestamped backup of current history dir %s, so it may still include versions from the previous boot.
WFLYCTL0415
java.lang.String
Modification of the runtime service container by a management operation has begun
WFLYCTL0416
java.lang.String
Modification of the runtime service container by a management operation has completed
WFLYCTL0417
org.jboss.as.controller.OperationFailedException
Cannot add more than one jvm. Add of '%s' attempted, but '%s' already exists
Cannot register capability '%s' at location '%s' as it is already registered in context '%s' at location(s) '%s'
WFLYCTL0437
javax.xml.stream.XMLStreamException
Duplicate extension: an %s element with %s attribute value '%s' has already been parsed
WFLYCTL0438
java.lang.String
Couldn't convert '%s' into proper warning level, threshold falling back to 'ALL'. Possible values: SEVERE,WARNING,INFO,CONFIG,FINE,FINER,FINEST,ALL,OFF
WFLYCTL0439
org.jboss.as.controller.OperationFailedException
Value %s for attribute %s is not a valid subnet format
WFLYCTL0440
WARN
Cannot delete file or directory %s
WFLYCTL0441
java.lang.String
Operation has resulted in failed or missing services %n
WFLYCTL0442
WARN
Error stopping server
WFLYCTL0443
WARN
Error getting the password from the supplier %s
WFLYCTL0444
INFO
The handler for operation '%s' at address '%s' attempted to add a stage %s step. This is not valid for a 'profile' resource on process type %s so this step will not be executed.
WFLYCTL0445
org.jboss.as.controller.OperationFailedException
%s with value '%s' in attribute %s is already defined
WFLYCTL0446
org.jboss.as.controller.OperationFailedException
%s or alternative(s) %s is required
WFLYCTL0447
WARN
Attribute '%s' in the resource at address '%s' has been configured with an expression, but support for use of expressions in this attribute's value may be removed in a future version. This attribute configures whether a capability that can be required by other parts of the configuration is present or itself configures a requirement for a capability provided by another part of the configuration. Full support for this kind of configuration cannot be provided when an expression is used.
WFLYCTL0448
java.lang.String
%s additional services are down due to their dependencies being missing or failed
WFLYCTL0449
java.lang.String
Operation %s against the resource at address %s is deprecated, and it might be removed in future version. See the the output of the read-operation-description operation to learn more about the deprecation.
System property "%s" is already set in the section of the configuration file. The value set in the command line will be overridden by that value.
WFLYCTL0457
org.jboss.as.controller.OperationFailedException
Invalid HTTP Header name '%s'
WFLYCTL0458
org.jboss.as.controller.OperationFailedException
Disallowed HTTP Header name '%s'
WFLYCTL0459
ERROR
Triggering roll back due to missing management services.
WFLYCTL0460
java.lang.IllegalStateException
The system property '%s' can only be used with a standalone or embedded server
WFLYCTL0461
java.lang.IllegalStateException
The system property '%s' can only be used with an admin-only server
WFLYCTL0462
java.lang.IllegalStateException
Could not find the directory '%s' specified by the system property '%s'. Please make sure it exists
WFLYCTL0463
java.lang.IllegalStateException
More than one instance of AdditionalBootCliScriptInvoker found. Have: '%s'; found: '%s
WFLYCTL0464
java.lang.IllegalStateException
If using %s=true, when you use -D%s you need to set -D%s
WFLYCTL0465
INFO
Initialised the additional boot CLI script functionality. The CLI commands will be read from %s. The server will remain running in admin-only mode after these have been executed, and the result of the cli operations will be written to %s
WFLYCTL0466
INFO
Initialised the additional boot CLI script functionality. The CLI commands will be read from %s. The server will be rebooted to normal mode after these have been executed
WFLYCTL0467
INFO
Running the additional commands from the CLI script %s against the server which is running in admin-only mode
WFLYCTL0468
INFO
Completed running the commands from the CLI script
WFLYCTL0469
INFO
Restarting the server since the additional commands from the CLI script requires a restart. This will record that the restart has been initiated in the marker file %s since the restart mechanism will preserve all properties pertaining to the additional boot CLI script functionality (%s, %s, %s). The restart maintains the admin-only running mode, so a subsequent reload will happen
WFLYCTL0470
INFO
Reloading the server to normal mode after execution of the additional commands from the CLI script. This will clear the properties triggering the additional boot cli script functionality if they were set (%s, %s, %s), and delete the marker file indicating the server was restarted
WFLYCTL0471
INFO
Reloading the server to normal mode after restart follwoing execution of the additional commands from the CLI script. This will clear the properties triggering the additional boot cli script functionality if they were set (%s, %s, %s)
WFLYCTL0472
INFO
Checking for presence of marker file indicating that the server has been restarted following execution of the additional commands from the CLI script
WFLYCTL0473
INFO
Marker file indicating that the server has been restarted following execution of the additional commands from the CLI script found at %s
WFLYCTL0474
INFO
No marker file found indicating that the server has been restarted following execution of the additional commands from the CLI script
WFLYCTL0475
org.jboss.as.controller.OperationFailedException
Value for attribute '%s' is invalid.
WFLYCTL0476
org.jboss.as.controller.OperationFailedException
Value for attribute '%s' is invalid: either '%s' must be specified on its own or '%s' needs to be specified with at least one of '%s' or '%s'
WFLYCTL0477
java.lang.IllegalArgumentException
Parameter name '%s' is invalid.
WFLYCTL0478
org.jboss.as.controller.OperationFailedException
Unable to create command based CredentialSource for credential reference.
WFLYCTL0479
java.lang.String
Attribute '%s' at resource '%s' with unresolved value '%s' cannot be resolved using the non-security-sensitive sources resolution supported by the 'resolve' parameter. Response will report the unresolved value.
WFLYCTL0480
java.lang.String
Expression '%s' cannot be resolved using the non-security-sensitive sources resolution supported by the '%s' operation. Response will report the unresolved value.
WFLYCTL0481
WARN
The runtime dependency package '%s' is already registered at location '%s'
WFLYCTL0482
org.jboss.as.controller.OperationFailedException
Value '%s' is not a legal charset name
WFLYCTL0483
org.jboss.as.controller.OperationFailedException
Charset '%s' is not supported in this instance of the Java Virtual Machine
WFLYCTL0484
java.lang.IllegalArgumentException
Attribute definition of attribute '%s' is null
WFLYCTL0485
java.lang.IllegalArgumentException
Error parsing yaml file %s
WFLYCTL0486
java.lang.IllegalArgumentException
Missing yaml file %s
WFLYCTL0487
DEBUG
It took %s ms to load and parse the yaml files
WFLYCTL0488
WARN
No registration found for address %s - Ignoring the subtree
WFLYCTL0489
java.lang.IllegalArgumentException
Can't undefine attribute %s since there is no resource at %s
WFLYCTL0490
WARN
You have defined a resource for address %s without any attributes, doing nothing
WFLYCTL0491
WARN
We have an unexpected value %s for address %s and name %s
WFLYCTL0492
WARN
Couldn't find a resource registration for address %s with current registration %s
WFLYCTL0493
java.lang.UnsupportedOperationException
The attribute %s hasn't a valueType properly defined.
Resolution of extension expression '%s' is not allowed at this point.
WFLYCTL0495
INFO
"fetch-from-master" is a deprecated value for "domain-controller.remote.admin-only-policy", "fetch-from-domain-controller" will be used instead.
WFLYCTL0496
WARN
Thread dump: ******************************************************************************* {0} =============================================================================== End Thread dump *******************************************************************************
WFLYCTL0497
WARN
Deadlock detected! ******************************************************************************* {0} =============================================================================== End Deadlock *******************************************************************************
WFLYCTL0498
WARN
Exception thrown during generation of thread dump
WFLYCTL0499
java.lang.IllegalStateException
There is no satisfactory capability '%s' available to resources with capability scope '%s'. This capability is registered at address(es) '%s', and are not accessible to resources with scope '%s'.
WFLYCTL0500
WARN
There is no UUID string at '%s'. A new value will be generated.
WFLYCTL0501
WARN
An invalid UUID string '%s' was found at '%s'. A new value will be generated.
WFLYCTL0502
java.lang.IllegalArgumentException
No child resource called %s could be found at address %s'.
Failed to publish configuration, because the remote name %s is not valid.
WFLYDC
Code
Level
Return Type
Message
WFLYDC0001
WARN
Ignoring 'include' child of 'socket-binding-group' %s
WFLYDC0002
WARN
Ignoring 'include' child of 'profile' %s
WFLYDC0003
INFO
Interrupted awaiting final response from server %s on host %s; remote process has been notified to cancel operation
WFLYDC0004
WARN
Caught exception awaiting final response from server %s on host %s
WFLYDC0005
INFO
Interrupted awaiting final response from host %s; remote process has been notified to cancel operation
WFLYDC0006
WARN
Caught exception awaiting final response from host %s
WFLYDC0007
WARN
Caught exception closing input stream
WFLYDC0008
INFO
Domain model has changed on re-connect. The following servers will need to be restarted for changes to take affect: %s
WFLYDC0009
ERROR
%s caught %s waiting for task %s. Cancelling task
WFLYDC0011
ERROR
No deployment content with hash %s is available in the deployment content repository for deployment %s. Because this Host Controller is booting in ADMIN-ONLY mode, boot will be allowed to proceed to provide administrators an opportunity to correct this problem. If this Host Controller were not in ADMIN-ONLY mode this would be a fatal boot failure.
WFLYDC0012
WARN
failed to set server (%s) into a restart required state
WFLYDC0013
java.lang.String
Registration of remote hosts is not supported on secondary host controllers
WFLYDC0014
java.lang.String
The primary host controller cannot register secondary host controllers as its current running mode is '%s'
WFLYDC0015
java.lang.String
There is already a registered host named '%s'
WFLYDC0016
java.lang.String
%s is missing %s: %s
WFLYDC0017
java.lang.String
%s recognizes only %s as children: %s
WFLYDC0018
java.lang.String
in-series is missing groups: %s
WFLYDC0019
java.lang.String
server-group expects one and only one child: %s
WFLYDC0020
java.lang.String
One of the groups does not define neither server-group nor concurrent-groups: %s
WFLYDC0021
java.lang.String
Unexplained failure
WFLYDC0022
java.lang.String
Operation failed or was rolled back on all servers.
WFLYDC0023
java.lang.String
Interrupted waiting for result from server %s
WFLYDC0024
java.lang.String
Exception getting result from server %s: %s
WFLYDC0025
java.lang.String
Invalid rollout plan. %s is not a valid child of node %s
WFLYDC0026
java.lang.String
Invalid rollout plan. Plan operations affect server groups %s that are not reflected in the rollout plan
WFLYDC0027
java.lang.String
Invalid rollout plan. Server group %s appears more than once in the plan.
WFLYDC0028
java.lang.String
Invalid rollout plan. Server group %s has a %s value of %s; must be between 0 and 100.
WFLYDC0029
java.lang.String
Invalid rollout plan. Server group %s has a %s value of %s; cannot be less than 0.
WFLYDC0030
java.lang.String
Interrupted waiting for result from host %s
WFLYDC0032
java.lang.String
Operation %s for address %s can only be handled by the Domain Controller; this host is not the Domain Controller
WFLYDC0033
org.jboss.as.controller.OperationFailedException
Operation targets host %s but that host is not registered
WFLYDC0034
org.jboss.as.controller.OperationFailedException
Caught %s storing deployment content -- %s
WFLYDC0035
java.lang.IllegalStateException
Unexpected initial path key %s
WFLYDC0036
java.lang.String
Null stream at index %d
WFLYDC0037
java.lang.String
Invalid byte stream.
WFLYDC0038
java.lang.String
Invalid url stream.
WFLYDC0039
java.lang.String
Only 1 piece of content is currently supported (AS7-431)
WFLYDC0040
java.lang.String
No deployment content with hash %s is available in the deployment content repository.
WFLYDC0041
java.lang.String
A secondary Host Controller cannot accept deployment content uploads
WFLYDC0042
java.lang.String
No deployment with name %s found
WFLYDC0043
java.lang.String
Cannot remove deployment %s from the domain as it is still used by server groups %s
WFLYDC0044
java.lang.String
Invalid '%s' value: %d, the maximum index is %d
WFLYDC0045
java.lang.String
%s is not a valid URL -- %s
WFLYDC0046
java.lang.String
Error obtaining input stream from URL %s -- %s
WFLYDC0047
java.lang.String
Invalid content declaration
WFLYDC0049
java.lang.String
Cannot use %s with the same value for parameters %s and %s. Use %s to redeploy the same content or %s to replace content with a new version with the same name.
WFLYDC0050
java.lang.String
Deployment %s is already started
WFLYDC0051
java.lang.String
Unknown %s %s
WFLYDC0052
java.lang.IllegalStateException
Unknown server group %s
WFLYDC0053
java.lang.IllegalStateException
Unknown server %s
WFLYDC0054
java.lang.IllegalArgumentException
Invalid code %d
WFLYDC0055
java.lang.IllegalStateException
Repository does not contain any deployment with hash %s
WFLYDC0056
java.lang.IllegalStateException
Expected only one deployment, found %d
WFLYDC0057
org.jboss.as.controller.OperationFailedException
No profile called: %s
WFLYDC0058
java.lang.String
No deployment content with hash %s is available in the deployment content repository for deployment '%s'. This is a fatal boot error. To correct the problem, either restart with the --admin-only switch set and use the CLI to install the missing content or remove it from the configuration, or remove the deployment from the xml configuraiton file and restart.
WFLYDC0059
org.jboss.as.controller.OperationFailedException
Failed to load module '%s'.
WFLYDC0060
java.lang.String
Invalid Jakarta Server Faces slot value: '%s'. The host controller is not able to use a Jakarta Server Faces slot value different from its default. This resource will be ignored on that host
WFLYDC0061
java.lang.String
Operation '%s' fails because the attributes are not known from the subsytem '%s' model version '%s': %s
WFLYDC0062
org.jboss.as.controller.OperationFailedException
No socket-binding-group named: %s
WFLYDC0063
org.jboss.as.controller.OperationFailedException
There is already a deployment called %s with the same runtime name %s on server group %s
WFLYDC0064
org.jboss.as.controller.OperationFailedException
Cannot remove server-group '%s' since it's still in use by servers %s
WFLYDC0065
org.jboss.as.controller.OperationFailedException
Wildcard operations are not supported as part of composite operations
WFLYDC0066
java.lang.String
Failed to send message: %s
WFLYDC0067
java.lang.String
Failed to send response header: %s
WFLYDC0068
java.lang.String
Host registration task got interrupted
WFLYDC0069
java.lang.String
Host registration task failed: %s
WFLYDC0070
INFO
%s interrupted awaiting server prepared response(s) -- cancelling updates for servers %s
%s deployment has been re-deployed, its content will not be removed. You will need to restart it.
WFLYDC0074
java.lang.String
Operation failed or was rolled back on all servers. Server failures:
WFLYDC0075
org.jboss.as.controller.OperationFailedException
Cannot synchronize the model due to missing extensions: %s
WFLYDC0076
javax.xml.stream.XMLStreamException
Duplicate included profile '%s'
WFLYDC0077
javax.xml.stream.XMLStreamException
Duplicate included socket binding group '%s'
WFLYDC0078
java.lang.String
The profile clone operation is not available on the host '%s'. To be able to use it in a domain containing older secondary hosts which do not support the profile clone operation, you need to either: a) Make sure that all older secondary hosts with a model version smaller than 4.0.0 ignore the cloned profile and the profile specified in the 'to-profile' parameter. b) Reload the domain controller into admin-only mode, perform the clone, then reload the domain controller into normal mode again, and check whether the secondary hosts need reloading.
WFLYDC0079
INFO
Timed out after %d ms awaiting host prepared response(s) from hosts %s -- cancelling updates for hosts %s
WFLYDC0080
java.lang.String
Timed out after %d ms awaiting host prepared response(s) -- remote host %s has been notified to cancel operation
WFLYDC0081
INFO
Timed out after %d ms awaiting final response from host %s; remote process has been notified to cancel operation
WFLYDC0082
INFO
%s timed out after %d ms awaiting server prepared response(s) -- cancelling updates for servers %s
WFLYDC0083
INFO
Timed out after %d ms awaiting final response from server %s on host %s; remote process has been notified to cancel operation
WFLYDC0084
org.jboss.as.controller.OperationFailedException
Cannot explode a deployment in a self-contained server
WFLYDC0085
org.jboss.as.controller.OperationFailedException
Cannot explode an unmanaged deployment
WFLYDC0086
org.jboss.as.controller.OperationFailedException
Cannot explode an already exploded deployment
WFLYDC0087
org.jboss.as.controller.OperationFailedException
Cannot explode an already deployed deployment
WFLYDC0088
org.jboss.as.controller.OperationFailedException
Cannot add content to a deployment in a self-contained server
WFLYDC0089
org.jboss.as.controller.OperationFailedException
Cannot add content to an unmanaged deployment
WFLYDC0090
org.jboss.as.controller.OperationFailedException
Cannot add content to an unexploded deployment
WFLYDC0091
org.jboss.as.controller.OperationFailedException
Cannot remove content from a deployment in a self-contained server
WFLYDC0092
org.jboss.as.controller.OperationFailedException
Cannot remove content from an unmanaged deployment
WFLYDC0093
org.jboss.as.controller.OperationFailedException
Cannot remove content from an unexploded deployment
WFLYDC0094
org.jboss.as.controller.OperationFailedException
Cannot read content from a deployment in a self-contained server
WFLYDC0095
org.jboss.as.controller.OperationFailedException
Cannot read content from an unmanaged deployment
WFLYDC0096
org.jboss.as.controller.OperationFailedException
Cannot read content from an unexploded deployment
WFLYDC0097
org.jboss.as.controller.OperationFailedException
Cannot explode a subdeployment of an unexploded deployment
WFLYDC0098
org.jboss.as.controller.OperationFailedException
The following servers %s are starting; execution of remote management operations is not currently available
WFLYDM
Code
Level
Return Type
Message
WFLYDM0000
java.lang.String
Enter the details of the new user to add.
WFLYDM0000
java.lang.String
Realm (%s)
WFLYDM0000
java.lang.String
Username
WFLYDM0000
java.lang.String
Username (%s)
WFLYDM0000
java.lang.String
Password
WFLYDM0000
java.lang.String
Re-enter Password
WFLYDM0000
java.lang.String
About to add user '%s' for realm '%s'
WFLYDM0000
java.lang.String
Is this correct
WFLYDM0000
java.lang.String
The username '%s' is easy to guess
WFLYDM0000
java.lang.String
Are you sure you want to add user '%s' yes/no?
WFLYDM0000
java.lang.String
Added user '%s' to file '%s'
WFLYDM0000
java.lang.String
Error
WFLYDM0000
java.lang.String
yes/no?
WFLYDM0000
java.lang.String
What type of user do you wish to add? %n a) Management User (mgmt-users.properties) %n b) Application User (application-users.properties)
WFLYDM0000
java.lang.String
What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)
WFLYDM0000
java.lang.String
Added user '%s' with groups %s to file '%s'
WFLYDM0000
java.lang.String
User '%s' already exists and is enabled, would you like to... %n a) Update the existing user password and roles %n b) Disable the existing user %n c) Type a new username
WFLYDM0000
java.lang.String
User '%s' already exists and is disabled, would you like to... %n a) Update the existing user password and roles %n b) Enable the existing user %n c) Type a new username
WFLYDM0000
java.lang.String
Updated user '%s' to file '%s'
WFLYDM0000
java.lang.String
Updated user '%s' with groups %s to file '%s'
WFLYDM0000
java.lang.String
The password must be different from the username
WFLYDM0000
java.lang.String
The password should be different from the username
WFLYDM0000
java.lang.String
The password must not be one of the following restricted values {%s}
WFLYDM0000
java.lang.String
The password should not be one of the following restricted values {%s}
WFLYDM0000
java.lang.String
%s characters
WFLYDM0000
java.lang.String
%d alphabetic character(s)
WFLYDM0000
java.lang.String
%d digit(s)
WFLYDM0000
java.lang.String
%s non-alphanumeric symbol(s)
WFLYDM0000
java.lang.String
The password must contain at least %s
WFLYDM0000
java.lang.String
The password should contain at least %s
WFLYDM0000
java.lang.String
Are you sure you want to use the password entered yes/no?
WFLYDM0000
java.lang.String
The add-user script is a utility for adding new users to the properties files for out-of-the-box authentication. It can be used to manage users in ManagementRealm and ApplicationRealm.
If set add an application user instead of a management user
WFLYDM0000
java.lang.String
Define the location of the domain config directory.
WFLYDM0000
java.lang.String
Define the location of the server config directory.
WFLYDM0000
java.lang.String
The file name of the user properties file which can be an absolute path.
WFLYDM0000
java.lang.String
The file name of the group properties file which can be an absolute path. (If group properties is specified then user properties MUST also be specified).
WFLYDM0000
java.lang.String
Password of the user, this will be checked against the password requirements defined within the add-user.properties configuration
WFLYDM0000
java.lang.String
Name of the user
WFLYDM0000
java.lang.String
Name of the realm used to secure the management interfaces (default is "ManagementRealm")
WFLYDM0000
java.lang.String
Activate the silent mode (no output to the console)
WFLYDM0000
java.lang.String
Comma-separated list of roles for the user.
WFLYDM0000
java.lang.String
Comma-separated list of groups for the user.
WFLYDM0000
java.lang.String
Enable the user
WFLYDM0000
java.lang.String
Disable the user
WFLYDM0000
java.lang.String
Automatically confirm warning in interactive mode
WFLYDM0000
java.lang.String
Display this message and exit
WFLYDM0000
java.lang.String
yes
WFLYDM0000
java.lang.String
y
WFLYDM0000
java.lang.String
no
WFLYDM0000
java.lang.String
n
WFLYDM0000
java.lang.String
The realm name supplied must match the name used by the server configuration which by default would be '%s'
WFLYDM0000
java.lang.String
Are you sure you want to set the realm to '%s'
WFLYDM0000
java.lang.String
Password requirements are listed below. To modify these restrictions edit the add-user.properties configuration file.
WFLYDM0000
java.lang.String
Password recommendations are listed below. To modify these restrictions edit the add-user.properties configuration file.
WFLYDM0000
java.lang.String
Using realm '%s' as specified on the command line.
WFLYDM0000
java.lang.String
Using realm '%s' as discovered from the existing property files.
WFLYDM0000
java.io.IOException
Users properties file '%s' contains multiple realm name declarations
WFLYDM0000
java.lang.IllegalStateException
The callback handler is not initialized for domain server %s.
WFLYDM0000
java.lang.IllegalStateException
Unable to obtain credential for server %s
WFLYDM0001
WARN
Properties file defined with default user and password, this will be easy to guess.
WFLYDM0017
org.jboss.msc.service.StartException
Unable to load properties
WFLYDM0020
javax.naming.NamingException
User '%s' not found in directory.
WFLYDM0021
java.lang.IllegalStateException
No java.io.Console available to interact with user.
WFLYDM0023
java.lang.String
No %s files found.
WFLYDM0024
java.lang.String
No Username entered, exiting.
WFLYDM0025
java.lang.String
No Password entered, exiting.
WFLYDM0026
java.lang.String
The passwords do not match.
WFLYDM0028
java.lang.String
Username must be alphanumeric with the exception of the following accepted symbols (%s)
WFLYDM0029
java.lang.String
Invalid response. (Valid responses are %s and %s)
WFLYDM0030
java.lang.String
Unable to add user to %s due to error %s
WFLYDM0031
java.lang.String
Unable to add load users from %s due to error %s
WFLYDM0033
org.jboss.as.controller.OperationFailedException
Configuration for security realm '%s' includes multiple username/password based authentication mechanisms (%s). Only one is allowed
WFLYDM0034
org.jboss.as.controller.OperationFailedException
One of '%s' or '%s' required.
WFLYDM0035
org.jboss.as.controller.OperationFailedException
Only one of '%s' or '%s' is required.
WFLYDM0037
java.lang.String
No security context has been established.
WFLYDM0039
java.lang.String
Invalid response. (Valid responses are A, a, B, or b)
WFLYDM0040
java.lang.String
Unable to update user to %s due to error %s
WFLYDM0041
java.io.IOException
The user '%s' is not allowed in a local authentication.
WFLYDM0042
org.jboss.msc.service.StartException
Multiple CallbackHandlerServices for the same mechanism (%s)
WFLYDM0043
java.lang.IllegalStateException
No CallbackHandler available for mechanism %s in realm %s
WFLYDM0044
java.lang.IllegalArgumentException
No plug in providers found for module name %s
WFLYDM0045
java.lang.IllegalArgumentException
Unable to load plug-in for module %s due to error (%s)
WFLYDM0046
java.lang.IllegalArgumentException
No authentication plug-in found for name %s
WFLYDM0047
java.lang.IllegalStateException
Unable to initialise plug-in %s due to error %s
WFLYDM0048
java.lang.String
Password is not strong enough, it is '%s'. It should be at least '%s'.
Password should have at least %d alphanumeric character.
WFLYDM0101
java.lang.String
Password should have at least %d digit.
WFLYDM0102
java.lang.String
Password should have at least %s non-alphanumeric symbol.
WFLYDM0103
org.jboss.as.controller.OperationFailedException
Invalid size %s
WFLYDM0104
org.jboss.as.controller.OperationFailedException
The suffix (%s) can not contain seconds or milliseconds.
WFLYDM0105
org.jboss.as.controller.OperationFailedException
The suffix (%s) is invalid. A suffix must be a valid date format.
WFLYDM0106
java.lang.String
File permissions problems found while attempting to update %s file.
WFLYDM0107
org.jboss.as.controller.OperationFailedException
Operation '%s' has been holding the operation execution write lock for longer than [%d] seconds, but it is part of the rollout of a domain-wide operation with domain-uuid '%s' that has other operations that are alsonot progressing. Their ids are: %s. Cancellation of the operation on the domain controller is recommended.
WFLYDM0108
java.lang.IllegalStateException
Unsupported resource '%s'
WFLYDM0109
org.jboss.msc.service.StartException
The Keytab file '%s' does not exist.
WFLYDM0110
javax.naming.NamingException
Unable to load a simple name for group '%s'
WFLYDM0111
WARN
Keystore %s not found, it will be auto-generated on first use with a self-signed certificate for host %s
WFLYDM0112
java.lang.RuntimeException
Failed to generate self-signed certificate
WFLYDM0113
WARN
Generated self-signed certificate at %s. Please note that self-signed certificates are not secure, and should only be used for testing purposes. Do not use this self-signed certificate in production.%nSHA-1 fingerprint of the generated key is %s%nSHA-256 fingerprint of the generated key is %s
WFLYDM0114
java.lang.RuntimeException
Failed to lazily initialize SSL context
WFLYDM0135
java.lang.String
The resource %s wasn't working properly and has been removed.
WFLYDM0139
java.security.GeneralSecurityException
No SubjectIdentity found for %s/%s.
WFLYDM0140
org.jboss.msc.service.StartException
You shouldn't use the system property "%s" as it is deprecated. Use the management model configuration instead.
WFLYDM0142
org.jboss.msc.service.StartException
Following mechanisms configured on the server (%s) are not supported by the realm '%s'.
WFLYDM0143
java.lang.IllegalStateException
Invalid sensitive classification attribute '%s'
WFLYDM0144
org.jboss.as.controller.OperationFailedException
Sensitivity constraint %s contains imcompatible attribute value to other sensitive classification constraints.
WFLYDM0145
javax.xml.stream.XMLStreamException
Security realms are no longer supported, please remove them from the configuration.
WFLYDM0146
javax.xml.stream.XMLStreamException
Outbound connections are no longer supported, please remove them from the configuration.
Unable to load console module for slot %s, disabling console
WFLYDMHTTP0004
ERROR
Unable to load error context for slot %s, disabling error context.
WFLYDMHTTP0005
java.lang.IllegalArgumentException
Invalid operation '%s'
WFLYDMHTTP0006
java.lang.String
The security realm is not ready to process requests, see %s
WFLYDMHTTP0007
org.jboss.modules.ModuleNotFoundException
No console module available with module name %s
WFLYDMHTTP0010
java.lang.IllegalArgumentException
Invalid Credential Type '%s'
WFLYDMHTTP0011
INFO
Management interface is using different addresses for HTTP (%s) and HTTPS (%s). Redirection of HTTPS requests from HTTP socket to HTTPS socket will not be supported.
WFLYDMHTTP0012
java.lang.IllegalArgumentException
A secure socket has been defined for the HTTP interface, however the referenced security realm is not supplying a SSLContext.
WFLYDMHTTP0013
java.lang.String
Invalid useStreamIndex value '%d'. The operation response had %d streams attached.
WFLYDMHTTP0014
java.lang.IllegalStateException
The ManagementHttpServer has already been built using this Builder.
WFLYDMHTTP0015
java.lang.IllegalStateException
No SecurityRealm or SSLContext has been provided.
WFLYDMHTTP0016
java.lang.String
Your Application Server is running. However you have not yet added any users to be able to access the HTTP management interface. To add a new user execute the %s script within the bin folder of your WildFly installation and enter the requested information. By default the realm name used by WildFly is 'ManagementRealm' and this is already selected by default by the add-user tool.
WFLYDR
Code
Level
Return Type
Message
WFLYDR0001
INFO
Content added at location %s
WFLYDR0002
INFO
Content removed from location %s
WFLYDR0003
WARN
Cannot delete temp file %s, will be deleted on exit
WFLYDR0004
java.lang.IllegalStateException
Cannot create directory %s
WFLYDR0005
java.lang.IllegalStateException
Cannot obtain SHA-1 %s
WFLYDR0006
java.lang.IllegalStateException
Directory %s is not writable
WFLYDR0007
java.lang.IllegalStateException
%s is not a directory
WFLYDR0009
INFO
Content %s is obsolete and will be removed
WFLYDR0010
ERROR
Couldn't delete content %s
WFLYDR0011
INFO
Couldn't list directory files for %s
WFLYDR0012
java.lang.RuntimeException
Cannot hash current deployment content %s
WFLYDR0013
java.lang.IllegalArgumentException
Access denied to the content at %s in the deployment
WFLYDR0014
ERROR
Error deleting deployment %s
WFLYDR0015
java.lang.IllegalStateException
%s is not an archive file
WFLYDR0016
org.jboss.as.repository.ExplodedContentException
Achive file %s not found
WFLYDR0017
INFO
Content exploded at location %s
WFLYDR0018
org.jboss.as.repository.ExplodedContentException
Error exploding content for %s
WFLYDR0019
org.jboss.as.repository.ExplodedContentException
Deployment is locked by another operation
WFLYDR0020
org.jboss.as.repository.ExplodedContentException
Error accessing deployment files
WFLYDR0021
org.jboss.as.repository.ExplodedContentException
Error updating content of exploded deployment
WFLYDR0022
org.jboss.as.repository.ExplodedContentException
Error copying files of exploded deployment to %s
WFLYDR0023
ERROR
Error deleting file %s
WFLYDR0024
ERROR
Error copying file %s
WFLYDS
Code
Level
Return Type
Message
WFLYDS0000
java.lang.String
A previous version of this content was deployed and remains deployed.
Reliable deployment behaviour is not possible when auto-deployment of exploded content is enabled (i.e. deployment without use of "%s"' marker files). Configuration of auto-deployment of exploded content is not recommended in any situation where reliability is desired. Configuring the deployment scanner's %s setting to "false" is recommended.
WFLYDS0007
WARN
The deployment scanner found that the content for exploded deployment %1$s has been deleted, but auto-deploy/undeploy for exploded deployments is not enabled and the %1$s%2$s marker file for this deployment has not been removed. As a result, the deployment is not being undeployed, but resources needed by the deployment may have been deleted and application errors may occur. Deleting the %1$s%2$s marker file to trigger undeploy is recommended.
WFLYDS0008
ERROR
Failed checking whether %s was a complete zip
WFLYDS0009
ERROR
File system deployment service failed
WFLYDS0010
INFO
Scan found incompletely copied file content for deployment %s. Deployment changes will not be processed until all content is complete.
WFLYDS0011
ERROR
The deployment scanner found a directory named %1$s that was not inside a directory whose name ends with .ear, .jar, .rar, .sar or .war. This is likely the result of unzipping an archive directly inside the %2$s directory, which is a user error. The %1$s directory will not be scanned for deployments, but it is possible that the scanner may find other files from the unzipped archive and attempt to deploy them, leading to errors.
WFLYDS0012
ERROR
Scan of %s threw Exception
WFLYDS0013
INFO
Started %s for directory %s
WFLYDS0014
WARN
Scan found content configured for auto-deploy that could not be safely auto-deployed. See details above. Deployment changes will not be processed until all problematic content is either removed or whether to deploy the content or not is indicated via a %s or %s marker file. Problematic deployments are %s
WFLYDS0015
INFO
Re-attempting failed deployment %s
WFLYDS0016
ERROR
Failed checking whether %s was a complete XML
WFLYDS0017
ERROR
Initial deployment scan failed
WFLYDS0018
INFO
Deployment %s was previously deployed by this scanner but has been undeployed by another management tool. Marker file %s is being added to record this fact.
WFLYDS0019
INFO
Deployment %s was previously deployed by this scanner but has been removed from the server deployment list by another management tool. Marker file %s is being added to record this fact.
WFLYDS0021
java.lang.String
Deployment content %s appears to be incomplete and is not progressing toward completion. This content cannot be auto-deployed.%s
WFLYDS0022
java.lang.String
Did not receive a response to the deployment operation within the allowed timeout period [%d seconds]. Check the server configuration file and the server logs to find more about the status of the deployment.
WFLYDS0025
java.lang.String
File %s cannot be scanned because it does not begin with a ZIP file format local file header signature
WFLYDS0026
java.lang.String
File %s cannot be scanned because it uses the currently unsupported ZIP64 format
WFLYDS0030
java.lang.String
File %2$s was configured for auto-deploy but could not be safely auto-deployed. The reason the file could not be auto-deployed was: %1$s. To enable deployment of this file create a file called %2$s%3$s
WFLYDS0031
java.lang.IllegalStateException
Extension with module 'org.jboss.as.deployment-scanner' cannot be installed in a managed domain. Please remove it and any subsystem referencing it
WFLYDS0032
java.lang.RuntimeException
Failed to list files in directory %s. Check that the contents of the directory are readable.
WFLYDS0033
INFO
Deployment %s was previously undeployed by this scanner but has been redeployed by another management tool. Marker file %s is being removed to record this fact.
WFLYDS0034
ERROR
Failed synchronizing status of deployment %s.
WFLYDS0035
java.lang.String
Scan found %s which is not well-formed at lineNumber: %s, columnNumber: %s. Either the file was incompletely copied at the time of the scanning or it is just wrong.
WFLYDS0036
java.lang.RuntimeException
Deployment model operation failed. %s
WFLYDS0037
WARN
%s does not exist
WFLYDS0038
WARN
%s is not a directory
WFLYDS0039
WARN
%s is not writable
WFLYDS0040
org.jboss.as.controller.OperationFailedException
Could not find relative-to path entry for %s
WFLYDS0041
WARN
%s is not readable
WFLYDS0042
ERROR
Boot-time scan failed due to inaccessible deployment directory: %s
WFLYDS0043
WARN
Deployment directory scan failed due to inaccessible deployment directory: %s
WFLYEE
Code
Level
Return Type
Message
WFLYEE0002
WARN
Could not resolve %s %s
WFLYEE0006
WARN
Failed to destroy component instance %s
WFLYEE0007
WARN
Not installing optional component %s due to an exception (enable DEBUG log level to see the cause)
WFLYEE0009
WARN
[Managed Bean spec, section %s] Managed bean implementation class MUST NOT be an interface - %s is an interface, hence won't be considered as a managed bean.
WFLYEE0010
WARN
[Managed Bean spec, section %s] Managed bean implementation class MUST NOT be abstract or final - %s won't be considered as a managed bean, since it doesn't meet that requirement.
WFLYEE0011
WARN
Exception while invoking pre-destroy interceptor for component class: %s
WFLYEE0014
WARN
%s in subdeployment ignored. jboss-ejb-client.xml is only parsed for top level deployments.
WFLYEE0015
WARN
Transaction started in EE Concurrent invocation left open, starting rollback to prevent leak.
WFLYEE0016
WARN
Failed to rollback transaction.
WFLYEE0017
WARN
Failed to suspend transaction.
WFLYEE0018
WARN
System error while checking for transaction leak in EE Concurrent invocation.
A class must not declare more than one AroundInvoke method. %s has %s methods annotated.
WFLYEE0110
ERROR
Failed to run scheduled task: %s
WFLYEE0111
java.lang.IllegalStateException
Cannot run scheduled task %s as container is suspended
WFLYEE0112
org.jboss.as.controller.OperationFailedException
The core-threads value must be greater than 0 when the queue-length is %s
WFLYEE0113
org.jboss.as.controller.OperationFailedException
The max-threads value %d cannot be less than the core-threads value %d.
WFLYEE0114
java.lang.IllegalArgumentException
Class does not implement all of the provided interfaces
WFLYEE0115
java.lang.IllegalArgumentException
The name of the %s is null
WFLYEE0116
java.lang.IllegalArgumentException
%s is null in the %s %s
WFLYEE0117
java.lang.IllegalArgumentException
Field %s cannot be set - object of %s loaded by %s is not assignable to %s loaded by %s
WFLYEE0120
org.jboss.as.controller.OperationFailedException
Failed to locate executor service '%s'
WFLYEE0121
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYEE0122
org.jboss.msc.service.StartException
Directory path %s in %s global-directory resource does not point to a valid directory.
WFLYEE0123
org.jboss.as.controller.OperationFailedException
Global directory %s cannot be added, because global directory %s is already defined.
WFLYEE0124
WARN
Error deleting Jakarta Authorization Policy
WFLYEE0125
org.jboss.msc.service.StartException
Unable to start the %s service
WFLYEE0126
java.util.concurrent.RejectedExecutionException
Rejected due to maximum number of requests
WFLYEE0127
WARN
Invalid '%s' name segment for env, name can't start with '/' prefix, prefix has been removed
WFLYEE0128
WARN
Failure when terminating %s hung task %s
WFLYEE0129
INFO
%s hung task %s cancelled
WFLYEE0130
INFO
%s hung task %s not cancelled
WFLYEE0131
javax.xml.stream.XMLStreamException
The attribute %s is no longer supported.
WFLYEE0132
java.lang.RuntimeException
ManagedReference was null and injection is not optional for injection into method %s
WFLYEE0133
ERROR
A JNDI binding for component '%s' has already been installed under JNDI name '%s' in accordance with Jakarta EE specifications. The conflicting class is %s. Solutions include providing an alternate name for the component or renaming the class.
WFLYEE0134
java.lang.IllegalStateException
Multiple uses of ContextServiceDefinition.ALL_REMAINING
WFLYEE0135
WARN
Failed to resume transaction.
WFLYEE0136
java.lang.RuntimeException
Failed to run scheduled task: %s
WFLYEJB
Code
Level
Return Type
Message
WFLYEJB0004
ERROR
failed to get tx manager status; ignoring
WFLYEJB0005
ERROR
failed to set rollback only; ignoring
WFLYEJB0006
WARN
ActivationConfigProperty %s will be ignored since it is not allowed by resource adapter: %s
WFLYEJB0007
ERROR
Discarding stateful component instance: %s due to exception
WFLYEJB0010
WARN
Default interceptor class %s is not listed in the section of ejb-jar.xml and will not be applied
WFLYEJB0015
WARN
Unknown timezone id: %s found in schedule expression. Ignoring it and using server's timezone: %s
WFLYEJB0016
WARN
Timer persistence is not enabled, persistent timers will not survive JVM restarts
WFLYEJB0017
INFO
Next expiration is null. No tasks will be scheduled for timer %S
WFLYEJB0018
ERROR
Ignoring exception during setRollbackOnly
WFLYEJB0020
ERROR
Error invoking timeout for timer: %s
WFLYEJB0021
INFO
Timer: %s will be retried
WFLYEJB0022
ERROR
Error during retrying timeout for timer: %s
WFLYEJB0023
INFO
Retrying timeout for timer: %s
WFLYEJB0024
INFO
Timer is not active, skipping retry of timer: %s
WFLYEJB0026
WARN
Could not read timer information for Jakarta Enterprise Beans component %s
WFLYEJB0028
ERROR
%s is not a directory, could not restore timers
WFLYEJB0029
ERROR
Could not restore timer from %s
WFLYEJB0030
ERROR
error closing file
WFLYEJB0031
ERROR
Could not restore timers for %s
WFLYEJB0032
ERROR
Could not create directory %s to persist Jakarta Enterprise Beans timers.
WFLYEJB0034
ERROR
Jakarta Enterprise Beans Invocation failed on component %s for method %s
WFLYEJB0035
WARN
Could not find Jakarta Enterprise Beans for locator %s, Jakarta Enterprise Beans client proxy will not be replaced
WFLYEJB0036
WARN
Jakarta Enterprise Beans %s is not being replaced with a Stub as it is not exposed over IIOP
WFLYEJB0037
ERROR
Dynamic stub creation failed for class %s
WFLYEJB0042
INFO
Started message driven bean '%s' with '%s' resource adapter
WFLYEJB0043
WARN
A previous execution of timer %s is still in progress, skipping this overlapping scheduled execution at: %s.
WFLYEJB0044
java.lang.IllegalStateException
Resource adapter repository is not available
WFLYEJB0045
java.lang.IllegalArgumentException
Could not find an Endpoint for resource adapter %s
WFLYEJB0046
java.lang.IllegalStateException
Endpoint is not available for message driven component %s
WFLYEJB0047
java.lang.RuntimeException
Could not deactivate endpoint for message driven component %s
WFLYEJB0049
java.lang.RuntimeException
Could not create an instance of cluster node selector %s for cluster %s
WFLYEJB0050
WARN
Failed to parse property %s due to %s
WFLYEJB0051
java.lang.IllegalStateException
Could not find view %s for Jakarta Enterprise Beans %s
WFLYEJB0052
java.lang.RuntimeException
Cannot perform asynchronous local invocation for component that is not a session bean
WFLYEJB0053
java.lang.IllegalArgumentException
%s is not a Stateful Session bean in app: %s module: %s distinct-name: %s
WFLYEJB0054
java.lang.RuntimeException
Failed to marshal Jakarta Enterprise Beans parameters
WFLYEJB0055
jakarta.ejb.NoSuchEJBException
No matching deployment for Jakarta Enterprise Beans: %s
WFLYEJB0056
jakarta.ejb.NoSuchEJBException
Could not find Jakarta Enterprise Beans in matching deployment: %s
WFLYEJB0057
java.lang.IllegalArgumentException
%s annotation is only valid on method targets
WFLYEJB0058
java.lang.IllegalArgumentException
Method %s, on class %s, annotated with @jakarta.interceptor.AroundTimeout is expected to accept a single param of type jakarta.interceptor.InvocationContext
WFLYEJB0059
java.lang.IllegalArgumentException
Method %s, on class %s, annotated with @jakarta.interceptor.AroundTimeout must return Object type
WFLYEJB0060
java.lang.IllegalStateException
Wrong tx on thread: expected %s, actual %s
WFLYEJB0061
java.lang.IllegalStateException
Unknown transaction attribute %s on invocation %s
WFLYEJB0062
jakarta.ejb.EJBTransactionRequiredException
Transaction is required for invocation %s
WFLYEJB0063
jakarta.ejb.EJBException
Transaction present on server in Never call (Enterprise Beans 3 13.6.2.6)
WFLYEJB0064
ERROR
Failed to set transaction for rollback only
WFLYEJB0065
java.lang.IllegalArgumentException
View interface cannot be null
WFLYEJB0068
java.lang.RuntimeException
Could not load view class for component %s
WFLYEJB0073
jakarta.ejb.RemoveException
Illegal call to EJBHome.remove(Object) on a session bean
WFLYEJB0074
java.lang.IllegalStateException
Enterprise Beans 3.1 FR 13.6.2.8 setRollbackOnly is not allowed with SUPPORTS transaction attribute
WFLYEJB0075
jakarta.ejb.EJBException
Cannot call getPrimaryKey on a session bean
WFLYEJB0076
java.lang.RuntimeException
Singleton beans cannot have Enterprise Beans 2.x views
WFLYEJB0078
java.lang.IllegalStateException
Bean %s does not have an EJBLocalObject
WFLYEJB0079
java.lang.IllegalArgumentException
[Enterprise Beans 3.1 spec, section 14.1.1] Class: %s cannot be marked as an application exception because it is not of type java.lang.Exception
WFLYEJB0080
java.lang.IllegalArgumentException
[Enterprise Beans 3.1 spec, section 14.1.1] Exception class: %s cannot be marked as an application exception because it is of type java.rmi.RemoteException
WFLYEJB0081
java.lang.RuntimeException
%s annotation is allowed only on classes. %s is not a class
No jndi bindings will be created for Jakarta Enterprise Beans %s since no views are exposed
WFLYEJB0118
WARN
[Enterprise Beans 3.1 spec, section 4.9.2] Session bean implementation class MUST NOT be a interface - %s is an interface, hence won't be considered as a session bean
WFLYEJB0119
WARN
[Enterprise Beans 3.1 spec, section 4.9.2] Session bean implementation class MUST be public, not abstract and not final - %s won't be considered as a session bean, since it doesn't meet that requirement
WFLYEJB0120
WARN
[Enterprise Beans 3.1 spec, section 5.6.2] Message driven bean implementation class MUST NOT be a interface - %s is an interface, hence won't be considered as a message driven bean
WFLYEJB0121
WARN
[Enterprise Beans 3.1 spec, section 5.6.2] Message driven bean implementation class MUST be public, not abstract and not final - %s won't be considered as a message driven bean, since it doesn't meet that requirement
Could not determine type of corresponding implied Enterprise Beans 2.x local interface (see Enterprise Beans 3.1 21.4.5)%n due to multiple create* methods with different return types on home %s
Jakarta Enterprise Beans %s entity bean %s implemented TimedObject, but has a different timeout method specified either via annotations or via the deployment descriptor
WFLYEJB0273
java.lang.RuntimeException
%s does not have an Enterprise Beans 2.x local interface
Module %s containing bean %s is not deployed in ear but it specifies resource adapter name '%s' in a relative format.
WFLYEJB0460
WARN
The transaction isolation need to be equal or stricter than READ_COMMITTED to ensure that the timer run once-and-only-once
WFLYEJB0461
ERROR
Update timer failed and it was not possible to rollback the transaction!
WFLYEJB0462
WARN
Timer service database-data-store database attribute is not configured, and is not detected from connection metadata or JDBC driver name.
WFLYEJB0463
WARN
Invalid transaction attribute type %s on SFSB lifecycle method %s of class %s, valid types are REQUIRES_NEW and NOT_SUPPORTED. Method will be treated as NOT_SUPPORTED.
WFLYEJB0464
org.jboss.as.controller.OperationFailedException
The "disable-default-ejb-permissions" attribute may not be set to true
Loaded timer (%s) for Jakarta Enterprise Beans (%s) and this node that is marked as being in a timeout. The original timeout may not have been processed. Please use graceful shutdown to ensure timeout tasks are finished before shutting down.
WFLYEJB0481
INFO
Strict pool %s is using a max instance size of %d (per class), which is derived from thread worker pool sizing.
WFLYEJB0482
INFO
Strict pool %s is using a max instance size of %d (per class), which is derived from the number of CPUs on this host.
WFLYEJB0483
javax.xml.stream.XMLStreamException
Attributes are mutually exclusive: %s, %s
WFLYEJB0485
WARN
Transaction type %s is unspecified for the %s method of the %s message-driven bean. It will be handled as NOT_SUPPORTED.
WFLYEJB0486
INFO
Parameter 'default-clustered-sfsb-cache' was defined for the 'add' operation for resource '%s'. This parameter is deprecated and its previous behavior has been remapped to attribute 'default-sfsb-cache'. As a result the 'default-sfsb-cache' attribute has been set to '%s' and the 'default-sfsb-passivation-disabled-cache' attribute has been set to '%s'.
WFLYEJB0487
ERROR
Unexpected invocation state %s
WFLYEJB0489
ERROR
Timer %s not running as transaction could not be started
Could not create an instance of Jakarta Enterprise Beans client interceptor %s
WFLYEJB0497
WARN
Failed to persist timer %s on startup. This is likely due to another cluster member making the same change, and should not affect operation.
WFLYEJB0499
org.jboss.as.controller.OperationFailedException
Cannot read derived size - service %s unreachable
WFLYEJB0500
ERROR
Legacy org.jboss.security.annotation.SecurityDomain annotation is used in class: %s, please use org.jboss.ejb3.annotation.SecurityDomain instead.
WFLYEJB0501
java.lang.RuntimeException
Failed to activate MDB %s
WFLYEJB0502
ERROR
Exception checking if timer %s should run
WFLYEJB0503
WARN
[Jakarta Enterprise Beans 3.2 spec, section 5.6.4] Message Driven Bean 'onMessage' method can not be final (MDB: %s).
WFLYEJB0504
WARN
[Jakarta Enterprise Beans 3.2 spec, section 5.6.4] Message Driven Bean 'onMessage' method can not be private (MDB: %s).
WFLYEJB0505
WARN
[Jakarta Enterprise Beans 3.2 spec, section 5.6.4] Message Driven Bean 'onMessage' method can not be static (MDB: %s).
WFLYEJB0506
WARN
[Jakarta Enterprise Beans 3.2 spec, section 5.6.2] Message Driven Bean can not have a 'finalize' method. (MDB: %s)
WFLYEJB0507
ERROR
Failed to persist timer's state %s. Timer has to be restored manually
WFLYEJB0508
WARN
Failed to persist timer's state %s due to %s
WFLYEJB0509
WARN
Clustered Jakarta Enterprise Beans in Node: %s are bound to INADDR_ANY(%s). Either use a non-wildcard server bind address or add client-mapping entries to the relevant socket-binding for the Remoting connector
WFLYEJB0510
WARN
@RunAs annotation is required when using @RunAsPrincipal on class %s
WFLYEJB0511
java.lang.RuntimeException
Cannot build reflection index for server interceptor class %s
WFLYEJB0512
java.lang.RuntimeException
Server interceptor class %s does not have a no parameter constructor
WFLYEJB0513
java.lang.RuntimeException
Method %s in server interceptor %s annotated with %s has invalid signature
WFLYEJB0514
java.lang.RuntimeException
Cannot load server interceptor module %s
WFLYEJB0515
WARN
[Jakarta Enterprise Beans 3.2 spec, section 4.9.2] Singleton session beans are not allowed to implement 'jakarta.ejb.SessionBean' interface. This interface on bean '%s' is going to be ignored and should be removed.
WFLYEJB0516
INFO
IIOP bindings for session bean named '%s' in deployment unit '%s' are as follows: %s
WFLYEJB0517
ERROR
[Jakarta Enterprise Beans 3.2 spec, section 4.1] Spec violation for class %s. Session Jakarta Enterprise Beans should have only one of the following types : Stateful, Stateless, Singleton.
WFLYEJB0518
java.io.InvalidClassException
Exception resolving class %s for unmarshalling; it has either been blocklisted or not allowlisted
WFLYEJB0519
java.lang.IllegalArgumentException
Invalid unmarshalling filter specfication %s; specifications must describe class or package name matching patterns
Some classes referenced by annotation: %s in class: %s are missing.
WFLYEJB0522
WARN
The default pool name %s could not be resolved from its value: %s
WFLYEJB0523
WARN
Timer %s has not been deployed
WFLYEJB0524
java.lang.RuntimeException
Timer %s cannot be added
WFLYEJB0525
WARN
The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of '%s' for Jakarta Enterprise Beans '%s' will be ignored.
WFLYEJB0526
org.jboss.as.controller.OperationFailedException
Timer %s does not exist
WFLYEJB0527
ERROR
Remoting connector (address %s, port %s) is not correctly configured for EJB client invocations, the connector must be listed in 'connectors' attribute to receive EJB client invocations
WFLYEJB0528
DEBUG
Jakarta Enterprise Beans business method %s must be public
WFLYEJB0529
WARN
Failed to retrieve info from database for timer: %s
WFLYEJB0530
java.lang.IllegalStateException
The deployment is configured to use a legacy security domain '%s' which is no longer supported.
WFLYEJB0531
WARN
No client mappings registry provider found for %s; using legacy provider based on static configuration
WFLYEJB0532
WARN
Database detected from configuration is: '%s'. If this is incorrect, please specify the correct database.
WFLYELY
Code
Level
Return Type
Message
WFLYELY00000
java.lang.String
Reload dependent services which might already have cached the secret value
WFLYELY00000
java.lang.String
Update dependent resources as alias '%s' does not exist anymore
WFLYELY00002
org.jboss.as.controller.OperationFailedException
Can not inject the same realm '%s' in a single security domain.
WFLYELY00003
java.lang.IllegalArgumentException
The operation did not contain an address with a value for '%s'.
WFLYELY00004
org.jboss.msc.service.StartException
Unable to start the service.
WFLYELY00005
org.jboss.as.controller.OperationFailedException
Unable to access KeyStore to complete the requested operation.
WFLYELY00007
org.jboss.as.controller.OperationFailedException
The required service '%s' is not UP, it is currently '%s'.
WFLYELY00008
org.jboss.as.controller.OperationFailedException
Invalid operation name '%s', expected one of '%s'
WFLYELY00009
java.lang.RuntimeException
Unable to complete operation. '%s'
WFLYELY00010
org.jboss.as.controller.OperationFailedException
Unable to save KeyStore - KeyStore file '%s' does not exist.
WFLYELY00012
org.jboss.msc.service.StartException
No suitable provider found for type '%s'
WFLYELY00013
org.jboss.as.controller.OperationFailedException
The default-realm '%s' is not in the list of realms [%s] referenced by this domain.
WFLYELY00014
org.jboss.msc.service.StartException
Unable to load the properties files required to start the properties file backed realm: Users file: '%s' Groups file: '%s'
WFLYELY00015
org.jboss.msc.service.StartException
The custom component implementation '%s' does not implement method initialize(Map), however configuration has been supplied.
WFLYELY00016
org.jboss.as.controller.OperationFailedException
The supplied regular expression '%s' is invalid.
WFLYELY00017
org.jboss.msc.service.StartException
Property file referenced in properties-realm does not exist: %s
WFLYELY00018
org.jboss.msc.service.StartException
Unable to create %s for algorithm '%s'.
WFLYELY00019
org.jboss.msc.service.StartException
No '%s' found in injected value.
WFLYELY00020
org.jboss.as.controller.OperationFailedException
Unable to reload the properties files required to by the properties file backed realm.
WFLYELY00021
org.jboss.msc.service.StartException
Exception while creating the permission object for the permission mapping. Please check [class-name], [target-name] (name of permission) and [action] of [%s].
WFLYELY00022
org.jboss.msc.service.StartException
KeyStore file '%s' does not exist and required.
WFLYELY00023
WARN
KeyStore file '%s' does not exist. Used blank.
WFLYELY00024
WARN
Certificate [%s] in KeyStore is not valid
WFLYELY00025
org.jboss.msc.service.StartException
Referenced property file is invalid: %s
WFLYELY00027
org.jboss.as.controller.OperationFailedException
Unable to obtain OID for X.500 attribute '%s'
WFLYELY00028
org.jboss.as.controller.OperationFailedException
The X.500 attribute must be defined by name or by OID
WFLYELY00029
org.jboss.as.controller.OperationFailedException
Failed to parse URL '%s'
WFLYELY00030
org.jboss.msc.service.StartException
Realm '%s' does not support cache
WFLYELY00031
org.jboss.msc.service.StartException
Unable to access CRL file.
WFLYELY00032
java.lang.RuntimeException
Unable to reload CRL file.
WFLYELY00033
java.lang.RuntimeException
Unable to access entry [%s] from key store [%s].
WFLYELY00034
org.jboss.as.controller.OperationFailedException
A principal query can only have a single key mapper
WFLYELY00035
org.jboss.as.controller.OperationFailedException
Unable to load module '%s'.
WFLYELY00036
org.jboss.as.controller.OperationFailedException
Security realm '%s' has been referenced twice in the same security domain.
WFLYELY00037
org.jboss.msc.service.StartException
Injected value is not of '%s' type.
WFLYELY00038
org.jboss.msc.service.StartException
Could not load permission class '%s'
WFLYELY00039
org.jboss.as.controller.OperationFailedException
Unable to reload CRL file - TrustManager is not reloadable
WFLYELY00040
org.jboss.msc.service.StartException
Unable to load the permission module '%s' for the permission mapping
WFLYELY00041
java.lang.String
Unable to transform configuration to the target version - attribute '%s' is different from '%s'
WFLYELY00042
java.lang.String
Unable to transform multiple 'authorization-realms' to the single value
WFLYELY00043
org.jboss.as.controller.OperationFailedException
A cycle has been detected initialising the resources - %s
WFLYELY00044
java.lang.IllegalStateException
Unexpected name of servicename's parent - %s
WFLYELY00045
java.lang.IllegalStateException
Failed to load CallbackHandler from the provided module.
WFLYELY00046
org.jboss.msc.service.StartException
Provided path '%s' to JAAS configuration file does not exist.
WFLYELY00047
WARN
LDAP Realm is configured to use direct-verification and user-password-mapper which is invalid configuration.
WFLYELY00048
java.lang.IllegalArgumentException
A string representation of an X.500 distinguished name is required: %s
WFLYELY00909
org.jboss.as.controller.OperationFailedException
Credential store '%s' does not support given credential store entry type '%s'
WFLYELY00910
java.io.IOException
Password cannot be resolved for key-store '%s'
WFLYELY00911
java.io.IOException
Credential store '%s' protection parameter cannot be resolved
WFLYELY00913
org.jboss.as.controller.OperationFailedException
Credential alias '%s' of credential type '%s' already exists in the store
WFLYELY00914
java.security.NoSuchProviderException
Provider loader '%s' cannot supply Credential Store provider of type '%s'
WFLYELY00916
java.lang.IllegalStateException
Credential cannot be resolved
WFLYELY00917
org.jboss.msc.service.StartException
Password cannot be resolved for dir-context
WFLYELY00920
org.jboss.as.controller.OperationFailedException
Credential alias '%s' of credential type '%s' does not exist in the store
WFLYELY00921
org.jboss.as.controller.OperationFailedException
Location parameter is not specified for filebased keystore type '%s'
Unable to create immediately available credential store.
WFLYELY00925
org.jboss.as.controller.OperationFailedException
Unable to reload the credential store.
WFLYELY00926
org.jboss.as.controller.OperationFailedException
Unable to initialize the credential store.
WFLYELY00927
org.jboss.as.controller.OperationFailedException
The secret key operation '%s' failed to complete due to '%s'.
WFLYELY01000
org.jboss.as.controller.OperationFailedException
Identity with name [%s] already exists.
WFLYELY01001
java.lang.RuntimeException
Could not create identity with name [%s].
WFLYELY01002
java.lang.String
Identity with name [%s] not found.
WFLYELY01003
java.lang.RuntimeException
Could not delete identity with name [%s].
WFLYELY01004
java.lang.String
Identity with name [%s] not authorized.
WFLYELY01005
java.lang.RuntimeException
Could not read identity [%s] from security domain [%s].
WFLYELY01007
java.lang.RuntimeException
Could not read identity with name [%s].
WFLYELY01008
java.lang.RuntimeException
Failed to obtain the authorization identity.
WFLYELY01009
java.lang.RuntimeException
Failed to add attribute.
WFLYELY01010
java.lang.RuntimeException
Failed to remove attribute.
WFLYELY01011
java.lang.RuntimeException
Could not create password.
WFLYELY01012
org.jboss.as.controller.OperationFailedException
Unexpected password type [%s].
WFLYELY01013
org.jboss.as.controller.OperationFailedException
Pattern [%s] requires a capture group
WFLYELY01014
org.jboss.as.controller.OperationFailedException
Invalid [%s] definition. Only one of '%s' or '%s' can be set in one Object in the list of filters.
WFLYELY01015
java.lang.IllegalStateException
Unable to perform automatic outflow for '%s'
WFLYELY01016
org.jboss.as.controller.OperationFailedException
Server '%s' not known
WFLYELY01017
org.jboss.as.controller.OperationFailedException
Invalid value for cipher-suite-filter. %s
WFLYELY01018
org.jboss.as.controller.OperationFailedException
Invalid size %s
WFLYELY01019
org.jboss.as.controller.OperationFailedException
The suffix (%s) can not contain seconds or milliseconds.
WFLYELY01020
org.jboss.as.controller.OperationFailedException
The suffix (%s) is invalid. A suffix must be a valid date format.
WFLYELY01022
java.lang.RuntimeException
Failed to set policy [%s]
WFLYELY01023
javax.xml.stream.XMLStreamException
Could not find policy provider with name [%s]
WFLYELY01024
java.lang.RuntimeException
Failed to register policy context handlers
WFLYELY01025
java.lang.RuntimeException
Failed to create policy [%s]
WFLYELY01026
WARN
Element '%s' with attribute '%s' set to '%s' is unused. Since unused policy configurations can no longer be stored in the configuration model this item is being discarded.
WFLYELY01027
java.io.IOException
Key password cannot be resolved for key-store '%s'
WFLYELY01028
org.jboss.as.controller.OperationFailedException
Invalid value for not-before. %s
WFLYELY01029
org.jboss.as.controller.OperationFailedException
Alias '%s' does not exist in KeyStore
WFLYELY01030
org.jboss.as.controller.OperationFailedException
Alias '%s' does not identify a PrivateKeyEntry in KeyStore
WFLYELY01031
org.jboss.as.controller.OperationFailedException
Unable to obtain PrivateKey for alias '%s'
WFLYELY01032
org.jboss.as.controller.OperationFailedException
Unable to obtain Certificate for alias '%s'
WFLYELY01033
org.jboss.as.controller.OperationFailedException
No certificates found in certificate reply
WFLYELY01034
org.jboss.as.controller.OperationFailedException
Public key from certificate reply does not match public key from certificate in KeyStore
WFLYELY01035
org.jboss.as.controller.OperationFailedException
Certificate reply is the same as the certificate from PrivateKeyEntry in KeyStore
WFLYELY01036
org.jboss.as.controller.OperationFailedException
Alias '%s' already exists in KeyStore
WFLYELY01037
org.jboss.as.controller.OperationFailedException
Top-most certificate from certificate reply is not trusted. Inspect the certificate carefully and if it is valid, execute import-certificate again with validate set to false.
WFLYELY01038
org.jboss.as.controller.OperationFailedException
Trusted certificate is already in KeyStore under alias '%s'
WFLYELY01039
org.jboss.as.controller.OperationFailedException
Trusted certificate is already in cacerts KeyStore under alias '%s'
WFLYELY01040
org.jboss.as.controller.OperationFailedException
Unable to determine if the certificate is trusted. Inspect the certificate carefully and if it is valid, execute import-certificate again with validate set to false.
WFLYELY01041
org.jboss.as.controller.OperationFailedException
Certificate file does not exist
WFLYELY01042
org.jboss.as.controller.OperationFailedException
Unable to obtain Entry for alias '%s'
WFLYELY01043
org.jboss.as.controller.OperationFailedException
Unable to create an account with the certificate authority: %s
WFLYELY01044
org.jboss.as.controller.OperationFailedException
Unable to change the account key associated with the certificate authority: %s
WFLYELY01045
org.jboss.as.controller.OperationFailedException
Unable to deactivate the account associated with the certificate authority: %s
WFLYELY01046
org.jboss.msc.service.StartException
Unable to obtain certificate authority account Certificate for alias '%s'
WFLYELY01047
org.jboss.msc.service.StartException
Unable to obtain certificate authority account PrivateKey for alias '%s'
WFLYELY01048
org.jboss.as.controller.OperationFailedException
Unable to update certificate authority account key store: %s
WFLYELY01049
org.wildfly.security.x500.cert.acme.AcmeException
Unable to respond to challenge from certificate authority: %s
WFLYELY01050
org.wildfly.security.x500.cert.acme.AcmeException
Invalid certificate authority challenge
WFLYELY01051
org.jboss.as.controller.OperationFailedException
Invalid certificate revocation reason '%s'
WFLYELY01052
java.lang.IllegalStateException
Unable to instantiate AcmeClientSpi implementation
WFLYELY01053
org.jboss.as.controller.OperationFailedException
Unable to update the account with the certificate authority: %s
WFLYELY01054
org.jboss.as.controller.OperationFailedException
Unable to get the metadata associated with the certificate authority: %s
WFLYELY01055
org.jboss.as.controller.OperationFailedException
Invalid key size: %d
WFLYELY01056
org.jboss.as.controller.OperationFailedException
A certificate authority account with this account key already exists. To update the contact information associated with this existing account, use %s. To change the key associated with this existing account, use %s.
WFLYELY01057
java.lang.RuntimeException
Failed to create ServerAuthModule [%s] using module '%s'
WFLYELY01058
org.jboss.as.controller.OperationFailedException
Failed to parse PEM public key with kid: %s
WFLYELY01059
org.jboss.msc.service.StartException
Unable to detect KeyStore '%s'
WFLYELY01060
org.jboss.as.controller.OperationFailedException
Fileless KeyStore needs to have a defined type.
WFLYELY01061
org.jboss.as.controller.OperationFailedException
Invalid value of host context map: '%s' is not valid hostname pattern.
WFLYELY01062
org.jboss.as.controller.OperationFailedException
Value for attribute '%s' is invalid.
WFLYELY01063
org.jboss.as.controller.OperationFailedException
LetsEncrypt certificate authority is configured by default.
WFLYELY01064
org.jboss.msc.service.StartException
Failed to load OCSP responder certificate '%s'.
WFLYELY01065
org.jboss.as.controller.OperationFailedException
Multiple maximum-cert-path definitions found.
WFLYELY01066
org.jboss.as.controller.OperationFailedException
Invalid value for cipher-suite-names. %s
WFLYELY01067
org.jboss.as.controller.OperationFailedException
Value '%s' is not valid regex.
WFLYELY01068
java.lang.IllegalStateException
Duplicate PolicyContextHandler found for key '%s'.
WFLYELY01069
java.lang.IllegalStateException
Invalid %s loaded, expected %s but received %s.
WFLYELY01079
java.lang.RuntimeException
Unable to load module '%s'.
WFLYELY01080
org.jboss.as.controller.OperationFailedException
Non existing key store needs to have defined type.
WFLYELY01081
java.lang.RuntimeException
Failed to lazily initialize key manager
WFLYELY01082
java.lang.RuntimeException
Failed to store generated self-signed certificate
WFLYELY01083
java.lang.RuntimeException
No '%s' found in injected value.
WFLYELY01084
WARN
KeyStore %s not found, it will be auto-generated on first use with a self-signed certificate for host %s
WFLYELY01085
WARN
Generated self-signed certificate at %s. Please note that self-signed certificates are not secure and should only be used for testing purposes. Do not use this self-signed certificate in production. SHA-1 fingerprint of the generated key is %s SHA-256 fingerprint of the generated key is %s
WFLYELY01086
java.lang.IllegalStateException
Unable to initialize Elytron JACC support while legacy JACC support is enabled.
WFLYELY01087
org.jboss.as.controller.OperationFailedException
Hostname in SNI mapping cannot contain ^ character.
WFLYELY01088
org.wildfly.security.x500.cert.acme.AcmeException
Missing certificate authority challenge
WFLYELY01089
org.jboss.as.controller.OperationFailedException
Invalid file encoding '%s'.
WFLYELY01200
org.jboss.as.controller.OperationFailedException
The name of the resolver to use was not specified and no default-resolver has been defined.
WFLYELY01201
org.jboss.as.controller.OperationFailedException
No expression resolver has been defined with the name '%s'.
Initialisation of an %s without an active management OperationContext is not allowed.
WFLYELY01211
org.jboss.as.controller.OperationFailedException
Unable to load the credential store.
WFLYELY01212
org.jboss.msc.service.StartException
KeyStore does not contain a PrivateKey for KeyStore: [%s] and alias: [%s].
WFLYELY01213
org.jboss.msc.service.StartException
KeyStore does not contain a PublicKey for KeyStore: [%s] and alias: [%s].
WFLYELY01214
org.jboss.as.controller.OperationFailedException
Unable to verify the integrity of the filesystem realm: %s
WFLYELY01215
org.jboss.as.controller.OperationFailedException
Filesystem realm is missing key pair configuration, integrity checking is not enabled
WFLYELY01216
java.lang.RuntimeException
Filesystem realm is unable to obtain key store password
WFLYELY01217
org.jboss.as.controller.OperationFailedException
Realm verification failed, invalid signatures for the identities: %s
WFLYELY01218
java.security.KeyStoreException
Keystore used by filesystem realm does not contain the alias: %s
WFLYELY01219
org.jboss.as.controller.OperationFailedException
Integrity keypair cannot be added to non-empty filesystem realm after initialization. To upgrade a filesystem realm, use Elytron Tool command `filesystem-realm-integrity`
WFLYELY01220
org.jboss.as.controller.OperationFailedException
Encryption secret key cannot be added to non-empty filesystem realm after initialization. To upgrade a filesystem realm, use Elytron Tool command `filesystem-realm-encrypt`
The embedded server is stopping and invocations on the ModelControllerClient are not available
WFLYEMB0024
java.lang.IllegalStateException
The embedded server is reloading and invocations on the ModelControllerClient are not yet available
WFLYEMB0026
java.lang.IllegalStateException
Cannot create host controller using factory: %s
WFLYEMB0027
java.lang.IllegalStateException
The embedded server is stopped and invocations on the ModelControllerClient are not available
WFLYEMB0028
java.lang.RuntimeException
Error copying '%s' to '%s' (%s)
WFLYEMB0029
java.lang.IllegalArgumentException
-D%s=%s is not a directory
WFLYEMB0143
java.lang.IllegalArgumentException
No directory called '%s' exists under '%s'
WFLYEMB0144
java.lang.IllegalArgumentException
-D%s=%s does not exist
WFLYEMB0145
WARN
The module loader has already been configured. Changing the %s property will have no effect.
WFLYEMB0146
ERROR
Failed to restore context %s
WFLYHC
Code
Level
Return Type
Message
WFLYHC-001
WARN
Server '%s' (managed by host '%s') is unstable and should be stopped or restarted. An unstable server may not stop normally, so the 'kill' operation may be required to terminate the server process.
WFLYHC0000
java.lang.String
Use %s --help for information on valid command line arguments and their syntax.
WFLYHC0000
java.lang.String
- Host Controller configuration files in use: %s, %s
WFLYHC0000
java.lang.String
- Host Controller configuration file in use: %s
WFLYHC0001
WARN
Could not connect to remote domain controller %s
WFLYHC0002
ERROR
Could not connect to the domain controller. Error was: %s
WFLYHC0003
INFO
Creating http management service using network interface (%s) port (%d) securePort (%d)
WFLYHC0005
WARN
Existing server [%s] with status: %s
WFLYHC0008
ERROR
Failed to start server (%s)
WFLYHC0009
ERROR
Failed to stop server (%s)
WFLYHC0011
WARN
Ignoring for jvm '%s' type jvm: %s
WFLYHC0012
ERROR
No configuration was provided and the current running mode ('%s') requires access to the Domain Controller host. Startup will be aborted. Use the %s command line argument to start in %s mode if you need to start without a domain controller connection and then use the management tools to configure one.
WFLYHC0013
WARN
No security realm defined for http management service, all access will be unrestricted.
WFLYHC0014
ERROR
No server called %s available
WFLYHC0015
WARN
Connection to remote host-controller closed. Trying to reconnect.
WFLYHC0016
WARN
Ignoring
WFLYHC0018
INFO
Reconnecting server %s
WFLYHC0019
INFO
Registered remote secondary host "%s", %s
WFLYHC0020
INFO
Registering server %s
WFLYHC0021
INFO
Server [%s] connected using connection [%s]
WFLYHC0023
INFO
Starting server %s
WFLYHC0024
INFO
Stopping server %s
WFLYHC0026
INFO
Unregistered remote secondary host "%s"
WFLYHC0027
INFO
Unregistering server %s
WFLYHC0029
INFO
Unregistered at domain controller
WFLYHC0030
WARN
Connection to remote host "%s" closed unexpectedly
WFLYHC0031
WARN
Cannot load the domain model using --backup
WFLYHC0033
ERROR
Caught exception during boot
WFLYHC0034
java.lang.String
Host Controller boot has failed in an unrecoverable manner; exiting. See previous messages for details. %s
WFLYHC0035
ERROR
Installation of the domain-wide configuration has failed. Because the running mode of this Host Controller is ADMIN_ONLY boot has been allowed to proceed. If ADMIN_ONLY mode were not in effect the process would be terminated due to a critical boot failure.
WFLYHC0037
INFO
The primary Host Controller has been restarted. Re-registering this secondary Host Controller with the new primary.
WFLYHC0038
WARN
The domain controller could not be reached in the last [%d] milliseconds. Re-connecting.
WFLYHC0039
INFO
The secondary Host Controller "%s" has been restarted or is attempting to reconnect. Unregistering the current connection to this secondary.
WFLYHC0040
WARN
The secondary Host Controller "%s" could not be reached in the last [%d] milliseconds. Unregistering.
WFLYHC0041
java.lang.String
Argument expected for option %s. %s
WFLYHC0042
java.lang.IllegalArgumentException
Attempting to set '%s' when '%s' was already set
WFLYHC0043
java.lang.IllegalStateException
Unable to connect due to authentication failure.
WFLYHC0044
java.lang.IllegalStateException
Cannot access a remote file repository from the domain controller
WFLYHC0045
java.io.IOException
Unable to create local directory: %s
WFLYHC0046
java.lang.RuntimeException
Cannot obtain a valid default address for communicating with the ProcessController using either %s or InetAddress.getLocalHost(). Please check your system's network configuration or use the %s command line switch to configure a valid address
WFLYHC0047
java.lang.String
Cannot restart server %s as it is not currently started; it is %s
WFLYHC0048
java.lang.String
Cannot start servers when the Host Controller running mode is %s
WFLYHC0049
java.lang.UnsupportedOperationException
Close should be managed by the service
WFLYHC0050
java.lang.IllegalStateException
Configuration persister for domain model is already initialized
WFLYHC0051
java.lang.IllegalStateException
Interrupted while trying to connect to the domain controller
WFLYHC0052
java.lang.IllegalStateException
Could not connect to the domain controller in %d attempts within %s ms
WFLYHC0053
java.lang.RuntimeException
Could not get the server inventory in %d %s
WFLYHC0054
java.io.IOException
Did not read the entire file. Missing: %d
WFLYHC0055
java.lang.RuntimeException
Error closing down host
WFLYHC0056
java.lang.String
Failed to retrieve profile operations from domain controller
Invocations of %s after HostController boot are not allowed
WFLYHC0066
java.lang.String
Malformed URL provided for option %s. %s
WFLYHC0067
java.lang.IllegalStateException
Must call %s before checking for secondary Host Controller status
WFLYHC0068
java.lang.IllegalStateException
Must call %s before persisting the domain model
WFLYHC0071
java.lang.IllegalStateException
No server inventory
WFLYHC0077
java.lang.IllegalArgumentException
There is already a registered server named '%s'
WFLYHC0078
java.lang.String
Server (%s) still running
WFLYHC0079
javax.security.sasl.SaslException
Unable to generate hash
WFLYHC0080
java.lang.String
Unable to load properties from URL %s. %s
WFLYHC0081
java.lang.IllegalArgumentException
Undefined socket binding group for server %s
WFLYHC0082
java.lang.IllegalStateException
Included socket binding group %s is not defined
WFLYHC0084
java.lang.IllegalArgumentException
Unknown %s %s
WFLYHC0085
java.lang.String
Value for %s is not a known host -- %s. %s
WFLYHC0087
java.lang.IllegalStateException
Host-Controller is already shutdown.
WFLYHC0090
java.lang.UnsupportedOperationException
HostControllerEnvironment does not support system property updates
WFLYHC0091
org.jboss.as.controller.OperationFailedException
Resources of type %s cannot be ignored
WFLYHC0092
javax.xml.stream.XMLStreamException
An '%s' element whose 'type' attribute is '%s' has already been found
WFLYHC0093
java.lang.String
The JVM input arguments cannot be accessed so system properties passed directly to this Host Controller JVM will not be passed through to server processes. Cause of the problem: %s
WFLYHC0094
java.lang.IllegalStateException
Missing configuration value for: %s
WFLYHC0095
java.lang.IllegalStateException
Home directory does not exist: %s
WFLYHC0097
java.lang.IllegalStateException
Domain base directory does not exist: %s
WFLYHC0098
java.lang.IllegalStateException
Domain base directory is not a directory: %s
WFLYHC0099
java.lang.IllegalStateException
Configuration directory does not exist: %s
WFLYHC0100
java.lang.IllegalStateException
Domain data directory is not a directory: %s
WFLYHC0101
java.lang.IllegalStateException
Could not create domain data directory: %s
WFLYHC0102
java.lang.IllegalStateException
Domain content directory is not a directory: %s
WFLYHC0103
java.lang.IllegalStateException
Could not create domain content directory: %s
WFLYHC0104
java.lang.IllegalStateException
Log directory is not a directory: %s
WFLYHC0105
java.lang.IllegalStateException
Could not create log directory: %s
WFLYHC0106
java.lang.IllegalStateException
Servers directory is not a directory: %s
WFLYHC0107
java.lang.IllegalStateException
Could not create servers directory: %s
WFLYHC0108
java.lang.IllegalStateException
Domain temp directory does not exist: %s
WFLYHC0109
java.lang.IllegalStateException
Could not create domain temp directory: %s
WFLYHC0110
java.lang.IllegalStateException
Unable to connect due to SSL failure.
WFLYHC0111
java.lang.IllegalStateException
Option '%s' already exists
WFLYHC0113
org.jboss.as.controller.OperationFailedException
Host controller management version %s.%s is too old, Only %s.%s or higher are supported
WFLYHC0114
java.lang.IllegalStateException
Failed to add extensions used by the domain. Failure description: %s
WFLYHC0115
java.lang.String
Argument %s has no value. %s
WFLYHC0116
java.lang.IllegalStateException
Cannot access S3 file: %s
WFLYHC0117
java.lang.IllegalStateException
Failed to obtain domain controller data from S3 file
WFLYHC0118
java.io.IOException
Cannot write domain controller data to S3 file: %s
WFLYHC0119
java.lang.IllegalStateException
Cannot access S3 bucket '%s': %s
WFLYHC0120
java.lang.IllegalStateException
Tried all domain controller discovery option(s) but unable to connect
WFLYHC0121
java.lang.IllegalStateException
pre_signed_put_url and pre_signed_delete_url must have the same path
WFLYHC0122
java.lang.IllegalStateException
pre_signed_put_url and pre_signed_delete_url must both be set or both unset
WFLYHC0123
java.lang.IllegalStateException
pre-signed url %s must point to a file within a bucket
WFLYHC0124
java.lang.IllegalStateException
pre-signed url %s is not a valid url
WFLYHC0125
java.lang.IllegalStateException
pre-signed url %s may only have a subdirectory under a bucket
WFLYHC0126
java.lang.IllegalArgumentException
Creating location-constrained bucket with unsupported calling-format
WFLYHC0127
java.lang.IllegalArgumentException
Invalid location: %s
WFLYHC0128
java.lang.IllegalArgumentException
Invalid bucket name: %s
WFLYHC0129
java.io.IOException
bucket '%s' could not be accessed (rsp=%d (%s)). Maybe the bucket is owned by somebody else or the authentication failed
WFLYHC0130
java.io.IOException
Unexpected response: %s
WFLYHC0131
java.lang.RuntimeException
HTTP redirect support required
WFLYHC0132
java.lang.RuntimeException
Unexpected error parsing bucket listing(s)
WFLYHC0133
java.lang.RuntimeException
Couldn't initialize a SAX driver for the XMLReader
WFLYHC0134
java.lang.IllegalStateException
Cannot instantiate discovery option class '%s': %s
WFLYHC0137
ERROR
Could not write domain controller data to S3 file. Error was: %s
WFLYHC0138
ERROR
Could not remove S3 file. Error was: %s
WFLYHC0140
java.lang.IllegalStateException
Can't execute transactional operation '%s' from the secondary Host Controller
WFLYHC0142
ERROR
Failed to apply domain-wide configuration from the domain controller
WFLYHC0143
ERROR
Failed to apply domain-wide configuration from the Domain Controller. Operation outcome: %s. Failure description %s
WFLYHC0144
ERROR
The host cannot start because it was started in running mode '%s' with no access to a local copy of the domain wide configuration policy, the '%s' attribute was set to '%s' and the domain wide configuration policy could not be obtained from the Domain Controller host. Startup will be aborted. Use the '%s' command line argument to start if you need to start without connecting to a domain controller connection.
WFLYHC0145
ERROR
The host cannot start because it was started in running mode '%s' with no access to a local copy of the domain wide configuration policy, and the '%s' attribute was set to '%s'. Startup will be aborted. Use the '%s' command line argument to start in running mode '%s'.
WFLYHC0146
WARN
Could not discover the domain controller using discovery option %s. Error was: %s
WFLYHC0147
WARN
No domain controller discovery options remain.
WFLYHC0148
INFO
Connected to the domain controller at %s
WFLYHC0149
INFO
Option %s was set; obtaining domain-wide configuration from %s
WFLYHC0150
INFO
Trying to reconnect to the domain controller.
WFLYHC0151
ERROR
No domain controller discovery configuration was provided and the '%s' attribute was set to '%s'. Startup will be aborted. Use the %s command line argument to start in %s mode if you need to start without a domain controller connection and then use the management tools to configure one.
WFLYHC0152
INFO
Server %s will be started with JVM launch command prefix '%s'
WFLYHC0153
java.io.IOException
Channel closed
WFLYHC0157
java.lang.IllegalStateException
Could not create domain auto-start directory: %s
WFLYHC0158
INFO
Error persisting server autostart status
WFLYHC0159
java.lang.String
Invalid discovery type %s
WFLYHC0160
java.lang.IllegalStateException
Could not read or create the domain UUID in file: %s
WFLYHC0162
org.jboss.as.controller.OperationFailedException
The binding name '%s' in socket binding group '%s' is not unique. Names must be unique across socket-binding, local-destination-outbound-socket-binding and remote-destination-outbound-socket-binding
WFLYHC0163
org.jboss.as.controller.OperationFailedException
Profile '%s' is involved in a cycle
WFLYHC0164
org.jboss.as.controller.OperationFailedException
Profile '%s' defines subsystem '%s' which is also defined in its ancestor profile '%s'. Overriding subsystems is not supported
WFLYHC0165
org.jboss.as.controller.OperationFailedException
Socket binding group '%s' is involved in a cycle
WFLYHC0166
org.jboss.as.controller.OperationFailedException
Socket binding group '%s' defines socket binding '%s' which is also defined in its ancestor socket binding group '%s'. Overriding socket bindings is not supported
WFLYHC0167
org.jboss.as.controller.OperationFailedException
Profile '%s' includes profile '%s' and profile '%s'. Both these profiles define subsystem '%s', which is not supported
WFLYHC0168
org.jboss.as.controller.OperationFailedException
Socket binding group '%s' includes socket binding group '%s' and socket binding group '%s'. Both these socket binding groups define socket binding '%s', which is not supported
WFLYHC0169
org.jboss.as.controller.OperationFailedException
Reload into running mode is not supported with embedded host controller, admin-only=true must be specified.
WFLYHC0170
java.lang.String
Error releasing shared lock after host registration for operationID: %s
WFLYHC0171
ERROR
Failed getting the response from the suspend listener for server: %s
WFLYHC0172
ERROR
Failed executing the suspend operation for server: %s
WFLYHC0173
org.jboss.as.controller.OperationFailedException
It is not possible to use use-current-host-config=false while specifying a host-config
WFLYHC0174
org.jboss.as.controller.OperationFailedException
It is not possible to use use-current-domain-config=false while specifying a domain-config
WFLYHC0175
org.jboss.as.controller.OperationFailedException
domain-config '%s' specified for reload could not be found
WFLYHC0177
WARN
No security realm defined for native management service; all access will be unrestricted.
WFLYHC0178
FATAL
Aborting with exit code %d
WFLYHC0179
INFO
ProcessController has signalled to shut down; shutting down
WFLYHC0180
INFO
Shutting down in response to management operation '%s'
WFLYHC0181
INFO
Host Controller shutdown has been requested via an OS signal
WFLYHC0182
INFO
Timed out after %d ms awaiting server suspend response(s) for server: %s
WFLYHC0183
java.lang.String
Timed out after %d ms awaiting server suspend response(s) for server: %s
WFLYHC0184
INFO
%s interrupted awaiting server suspend response(s)
WFLYHC0185
java.lang.String
%s interrupted awaiting server suspend response(s)
WFLYHC0186
java.lang.String
Failed executing the suspend operation for server: %s
WFLYHC0187
java.lang.String
Failed getting the response from the suspend listener for server: %s
WFLYHC0188
INFO
Timed out after %d ms awaiting server resume response(s) for server: %s
WFLYHC0189
java.lang.String
Timed out after %d ms awaiting server resume response(s) for server: %s
WFLYHC0190
INFO
%s interrupted awaiting server resume response(s)
WFLYHC0191
java.lang.String
%s interrupted awaiting server resume response(s)
WFLYHC0192
java.lang.String
Failed executing the resume operation for server: %s
WFLYHC0193
java.lang.String
Failed getting the response from the resume listener for server: %s
WFLYHC0194
ERROR
Failed executing the resume operation for server: %s
WFLYHC0195
ERROR
Failed getting the response from the resume listener for server: %s
WFLYHC0196
ERROR
Cannot move the file %s to %s, unable to persist domain configuration changes: %s
WFLYHC0197
org.jboss.as.controller.OperationFailedException
If attribute %s is defined an ssl-context must also be defined
WFLYHC0198
WARN
Server '%s' is unstable and should be stopped or restarted. An unstable server may not stop normally, so the 'kill' operation may be required to terminate the server process.
WFLYHC0199
WARN
Server '%s' (managed by host '%s') has not responded to an operation request within the configured timeout. This may mean the server has become unstable.
WFLYHC0200
ERROR
Reporting instability of server '%s' to Domain Controller failed.
WFLYHC0201
java.lang.String
Error synchronizing the host model with the domain controller model with failure : %s.
WFLYHC0202
WARN
The domain configuration was successfully applied, but reload is required before changes become active.
WFLYHC0203
WARN
The domain configuration was successfully applied, but restart is required before changes become active.
WFLYHC0204
WARN
No logging configuration file could be found for the servers initial boot. Logging will not be configured until the logging subsystem is activated for the server %s
WFLYHC0205
ERROR
An error occurred setting the -Dlogging.configuration property for server %s. Configuration path %s
WFLYHC0206
java.lang.IllegalStateException
File %s already exists, you must use --remove-existing-domain-config to overwrite existing files.
WFLYHC0207
java.lang.IllegalStateException
File %s already exists, you must use --remove-existing-host-config to overwrite existing files.
WFLYHC0208
org.jboss.as.controller.OperationFailedException
A host (%s) has already been registered. You must shutdown this host before adding a new one.
WFLYHC0209
org.jboss.as.controller.OperationFailedException
Host name may not be null.
WFLYHC0210
org.jboss.as.controller.OperationFailedException
A secondary Host Controller may not be added using add(). Please add a host, omitting this parameter, and configure the remote domain controller using write-attribute.
WFLYHC0211
org.jboss.as.controller.OperationFailedException
Boot configuration validation failed
WFLYHC0212
org.jboss.as.controller.OperationFailedException
Fetch of missing configuration from the Domain Controller failed without explanation. Fetch operation outcome was %s
WFLYHC0213
java.lang.IllegalStateException
Java home '%s' does not exist.
WFLYHC0214
java.lang.IllegalStateException
Java home's bin '%s' does not exist. The home directory was determined to be %s.
WFLYHC0215
java.lang.IllegalStateException
Could not find java executable under %s.
WFLYHC0216
org.jboss.as.controller.OperationFailedException
The module option %s is not allowed.
WFLYHC0217
javax.xml.stream.XMLStreamException
Security realms are no longer supported, please migrate references to them from the configuration.
WFLYHC0218
org.jboss.as.controller.OperationFailedException
No %s installation has been prepared.
WFLYHC0219
java.security.GeneralSecurityException
Authorization failed for '%s' attempting to connect as a domain server.
WFLYHEALTH
Code
Level
Return Type
Message
WFLYHEALTH0001
INFO
Activating Base Health Subsystem
WFLYIIOP
Code
Level
Return Type
Message
WFLYIIOP0001
INFO
Activating IIOP Subsystem
WFLYIIOP0002
ERROR
Error fetching CSIv2Policy
WFLYIIOP0003
WARN
Caught exception while encoding GSSUPMechOID
WFLYIIOP0004
ERROR
Internal error
WFLYIIOP0005
ERROR
Failed to create CORBA naming context
WFLYIIOP0006
WARN
Unbind failed for %s
WFLYIIOP0007
ERROR
Failed to obtain JSSE security domain with name %s
WFLYIIOP0008
INFO
CORBA Naming Service started
WFLYIIOP0009
INFO
CORBA ORB Service started
WFLYIIOP0010
WARN
Compatibility problem: Class javax.rmi.CORBA.ClassDesc does not conform to the Java(TM) Language to IDL Mapping Specification (01-06-07), section 1.3.5.11
WFLYIIOP0011
WARN
Could not deactivate IR object
WFLYIIOP0012
WARN
Could not deactivate anonymous IR object
WFLYIIOP0013
org.jboss.as.controller.OperationFailedException
SSL support has been enabled but no security domain or client/server SSL contexts have been specified
WFLYIIOP0014
java.lang.RuntimeException
Unexpected exception
WFLYIIOP0015
org.omg.CORBA.NO_PERMISSION
Unexpected ContextError in SAS reply
WFLYIIOP0016
org.omg.CORBA.MARSHAL
Could not parse SAS reply: %s
WFLYIIOP0017
java.lang.RuntimeException
Could not register initial reference for SASCurrent
WFLYIIOP0018
org.omg.CORBA.NO_PERMISSION
SAS context does not exist
WFLYIIOP0019
org.omg.CORBA.NO_PERMISSION
Could not decode initial context token
WFLYIIOP0020
org.omg.CORBA.NO_PERMISSION
Could not decode target name in initial context token
WFLYIIOP0021
org.omg.CORBA.NO_PERMISSION
Could not decode incoming principal name
WFLYIIOP0022
java.lang.RuntimeException
Exception decoding context data in %s
WFLYIIOP0023
java.lang.IllegalArgumentException
Batch size not numeric: %s
WFLYIIOP0024
javax.naming.NamingException
Error getting binding list
WFLYIIOP0025
javax.naming.NamingException
Error generating object via object factory
WFLYIIOP0026
javax.naming.ConfigurationException
Error constructing context: either ORB or NamingContext must be supplied
WFLYIIOP0027
javax.naming.ConfigurationException
%s does not name a NamingContext
WFLYIIOP0028
javax.naming.ConfigurationException
Cannot convert IOR to NamingContext: %s
WFLYIIOP0029
javax.naming.ConfigurationException
ORB.resolve_initial_references("NameService") does not return a NamingContext
WFLYIIOP0030
javax.naming.NamingException
COS Name Service not registered with ORB under the name 'NameService'
WFLYIIOP0031
javax.naming.NamingException
Cannot connect to ORB
WFLYIIOP0032
javax.naming.NamingException
Invalid IOR or URL: %s
WFLYIIOP0033
javax.naming.NamingException
Invalid object reference: %s
WFLYIIOP0034
javax.naming.ConfigurationException
%s does not contain an IOR
WFLYIIOP0035
java.lang.IllegalArgumentException
Only instances of org.omg.CORBA.Object can be bound
WFLYIIOP0036
javax.naming.NamingException
No object reference bound for specified name
WFLYIIOP0037
javax.naming.InvalidNameException
Invalid empty name
WFLYIIOP0038
javax.naming.InvalidNameException
%s: unescaped \ at end of component
WFLYIIOP0039
javax.naming.InvalidNameException
%s: Invalid character being escaped
WFLYIIOP0040
java.net.MalformedURLException
Invalid %s URL: %s
WFLYIIOP0041
javax.naming.ConfigurationException
Problem with PortableRemoteObject.toStub(); object not exported or stub not found
ValueDef %s unable to resolve reference to abstract base valuetype %s
WFLYIIOP0098
org.jboss.msc.service.StartException
Failed to resolve initial reference %s
WFLYIIOP0099
org.jboss.msc.service.StartException
Failed to create POA from parent
WFLYIIOP0100
org.jboss.msc.service.StartException
Unable to instantiate POA: either the running ORB or the parent POA must be specified
WFLYIIOP0101
org.jboss.msc.service.StartException
Failed to activate POA
WFLYIIOP0102
org.omg.CORBA.INTERNAL
Caught exception destroying Iterator %s
WFLYIIOP0103
org.jboss.as.controller.OperationFailedException
IOR settings imply ssl connections usage, but secure connections have not been configured
WFLYIIOP0104
java.lang.String
Inconsistent transport-config configuration: %s is supported, please configure it to %s value
WFLYIIOP0105
java.lang.String
Inconsistent transport-config configuration: %s is not supported, please remove it or configure it to none value
WFLYIIOP0106
java.lang.String
Inconsistent transport-config configuration: %s is set to true, please configure %s as required
WFLYIIOP0109
WARN
SSL socket is required by server but secure connections have not been configured
WFLYIIOP0110
java.lang.IllegalStateException
Client requires SSL but server does not support it
WFLYIIOP0111
java.lang.String
SSL has not been configured but ssl-port property has been specified - the connection will use clear-text protocol
WFLYIIOP0113
org.jboss.as.controller.OperationFailedException
Authentication context has been defined but it is ineffective because the security initializer is not set to 'elytron'
WFLYIIOP0114
java.lang.String
Elytron security initializer not supported in previous iiop-openjdk versions and can't be converted
WFLYIIOP0115
java.lang.IllegalStateException
No IIOP socket bindings have been configured
WFLYIIOP0117
WARN
CLEARTEXT in IIOP subsystem won't be used because server-requires-ssl parameter have been set to true
WFLYIIOP0118
java.lang.IllegalStateException
Legacy security is no longer supported.
WFLYIIOP0119
org.jboss.as.controller.OperationFailedException
The use of security realms at runtime is unsupported.
WFLYIIOP0120
org.jboss.as.controller.OperationFailedException
The use of security domains at runtime is unsupported.
WFLYIM
Code
Level
Return Type
Message
WFLYIM0000
java.util.zip.ZipException
Zip entry %s is outside of the target dir %s.
WFLYIM0000
java.util.zip.ZipException
The structure of directories and files in the .zip file is invalid. The '%s' directory cannot be found as a second-level entry in the extracted .zip file.
WFLYIM0001
org.jboss.as.controller.OperationFailedException
There is an installation prepared and ready to be applied. The current prepared installation can be discarded by using the 'clean' operation.
WFLYIM0002
java.lang.RuntimeException
Invalid status change found for the artifact: '%s'
WFLYIM0003
java.lang.RuntimeException
Invalid status change found for the configuration change: '%s'
WFLYIM0004
org.jboss.as.controller.OperationFailedException
Channel name is mandatory.
WFLYIM0005
org.jboss.as.controller.OperationFailedException
No repositories have been defined in the '%s' channel.
WFLYIM0006
org.jboss.as.controller.OperationFailedException
The '%s' repository in the channel does not have its URL defined.
WFLYIM0007
org.jboss.as.controller.OperationFailedException
The repository URL '%s' for '%s' channel is invalid.
WFLYIM0008
org.jboss.as.controller.OperationFailedException
The '%s' repository in the channel does not have its ID defined.
WFLYIM0009
org.jboss.as.controller.OperationFailedException
The manifest GAV coordinate '%s' for '%s' channel is invalid.
WFLYIM0010
org.jboss.as.controller.OperationFailedException
The manifest URL '%s' for '%s' channel is invalid.
WFLYIM0011
org.jboss.as.controller.OperationFailedException
You cannot use the 'local-cache' option when the 'no-resolve-local-cache' option is enabled.
WFLYIM0012
org.jboss.as.controller.OperationFailedException
You cannot use the 'maven-repo-file' option with the 'repositories' option because they are mutually exclusive.
WFLYIM0013
org.jboss.as.controller.OperationFailedException
Invalid format for the repository URL: '%s'
WFLYIM0014
org.jboss.as.controller.OperationFailedException
You cannot use the 'work-dir' option with the 'repositories' or 'maven-repo-file' options because they are mutually exclusive.
WFLYIM0015
org.jboss.as.controller.OperationFailedException
Channel with name '%s' cannot be found.
WFLYIM0016
org.jboss.as.controller.OperationFailedException
The manifest maven coordinates for '%s' are invalid. The expected maven coordinates for this manifest are GA (GroupId:ArtifactId).
WFLYIM0017
org.jboss.as.controller.OperationFailedException
The manifest maven coordinates for '%s' are invalid. The expected maven coordinates for this manifest are GAV (GroupId:ArtifactId:Version) where Version is optional.
WFLYIM0018
java.lang.IllegalStateException
Installation Manager Service is down.
WFLYIM0019
org.jboss.as.controller.OperationFailedException
Operation has been cancelled.
WFLYIM0020
org.jboss.as.controller.OperationFailedException
No custom patches installed found for the specified manifest maven coordinates: '%s'
WFLYIO
Code
Level
Return Type
Message
WFLYIO001
INFO
Worker '%s' has auto-configured to %d IO threads with %d max task threads based on your %d available processors
WFLYIO002
INFO
Worker '%s' has auto-configured to %d IO threads based on your %d available processors
WFLYIO003
INFO
Worker '%s' has auto-configured to %d max task threads based on your %d available processors
WFLYIO004
WARN
Worker '%s' would auto-configure to %d max task threads based on %d available processors, however your system does not have enough file descriptors configured to support this configuration. It is likely you will experience application degradation unless you increase your file descriptor limit.
WFLYIO005
WARN
Your system is configured with %d file descriptors, but your current application server configuration will require a minimum of %d (and probably more than that); attempting to adjust, however you should expect stability problems unless you increase this number
WFLYIO006
java.lang.String
no metrics available
WFLYIO007
org.jboss.as.controller.OperationFailedException
Unexpected bind address conflict in resource "%s" when attempting to establish binding for destination %s to %s: a binding of %s already existed
WFLYIO008
WARN
The stack-size value of %d bytes for IO worker %s is low and may result in problems. A value of at least 150,000 is recommended.
WFLYJAR
Code
Level
Return Type
Message
WFLYJAR0000
java.lang.String
Set system property jboss.bind.address to the given value
WFLYJAR0000
java.lang.String
Set system property jboss.bind.address. to the given value
WFLYJAR0000
java.lang.String
Set a system property
WFLYJAR0000
java.lang.String
Display this message and exit
WFLYJAR0000
java.lang.String
Load system properties from the given url
WFLYJAR0000
java.lang.String
Set system property jboss.default.multicast.address to the given value
WFLYJAR0000
java.lang.String
Print version and exit
WFLYJAR0000
java.lang.String
Activate the SecurityManager
WFLYJAR0000
java.lang.String
Set a security property
WFLYJAR0000
java.lang.String
Path to deployment artifact (war,jar,ear or exploded deployment dir) to deploy in hollow jar
WFLYJAR0000
java.lang.String
Path to directory in which the server is installed. By default the server is installed in TEMP directory.
WFLYJAR0000
java.lang.String
Display the content of the Galleon configuration used to build this bootable JAR
WFLYJAR0000
java.lang.String
Path to a CLI script to execute when starting the Bootable JAR
WFLYJAR0001
DEBUG
Shutting down
WFLYJAR0002
DEBUG
Server stopped, exiting
WFLYJAR0003
DEBUG
Server not yet stopped, waiting
WFLYJAR0004
DEBUG
Null controller client, exiting
WFLYJAR0005
java.lang.RuntimeException
Unexpected exception while shutting down server
WFLYJAR0006
INFO
Deployed %s in server
WFLYJAR0007
INFO
Installed server and application in %s, took %sms
WFLYJAR0008
INFO
Server options: %s
WFLYJAR0009
DEBUG
Deleting %s dir
WFLYJAR0010
java.lang.Exception
Not an hollow jar, deployment already exists
WFLYJAR0011
java.lang.RuntimeException
Unknown argument %s
WFLYJAR0012
java.lang.RuntimeException
File %s doesn't exist
WFLYJAR0013
java.lang.RuntimeException
Invalid argument %s, no value provided
WFLYJAR0014
java.lang.IllegalStateException
The server is stopping and invocations on the ModelControllerClient are not available
WFLYJAR0015
java.lang.IllegalStateException
The server is reloading and invocations on the ModelControllerClient are not yet available
WFLYJAR0016
java.lang.IllegalStateException
The server is stopped and invocations on the ModelControllerClient are not available
WFLYJAR0017
java.lang.RuntimeException
Cannot start server
WFLYJAR0018
java.lang.RuntimeException
Cannot load module %s from: %s
WFLYJAR0019
WARN
Cannot restart server, exiting
WFLYJAR0020
WARN
Can't delete %s. Exception %s
WFLYJAR0021
WARN
Cannot register JBoss Modules MBeans, %s
WFLYJAR0022
java.lang.IllegalStateException
The PID file %s already exists. This may result in the install directory "%s" not being properly deleted.
WFLYJAR0023
WARN
Failed to start the cleanup processor. This may result in the install directory "%s" not being properly deleted.
WFLYJAR0024
WARN
The container has not properly shutdown within %ds. This may result in the install directory "%s" not being properly deleted.
WFLYJAR0025
DEBUG
Failed to initialize a security provider. Reason: %s
Admin object class (%s) is incorrect for resource adapter '%s' while deploying %s
WFLYJCA0086
WARN
Unable to find driver class name in "%s" jar
WFLYJCA0087
ERROR
Unable to register recovery: %s (%s)
WFLYJCA0088
java.lang.String
Attributes %s rejected. Must be true
WFLYJCA0089
WARN
Exception during unregistering deployment
WFLYJCA0090
org.jboss.as.controller.OperationFailedException
Jndi name shouldn't include '//' or end with '/'
WFLYJCA0091
WARN
-ds.xml file deployments are deprecated. Support may be removed in a future version.
WFLYJCA0092
java.lang.IllegalStateException
Indexed child resources can only be registered if the parent resource supports ordered children. The parent of '%s' is not indexed
WFLYJCA0093
INFO
The '%s' operation is deprecated. Use of the 'add' or 'remove' operations is preferred, or if required the 'write-attribute' operation can used to set the deprecated 'enabled' attribute
WFLYJCA0096
ERROR
Error during recovery shutdown
WFLYJCA0097
WARN
Exception while stopping resource adapter
WFLYJCA0098
INFO
Bound non-transactional data source: %s
WFLYJCA0099
INFO
Unbound non-transactional data source: %s
WFLYJCA0100
java.lang.UnsupportedOperationException
Operation %s is not supported
WFLYJCA0101
org.jboss.as.controller.OperationFailedException
Thread pool: %s(type: %s) can not be added for workmanager: %s, only one thread pool is allowed for each type.
WFLYJCA0102
org.jboss.as.controller.OperationFailedException
Attribute %s can only be defined if %s is true
WFLYJCA0103
org.jboss.as.controller.OperationFailedException
Attribute %s can only be defined if %s is undefined or false
WFLYJCA0104
java.lang.String
Subject=%s Subject identity=%s
WFLYJCA0106
INFO
Elytron handler handle: %s
WFLYJCA0107
java.lang.SecurityException
Execution subject was not provided to the callback handler
WFLYJCA0108
java.lang.IllegalArgumentException
Supplied callback doesn't contain a security domain reference
WFLYJCA0109
java.lang.UnsupportedOperationException
Callback with security domain is required - use createCallbackHandler(Callback callback) instead
WFLYJCA0110
java.lang.IllegalStateException
CredentialSourceSupplier is invalid for DSSecurity
WFLYJCA0111
java.lang.IllegalStateException
WorkManager hasn't elytron-enabled flag set accordingly with RA one
WFLYJCA0112
java.lang.IllegalArgumentException
Datasource %s is disabled
WFLYJCA0113
ERROR
Unexcepted error during worker execution : %s
WFLYJCA0114
org.jboss.as.controller.OperationFailedException
Failed to load datasource class: %s
WFLYJCA0115
java.lang.String
Module for driver [%s] or one of it dependencies is missing: [%s]
WFLYJCA0116
java.lang.String
Failed to load module for RA [%s] - the module or one of its dependencies is missing [%s]
WFLYJCA0117
org.jboss.as.controller.OperationFailedException
%s is not a valid %s implementation
WFLYJCA0118
INFO
Binding connection factory named %s to alias %s
WFLYJCA0119
INFO
Unbinding connection factory named %s to alias %s
WFLYJCA0120
org.jboss.msc.service.StartException
Unable to start the data source '%s' because there are no connection factories, either not defined or failed, please check log.
WFLYJCA0121
org.jboss.msc.service.StartException
Unable to start the data source '%s' because there is more than one(%s) connection factory defined.
WFLYJCA0122
org.jboss.as.controller.OperationFailedException
Thread pool name %s(type: %s) must match the workmanager name %s.
WFLYJCA0123
org.jboss.as.controller.OperationFailedException
Connection definition %s from resource adapter %s is configured to require the legacy security subsystem, which is not present
WFLYJCA0124
org.jboss.as.controller.OperationFailedException
Datasource %s is configured to require the legacy security subsystem, which is not present
Connection definition for %s is configured to require the legacy security subsystem, which is not present
WFLYJCA0127
java.lang.IllegalStateException
Connection factory %s is configured to require the legacy security subsystem, which is not present
WFLYJCA0128
java.lang.IllegalStateException
Legacy security is not available
WFLYJCA0129
org.jboss.as.controller.OperationFailedException
Wrong module name %s
WFLYJCA0130
org.jboss.as.controller.OperationFailedException
Report directory %s does not exist
WFLYJCA0131
org.jboss.as.controller.OperationFailedException
Legacy security attribute %s is no longer supported. Please use Elytron configuration instead
WFLYJCA0132
java.lang.String
Legacy security is no longer supported. Please use Elytron configuration instead
WFLYJDR
Code
Level
Return Type
Message
WFLYJDR0000
java.lang.String
Display this message and exit
WFLYJDR0000
java.lang.String
hostname that the management api is bound to. (default: localhost)
WFLYJDR0000
java.lang.String
port that the management api is bound to. (default: 9990)
WFLYJDR0000
java.lang.String
Protocol that is used to connect. Can be remote, http or https (default: http)
WFLYJDR0000
java.lang.String
Configuration file of the server if it is not running.
WFLYJDR0000
java.lang.String
JBoss Diagnostic Reporter (JDR) is a subsystem built to collect information to aid in troubleshooting. The jdr script is a utility for generating JDR reports.
WFLYJDR0007
java.lang.String
Could not create zipfile.
WFLYJDR0008
java.lang.String
Could not configure JDR. At least one configuration step failed.
WFLYJDR0009
java.lang.String
No JDR commands were loaded. Be sure that a valid Plugin class is specified in plugins.properties.
WFLYJDR0011
ERROR
Could not find JDR properties file.
WFLYJDR0012
ERROR
Could not create JDR properties file at %s
WFLYJMX
Code
Level
Return Type
Message
WFLYJMX-001
java.lang.Error
Invalid ObjectName: %s,%s; %s
WFLYJMX-001
java.lang.Error
Invalid ObjectName: %s,%s,%s; %s
WFLYJMX0000
java.lang.String
entry
WFLYJMX0000
java.lang.String
An entry
WFLYJMX0000
java.lang.String
The key
WFLYJMX0000
java.lang.String
The value
WFLYJMX0000
java.lang.String
A map
WFLYJMX0000
java.lang.String
The map is indexed by 'key'
WFLYJMX0000
java.lang.String
Complex type
WFLYJMX0000
java.lang.String
A complex type
WFLYJMX0000
java.lang.String
This mbean does not support expressions for attributes or operation parameters, even when supported by the underlying model. Instead the resolved attribute is returned, and the real typed value must be used when writing attributes/invoking operations.
WFLYJMX0000
java.lang.String
This mbean supports raw expressions for attributes and operation parameters where supported by the underlying model. If no expression is used, the string representation is converted into the real attribute value.
WFLYJMX0000
java.lang.String
To be able to set and read expressions go to %s
WFLYJMX0000
java.lang.String
To read resolved values and to write typed attributes and use typed operation parameters go to %s
WFLYJMX0000
java.lang.String
This attribute supports expressions
WFLYJMX0000
java.lang.String
This attribute does not support expressions
WFLYJMX0000
java.lang.String
A composite type representing a property
WFLYJMX0000
java.lang.String
The property name
WFLYJMX0000
java.lang.String
The property value
WFLYJMX0004
WARN
No ObjectName available to unregister
WFLYJMX0005
ERROR
Failed to unregister [%s]
WFLYJMX0006
WARN
is no longer supporting. should be used instead to allow remote connections via JBoss Remoting.
WFLYJMX0007
javax.management.AttributeNotFoundException
Could not find any attribute matching: %s
WFLYJMX0008
javax.management.AttributeNotFoundException
Attribute %s is not writable
WFLYJMX0009
java.lang.RuntimeException
Could not create ObjectName for address %s from string %s
WFLYJMX0010
javax.management.ReflectionException
Could not set %s
WFLYJMX0012
java.lang.IllegalArgumentException
%s and %s have different lengths
WFLYJMX0013
javax.management.InvalidAttributeValueException
Bad type for '%s'
WFLYJMX0014
java.lang.IllegalArgumentException
Invalid key %s for %s
WFLYJMX0015
java.lang.Error
Invalid ObjectName: %s; %s
WFLYJMX0017
javax.management.InstanceNotFoundException
No MBean found with name %s
WFLYJMX0018
org.jboss.msc.service.StartException
Failed to register mbean [%s]
WFLYJMX0019
javax.management.InstanceNotFoundException
No operation called '%s'
WFLYJMX0020
javax.management.MBeanException
No operation called '%s' at %s
WFLYJMX0022
javax.management.InstanceNotFoundException
No registration found for path address %s
WFLYJMX0024
java.lang.RuntimeException
Unknown type %s
WFLYJMX0025
java.lang.IllegalArgumentException
Unknown value %s
WFLYJMX0026
java.lang.IllegalStateException
Need the name parameter for wildcard add
WFLYJMX0029
java.lang.IllegalArgumentException
Unknown domain: %s
WFLYJMX0030
java.lang.IllegalArgumentException
Expression can not be converted into target type %s
WFLYJMX0031
java.lang.IllegalArgumentException
Unknown child %s
WFLYJMX0032
java.lang.IllegalArgumentException
ObjectName cannot be null
WFLYJMX0036
java.lang.IllegalStateException
There is no handler called '%s'
WFLYJMX0037
javax.management.JMRuntimeException
Unauthorized access
WFLYJMX0038
javax.management.JMRuntimeException
Not authorized to write attribute: '%s'
WFLYJMX0039
javax.management.JMRuntimeException
Not authorized to read attribute: '%s'
WFLYJMX0040
javax.management.JMRuntimeException
Not authorized to invoke operation: '%s'
WFLYJMX0041
javax.management.NotCompliantMBeanException
You can't create mbeans under the reserved domain '%s'
WFLYJMX0042
javax.management.OperationsException
Don't know how to deserialize
WFLYJMX0043
java.lang.UnsupportedOperationException
%s is not supported
WFLYJMX0044
java.lang.String
You can't register mbeans under the reserved domain '%s'
WFLYJMX0045
java.lang.String
You can't unregister mbeans under the reserved domain '%s'
WFLYJMX0046
javax.management.RuntimeOperationsException
The ObjectName coming from MBeanRegistration.preRegister() '%s' is in a reserved JMX domain
WFLYJMX0047
ERROR
An error happened unregistering the '%s' MBean registered in a reserved JMX domain
WFLYJMX0048
java.lang.UnsupportedOperationException
Add notification listener using ObjectName %s is not supported
WFLYJMX0049
java.lang.UnsupportedOperationException
Remove notification listener using ObjectName %s is not supported
WFLYJMX0050
java.lang.UnsupportedOperationException
Add notification listener using ObjectName %s is not supported
WFLYJMX0051
java.lang.UnsupportedOperationException
Remove notification listener using ObjectName %s is not supported
WFLYJPA
Code
Level
Return Type
Message
WFLYJPA0001
WARN
Duplicate Persistence Unit definition for %s in application. One of the duplicate persistence.xml should be removed from the application. Application deployment will continue with the persistence.xml definitions from %s used. The persistence.xml definitions from %s will be ignored.
WFLYJPA0002
INFO
Read persistence.xml for %s
WFLYJPA0003
INFO
Starting %s Service '%s'
WFLYJPA0004
INFO
Stopping %s Service '%s'
WFLYJPA0006
ERROR
Could not load default persistence provider module.
WFLYJPA0007
ERROR
Failed to stop persistence unit service %s
WFLYJPA0010
INFO
Starting Persistence Unit (phase %d of 2) Service '%s'
WFLYJPA0011
INFO
Stopping Persistence Unit (phase %d of 2) Service '%s'
WFLYJPA0012
WARN
Unexpected problem gathering statistics
WFLYJPA0015
java.lang.IllegalStateException
Container managed entity manager can only be closed by the container (will happen when @remove method is invoked on containing SFSB)
WFLYJPA0017
java.lang.IllegalStateException
Container managed entity manager can only be closed by the container (auto-cleared at tx/invocation end and closed when owning component is closed.)
Cannot specify both %s (%s) and %s (%s) in %s for %s
WFLYJPA0030
jakarta.ejb.EJBException
Found extended persistence context in SFSB invocation call stack but that cannot be used because the transaction already has a transactional context associated with it. This can be avoided by changing application code, either eliminate the extended persistence context or the transactional context. See JPA spec 2.0 section 7.6.3.1. Scoped persistence unit name=%s, persistence context already in transaction =%s, extended persistence context =%s.
WFLYJPA0031
java.lang.RuntimeException
Could not find child '%s' on '%s'
WFLYJPA0032
java.lang.String
Class level %s annotation on class %s must provide a %s
WFLYJPA0033
java.lang.String
Can't find a persistence unit named %s in %s
WFLYJPA0034
java.lang.IllegalArgumentException
Can't find a persistence unit named %s#%s at %s
WFLYJPA0036
java.lang.IllegalStateException
An error occurred while getting the transaction associated with the current thread: %s
Can only inject from a Hibernate EntityManagerFactoryImpl
WFLYJPA0043
java.lang.IllegalArgumentException
Persistence unit name (%s) contains illegal '%s' character
WFLYJPA0044
java.lang.IllegalArgumentException
jboss.as.jpa.scopedname hint (%s) contains illegal '%s' character
WFLYJPA0048
java.lang.RuntimeException
Persistence provider adapter module (%s) has more than one adapter
WFLYJPA0053
java.lang.RuntimeException
Internal %s error, null %s passed in
WFLYJPA0057
jakarta.persistence.PersistenceException
PersistenceProvider '%s' not found
WFLYJPA0058
java.lang.RuntimeException
Could not find relative path: %s
WFLYJPA0059
java.lang.String
%s injection target is invalid. Only setter methods are allowed: %s
WFLYJPA0060
jakarta.persistence.TransactionRequiredException
Transaction is required to perform this operation (either use a transaction or extended persistence context)
WFLYJPA0061
java.lang.IllegalArgumentException
Persistence unitName was not specified and there are %d persistence unit definitions in application deployment %s. Either change the application deployment to have only one persistence unit definition or specify the unitName for each reference to a persistence unit.
WFLYJPA0062
java.lang.RuntimeException
Could not create instance of persistence provider class %s
WFLYJPA0063
java.lang.RuntimeException
internal error, the number of stateful session beans (%d) associated with an extended persistence context (%s) cannot be a negative number.
WFLYJPA0064
java.lang.IllegalStateException
Jakarta Transactions transaction already has a 'SynchronizationType.UNSYNCHRONIZED' persistence context (EntityManager) joined to it but a component with a 'SynchronizationType.SYNCHRONIZED' is now being used. Change the calling component code to join the persistence context (EntityManager) to the transaction or change the called component code to also use 'SynchronizationType.UNSYNCHRONIZED'. See JPA spec 2.1 section 7.6.4.1. Scoped persistence unit name=%s.
WFLYJPA0065
java.lang.UnsupportedOperationException
Resources of type %s cannot be registered
WFLYJPA0066
java.lang.UnsupportedOperationException
Resources of type %s cannot be removed
WFLYJPA0067
java.lang.RuntimeException
Classloader '%s' has more than one Persistence provider adapter
Error occurred while searching for logging configuration files.
WFLYLOG0044
org.jboss.as.controller.OperationFailedException
Handler %s is attached to the following handlers and cannot be removed; %s
WFLYLOG0045
org.jboss.as.controller.OperationFailedException
Handler %s is attached to the following loggers and cannot be removed; %s
WFLYLOG0046
java.lang.String
Cannot add handler (%s) to itself
WFLYLOG0047
java.lang.IllegalStateException
The handler is closed, cannot publish to a closed handler
WFLYLOG0048
java.lang.String
Configuration for handler '%s' could not be found.
WFLYLOG0049
java.lang.String
Configuration for logger '%s' could not be found.
WFLYLOG0050
java.lang.UnsupportedOperationException
Method %s on class %s is not supported
WFLYLOG0051
java.lang.RuntimeException
Failed to write configuration file %s
WFLYLOG0061
java.lang.String
Formatter '%s' is not found
WFLYLOG0070
java.lang.IllegalArgumentException
Truncated filter expression string
WFLYLOG0071
java.lang.IllegalArgumentException
Invalid escape found in filter expression string
WFLYLOG0072
org.jboss.as.controller.OperationFailedException
Filter '%s' is not found
WFLYLOG0073
java.lang.IllegalArgumentException
Expected identifier next in filter expression
WFLYLOG0074
java.lang.IllegalArgumentException
Expected string next in filter expression
WFLYLOG0075
java.lang.IllegalArgumentException
Expected '%s' next in filter expression
WFLYLOG0076
java.lang.IllegalArgumentException
Unexpected end of filter expression
WFLYLOG0078
java.lang.IllegalStateException
The logging subsystem requires the log manager to be org.jboss.logmanager.LogManager. The subsystem has not be initialized and cannot be used. To use JBoss Log Manager you must add the system property "java.util.logging.manager" and set it to "org.jboss.logmanager.LogManager"
File '%s' was not found and cannot be found in the %s directory.
WFLYLOG0081
org.jboss.as.controller.OperationFailedException
File '%s' is not allowed to be read.
WFLYLOG0082
java.lang.String
The suffix (%s) can not contain seconds or milliseconds.
WFLYLOG0083
org.jboss.as.controller.OperationFailedException
Path '%s' is a directory and cannot be used as a log file.
WFLYLOG0084
java.lang.UnsupportedOperationException
Resources of type %s cannot be registered
WFLYLOG0085
java.lang.UnsupportedOperationException
Resources of type %s cannot be removed
WFLYLOG0086
java.lang.IllegalArgumentException
Could not determine deployment name from the address %s.
WFLYLOG0087
ERROR
Failed to process logging directory %s. Log files cannot be listed.
WFLYLOG0088
ERROR
Could not determine %s had any children resources.
WFLYLOG0089
WARN
The log manager check was skipped and the log manager system property, "java.util.logging.manager", does not appear to be set to "org.jboss.logmanager.LogManager". The current value is "%s". Some behavior of the logged output such as MDC and NDC may not work as expected.
WFLYLOG0090
WARN
The following path expressions could not be resolved while attempting to determine which log files are available to be read: %s
WFLYLOG0091
org.jboss.as.controller.OperationFailedException
Exception output type %s is invalid.
WFLYLOG0092
org.jboss.as.controller.OperationFailedException
Invalid type found. Expected %s but found %s.
WFLYLOG0093
org.jboss.as.controller.OperationFailedException
Failed to configure SSL context for %s %s.
WFLYLOG0094
org.jboss.as.controller.OperationFailedException
Formatter name cannot end with '-wfcore-pattern-formatter'
WFLYLOG0095
org.jboss.as.controller.OperationFailedException
The name %s cannot be used as a filter name as it is a reserved filter name. Reserved names are: %s
WFLYLOG0096
org.jboss.as.controller.OperationFailedException
The name %s cannot be used as a filter name as it starts with an invalid character %s
WFLYLOG0097
org.jboss.as.controller.OperationFailedException
The name %s cannot be used as a filter name as it contains an invalid character %s
WFLYLOG0099
WARN
Usage of a log4j appender (%s) found in a custom-handler. Support for using appenders as custom handlers has been deprecated and will be removed in a future release.
WFLYLOG0100
WARN
Usage of a log4j configuration file (%s) was found in deployment %s. Support for log4j configuration files in deployments has been deprecated and will be removed in a future release.
WFLYMAIL
Code
Level
Return Type
Message
WFLYMAIL0001
INFO
Bound mail session [%s]
WFLYMAIL0002
INFO
Unbound mail session [%s]
WFLYMAIL0003
DEBUG
Removed mail session [%s]
WFLYMAIL0004
org.jboss.msc.service.StartException
No outbound socket binding configuration '%s' is available.
WFLYMAIL0009
WARN
Host name [%s] could not be resolved!
WFLYMETRICS
Code
Level
Return Type
Message
WFLYMETRICS0001
INFO
Activating Base Metrics Subsystem
WFLYMETRICS0002
java.lang.IllegalArgumentException
Failed to initialize metrics from JMX MBeans
WFLYMETRICS0003
WARN
Unable to read attribute %s on %s: %s.
WFLYMETRICS0004
WARN
Unable to convert attribute %s on %s to Double value.
WFLYMETRICS0005
ERROR
Malformed name.
WFLYMMTREXT
Code
Level
Return Type
Message
WFLYMMTREXT0001
INFO
Activating Micrometer Subsystem
WFLYMMTREXT0002
INFO
Micrometer Subsystem is processing deployment
WFLYMMTREXT0003
DEBUG
The deployment does not have Jakarta Contexts and Dependency Injection enabled. Skipping Micrometer integration.
WFLYMMTREXT0004
DEBUG
Deployment %s requires use of the '%s' capability but it is not currently registered
WFLYMMTREXT0005
WARN
Unable to read attribute %s on %s: %s.
WFLYMMTREXT0006
WARN
Unable to convert attribute %s on %s to Double value.
WFLYMMTREXT0007
ERROR
Malformed name.
WFLYMMTREXT0008
java.lang.IllegalArgumentException
Failed to initialize metrics from JMX MBeans
WFLYMMTREXT0009
java.lang.IllegalArgumentException
An unsupported metric type was found: %s
WFLYMMTREXT0010
INFO
Not activating Micrometer Subsystem
WFLYMMTREXT0011
WARN
Micrometer has been enabled, but no endpoint has been configured. A No-op metrics registry has been configured.
WFLYMODCLS
Code
Level
Return Type
Message
WFLYMODCLS0001
ERROR
Error adding metrics.
WFLYMODCLS0004
ERROR
Mod_cluster requires Advertise but Multicast interface is not available.
WFLYMODCLS0005
WARN
No mod_cluster load balance factor provider specified for proxy '%s'! Using load balance factor provider with constant factor of '1'.
WFLYMODCLS0006
ERROR
Error applying properties to load metric class '%s'. Metric will not be loaded.
WFLYMODCLS0011
java.lang.String
Virtual host '%s' or context '%s' not found.
WFLYMODCLS0019
java.lang.IllegalArgumentException
'%s' is not a valid value for excluded-contexts.
WFLYMODCLS0021
WARN
Value 'ROOT' for excluded-contexts is deprecated, to exclude the root context use '/' instead.
WFLYMODCLS0023
ERROR
Error loading module '%s' to load custom metric from.
WFLYMODCLS0025
WARN
The '%s' element is no longer supported and will be ignored.
WFLYMODCLS0026
WARN
Attribute '%s' of element '%s' is no longer supported and will be ignored.
Resource at the address %s can not be managed, the server is in backup mode
WFLYMSGAMQ0067
org.jboss.as.controller.OperationFailedException
The broadcast group '%s' defines reference to nonexistent connector '%s'. Available connectors '%s'.
WFLYMSGAMQ0068
jakarta.jms.IllegalStateRuntimeException
It is not permitted to call this method on injected JMSContext (see Jakarta Messaging 2.0 spec, §12.4.5).
WFLYMSGAMQ0071
WARN
There is no resource matching the expiry-address %s for the address-settings %s, expired messages from destinations matching this address-setting will be lost!
WFLYMSGAMQ0072
WARN
There is no resource matching the dead-letter-address %s for the address-settings %s, undelivered messages from destinations matching this address-setting will be lost!
WFLYMSGAMQ0073
java.lang.String
Can not remove JNDI name %s. The resource must have at least one JNDI name
WFLYMSGAMQ0075
INFO
AIO wasn't located on this platform, it will fall back to using pure Java NIO. Your platform is Linux, install LibAIO to enable the AIO journal and achieve optimal performance.
WFLYMSGAMQ0076
org.jboss.as.controller.OperationFailedException
Parameter %s contains duplicate elements [%s]
WFLYMSGAMQ0077
org.jboss.as.controller.OperationFailedException
Can not remove unknown entry %s
WFLYMSGAMQ0078
org.jboss.as.controller.OperationFailedException
Only one %s child resource is allowed, found children: %s
WFLYMSGAMQ0079
java.lang.IllegalStateException
Indexed child resources can only be registered if the parent resource supports ordered children. The parent of '%s' is not indexed
WFLYMSGAMQ0080
org.jboss.msc.service.StartException
Discovery group %s is not defined
WFLYMSGAMQ0081
org.jboss.msc.service.StartException
Unsupported type of broadcast group configuration for legacy resource: %s
WFLYMSGAMQ0082
org.jboss.msc.service.StartException
Unsupported type of connector factory for legacy resource: %s
WFLYMSGAMQ0083
org.jboss.as.controller.OperationFailedException
The %s operation can not be performed: the server must be in %s mode
WFLYMSGAMQ0084
org.jboss.as.controller.OperationFailedException
The server does not define any in-vm connector. One is required to be able to import a journal
WFLYMSGAMQ0085
org.jboss.as.controller.OperationFailedException
Unable to load class %s from module %s
WFLYMSGAMQ0086
org.jboss.as.controller.OperationFailedException
Unable to load module %s
WFLYMSGAMQ0087
org.jboss.as.controller.OperationFailedException
Unable to load connector service factory class: %s
WFLYMSGAMQ0088
org.jboss.as.controller.OperationFailedException
%s is an invalid value for parameter %s, it should be multiple of %s
WFLYMSGAMQ0089
WARN
Resource at %s is not correctly configured: when its attribute %s is defined, the other attributes %s will not be taken into account
WFLYMSGAMQ0090
java.lang.IllegalArgumentException
The Elytron security domain cannot be null
WFLYMSGAMQ0091
DEBUG
Failed to authenticate username %s. Exception message: %s
WFLYMSGAMQ0092
DEBUG
Failed to authenticate username %s: cannot verify username/password pair
WFLYMSGAMQ0093
DEBUG
Failed to authorize username %s: missing permissions
WFLYMSGAMQ0094
WARN
Unable to detect database dialect from connection metadata or JDBC driver name. Please configure this manually using the 'journal-database' property in your configuration. Known database dialect strings are %s
WFLYMSGAMQ0095
WARN
Multiple client-mapping found in [%s] socket binding used by ActiveMQ [%s] transport configuration. Using address: [host: %s, port %s]
WFLYMSGAMQ0096
org.jboss.as.controller.OperationFailedException
The %s operation can not be performed on a JDBC store journal
WFLYMSGAMQ0097
org.jboss.as.controller.OperationFailedException
There is no socket-binding or outbound-socket-binding configured with the name %s
WFLYMSGAMQ0098
org.jboss.as.controller.OperationFailedException
Unable to load module %s - the module or one of its dependencies is missing [%s]
WFLYMSGAMQ0099
org.jboss.msc.service.StartException
Creating the remote destination %s failed with error %s
WFLYMSGAMQ0100
java.lang.RuntimeException
Deleting the remote destination %s failed with error %s
WFLYMSGAMQ0101
WARN
Invalid value %s for %s, legal values are %s, default value is applied.
The %s %s is configured to use socket-binding %s, but this socket binding doesn't have the multicast-address or a multicast-port attributes configured.
WFLYMSGAMQ0106
org.jboss.as.controller.OperationFailedException
The bridge %s didn't deploy.
WFLYMSGAMQ0107
java.lang.IllegalStateException
You must define a elytron security doman when security is enabled.
WFLYMSGAMQ0108
org.jboss.as.controller.OperationFailedException
Either socket-binding or jgroups-cluster attribute is required.
WFLYNAM
Code
Level
Return Type
Message
WFLYNAM0001
INFO
Activating Naming Subsystem
WFLYNAM0002
WARN
Failed to set %s
WFLYNAM0003
INFO
Starting Naming Service
WFLYNAM0012
ERROR
Failed to release binder service, used for a runtime made JNDI binding
WFLYNAM0013
ERROR
Failed to obtain jndi view value for entry %s.
WFLYNAM0014
java.lang.SecurityException
Attempt to add a Permission to a readonly PermissionCollection
WFLYNAM0015
java.lang.String
%s cannot be null.
WFLYNAM0016
javax.naming.NamingException
Could not dereference object
WFLYNAM0017
javax.naming.NamingException
Unable to list a non Context binding.
WFLYNAM0018
java.lang.String
Could not lookup link
WFLYNAM0020
javax.naming.NamingException
Could not resolve service %s
WFLYNAM0021
javax.naming.NamingException
Could not resolve service reference to %s in factory %s. Service was in state %s.
WFLYNAM0022
javax.naming.NamingException
Could not resolve service reference to %s in factory %s. This is a bug in ServiceReferenceObjectFactory. State was %s.
WFLYNAM0023
java.lang.String
Duplicate JNDI bindings for '%s' are not compatible. [%s] != [%s]
WFLYNAM0024
javax.naming.InvalidNameException
An empty name is not allowed
WFLYNAM0025
java.lang.IllegalStateException
Jndi entry '%s' is not yet registered in context '%s'
WFLYNAM0026
java.lang.IllegalStateException
Failed to destroy root context
WFLYNAM0027
javax.naming.NamingException
Failed instantiate %s %s from classloader %s
WFLYNAM0028
java.lang.String
Failed to read %s context entries.
WFLYNAM0029
java.lang.String
Failed to start %s
WFLYNAM0030
java.lang.RuntimeException
Illegal context in name: %s
WFLYNAM0032
javax.naming.NamingException
Invalid context reference. Not a '%s' reference.
WFLYNAM0033
java.lang.IllegalArgumentException
A valid JNDI name must be provided: %s
WFLYNAM0034
java.lang.IllegalArgumentException
Load factor must be greater than 0 and less than or equal to 1
WFLYNAM0035
java.lang.IllegalArgumentException
invalid permission, unknown action: %s
WFLYNAM0036
java.lang.IllegalArgumentException
invalid permission, unknown action: %s
WFLYNAM0037
java.lang.IllegalArgumentException
Can not have a negative size table!
WFLYNAM0038
java.lang.String
Jndi view is only available in runtime mode.
WFLYNAM0039
javax.naming.NameNotFoundException
Name '%s' not found in context '%s'
WFLYNAM0041
java.lang.IllegalArgumentException
%s is null
WFLYNAM0042
javax.naming.NamingException
Failed to create object factory from classloader.
WFLYNAM0043
javax.naming.OperationNotSupportedException
Naming context is read-only
WFLYNAM0044
java.lang.IllegalArgumentException
Service with name [%s] already bound.
WFLYNAM0045
java.lang.IllegalStateException
Table is full!
WFLYNAM0046
javax.naming.NamingException
Thread interrupted while retrieving service reference for service %s
Invalid binding name %s, name must start with one of %s
WFLYNAM0049
org.jboss.as.controller.OperationFailedException
Unknown binding type %s
WFLYNAM0050
org.jboss.as.controller.OperationFailedException
Unsupported simple binding type %s
WFLYNAM0051
org.jboss.as.controller.OperationFailedException
Unable to transform URL binding value %s
WFLYNAM0052
org.jboss.as.controller.OperationFailedException
Could not load module %s
WFLYNAM0053
org.jboss.as.controller.OperationFailedException
Could not load class %s from module %s
WFLYNAM0054
org.jboss.as.controller.OperationFailedException
Could not instantiate instance of class %s from module %s
WFLYNAM0055
org.jboss.as.controller.OperationFailedException
Class %s from module %s is not an instance of ObjectFactory
WFLYNAM0059
java.lang.RuntimeException
Resource lookup for injection failed: %s
WFLYNAM0060
org.jboss.as.controller.OperationFailedException
Binding type %s requires attribute named %s defined
WFLYNAM0061
org.jboss.as.controller.OperationFailedException
Binding type %s can not take a 'cache' attribute
WFLYNAM0062
javax.naming.NamingException
Failed to lookup %s
WFLYNAM0063
java.lang.IllegalStateException
%s service not started
WFLYNAM0064
org.jboss.as.controller.OperationFailedException
Cannot rebind external context lookup
WFLYNAM0065
org.jboss.as.controller.OperationFailedException
Could not load module %s - the module or one of its dependencies is missing [%s]
WFLYOIDC
Code
Level
Return Type
Message
WFLYOIDC0001
INFO
Activating WildFly Elytron OIDC Subsystem
WFLYOIDC0002
INFO
Elytron OIDC Client subsystem override for deployment '%s'
WFLYOIDC0003
java.lang.RuntimeException
Cannot remove credential. No credential defined for deployment '%s'
WFLYOIDC0004
java.lang.RuntimeException
Cannot update credential. No credential defined for deployment '%s'
WFLYOIDC0005
java.lang.RuntimeException
Cannot remove redirect rewrite rule. No redirect rewrite defined for deployment '%s'
WFLYOIDC0006
java.lang.RuntimeException
Cannot update redirect rewrite. No redirect rewrite defined for deployment '%s'
WFLYOIDC0007
org.jboss.as.controller.OperationFailedException
Must set 'resource' or 'client-id'
WFLYOIDC0008
WARN
The 'disable-trust-manager' attribute has been set to 'true' so no trust manager will be used when communicating with the OpenID provider over HTTPS. This value should always be set to 'false' in a production environment.
Deployment %s requires use of the '%s' capability but it is not currently registered
WFLYOTELEXT0005
ERROR
Error resolving the OpenTelemetry instance.
WFLYOTELEXT0008
java.lang.IllegalArgumentException
An unsupported exporter was specified: '%s'.
WFLYOTELEXT0009
ERROR
Error resolving the tracer.
WFLYOTELEXT0010
java.lang.IllegalArgumentException
An unsupported span processor was specified: '%s'.
WFLYOTELEXT0011
java.lang.IllegalArgumentException
Unrecognized value for sampler: '%s'.
WFLYOTELEXT0012
java.lang.IllegalArgumentException
Invalid ratio. Must be between 0.0 and 1.0 inclusive
WFLYPAT
Code
Level
Return Type
Message
WFLYPAT0000
java.lang.String
Conflicts detected
WFLYPAT0000
java.lang.IllegalStateException
failed to resolve a jboss.home.dir use the --distribution attribute to point to a valid installation
WFLYPAT0000
java.lang.IllegalStateException
No layers directory found at %s
WFLYPAT0000
java.lang.IllegalStateException
Cannot find layer '%s' under directory %s
WFLYPAT0000
java.lang.IllegalStateException
no associated module or bundle repository with layer '%s'
WFLYPAT0000
java.lang.IllegalStateException
Duplicate %s '%s'
WFLYPAT0000
java.lang.IllegalStateException
Not a directory %s
WFLYPAT0000
java.lang.IllegalStateException
patch types don't match
WFLYPAT0000
org.jboss.as.patching.PatchingException
invalid rollback information
WFLYPAT0001
WARN
Cannot delete file %s
WFLYPAT0002
WARN
Cannot invalidate %s
WFLYPAT0003
org.jboss.as.patching.PatchingException
Patch does not apply - expected (%s), but was (%s)
WFLYPAT0004
java.io.IOException
Failed to delete (%s)
WFLYPAT0005
java.io.IOException
Failed to create directory (%s)
WFLYPAT0008
java.lang.String
File at path specified by argument %s does not exist
WFLYPAT0011
org.jboss.as.patching.PatchingException
Cannot rollback patch (%s)
WFLYPAT0012
org.jboss.as.patching.PatchingException
Patch '%s' already applied
WFLYPAT0013
org.jboss.as.patching.PatchingException
There is no layer called %s installed
WFLYPAT0014
org.jboss.as.patching.PatchingException
Failed to resolve a valid patch descriptor for %s %s
WFLYPAT0015
org.jboss.as.patching.PatchingException
Requires patch '%s'
WFLYPAT0016
org.jboss.as.patching.PatchingException
Patch is incompatible with patch '%s'
WFLYPAT0017
org.jboss.as.patching.ContentConflictsException
Conflicts detected
WFLYPAT0018
java.io.SyncFailedException
copied content does not match expected hash for item: %s
WFLYPAT0019
java.lang.IllegalArgumentException
invalid patch name '%s'
WFLYPAT0020
java.lang.IllegalArgumentException
Cannot rollback. No patches applied.
WFLYPAT0021
org.jboss.as.patching.PatchingException
Patch '%s' not found in history.
WFLYPAT0023
org.jboss.as.controller.OperationFailedException
Failed to show history of patches
WFLYPAT0024
org.jboss.as.controller.OperationFailedException
Unable to apply or rollback a patch when the server is in a restart-required state.
WFLYPAT0025
java.lang.String
failed to load identity info
WFLYPAT0026
java.lang.String
No more patches
WFLYPAT0027
java.lang.String
No patch history %s
WFLYPAT0028
java.lang.String
Patch is missing file %s
WFLYPAT0029
java.lang.String
File is not readable %s
WFLYPAT0030
java.lang.String
Layer not found %s
WFLYPAT0031
ERROR
failed to undo change for: '%s'
WFLYPAT0032
java.lang.String
missing: '%s'
WFLYPAT0033
java.lang.String
inconsistent state: '%s'
WFLYPAT0034
java.lang.String
in error: '%s'
WFLYPAT0035
WARN
Cannot rename file %s
WFLYPAT0036
java.lang.IllegalStateException
Cannot process backup by renaming file %s
WFLYPAT0037
java.lang.IllegalStateException
Cannot process restore by renaming file %s
WFLYPAT0038
java.lang.IllegalStateException
Duplicate element patch-id (%s)
WFLYPAT0039
java.lang.String
Requested %s version %s did not match the installed version %s
WFLYPAT0040
java.lang.String
failed to load %s info
WFLYPAT0041
java.lang.String
Patch %s found in more than one stream: %s and %s
WFLYPAT0042
java.lang.String
Patch bundle is empty
WFLYPAT0043
org.jboss.as.patching.PatchingException
Content item type is missing in '%s'
WFLYPAT0044
java.lang.String
Unsupported content type '%s'
WFLYPAT0045
org.jboss.as.patching.PatchingException
Unrecognized condition format '%s'
WFLYPAT0046
org.jboss.as.patching.PatchingException
Cannot copy files to temporary directory %s: %s. Note that '-Djava.io.tmpdir' switch can be used to set different temporary directory.
WFLYPAT0047
java.io.IOException
Cannot copy files from %s to %s: %s
WFLYPAT0048
ERROR
Error when restoring file[%s] - %s
WFLYPAT0049
java.io.IOException
Some backup files were not removed.
WFLYPAT0050
INFO
%s cumulative patch ID is: %s, one-off patches include: %s
WFLYPAT0051
java.io.IOException
Invalid zip file. Found an entry that resolves to a path outside of the patch directory: %s
WFLYPC
Code
Level
Return Type
Message
WFLYPC0000
java.lang.String
Usage: %s [args...]%nwhere args include:
WFLYPC0000
java.lang.String
Keep a copy of the persistent domain configuration even if this host is not the Domain Controller. If ignore-unused-configuration is unset in host.xml, then the complete domain configuration will be stored, otherwise the configured value of ignore-unused-configuration will be used.
WFLYPC0000
java.lang.String
If this host is not the Domain Controller and cannot contact the Domain Controller at boot, a locally cached copy of the domain configuration is used for boot (if available, see --backup.) The Domain Controller is background polled until it becomes available. Note that starting a host with --cached-dc when the Domain Controller is available will cache a copy of the domain configuration even if --backup is not used.
WFLYPC0000
java.lang.String
Name of the domain configuration file to use (default is "domain.xml") (Same as -c)
WFLYPC0000
java.lang.String
Name of the domain configuration file to use (default is "domain.xml") (Same as --domain-config)
WFLYPC0000
java.lang.String
Name of the domain configuration file to use. This differs from '--domain-config', '-c' and '-domain-config' in that the initial file is never overwritten.
WFLYPC0000
java.lang.String
Display this message and exit
WFLYPC0000
java.lang.String
Address on which the host controller should listen for communication from the process controller
WFLYPC0000
java.lang.String
Port on which the host controller should listen for communication from the process controller
WFLYPC0000
java.lang.String
Name of the host configuration file to use (default is "host.xml")
WFLYPC0000
java.lang.String
Name of the host configuration file to use. This differs from '--host-config' in that the initial file is never overwritten.
WFLYPC0000
java.lang.String
Address on which the process controller listens for communication from processes it controls
WFLYPC0000
java.lang.String
Port on which the process controller listens for communication from processes it controls
WFLYPC0000
java.lang.String
Load system properties from the given url
WFLYPC0000
java.lang.String
Set a system property
WFLYPC0000
java.lang.String
Print version and exit
WFLYPC0000
java.lang.String
Set system property jboss.bind.address to the given value
WFLYPC0000
java.lang.String
Set system property jboss.bind.address. to the given value
WFLYPC0000
java.lang.String
Set system property jboss.default.multicast.address to the given value
WFLYPC0000
java.lang.String
Set the host controller's running type to ADMIN_ONLY causing it to open administrative interfaces and accept management requests but not start servers or, if this host controller is the primary for the domain, accept incoming connections from secondary host controllers.
WFLYPC0000
java.lang.String
Set system property jboss.domain.primary.address to the given value. In a default secondary Host Controller config, this is used to configure the address of the primary Host Controller.
WFLYPC0000
java.lang.String
Set system property jboss.domain.primary.port to the given value. In a default secondary Host Controller config, this is used to configure the port used for native management communication by the primary Host Controller.
WFLYPC0000
java.lang.String
Runs the server with a security manager installed.
WFLYPC0001
WARN
Attempted to reconnect non-existent process '%s'
WFLYPC0002
WARN
Attempted to remove non-existent process '%s'
WFLYPC0003
WARN
Attempted to start non-existent process '%s'
WFLYPC0004
WARN
Attempted to stop non-existent process '%s'
WFLYPC0005
WARN
Attempted to register duplicate named process '%s'
WFLYPC0006
WARN
Failed to send authentication key to process '%s': %s
WFLYPC0007
ERROR
Failed to send data bytes to process '%s' input stream
WFLYPC0008
ERROR
Failed to send reconnect message to process '%s' input stream
WFLYPC0009
ERROR
Failed to start process '%s'
WFLYPC0010
ERROR
Failed to write %s message to connection: %s
WFLYPC0011
INFO
Process '%s' finished with an exit status of %d
WFLYPC0012
WARN
Received connection with invalid version from %s
WFLYPC0013
WARN
Received unrecognized greeting code 0x%02x from %s
WFLYPC0014
WARN
Received connection with unknown credentials from %s
WFLYPC0015
WARN
Received unknown message with code 0x%02x
WFLYPC0016
INFO
All processes finished; exiting
WFLYPC0017
INFO
Shutting down process controller
WFLYPC0018
INFO
Starting process '%s'
WFLYPC0019
INFO
Stopping process '%s'
WFLYPC0020
ERROR
Stream processing failed for process '%s': %s
WFLYPC0021
INFO
Waiting %d seconds until trying to restart process %s.
WFLYPC0022
WARN
Failed to kill process '%s', trying to destroy the process instead.
WFLYPC0023
java.lang.String
No value was provided for argument %s
WFLYPC0025
java.lang.IllegalArgumentException
Authentication key must be 24 bytes long
WFLYPC0029
java.lang.IllegalArgumentException
%s length is invalid
WFLYPC0030
java.lang.IllegalArgumentException
Invalid option: %s
WFLYPC0031
java.lang.IllegalArgumentException
Command contains a null component
WFLYPC0033
ERROR
Failed to accept a connection
WFLYPC0034
ERROR
Failed to close resource %s
WFLYPC0035
ERROR
Failed to close the server socket %s
WFLYPC0036
ERROR
Failed to close a socket
WFLYPC0039
ERROR
Failed to handle incoming connection
WFLYPC0040
ERROR
Failed to handle socket failure condition
WFLYPC0041
ERROR
Failed to handle socket finished condition
WFLYPC0042
ERROR
Failed to handle socket shut down condition
WFLYPC0043
ERROR
Failed to read a message
WFLYPC0044
WARN
Leaked a message output stream; cleaning
WFLYPC0045
java.io.IOException
Failed to create server thread
WFLYPC0046
java.io.IOException
Failed to read object
WFLYPC0047
java.io.UTFDataFormatException
Invalid byte
WFLYPC0048
java.io.UTFDataFormatException
Invalid byte:%s(%d)
WFLYPC0049
java.io.IOException
Invalid byte token. Expecting '%s' received '%s'
WFLYPC0050
java.io.IOException
Invalid command byte read: %s
WFLYPC0051
java.io.IOException
Invalid start chunk start [%s]
WFLYPC0056
java.io.EOFException
Read %d bytes.
WFLYPC0058
java.io.IOException
Stream closed
WFLYPC0059
java.lang.IllegalStateException
Thread creation was refused
WFLYPC0060
java.io.EOFException
Unexpected end of stream
WFLYPC0061
java.io.IOException
Write channel closed
WFLYPC0062
java.io.IOException
Writes are already shut down
WFLYPC0063
INFO
Process '%s' did not complete normal stop within %d ms; attempting to kill process using OS calls
WFLYPC0064
INFO
Cannot locate process '%s' -- could not find the 'jps' command
WFLYPC0065
INFO
No process identifiable as '%s' could be found
WFLYPC0066
INFO
Multiple processes identifiable as '%s' found; OS level kill cannot be safely performed
WFLYPC0067
INFO
Process '%s' did not complete normal stop within %d ms; attempting to destroy process using java.lang.Process.destroyForcibly()
WFLYPL
Code
Level
Return Type
Message
WFLYPL0001
INFO
Activating PicketLink %s Subsystem
WFLYPL0003
INFO
Bound [%s] to [%s]
WFLYPL0007
java.lang.RuntimeException
Could not load module [%s].
WFLYPL0009
java.lang.RuntimeException
Could not load class [%s].
WFLYPL0010
org.jboss.as.controller.OperationFailedException
No type provided for %s. You must specify a class-name or code.
WFLYPL0012
org.jboss.as.controller.OperationFailedException
Attribute [%s] is not longer supported.
WFLYPL0013
org.jboss.as.controller.OperationFailedException
[%s] can only have [%d] child of type [%s].
WFLYPL0014
org.jboss.as.controller.OperationFailedException
Invalid attribute [%s] definition for [%s]. Only one of the following attributes are allowed: [%s].
WFLYPL0015
org.jboss.as.controller.OperationFailedException
Required attribute [%s] for [%s].
WFLYPL0016
org.jboss.as.controller.OperationFailedException
[%s] requires one of the given attributes [%s].
WFLYPL0017
java.lang.IllegalStateException
Type [%s] already defined.
WFLYPL0018
org.jboss.as.controller.OperationFailedException
[%s] can not be empty.
WFLYPL0019
org.jboss.as.controller.OperationFailedException
[%s] requires child [%s].
WFLYPL0054
org.jboss.as.controller.OperationFailedException
You must provide at least one identity configuration.
WFLYPL0055
org.jboss.as.controller.OperationFailedException
You must provide at least one identity store for identity configuration [%s].
WFLYPL0056
org.jboss.as.controller.OperationFailedException
No supported type provided.
WFLYPL0057
org.jboss.as.controller.OperationFailedException
No mapping was defined.
WFLYPL0101
org.jboss.as.controller.OperationFailedException
No type provided for the handler. You must specify a class-name or code.
WFLYPL0105
org.jboss.as.controller.OperationFailedException
The migrate operation can not be performed: the server must be in admin-only mode
Worker configuration is no longer used, please use endpoint worker configuration
WFLYRMT0023
java.lang.String
Only one of '%s' configuration or '%s' configuration is allowed
WFLYRMT0024
INFO
The remoting subsystem is present but no io subsystem was found. An io subsystem was not required when remoting schema '%s' was current but now is, so a default subsystem is being added.
WFLYRMT0025
org.jboss.as.controller.OperationFailedException
Can't remove %s as JMX uses it as a remoting endpoint
WFLYRMT0026
java.lang.String
Change of worker to '%s' in remoting might require the same change in linked resources depending on remoting and in definition of http(s) listeners.
WFLYRMT0027
org.jboss.msc.service.StartException
Failed to obtain SSLContext
WFLYRMT0028
org.jboss.as.controller.OperationFailedException
Invalid option '%s'.
WFLYRMT0029
org.jboss.as.controller.OperationFailedException
The use of security realms at runtime is unsupported.
WFLYRS
Code
Level
Return Type
Message
WFLYRS0001
WARN
%s annotation not on Class: %s
WFLYRS0002
WARN
%s annotation not on Class or Method: %s
WFLYRS0003
ERROR
More than one mapping found for Jakarta RESTful Web Services servlet: %s the second mapping %s will not work
Jakarta RESTful Web Services resource %s does not correspond to a view on the Jakarta Enterprise Beans %s. @Path annotations can only be placed on classes or interfaces that represent a local, remote or no-interface view of an Jakarta Enterprise Beans.
The context param org.jboss.as.jaxrs.disableSpringIntegration is deprecated, and will be removed in a future release. Please use org.jboss.as.jaxrs.enableSpringIntegration instead
WFLYRS0014
ERROR
Failed to register management view for REST resource class: %s
WFLYRS0015
WARN
No Servlet declaration found for Jakarta RESTful Web Services application. In %s either provide a class that extends jakarta.ws.rs.core.Application or declare a servlet class in web.xml.
WFLYRS0016
INFO
RESTEasy version %s
WFLYRS0017
WARN
Failed to read attribute from Jakarta RESTful Web Services deployment at %s with name %s
WFLYRS0018
WARN
Explicit usage of Jackson annotation in a Jakarta RESTful Web Services deployment; the system will disable Jakarta JSON Binding processing for the current deployment. Consider setting the '%s' property to 'false' to restore Jakarta JSON Binding.
WFLYRS0019
WARN
Error converting default value %s for parameter %s in method %s using param converter %s. Exception: %s : %s
WFLYRS0020
WARN
"Error converting default value %s for parameter %s in method %s using method %s. Exception: %s : %s"
WFLYRS0021
ERROR
%s %s
WFLYRS0022
org.jboss.as.controller.OperationFailedException
"Parameter %s is not a list"
WFLYRS0023
java.lang.String
Illegal value for parameter %s: %s
WFLYRS0029
WARN
The RESTEasy tracing API has been enabled for deployment "%s" and is not meant for production.
WFLYRS0030
java.lang.IllegalStateException
Invalid ConfigurationFactory found %s
WFLYRS0031
WARN
Failed to load RESTEasy MicroProfile Configuration: %s
WFLYRTS
Code
Level
Return Type
Message
WFLYRTS0001
java.lang.IllegalStateException
Can't import global transaction to wildfly transaction client.
WFLYRTS0002
ERROR
Cannot get transaction status on handling response context %s
Deployment configuration error: the following permissions are not implied by the maximum permissions set %s
WFLYSM0005
java.lang.String
Empty maximum sets are not understood in the target model version and must be rejected
WFLYSM0006
javax.xml.stream.XMLStreamException
Unexpected element '%s' encountered
WFLYSM0007
javax.xml.stream.XMLStreamException
Unexpected attribute '%s' encountered
WFLYSM0008
javax.xml.stream.XMLStreamException
Unexpected end of document
WFLYSM0009
javax.xml.stream.XMLStreamException
Missing required attribute(s): %s
WFLYSM0010
javax.xml.stream.XMLStreamException
Missing required element(s): %s
WFLYSM0011
javax.xml.stream.XMLStreamException
Unexpected content of type %s
WFLYSM0012
WARN
The following permission could not be constructed and will be ignored in the %s: (class="%s" name="%s" actions="%s")
WFLYSRV
Code
Level
Return Type
Message
WFLYSRV0000
java.lang.String
Name of the server configuration file to use (default is "standalone.xml") (Same as -c)
WFLYSRV0000
java.lang.String
Name of the server configuration file to use (default is "standalone.xml") (Same as --server-config)
WFLYSRV0000
java.lang.String
Name of the server configuration file to use. This differs from '--server-config' and '-c' in that the original file is never overwritten.
WFLYSRV0000
java.lang.String
Display this message and exit
WFLYSRV0000
java.lang.String
Load system properties from the given url
WFLYSRV0000
java.lang.String
Set a security property
WFLYSRV0000
java.lang.String
Set a system property
WFLYSRV0000
java.lang.String
Print version and exit
WFLYSRV0000
java.lang.String
Set system property jboss.bind.address to the given value
WFLYSRV0000
java.lang.String
Set system property jboss.bind.address. to the given value
WFLYSRV0000
java.lang.String
Set system property jboss.default.multicast.address to the given value
WFLYSRV0000
java.lang.String
Set the server's running type to ADMIN_ONLY causing it to open administrative interfaces and accept management requests but not start other runtime services or accept end user requests. Cannot be used in conjunction with --start-mode. Deprecated; use --start-mode=admin-only instead.
WFLYSRV0000
java.lang.String
Activate debug mode with an optional argument to specify the port. Only works if the launch script supports it.
WFLYSRV0000
java.lang.String
Runs the server with a security manager installed.
WFLYSRV0000
java.lang.String
Sets the start mode of the server, it can be either 'normal','admin-only' or 'suspend'. If this is 'suspend' the server will start in suspended mode, and will not service requests until it has been resumed. If this is started in admin-only mode the server will only open administrative interfaces and accept management requests but not start other runtime services or accept end user requests. Cannot be used in conjunction with --admin-only.
WFLYSRV0000
java.lang.String
Start the server gracefully, queuing or cleanly rejecting requests until the server is fully started
WFLYSRV0000
java.lang.String
The git repository to clone to get the server configuration.
WFLYSRV0000
java.lang.String
The git branch to use to get the server configuration. Default is 'master'
WFLYSRV0000
java.lang.String
The elytron configuration file for managing git credentials. Default is 'null'
WFLYSRV0000
java.lang.String
Configured system properties:
WFLYSRV0000
java.lang.String
VM Arguments: %s
WFLYSRV0000
java.lang.String
Configured system environment:
WFLYSRV0000
java.lang.String
Notification emitted when the process state changes
WFLYSRV0000
java.lang.String
The attribute '%s' has changed from '%s' to '%s'
WFLYSRV0000
java.lang.String
Repository initialized
WFLYSRV0000
java.lang.String
Adding .gitignore
WFLYSRV0000
java.lang.String
- Server configuration file in use: %s
WFLYSRV0000
java.lang.String
%s started in %dms - Started %d of %d services (%d services are lazy, passive or on-demand) %s
WFLYSRV0000
java.lang.String
%s started (with errors) in %dms - Started %d of %d services (%d services failed or missing dependencies, %d services are lazy, passive or on-demand) %s
WFLYSRV0001
WARN
%s in subdeployment ignored. jboss-deployment-structure.xml is only parsed for top level deployments.
WFLYSRV0002
WARN
Loading failed for the annotation index "%s" with the following exception: %s
WFLYSRV0003
WARN
Could not index class %s at %s
WFLYSRV0007
ERROR
Undeploy of deployment "%s" was rolled back with the following failure message: %s
WFLYSRV0008
ERROR
Undeploy of deployment "%s" was rolled back with no failure message
WFLYSRV0009
INFO
Undeployed "%s" (runtime-name: "%s")
WFLYSRV0010
INFO
Deployed "%s" (runtime-name : "%s")
WFLYSRV0011
ERROR
Redeploy of deployment "%s" was rolled back with the following failure message: %s
WFLYSRV0012
ERROR
Redeploy of deployment "%s" was rolled back with no failure message
WFLYSRV0013
INFO
Redeployed "%s"
WFLYSRV0014
ERROR
Replacement of deployment "%s" by deployment "%s" was rolled back with the following failure message: %s
WFLYSRV0015
ERROR
Replacement of deployment "%s" by deployment "%s" was rolled back with no failure message
WFLYSRV0016
INFO
Replaced deployment "%s" with deployment "%s"
WFLYSRV0017
WARN
Annotations import option %s specified in jboss-deployment-structure.xml for additional module %s has been ignored. Additional modules cannot import annotations.
WFLYSRV0018
WARN
Deployment "%s" is using a private module ("%s") which may be changed or removed in future versions without notice.
WFLYSRV0019
WARN
Deployment "%s" is using an unsupported module ("%s") which may be changed or removed in future versions without notice.
WFLYSRV0020
WARN
Exception occurred removing deployment content %s
WFLYSRV0021
ERROR
Deploy of deployment "%s" was rolled back with the following failure message: %s
WFLYSRV0022
ERROR
Deploy of deployment "%s" was rolled back with no failure message
WFLYSRV0023
WARN
Failed to parse property (%s), value (%s) as an integer
WFLYSRV0024
ERROR
Cannot add module '%s' as URLStreamHandlerFactory provider
WFLYSRV0025
INFO
%s
WFLYSRV0026
ERROR
%s
WFLYSRV0027
INFO
Starting deployment of "%s" (runtime-name: "%s")
WFLYSRV0028
INFO
Stopped deployment %s (runtime-name: %s) in %dms
WFLYSRV0034
WARN
No security realm or sasl server authentication defined for native management service; all access will be unrestricted.
WFLYSRV0035
WARN
No security realm or http server authentication defined for http management service; all access will be unrestricted.
WFLYSRV0039
INFO
Creating http management service using socket-binding (%s)
WFLYSRV0040
INFO
Creating http management service using secure-socket-binding (%s)
WFLYSRV0041
INFO
Creating http management service using socket-binding (%s) and secure-socket-binding (%s)
WFLYSRV0042
WARN
Caught exception closing input stream for uploaded deployment content
WFLYSRV0043
ERROR
Deployment unit processor %s unexpectedly threw an exception during undeploy phase %s of %s
WFLYSRV0045
WARN
Extension %s is missing the required manifest attribute %s-%s (skipping extension)
WFLYSRV0046
WARN
Extension %s URI syntax is invalid: %s
WFLYSRV0047
WARN
Could not find Extension-List entry %s referenced from %s
WFLYSRV0048
WARN
A server name configuration was provided both via system property %s ('%s') and via the xml configuration ('%s'). The xml configuration value will be used.
WFLYSRV0049
INFO
%s starting
WFLYSRV0050
INFO
%s stopped in %dms
WFLYSRV0051
INFO
Admin console listening on http://%s:%d
WFLYSRV0052
INFO
Admin console listening on https://%s:%d
WFLYSRV0053
INFO
Admin console listening on http://%s:%d and https://%s:%d
WFLYSRV0054
INFO
Admin console is not enabled
WFLYSRV0055
ERROR
Caught exception during boot
WFLYSRV0056
java.lang.String
Server boot has failed in an unrecoverable manner; exiting. See previous messages for details. %s
WFLYSRV0057
ERROR
No deployment content with hash %s is available in the deployment content repository for deployment %s. Because this Host Controller is booting in ADMIN-ONLY mode, boot will be allowed to proceed to provide administrators an opportunity to correct this problem. If this Host Controller were not in ADMIN-ONLY mode this would be a fatal boot failure.
WFLYSRV0058
WARN
Additional resource root %s added via jboss-deployment-structure.xml does not exist
WFLYSRV0059
WARN
Class Path entry %s in %s does not point to a valid jar for a Class-Path reference.
WFLYSRV0060
INFO
Http management interface listening on http://%s:%d/management
WFLYSRV0061
INFO
Http management interface listening on https://%s:%d/management
WFLYSRV0062
INFO
Http management interface listening on http://%s:%d/management and https://%s:%d/management
WFLYSRV0063
INFO
Http management interface is not enabled
WFLYSRV0064
WARN
urn:jboss:deployment-structure namespace found in jboss.xml for a sub deployment %s. This is only valid in a top level deployment.
WFLYSRV0065
WARN
Failed to unmount deployment overlay
WFLYSRV0067
WARN
jboss-deployment-dependencies cannot be used in a sub deployment, it must be specified at ear level: %s
WFLYSRV0068
ERROR
No deployment overlay content with hash %s is available in the deployment content repository for deployment %s at location %s. Because this Host Controller is booting in ADMIN-ONLY mode, boot will be allowed to proceed to provide administrators an opportunity to correct this problem. If this Host Controller were not in ADMIN-ONLY mode this would be a fatal boot failure.
WFLYSRV0070
INFO
Deployment restart detected for deployment %s, performing full redeploy instead.
WFLYSRV0071
WARN
The operating system has limited the number of open files to %d for this process; a value of at least 4096 is recommended
WFLYSRV0072
java.lang.String
Value expected for option %s
WFLYSRV0073
java.lang.String
Invalid option '%s'
WFLYSRV0074
java.lang.String
Malformed URL '%s' provided for option '%s'
WFLYSRV0075
java.lang.String
Unable to load properties from URL '%s'
WFLYSRV0079
java.lang.IllegalArgumentException
hostControllerName must be null if the server is not in a managed domain
WFLYSRV0080
java.lang.IllegalArgumentException
hostControllerName may not be null if the server is in a managed domain
WFLYSRV0081
org.jboss.as.controller.OperationFailedException
An IP address cannot be resolved using the given interface selection criteria. Failure was -- %s
WFLYSRV0082
org.jboss.msc.service.StartException
failed to resolve interface %s
WFLYSRV0083
org.jboss.msc.service.StartException
Failed to start the http-interface service
WFLYSRV0084
org.jboss.as.controller.OperationFailedException
No deployment content with hash %s is available in the deployment content repository.
WFLYSRV0085
org.jboss.as.controller.OperationFailedException
No deployment with name %s found
WFLYSRV0086
org.jboss.as.controller.OperationFailedException
Cannot use %s with the same value for parameters %s and %s. Use %s to redeploy the same content or %s to replace content with a new version with the same name.
Could not find the file repository connection to the host controller.
WFLYSRV0112
java.lang.IllegalArgumentException
Unknown mount type %s
WFLYSRV0113
org.jboss.msc.service.StartException
Failed to create temp file provider
WFLYSRV0115
org.jboss.as.controller.OperationFailedException
System property %s cannot be set via the xml configuration file or from a management client; it's value must be known at initial process start so it can only set from the command line
WFLYSRV0116
org.jboss.as.controller.OperationFailedException
System property %s cannot be set after the server name has been set via the xml configuration file or from a management client
WFLYSRV0117
java.lang.IllegalStateException
Unable to initialise a basic SSLContext '%s'
WFLYSRV0119
java.lang.IllegalStateException
Home directory does not exist: %s
WFLYSRV0121
java.lang.IllegalStateException
Configuration directory does not exist: %s
WFLYSRV0122
java.lang.IllegalStateException
Server base directory does not exist: %s
WFLYSRV0123
java.lang.IllegalStateException
Server data directory is not a directory: %s
WFLYSRV0124
java.lang.IllegalStateException
Could not create server data directory: %s
WFLYSRV0125
java.lang.IllegalStateException
Server content directory is not a directory: %s
WFLYSRV0126
java.lang.IllegalStateException
Could not create server content directory: %s
WFLYSRV0127
java.lang.IllegalStateException
Log directory is not a directory: %s
WFLYSRV0128
java.lang.IllegalStateException
Could not create log directory: %s
WFLYSRV0129
java.lang.IllegalStateException
Server temp directory does not exist: %s
WFLYSRV0130
java.lang.IllegalStateException
Could not create server temp directory: %s
WFLYSRV0131
java.lang.IllegalStateException
Controller temp directory does not exist: %s
WFLYSRV0132
java.lang.IllegalStateException
Could not create server temp directory: %s
WFLYSRV0133
java.lang.IllegalStateException
Domain base dir does not exist: %s
WFLYSRV0134
java.lang.IllegalStateException
Domain config dir does not exist: %s
WFLYSRV0135
java.lang.IllegalStateException
Server base directory is not a directory: %s
WFLYSRV0136
java.lang.IllegalStateException
Could not create server base directory: %s
WFLYSRV0137
org.jboss.as.controller.OperationFailedException
No deployment content with hash %s is available in the deployment content repository for deployment '%s'. This is a fatal boot error. To correct the problem, either restart with the --admin-only switch set and use the CLI to install the missing content or remove it from the configuration, or remove the deployment from the xml configuration file and restart.
WFLYSRV0138
java.lang.IllegalStateException
VFS is not available from the configured module loader
WFLYSRV0139
org.jboss.msc.service.ServiceNotFoundException
Server controller service was removed
WFLYSRV0140
java.lang.IllegalStateException
Root service was removed
WFLYSRV0141
java.lang.IllegalStateException
Cannot start server
WFLYSRV0143
java.lang.IllegalArgumentException
No directory called '%s' exists under '%s'
WFLYSRV0144
java.lang.IllegalArgumentException
-D%s=%s does not exist
WFLYSRV0145
java.lang.IllegalArgumentException
-D%s=%s is not a directory
WFLYSRV0146
java.lang.RuntimeException
Error copying '%s' to '%s'
WFLYSRV0147
java.io.InvalidObjectException
%s is null
WFLYSRV0148
java.io.InvalidObjectException
portOffset is out of range
WFLYSRV0149
org.jboss.as.controller.OperationFailedException
Invalid '%s' value: %d, the maximum index is %d
WFLYSRV0150
org.jboss.as.controller.OperationFailedException
Cannot create input stream from URL '%s'
WFLYSRV0151
org.jboss.as.controller.OperationFailedException
No bytes available at param %s
WFLYSRV0152
org.jboss.as.controller.OperationFailedException
Only 1 piece of content is current supported (AS7-431)
Failed to get content for deployment overlay %s at %s
WFLYSRV0198
org.jboss.as.controller.OperationFailedException
No deployment overlay content with hash %s is available in the deployment content repository for deployment overlay '%s' at location %s. This is a fatal boot error. To correct the problem, either restart with the --admin-only switch set and use the CLI to install the missing content or remove it from the configuration, or remove the deployment overlay from the xml configuration file and restart.
WFLYSRV0199
org.jboss.as.controller.OperationFailedException
No deployment overlay content with hash %s is available in the deployment content repository.
WFLYSRV0200
org.jboss.as.controller.OperationFailedException
Failed to read file %s
WFLYSRV0201
org.jboss.as.controller.OperationFailedException
Cannot have more than one of %s
WFLYSRV0202
org.jboss.as.controller.OperationFailedException
Unknown content item key: %s
WFLYSRV0203
org.jboss.as.controller.OperationFailedException
Cannot use %s when %s are used
WFLYSRV0204
org.jboss.as.controller.OperationFailedException
Null '%s'
WFLYSRV0205
org.jboss.as.controller.OperationFailedException
There is already a deployment called %s with the same runtime name %s
WFLYSRV0206
java.lang.IllegalStateException
Multiple deployment unit processors registered with priority %s and class %s
WFLYSRV0207
INFO
Starting subdeployment (runtime-name: "%s")
WFLYSRV0208
INFO
Stopped subdeployment (runtime-name: %s) in %dms
WFLYSRV0209
org.jboss.as.controller.OperationFailedException
When specifying a 'module' you also need to specify the 'code'
WFLYSRV0210
java.lang.IllegalStateException
Server is already paused
WFLYSRV0211
INFO
Suspending server with %d ms timeout.
WFLYSRV0212
INFO
Resuming server
WFLYSRV0213
WARN
Failed to connect to host-controller, retrying.
WFLYSRV0215
ERROR
Failed to resume activity %s. To resume normal operation it is recommended that you restart the server.
WFLYSRV0216
ERROR
Error cleaning obsolete content %s
WFLYSRV0219
WARN
%s deployment has been re-deployed, its content will not be removed. You will need to restart it.
WFLYSRV0220
INFO
Server shutdown has been requested via an OS signal
WFLYSRV0221
WARN
Deployment "%s" is using a deprecated module ("%s") which may be removed in future versions without notice.
WFLYSRV0222
java.lang.IllegalArgumentException
Illegal permission name '%s'
WFLYSRV0223
java.lang.IllegalArgumentException
Illegal permission actions '%s'
WFLYSRV0224
ERROR
Could not mount overlay %s as parent %s is not a directory
WFLYSRV0230
DEBUG
Vault is not initialized; resolution of vault expressions is not possible
WFLYSRV0231
java.lang.IllegalStateException
Could not read or create the server UUID in file: %s
WFLYSRV0232
org.jboss.as.controller.OperationFailedException
Could not get module info for module name: %s
WFLYSRV0233
java.lang.String
Undeployed "%s" (runtime-name: "%s")
WFLYSRV0234
java.lang.String
Deployed "%s" (runtime-name : "%s")
WFLYSRV0235
INFO
Security Manager is enabled
WFLYSRV0236
INFO
Suspending server with no timeout.
WFLYSRV0237
org.jboss.as.controller.OperationFailedException
It is not possible to use use-current-server-config=false while specifying a server-config
WFLYSRV0238
org.jboss.as.controller.OperationFailedException
server-config '%s' specified for reload could not be found
WFLYSRV0239
FATAL
Aborting with exit code %d
WFLYSRV0240
INFO
ProcessController has signalled to shut down; shutting down
WFLYSRV0241
INFO
Shutting down in response to management operation '%s'
WFLYSRV0242
org.jboss.as.controller.OperationFailedException
Cannot explode a deployment in a self-contained server
WFLYSRV0243
org.jboss.as.controller.OperationFailedException
Cannot explode an unmanaged deployment
WFLYSRV0244
org.jboss.as.controller.OperationFailedException
Cannot explode an already exploded deployment
WFLYSRV0245
org.jboss.as.controller.OperationFailedException
Cannot explode an already deployed deployment
WFLYSRV0246
org.jboss.as.controller.OperationFailedException
Cannot add content to a deployment in a self-contained server
WFLYSRV0247
org.jboss.as.controller.OperationFailedException
Cannot add content to an unmanaged deployment
WFLYSRV0248
org.jboss.as.controller.OperationFailedException
Cannot add content to an unexploded deployment
WFLYSRV0249
ERROR
Could not copy files from the managed content repository to the running deployment for %s
WFLYSRV0250
org.jboss.as.controller.OperationFailedException
Cannot remove content from a deployment in a self-contained server
WFLYSRV0251
org.jboss.as.controller.OperationFailedException
Cannot remove content from an unmanaged deployment
WFLYSRV0252
org.jboss.as.controller.OperationFailedException
Cannot remove content from an unexploded deployment
WFLYSRV0253
ERROR
Could not delete file %s from the running deployment %s
WFLYSRV0254
org.jboss.as.controller.OperationFailedException
Cannot read content from a deployment in a self-contained server
WFLYSRV0255
org.jboss.as.controller.OperationFailedException
Cannot read content from an unmanaged deployment
WFLYSRV0257
java.lang.IllegalArgumentException
Required system property '%s' not set
WFLYSRV0258
org.jboss.as.controller.OperationFailedException
Cannot explode a subdeployment of an unexploded deployment
WFLYSRV0259
org.jboss.as.controller.OperationFailedException
If attribute secure-socket-binding is defined ssl-context must also be defined
WFLYSRV0260
INFO
Starting server in suspended mode
WFLYSRV0261
java.lang.String
Boot complete
WFLYSRV0262
java.lang.String
You cannot set both --start-mode and --admin-only
WFLYSRV0263
java.lang.String
Unknown start mode %s
WFLYSRV0264
org.jboss.as.controller.OperationFailedException
Cannot specify both admin-only and start-mode
WFLYSRV0265
WARN
Invalid value '%s' for system property '%s' -- value must be a non-negative integer
WFLYSRV0267
javax.xml.stream.XMLStreamException
Cannot mount resource root '%s', is it really an archive?
WFLYSRV0268
java.lang.RuntimeException
Failed to pull the repository %s
WFLYSRV0269
java.lang.RuntimeException
Failed to initialize the repository %s
WFLYSRV0270
ERROR
Failed to publish configuration to %s
WFLYSRV0271
ERROR
Git error: %s
WFLYSRV0272
INFO
Suspending server
WFLYSRV0273
WARN
Excluded subsystem %s via jboss-deployment-structure.xml does not exist.
WFLYSRV0274
WARN
Excluded dependency %s via jboss-deployment-structure.xml does not exist.
WFLYSRV0275
java.lang.RuntimeException
Maximum number of allowed jar resources reached for global-directory module name '%s'. The maximum allowed is %d files
WFLYSRV0276
org.jboss.msc.service.StartException
There is an error in opening zip file %s
WFLYSRV0277
java.lang.RuntimeException
Failed to load SSH Credentials %s
WFLYSRV0278
INFO
The configuration history is managed through Git
WFLYSRV0279
INFO
Git initialized in %s
WFLYSRV0280
java.lang.IllegalArgumentException
Unable to initialise the git repository.
WFLYSRV0281
WARN
System property %s is set. This should only be used for standalone clients. Setting this on the server will override your profile configuration.
WFLYSRV0282
INFO
Server is starting with graceful startup disabled; external requests may receive failure responses until startup completes.
WFLYSRV0283
INFO
A non-graceful startup was requested in conjunction with a suspended startup. The server will start suspended.
WFLYSRV0284
java.lang.RuntimeException
Failed to restore the configuration after failing to initialize the repository %s
WFLYSRV0285
WARN
Vault support has been removed, no vault resources will be initialised.
The required service '%s' is not UP, it is currently '%s'.
WFLYSRV0293
WARN
The '%s' module alias has been added as a dependency to '%s' deployment via %s. While this is allowed, it is recommended to use its target module instead. Consider replacing this alias with its target module '%s'.
WFLYSRV0294
WARN
The '%s' module alias has been excluded from '%s' deployment via %s. While this is allowed, it is recommended to use its target module instead. Consider replacing this alias with its target module '%s'.
WFLYSRV0295
org.jboss.as.controller.OperationFailedException
No %s installation has been prepared.
WFLYSRV0296
java.lang.IllegalStateException
Authentication mechanism authentication is not yet complete
The '%s' attribute is no longer supported. The value [%f] of the '%s' attribute is being combined with the value [%f] of the '%s' attribute and the current processor count [%d] to derive a new value of [%d] for '%s'.
WFLYTHR0002
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0003
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0004
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0005
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0006
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0007
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0008
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0009
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0010
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0011
java.lang.IllegalStateException
The executor service hasn't been initialized.
WFLYTHR0012
java.lang.IllegalStateException
The executor service hasn't been initialized.
WFLYTHR0013
java.lang.IllegalStateException
The executor service hasn't been initialized.
WFLYTHR0014
java.lang.IllegalStateException
The thread factory service hasn't been initialized.
WFLYTHR0015
java.lang.IllegalStateException
The executor service hasn't been initialized.
WFLYTHR0016
org.jboss.as.controller.OperationFailedException
Service '%s' not found.
WFLYTHR0017
org.jboss.as.controller.OperationFailedException
Service '%s' not found.
WFLYTHR0018
org.jboss.as.controller.OperationFailedException
Service '%s' not found.
WFLYTHR0019
org.jboss.as.controller.OperationFailedException
Service '%s' not found.
WFLYTHR0020
org.jboss.as.controller.OperationFailedException
Service '%s' not found.
WFLYTHR0021
org.jboss.as.controller.OperationFailedException
Failed to locate executor service '%s'
WFLYTHR0024
org.jboss.as.controller.OperationFailedException
Missing '%s' for parameter '%s'
WFLYTHR0025
org.jboss.as.controller.OperationFailedException
Missing '%s' for parameter '%s'
WFLYTHR0027
javax.xml.stream.XMLStreamException
%s must be greater than or equal to zero
WFLYTHR0028
javax.xml.stream.XMLStreamException
%s must be greater than or equal to zero
WFLYTHR0029
org.jboss.as.controller.OperationFailedException
Missing '%s' for '%s'
WFLYTHR0030
org.jboss.as.controller.OperationFailedException
Failed to parse '%s', allowed values are: %s
WFLYTHR0031
java.lang.IllegalStateException
Unsupported attribute '%s'
WFLYTHR0032
org.jboss.as.controller.OperationFailedException
Service '%s' not found.
WFLYTHR0033
java.lang.IllegalStateException
The executor service hasn't been initialized.
WFLYTHR0034
java.lang.IllegalStateException
Unsupported metric '%s'
WFLYTRACEXT
Code
Level
Return Type
Message
WFLYTRACEXT0001
INFO
Activating MicroProfile OpenTracing Subsystem
WFLYTRACEXT0013
org.jboss.as.controller.OperationFailedException
The migrate operation cannot be performed: the server must be in admin-only mode
WFLYTRACEXT0014
java.lang.String
Migration failed. See results for more details.
WFLYTX
Code
Level
Return Type
Message
WFLYTX0001
ERROR
Unable to roll back active transaction
WFLYTX0002
ERROR
Unable to get transaction state
WFLYTX0003
ERROR
APPLICATION ERROR: transaction still active in request with status %s
WFLYTX0004
org.jboss.msc.service.StartException
Create failed
WFLYTX0005
org.jboss.msc.service.StartException
%s manager create failed
WFLYTX0006
org.jboss.msc.service.StartException
Failed to configure object store browser bean
WFLYTX0007
java.lang.IllegalStateException
Service not started
WFLYTX0008
org.jboss.msc.service.StartException
Start failed
WFLYTX0009
java.lang.String
Unknown metric %s
WFLYTX0010
java.lang.RuntimeException
MBean Server service not installed, this functionality is not available if the JMX subsystem has not been installed.
WFLYTX0012
org.jboss.as.controller.OperationFailedException
Attributes %s and %s are alternatives; both cannot be set with conflicting values.
WFLYTX0013
WARN
The %s attribute on the %s is set to the default value. This is a danger for environments running multiple servers. Please make sure the attribute value is unique.
WFLYTX0015
org.jboss.as.controller.OperationFailedException
Jndi names have to start with java:/ or java:jboss/
WFLYTX0023
org.jboss.as.controller.OperationFailedException
%s must be undefined if %s is 'true'.
WFLYTX0024
org.jboss.as.controller.OperationFailedException
%s must be defined if %s is defined.
WFLYTX0025
org.jboss.as.controller.OperationFailedException
Either %s must be 'true' or %s must be defined.
WFLYTX0026
WARN
The transaction %s could not be removed from the cache during cleanup.
WFLYTX0027
WARN
The pre-Jakarta Connectors synchronization %s associated with tx %s failed during after completion
WFLYTX0028
WARN
The Jakarta Connectors synchronization %s associated with tx %s failed during after completion
WFLYTX0029
java.lang.IllegalStateException
Syncs are not allowed to be registered when the tx is in state %s
WFLYTX0030
java.lang.IllegalStateException
Indexed child resources can only be registered if the parent resource supports ordered children. The parent of '%s' is not indexed
WFLYTX0031
javax.xml.stream.XMLStreamException
The attribute '%s' is no longer supported
WFLYTX0032
org.jboss.as.controller.OperationFailedException
%s must be defined if %s is 'true'.
WFLYTX0033
org.jboss.as.controller.OperationFailedException
Only one of %s and %s can be 'true'.
WFLYTX0034
DEBUG
relative_to property of the object-store is set to the default value with jboss.server.data.dir
WFLYTX0035
jakarta.resource.spi.work.WorkCompletedException
Cannot find or import inflow transaction for xid %s and work %s
WFLYTX0036
jakarta.resource.spi.work.WorkCompletedException
Imported Jakarta Connectors inflow transaction with xid %s of work %s is inactive
WFLYTX0037
jakarta.resource.spi.work.WorkCompletedException
Unexpected error on resuming transaction %s for work %s
WFLYTX0038
java.lang.RuntimeException
Unexpected error on suspending transaction for work %s
WFLYTX0039
WARN
A value of zero is not permitted for the maximum timeout, as such the timeout has been set to %s
WFLYTX0040
java.lang.IllegalStateException
There is no active transaction at the current context to register synchronization '%s'
WFLYTXLRACOORD
Code
Level
Return Type
Message
WFLYTXLRACOORD0001
INFO
Activating MicroProfile LRA Coordinator Subsystem
WFLYTXLRACOORD0002
org.jboss.msc.service.StartException
LRA recovery service start failed
WFLYTXLRACOORD0003
INFO
Starting Narayana MicroProfile LRA Coordinator available at path %s/lra-coordinator
WFLYTXLRACOORD0004
ERROR
Failed to stop Narayana MicroProfile LRA Coordinator at path %s/lra-coordinator
WFLYTXLRAPARTICIPANT
Code
Level
Return Type
Message
WFLYTXLRAPARTICIPANT0001
INFO
Activating MicroProfile LRA Participant Subsystem with system property (lra.coordinator.url) value as %s
WFLYTXLRAPARTICIPANT0002
INFO
Starting Narayana MicroProfile LRA Participant Proxy available at path %s/lra-participant-narayana-proxy
WFLYTXLRAPARTICIPANT0003
WARN
The CDI marker file cannot be created
WFLYTXLRAPARTICIPANT0004
ERROR
Failed to stop Narayana MicroProfile LRA Participant Proxy at path %s//lra-participant-narayana-proxy
WFLYUT
Code
Level
Return Type
Message
WFLYUT0001
ERROR
Could not initialize Jakarta Server Pages
WFLYUT0003
INFO
Undertow %s starting
WFLYUT0004
INFO
Undertow %s stopping
WFLYUT0005
WARN
Secure listener for protocol: '%s' not found! Using non secure port!
WFLYUT0006
INFO
Undertow %s listener %s listening on %s:%d
WFLYUT0007
INFO
Undertow %s listener %s stopped, was bound to %s:%d
WFLYUT0008
INFO
Undertow %s listener %s suspending
WFLYUT0009
INFO
Could not load class designated by HandlesTypes [%s].
WFLYUT0010
WARN
Could not load web socket endpoint %s.
WFLYUT0011
WARN
Could not load web socket application config %s.
WFLYUT0012
INFO
Started server %s.
WFLYUT0013
WARN
Could not create redirect URI.
WFLYUT0014
INFO
Creating file handler for path '%s' with options [directory-listing: '%s', follow-symlink: '%s', case-sensitive: '%s', safe-symlink-paths: '%s']
WFLYUT0016
WARN
Could not resolve name in absolute ordering: %s
WFLYUT0017
WARN
Could not delete servlet temp file %s
WFLYUT0018
INFO
Host %s starting
WFLYUT0019
INFO
Host %s stopping
WFLYUT0020
WARN
Clustering not supported, falling back to non-clustered session manager
WFLYUT0021
INFO
Registered web context: '%s' for server '%s'
WFLYUT0022
INFO
Unregistered web context: '%s' from server '%s'
WFLYUT0023
INFO
Skipped SCI for jar: %s.
WFLYUT0024
WARN
Failed to persist session attribute %s with value %s for session %s
WFLYUT0027
java.lang.String
Failed to parse XML descriptor %s at [%s,%s]
WFLYUT0028
java.lang.String
Failed to parse XML descriptor %s
WFLYUT0029
java.lang.String
@WebServlet is only allowed at class level %s
WFLYUT0030
java.lang.String
@WebInitParam requires name and value on %s
WFLYUT0031
java.lang.String
@WebFilter is only allowed at class level %s
WFLYUT0032
java.lang.String
@WebListener is only allowed at class level %s
WFLYUT0033
java.lang.String
@RunAs needs to specify a role name on %s
WFLYUT0034
java.lang.String
@DeclareRoles needs to specify role names on %s
WFLYUT0035
java.lang.String
@MultipartConfig is only allowed at class level %s
WFLYUT0036
java.lang.String
@ServletSecurity is only allowed at class level %s
WFLYUT0037
java.lang.RuntimeException
%s has the wrong component type, it cannot be used as a web component
mod_cluster advertise socket binding requires multicast address to be set
WFLYUT0074
ERROR
Could not find TLD %s
WFLYUT0075
java.lang.IllegalArgumentException
Cannot register resource of type %s
WFLYUT0076
java.lang.IllegalArgumentException
Cannot remove resource of type %s
WFLYUT0077
ERROR
Error invoking secure response
WFLYUT0078
ERROR
Failed to register management view for websocket %s at %s
WFLYUT0079
java.lang.IllegalStateException
No SSL Context available from security realm '%s'. Either the realm is not configured for SSL, or the server has not been reloaded since the SSL config was added.
WFLYUT0080
WARN
Valves are no longer supported, %s is not activated.
WFLYUT0081
WARN
The deployment %s will not be distributable because this feature is disabled in web-fragment.xml of the module %s.
WFLYUT0082
org.jboss.msc.service.StartException
Could not start '%s' listener.
WFLYUT0083
java.lang.String
%s is not allowed to be null
WFLYUT0087
java.lang.IllegalArgumentException
Duplicate default web module '%s' configured on server '%s', host '%s'
WFLYUT0089
java.lang.String
Predicate %s was not valid, message was: %s
WFLYUT0090
java.lang.IllegalArgumentException
Key alias %s does not exist in the configured key store
WFLYUT0091
java.lang.IllegalArgumentException
Key store entry %s is not a private key entry
WFLYUT0092
java.lang.IllegalArgumentException
Credential alias %s does not exist in the configured credential store
WFLYUT0093
java.lang.IllegalArgumentException
Credential %s is not a clear text password
WFLYUT0094
WARN
Configuration option [%s] ignored when using Elytron subsystem
WFLYUT0095
java.lang.String
the path ['%s'] doesn't exist on file system
WFLYUT0097
java.lang.String
If http-upgrade is enabled, remoting worker and http(s) worker must be the same. Please adjust values if need be.
The deployment is configured to use legacy security which is no longer available.
WFLYUT0109
org.jboss.msc.service.StartException
The deployment is configured to use legacy security which is no longer supported.
WFLYUT0110
org.jboss.as.controller.OperationFailedException
The use of security realms at runtime is unsupported.
WFLYUT0111
WARN
The annotation: '%s' will have no effect on Servlet: '%s'
WFLYWELD
Code
Level
Return Type
Message
WFLYWELD-001
DEBUG
Discovered %s
WFLYWELD0000
DEBUG
Unable to load annotation %s
WFLYWELD0001
ERROR
Failed to setup Weld contexts
WFLYWELD0002
ERROR
Failed to tear down Weld contexts
WFLYWELD0003
INFO
Processing weld deployment %s
WFLYWELD0005
ERROR
Could not find BeanManager for deployment %s
WFLYWELD0006
DEBUG
Starting Services for Jakarta Contexts and Dependency Injection deployment: %s
WFLYWELD0007
WARN
Could not load portable extension class %s
WFLYWELD0008
WARN
@Resource injection of type %s is not supported for non-Jakarta Enterprise Beans components. Injection point: %s
WFLYWELD0009
DEBUG
Starting weld service for deployment %s
WFLYWELD0010
DEBUG
Stopping weld service for deployment %s
WFLYWELD0011
WARN
Warning while parsing %s:%s %s
WFLYWELD0012
WARN
Warning while parsing %s:%s %s
WFLYWELD0013
WARN
Deployment %s contains Jakarta Contexts and Dependency Injection annotations but no bean archive was found (no beans.xml or class with bean defining annotations was present).
WFLYWELD0014
ERROR
Exception tearing down thread state
WFLYWELD0016
ERROR
Could not read entries
WFLYWELD0017
WARN
URL scanner does not understand the URL protocol %s, Jakarta Contexts and Dependency Injection beans will not be scanned.
WFLYWELD0018
WARN
Found both WEB-INF/beans.xml and WEB-INF/classes/META-INF/beans.xml. It is not portable to use both locations at the same time. Weld is going to use the former location for this deployment.
Service %s didn't implement the jakarta.enterprise.inject.spi.Extension interface
WFLYWELD0022
java.lang.IllegalArgumentException
View of type %s not found on Jakarta Enterprise Beans %s
WFLYWELD0030
java.lang.IllegalArgumentException
Unknown interceptor class for Jakarta Contexts and Dependency Injection %s
WFLYWELD0031
java.lang.IllegalArgumentException
%s cannot be null
WFLYWELD0032
java.lang.IllegalArgumentException
Injection point represents a method which doesn't follow JavaBean conventions (must have exactly one parameter) %s
WFLYWELD0033
java.lang.IllegalArgumentException
%s annotation not found on %s
WFLYWELD0034
java.lang.IllegalStateException
Could not resolve @EJB injection for %s on %s
WFLYWELD0035
java.lang.IllegalStateException
Resolved more than one Jakarta Enterprise Beans for @EJB injection of %s on %s. Found %s
WFLYWELD0036
java.lang.IllegalArgumentException
Could not determine bean class from injection point type of %s
WFLYWELD0037
java.lang.IllegalArgumentException
Error injecting persistence unit into Jakarta Contexts and Dependency Injection managed bean. Can't find a persistence unit named '%s' in deployment %s for injection point %s
WFLYWELD0038
java.lang.IllegalStateException
Could not inject SecurityManager, security is not enabled
WFLYWELD0039
java.lang.IllegalStateException
Singleton not set for %s. This means that you are trying to access a weld deployment with a Thread Context ClassLoader that is not associated with the deployment.
WFLYWELD0040
java.lang.IllegalStateException
%s is already running
WFLYWELD0041
java.lang.IllegalStateException
%s is not started
WFLYWELD0043
java.lang.IllegalArgumentException
BeanDeploymentArchive with id %s not found in deployment
WFLYWELD0044
java.lang.IllegalArgumentException
Error injecting resource into Jakarta Contexts and Dependency Injection managed bean. Can't find a resource named %s
WFLYWELD0045
java.lang.IllegalArgumentException
Cannot determine resource name. Both jndiName and mappedName are null
WFLYWELD0046
java.lang.IllegalArgumentException
Cannot inject injection point %s
WFLYWELD0047
java.lang.IllegalStateException
%s cannot be used at runtime
WFLYWELD0048
java.lang.String
These attributes must be 'true' for use with CDI 1.0 '%s'
WFLYWELD0049
java.lang.IllegalArgumentException
Error injecting resource into Jakarta Contexts and Dependency Injection managed bean. Can't find a resource named %s defined on %s
Using deployment classloader to load proxy classes for module %s. Package-private access will not work. To fix this the module should declare dependencies on %s
WFLYWELD0053
java.lang.IllegalStateException
Component interceptor support not available for: %s
WFLYWELD0054
WARN
Could not read provided index of an external bean archive: %s
WFLYWELD0055
WARN
Could not index class [%s] from an external bean archive: %s
WFLYWELD0056
java.lang.IllegalStateException
Weld is not initialized yet
WFLYWELD0057
java.lang.IllegalStateException
Persistence unit '%s' failed.
WFLYWELD0058
java.lang.IllegalStateException
Persistence unit '%s' removed.
WFLYWELDEJB
Code
Level
Return Type
Message
WFLYWELDEJB0001
jakarta.ejb.NoSuchEJBException
EJB has been removed: %s
WFLYWS
Code
Level
Return Type
Message
WFLYWS0001
WARN
Cannot load WS deployment aspects from %s
WFLYWS0002
INFO
Activating WebServices Extension
WFLYWS0003
INFO
Starting %s
WFLYWS0004
INFO
Stopping %s
WFLYWS0005
FATAL
Error while creating configuration service
WFLYWS0006
ERROR
Error while destroying configuration service
WFLYWS0007
WARN
Could not read WSDL from: %s
WFLYWS0008
WARN
[JAXWS 2.2 spec, section 7.7] The @WebService and @WebServiceProvider annotations are mutually exclusive - %s won't be considered as a webservice endpoint, since it doesn't meet that requirement
WFLYWS0009
WARN
WebService endpoint class cannot be final - %s won't be considered as a webservice endpoint
WFLYWS0010
WARN
Ignoring without and : %s
WFLYWS0011
ERROR
Cannot register record processor in JMX server
WFLYWS0012
ERROR
Cannot unregister record processor from JMX server
WFLYWS0013
INFO
MBeanServer not available, skipping registration/unregistration of %s
WFLYWS0014
WARN
Multiple Enterprise Beans 3 endpoints in the same deployment with different declared security roles; be aware this might be a security risk if you're not controlling allowed roles (@RolesAllowed) on each ws endpoint method.
WFLYWS0015
ERROR
Cannot register endpoint: %s in JMX server
WFLYWS0016
ERROR
Cannot unregister endpoint: %s from JMX server
WFLYWS0017
WARN
Invalid handler chain file: %s
WFLYWS0018
ERROR
Web service method %s must not be static or final. See section 5.3.2.4.2 of "Jakarta Enterprise Web Services 2.0".
WFLYWS0019
ERROR
Web service method %s must be public. See section 5.3.2.4.2 of "Jakarta Enterprise Web Services 2.0".
WFLYWS0020
ERROR
Web service implementation class %s does not contain method %s
WFLYWS0021
ERROR
Web service implementation class %s does not contain an accessible method %s
WFLYWS0022
ERROR
Web service implementation class %s may not declare a finalize() method. See section 5.3.2.4.2 of "Jakarta Enterprise Web Services 2.0".
WFLYWS0023
java.lang.NullPointerException
Null endpoint name
WFLYWS0024
java.lang.NullPointerException
Null endpoint class
WFLYWS0025
java.lang.IllegalStateException
Cannot resolve module or classloader for deployment %s
WFLYWS0026
jakarta.xml.ws.WebServiceException
Handler chain config file %s not found in %s
WFLYWS0027
java.lang.IllegalStateException
Unexpected element: %s
WFLYWS0028
java.lang.IllegalStateException
Unexpected end tag: %s
WFLYWS0029
java.lang.IllegalStateException
Reached end of xml document unexpectedly
WFLYWS0030
java.lang.IllegalStateException
Could not find class attribute for deployment aspect
WFLYWS0031
java.lang.IllegalStateException
Could not create a deployment aspect of class: %s
WFLYWS0032
java.lang.IllegalStateException
Could not find property name attribute for deployment aspect: %s
WFLYWS0033
java.lang.IllegalStateException
Could not find property class attribute for deployment aspect: %s
WFLYWS0034
java.lang.IllegalArgumentException
Unsupported property class: %s
WFLYWS0035
java.lang.IllegalStateException
Could not create list of type: %s
WFLYWS0036
java.lang.IllegalStateException
Could not create map of type: %s
WFLYWS0037
java.lang.String
No metrics available
WFLYWS0038
java.lang.IllegalStateException
Cannot find component view: %s
WFLYWS0039
java.io.IOException
Child '%s' not found for VirtualFile: %s
WFLYWS0040
java.lang.Exception
Failed to create context
WFLYWS0041
java.lang.Exception
Failed to start context
WFLYWS0042
java.lang.Exception
Failed to stop context
WFLYWS0043
java.lang.Exception
Failed to destroy context
WFLYWS0044
java.lang.IllegalStateException
Cannot create servlet delegate: %s
WFLYWS0045
java.lang.IllegalStateException
Cannot obtain deployment property: %s
WFLYWS0046
java.lang.IllegalStateException
Multiple security domains not supported. First domain: '%s' second domain: '%s'
WFLYWS0047
java.lang.IllegalArgumentException
Web Service endpoint %s with URL pattern %s is already registered. Web service endpoint %s is requesting the same URL pattern.
%s library (%s) detected in ws endpoint deployment; either provide a proper deployment replacing embedded libraries with container module dependencies or disable the webservices subsystem for the current deployment adding a proper jboss-deployment-structure.xml descriptor to it. The former approach is recommended, as the latter approach causes most of the webservices Jakarta EE and any JBossWS specific functionality to be disabled.
Could not update WS server configuration because of existing WS deployment on the server.
WFLYWS0065
WARN
Annotation '@%s' found on class '%s'. Perhaps you forgot to add a '%s' module dependency to your deployment?
WFLYWS0066
org.jboss.wsf.spi.WSFException
Servlet class %s declared in web.xml; either provide a proper deployment relying on JBossWS or disable the webservices subsystem for the current deployment adding a proper jboss-deployment-structure.xml descriptor to it. The former approach is recommended, as the latter approach causes most of the webservices Jakarta EE and any JBossWS specific functionality to be disabled.
WFLYWS0067
ERROR
Could not activate the webservices subsystem.
WFLYWS0068
WARN
A potentially problematic %s library (%s) detected in ws endpoint deployment; Check if this library can be replaced with container module
WFLYWS0070
DEBUG
Authorization failed for user: %s
WFLYWS0071
DEBUG
Failed to authenticate username %s:, incorrect username/password
WFLYWS0072
DEBUG
Error occured when authenticate username %s. Exception message: %s
WFLYWS0073
java.lang.IllegalStateException
The target endpoint %s is undeploying or stopped
WFLYWS0074
java.lang.IllegalStateException
The deployment is configured to use legacy security which is no longer supported.
WFLYXTS
Code
Level
Return Type
Message
WFLYXTS0001
org.jboss.msc.service.StartException
TxBridge inbound recovery service start failed
WFLYXTS0002
org.jboss.msc.service.StartException
TxBridge outbound recovery service start failed
WFLYXTS0003
org.jboss.msc.service.StartException
XTS service start failed
WFLYXTS0004
java.lang.IllegalStateException
Service not started
WFLYXTS0009
WARN
Rejecting call because it is not part of any XTS transaction
WFLYXTS0010
ERROR
Cannot get transaction status on handling context %s
WFNAM
Code
Level
Return Type
Message
WFNAM-0001
TRACE
Service configuration failure loading naming providers
Renaming from "%s" to "%s" across providers is not supported
WFNAM00015
javax.naming.NotContextException
Composite name segment "%s" does not refer to a context
WFNAM00016
DEBUG
Closing context "%s" failed
WFNAM00017
javax.naming.CommunicationException
No JBoss Remoting endpoint has been configured
WFNAM00018
javax.naming.CommunicationException
Failed to connect to remote host
WFNAM00019
javax.naming.InterruptedNamingException
Naming operation interrupted
WFNAM00020
javax.naming.CommunicationException
Remote naming operation failed
WFNAM00022
javax.naming.CommunicationException
The server provided no compatible protocol versions
WFNAM00023
javax.naming.CommunicationException
Received an invalid response from the server
WFNAM00024
javax.naming.OperationNotSupportedException
Naming operation not supported
WFNAM00025
INFO
org.jboss.naming.remote.client.InitialContextFactory is deprecated; new applications should use org.wildfly.naming.client.WildFlyInitialContextFactory instead
WFNAM00026
javax.naming.OperationNotSupportedException
No provider for found for URI: %s
WFNAM00029
javax.naming.CommunicationException
Invalid leading bytes in header
WFNAM00031
java.io.IOException
Outcome not understood
WFNAM00032
javax.naming.AuthenticationException
Peer authentication failed
WFNAM00033
javax.naming.AuthenticationException
Connection sharing not supported
WFNAM00034
ERROR
Unexpected parameter type - expected: %d received: %d
WFNAM00035
ERROR
Failed to send exception response to client
WFNAM00036
WARN
Unexpected internal error
WFNAM00037
ERROR
null correlationId so error not sent to client
WFNAM00038
java.io.IOException
Unrecognized messageId
WFNAM00039
ERROR
Unable to send header, closing channel
WFNAM00040
java.lang.IllegalArgumentException
Unsupported protocol version [ %d ]
WFNAM00041
ERROR
Error determining version selected by client
WFNAM00043
java.lang.RuntimeException
Unable to load callback handler class "%s"
WFNAM00044
javax.naming.NamingException
Unable to instantiate callback handler instance of type "%s"
WFNAM00049
INFO
Usage of the legacy "remote.connections" property is deprecated; please use javax.naming.Context#PROVIDER_URL instead
WFNAM00051
WARN
Provider URLs already given via standard mechanism; ignoring legacy property-based connection configuration
WFNAM00052
javax.naming.ConfigurationException
Invalid value given for property "%s": "%s" is not numeric
Balancing token count must be greater than zero and less than thread count
XNIO007002
java.lang.IllegalArgumentException
Balancing connection count must be greater than zero when tokens are used
XNIO007003
java.lang.IllegalArgumentException
Buffer is too large
XNIO007004
java.lang.IllegalStateException
No functional selector provider is available
XNIO007005
java.lang.IllegalStateException
Unexpected exception opening a selector
XNIO007006
java.lang.IllegalArgumentException
XNIO IO factory is from the wrong provider
XNIO007007
java.util.concurrent.RejectedExecutionException
Thread is terminating
XNIO008000
WARN
Received an I/O error on selection: %s
XNIO008001
WARN
Socket accept failed, backing off for %2$d milliseconds: %1$s
jlibaio
Code
Level
Return Type
Message
jlibaio163001
WARN
You have a native library with a different version than expected
\ No newline at end of file
diff --git a/latest/wildscribe/path/index.html b/latest/wildscribe/path/index.html
new file mode 100644
index 000000000..f338306bb
--- /dev/null
+++ b/latest/wildscribe/path/index.html
@@ -0,0 +1,45 @@
+ WildFly Full 29 Model Reference
name The name of the path. Cannot be one of the standard fixed paths provided by the system: jboss.home - the root directory of the JBoss AS distribution; user.home - user's home directory; user.dir - user's current working directory; java.home - java installation directory; jboss.server.base.dir - root directory for an individual server instance. Note that the system provides other standard paths that can be overridden by declaring them in the configuration file. See the 'relative-to' attribute documentation for a complete list of standard paths.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
path The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
read-only True if added by the system, false if configured by user. If true, the path cannot be removed or modified.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution; user.home - user's home directory; user.dir - user's current working directory; java.home - java installation directory; jboss.server.base.dir - root directory for an individual server instance; jboss.server.data.dir - directory the server will use for persistent data file storage; jboss.server.log.dir - directory the server will use for log file storage; jboss.server.tmp.dir - directory the server will use for temporary file storage; jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
relative-to
STRING
false
false
The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution; user.home - user's home directory; user.dir - user's current working directory; java.home - java installation directory; jboss.server.base.dir - root directory for an individual server instance; jboss.server.data.dir - directory the server will use for persistent data file storage; jboss.server.log.dir - directory the server will use for log file storage; jboss.server.tmp.dir - directory the server will use for temporary file storage; jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
path-info Obtain the informations for a filesystem path.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
unit
STRING
false
false
BYTES
Disk space unit to display disk usage.
Reply properties
Filesystem path for which to obtain disk usage.
type
OBJECT
Value Type
{
+ "used-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of the contents of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ },
+ "creation-time" => {
+ "type" => STRING,
+ "description" => "The creation time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "last-modified" => {
+ "type" => STRING,
+ "description" => "The last modified time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "resolved-path" => {
+ "type" => STRING,
+ "description" => "The resolved filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "available-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of available space for the partition containing a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ }
+}
\ No newline at end of file
diff --git a/latest/wildscribe/socket-binding-group/index.html b/latest/wildscribe/socket-binding-group/index.html
new file mode 100644
index 000000000..d5f6790c9
--- /dev/null
+++ b/latest/wildscribe/socket-binding-group/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/socket-binding-group/local-destination-outbound-socket-binding/index.html b/latest/wildscribe/socket-binding-group/local-destination-outbound-socket-binding/index.html
new file mode 100644
index 000000000..b9f89623f
--- /dev/null
+++ b/latest/wildscribe/socket-binding-group/local-destination-outbound-socket-binding/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
source-port The port number which will be used as the source port of the outbound socket.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
65,535
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add Adds a local destination outbound socket binding to a socket binding group
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
fixed-source-port
BOOLEAN
false
true
false
Whether the port value should remain fixed even if numeric offsets are applied to the other outbound sockets in the socket group.
socket-binding-ref
STRING
true
true
The name of the local socket-binding which will be used to determine the port to which this outbound socket connects.
source-interface
STRING
false
true
The name of the interface which will be used for the source address of the outbound socket.
source-port
INT
false
true
The port number which will be used as the source port of the outbound socket.
remove Removes a local destination outbound socket binding from a socket binding group
\ No newline at end of file
diff --git a/latest/wildscribe/socket-binding-group/remote-destination-outbound-socket-binding/index.html b/latest/wildscribe/socket-binding-group/remote-destination-outbound-socket-binding/index.html
new file mode 100644
index 000000000..3e84fed1f
--- /dev/null
+++ b/latest/wildscribe/socket-binding-group/remote-destination-outbound-socket-binding/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
source-port The port number which will be used as the source port of the outbound socket.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
65,535
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add Adds a remote destination outbound socket binding to a socket binding group
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
fixed-source-port
BOOLEAN
false
true
false
Whether the port value should remain fixed even if numeric offsets are applied to the other outbound sockets in the socket group.
host
STRING
true
true
The host name or the IP address of the remote destination to which this outbound socket will connect.
port
INT
true
true
The port number of the remote destination to which the outbound socket should connect.
source-interface
STRING
false
true
The name of the interface which will be used for the source address of the outbound socket.
source-port
INT
false
true
The port number which will be used as the source port of the outbound socket.
remove Removes a remote destination outbound socket binding from a socket binding group
\ No newline at end of file
diff --git a/latest/wildscribe/socket-binding-group/socket-binding/index.html b/latest/wildscribe/socket-binding-group/socket-binding/index.html
new file mode 100644
index 000000000..cc2f2ddf4
--- /dev/null
+++ b/latest/wildscribe/socket-binding-group/socket-binding/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
bound Whether an actual socket using this socket binding configuration has been bound.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
bound-address The address to which the actual socket using this socket binding configuration has been bound, or undefined if no socket has been bound.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
bound-port The port to which the actual socket using this socket binding configuration has been bound, or undefined if no socket has been bound.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Min
1
Max
2,147,483,647
Storage
runtime
Access Type
read-only
client-mappings Specifies zero or more client mappings for this socket binding. A client connecting to this socket should use the destination address specified in the mapping that matches its desired outbound interface. This allows for advanced network topologies that use either network address translation, or have bindings on multiple network interfaces to function. Each mapping should be evaluated in declared order, with the first successful match used to determine the destination.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
fixed-port Whether the port value should remain fixed even if numeric offsets are applied to the other sockets in the socket group.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
interface Name of the interface to which the socket should be bound, or, for multicast sockets, the interface on which it should listen. This should be one of the declared interfaces.
multicast-address Multicast address on which the socket should receive multicast traffic. If unspecified, the socket will not be configured to receive multicast.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
multicast-port Port on which the socket should receive multicast traffic. Must be configured if 'multicast-address' is configured.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
65,535
Storage
configuration
Access Type
read-write
Restart Required
all-services
name The name of the socket. Services which need to access the socket configuration information will find it using this name.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
port Number of the port to which the socket should be bound.
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
65,535
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add Adds a socket binding configuration to the group.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
client-mappings
LIST
false
false
Specifies zero or more client mappings for this socket binding. A client connecting to this socket should use the destination address specified in the mapping that matches its desired outbound interface. This allows for advanced network topologies that use either network address translation, or have bindings on multiple network interfaces to function. Each mapping should be evaluated in declared order, with the first successful match used to determine the destination.
fixed-port
BOOLEAN
false
true
false
Whether the port value should remain fixed even if numeric offsets are applied to the other sockets in the socket group.
interface
STRING
false
true
Name of the interface to which the socket should be bound, or, for multicast sockets, the interface on which it should listen. This should be one of the declared interfaces.
multicast-address
STRING
false
true
Multicast address on which the socket should receive multicast traffic. If unspecified, the socket will not be configured to receive multicast.
multicast-port
INT
false
true
Port on which the socket should receive multicast traffic. Must be configured if 'multicast-address' is configured.
port
INT
false
true
0
Number of the port to which the socket should be bound.
remove Removes a socket binding configuration from the group.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/batch-jberet/in-memory-job-repository/index.html b/latest/wildscribe/subsystem/batch-jberet/in-memory-job-repository/index.html
new file mode 100644
index 000000000..1727671e0
--- /dev/null
+++ b/latest/wildscribe/subsystem/batch-jberet/in-memory-job-repository/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/batch-jberet/index.html b/latest/wildscribe/subsystem/batch-jberet/index.html
new file mode 100644
index 000000000..93178e08c
--- /dev/null
+++ b/latest/wildscribe/subsystem/batch-jberet/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
jdbc-job-repository A job repository that stores job information in a database.
thread-factory The thread factory used for the thread-pool.
thread-pool The thread pool used for batch jobs. Note that the max-thread attribute should always be greater than 3. Two threads are reserved to ensure partition jobs can execute.
restart-jobs-on-resume If set to true when a resume operation has been invoked after a suspend operation any jobs stopped during the suspend will be restarted. A value of false will leave the jobs in a stopped state.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
security-domain References the security domain for batch jobs. This can only be defined if the Elytron subsystem is available.
If set to true when a resume operation has been invoked after a suspend operation any jobs stopped during the suspend will be restarted. A value of false will leave the jobs in a stopped state.
security-domain
STRING
false
false
References the security domain for batch jobs. This can only be defined if the Elytron subsystem is available.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/batch-jberet/jdbc-job-repository/index.html b/latest/wildscribe/subsystem/batch-jberet/jdbc-job-repository/index.html
new file mode 100644
index 000000000..808aa3b05
--- /dev/null
+++ b/latest/wildscribe/subsystem/batch-jberet/jdbc-job-repository/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/batch-jberet/thread-factory/index.html b/latest/wildscribe/subsystem/batch-jberet/thread-factory/index.html
new file mode 100644
index 000000000..40bf7cb09
--- /dev/null
+++ b/latest/wildscribe/subsystem/batch-jberet/thread-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
priority May be used to specify the thread priority of created threads.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
10
Storage
configuration
Access Type
read-write
Restart Required
no-services
thread-name-pattern The template used to create names for threads. The following patterns may be used: %% - emit a percent sign %t - emit the per-factory thread sequence number %g - emit the global thread sequence number %f - emit the factory sequence number %i - emit the thread ID.
Specifies the name of a thread group to create for this thread factory.
priority
INT
false
true
May be used to specify the thread priority of created threads.
thread-name-pattern
STRING
false
true
The template used to create names for threads. The following patterns may be used: %% - emit a percent sign %t - emit the per-factory thread sequence number %g - emit the global thread sequence number %f - emit the factory sequence number %i - emit the thread ID.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/batch-jberet/thread-pool/index.html b/latest/wildscribe/subsystem/batch-jberet/thread-pool/index.html
new file mode 100644
index 000000000..4c24a9cb6
--- /dev/null
+++ b/latest/wildscribe/subsystem/batch-jberet/thread-pool/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The thread pool used for batch jobs. Note that the max-thread attribute should always be greater than 3. Two threads are reserved to ensure partition jobs can execute.
keepalive-time Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
largest-thread-count The largest number of threads that have ever simultaneously been in the pool.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
max-threads The maximum thread pool size. Note this should always be greater than 3. Two threads are reserved to ensure partition jobs can execute as expected.
rejected-count The number of tasks that have been rejected.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
task-count The approximate total number of tasks that have ever been scheduled for execution.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
thread-factory Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
max-threads
INT
true
true
The maximum thread pool size. Note this should always be greater than 3. Two threads are reserved to ensure partition jobs can execute as expected.
thread-factory
STRING
false
false
Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/bean-validation/index.html b/latest/wildscribe/subsystem/bean-validation/index.html
new file mode 100644
index 000000000..c00f53ba7
--- /dev/null
+++ b/latest/wildscribe/subsystem/bean-validation/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/core-management/index.html b/latest/wildscribe/subsystem/core-management/index.html
new file mode 100644
index 000000000..d955a75ad
--- /dev/null
+++ b/latest/wildscribe/subsystem/core-management/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/core-management/process-state-listener/index.html b/latest/wildscribe/subsystem/core-management/process-state-listener/index.html
new file mode 100644
index 000000000..6a03158cc
--- /dev/null
+++ b/latest/wildscribe/subsystem/core-management/process-state-listener/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/core-management/service/configuration-changes/index.html b/latest/wildscribe/subsystem/core-management/service/configuration-changes/index.html
new file mode 100644
index 000000000..c74ebe272
--- /dev/null
+++ b/latest/wildscribe/subsystem/core-management/service/configuration-changes/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove Remove the configuration changes and clear the history.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/datasources-agroal/datasource/index.html b/latest/wildscribe/subsystem/datasources-agroal/datasource/index.html
new file mode 100644
index 000000000..813fec261
--- /dev/null
+++ b/latest/wildscribe/subsystem/datasources-agroal/datasource/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/datasources-agroal/driver/index.html b/latest/wildscribe/subsystem/datasources-agroal/driver/index.html
new file mode 100644
index 000000000..df245d904
--- /dev/null
+++ b/latest/wildscribe/subsystem/datasources-agroal/driver/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add operation for a driver resource in the model
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
class
STRING
false
false
Fully qualified name of the connection provider class (either Driver, DataSource or XADataSource)
module
STRING
true
false
Name of module providing this driver
remove Remove operation for a the driver resource in the model
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/datasources-agroal/index.html b/latest/wildscribe/subsystem/datasources-agroal/index.html
new file mode 100644
index 000000000..fbcddb8fb
--- /dev/null
+++ b/latest/wildscribe/subsystem/datasources-agroal/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/datasources-agroal/xa-datasource/index.html b/latest/wildscribe/subsystem/datasources-agroal/xa-datasource/index.html
new file mode 100644
index 000000000..22811edeb
--- /dev/null
+++ b/latest/wildscribe/subsystem/datasources-agroal/xa-datasource/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/datasources/data-source/ExampleDS/connection-properties/index.html b/latest/wildscribe/subsystem/datasources/data-source/ExampleDS/connection-properties/index.html
new file mode 100644
index 000000000..b923847c8
--- /dev/null
+++ b/latest/wildscribe/subsystem/datasources/data-source/ExampleDS/connection-properties/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The connection-properties element allows you to pass in arbitrary connection properties to the Driver.connect(url, props) method
Attributes (1)
value Each connection-property specifies a string name/value pair with the property name coming from the name attribute and the value coming from the element content
Each connection-property specifies a string name/value pair with the property name coming from the name attribute and the value coming from the element content
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/datasources/data-source/ExampleDS/index.html b/latest/wildscribe/subsystem/datasources/data-source/ExampleDS/index.html
new file mode 100644
index 000000000..d5f48fe26
--- /dev/null
+++ b/latest/wildscribe/subsystem/datasources/data-source/ExampleDS/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allocation-retry The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
allocation-retry-wait-millis The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
allow-multiple-users Specifies if multiple users will access the datasource through the getConnection(user, password) method and hence if the internal pool type should account for that
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
background-validation An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
background-validation-millis The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value can be done only on disabled datasource, requires a server restart otherwise
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
blocking-timeout-wait-millis The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time
capacity-incrementer-properties Properties to be injected in class defining the policy for incrementing connections in the pool
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
check-valid-connection-sql Specify an SQL statement to check validity of a pool connection. This may be called when managed connection is obtained from the pool
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
connectable Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
connection-listener-class Speciefies class name extending org.jboss.jca.adapters.jdbc.spi.listener.ConnectionListener that provides a possible to listen for connection activation and passivation in order to perform actions before the connection is returned to the application or returned to the pool.
credential-reference Credential (from Credential Store) to authenticate on data source
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
datasource-class The fully qualified name of the JDBC datasource class
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
driver-class The fully qualified name of the JDBC driver class
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
driver-name Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
elytron-enabled Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enabled Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Deprecated Since 3.0.0
Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enlistment-trace Defines if WildFly/IronJacamar should record enlistment traces
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
exception-sorter-class-name An org.jboss.jca.adapters.jdbc.ExceptionSorter that provides an isExceptionFatal(SQLException) method to validate if an exception should broadcast an error
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
exception-sorter-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ExceptionSorter available
idle-timeout-minutes The idle-timeout-minutes elements specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
MINUTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
initial-pool-size The initial-pool-size element indicates the initial number of connections a pool should hold.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
jndi-name Specifies the JNDI name for the datasource
security-domain Specifies the PicketBox security domain which defines the PicketBox javax.security.auth.Subject that are used to distinguish connections in the pool
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
set-tx-query-timeout Whether to set the query timeout based on the time remaining until transaction timeout. Any configured query timeout will be used if there is no transaction
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
share-prepared-statements Whether to share prepared statements, i.e. whether asking for same statement twice without closing uses the same underlying prepared statement
stale-connection-checker-class-name An org.jboss.jca.adapters.jdbc.StaleConnectionChecker that provides an isStaleConnection(SQLException) method which if it returns true will wrap the exception in an org.jboss.jca.adapters.jdbc.StaleConnectionException
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
stale-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.StaleConnectionChecker available
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
track-statements Whether to check for unclosed statements when a connection is returned to the pool, result sets are closed, a statement is closed or return to the prepared statement cache. Valid values are: "false" - do not track statements, "true" - track statements and result sets and warn when they are not closed, "nowarn" - track statements but do not warn about them being unclosed
Attribute
Value
Default Value
NOWARN
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
tracking Defines if IronJacamar should track connection handles across transaction boundaries
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
transaction-isolation Set the java.sql.Connection transaction isolation level. Valid values are: TRANSACTION_READ_UNCOMMITTED, TRANSACTION_READ_COMMITTED, TRANSACTION_REPEATABLE_READ, TRANSACTION_SERIALIZABLE and TRANSACTION_NONE. Different values are used to set customLevel using TransactionIsolation#customLevel
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
url-delimiter Specifies the delimiter for URLs in connection-url for HA datasources
use-ccm Enable the use of a cached connection manager
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-fast-fail Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false)
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-java-context Setting this to false will bind the datasource into global JNDI
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-try-lock Any configured timeout for internal locks on the resource adapter objects in seconds
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
user-name Specify the user name used when creating a new connection
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
valid-connection-checker-class-name An org.jboss.jca.adapters.jdbc.ValidConnectionChecker that provides an isValidConnection(Connection) method to validate a connection. If an exception is returned that means the connection is invalid. This overrides the check-valid-connection-sql element
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
valid-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ValidConnectionChecker available
validate-on-match The validate-on-match element specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation
The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception
allocation-retry-wait-millis
LONG
false
true
The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection
allow-multiple-users
BOOLEAN
false
true
false
Specifies if multiple users will access the datasource through the getConnection(user, password) method and hence if the internal pool type should account for that
authentication-context
STRING
false
false
The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
background-validation
BOOLEAN
false
true
An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
background-validation-millis
LONG
false
true
The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value can be done only on disabled datasource, requires a server restart otherwise
blocking-timeout-wait-millis
LONG
false
true
The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time
capacity-decrementer-class
STRING
false
true
Class defining the policy for decrementing connections in the pool
capacity-decrementer-properties
OBJECT
false
true
Properties to be injected in class defining the policy for decrementing connections in the pool
capacity-incrementer-class
STRING
false
true
Class defining the policy for incrementing connections in the pool
capacity-incrementer-properties
OBJECT
false
true
Properties to be injected in class defining the policy for incrementing connections in the pool
check-valid-connection-sql
STRING
false
true
Specify an SQL statement to check validity of a pool connection. This may be called when managed connection is obtained from the pool
connectable
BOOLEAN
false
true
false
Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
connection-listener-class
STRING
false
true
Speciefies class name extending org.jboss.jca.adapters.jdbc.spi.listener.ConnectionListener that provides a possible to listen for connection activation and passivation in order to perform actions before the connection is returned to the application or returned to the pool.
connection-listener-property
OBJECT
false
true
Properties to be injected in class specidied in connection-listener-class
connection-url
STRING
false
true
The JDBC driver connection URL
credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate on data source
datasource-class
STRING
false
true
The fully qualified name of the JDBC datasource class
driver-class
STRING
false
true
The fully qualified name of the JDBC driver class
driver-name
STRING
true
true
Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
elytron-enabled
BOOLEAN
false
true
false
Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
enabled
BOOLEAN
false
true
true
Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
enlistment-trace
BOOLEAN
false
true
false
Defines if WildFly/IronJacamar should record enlistment traces
exception-sorter-class-name
STRING
false
true
An org.jboss.jca.adapters.jdbc.ExceptionSorter that provides an isExceptionFatal(SQLException) method to validate if an exception should broadcast an error
exception-sorter-module
STRING
false
true
The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ExceptionSorter available
exception-sorter-properties
OBJECT
false
true
The exception sorter properties
flush-strategy
STRING
false
true
FailingConnectionOnly
Specifies how the pool should be flush in case of an error.
idle-timeout-minutes
LONG
false
true
The idle-timeout-minutes elements specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
initial-pool-size
INT
false
true
The initial-pool-size element indicates the initial number of connections a pool should hold.
jndi-name
STRING
true
true
Specifies the JNDI name for the datasource
jta
BOOLEAN
false
true
true
Enable Jakarta Transactions integration
max-pool-size
INT
false
true
20
The max-pool-size element specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool
Defines the ManagedConnectionPool implementation, f.ex. org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool
min-pool-size
INT
false
true
0
The min-pool-size element specifies the minimum number of connections for a pool
new-connection-sql
STRING
false
true
Specifies an SQL statement to execute whenever a connection is added to the connection pool
password
STRING
false
true
Specifies the password used when creating a new connection
pool-fair
BOOLEAN
false
true
true
Defines if pool use should be fair
pool-prefill
BOOLEAN
false
true
false
Should the pool be prefilled. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
pool-use-strict-min
BOOLEAN
false
true
false
Specifies if the min-pool-size should be considered strictly
prepared-statements-cache-size
LONG
false
true
The number of prepared statements per connection in an LRU cache
query-timeout
LONG
false
true
Any configured query timeout in seconds. If not provided no timeout will be set
reauth-plugin-class-name
STRING
false
true
The fully qualified class name of the reauthentication plugin implementation
reauth-plugin-properties
OBJECT
false
true
The properties for the reauthentication plugin
security-domain
STRING
false
true
Specifies the PicketBox security domain which defines the PicketBox javax.security.auth.Subject that are used to distinguish connections in the pool
set-tx-query-timeout
BOOLEAN
false
true
false
Whether to set the query timeout based on the time remaining until transaction timeout. Any configured query timeout will be used if there is no transaction
share-prepared-statements
BOOLEAN
false
true
false
Whether to share prepared statements, i.e. whether asking for same statement twice without closing uses the same underlying prepared statement
spy
BOOLEAN
false
true
false
Enable spying of SQL statements
stale-connection-checker-class-name
STRING
false
true
An org.jboss.jca.adapters.jdbc.StaleConnectionChecker that provides an isStaleConnection(SQLException) method which if it returns true will wrap the exception in an org.jboss.jca.adapters.jdbc.StaleConnectionException
stale-connection-checker-module
STRING
false
true
The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.StaleConnectionChecker available
stale-connection-checker-properties
OBJECT
false
true
The stale connection checker properties
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled or not.
track-statements
STRING
false
true
NOWARN
Whether to check for unclosed statements when a connection is returned to the pool, result sets are closed, a statement is closed or return to the prepared statement cache. Valid values are: "false" - do not track statements, "true" - track statements and result sets and warn when they are not closed, "nowarn" - track statements but do not warn about them being unclosed
tracking
BOOLEAN
false
true
false
Defines if IronJacamar should track connection handles across transaction boundaries
transaction-isolation
STRING
false
true
Set the java.sql.Connection transaction isolation level. Valid values are: TRANSACTION_READ_UNCOMMITTED, TRANSACTION_READ_COMMITTED, TRANSACTION_REPEATABLE_READ, TRANSACTION_SERIALIZABLE and TRANSACTION_NONE. Different values are used to set customLevel using TransactionIsolation#customLevel
url-delimiter
STRING
false
true
Specifies the delimiter for URLs in connection-url for HA datasources
url-selector-strategy-class-name
STRING
false
true
A class that implements org.jboss.jca.adapters.jdbc.URLSelectorStrategy
use-ccm
BOOLEAN
false
true
true
Enable the use of a cached connection manager
use-fast-fail
BOOLEAN
false
true
false
Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false)
use-java-context
BOOLEAN
false
true
true
Setting this to false will bind the datasource into global JNDI
use-try-lock
LONG
false
true
Any configured timeout for internal locks on the resource adapter objects in seconds
user-name
STRING
false
true
Specify the user name used when creating a new connection
valid-connection-checker-class-name
STRING
false
true
An org.jboss.jca.adapters.jdbc.ValidConnectionChecker that provides an isValidConnection(Connection) method to validate a connection. If an exception is returned that means the connection is invalid. This overrides the check-valid-connection-sql element
valid-connection-checker-module
STRING
false
true
The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ValidConnectionChecker available
valid-connection-checker-properties
OBJECT
false
true
The valid connection checker properties
validate-on-match
BOOLEAN
false
true
The validate-on-match element specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation
disable Disable the data-source. Note this operation will not be supported runtime in next versions.
Deprecated Since 3.0.0
Disable the data-source. Note this operation will not be supported runtime in next versions.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/datasources/data-source/ExampleDS/statistics/jdbc/index.html b/latest/wildscribe/subsystem/datasources/data-source/ExampleDS/statistics/jdbc/index.html
new file mode 100644
index 000000000..4cc04b042
--- /dev/null
+++ b/latest/wildscribe/subsystem/datasources/data-source/ExampleDS/statistics/jdbc/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
PreparedStatementCacheMissCount The number of times that a statement request could not be satisfied with a statement from the cache
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-write
Restart Required
no-services
Operations (1)
clear-statistics Clear statistics values for this resource adapter's connection definitions.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/datasources/data-source/ExampleDS/statistics/pool/index.html b/latest/wildscribe/subsystem/datasources/data-source/ExampleDS/statistics/pool/index.html
new file mode 100644
index 000000000..185f27f2e
--- /dev/null
+++ b/latest/wildscribe/subsystem/datasources/data-source/ExampleDS/statistics/pool/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
XAStartCount The number of XAResource start invocations
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
XAStartMaxTime The maximum time for a XAResource start invocation
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
XAStartTotalTime The total time for all XAResource start invocations
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-write
Restart Required
no-services
Operations (1)
clear-statistics Clear statistics values for this resource adapter's connection definitions.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/datasources/index.html b/latest/wildscribe/subsystem/datasources/index.html
new file mode 100644
index 000000000..3bc5e74a9
--- /dev/null
+++ b/latest/wildscribe/subsystem/datasources/index.html
@@ -0,0 +1,233 @@
+ WildFly Full 29 Model Reference
Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
Reply properties
type
OBJECT
Value Type
{
+ "deployment-name" => {
+ "type" => STRING,
+ "description" => "The name of the deployment unit from which the driver was loaded",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L,
+ "deprecated" => {
+ "since" => "6.0.0",
+ "reason" => "This attribute is no longer used"
+ }
+ },
+ "driver-module-name" => {
+ "type" => STRING,
+ "description" => "The name of the module from which the driver was loaded, if it was loaded from the module path",
+ "expressions-allowed" => true,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "module-slot" => {
+ "type" => STRING,
+ "description" => "The slot of the module from which the driver was loaded, if it was loaded from the module path",
+ "expressions-allowed" => true,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "driver-class-name" => {
+ "type" => STRING,
+ "description" => "The fully qualified class name of the java.sql.Driver implementation",
+ "expressions-allowed" => true,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "driver-datasource-class-name" => {
+ "type" => STRING,
+ "description" => "The fully qualified class name of the javax.sql.DataSource implementation",
+ "expressions-allowed" => true,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "driver-xa-datasource-class-name" => {
+ "type" => STRING,
+ "description" => "The fully qualified class name of the javax.sql.XADataSource implementation",
+ "expressions-allowed" => true,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "driver-major-version" => {
+ "type" => INT,
+ "description" => "The driver's major version number",
+ "expressions-allowed" => true,
+ "required" => false,
+ "nillable" => true
+ },
+ "driver-minor-version" => {
+ "type" => INT,
+ "description" => "The driver's minor version number",
+ "expressions-allowed" => true,
+ "required" => false,
+ "nillable" => true
+ },
+ "jdbc-compliant" => {
+ "type" => BOOLEAN,
+ "description" => "Whether or not the driver is JDBC compliant",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "deprecated" => {
+ "since" => "6.0.0",
+ "reason" => "This attribute is no longer used"
+ }
+ },
+ "profile" => {
+ "type" => STRING,
+ "description" => "Domain Profile in which driver is defined. Null in case of standalone server",
+ "expressions-allowed" => true,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 1L,
+ "max-length" => 2147483647L,
+ "deprecated" => {
+ "since" => "4.0.0",
+ "reason" => "The server's profile can be determined by the profile-name attribute on the server's root resource."
+ }
+ },
+ "driver-name" => {
+ "type" => STRING,
+ "description" => "Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "datasource-class-info" => {
+ "type" => LIST,
+ "description" => "The available properties for the datasource-class, and xa-datasource-class for the jdbc-driver",
+ "expressions-allowed" => false,
+ "required" => false,
+ "nillable" => true,
+ "min-length" => 0L,
+ "max-length" => 2147483647L,
+ "value-type" => OBJECT
+ }
+}
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/datasources/jdbc-driver/index.html b/latest/wildscribe/subsystem/datasources/jdbc-driver/index.html
new file mode 100644
index 000000000..5cfca3428
--- /dev/null
+++ b/latest/wildscribe/subsystem/datasources/jdbc-driver/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
driver-module-name The name of the module from which the driver was loaded, if it was loaded from the module path
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-only
driver-name Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
The name of the deployment unit from which the driver was loaded
driver-class-name
STRING
false
true
The fully qualified class name of the java.sql.Driver implementation
driver-datasource-class-name
STRING
false
true
The fully qualified class name of the javax.sql.DataSource implementation
driver-major-version
INT
false
true
The driver's major version number
driver-minor-version
INT
false
true
The driver's minor version number
driver-module-name
STRING
true
true
The name of the module from which the driver was loaded, if it was loaded from the module path
driver-name
STRING
false
false
Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
driver-xa-datasource-class-name
STRING
false
true
The fully qualified class name of the javax.sql.XADataSource implementation
jdbc-compliant
BOOLEAN
false
false
Whether or not the driver is JDBC compliant
module-slot
STRING
false
true
The slot of the module from which the driver was loaded, if it was loaded from the module path
profile
STRING
false
true
Domain Profile in which driver is defined. Null in case of standalone server
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/datasources/xa-data-source/index.html b/latest/wildscribe/subsystem/datasources/xa-data-source/index.html
new file mode 100644
index 000000000..e98f9f458
--- /dev/null
+++ b/latest/wildscribe/subsystem/datasources/xa-data-source/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allocation-retry The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
allocation-retry-wait-millis The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
allow-multiple-users Specifies if multiple users will access the datasource through the getConnection(user, password) method and hence if the internal pool type should account for that
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
background-validation An element to specify that connections should be validated on a background thread versus being validated prior to use.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
background-validation-millis The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
blocking-timeout-wait-millis The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time
check-valid-connection-sql Specify an SQL statement to check validity of a pool connection. This may be called when managed connection is obtained from the pool
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
connectable Enable the use of CMR for this datasource. This feature means that a local resource can reliably participate in an XA transaction.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
connection-listener-class Speciefies class name extending org.jboss.jca.adapters.jdbc.spi.listener.ConnectionListener that provides a possible to listen for connection activation and passivation in order to perform actions before the connection is returned to the application or returned to the pool.
credential-reference Credential (from Credential Store) to authenticate on data source
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
driver-name Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
elytron-enabled Enables Elytron security for handling authentication of connections for recovery. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enabled Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Deprecated Since 3.0.0
Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enlistment-trace Defines if WildFly/IronJacamar should record enlistment traces
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
exception-sorter-class-name An org.jboss.jca.adapters.jdbc.ExceptionSorter that provides an isExceptionFatal(SQLException) method to validate if an exception should broadcast an error
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
exception-sorter-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ExceptionSorter available
idle-timeout-minutes The idle-timeout-minutes elements specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
MINUTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
initial-pool-size The initial-pool-size element indicates the initial number of connections a pool should hold.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
interleaving An element to enable interleaving for XA connections
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
jndi-name Specifies the JNDI name for the datasource
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-pool-size The max-pool-size element specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool
Attribute
Value
Default Value
20
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
mcp Defines the ManagedConnectionPool implementation, f.ex. org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool
min-pool-size The min-pool-size element specifies the minimum number of connections for a pool
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
new-connection-sql Specifies an SQL statement to execute whenever a connection is added to the connection pool
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
no-recovery Specifies if the connection pool should be excluded from recovery
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
no-tx-separate-pool Oracle does not like XA connections getting used both inside and outside a Jakarta Transactions transaction. To workaround the problem you can create separate sub-pools for the different contexts
recovery-authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
recovery-elytron-enabled Enables Elytron security for handling authentication of connections for recovery. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
same-rm-override The is-same-rm-override element allows one to unconditionally set whether the javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-domain Specifies the PicketBox security domain which defines the javax.security.auth.Subject that are used to distinguish connections in the pool
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
set-tx-query-timeout Whether to set the query timeout based on the time remaining until transaction timeout. Any configured query timeout will be used if there is no transaction
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
share-prepared-statements Whether to share prepared statements, i.e. whether asking for same statement twice without closing uses the same underlying prepared statement
stale-connection-checker-class-name An org.jboss.jca.adapters.jdbc.StaleConnectionChecker that provides an isStaleConnection(SQLException) method which if it returns true will wrap the exception in an org.jboss.jca.adapters.jdbc.StaleConnectionException
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
stale-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.StaleConnectionChecker available
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
track-statements Whether to check for unclosed statements when a connection is returned to the pool, result sets are closed, a statement is closed or return to the prepared statement cache. Valid values are: "false" - do not track statements, "true" - track statements and result sets and warn when they are not closed, "nowarn" - track statements but do not warn about them being unclosed
Attribute
Value
Default Value
NOWARN
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
tracking Defines if IronJacamar should track connection handles across transaction boundaries
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
transaction-isolation Set the java.sql.Connection transaction isolation level. Valid values are: TRANSACTION_READ_UNCOMMITTED, TRANSACTION_READ_COMMITTED, TRANSACTION_REPEATABLE_READ, TRANSACTION_SERIALIZABLE and TRANSACTION_NONE. Different values are used to set customLevel using TransactionIsolation#customLevel.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
url-delimiter Specifies the delimiter for URLs in connection-url for HA datasources
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
url-property Specifies the property for the URL property in the xa-datasource-property values
use-ccm Enable the use of a cached connection manager
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-fast-fail Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false)
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-java-context Setting this to false will bind the datasource into global JNDI
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-try-lock Any configured timeout for internal locks on the resource adapter objects in seconds
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
user-name Specify the user name used when creating a new connection
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
valid-connection-checker-class-name An org.jboss.jca.adapters.jdbc.ValidConnectionChecker that provides an isValidConnection(Connection) method to validate a connection. If an exception is returned that means the connection is invalid. This overrides the check-valid-connection-sql element
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
valid-connection-checker-module The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ValidConnectionChecker available
validate-on-match The validate-on-match element specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
wrap-xa-resource Should the XAResource instances be wrapped in an org.jboss.tm.XAResourceWrapper instance
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
xa-datasource-class The fully qualified name of the javax.sql.XADataSource implementation
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
xa-resource-timeout The value is passed to XAResource.setTransactionTimeout(), in seconds. Default is zero
The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception
allocation-retry-wait-millis
LONG
false
true
The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection
allow-multiple-users
BOOLEAN
false
true
false
Specifies if multiple users will access the datasource through the getConnection(user, password) method and hence if the internal pool type should account for that
authentication-context
STRING
false
false
The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
background-validation
BOOLEAN
false
true
An element to specify that connections should be validated on a background thread versus being validated prior to use.
background-validation-millis
LONG
false
true
The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run.
blocking-timeout-wait-millis
LONG
false
true
The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time
capacity-decrementer-class
STRING
false
true
Class defining the policy for decrementing connections in the pool
capacity-decrementer-properties
OBJECT
false
true
Properties to inject in class defining the policy for decrementing connections in the pool
capacity-incrementer-class
STRING
false
true
Class defining the policy for incrementing connections in the pool
capacity-incrementer-properties
OBJECT
false
true
Properties to inject in class defining the policy for incrementing connections in the pool
check-valid-connection-sql
STRING
false
true
Specify an SQL statement to check validity of a pool connection. This may be called when managed connection is obtained from the pool
connectable
BOOLEAN
false
true
false
Enable the use of CMR for this datasource. This feature means that a local resource can reliably participate in an XA transaction.
connection-listener-class
STRING
false
true
Speciefies class name extending org.jboss.jca.adapters.jdbc.spi.listener.ConnectionListener that provides a possible to listen for connection activation and passivation in order to perform actions before the connection is returned to the application or returned to the pool.
connection-listener-property
OBJECT
false
true
Properties to be injected in class specified in connection-listener-class
credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate on data source
driver-name
STRING
true
true
Defines the JDBC driver the datasource should use. It is a symbolic name matching the the name of installed driver. In case the driver is deployed as jar, the name is the name of deployment unit
elytron-enabled
BOOLEAN
false
true
false
Enables Elytron security for handling authentication of connections for recovery. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
enabled
BOOLEAN
false
true
true
Specifies if the datasource should be enabled. Note this attribute will not be supported runtime in next versions.
enlistment-trace
BOOLEAN
false
true
false
Defines if WildFly/IronJacamar should record enlistment traces
exception-sorter-class-name
STRING
false
true
An org.jboss.jca.adapters.jdbc.ExceptionSorter that provides an isExceptionFatal(SQLException) method to validate if an exception should broadcast an error
exception-sorter-module
STRING
false
true
The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ExceptionSorter available
exception-sorter-properties
OBJECT
false
true
The exception sorter properties
flush-strategy
STRING
false
true
FailingConnectionOnly
Specifies how the pool should be flush in case of an error.
idle-timeout-minutes
LONG
false
true
The idle-timeout-minutes elements specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
initial-pool-size
INT
false
true
The initial-pool-size element indicates the initial number of connections a pool should hold.
interleaving
BOOLEAN
false
true
false
An element to enable interleaving for XA connections
jndi-name
STRING
true
true
Specifies the JNDI name for the datasource
max-pool-size
INT
false
true
20
The max-pool-size element specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool
Defines the ManagedConnectionPool implementation, f.ex. org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool
min-pool-size
INT
false
true
0
The min-pool-size element specifies the minimum number of connections for a pool
new-connection-sql
STRING
false
true
Specifies an SQL statement to execute whenever a connection is added to the connection pool
no-recovery
BOOLEAN
false
true
Specifies if the connection pool should be excluded from recovery
no-tx-separate-pool
BOOLEAN
false
true
false
Oracle does not like XA connections getting used both inside and outside a Jakarta Transactions transaction. To workaround the problem you can create separate sub-pools for the different contexts
pad-xid
BOOLEAN
false
true
false
Should the Xid be padded
password
STRING
false
true
Specifies the password used when creating a new connection
pool-fair
BOOLEAN
false
true
true
Defines if pool use should be fair
pool-prefill
BOOLEAN
false
true
false
Should the pool be prefilled. Changing this value can be done only on disabled datasource, requires a server restart otherwise.
pool-use-strict-min
BOOLEAN
false
true
false
Specifies if the min-pool-size should be considered strictly
prepared-statements-cache-size
LONG
false
true
The number of prepared statements per connection in an LRU cache
query-timeout
LONG
false
true
Any configured query timeout in seconds. If not provided no timeout will be set
reauth-plugin-class-name
STRING
false
true
The fully qualified class name of the reauthentication plugin implementation
reauth-plugin-properties
OBJECT
false
true
The properties for the reauthentication plugin
recovery-authentication-context
STRING
false
false
The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
recovery-credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate on data source
recovery-elytron-enabled
BOOLEAN
false
true
false
Enables Elytron security for handling authentication of connections for recovery. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
recovery-password
STRING
false
true
The password used for recovery
recovery-plugin-class-name
STRING
false
true
The fully qualified class name of the recovery plugin implementation
recovery-plugin-properties
OBJECT
false
true
The properties for the recovery plugin
recovery-security-domain
STRING
false
true
The security domain used for recovery
recovery-username
STRING
false
true
The user name used for recovery
same-rm-override
BOOLEAN
false
true
The is-same-rm-override element allows one to unconditionally set whether the javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false
security-domain
STRING
false
true
Specifies the PicketBox security domain which defines the javax.security.auth.Subject that are used to distinguish connections in the pool
set-tx-query-timeout
BOOLEAN
false
true
false
Whether to set the query timeout based on the time remaining until transaction timeout. Any configured query timeout will be used if there is no transaction
share-prepared-statements
BOOLEAN
false
true
false
Whether to share prepared statements, i.e. whether asking for same statement twice without closing uses the same underlying prepared statement
spy
BOOLEAN
false
true
false
Enable spying of SQL statements
stale-connection-checker-class-name
STRING
false
true
An org.jboss.jca.adapters.jdbc.StaleConnectionChecker that provides an isStaleConnection(SQLException) method which if it returns true will wrap the exception in an org.jboss.jca.adapters.jdbc.StaleConnectionException
stale-connection-checker-module
STRING
false
true
The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.StaleConnectionChecker available
stale-connection-checker-properties
OBJECT
false
true
The stale connection checker properties
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled or not.
track-statements
STRING
false
true
NOWARN
Whether to check for unclosed statements when a connection is returned to the pool, result sets are closed, a statement is closed or return to the prepared statement cache. Valid values are: "false" - do not track statements, "true" - track statements and result sets and warn when they are not closed, "nowarn" - track statements but do not warn about them being unclosed
tracking
BOOLEAN
false
true
false
Defines if IronJacamar should track connection handles across transaction boundaries
transaction-isolation
STRING
false
true
Set the java.sql.Connection transaction isolation level. Valid values are: TRANSACTION_READ_UNCOMMITTED, TRANSACTION_READ_COMMITTED, TRANSACTION_REPEATABLE_READ, TRANSACTION_SERIALIZABLE and TRANSACTION_NONE. Different values are used to set customLevel using TransactionIsolation#customLevel.
url-delimiter
STRING
false
true
Specifies the delimiter for URLs in connection-url for HA datasources
url-property
STRING
false
true
Specifies the property for the URL property in the xa-datasource-property values
url-selector-strategy-class-name
STRING
false
true
A class that implements org.jboss.jca.adapters.jdbc.URLSelectorStrategy
use-ccm
BOOLEAN
false
true
true
Enable the use of a cached connection manager
use-fast-fail
BOOLEAN
false
true
false
Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false)
use-java-context
BOOLEAN
false
true
true
Setting this to false will bind the datasource into global JNDI
use-try-lock
LONG
false
true
Any configured timeout for internal locks on the resource adapter objects in seconds
user-name
STRING
false
true
Specify the user name used when creating a new connection
valid-connection-checker-class-name
STRING
false
true
An org.jboss.jca.adapters.jdbc.ValidConnectionChecker that provides an isValidConnection(Connection) method to validate a connection. If an exception is returned that means the connection is invalid. This overrides the check-valid-connection-sql element
valid-connection-checker-module
STRING
false
true
The name of the module which makes the implementation of org.jboss.jca.adapters.jdbc.ValidConnectionChecker available
valid-connection-checker-properties
OBJECT
false
true
The valid connection checker properties
validate-on-match
BOOLEAN
false
true
The validate-on-match element specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation
wrap-xa-resource
BOOLEAN
false
true
true
Should the XAResource instances be wrapped in an org.jboss.tm.XAResourceWrapper instance
xa-datasource-class
STRING
false
true
The fully qualified name of the javax.sql.XADataSource implementation
xa-resource-timeout
INT
false
true
The value is passed to XAResource.setTransactionTimeout(), in seconds. Default is zero
disable Disable the data-source. Note this operation will not be supported runtime in next versions.
Deprecated Since 3.0.0
Disable the data-source. Note this operation will not be supported runtime in next versions.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html b/latest/wildscribe/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html
new file mode 100644
index 000000000..daff19d3c
--- /dev/null
+++ b/latest/wildscribe/subsystem/datasources/xa-data-source/xa-datasource-properties/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
value Specifies a property value to assign to the XADataSource implementation class. Each property is identified by the name attribute and the property value is given by the xa-datasource-property element content. The property is mapped onto the XADataSource implementation by looking for a JavaBeans style getter method for the property name. If found, the value of the property is set using the JavaBeans setter with the element text translated to the true property type using the java.beans.PropertyEditor
Specifies a property value to assign to the XADataSource implementation class. Each property is identified by the name attribute and the property value is given by the xa-datasource-property element content. The property is mapped onto the XADataSource implementation by looking for a JavaBeans style getter method for the property name. If found, the value of the property is set using the JavaBeans setter with the element text translated to the true property type using the java.beans.PropertyEditor
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/deployment-scanner/index.html b/latest/wildscribe/subsystem/deployment-scanner/index.html
new file mode 100644
index 000000000..b057ec043
--- /dev/null
+++ b/latest/wildscribe/subsystem/deployment-scanner/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/deployment-scanner/scanner/index.html b/latest/wildscribe/subsystem/deployment-scanner/scanner/index.html
new file mode 100644
index 000000000..a5177ed5b
--- /dev/null
+++ b/latest/wildscribe/subsystem/deployment-scanner/scanner/index.html
@@ -0,0 +1,45 @@
+ WildFly Full 29 Model Reference
auto-deploy-exploded Allows the automatic deployment of exploded content without requiring a .dodeploy marker file. Recommended for only basic development scenarios to prevent exploded application deployment from occurring during changes by the developer or operating system.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auto-deploy-xml Allows automatic deployment of XML content without requiring a .dodeploy marker file.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auto-deploy-zipped Allows automatic deployment of zipped content without requiring a .dodeploy marker file.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
deployment-timeout The time value in seconds for the deployment scanner to allow a deployment attempt before being cancelled.
Attribute
Value
Default Value
600
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
path The actual filesystem path to be scanned. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
relative-to Reference to a filesystem path defined in the "paths" section of the server configuration.
runtime-failure-causes-rollback Flag indicating whether a runtime failure of a deployment causes a rollback of the deployment as well as all other (maybe unrelated) deployments as part of the scan operation.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
scan-enabled Flag indicating if all scanning (including initial scanning at startup) is enabled.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
scan-interval Periodic interval, in milliseconds, at which the repository should be scanned for changes. A value of less than 1 indicates the repository should only be scanned at initial startup.
Allows the automatic deployment of exploded content without requiring a .dodeploy marker file. Recommended for only basic development scenarios to prevent exploded application deployment from occurring during changes by the developer or operating system.
auto-deploy-xml
BOOLEAN
false
true
true
Allows automatic deployment of XML content without requiring a .dodeploy marker file.
auto-deploy-zipped
BOOLEAN
false
true
true
Allows automatic deployment of zipped content without requiring a .dodeploy marker file.
deployment-timeout
LONG
false
true
600
The time value in seconds for the deployment scanner to allow a deployment attempt before being cancelled.
path
STRING
true
true
The actual filesystem path to be scanned. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path.
relative-to
STRING
false
false
Reference to a filesystem path defined in the "paths" section of the server configuration.
runtime-failure-causes-rollback
BOOLEAN
false
true
false
Flag indicating whether a runtime failure of a deployment causes a rollback of the deployment as well as all other (maybe unrelated) deployments as part of the scan operation.
scan-enabled
BOOLEAN
false
true
true
Flag indicating if all scanning (including initial scanning at startup) is enabled.
scan-interval
INT
false
true
0
Periodic interval, in milliseconds, at which the repository should be scanned for changes. A value of less than 1 indicates the repository should only be scanned at initial startup.
path-info Obtain the informations for a filesystem path.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
unit
STRING
false
false
BYTES
Disk space unit to display disk usage.
Reply properties
Filesystem path for which to obtain disk usage.
type
OBJECT
Value Type
{
+ "used-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of the contents of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ },
+ "creation-time" => {
+ "type" => STRING,
+ "description" => "The creation time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "last-modified" => {
+ "type" => STRING,
+ "description" => "The last modified time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "resolved-path" => {
+ "type" => STRING,
+ "description" => "The resolved filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "available-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of available space for the partition containing a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ }
+}
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
type
STRING
run-scan The operation to run a single scan of the deployment scanner.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/discovery/aggregate-provider/index.html b/latest/wildscribe/subsystem/discovery/aggregate-provider/index.html
new file mode 100644
index 000000000..c7aebf6ae
--- /dev/null
+++ b/latest/wildscribe/subsystem/discovery/aggregate-provider/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add This operation adds a new aggregate discovery provider definition
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
providers
LIST
true
false
The list of providers that are aggregated by this provider
remove This operation removes an existing aggregate discovery provider definition
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/discovery/index.html b/latest/wildscribe/subsystem/discovery/index.html
new file mode 100644
index 000000000..95f4f244d
--- /dev/null
+++ b/latest/wildscribe/subsystem/discovery/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove This operation removes the discovery subsystem
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/discovery/static-provider/index.html b/latest/wildscribe/subsystem/discovery/static-provider/index.html
new file mode 100644
index 000000000..4ed36b259
--- /dev/null
+++ b/latest/wildscribe/subsystem/discovery/static-provider/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
services The list of services that are configured with this provider
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add This operation adds a new static discovery provider definition
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
services
LIST
true
false
The list of services that are configured with this provider
remove This operation removes an existing static discovery provider definition
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/distributable-ejb/client-mappings-registry/infinispan/index.html b/latest/wildscribe/subsystem/distributable-ejb/client-mappings-registry/infinispan/index.html
new file mode 100644
index 000000000..ab0b0d424
--- /dev/null
+++ b/latest/wildscribe/subsystem/distributable-ejb/client-mappings-registry/infinispan/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/distributable-ejb/client-mappings-registry/local/index.html b/latest/wildscribe/subsystem/distributable-ejb/client-mappings-registry/local/index.html
new file mode 100644
index 000000000..363d064bd
--- /dev/null
+++ b/latest/wildscribe/subsystem/distributable-ejb/client-mappings-registry/local/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/distributable-ejb/index.html b/latest/wildscribe/subsystem/distributable-ejb/index.html
new file mode 100644
index 000000000..fd2ae3cd2
--- /dev/null
+++ b/latest/wildscribe/subsystem/distributable-ejb/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/distributable-ejb/infinispan-bean-management/index.html b/latest/wildscribe/subsystem/distributable-ejb/infinispan-bean-management/index.html
new file mode 100644
index 000000000..3b7bae7ed
--- /dev/null
+++ b/latest/wildscribe/subsystem/distributable-ejb/infinispan-bean-management/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
max-active-beans The maximum number active beans to retain in memory at a time, after which the least recently used will passivate
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds an Infinispan-based bean management provider
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
max-active-beans
INT
false
true
The maximum number active beans to retain in memory at a time, after which the least recently used will passivate
cache-container
STRING
true
false
The name of the cache container associated with this provider
cache
STRING
false
false
The name of the cache associated with this provider
remove Removes an Infinispan-based bean management provider
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/distributable-ejb/infinispan-timer-management/index.html b/latest/wildscribe/subsystem/distributable-ejb/infinispan-timer-management/index.html
new file mode 100644
index 000000000..f896d9bd3
--- /dev/null
+++ b/latest/wildscribe/subsystem/distributable-ejb/infinispan-timer-management/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
marshaller Indicates the marshalling implementation used for serializing the timeout context of a timer.
Attribute
Value
Default Value
JBOSS
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
JBOSS PROTOSTREAM
max-active-timers The maximum number of active timers to retain in memory before triggering passivation.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds an Infinispan-based timer management provider
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
cache-container
STRING
true
false
The name of the cache container associated with this provider
cache
STRING
false
false
The name of the cache associated with this provider
max-active-timers
INT
false
true
The maximum number of active timers to retain in memory before triggering passivation.
marshaller
STRING
false
true
JBOSS
Indicates the marshalling implementation used for serializing the timeout context of a timer.
remove Removes an Infinispan-based timer management provider
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/distributable-web/hotrod-session-management/affinity/local/index.html b/latest/wildscribe/subsystem/distributable-web/hotrod-session-management/affinity/local/index.html
new file mode 100644
index 000000000..001312111
--- /dev/null
+++ b/latest/wildscribe/subsystem/distributable-web/hotrod-session-management/affinity/local/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/distributable-web/hotrod-session-management/affinity/none/index.html b/latest/wildscribe/subsystem/distributable-web/hotrod-session-management/affinity/none/index.html
new file mode 100644
index 000000000..523d19bda
--- /dev/null
+++ b/latest/wildscribe/subsystem/distributable-web/hotrod-session-management/affinity/none/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/distributable-web/hotrod-session-management/index.html b/latest/wildscribe/subsystem/distributable-web/hotrod-session-management/index.html
new file mode 100644
index 000000000..8cbd88660
--- /dev/null
+++ b/latest/wildscribe/subsystem/distributable-web/hotrod-session-management/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Adds a distributable session management provider
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
remote-cache-container
STRING
true
false
The name of the remote cache container associated with this provider
cache-configuration
STRING
false
true
The name of cache configuration on the remote cache container.
granularity
STRING
true
true
Defines the strategy for persisting the attributes of a session
marshaller
STRING
false
true
JBOSS
Indicates the marshalling implementation used for serializing attributes of a session
remove Removes a distributable session management provider
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/distributable-web/hotrod-single-sign-on-management/index.html b/latest/wildscribe/subsystem/distributable-web/hotrod-single-sign-on-management/index.html
new file mode 100644
index 000000000..0e7048877
--- /dev/null
+++ b/latest/wildscribe/subsystem/distributable-web/hotrod-single-sign-on-management/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/distributable-web/index.html b/latest/wildscribe/subsystem/distributable-web/index.html
new file mode 100644
index 000000000..a342c2b88
--- /dev/null
+++ b/latest/wildscribe/subsystem/distributable-web/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/local/index.html b/latest/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/local/index.html
new file mode 100644
index 000000000..a1104bce4
--- /dev/null
+++ b/latest/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/local/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/none/index.html b/latest/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/none/index.html
new file mode 100644
index 000000000..d9b54a4c5
--- /dev/null
+++ b/latest/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/none/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/primary-owner/index.html b/latest/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/primary-owner/index.html
new file mode 100644
index 000000000..b8d49816c
--- /dev/null
+++ b/latest/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/primary-owner/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/ranked/index.html b/latest/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/ranked/index.html
new file mode 100644
index 000000000..57c721cb5
--- /dev/null
+++ b/latest/wildscribe/subsystem/distributable-web/infinispan-session-management/affinity/ranked/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Web requests will have an affinity for the first available member in a list containing primary and backup owners, and the member that last handled a given session
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/distributable-web/infinispan-session-management/index.html b/latest/wildscribe/subsystem/distributable-web/infinispan-session-management/index.html
new file mode 100644
index 000000000..9d26b2ca8
--- /dev/null
+++ b/latest/wildscribe/subsystem/distributable-web/infinispan-session-management/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
local Web requests will have an affinity for the member that last handled a given session
none Web requests will not have an affinity for any cluster member
primary-owner Web requests will have an affinity for the primary owner of a given session
ranked Web requests will have an affinity for the first available member in a list containing primary and backup owners, and the member that last handled a given session
granularity Defines the strategy for persisting the attributes of a session
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
SESSION ATTRIBUTE
marshaller Indicates the marshalling implementation used for serializing attributes of a session
Attribute
Value
Default Value
JBOSS
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
JBOSS PROTOSTREAM
Operations (2)
add Adds a distributable session management provider
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
cache-container
STRING
true
false
The name of the cache container associated with this provider
cache
STRING
false
false
The name of the cache associated with this provider
granularity
STRING
true
true
Defines the strategy for persisting the attributes of a session
marshaller
STRING
false
true
JBOSS
Indicates the marshalling implementation used for serializing attributes of a session
remove Removes a distributable session management provider
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/distributable-web/infinispan-single-sign-on-management/index.html b/latest/wildscribe/subsystem/distributable-web/infinispan-single-sign-on-management/index.html
new file mode 100644
index 000000000..1d09073af
--- /dev/null
+++ b/latest/wildscribe/subsystem/distributable-web/infinispan-single-sign-on-management/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/distributable-web/routing/infinispan/index.html b/latest/wildscribe/subsystem/distributable-web/routing/infinispan/index.html
new file mode 100644
index 000000000..d6014c4f9
--- /dev/null
+++ b/latest/wildscribe/subsystem/distributable-web/routing/infinispan/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/distributable-web/routing/local/index.html b/latest/wildscribe/subsystem/distributable-web/routing/local/index.html
new file mode 100644
index 000000000..0ffed8e6d
--- /dev/null
+++ b/latest/wildscribe/subsystem/distributable-web/routing/local/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ee-security/index.html b/latest/wildscribe/subsystem/ee-security/index.html
new file mode 100644
index 000000000..da4a3df87
--- /dev/null
+++ b/latest/wildscribe/subsystem/ee-security/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove Operation removing the EE Security subsystem
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ee/context-service/index.html b/latest/wildscribe/subsystem/ee/context-service/index.html
new file mode 100644
index 000000000..15e04ae28
--- /dev/null
+++ b/latest/wildscribe/subsystem/ee/context-service/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Has no effect in a server running the current version. A Context Service configured via the server configuration uses the default ContextServiceDefinition configuration, which is cleared = Transaction (equivalent to use-transaction-setup-provider=true, i.e. any tx in the thread is suspended before and resumed after), propagated = All Remaining, unchanged = none. To use a different ContextService you need to define it on the deployment, through XML or the ContextServiceDefinition annotation.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ee/global-directory/index.html b/latest/wildscribe/subsystem/ee/global-directory/index.html
new file mode 100644
index 000000000..2677b3723
--- /dev/null
+++ b/latest/wildscribe/subsystem/ee/global-directory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
path The path of the directory to scan. It is treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise, the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
relative-to The name of another previously named path, or one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
The path of the directory to scan. It is treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise, the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
relative-to
STRING
false
false
The name of another previously named path, or one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ee/index.html b/latest/wildscribe/subsystem/ee/index.html
new file mode 100644
index 000000000..2a4a3de78
--- /dev/null
+++ b/latest/wildscribe/subsystem/ee/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
ear-subdeployments-isolated Flag indicating whether each of the subdeployments within a .ear can access classes belonging to another subdeployment within the same .ear. A value of false means the subdeployments can see classes belonging to other subdeployments within the .ear.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
global-modules A list of modules that should be made available to all deployments.
spec-descriptor-property-replacement Flag indicating whether descriptors defined by the Jakarta EE specification will have property replacements applied
Flag indicating whether Jakarta EE annotations will have property replacements applied
ear-subdeployments-isolated
BOOLEAN
false
true
false
Flag indicating whether each of the subdeployments within a .ear can access classes belonging to another subdeployment within the same .ear. A value of false means the subdeployments can see classes belonging to other subdeployments within the .ear.
global-modules
LIST
false
false
A list of modules that should be made available to all deployments.
jboss-descriptor-property-replacement
BOOLEAN
false
true
true
Flag indicating whether JBoss specific deployment descriptors will have property replacements applied
spec-descriptor-property-replacement
BOOLEAN
false
true
true
Flag indicating whether descriptors defined by the Jakarta EE specification will have property replacements applied
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ee/managed-executor-service/index.html b/latest/wildscribe/subsystem/ee/managed-executor-service/index.html
new file mode 100644
index 000000000..04ac4c6de
--- /dev/null
+++ b/latest/wildscribe/subsystem/ee/managed-executor-service/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
core-threads The minimum number of threads to be used by the executor. If left undefined the default core-size is calculated based on the number of processors. A value of zero is not advised and in some cases invalid. See the queue-length attribute for details on how this value is used to determine the queuing strategy.
hung-task-termination-period The period, in milliseconds, for attempting hung tasks automatic termination, by cancelling such tasks, and interrupting their executing threads. If value is 0, which is the default, hung tasks are never cancelled.
Attribute
Value
Default Value
0
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
hung-task-threshold The runtime, in milliseconds, for tasks to be considered hung by the managed executor service. If value is 0 tasks are never considered hung.
jndi-name The JNDI Name to lookup the managed executor service.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
keepalive-time When the number of threads is greater than the core, this is the maximum time, in milliseconds, that excess idle threads will wait for new tasks before terminating.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
long-running-tasks Flag which hints the duration of tasks executed by the executor.
max-threads The maximum number of threads to be used by the executor. If left undefined the value from core-size will be used. This value is ignored if an unbounded queue is used (only core-threads will be used in that case).
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
resource-services
queue-length The executors task queue capacity. A length of 0 means direct hand-off and possible rejection will occur. An undefined length (the default), or Integer.MAX_VALUE, indicates that an unbounded queue should be used. All other values specify an exact queue size. If an unbounded queue or direct hand-off is used, a core-threads value greater than zero is required.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
resource-services
reject-policy The policy to be applied to aborted tasks.
Attribute
Value
Default Value
ABORT
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
ABORT RETRY_ABORT
task-count The approximate total number of tasks that have ever been submitted for execution.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
thread-count The current number of executor threads.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
thread-factory The name of the thread factory to be used by the executor.
Deprecated Since 5.0.0
Deprecated, the executor's thread factory should be configured using attribute named thread-priority.
The name of the context service to be used by the executor.
core-threads
INT
false
true
The minimum number of threads to be used by the executor. If left undefined the default core-size is calculated based on the number of processors. A value of zero is not advised and in some cases invalid. See the queue-length attribute for details on how this value is used to determine the queuing strategy.
hung-task-termination-period
LONG
false
true
0
The period, in milliseconds, for attempting hung tasks automatic termination, by cancelling such tasks, and interrupting their executing threads. If value is 0, which is the default, hung tasks are never cancelled.
hung-task-threshold
LONG
false
true
0
The runtime, in milliseconds, for tasks to be considered hung by the managed executor service. If value is 0 tasks are never considered hung.
jndi-name
STRING
true
true
The JNDI Name to lookup the managed executor service.
keepalive-time
LONG
false
true
60000
When the number of threads is greater than the core, this is the maximum time, in milliseconds, that excess idle threads will wait for new tasks before terminating.
long-running-tasks
BOOLEAN
false
true
false
Flag which hints the duration of tasks executed by the executor.
max-threads
INT
false
true
The maximum number of threads to be used by the executor. If left undefined the value from core-size will be used. This value is ignored if an unbounded queue is used (only core-threads will be used in that case).
queue-length
INT
false
true
The executors task queue capacity. A length of 0 means direct hand-off and possible rejection will occur. An undefined length (the default), or Integer.MAX_VALUE, indicates that an unbounded queue should be used. All other values specify an exact queue size. If an unbounded queue or direct hand-off is used, a core-threads value greater than zero is required.
reject-policy
STRING
false
true
ABORT
The policy to be applied to aborted tasks.
thread-factory
STRING
false
false
The name of the thread factory to be used by the executor.
thread-priority
INT
false
true
5
The priority applied to threads created by the executor.
terminate-hung-tasks Attempts to terminate the executor's hung tasks, by cancelling such tasks, and interrupting their executing threads.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ee/managed-scheduled-executor-service/index.html b/latest/wildscribe/subsystem/ee/managed-scheduled-executor-service/index.html
new file mode 100644
index 000000000..4c8d79c8f
--- /dev/null
+++ b/latest/wildscribe/subsystem/ee/managed-scheduled-executor-service/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
core-threads The number of threads to be used by the scheduled executor, even if they are idle. If this is not defined or is set to 0, the core pool size will be calculated based on the number of available processors.
hung-task-termination-period The period, in milliseconds, for attempting hung tasks automatic termination, by cancelling such tasks, and interrupting their executing threads. If value is 0, which is the default, hung tasks are never cancelled.
Attribute
Value
Default Value
0
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
hung-task-threshold The runtime, in milliseconds, for tasks to be considered hung by the scheduled executor. If 0 tasks are never considered hung.
jndi-name The JNDI Name to lookup the managed scheduled executor service.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
keepalive-time When the number of threads is greater than the core, this is the maximum time, in milliseconds, that excess idle threads will wait for new tasks before terminating.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
long-running-tasks Flag which hints the duration of tasks executed by the scheduled executor.
The name of the context service to be used by the scheduled executor.
core-threads
INT
false
true
The number of threads to be used by the scheduled executor, even if they are idle. If this is not defined or is set to 0, the core pool size will be calculated based on the number of available processors.
hung-task-termination-period
LONG
false
true
0
The period, in milliseconds, for attempting hung tasks automatic termination, by cancelling such tasks, and interrupting their executing threads. If value is 0, which is the default, hung tasks are never cancelled.
hung-task-threshold
LONG
false
true
0
The runtime, in milliseconds, for tasks to be considered hung by the scheduled executor. If 0 tasks are never considered hung.
jndi-name
STRING
true
true
The JNDI Name to lookup the managed scheduled executor service.
keepalive-time
LONG
false
true
60000
When the number of threads is greater than the core, this is the maximum time, in milliseconds, that excess idle threads will wait for new tasks before terminating.
long-running-tasks
BOOLEAN
false
true
false
Flag which hints the duration of tasks executed by the scheduled executor.
reject-policy
STRING
false
true
ABORT
The policy to be applied to aborted tasks.
thread-factory
STRING
false
false
The name of the thread factory to be used by the scheduled executor.
thread-priority
INT
false
true
5
The priority applied to threads created by the executor.
terminate-hung-tasks Attempts to terminate the scheduled executor's hung tasks, by cancelling such tasks, and interrupting their executing threads.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ee/managed-thread-factory/index.html b/latest/wildscribe/subsystem/ee/managed-thread-factory/index.html
new file mode 100644
index 000000000..ed9470be3
--- /dev/null
+++ b/latest/wildscribe/subsystem/ee/managed-thread-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ee/service/default-bindings/index.html b/latest/wildscribe/subsystem/ee/service/default-bindings/index.html
new file mode 100644
index 000000000..5007e8dce
--- /dev/null
+++ b/latest/wildscribe/subsystem/ee/service/default-bindings/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
managed-thread-factory The JNDI name where the default EE Managed Thread Factory can be found
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Adds the JNDI names for the default EE bindings
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
context-service
STRING
false
true
The JNDI name where the default EE Context Service can be found
datasource
STRING
false
true
The JNDI name where the default EE Datasource can be found
jms-connection-factory
STRING
false
true
The JNDI name where the default EE JMS Connection Factory can be found
managed-executor-service
STRING
false
true
The JNDI name where the default EE Managed Executor Service can be found
managed-scheduled-executor-service
STRING
false
true
The JNDI name where the default EE Managed Scheduled Executor Service can be found
managed-thread-factory
STRING
false
true
The JNDI name where the default EE Managed Thread Factory can be found
remove Removes the JNDI names for the default EE bindings
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/application-security-domain/index.html b/latest/wildscribe/subsystem/ejb3/application-security-domain/index.html
new file mode 100644
index 000000000..dee9e8f66
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/application-security-domain/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a new application referenced security domain mapping
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
enable-jacc
BOOLEAN
false
false
false
Enable authorization using Jakarta Authorization
legacy-compliant-principal-propagation
BOOLEAN
false
false
true
Option to switch between legacy compliant principal propagation or Elytron principal propagation
security-domain
STRING
true
false
The Elytron security domain to be used by deployments that reference the mapped security domain
remove Remove the application referenced security domain mapping
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/cache/index.html b/latest/wildscribe/subsystem/ejb3/cache/index.html
new file mode 100644
index 000000000..fcf4b6b32
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/cache/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/cluster-passivation-store/index.html b/latest/wildscribe/subsystem/ejb3/cluster-passivation-store/index.html
new file mode 100644
index 000000000..54a3e4d89
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/cluster-passivation-store/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/distributable-cache/index.html b/latest/wildscribe/subsystem/ejb3/distributable-cache/index.html
new file mode 100644
index 000000000..60652a47d
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/distributable-cache/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/file-passivation-store/index.html b/latest/wildscribe/subsystem/ejb3/file-passivation-store/index.html
new file mode 100644
index 000000000..9f64b9ca4
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/file-passivation-store/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
SFSBs are no longer passivated eagerly, but only lazily as required by max-size
Attribute
Value
Default Value
SECONDS
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
NANOSECONDS MICROSECONDS MILLISECONDS SECONDS MINUTES HOURS DAYS
max-size The maximum number of beans this cache should store before forcing old beans to passivate
Attribute
Value
Default Value
100000
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
relative-to The root path used to store passivated beans
Deprecated Since 2.0.0
Use the relative-to attribute of the file-store of the relevant infinispan cache instead
Attribute
Value
Default Value
jboss.server.data.dir
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
sessions-path The subdirectory within the path specified by relative-to in which to store passivated beans
Deprecated Since 2.0.0
Beans and bean groups are no longer stored in distinct directories
Attribute
Value
Default Value
ejb3/sessions
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
subdirectory-count Specifies the number of subdirectories into which stored state should be divided, used to minimize the number of files created per directory
Deprecated Since 2.0.0
This is no longer configurable and will be ignored
The subdirectory within the path specified by relative-to in which to store passivated bean groups
idle-timeout
LONG
false
true
300
The timeout in units specified by idle-timeout-unit, after which a bean will passivate
idle-timeout-unit
STRING
false
true
SECONDS
The unit of idle-timeout
max-size
INT
false
true
100000
The maximum number of beans this cache should store before forcing old beans to passivate
relative-to
STRING
false
true
jboss.server.data.dir
The root path used to store passivated beans
sessions-path
STRING
false
true
ejb3/sessions
The subdirectory within the path specified by relative-to in which to store passivated beans
subdirectory-count
LONG
false
true
100
Specifies the number of subdirectories into which stored state should be divided, used to minimize the number of files created per directory
remove Removes a file system based passivation store
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/index.html b/latest/wildscribe/subsystem/ejb3/index.html
new file mode 100644
index 000000000..d984707c9
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allow-ejb-name-regex If this is true then regular expressions can be used in interceptor bindings to allow interceptors to be mapped to all beans that match the regular expression
default-clustered-sfsb-cache Name of the default stateful bean cache, which will be applicable to all clustered stateful Jakarta Enterprise Beans, unless overridden at the deployment or bean level
Deprecated Since 2.0.0
Not supported on current version servers; only allowed in managed domain profiles for use on servers running earlier versions.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-only
default-distinct-name The default distinct name that is applied to every Jakarta Enterprise Beans deployed on this server
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
default-entity-bean-instance-pool Name of the default entity bean instance pool, which will be applicable to all entity beans, unless overridden at the deployment or bean level
Deprecated Since 10.0.0
Not supported on current version servers; only allowed in managed domain profiles for use on servers running earlier versions.
Not supported on current version servers; only allowed in managed domain profiles for use on servers running earlier versions.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
default-mdb-instance-pool Name of the default MDB instance pool, which will be applicable to all MDBs, unless overridden at the deployment or bean level
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
default-missing-method-permissions-deny-access If this is set to true then methods on an Jakarta Enterprise Beans with a security domain specified or with other methods with security metadata will have an implicit @DenyAll unless other security metadata is present
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
default-resource-adapter-name Name of the default resource adapter name that will be used by MDBs, unless overridden at the deployment or bean level
Attribute
Value
Default Value
activemq-ra
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
default-security-domain The default security domain that will be used for Jakarta Enterprise Beans if the bean doesn't explicitly specify one
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
default-sfsb-cache Name of the default stateful bean cache, which will be applicable to all stateful Jakarta Enterprise Beans, unless overridden at the deployment or bean level
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
default-sfsb-passivation-disabled-cache Name of the default stateful bean cache, which will be applicable to all stateful Jakarta Enterprise Beans which have passivation disabled. Each deployment or Jakarta Enterprise Beans can optionally override this cache name.
default-slsb-instance-pool Name of the default stateless bean instance pool, which will be applicable to all stateless Jakarta Enterprise Beans, unless overridden at the deployment or bean level
default-stateful-bean-session-timeout The default session timeout for stateful beans. Modification to this attribute takes effect immediately for subsequent deployments; for Jakarta Enterprise Beans already deployed, redeploying is needed to use the new value.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
disable-default-ejb-permissions This deprecated attribute has no effect and will be removed in a future release; it may never be set to a "false" value
Deprecated Since 3.0.0
Adding default permissions to Jakarta Enterprise Beans deployments is no longer supported and this configuration attribute will be removed in a future release
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-graceful-txn-shutdown Enabling txn graceful shutdown will make the server wait for active remote Jakarta Enterprise Beans-related transactions to complete before suspending. For that reason, if the server is running on a cluster, the suspending cluster node may receive Jakarta Enterprise Beans requests until all active remote transactions are complete. To avoid this behavior, omit this tag. This attribute has no effect on local Jakarta Enterprise Beans-related transactions.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-statistics If set to true, enable the collection of invocation statistics. Deprecated in favour of "statistics-enabled"
Deprecated Since 5.0.0
If set to true, enable the collection of invocation statistics. Deprecated in favour of "statistics-enabled"
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
in-vm-remote-interface-invocation-pass-by-value If set to false, the parameters to invocations on remote interface of an Jakarta Enterprise Beans, will be passed by reference. Else, the parameters will be passed by value.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
log-system-exceptions If this is true then all Jakarta Enterprise Beans system (not application) exceptions will be logged. The Jakarta Enterprise Beans spec mandates this behaviour, however it is not recommended as it will often result in exceptions being logged twice (once by the Jakarta Enterprise Beans and once by the calling code)
If this is true then regular expressions can be used in interceptor bindings to allow interceptors to be mapped to all beans that match the regular expression
client-interceptors
LIST
false
false
Client interceptor definitions.
default-clustered-sfsb-cache
STRING
false
true
Name of the default stateful bean cache, which will be applicable to all clustered stateful Jakarta Enterprise Beans, unless overridden at the deployment or bean level
default-distinct-name
STRING
false
true
The default distinct name that is applied to every Jakarta Enterprise Beans deployed on this server
default-entity-bean-instance-pool
STRING
false
true
Name of the default entity bean instance pool, which will be applicable to all entity beans, unless overridden at the deployment or bean level
default-entity-bean-optimistic-locking
BOOLEAN
false
true
If set to true entity beans will use optimistic locking by default
default-mdb-instance-pool
STRING
false
true
Name of the default MDB instance pool, which will be applicable to all MDBs, unless overridden at the deployment or bean level
default-missing-method-permissions-deny-access
BOOLEAN
false
true
false
If this is set to true then methods on an Jakarta Enterprise Beans with a security domain specified or with other methods with security metadata will have an implicit @DenyAll unless other security metadata is present
default-resource-adapter-name
STRING
false
true
activemq-ra
Name of the default resource adapter name that will be used by MDBs, unless overridden at the deployment or bean level
default-security-domain
STRING
false
true
The default security domain that will be used for Jakarta Enterprise Beans if the bean doesn't explicitly specify one
default-sfsb-cache
STRING
false
true
Name of the default stateful bean cache, which will be applicable to all stateful Jakarta Enterprise Beans, unless overridden at the deployment or bean level
default-sfsb-passivation-disabled-cache
STRING
false
true
Name of the default stateful bean cache, which will be applicable to all stateful Jakarta Enterprise Beans which have passivation disabled. Each deployment or Jakarta Enterprise Beans can optionally override this cache name.
default-singleton-bean-access-timeout
LONG
false
true
5000
The default access timeout for singleton beans
default-slsb-instance-pool
STRING
false
true
Name of the default stateless bean instance pool, which will be applicable to all stateless Jakarta Enterprise Beans, unless overridden at the deployment or bean level
default-stateful-bean-access-timeout
LONG
false
true
5000
The default access timeout for stateful beans
default-stateful-bean-session-timeout
LONG
false
true
The default session timeout for stateful beans. Modification to this attribute takes effect immediately for subsequent deployments; for Jakarta Enterprise Beans already deployed, redeploying is needed to use the new value.
disable-default-ejb-permissions
BOOLEAN
false
true
true
This deprecated attribute has no effect and will be removed in a future release; it may never be set to a "false" value
enable-graceful-txn-shutdown
BOOLEAN
false
true
false
Enabling txn graceful shutdown will make the server wait for active remote Jakarta Enterprise Beans-related transactions to complete before suspending. For that reason, if the server is running on a cluster, the suspending cluster node may receive Jakarta Enterprise Beans requests until all active remote transactions are complete. To avoid this behavior, omit this tag. This attribute has no effect on local Jakarta Enterprise Beans-related transactions.
enable-statistics
BOOLEAN
false
true
If set to true, enable the collection of invocation statistics. Deprecated in favour of "statistics-enabled"
in-vm-remote-interface-invocation-pass-by-value
BOOLEAN
false
true
true
If set to false, the parameters to invocations on remote interface of an Jakarta Enterprise Beans, will be passed by reference. Else, the parameters will be passed by value.
log-system-exceptions
BOOLEAN
false
true
true
If this is true then all Jakarta Enterprise Beans system (not application) exceptions will be logged. The Jakarta Enterprise Beans spec mandates this behaviour, however it is not recommended as it will often result in exceptions being logged twice (once by the Jakarta Enterprise Beans and once by the calling code)
server-interceptors
LIST
false
false
Server interceptor definitions.
statistics-enabled
BOOLEAN
false
true
false
If set to true, enable the collection of invocation statistics.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/mdb-delivery-group/index.html b/latest/wildscribe/subsystem/ejb3/mdb-delivery-group/index.html
new file mode 100644
index 000000000..a5fd1579e
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/mdb-delivery-group/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/passivation-store/index.html b/latest/wildscribe/subsystem/ejb3/passivation-store/index.html
new file mode 100644
index 000000000..0ed3001c0
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/passivation-store/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/remoting-profile/index.html b/latest/wildscribe/subsystem/ejb3/remoting-profile/index.html
new file mode 100644
index 000000000..80a4c5b93
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/remoting-profile/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/remoting-profile/remote-http-connection/index.html b/latest/wildscribe/subsystem/ejb3/remoting-profile/remote-http-connection/index.html
new file mode 100644
index 000000000..1c0548df2
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/remoting-profile/remote-http-connection/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/remoting-profile/remoting-ejb-receiver/channel-creation-options/index.html b/latest/wildscribe/subsystem/ejb3/remoting-profile/remoting-ejb-receiver/channel-creation-options/index.html
new file mode 100644
index 000000000..59ac5129b
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/remoting-profile/remoting-ejb-receiver/channel-creation-options/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
value The value for the Jakarta Enterprise Beans remote channel creation option
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds an Jakarta Enterprise Beans remote channel creation option
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
type
STRING
true
false
The type of the channel creation option
value
STRING
false
true
The value for the Jakarta Enterprise Beans remote channel creation option
remove Removes an Jakarta Enterprise Beans remote channel creation option
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/remoting-profile/remoting-ejb-receiver/index.html b/latest/wildscribe/subsystem/ejb3/remoting-profile/remoting-ejb-receiver/index.html
new file mode 100644
index 000000000..16200c8fc
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/remoting-profile/remoting-ejb-receiver/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Adds a remoting ejb receiver reference to the profile
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
connect-timeout
LONG
false
true
5000
Remoting ejb receiver connect timeout
outbound-connection-ref
STRING
true
true
Name of outbound connection that will be used by the ejb receiver
remove Removes a remoting ejb receiver reference from the profile
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/service/async/index.html b/latest/wildscribe/subsystem/ejb3/service/async/index.html
new file mode 100644
index 000000000..67b79c447
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/service/async/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Adds the Enterprise Beans 3 Asynchronous Invocation Service
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
thread-pool-name
STRING
false
true
The name of the thread pool which handles asynchronous invocations
remove Removes the Enterprise Beans 3 Asynchronous Invocation Service
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/service/identity/index.html b/latest/wildscribe/subsystem/ejb3/service/identity/index.html
new file mode 100644
index 000000000..64de2b0be
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/service/identity/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/service/iiop/index.html b/latest/wildscribe/subsystem/ejb3/service/iiop/index.html
new file mode 100644
index 000000000..4070a6fd0
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/service/iiop/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
enable-by-default If this is true Jakarta Enterprise Beans's will be exposed over IIOP by default, otherwise it needs to be explicitly enabled in the deployment descriptor
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
use-qualified-name If true Jakarta Enterprise Beans names will be bound into the naming service with the application and module name prepended to the name (e.g. myapp/mymodule/MyEjb)
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Adds IIOP support to the Enterprise Beans 3 subsystem
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
enable-by-default
BOOLEAN
true
true
If this is true Jakarta Enterprise Beans's will be exposed over IIOP by default, otherwise it needs to be explicitly enabled in the deployment descriptor
use-qualified-name
BOOLEAN
true
true
If true Jakarta Enterprise Beans names will be bound into the naming service with the application and module name prepended to the name (e.g. myapp/mymodule/MyEjb)
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/service/remote/channel-creation-options/index.html b/latest/wildscribe/subsystem/ejb3/service/remote/channel-creation-options/index.html
new file mode 100644
index 000000000..f346e3906
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/service/remote/channel-creation-options/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
value The value for the Jakarta Enterprise Beans remote channel creation option
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds an Jakarta Enterprise Beans remote channel creation option
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
type
STRING
false
false
The type of the channel creation option
value
STRING
false
true
The value for the Jakarta Enterprise Beans remote channel creation option
remove Removes an Jakarta Enterprise Beans remote channel creation option
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/service/remote/index.html b/latest/wildscribe/subsystem/ejb3/service/remote/index.html
new file mode 100644
index 000000000..1bdc3518f
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/service/remote/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
cluster The name of the clustered cache container which will be used to store/access the client-mappings of the Jakarta Enterprise Beans remoting connector's socket-binding on each node, in the cluster
Deprecated Since 10.0.0
The cluster attribute has been superseded by the client-mappings-registry element of the distributable-ejb subsystem and will be removed in a future release.
execute-in-worker If this is true the Jakarta Enterprise Beans request will be executed in the IO subsystems worker, otherwise it will dispatch to the Jakarta Enterprise Beans thread pool
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
thread-pool-name The name of the thread pool that handles remote invocations
The name of the clustered cache container which will be used to store/access the client-mappings of the Jakarta Enterprise Beans remoting connector's socket-binding on each node, in the cluster
connector-ref
STRING
false
false
The name of the connector on which the Enterprise Beans 3 remoting channel is registered.
connectors
LIST
true
false
A list of names of connectors on which the Enterprise Beans 3 invocations are received.
execute-in-worker
BOOLEAN
false
true
true
If this is true the Jakarta Enterprise Beans request will be executed in the IO subsystems worker, otherwise it will dispatch to the Jakarta Enterprise Beans thread pool
thread-pool-name
STRING
false
true
The name of the thread pool that handles remote invocations
remove Removes the Enterprise Beans 3 remote service
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/service/timer-service/database-data-store/index.html b/latest/wildscribe/subsystem/ejb3/service/timer-service/database-data-store/index.html
new file mode 100644
index 000000000..a89019dda
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/service/timer-service/database-data-store/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allow-execution If this node is allowed to execute timers. If this is false then the timers will be added to the database, and another node may execute them. Note that depending on your refresh interval if you add timers with a very short delay they will not be executed until another node refreshes.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
database The type of database that is in use. SQL can be customised per database type. Common values are: postgresql, mysql, mariadb, db2, hsql, h2, oracle, mssql and sybase.
partition The partition name. This should be set to a different value for every node that is sharing a database to prevent the same timer being loaded by multiple noded.
Attribute
Value
Default Value
default
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
refresh-interval Interval between refreshing the current timer set against the underlying database. A low value means timers get picked up more quickly, but increase load on the database.
If this node is allowed to execute timers. If this is false then the timers will be added to the database, and another node may execute them. Note that depending on your refresh interval if you add timers with a very short delay they will not be executed until another node refreshes.
database
STRING
false
true
The type of database that is in use. SQL can be customised per database type. Common values are: postgresql, mysql, mariadb, db2, hsql, h2, oracle, mssql and sybase.
datasource-jndi-name
STRING
true
true
The datasource that is used to persist the timers
partition
STRING
false
true
default
The partition name. This should be set to a different value for every node that is sharing a database to prevent the same timer being loaded by multiple noded.
refresh-interval
INT
false
true
-1
Interval between refreshing the current timer set against the underlying database. A low value means timers get picked up more quickly, but increase load on the database.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/service/timer-service/file-data-store/index.html b/latest/wildscribe/subsystem/ejb3/service/timer-service/file-data-store/index.html
new file mode 100644
index 000000000..12551ff21
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/service/timer-service/file-data-store/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
type
STRING
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/service/timer-service/index.html b/latest/wildscribe/subsystem/ejb3/service/timer-service/index.html
new file mode 100644
index 000000000..20ea45ac2
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/service/timer-service/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/simple-cache/index.html b/latest/wildscribe/subsystem/ejb3/simple-cache/index.html
new file mode 100644
index 000000000..02d149fae
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/simple-cache/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/strict-max-bean-instance-pool/index.html b/latest/wildscribe/subsystem/ejb3/strict-max-bean-instance-pool/index.html
new file mode 100644
index 000000000..49de5a365
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/strict-max-bean-instance-pool/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
derive-size Specifies if and what the max pool size should be derived from. An undefined value (or the deprecated value 'none' which is converted to undefined) indicates that the explicit value of max-pool-size should be used. A value of 'from-worker-pools' indicates that the max pool size should be derived from the size of the total threads for all worker pools configured on the system. A value of 'from-cpu-count' indicates that the max pool size should be derived from the total number of processors available on the system. Note that the computation isn't a 1:1 mapping, the values may or may not be augmented by other factors.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
from-worker-pools from-cpu-count
derived-size Derived maximum number of bean instances that the pool can hold at a given point in time
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
max-pool-size Configured maximum number of bean instances that the pool can hold at a given point in time
Attribute
Value
Default Value
20
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
timeout The maximum amount of time to wait for a bean instance to be available from the pool
Attribute
Value
Default Value
5
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
timeout-unit The instance acquisition timeout unit
Attribute
Value
Default Value
MINUTES
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
NANOSECONDS MICROSECONDS MILLISECONDS SECONDS MINUTES HOURS DAYS
Operations (2)
add Adds a bean instance pool which has a strict upper limit for bean instances
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
derive-size
STRING
false
true
Specifies if and what the max pool size should be derived from. An undefined value (or the deprecated value 'none' which is converted to undefined) indicates that the explicit value of max-pool-size should be used. A value of 'from-worker-pools' indicates that the max pool size should be derived from the size of the total threads for all worker pools configured on the system. A value of 'from-cpu-count' indicates that the max pool size should be derived from the total number of processors available on the system. Note that the computation isn't a 1:1 mapping, the values may or may not be augmented by other factors.
max-pool-size
INT
false
true
20
Configured maximum number of bean instances that the pool can hold at a given point in time
timeout
LONG
false
true
5
The maximum amount of time to wait for a bean instance to be available from the pool
timeout-unit
STRING
false
true
MINUTES
The instance acquisition timeout unit
remove Removes a specific bean instance pool which has a strict upper limit for bean instances
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/ejb3/thread-pool/index.html b/latest/wildscribe/subsystem/ejb3/thread-pool/index.html
new file mode 100644
index 000000000..e1cbf7371
--- /dev/null
+++ b/latest/wildscribe/subsystem/ejb3/thread-pool/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A thread pool executor with an enhanced queue. In such a thread pool, its core and max size are configured independently, idle threads are always reused when available, and threads count is kept to a minimum.
active-count The approximate number of threads that are actively executing tasks.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
completed-task-count The approximate total number of tasks that have completed execution.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
core-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
largest-thread-count The largest number of threads that have ever simultaneously been in the pool.
rejected-count The number of tasks that have been rejected.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
task-count The approximate total number of tasks that have ever been scheduled for execution.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
thread-factory Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time
OBJECT
false
false
Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
max-threads
INT
true
true
The maximum thread pool size.
thread-factory
STRING
false
false
Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron-oidc-client/index.html b/latest/wildscribe/subsystem/elytron-oidc-client/index.html
new file mode 100644
index 000000000..e9aa258b4
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron-oidc-client/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
provider Configuration for an OpenID Connect provider. If you have multiple deployments secured by the same OpenID provider you can share the provider configuration here.
realm Configuration for a Keycloak realm. If you have multiple deployments secured by the same realm you can share the realm configuration here.
secure-deployment A deployment secured by an OpenID Connect provider.
secure-server Configuration used to secure the management console using Keycloak.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron-oidc-client/provider/index.html b/latest/wildscribe/subsystem/elytron-oidc-client/provider/index.html
new file mode 100644
index 000000000..106ece00a
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron-oidc-client/provider/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configuration for an OpenID Connect provider. If you have multiple deployments secured by the same OpenID provider you can share the provider configuration here.
Attributes (32)
allow-any-hostname If set to 'true', hostname verification is skipped when communicating with the OpenID provider over HTTPS. This can be useful in testing environments. This should never be set to 'true' in production environments as it disables verification of SSL certificates.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
always-refresh-token If set to 'true', the subsystem refreshes the token every time your application receives a web request, and a new request is sent to the OpenID provider to obtain a new access token. This can result in a higher load on the OpenID provider and may impact the performance of the application.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auth-server-url The base URL of the Keycloak authorization server. This is Keycloak-specific. It is recommended to use the 'provider-url' instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
autodetect-bearer-only Whether to auto-detect SOAP or REST clients based on headers like 'X-Requested-With', 'SOAPAction' or 'Accept'. If set to 'true', the subsystem sends an HTTP 401 status code to unauthenticated SOAP or REST clients instead of redirecting them to the OpenID provider login page. Set the value to 'true' if your application serves both applications and web services.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-key-password The password for the client key. This is required if 'client-keystore' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore The path to the client keystore to use when communicating with the OpenID provider over HTTPS. This is optional.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-password The password for the client keystore. This is required if 'client-keystore' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
confidential-port The confidential port used by the OpenID provider when communicating securely over SSL/TLS.
Attribute
Value
Default Value
8443
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-pool-size The connection pool size to use when communicating with the OpenID provider.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-timeout-millis The timeout for establishing a connection with the remote host in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-ttl-millis The amount of time in milliseconds for the connection to be kept alive. A value less than or equal to zero is interpreted as an infinite value.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-allowed-headers If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-allowed-methods If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Methods' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-exposed-headers If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Expose-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-max-age If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Max-Age' header. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
disable-trust-manager Whether or not to make use of a trust manager when communicating with the OpenID provider over HTTPS. This is optional. This should be set to 'true' only during development and never in production as it disables verification of SSL certificates.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-cors Enable the Keycloak Cross-Origin Resource Sharing (CORS) support. This is optional. This is Keycloak-specific.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
expose-token If set to 'true', an authenticated browser client can obtain the signed access token (through a Javascript HTTP invocation) via the URL 'root/k_query_bearer_token'. This is optional.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
ignore-oauth-query-parameter Disable query parameter parsing for the 'access_token'. Users will not be able to authenticate if they only pass in an 'access_token'.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
principal-attribute Indicates which value from the ID token to use as the principal for the identity. The principal defaults to the value of the 'sub' if the token attribute is null.
proxy-url The URL for the HTTP proxy if one is used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
realm-public-key The public key of the OpenID provider in PEM format. This is optional. It is not recommended to set it. If the public key is not set, the subsystem downloads the public key from the OpenID provider when needed. If the public key is set, the subsystem never downloads new keys from the OpenID provider, breaking the subsystem when the OpenID provider rotates its keys.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
register-node-at-startup If set to 'true', the subsystem sends a registration request to the OpenID provider. This attribute is useful only when your application is clustered.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
register-node-period If 'register-node-at-startup' is set to 'true', this specifies the frequency (in seconds) at which the node should be re-registered.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
socket-timeout-millis The timeout for the socket waiting for data after establishing the connection in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
ssl-required Whether the communication with the OpenID provider should be over HTTPS. Valid values are: 'all' - to always require HTTPS, 'external' - to only require HTTPS for external requests, 'none' - if HTTPS is not required. This should be set to 'all' in production environments.
token-store Defines whether to store account information in an HTTP session or in a cookie.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
truststore The path to the truststore to use when communicating with Keycloak over HTTPS. Prefix the path with 'classpath:' to obtain the truststore from the deployment's classpath.
verify-token-audience If set to 'true', then during bearer-only authentication, the subsystem verifies if the token contains the client name defined as an audience. It is recommended to set the value to 'true' for improved security.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Add an OpenID provider definition to the subsystem.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
allow-any-hostname
BOOLEAN
false
true
false
If set to 'true', hostname verification is skipped when communicating with the OpenID provider over HTTPS. This can be useful in testing environments. This should never be set to 'true' in production environments as it disables verification of SSL certificates.
always-refresh-token
BOOLEAN
false
true
false
If set to 'true', the subsystem refreshes the token every time your application receives a web request, and a new request is sent to the OpenID provider to obtain a new access token. This can result in a higher load on the OpenID provider and may impact the performance of the application.
auth-server-url
STRING
false
true
The base URL of the Keycloak authorization server. This is Keycloak-specific. It is recommended to use the 'provider-url' instead.
autodetect-bearer-only
BOOLEAN
false
true
false
Whether to auto-detect SOAP or REST clients based on headers like 'X-Requested-With', 'SOAPAction' or 'Accept'. If set to 'true', the subsystem sends an HTTP 401 status code to unauthenticated SOAP or REST clients instead of redirecting them to the OpenID provider login page. Set the value to 'true' if your application serves both applications and web services.
client-key-password
STRING
false
true
The password for the client key. This is required if 'client-keystore' has been specified.
client-keystore
STRING
false
true
The path to the client keystore to use when communicating with the OpenID provider over HTTPS. This is optional.
client-keystore-password
STRING
false
true
The password for the client keystore. This is required if 'client-keystore' has been specified.
confidential-port
INT
false
true
8443
The confidential port used by the OpenID provider when communicating securely over SSL/TLS.
connection-pool-size
INT
false
true
The connection pool size to use when communicating with the OpenID provider.
connection-timeout-millis
LONG
false
true
The timeout for establishing a connection with the remote host in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
connection-ttl-millis
LONG
false
true
The amount of time in milliseconds for the connection to be kept alive. A value less than or equal to zero is interpreted as an infinite value.
cors-allowed-headers
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-allowed-methods
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Methods' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-exposed-headers
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Expose-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-max-age
INT
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Max-Age' header. If not set, this header is not returned in CORS responses.
disable-trust-manager
BOOLEAN
false
true
false
Whether or not to make use of a trust manager when communicating with the OpenID provider over HTTPS. This is optional. This should be set to 'true' only during development and never in production as it disables verification of SSL certificates.
enable-cors
BOOLEAN
false
true
false
Enable the Keycloak Cross-Origin Resource Sharing (CORS) support. This is optional. This is Keycloak-specific.
expose-token
BOOLEAN
false
true
false
If set to 'true', an authenticated browser client can obtain the signed access token (through a Javascript HTTP invocation) via the URL 'root/k_query_bearer_token'. This is optional.
ignore-oauth-query-parameter
BOOLEAN
false
true
false
Disable query parameter parsing for the 'access_token'. Users will not be able to authenticate if they only pass in an 'access_token'.
principal-attribute
STRING
false
true
Indicates which value from the ID token to use as the principal for the identity. The principal defaults to the value of the 'sub' if the token attribute is null.
provider-url
STRING
false
true
The OpenID provider URL.
proxy-url
STRING
false
true
The URL for the HTTP proxy if one is used.
realm-public-key
STRING
false
true
The public key of the OpenID provider in PEM format. This is optional. It is not recommended to set it. If the public key is not set, the subsystem downloads the public key from the OpenID provider when needed. If the public key is set, the subsystem never downloads new keys from the OpenID provider, breaking the subsystem when the OpenID provider rotates its keys.
register-node-at-startup
BOOLEAN
false
true
false
If set to 'true', the subsystem sends a registration request to the OpenID provider. This attribute is useful only when your application is clustered.
register-node-period
INT
false
true
If 'register-node-at-startup' is set to 'true', this specifies the frequency (in seconds) at which the node should be re-registered.
socket-timeout-millis
LONG
false
true
The timeout for the socket waiting for data after establishing the connection in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
ssl-required
STRING
false
true
external
Whether the communication with the OpenID provider should be over HTTPS. Valid values are: 'all' - to always require HTTPS, 'external' - to only require HTTPS for external requests, 'none' - if HTTPS is not required. This should be set to 'all' in production environments.
token-signature-algorithm
STRING
false
true
RS256
The token signature algorithm used by the OpenID provider.
token-store
STRING
false
true
Defines whether to store account information in an HTTP session or in a cookie.
truststore
STRING
false
true
The path to the truststore to use when communicating with Keycloak over HTTPS. Prefix the path with 'classpath:' to obtain the truststore from the deployment's classpath.
truststore-password
STRING
false
true
The password for the truststore.
verify-token-audience
BOOLEAN
false
true
false
If set to 'true', then during bearer-only authentication, the subsystem verifies if the token contains the client name defined as an audience. It is recommended to set the value to 'true' for improved security.
remove Remove an OpenID provider from the subsystem.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron-oidc-client/realm/index.html b/latest/wildscribe/subsystem/elytron-oidc-client/realm/index.html
new file mode 100644
index 000000000..14a9b36eb
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron-oidc-client/realm/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configuration for a Keycloak realm. If you have multiple deployments secured by the same realm you can share the realm configuration here.
Attributes (32)
allow-any-hostname If set to 'true', hostname verification will be skipped when communicating with Keycloak over HTTPS. This can be useful in testing environments. This should never be set to 'true' in production environments as it disables verification of SSL certificates.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
always-refresh-token If set to 'true', the subsystem refreshes the token every time your application receives a web request, and a new request is sent to Keycloak to obtain a new access token. This can result in a higher load on the Keycloak and may impact the performance of the application.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auth-server-url The base URL of the Keycloak authorization server. It is recommended to use the 'provider-url' instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
autodetect-bearer-only Whether to auto-detect SOAP or REST clients based on headers like 'X-Requested-With', 'SOAPAction' or 'Accept'. If set to 'true', the subsystem sends an HTTP 401 status code to unauthenticated SOAP or REST clients instead of redirecting them to the Keycloak login page. Set the value to 'true' if your application serves both applications and web services.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-key-password The password for the client key. This is required if 'client-keystore' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore The path to the client keystore to use when communicating with Keycloak over HTTPS. This is optional.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-password The password for the client keystore. This is required if 'client-keystore' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
confidential-port The confidential port used by Keycloak when communicating securely over SSL/TLS.
Attribute
Value
Default Value
8443
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-pool-size The connection pool size to use when communicating with Keycloak.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-timeout-millis The timeout for establishing a connection with the remote host in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-ttl-millis The amount of time in milliseconds for the connection to be kept alive. A value less than or equal to zero is interpreted as an infinite value.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-allowed-headers If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-allowed-methods If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Methods' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-exposed-headers If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Expose-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-max-age If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Max-Age' header. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
disable-trust-manager Whether or not to make use of a trust manager when communicating with Keycloak over HTTPS. This is optional. This should be set to 'true' only during development and never in production as it disables verification of SSL certificates.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-cors Enable the Keycloak Cross-Origin Resource Sharing (CORS) support. This is optional.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
expose-token If set to 'true', an authenticated browser client can obtain the signed access token (through a Javascript HTTP invocation) via the URL 'root/k_query_bearer_token'. This is optional.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
ignore-oauth-query-parameter Disable query parameter parsing for the 'access_token'. Users will not be able to authenticate if they only pass in an 'access_token'.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
principal-attribute Indicates which value from the ID token to use as the principal for the identity. The principal defaults to the value of the 'sub' if the token attribute is null.
proxy-url The URL for the HTTP proxy if one is used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
realm-public-key The public key of the Keycloak realm in PEM format. This is optional. It is not recommended to set it. If the public key is not set, the subsystem downloads the public key from Keycloak when needed. If the public key is set, the subsystem never downloads new keys from Keycloak, breaking the subsystem when Keycloak rotates its keys.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
register-node-at-startup If set to 'true', the subsystem sends a registration request to Keycloak. This attribute is useful only when your application is clustered.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
register-node-period If 'register-node-at-startup' is set to 'true', this specifies the frequency (in seconds) at which the node should be re-registered.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
socket-timeout-millis The timeout for the socket waiting for data after establishing the connection in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
ssl-required Whether the communication with Keycloak should be over HTTPS. Valid values are: 'all' - to always require HTTPS, 'external' - to only require HTTPS for external requests, 'none' - if HTTPS is not required. This should be set to 'all' in production environments.
token-store Defines whether to store account information in an HTTP session or in a cookie.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
truststore The path to the truststore to use when communicating with Keycloak over HTTPS. Prefix the path with 'classpath:' to obtain the truststore from the deployment's classpath.
verify-token-audience If set to 'true', then during bearer-only authentication, the subsystem verifies if the token contains the client name defined as an audience. It is recommended to set to 'true' for improved security.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Add a Keycloak realm definition to the subsystem.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
allow-any-hostname
BOOLEAN
false
true
false
If set to 'true', hostname verification will be skipped when communicating with Keycloak over HTTPS. This can be useful in testing environments. This should never be set to 'true' in production environments as it disables verification of SSL certificates.
always-refresh-token
BOOLEAN
false
true
false
If set to 'true', the subsystem refreshes the token every time your application receives a web request, and a new request is sent to Keycloak to obtain a new access token. This can result in a higher load on the Keycloak and may impact the performance of the application.
auth-server-url
STRING
false
true
The base URL of the Keycloak authorization server. It is recommended to use the 'provider-url' instead.
autodetect-bearer-only
BOOLEAN
false
true
false
Whether to auto-detect SOAP or REST clients based on headers like 'X-Requested-With', 'SOAPAction' or 'Accept'. If set to 'true', the subsystem sends an HTTP 401 status code to unauthenticated SOAP or REST clients instead of redirecting them to the Keycloak login page. Set the value to 'true' if your application serves both applications and web services.
client-key-password
STRING
false
true
The password for the client key. This is required if 'client-keystore' has been specified.
client-keystore
STRING
false
true
The path to the client keystore to use when communicating with Keycloak over HTTPS. This is optional.
client-keystore-password
STRING
false
true
The password for the client keystore. This is required if 'client-keystore' has been specified.
confidential-port
INT
false
true
8443
The confidential port used by Keycloak when communicating securely over SSL/TLS.
connection-pool-size
INT
false
true
The connection pool size to use when communicating with Keycloak.
connection-timeout-millis
LONG
false
true
The timeout for establishing a connection with the remote host in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
connection-ttl-millis
LONG
false
true
The amount of time in milliseconds for the connection to be kept alive. A value less than or equal to zero is interpreted as an infinite value.
cors-allowed-headers
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-allowed-methods
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Methods' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-exposed-headers
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Expose-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-max-age
INT
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Max-Age' header. If not set, this header is not returned in CORS responses.
disable-trust-manager
BOOLEAN
false
true
false
Whether or not to make use of a trust manager when communicating with Keycloak over HTTPS. This is optional. This should be set to 'true' only during development and never in production as it disables verification of SSL certificates.
enable-cors
BOOLEAN
false
true
false
Enable the Keycloak Cross-Origin Resource Sharing (CORS) support. This is optional.
expose-token
BOOLEAN
false
true
false
If set to 'true', an authenticated browser client can obtain the signed access token (through a Javascript HTTP invocation) via the URL 'root/k_query_bearer_token'. This is optional.
ignore-oauth-query-parameter
BOOLEAN
false
true
false
Disable query parameter parsing for the 'access_token'. Users will not be able to authenticate if they only pass in an 'access_token'.
principal-attribute
STRING
false
true
Indicates which value from the ID token to use as the principal for the identity. The principal defaults to the value of the 'sub' if the token attribute is null.
provider-url
STRING
false
true
The OpenID provider URL.
proxy-url
STRING
false
true
The URL for the HTTP proxy if one is used.
realm-public-key
STRING
false
true
The public key of the Keycloak realm in PEM format. This is optional. It is not recommended to set it. If the public key is not set, the subsystem downloads the public key from Keycloak when needed. If the public key is set, the subsystem never downloads new keys from Keycloak, breaking the subsystem when Keycloak rotates its keys.
register-node-at-startup
BOOLEAN
false
true
false
If set to 'true', the subsystem sends a registration request to Keycloak. This attribute is useful only when your application is clustered.
register-node-period
INT
false
true
If 'register-node-at-startup' is set to 'true', this specifies the frequency (in seconds) at which the node should be re-registered.
socket-timeout-millis
LONG
false
true
The timeout for the socket waiting for data after establishing the connection in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
ssl-required
STRING
false
true
external
Whether the communication with Keycloak should be over HTTPS. Valid values are: 'all' - to always require HTTPS, 'external' - to only require HTTPS for external requests, 'none' - if HTTPS is not required. This should be set to 'all' in production environments.
token-signature-algorithm
STRING
false
true
RS256
The token signature algorithm used by Keycloak.
token-store
STRING
false
true
Defines whether to store account information in an HTTP session or in a cookie.
truststore
STRING
false
true
The path to the truststore to use when communicating with Keycloak over HTTPS. Prefix the path with 'classpath:' to obtain the truststore from the deployment's classpath.
truststore-password
STRING
false
true
The password for the truststore.
verify-token-audience
BOOLEAN
false
true
false
If set to 'true', then during bearer-only authentication, the subsystem verifies if the token contains the client name defined as an audience. It is recommended to set to 'true' for improved security.
remove Remove a Keycloak realm from the subsystem.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron-oidc-client/secure-deployment/credential/index.html b/latest/wildscribe/subsystem/elytron-oidc-client/secure-deployment/credential/index.html
new file mode 100644
index 000000000..f1ce4ee7f
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron-oidc-client/secure-deployment/credential/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The credential used to communicate with the OpenID Connect provider.
Attributes (8)
algorithm The credential signature algorithm used by the OpenID provider.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-key-alias The client key alias when the credential provider is used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-key-password The password for the client key when the credential provider is used. This is required if 'client-keystore-file' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-file The path to the client keystore when the credential provider is used. This is optional.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-password The password for the client keystore when the credential provider is used. This is required if 'client-keystore-file' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-type The client keystore type when the credential provider is used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
secret The client secret that was registered with the OpenID provider.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
token-timeout The amount of time after which the token expires and can no longer be used to authenticate requests.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Add credentials used to communicate with the OpenID provider.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
algorithm
STRING
false
true
The credential signature algorithm used by the OpenID provider.
client-key-alias
STRING
false
true
The client key alias when the credential provider is used.
client-key-password
STRING
false
true
The password for the client key when the credential provider is used. This is required if 'client-keystore-file' has been specified.
client-keystore-file
STRING
false
true
The path to the client keystore when the credential provider is used. This is optional.
client-keystore-password
STRING
false
true
The password for the client keystore when the credential provider is used. This is required if 'client-keystore-file' has been specified.
client-keystore-type
STRING
false
true
The client keystore type when the credential provider is used.
secret
STRING
false
true
The client secret that was registered with the OpenID provider.
token-timeout
INT
false
true
The amount of time after which the token expires and can no longer be used to authenticate requests.
remove Remove the credentials used to communicate with the OpenID provider.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron-oidc-client/secure-deployment/index.html b/latest/wildscribe/subsystem/elytron-oidc-client/secure-deployment/index.html
new file mode 100644
index 000000000..c599789d0
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron-oidc-client/secure-deployment/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A deployment secured by an OpenID Connect provider.
Children (2)
credential The credential used to communicate with the OpenID Connect provider.
redirect-rewrite-rule The rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String.
Attributes (47)
adapter-state-cookie-path If set, this defines the path used in cookies set by the subsystem. This is useful when deploying an application in the root context path.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
allow-any-hostname If set to 'true', hostname verification is skipped when communicating with the OpenID provider over HTTPS. This can be useful in testing environments. This should never be set to 'true' in production environments as it disables verification of SSL certificates.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
always-refresh-token If set to 'true', the subsystem refreshes the token every time your application receives a web request, and a new request is sent to the OpenID provider to obtain a new access token. This can result in a higher load on the OpenID provider and may impact the performance of the application.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auth-server-url The base URL of the Keycloak authorization server. This is Keycloak-specific. It is recommended to use 'provider-url' instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
autodetect-bearer-only Whether to auto-detect SOAP or REST clients based on headers like 'X-Requested-With', 'SOAPAction' or 'Accept'. If set to 'true', the subsystem sends an HTTP 401 status code to unauthenticated SOAP or REST clients instead of redirecting them to the OpenID provider login page. Set the value to 'true' if your application serves both applications and web services.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
bearer-only Enable Bearer-Token only authentication. Set this to 'true' if your application serves only web services and does not authenticate users.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-id The unique identifier for a client application registered in the OpenID provider.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-key-password The password for the client key. This is required if 'client-keystore' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore The path to the client keystore to use when communicating with the OpenID provider over HTTPS. This is optional.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-password The password for the client keystore. This is required if 'client-keystore' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
confidential-port The confidential port used by the OpenID provider when communicating securely over SSL/TLS.
Attribute
Value
Default Value
8443
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-pool-size The connection pool size to use when communicating with the OpenID provider.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-timeout-millis The timeout for establishing a connection with the remote host in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-ttl-millis The amount of time in milliseconds for the connection to be kept alive. A value less than or equal to zero is interpreted as an infinite value.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-allowed-headers If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-allowed-methods If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Methods' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-exposed-headers If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Expose-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-max-age If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Max-Age' header. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
credential The credential used to communicate with the OpenID Connect provider.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
disable-trust-manager Whether or not to make use of a trust manager when communicating with the OpenID provider over HTTPS. This is optional. This should be set to 'true' only during development and never in production as it disables verification of SSL certificates.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-basic-auth Enable Basic authentication. This is not supported in the current release.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-cors Enable the Keycloak Cross-Origin Resource Sharing (CORS) support. This is optional. This is Keycloak-specific.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
expose-token If set to 'true', an authenticated browser client can obtain the signed access token (through a Javascript HTTP invocation) via the URL 'root/k_query_bearer_token'. This is optional.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
ignore-oauth-query-parameter Disable query parameter parsing for the 'access_token'. Users will not be able to authenticate if they only pass in an 'access_token'.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
min-time-between-jwks-requests If the subsystem recognizes a token signed by an unknown public key, it will try to download a new public key from the server. The subsystem won't try to download a public key if it already tried last in less than 'min-time-between-jwks-requests' seconds.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
principal-attribute Indicates which value from the ID token to use as the principal for the identity. The principal defaults to the value of the 'sub' if the token attribute is null.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
provider The OpenID Connect provider to use for authentication.
proxy-url The URL for the HTTP proxy if one is used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
public-client If set to 'true', no client credentials are sent when communicating with the OpenID provider.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
public-key-cache-ttl The maximum interval between two requests to retrieve new public keys in seconds. New public keys are downloaded when the subsystem recognizes a token signed by an unknown public key. Even if the token's key is already known, new public keys are downloaded periodically as per the interval set here at least once.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
realm The Keycloak realm to use for authentication.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
realm-public-key The public key of the OpenID provider in PEM format. This is optional. It is not recommended to set it. If the public key is not set, the subsystem downloads the public key from the OpenID provider when needed. If the public key is set, the subsystem never downloads new keys from the OpenID provider, breaking the subsystem when the OpenID provider rotates its keys.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
redirect-rewrite-rule The rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
register-node-at-startup If set to 'true', the subsystem sends a registration request to the OpenID provider. This attribute is useful only when your application is clustered.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
register-node-period If 'register-node-at-startup' is set to 'true', this specifies the frequency (in seconds) at which the node should be re-registered.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
resource The unique, legacy identifier for a client application registered in the OpenID provider. It is recommended to use the 'client-id'.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
socket-timeout-millis The timeout for the socket waiting for data after establishing the connection in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
ssl-required Whether the communication with the OpenID provider should be over HTTPS. Valid values are: 'all' - to always require HTTPS, 'external' - to only require HTTPS for external requests, 'none' - if HTTPS is not required. This should be set to 'all' in production environments.
Attribute
Value
Default Value
external
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
ALL EXTERNAL NONE
token-minimum-time-to-live The subsystem will refresh the token if it will expire within the duration specified in 'token-minimum-time-to-live' seconds. This value should never exceed the access token lifespan. If the value is set to 0 seconds, the subsystem will refresh the token only if the token has expired.
token-store Defines whether to store account information in an HTTP session or in a cookie.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
truststore The path to the truststore to use when communicating with Keycloak over HTTPS. Prefix the path with 'classpath:' to obtain the truststore from the deployment's classpath.
turn-off-change-session-id-on-login The Session ID is changed by default on a successful login. Set this to 'true' if you want to turn this off.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
use-resource-role-mappings If set to 'true', the subsystem will look inside the token for application-level role mappings for a user. If set to 'false', the subsystem will look at the realm-level for user-role mappings. This is optional.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
verify-token-audience If set to 'true', then during bearer-only authentication, the subsystem verifies if the token contains the client name defined as an audience. It is recommended to set the value to 'true' for improved security.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Add a deployment to be secured by an OpenID Connect provider.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
adapter-state-cookie-path
STRING
false
true
If set, this defines the path used in cookies set by the subsystem. This is useful when deploying an application in the root context path.
allow-any-hostname
BOOLEAN
false
true
false
If set to 'true', hostname verification is skipped when communicating with the OpenID provider over HTTPS. This can be useful in testing environments. This should never be set to 'true' in production environments as it disables verification of SSL certificates.
always-refresh-token
BOOLEAN
false
true
false
If set to 'true', the subsystem refreshes the token every time your application receives a web request, and a new request is sent to the OpenID provider to obtain a new access token. This can result in a higher load on the OpenID provider and may impact the performance of the application.
auth-server-url
STRING
false
true
The base URL of the Keycloak authorization server. This is Keycloak-specific. It is recommended to use 'provider-url' instead.
autodetect-bearer-only
BOOLEAN
false
true
false
Whether to auto-detect SOAP or REST clients based on headers like 'X-Requested-With', 'SOAPAction' or 'Accept'. If set to 'true', the subsystem sends an HTTP 401 status code to unauthenticated SOAP or REST clients instead of redirecting them to the OpenID provider login page. Set the value to 'true' if your application serves both applications and web services.
bearer-only
BOOLEAN
false
true
false
Enable Bearer-Token only authentication. Set this to 'true' if your application serves only web services and does not authenticate users.
client-id
STRING
false
true
The unique identifier for a client application registered in the OpenID provider.
client-key-password
STRING
false
true
The password for the client key. This is required if 'client-keystore' has been specified.
client-keystore
STRING
false
true
The path to the client keystore to use when communicating with the OpenID provider over HTTPS. This is optional.
client-keystore-password
STRING
false
true
The password for the client keystore. This is required if 'client-keystore' has been specified.
confidential-port
INT
false
true
8443
The confidential port used by the OpenID provider when communicating securely over SSL/TLS.
connection-pool-size
INT
false
true
The connection pool size to use when communicating with the OpenID provider.
connection-timeout-millis
LONG
false
true
The timeout for establishing a connection with the remote host in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
connection-ttl-millis
LONG
false
true
The amount of time in milliseconds for the connection to be kept alive. A value less than or equal to zero is interpreted as an infinite value.
cors-allowed-headers
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-allowed-methods
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Methods' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-exposed-headers
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Expose-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-max-age
INT
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Max-Age' header. If not set, this header is not returned in CORS responses.
credential
OBJECT
false
false
The credential used to communicate with the OpenID Connect provider.
disable-trust-manager
BOOLEAN
false
true
false
Whether or not to make use of a trust manager when communicating with the OpenID provider over HTTPS. This is optional. This should be set to 'true' only during development and never in production as it disables verification of SSL certificates.
enable-basic-auth
BOOLEAN
false
true
false
Enable Basic authentication. This is not supported in the current release.
enable-cors
BOOLEAN
false
true
false
Enable the Keycloak Cross-Origin Resource Sharing (CORS) support. This is optional. This is Keycloak-specific.
expose-token
BOOLEAN
false
true
false
If set to 'true', an authenticated browser client can obtain the signed access token (through a Javascript HTTP invocation) via the URL 'root/k_query_bearer_token'. This is optional.
ignore-oauth-query-parameter
BOOLEAN
false
true
false
Disable query parameter parsing for the 'access_token'. Users will not be able to authenticate if they only pass in an 'access_token'.
min-time-between-jwks-requests
INT
false
true
If the subsystem recognizes a token signed by an unknown public key, it will try to download a new public key from the server. The subsystem won't try to download a public key if it already tried last in less than 'min-time-between-jwks-requests' seconds.
principal-attribute
STRING
false
true
Indicates which value from the ID token to use as the principal for the identity. The principal defaults to the value of the 'sub' if the token attribute is null.
provider
STRING
false
true
The OpenID Connect provider to use for authentication.
provider-url
STRING
false
true
The OpenID provider URL.
proxy-url
STRING
false
true
The URL for the HTTP proxy if one is used.
public-client
BOOLEAN
false
true
false
If set to 'true', no client credentials are sent when communicating with the OpenID provider.
public-key-cache-ttl
INT
false
true
The maximum interval between two requests to retrieve new public keys in seconds. New public keys are downloaded when the subsystem recognizes a token signed by an unknown public key. Even if the token's key is already known, new public keys are downloaded periodically as per the interval set here at least once.
realm
STRING
false
true
The Keycloak realm to use for authentication.
realm-public-key
STRING
false
true
The public key of the OpenID provider in PEM format. This is optional. It is not recommended to set it. If the public key is not set, the subsystem downloads the public key from the OpenID provider when needed. If the public key is set, the subsystem never downloads new keys from the OpenID provider, breaking the subsystem when the OpenID provider rotates its keys.
redirect-rewrite-rule
OBJECT
false
false
The rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String.
register-node-at-startup
BOOLEAN
false
true
false
If set to 'true', the subsystem sends a registration request to the OpenID provider. This attribute is useful only when your application is clustered.
register-node-period
INT
false
true
If 'register-node-at-startup' is set to 'true', this specifies the frequency (in seconds) at which the node should be re-registered.
resource
STRING
false
true
The unique, legacy identifier for a client application registered in the OpenID provider. It is recommended to use the 'client-id'.
socket-timeout-millis
LONG
false
true
The timeout for the socket waiting for data after establishing the connection in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
ssl-required
STRING
false
true
external
Whether the communication with the OpenID provider should be over HTTPS. Valid values are: 'all' - to always require HTTPS, 'external' - to only require HTTPS for external requests, 'none' - if HTTPS is not required. This should be set to 'all' in production environments.
token-minimum-time-to-live
INT
false
true
The subsystem will refresh the token if it will expire within the duration specified in 'token-minimum-time-to-live' seconds. This value should never exceed the access token lifespan. If the value is set to 0 seconds, the subsystem will refresh the token only if the token has expired.
token-signature-algorithm
STRING
false
true
RS256
The token signature algorithm used by the OpenID provider.
token-store
STRING
false
true
Defines whether to store account information in an HTTP session or in a cookie.
truststore
STRING
false
true
The path to the truststore to use when communicating with Keycloak over HTTPS. Prefix the path with 'classpath:' to obtain the truststore from the deployment's classpath.
truststore-password
STRING
false
true
The password for the truststore.
turn-off-change-session-id-on-login
BOOLEAN
false
true
false
The Session ID is changed by default on a successful login. Set this to 'true' if you want to turn this off.
use-resource-role-mappings
BOOLEAN
false
true
false
If set to 'true', the subsystem will look inside the token for application-level role mappings for a user. If set to 'false', the subsystem will look at the realm-level for user-role mappings. This is optional.
verify-token-audience
BOOLEAN
false
true
false
If set to 'true', then during bearer-only authentication, the subsystem verifies if the token contains the client name defined as an audience. It is recommended to set the value to 'true' for improved security.
remove Remove a deployment secured by an OpenID Connect provider.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron-oidc-client/secure-deployment/redirect-rewrite-rule/index.html b/latest/wildscribe/subsystem/elytron-oidc-client/secure-deployment/redirect-rewrite-rule/index.html
new file mode 100644
index 000000000..811ee6925
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron-oidc-client/secure-deployment/redirect-rewrite-rule/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String.
Attributes (1)
replacement The replacement String in the rewrite rule for the redirect URI.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Add the rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String. You can use the '$' character to use for back-reference in the replacement String.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
replacement
STRING
false
true
The replacement String in the rewrite rule for the redirect URI.
remove Remove the rewrite rule for the redirect URI.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron-oidc-client/secure-server/credential/index.html b/latest/wildscribe/subsystem/elytron-oidc-client/secure-server/credential/index.html
new file mode 100644
index 000000000..f86156491
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron-oidc-client/secure-server/credential/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The credential used to communicate with the OpenID Connect provider.
Attributes (8)
algorithm The credential signature algorithm used by the OpenID provider.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-key-alias The client key alias when the credential provider is used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-key-password The password for the client key when the credential provider is used. This is required if 'client-keystore-file' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-file The path to the client keystore when the credential provider is used. This is optional.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-password The password for the client keystore when the credential provider is used. This is required if 'client-keystore-file' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-type The client keystore type when the credential provider is used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
secret The client secret that was registered with the OpenID provider.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
token-timeout The amount of time after which the token expires and can no longer be used to authenticate requests.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Add credentials used to communicate with the OpenID provider.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
algorithm
STRING
false
true
The credential signature algorithm used by the OpenID provider.
client-key-alias
STRING
false
true
The client key alias when the credential provider is used.
client-key-password
STRING
false
true
The password for the client key when the credential provider is used. This is required if 'client-keystore-file' has been specified.
client-keystore-file
STRING
false
true
The path to the client keystore when the credential provider is used. This is optional.
client-keystore-password
STRING
false
true
The password for the client keystore when the credential provider is used. This is required if 'client-keystore-file' has been specified.
client-keystore-type
STRING
false
true
The client keystore type when the credential provider is used.
secret
STRING
false
true
The client secret that was registered with the OpenID provider.
token-timeout
INT
false
true
The amount of time after which the token expires and can no longer be used to authenticate requests.
remove Remove the credentials used to communicate with the OpenID provider.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron-oidc-client/secure-server/index.html b/latest/wildscribe/subsystem/elytron-oidc-client/secure-server/index.html
new file mode 100644
index 000000000..5d1fb3dc7
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron-oidc-client/secure-server/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configuration used to secure the management console using Keycloak.
Children (2)
credential The credential used to communicate with the OpenID Connect provider.
redirect-rewrite-rule The rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String.
Attributes (47)
adapter-state-cookie-path If set, this defines the path used in cookies set by the subsystem. This is useful when deploying an application in the root context path.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
allow-any-hostname If set to 'true', hostname verification is skipped when communicating with the OpenID provider over HTTPS. This can be useful in testing environments. This should never be set to 'true' in production environments as it disables verification of SSL certificates.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
always-refresh-token If set to 'true', the subsystem refreshes the token every time your application receives a web request, and a new request is sent to the OpenID provider to obtain a new access token. This can result in a higher load on the OpenID provider and may impact the performance of the application.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auth-server-url The base URL of the Keycloak authorization server. This is Keycloak-specific. It is recommended to use 'provider-url' instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
autodetect-bearer-only Whether to auto-detect SOAP or REST clients based on headers like 'X-Requested-With', 'SOAPAction' or 'Accept'. If set to 'true', the subsystem sends an HTTP 401 status code to unauthenticated SOAP or REST clients instead of redirecting them to the OpenID provider login page. Set the value to 'true' if your application serves both applications and web services.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
bearer-only Enable Bearer-Token only authentication. Set this to 'true' if your application serves only web services and does not authenticate users.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-id The unique identifier for a client application registered in the OpenID provider.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-key-password The password for the client key. This is required if 'client-keystore' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore The path to the client keystore to use when communicating with the OpenID provider over HTTPS. This is optional.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-keystore-password The password for the client keystore. This is required if 'client-keystore' has been specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
confidential-port The confidential port used by the OpenID provider when communicating securely over SSL/TLS.
Attribute
Value
Default Value
8443
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-pool-size The connection pool size to use when communicating with the OpenID provider.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-timeout-millis The timeout for establishing a connection with the remote host in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
connection-ttl-millis The amount of time in milliseconds for the connection to be kept alive. A value less than or equal to zero is interpreted as an infinite value.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-allowed-headers If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-allowed-methods If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Methods' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-exposed-headers If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Expose-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
cors-max-age If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Max-Age' header. If not set, this header is not returned in CORS responses.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
credential The credential used to communicate with the OpenID Connect provider.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
disable-trust-manager Whether or not to make use of a trust manager when communicating with the OpenID provider over HTTPS. This is optional. This should be set to 'true' only during development and never in production as it disables verification of SSL certificates.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-basic-auth Enable Basic authentication. This is not supported in the current release.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-cors Enable the Keycloak Cross-Origin Resource Sharing (CORS) support. This is optional. This is Keycloak-specific.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
expose-token If set to 'true', an authenticated browser client can obtain the signed access token (through a Javascript HTTP invocation) via the URL 'root/k_query_bearer_token'. This is optional.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
ignore-oauth-query-parameter Disable query parameter parsing for the 'access_token'. Users will not be able to authenticate if they only pass in an 'access_token'.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
min-time-between-jwks-requests If the subsystem recognizes a token signed by an unknown public key, it will try to download a new public key from the server. The subsystem won't try to download a public key if it already tried last in less than 'min-time-between-jwks-requests' seconds.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
principal-attribute Indicates which value from the ID token to use as the principal for the identity. The principal defaults to the value of the 'sub' if the token attribute is null.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
provider The OpenID Connect provider to use for authentication.
proxy-url The URL for the HTTP proxy if one is used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
public-client If set to 'true', no client credentials are sent when communicating with the OpenID provider.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
public-key-cache-ttl The maximum interval between two requests to retrieve new public keys in seconds. New public keys are downloaded when the subsystem recognizes a token signed by an unknown public key. Even if the token's key is already known, new public keys are downloaded periodically as per the interval set here at least once.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
realm The Keycloak realm to use for authentication.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
realm-public-key The public key of the OpenID provider in PEM format. This is optional. It is not recommended to set it. If the public key is not set, the subsystem downloads the public key from the OpenID provider when needed. If the public key is set, the subsystem never downloads new keys from the OpenID provider, breaking the subsystem when the OpenID provider rotates its keys.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
redirect-rewrite-rule The rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
register-node-at-startup If set to 'true', the subsystem sends a registration request to the OpenID provider. This attribute is useful only when your application is clustered.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
register-node-period If 'register-node-at-startup' is set to 'true', this specifies the frequency (in seconds) at which the node should be re-registered.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
resource The unique, legacy identifier for a client application registered in the OpenID provider. It is recommended to use the 'client-id'.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
socket-timeout-millis The timeout for the socket waiting for data after establishing the connection in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
ssl-required Whether the communication with the OpenID provider should be over HTTPS. Valid values are: 'all' - to always require HTTPS, 'external' - to only require HTTPS for external requests, 'none' - if HTTPS is not required. This should be set to 'all' in production environments.
Attribute
Value
Default Value
external
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
ALL EXTERNAL NONE
token-minimum-time-to-live The subsystem will refresh the token if it will expire within the duration specified in 'token-minimum-time-to-live' seconds. This value should never exceed the access token lifespan. If the value is set to 0 seconds, the subsystem will refresh the token only if the token has expired.
token-store Defines whether to store account information in an HTTP session or in a cookie.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
truststore The path to the truststore to use when communicating with Keycloak over HTTPS. Prefix the path with 'classpath:' to obtain the truststore from the deployment's classpath.
turn-off-change-session-id-on-login The Session ID is changed by default on a successful login. Set this to 'true' if you want to turn this off.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
use-resource-role-mappings If set to 'true', the subsystem will look inside the token for application-level role mappings for a user. If set to 'false', the subsystem will look at the realm-level for user-role mappings. This is optional.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
verify-token-audience If set to 'true', then during bearer-only authentication, the subsystem verifies if the token contains the client name defined as an audience. It is recommended to set the value to 'true' for improved security.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Add configuration to be used to secure the management console using the Keycloak OpenID provider.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
adapter-state-cookie-path
STRING
false
true
If set, this defines the path used in cookies set by the subsystem. This is useful when deploying an application in the root context path.
allow-any-hostname
BOOLEAN
false
true
false
If set to 'true', hostname verification is skipped when communicating with the OpenID provider over HTTPS. This can be useful in testing environments. This should never be set to 'true' in production environments as it disables verification of SSL certificates.
always-refresh-token
BOOLEAN
false
true
false
If set to 'true', the subsystem refreshes the token every time your application receives a web request, and a new request is sent to the OpenID provider to obtain a new access token. This can result in a higher load on the OpenID provider and may impact the performance of the application.
auth-server-url
STRING
false
true
The base URL of the Keycloak authorization server. This is Keycloak-specific. It is recommended to use 'provider-url' instead.
autodetect-bearer-only
BOOLEAN
false
true
false
Whether to auto-detect SOAP or REST clients based on headers like 'X-Requested-With', 'SOAPAction' or 'Accept'. If set to 'true', the subsystem sends an HTTP 401 status code to unauthenticated SOAP or REST clients instead of redirecting them to the OpenID provider login page. Set the value to 'true' if your application serves both applications and web services.
bearer-only
BOOLEAN
false
true
false
Enable Bearer-Token only authentication. Set this to 'true' if your application serves only web services and does not authenticate users.
client-id
STRING
false
true
The unique identifier for a client application registered in the OpenID provider.
client-key-password
STRING
false
true
The password for the client key. This is required if 'client-keystore' has been specified.
client-keystore
STRING
false
true
The path to the client keystore to use when communicating with the OpenID provider over HTTPS. This is optional.
client-keystore-password
STRING
false
true
The password for the client keystore. This is required if 'client-keystore' has been specified.
confidential-port
INT
false
true
8443
The confidential port used by the OpenID provider when communicating securely over SSL/TLS.
connection-pool-size
INT
false
true
The connection pool size to use when communicating with the OpenID provider.
connection-timeout-millis
LONG
false
true
The timeout for establishing a connection with the remote host in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
connection-ttl-millis
LONG
false
true
The amount of time in milliseconds for the connection to be kept alive. A value less than or equal to zero is interpreted as an infinite value.
cors-allowed-headers
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-allowed-methods
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Allow-Methods' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-exposed-headers
STRING
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Expose-Headers' header. This should be a comma-separated string. This is optional. If not set, this header is not returned in CORS responses.
cors-max-age
INT
false
true
If Cross-Origin Resource Sharing (CORS) is enabled, this sets the value of the 'Access-Control-Max-Age' header. If not set, this header is not returned in CORS responses.
credential
OBJECT
false
false
The credential used to communicate with the OpenID Connect provider.
disable-trust-manager
BOOLEAN
false
true
false
Whether or not to make use of a trust manager when communicating with the OpenID provider over HTTPS. This is optional. This should be set to 'true' only during development and never in production as it disables verification of SSL certificates.
enable-basic-auth
BOOLEAN
false
true
false
Enable Basic authentication. This is not supported in the current release.
enable-cors
BOOLEAN
false
true
false
Enable the Keycloak Cross-Origin Resource Sharing (CORS) support. This is optional. This is Keycloak-specific.
expose-token
BOOLEAN
false
true
false
If set to 'true', an authenticated browser client can obtain the signed access token (through a Javascript HTTP invocation) via the URL 'root/k_query_bearer_token'. This is optional.
ignore-oauth-query-parameter
BOOLEAN
false
true
false
Disable query parameter parsing for the 'access_token'. Users will not be able to authenticate if they only pass in an 'access_token'.
min-time-between-jwks-requests
INT
false
true
If the subsystem recognizes a token signed by an unknown public key, it will try to download a new public key from the server. The subsystem won't try to download a public key if it already tried last in less than 'min-time-between-jwks-requests' seconds.
principal-attribute
STRING
false
true
Indicates which value from the ID token to use as the principal for the identity. The principal defaults to the value of the 'sub' if the token attribute is null.
provider
STRING
false
true
The OpenID Connect provider to use for authentication.
provider-url
STRING
false
true
The OpenID provider URL.
proxy-url
STRING
false
true
The URL for the HTTP proxy if one is used.
public-client
BOOLEAN
false
true
false
If set to 'true', no client credentials are sent when communicating with the OpenID provider.
public-key-cache-ttl
INT
false
true
The maximum interval between two requests to retrieve new public keys in seconds. New public keys are downloaded when the subsystem recognizes a token signed by an unknown public key. Even if the token's key is already known, new public keys are downloaded periodically as per the interval set here at least once.
realm
STRING
false
true
The Keycloak realm to use for authentication.
realm-public-key
STRING
false
true
The public key of the OpenID provider in PEM format. This is optional. It is not recommended to set it. If the public key is not set, the subsystem downloads the public key from the OpenID provider when needed. If the public key is set, the subsystem never downloads new keys from the OpenID provider, breaking the subsystem when the OpenID provider rotates its keys.
redirect-rewrite-rule
OBJECT
false
false
The rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String.
register-node-at-startup
BOOLEAN
false
true
false
If set to 'true', the subsystem sends a registration request to the OpenID provider. This attribute is useful only when your application is clustered.
register-node-period
INT
false
true
If 'register-node-at-startup' is set to 'true', this specifies the frequency (in seconds) at which the node should be re-registered.
resource
STRING
false
true
The unique, legacy identifier for a client application registered in the OpenID provider. It is recommended to use the 'client-id'.
socket-timeout-millis
LONG
false
true
The timeout for the socket waiting for data after establishing the connection in milliseconds. A timeout value of zero is interpreted as an infinite timeout, and a negative value is interpreted as undefined.
ssl-required
STRING
false
true
external
Whether the communication with the OpenID provider should be over HTTPS. Valid values are: 'all' - to always require HTTPS, 'external' - to only require HTTPS for external requests, 'none' - if HTTPS is not required. This should be set to 'all' in production environments.
token-minimum-time-to-live
INT
false
true
The subsystem will refresh the token if it will expire within the duration specified in 'token-minimum-time-to-live' seconds. This value should never exceed the access token lifespan. If the value is set to 0 seconds, the subsystem will refresh the token only if the token has expired.
token-signature-algorithm
STRING
false
true
RS256
The token signature algorithm used by the OpenID provider.
token-store
STRING
false
true
Defines whether to store account information in an HTTP session or in a cookie.
truststore
STRING
false
true
The path to the truststore to use when communicating with Keycloak over HTTPS. Prefix the path with 'classpath:' to obtain the truststore from the deployment's classpath.
truststore-password
STRING
false
true
The password for the truststore.
turn-off-change-session-id-on-login
BOOLEAN
false
true
false
The Session ID is changed by default on a successful login. Set this to 'true' if you want to turn this off.
use-resource-role-mappings
BOOLEAN
false
true
false
If set to 'true', the subsystem will look inside the token for application-level role mappings for a user. If set to 'false', the subsystem will look at the realm-level for user-role mappings. This is optional.
verify-token-audience
BOOLEAN
false
true
false
If set to 'true', then during bearer-only authentication, the subsystem verifies if the token contains the client name defined as an audience. It is recommended to set the value to 'true' for improved security.
remove Remove configuration used to secure the management console using the Keycloak OpenID provider.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron-oidc-client/secure-server/redirect-rewrite-rule/index.html b/latest/wildscribe/subsystem/elytron-oidc-client/secure-server/redirect-rewrite-rule/index.html
new file mode 100644
index 000000000..be0247e0e
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron-oidc-client/secure-server/redirect-rewrite-rule/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String.
Attributes (1)
replacement The replacement String in the rewrite rule for the redirect URI.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Add the rewrite rule for the redirect URI. The rewrite rule is an object notation, where the key is a regular expression with which the redirect URI is matched and the value is the replacement String. You can use the '$' character to use for back-reference in the replacement String.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
replacement
STRING
false
true
The replacement String in the rewrite rule for the redirect URI.
remove Remove the rewrite rule for the redirect URI.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/add-prefix-role-mapper/index.html b/latest/wildscribe/subsystem/elytron/add-prefix-role-mapper/index.html
new file mode 100644
index 000000000..c73342cdb
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/add-prefix-role-mapper/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/add-suffix-role-mapper/index.html b/latest/wildscribe/subsystem/elytron/add-suffix-role-mapper/index.html
new file mode 100644
index 000000000..35b96b8ee
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/add-suffix-role-mapper/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/aggregate-evidence-decoder/index.html b/latest/wildscribe/subsystem/elytron/aggregate-evidence-decoder/index.html
new file mode 100644
index 000000000..d00baf976
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/aggregate-evidence-decoder/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
An evidence decoder that is an aggregation of other evidence decoders. Given evidence, these evidence decoders will be attempted in order until one returns a non-null principal or until there are no more evidence decoders left to try.
remove The remove operation for the evidence decoder.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/aggregate-http-server-mechanism-factory/index.html b/latest/wildscribe/subsystem/elytron/aggregate-http-server-mechanism-factory/index.html
new file mode 100644
index 000000000..075f9fad0
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/aggregate-http-server-mechanism-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add The add operation for the http server factory.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
http-server-mechanism-factories
LIST
true
false
The referenced http server factories to aggregate.
remove The remove operation for the http server factory.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/aggregate-principal-decoder/index.html b/latest/wildscribe/subsystem/elytron/aggregate-principal-decoder/index.html
new file mode 100644
index 000000000..3cb1449d1
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/aggregate-principal-decoder/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove The remove operation for the principal decoder.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/aggregate-principal-transformer/index.html b/latest/wildscribe/subsystem/elytron/aggregate-principal-transformer/index.html
new file mode 100644
index 000000000..00a9df3ce
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/aggregate-principal-transformer/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A principal transformer aggregating more principal transformers. Original principal is tried to be transformed by individual transformers until one return non-null principal - that is returned.
add The add operation for the principal transformer.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
principal-transformers
LIST
true
false
The referenced principal transformers to aggregate.
remove The remove operation for the principal transformer.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/aggregate-providers/index.html b/latest/wildscribe/subsystem/elytron/aggregate-providers/index.html
new file mode 100644
index 000000000..c60b1abfc
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/aggregate-providers/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add The add operation for the aggregated providers resource
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
providers
LIST
true
false
The referenced Provider[] resources to aggregate.
remove The remove operation for the aggregated providers resource
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/aggregate-realm/index.html b/latest/wildscribe/subsystem/elytron/aggregate-realm/index.html
new file mode 100644
index 000000000..7fe5523ae
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/aggregate-realm/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A realm definition that is an aggregation of two realms, one for the authentication steps and one for loading the identity for the authorization steps.
authorization-realms Reference to one or more security realms to use for loading the identity for authorization steps and aggregating the attributes (loading of the identity).
principal-transformer Reference to a principal transformer to apply between loading the identity for authentication and loading the identity for authorization
Reference to the security realm to use for authentication steps (obtaining or validating credentials).
authorization-realm
STRING
true
false
Reference to the security realm to use for loading the identity for authorization steps (loading of the identity).
authorization-realms
LIST
true
false
Reference to one or more security realms to use for loading the identity for authorization steps and aggregating the attributes (loading of the identity).
principal-transformer
STRING
false
true
Reference to a principal transformer to apply between loading the identity for authentication and loading the identity for authorization
remove The remove operation for the security realm.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/aggregate-role-decoder/index.html b/latest/wildscribe/subsystem/elytron/aggregate-role-decoder/index.html
new file mode 100644
index 000000000..f20576367
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/aggregate-role-decoder/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/aggregate-role-mapper/index.html b/latest/wildscribe/subsystem/elytron/aggregate-role-mapper/index.html
new file mode 100644
index 000000000..aa7929359
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/aggregate-role-mapper/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/aggregate-sasl-server-factory/index.html b/latest/wildscribe/subsystem/elytron/aggregate-sasl-server-factory/index.html
new file mode 100644
index 000000000..0c6459ec6
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/aggregate-sasl-server-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add The add operation for the sasl server factory.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
sasl-server-factories
LIST
true
false
The referenced sasl server factories to aggregate.
remove The remove operation for the sasl server factory.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/aggregate-security-event-listener/index.html b/latest/wildscribe/subsystem/elytron/aggregate-security-event-listener/index.html
new file mode 100644
index 000000000..8005f5f77
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/aggregate-security-event-listener/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add The add operation for the aggregated security event listener resource.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
security-event-listeners
LIST
true
false
The referenced security event listener resources to aggregate.
remove The remove operation for the aggregated security event listener resource
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/authentication-configuration/index.html b/latest/wildscribe/subsystem/elytron/authentication-configuration/index.html
new file mode 100644
index 000000000..bbd1b164b
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/authentication-configuration/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
forwarding-mode The type of security identity forwarding to use. A mode of 'authentication' forwarding forwards the principal and credential. A mode of 'authorization' forwards the authorization id, allowing for a different authentication identity.
webservices Web services client configuration definition.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add Add a new authentication configuration definition.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
anonymous
BOOLEAN
false
true
false
Enables anonymous authentication.
authentication-name
STRING
false
true
The authentication name to use.
authorization-name
STRING
false
true
The authorization name to use.
credential-reference
OBJECT
false
false
The reference to credential stored in CredentialStore under defined alias or clear text password.
extends
STRING
false
false
A previously defined authentication configuration to extend.
forwarding-mode
STRING
false
true
authentication
The type of security identity forwarding to use. A mode of 'authentication' forwarding forwards the principal and credential. A mode of 'authorization' forwards the authorization id, allowing for a different authentication identity.
host
STRING
false
true
The host to use.
kerberos-security-factory
STRING
false
false
Reference to a kerberos security factory used to obtain a GSS kerberos credential
mechanism-properties
OBJECT
false
false
Configuration properties for the SASL authentication mechanism.
port
INT
false
true
The port to use.
protocol
STRING
false
true
The protocol to use.
realm
STRING
false
true
The realm to use.
sasl-mechanism-selector
STRING
false
true
The SASL mechanism selector string.
security-domain
STRING
false
false
Reference to a security domain to obtain a forwarded identity.
webservices
OBJECT
false
true
Web services client configuration definition.
remove Remove the authentication configuration definition.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/authentication-context/index.html b/latest/wildscribe/subsystem/elytron/authentication-context/index.html
new file mode 100644
index 000000000..623147448
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/authentication-context/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A previously defined authentication context to extend.
match-rules
LIST
false
false
The match-rules for this authentication context.
remove Remove the authentication-context definition.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/caching-realm/index.html b/latest/wildscribe/subsystem/elytron/caching-realm/index.html
new file mode 100644
index 000000000..dcb85768a
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/caching-realm/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A realm definition that enables caching to another security realm. Caching strategy is LRU (Least Recently Used) where least accessed entries are discarded when maximum number of entries is reached.
remove The remove operation for the security realm.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/case-principal-transformer/index.html b/latest/wildscribe/subsystem/elytron/case-principal-transformer/index.html
new file mode 100644
index 000000000..169d8c880
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/case-principal-transformer/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
upper-case If set to true, the principal is adjusted to upper case. If set to false, the principal is adjusted to lower case.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add The add operation for the principal transformer.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
upper-case
BOOLEAN
false
true
true
If set to true, the principal is adjusted to upper case. If set to false, the principal is adjusted to lower case.
remove The remove operation for the principal transformer.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/certificate-authority-account/index.html b/latest/wildscribe/subsystem/elytron/certificate-authority-account/index.html
new file mode 100644
index 000000000..75c5b2597
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/certificate-authority-account/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
alias The alias of certificate authority account key in the keystore. If the alias does not already exist in the keystore, a certificate authority account key will be automatically generated and stored as a PrivateKeyEntry under the alias.
add Add a new certificate authority account definition.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
certificate-authority
STRING
false
true
LetsEncrypt
The name of the certificate authority to use.
contact-urls
LIST
false
true
A list of URLs that the certificate authority can contact about any issues related to this account.
alias
STRING
true
true
The alias of certificate authority account key in the keystore. If the alias does not already exist in the keystore, a certificate authority account key will be automatically generated and stored as a PrivateKeyEntry under the alias.
credential-reference
OBJECT
false
false
Credential to be used when accessing the certificate authority account key.
key-store
STRING
true
false
The keystore that contains the certificate authority account key.
change-account-key Change the key associated with this certificate authority account.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
staging
BOOLEAN
false
true
false
Indicates whether or not the certificate authority's staging URL should be used. The default value is false. This should only be set to true for testing purposes. This should never be set to true in a production environment.
create-account Create an account with the certificate authority if one doesn't already exist.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
agree-to-terms-of-service
BOOLEAN
true
true
Indicates whether or not the user agrees to the certificate authority's terms of service.
staging
BOOLEAN
false
true
false
Indicates whether or not the certificate authority's staging URL should be used. The default value is false. This should only be set to true for testing purposes. This should never be set to true in a production environment.
Indicates whether or not the certificate authority's staging URL should be used. The default value is false. This should only be set to true for testing purposes. This should never be set to true in a production environment.
get-metadata Get the metadata associated with the certificate authority.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
staging
BOOLEAN
false
true
false
Indicates whether or not the certificate authority's staging URL should be used. The default value is false. This should only be set to true for testing purposes. This should never be set to true in a production environment.
remove Remove the certificate authority account definition.
update-account Update an account with the certificate authority.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
agree-to-terms-of-service
BOOLEAN
true
true
Indicates whether or not the user agrees to the certificate authority's terms of service.
staging
BOOLEAN
false
true
false
Indicates whether or not the certificate authority's staging URL should be used. The default value is false. This should only be set to true for testing purposes. This should never be set to true in a production environment.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/certificate-authority/index.html b/latest/wildscribe/subsystem/elytron/certificate-authority/index.html
new file mode 100644
index 000000000..9df98bbfb
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/certificate-authority/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
URL of the certificate authority to use in pre-production.
url
STRING
true
true
URL of the certificate authority.
remove Remove the certificate authority definition.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/chained-principal-transformer/index.html b/latest/wildscribe/subsystem/elytron/chained-principal-transformer/index.html
new file mode 100644
index 000000000..871297a6d
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/chained-principal-transformer/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add The add operation for the principal transformer.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
principal-transformers
LIST
true
false
The referenced principal transformers to chain.
remove The remove operation for the principal transformer.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/client-ssl-context/index.html b/latest/wildscribe/subsystem/elytron/client-ssl-context/index.html
new file mode 100644
index 000000000..31cc4e2f6
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/client-ssl-context/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/client-ssl-context/ssl-session/index.html b/latest/wildscribe/subsystem/elytron/client-ssl-context/ssl-session/index.html
new file mode 100644
index 000000000..71dd4d5eb
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/client-ssl-context/ssl-session/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
peer-host The peer host as reported by the SSLSession.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
peer-port The peer port as reported by the SSLSession.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
peer-principal The peer principal as reported by the SSLSession.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
protocol The protocol as reported by the SSLSession.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
valid The validity of the session as reported by the SSLSession.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (1)
invalidate Invalidate the SSLSession (Note: This does not terminate current connections, only prevents future connections from joining or resuming this session).
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/concatenating-principal-decoder/index.html b/latest/wildscribe/subsystem/elytron/concatenating-principal-decoder/index.html
new file mode 100644
index 000000000..1b2031319
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/concatenating-principal-decoder/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The string to use to join the results of the referenced principal decoders.
principal-decoders
LIST
true
false
The referenced principal decoders to concatenate.
remove The remove operation for the principal decoder.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/configurable-http-server-mechanism-factory/index.html b/latest/wildscribe/subsystem/elytron/configurable-http-server-mechanism-factory/index.html
new file mode 100644
index 000000000..c8f0e1973
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/configurable-http-server-mechanism-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
properties Custom properties to be passed in to the http server factory calls.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add The add operation for the http server factory.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
filters
LIST
false
false
Filtering to be applied to enable / disable mechanisms based on the name.
http-server-mechanism-factory
STRING
true
false
The http server factory to be wrapped.
properties
OBJECT
false
true
Custom properties to be passed in to the http server factory calls.
remove The remove operation for the http server factory.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/configurable-sasl-server-factory/index.html b/latest/wildscribe/subsystem/elytron/configurable-sasl-server-factory/index.html
new file mode 100644
index 000000000..db5a55de6
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/configurable-sasl-server-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
server-name The server name that should be passed into factory when creating the mechanism.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add The add operation for the sasl server factory.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
filters
LIST
false
false
List of filters to be evaluated sequentially combining the results using 'or'.
properties
OBJECT
false
true
Custom properties to be passed in to the sasl server factory calls.
protocol
STRING
false
true
The protocol that should be passed into factory when creating the mechanism.
sasl-server-factory
STRING
true
false
The sasl server factory to be wrapped.
server-name
STRING
false
true
The server name that should be passed into factory when creating the mechanism.
remove The remove operation for the sasl server factory.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/constant-permission-mapper/index.html b/latest/wildscribe/subsystem/elytron/constant-permission-mapper/index.html
new file mode 100644
index 000000000..f853d8a3b
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/constant-permission-mapper/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/constant-principal-decoder/index.html b/latest/wildscribe/subsystem/elytron/constant-principal-decoder/index.html
new file mode 100644
index 000000000..6f8a30b29
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/constant-principal-decoder/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The constant value the principal decoder will always return.
remove The remove operation for the principal decoder.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/constant-principal-transformer/index.html b/latest/wildscribe/subsystem/elytron/constant-principal-transformer/index.html
new file mode 100644
index 000000000..9d154fb2a
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/constant-principal-transformer/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
constant The constant value this PrincipalTransformer will always return.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add The add operation for the principal transformer.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
constant
STRING
true
true
The constant value this PrincipalTransformer will always return.
remove The remove operation for the principal transformer.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/constant-realm-mapper/index.html b/latest/wildscribe/subsystem/elytron/constant-realm-mapper/index.html
new file mode 100644
index 000000000..eac4a96ed
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/constant-realm-mapper/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/constant-role-mapper/index.html b/latest/wildscribe/subsystem/elytron/constant-role-mapper/index.html
new file mode 100644
index 000000000..d570ab1c9
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/constant-role-mapper/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/credential-store/index.html b/latest/wildscribe/subsystem/elytron/credential-store/index.html
new file mode 100644
index 000000000..2232daa5b
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/credential-store/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
modifiable Specifies whether credential store is modifiable.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
other-providers The name of the providers defined within the subsystem to obtain the Providers to search for the one that can create the required Jakarta Connectors objects within credential store. This is valid only for key-store based CredentialStore. If this is not specified then the global list of Providers is used instead.
provider-name The name of the provider to use to instantiate the CredentialStoreSpi. If the provider is not specified then the first provider found that can create an instance of the specified 'type' will be used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
providers The name of the providers defined within the subsystem to obtain the Providers to search for the one that can create the required CredentialStore type. If this is not specified then the global list of Providers is used instead.
relative-to A reference to a previously defined path that the file name is relative to.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
state The state of the underlying service that represents this credential store at runtime.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Allowed Values
DOWN STARTING START_FAILED UP STOPPING REMOVED
type The credential store type, e.g. KeyStoreCredentialStore.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (10)
add Add another credential store to the configuration.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
credential-reference
OBJECT
true
false
Credential reference to be used to create protection parameter.
path
STRING
false
true
File name of credential store storage.
relative-to
STRING
false
false
A reference to a previously defined path that the file name is relative to.
create
BOOLEAN
false
false
false
Specifies whether credential store should create storage when it doesn't exist.
implementation-properties
OBJECT
false
true
Map of credentials store implementation specific properties.
location
STRING
false
true
File name of credential store storage.
modifiable
BOOLEAN
false
false
true
Specifies whether credential store is modifiable.
other-providers
STRING
false
false
The name of the providers defined within the subsystem to obtain the Providers to search for the one that can create the required Jakarta Connectors objects within credential store. This is valid only for key-store based CredentialStore. If this is not specified then the global list of Providers is used instead.
provider-name
STRING
false
true
The name of the provider to use to instantiate the CredentialStoreSpi. If the provider is not specified then the first provider found that can create an instance of the specified 'type' will be used.
providers
STRING
false
false
The name of the providers defined within the subsystem to obtain the Providers to search for the one that can create the required CredentialStore type. If this is not specified then the global list of Providers is used instead.
type
STRING
false
true
The credential store type, e.g. KeyStoreCredentialStore.
generate-secret-key Generate a new SecretKey and store it in the credential store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
alias
STRING
true
false
The alias to use when storing the new SecretKey.
key-size
INT
false
false
256
The size of key to generate (bits).
import-secret-key Import a previously exported SecretKey and add it to the credential store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
alias
STRING
true
false
The alias to use when storing the imported SecretKey.
key
STRING
true
false
The previously exported key to import.
read-aliases Read aliases (entries) from a credential store.
reload Reload credential store (reinitialize and load new data if present).
remove Remove credential store from the configuration.
remove-alias Remove a credential (entry) stored in the credential store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
alias
STRING
true
false
The alias of the credential store item to remove.
entry-type
STRING
false
false
PasswordCredential
The type of the credential to remove.
set-secret Set the secret value of a credential (entry) stored in the credential store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
alias
STRING
true
false
The alias of the credential store item to set.
entry-type
STRING
false
false
Type of a credential (entry) stored in the credential store.
secret-value
STRING
false
false
Secret value such as a password.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/custom-credential-security-factory/index.html b/latest/wildscribe/subsystem/elytron/custom-credential-security-factory/index.html
new file mode 100644
index 000000000..4f19f13e5
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/custom-credential-security-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The optional key/value configuration for the custom security factory.
class-name
STRING
true
false
The class name of the implementation of the custom security factory.
module
STRING
true
false
The module to use to load the custom security factory.
remove The remove operation for the security factory.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/custom-evidence-decoder/index.html b/latest/wildscribe/subsystem/elytron/custom-evidence-decoder/index.html
new file mode 100644
index 000000000..ce6fb4050
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/custom-evidence-decoder/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/custom-modifiable-realm/index.html b/latest/wildscribe/subsystem/elytron/custom-modifiable-realm/index.html
new file mode 100644
index 000000000..dfbaa3ceb
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/custom-modifiable-realm/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Custom realm configured as being modifiable will be expected to implement the ModifiableSecurityRealm interface. By configuring a realm as being modifiable management operations will be made available to manipulate the realm.
set-password Add a password to an existing identity.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
identity
STRING
true
false
The name of the identity.
bcrypt
OBJECT
false
false
A password using the Bcrypt algorithm.
clear
OBJECT
false
false
A password in clear text.
simple-digest
OBJECT
false
false
A simple digest password.
salted-simple-digest
OBJECT
false
false
A salted simple digest password.
scram-digest
OBJECT
false
false
A password using the SCRAM digest algorithm.
digest
OBJECT
false
false
A digest password.
otp
OBJECT
false
false
A one-time password, used by the OTP SASL mechanism.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/custom-permission-mapper/index.html b/latest/wildscribe/subsystem/elytron/custom-permission-mapper/index.html
new file mode 100644
index 000000000..007630fd8
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/custom-permission-mapper/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/custom-principal-decoder/index.html b/latest/wildscribe/subsystem/elytron/custom-principal-decoder/index.html
new file mode 100644
index 000000000..d729735be
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/custom-principal-decoder/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/custom-principal-transformer/index.html b/latest/wildscribe/subsystem/elytron/custom-principal-transformer/index.html
new file mode 100644
index 000000000..8148a0b1d
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/custom-principal-transformer/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
class-name The class name of the implementation of the custom principal transformer.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
configuration The optional key/value configuration for the custom principal transformer.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
module The module to use to load the custom principal transformer.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add The add operation for the principal transformer.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
configuration
OBJECT
false
true
The optional key/value configuration for the custom principal transformer.
class-name
STRING
true
false
The class name of the implementation of the custom principal transformer.
module
STRING
true
false
The module to use to load the custom principal transformer.
remove The remove operation for the principal transformer.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/custom-realm-mapper/index.html b/latest/wildscribe/subsystem/elytron/custom-realm-mapper/index.html
new file mode 100644
index 000000000..616cd2a1c
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/custom-realm-mapper/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/custom-realm/index.html b/latest/wildscribe/subsystem/elytron/custom-realm/index.html
new file mode 100644
index 000000000..e432fc05c
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/custom-realm/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A custom realm definitions can implement either the SecurityRealm interface or the ModifiableSecurityRealm interface. Regardless of which interface is implemented management operations will not be exposed to manage the realm. However other services that depend on the realm will still be able to perform a type check and cast to gain access to the modification API.
The optional key/value configuration for the custom realm.
class-name
STRING
true
false
The class name of the implementation of the custom realm.
module
STRING
true
false
The module to use to load the custom realm.
remove The remove operation for the security realm.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/custom-role-decoder/index.html b/latest/wildscribe/subsystem/elytron/custom-role-decoder/index.html
new file mode 100644
index 000000000..c3c3a65a5
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/custom-role-decoder/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/custom-role-mapper/index.html b/latest/wildscribe/subsystem/elytron/custom-role-mapper/index.html
new file mode 100644
index 000000000..42de797c0
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/custom-role-mapper/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/custom-security-event-listener/index.html b/latest/wildscribe/subsystem/elytron/custom-security-event-listener/index.html
new file mode 100644
index 000000000..0f39a5614
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/custom-security-event-listener/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/dir-context/index.html b/latest/wildscribe/subsystem/elytron/dir-context/index.html
new file mode 100644
index 000000000..f55357617
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/dir-context/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
authentication-context The authentication context to obtain login credentials to connect to the LDAP server. Can be omitted if authentication-level is 'none' (anonymous).
authentication-level The authentication level (security level/authentication mechanism) to use. Corresponds to SECURITY_AUTHENTICATION ('java.naming.security.authentication') environment property. Allowed values: 'none', 'simple', sasl_mech, where sasl_mech is a space-separated list of SASL mechanism names.
Attribute
Value
Default Value
simple
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
connection-timeout The timeout for connecting to the LDAP server in milliseconds.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
credential-reference The credential reference to authenticate and connect to the LDAP server. Can be omitted if authentication-level is 'none' (anonymous).
The authentication context to obtain login credentials to connect to the LDAP server. Can be omitted if authentication-level is 'none' (anonymous).
authentication-level
STRING
false
true
simple
The authentication level (security level/authentication mechanism) to use. Corresponds to SECURITY_AUTHENTICATION ('java.naming.security.authentication') environment property. Allowed values: 'none', 'simple', sasl_mech, where sasl_mech is a space-separated list of SASL mechanism names.
connection-timeout
INT
false
true
The timeout for connecting to the LDAP server in milliseconds.
credential-reference
OBJECT
false
false
The credential reference to authenticate and connect to the LDAP server. Can be omitted if authentication-level is 'none' (anonymous).
enable-connection-pooling
BOOLEAN
false
true
false
Indicates if connection pooling is enabled.
module
STRING
false
true
Name of module that will be used as class loading base.
principal
STRING
false
true
The principal to authenticate and connect to the LDAP server. Can be omitted if authentication-level is 'none' (anonymous).
properties
OBJECT
false
true
The additional connection properties for the DirContext.
read-timeout
INT
false
true
The read timeout for an LDAP operation in milliseconds.
referral-mode
STRING
false
true
ignore
If referrals should be followed.
ssl-context
STRING
false
false
The name of ssl-context used to secure connection to the LDAP server.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/distributed-realm/index.html b/latest/wildscribe/subsystem/elytron/distributed-realm/index.html
new file mode 100644
index 000000000..4135a8614
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/distributed-realm/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
emit-events Whether a SecurityEvent signifying realm unavailability should be emitted, applicable only when the ignore-unavailable-realms attribute is set to true. The default value is true.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
ignore-unavailable-realms Whether subsequent realms should be checked after an unavailable realm is reached. If set to false or not set, when the unavailable realm is reached "org.wildfly.security.auth.server.RealmUnavailableException" is thrown and the search stops. The default value is false.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
realms References to one or more security realms for authentication and authorization.
Whether a SecurityEvent signifying realm unavailability should be emitted, applicable only when the ignore-unavailable-realms attribute is set to true. The default value is true.
ignore-unavailable-realms
BOOLEAN
false
true
false
Whether subsequent realms should be checked after an unavailable realm is reached. If set to false or not set, when the unavailable realm is reached "org.wildfly.security.auth.server.RealmUnavailableException" is thrown and the search stops. The default value is false.
realms
LIST
true
false
References to one or more security realms for authentication and authorization.
remove The remove operation for the security realm.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/expression/encryption/index.html b/latest/wildscribe/subsystem/elytron/expression/encryption/index.html
new file mode 100644
index 000000000..dc2f299be
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/expression/encryption/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The default expression resolver to use if not specified within the expression. If not set there is no default.
prefix
STRING
false
false
ENC
The prefix in use for encrypted expressions.
resolvers
LIST
true
false
List of expressions resolver definitions.
create-expression Operation to encrypt the supplied clear text using the specified resolver and return a usable expression.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
resolver
STRING
false
false
The resolver configuration to use to encrypt the clear text. If omitted the default-resolver will be used instead.
clear-text
STRING
true
false
The clear text value to encrypt.
remove Remove operation for the expression resolver.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/failover-realm/index.html b/latest/wildscribe/subsystem/elytron/failover-realm/index.html
new file mode 100644
index 000000000..3b152fcdb
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/failover-realm/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Reference to the security realm to use as a default.
emit-events
BOOLEAN
false
true
true
Whether SecurityEvent signifying delegate-realm unavailability should be emitted.
failover-realm
STRING
true
false
Reference to the security realm to use in case the delegate-realm is unavailable.
remove The remove operation for the security realm.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/file-audit-log/index.html b/latest/wildscribe/subsystem/elytron/file-audit-log/index.html
new file mode 100644
index 000000000..03daf970d
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/file-audit-log/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/filesystem-realm/index.html b/latest/wildscribe/subsystem/elytron/filesystem-realm/index.html
new file mode 100644
index 000000000..f8d921644
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/filesystem-realm/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
set-password Add a password to an existing identity.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
identity
STRING
true
false
The name of the identity.
bcrypt
OBJECT
false
false
A password using the Bcrypt algorithm.
clear
OBJECT
false
false
A password in clear text.
simple-digest
OBJECT
false
false
A simple digest password.
salted-simple-digest
OBJECT
false
false
A salted simple digest password.
scram-digest
OBJECT
false
false
A password using the SCRAM digest algorithm.
digest
OBJECT
false
false
A digest password.
otp
OBJECT
false
false
A one-time password, used by the OTP SASL mechanism.
update-key-pair Updates the filesystem realm to make use of the new key pair to verify integrity.
verify-integrity Verify the integrity of the entire filesystem realm.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/filtering-key-store/index.html b/latest/wildscribe/subsystem/elytron/filtering-key-store/index.html
new file mode 100644
index 000000000..21255422a
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/filtering-key-store/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
alias-filter A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
state The state of the underlying service that represents this KeyStore at runtime, if it is anything other than UP runtime operations will not be available.
A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/http-authentication-factory/index.html b/latest/wildscribe/subsystem/elytron/http-authentication-factory/index.html
new file mode 100644
index 000000000..bb047d4cf
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/http-authentication-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a new http-authentication-factory resource.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
http-server-mechanism-factory
STRING
true
false
The HttpServerAuthenticationMechanismFactory to associate with this resource
mechanism-configurations
LIST
false
false
Mechanism specific configuration
security-domain
STRING
true
false
The SecurityDomain to associate with this resource
remove Remove the http-authentication-factory resource.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/identity-realm/index.html b/latest/wildscribe/subsystem/elytron/identity-realm/index.html
new file mode 100644
index 000000000..9f582d05a
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/identity-realm/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The name of the attribute associated with this identity.
attribute-values
LIST
false
true
The values associated with the identity attributes.
identity
STRING
true
true
The name of the identity available from the security realm.
remove The remove operation for the security realm.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/index.html b/latest/wildscribe/subsystem/elytron/index.html
new file mode 100644
index 000000000..af63671ed
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add-prefix-role-mapper A role mapper definition for a role mapper that adds a prefix to each provided.
add-suffix-role-mapper A role mapper definition for a role mapper that adds a suffix to each provided.
aggregate-evidence-decoder An evidence decoder that is an aggregation of other evidence decoders. Given evidence, these evidence decoders will be attempted in order until one returns a non-null principal or until there are no more evidence decoders left to try.
aggregate-principal-decoder A principal decoder definition where the principal decoder is an aggregation of other principal decoders.
aggregate-principal-transformer A principal transformer aggregating more principal transformers. Original principal is tried to be transformed by individual transformers until one return non-null principal - that is returned.
aggregate-realm A realm definition that is an aggregation of two realms, one for the authentication steps and one for loading the identity for the authorization steps.
aggregate-role-decoder Definition of a RoleDecoder that is an aggregation of other role decoders.
aggregate-role-mapper A role mapper definition where the role mapper is an aggregation of other role mappers.
aggregate-sasl-server-factory A sasl server factory definition where the sasl server factory is an aggregation of other sasl server factories.
caching-realm A realm definition that enables caching to another security realm. Caching strategy is LRU (Least Recently Used) where least accessed entries are discarded when maximum number of entries is reached.
case-principal-transformer A principal transformer where the principal is adjusted to upper or lower case.
chained-principal-transformer A principal transformer definition where the principal transformer is a chaining of other principal transformers.
client-ssl-context An SSLContext for use on the client side of a connection.
concatenating-principal-decoder A principal decoder definition where the principal decoder is a concatenation of other principal decoders.
configurable-http-server-mechanism-factory A HTTP server factory definition that wraps another HTTP server factory and applies the specified configuration and filtering.
configurable-sasl-server-factory A SaslServerFactory definition that wraps another SaslServerFactory and applies the specified configuration and filtering.
custom-modifiable-realm Custom realm configured as being modifiable will be expected to implement the ModifiableSecurityRealm interface. By configuring a realm as being modifiable management operations will be made available to manipulate the realm.
custom-realm A custom realm definitions can implement either the SecurityRealm interface or the ModifiableSecurityRealm interface. Regardless of which interface is implemented management operations will not be exposed to manage the realm. However other services that depend on the realm will still be able to perform a type check and cast to gain access to the modification API.
dir-context The configuration to connect to a directory (LDAP) server.
distributed-realm A realm definition for authentication and authorization of identities distributed between multiple realms.
expression Definition of an expression resolver to decrypt encrypted expressions.
encryption Definition of an expression resolver to decrypt encrypted expressions.
failover-realm A realm definition that wraps two realms. One for default operation and the second to fail over to in case the first one is unavailable.
file-audit-log An audit logger that logs to a local file.
filesystem-realm A simple security realm definition backed by the filesystem.
logical-role-mapper A RoleMapper definition for a RoleMapper that performs a logical operation using two referenced RoleMappers.
mapped-regex-realm-mapper Definition of a RealmMapper implementation that first uses a regular expression to extract the realm name, this is then converted using the configured mapping of realm names.
mapped-role-mapper A RoleMapper definition for a RoleMapper that performs a mapping based on configured map.
mechanism-provider-filtering-sasl-server-factory A SaslServerFactory definition that wraps another SaslServerFactory and enables filtering of mechanisms based on the mechanism name and Provider name and version. Any mechanisms loaded by factories not located using a Provider will not be filtered by this definition.
periodic-rotating-file-audit-log An audit log definition for persisting an audit log to a local files rotating the log after a time period derived from the given suffix string, which should be in a format understood by java.time.format.DateTimeFormatter.
policy A definition that sets up a policy provider.
properties-realm A security realm definition backed by properties files.
provider-http-server-mechanism-factory A http server factory definition where the http server factory is an aggregation of factories from the Provider[]
regex-role-mapper A RoleMapper definition for a RoleMapper that performs a mapping based on regex and replaces matching roles with replacement pattern.
service-loader-sasl-server-factory A sasl server factory definition where the sasl server factory is an aggregation of factories identified using a ServiceLoader
simple-regex-realm-mapper Definition of a simple RealmMapper that attempts to extract the realm name using the capture group from the regular expression, if that does not provide a match then the delegate RealmMapper is used instead.
simple-role-decoder Definition of a simple RoleDecoder that takes a single attribute and maps it directly to roles.
size-rotating-file-audit-log An audit log definition for persisting an audit log to a local files rotating the log after the size of the file grows beyond a certain point and keeping a fixed number of backups.
source-address-role-decoder Definition of a RoleDecoder that maps roles based on the IP address of a remote client.
syslog-audit-log An audit logger that sends audit events to a remote syslog server.
token-realm A security realm definition capable of validating and extracting identities from security tokens.
trust-manager A trust manager definition for creating the TrustManager[] as used to create an SSLContext.
x500-subject-evidence-decoder An evidence decoder that derives the principal associated with the given evidence from the subject from the first certificate in the given evidence.
x509-subject-alt-name-evidence-decoder An evidence decoder that derives the principal associated with the given evidence from an X.509 subject alternative name from the first certificate in the given evidence.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/jaas-realm/index.html b/latest/wildscribe/subsystem/elytron/jaas-realm/index.html
new file mode 100644
index 000000000..7925cc085
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/jaas-realm/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
callback-handler Callback handler to use with the Login Context. Security property "auth.login.defaultCallbackHandler" can be used instead. The default callback handler of the realm will be used if none of these are defined.
module The module to use to obtain the classloader to load the custom LoginModules and custom CallbackHandler. The classloader that loads the resource will be used if none defined.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
path Path to the JAAS Login Context configuration file. You can also specify the location of the configuration with java system property "java.security.auth.login.config" or with java security property "login.config.url".
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
relative-to The base path of the JAAS configuration file.
Callback handler to use with the Login Context. Security property "auth.login.defaultCallbackHandler" can be used instead. The default callback handler of the realm will be used if none of these are defined.
entry
STRING
true
true
JAAS configuration file entry name.
module
STRING
false
false
The module to use to obtain the classloader to load the custom LoginModules and custom CallbackHandler. The classloader that loads the resource will be used if none defined.
path
STRING
false
true
Path to the JAAS Login Context configuration file. You can also specify the location of the configuration with java system property "java.security.auth.login.config" or with java security property "login.config.url".
relative-to
STRING
false
false
The base path of the JAAS configuration file.
remove The remove operation for the security realm.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/jaspi-configuration/index.html b/latest/wildscribe/subsystem/elytron/jaspi-configuration/index.html
new file mode 100644
index 000000000..b61afc4b3
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/jaspi-configuration/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/jdbc-realm/index.html b/latest/wildscribe/subsystem/elytron/jdbc-realm/index.html
new file mode 100644
index 000000000..77f5d9c3f
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/jdbc-realm/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The character set to use when converting the password string to a byte array.
principal-query
LIST
true
false
The authentication query used to authenticate users based on specific key types.
remove The remove operation for the security realm.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/kerberos-security-factory/index.html b/latest/wildscribe/subsystem/elytron/kerberos-security-factory/index.html
new file mode 100644
index 000000000..760cf73c5
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/kerberos-security-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
debug Should the JAAS step of obtaining the credential have debug logging enabled.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
fail-cache Amount of seconds before new try to obtain server credential should be done if it has failed last time.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
mechanism-names The mechanism names the credential should be usable with. Names will be converted to OIDs and used together with OIDs from mechanism-oids attribute.
Attribute
Value
Default Value
["KRB5","SPNEGO"]
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Allowed Values
KRB5LEGACY GENERIC KRB5 KRB5V2 SPNEGO
mechanism-oids The mechanism OIDs the credential should be usable with. Will be used together with OIDs derived from names from mechanism-names attribute.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
minimum-remaining-lifetime How much lifetime (in seconds) should a cached credential have remaining before it is recreated.
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
obtain-kerberos-ticket Should the KerberosTicket also be obtained and associated with the credential. This is required to be true where credentials are delegated to the server.
relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
request-lifetime How much lifetime (in seconds) should be requested for newly created credentials.
Attribute
Value
Default Value
2147483647
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
required Is the keytab file with adequate principal required to exist at the time the service starts?
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
server If this for use server side or client side?
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
wrap-gss-credential Should generated GSS credentials be wrapped to prevent improper disposal or not?
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add The add operation for the Kerberos SecurityFactory
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
debug
BOOLEAN
false
true
false
Should the JAAS step of obtaining the credential have debug logging enabled.
fail-cache
INT
false
true
Amount of seconds before new try to obtain server credential should be done if it has failed last time.
mechanism-names
LIST
false
true
["KRB5","SPNEGO"]
The mechanism names the credential should be usable with. Names will be converted to OIDs and used together with OIDs from mechanism-oids attribute.
mechanism-oids
LIST
false
true
The mechanism OIDs the credential should be usable with. Will be used together with OIDs derived from names from mechanism-names attribute.
minimum-remaining-lifetime
INT
false
true
0
How much lifetime (in seconds) should a cached credential have remaining before it is recreated.
obtain-kerberos-ticket
BOOLEAN
false
true
false
Should the KerberosTicket also be obtained and associated with the credential. This is required to be true where credentials are delegated to the server.
options
OBJECT
false
false
The Krb5LoginModule additional options.
principal
STRING
true
true
The principal represented by the KeyTab
request-lifetime
INT
false
true
2147483647
How much lifetime (in seconds) should be requested for newly created credentials.
required
BOOLEAN
false
true
false
Is the keytab file with adequate principal required to exist at the time the service starts?
server
BOOLEAN
false
true
true
If this for use server side or client side?
wrap-gss-credential
BOOLEAN
false
true
false
Should generated GSS credentials be wrapped to prevent improper disposal or not?
path
STRING
true
true
The path of the KeyTab to load to obtain the credential.
relative-to
STRING
false
false
The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.
remove The remove operation for the Kerberos SecurityFactory
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/key-manager/index.html b/latest/wildscribe/subsystem/elytron/key-manager/index.html
new file mode 100644
index 000000000..f88bab487
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/key-manager/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
algorithm The name of the algorithm to use to create the underlying KeyManagerFactory.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
alias-filter A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
credential-reference The credential reference to decrypt KeyStore item. (Not a password of the KeyStore.)
Attribute
Value
Type
OBJECT
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
generate-self-signed-certificate-host If the file that backs the KeyStore does not exist and this attribute is set, then a self-signed certificate will be generated for the specified host name. This is not intended for production use.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
key-store Reference to the KeyStore to use to initialise the underlying KeyManagerFactory.
The name of the algorithm to use to create the underlying KeyManagerFactory.
alias-filter
STRING
false
true
A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
credential-reference
OBJECT
true
false
The credential reference to decrypt KeyStore item. (Not a password of the KeyStore.)
generate-self-signed-certificate-host
STRING
false
true
If the file that backs the KeyStore does not exist and this attribute is set, then a self-signed certificate will be generated for the specified host name. This is not intended for production use.
key-store
STRING
true
false
Reference to the KeyStore to use to initialise the underlying KeyManagerFactory.
provider-name
STRING
false
true
The name of the provider to use to create the underlying KeyManagerFactory.
providers
STRING
false
false
Reference to obtain the Provider[] to use when creating the underlying KeyManagerFactory.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/key-store-realm/index.html b/latest/wildscribe/subsystem/elytron/key-store-realm/index.html
new file mode 100644
index 000000000..e151d9ae1
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/key-store-realm/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Reference to the KeyStore that should be used to back this security realm.
remove The remove operation for the security realm.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/key-store/index.html b/latest/wildscribe/subsystem/elytron/key-store/index.html
new file mode 100644
index 000000000..73b8ea374
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/key-store/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
alias-filter A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
credential-reference The reference to credential stored in CredentialStore under defined alias or clear text password.
Attribute
Value
Type
OBJECT
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
loaded-provider Information about the provider that was used for this KeyStore.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
modified Indicates if the in-memory representation of the KeyStore has been changed since it was last loaded or stored. Note: For some providers updates may be immediate without further load or store calls.
provider-name The name of the provider to use to load the KeyStore, disables searching for the first Provider that can create a KeyStore of the specified type.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
providers A reference to the providers that should be used to obtain the list of Provider instances to search, if not specified the global list of providers will be used instead.
state The state of the underlying service that represents this KeyStore at runtime, if it is anything other than UP runtime operations will not be available.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Allowed Values
DOWN STARTING START_FAILED UP STOPPING REMOVED
synchronized The time this KeyStore was last loaded or saved. Note: Some providers may continue to apply updates after the KeyStore was loaded within the application server.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
type The type of the KeyStore, used when creating the new KeyStore instance.
A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
credential-reference
OBJECT
true
false
The reference to credential stored in CredentialStore under defined alias or clear text password.
path
STRING
false
true
The path to the KeyStore file.
relative-to
STRING
false
false
The base path this store is relative to.
required
BOOLEAN
false
true
false
Is the file required to exist at the time the KeyStore service starts?
provider-name
STRING
false
true
The name of the provider to use to load the KeyStore, disables searching for the first Provider that can create a KeyStore of the specified type.
providers
STRING
false
false
A reference to the providers that should be used to obtain the list of Provider instances to search, if not specified the global list of providers will be used instead.
type
STRING
false
true
The type of the KeyStore, used when creating the new KeyStore instance.
change-alias Move an existing KeyStore entry to a new alias.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
alias
STRING
true
true
The alias that identifies the existing KeyStore entry to move.
new-alias
STRING
true
true
The new alias to use.
credential-reference
OBJECT
false
false
The credential reference to be used to access the existing KeyStore entry, if needed.
export-certificate Export a certificate from a KeyStore entry to a file.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
alias
STRING
true
true
The alias that identifies the KeyStore entry.
path
STRING
true
true
The path to the file to export the certificate to.
relative-to
STRING
false
false
The base path of the export file.
pem
BOOLEAN
false
true
false
Specifies whether to export the certificate in printable encoding format. If not specified, the certificate will be exported in binary encoding format.
The alias that identifies the PrivateKeyEntry to use to generate the certificate signing request.
signature-algorithm
STRING
false
true
The signature algorithm name to use when signing the certificate signing request.
distinguished-name
STRING
false
true
The DN to use in the certificate signing request. If not specified, the DN from the certificate will be used.
extensions
LIST
false
false
The list of X.509 certificate extensions to include in the certificate signing request.
credential-reference
OBJECT
false
false
The credential reference to be used to access the private key.
path
STRING
true
true
The path to the file where the certificate signing request should be stored.
relative-to
STRING
false
false
The base path of the certificate signing request file.
generate-key-pair Generate a key pair and wrap the resulting public key in a self-signed X.509 certificate. The generated private key and self-signed certificate will be added to the KeyStore.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
alias
STRING
true
true
The alias of the new KeyStore entry.
algorithm
STRING
false
true
The algorithm to be used to generate the key pair.
signature-algorithm
STRING
false
true
The signature algorithm name to use when signing the self-signed certificate.
key-size
INT
false
true
The key size to use when generating the key pair.
distinguished-name
STRING
true
true
The DN to use as both the subject DN and the issuer DN.
not-before
STRING
false
true
The starting date and time the self-signed certificate is valid.
validity
LONG
false
true
90
The number of days for which the self-signed certificate should be considered valid. The default value is 90 days.
extensions
LIST
false
false
The list of X.509 certificate extensions to include in the self-signed certificate.
credential-reference
OBJECT
false
false
The credential reference to be used to protect the generated private key.
import-certificate Import a certificate or certificate chain from a file into a KeyStore entry.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
alias
STRING
true
true
The alias that identifies the KeyStore entry.
credential-reference
OBJECT
false
false
The credential reference to be used to access the private key.
path
STRING
true
true
The path to the file that contains the certificate or certificate chain to import in binary encoding format or printable encoding format.
relative-to
STRING
false
false
The base path of the certificate file.
trust-cacerts
BOOLEAN
false
true
false
Specifies whether certificates from the cacerts file should be included when creating / validating the certificate chain.
validate
BOOLEAN
false
true
true
Specifies whether to validate that the top-most certificate is actually trusted when importing a certificate chain or whether to validate the certificate is actually trusted when importing a certificate. The default value is true. When this is set to true and validation fails, the certificate or certificate chain will not be imported into a KeyStore entry.
load Load the KeyStore, if the KeyStore is file backed this will involve re-reading the contents of the file.
obtain-certificate Obtain a signed certificate from a certificate authority and store it in a KeyStore entry.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
alias
STRING
true
true
The alias of the KeyStore entry.
domain-names
LIST
true
false
The list of DNS name(s) to request the certificate for.
certificate-authority-account
STRING
true
false
A reference to the certificate authority account information that should be used to obtain the certificate.
agree-to-terms-of-service
BOOLEAN
false
true
Indicates whether or not the user agrees to the certificate authority's terms of service.
staging
BOOLEAN
false
true
false
Indicates whether or not the certificate authority's staging URL should be used. This should only be set to true for testing purposes. This should never be set to true in a production environment.
algorithm
STRING
false
true
RSA
The algorithm to be used to generate the key pair. The default value is RSA.
key-size
INT
false
true
2048
The key size to use when generating the key pair. The default value is 2048.
credential-reference
OBJECT
false
false
The credential reference to be used to protect the generated private key.
The alias that identifies the KeyStore entry that contains the certificate to be revoked.
reason
STRING
false
true
The reason for revocation.
certificate-authority-account
STRING
true
false
A reference to the certificate authority account information that should be uesd to revoke the certificate.
staging
BOOLEAN
false
true
false
Indicates whether or not the certificate authority's staging URL should be used. This should only be set to true for testing purposes. This should never be set to true in a production environment.
The alias that identifies the KeyStore entry that contains the certificate to check.
expiration
LONG
false
true
30
The number of days to expiry to be checked.
store Store the KeyStore to file, this operation will fail for any KeyStore instances not backed by a file. If the file does not exist and it was not flagged as required it will be created.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/ldap-key-store/index.html b/latest/wildscribe/subsystem/elytron/ldap-key-store/index.html
new file mode 100644
index 000000000..179946e8a
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/ldap-key-store/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
filter-alias The LDAP filter for obtaining an item of the KeyStore by alias. If this is not specified then the default value will be (alias_attribute={0}). The string '{0}' will be replaced by the searched alias and the 'alias_attribute' value will be the value of the attribute 'alias-attribute'.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
filter-certificate The LDAP filter for obtaining an item of the KeyStore by certificate. If this is not specified then the default value will be (certificate_attribute={0}). The string '{0}' will be replaced by searched encoded certificate and the 'certificate_attribute' will be the value of the attribute 'certificate-attribute'.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
filter-iterate The LDAP filter for iterating over all items of the KeyStore. If this is not specified then the default value will be (alias_attribute=*). The 'alias_attribute' will be the value of the attribute 'alias-attribute'.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
key-attribute The name of LDAP attribute, where will be key stored.
Attribute
Value
Default Value
userPKCS12
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
key-type The type of KeyStore, in which will be key serialized to LDAP attribute.
Attribute
Value
Default Value
PKCS12
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
new-item-template Configuration for item creation. Define how will look LDAP entry of newly created keystore item.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
search-path The path in LDAP, where will be KeyStore items searched.
search-time-limit The time limit for obtaining keystore items from LDAP.
Attribute
Value
Default Value
10000
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
size The size of LDAP KeyStore in amount of items/aliases.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
state The state of the underlying service that represents this KeyStore at runtime, if it is anything other than UP runtime operations will not be available.
The name of DirContext, which will be used to communication with LDAP server.
new-item-template
OBJECT
false
false
Configuration for item creation. Define how will look LDAP entry of newly created keystore item.
alias-attribute
STRING
false
true
cn
The name of LDAP attribute, where will be item alias stored.
certificate-attribute
STRING
false
true
usercertificate
The name of LDAP attribute, where will be certificate stored.
certificate-chain-attribute
STRING
false
true
userSMIMECertificate
The name of LDAP attribute, where will be certificate chain stored.
certificate-chain-encoding
STRING
false
true
PKCS7
The encoding of the certificate chain.
certificate-type
STRING
false
true
X.509
The type of the Certificate.
key-attribute
STRING
false
true
userPKCS12
The name of LDAP attribute, where will be key stored.
key-type
STRING
false
true
PKCS12
The type of KeyStore, in which will be key serialized to LDAP attribute.
filter-alias
STRING
false
true
The LDAP filter for obtaining an item of the KeyStore by alias. If this is not specified then the default value will be (alias_attribute={0}). The string '{0}' will be replaced by the searched alias and the 'alias_attribute' value will be the value of the attribute 'alias-attribute'.
filter-certificate
STRING
false
true
The LDAP filter for obtaining an item of the KeyStore by certificate. If this is not specified then the default value will be (certificate_attribute={0}). The string '{0}' will be replaced by searched encoded certificate and the 'certificate_attribute' will be the value of the attribute 'certificate-attribute'.
filter-iterate
STRING
false
true
The LDAP filter for iterating over all items of the KeyStore. If this is not specified then the default value will be (alias_attribute=*). The 'alias_attribute' will be the value of the attribute 'alias-attribute'.
search-path
STRING
true
true
The path in LDAP, where will be KeyStore items searched.
search-recursive
BOOLEAN
false
true
true
If the LDAP search should be recursive.
search-time-limit
INT
false
true
10000
The time limit for obtaining keystore items from LDAP.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/ldap-realm/index.html b/latest/wildscribe/subsystem/elytron/ldap-realm/index.html
new file mode 100644
index 000000000..7fc0fddc8
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/ldap-realm/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
set-password Add a password to an existing identity.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
identity
STRING
true
false
The name of the identity.
bcrypt
OBJECT
false
false
A password using the Bcrypt algorithm.
clear
OBJECT
false
false
A password in clear text.
simple-digest
OBJECT
false
false
A simple digest password.
salted-simple-digest
OBJECT
false
false
A salted simple digest password.
scram-digest
OBJECT
false
false
A password using the SCRAM digest algorithm.
digest
OBJECT
false
false
A digest password.
otp
OBJECT
false
false
A one-time password, used by the OTP SASL mechanism.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/logical-permission-mapper/index.html b/latest/wildscribe/subsystem/elytron/logical-permission-mapper/index.html
new file mode 100644
index 000000000..7cf5109ab
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/logical-permission-mapper/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/logical-role-mapper/index.html b/latest/wildscribe/subsystem/elytron/logical-role-mapper/index.html
new file mode 100644
index 000000000..9807d349c
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/logical-role-mapper/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/mapped-regex-realm-mapper/index.html b/latest/wildscribe/subsystem/elytron/mapped-regex-realm-mapper/index.html
new file mode 100644
index 000000000..972058793
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/mapped-regex-realm-mapper/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Definition of a RealmMapper implementation that first uses a regular expression to extract the realm name, this is then converted using the configured mapping of realm names.
delegate-realm-mapper The RealmMapper to delegate to if the pattern does not match. If no delegate is specified then the default realm on the domain will be used instead. If the username does not match the pattern and a delegate realm-mapper is present, the result of delegate-realm-mapper is mapped via the realm-map.
pattern The regular expression which must contain at least one capture group to extract the realm from the name. If the regular expression matches more than one capture group, the first capture group is used.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
realm-map Mapping of realm name extracted using the regular expression to a defined realm name. If the value for the mapping is not in the map or the realm whose name is the result of the mapping does not exist in the given security domain, the default realm is used.
The RealmMapper to delegate to if the pattern does not match. If no delegate is specified then the default realm on the domain will be used instead. If the username does not match the pattern and a delegate realm-mapper is present, the result of delegate-realm-mapper is mapped via the realm-map.
pattern
STRING
true
true
The regular expression which must contain at least one capture group to extract the realm from the name. If the regular expression matches more than one capture group, the first capture group is used.
realm-map
OBJECT
true
true
Mapping of realm name extracted using the regular expression to a defined realm name. If the value for the mapping is not in the map or the realm whose name is the result of the mapping does not exist in the given security domain, the default realm is used.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/mapped-role-mapper/index.html b/latest/wildscribe/subsystem/elytron/mapped-role-mapper/index.html
new file mode 100644
index 000000000..59e6d6d29
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/mapped-role-mapper/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/mechanism-provider-filtering-sasl-server-factory/index.html b/latest/wildscribe/subsystem/elytron/mechanism-provider-filtering-sasl-server-factory/index.html
new file mode 100644
index 000000000..c990645a3
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/mechanism-provider-filtering-sasl-server-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A SaslServerFactory definition that wraps another SaslServerFactory and enables filtering of mechanisms based on the mechanism name and Provider name and version. Any mechanisms loaded by factories not located using a Provider will not be filtered by this definition.
available-mechanisms The SASL mechanisms available from this factory after all filtering has been applied.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
enabling When set to 'true' no provider loaded mechanisms are enabled unless matched by one of the filters, setting to 'false' has the inverse effect.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
filters The filters to apply when comparing the mechanisms from the providers, a filter matches when all of the specified values match the mechanism / provider pair.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
sasl-server-factory Reference to a sasl server factory to be wrapped by this definition.
add The add operation for the sasl server factory.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
enabling
BOOLEAN
false
true
true
When set to 'true' no provider loaded mechanisms are enabled unless matched by one of the filters, setting to 'false' has the inverse effect.
filters
LIST
false
false
The filters to apply when comparing the mechanisms from the providers, a filter matches when all of the specified values match the mechanism / provider pair.
sasl-server-factory
STRING
true
false
Reference to a sasl server factory to be wrapped by this definition.
remove The remove operation for the sasl server factory.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/periodic-rotating-file-audit-log/index.html b/latest/wildscribe/subsystem/elytron/periodic-rotating-file-audit-log/index.html
new file mode 100644
index 000000000..fb1981480
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/periodic-rotating-file-audit-log/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
An audit log definition for persisting an audit log to a local files rotating the log after a time period derived from the given suffix string, which should be in a format understood by java.time.format.DateTimeFormatter.
suffix The suffix string in a format which can be understood by java.time.format.DateTimeFormatter. The period of the rotation is automatically calculated based on the suffix.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
synchronized Whether every event should be immediately synchronised to disk.
Whether every event should be immediately flushed to disk (If undefined will default to the value of synchronized).
encoding
STRING
false
true
The audit file encoding. Default is UTF_8.
format
STRING
false
true
SIMPLE
The format to use to record the audit event.
suffix
STRING
true
true
The suffix string in a format which can be understood by java.time.format.DateTimeFormatter. The period of the rotation is automatically calculated based on the suffix.
synchronized
BOOLEAN
false
true
true
Whether every event should be immediately synchronised to disk.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/permission-set/index.html b/latest/wildscribe/subsystem/elytron/permission-set/index.html
new file mode 100644
index 000000000..cf7bd56cf
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/permission-set/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/policy/index.html b/latest/wildscribe/subsystem/elytron/policy/index.html
new file mode 100644
index 000000000..4d4d47e84
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/policy/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A policy provider definition that sets up Jakarta Authorization and related services.
remove Remove operation for removing a policy provider.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/properties-realm/index.html b/latest/wildscribe/subsystem/elytron/properties-realm/index.html
new file mode 100644
index 000000000..d9bf81a47
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/properties-realm/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
groups-attribute The name of the attribute in the returned AuthorizationIdentity that should contain the group membership information for the identity.
Attribute
Value
Default Value
groups
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
groups-properties The properties file containing the users and their groups.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
hash-charset The character set to use when converting the password string to a byte array.
Attribute
Value
Default Value
UTF-8
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
hash-encoding The string format for the password if it is not stored in plain text.
Attribute
Value
Default Value
hex
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
base64 hex
synchronized The time the properties files that back this realm were last loaded.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
users-properties The properties file containing the users and their passwords.
The name of the attribute in the returned AuthorizationIdentity that should contain the group membership information for the identity.
groups-properties
OBJECT
false
false
The properties file containing the users and their groups.
hash-charset
STRING
false
true
UTF-8
The character set to use when converting the password string to a byte array.
hash-encoding
STRING
false
true
hex
The string format for the password if it is not stored in plain text.
users-properties
OBJECT
true
false
The properties file containing the users and their passwords.
load Reload the properties files from the file system.
remove The remove operation for the security realm.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/provider-http-server-mechanism-factory/index.html b/latest/wildscribe/subsystem/elytron/provider-http-server-mechanism-factory/index.html
new file mode 100644
index 000000000..6894c42f9
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/provider-http-server-mechanism-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add The add operation for the http server factory.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
providers
STRING
false
false
The providers to use to locate the factories, if not specified the globally registered list of Providers will be used.
remove The remove operation for the http server factory.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/provider-loader/index.html b/latest/wildscribe/subsystem/elytron/provider-loader/index.html
new file mode 100644
index 000000000..8481ed964
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/provider-loader/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
argument An argument to be passed into the constructor as the Provider is instantiated.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
class-names The fully qualified class names of the providers to load, these are loaded after the service-loader discovered providers and duplicates will be skipped.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
configuration The key/value configuration to be passed to the Provider to initialise it.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
loaded-providers The list of providers loaded by this provider loader.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
module The name of the module to load the provider from.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
path The path of the file to use to initialise the providers.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
relative-to The base path of the configuration file.
The fully qualified class names of the providers to load, these are loaded after the service-loader discovered providers and duplicates will be skipped.
module
STRING
false
false
The name of the module to load the provider from.
argument
STRING
false
true
An argument to be passed into the constructor as the Provider is instantiated.
configuration
OBJECT
false
true
The key/value configuration to be passed to the Provider to initialise it.
path
STRING
false
true
The path of the file to use to initialise the providers.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/provider-sasl-server-factory/index.html b/latest/wildscribe/subsystem/elytron/provider-sasl-server-factory/index.html
new file mode 100644
index 000000000..a67855b82
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/provider-sasl-server-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add The add operation for the sasl server factory.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
providers
STRING
false
false
The providers to use to locate the factories, if not specified the globally registered list of Providers will be used.
remove The remove operation for the sasl server factory.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/regex-principal-transformer/index.html b/latest/wildscribe/subsystem/elytron/regex-principal-transformer/index.html
new file mode 100644
index 000000000..116d14fab
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/regex-principal-transformer/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
pattern The regular expression to use to locate the portion of the name to be replaced.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
replace-all Should all occurrences of the pattern matched be replaced or only the first occurrence.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
replacement The value to be used as the replacement.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add The add operation for the principal transformer.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
pattern
STRING
true
true
The regular expression to use to locate the portion of the name to be replaced.
replace-all
BOOLEAN
false
true
false
Should all occurrences of the pattern matched be replaced or only the first occurrence.
replacement
STRING
true
true
The value to be used as the replacement.
remove The remove operation for the principal transformer.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/regex-role-mapper/index.html b/latest/wildscribe/subsystem/elytron/regex-role-mapper/index.html
new file mode 100644
index 000000000..a79e1d5a0
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/regex-role-mapper/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
keep-non-mapped When set to 'true' then the roles that did not match the pattern will be kept and not removed.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
pattern Regex string that will be used for matching. Regex can capture groups. Role matches the pattern if given pattern can be found in any substring of given role.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
replace-all When set to 'false', only first occurrence of the pattern will be replaced in role. When set to 'true' then all of the occurrences will be replaced by replacement.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
replacement Replacement that will be used when mapping roles that contain the pattern. Can make use of captured groups from pattern.
When set to 'true' then the roles that did not match the pattern will be kept and not removed.
pattern
STRING
true
true
Regex string that will be used for matching. Regex can capture groups. Role matches the pattern if given pattern can be found in any substring of given role.
replace-all
BOOLEAN
false
true
false
When set to 'false', only first occurrence of the pattern will be replaced in role. When set to 'true' then all of the occurrences will be replaced by replacement.
replacement
STRING
true
true
Replacement that will be used when mapping roles that contain the pattern. Can make use of captured groups from pattern.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/regex-validating-principal-transformer/index.html b/latest/wildscribe/subsystem/elytron/regex-validating-principal-transformer/index.html
new file mode 100644
index 000000000..f5ac894d1
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/regex-validating-principal-transformer/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
match If set to true, the name must match the given pattern to make validation successful. If set to false, the name must not match the given pattern to make validation successful.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
pattern The regular expression to use for the principal transformer.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add The add operation for the principal transformer.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
match
BOOLEAN
false
true
true
If set to true, the name must match the given pattern to make validation successful. If set to false, the name must not match the given pattern to make validation successful.
pattern
STRING
true
true
The regular expression to use for the principal transformer.
remove The remove operation for the principal transformer.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/sasl-authentication-factory/index.html b/latest/wildscribe/subsystem/elytron/sasl-authentication-factory/index.html
new file mode 100644
index 000000000..8b497390c
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/sasl-authentication-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a new sasl-authentication-factory resource.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
mechanism-configurations
LIST
false
false
Mechanism specific configuration
sasl-server-factory
STRING
true
false
The SaslServerFactory to associate with this resource
security-domain
STRING
true
false
The SecurityDomain to associate with this resource
remove Remove the sasl-authentication-factory resource.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/secret-key-credential-store/index.html b/latest/wildscribe/subsystem/elytron/secret-key-credential-store/index.html
new file mode 100644
index 000000000..45436239d
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/secret-key-credential-store/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
generate-secret-key Generate a new SecretKey and store it in the credential store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
alias
STRING
true
false
The alias to use when storing the new SecretKey.
key-size
INT
false
true
The size of key to generate (bits).
import-secret-key Import a previously exported SecretKey and add it to the credential store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
alias
STRING
true
false
The alias to use when storing the imported SecretKey.
key
STRING
true
false
The previously exported key to import.
read-aliases Read aliases (entries) from a credential store.
reload Reload credential store (reinitialize and load new data if present).
remove The remove operation for the credential store.
remove-alias Remove a credential (entry) stored in the credential store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
alias
STRING
true
false
The alias of the credential store item to remove.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/security-domain/index.html b/latest/wildscribe/subsystem/elytron/security-domain/index.html
new file mode 100644
index 000000000..d128d3cbd
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/security-domain/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
outflow-anonymous When outflowing to a security domain if outflow is not possible should the anonymous identity be used? Outflowing anonymous has the effect of clearing any identity already established for that domain.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
outflow-security-domains The list of security domains that the security identity from this domain should automatically outflow to.
add The add operation for a security domain definition.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
default-realm
STRING
false
false
The default realm contained by this security domain.
evidence-decoder
STRING
false
false
A reference to an EvidenceDecoder to be used by this domain.
outflow-anonymous
BOOLEAN
false
true
false
When outflowing to a security domain if outflow is not possible should the anonymous identity be used? Outflowing anonymous has the effect of clearing any identity already established for that domain.
outflow-security-domains
LIST
false
false
The list of security domains that the security identity from this domain should automatically outflow to.
permission-mapper
STRING
false
false
A reference to a PermissionMapper to be used by this domain.
post-realm-principal-transformer
STRING
false
false
A reference to a principal transformer to be applied after the realm has operated on the supplied identity name.
pre-realm-principal-transformer
STRING
false
false
A reference to a principal transformer to be applied before the realm is selected.
principal-decoder
STRING
false
false
A reference to a PrincipalDecoder to be used by this domain.
realm-mapper
STRING
false
false
Reference to the RealmMapper to be used by this domain.
realms
LIST
false
false
The list of realms contained by this security domain.
role-decoder
STRING
false
false
Reference to the RoleDecoder to be used by this domain.
role-mapper
STRING
false
false
Reference to the RoleMapper to be used by this domain.
security-event-listener
STRING
false
false
Reference to a listener for security events.
trusted-security-domains
LIST
false
false
The list of security domains that are trusted by this security domain.
trusted-virtual-security-domains
LIST
false
false
The list of virtual security domains that are trusted by this security domain.
read-identity Reads an identity from a security domain if it exists.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
name
STRING
true
false
The name of the identity to read.
remove The remove operation for a security domain definition.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/server-ssl-context/index.html b/latest/wildscribe/subsystem/elytron/server-ssl-context/index.html
new file mode 100644
index 000000000..e5292e738
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/server-ssl-context/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
authentication-optional Rejecting of the client certificate by the security domain will not prevent the connection. Allows a fall through to use other authentication mechanisms (like form login) when the client certificate is rejected by security domain. Has an effect only when the security domain is set.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
cipher-suite-filter The filter to apply to specify the enabled cipher suites for TLSv1.2 and below.
Attribute
Value
Default Value
DEFAULT
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
cipher-suite-names The filter to apply to specify the enabled cipher suites for TLSv1.3.
maximum-session-cache-size The maximum number of SSL sessions in the cache. The default value -1 means use the JVM default value. Value zero means there is no limit.
Attribute
Value
Default Value
-1
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
need-client-auth To require a client certificate on SSL handshake. Connection without trusted client certificate (see trust-manager) will be rejected.
want-client-auth To request (but not to require) a client certificate on SSL handshake. If a security domain is referenced and supports X509 evidence, this will be set to true automatically. Ignored when need-client-auth is set.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
wrap Should the SSLEngine, SSLSocket, and SSLServerSocket instances returned be wrapped to protect against further modification.
Rejecting of the client certificate by the security domain will not prevent the connection. Allows a fall through to use other authentication mechanisms (like form login) when the client certificate is rejected by security domain. Has an effect only when the security domain is set.
cipher-suite-filter
STRING
false
true
DEFAULT
The filter to apply to specify the enabled cipher suites for TLSv1.2 and below.
cipher-suite-names
STRING
false
true
The filter to apply to specify the enabled cipher suites for TLSv1.3.
final-principal-transformer
STRING
false
false
A final principal transformer to apply for this mechanism realm.
key-manager
STRING
true
false
Reference to the key manager to use within the SSLContext.
maximum-session-cache-size
INT
false
true
-1
The maximum number of SSL sessions in the cache. The default value -1 means use the JVM default value. Value zero means there is no limit.
need-client-auth
BOOLEAN
false
true
false
To require a client certificate on SSL handshake. Connection without trusted client certificate (see trust-manager) will be rejected.
post-realm-principal-transformer
STRING
false
false
A principal transformer to apply after the realm is selected.
pre-realm-principal-transformer
STRING
false
false
A principal transformer to apply before the realm is selected.
protocols
LIST
false
true
The enabled protocols.
provider-name
STRING
false
true
The name of the provider to use. If not specified, all providers from providers will be passed to the SSLContext.
providers
STRING
false
false
The name of the providers to obtain the Provider[] to use to load the SSLContext.
realm-mapper
STRING
false
false
The realm mapper to be used for SSL authentication.
security-domain
STRING
false
false
The security domain to use for authentication during SSL session establishment.
session-timeout
INT
false
true
-1
The timeout for SSL sessions, in seconds. The default value -1 means use the JVM default value. Value zero means there is no limit.
trust-manager
STRING
false
false
Reference to the trust manager to use within the SSLContext.
use-cipher-suites-order
BOOLEAN
false
true
true
To honor local cipher suites preference.
want-client-auth
BOOLEAN
false
true
false
To request (but not to require) a client certificate on SSL handshake. If a security domain is referenced and supports X509 evidence, this will be set to true automatically. Ignored when need-client-auth is set.
wrap
BOOLEAN
false
true
false
Should the SSLEngine, SSLSocket, and SSLServerSocket instances returned be wrapped to protect against further modification.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/server-ssl-context/ssl-session/index.html b/latest/wildscribe/subsystem/elytron/server-ssl-context/ssl-session/index.html
new file mode 100644
index 000000000..e293cf01b
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/server-ssl-context/ssl-session/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
peer-host The peer host as reported by the SSLSession.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
peer-port The peer port as reported by the SSLSession.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
peer-principal The peer principal as reported by the SSLSession.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
protocol The protocol as reported by the SSLSession.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
valid The validity of the session as reported by the SSLSession.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (1)
invalidate Invalidate the SSLSession (Note: This does not terminate current connections, only prevents future connections from joining or resuming this session).
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/server-ssl-sni-context/index.html b/latest/wildscribe/subsystem/elytron/server-ssl-sni-context/index.html
new file mode 100644
index 000000000..c6154e795
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/server-ssl-sni-context/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/service-loader-http-server-mechanism-factory/index.html b/latest/wildscribe/subsystem/elytron/service-loader-http-server-mechanism-factory/index.html
new file mode 100644
index 000000000..19949f18b
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/service-loader-http-server-mechanism-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
module The module to use to obtain the classloader to load the factories, if not specified the classloader to load the resource will be used instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add The add operation for the http server factory.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
module
STRING
false
false
The module to use to obtain the classloader to load the factories, if not specified the classloader to load the resource will be used instead.
remove The remove operation for the http server factory.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/service-loader-sasl-server-factory/index.html b/latest/wildscribe/subsystem/elytron/service-loader-sasl-server-factory/index.html
new file mode 100644
index 000000000..11d6302b9
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/service-loader-sasl-server-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
available-mechanisms The SASL mechanisms available from this factory after all filtering has been applied.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
module The module to use to obtain the classloader to load the factories, if not specified the classloader to load the resource will be used instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add The add operation for the sasl server factory.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
module
STRING
false
false
The module to use to obtain the classloader to load the factories, if not specified the classloader to load the resource will be used instead.
remove The remove operation for the sasl server factory.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/simple-permission-mapper/index.html b/latest/wildscribe/subsystem/elytron/simple-permission-mapper/index.html
new file mode 100644
index 000000000..b77f495f2
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/simple-permission-mapper/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/simple-regex-realm-mapper/index.html b/latest/wildscribe/subsystem/elytron/simple-regex-realm-mapper/index.html
new file mode 100644
index 000000000..5ce4bce20
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/simple-regex-realm-mapper/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Definition of a simple RealmMapper that attempts to extract the realm name using the capture group from the regular expression, if that does not provide a match then the delegate RealmMapper is used instead.
pattern The regular expression which must contain at least one capture group to extract the realm from the name. If the regular expression matches more than one capture group, the first capture group is used.
The RealmMapper to delegate to if there is no match using the pattern.
pattern
STRING
true
true
The regular expression which must contain at least one capture group to extract the realm from the name. If the regular expression matches more than one capture group, the first capture group is used.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/simple-role-decoder/index.html b/latest/wildscribe/subsystem/elytron/simple-role-decoder/index.html
new file mode 100644
index 000000000..7c2e927cf
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/simple-role-decoder/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/size-rotating-file-audit-log/index.html b/latest/wildscribe/subsystem/elytron/size-rotating-file-audit-log/index.html
new file mode 100644
index 000000000..c13aae5b9
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/size-rotating-file-audit-log/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
An audit log definition for persisting an audit log to a local files rotating the log after the size of the file grows beyond a certain point and keeping a fixed number of backups.
rotate-on-boot Whether the file should be rotated before the a new file is set.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
rotate-size The log file size the file should rotate at.
Attribute
Value
Default Value
10m
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
suffix Format of date used as suffix of log file names in java.time.format.DateTimeFormatter. The suffix does not play a role in determining when the file should be rotated.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
synchronized Whether every event should be immediately flushed to disk (If undefined will default to the value of synchronized).
Whether every event should be immediately flushed to disk.
encoding
STRING
false
true
The audit file encoding. Default is UTF_8.
format
STRING
false
true
SIMPLE
The format to use to record the audit event.
max-backup-index
INT
false
true
1
The maximum number of files to backup when rotating.
rotate-on-boot
BOOLEAN
false
true
false
Whether the file should be rotated before the a new file is set.
rotate-size
STRING
false
true
10m
The log file size the file should rotate at.
suffix
STRING
false
true
Format of date used as suffix of log file names in java.time.format.DateTimeFormatter. The suffix does not play a role in determining when the file should be rotated.
synchronized
BOOLEAN
false
true
true
Whether every event should be immediately flushed to disk (If undefined will default to the value of synchronized).
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/source-address-role-decoder/index.html b/latest/wildscribe/subsystem/elytron/source-address-role-decoder/index.html
new file mode 100644
index 000000000..4ef99080d
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/source-address-role-decoder/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/syslog-audit-log/index.html b/latest/wildscribe/subsystem/elytron/syslog-audit-log/index.html
new file mode 100644
index 000000000..dca4cb59c
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/syslog-audit-log/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
reconnect-attempts The maximum amount of failed reconnect attempts that should be made for sending messages to a syslog server before the endpoint is closed.
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
server-address The server address of the syslog server the events should be sent to.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
ssl-context The SSLContext to use to connect to the syslog server when SSL_TCP transport is used.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/token-realm/index.html b/latest/wildscribe/subsystem/elytron/token-realm/index.html
new file mode 100644
index 000000000..30ce6a89e
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/token-realm/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
jwt A token validator to be used in conjunction with a token-based realm that handles security tokens based on the JWT/JWS standard.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
oauth2-introspection A token validator to be used in conjunction with a token-based realm that handles OAuth2 Access Tokens and validates them using an endpoint compliant with OAuth2 Token Introspection specification(RFC-7662).
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
principal-claim The name of the claim that should be used to obtain the principal's name.
A token validator to be used in conjunction with a token-based realm that handles security tokens based on the JWT/JWS standard.
oauth2-introspection
OBJECT
false
false
A token validator to be used in conjunction with a token-based realm that handles OAuth2 Access Tokens and validates them using an endpoint compliant with OAuth2 Token Introspection specification(RFC-7662).
principal-claim
STRING
false
true
username
The name of the claim that should be used to obtain the principal's name.
remove The remove operation for the security realm.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/trust-manager/index.html b/latest/wildscribe/subsystem/elytron/trust-manager/index.html
new file mode 100644
index 000000000..414b24a96
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/trust-manager/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
algorithm The name of the algorithm to use to create the underlying TrustManagerFactory.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
alias-filter A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
maximum-cert-path The maximum number of non-self-issued intermediate certificates that may exist in a certification path for OCSP and CRL checks. If neither OCSP and CRL is configured, this attribute has no effect.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
ocsp Enables online certificate status protocol checks to a trust manager.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
only-leaf-cert Whether only leaf certificate should be checked for revocation status.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
provider-name The name of the provider to use to create the underlying TrustManagerFactory.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
providers Reference to obtain the Provider[] to use when creating the underlying TrustManagerFactory.
The name of the algorithm to use to create the underlying TrustManagerFactory.
alias-filter
STRING
false
true
A filter to apply to the aliases returned from the KeyStore, can either be a comma separated list of aliases to return or one of the following formats ALL:-alias1:-alias2, NONE:+alias1:+alias2
certificate-revocation-list
OBJECT
false
false
Enables certificate revocation list checks to a trust manager.
certificate-revocation-lists
LIST
false
false
Enables certificate revocation list checks to a trust manager using multiple certificate revocation lists.
key-store
STRING
true
false
Reference to the KeyStore to use to initialise the underlying TrustManagerFactory.
maximum-cert-path
INT
false
true
The maximum number of non-self-issued intermediate certificates that may exist in a certification path for OCSP and CRL checks. If neither OCSP and CRL is configured, this attribute has no effect.
ocsp
OBJECT
false
false
Enables online certificate status protocol checks to a trust manager.
only-leaf-cert
BOOLEAN
false
false
false
Whether only leaf certificate should be checked for revocation status.
provider-name
STRING
false
true
The name of the provider to use to create the underlying TrustManagerFactory.
providers
STRING
false
false
Reference to obtain the Provider[] to use when creating the underlying TrustManagerFactory.
soft-fail
BOOLEAN
false
false
false
Whether a certificate with unknown OCSP response should be accepted.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/virtual-security-domain/index.html b/latest/wildscribe/subsystem/elytron/virtual-security-domain/index.html
new file mode 100644
index 000000000..0c35f0481
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/virtual-security-domain/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
auth-method The authentication mechanism that will be used with the virtual security domain. Allowed values: 'OIDC', 'MP-JWT'. The default value is 'OIDC'.
Attribute
Value
Default Value
OIDC
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
OIDC MP-JWT
outflow-anonymous When outflowing to a security domain, if outflow is not possible, should the anonymous identity be used? Outflow to a security domain might not be possible if the domain does not trust this domain or if the identity being outflowed to a domain does not exist in that domain. Outflowing anonymous has the effect of clearing any identity already established for that domain.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
outflow-security-domains The list of security domains that the security identity from this virtual domain should automatically outflow to.
add The add operation for a virtual security domain definition.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
auth-method
STRING
false
false
OIDC
The authentication mechanism that will be used with the virtual security domain. Allowed values: 'OIDC', 'MP-JWT'. The default value is 'OIDC'.
outflow-anonymous
BOOLEAN
false
true
false
When outflowing to a security domain, if outflow is not possible, should the anonymous identity be used? Outflow to a security domain might not be possible if the domain does not trust this domain or if the identity being outflowed to a domain does not exist in that domain. Outflowing anonymous has the effect of clearing any identity already established for that domain.
outflow-security-domains
LIST
false
false
The list of security domains that the security identity from this virtual domain should automatically outflow to.
remove The remove operation for a virtual security domain definition.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/x500-attribute-principal-decoder/index.html b/latest/wildscribe/subsystem/elytron/x500-attribute-principal-decoder/index.html
new file mode 100644
index 000000000..27f83ba9a
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/x500-attribute-principal-decoder/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/x500-subject-evidence-decoder/index.html b/latest/wildscribe/subsystem/elytron/x500-subject-evidence-decoder/index.html
new file mode 100644
index 000000000..2091f6b3d
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/x500-subject-evidence-decoder/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove The remove operation for the evidence decoder.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/elytron/x509-subject-alt-name-evidence-decoder/index.html b/latest/wildscribe/subsystem/elytron/x509-subject-alt-name-evidence-decoder/index.html
new file mode 100644
index 000000000..cc2799eb0
--- /dev/null
+++ b/latest/wildscribe/subsystem/elytron/x509-subject-alt-name-evidence-decoder/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
An evidence decoder that derives the principal associated with the given evidence from an X.509 subject alternative name from the first certificate in the given evidence.
alt-name-type The subject alternative name type to decode from the given evidence. Allowed values: 'rfc822Name', 'dNSName', 'directoryName', 'uniformResourceIdentifier', 'iPAddress', 'registeredID'
segment The 0-based occurrence of the subject alternative name to map. This attribute is optional and only used when there is more than one subject alternative name of the given alt-name-type. The default value is 0.
The subject alternative name type to decode from the given evidence. Allowed values: 'rfc822Name', 'dNSName', 'directoryName', 'uniformResourceIdentifier', 'iPAddress', 'registeredID'
segment
INT
false
true
0
The 0-based occurrence of the subject alternative name to map. This attribute is optional and only used when there is more than one subject alternative name of the given alt-name-type. The default value is 0.
remove The remove operation for the evidence decoder.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/health/index.html b/latest/wildscribe/subsystem/health/index.html
new file mode 100644
index 000000000..d31523eed
--- /dev/null
+++ b/latest/wildscribe/subsystem/health/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/iiop-openjdk/index.html b/latest/wildscribe/subsystem/iiop-openjdk/index.html
new file mode 100644
index 000000000..36ba75d57
--- /dev/null
+++ b/latest/wildscribe/subsystem/iiop-openjdk/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
high-water-mark TCP connection cache parameter. Each time the number of connections exceeds this value ORB tries to reclaim connections. Number of reclaimed connections is specified by tcp-number-to-reclaim property. If this property is not set then it is configured as OpenJDK ORB default.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
integrity Indicates whether the transport must require integrity protection or not. Valid values are 'none', 'supported' and 'required'.
Deprecated Since 1.0.0
Use server-requires-ssl instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Allowed Values
none supported required
iona Indicates whether interoperability with IONA's ASP is enabled.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
number-to-reclaim TCP connection cache parameter. Each time number of connections exceeds tcp-high-water-mark property then ORB tries to reclaim connections. Number of reclaimed connections is specified by this property. If it is not set then it is configured as OpenJDK ORB default.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
persistent-server-id Persistent id of the server. Persistent object references are valid across many activactions of the server and they identify it using this property. As a result of that: many activations of the same server should have this property set to the same value, different server instances running on the same host should have different server ids.
Attribute
Value
Default Value
1
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
properties A list of generic key/value properties.
security iiop-openjdk.security=Indicates whether the security interceptors are to be installed (elytron) or not (none). identity and client are legacy security configurations which are valid for compatibility reasons but are no longer supported.
Attribute
Value
Default Value
none
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Allowed Values
identity client elytron none
security-domain The name of the security domain that holds the key and trust stores that will be used to establish SSL connections.
Deprecated Since 3.0.0
Legacy security domains are not supported in a running server. Only usable in a domain configuration to support secondary hosts running earlier versions.
Attribute
Value
Capability reference
org.wildfly.security.legacy-security-domain
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
server-requires Value that indicates the server SSL required parameters (None, ServerAuth, ClientAuth, MutualAuth).
Deprecated Since 1.0.0
Use server-requires-ssl instead.
Attribute
Value
Default Value
None
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Allowed Values
None ServerAuth ClientAuth MutualAuth
server-requires-ssl Indicates whether IIOP connections to the server require SSL.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
server-ssl-context The name of the SSL context used to create server side SSL sockets.
server-supports Value that indicates the server SSL supported parameters (None, ServerAuth, ClientAuth, MutualAuth).
Deprecated Since 1.0.0
Use server-requires-ssl instead.
Attribute
Value
Default Value
MutualAuth
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Allowed Values
None ServerAuth ClientAuth MutualAuth
socket-binding The name of the socket binding configuration that specifies the ORB port. At least one of socket-binding, ssl-socket-binding parameters have to be configured.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
ssl-socket-binding The name of the socket binding configuration that specifies the ORB SSL port. At least one of socket-binding, ssl-socket-binding parameters have to be configured.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
support-ssl Indicates whether SSL is to be supported (on) or not (off).
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
transactions Indicates whether the transactions interceptors are to be installed (full or spec) or not (none). The value 'full' enabled JTS while 'spec' enables a spec compliant mode (non JTS) that rejects incoming transaction contexts.
Attribute
Value
Default Value
none
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Allowed Values
full none spec
trust-in-client Indicates if the transport must require trust in client to be established. Valid values are 'none', 'supported' and 'required'.
Deprecated Since 1.0.0
Use server-requires-ssl instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Allowed Values
none supported required
trust-in-target Indicates if the transport must require trust in target to be established. Valid values are 'none' and 'supported'.
The authentication method. Valid values are 'none' and 'username_password'.
realm
STRING
false
true
The authentication service (AS) realm name.
required
BOOLEAN
false
true
false
Indicates if authentication is required (true) or not (false).
authentication-context
STRING
false
true
The name of the authentication context used when the security initializer is set to 'elytron'.
security
STRING
false
true
none
iiop-openjdk.security=Indicates whether the security interceptors are to be installed (elytron) or not (none). identity and client are legacy security configurations which are valid for compatibility reasons but are no longer supported.
transactions
STRING
false
true
none
Indicates whether the transactions interceptors are to be installed (full or spec) or not (none). The value 'full' enabled JTS while 'spec' enables a spec compliant mode (non JTS) that rejects incoming transaction contexts.
iona
BOOLEAN
false
true
false
Indicates whether interoperability with IONA's ASP is enabled.
export-corbaloc
BOOLEAN
false
true
true
Indicates whether the root context should be exported as corbaloc::address:port/NameService (on) or not (off).
root-context
STRING
false
true
JBoss/Naming/root
The naming service root context.
giop-version
STRING
false
true
1.2
The GIOP version to be used.
persistent-server-id
STRING
false
false
1
Persistent id of the server. Persistent object references are valid across many activactions of the server and they identify it using this property. As a result of that: many activations of the same server should have this property set to the same value, different server instances running on the same host should have different server ids.
socket-binding
STRING
false
false
The name of the socket binding configuration that specifies the ORB port. At least one of socket-binding, ssl-socket-binding parameters have to be configured.
ssl-socket-binding
STRING
false
false
The name of the socket binding configuration that specifies the ORB SSL port. At least one of socket-binding, ssl-socket-binding parameters have to be configured.
caller-propagation
STRING
false
true
none
Indicates whether the caller identity should be propagated in the SAS context or not. Valid values are 'none' and 'supported'.
add-component-via-interceptor
BOOLEAN
false
true
true
Indicates whether SSL components should be added by an IOR interceptor (on) or not (off).
client-requires
STRING
false
true
None
Value that indicates the client SSL required parameters (None, ServerAuth, ClientAuth, MutualAuth).
client-requires-ssl
BOOLEAN
false
true
false
Indicates whether IIOP connections from the server require SSL.
client-ssl-context
STRING
false
false
The name of the SSL context used to create client side SSL sockets.
client-supports
STRING
false
true
MutualAuth
Value that indicates the client SSL supported parameters (None, ServerAuth, ClientAuth, MutualAuth).
security-domain
STRING
false
false
The name of the security domain that holds the key and trust stores that will be used to establish SSL connections.
server-requires
STRING
false
true
None
Value that indicates the server SSL required parameters (None, ServerAuth, ClientAuth, MutualAuth).
server-requires-ssl
BOOLEAN
false
true
false
Indicates whether IIOP connections to the server require SSL.
server-ssl-context
STRING
false
false
The name of the SSL context used to create server side SSL sockets.
server-supports
STRING
false
true
MutualAuth
Value that indicates the server SSL supported parameters (None, ServerAuth, ClientAuth, MutualAuth).
support-ssl
BOOLEAN
false
true
false
Indicates whether SSL is to be supported (on) or not (off).
high-water-mark
INT
false
true
TCP connection cache parameter. Each time the number of connections exceeds this value ORB tries to reclaim connections. Number of reclaimed connections is specified by tcp-number-to-reclaim property. If this property is not set then it is configured as OpenJDK ORB default.
number-to-reclaim
INT
false
true
TCP connection cache parameter. Each time number of connections exceeds tcp-high-water-mark property then ORB tries to reclaim connections. Number of reclaimed connections is specified by this property. If it is not set then it is configured as OpenJDK ORB default.
confidentiality
STRING
false
true
Indicates whether the transport must require confidentiality protection or not. Valid values are 'none', 'supported' and 'required'.
detect-misordering
STRING
false
true
Indicates whether the transport must require misordering detection or not. Valid values are 'none', 'supported' and 'required'.
detect-replay
STRING
false
true
Indicates whether the transport must require replay detection or not. Valid values are 'none', 'supported' and 'required'.
integrity
STRING
false
true
Indicates whether the transport must require integrity protection or not. Valid values are 'none', 'supported' and 'required'.
trust-in-client
STRING
false
true
Indicates if the transport must require trust in client to be established. Valid values are 'none', 'supported' and 'required'.
trust-in-target
STRING
false
true
Indicates if the transport must require trust in target to be established. Valid values are 'none' and 'supported'.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/cache/component/locking/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/cache/component/locking/index.html
new file mode 100644
index 000000000..4ce4f38a7
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/cache/component/locking/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/cache/component/partition-handling/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/cache/component/partition-handling/index.html
new file mode 100644
index 000000000..2d74ae897
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/cache/component/partition-handling/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The partition handling configuration for distributed and replicated caches.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (1)
availability Indicates the current availability of the cache.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
Operations (1)
force-available Forces a cache with degraded availability to become available.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/cache/component/persistence/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/cache/component/persistence/index.html
new file mode 100644
index 000000000..286e9c1a9
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/cache/component/persistence/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/cache/component/transaction/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/cache/component/transaction/index.html
new file mode 100644
index 000000000..fa11885c8
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/cache/component/transaction/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/cache/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/cache/index.html
new file mode 100644
index 000000000..1bfb49756
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/cache/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/backups/backup/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/backups/backup/index.html
new file mode 100644
index 000000000..40ac6e5b6
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/backups/backup/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
after-failures Indicates the number of failures after which this backup site should go offline.
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
enabled Indicates whether or not this backup site is enabled.
Deprecated Since 16.0.0
Deprecated. Ignored if specified.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
failure-policy The policy to follow when connectivity to the backup site fails.
Attribute
Value
Default Value
WARN
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
IGNORE WARN FAIL CUSTOM
min-wait Indicates the minimum time (in milliseconds) to wait after the max number of failures is reached, after which this backup site should go offline.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/backups/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/backups/index.html
new file mode 100644
index 000000000..5376ef795
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/backups/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove Removes remote backup support from this cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/expiration/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/expiration/index.html
new file mode 100644
index 000000000..9d02dcb2e
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/expiration/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
interval Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
lifespan Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-idle Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds an expiration configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
interval
LONG
false
true
60000
Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
lifespan
LONG
false
true
Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
max-idle
LONG
false
true
Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
remove Removes an expiration configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/locking/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/locking/index.html
new file mode 100644
index 000000000..679cbc098
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/locking/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
striping If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a locking configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
acquire-timeout
LONG
false
true
15000
Maximum time to attempt a particular lock acquisition.
concurrency-level
INT
false
true
1000
Concurrency level for lock containers. Adjust this value according to the number of concurrent threads interacting with Infinispan.
isolation
STRING
false
true
READ_COMMITTED
Sets the cache locking isolation level.
striping
BOOLEAN
false
true
false
If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
remove Removes a locking configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/partition-handling/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/partition-handling/index.html
new file mode 100644
index 000000000..f2d3f41e0
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/partition-handling/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/state-transfer/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/state-transfer/index.html
new file mode 100644
index 000000000..a123fd2b1
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/state-transfer/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The state transfer configuration for distributed and replicated caches.
Attributes (2)
chunk-size The maximum number of cache entries in a batch of transferred state.
Attribute
Value
Default Value
512
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
resource-services
timeout The maximum amount of time (ms) to wait for state from neighboring caches, before throwing an exception and aborting startup. If timeout is 0, state transfer is performed asynchronously, and the cache will be immediately available.
The maximum number of cache entries in a batch of transferred state.
timeout
LONG
false
true
240000
The maximum amount of time (ms) to wait for state from neighboring caches, before throwing an exception and aborting startup. If timeout is 0, state transfer is performed asynchronously, and the cache will be immediately available.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/transaction/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/transaction/index.html
new file mode 100644
index 000000000..b8ca778df
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/component/transaction/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
complete-timeout The duration (in ms) after which idle transactions are removed.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
locking The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
Attribute
Value
Default Value
PESSIMISTIC
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
OPTIMISTIC PESSIMISTIC
mode Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
Attribute
Value
Default Value
NONE
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
NONE BATCH NON_XA NON_DURABLE_XA FULL_XA
stop-timeout If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a transaction configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
locking
STRING
false
true
PESSIMISTIC
The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
mode
STRING
false
true
NONE
Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
stop-timeout
LONG
false
true
10000
If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
complete-timeout
LONG
false
true
60000
The duration (in ms) after which idle transactions are removed.
remove Removes a transaction configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/index.html
new file mode 100644
index 000000000..05da392b1
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
capacity-factor Controls the proportion of entries that will reside on the local node, compared to the other nodes in the cluster.
Attribute
Value
Default Value
1.0
Type
DOUBLE
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
l1-lifespan Maximum lifespan of an entry placed in the L1 cache. This element configures the L1 cache behavior in 'distributed' caches instances. In any other cache modes, this element is ignored.
Attribute
Value
Default Value
0
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
modules The set of modules associated with this cache's configuration.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
owners Number of cluster-wide replicas for each cache entry.
Attribute
Value
Default Value
2
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
resource-services
remote-timeout In SYNC mode, the timeout (in ms) used to wait for an acknowledgment when making a remote call, after which the call is aborted and an exception is thrown.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segments Controls the number of hash space segments which is the granularity for key distribution in the cluster. Value must be strictly positive.
Attribute
Value
Default Value
256
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
resource-services
statistics-enabled If enabled, statistics will be collected for this cache
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Add a distributed cache to this cache container
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
capacity-factor
DOUBLE
false
true
1.0
Controls the proportion of entries that will reside on the local node, compared to the other nodes in the cluster.
l1-lifespan
LONG
false
true
0
Maximum lifespan of an entry placed in the L1 cache. This element configures the L1 cache behavior in 'distributed' caches instances. In any other cache modes, this element is ignored.
owners
INT
false
true
2
Number of cluster-wide replicas for each cache entry.
segments
INT
false
true
256
Controls the number of hash space segments which is the granularity for key distribution in the cluster. Value must be strictly positive.
remote-timeout
LONG
false
true
10000
In SYNC mode, the timeout (in ms) used to wait for an acknowledgment when making a remote call, after which the call is aborted and an exception is thrown.
statistics-enabled
BOOLEAN
false
true
false
If enabled, statistics will be collected for this cache
modules
LIST
false
true
The set of modules associated with this cache's configuration.
remove Remove a distributed cache from this cache container
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/memory/binary/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/memory/binary/index.html
new file mode 100644
index 000000000..174664f01
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/memory/binary/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/memory/heap/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/memory/heap/index.html
new file mode 100644
index 000000000..4b41f81b4
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/memory/heap/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/memory/off-heap/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/memory/off-heap/index.html
new file mode 100644
index 000000000..3effb3cc3
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/memory/off-heap/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/index.html
new file mode 100644
index 000000000..287bb6923
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
class The custom store implementation class to use for this cache store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a basic cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
class
STRING
true
true
The custom store implementation class to use for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache store configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/property/index.html
new file mode 100644
index 000000000..497ef66c8
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/write/behind/index.html
new file mode 100644
index 000000000..2cdf4a522
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/write/through/index.html
new file mode 100644
index 000000000..d28d5eb4f
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/custom/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a write-through configuration to the store.
remove Remove a write-through configuration to the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/index.html
new file mode 100644
index 000000000..4fa542198
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
path The system path under which this cache store will persist its entries.
Deprecated Since 16.0.0
Deprecated. Uses the persistence location of the associated cache container.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (3)
add Adds a file cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
path
STRING
false
true
The system path under which this cache store will persist its entries.
relative-to
STRING
false
false
The system path to which the specified path is relative.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache file store configuration element from the cache.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Deprecated Since 16.0.0
Deprecated; will be removed in a future release.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
type
STRING
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/property/index.html
new file mode 100644
index 000000000..03f76559b
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/write/behind/index.html
new file mode 100644
index 000000000..5500ea3d8
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/write/through/index.html
new file mode 100644
index 000000000..f93efa9c1
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/file/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a write-through configuration to the store.
remove Remove a write-through configuration to the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/index.html
new file mode 100644
index 000000000..1bf99f87b
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
cache-configuration Name of the cache configuration template defined in Infinispan Server to create caches from.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Name of the cache configuration template defined in Infinispan Server to create caches from.
remote-cache-container
STRING
true
false
Reference to a container-managed remote-cache-container.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/write/behind/index.html
new file mode 100644
index 000000000..b4f39594c
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/write/through/index.html
new file mode 100644
index 000000000..1f179bf1f
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/hotrod/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a write-through configuration to the store.
remove Remove a write-through configuration to the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/index.html
new file mode 100644
index 000000000..855b32dc0
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a JDBC cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
data-source
STRING
true
false
References the data source used to connect to this store.
dialect
STRING
false
true
The dialect of this datastore.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a JDBC cache store configuration element to the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/property/index.html
new file mode 100644
index 000000000..5c01b59e2
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/table/string/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/table/string/index.html
new file mode 100644
index 000000000..c24e94c46
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/table/string/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
segment-column A database column to hold cache entry segment.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
timestamp-column A database column to hold cache entry timestamps.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Adds a table used to store cache entries whose keys can be expressed as strings.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
prefix
STRING
false
true
ispn_entry
The prefix for the database table name.
fetch-size
INT
false
true
100
For DB queries, the fetch size will be used to set the fetch size on ResultSets.
create-on-start
BOOLEAN
false
true
true
Indicates whether the store should create this database table when the cache starts.
drop-on-stop
BOOLEAN
false
true
false
Indicates whether the store should drop this database table when the cache stops.
id-column
OBJECT
false
false
A database column to hold cache entry ids.
data-column
OBJECT
false
false
A database column to hold cache entry data.
segment-column
OBJECT
false
false
A database column to hold cache entry segment.
timestamp-column
OBJECT
false
false
A database column to hold cache entry timestamps.
remove Removes a table used to store cache entries whose keys can be expressed as strings.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/write/behind/index.html
new file mode 100644
index 000000000..1cfb0b0df
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/write/through/index.html
new file mode 100644
index 000000000..3ebb068f2
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/jdbc/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/none/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/none/index.html
new file mode 100644
index 000000000..4399ea8c8
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/none/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove Removes a store-less configuration from this cache
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/index.html
new file mode 100644
index 000000000..e73e3d18a
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
cache The name of the remote cache to use for this remote store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
socket-timeout A socket timeout for remote cache communication.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
tcp-no-delay A TCP_NODELAY value for remote cache communication.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a remote cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
cache
STRING
true
true
The name of the remote cache to use for this remote store.
socket-timeout
LONG
false
true
60000
A socket timeout for remote cache communication.
tcp-no-delay
BOOLEAN
false
true
true
A TCP_NODELAY value for remote cache communication.
remote-servers
LIST
true
false
A list of remote servers for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache remote store configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/property/index.html
new file mode 100644
index 000000000..7eda66c0c
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/write/behind/index.html
new file mode 100644
index 000000000..6c01de537
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/write/through/index.html
new file mode 100644
index 000000000..6f45697a2
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/distributed-cache/store/remote/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a write-through configuration to the store.
remove Remove a write-through configuration to the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/index.html
new file mode 100644
index 000000000..ec9866c3f
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
is-coordinator Set to true if this node is the cluster's coordinator. May return null if the cache manager is not started.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
local-address The local address of the node. May return null if the cache manager is not started.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
marshaller Defines the marshalling implementation used to marshal cache entries.
Attribute
Value
Default Value
LEGACY
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
modules The set of modules associated with this cache container's configuration.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
resource-services
statistics-enabled If enabled, statistics will be collected for this cache container
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Add a cache container to the infinispan subsystem
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
default-cache
STRING
false
false
The default infinispan cache
statistics-enabled
BOOLEAN
false
true
false
If enabled, statistics will be collected for this cache container
marshaller
STRING
false
true
LEGACY
Defines the marshalling implementation used to marshal cache entries.
aliases
LIST
false
false
The list of aliases for this cache container
modules
LIST
false
false
The set of modules associated with this cache container's configuration.
remove Remove a cache container from the infinispan subsystem
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/expiration/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/expiration/index.html
new file mode 100644
index 000000000..d4bb25e30
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/expiration/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
interval Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
lifespan Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-idle Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds an expiration configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
interval
LONG
false
true
60000
Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
lifespan
LONG
false
true
Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
max-idle
LONG
false
true
Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
remove Removes an expiration configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/locking/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/locking/index.html
new file mode 100644
index 000000000..8d1f8fdb4
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/locking/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
striping If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a locking configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
acquire-timeout
LONG
false
true
15000
Maximum time to attempt a particular lock acquisition.
concurrency-level
INT
false
true
1000
Concurrency level for lock containers. Adjust this value according to the number of concurrent threads interacting with Infinispan.
isolation
STRING
false
true
READ_COMMITTED
Sets the cache locking isolation level.
striping
BOOLEAN
false
true
false
If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
remove Removes a locking configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/transaction/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/transaction/index.html
new file mode 100644
index 000000000..66ac34ffd
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/component/transaction/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
complete-timeout The duration (in ms) after which idle transactions are removed.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
locking The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
Attribute
Value
Default Value
PESSIMISTIC
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
OPTIMISTIC PESSIMISTIC
mode Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
Attribute
Value
Default Value
NONE
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
NONE BATCH NON_XA NON_DURABLE_XA FULL_XA
stop-timeout If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a transaction configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
locking
STRING
false
true
PESSIMISTIC
The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
mode
STRING
false
true
NONE
Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
stop-timeout
LONG
false
true
10000
If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
complete-timeout
LONG
false
true
60000
The duration (in ms) after which idle transactions are removed.
remove Removes a transaction configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/index.html
new file mode 100644
index 000000000..7f14ba8f0
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
modules The set of modules associated with this cache's configuration.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
remote-timeout In SYNC mode, the timeout (in ms) used to wait for an acknowledgment when making a remote call, after which the call is aborted and an exception is thrown.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
statistics-enabled If enabled, statistics will be collected for this cache
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Add an invalidation cache to this cache container
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
remote-timeout
LONG
false
true
10000
In SYNC mode, the timeout (in ms) used to wait for an acknowledgment when making a remote call, after which the call is aborted and an exception is thrown.
statistics-enabled
BOOLEAN
false
true
false
If enabled, statistics will be collected for this cache
modules
LIST
false
true
The set of modules associated with this cache's configuration.
remove Remove an invalidation cache from this cache container
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/memory/binary/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/memory/binary/index.html
new file mode 100644
index 000000000..ebb9469b1
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/memory/binary/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/memory/heap/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/memory/heap/index.html
new file mode 100644
index 000000000..e45c5f287
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/memory/heap/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/memory/off-heap/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/memory/off-heap/index.html
new file mode 100644
index 000000000..f07274893
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/memory/off-heap/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/index.html
new file mode 100644
index 000000000..11f03a46b
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
class The custom store implementation class to use for this cache store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a basic cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
class
STRING
true
true
The custom store implementation class to use for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache store configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/property/index.html
new file mode 100644
index 000000000..33144f5bf
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/write/behind/index.html
new file mode 100644
index 000000000..9893511d8
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/write/through/index.html
new file mode 100644
index 000000000..811309b4b
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/custom/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a write-through configuration to the store.
remove Remove a write-through configuration to the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/index.html
new file mode 100644
index 000000000..2cd2a3fb3
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
path The system path under which this cache store will persist its entries.
Deprecated Since 16.0.0
Deprecated. Uses the persistence location of the associated cache container.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (3)
add Adds a file cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
path
STRING
false
true
The system path under which this cache store will persist its entries.
relative-to
STRING
false
false
The system path to which the specified path is relative.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache file store configuration element from the cache.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Deprecated Since 16.0.0
Deprecated; will be removed in a future release.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
type
STRING
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/property/index.html
new file mode 100644
index 000000000..fadcf8dc5
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/write/behind/index.html
new file mode 100644
index 000000000..d3553b387
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/write/through/index.html
new file mode 100644
index 000000000..124b4500f
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/file/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a write-through configuration to the store.
remove Remove a write-through configuration to the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/index.html
new file mode 100644
index 000000000..493c6d6a6
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
cache-configuration Name of the cache configuration template defined in Infinispan Server to create caches from.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Name of the cache configuration template defined in Infinispan Server to create caches from.
remote-cache-container
STRING
true
false
Reference to a container-managed remote-cache-container.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/write/behind/index.html
new file mode 100644
index 000000000..570ec923d
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/write/through/index.html
new file mode 100644
index 000000000..9f079d277
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/hotrod/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a write-through configuration to the store.
remove Remove a write-through configuration to the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/index.html
new file mode 100644
index 000000000..7b2315fc0
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a JDBC cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
data-source
STRING
true
false
References the data source used to connect to this store.
dialect
STRING
false
true
The dialect of this datastore.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a JDBC cache store configuration element to the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/property/index.html
new file mode 100644
index 000000000..038d0cc57
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/table/string/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/table/string/index.html
new file mode 100644
index 000000000..d1675cda5
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/table/string/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
segment-column A database column to hold cache entry segment.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
timestamp-column A database column to hold cache entry timestamps.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Adds a table used to store cache entries whose keys can be expressed as strings.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
prefix
STRING
false
true
ispn_entry
The prefix for the database table name.
fetch-size
INT
false
true
100
For DB queries, the fetch size will be used to set the fetch size on ResultSets.
create-on-start
BOOLEAN
false
true
true
Indicates whether the store should create this database table when the cache starts.
drop-on-stop
BOOLEAN
false
true
false
Indicates whether the store should drop this database table when the cache stops.
id-column
OBJECT
false
false
A database column to hold cache entry ids.
data-column
OBJECT
false
false
A database column to hold cache entry data.
segment-column
OBJECT
false
false
A database column to hold cache entry segment.
timestamp-column
OBJECT
false
false
A database column to hold cache entry timestamps.
remove Removes a table used to store cache entries whose keys can be expressed as strings.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/write/behind/index.html
new file mode 100644
index 000000000..cb7a6388a
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/write/through/index.html
new file mode 100644
index 000000000..6d7d084b1
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/jdbc/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/none/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/none/index.html
new file mode 100644
index 000000000..3a8d6d474
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/none/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove Removes a store-less configuration from this cache
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/index.html
new file mode 100644
index 000000000..573e2e886
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
cache The name of the remote cache to use for this remote store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
socket-timeout A socket timeout for remote cache communication.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
tcp-no-delay A TCP_NODELAY value for remote cache communication.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a remote cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
cache
STRING
true
true
The name of the remote cache to use for this remote store.
socket-timeout
LONG
false
true
60000
A socket timeout for remote cache communication.
tcp-no-delay
BOOLEAN
false
true
true
A TCP_NODELAY value for remote cache communication.
remote-servers
LIST
true
false
A list of remote servers for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache remote store configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/property/index.html
new file mode 100644
index 000000000..dc9641362
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/write/behind/index.html
new file mode 100644
index 000000000..9955819ab
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/write/through/index.html
new file mode 100644
index 000000000..c93ecb224
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/invalidation-cache/store/remote/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a write-through configuration to the store.
remove Remove a write-through configuration to the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/component/expiration/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/component/expiration/index.html
new file mode 100644
index 000000000..8d9253ce4
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/component/expiration/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
interval Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
lifespan Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-idle Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds an expiration configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
interval
LONG
false
true
60000
Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
lifespan
LONG
false
true
Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
max-idle
LONG
false
true
Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
remove Removes an expiration configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/component/locking/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/component/locking/index.html
new file mode 100644
index 000000000..c8d76e75d
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/component/locking/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
striping If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a locking configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
acquire-timeout
LONG
false
true
15000
Maximum time to attempt a particular lock acquisition.
concurrency-level
INT
false
true
1000
Concurrency level for lock containers. Adjust this value according to the number of concurrent threads interacting with Infinispan.
isolation
STRING
false
true
READ_COMMITTED
Sets the cache locking isolation level.
striping
BOOLEAN
false
true
false
If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
remove Removes a locking configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/component/transaction/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/component/transaction/index.html
new file mode 100644
index 000000000..06c4f20e2
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/component/transaction/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
complete-timeout The duration (in ms) after which idle transactions are removed.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
locking The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
Attribute
Value
Default Value
PESSIMISTIC
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
OPTIMISTIC PESSIMISTIC
mode Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
Attribute
Value
Default Value
NONE
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
NONE BATCH NON_XA NON_DURABLE_XA FULL_XA
stop-timeout If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a transaction configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
locking
STRING
false
true
PESSIMISTIC
The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
mode
STRING
false
true
NONE
Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
stop-timeout
LONG
false
true
10000
If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
complete-timeout
LONG
false
true
60000
The duration (in ms) after which idle transactions are removed.
remove Removes a transaction configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/index.html
new file mode 100644
index 000000000..49ba518ba
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/memory/heap/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/memory/heap/index.html
new file mode 100644
index 000000000..4dd58fc14
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/memory/heap/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/memory/off-heap/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/memory/off-heap/index.html
new file mode 100644
index 000000000..6ea0ff7b7
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/memory/off-heap/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/index.html
new file mode 100644
index 000000000..a7f0da186
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
class The custom store implementation class to use for this cache store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a basic cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
class
STRING
true
true
The custom store implementation class to use for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache store configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/property/index.html
new file mode 100644
index 000000000..cd1a8b528
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/write/behind/index.html
new file mode 100644
index 000000000..086b18058
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/write/through/index.html
new file mode 100644
index 000000000..508520214
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/custom/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a write-through configuration to the store.
remove Remove a write-through configuration to the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/index.html
new file mode 100644
index 000000000..e5ee36dc6
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
path The system path under which this cache store will persist its entries.
Deprecated Since 16.0.0
Deprecated. Uses the persistence location of the associated cache container.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (3)
add Adds a file cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
path
STRING
false
true
The system path under which this cache store will persist its entries.
relative-to
STRING
false
false
The system path to which the specified path is relative.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache file store configuration element from the cache.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Deprecated Since 16.0.0
Deprecated; will be removed in a future release.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
type
STRING
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/property/index.html
new file mode 100644
index 000000000..b564a39aa
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/write/behind/index.html
new file mode 100644
index 000000000..1155d6469
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/write/through/index.html
new file mode 100644
index 000000000..665c1e723
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/file/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a write-through configuration to the store.
remove Remove a write-through configuration to the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/index.html
new file mode 100644
index 000000000..f4d619de6
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
cache-configuration Name of the cache configuration template defined in Infinispan Server to create caches from.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Name of the cache configuration template defined in Infinispan Server to create caches from.
remote-cache-container
STRING
true
false
Reference to a container-managed remote-cache-container.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/write/behind/index.html
new file mode 100644
index 000000000..8e071d3a1
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/write/through/index.html
new file mode 100644
index 000000000..a89152145
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/hotrod/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a write-through configuration to the store.
remove Remove a write-through configuration to the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/index.html
new file mode 100644
index 000000000..61a446ecc
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a JDBC cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
data-source
STRING
true
false
References the data source used to connect to this store.
dialect
STRING
false
true
The dialect of this datastore.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a JDBC cache store configuration element to the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/property/index.html
new file mode 100644
index 000000000..78dca6952
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/table/string/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/table/string/index.html
new file mode 100644
index 000000000..40287d55c
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/table/string/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
segment-column A database column to hold cache entry segment.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
timestamp-column A database column to hold cache entry timestamps.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Adds a table used to store cache entries whose keys can be expressed as strings.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
prefix
STRING
false
true
ispn_entry
The prefix for the database table name.
fetch-size
INT
false
true
100
For DB queries, the fetch size will be used to set the fetch size on ResultSets.
create-on-start
BOOLEAN
false
true
true
Indicates whether the store should create this database table when the cache starts.
drop-on-stop
BOOLEAN
false
true
false
Indicates whether the store should drop this database table when the cache stops.
id-column
OBJECT
false
false
A database column to hold cache entry ids.
data-column
OBJECT
false
false
A database column to hold cache entry data.
segment-column
OBJECT
false
false
A database column to hold cache entry segment.
timestamp-column
OBJECT
false
false
A database column to hold cache entry timestamps.
remove Removes a table used to store cache entries whose keys can be expressed as strings.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/write/behind/index.html
new file mode 100644
index 000000000..314d42074
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/write/through/index.html
new file mode 100644
index 000000000..aa6b24834
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/jdbc/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/none/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/none/index.html
new file mode 100644
index 000000000..6149cbc34
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/none/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove Removes a store-less configuration from this cache
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/index.html
new file mode 100644
index 000000000..14b58a5e7
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
cache The name of the remote cache to use for this remote store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
socket-timeout A socket timeout for remote cache communication.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
tcp-no-delay A TCP_NODELAY value for remote cache communication.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a remote cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
cache
STRING
true
true
The name of the remote cache to use for this remote store.
socket-timeout
LONG
false
true
60000
A socket timeout for remote cache communication.
tcp-no-delay
BOOLEAN
false
true
true
A TCP_NODELAY value for remote cache communication.
remote-servers
LIST
true
false
A list of remote servers for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache remote store configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/property/index.html
new file mode 100644
index 000000000..9a187d43c
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/write/behind/index.html
new file mode 100644
index 000000000..4be9fa066
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/write/through/index.html
new file mode 100644
index 000000000..bdb79e9ba
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/local-cache/store/remote/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/backups/backup/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/backups/backup/index.html
new file mode 100644
index 000000000..9a7b56acc
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/backups/backup/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
after-failures Indicates the number of failures after which this backup site should go offline.
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
enabled Indicates whether or not this backup site is enabled.
Deprecated Since 16.0.0
Deprecated. Ignored if specified.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
failure-policy The policy to follow when connectivity to the backup site fails.
Attribute
Value
Default Value
WARN
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
IGNORE WARN FAIL CUSTOM
min-wait Indicates the minimum time (in milliseconds) to wait after the max number of failures is reached, after which this backup site should go offline.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/backups/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/backups/index.html
new file mode 100644
index 000000000..ba7e8c0b1
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/backups/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove Removes remote backup support from this cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/expiration/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/expiration/index.html
new file mode 100644
index 000000000..3da6c0e06
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/expiration/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
interval Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
lifespan Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-idle Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds an expiration configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
interval
LONG
false
true
60000
Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
lifespan
LONG
false
true
Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
max-idle
LONG
false
true
Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
remove Removes an expiration configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/locking/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/locking/index.html
new file mode 100644
index 000000000..d5bc9448d
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/locking/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
striping If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a locking configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
acquire-timeout
LONG
false
true
15000
Maximum time to attempt a particular lock acquisition.
concurrency-level
INT
false
true
1000
Concurrency level for lock containers. Adjust this value according to the number of concurrent threads interacting with Infinispan.
isolation
STRING
false
true
READ_COMMITTED
Sets the cache locking isolation level.
striping
BOOLEAN
false
true
false
If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
remove Removes a locking configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/partition-handling/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/partition-handling/index.html
new file mode 100644
index 000000000..6edf442bc
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/partition-handling/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/state-transfer/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/state-transfer/index.html
new file mode 100644
index 000000000..41b31c3d8
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/state-transfer/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The state transfer configuration for distributed and replicated caches.
Attributes (2)
chunk-size The maximum number of cache entries in a batch of transferred state.
Attribute
Value
Default Value
512
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
resource-services
timeout The maximum amount of time (ms) to wait for state from neighboring caches, before throwing an exception and aborting startup. If timeout is 0, state transfer is performed asynchronously, and the cache will be immediately available.
The maximum number of cache entries in a batch of transferred state.
timeout
LONG
false
true
240000
The maximum amount of time (ms) to wait for state from neighboring caches, before throwing an exception and aborting startup. If timeout is 0, state transfer is performed asynchronously, and the cache will be immediately available.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/transaction/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/transaction/index.html
new file mode 100644
index 000000000..3628f6086
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/component/transaction/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
complete-timeout The duration (in ms) after which idle transactions are removed.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
locking The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
Attribute
Value
Default Value
PESSIMISTIC
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
OPTIMISTIC PESSIMISTIC
mode Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
Attribute
Value
Default Value
NONE
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
NONE BATCH NON_XA NON_DURABLE_XA FULL_XA
stop-timeout If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a transaction configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
locking
STRING
false
true
PESSIMISTIC
The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
mode
STRING
false
true
NONE
Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
stop-timeout
LONG
false
true
10000
If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
complete-timeout
LONG
false
true
60000
The duration (in ms) after which idle transactions are removed.
remove Removes a transaction configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/index.html
new file mode 100644
index 000000000..92898160e
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
modules The set of modules associated with this cache's configuration.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
remote-timeout In SYNC mode, the timeout (in ms) used to wait for an acknowledgment when making a remote call, after which the call is aborted and an exception is thrown.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
statistics-enabled If enabled, statistics will be collected for this cache
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Add a replicated cache to this cache container
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
remote-timeout
LONG
false
true
10000
In SYNC mode, the timeout (in ms) used to wait for an acknowledgment when making a remote call, after which the call is aborted and an exception is thrown.
statistics-enabled
BOOLEAN
false
true
false
If enabled, statistics will be collected for this cache
modules
LIST
false
true
The set of modules associated with this cache's configuration.
remove Remove a replicated cache from this cache container
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/memory/binary/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/memory/binary/index.html
new file mode 100644
index 000000000..9b6c0490e
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/memory/binary/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/memory/heap/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/memory/heap/index.html
new file mode 100644
index 000000000..9d38f62f6
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/memory/heap/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/memory/off-heap/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/memory/off-heap/index.html
new file mode 100644
index 000000000..612bc3afb
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/memory/off-heap/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/index.html
new file mode 100644
index 000000000..d05fc0cf3
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
class The custom store implementation class to use for this cache store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a basic cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
class
STRING
true
true
The custom store implementation class to use for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache store configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/property/index.html
new file mode 100644
index 000000000..2447b2eff
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/write/behind/index.html
new file mode 100644
index 000000000..6158ca247
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/write/through/index.html
new file mode 100644
index 000000000..dda900083
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/custom/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a write-through configuration to the store.
remove Remove a write-through configuration to the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/index.html
new file mode 100644
index 000000000..47bcad4f1
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
path The system path under which this cache store will persist its entries.
Deprecated Since 16.0.0
Deprecated. Uses the persistence location of the associated cache container.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (3)
add Adds a file cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
path
STRING
false
true
The system path under which this cache store will persist its entries.
relative-to
STRING
false
false
The system path to which the specified path is relative.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache file store configuration element from the cache.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Deprecated Since 16.0.0
Deprecated; will be removed in a future release.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
type
STRING
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/property/index.html
new file mode 100644
index 000000000..7badd30d3
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/write/behind/index.html
new file mode 100644
index 000000000..15a7e8c89
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/write/through/index.html
new file mode 100644
index 000000000..3d39c6586
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/file/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a write-through configuration to the store.
remove Remove a write-through configuration to the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/index.html
new file mode 100644
index 000000000..029b40f51
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
cache-configuration Name of the cache configuration template defined in Infinispan Server to create caches from.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Name of the cache configuration template defined in Infinispan Server to create caches from.
remote-cache-container
STRING
true
false
Reference to a container-managed remote-cache-container.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/write/behind/index.html
new file mode 100644
index 000000000..556492f07
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/write/through/index.html
new file mode 100644
index 000000000..838fd3ba3
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/hotrod/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a write-through configuration to the store.
remove Remove a write-through configuration to the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/index.html
new file mode 100644
index 000000000..fd65ae3ac
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a JDBC cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
data-source
STRING
true
false
References the data source used to connect to this store.
dialect
STRING
false
true
The dialect of this datastore.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a JDBC cache store configuration element to the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/property/index.html
new file mode 100644
index 000000000..aabf871dd
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/table/string/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/table/string/index.html
new file mode 100644
index 000000000..94da4fd9c
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/table/string/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
segment-column A database column to hold cache entry segment.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
timestamp-column A database column to hold cache entry timestamps.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Adds a table used to store cache entries whose keys can be expressed as strings.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
prefix
STRING
false
true
ispn_entry
The prefix for the database table name.
fetch-size
INT
false
true
100
For DB queries, the fetch size will be used to set the fetch size on ResultSets.
create-on-start
BOOLEAN
false
true
true
Indicates whether the store should create this database table when the cache starts.
drop-on-stop
BOOLEAN
false
true
false
Indicates whether the store should drop this database table when the cache stops.
id-column
OBJECT
false
false
A database column to hold cache entry ids.
data-column
OBJECT
false
false
A database column to hold cache entry data.
segment-column
OBJECT
false
false
A database column to hold cache entry segment.
timestamp-column
OBJECT
false
false
A database column to hold cache entry timestamps.
remove Removes a table used to store cache entries whose keys can be expressed as strings.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/write/behind/index.html
new file mode 100644
index 000000000..a64ae0bf1
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/write/through/index.html
new file mode 100644
index 000000000..499a49bd7
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/jdbc/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/none/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/none/index.html
new file mode 100644
index 000000000..9f7abe7d2
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/none/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove Removes a store-less configuration from this cache
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/index.html
new file mode 100644
index 000000000..db43ba543
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
cache The name of the remote cache to use for this remote store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
socket-timeout A socket timeout for remote cache communication.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
tcp-no-delay A TCP_NODELAY value for remote cache communication.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a remote cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
cache
STRING
true
true
The name of the remote cache to use for this remote store.
socket-timeout
LONG
false
true
60000
A socket timeout for remote cache communication.
tcp-no-delay
BOOLEAN
false
true
true
A TCP_NODELAY value for remote cache communication.
remote-servers
LIST
true
false
A list of remote servers for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache remote store configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/property/index.html
new file mode 100644
index 000000000..8b11ba6aa
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/write/behind/index.html
new file mode 100644
index 000000000..061262e58
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/write/through/index.html
new file mode 100644
index 000000000..c812e0afa
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/replicated-cache/store/remote/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/backups/backup/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/backups/backup/index.html
new file mode 100644
index 000000000..478fa653b
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/backups/backup/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
after-failures Indicates the number of failures after which this backup site should go offline.
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
enabled Indicates whether or not this backup site is enabled.
Deprecated Since 16.0.0
Deprecated. Ignored if specified.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
failure-policy The policy to follow when connectivity to the backup site fails.
Attribute
Value
Default Value
WARN
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
IGNORE WARN FAIL CUSTOM
min-wait Indicates the minimum time (in milliseconds) to wait after the max number of failures is reached, after which this backup site should go offline.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/backups/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/backups/index.html
new file mode 100644
index 000000000..9bc69d9d6
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/backups/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove Removes remote backup support from this cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/expiration/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/expiration/index.html
new file mode 100644
index 000000000..5115210f5
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/expiration/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
interval Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
lifespan Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-idle Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds an expiration configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
interval
LONG
false
true
60000
Interval (in milliseconds) between subsequent runs to purge expired entries from memory and any cache stores. If you wish to disable the periodic eviction process altogether, set wakeupInterval to -1.
lifespan
LONG
false
true
Maximum lifespan of a cache entry, after which the entry is expired cluster-wide, in milliseconds. -1 means the entries never expire.
max-idle
LONG
false
true
Maximum idle time a cache entry will be maintained in the cache, in milliseconds. If the idle time is exceeded, the entry will be expired cluster-wide. -1 means the entries never expire.
remove Removes an expiration configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/locking/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/locking/index.html
new file mode 100644
index 000000000..62901373f
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/locking/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
striping If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a locking configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
acquire-timeout
LONG
false
true
15000
Maximum time to attempt a particular lock acquisition.
concurrency-level
INT
false
true
1000
Concurrency level for lock containers. Adjust this value according to the number of concurrent threads interacting with Infinispan.
isolation
STRING
false
true
READ_COMMITTED
Sets the cache locking isolation level.
striping
BOOLEAN
false
true
false
If true, a pool of shared locks is maintained for all entries that need to be locked. Otherwise, a lock is created per entry in the cache. Lock striping helps control memory footprint but may reduce concurrency in the system.
remove Removes a locking configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/partition-handling/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/partition-handling/index.html
new file mode 100644
index 000000000..4e2a2d813
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/partition-handling/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/state-transfer/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/state-transfer/index.html
new file mode 100644
index 000000000..6749b4e45
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/state-transfer/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The state transfer configuration for distributed and replicated caches.
Attributes (2)
chunk-size The maximum number of cache entries in a batch of transferred state.
Attribute
Value
Default Value
512
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
resource-services
timeout The maximum amount of time (ms) to wait for state from neighboring caches, before throwing an exception and aborting startup. If timeout is 0, state transfer is performed asynchronously, and the cache will be immediately available.
The maximum number of cache entries in a batch of transferred state.
timeout
LONG
false
true
240000
The maximum amount of time (ms) to wait for state from neighboring caches, before throwing an exception and aborting startup. If timeout is 0, state transfer is performed asynchronously, and the cache will be immediately available.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/transaction/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/transaction/index.html
new file mode 100644
index 000000000..d9c7b8abb
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/component/transaction/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
complete-timeout The duration (in ms) after which idle transactions are removed.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
locking The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
Attribute
Value
Default Value
PESSIMISTIC
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
OPTIMISTIC PESSIMISTIC
mode Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
Attribute
Value
Default Value
NONE
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
NONE BATCH NON_XA NON_DURABLE_XA FULL_XA
stop-timeout If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a transaction configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
locking
STRING
false
true
PESSIMISTIC
The locking mode for this cache, one of OPTIMISTIC or PESSIMISTIC.
mode
STRING
false
true
NONE
Sets the cache transaction mode to one of NONE, NON_XA, NON_DURABLE_XA, FULL_XA.
stop-timeout
LONG
false
true
10000
If there are any ongoing transactions when a cache is stopped, Infinispan waits for ongoing remote and local transactions to finish. The amount of time to wait for is defined by the cache stop timeout.
complete-timeout
LONG
false
true
60000
The duration (in ms) after which idle transactions are removed.
remove Removes a transaction configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/index.html
new file mode 100644
index 000000000..1d4b87ac3
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
modules The set of modules associated with this cache's configuration.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
remote-timeout In SYNC mode, the timeout (in ms) used to wait for an acknowledgment when making a remote call, after which the call is aborted and an exception is thrown.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segments Controls the number of hash space segments which is the granularity for key distribution in the cluster. Value must be strictly positive.
Attribute
Value
Default Value
256
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
resource-services
statistics-enabled If enabled, statistics will be collected for this cache
When greater than zero, specifies the duration (in ms) that a cache entry will be cached on a non-owner following a write operation.
invalidation-batch-size
INT
false
true
128
The threshold after which batched invalidations are sent.
segments
INT
false
true
256
Controls the number of hash space segments which is the granularity for key distribution in the cluster. Value must be strictly positive.
remote-timeout
LONG
false
true
10000
In SYNC mode, the timeout (in ms) used to wait for an acknowledgment when making a remote call, after which the call is aborted and an exception is thrown.
statistics-enabled
BOOLEAN
false
true
false
If enabled, statistics will be collected for this cache
modules
LIST
false
true
The set of modules associated with this cache's configuration.
remove Remove a scattered cache from this cache container
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/memory/binary/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/memory/binary/index.html
new file mode 100644
index 000000000..7d3042887
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/memory/binary/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/memory/heap/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/memory/heap/index.html
new file mode 100644
index 000000000..2a14228e9
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/memory/heap/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/memory/off-heap/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/memory/off-heap/index.html
new file mode 100644
index 000000000..d7d88a766
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/memory/off-heap/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/index.html
new file mode 100644
index 000000000..99b4acba9
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
class The custom store implementation class to use for this cache store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a basic cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
class
STRING
true
true
The custom store implementation class to use for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache store configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/property/index.html
new file mode 100644
index 000000000..0a05224f9
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/write/behind/index.html
new file mode 100644
index 000000000..dfa4d2527
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/write/through/index.html
new file mode 100644
index 000000000..4caaf0ca8
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/custom/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a write-through configuration to the store.
remove Remove a write-through configuration to the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/index.html
new file mode 100644
index 000000000..ae1769e46
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
path The system path under which this cache store will persist its entries.
Deprecated Since 16.0.0
Deprecated. Uses the persistence location of the associated cache container.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (3)
add Adds a file cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
path
STRING
false
true
The system path under which this cache store will persist its entries.
relative-to
STRING
false
false
The system path to which the specified path is relative.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache file store configuration element from the cache.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Deprecated Since 16.0.0
Deprecated; will be removed in a future release.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
type
STRING
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/property/index.html
new file mode 100644
index 000000000..92a487e36
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/write/behind/index.html
new file mode 100644
index 000000000..5c11b24f3
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/write/through/index.html
new file mode 100644
index 000000000..73015f6db
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/file/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a write-through configuration to the store.
remove Remove a write-through configuration to the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/index.html
new file mode 100644
index 000000000..6c7cef9aa
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
cache-configuration Name of the cache configuration template defined in Infinispan Server to create caches from.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Name of the cache configuration template defined in Infinispan Server to create caches from.
remote-cache-container
STRING
true
false
Reference to a container-managed remote-cache-container.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/write/behind/index.html
new file mode 100644
index 000000000..b535becea
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/write/through/index.html
new file mode 100644
index 000000000..34d08c8fe
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/hotrod/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a write-through configuration to the store.
remove Remove a write-through configuration to the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/index.html
new file mode 100644
index 000000000..6b11ed125
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge If true, purges this cache store when it starts up.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a JDBC cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
data-source
STRING
true
false
References the data source used to connect to this store.
dialect
STRING
false
true
The dialect of this datastore.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a JDBC cache store configuration element to the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/property/index.html
new file mode 100644
index 000000000..4eee4e558
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/table/string/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/table/string/index.html
new file mode 100644
index 000000000..3489ce8e0
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/table/string/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
segment-column A database column to hold cache entry segment.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
timestamp-column A database column to hold cache entry timestamps.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Adds a table used to store cache entries whose keys can be expressed as strings.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
prefix
STRING
false
true
ispn_entry
The prefix for the database table name.
fetch-size
INT
false
true
100
For DB queries, the fetch size will be used to set the fetch size on ResultSets.
create-on-start
BOOLEAN
false
true
true
Indicates whether the store should create this database table when the cache starts.
drop-on-stop
BOOLEAN
false
true
false
Indicates whether the store should drop this database table when the cache stops.
id-column
OBJECT
false
false
A database column to hold cache entry ids.
data-column
OBJECT
false
false
A database column to hold cache entry data.
segment-column
OBJECT
false
false
A database column to hold cache entry segment.
timestamp-column
OBJECT
false
false
A database column to hold cache entry timestamps.
remove Removes a table used to store cache entries whose keys can be expressed as strings.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/write/behind/index.html
new file mode 100644
index 000000000..f1f3ffef8
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/write/through/index.html
new file mode 100644
index 000000000..8d1e4af98
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/jdbc/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/none/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/none/index.html
new file mode 100644
index 000000000..8b5b5451d
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/none/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove Removes a store-less configuration from this cache
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/index.html
new file mode 100644
index 000000000..9a4594c22
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
cache The name of the remote cache to use for this remote store.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
fetch-state If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
Deprecated Since 16.0.0
Deprecated. Persistent state will always be fetched if store is not shared.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-batch-size The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
passivation If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
preload If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
segmented Indicates whether or not this cache store should be segment aware.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
shared This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
socket-timeout A socket timeout for remote cache communication.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
tcp-no-delay A TCP_NODELAY value for remote cache communication.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a remote cache store configuration element to the cache.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
cache
STRING
true
true
The name of the remote cache to use for this remote store.
socket-timeout
LONG
false
true
60000
A socket timeout for remote cache communication.
tcp-no-delay
BOOLEAN
false
true
true
A TCP_NODELAY value for remote cache communication.
remote-servers
LIST
true
false
A list of remote servers for this cache store.
max-batch-size
INT
false
true
100
The maximum size of a batch to be inserted/deleted from the store. If the value is less than one, then no upper limit is placed on the number of operations in a batch.
passivation
BOOLEAN
false
true
false
If true, data is only written to the cache store when it is evicted from memory, a phenomenon known as 'passivation'. Next time the data is requested, it will be 'activated' which means that data will be brought back to memory and removed from the persistent store. If false, the cache store contains a copy of the contents in memory, so writes to cache result in cache store writes. This essentially gives you a 'write-through' configuration.
preload
BOOLEAN
false
true
false
If true, when the cache starts, data stored in the cache store will be pre-loaded into memory. This is particularly useful when data in the cache store will be needed immediately after startup and you want to avoid cache operations being delayed as a result of loading this data lazily. Can be used to provide a 'warm-cache' on startup, however there is a performance penalty as startup time is affected by this process.
purge
BOOLEAN
false
true
false
If true, purges this cache store when it starts up.
shared
BOOLEAN
false
true
false
This setting should be set to true when multiple cache instances share the same cache store (e.g., multiple nodes in a cluster using a JDBC-based CacheStore pointing to the same, shared database.) Setting this to true avoids multiple cache instances writing the same modification multiple times. If enabled, only the node where the modification originated will write to the cache store. If disabled, each individual cache reacts to a potential remote update by storing the data to the cache store.
segmented
BOOLEAN
false
true
true
Indicates whether or not this cache store should be segment aware.
properties
OBJECT
false
true
A list of cache store properties.
fetch-state
BOOLEAN
false
true
true
If true, fetch persistent state when joining a cluster. If multiple cache stores are chained, only one of them can have this property enabled.
remove Removes a cache remote store configuration element from the cache.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/property/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/property/index.html
new file mode 100644
index 000000000..1e098df38
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/property/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/write/behind/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/write/behind/index.html
new file mode 100644
index 000000000..aa017e03c
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/write/behind/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a cache store as write-behind instead of write-through.
Attributes (1)
modification-queue-size Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
Attribute
Value
Default Value
1024
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Operations (2)
add Adds a write-behind configuration element to the store.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
modification-queue-size
INT
false
true
1024
Maximum number of entries in the asynchronous queue. When the queue is full, the store becomes write-through until it can accept new entries.
remove Removes a write-behind configuration element from the store.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/write/through/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/write/through/index.html
new file mode 100644
index 000000000..26879f70a
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/scattered-cache/store/remote/write/through/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/thread-pool/blocking/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/thread-pool/blocking/index.html
new file mode 100644
index 000000000..210168839
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/thread-pool/blocking/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Defines a thread pool used for for blocking operations.
Attributes (4)
keepalive-time Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
min-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
max-threads
INT
false
true
150
The maximum thread pool size.
queue-length
INT
false
true
5000
The queue length.
keepalive-time
LONG
false
true
60000
Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/thread-pool/expiration/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/thread-pool/expiration/index.html
new file mode 100644
index 000000000..b6afe38ae
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/thread-pool/expiration/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
keepalive-time Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
min-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time
LONG
false
true
60000
Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/thread-pool/listener/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/thread-pool/listener/index.html
new file mode 100644
index 000000000..da64ccff4
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/thread-pool/listener/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Defines a thread pool used for asynchronous cache listener notifications.
Attributes (4)
keepalive-time Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
min-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
max-threads
INT
false
true
1
The maximum thread pool size.
queue-length
INT
false
true
1000
The queue length.
keepalive-time
LONG
false
true
60000
Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/thread-pool/non-blocking/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/thread-pool/non-blocking/index.html
new file mode 100644
index 000000000..7601a6d9c
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/thread-pool/non-blocking/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Defines a thread pool used for for non-blocking operations.
Attributes (4)
keepalive-time Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
min-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
max-threads
INT
false
true
2
The maximum thread pool size.
queue-length
INT
false
true
1000
The queue length.
keepalive-time
LONG
false
true
60000
Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/transport/jgroups/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/transport/jgroups/index.html
new file mode 100644
index 000000000..5da4a140c
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/transport/jgroups/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove Remove the transport from the cache container
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/cache-container/transport/none/index.html b/latest/wildscribe/subsystem/infinispan/cache-container/transport/none/index.html
new file mode 100644
index 000000000..a912b1334
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/cache-container/transport/none/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Adds a local transport to this cache container
remove Removes a local transport from this cache container
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/index.html b/latest/wildscribe/subsystem/infinispan/index.html
new file mode 100644
index 000000000..6eb0b34f5
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/remote-cache-container/component/connection-pool/index.html b/latest/wildscribe/subsystem/infinispan/remote-cache-container/component/connection-pool/index.html
new file mode 100644
index 000000000..9721659e8
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/remote-cache-container/component/connection-pool/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
exhausted-action Specifies what happens when asking for a connection from a server's pool, and that pool is exhausted.
Attribute
Value
Default Value
WAIT
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
Allowed Values
EXCEPTION WAIT CREATE_NEW
max-active Controls the maximum number of connections per server that are allocated (checked out to client threads, or idle in the pool) at one time. When non-positive, there is no limit to the number of connections per server. When maxActive is reached, the connection pool for that server is said to be exhausted. Value -1 means no limit.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-wait The amount of time in milliseconds to wait for a connection to become available when the exhausted action is ExhaustedAction.WAIT, after which a java.util.NoSuchElementException will be thrown. If a negative value is supplied, the pool will block indefinitely.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
min-evictable-idle-time Specifies the minimum amount of time that an connection may sit idle in the pool before it is eligible for eviction due to idle time. When non-positive, no connection will be dropped from the pool due to idle time alone. This setting has no effect unless timeBetweenEvictionRunsMillis > 0.
Attribute
Value
Default Value
1800000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
min-idle Sets a target value for the minimum number of idle connections (per server) that should always be available. If this parameter is set to a positive number and timeBetweenEvictionRunsMillis > 0, each time the idle connection eviction thread runs, it will try to create enough idle instances so that there will be minIdle idle instances available for each server.
Specifies what happens when asking for a connection from a server's pool, and that pool is exhausted.
max-active
INT
false
true
Controls the maximum number of connections per server that are allocated (checked out to client threads, or idle in the pool) at one time. When non-positive, there is no limit to the number of connections per server. When maxActive is reached, the connection pool for that server is said to be exhausted. Value -1 means no limit.
max-wait
LONG
false
true
The amount of time in milliseconds to wait for a connection to become available when the exhausted action is ExhaustedAction.WAIT, after which a java.util.NoSuchElementException will be thrown. If a negative value is supplied, the pool will block indefinitely.
min-evictable-idle-time
LONG
false
true
1800000
Specifies the minimum amount of time that an connection may sit idle in the pool before it is eligible for eviction due to idle time. When non-positive, no connection will be dropped from the pool due to idle time alone. This setting has no effect unless timeBetweenEvictionRunsMillis > 0.
min-idle
INT
false
true
1
Sets a target value for the minimum number of idle connections (per server) that should always be available. If this parameter is set to a positive number and timeBetweenEvictionRunsMillis > 0, each time the idle connection eviction thread runs, it will try to create enough idle instances so that there will be minIdle idle instances available for each server.
remove Removes configuration of the connection pool.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/remote-cache-container/component/security/index.html b/latest/wildscribe/subsystem/infinispan/remote-cache-container/component/security/index.html
new file mode 100644
index 000000000..08f6f8cae
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/remote-cache-container/component/security/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/remote-cache-container/index.html b/latest/wildscribe/subsystem/infinispan/remote-cache-container/index.html
new file mode 100644
index 000000000..7ee368716
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/remote-cache-container/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
idle-connections The number of idle connections to the Infinispan server.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
key-size-estimate This hint allows sizing of byte buffers when serializing and deserializing keys, to minimize array resizing.
Deprecated Since 15.0.0
Deprecated. This attribute will be ignored.
Attribute
Value
Default Value
64
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
marshaller Defines the marshalling implementation used to marshal cache entries.
Attribute
Value
Default Value
LEGACY
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
max-retries Sets the maximum number of retries for each request. A valid value should be greater or equals than 0. Zero means no retry will made in case of a network failure.
Attribute
Value
Default Value
10
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
modules The set of modules associated with this remote cache container's configuration.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
properties A list of remote cache container properties.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
protocol-version This property defines the protocol version that this client should use.
socket-timeout Enable or disable SO_TIMEOUT on socket connections to remote Hot Rod servers with the specified timeout, in milliseconds. A timeout of 0 is interpreted as an infinite timeout.
tcp-keep-alive Configures TCP Keepalive on the TCP stack.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
tcp-no-delay Enable or disable TCP_NODELAY on socket connections to remote Hot Rod servers.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
transaction-timeout The duration (in ms) after which idle transactions are rolled back.
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
resource-services
value-size-estimate This hint allows sizing of byte buffers when serializing and deserializing values, to minimize array resizing.
Deprecated Since 15.0.0
Deprecated. This attribute will be ignored.
Attribute
Value
Default Value
512
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Add a remote cache container to the infinispan subsystem.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
connection-timeout
INT
false
true
60000
Defines the maximum socket connect timeout before giving up connecting to the server.
default-remote-cluster
STRING
true
false
Required default remote server cluster.
marshaller
STRING
false
true
LEGACY
Defines the marshalling implementation used to marshal cache entries.
max-retries
INT
false
true
10
Sets the maximum number of retries for each request. A valid value should be greater or equals than 0. Zero means no retry will made in case of a network failure.
properties
OBJECT
false
true
A list of remote cache container properties.
protocol-version
STRING
false
true
4.0
This property defines the protocol version that this client should use.
socket-timeout
INT
false
true
60000
Enable or disable SO_TIMEOUT on socket connections to remote Hot Rod servers with the specified timeout, in milliseconds. A timeout of 0 is interpreted as an infinite timeout.
statistics-enabled
BOOLEAN
false
true
false
Enables statistics gathering for this remote cache.
tcp-no-delay
BOOLEAN
false
true
true
Enable or disable TCP_NODELAY on socket connections to remote Hot Rod servers.
tcp-keep-alive
BOOLEAN
false
true
false
Configures TCP Keepalive on the TCP stack.
transaction-timeout
LONG
false
true
60000
The duration (in ms) after which idle transactions are rolled back.
modules
LIST
false
true
The set of modules associated with this remote cache container's configuration.
key-size-estimate
INT
false
true
64
This hint allows sizing of byte buffers when serializing and deserializing keys, to minimize array resizing.
value-size-estimate
INT
false
true
512
This hint allows sizing of byte buffers when serializing and deserializing values, to minimize array resizing.
remove Remove a cache container from the infinispan subsystem.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/remote-cache-container/near-cache/invalidation/index.html b/latest/wildscribe/subsystem/infinispan/remote-cache-container/near-cache/invalidation/index.html
new file mode 100644
index 000000000..b69bb54dd
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/remote-cache-container/near-cache/invalidation/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/remote-cache-container/remote-cache/index.html b/latest/wildscribe/subsystem/infinispan/remote-cache-container/remote-cache/index.html
new file mode 100644
index 000000000..a720324cc
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/remote-cache-container/remote-cache/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/remote-cache-container/remote-cluster/index.html b/latest/wildscribe/subsystem/infinispan/remote-cache-container/remote-cluster/index.html
new file mode 100644
index 000000000..8fe657fbd
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/remote-cache-container/remote-cluster/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
switch-cluster Switch the cluster to which this HotRod client should communicate. Primary used to failback to the local site in the event of a site failover.
Reply properties
type
BOOLEAN
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/infinispan/remote-cache-container/thread-pool/async/index.html b/latest/wildscribe/subsystem/infinispan/remote-cache-container/thread-pool/async/index.html
new file mode 100644
index 000000000..bbc62c254
--- /dev/null
+++ b/latest/wildscribe/subsystem/infinispan/remote-cache-container/thread-pool/async/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Defines a thread pool used for asynchronous operations.
Attributes (4)
keepalive-time Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
min-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
add Adds thread pool configuration used for asynchronous operations.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
min-threads
INT
false
true
99
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
max-threads
INT
false
true
99
The maximum thread pool size.
queue-length
INT
false
true
0
The queue length.
keepalive-time
LONG
false
true
0
Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
remove Removes thread pool configuration used for asynchronous operations.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/io/buffer-pool/index.html b/latest/wildscribe/subsystem/io/buffer-pool/index.html
new file mode 100644
index 000000000..46bd02cb9
--- /dev/null
+++ b/latest/wildscribe/subsystem/io/buffer-pool/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/io/index.html b/latest/wildscribe/subsystem/io/index.html
new file mode 100644
index 000000000..ba1d3447c
--- /dev/null
+++ b/latest/wildscribe/subsystem/io/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/io/worker/index.html b/latest/wildscribe/subsystem/io/worker/index.html
new file mode 100644
index 000000000..f53c4f70c
--- /dev/null
+++ b/latest/wildscribe/subsystem/io/worker/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
core-pool-size Minimum number of threads to keep in the underlying thread pool even if they are idle. Threads over this limit will be terminated over time specified by task-keepalive attribute.
io-threads Specify the number of I/O threads to create for the worker. If not specified, a default will be chosen, which is calculated by cpuCount * 2
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-pool-size The maximum number of threads allowed in the worker task thread pool. Depending on the pool implementation, when this limit is reached tasks which cannot be queued may be rejected. This can be configured using the 'task-max-threads' attribute; see the description of that attribute for details on how this value is determined.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
queue-size An estimate of the number of tasks in the worker queue.
stack-size The stack size (in bytes) to attempt to use for worker threads.
Attribute
Value
Default Value
0
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Storage
configuration
Access Type
read-write
Restart Required
all-services
task-core-threads Specify the starting number of threads for the worker task thread pool.
Attribute
Value
Default Value
2
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
task-keepalive Specify the number of milliseconds to keep non-core task threads alive.
Attribute
Value
Default Value
60000
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
task-max-threads Specify the maximum number of threads for the worker task thread pool.If not set, a default value used which is calculated by the formula cpuCount * 16,as long as the MaxFileDescriptorCount jmx property allows that number; otherwise the calculation takes that max into account and adjusts accordingly.
Specify the number of I/O threads to create for the worker. If not specified, a default will be chosen, which is calculated by cpuCount * 2
stack-size
LONG
false
true
0
The stack size (in bytes) to attempt to use for worker threads.
task-core-threads
INT
false
true
2
Specify the starting number of threads for the worker task thread pool.
task-keepalive
INT
false
true
60000
Specify the number of milliseconds to keep non-core task threads alive.
task-max-threads
INT
false
true
Specify the maximum number of threads for the worker task thread pool.If not set, a default value used which is calculated by the formula cpuCount * 16,as long as the MaxFileDescriptorCount jmx property allows that number; otherwise the calculation takes that max into account and adjusts accordingly.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/io/worker/outbound-bind-address/index.html b/latest/wildscribe/subsystem/io/worker/outbound-bind-address/index.html
new file mode 100644
index 000000000..457c3b17f
--- /dev/null
+++ b/latest/wildscribe/subsystem/io/worker/outbound-bind-address/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/io/worker/server/index.html b/latest/wildscribe/subsystem/io/worker/server/index.html
new file mode 100644
index 000000000..0cb9b76bb
--- /dev/null
+++ b/latest/wildscribe/subsystem/io/worker/server/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
connection-limit-high-water-mark If the connection count hits this number, no new connections will be accepted until the count drops below the low-water mark.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
connection-limit-low-water-mark If the connection count has previously hit the high water mark, once it drops back down below this count, connections will be accepted again.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jaxrs/index.html b/latest/wildscribe/subsystem/jaxrs/index.html
new file mode 100644
index 000000000..fc087a6b1
--- /dev/null
+++ b/latest/wildscribe/subsystem/jaxrs/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
tracing-threshold The "SUMMARY" threshold will emit some brief tracing information. The "TRACE" threshold will produce more detailed tracing information, and the "VERBOSE" threshold will generate extremely detailed tracing information.
Attribute
Value
Default Value
SUMMARY
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
SUMMARY TRACE VERBOSE
tracing-type "ALL" will enable the tracing feature. "ON_DEMAND" mode will give the control to client side: A client can send a tracing request via HTTP header and get the tracing info back from response headers. "OFF" mode will disable the tracing feature, and this is the default mode. Note that this it is suggested this is set to "OFF" for production servers.
Attribute
Value
Default Value
OFF
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
OFF ON_DEMAND ALL
Operations (2)
add Operation creating the Jakarta RESTful Web Services subsystem.
The "SUMMARY" threshold will emit some brief tracing information. The "TRACE" threshold will produce more detailed tracing information, and the "VERBOSE" threshold will generate extremely detailed tracing information.
tracing-type
STRING
false
true
OFF
"ALL" will enable the tracing feature. "ON_DEMAND" mode will give the control to client side: A client can send a tracing request via HTTP header and get the tracing info back from response headers. "OFF" mode will disable the tracing feature, and this is the default mode. Note that this it is suggested this is set to "OFF" for production servers.
remove Operation removing the Jakarta RESTful Web Services subsystem.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jca/archive-validation/archive-validation/index.html b/latest/wildscribe/subsystem/jca/archive-validation/archive-validation/index.html
new file mode 100644
index 000000000..17a7d7013
--- /dev/null
+++ b/latest/wildscribe/subsystem/jca/archive-validation/archive-validation/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jca/bean-validation/bean-validation/index.html b/latest/wildscribe/subsystem/jca/bean-validation/bean-validation/index.html
new file mode 100644
index 000000000..ab85c82bb
--- /dev/null
+++ b/latest/wildscribe/subsystem/jca/bean-validation/bean-validation/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Specify whether Jakarta Bean Validation is enabled
remove Remove Jakarta Bean Validation functionality
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jca/bootstrap-context/index.html b/latest/wildscribe/subsystem/jca/bootstrap-context/index.html
new file mode 100644
index 000000000..59b29549a
--- /dev/null
+++ b/latest/wildscribe/subsystem/jca/bootstrap-context/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jca/cached-connection-manager/cached-connection-manager/index.html b/latest/wildscribe/subsystem/jca/cached-connection-manager/cached-connection-manager/index.html
new file mode 100644
index 000000000..52c81f1a3
--- /dev/null
+++ b/latest/wildscribe/subsystem/jca/cached-connection-manager/cached-connection-manager/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jca/distributed-workmanager/index.html b/latest/wildscribe/subsystem/jca/distributed-workmanager/index.html
new file mode 100644
index 000000000..4104da0cb
--- /dev/null
+++ b/latest/wildscribe/subsystem/jca/distributed-workmanager/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jca/distributed-workmanager/long-running-threads/index.html b/latest/wildscribe/subsystem/jca/distributed-workmanager/long-running-threads/index.html
new file mode 100644
index 000000000..5268070ac
--- /dev/null
+++ b/latest/wildscribe/subsystem/jca/distributed-workmanager/long-running-threads/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A thread pool executor with a bounded queue where threads submittings tasks may block. Such a thread pool has a core and maximum size and a specified queue length. When a task is submitted, if the number of running threads is less than the core size, a new thread is created. Otherwise, if there is room in the queue, the task is enqueued. Otherwise, if the number of running threads is less than the maximum size, a new thread is created. Otherwise, the caller blocks until room becomes available in the queue.
core-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
largest-thread-count The largest number of threads that have ever simultaneously been in the pool.
rejected-count The number of tasks that have been passed to the handoff-executor (if one is specified) or discarded.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
thread-factory Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time
OBJECT
false
false
Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
max-threads
INT
true
true
The maximum thread pool size.
queue-length
INT
true
true
The queue length.
thread-factory
STRING
false
false
Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
remove Removes a blocking bounded queue thread pool.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jca/distributed-workmanager/short-running-threads/index.html b/latest/wildscribe/subsystem/jca/distributed-workmanager/short-running-threads/index.html
new file mode 100644
index 000000000..f735bf9ed
--- /dev/null
+++ b/latest/wildscribe/subsystem/jca/distributed-workmanager/short-running-threads/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A thread pool executor with a bounded queue where threads submittings tasks may block. Such a thread pool has a core and maximum size and a specified queue length. When a task is submitted, if the number of running threads is less than the core size, a new thread is created. Otherwise, if there is room in the queue, the task is enqueued. Otherwise, if the number of running threads is less than the maximum size, a new thread is created. Otherwise, the caller blocks until room becomes available in the queue.
core-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
largest-thread-count The largest number of threads that have ever simultaneously been in the pool.
rejected-count The number of tasks that have been passed to the handoff-executor (if one is specified) or discarded.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
thread-factory Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time
OBJECT
false
false
Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
max-threads
INT
true
true
The maximum thread pool size.
queue-length
INT
true
true
The queue length.
thread-factory
STRING
false
false
Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
remove Removes a blocking bounded queue thread pool.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jca/index.html b/latest/wildscribe/subsystem/jca/index.html
new file mode 100644
index 000000000..47fe82145
--- /dev/null
+++ b/latest/wildscribe/subsystem/jca/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jca/tracer/tracer/index.html b/latest/wildscribe/subsystem/jca/tracer/tracer/index.html
new file mode 100644
index 000000000..2c61c2894
--- /dev/null
+++ b/latest/wildscribe/subsystem/jca/tracer/tracer/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jca/workmanager/default/index.html b/latest/wildscribe/subsystem/jca/workmanager/default/index.html
new file mode 100644
index 000000000..26db13677
--- /dev/null
+++ b/latest/wildscribe/subsystem/jca/workmanager/default/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jca/workmanager/default/long-running-threads/index.html b/latest/wildscribe/subsystem/jca/workmanager/default/long-running-threads/index.html
new file mode 100644
index 000000000..82c23d04a
--- /dev/null
+++ b/latest/wildscribe/subsystem/jca/workmanager/default/long-running-threads/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A thread pool executor with a bounded queue where threads submittings tasks may block. Such a thread pool has a core and maximum size and a specified queue length. When a task is submitted, if the number of running threads is less than the core size, a new thread is created. Otherwise, if there is room in the queue, the task is enqueued. Otherwise, if the number of running threads is less than the maximum size, a new thread is created. Otherwise, the caller blocks until room becomes available in the queue.
core-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
largest-thread-count The largest number of threads that have ever simultaneously been in the pool.
rejected-count The number of tasks that have been passed to the handoff-executor (if one is specified) or discarded.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
thread-factory Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time
OBJECT
false
false
Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
max-threads
INT
true
true
The maximum thread pool size.
queue-length
INT
true
true
The queue length.
thread-factory
STRING
false
false
Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
remove Removes a blocking bounded queue thread pool.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jca/workmanager/default/short-running-threads/index.html b/latest/wildscribe/subsystem/jca/workmanager/default/short-running-threads/index.html
new file mode 100644
index 000000000..d54f394d6
--- /dev/null
+++ b/latest/wildscribe/subsystem/jca/workmanager/default/short-running-threads/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A thread pool executor with a bounded queue where threads submittings tasks may block. Such a thread pool has a core and maximum size and a specified queue length. When a task is submitted, if the number of running threads is less than the core size, a new thread is created. Otherwise, if there is room in the queue, the task is enqueued. Otherwise, if the number of running threads is less than the maximum size, a new thread is created. Otherwise, the caller blocks until room becomes available in the queue.
core-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
largest-thread-count The largest number of threads that have ever simultaneously been in the pool.
rejected-count The number of tasks that have been passed to the handoff-executor (if one is specified) or discarded.
Attribute
Value
Type
INT
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
thread-factory Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
keepalive-time
OBJECT
false
false
Used to specify the amount of time that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
max-threads
INT
true
true
The maximum thread pool size.
queue-length
INT
true
true
The queue length.
thread-factory
STRING
false
false
Specifies the name of a specific thread factory to use to create worker threads. If not defined an appropriate default thread factory will be used.
remove Removes a blocking bounded queue thread pool.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jca/workmanager/default/statistics/local/index.html b/latest/wildscribe/subsystem/jca/workmanager/default/statistics/local/index.html
new file mode 100644
index 000000000..1bf8165a9
--- /dev/null
+++ b/latest/wildscribe/subsystem/jca/workmanager/default/statistics/local/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jdr/index.html b/latest/wildscribe/subsystem/jdr/index.html
new file mode 100644
index 000000000..8c9981e58
--- /dev/null
+++ b/latest/wildscribe/subsystem/jdr/index.html
@@ -0,0 +1,25 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/fork/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/index.html
new file mode 100644
index 000000000..234be2e46
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/ASYM_ENCRYPT/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/ASYM_ENCRYPT/index.html
new file mode 100644
index 000000000..88419f505
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/ASYM_ENCRYPT/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/index.html
new file mode 100644
index 000000000..5e7af6152
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/cipher/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/cipher/index.html
new file mode 100644
index 000000000..8134e0622
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/cipher/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/digest/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/digest/index.html
new file mode 100644
index 000000000..2336e8e85
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/digest/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/plain/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/plain/index.html
new file mode 100644
index 000000000..287e487f7
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/AUTH/token/plain/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/FD_SOCK/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/FD_SOCK/index.html
new file mode 100644
index 000000000..b752987e8
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/FD_SOCK/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/FD_SOCK2/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/FD_SOCK2/index.html
new file mode 100644
index 000000000..f1cc7d453
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/FD_SOCK2/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/JDBC_PING/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/JDBC_PING/index.html
new file mode 100644
index 000000000..4a6f1abb5
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/JDBC_PING/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/MPING/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/MPING/index.html
new file mode 100644
index 000000000..263b0b89b
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/MPING/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/SYM_ENCRYPT/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/SYM_ENCRYPT/index.html
new file mode 100644
index 000000000..455134770
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/SYM_ENCRYPT/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/TCPGOSSIP/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/TCPGOSSIP/index.html
new file mode 100644
index 000000000..ebb9e4261
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/TCPGOSSIP/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/TCPPING/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/TCPPING/index.html
new file mode 100644
index 000000000..7f8185c9e
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/TCPPING/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.ASYM_ENCRYPT/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.ASYM_ENCRYPT/index.html
new file mode 100644
index 000000000..3bf73c232
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.ASYM_ENCRYPT/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.AUTH/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.AUTH/index.html
new file mode 100644
index 000000000..7f5952b46
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.AUTH/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.JDBC_PING/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.JDBC_PING/index.html
new file mode 100644
index 000000000..adc91d7fc
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.JDBC_PING/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.SYM_ENCRYPT/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.SYM_ENCRYPT/index.html
new file mode 100644
index 000000000..a4bc0c8e1
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.SYM_ENCRYPT/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.TCPGOSSIP/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.TCPGOSSIP/index.html
new file mode 100644
index 000000000..6e4073a88
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.TCPGOSSIP/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.TCPPING/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.TCPPING/index.html
new file mode 100644
index 000000000..6284e8046
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/fork/protocol/org.jgroups.protocols.TCPPING/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/index.html
new file mode 100644
index 000000000..5a5b03ef1
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/FD_ALL3/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/FD_ALL3/index.html
new file mode 100644
index 000000000..11e16fe05
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/FD_ALL3/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/FD_SOCK2/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/FD_SOCK2/index.html
new file mode 100644
index 000000000..a8d7ad6ab
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/FD_SOCK2/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
after_creation_hook Fully qualified name of a class implementing ProtocolHook, will be called after creation of the protocol (before init())
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
bind_addr The NIC on which the ServerSocket should listen on. The following special values are also recognized: GLOBAL, SITE_LOCAL, LINK_LOCAL and NON_LOOPBACK
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
client_bind_port Start port for client socket. Default value of 0 picks a random port
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
client_state The client state (CONNECTED / DISCONNECTED)
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
cluster The cluster we've joined. Set on joining a cluster, null when unconnected
ergonomics Enables ergonomics: dynamically find the best values for properties at runtime
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
external_addr Use "external_addr" if you have hosts on different networks behind firewalls. On each firewall, set up a port forwarding rule to the local IP (e.g. 192.168.1.100) of the host, then on each host, set the "external_addr" TCP transport attribute to the external (public IP) address of the firewall
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
external_port Used to map the internal port (bind_port) to an external port. Only used if > 0
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
id Give the protocol a different ID if needed so we can have multiple instances of it in the same stack
max_port The highest port the FD_SOCK server can listen on. Needed when wrapping around, looking for ports. See https://issues.redhat.com/browse/JGRP-2560 for details.
min_port The lowest port the FD_SOCK server can listen on. Needed when wrapping around, looking for ports. See https://issues.redhat.com/browse/JGRP-2560 for details
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/FRAG4/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/FRAG4/index.html
new file mode 100644
index 000000000..2967029af
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/FRAG4/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
stats Determines whether to collect statistics (and expose them via JMX). Default is true
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/MERGE3/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/MERGE3/index.html
new file mode 100644
index 000000000..c2131d861
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/MERGE3/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/MFC/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/MFC/index.html
new file mode 100644
index 000000000..816f37085
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/MFC/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
max_credits Max number of bytes to send per receiver until an ack must be received to proceed
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
min_credits Computed as max_credits x min_theshold unless explicitly set
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
min_threshold The threshold (as a percentage of max_credits) at which a receiver sends more credits to a sender. Example: if max_credits is 1'000'000, and min_threshold 0.25, then we send ca. 250'000 credits to P once we've got only 250'000 credits left for P (we've received 750'000 bytes from P)
stats Determines whether to collect statistics (and expose them via JMX). Default is true
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/PING/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/PING/index.html
new file mode 100644
index 000000000..6b377810a
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/PING/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (23)
after_creation_hook Fully qualified name of a class implementing ProtocolHook, will be called after creation of the protocol (before init())
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
async_discovery If true then the discovery is done on a separate timer thread. Should be set to true when discovery is blocking and/or takes more than a few milliseconds
max_members_in_discovery_request Max size of the member list shipped with a discovery request. If we have more, the mbrs field in the discovery request header is nulled and members return the entire membership, not individual members
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
max_rank_to_reply The max rank of this member to respond to discovery requests, e.g. if max_rank_to_reply=2 in {A,B,C,D,E}, only A (rank 1) and B (rank 2) will reply. A value <= 0 means everybody will reply. This attribute is ignored if TP.use_ip_addrs is false.
num_discovery_runs The number of times a discovery process is executed when finding initial members (https://issues.redhat.com/browse/JGRP-2317)
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
return_entire_cache Whether or not to return the entire logical-physical address cache mappings on a discovery request, or not.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
send_cache_on_join When a new node joins, and we have a static discovery protocol (TCPPING), then send the contents of the discovery cache to new and existing members if true (and we're the coord). Addresses JGRP-1903
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
sends_can_block True if sending a message can block at the transport level
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
stagger_timeout If greater than 0, we'll wait a random number of milliseconds in range [0..stagger_timeout] before sending a discovery response. This prevents traffic spikes in large clusters when everyone sends their discovery response at the same time
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
stats Determines whether to collect statistics (and expose them via JMX). Default is true
use_disk_cache If a persistent disk cache (PDC) is present, combine the discovery results with the contents of the disk cache before returning the results
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/RED/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/RED/index.html
new file mode 100644
index 000000000..1da7734f3
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/RED/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (15)
after_creation_hook Fully qualified name of a class implementing ProtocolHook, will be called after creation of the protocol (before init())
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
avg_queue_size The average number of elements in the bundler's queue. Computed as o * (1 - 2^-wf) + c * (2^-wf) where o is the old average, c the current queue size amd wf the weight_factor
Attribute
Value
Type
DOUBLE
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
drop_rate Percentage of all messages that were dropped
weight_factor The weight used to compute the average queue size. The higher the value is, the less the current queue size is taken into account. E.g. with 2, 25% of the current queue size and 75% of the old average is taken to compute the new average. In other words: with a high value, the average will take longer to reflect the current queue size.
Attribute
Value
Type
DOUBLE
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/UDP/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/UDP/index.html
new file mode 100644
index 000000000..47136e34d
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/UDP/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (58)
after_creation_hook Fully qualified name of a class implementing ProtocolHook, will be called after creation of the protocol (before init())
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
avg_batch_size Returns the average batch size of received batches
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
bind_addr The bind address which should be used by this transport. The following special values are also recognized: GLOBAL, SITE_LOCAL, LINK_LOCAL, NON_LOOPBACK, match-interface, match-host, match-address
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
bind_port The port to which the transport binds. Default of 0 binds to any (ephemeral) port. See also port_range
bundler_type The type of bundler used ("ring-buffer", "transfer-queue" (default), "sender-sends" or "no-bundler") or the fully qualified classname of a Bundler implementation
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
cluster_name Name of the cluster to which this transport is connected
disable_loopback If true, disables IP_MULTICAST_LOOP on the MulticastSocket (for sending and receiving of multicast packets). IP multicast packets send on a host P will therefore not be received by anyone on P. Use with caution.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
dropped_messages Number of messages dropped when sending because of insufficient buffer space
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
ergonomics Enables ergonomics: dynamically find the best values for properties at runtime
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
external_addr Use "external_addr" if you have hosts on different networks, behind firewalls. On each firewall, set up a port forwarding rule (sometimes called "virtual server") to the local IP (e.g. 192.168.1.100) of the host then on each host, set "external_addr" TCP transport parameter to the external (public IP) address of the firewall.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
external_port Used to map the internal port (bind_port) to an external port. Only used if > 0
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
id Give the protocol a different ID if needed so we can have multiple instances of it in the same stack
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
ip_mcast Multicast toggle. If false multiple unicast datagrams are sent instead of one multicast. Default is true
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
ip_ttl The time-to-live (TTL) for multicast datagram packets. Default is 8
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
is_trace tracing is enabled or disabled for the given log
logical_addr_cache_expiration Time (in ms) after which entries in the logical address cache marked as removable can be removed. 0 never removes any entries (not recommended)
logical_addr_cache_reaper_interval Interval (in ms) at which the reaper task scans logical_addr_cache and removes entries marked as removable. 0 disables reaping.
loopback_copy Whether or not to make a copy of a message before looping it back up. Don't use this; might get removed without warning
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
loopback_separate_thread Loop back the message on a separate thread or use the current thread. Don't use this; might get removed without warning
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
mcast_addr The multicast address used for sending and receiving packets
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
mcast_port The multicast port used for sending and receiving packets. Default is 7600
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
mcast_receiver_threads Number of multicast receiver threads, all reading from the same MulticastSocket. If de-serialization is slow, increasing the number of receiver threads might yield better performance.
num_threads Returns the number of live threads in the JVM
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
port_range The range of valid ports: [bind_port .. bind_port+port_range ]. 0 only binds to bind_port and fails if taken
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
receive_interfaces Comma delimited list of interfaces (IP addresses or interface names) to receive multicasts on
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
receive_on_all_interfaces If true, the transport should use all available interfaces to receive multicast messages
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
stats Determines whether to collect statistics (and expose them via JMX). Default is true
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
suppress_time_different_cluster_warnings Time during which identical warnings about messages from a member from a different cluster will be suppressed. 0 disables this (every warning will be logged). Setting the log level to ERROR also disables this.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
suppress_time_different_version_warnings Time during which identical warnings about messages from a member with a different version will be suppressed. 0 disables this (every warning will be logged). Setting the log level to ERROR also disables this.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
suppress_time_out_of_buffer_space Suppresses warnings on Mac OS (for now) about not enough buffer space when sending a datagram packet
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
thread_naming_pattern Thread naming pattern for threads in this channel. Valid values are "pcl": "p": includes the thread name, e.g. "Incoming thread-1", "UDP ucast receiver", "c": includes the cluster name, e.g. "MyCluster", "l": includes the local address of the current member, e.g. "192.168.5.1:5678"
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
time_service_interval Interval (in ms) at which the time service updates its timestamp. 0 disables the time service
timer_handle_non_blocking_tasks If enabled, the timer will run non-blocking tasks on its own (runner) thread, and not submit them to the thread pool. Otherwise, all tasks are submitted to the thread pool. This attribute is experimental and may be removed without notice.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
timer_tasks Number of timer tasks queued up for execution
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
timer_threads Number of threads currently in the pool
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
tos Traffic class for sending unicast and multicast datagrams
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
ucast_receiver_threads Number of unicast receiver threads, all reading from the same DatagramSocket. If de-serialization is slow, increasing the number of receiver threads might yield better performance.
use_virtual_threads If true, create virtual threads, otherwise create native threads
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
who_has_cache_timeout Timeout (in ms) to determine how long to wait until a request to fetch the physical address for a given logical address will be sent again. Subsequent requests for the same physical address will therefore be spaced at least who_has_cache_timeout ms apart
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/UFC/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/UFC/index.html
new file mode 100644
index 000000000..56853c4f3
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/UFC/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
max_credits Max number of bytes to send per receiver until an ack must be received to proceed
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
min_credits Computed as max_credits x min_theshold unless explicitly set
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
min_threshold The threshold (as a percentage of max_credits) at which a receiver sends more credits to a sender. Example: if max_credits is 1'000'000, and min_threshold 0.25, then we send ca. 250'000 credits to P once we've got only 250'000 credits left for P (we've received 750'000 bytes from P)
stats Determines whether to collect statistics (and expose them via JMX). Default is true
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/UNICAST3/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/UNICAST3/index.html
new file mode 100644
index 000000000..57c850f5e
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/UNICAST3/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (46)
ack_threshold Send an ack immediately when a batch of ack_threshold (or more) messages is received. Otherwise send delayed acks. If 1, ack single messages (similar to UNICAST)
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
after_creation_hook Fully qualified name of a class implementing ProtocolHook, will be called after creation of the protocol (before init())
conn_close_timeout Time (in ms) until a connection marked to be closed will get removed. 0 disables this
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
conn_expiry_timeout Time (in milliseconds) after which an idle incoming or outgoing connection is closed. The connection will get re-established when used again. 0 disables connection reaping. Note that this creates lingering connection entries, which increases memory over time.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
ergonomics Enables ergonomics: dynamically find the best values for properties at runtime
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
id Give the protocol a different ID if needed so we can have multiple instances of it in the same stack
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
is_trace tracing is enabled or disabled for the given log
log_not_found_msgs If true, trashes warnings about retransmission messages not found in the xmit_table (used for testing)
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
loopback If true, a unicast message to self is looped back up on the same thread. Noter that this may cause problems (e.g. deadlocks) in some applications, so make sure that your code can handle this. Issue: https://issues.redhat.com/browse/JGRP-2547
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
max_batch_size The max size of a message batch when delivering messages. 0 is unbounded
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
max_xmit_req_size Max number of messages to ask for in a retransmit request. 0 disables this and uses the max bundle size in the transport
xmit_table_msgs_per_row Number of elements of a row of the matrix in the retransmission table; gets rounded to the next power of 2 (only for experts). The capacity of the matrix is xmit_table_num_rows * xmit_table_msgs_per_row
xmits_enabled When true, the sender retransmits messages until ack'ed and the receiver asks for missing messages. When false, this is not done, but ack'ing and stale connection testing is still done. https://issues.redhat.com/browse/JGRP-2676
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/VERIFY_SUSPECT/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/VERIFY_SUSPECT/index.html
new file mode 100644
index 000000000..a7994a1f9
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/VERIFY_SUSPECT/index.html
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
This page does not exist in the latest version (WildFly Full 29). You will be redirected to the last available version in 3 seconds.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/VERIFY_SUSPECT2/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/VERIFY_SUSPECT2/index.html
new file mode 100644
index 000000000..9e030efd8
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/VERIFY_SUSPECT2/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
timeout Number of millis to wait for verification that a suspect is really dead (approximation)
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
use_mcast_rsps Send the I_AM_NOT_DEAD message back as a multicast rather than as multiple unicasts (default is false)
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.GMS/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.GMS/index.html
new file mode 100644
index 000000000..167693b15
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.GMS/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (35)
after_creation_hook Fully qualified name of a class implementing ProtocolHook, will be called after creation of the protocol (before init())
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
all_clients_retry_timeout Time (in ms) to wait for another discovery round when all discovery responses were clients. A timeout of 0 means don't wait at all.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
coord Whether or not the current instance is the coordinator
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
ergonomics Enables ergonomics: dynamically find the best values for properties at runtime
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
id Give the protocol a different ID if needed so we can have multiple instances of it in the same stack
log_collect_msgs Logs failures for collecting all view acks if true
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
log_view_warnings Logs warnings for reception of views less than the current, and for views which don't include self
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
max_join_attempts Number of join attempts before we give up and become a singleton. 0 means 'never give up'
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
max_leave_attempts Number of times a LEAVE request is sent to the coordinator (without receiving a LEAVE response, before giving up and leaving anyway (failure detection will eventually exclude the left member). A value of 0 means wait forever
use_delta_views If true, then GMS is allowed to send VIEW messages with delta views, otherwise it always sends full views. See https://issues.redhat.com/browse/JGRP-1354 for details.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.NAKACK2/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.NAKACK2/index.html
new file mode 100644
index 000000000..3f542ca95
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.NAKACK2/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (47)
after_creation_hook Fully qualified name of a class implementing ProtocolHook, will be called after creation of the protocol (before init())
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
become_server_queue_size Size of the queue to hold messages received after creating the channel, but before being connected (is_server=false). After becoming the server, the messages in the queue are fed into up() and the queue is cleared. The motivation is to avoid retransmissions (see https://issues.redhat.com/browse/JGRP-1509 for details).
resend_last_seqno If enabled, multicasts the highest sent seqno every xmit_interval ms. This is skipped if a regular message has been multicast, and the task aquiesces if the highest sent seqno hasn't changed for resend_last_seqno_max_times times. Used to speed up retransmission of dropped last messages (JGRP-1904)
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
resend_last_seqno_max_times Max number of times the last seqno is resent before acquiescing if last seqno isn't incremented
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
resend_task_running Whether or not the task to resend the last seqno is running (depends on resend_last_seqno)
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
sends_can_block True if sending a message can block at the transport level
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
size_of_all_messages Returns the number of bytes of all messages in all retransmit buffers. To compute the size, Message.getLength() is used
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
size_of_all_messages_incl_headers Returns the number of bytes of all messages in all retransmit buffers. To compute the size, Message.size() is used
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
stats Determines whether to collect statistics (and expose them via JMX). Default is true
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
suppress_time_non_member_warnings Time during which identical warnings about messages from a non member will be suppressed. 0 disables this (every warning will be logged). Setting the log level to ERROR also disables this.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
use_mcast_xmit Retransmit retransmit responses (messages) using multicast rather than unicast
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
use_mcast_xmit_req Use a multicast to request retransmission of missing messages
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
xmit_from_random_member Ask a random member for retransmission of a missing message. Default is false
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
xmit_interval Interval (in milliseconds) at which missing messages (from all retransmit buffers) are retransmitted. 0 turns retransmission off
xmit_table_msgs_per_row Number of elements of a row of the matrix in the retransmission table; gets rounded to the next power of 2 (only for experts). The capacity of the matrix is xmit_table_num_rows * xmit_table_msgs_per_row
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.STABLE/index.html b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.STABLE/index.html
new file mode 100644
index 000000000..14a084107
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/channel/ee/protocol/pbcast.STABLE/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/index.html b/latest/wildscribe/subsystem/jgroups/index.html
new file mode 100644
index 000000000..6bd86205e
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/index.html b/latest/wildscribe/subsystem/jgroups/stack/index.html
new file mode 100644
index 000000000..b57f701dc
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove Remove a protocol stack from the jgroups subsystem.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/protocol/ASYM_ENCRYPT/index.html b/latest/wildscribe/subsystem/jgroups/stack/protocol/ASYM_ENCRYPT/index.html
new file mode 100644
index 000000000..398467393
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/protocol/ASYM_ENCRYPT/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/protocol/AUTH/index.html b/latest/wildscribe/subsystem/jgroups/stack/protocol/AUTH/index.html
new file mode 100644
index 000000000..846338a28
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/protocol/AUTH/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/cipher/index.html b/latest/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/cipher/index.html
new file mode 100644
index 000000000..c72146678
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/cipher/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/digest/index.html b/latest/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/digest/index.html
new file mode 100644
index 000000000..d7e894f6d
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/digest/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/plain/index.html b/latest/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/plain/index.html
new file mode 100644
index 000000000..e57c83821
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/protocol/AUTH/token/plain/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/protocol/FD_SOCK/index.html b/latest/wildscribe/subsystem/jgroups/stack/protocol/FD_SOCK/index.html
new file mode 100644
index 000000000..fabfe1b43
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/protocol/FD_SOCK/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/protocol/FD_SOCK2/index.html b/latest/wildscribe/subsystem/jgroups/stack/protocol/FD_SOCK2/index.html
new file mode 100644
index 000000000..2d09c9473
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/protocol/FD_SOCK2/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/protocol/JDBC_PING/index.html b/latest/wildscribe/subsystem/jgroups/stack/protocol/JDBC_PING/index.html
new file mode 100644
index 000000000..8f73777db
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/protocol/JDBC_PING/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/protocol/MPING/index.html b/latest/wildscribe/subsystem/jgroups/stack/protocol/MPING/index.html
new file mode 100644
index 000000000..22e0c51a6
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/protocol/MPING/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/protocol/SYM_ENCRYPT/index.html b/latest/wildscribe/subsystem/jgroups/stack/protocol/SYM_ENCRYPT/index.html
new file mode 100644
index 000000000..dfbcd624b
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/protocol/SYM_ENCRYPT/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/protocol/TCPGOSSIP/index.html b/latest/wildscribe/subsystem/jgroups/stack/protocol/TCPGOSSIP/index.html
new file mode 100644
index 000000000..e1187354c
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/protocol/TCPGOSSIP/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/protocol/TCPPING/index.html b/latest/wildscribe/subsystem/jgroups/stack/protocol/TCPPING/index.html
new file mode 100644
index 000000000..5724579db
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/protocol/TCPPING/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.ASYM_ENCRYPT/index.html b/latest/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.ASYM_ENCRYPT/index.html
new file mode 100644
index 000000000..5ca7b82b4
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.ASYM_ENCRYPT/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.AUTH/index.html b/latest/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.AUTH/index.html
new file mode 100644
index 000000000..9e41c009d
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.AUTH/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.JDBC_PING/index.html b/latest/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.JDBC_PING/index.html
new file mode 100644
index 000000000..1678f668d
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.JDBC_PING/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.SYM_ENCRYPT/index.html b/latest/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.SYM_ENCRYPT/index.html
new file mode 100644
index 000000000..ac8d0d307
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.SYM_ENCRYPT/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.TCPGOSSIP/index.html b/latest/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.TCPGOSSIP/index.html
new file mode 100644
index 000000000..c78c07af0
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.TCPGOSSIP/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.TCPPING/index.html b/latest/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.TCPPING/index.html
new file mode 100644
index 000000000..ce0e6745a
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/protocol/org.jgroups.protocols.TCPPING/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/relay/relay.RELAY2/index.html b/latest/wildscribe/subsystem/jgroups/stack/relay/relay.RELAY2/index.html
new file mode 100644
index 000000000..b721e1674
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/relay/relay.RELAY2/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/relay/relay.RELAY2/remote-site/index.html b/latest/wildscribe/subsystem/jgroups/stack/relay/relay.RELAY2/remote-site/index.html
new file mode 100644
index 000000000..76a32dfac
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/relay/relay.RELAY2/remote-site/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/transport/TCP/index.html b/latest/wildscribe/subsystem/jgroups/stack/transport/TCP/index.html
new file mode 100644
index 000000000..a366e5a90
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/transport/TCP/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
diagnostics-socket-binding The diagnostics socket binding specification for this protocol layer, used to specify IP interfaces and ports for communication.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/transport/TCP/thread-pool/default/index.html b/latest/wildscribe/subsystem/jgroups/stack/transport/TCP/thread-pool/default/index.html
new file mode 100644
index 000000000..9a15c3259
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/transport/TCP/thread-pool/default/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
keepalive-time Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
min-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
max-threads
INT
false
true
200
The maximum thread pool size.
keepalive-time
LONG
false
true
60000
Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/transport/TCP_NIO2/index.html b/latest/wildscribe/subsystem/jgroups/stack/transport/TCP_NIO2/index.html
new file mode 100644
index 000000000..52b2f4b4d
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/transport/TCP_NIO2/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
diagnostics-socket-binding The diagnostics socket binding specification for this protocol layer, used to specify IP interfaces and ports for communication.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/transport/TCP_NIO2/thread-pool/default/index.html b/latest/wildscribe/subsystem/jgroups/stack/transport/TCP_NIO2/thread-pool/default/index.html
new file mode 100644
index 000000000..6d23c025b
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/transport/TCP_NIO2/thread-pool/default/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
keepalive-time Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
min-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
max-threads
INT
false
true
200
The maximum thread pool size.
keepalive-time
LONG
false
true
60000
Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/transport/UDP/index.html b/latest/wildscribe/subsystem/jgroups/stack/transport/UDP/index.html
new file mode 100644
index 000000000..97f8b68f2
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/transport/UDP/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
diagnostics-socket-binding The diagnostics socket binding specification for this protocol layer, used to specify IP interfaces and ports for communication.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jgroups/stack/transport/UDP/thread-pool/default/index.html b/latest/wildscribe/subsystem/jgroups/stack/transport/UDP/thread-pool/default/index.html
new file mode 100644
index 000000000..e838c82c7
--- /dev/null
+++ b/latest/wildscribe/subsystem/jgroups/stack/transport/UDP/thread-pool/default/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
keepalive-time Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
min-threads The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
The core thread pool size which is smaller than the maximum pool size. If undefined, the core thread pool size is the same as the maximum thread pool size.
max-threads
INT
false
true
200
The maximum thread pool size.
keepalive-time
LONG
false
true
60000
Used to specify the amount of milliseconds that pool threads should be kept running when idle; if not specified, threads will run until the executor is shut down.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jmx/configuration/audit-log/handler/index.html b/latest/wildscribe/subsystem/jmx/configuration/audit-log/handler/index.html
new file mode 100644
index 000000000..aac44d51e
--- /dev/null
+++ b/latest/wildscribe/subsystem/jmx/configuration/audit-log/handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A reference to a file or syslog audit log handler. The name of the handler is denoted by the value of the address.
Operations (2)
add Adds a reference to a file or syslog audit log handler.
remove Removes a reference to a file or syslog audit log handler.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jmx/configuration/audit-log/index.html b/latest/wildscribe/subsystem/jmx/configuration/audit-log/index.html
new file mode 100644
index 000000000..38ccfde4a
--- /dev/null
+++ b/latest/wildscribe/subsystem/jmx/configuration/audit-log/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Whether operations should be logged on server boot.
log-read-only
BOOLEAN
false
true
false
Whether operations that do not modify the configuration or any runtime services should be logged.
remove Removes the management audit top-level resource.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jmx/expose-model/expression/index.html b/latest/wildscribe/subsystem/jmx/expose-model/expression/index.html
new file mode 100644
index 000000000..28f66daae
--- /dev/null
+++ b/latest/wildscribe/subsystem/jmx/expose-model/expression/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The configuration for exposing the 'expression' model controller in the MBeanServer. This facade will expose all simple attributes and operation parameters as String. Reads return the unresolved expression. You may use expressions when writing attributes and setting operation parameters.
Attributes (1)
domain-name The domain name to use for the 'expression' model controller JMX facade in the MBeanServer.
Attribute
Value
Default Value
jboss.as.expr
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Adds the 'expression' model controller JMX facade to the MBeanServer.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
domain-name
STRING
false
true
jboss.as.expr
The domain name to use for the 'expression' model controller JMX facade in the MBeanServer.
remove Removes the 'expression' model controller JMX facade from the MBeanServer.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jmx/expose-model/resolved/index.html b/latest/wildscribe/subsystem/jmx/expose-model/resolved/index.html
new file mode 100644
index 000000000..e0bae6b32
--- /dev/null
+++ b/latest/wildscribe/subsystem/jmx/expose-model/resolved/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The configuration for exposing the 'resolved' model controller in the MBeanServer. This facade will expose all simple attributes and operation parameters as their type in the underlying model. Reads return the resolved expression if used, or the raw value. You may not use expressions when writing attributes and setting operation parameters.
Attributes (2)
domain-name The domain name to use for the 'resolved' model controller JMX facade in the MBeanServer.
Attribute
Value
Default Value
jboss.as
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
proper-property-format If false, PROPERTY type attributes are represented as a DMR string, this is the legacy behaviour. If true, PROPERTY type attributes are represented by a composite type where the key is a string, and the value has the same type as the property in the underlying model.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Adds the 'resolved' model controller JMX facade to the MBeanServer.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
domain-name
STRING
false
true
jboss.as
The domain name to use for the 'resolved' model controller JMX facade in the MBeanServer.
proper-property-format
BOOLEAN
false
true
true
If false, PROPERTY type attributes are represented as a DMR string, this is the legacy behaviour. If true, PROPERTY type attributes are represented by a composite type where the key is a string, and the value has the same type as the property in the underlying model.
remove Removes the 'resolved' model controller JMX facade from the MBeanServer.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jmx/index.html b/latest/wildscribe/subsystem/jmx/index.html
new file mode 100644
index 000000000..0a31af0f7
--- /dev/null
+++ b/latest/wildscribe/subsystem/jmx/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
configuration Configuration of the JMX audit logger.
audit-log The management audit logging top-level resource.
expose-model Expose the model controller in the MBeanServer. The recommended is the 'expression' child.
expression The configuration for exposing the 'expression' model controller in the MBeanServer. This facade will expose all simple attributes and operation parameters as String. Reads return the unresolved expression. You may use expressions when writing attributes and setting operation parameters.
resolved The configuration for exposing the 'resolved' model controller in the MBeanServer. This facade will expose all simple attributes and operation parameters as their type in the underlying model. Reads return the resolved expression if used, or the raw value. You may not use expressions when writing attributes and setting operation parameters.
remoting-connector JBoss remoting connectors for the JMX subsystem.
jmx A JBoss remoting connector for the JMX subsystem.
non-core-mbean-sensitivity Whether or not core MBeans, i.e. mbeans not coming from the model controller, should be considered sensitive.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
show-model Alias for the existence of the 'resolved' model controller jmx facade. When writing, if set to 'true' it will add the 'resolved' model controller jmx facade resource with the default domain name.
Deprecated Since 7.0.0
The show-model configuration is deprecated and may be removed or moved in future versions.
Whether or not core MBeans, i.e. mbeans not coming from the model controller, should be considered sensitive.
show-model
BOOLEAN
false
false
Alias for the existence of the 'resolved' model controller jmx facade. When writing, if set to 'true' it will add the 'resolved' model controller jmx facade resource with the default domain name.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jmx/remoting-connector/jmx/index.html b/latest/wildscribe/subsystem/jmx/remoting-connector/jmx/index.html
new file mode 100644
index 000000000..1de1823d9
--- /dev/null
+++ b/latest/wildscribe/subsystem/jmx/remoting-connector/jmx/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
use-management-endpoint If true the connector will use the management endpoint, otherwise it will use the remoting subsystem one
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Adds the remote connector for the JMX subsystem.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
use-management-endpoint
BOOLEAN
false
true
true
If true the connector will use the management endpoint, otherwise it will use the remoting subsystem one
remove Removes the remote connector for the JMX subsystem.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jpa/index.html b/latest/wildscribe/subsystem/jpa/index.html
new file mode 100644
index 000000000..fab5dc15a
--- /dev/null
+++ b/latest/wildscribe/subsystem/jpa/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
default-extended-persistence-inheritance Controls how Jakarta Persistence extended persistence context (XPC) inheritance is performed. 'DEEP' shares the extended persistence context at top bean level. 'SHALLOW' the extended persistece context is only shared with the parent bean (never with sibling beans).
Controls how Jakarta Persistence extended persistence context (XPC) inheritance is performed. 'DEEP' shares the extended persistence context at top bean level. 'SHALLOW' the extended persistece context is only shared with the parent bean (never with sibling beans).
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/jsf/index.html b/latest/wildscribe/subsystem/jsf/index.html
new file mode 100644
index 000000000..533f1e620
--- /dev/null
+++ b/latest/wildscribe/subsystem/jsf/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
disallow-doctype-decl Specifies whether or not DOCTYPE declarations in Jakarta Server Faces deployments should be disallowed. This setting can be overridden at the deployment level.
Specifies whether or not DOCTYPE declarations in Jakarta Server Faces deployments should be disallowed. This setting can be overridden at the deployment level.
list-active-jsf-impls List the Jakarta Server Faces implementation slots installed on the installation being queried. Note that in a managed domain, reading this information from different hosts can result in different results, since different hosts can have different modules installed.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/async-handler/index.html b/latest/wildscribe/subsystem/logging/async-handler/index.html
new file mode 100644
index 000000000..790e0f9eb
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/async-handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
level
STRING
false
true
ALL
The log level specifying which message levels will be logged by this handler. Message levels lower than this value will be discarded.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
queue-length
INT
true
true
The queue length to use before flushing writing
overflow-action
STRING
false
true
BLOCK
Specify what action to take when the overflowing. The valid options are 'block' and 'discard'
subhandlers
LIST
false
false
The Handlers associated with this async handler.
filter
OBJECT
false
false
Defines a simple filter type.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/console-handler/index.html b/latest/wildscribe/subsystem/logging/console-handler/index.html
new file mode 100644
index 000000000..df2d25472
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/console-handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
enabled
BOOLEAN
false
true
true
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
autoflush
BOOLEAN
false
true
true
Automatically flush after each write.
target
STRING
false
true
System.out
Defines the target of the console handler. The value can be System.out, System.err or console.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
filter
OBJECT
false
false
Defines a simple filter type.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/custom-formatter/index.html b/latest/wildscribe/subsystem/logging/custom-formatter/index.html
new file mode 100644
index 000000000..9b595390b
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/custom-formatter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A custom formatter to be used with handlers. Note that most log records are formatted in the printf format. Formatters may require invocation of the org.jboss.logmanager.ExtLogRecord#getFormattedMessage() for the message to be properly formatted.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/custom-handler/index.html b/latest/wildscribe/subsystem/logging/custom-handler/index.html
new file mode 100644
index 000000000..2070d2508
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/custom-handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
enabled
BOOLEAN
false
true
true
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
class
STRING
true
false
The logging handler class to be used.
module
STRING
true
false
The module that the logging handler depends on.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
properties
OBJECT
false
true
Defines the properties used for the logging handler. All properties must be accessible via a setter method.
filter
OBJECT
false
false
Defines a simple filter type.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/file-handler/index.html b/latest/wildscribe/subsystem/logging/file-handler/index.html
new file mode 100644
index 000000000..98ff82aa8
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/file-handler/index.html
@@ -0,0 +1,45 @@
+ WildFly Full 29 Model Reference
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
enabled
BOOLEAN
false
true
true
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
autoflush
BOOLEAN
false
true
true
Automatically flush after each write.
append
BOOLEAN
false
true
true
Specify whether to append to the target file.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
filter
OBJECT
false
false
Defines a simple filter type.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/filter/index.html b/latest/wildscribe/subsystem/logging/filter/index.html
new file mode 100644
index 000000000..ffb457772
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/filter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A filter to be used with handlers and loggers. Please note the name of the filter should start with an alpha character and not contain any special characters. The following names are considered reserved names; accept, deny, not, all, any, levelChange, levels, levelRange, match, substitute, substituteAll.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/index.html b/latest/wildscribe/subsystem/logging/index.html
new file mode 100644
index 000000000..7cc5a12be
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/index.html
@@ -0,0 +1,27 @@
+ WildFly Full 29 Model Reference
async-handler It defines a handler which writes to the sub-handlers in an asynchronous thread, used for handlers which introduce a substantial amount of lag.
console-handler Defines a handler which writes to the console.
custom-formatter A custom formatter to be used with handlers. Note that most log records are formatted in the printf format. Formatters may require invocation of the org.jboss.logmanager.ExtLogRecord#getFormattedMessage() for the message to be properly formatted.
custom-handler Defines a custom logging handler. The custom handler must extend java.util.logging.Handler.
file-handler Defines a handler which writes to a file.
filter A filter to be used with handlers and loggers. Please note the name of the filter should start with an alpha character and not contain any special characters. The following names are considered reserved names; accept, deny, not, all, any, levelChange, levels, levelRange, match, substitute, substituteAll.
json-formatter A formatter that formats log messages in JSON.
periodic-rotating-file-handler It defines a handler which writes to a file, rotating the log after a time period derived from the given suffix string, which should be in a format understood by java.text.SimpleDateFormat.
periodic-size-rotating-file-handler It defines a handler which writes to a file, rotating the log after a time period derived from the given suffix string or after the size of the file grows beyond a certain point and keeping a fixed number of backups. The suffix should be in a format understood by the java.text.SimpleDateFormat. Any backups rotated by the suffix will not be purged during a size rotation.
root-logger Defines the root logger for this log context.
ROOT Defines the root logger for this log context.
size-rotating-file-handler Defines a handler which writes to a file, rotating the log after the size of the file grows beyond a certain point and keeping a fixed number of backups.
socket-handler It defines a handler which writes to a socket. Note that a socket-handler will queue messages during the boot process. These messages will be drained to the socket once the resource is fully configured. If the server is in an admin-only state, messages will be discarded.
xml-formatter A formatter that formats log messages in XML.
Attributes (2)
add-logging-api-dependencies Indicates whether or not logging API dependencies should be added to deployments during the deployment process. A value of true will add the dependencies to the deployment. A value of false will skip the deployment from being processed for logging API dependencies.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-deployment-logging-config Indicates whether or not deployments should use a logging configuration file found in the deployment to configure the log manager. If set to true and a logging configuration file is found in the deployment's META-INF or WEB-INF/classes directory, then a log manager will be configured with those settings. If set to false, the server's logging configuration will be used regardless of any logging configuration files supplied in the deployment.
Indicates whether or not logging API dependencies should be added to deployments during the deployment process. A value of true will add the dependencies to the deployment. A value of false will skip the deployment from being processed for logging API dependencies.
use-deployment-logging-config
BOOLEAN
false
true
true
Indicates whether or not deployments should use a logging configuration file found in the deployment to configure the log manager. If set to true and a logging configuration file is found in the deployment's META-INF or WEB-INF/classes directory, then a log manager will be configured with those settings. If set to false, the server's logging configuration will be used regardless of any logging configuration files supplied in the deployment.
list-log-files Lists the log files in the jboss.server.log.dir directory that are defined on a file-handler, periodic-rotating-file-handler or size-rotating-file-handler.
Deprecated Since 3.0.0
Use the log-file resource to see the available log files.
Reply properties
type
LIST
Value Type
{
+ "file-name" => {
+ "type" => STRING,
+ "description" => "The name of the file.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "file-size" => {
+ "type" => LONG,
+ "description" => "The size of the log file in bytes.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false
+ },
+ "last-modified-date" => {
+ "type" => STRING,
+ "description" => "The date the file was last modified.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ }
+}
read-log-file Reads the contents of a log file. The file must be in the jboss.server.log.dir and must be defined as a file-handler, periodic-rotating-file-handler or size-rotating-file-handler.
Deprecated Since 3.0.0
Use the log-file resource to read the log file.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
name
STRING
true
true
The name of the log file to read. This file must exist in the jboss.server.log.dir.
encoding
STRING
false
true
The character encoding used to read the file.
lines
INT
false
true
10
The number of lines to read from the file. A value of -1 will read all log lines.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/json-formatter/index.html b/latest/wildscribe/subsystem/logging/json-formatter/index.html
new file mode 100644
index 000000000..8f3994444
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/json-formatter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
date-format The date/time format pattern. The pattern must be a valid java.time.format.DateTimeFormatter.ofPattern() pattern. The default pattern is an ISO-8601 extended offset date-time format.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
exception-output-type Indicates how the cause of the logged message, if one is available, will be added to the JSON output.
Attribute
Value
Default Value
detailed
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
detailed formatted detailed-and-formatted
key-overrides Allows the names of the keys for the JSON properties to be overridden.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
resource-services
meta-data Sets the meta data to use in the JSON format. Properties will be added to each log message.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
pretty-print Indicates whether or not pretty printing should be used when formatting.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
print-details Sets whether or not details should be printed. Printing the details can be expensive as the values are retrieved from the caller. The details include the source class name, source file name, source method name, source module name, source module version and source line number.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
record-delimiter The value to be used to indicate the end of a record. If set to null no delimiter will be used at the end of the record. The default value is a line feed.
Attribute
Value
Default Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
zone-id The zone ID for formatting the date and time. The system default is used if left undefined.
The date/time format pattern. The pattern must be a valid java.time.format.DateTimeFormatter.ofPattern() pattern. The default pattern is an ISO-8601 extended offset date-time format.
exception-output-type
STRING
false
true
detailed
Indicates how the cause of the logged message, if one is available, will be added to the JSON output.
key-overrides
OBJECT
false
false
Allows the names of the keys for the JSON properties to be overridden.
meta-data
OBJECT
false
false
Sets the meta data to use in the JSON format. Properties will be added to each log message.
pretty-print
BOOLEAN
false
true
false
Indicates whether or not pretty printing should be used when formatting.
print-details
BOOLEAN
false
true
false
Sets whether or not details should be printed. Printing the details can be expensive as the values are retrieved from the caller. The details include the source class name, source file name, source method name, source module name, source module version and source line number.
record-delimiter
STRING
false
true
The value to be used to indicate the end of a record. If set to null no delimiter will be used at the end of the record. The default value is a line feed.
zone-id
STRING
false
true
The zone ID for formatting the date and time. The system default is used if left undefined.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/log-file/index.html b/latest/wildscribe/subsystem/logging/log-file/index.html
new file mode 100644
index 000000000..d8b47b8aa
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/log-file/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
stream Provides the server log as a response attachment. The response result value is the unique id of the attachment.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (1)
read-log-file Reads the contents of a log file. The file must be in the jboss.server.log.dir and must be defined as a file-handler, periodic-rotating-file-handler or size-rotating-file-handler.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
encoding
STRING
false
true
The character encoding used to read the file.
lines
INT
false
true
10
The number of lines to read from the file. A value of -1 will read all log lines.
skip
INT
false
true
0
The number of lines to skip before reading.
tail
BOOLEAN
false
true
true
Reads from the end of the file.
Reply properties
type
LIST
Value Type
STRING
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/logger/index.html b/latest/wildscribe/subsystem/logging/logger/index.html
new file mode 100644
index 000000000..89e2946a7
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/logger/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/logging-profile/async-handler/index.html b/latest/wildscribe/subsystem/logging/logging-profile/async-handler/index.html
new file mode 100644
index 000000000..e41448a70
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/logging-profile/async-handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
level
STRING
false
true
ALL
The log level specifying which message levels will be logged by this handler. Message levels lower than this value will be discarded.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
queue-length
INT
true
true
The queue length to use before flushing writing
overflow-action
STRING
false
true
BLOCK
Specify what action to take when the overflowing. The valid options are 'block' and 'discard'
subhandlers
LIST
false
false
The Handlers associated with this async handler.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/logging-profile/console-handler/index.html b/latest/wildscribe/subsystem/logging/logging-profile/console-handler/index.html
new file mode 100644
index 000000000..431688385
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/logging-profile/console-handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
enabled
BOOLEAN
false
true
true
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
autoflush
BOOLEAN
false
true
true
Automatically flush after each write.
target
STRING
false
true
System.out
Defines the target of the console handler. The value can be System.out, System.err or console.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/logging-profile/custom-formatter/index.html b/latest/wildscribe/subsystem/logging/logging-profile/custom-formatter/index.html
new file mode 100644
index 000000000..21b306172
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/logging-profile/custom-formatter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A custom formatter to be used with handlers. Note that most log records are formatted in the printf format. Formatters may require invocation of the org.jboss.logmanager.ExtLogRecord#getFormattedMessage() for the message to be properly formatted.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/logging-profile/custom-handler/index.html b/latest/wildscribe/subsystem/logging/logging-profile/custom-handler/index.html
new file mode 100644
index 000000000..f397c8357
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/logging-profile/custom-handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
enabled
BOOLEAN
false
true
true
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
class
STRING
true
false
The logging handler class to be used.
module
STRING
true
false
The module that the logging handler depends on.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
properties
OBJECT
false
true
Defines the properties used for the logging handler. All properties must be accessible via a setter method.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/logging-profile/file-handler/index.html b/latest/wildscribe/subsystem/logging/logging-profile/file-handler/index.html
new file mode 100644
index 000000000..377f81b70
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/logging-profile/file-handler/index.html
@@ -0,0 +1,45 @@
+ WildFly Full 29 Model Reference
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
enabled
BOOLEAN
false
true
true
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
autoflush
BOOLEAN
false
true
true
Automatically flush after each write.
append
BOOLEAN
false
true
true
Specify whether to append to the target file.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/logging-profile/filter/index.html b/latest/wildscribe/subsystem/logging/logging-profile/filter/index.html
new file mode 100644
index 000000000..be406cc97
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/logging-profile/filter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A filter to be used with handlers and loggers. Please note the name of the filter should start with an alpha character and not contain any special characters. The following names are considered reserved names; accept, deny, not, all, any, levelChange, levels, levelRange, match, substitute, substituteAll.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/logging-profile/index.html b/latest/wildscribe/subsystem/logging/logging-profile/index.html
new file mode 100644
index 000000000..4621d707b
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/logging-profile/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
async-handler It defines a handler which writes to the sub-handlers in an asynchronous thread, used for handlers which introduce a substantial amount of lag.
console-handler Defines a handler which writes to the console.
custom-formatter A custom formatter to be used with handlers. Note that most log records are formatted in the printf format. Formatters may require invocation of the org.jboss.logmanager.ExtLogRecord#getFormattedMessage() for the message to be properly formatted.
custom-handler Defines a custom logging handler. The custom handler must extend java.util.logging.Handler.
file-handler Defines a handler which writes to a file.
filter A filter to be used with handlers and loggers. Please note the name of the filter should start with an alpha character and not contain any special characters. The following names are considered reserved names; accept, deny, not, all, any, levelChange, levels, levelRange, match, substitute, substituteAll.
json-formatter A formatter that formats log messages in JSON.
periodic-rotating-file-handler It defines a handler which writes to a file, rotating the log after a time period derived from the given suffix string, which should be in a format understood by java.text.SimpleDateFormat.
periodic-size-rotating-file-handler It defines a handler which writes to a file, rotating the log after a time period derived from the given suffix string or after the size of the file grows beyond a certain point and keeping a fixed number of backups. The suffix should be in a format understood by the java.text.SimpleDateFormat. Any backups rotated by the suffix will not be purged during a size rotation.
root-logger Defines the root logger for this log context.
ROOT Defines the root logger for this log context.
size-rotating-file-handler Defines a handler which writes to a file, rotating the log after the size of the file grows beyond a certain point and keeping a fixed number of backups.
socket-handler It defines a handler which writes to a socket. Note that a socket-handler will queue messages during the boot process. These messages will be drained to the socket once the resource is fully configured. If the server is in an admin-only state, messages will be discarded.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/logging-profile/json-formatter/index.html b/latest/wildscribe/subsystem/logging/logging-profile/json-formatter/index.html
new file mode 100644
index 000000000..c80b8e4b2
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/logging-profile/json-formatter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
date-format The date/time format pattern. The pattern must be a valid java.time.format.DateTimeFormatter.ofPattern() pattern. The default pattern is an ISO-8601 extended offset date-time format.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
exception-output-type Indicates how the cause of the logged message, if one is available, will be added to the JSON output.
Attribute
Value
Default Value
detailed
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
detailed formatted detailed-and-formatted
key-overrides Allows the names of the keys for the JSON properties to be overridden.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
resource-services
meta-data Sets the meta data to use in the JSON format. Properties will be added to each log message.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
pretty-print Indicates whether or not pretty printing should be used when formatting.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
print-details Sets whether or not details should be printed. Printing the details can be expensive as the values are retrieved from the caller. The details include the source class name, source file name, source method name, source module name, source module version and source line number.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
record-delimiter The value to be used to indicate the end of a record. If set to null no delimiter will be used at the end of the record. The default value is a line feed.
Attribute
Value
Default Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
zone-id The zone ID for formatting the date and time. The system default is used if left undefined.
The date/time format pattern. The pattern must be a valid java.time.format.DateTimeFormatter.ofPattern() pattern. The default pattern is an ISO-8601 extended offset date-time format.
exception-output-type
STRING
false
true
detailed
Indicates how the cause of the logged message, if one is available, will be added to the JSON output.
key-overrides
OBJECT
false
false
Allows the names of the keys for the JSON properties to be overridden.
meta-data
OBJECT
false
false
Sets the meta data to use in the JSON format. Properties will be added to each log message.
pretty-print
BOOLEAN
false
true
false
Indicates whether or not pretty printing should be used when formatting.
print-details
BOOLEAN
false
true
false
Sets whether or not details should be printed. Printing the details can be expensive as the values are retrieved from the caller. The details include the source class name, source file name, source method name, source module name, source module version and source line number.
record-delimiter
STRING
false
true
The value to be used to indicate the end of a record. If set to null no delimiter will be used at the end of the record. The default value is a line feed.
zone-id
STRING
false
true
The zone ID for formatting the date and time. The system default is used if left undefined.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/logging-profile/log-file/index.html b/latest/wildscribe/subsystem/logging/logging-profile/log-file/index.html
new file mode 100644
index 000000000..001e64380
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/logging-profile/log-file/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
stream Provides the server log as a response attachment. The response result value is the unique id of the attachment.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (1)
read-log-file Reads the contents of a log file. The file must be in the jboss.server.log.dir and must be defined as a file-handler, periodic-rotating-file-handler or size-rotating-file-handler.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
encoding
STRING
false
true
The character encoding used to read the file.
lines
INT
false
true
10
The number of lines to read from the file. A value of -1 will read all log lines.
skip
INT
false
true
0
The number of lines to skip before reading.
tail
BOOLEAN
false
true
true
Reads from the end of the file.
Reply properties
type
LIST
Value Type
STRING
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/logging-profile/logger/index.html b/latest/wildscribe/subsystem/logging/logging-profile/logger/index.html
new file mode 100644
index 000000000..3c0f6bd93
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/logging-profile/logger/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/logging-profile/pattern-formatter/index.html b/latest/wildscribe/subsystem/logging/logging-profile/pattern-formatter/index.html
new file mode 100644
index 000000000..c358a5c20
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/logging-profile/pattern-formatter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
color-map The color-map attribute allows for a comma delimited list of colors to be used for different levels with a pattern formatter. The format for the color mapping pattern is level-name:color-name.Valid Levels; severe, fatal, error, warn, warning, info, debug, trace, config, fine, finer, finest Valid Colors; black, green, red, yellow, blue, magenta, cyan, white, brightblack, brightred, brightgreen, brightblue, brightyellow, brightmagenta, brightcyan, brightwhite
The color-map attribute allows for a comma delimited list of colors to be used for different levels with a pattern formatter. The format for the color mapping pattern is level-name:color-name.Valid Levels; severe, fatal, error, warn, warning, info, debug, trace, config, fine, finer, finest Valid Colors; black, green, red, yellow, blue, magenta, cyan, white, brightblack, brightred, brightgreen, brightblue, brightyellow, brightmagenta, brightcyan, brightwhite
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/logging-profile/periodic-rotating-file-handler/index.html b/latest/wildscribe/subsystem/logging/logging-profile/periodic-rotating-file-handler/index.html
new file mode 100644
index 000000000..b43b8de0b
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/logging-profile/periodic-rotating-file-handler/index.html
@@ -0,0 +1,45 @@
+ WildFly Full 29 Model Reference
It defines a handler which writes to a file, rotating the log after a time period derived from the given suffix string, which should be in a format understood by java.text.SimpleDateFormat.
suffix Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
level
STRING
false
true
ALL
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
name
STRING
false
false
The name of the handler.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
suffix
STRING
true
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
Use the write-attribute for the enabled attribute.
path-info Obtain the informations for a filesystem path.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
unit
STRING
false
false
BYTES
Disk space unit to display disk usage.
Reply properties
Filesystem path for which to obtain disk usage.
type
OBJECT
Value Type
{
+ "used-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of the contents of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ },
+ "creation-time" => {
+ "type" => STRING,
+ "description" => "The creation time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "last-modified" => {
+ "type" => STRING,
+ "description" => "The last modified time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "resolved-path" => {
+ "type" => STRING,
+ "description" => "The resolved filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "available-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of available space for the partition containing a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ }
+}
remove Removes the periodic rotating file handler.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
enabled
BOOLEAN
false
true
true
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
autoflush
BOOLEAN
false
true
true
Automatically flush after each write.
append
BOOLEAN
false
true
true
Specify whether to append to the target file.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
suffix
STRING
true
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/logging-profile/periodic-size-rotating-file-handler/index.html b/latest/wildscribe/subsystem/logging/logging-profile/periodic-size-rotating-file-handler/index.html
new file mode 100644
index 000000000..a9ed2e2f6
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/logging-profile/periodic-size-rotating-file-handler/index.html
@@ -0,0 +1,45 @@
+ WildFly Full 29 Model Reference
It defines a handler which writes to a file, rotating the log after a time period derived from the given suffix string or after the size of the file grows beyond a certain point and keeping a fixed number of backups. The suffix should be in a format understood by the java.text.SimpleDateFormat. Any backups rotated by the suffix will not be purged during a size rotation.
rotate-on-boot Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
rotate-size The size at which to rotate the log file.
Attribute
Value
Default Value
2m
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
suffix Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (4)
add Adds a new periodic size rotating file handler.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
append
BOOLEAN
false
true
true
Specify whether to append to the target file.
autoflush
BOOLEAN
false
true
true
Automatically flush after each write.
enabled
BOOLEAN
false
true
true
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
level
STRING
false
true
ALL
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
max-backup-index
INT
false
true
1
The maximum number of backups to keep.
name
STRING
false
false
The name of the handler.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
rotate-on-boot
BOOLEAN
false
true
false
Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
rotate-size
STRING
false
true
2m
The size at which to rotate the log file.
suffix
STRING
true
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
path-info Obtain the informations for a filesystem path.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
unit
STRING
false
false
BYTES
Disk space unit to display disk usage.
Reply properties
Filesystem path for which to obtain disk usage.
type
OBJECT
Value Type
{
+ "used-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of the contents of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ },
+ "creation-time" => {
+ "type" => STRING,
+ "description" => "The creation time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "last-modified" => {
+ "type" => STRING,
+ "description" => "The last modified time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "resolved-path" => {
+ "type" => STRING,
+ "description" => "The resolved filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "available-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of available space for the partition containing a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ }
+}
remove Removes the periodic size rotating file handler.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
type
STRING
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/logging-profile/root-logger/ROOT/index.html b/latest/wildscribe/subsystem/logging/logging-profile/root-logger/ROOT/index.html
new file mode 100644
index 000000000..2a390c156
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/logging-profile/root-logger/ROOT/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
level
STRING
false
true
ALL
The log level specifying which message levels will be logged by the root logger. Message levels lower than this value will be discarded.
handlers
LIST
false
false
The handlers associated with the root logger.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/logging-profile/size-rotating-file-handler/index.html b/latest/wildscribe/subsystem/logging/logging-profile/size-rotating-file-handler/index.html
new file mode 100644
index 000000000..267f3999d
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/logging-profile/size-rotating-file-handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Defines a handler which writes to a file, rotating the log after the size of the file grows beyond a certain point and keeping a fixed number of backups.
rotate-on-boot Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
rotate-size The size at which to rotate the log file.
Attribute
Value
Default Value
2m
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
suffix Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The suffix does not determine when the file should be rotated.
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
level
STRING
false
true
ALL
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
max-backup-index
INT
false
true
1
The maximum number of backups to keep.
name
STRING
false
false
The name of the handler.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
rotate-on-boot
BOOLEAN
false
true
false
Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
rotate-size
STRING
false
true
2m
The size at which to rotate the log file.
suffix
STRING
false
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The suffix does not determine when the file should be rotated.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
enabled
BOOLEAN
false
true
true
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
autoflush
BOOLEAN
false
true
true
Automatically flush after each write.
append
BOOLEAN
false
true
true
Specify whether to append to the target file.
max-backup-index
INT
false
true
1
The maximum number of backups to keep.
rotate-size
STRING
false
true
2m
The size at which to rotate the log file.
rotate-on-boot
BOOLEAN
false
true
false
Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
suffix
STRING
false
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The suffix does not determine when the file should be rotated.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/logging-profile/socket-handler/index.html b/latest/wildscribe/subsystem/logging/logging-profile/socket-handler/index.html
new file mode 100644
index 000000000..209940c79
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/logging-profile/socket-handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
It defines a handler which writes to a socket. Note that a socket-handler will queue messages during the boot process. These messages will be drained to the socket once the resource is fully configured. If the server is in an admin-only state, messages will be discarded.
block-on-reconnect If set to true the write methods will block when attempting to reconnect. This is only advisable to be set to true if using an asynchronous handler.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enabled If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
encoding The character encoding used by this Handler.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
filter-spec A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/logging-profile/syslog-handler/index.html b/latest/wildscribe/subsystem/logging/logging-profile/syslog-handler/index.html
new file mode 100644
index 000000000..ae1494807
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/logging-profile/syslog-handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/logging-profile/xml-formatter/index.html b/latest/wildscribe/subsystem/logging/logging-profile/xml-formatter/index.html
new file mode 100644
index 000000000..d29a5744c
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/logging-profile/xml-formatter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
date-format The date/time format pattern. The pattern must be a valid java.time.format.DateTimeFormatter.ofPattern() pattern. The default pattern is an ISO-8601 extended offset date-time format.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
exception-output-type Indicates how the cause of the logged message, if one is available, will be added to the XML output.
Attribute
Value
Default Value
detailed
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
detailed formatted detailed-and-formatted
key-overrides Allows the names of the keys for the XML properties to be overridden.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
resource-services
meta-data Sets the meta data to use in the XML format. Properties will be added to each log message.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
namespace-uri Sets the namespace URI used for each record if print-namespace attribute is true. Note that if no namespace-uri is defined and there are overridden keys no namespace will be written regardless if the print-namespace attribute is set to true.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
pretty-print Indicates whether or not pretty printing should be used when formatting.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
print-details Sets whether or not details should be printed. Printing the details can be expensive as the values are retrieved from the caller. The details include the source class name, source file name, source method name, source module name, source module version and source line number.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
print-namespace Turns on or off the printing of the namespace for each . This is set to false by default.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
record-delimiter The value to be used to indicate the end of a record. If set to null no delimiter will be used at the end of the record. The default value is a line feed.
Attribute
Value
Default Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
zone-id The zone ID for formatting the date and time. The system default is used if left undefined.
The date/time format pattern. The pattern must be a valid java.time.format.DateTimeFormatter.ofPattern() pattern. The default pattern is an ISO-8601 extended offset date-time format.
exception-output-type
STRING
false
true
detailed
Indicates how the cause of the logged message, if one is available, will be added to the XML output.
key-overrides
OBJECT
false
false
Allows the names of the keys for the XML properties to be overridden.
meta-data
OBJECT
false
false
Sets the meta data to use in the XML format. Properties will be added to each log message.
namespace-uri
STRING
false
true
Sets the namespace URI used for each record if print-namespace attribute is true. Note that if no namespace-uri is defined and there are overridden keys no namespace will be written regardless if the print-namespace attribute is set to true.
pretty-print
BOOLEAN
false
true
false
Indicates whether or not pretty printing should be used when formatting.
print-details
BOOLEAN
false
true
false
Sets whether or not details should be printed. Printing the details can be expensive as the values are retrieved from the caller. The details include the source class name, source file name, source method name, source module name, source module version and source line number.
print-namespace
BOOLEAN
false
true
false
Turns on or off the printing of the namespace for each . This is set to false by default.
record-delimiter
STRING
false
true
The value to be used to indicate the end of a record. If set to null no delimiter will be used at the end of the record. The default value is a line feed.
zone-id
STRING
false
true
The zone ID for formatting the date and time. The system default is used if left undefined.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/pattern-formatter/index.html b/latest/wildscribe/subsystem/logging/pattern-formatter/index.html
new file mode 100644
index 000000000..97c82b3cb
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/pattern-formatter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
color-map The color-map attribute allows for a comma delimited list of colors to be used for different levels with a pattern formatter. The format for the color mapping pattern is level-name:color-name.Valid Levels; severe, fatal, error, warn, warning, info, debug, trace, config, fine, finer, finest Valid Colors; black, green, red, yellow, blue, magenta, cyan, white, brightblack, brightred, brightgreen, brightblue, brightyellow, brightmagenta, brightcyan, brightwhite
The color-map attribute allows for a comma delimited list of colors to be used for different levels with a pattern formatter. The format for the color mapping pattern is level-name:color-name.Valid Levels; severe, fatal, error, warn, warning, info, debug, trace, config, fine, finer, finest Valid Colors; black, green, red, yellow, blue, magenta, cyan, white, brightblack, brightred, brightgreen, brightblue, brightyellow, brightmagenta, brightcyan, brightwhite
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/periodic-rotating-file-handler/index.html b/latest/wildscribe/subsystem/logging/periodic-rotating-file-handler/index.html
new file mode 100644
index 000000000..bf2c2027c
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/periodic-rotating-file-handler/index.html
@@ -0,0 +1,45 @@
+ WildFly Full 29 Model Reference
It defines a handler which writes to a file, rotating the log after a time period derived from the given suffix string, which should be in a format understood by java.text.SimpleDateFormat.
suffix Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
filter
OBJECT
false
false
Defines a simple filter type.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
level
STRING
false
true
ALL
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
name
STRING
false
false
The name of the handler.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
suffix
STRING
true
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
Use the write-attribute for the enabled attribute.
path-info Obtain the informations for a filesystem path.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
unit
STRING
false
false
BYTES
Disk space unit to display disk usage.
Reply properties
Filesystem path for which to obtain disk usage.
type
OBJECT
Value Type
{
+ "used-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of the contents of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ },
+ "creation-time" => {
+ "type" => STRING,
+ "description" => "The creation time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "last-modified" => {
+ "type" => STRING,
+ "description" => "The last modified time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "resolved-path" => {
+ "type" => STRING,
+ "description" => "The resolved filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "available-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of available space for the partition containing a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ }
+}
remove Removes the periodic rotating file handler.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
enabled
BOOLEAN
false
true
true
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
autoflush
BOOLEAN
false
true
true
Automatically flush after each write.
append
BOOLEAN
false
true
true
Specify whether to append to the target file.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
suffix
STRING
true
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
filter
OBJECT
false
false
Defines a simple filter type.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/periodic-size-rotating-file-handler/index.html b/latest/wildscribe/subsystem/logging/periodic-size-rotating-file-handler/index.html
new file mode 100644
index 000000000..febb15ce3
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/periodic-size-rotating-file-handler/index.html
@@ -0,0 +1,45 @@
+ WildFly Full 29 Model Reference
It defines a handler which writes to a file, rotating the log after a time period derived from the given suffix string or after the size of the file grows beyond a certain point and keeping a fixed number of backups. The suffix should be in a format understood by the java.text.SimpleDateFormat. Any backups rotated by the suffix will not be purged during a size rotation.
rotate-on-boot Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
rotate-size The size at which to rotate the log file.
Attribute
Value
Default Value
2m
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
suffix Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (4)
add Adds a new periodic size rotating file handler.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
append
BOOLEAN
false
true
true
Specify whether to append to the target file.
autoflush
BOOLEAN
false
true
true
Automatically flush after each write.
enabled
BOOLEAN
false
true
true
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
level
STRING
false
true
ALL
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
max-backup-index
INT
false
true
1
The maximum number of backups to keep.
name
STRING
false
false
The name of the handler.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
rotate-on-boot
BOOLEAN
false
true
false
Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
rotate-size
STRING
false
true
2m
The size at which to rotate the log file.
suffix
STRING
true
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The period of the rotation is automatically calculated based on the suffix.
path-info Obtain the informations for a filesystem path.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
unit
STRING
false
false
BYTES
Disk space unit to display disk usage.
Reply properties
Filesystem path for which to obtain disk usage.
type
OBJECT
Value Type
{
+ "used-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of the contents of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ },
+ "creation-time" => {
+ "type" => STRING,
+ "description" => "The creation time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "last-modified" => {
+ "type" => STRING,
+ "description" => "The last modified time of a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "resolved-path" => {
+ "type" => STRING,
+ "description" => "The resolved filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "min-length" => 1L,
+ "max-length" => 2147483647L
+ },
+ "available-space" => {
+ "type" => DOUBLE,
+ "description" => "The total size of available space for the partition containing a filesystem path.",
+ "expressions-allowed" => false,
+ "required" => true,
+ "nillable" => false,
+ "unit" => "BYTES"
+ }
+}
remove Removes the periodic size rotating file handler.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
type
STRING
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/root-logger/ROOT/index.html b/latest/wildscribe/subsystem/logging/root-logger/ROOT/index.html
new file mode 100644
index 000000000..22a9b6a49
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/root-logger/ROOT/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
level
STRING
false
true
ALL
The log level specifying which message levels will be logged by the root logger. Message levels lower than this value will be discarded.
handlers
LIST
false
false
The handlers associated with the root logger.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/size-rotating-file-handler/index.html b/latest/wildscribe/subsystem/logging/size-rotating-file-handler/index.html
new file mode 100644
index 000000000..eb7d0b78e
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/size-rotating-file-handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Defines a handler which writes to a file, rotating the log after the size of the file grows beyond a certain point and keeping a fixed number of backups.
rotate-on-boot Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
rotate-size The size at which to rotate the log file.
Attribute
Value
Default Value
2m
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
suffix Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The suffix does not determine when the file should be rotated.
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
filter
OBJECT
false
false
Defines a simple filter type.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
level
STRING
false
true
ALL
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
max-backup-index
INT
false
true
1
The maximum number of backups to keep.
name
STRING
false
false
The name of the handler.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
rotate-on-boot
BOOLEAN
false
true
false
Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
rotate-size
STRING
false
true
2m
The size at which to rotate the log file.
suffix
STRING
false
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The suffix does not determine when the file should be rotated.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
The log level specifying which message levels will be logged by this logger. Message levels lower than this value will be discarded.
enabled
BOOLEAN
false
true
true
If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
encoding
STRING
false
true
The character encoding used by this Handler.
formatter
STRING
false
true
%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n
Defines a pattern for the formatter.
filter-spec
STRING
false
true
A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
autoflush
BOOLEAN
false
true
true
Automatically flush after each write.
append
BOOLEAN
false
true
true
Specify whether to append to the target file.
max-backup-index
INT
false
true
1
The maximum number of backups to keep.
rotate-size
STRING
false
true
2m
The size at which to rotate the log file.
rotate-on-boot
BOOLEAN
false
true
false
Indicates the file should be rotated each time the file attribute is changed. This always happens when at initialization time.
named-formatter
STRING
false
false
The name of the defined formatter to be used on the handler.
file
OBJECT
true
false
The file description consisting of the path and optional relative to path.
suffix
STRING
false
true
Set the suffix string. The string is in a format which can be understood by java.text.SimpleDateFormat. The suffix does not determine when the file should be rotated.
filter
OBJECT
false
false
Defines a simple filter type.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/socket-handler/index.html b/latest/wildscribe/subsystem/logging/socket-handler/index.html
new file mode 100644
index 000000000..307aeccfa
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/socket-handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
It defines a handler which writes to a socket. Note that a socket-handler will queue messages during the boot process. These messages will be drained to the socket once the resource is fully configured. If the server is in an admin-only state, messages will be discarded.
block-on-reconnect If set to true the write methods will block when attempting to reconnect. This is only advisable to be set to true if using an asynchronous handler.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enabled If set to true the handler is enabled and functioning as normal, if set to false the handler is ignored when processing log messages.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
encoding The character encoding used by this Handler.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
filter-spec A filter expression value to define a filter. Example for a filter that does not match a pattern: not(match("JBAS.*"))
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/syslog-handler/index.html b/latest/wildscribe/subsystem/logging/syslog-handler/index.html
new file mode 100644
index 000000000..c42bf429d
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/syslog-handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/logging/xml-formatter/index.html b/latest/wildscribe/subsystem/logging/xml-formatter/index.html
new file mode 100644
index 000000000..64328ecde
--- /dev/null
+++ b/latest/wildscribe/subsystem/logging/xml-formatter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
date-format The date/time format pattern. The pattern must be a valid java.time.format.DateTimeFormatter.ofPattern() pattern. The default pattern is an ISO-8601 extended offset date-time format.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
exception-output-type Indicates how the cause of the logged message, if one is available, will be added to the XML output.
Attribute
Value
Default Value
detailed
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
detailed formatted detailed-and-formatted
key-overrides Allows the names of the keys for the XML properties to be overridden.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
resource-services
meta-data Sets the meta data to use in the XML format. Properties will be added to each log message.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
namespace-uri Sets the namespace URI used for each record if print-namespace attribute is true. Note that if no namespace-uri is defined and there are overridden keys no namespace will be written regardless if the print-namespace attribute is set to true.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
pretty-print Indicates whether or not pretty printing should be used when formatting.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
print-details Sets whether or not details should be printed. Printing the details can be expensive as the values are retrieved from the caller. The details include the source class name, source file name, source method name, source module name, source module version and source line number.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
print-namespace Turns on or off the printing of the namespace for each . This is set to false by default.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
record-delimiter The value to be used to indicate the end of a record. If set to null no delimiter will be used at the end of the record. The default value is a line feed.
Attribute
Value
Default Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
zone-id The zone ID for formatting the date and time. The system default is used if left undefined.
The date/time format pattern. The pattern must be a valid java.time.format.DateTimeFormatter.ofPattern() pattern. The default pattern is an ISO-8601 extended offset date-time format.
exception-output-type
STRING
false
true
detailed
Indicates how the cause of the logged message, if one is available, will be added to the XML output.
key-overrides
OBJECT
false
false
Allows the names of the keys for the XML properties to be overridden.
meta-data
OBJECT
false
false
Sets the meta data to use in the XML format. Properties will be added to each log message.
namespace-uri
STRING
false
true
Sets the namespace URI used for each record if print-namespace attribute is true. Note that if no namespace-uri is defined and there are overridden keys no namespace will be written regardless if the print-namespace attribute is set to true.
pretty-print
BOOLEAN
false
true
false
Indicates whether or not pretty printing should be used when formatting.
print-details
BOOLEAN
false
true
false
Sets whether or not details should be printed. Printing the details can be expensive as the values are retrieved from the caller. The details include the source class name, source file name, source method name, source module name, source module version and source line number.
print-namespace
BOOLEAN
false
true
false
Turns on or off the printing of the namespace for each . This is set to false by default.
record-delimiter
STRING
false
true
The value to be used to indicate the end of a record. If set to null no delimiter will be used at the end of the record. The default value is a line feed.
zone-id
STRING
false
true
The zone ID for formatting the date and time. The system default is used if left undefined.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/mail/index.html b/latest/wildscribe/subsystem/mail/index.html
new file mode 100644
index 000000000..e1db985a4
--- /dev/null
+++ b/latest/wildscribe/subsystem/mail/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/mail/mail-session/custom/index.html b/latest/wildscribe/subsystem/mail/mail-session/custom/index.html
new file mode 100644
index 000000000..dee9ef2c7
--- /dev/null
+++ b/latest/wildscribe/subsystem/mail/mail-session/custom/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/mail/mail-session/index.html b/latest/wildscribe/subsystem/mail/mail-session/index.html
new file mode 100644
index 000000000..2e337bb5d
--- /dev/null
+++ b/latest/wildscribe/subsystem/mail/mail-session/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/mail/mail-session/server/imap/index.html b/latest/wildscribe/subsystem/mail/mail-session/server/imap/index.html
new file mode 100644
index 000000000..db471e51e
--- /dev/null
+++ b/latest/wildscribe/subsystem/mail/mail-session/server/imap/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/mail/mail-session/server/pop3/index.html b/latest/wildscribe/subsystem/mail/mail-session/server/pop3/index.html
new file mode 100644
index 000000000..a661c8ae0
--- /dev/null
+++ b/latest/wildscribe/subsystem/mail/mail-session/server/pop3/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/mail/mail-session/server/smtp/index.html b/latest/wildscribe/subsystem/mail/mail-session/server/smtp/index.html
new file mode 100644
index 000000000..f97deec81
--- /dev/null
+++ b/latest/wildscribe/subsystem/mail/mail-session/server/smtp/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/connection-factory/index.html b/latest/wildscribe/subsystem/messaging-activemq/connection-factory/index.html
new file mode 100644
index 000000000..cd13d6691
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/connection-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
protocol-manager-factory The protocol manager factory used by this connection factory (it must implement org.apache.activemq.artemis.spi.core.remoting.ClientProtocolManagerFactory).
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
false
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
true
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
enable-amq1-prefix
BOOLEAN
false
true
true
Enable the use of ActiveMQ 1.5.x prefixes in the addresses.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
factory-type
STRING
false
true
GENERIC
The type of connection factory.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
false
Whether the connection factory supports High Availability.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this connection factory (it must implement org.apache.activemq.artemis.spi.core.remoting.ClientProtocolManagerFactory).
reconnect-attempts
INT
false
true
0
The reconnect attempts.
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/connector/index.html b/latest/wildscribe/subsystem/messaging-activemq/connector/index.html
new file mode 100644
index 000000000..4f8dd8f6d
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/connector/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/discovery-group/index.html b/latest/wildscribe/subsystem/messaging-activemq/discovery-group/index.html
new file mode 100644
index 000000000..470e8e25b
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/discovery-group/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
jgroups-stack References the name of a JGroups channel factory.
Deprecated Since 3.0.0
Deprecated. Use jgroups-channel instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
refresh-timeout Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
Period, in ms, to wait for an initial broadcast to give us at least one node in the cluster.
jgroups-channel
STRING
false
false
References the name of a JGroups channel. If undefined, the default channel will be used.
jgroups-cluster
STRING
false
false
The logical cluster name.
jgroups-stack
STRING
false
false
References the name of a JGroups channel factory.
refresh-timeout
LONG
false
true
10000
Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/external-jms-queue/index.html b/latest/wildscribe/subsystem/messaging-activemq/external-jms-queue/index.html
new file mode 100644
index 000000000..83669ee51
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/external-jms-queue/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/external-jms-topic/index.html b/latest/wildscribe/subsystem/messaging-activemq/external-jms-topic/index.html
new file mode 100644
index 000000000..abaa1ceca
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/external-jms-topic/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/http-connector/index.html b/latest/wildscribe/subsystem/messaging-activemq/http-connector/index.html
new file mode 100644
index 000000000..6fc291c84
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/http-connector/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
endpoint The http-acceptor that serves as the endpoint of this http-connector.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
params A key-value pair understood by the connector factory-class and used to configure it.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
server-name The name of the ActiveMQ Artemis server that will be connected to on the remote server. If undefined, the name of the parent ActiveMQ Artemis server will be used (suitable if the http-connector is used to connect to the parent server)
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
socket-binding The socket binding that the connector will use to create connections
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
ssl-context The SSL context that the connector will use to connect
The http-acceptor that serves as the endpoint of this http-connector.
params
OBJECT
false
true
A key-value pair understood by the connector factory-class and used to configure it.
server-name
STRING
false
false
The name of the ActiveMQ Artemis server that will be connected to on the remote server. If undefined, the name of the parent ActiveMQ Artemis server will be used (suitable if the http-connector is used to connect to the parent server)
socket-binding
STRING
true
false
The socket binding that the connector will use to create connections
ssl-context
STRING
false
false
The SSL context that the connector will use to connect
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/in-vm-connector/index.html b/latest/wildscribe/subsystem/messaging-activemq/in-vm-connector/index.html
new file mode 100644
index 000000000..09331c623
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/in-vm-connector/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/index.html b/latest/wildscribe/subsystem/messaging-activemq/index.html
new file mode 100644
index 000000000..5fc8873e1
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
connector A connector can be used by a client to define how it connects to a server.
discovery-group Multicast group to listen to receive broadcast from other servers announcing their connectors.
external-jms-queue Defines a Jakarta Messaging queue to a remote broker.
external-jms-topic Defines a Jakarta Messaging topic to a remote broker.
http-connector Used by a remote client to define how it connects to a server over HTTP.
in-vm-connector Used by an in-VM client to define how it connects to a server.
jgroups-discovery-group Multicast group to listen to receive broadcast from other servers announcing their connectors using JGroups cluster configuration.
global-client-scheduled-thread-pool-max-size Maximum size of the pool of threads used by all ActiveMQ clients running inside this server. If the attribute is undefined (by default), ActiveMQ will configure it to be 8 x the number of available processors.
add Operation adding the messaging-activemq subsystem
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
global-client-scheduled-thread-pool-max-size
INT
false
true
Maximum size of the pool of threads used by all ActiveMQ clients running inside this server. If the attribute is undefined (by default), ActiveMQ will configure it to be 8 x the number of available processors.
global-client-thread-pool-max-size
INT
false
true
Maximum size of the pool of scheduled threads used by all ActiveMQ clients running inside this server.
remove Operation removing the messaging-activemq subsystem
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/jgroups-discovery-group/index.html b/latest/wildscribe/subsystem/messaging-activemq/jgroups-discovery-group/index.html
new file mode 100644
index 000000000..f57f4f889
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/jgroups-discovery-group/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
refresh-timeout Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
Period, in ms, to wait for an initial broadcast to give us at least one node in the cluster.
jgroups-channel
STRING
false
false
References the name of a JGroups channel. If undefined, the default channel will be used.
jgroups-cluster
STRING
true
false
The logical cluster name.
jgroups-stack
STRING
false
false
References the name of a JGroups channel factory.
refresh-timeout
LONG
false
true
10000
Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/jms-bridge/index.html b/latest/wildscribe/subsystem/messaging-activemq/jms-bridge/index.html
new file mode 100644
index 000000000..3eee7291e
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/jms-bridge/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add-messageID-in-header If true, then the original message's message ID will be appended in the message sent to the destination in the header AMQ_BRIDGE_MSG_ID_LIST. If the message is bridged more than once, each message ID will be appended.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
client-id The Jakarta Messaging client ID to use when creating/looking up the subscription if it is durable and the source destination is a topic.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
failure-retry-interval The amount of time in milliseconds to wait between trying to recreate connections to the source or target servers when the bridge has detected they have failed.
Attribute
Value
Default Value
5000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-batch-size The maximum number of messages to consume from the source destination before sending them in a batch to the target destination. Its value must >= 1.
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-batch-time The maximum number of milliseconds to wait before sending a batch to target, even if the number of messages consumed has not reached max-batch-size. Its value must be -1 to represent 'wait forever', or >= 1 to specify an actual time.
Attribute
Value
Default Value
-1
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-retries The number of times to attempt to recreate connections to the source or target servers when the bridge has detected they have failed. The bridge will give up after trying this number of times. -1 represents 'try forever'.
Attribute
Value
Default Value
-1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
message-count The number of messages successfully committed.
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
module The name of AS7 module containing the resources required to lookup source and target Jakarta Messaging resources.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
paused Whether the Jakarta Messaging bridge is paused.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
quality-of-service The desired quality of service mode (AT_MOST_ONCE, DUPLICATES_OK or ONCE_AND_ONLY_ONCE).
Attribute
Value
Default Value
AT_MOST_ONCE
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
AT_MOST_ONCE DUPLICATES_OK ONCE_AND_ONLY_ONCE
selector A Jakarta Messaging selector expression used for consuming messages from the source destination. Only messages that match the selector expression will be bridged from the source to the target destination.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
source-connection-factory The name of the source connection factory to lookup on the source messaging server.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
source-context The properties used to configure the source JNDI initial context.
If true, then the original message's message ID will be appended in the message sent to the destination in the header AMQ_BRIDGE_MSG_ID_LIST. If the message is bridged more than once, each message ID will be appended.
client-id
STRING
false
true
The Jakarta Messaging client ID to use when creating/looking up the subscription if it is durable and the source destination is a topic.
failure-retry-interval
LONG
false
true
5000
The amount of time in milliseconds to wait between trying to recreate connections to the source or target servers when the bridge has detected they have failed.
max-batch-size
INT
false
true
1
The maximum number of messages to consume from the source destination before sending them in a batch to the target destination. Its value must >= 1.
max-batch-time
LONG
false
true
-1
The maximum number of milliseconds to wait before sending a batch to target, even if the number of messages consumed has not reached max-batch-size. Its value must be -1 to represent 'wait forever', or >= 1 to specify an actual time.
max-retries
INT
false
true
-1
The number of times to attempt to recreate connections to the source or target servers when the bridge has detected they have failed. The bridge will give up after trying this number of times. -1 represents 'try forever'.
module
STRING
true
false
The name of AS7 module containing the resources required to lookup source and target Jakarta Messaging resources.
quality-of-service
STRING
false
true
AT_MOST_ONCE
The desired quality of service mode (AT_MOST_ONCE, DUPLICATES_OK or ONCE_AND_ONLY_ONCE).
selector
STRING
false
true
A Jakarta Messaging selector expression used for consuming messages from the source destination. Only messages that match the selector expression will be bridged from the source to the target destination.
subscription-name
STRING
false
true
The name of the subscription if it is durable and the source destination is a topic.
source-connection-factory
STRING
true
false
The name of the source connection factory to lookup on the source messaging server.
source-context
OBJECT
false
true
The properties used to configure the source JNDI initial context.
source-credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate source connection
source-destination
STRING
true
false
The name of the source destination to lookup on the source messaging server.
source-password
STRING
false
true
The password for creating the source connection.
source-user
STRING
false
true
The name of the user for creating the source connection.
target-connection-factory
STRING
true
false
The name of the target connection factory to lookup on the target messaging server.
target-context
OBJECT
false
true
The properties used to configure the target JNDI initial context.
target-credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate target connection
target-destination
STRING
true
false
The name of the target destination to lookup on the target messaging server.
target-password
STRING
false
true
The password for creating the target connection.
target-user
STRING
false
true
The name of the user for creating the target connection.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/pooled-connection-factory/index.html b/latest/wildscribe/subsystem/messaging-activemq/pooled-connection-factory/index.html
new file mode 100644
index 000000000..f8a51f5e7
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/pooled-connection-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allow-local-transactions Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
credential-reference Credential (from Credential Store) to authenticate the pooled connection factory
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
enable-amq1-prefix Enable the use of ActiveMQ 1.5.x prefixes in the addresses.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enlistment-trace Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
entries The jndi names the connection factory should be bound to.
use-jndi Use JNDI to locate the destination for incoming connections
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-local-tx Use a local transaction for incoming sessions
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
user The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
true
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate the pooled connection factory
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
false
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
enable-amq1-prefix
BOOLEAN
false
true
true
Enable the use of ActiveMQ 1.5.x prefixes in the addresses.
enlistment-trace
BOOLEAN
false
true
Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
true
Whether the connection factory supports High Availability.
initial-connect-attempts
INT
false
true
-1
The number of attempts to connect initially with this factory.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
managed-connection-pool
STRING
false
true
The class name of the managed connection pool used by this pooled-connection-factory.
max-pool-size
INT
false
true
20
The maximum size for the pool
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
min-pool-size
INT
false
true
0
The minimum size for the pool
password
STRING
false
true
The default password to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this pooled connection factory.
reconnect-attempts
INT
false
true
-1
The reconnect attempts. By default, a pooled connection factory will try to reconnect infinitely to the messaging server(s).
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction
STRING
false
true
xa
The type of transaction supported by this pooled connection factory (can be LOCAL, NONE or XA, default is XA).
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-auto-recovery
BOOLEAN
false
true
true
True to use auto recovery.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
user
STRING
false
true
The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
jndi-params
STRING
false
true
The JNDI params to use for locating the destination for incoming connections.
rebalance-connections
BOOLEAN
false
true
false
Rebalance inbound connections when cluster topology changes.
setup-attempts
INT
false
true
The number of times to set up an MDB endpoint
setup-interval
LONG
false
true
The interval between attempts at setting up an MDB endpoint.
use-jndi
BOOLEAN
false
true
Use JNDI to locate the destination for incoming connections
use-local-tx
BOOLEAN
false
true
Use a local transaction for incoming sessions
allow-local-transactions
BOOLEAN
false
true
false
Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/remote-connector/index.html b/latest/wildscribe/subsystem/messaging-activemq/remote-connector/index.html
new file mode 100644
index 000000000..f96fa557d
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/remote-connector/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/acceptor/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/acceptor/index.html
new file mode 100644
index 000000000..4739ff021
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/acceptor/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/address-setting/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/address-setting/index.html
new file mode 100644
index 000000000..ba174c962
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/address-setting/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
An address setting defines some attributes that are defined against an address wildcard rather than a specific queue.
Attributes (25)
address-full-policy Determines what happens when an address where max-size-bytes is specified becomes full. (PAGE, DROP or BLOCK)
Attribute
Value
Default Value
PAGE
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
Allowed Values
DROP PAGE BLOCK FAIL
auto-create-addresses Determines whether ActiveMQ should automatically create an addresses corresponding to the address-settings match when a producer or a consumer is tries to use such a queue.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auto-create-jms-queues Determines whether ActiveMQ should automatically create a Jakarta Messaging queue corresponding to the address-settings match when a Jakarta Messaging producer or a consumer is tries to use such a queue.
Deprecated Since 3.0.0
This attribute is no longer supported by ActiveMQ.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auto-create-queues Determines whether ActiveMQ should automatically create a queue corresponding to the address-settings match when a producer or a consumer is tries to use such a queue.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auto-delete-addresses Determines whether ActiveMQ should automatically delete auto-created addresses when they have no consumers and no messages.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auto-delete-created-queues Determines whether ActiveMQ should automatically delete auto-created queues when they have no consumers and no messages.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auto-delete-jms-queues Determines Whether ActiveMQ should automatically delete auto-created Jakarta Messaging queues when they have no consumers and no messages.
Deprecated Since 3.0.0
This attribute is no longer supported by ActiveMQ.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
auto-delete-queues Determines Whether ActiveMQ should automatically delete auto-created queues when they have no consumers and no messages.
redistribution-delay Defines how long to wait when the last consumer is closed on a queue before redistributing any messages
Attribute
Value
Default Value
-1
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
send-to-dla-on-no-route If this parameter is set to true for that address, if the message is not routed to any queues it will instead be sent to the dead letter address (DLA) for that address, if it exists.
Determines what happens when an address where max-size-bytes is specified becomes full. (PAGE, DROP or BLOCK)
auto-create-addresses
BOOLEAN
false
true
true
Determines whether ActiveMQ should automatically create an addresses corresponding to the address-settings match when a producer or a consumer is tries to use such a queue.
auto-create-jms-queues
BOOLEAN
false
true
false
Determines whether ActiveMQ should automatically create a Jakarta Messaging queue corresponding to the address-settings match when a Jakarta Messaging producer or a consumer is tries to use such a queue.
auto-create-queues
BOOLEAN
false
true
false
Determines whether ActiveMQ should automatically create a queue corresponding to the address-settings match when a producer or a consumer is tries to use such a queue.
auto-delete-addresses
BOOLEAN
false
true
true
Determines whether ActiveMQ should automatically delete auto-created addresses when they have no consumers and no messages.
auto-delete-created-queues
BOOLEAN
false
true
false
Determines whether ActiveMQ should automatically delete auto-created queues when they have no consumers and no messages.
auto-delete-jms-queues
BOOLEAN
false
true
false
Determines Whether ActiveMQ should automatically delete auto-created Jakarta Messaging queues when they have no consumers and no messages.
auto-delete-queues
BOOLEAN
false
true
false
Determines Whether ActiveMQ should automatically delete auto-created queues when they have no consumers and no messages.
dead-letter-address
STRING
false
true
The dead letter address
expiry-address
STRING
false
true
Defines where to send a message that has expired.
expiry-delay
LONG
false
true
-1
Defines the expiration time that will be used for messages using the default expiration time
last-value-queue
BOOLEAN
false
true
false
Defines whether a queue only uses last values or not
max-delivery-attempts
INT
false
true
10
Defines how many time a cancelled message can be redelivered before sending to the dead-letter-address
max-redelivery-delay
LONG
false
true
0
Maximum value for the redelivery-delay (in ms).
max-size-bytes
LONG
false
true
-1
The max bytes size.
message-counter-history-day-limit
INT
false
true
0
Day limit for the message counter history.
page-max-cache-size
INT
false
true
5
The number of page files to keep in memory to optimize IO during paging navigation.
page-size-bytes
INT
false
true
10485760
The paging size.
redelivery-delay
LONG
false
true
0
Defines how long to wait before attempting redelivery of a cancelled message
redelivery-multiplier
DOUBLE
false
true
1.0
Multiplier to apply to the redelivery-delay parameter
redistribution-delay
LONG
false
true
-1
Defines how long to wait when the last consumer is closed on a queue before redistributing any messages
send-to-dla-on-no-route
BOOLEAN
false
true
false
If this parameter is set to true for that address, if the message is not routed to any queues it will instead be sent to the dead letter address (DLA) for that address, if it exists.
slow-consumer-check-period
LONG
false
true
5
How often to check for slow consumers on a particular queue.
slow-consumer-policy
STRING
false
true
NOTIFY
Determine what happens when a slow consumer is identified.
slow-consumer-threshold
LONG
false
true
-1
The minimum rate of message consumption allowed before a consumer is considered slow.
remove Operation removing an existing address-setting
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/bridge/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/bridge/index.html
new file mode 100644
index 000000000..ba48d8b40
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/bridge/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
check-period The period (in milliseconds) between client failure check.
Attribute
Value
Default Value
30000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
confirmation-window-size The confirmation-window-size to use for the connection used to forward messages to the target node.
Attribute
Value
Default Value
10485760
Type
INT
Nillable
true
Expressions Allowed
true
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
connection-ttl The maximum time (in milliseconds) for which the connections used by the bridges are considered alive (in the absence of heartbeat).
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
credential-reference Credential (from Credential Store) to authenticate the bridge
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
discovery-group The name of the discovery group used by this bridge. Must be undefined (null) if 'static-connectors' is defined.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
filter An optional filter string. If specified then only messages which match the filter expression specified will be forwarded. The filter string follows the ActiveMQ filter expression syntax described in the ActiveMQ documentation.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
forwarding-address The address on the target server that the message will be forwarded to. If a forwarding address is not specified then the original destination of the message will be retained.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
ha Whether or not this bridge should support high availability. True means it will connect to any available server in a cluster and support failover.
max-retry-interval The maximum interval of time used to retry connections
Attribute
Value
Default Value
2000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
min-large-message-size The minimum size (in bytes) for a message before it is considered as a large message.
Attribute
Value
Default Value
102400
Type
INT
Nillable
true
Expressions Allowed
true
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
password The password to use when creating the bridge connection to the remote server. If it is not specified the default cluster password specified by the cluster-password attribute in the root messaging subsystem resource will be used.
queue-name The unique name of the local queue that the bridge consumes from.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
reconnect-attempts The total number of reconnect attempts the bridge will make before giving up and shutting down. A value of -1 signifies an unlimited number of attempts.
Attribute
Value
Default Value
-1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
reconnect-attempts-on-same-node The total number of reconnect attempts on the same node the bridge will make before giving up and shutting down. A value of -1 signifies an unlimited number of attempts.
Attribute
Value
Default Value
10
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
retry-interval The period in milliseconds between subsequent reconnection attempts, if the connection to the target server has failed.
Attribute
Value
Default Value
2000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
retry-interval-multiplier A multiplier to apply to the time since the last retry to compute the time to the next retry. This allows you to implement an exponential backoff between retry attempts.
Attribute
Value
Default Value
1.0
Type
DOUBLE
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
routing-type Pass or strip the routing type from the messages the bridge forwards.
static-connectors A list of names of statically defined connectors used by this bridge. Must be undefined (null) if 'discovery-group-name' is defined.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
transformer-class-name The name of a user-defined class which implements the org.apache.activemq.artemis.core.server.cluster.Transformer interface.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-duplicate-detection Whether the bridge will automatically insert a duplicate id property into each message that it forwards.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
user The user name to use when creating the bridge connection to the remote server. If it is not specified the default cluster user specified by the cluster-user attribute in the root messaging subsystem resource will be used.
The period (in milliseconds) between client failure check.
confirmation-window-size
INT
false
true
10485760
The confirmation-window-size to use for the connection used to forward messages to the target node.
connection-ttl
LONG
false
true
60000
The maximum time (in milliseconds) for which the connections used by the bridges are considered alive (in the absence of heartbeat).
credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate the bridge
discovery-group
STRING
true
false
The name of the discovery group used by this bridge. Must be undefined (null) if 'static-connectors' is defined.
filter
STRING
false
true
An optional filter string. If specified then only messages which match the filter expression specified will be forwarded. The filter string follows the ActiveMQ filter expression syntax described in the ActiveMQ documentation.
forwarding-address
STRING
false
true
The address on the target server that the message will be forwarded to. If a forwarding address is not specified then the original destination of the message will be retained.
ha
BOOLEAN
false
true
false
Whether or not this bridge should support high availability. True means it will connect to any available server in a cluster and support failover.
initial-connect-attempts
INT
false
true
-1
The number of attempts to connect initially with this bridge.
max-retry-interval
LONG
false
true
2000
The maximum interval of time used to retry connections
min-large-message-size
INT
false
true
102400
The minimum size (in bytes) for a message before it is considered as a large message.
password
STRING
false
true
CHANGE ME!!
The password to use when creating the bridge connection to the remote server. If it is not specified the default cluster password specified by the cluster-password attribute in the root messaging subsystem resource will be used.
producer-window-size
INT
false
true
-1
Producer flow control size on the bridge.
queue-name
STRING
true
true
The unique name of the local queue that the bridge consumes from.
reconnect-attempts
INT
false
true
-1
The total number of reconnect attempts the bridge will make before giving up and shutting down. A value of -1 signifies an unlimited number of attempts.
reconnect-attempts-on-same-node
INT
false
true
10
The total number of reconnect attempts on the same node the bridge will make before giving up and shutting down. A value of -1 signifies an unlimited number of attempts.
retry-interval
LONG
false
true
2000
The period in milliseconds between subsequent reconnection attempts, if the connection to the target server has failed.
retry-interval-multiplier
DOUBLE
false
true
1.0
A multiplier to apply to the time since the last retry to compute the time to the next retry. This allows you to implement an exponential backoff between retry attempts.
routing-type
STRING
false
true
PASS
Pass or strip the routing type from the messages the bridge forwards.
static-connectors
LIST
true
false
A list of names of statically defined connectors used by this bridge. Must be undefined (null) if 'discovery-group-name' is defined.
transformer-class-name
STRING
false
false
The name of a user-defined class which implements the org.apache.activemq.artemis.core.server.cluster.Transformer interface.
use-duplicate-detection
BOOLEAN
false
true
true
Whether the bridge will automatically insert a duplicate id property into each message that it forwards.
user
STRING
false
true
ACTIVEMQ.CLUSTER.ADMIN.USER
The user name to use when creating the bridge connection to the remote server. If it is not specified the default cluster user specified by the cluster-user attribute in the root messaging subsystem resource will be used.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/broadcast-group/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/broadcast-group/index.html
new file mode 100644
index 000000000..66f8bfa14
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/broadcast-group/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/cluster-connection/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/cluster-connection/index.html
new file mode 100644
index 000000000..4e699917a
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/cluster-connection/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Cluster connections group servers into clusters so that messages can be load balanced between the nodes of the cluster.
Attributes (25)
allow-direct-connections-only Whether, if a node learns of the existence of a node that is more than 1 hop away, we do not create a bridge for direct cluster connection. Only relevant if 'static-connectors' is defined.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
call-failover-timeout The timeout to use when fail over is in process (in ms) for remote calls made by the cluster connection.
Attribute
Value
Default Value
-1
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
call-timeout The timeout (in ms) for remote calls made by the cluster connection.
Attribute
Value
Default Value
30000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
check-period The period (in milliseconds) between client failure check.
Attribute
Value
Default Value
30000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
cluster-connection-address Each cluster connection only applies to messages sent to an address that starts with this value.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
confirmation-window-size The confirmation-window-size to use for the connection used to forward messages to a target node.
Attribute
Value
Default Value
10485760
Type
INT
Nillable
true
Expressions Allowed
true
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
connection-ttl The maximum time (in milliseconds) for which the connections used by the cluster connections are considered alive (in the absence of heartbeat).
Attribute
Value
Default Value
60000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
connector-name The name of connector to use for live connection
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
discovery-group The discovery group used to obtain the list of other servers in the cluster to which this cluster connection will make connections. Must be undefined (null) if 'static-connectors' is defined.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
initial-connect-attempts The number of attempts to connect initially with this cluster connection.
Attribute
Value
Default Value
-1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-hops The maximum number of times a message can be forwarded. ActiveMQ can be configured to also load balance messages to nodes which might be connected to it only indirectly with other ActiveMQ servers as intermediates in a chain.
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-retry-interval The maximum interval of time used to retry connections
reconnect-attempts The total number of reconnect attempts the bridge will make before giving up and shutting down. A value of -1 signifies an unlimited number of attempts.
Attribute
Value
Default Value
-1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
retry-interval The period in milliseconds between subsequent attempts to reconnect to a target server, if the connection to the target server has failed.
Attribute
Value
Default Value
500
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
retry-interval-multiplier A multiplier to apply to the time since the last retry to compute the time to the next retry. This allows you to implement an exponential backoff between retry attempts.
Attribute
Value
Default Value
1.0
Type
DOUBLE
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
started Whether the cluster connection is started.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
static-connectors The statically defined list of connectors to which this cluster connection will make connections. Must be undefined (null) if 'discovery-group-name' is defined.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
topology The topology of the nodes that this cluster connection is aware of.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
use-duplicate-detection Whether the bridge will automatically insert a duplicate id property into each message that it forwards.
Whether, if a node learns of the existence of a node that is more than 1 hop away, we do not create a bridge for direct cluster connection. Only relevant if 'static-connectors' is defined.
call-failover-timeout
LONG
false
true
-1
The timeout to use when fail over is in process (in ms) for remote calls made by the cluster connection.
call-timeout
LONG
false
true
30000
The timeout (in ms) for remote calls made by the cluster connection.
check-period
LONG
false
true
30000
The period (in milliseconds) between client failure check.
cluster-connection-address
STRING
true
true
Each cluster connection only applies to messages sent to an address that starts with this value.
confirmation-window-size
INT
false
true
10485760
The confirmation-window-size to use for the connection used to forward messages to a target node.
connection-ttl
LONG
false
true
60000
The maximum time (in milliseconds) for which the connections used by the cluster connections are considered alive (in the absence of heartbeat).
connector-name
STRING
true
false
The name of connector to use for live connection
discovery-group
STRING
true
false
The discovery group used to obtain the list of other servers in the cluster to which this cluster connection will make connections. Must be undefined (null) if 'static-connectors' is defined.
initial-connect-attempts
INT
false
true
-1
The number of attempts to connect initially with this cluster connection.
max-hops
INT
false
true
1
The maximum number of times a message can be forwarded. ActiveMQ can be configured to also load balance messages to nodes which might be connected to it only indirectly with other ActiveMQ servers as intermediates in a chain.
max-retry-interval
LONG
false
true
2000
The maximum interval of time used to retry connections
message-load-balancing-type
STRING
false
true
ON_DEMAND
The type of message load balancing provided by the cluster connection.
min-large-message-size
INT
false
true
102400
The minimum size (in bytes) for a message before it is considered as a large message.
notification-attempts
INT
false
true
2
How many times the cluster connection will broadcast itself
notification-interval
LONG
false
true
1000
How often the cluster connection will broadcast itself
producer-window-size
INT
false
true
-1
Producer flow control size on the cluster connection.
reconnect-attempts
INT
false
true
-1
The total number of reconnect attempts the bridge will make before giving up and shutting down. A value of -1 signifies an unlimited number of attempts.
retry-interval
LONG
false
true
500
The period in milliseconds between subsequent attempts to reconnect to a target server, if the connection to the target server has failed.
retry-interval-multiplier
DOUBLE
false
true
1.0
A multiplier to apply to the time since the last retry to compute the time to the next retry. This allows you to implement an exponential backoff between retry attempts.
static-connectors
LIST
true
false
The statically defined list of connectors to which this cluster connection will make connections. Must be undefined (null) if 'discovery-group-name' is defined.
use-duplicate-detection
BOOLEAN
false
true
true
Whether the bridge will automatically insert a duplicate id property into each message that it forwards.
get-nodes Returns a map of the nodes connected to this cluster connection, where keys are node IDs and values are the addresses used to connect to the nodes.
Reply properties
A map where keys are node IDs and values are the addresses used to connect to the nodes.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/connection-factory/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/connection-factory/index.html
new file mode 100644
index 000000000..fc75810ce
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/connection-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
protocol-manager-factory The protocol manager factory used by this connection factory (it must implement org.apache.activemq.artemis.spi.core.remoting.ClientProtocolManagerFactory).
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
true
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
true
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
factory-type
STRING
false
true
GENERIC
The type of connection factory.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
false
Whether the connection factory supports High Availability.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this connection factory (it must implement org.apache.activemq.artemis.spi.core.remoting.ClientProtocolManagerFactory).
reconnect-attempts
INT
false
true
0
The reconnect attempts.
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/connector-service/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/connector-service/index.html
new file mode 100644
index 000000000..5fa4763f3
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/connector-service/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/connector/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/connector/index.html
new file mode 100644
index 000000000..88c0b961d
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/connector/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/core-address/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/core-address/index.html
new file mode 100644
index 000000000..002f45440
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/core-address/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A runtime-only resource representing a ActiveMQ "address". Zero or more queues can be bound to a single address. When a message is routed, it is routed to the set of queues bound to the message's address.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
queue-names The names of the queues associated with the address.
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/core-address/role/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/core-address/role/index.html
new file mode 100644
index 000000000..922563620
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/core-address/role/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
manage This permission allows the user to invoke management operations by sending management messages to the management address.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
send This permission allows the user to send a message to matching addresses.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/discovery-group/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/discovery-group/index.html
new file mode 100644
index 000000000..c2384bb8f
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/discovery-group/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
jgroups-stack References the name of a JGroups channel factory.
Deprecated Since 3.0.0
Deprecated. Use jgroups-channel instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
refresh-timeout Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
Period, in ms, to wait for an initial broadcast to give us at least one node in the cluster.
jgroups-channel
STRING
false
false
References the name of a JGroups channel. If undefined, the default channel will be used.
jgroups-cluster
STRING
false
false
The logical cluster name.
jgroups-stack
STRING
false
false
References the name of a JGroups channel factory.
refresh-timeout
LONG
false
true
10000
Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/divert/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/divert/index.html
new file mode 100644
index 000000000..68566ae03
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/divert/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A messaging resource that allows you to transparently divert messages routed to one address to some other address, without making any changes to any client application logic.
exclusive Whether the divert is exclusive, meaning that the message is diverted to the new address, and does not go to the old address at all.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
filter An optional filter string. If specified then only messages which match the filter expression specified will be diverted. The filter string follows the ActiveMQ filter expression syntax described in the ActiveMQ documentation.
Whether the divert is exclusive, meaning that the message is diverted to the new address, and does not go to the old address at all.
filter
STRING
false
true
An optional filter string. If specified then only messages which match the filter expression specified will be diverted. The filter string follows the ActiveMQ filter expression syntax described in the ActiveMQ documentation.
forwarding-address
STRING
true
true
Address to divert to
routing-name
STRING
false
true
Routing name of the divert
transformer-class-name
STRING
false
false
The name of a class used to transform the message's body or properties before it is diverted.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/grouping-handler/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/grouping-handler/index.html
new file mode 100644
index 000000000..e80d7250f
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/grouping-handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Makes decisions about which node in a cluster should handle a message with a group id assigned.
Attributes (5)
group-timeout How long a group binding will be used, -1 means for ever. Bindings are removed after this wait elapses (valid for both LOCAL and REMOTE handlers).
reaper-period How often the reaper will be run to check for timed out group bindings (only valid for LOCAL handlers).
Attribute
Value
Default Value
30000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
timeout How long to wait for a handling decision to be made; an exception will be thrown during the send if this timeout is reached, ensuring that strict ordering is kept.
Attribute
Value
Default Value
5000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
type Whether the handler is the single "Local" handler for the cluster, which makes handling decisions, or a "Remote" handler which converses with the local handler.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Allowed Values
LOCAL REMOTE
Operations (2)
add Operation adding the grouping handler. Only one grouping handler is allowed.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
group-timeout
LONG
false
true
-1
How long a group binding will be used, -1 means for ever. Bindings are removed after this wait elapses (valid for both LOCAL and REMOTE handlers).
grouping-handler-address
STRING
true
true
A reference to a cluster connection and the address it uses.
reaper-period
LONG
false
true
30000
How often the reaper will be run to check for timed out group bindings (only valid for LOCAL handlers).
timeout
LONG
false
true
5000
How long to wait for a handling decision to be made; an exception will be thrown during the send if this timeout is reached, ensuring that strict ordering is kept.
type
STRING
true
true
Whether the handler is the single "Local" handler for the cluster, which makes handling decisions, or a "Remote" handler which converses with the local handler.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/live-only/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/live-only/index.html
new file mode 100644
index 000000000..d17f331a5
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/live-only/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Attributes (5)
scale-down Configure whether this server send its messages to another live server in the scale-down cluster when it is shutdown cleanly.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/configuration/primary/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/configuration/primary/index.html
new file mode 100644
index 000000000..8cbaa6f11
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/configuration/primary/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Attributes (5)
check-for-live-server Whether to check the cluster for another server using the same server ID when starting up.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
cluster-name Name of the cluster used for replication. If it is undefined, the name of the first cluster connection defined in the configuration will be used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
group-name If set, backup servers will only pair with live servers with matching group-name.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/configuration/secondary/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/configuration/secondary/index.html
new file mode 100644
index 000000000..edbfaef9b
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/configuration/secondary/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Attributes (12)
allow-failback Whether a server will automatically stop when a another places a request to take over its place. The use case is when a regular server stops and its backup takes over its duties, later the main server restarts and requests the server (the former backup) to stop operating.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
cluster-name Name of the cluster used for replication. If it is undefined, the name of the first cluster connection defined in the configuration will be used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
group-name If set, backup servers will only pair with live servers with matching group-name.
max-saved-replicated-journal-size This specifies how many times a replicated backup server can restart after moving its files on start. Once there are this number of backup journal files the server will stop permanently after if fails back.
Attribute
Value
Default Value
2
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
restart-backup Will this server, if a backup, restart once it has been stopped because of failback or scaling down.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
scale-down Configure whether this server send its messages to another live server in the scale-down cluster when it is shutdown cleanly.
synchronized-with-live The replication synchronization process with the live server is complete.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (2)
add Add an HA Policy to configure high availability for this ActiveMQ server.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
allow-failback
BOOLEAN
false
true
true
Whether a server will automatically stop when a another places a request to take over its place. The use case is when a regular server stops and its backup takes over its duties, later the main server restarts and requests the server (the former backup) to stop operating.
cluster-name
STRING
false
true
Name of the cluster used for replication. If it is undefined, the name of the first cluster connection defined in the configuration will be used.
group-name
STRING
false
true
If set, backup servers will only pair with live servers with matching group-name.
initial-replication-sync-timeout
LONG
false
true
30000
How long to wait until the initiation replication is synchronized.
max-saved-replicated-journal-size
INT
false
true
2
This specifies how many times a replicated backup server can restart after moving its files on start. Once there are this number of backup journal files the server will stop permanently after if fails back.
restart-backup
BOOLEAN
false
true
true
Will this server, if a backup, restart once it has been stopped because of failback or scaling down.
scale-down
BOOLEAN
false
true
Configure whether this server send its messages to another live server in the scale-down cluster when it is shutdown cleanly.
scale-down-cluster-name
STRING
false
true
Name of the cluster used to scale down.
scale-down-connectors
LIST
false
false
List of connectors used to form the scale-down cluster.
scale-down-discovery-group
STRING
false
false
Name of the discovery group used to build the scale-down cluster
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/index.html
new file mode 100644
index 000000000..023382ca5
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-colocated/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Children (1)
configuration Configuration
primary A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
secondary A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Attributes (6)
backup-port-offset The offset to use for the Connectors and Acceptors when creating a new backup server.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
backup-request-retries How many times the live server will try to request a backup, -1 means for ever.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-primary/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-primary/index.html
new file mode 100644
index 000000000..191403ff6
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-primary/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Attributes (5)
check-for-live-server Whether to check the cluster for another server using the same server ID when starting up.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
cluster-name Name of the cluster used for replication. If it is undefined, the name of the first cluster connection defined in the configuration will be used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
group-name If set, backup servers will only pair with live servers with matching group-name.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-secondary/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-secondary/index.html
new file mode 100644
index 000000000..4fc77f480
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/replication-secondary/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Attributes (12)
allow-failback Whether a server will automatically stop when a another places a request to take over its place. The use case is when a regular server stops and its backup takes over its duties, later the main server restarts and requests the server (the former backup) to stop operating.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
cluster-name Name of the cluster used for replication. If it is undefined, the name of the first cluster connection defined in the configuration will be used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
group-name If set, backup servers will only pair with live servers with matching group-name.
max-saved-replicated-journal-size This specifies how many times a replicated backup server can restart after moving its files on start. Once there are this number of backup journal files the server will stop permanently after if fails back.
Attribute
Value
Default Value
2
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
restart-backup Will this server, if a backup, restart once it has been stopped because of failback or scaling down.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
scale-down Configure whether this server send its messages to another live server in the scale-down cluster when it is shutdown cleanly.
synchronized-with-live The replication synchronization process with the live server is complete.
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
read-only
Operations (2)
add Add an HA Policy to configure high availability for this ActiveMQ server.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
allow-failback
BOOLEAN
false
true
true
Whether a server will automatically stop when a another places a request to take over its place. The use case is when a regular server stops and its backup takes over its duties, later the main server restarts and requests the server (the former backup) to stop operating.
cluster-name
STRING
false
true
Name of the cluster used for replication. If it is undefined, the name of the first cluster connection defined in the configuration will be used.
group-name
STRING
false
true
If set, backup servers will only pair with live servers with matching group-name.
initial-replication-sync-timeout
LONG
false
true
30000
How long to wait until the initiation replication is synchronized.
max-saved-replicated-journal-size
INT
false
true
2
This specifies how many times a replicated backup server can restart after moving its files on start. Once there are this number of backup journal files the server will stop permanently after if fails back.
restart-backup
BOOLEAN
false
true
true
Will this server, if a backup, restart once it has been stopped because of failback or scaling down.
scale-down
BOOLEAN
false
true
Configure whether this server send its messages to another live server in the scale-down cluster when it is shutdown cleanly.
scale-down-cluster-name
STRING
false
true
Name of the cluster used to scale down.
scale-down-connectors
LIST
false
false
List of connectors used to form the scale-down cluster.
scale-down-discovery-group
STRING
false
false
Name of the discovery group used to build the scale-down cluster
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/configuration/primary/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/configuration/primary/index.html
new file mode 100644
index 000000000..0cc006a57
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/configuration/primary/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/configuration/secondary/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/configuration/secondary/index.html
new file mode 100644
index 000000000..aed45da41
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/configuration/secondary/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Attributes (8)
allow-failback Whether a server will automatically stop when a another places a request to take over its place. The use case is when a regular server stops and its backup takes over its duties, later the main server restarts and requests the server (the former backup) to stop operating.
add Add an HA Policy to configure high availability for this ActiveMQ server.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
allow-failback
BOOLEAN
false
true
true
Whether a server will automatically stop when a another places a request to take over its place. The use case is when a regular server stops and its backup takes over its duties, later the main server restarts and requests the server (the former backup) to stop operating.
failover-on-server-shutdown
BOOLEAN
false
true
false
Whether the server must failover when it is normally shutdown.
restart-backup
BOOLEAN
false
true
true
Will this server, if a backup, restart once it has been stopped because of failback or scaling down.
scale-down
BOOLEAN
false
true
Configure whether this server send its messages to another live server in the scale-down cluster when it is shutdown cleanly.
scale-down-cluster-name
STRING
false
true
Name of the cluster used to scale down.
scale-down-connectors
LIST
false
false
List of connectors used to form the scale-down cluster.
scale-down-discovery-group
STRING
false
false
Name of the discovery group used to build the scale-down cluster
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/index.html
new file mode 100644
index 000000000..802c4a954
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-colocated/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Children (1)
configuration Configuration
primary A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
secondary A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Attributes (5)
backup-port-offset The offset to use for the Connectors and Acceptors when creating a new backup server.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
backup-request-retries How many times the live server will try to request a backup, -1 means for ever.
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-primary/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-primary/index.html
new file mode 100644
index 000000000..020b9944e
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-primary/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-secondary/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-secondary/index.html
new file mode 100644
index 000000000..b2e31b0c1
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/ha-policy/shared-store-secondary/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
Attributes (8)
allow-failback Whether a server will automatically stop when a another places a request to take over its place. The use case is when a regular server stops and its backup takes over its duties, later the main server restarts and requests the server (the former backup) to stop operating.
add Add an HA Policy to configure high availability for this ActiveMQ server.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
allow-failback
BOOLEAN
false
true
true
Whether a server will automatically stop when a another places a request to take over its place. The use case is when a regular server stops and its backup takes over its duties, later the main server restarts and requests the server (the former backup) to stop operating.
failover-on-server-shutdown
BOOLEAN
false
true
false
Whether the server must failover when it is normally shutdown.
restart-backup
BOOLEAN
false
true
true
Will this server, if a backup, restart once it has been stopped because of failback or scaling down.
scale-down
BOOLEAN
false
true
Configure whether this server send its messages to another live server in the scale-down cluster when it is shutdown cleanly.
scale-down-cluster-name
STRING
false
true
Name of the cluster used to scale down.
scale-down-connectors
LIST
false
false
List of connectors used to form the scale-down cluster.
scale-down-discovery-group
STRING
false
false
Name of the discovery group used to build the scale-down cluster
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/http-acceptor/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/http-acceptor/index.html
new file mode 100644
index 000000000..d111f256a
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/http-acceptor/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/http-connector/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/http-connector/index.html
new file mode 100644
index 000000000..c8bbd1f76
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/http-connector/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
endpoint The http-acceptor that serves as the endpoint of this http-connector.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
params A key-value pair understood by the connector factory-class and used to configure it.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
server-name The name of the ActiveMQ Artemis server that will be connected to on the remote server. If undefined, the name of the parent ActiveMQ Artemis server will be used (suitable if the http-connector is used to connect to the parent server)
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
socket-binding The socket binding that the connector will use to create connections
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
ssl-context The SSL context that the connector will use to connect
The http-acceptor that serves as the endpoint of this http-connector.
params
OBJECT
false
true
A key-value pair understood by the connector factory-class and used to configure it.
server-name
STRING
false
false
The name of the ActiveMQ Artemis server that will be connected to on the remote server. If undefined, the name of the parent ActiveMQ Artemis server will be used (suitable if the http-connector is used to connect to the parent server)
socket-binding
STRING
true
false
The socket binding that the connector will use to create connections
ssl-context
STRING
false
false
The SSL context that the connector will use to connect
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/in-vm-acceptor/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/in-vm-acceptor/index.html
new file mode 100644
index 000000000..68047fa0c
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/in-vm-acceptor/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/in-vm-connector/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/in-vm-connector/index.html
new file mode 100644
index 000000000..40e443bf7
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/in-vm-connector/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/index.html
new file mode 100644
index 000000000..50a49c3ae
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/index.html
@@ -0,0 +1,320 @@
+ WildFly Full 29 Model Reference
acceptor An acceptor defines a way in which connections can be made to the ActiveMQ server.
address-setting An address setting defines some attributes that are defined against an address wildcard rather than a specific queue.
bridge The function of a bridge is to consume messages from a source queue, and forward them to a target address, typically on a different ActiveMQ server.
broadcast-group A broadcast group is the means by which a server broadcasts connectors over the network.
cluster-connection Cluster connections group servers into clusters so that messages can be load balanced between the nodes of the cluster.
connector A connector can be used by a client to define how it connects to a server.
connector-service A connector service allows to integrate external components with Apache ActiveMQ Artemis to send and receive messages.
core-address A runtime-only resource representing a ActiveMQ "address". Zero or more queues can be bound to a single address. When a message is routed, it is routed to the set of queues bound to the message's address.
discovery-group Multicast group to listen to receive broadcast from other servers announcing their connectors.
divert A messaging resource that allows you to transparently divert messages routed to one address to some other address, without making any changes to any client application logic.
grouping-handler Makes decisions about which node in a cluster should handle a message with a group id assigned.
ha-policy A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
live-only A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
replication-colocated A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
replication-primary A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
replication-secondary A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
shared-store-colocated A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
shared-store-primary A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
shared-store-secondary A messaging resource that allows you to configure High Availability for the ActiveMQ server (the value of ha-policy can be live-only, replication-master, replication-slave, replication-colocated, shared-store-master, shared-store-slave, or shared-store-colocated).
http-acceptor Defines a way in which remote connections can be made to the ActiveMQ server over HTTP.
http-connector Used by a remote client to define how it connects to a server over HTTP.
in-vm-acceptor Defines a way in which in-VM connections can be made to the ActiveMQ server.
in-vm-connector Used by an in-VM client to define how it connects to a server.
jgroups-broadcast-group A broadcast group is the means by which a server broadcasts connectors over the network using JGroups cluster configuration.
jgroups-discovery-group Multicast group to listen to receive broadcast from other servers announcing their connectors using JGroups cluster configuration.
async-connection-execution-enabled Whether incoming packets on the server should be handed off to a thread from the thread pool for processing. False if they should be handled on the remoting thread.
jmx-domain The JMX domain used to register internal ActiveMQ MBeans in the MBeanServer.
Attribute
Value
Default Value
org.apache.activemq.artemis
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
jmx-management-enabled Whether ActiveMQ should expose its internal management API via JMX. This is not recommended, as accessing these MBeans can lead to inconsistent configuration.
journal-database Type of the database (can be used to customize SQL statements). If this attribute is not specified, the type of the database will be determined based on the DataSource metadata.
journal-pool-files The number of journal files that can be reused. ActiveMQ will create as many files as needed however when reclaiming files it will shrink back to the value (-1 means no limit).
Attribute
Value
Default Value
10
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
journal-sync-non-transactional Whether to wait for non transaction data to be synced to the journal before returning a response to the client.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
journal-sync-transactional Whether to wait for transaction data to be synchronized to the journal before returning a response to the client.
perf-blast-pages Number of pages to add to check the journal performance (only meant to be used to test performance of pages).
Deprecated Since 3.0.0
Artemis 2 no longer supports this attribute.
Attribute
Value
Default Value
-1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
persist-delivery-count-before-delivery Whether the delivery count is persisted before delivery. False means that this only happens after a message has been cancelled.
statistics-enabled Whether gathering of statistics such as message counters are enabled.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
thread-pool-max-size The number of threads that the main thread pool has. -1 means no limit.
Attribute
Value
Default Value
30
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
transaction-timeout Default duration before a transaction will be rolled back after create time. If a Transaction Manager is used, this value will be replaced by that of the TM.
How often to scan for addresses and queues which should be deleted.
async-connection-execution-enabled
BOOLEAN
false
true
true
Whether incoming packets on the server should be handed off to a thread from the thread pool for processing. False if they should be handled on the remoting thread.
connection-ttl-override
LONG
false
true
-1
If set, this will override how long (in ms) to keep a connection alive without receiving a ping.
id-cache-size
INT
false
true
20000
The size of the cache for pre-creating message IDs.
incoming-interceptors
LIST
false
false
The list of incoming interceptor classes used by this server.
outgoing-interceptors
LIST
false
false
The list of outgoing interceptor classes used by this server.
page-max-concurrent-io
INT
false
true
5
The maximum number of concurrent reads allowed on paging
persist-delivery-count-before-delivery
BOOLEAN
false
true
false
Whether the delivery count is persisted before delivery. False means that this only happens after a message has been cancelled.
persist-id-cache
BOOLEAN
false
true
true
Whether IDs are persisted to the journal.
persistence-enabled
BOOLEAN
false
true
true
Whether the server will use the file based journal for persistence.
scheduled-thread-pool-max-size
INT
false
true
5
The number of threads that the main scheduled thread pool has.
thread-pool-max-size
INT
false
true
30
The number of threads that the main thread pool has. -1 means no limit.
wild-card-routing-enabled
BOOLEAN
false
true
true
Whether the server supports wild card routing.
cluster-credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate to cluster
cluster-password
STRING
false
true
CHANGE ME!!
The password used by cluster connections to communicate between the clustered nodes.
cluster-user
STRING
false
true
ACTIVEMQ.CLUSTER.ADMIN.USER
The user used by cluster connections to communicate between the clustered nodes.
critical-analyzer-check-period
LONG
false
true
0
Time used to check the response times (defaults to half of critical-analyzer-timeout).
critical-analyzer-enabled
BOOLEAN
false
true
true
To enable or disable the critical analyzer.
critical-analyzer-policy
STRING
false
true
LOG
Should the messaging server log, be halted or shutdown upon failures.
critical-analyzer-timeout
LONG
false
true
120000
Timeout used to do the critical analysis.
memory-measure-interval
LONG
false
true
-1
Frequency to sample JVM memory in ms (or -1 to disable memory sampling)
memory-warning-threshold
INT
false
true
25
Percentage of available memory which if exceeded results in a warning log
perf-blast-pages
INT
false
true
-1
Number of pages to add to check the journal performance (only meant to be used to test performance of pages).
run-sync-speed-test
BOOLEAN
false
true
false
Whether on startup to perform a diagnostic test on how fast your disk can sync. Useful when determining performance issues.
server-dump-interval
LONG
false
true
-1
How often to dump basic runtime information to the server log. A value less than 1 disables this feature.
create-bindings-dir
BOOLEAN
false
true
true
Whether the server should create the bindings directory on start up.
create-journal-dir
BOOLEAN
false
true
true
Whether the server should create the journal directory on start up.
disk-scan-period
INT
false
true
5000
The interval where the disk is scanned for percentual usage.
global-max-disk-usage
INT
false
true
100
The maximum percentage of data we should use from disks. The System will block while the disk is full.
global-max-memory-size
LONG
false
true
-1
Maximum amount of memory which message data may consume.
journal-bindings-table
STRING
false
true
BINDINGS
Name of the JDBC table to store the bindings.
journal-buffer-size
LONG
false
true
The size of the internal buffer on the journal.
journal-buffer-timeout
LONG
false
true
The timeout (in nanoseconds) used to flush internal buffers on the journal.
journal-compact-min-files
INT
false
true
10
The minimal number of journal data files before we can start compacting.
journal-compact-percentage
INT
false
true
30
The percentage of live data on which we consider compacting the journal.
journal-database
STRING
false
true
Type of the database (can be used to customize SQL statements). If this attribute is not specified, the type of the database will be determined based on the DataSource metadata.
journal-datasource
STRING
false
false
Name of the DataSource for the JDBC store.
journal-file-open-timeout
INT
false
true
5
The timeout (in seconds) for opening journal files. Values <= 0 mean fail immediately.
journal-file-size
LONG
false
true
10485760
The size (in bytes) of each journal file.
journal-jdbc-lock-expiration
INT
false
true
20
The time the HA lock is considered valid without keeping it alive.
journal-jdbc-lock-renew-period
INT
false
true
4
The renewal period for the HA lock to keep it alive.
journal-jdbc-network-timeout
INT
false
true
20
The timeout used by the JDBC connection to detect network issues.
journal-jms-bindings-table
STRING
false
true
JMS_BINDINGS
Name of the JDBC table to store the Jakarta Messaging bindings.
journal-large-messages-table
STRING
false
true
LARGE_MESSAGES
Name of the JDBC table to store the large messages.
journal-max-attic-files
INT
false
true
10
The maximum number of journal files stored in the attic in case of corrupted journal files.
journal-max-io
INT
false
true
The maximum number of write requests that can be in the AIO queue at any one time.
journal-messages-table
STRING
false
true
MESSAGES
Name of the JDBC table to store the messages.
journal-min-files
INT
false
true
2
How many journal files to pre-create.
journal-node-manager-store-table
STRING
false
true
NODE_MANAGER_STORE
Name of the JDBC table to store the node manager.
journal-page-store-table
STRING
false
true
PAGE_STORE
Name of the JDBC table to store pages.
journal-pool-files
INT
false
true
10
The number of journal files that can be reused. ActiveMQ will create as many files as needed however when reclaiming files it will shrink back to the value (-1 means no limit).
journal-sync-non-transactional
BOOLEAN
false
true
true
Whether to wait for non transaction data to be synced to the journal before returning a response to the client.
journal-sync-transactional
BOOLEAN
false
true
true
Whether to wait for transaction data to be synchronized to the journal before returning a response to the client.
journal-type
STRING
false
true
ASYNCIO
The type of journal to use.
log-journal-write-rate
BOOLEAN
false
true
false
Whether to periodically log the journal's write rate and flush rate.
jmx-domain
STRING
false
true
org.apache.activemq.artemis
The JMX domain used to register internal ActiveMQ MBeans in the MBeanServer.
jmx-management-enabled
BOOLEAN
false
true
false
Whether ActiveMQ should expose its internal management API via JMX. This is not recommended, as accessing these MBeans can lead to inconsistent configuration.
management-address
STRING
false
true
activemq.management
Address to send management messages to.
management-notification-address
STRING
false
true
activemq.notifications
The name of the address that consumers bind to to receive management notifications.
message-expiry-scan-period
LONG
false
true
30000
How often (in ms) to scan for expired messages.
message-expiry-thread-priority
INT
false
true
3
The priority of the thread expiring messages.
network-check-list
STRING
false
true
This is a comma separated list, no spaces, of DNS or IPs (it should accept IPV6) to be used to validate the network.
network-check-nic
STRING
false
true
The NIC (Network Interface Controller) to be used to validate the network.
network-check-period
LONG
false
true
5000
The frequency of how often we should check if the network is still up.
network-check-ping-command
STRING
false
true
ping -c 1 -t %d %s
The command used to ping IPV4 addresses.
network-check-ping6-command
STRING
false
true
ping6 -c 1 %2$s
The command used to ping IPV6 addresses.
network-check-timeout
LONG
false
true
1000
The timeout used on the ping.
network-check-url-list
STRING
false
true
The list of HTTP URIs to be used to validate the network.
elytron-domain
STRING
false
false
The name of the Elytron security domain used to verify user and role information.
override-in-vm-security
BOOLEAN
false
true
true
Whether the ActiveMQ server will override security credentials for in-vm connections.
security-domain
STRING
false
false
The security domain to use to verify user and role information.
security-enabled
BOOLEAN
false
true
true
Whether security is enabled.
security-invalidation-interval
LONG
false
true
10000
How long (in ms) to wait before invalidating the security cache.
message-counter-max-day-history
INT
false
true
10
How many days to keep message counter history.
message-counter-sample-period
LONG
false
true
10000
The sample period (in ms) to use for message counters.
statistics-enabled
BOOLEAN
false
true
false
Whether gathering of statistics such as message counters are enabled.
transaction-timeout
LONG
false
true
300000
Default duration before a transaction will be rolled back after create time. If a Transaction Manager is used, this value will be replaced by that of the TM.
transaction-timeout-scan-period
LONG
false
true
1000
How often (in ms) to scan for timeout transactions.
close-connections-for-address Closes all the connections of clients connected to this server whose remote address contains the specified IP address.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
ip-address
STRING
true
false
An IP address in string format.
Reply properties
True if any connections were closed, false otherwise.
type
BOOLEAN
close-connections-for-user Closes all the connections of clients connected to this server under the specified user name.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
user
STRING
true
false
An user name.
Reply properties
True if any connections were closed, false otherwise.
A list of strings. The Strings are Base-64 representation of the transaction XID and can be used to heuristically commit or rollback the transactions.
type
LIST
Value Type
STRING
list-producers-info-as-json For all sessions, lists information about message producers using JSON serialization.
Reply properties
A JSON string containing an array of producer details.
type
STRING
list-remote-addresses Lists the addresses of all the clients connected to the given address. If an ip-address argument is supplied, only those clients whose remote address string includes the given ip-address string will be returned.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
ip-address
STRING
false
false
An IP address in string format.
Reply properties
A list of strings, where the strings are remote client addresses.
type
LIST
Value Type
STRING
list-sessions Lists all the sessions IDs for the specified connection ID.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
connection-id
STRING
true
false
The connection id.
Reply properties
A list of strings, where each string is a session ID.
True if the transaction was successfully rolled back, false otherwise.
type
BOOLEAN
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/jgroups-broadcast-group/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/jgroups-broadcast-group/index.html
new file mode 100644
index 000000000..8a2fc184c
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/jgroups-broadcast-group/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/jgroups-discovery-group/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/jgroups-discovery-group/index.html
new file mode 100644
index 000000000..7583505c1
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/jgroups-discovery-group/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
refresh-timeout Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
Period, in ms, to wait for an initial broadcast to give us at least one node in the cluster.
jgroups-channel
STRING
false
false
References the name of a JGroups channel. If undefined, the default channel will be used.
jgroups-cluster
STRING
true
false
The logical cluster name.
jgroups-stack
STRING
false
false
References the name of a JGroups channel factory.
refresh-timeout
LONG
false
true
10000
Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/jms-queue/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/jms-queue/index.html
new file mode 100644
index 000000000..c374eadba
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/jms-queue/index.html
@@ -0,0 +1,159 @@
+ WildFly Full 29 Model Reference
A message filter. An undefined or empty filter will match all messages.
Reply properties
The number of sent messages.
type
INT
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/jms-topic/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/jms-topic/index.html
new file mode 100644
index 000000000..52d613f4b
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/jms-topic/index.html
@@ -0,0 +1,377 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/legacy-connection-factory/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/legacy-connection-factory/index.html
new file mode 100644
index 000000000..fff956361
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/legacy-connection-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
false
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
discovery-group
STRING
false
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
factory-type
STRING
false
true
GENERIC
The type of connection factory.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
false
Whether the connection factory supports High Availability.
initial-connect-attempts
INT
false
true
1
The number of attempts for the initial connection to the server.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/path/bindings-directory/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/path/bindings-directory/index.html
new file mode 100644
index 000000000..c35a44d9c
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/path/bindings-directory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A filesystem path pointing to one of the locations where ActiveMQ stores persistent data.
Attributes (2)
path The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
Attribute
Value
Default Value
activemq/bindings
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
relative-to
STRING
false
false
jboss.server.data.dir
The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
type
STRING
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/path/journal-directory/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/path/journal-directory/index.html
new file mode 100644
index 000000000..222bbd68f
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/path/journal-directory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A filesystem path pointing to one of the locations where ActiveMQ stores persistent data.
Attributes (2)
path The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
Attribute
Value
Default Value
activemq/journal
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
relative-to
STRING
false
false
jboss.server.data.dir
The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
type
STRING
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/path/large-messages-directory/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/path/large-messages-directory/index.html
new file mode 100644
index 000000000..2abc867e2
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/path/large-messages-directory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A filesystem path pointing to one of the locations where ActiveMQ stores persistent data.
Attributes (2)
path The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
Attribute
Value
Default Value
activemq/largemessages
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
relative-to
STRING
false
false
jboss.server.data.dir
The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
type
STRING
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/path/paging-directory/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/path/paging-directory/index.html
new file mode 100644
index 000000000..8b7c5a64b
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/path/paging-directory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A filesystem path pointing to one of the locations where ActiveMQ stores persistent data.
Attributes (2)
path The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
Attribute
Value
Default Value
activemq/paging
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
relative-to The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
The actual filesystem path. Treated as an absolute path, unless the 'relative-to' attribute is specified, in which case the value is treated as relative to that path. If treated as an absolute path, the actual runtime pathname specified by the value of this attribute will be determined as follows: If this value is already absolute, then the value is directly used. Otherwise the runtime pathname is resolved in a system-dependent way. On UNIX systems, a relative pathname is made absolute by resolving it against the current user directory. On Microsoft Windows systems, a relative pathname is made absolute by resolving it against the current directory of the drive named by the pathname, if any; if not, it is resolved against the current user directory.
relative-to
STRING
false
false
jboss.server.data.dir
The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute. The standard paths provided by the system include: jboss.home - the root directory of the JBoss AS distribution, user.home - user's home directory, user.dir - user's current working directory, java.home - java installation directory, jboss.server.base.dir - root directory for an individual server instance, jboss.server.data.dir - directory the server will use for persistent data file storage, jboss.server.log.dir - directory the server will use for log file storage, jboss.server.tmp.dir - directory the server will use for temporary file storage, and jboss.domain.servers.dir - directory under which a host controller will create the working area for individual server instances.
resolve-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
type
STRING
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/pooled-connection-factory/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/pooled-connection-factory/index.html
new file mode 100644
index 000000000..1f87e7019
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/pooled-connection-factory/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allow-local-transactions Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
connection-load-balancing-policy-class-name Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connectors Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
credential-reference Credential (from Credential Store) to authenticate the pooled connection factory
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-allow-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-black-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-block-list instead.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
deserialization-block-list A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
deserialization-white-list A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
Deprecated Since 13.0.0
Deprecated. Use deserialization-allow-list instead.
enlistment-trace Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
entries The jndi names the connection factory should be bound to.
use-jndi Use JNDI to locate the destination for incoming connections
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-local-tx Use a local transaction for incoming sessions
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-topology-for-load-balancing Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
user The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
Name of a class implementing a client-side load balancing policy that a client can use to load balance sessions across different nodes in a cluster.
connection-ttl
LONG
false
true
60000
The connection ttl.
connectors
LIST
true
false
Defines the connectors. These are stored in a map by connector name (with an undefined value). It is possible to pass a list of connector names when writing this attribute.
consumer-max-rate
INT
false
true
-1
The consumer max rate.
consumer-window-size
INT
false
true
1048576
The consumer window size.
credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate the pooled connection factory
deserialization-allow-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-black-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-block-list
LIST
false
true
A list of class names (separated by whitespaces) that are not allowed to be used in serialization of Jakarta Messaging ObjectMessage.
deserialization-white-list
LIST
false
true
A list of class names (separated by whitespaces) that are allowed to be used in serialization of Jakarta Messaging ObjectMessage.
discovery-group
STRING
false
false
The discovery group name.
dups-ok-batch-size
INT
false
true
1048576
The dups ok batch size.
enlistment-trace
BOOLEAN
false
true
Enables IronJacamar to record enlistment traces for this pooled-connection-factory. This attribute is undefined by default and the behaviour is driven by the presence of the ironjacamar.disable_enlistment_trace system property.
entries
LIST
true
true
The jndi names the connection factory should be bound to.
failover-on-initial-connection
BOOLEAN
false
true
false
True to fail over on initial connection.
group-id
STRING
false
true
The group id.
ha
BOOLEAN
false
true
false
Whether the connection factory supports High Availability.
initial-connect-attempts
INT
false
true
1
The number of attempts to connect initially with this factory.
initial-message-packet-size
INT
false
true
1500
The initial size of messages created through this factory.
managed-connection-pool
STRING
false
true
The class name of the managed connection pool used by this pooled-connection-factory.
max-pool-size
INT
false
true
20
The maximum size for the pool
max-retry-interval
LONG
false
true
2000
The max retry interval.
min-large-message-size
INT
false
true
102400
The min large message size.
min-pool-size
INT
false
true
0
The minimum size for the pool
password
STRING
false
true
The default password to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
pre-acknowledge
BOOLEAN
false
true
false
True to pre-acknowledge.
producer-max-rate
INT
false
true
-1
The producer max rate.
producer-window-size
INT
false
true
65536
The producer window size.
protocol-manager-factory
STRING
false
false
The protocol manager factory used by this pooled connection factory.
reconnect-attempts
INT
false
true
-1
The reconnect attempts. By default, a pooled connection factory will try to reconnect infinitely to the messaging server(s).
retry-interval
LONG
false
true
2000
The retry interval.
retry-interval-multiplier
DOUBLE
false
true
1.0
The retry interval multiplier.
scheduled-thread-pool-max-size
INT
false
true
5
The scheduled thread pool max size.
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled.
thread-pool-max-size
INT
false
true
30
The thread pool max size.
transaction
STRING
false
true
xa
The type of transaction supported by this pooled connection factory (can be LOCAL, NONE or XA, default is XA).
transaction-batch-size
INT
false
true
1048576
The transaction batch size.
use-auto-recovery
BOOLEAN
false
true
true
True to use auto recovery.
use-global-pools
BOOLEAN
false
true
true
True to use global pools.
use-topology-for-load-balancing
BOOLEAN
false
true
true
Whether to use topology information from the cluster to connect to it. If set to 'false', only the initial connector will be used.
user
STRING
false
true
The default username to use with this connection factory. This is only needed when pointing the connection factory to a remote host.
jndi-params
STRING
false
true
The JNDI params to use for locating the destination for incoming connections.
rebalance-connections
BOOLEAN
false
true
false
Rebalance inbound connections when cluster topology changes.
setup-attempts
INT
false
true
The number of times to set up an MDB endpoint
setup-interval
LONG
false
true
The interval between attempts at setting up an MDB endpoint.
use-jndi
BOOLEAN
false
true
Use JNDI to locate the destination for incoming connections
use-local-tx
BOOLEAN
false
true
Use a local transaction for incoming sessions
allow-local-transactions
BOOLEAN
false
true
false
Allow local transactions for outbond Jakarta Messaging Sessions (it does not apply to JMSContext that explicitly disallows it).
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/queue/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/queue/index.html
new file mode 100644
index 000000000..3091ab605
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/queue/index.html
@@ -0,0 +1,219 @@
+ WildFly Full 29 Model Reference
A message filter. An undefined or empty filter will match all messages.
Reply properties
The number of sent messages.
type
INT
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/remote-acceptor/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/remote-acceptor/index.html
new file mode 100644
index 000000000..5b47fb528
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/remote-acceptor/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/remote-connector/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/remote-connector/index.html
new file mode 100644
index 000000000..e6f3b5581
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/remote-connector/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/runtime-queue/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/runtime-queue/index.html
new file mode 100644
index 000000000..1d70b1365
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/runtime-queue/index.html
@@ -0,0 +1,219 @@
+ WildFly Full 29 Model Reference
A message filter. An undefined or empty filter will match all messages.
Reply properties
The number of sent messages.
type
INT
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/security-setting/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/security-setting/index.html
new file mode 100644
index 000000000..dfc878f3b
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/security-setting/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/security-setting/role/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/security-setting/role/index.html
new file mode 100644
index 000000000..666192efb
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/security-setting/role/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/socket-broadcast-group/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/socket-broadcast-group/index.html
new file mode 100644
index 000000000..beb00690e
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/socket-broadcast-group/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/server/socket-discovery-group/index.html b/latest/wildscribe/subsystem/messaging-activemq/server/socket-discovery-group/index.html
new file mode 100644
index 000000000..cddad6e00
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/server/socket-discovery-group/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
initial-wait-timeout Period, in ms, to wait for an initial broadcast to give us at least one node in the cluster.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
refresh-timeout Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
Period, in ms, to wait for an initial broadcast to give us at least one node in the cluster.
refresh-timeout
LONG
false
true
10000
Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/messaging-activemq/socket-discovery-group/index.html b/latest/wildscribe/subsystem/messaging-activemq/socket-discovery-group/index.html
new file mode 100644
index 000000000..0b874d351
--- /dev/null
+++ b/latest/wildscribe/subsystem/messaging-activemq/socket-discovery-group/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
initial-wait-timeout Period, in ms, to wait for an initial broadcast to give us at least one node in the cluster.
Attribute
Value
Default Value
10000
Type
LONG
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
refresh-timeout Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
Period, in ms, to wait for an initial broadcast to give us at least one node in the cluster.
refresh-timeout
LONG
false
true
10000
Period the discovery group waits after receiving the last broadcast from a particular server before removing that server's connector pair entry from its list.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/metrics/index.html b/latest/wildscribe/subsystem/metrics/index.html
new file mode 100644
index 000000000..f485bfe94
--- /dev/null
+++ b/latest/wildscribe/subsystem/metrics/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/micrometer/index.html b/latest/wildscribe/subsystem/micrometer/index.html
new file mode 100644
index 000000000..c396608cc
--- /dev/null
+++ b/latest/wildscribe/subsystem/micrometer/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/microprofile-config-smallrye/config-source-provider/index.html b/latest/wildscribe/subsystem/microprofile-config-smallrye/config-source-provider/index.html
new file mode 100644
index 000000000..178235851
--- /dev/null
+++ b/latest/wildscribe/subsystem/microprofile-config-smallrye/config-source-provider/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/microprofile-config-smallrye/config-source/index.html b/latest/wildscribe/subsystem/microprofile-config-smallrye/config-source/index.html
new file mode 100644
index 000000000..f5be18ea1
--- /dev/null
+++ b/latest/wildscribe/subsystem/microprofile-config-smallrye/config-source/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
properties Properties configured for this config source and stored directly in WildFly management model.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add Add a Config Source (the source of the configuration is determined by the attributes of the config-source (class to provide a new ConfigSource implementation, properties to store configuration values in WildFly management model, etc.)
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
class
OBJECT
false
false
Class of the config source to load
dir
OBJECT
false
false
Directory that is scanned to config properties for this config source (file names are key, file content are value)
ordinal
INT
false
true
100
Ordinal value for the config source
properties
OBJECT
false
false
Properties configured for this config source and stored directly in WildFly management model.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/microprofile-config-smallrye/index.html b/latest/wildscribe/subsystem/microprofile-config-smallrye/index.html
new file mode 100644
index 000000000..0f832e855
--- /dev/null
+++ b/latest/wildscribe/subsystem/microprofile-config-smallrye/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/microprofile-fault-tolerance-smallrye/index.html b/latest/wildscribe/subsystem/microprofile-fault-tolerance-smallrye/index.html
new file mode 100644
index 000000000..e4dc3f60f
--- /dev/null
+++ b/latest/wildscribe/subsystem/microprofile-fault-tolerance-smallrye/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/microprofile-jwt-smallrye/index.html b/latest/wildscribe/subsystem/microprofile-jwt-smallrye/index.html
new file mode 100644
index 000000000..de951e512
--- /dev/null
+++ b/latest/wildscribe/subsystem/microprofile-jwt-smallrye/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/microprofile-openapi-smallrye/index.html b/latest/wildscribe/subsystem/microprofile-openapi-smallrye/index.html
new file mode 100644
index 000000000..315ae033b
--- /dev/null
+++ b/latest/wildscribe/subsystem/microprofile-openapi-smallrye/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/microprofile-telemetry/index.html b/latest/wildscribe/subsystem/microprofile-telemetry/index.html
new file mode 100644
index 000000000..e63fffbb2
--- /dev/null
+++ b/latest/wildscribe/subsystem/microprofile-telemetry/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/modcluster/index.html b/latest/wildscribe/subsystem/modcluster/index.html
new file mode 100644
index 000000000..531086bb9
--- /dev/null
+++ b/latest/wildscribe/subsystem/modcluster/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configuration and runtime operations for mod_cluster subsystem.
Children (1)
proxy Proxy resource coupled with single Undertow listener (and server) specifying load balancer discovery, its configuration and load balance factor provider. Multiple proxy configuration can be specified.
Operations (2)
add Add the mod_cluster subsystem leaving the server in 'reload-required' state.
remove Remove the mod_cluster subsystem leaving the server in 'reload-required' state.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/modcluster/proxy/index.html b/latest/wildscribe/subsystem/modcluster/proxy/index.html
new file mode 100644
index 000000000..ad7f6eb86
--- /dev/null
+++ b/latest/wildscribe/subsystem/modcluster/proxy/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Proxy resource coupled with single Undertow listener (and server) specifying load balancer discovery, its configuration and load balance factor provider. Multiple proxy configuration can be specified.
auto-enable-contexts If false, the contexts are registered with the reverse proxy as disabled, they need to be enabled manually by 'enable-context' operation or via mod_cluster_manager console (if available).
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
balancer The name of the balancer on the reverse proxy to register with.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
excluded-contexts List of contexts to exclude from registration with the reverse proxies.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
flush-packets Whether to enable packet flushing on the reverse proxy.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
flush-wait Time to wait before flushing packets on the reverse proxy.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
listener The name of Undertow listener that will be registered with the reverse proxy.
max-attempts Maximum number of failover attempts by reverse proxy when sending the request to the backend server.
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
node-timeout Timeout (in seconds) for proxy connections to a node. That is the time mod_cluster will wait for the back-end response before returning an error.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
ping Number of seconds for which to wait for a pong answer to a ping.
Attribute
Value
Default Value
10
Type
INT
Nillable
true
Expressions Allowed
true
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
proxies List of reverse proxies for mod_cluster to register with defined by 'outbound-socket-binding' in 'socket-binding-group'.
status-interval Number of seconds a STATUS message is sent from the application server to the proxy.
Attribute
Value
Default Value
10
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
sticky-session Indicates whether subsequent requests for a given session should be routed to the same node, if possible.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
sticky-session-force Indicates whether the reverse proxy should run an error in the event that the balancer is unable to route a request to the node to which it is stuck. Ignored if sticky sessions are disabled.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
sticky-session-remove Indicates whether the reverse proxy should remove session stickiness in the event that the balancer is unable to route a request to the node to which it is stuck. Ignored if sticky sessions are disabled.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
stop-context-timeout Maximum time to wait for context to process pending requests.
Attribute
Value
Default Value
10
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
ttl Time to live (in seconds) for idle connections above smax.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
worker-timeout Number of seconds to wait for a worker to become available to handle a request.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (15)
add Add a proxy resource requiring an Undertow listener reference leaving the server in 'reload-required' state.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
advertise
BOOLEAN
false
true
true
Whether to enable multicast-based advertise mechanism.
advertise-security-key
STRING
false
true
If specified, reverse proxy advertisements checksums will be verified using this value as a salt.
advertise-socket
STRING
false
true
Name of socket binding to use for the advertise socket.
auto-enable-contexts
BOOLEAN
false
true
true
If false, the contexts are registered with the reverse proxy as disabled, they need to be enabled manually by 'enable-context' operation or via mod_cluster_manager console (if available).
balancer
STRING
false
true
The name of the balancer on the reverse proxy to register with.
excluded-contexts
STRING
false
true
List of contexts to exclude from registration with the reverse proxies.
flush-packets
BOOLEAN
false
true
false
Whether to enable packet flushing on the reverse proxy.
flush-wait
INT
false
true
Time to wait before flushing packets on the reverse proxy.
listener
STRING
true
true
The name of Undertow listener that will be registered with the reverse proxy.
load-balancing-group
STRING
false
true
Name of the load balancing group this node belongs to.
max-attempts
INT
false
true
1
Maximum number of failover attempts by reverse proxy when sending the request to the backend server.
node-timeout
INT
false
true
Timeout (in seconds) for proxy connections to a node. That is the time mod_cluster will wait for the back-end response before returning an error.
ping
INT
false
true
10
Number of seconds for which to wait for a pong answer to a ping.
proxies
LIST
false
false
List of reverse proxies for mod_cluster to register with defined by 'outbound-socket-binding' in 'socket-binding-group'.
proxy-url
STRING
false
true
/
Base URL for MCMP requests.
session-draining-strategy
STRING
false
true
DEFAULT
Session draining strategy used during undeployment of a web application.
smax
INT
false
true
Soft maximum idle connection count for reverse proxy.
socket-timeout
INT
false
true
20
Timeout to wait for the reverse proxy to answer a MCMP message.
ssl-context
STRING
false
true
Reference to the SSLContext to be used by mod_cluster.
status-interval
INT
false
true
10
Number of seconds a STATUS message is sent from the application server to the proxy.
sticky-session
BOOLEAN
false
true
true
Indicates whether subsequent requests for a given session should be routed to the same node, if possible.
sticky-session-remove
BOOLEAN
false
true
false
Indicates whether the reverse proxy should remove session stickiness in the event that the balancer is unable to route a request to the node to which it is stuck. Ignored if sticky sessions are disabled.
sticky-session-force
BOOLEAN
false
true
false
Indicates whether the reverse proxy should run an error in the event that the balancer is unable to route a request to the node to which it is stuck. Ignored if sticky sessions are disabled.
stop-context-timeout
INT
false
true
10
Maximum time to wait for context to process pending requests.
ttl
INT
false
true
Time to live (in seconds) for idle connections above smax.
worker-timeout
INT
false
true
Number of seconds to wait for a worker to become available to handle a request.
add-proxy Add a reverse proxy to the list of proxies to register with.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
host
STRING
true
false
Host of the reverse proxy.
port
INT
true
false
Port of the reverse proxy accepting MCMP commands.
disable Tell reverse proxies that all contexts of the node can't process new requests.
Reply properties
type
BOOLEAN
disable-context Tell reverse proxies that the context can't process new requests.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
virtualhost
STRING
true
false
Name of the virtual host to disable context on.
context
STRING
true
false
Name of the context to disable.
Reply properties
type
BOOLEAN
enable Tell reverse proxies that all contexts on the node are ready to receive requests.
Reply properties
type
BOOLEAN
enable-context Tell reverse proxies that the context is ready to receive requests.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
virtualhost
STRING
true
false
Name of the virtual host to enable context for.
context
STRING
true
false
Name of the context to enable.
Reply properties
type
BOOLEAN
list-proxies List the reverse proxies this node is currently registered with.
read-proxies-info Send an INFO command to the reverse proxies and display the result.
Reply properties
type
LIST
Value Type
STRING
refresh Refresh the node sending a new CONFIG message to the reverse proxies.
remove Remove a proxy resource leaving the server in 'reload-required' state.
remove-proxy Remove the reverse proxy from the list of proxies to register with.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
host
STRING
true
false
Host of the reverse proxy.
port
INT
true
false
Port of the reverse proxy.
reset Reset the node's connection to the reverse proxies.
stop Tell reverse proxies that all contexts on the node can't process requests.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
waittime
INT
false
false
10
Number of seconds for which to wait for sessions to drain before stopping all contexts if session draining is in effect. Negative or zero timeout value will wait indefinitely.
Reply properties
type
BOOLEAN
stop-context Tell reverse proxies that the context can't process requests.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
virtualhost
STRING
true
false
Name of the virtual host to stop the context on.
context
STRING
true
false
Name of the context to stop.
waittime
INT
false
false
10
Number of seconds for which to wait for sessions to drain before stopping the context if session draining is in effect. Negative or zero timeout value will wait indefinitely.
Reply properties
type
BOOLEAN
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/custom-load-metric/index.html b/latest/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/custom-load-metric/index.html
new file mode 100644
index 000000000..a30d8f965
--- /dev/null
+++ b/latest/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/custom-load-metric/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Built-in load metric contributing a value to the overall load factor of a node. The load factors from each metric are aggregated according to their weights.
Attributes (5)
capacity Maximum capacity of the metric used to normalize the load values from a metric which require explicit capacity.
Attribute
Value
Default Value
1.0
Type
DOUBLE
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
class Class name to use to construct a load metric from.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
module Module name from which to load the load metric class.
Attribute
Value
Default Value
org.wildfly.extension.mod_cluster
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
property Properties to apply on a loaded metric instance.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
weight Number indicating the significance of a metric with respect to the other metrics. For example, a metric of weight 2 will have twice the impact on the overall load factor than a metric of weight 1.
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add Add a load metric to the set of load metrics to calculate the load factor from.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
weight
INT
false
true
1
Number indicating the significance of a metric with respect to the other metrics. For example, a metric of weight 2 will have twice the impact on the overall load factor than a metric of weight 1.
capacity
DOUBLE
false
true
1.0
Maximum capacity of the metric used to normalize the load values from a metric which require explicit capacity.
property
OBJECT
false
true
Properties to apply on a loaded metric instance.
class
STRING
true
true
Class name to use to construct a load metric from.
module
STRING
false
true
org.wildfly.extension.mod_cluster
Module name from which to load the load metric class.
remove Remove a load metric from the set of load metrics to calculate the load factor from.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/index.html b/latest/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/index.html
new file mode 100644
index 000000000..b180a0bca
--- /dev/null
+++ b/latest/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configuration and runtime operations for mod_cluster subsystem.
Children (2)
custom-load-metric Custom load metric loaded from a specified Java class contributing a value to the overall load factor of a node. The load factors from each metric are aggregated according to their weights.
load-metric Built-in load metric contributing a value to the overall load factor of a node. The load factors from each metric are aggregated according to their weights.
Attributes (3)
decay The factor by which a historic load values should degrade in significance.
Attribute
Value
Default Value
2.0
Type
DOUBLE
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
history The number of historic (previous) load values to consider in the load balance factor computation.
Attribute
Value
Default Value
9
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
initial-load Initial load within the range [0..100] with which to prepopulate historical values. Used to gradually drive load to the node. Value of 0 prepopulates with full load and value of -1 disables this behavior.
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Min
-1
Max
100
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add Add a dynamic load provider with no load metrics.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
decay
DOUBLE
false
true
2.0
The factor by which a historic load values should degrade in significance.
history
INT
false
true
9
The number of historic (previous) load values to consider in the load balance factor computation.
initial-load
INT
false
true
0
Initial load within the range [0..100] with which to prepopulate historical values. Used to gradually drive load to the node. Value of 0 prepopulates with full load and value of -1 disables this behavior.
remove Remove a dynamic load provider defaulting to simple load provider.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/load-metric/index.html b/latest/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/load-metric/index.html
new file mode 100644
index 000000000..97d94e50a
--- /dev/null
+++ b/latest/wildscribe/subsystem/modcluster/proxy/load-provider/dynamic/load-metric/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Built-in load metric contributing a value to the overall load factor of a node. The load factors from each metric are aggregated according to their weights.
Attributes (4)
capacity Maximum capacity of the metric used to normalize the load values from a metric which require explicit capacity.
Attribute
Value
Default Value
1.0
Type
DOUBLE
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
property Properties to apply on a loaded metric instance.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
type Type of a built-in load metric from the enumerated values.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
Allowed Values
cpu heap sessions receive-traffic send-traffic requests busyness
weight Number indicating the significance of a metric with respect to the other metrics. For example, a metric of weight 2 will have twice the impact on the overall load factor than a metric of weight 1.
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add Add a load metric to the set of load metrics to calculate the load factor from.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
weight
INT
false
true
1
Number indicating the significance of a metric with respect to the other metrics. For example, a metric of weight 2 will have twice the impact on the overall load factor than a metric of weight 1.
capacity
DOUBLE
false
true
1.0
Maximum capacity of the metric used to normalize the load values from a metric which require explicit capacity.
property
OBJECT
false
true
Properties to apply on a loaded metric instance.
type
STRING
true
false
Type of a built-in load metric from the enumerated values.
remove Remove a load metric from the set of load metrics to calculate the load factor from.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/modcluster/proxy/load-provider/simple/index.html b/latest/wildscribe/subsystem/modcluster/proxy/load-provider/simple/index.html
new file mode 100644
index 000000000..4b1ba5c0e
--- /dev/null
+++ b/latest/wildscribe/subsystem/modcluster/proxy/load-provider/simple/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/naming/binding/index.html b/latest/wildscribe/subsystem/naming/binding/index.html
new file mode 100644
index 000000000..0280c0680
--- /dev/null
+++ b/latest/wildscribe/subsystem/naming/binding/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/naming/index.html b/latest/wildscribe/subsystem/naming/index.html
new file mode 100644
index 000000000..2925fd337
--- /dev/null
+++ b/latest/wildscribe/subsystem/naming/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/naming/service/remote-naming/index.html b/latest/wildscribe/subsystem/naming/service/remote-naming/index.html
new file mode 100644
index 000000000..08d54b0f3
--- /dev/null
+++ b/latest/wildscribe/subsystem/naming/service/remote-naming/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/opentelemetry/index.html b/latest/wildscribe/subsystem/opentelemetry/index.html
new file mode 100644
index 000000000..a89356ec1
--- /dev/null
+++ b/latest/wildscribe/subsystem/opentelemetry/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/pojo/index.html b/latest/wildscribe/subsystem/pojo/index.html
new file mode 100644
index 000000000..119d8142c
--- /dev/null
+++ b/latest/wildscribe/subsystem/pojo/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/remoting/configuration/endpoint/index.html b/latest/wildscribe/subsystem/remoting/configuration/endpoint/index.html
new file mode 100644
index 000000000..d11be387e
--- /dev/null
+++ b/latest/wildscribe/subsystem/remoting/configuration/endpoint/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The child resource for configuring the remoting endpoint is deprecated. Use the attributes on the parent resource to configure the remoting endpoint.
Endpoint configuration
Attributes (18)
auth-realm The authentication realm to use if no authentication CallbackHandler is specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-retries Specify the number of times a client is allowed to retry authentication before closing the connection.
Attribute
Value
Default Value
3
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
authorize-id The SASL authorization ID. Used as authentication user name to use if no authentication CallbackHandler is specified and the selected SASL mechanism demands a user name.
heartbeat-interval The interval to use for connection heartbeat, in milliseconds. If the connection is idle in the outbound direction for this amount of time, a ping message will be sent, which will trigger a corresponding reply message.
Attribute
Value
Default Value
60000
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-inbound-channels The maximum number of inbound channels to support for a connection.
Attribute
Value
Default Value
40
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-inbound-message-size The maximum inbound message size to be allowed. Messages exceeding this size will cause an exception to be thrown on the reading side as well as the writing side.
Attribute
Value
Default Value
9223372036854775807
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-inbound-messages The maximum number of concurrent inbound messages on a channel.
Attribute
Value
Default Value
80
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-outbound-channels The maximum number of outbound channels to support for a connection.
Attribute
Value
Default Value
40
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-outbound-message-size The maximum outbound message size to send. No messages larger than this well be transmitted; attempting to do so will cause an exception on the writing side.
Attribute
Value
Default Value
9223372036854775807
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-outbound-messages The maximum number of concurrent outbound messages on a channel.
Attribute
Value
Default Value
65535
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
receive-buffer-size The size of the largest buffer that this endpoint will accept over a connection.
Attribute
Value
Default Value
8192
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
receive-window-size The maximum window size of the receive direction for connection channels, in bytes.
Attribute
Value
Default Value
131072
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
sasl-protocol Where a SaslServer or SaslClient are created by default the protocol specified it 'remoting', this can be used to override this.
Attribute
Value
Default Value
remote
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
send-buffer-size The size of the largest buffer that this endpoint will transmit over a connection.
Attribute
Value
Default Value
8192
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
server-name The server side of the connection passes it's name to the client in the initial greeting, by default the name is automatically discovered from the local address of the connection or it can be overridden using this.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
transmit-window-size The maximum window size of the transmit direction for connection channels, in bytes.
The authentication realm to use if no authentication CallbackHandler is specified.
authentication-retries
INT
false
true
3
Specify the number of times a client is allowed to retry authentication before closing the connection.
authorize-id
STRING
false
true
The SASL authorization ID. Used as authentication user name to use if no authentication CallbackHandler is specified and the selected SASL mechanism demands a user name.
buffer-region-size
INT
false
true
The size of allocated buffer regions.
heartbeat-interval
INT
false
true
60000
The interval to use for connection heartbeat, in milliseconds. If the connection is idle in the outbound direction for this amount of time, a ping message will be sent, which will trigger a corresponding reply message.
max-inbound-channels
INT
false
true
40
The maximum number of inbound channels to support for a connection.
max-inbound-message-size
LONG
false
true
9223372036854775807
The maximum inbound message size to be allowed. Messages exceeding this size will cause an exception to be thrown on the reading side as well as the writing side.
max-inbound-messages
INT
false
true
80
The maximum number of concurrent inbound messages on a channel.
max-outbound-channels
INT
false
true
40
The maximum number of outbound channels to support for a connection.
max-outbound-message-size
LONG
false
true
9223372036854775807
The maximum outbound message size to send. No messages larger than this well be transmitted; attempting to do so will cause an exception on the writing side.
max-outbound-messages
INT
false
true
65535
The maximum number of concurrent outbound messages on a channel.
receive-buffer-size
INT
false
true
8192
The size of the largest buffer that this endpoint will accept over a connection.
receive-window-size
INT
false
true
131072
The maximum window size of the receive direction for connection channels, in bytes.
sasl-protocol
STRING
false
true
remote
Where a SaslServer or SaslClient are created by default the protocol specified it 'remoting', this can be used to override this.
send-buffer-size
INT
false
true
8192
The size of the largest buffer that this endpoint will transmit over a connection.
server-name
STRING
false
true
The server side of the connection passes it's name to the client in the initial greeting, by default the name is automatically discovered from the local address of the connection or it can be overridden using this.
transmit-window-size
INT
false
true
131072
The maximum window size of the transmit direction for connection channels, in bytes.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/remoting/connector/index.html b/latest/wildscribe/subsystem/remoting/connector/index.html
new file mode 100644
index 000000000..2455d149a
--- /dev/null
+++ b/latest/wildscribe/subsystem/remoting/connector/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/remoting/connector/property/index.html b/latest/wildscribe/subsystem/remoting/connector/property/index.html
new file mode 100644
index 000000000..c9492d2cc
--- /dev/null
+++ b/latest/wildscribe/subsystem/remoting/connector/property/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/remoting/connector/security/sasl/index.html b/latest/wildscribe/subsystem/remoting/connector/security/sasl/index.html
new file mode 100644
index 000000000..6339fba54
--- /dev/null
+++ b/latest/wildscribe/subsystem/remoting/connector/security/sasl/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
include-mechanisms The optional nested "include-mechanisms" element contains a list of allowed SASL mechanism names. Only mechanisms that are present in this list will be allowed.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
qop The optional nested "qop" element contains a list of quality-of-protection values, in decreasing order of preference.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
reuse-session The optional nested "reuse-session" boolean element specifies whether or not the server should attempt to reuse previously authenticated session information. The mechanism may or may not support such reuse, and other factors may also prevent it.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
server-auth The optional nested "server-auth" boolean element specifies whether the server should authenticate to the client. Not all mechanisms may support this setting.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
strength The optional nested "strength" element contains a list of cipher strength values, in decreasing order of preference.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Adds the SASL authentication configuration for its connector
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
include-mechanisms
LIST
false
false
The optional nested "include-mechanisms" element contains a list of allowed SASL mechanism names. Only mechanisms that are present in this list will be allowed.
qop
LIST
false
false
The optional nested "qop" element contains a list of quality-of-protection values, in decreasing order of preference.
reuse-session
BOOLEAN
false
true
false
The optional nested "reuse-session" boolean element specifies whether or not the server should attempt to reuse previously authenticated session information. The mechanism may or may not support such reuse, and other factors may also prevent it.
server-auth
BOOLEAN
false
true
false
The optional nested "server-auth" boolean element specifies whether the server should authenticate to the client. Not all mechanisms may support this setting.
strength
LIST
false
false
The optional nested "strength" element contains a list of cipher strength values, in decreasing order of preference.
remove Removes the SASL authentication configuration for its connector
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/remoting/connector/security/sasl/property/index.html b/latest/wildscribe/subsystem/remoting/connector/security/sasl/property/index.html
new file mode 100644
index 000000000..a46d12ea3
--- /dev/null
+++ b/latest/wildscribe/subsystem/remoting/connector/security/sasl/property/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/remoting/connector/security/sasl/sasl-policy/policy/index.html b/latest/wildscribe/subsystem/remoting/connector/security/sasl/sasl-policy/policy/index.html
new file mode 100644
index 000000000..75d3c75d9
--- /dev/null
+++ b/latest/wildscribe/subsystem/remoting/connector/security/sasl/sasl-policy/policy/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
forward-secrecy The optional nested "forward-secrecy" element contains a boolean value which specifies whether mechanisms that implement forward secrecy between sessions are required. Forward secrecy means that breaking into one session will not automatically provide information for breaking into future sessions.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
no-active The optional nested "no-active" element contains a boolean value which specifies whether mechanisms susceptible to active (non-dictionary) attacks are not permitted. "false" to permit, "true" to deny.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
no-anonymous The optional nested "no-anonymous" element contains a boolean value which specifies whether mechanisms that accept anonymous login are permitted. "false" to permit, "true" to deny.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
no-dictionary The optional nested "no-dictionary" element contains a boolean value which specifies whether mechanisms susceptible to passive dictionary attacks are permitted. "false" to permit, "true" to deny.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
no-plain-text The optional nested "no-plain-text" element contains a boolean value which specifies whether mechanisms susceptible to simple plain passive attacks (e.g., "PLAIN") are not permitted. "false" to permit, "true" to deny.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
pass-credentials The optional nested "pass-credentials" element contains a boolean value which specifies whether mechanisms that pass client credentials are required.
The optional nested "forward-secrecy" element contains a boolean value which specifies whether mechanisms that implement forward secrecy between sessions are required. Forward secrecy means that breaking into one session will not automatically provide information for breaking into future sessions.
no-active
BOOLEAN
false
true
true
The optional nested "no-active" element contains a boolean value which specifies whether mechanisms susceptible to active (non-dictionary) attacks are not permitted. "false" to permit, "true" to deny.
no-anonymous
BOOLEAN
false
true
true
The optional nested "no-anonymous" element contains a boolean value which specifies whether mechanisms that accept anonymous login are permitted. "false" to permit, "true" to deny.
no-dictionary
BOOLEAN
false
true
true
The optional nested "no-dictionary" element contains a boolean value which specifies whether mechanisms susceptible to passive dictionary attacks are permitted. "false" to permit, "true" to deny.
no-plain-text
BOOLEAN
false
true
true
The optional nested "no-plain-text" element contains a boolean value which specifies whether mechanisms susceptible to simple plain passive attacks (e.g., "PLAIN") are not permitted. "false" to permit, "true" to deny.
pass-credentials
BOOLEAN
false
true
true
The optional nested "pass-credentials" element contains a boolean value which specifies whether mechanisms that pass client credentials are required.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/remoting/http-connector/index.html b/latest/wildscribe/subsystem/remoting/http-connector/index.html
new file mode 100644
index 000000000..ee76ad671
--- /dev/null
+++ b/latest/wildscribe/subsystem/remoting/http-connector/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/remoting/http-connector/property/index.html b/latest/wildscribe/subsystem/remoting/http-connector/property/index.html
new file mode 100644
index 000000000..44a6cfb65
--- /dev/null
+++ b/latest/wildscribe/subsystem/remoting/http-connector/property/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/remoting/http-connector/security/sasl/index.html b/latest/wildscribe/subsystem/remoting/http-connector/security/sasl/index.html
new file mode 100644
index 000000000..79fc3c929
--- /dev/null
+++ b/latest/wildscribe/subsystem/remoting/http-connector/security/sasl/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
include-mechanisms The optional nested "include-mechanisms" element contains a list of allowed SASL mechanism names. Only mechanisms that are present in this list will be allowed.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
qop The optional nested "qop" element contains a list of quality-of-protection values, in decreasing order of preference.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
reuse-session The optional nested "reuse-session" boolean element specifies whether or not the server should attempt to reuse previously authenticated session information. The mechanism may or may not support such reuse, and other factors may also prevent it.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
server-auth The optional nested "server-auth" boolean element specifies whether the server should authenticate to the client. Not all mechanisms may support this setting.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
strength The optional nested "strength" element contains a list of cipher strength values, in decreasing order of preference.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
Operations (2)
add Adds the SASL authentication configuration for its connector
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
include-mechanisms
LIST
false
false
The optional nested "include-mechanisms" element contains a list of allowed SASL mechanism names. Only mechanisms that are present in this list will be allowed.
qop
LIST
false
false
The optional nested "qop" element contains a list of quality-of-protection values, in decreasing order of preference.
reuse-session
BOOLEAN
false
true
false
The optional nested "reuse-session" boolean element specifies whether or not the server should attempt to reuse previously authenticated session information. The mechanism may or may not support such reuse, and other factors may also prevent it.
server-auth
BOOLEAN
false
true
false
The optional nested "server-auth" boolean element specifies whether the server should authenticate to the client. Not all mechanisms may support this setting.
strength
LIST
false
false
The optional nested "strength" element contains a list of cipher strength values, in decreasing order of preference.
remove Removes the SASL authentication configuration for its connector
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/remoting/http-connector/security/sasl/property/index.html b/latest/wildscribe/subsystem/remoting/http-connector/security/sasl/property/index.html
new file mode 100644
index 000000000..3794d3da5
--- /dev/null
+++ b/latest/wildscribe/subsystem/remoting/http-connector/security/sasl/property/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/remoting/http-connector/security/sasl/sasl-policy/policy/index.html b/latest/wildscribe/subsystem/remoting/http-connector/security/sasl/sasl-policy/policy/index.html
new file mode 100644
index 000000000..8d08cb41d
--- /dev/null
+++ b/latest/wildscribe/subsystem/remoting/http-connector/security/sasl/sasl-policy/policy/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
forward-secrecy The optional nested "forward-secrecy" element contains a boolean value which specifies whether mechanisms that implement forward secrecy between sessions are required. Forward secrecy means that breaking into one session will not automatically provide information for breaking into future sessions.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
no-active The optional nested "no-active" element contains a boolean value which specifies whether mechanisms susceptible to active (non-dictionary) attacks are not permitted. "false" to permit, "true" to deny.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
no-anonymous The optional nested "no-anonymous" element contains a boolean value which specifies whether mechanisms that accept anonymous login are permitted. "false" to permit, "true" to deny.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
no-dictionary The optional nested "no-dictionary" element contains a boolean value which specifies whether mechanisms susceptible to passive dictionary attacks are permitted. "false" to permit, "true" to deny.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
no-plain-text The optional nested "no-plain-text" element contains a boolean value which specifies whether mechanisms susceptible to simple plain passive attacks (e.g., "PLAIN") are not permitted. "false" to permit, "true" to deny.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
pass-credentials The optional nested "pass-credentials" element contains a boolean value which specifies whether mechanisms that pass client credentials are required.
The optional nested "forward-secrecy" element contains a boolean value which specifies whether mechanisms that implement forward secrecy between sessions are required. Forward secrecy means that breaking into one session will not automatically provide information for breaking into future sessions.
no-active
BOOLEAN
false
true
true
The optional nested "no-active" element contains a boolean value which specifies whether mechanisms susceptible to active (non-dictionary) attacks are not permitted. "false" to permit, "true" to deny.
no-anonymous
BOOLEAN
false
true
true
The optional nested "no-anonymous" element contains a boolean value which specifies whether mechanisms that accept anonymous login are permitted. "false" to permit, "true" to deny.
no-dictionary
BOOLEAN
false
true
true
The optional nested "no-dictionary" element contains a boolean value which specifies whether mechanisms susceptible to passive dictionary attacks are permitted. "false" to permit, "true" to deny.
no-plain-text
BOOLEAN
false
true
true
The optional nested "no-plain-text" element contains a boolean value which specifies whether mechanisms susceptible to simple plain passive attacks (e.g., "PLAIN") are not permitted. "false" to permit, "true" to deny.
pass-credentials
BOOLEAN
false
true
true
The optional nested "pass-credentials" element contains a boolean value which specifies whether mechanisms that pass client credentials are required.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/remoting/index.html b/latest/wildscribe/subsystem/remoting/index.html
new file mode 100644
index 000000000..7ba26df8c
--- /dev/null
+++ b/latest/wildscribe/subsystem/remoting/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
auth-realm The authentication realm to use if no authentication CallbackHandler is specified.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-retries Specify the number of times a client is allowed to retry authentication before closing the connection.
Attribute
Value
Default Value
3
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
authorize-id The SASL authorization ID. Used as authentication user name to use if no authentication CallbackHandler is specified and the selected SASL mechanism demands a user name.
heartbeat-interval The interval to use for connection heartbeat, in milliseconds. If the connection is idle in the outbound direction for this amount of time, a ping message will be sent, which will trigger a corresponding reply message.
Attribute
Value
Default Value
60000
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-inbound-channels The maximum number of inbound channels to support for a connection.
Attribute
Value
Default Value
40
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-inbound-message-size The maximum inbound message size to be allowed. Messages exceeding this size will cause an exception to be thrown on the reading side as well as the writing side.
Attribute
Value
Default Value
9223372036854775807
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-inbound-messages The maximum number of concurrent inbound messages on a channel.
Attribute
Value
Default Value
80
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-outbound-channels The maximum number of outbound channels to support for a connection.
Attribute
Value
Default Value
40
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-outbound-message-size The maximum outbound message size to send. No messages larger than this well be transmitted; attempting to do so will cause an exception on the writing side.
Attribute
Value
Default Value
9223372036854775807
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-outbound-messages The maximum number of concurrent outbound messages on a channel.
Attribute
Value
Default Value
65535
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
receive-buffer-size The size of the largest buffer that this endpoint will accept over a connection.
Attribute
Value
Default Value
8192
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
receive-window-size The maximum window size of the receive direction for connection channels, in bytes.
Attribute
Value
Default Value
131072
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
sasl-protocol Where a SaslServer or SaslClient are created by default the protocol specified it 'remoting', this can be used to override this.
Attribute
Value
Default Value
remote
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
send-buffer-size The size of the largest buffer that this endpoint will transmit over a connection.
Attribute
Value
Default Value
8192
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
server-name The server side of the connection passes it's name to the client in the initial greeting, by default the name is automatically discovered from the local address of the connection or it can be overridden using this.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
transmit-window-size The maximum window size of the transmit direction for connection channels, in bytes.
The number of read threads to create for the remoting worker.
worker-task-core-threads
INT
false
true
The number of core threads for the remoting worker task thread pool.
worker-task-keepalive
INT
false
true
The number of milliseconds to keep non-core remoting worker task threads alive.
worker-task-limit
INT
false
true
The maximum number of remoting worker tasks to allow before rejecting.
worker-task-max-threads
INT
false
true
The maximum number of threads for the remoting worker task thread pool.
worker-write-threads
INT
false
true
The number of write threads to create for the remoting worker.
auth-realm
STRING
false
true
The authentication realm to use if no authentication CallbackHandler is specified.
authentication-retries
INT
false
true
3
Specify the number of times a client is allowed to retry authentication before closing the connection.
authorize-id
STRING
false
true
The SASL authorization ID. Used as authentication user name to use if no authentication CallbackHandler is specified and the selected SASL mechanism demands a user name.
buffer-region-size
INT
false
true
The size of allocated buffer regions.
heartbeat-interval
INT
false
true
60000
The interval to use for connection heartbeat, in milliseconds. If the connection is idle in the outbound direction for this amount of time, a ping message will be sent, which will trigger a corresponding reply message.
max-inbound-channels
INT
false
true
40
The maximum number of inbound channels to support for a connection.
max-inbound-message-size
LONG
false
true
9223372036854775807
The maximum inbound message size to be allowed. Messages exceeding this size will cause an exception to be thrown on the reading side as well as the writing side.
max-inbound-messages
INT
false
true
80
The maximum number of concurrent inbound messages on a channel.
max-outbound-channels
INT
false
true
40
The maximum number of outbound channels to support for a connection.
max-outbound-message-size
LONG
false
true
9223372036854775807
The maximum outbound message size to send. No messages larger than this well be transmitted; attempting to do so will cause an exception on the writing side.
max-outbound-messages
INT
false
true
65535
The maximum number of concurrent outbound messages on a channel.
receive-buffer-size
INT
false
true
8192
The size of the largest buffer that this endpoint will accept over a connection.
receive-window-size
INT
false
true
131072
The maximum window size of the receive direction for connection channels, in bytes.
sasl-protocol
STRING
false
true
remote
Where a SaslServer or SaslClient are created by default the protocol specified it 'remoting', this can be used to override this.
send-buffer-size
INT
false
true
8192
The size of the largest buffer that this endpoint will transmit over a connection.
server-name
STRING
false
true
The server side of the connection passes it's name to the client in the initial greeting, by default the name is automatically discovered from the local address of the connection or it can be overridden using this.
transmit-window-size
INT
false
true
131072
The maximum window size of the transmit direction for connection channels, in bytes.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/remoting/local-outbound-connection/index.html b/latest/wildscribe/subsystem/remoting/local-outbound-connection/index.html
new file mode 100644
index 000000000..a3f3f3977
--- /dev/null
+++ b/latest/wildscribe/subsystem/remoting/local-outbound-connection/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Adds a local:// URI scheme based outbound connection.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
outbound-socket-binding-ref
STRING
true
true
Name of the outbound-socket-binding which will be used to determine the destination address and port for the connection.
remove Removes a local:// URI scheme based outbound connection.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/remoting/local-outbound-connection/property/index.html b/latest/wildscribe/subsystem/remoting/local-outbound-connection/property/index.html
new file mode 100644
index 000000000..847068b09
--- /dev/null
+++ b/latest/wildscribe/subsystem/remoting/local-outbound-connection/property/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/remoting/outbound-connection/index.html b/latest/wildscribe/subsystem/remoting/outbound-connection/index.html
new file mode 100644
index 000000000..e6734a8de
--- /dev/null
+++ b/latest/wildscribe/subsystem/remoting/outbound-connection/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
uri The connection URI for the outbound connection.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add Adds a generic URI based remoting outbound connection.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
uri
STRING
true
true
The connection URI for the outbound connection.
remove Removes a generic URI based remoting outbound connection.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/remoting/outbound-connection/property/index.html b/latest/wildscribe/subsystem/remoting/outbound-connection/property/index.html
new file mode 100644
index 000000000..04f4d21ac
--- /dev/null
+++ b/latest/wildscribe/subsystem/remoting/outbound-connection/property/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/remoting/remote-outbound-connection/index.html b/latest/wildscribe/subsystem/remoting/remote-outbound-connection/index.html
new file mode 100644
index 000000000..ea95b9245
--- /dev/null
+++ b/latest/wildscribe/subsystem/remoting/remote-outbound-connection/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/remoting/remote-outbound-connection/property/index.html b/latest/wildscribe/subsystem/remoting/remote-outbound-connection/property/index.html
new file mode 100644
index 000000000..e4ebe8874
--- /dev/null
+++ b/latest/wildscribe/subsystem/remoting/remote-outbound-connection/property/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/request-controller/index.html b/latest/wildscribe/subsystem/request-controller/index.html
new file mode 100644
index 000000000..3768e9811
--- /dev/null
+++ b/latest/wildscribe/subsystem/request-controller/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
active-requests The number of requests that are currently running on the server.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
metric
max-requests The maximum number of all types of requests that can be running on a server at a time. Once this limit is hit, any new requests will be rejected.
Attribute
Value
Default Value
-1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
track-individual-endpoints If this is true, requests are tracked at an endpoint level, which will allow individual deployments to be suspended.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/resource-adapters/index.html b/latest/wildscribe/subsystem/resource-adapters/index.html
new file mode 100644
index 000000000..c23a6b539
--- /dev/null
+++ b/latest/wildscribe/subsystem/resource-adapters/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/resource-adapters/resource-adapter/admin-objects/config-properties/index.html b/latest/wildscribe/subsystem/resource-adapters/resource-adapter/admin-objects/config-properties/index.html
new file mode 100644
index 000000000..be9713ce6
--- /dev/null
+++ b/latest/wildscribe/subsystem/resource-adapters/resource-adapter/admin-objects/config-properties/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/resource-adapters/resource-adapter/admin-objects/index.html b/latest/wildscribe/subsystem/resource-adapters/resource-adapter/admin-objects/index.html
new file mode 100644
index 000000000..44d2bd3a4
--- /dev/null
+++ b/latest/wildscribe/subsystem/resource-adapters/resource-adapter/admin-objects/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/resource-adapters/resource-adapter/config-properties/index.html b/latest/wildscribe/subsystem/resource-adapters/resource-adapter/config-properties/index.html
new file mode 100644
index 000000000..d6dfaf033
--- /dev/null
+++ b/latest/wildscribe/subsystem/resource-adapters/resource-adapter/config-properties/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/resource-adapters/resource-adapter/connection-definitions/config-properties/index.html b/latest/wildscribe/subsystem/resource-adapters/resource-adapter/connection-definitions/config-properties/index.html
new file mode 100644
index 000000000..be15b7d77
--- /dev/null
+++ b/latest/wildscribe/subsystem/resource-adapters/resource-adapter/connection-definitions/config-properties/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/resource-adapters/resource-adapter/connection-definitions/index.html b/latest/wildscribe/subsystem/resource-adapters/resource-adapter/connection-definitions/index.html
new file mode 100644
index 000000000..28083ffca
--- /dev/null
+++ b/latest/wildscribe/subsystem/resource-adapters/resource-adapter/connection-definitions/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allocation-retry The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
allocation-retry-wait-millis The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-context The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
authentication-context-and-application Indicates that either application-supplied parameters, such as from getConnection(user, pw), or Subject (provided by Elytron after authenticating using configured authentication-context), are used to distinguish connections in the pool.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
background-validation An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value requires a server restart.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
background-validation-millis The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value requires a server restart.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
blocking-timeout-wait-millis The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time.
class-name Specifies the fully qualified class name of a managed connection factory or admin object.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
connectable Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
elytron-enabled Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
Deprecated Since 6.1.0
Elytron is enabled by default and this field is ignored.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enabled Specifies if the resource adapter should be enabled.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enlistment Defines if lazy enlistment should be used if supported by the resource adapter.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enlistment-trace Defines if WildFly/IronJacamar should record enlistment traces.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
flush-strategy Specifies how the pool should be flushed in case of an error.
idle-timeout-minutes Specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value requires a server restart.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
MINUTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
initial-pool-size Specifies the initial number of connections a pool should hold.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
interleaving An element to enable interleaving for XA connections.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
jndi-name Specifies the JNDI name for the connection factory.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-pool-size Specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool.
Attribute
Value
Default Value
20
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
mcp Defines the ManagedConnectionPool implementation. For example: org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
min-pool-size Specifies the minimum number of connections for a pool.
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
no-recovery Specifies if the connection pool should be excluded from recovery.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
no-tx-separate-pool Oracle does not like XA connections getting used both inside and outside a JTA transaction. To workaround the problem you can create separate sub-pools for the different contexts.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
pad-xid Specifies whether the Xid should be padded.
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
same-rm-override Using this attribute, you can unconditionally set whether javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-application Indicates that application-supplied parameters, such as from getConnection(user, pw), are used to distinguish connections in the pool.
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-domain Specifies the PicketBox security domain which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-domain-and-application Indicates that either application-supplied parameters, such as from getConnection(user, pw) are used to distinguish connections in the pool.
Deprecated Since 6.1.0
PicketBox is no longer supported. Use Elytron configuration instead.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
sharable Enable the use of sharable connections, which allows lazy association to be enabled if supported.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
tracking Defines if IronJacamar should track connection handles across transaction boundaries.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-ccm Enable the use of a cached connection manager.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-fast-fail Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false).
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-java-context Setting this to false will bind the object into global JNDI.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
validate-on-match This specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
wrap-xa-resource Specifies whether XAResource instances should be wrapped in an org.jboss.tm.XAResourceWrapper instance.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
xa-resource-timeout The value is passed to XAResource.setTransactionTimeout(), in seconds.
The allocation retry element indicates the number of times that allocating a connection should be tried before throwing an exception.
allocation-retry-wait-millis
LONG
false
true
The allocation retry wait millis element specifies the amount of time, in milliseconds, to wait between retrying to allocate a connection.
authentication-context
STRING
false
false
The Elytron authentication context which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
authentication-context-and-application
STRING
false
false
Indicates that either application-supplied parameters, such as from getConnection(user, pw), or Subject (provided by Elytron after authenticating using configured authentication-context), are used to distinguish connections in the pool.
background-validation
BOOLEAN
false
true
An element to specify that connections should be validated on a background thread versus being validated prior to use. Changing this value requires a server restart.
background-validation-millis
LONG
false
true
The background-validation-millis element specifies the amount of time, in milliseconds, that background validation will run. Changing this value requires a server restart.
blocking-timeout-wait-millis
LONG
false
true
The blocking-timeout-millis element specifies the maximum time, in milliseconds, to block while waiting for a connection before throwing an exception. Note that this blocks only while waiting for locking a connection, and will never throw an exception if creating a new connection takes an inordinately long time.
capacity-decrementer-class
STRING
false
true
Class defining the policy for decrementing connections in the pool.
capacity-decrementer-properties
OBJECT
false
true
Properties to inject in class defining the policy for decrementing connections in the pool.
capacity-incrementer-class
STRING
false
true
Class defining the policy for incrementing connections in the pool.
capacity-incrementer-properties
OBJECT
false
true
Properties to inject in class defining the policy for incrementing connections in the pool.
class-name
STRING
true
true
Specifies the fully qualified class name of a managed connection factory or admin object.
connectable
BOOLEAN
false
true
false
Enable the use of CMR. This feature means that a local resource can reliably participate in an XA transaction.
elytron-enabled
BOOLEAN
false
true
false
Enables Elytron security for handling authentication of connections. The Elytron authentication-context to be used will be current context if no context is specified (see authentication-context).
enabled
BOOLEAN
false
true
true
Specifies if the resource adapter should be enabled.
enlistment
BOOLEAN
false
true
true
Defines if lazy enlistment should be used if supported by the resource adapter.
enlistment-trace
BOOLEAN
false
true
false
Defines if WildFly/IronJacamar should record enlistment traces.
flush-strategy
STRING
false
true
FailingConnectionOnly
Specifies how the pool should be flushed in case of an error.
idle-timeout-minutes
LONG
false
true
Specifies the maximum time, in minutes, a connection may be idle before being closed. The actual maximum time depends also on the IdleRemover scan time, which is half of the smallest idle-timeout-minutes value of any pool. Changing this value requires a server restart.
initial-pool-size
INT
false
true
Specifies the initial number of connections a pool should hold.
interleaving
BOOLEAN
false
true
false
An element to enable interleaving for XA connections.
jndi-name
STRING
true
true
Specifies the JNDI name for the connection factory.
max-pool-size
INT
false
true
20
Specifies the maximum number of connections for a pool. No more connections will be created in each sub-pool.
mcp
STRING
false
true
Defines the ManagedConnectionPool implementation. For example: org.jboss.jca.core.connectionmanager.pool.mcp.SemaphoreArrayListManagedConnectionPool.
min-pool-size
INT
false
true
0
Specifies the minimum number of connections for a pool.
no-recovery
BOOLEAN
false
true
false
Specifies if the connection pool should be excluded from recovery.
no-tx-separate-pool
BOOLEAN
false
true
false
Oracle does not like XA connections getting used both inside and outside a JTA transaction. To workaround the problem you can create separate sub-pools for the different contexts.
pad-xid
BOOLEAN
false
true
false
Specifies whether the Xid should be padded.
pool-fair
BOOLEAN
false
true
true
Defines if pool use should be fair.
pool-prefill
BOOLEAN
false
true
false
Specifies if the pool should be prefilled. Changing this value requires a server restart.
pool-use-strict-min
BOOLEAN
false
true
false
Specifies if the min-pool-size should be considered strict.
recovery-authentication-context
STRING
false
false
The Elytron authentication context used for recovery (current authentication-context will be used if unspecified).
recovery-credential-reference
OBJECT
false
false
Credential (from Credential Store) to authenticate on recovery connection
recovery-elytron-enabled
BOOLEAN
false
true
false
Indicates that an Elytron authentication context will be used for recovery.
recovery-password
STRING
false
true
The password used for recovery.
recovery-plugin-class-name
STRING
false
true
The fully qualified class name of the recovery plugin implementation.
recovery-plugin-properties
OBJECT
false
true
The properties for the recovery plugin.
recovery-security-domain
STRING
false
true
The PicketBox security domain used for recovery.
recovery-username
STRING
false
true
The user name used for recovery.
same-rm-override
BOOLEAN
false
true
Using this attribute, you can unconditionally set whether javax.transaction.xa.XAResource.isSameRM(XAResource) returns true or false.
security-application
BOOLEAN
false
true
false
Indicates that application-supplied parameters, such as from getConnection(user, pw), are used to distinguish connections in the pool.
security-domain
STRING
false
true
Specifies the PicketBox security domain which defines the javax.security.auth.Subject that is used to distinguish connections in the pool.
security-domain-and-application
STRING
false
true
Indicates that either application-supplied parameters, such as from getConnection(user, pw) are used to distinguish connections in the pool.
sharable
BOOLEAN
false
true
true
Enable the use of sharable connections, which allows lazy association to be enabled if supported.
tracking
BOOLEAN
false
true
Defines if IronJacamar should track connection handles across transaction boundaries.
use-ccm
BOOLEAN
false
true
true
Enable the use of a cached connection manager.
use-fast-fail
BOOLEAN
false
true
false
Whether to fail a connection allocation on the first try if it is invalid (true) or keep trying until the pool is exhausted of all potential connections (false).
use-java-context
BOOLEAN
false
true
true
Setting this to false will bind the object into global JNDI.
validate-on-match
BOOLEAN
false
true
This specifies if connection validation should be done when a connection factory attempts to match a managed connection. This is typically exclusive to the use of background validation.
wrap-xa-resource
BOOLEAN
false
true
true
Specifies whether XAResource instances should be wrapped in an org.jboss.tm.XAResourceWrapper instance.
xa-resource-timeout
INT
false
true
The value is passed to XAResource.setTransactionTimeout(), in seconds.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/resource-adapters/resource-adapter/index.html b/latest/wildscribe/subsystem/resource-adapters/resource-adapter/index.html
new file mode 100644
index 000000000..9263c37dd
--- /dev/null
+++ b/latest/wildscribe/subsystem/resource-adapters/resource-adapter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
beanvalidationgroups Specifies the Jakarta Bean Validation groups that should be used.
Attribute
Value
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
bootstrap-context Specifies the unique name of the bootstrap context that should be used.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
module Specifies the module from which resource adapter will be loaded
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
statistics-enabled Define whether runtime statistics are enabled or not.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
transaction-support Specifies the transaction support level of the resource adapter. This attribute allows expressions, but only simple expressions resolved from environment variables or system properties are supported. Nested expressions and resolution from vaults or credential stores are not supported.
wm-security-domain Defines the name of the PicketBox security domain that should be used.
Deprecated Since 6.1.0
PicketBox security domains are not supported in servers running the current version of the datasources subsystem. Use 'authentication-context' to configure Elytron security
activate Force the resource adapter config activation without server reload.
add Add a new resource adapter. At least one of ARCHIVE or MODULE is required.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
archive
STRING
false
false
Specifies the resource adapter archive.
beanvalidationgroups
LIST
false
true
Specifies the Jakarta Bean Validation groups that should be used.
bootstrap-context
STRING
false
true
Specifies the unique name of the bootstrap context that should be used.
module
STRING
false
false
Specifies the module from which resource adapter will be loaded
statistics-enabled
BOOLEAN
false
true
false
Define whether runtime statistics are enabled or not.
transaction-support
STRING
false
true
Specifies the transaction support level of the resource adapter. This attribute allows expressions, but only simple expressions resolved from environment variables or system properties are supported. Nested expressions and resolution from vaults or credential stores are not supported.
wm-elytron-security-domain
STRING
false
true
Defines the name of the Elytron security domain that should be used.
wm-security
BOOLEAN
false
true
false
Toggle on/off wm.security for this resource adapter. In case of false all wm-security-* parameters are ignored, even the defaults.
wm-security-default-groups
LIST
false
true
Defines a default groups list that should be added to the used Subject instance.
wm-security-default-principal
STRING
false
true
Defines a default principal name that should be added to the used Subject instance.
wm-security-domain
STRING
false
true
other
Defines the name of the PicketBox security domain that should be used.
wm-security-mapping-groups
LIST
false
false
List of groups mappings.
wm-security-mapping-required
BOOLEAN
false
true
false
Defines if a mapping is required for security credentials.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/rts/index.html b/latest/wildscribe/subsystem/rts/index.html
new file mode 100644
index 000000000..e9207643d
--- /dev/null
+++ b/latest/wildscribe/subsystem/rts/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/sar/index.html b/latest/wildscribe/subsystem/sar/index.html
new file mode 100644
index 000000000..b5fd8cb4a
--- /dev/null
+++ b/latest/wildscribe/subsystem/sar/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/security-manager/deployment-permissions/default/index.html b/latest/wildscribe/subsystem/security-manager/deployment-permissions/default/index.html
new file mode 100644
index 000000000..97877bd08
--- /dev/null
+++ b/latest/wildscribe/subsystem/security-manager/deployment-permissions/default/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/security-manager/index.html b/latest/wildscribe/subsystem/security-manager/index.html
new file mode 100644
index 000000000..c4858a689
--- /dev/null
+++ b/latest/wildscribe/subsystem/security-manager/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
+
+
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/singleton/index.html b/latest/wildscribe/subsystem/singleton/index.html
new file mode 100644
index 000000000..3f379bdb3
--- /dev/null
+++ b/latest/wildscribe/subsystem/singleton/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/singleton/singleton-policy/deployment/index.html b/latest/wildscribe/subsystem/singleton/singleton-policy/deployment/index.html
new file mode 100644
index 000000000..1f7688d0e
--- /dev/null
+++ b/latest/wildscribe/subsystem/singleton/singleton-policy/deployment/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Attributes (3)
is-primary Indicates whether the local member is the primary provider of this singleton deployment
Attribute
Value
Type
BOOLEAN
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
primary-provider The primary provider of this singleton deployment
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
providers The members on which the singleton deployment is installed
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/singleton/singleton-policy/election-policy/random/index.html b/latest/wildscribe/subsystem/singleton/singleton-policy/election-policy/random/index.html
new file mode 100644
index 000000000..1ef139396
--- /dev/null
+++ b/latest/wildscribe/subsystem/singleton/singleton-policy/election-policy/random/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/singleton/singleton-policy/election-policy/simple/index.html b/latest/wildscribe/subsystem/singleton/singleton-policy/election-policy/simple/index.html
new file mode 100644
index 000000000..51fe12185
--- /dev/null
+++ b/latest/wildscribe/subsystem/singleton/singleton-policy/election-policy/simple/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/singleton/singleton-policy/index.html b/latest/wildscribe/subsystem/singleton/singleton-policy/index.html
new file mode 100644
index 000000000..392d20261
--- /dev/null
+++ b/latest/wildscribe/subsystem/singleton/singleton-policy/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/singleton/singleton-policy/service/index.html b/latest/wildscribe/subsystem/singleton/singleton-policy/service/index.html
new file mode 100644
index 000000000..52b7ebf74
--- /dev/null
+++ b/latest/wildscribe/subsystem/singleton/singleton-policy/service/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
providers The members on which the singleton service is installed
Attribute
Value
Type
LIST
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/transactions/commit-markable-resource/index.html b/latest/wildscribe/subsystem/transactions/commit-markable-resource/index.html
new file mode 100644
index 000000000..d757011b7
--- /dev/null
+++ b/latest/wildscribe/subsystem/transactions/commit-markable-resource/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures a datasource to be considered by the transaction manager as a CMR resource. CMR is a non-XA database resource that can reliably participate in an XA transaction.
Attributes (4)
batch-size Configures number of ids placed within 'in' clause of the SQL query 'DELETE FROM ... WHERE xid in (...)' when periodic recovery processes the CMR database table garbage collection. When some garbage is left in the CMR database table after deletion another SQL delete is run during the next recovery cycle. When 'immediate-cleanup' is used this configuration has no big impact as the periodic recovery finds each time an empty CMR database table.
Attribute
Value
Default Value
100
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
immediate-cleanup Immediate cleanup of ids associated with this CMR resource after the end of the transaction. When set to false the garbage collection of the ids is processed by periodic recovery.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
jndi-name A JNDI name of the non-XA datasource which is made to be a CMR resource for the purpose of transaction manager participant handling. The datasource is required to be marked as 'connectable=true'.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
false
Storage
configuration
Access Type
read-only
name Defines the database table name used for storing ids associated with this CMR resource. The default value for naming the database table is 'xids'.
Configures number of ids placed within 'in' clause of the SQL query 'DELETE FROM ... WHERE xid in (...)' when periodic recovery processes the CMR database table garbage collection. When some garbage is left in the CMR database table after deletion another SQL delete is run during the next recovery cycle. When 'immediate-cleanup' is used this configuration has no big impact as the periodic recovery finds each time an empty CMR database table.
immediate-cleanup
BOOLEAN
false
true
true
Immediate cleanup of ids associated with this CMR resource after the end of the transaction. When set to false the garbage collection of the ids is processed by periodic recovery.
name
STRING
false
true
xids
Defines the database table name used for storing ids associated with this CMR resource. The default value for naming the database table is 'xids'.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/transactions/index.html b/latest/wildscribe/subsystem/transactions/index.html
new file mode 100644
index 000000000..6cb9c9769
--- /dev/null
+++ b/latest/wildscribe/subsystem/transactions/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
commit-markable-resource Configures a datasource to be considered by the transaction manager as a CMR resource. CMR is a non-XA database resource that can reliably participate in an XA transaction.
log-store Representation of the transaction logging storage mechanism.
log-store Representation of the transaction logging storage mechanism.
average-commit-time The average time of transaction commit, measured from the moment the client calls commit until the transaction manager determines that the commit attempt was successful.
Attribute
Value
Type
LONG
Nillable
true
Expressions Allowed
false
Unit
NANOSECONDS
Storage
runtime
Access Type
metric
default-timeout The default timeout, in seconds, for a new transaction started by the transaction manager (see also the 'maximum-timeout' attribute).
Attribute
Value
Default Value
300
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-statistics Whether transaction statistics should be gathered.
Deprecated Since 2.0.0
Use statistics-enabled.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
enable-tsm-status Set to 'true' to enable the transaction status manager (TSM) service (used for out of process recovery). When 'true' the application server binds to the socket defined by the 'status-socket-binding' attribute.
jdbc-action-store-drop-table If set to true then the jdbc-action-store table will be dropped during application server startup.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
jvm
jdbc-action-store-table-prefix Optional prefix for the name of the database table used for writing transaction log records of the action store type.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
jvm
jdbc-communication-store-drop-table If set to true then the jdbc-communication-store table will be dropped during application server startup.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
jvm
jdbc-communication-store-table-prefix Optional prefix for the name of the database table used for writing transaction log records of the communication store type.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
jvm
jdbc-state-store-drop-table If set to true then the jdbc-state-store table will be dropped during application server startup.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
jvm
jdbc-state-store-table-prefix Optional prefix for the name of the database table used for writing transaction log records of the state store type.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
jvm
jdbc-store-datasource The JNDI name of a non-XA datasource (i.e. one whose 'jta' attribute is set to false) to be used for the JDBC store. The datasource must be defined in the datasources subsystem.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
jvm
journal-store-enable-async-io Whether AsyncIO should be enabled for the journal store. When true, the transaction manager will use the native aio (POSIX asynchronous I/O) libraries provided by the platform, if available. Applicable only when use-journal-store is set true.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
jvm
jts If true, this enables the Java Transaction Service (JTS). If JTS is enabled then the transactions attribute of the 'iiop-openjdk' subsystem must be set to 'full'. This setting changes the internal mechanisms used in the transaction manager. It has no impact on the user working with JTA API.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
jvm
maximum-timeout If the 'default-timeout' attribute is zero then this value is used for setting the maximum timeout value (in seconds) for newly started transactions.
Attribute
Value
Default Value
31536000
Type
INT
Nillable
true
Expressions Allowed
true
Min
300
Max
2,147,483,647
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
node-identifier Used to set the node identifier. Each Xid that the transaction manager creates will have this identifier encoded within it and ensures the transaction manager will only recover branches which match the specified identifier. It is imperative that this identifier is unique between application server instances which share either an object store or access common resource managers.
number-of-application-rollbacks The number of transactions that have been rolled back by application request. This includes those that timeout, since the timeout behavior is considered an attribute of the application configuration.
object-store-path Denotes a path where the transaction manager object store should store data. By default the value is treated as relative to the path denoted by the 'relative-to' attribute. When the 'relative-to' attribute is undefined the value is considered an absolute path. This setting is valid when default or journal store is used. It's not used when the jdbc journal store is used.
Attribute
Value
Default Value
tx-object-store
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
object-store-relative-to References a global path configuration in the domain model, defaulting to the application server data directory (jboss.server.data.dir). The value of the 'object-store-path' attribute will be treated as relative to this path. Undefine this attribute to disable the default behavior and force the value of the 'object-store-path' attribute to be treated as an absolute path.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
process-id-socket-binding The name of the socket binding to use if the transaction manager should use a socket-based generation of transaction id. Will be 'undefined' if 'process-id-uuid' is 'true'; otherwise must be set.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
process-id-socket-max-ports The maximum number of ports to search for an open port if the transaction manager should use a socket-based generation of transaction id. If the port specified by the socket binding referenced in 'process-id-socket-binding' is occupied, the next higher port will be tried until an open port is found or the number of ports specified by this attribute have been tried. Will be 'undefined' if 'process-id-uuid' is 'true'.
Attribute
Value
Default Value
10
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
process-id-uuid Indicates a strategy used for obtaining a unique identifier needed for creation of transaction instances. When true then the transaction manager generates the transaction id based on process id (PID). When set to false then the transaction manager generates the transaction id based on the referenced socket binding, i.e. the attribute 'process-id-socket-binding' is required.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
recovery-listener Used to specify if the recovery system should listen on a network socket or not. When true the application server binds to a socket at the port defined by the 'socket-binding' attribute. When the recovery listener is activated the user can remotely control the recovery manager.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
socket-binding References an existing socket binding that the transaction manager will listen on for recovery requests.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
stale-transaction-time The time for which transaction that contains remote enlistments is held in memory after it is being completed.
Attribute
Value
Default Value
600
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
statistics-enabled Whether transaction statistics should be gathered. The statistics are available by reading subsystem attributes prefixed with 'number-' and within the 'average-commit-time' attribute.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
status-socket-binding References an existing socket binding that the transaction manager will listen on for transaction status requests.
Attribute
Value
Type
STRING
Nillable
false
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
use-hornetq-store Use the journal store for writing transaction logs. Set to true to enable and to false to use the default log store type. The default log store is normally one file system file per transaction log.It's alternative to jdbc based store.
Deprecated Since 3.0.0
Use use-journal-store.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
jvm
use-jdbc-store Use the jdbc store for writing transaction logs. Data is saved in the database indicated by the 'jdbc-store-datasource' attribute. Set to true to enable. Note that the server will not boot if both 'use-journal-store' and 'use-jdbc-store' attributes are set to true. If both are set to false then the default filesystem based store will be used.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
jvm
use-journal-store Use the journal store for writing transaction logs. The journal store consists of one file for all the transactions. Set to true to enable. Note that the server will not boot if both 'use-journal-store' and 'use-jdbc-store' attributes are set to true. If both are set to false then the default filesystem based store will be used.
The default timeout, in seconds, for a new transaction started by the transaction manager (see also the 'maximum-timeout' attribute).
enable-statistics
BOOLEAN
false
true
false
Whether transaction statistics should be gathered.
enable-tsm-status
BOOLEAN
false
true
false
Set to 'true' to enable the transaction status manager (TSM) service (used for out of process recovery). When 'true' the application server binds to the socket defined by the 'status-socket-binding' attribute.
hornetq-store-enable-async-io
BOOLEAN
false
true
false
Whether AsyncIO should be enabled for the journal store.
jdbc-action-store-drop-table
BOOLEAN
false
true
false
If set to true then the jdbc-action-store table will be dropped during application server startup.
jdbc-action-store-table-prefix
STRING
false
true
Optional prefix for the name of the database table used for writing transaction log records of the action store type.
jdbc-communication-store-drop-table
BOOLEAN
false
true
false
If set to true then the jdbc-communication-store table will be dropped during application server startup.
jdbc-communication-store-table-prefix
STRING
false
true
Optional prefix for the name of the database table used for writing transaction log records of the communication store type.
jdbc-state-store-drop-table
BOOLEAN
false
true
false
If set to true then the jdbc-state-store table will be dropped during application server startup.
jdbc-state-store-table-prefix
STRING
false
true
Optional prefix for the name of the database table used for writing transaction log records of the state store type.
jdbc-store-datasource
STRING
false
true
The JNDI name of a non-XA datasource (i.e. one whose 'jta' attribute is set to false) to be used for the JDBC store. The datasource must be defined in the datasources subsystem.
journal-store-enable-async-io
BOOLEAN
false
true
false
Whether AsyncIO should be enabled for the journal store. When true, the transaction manager will use the native aio (POSIX asynchronous I/O) libraries provided by the platform, if available. Applicable only when use-journal-store is set true.
jts
BOOLEAN
false
false
false
If true, this enables the Java Transaction Service (JTS). If JTS is enabled then the transactions attribute of the 'iiop-openjdk' subsystem must be set to 'full'. This setting changes the internal mechanisms used in the transaction manager. It has no impact on the user working with JTA API.
maximum-timeout
INT
false
true
31536000
If the 'default-timeout' attribute is zero then this value is used for setting the maximum timeout value (in seconds) for newly started transactions.
node-identifier
STRING
false
true
1
Used to set the node identifier. Each Xid that the transaction manager creates will have this identifier encoded within it and ensures the transaction manager will only recover branches which match the specified identifier. It is imperative that this identifier is unique between application server instances which share either an object store or access common resource managers.
object-store-path
STRING
false
true
tx-object-store
Denotes a path where the transaction manager object store should store data. By default the value is treated as relative to the path denoted by the 'relative-to' attribute. When the 'relative-to' attribute is undefined the value is considered an absolute path. This setting is valid when default or journal store is used. It's not used when the jdbc journal store is used.
object-store-relative-to
STRING
false
true
References a global path configuration in the domain model, defaulting to the application server data directory (jboss.server.data.dir). The value of the 'object-store-path' attribute will be treated as relative to this path. Undefine this attribute to disable the default behavior and force the value of the 'object-store-path' attribute to be treated as an absolute path.
process-id-socket-binding
STRING
true
true
The name of the socket binding to use if the transaction manager should use a socket-based generation of transaction id. Will be 'undefined' if 'process-id-uuid' is 'true'; otherwise must be set.
process-id-socket-max-ports
INT
false
true
10
The maximum number of ports to search for an open port if the transaction manager should use a socket-based generation of transaction id. If the port specified by the socket binding referenced in 'process-id-socket-binding' is occupied, the next higher port will be tried until an open port is found or the number of ports specified by this attribute have been tried. Will be 'undefined' if 'process-id-uuid' is 'true'.
process-id-uuid
BOOLEAN
false
false
false
Indicates a strategy used for obtaining a unique identifier needed for creation of transaction instances. When true then the transaction manager generates the transaction id based on process id (PID). When set to false then the transaction manager generates the transaction id based on the referenced socket binding, i.e. the attribute 'process-id-socket-binding' is required.
recovery-listener
BOOLEAN
false
true
false
Used to specify if the recovery system should listen on a network socket or not. When true the application server binds to a socket at the port defined by the 'socket-binding' attribute. When the recovery listener is activated the user can remotely control the recovery manager.
socket-binding
STRING
true
true
References an existing socket binding that the transaction manager will listen on for recovery requests.
stale-transaction-time
INT
false
true
600
The time for which transaction that contains remote enlistments is held in memory after it is being completed.
statistics-enabled
BOOLEAN
false
true
false
Whether transaction statistics should be gathered. The statistics are available by reading subsystem attributes prefixed with 'number-' and within the 'average-commit-time' attribute.
status-socket-binding
STRING
true
true
References an existing socket binding that the transaction manager will listen on for transaction status requests.
use-hornetq-store
BOOLEAN
false
false
false
Use the journal store for writing transaction logs. Set to true to enable and to false to use the default log store type. The default log store is normally one file system file per transaction log.It's alternative to jdbc based store.
use-jdbc-store
BOOLEAN
false
false
false
Use the jdbc store for writing transaction logs. Data is saved in the database indicated by the 'jdbc-store-datasource' attribute. Set to true to enable. Note that the server will not boot if both 'use-journal-store' and 'use-jdbc-store' attributes are set to true. If both are set to false then the default filesystem based store will be used.
use-journal-store
BOOLEAN
false
false
false
Use the journal store for writing transaction logs. The journal store consists of one file for all the transactions. Set to true to enable. Note that the server will not boot if both 'use-journal-store' and 'use-jdbc-store' attributes are set to true. If both are set to false then the default filesystem based store will be used.
resolve-object-store-path Resolves a relative path of a previously named paths or one of the standard paths provided by the system.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
relative-to-only
BOOLEAN
false
false
Indicates whether only the relative-to attribute should be resolved or the full path should be resolved. The default is false meaning the entire path will be resolved.
Reply properties
The resolved path from the relative path attribute.
type
STRING
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/transactions/log-store/log-store/index.html b/latest/wildscribe/subsystem/transactions/log-store/log-store/index.html
new file mode 100644
index 000000000..6772a486d
--- /dev/null
+++ b/latest/wildscribe/subsystem/transactions/log-store/log-store/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Representation of the transaction logging storage mechanism.
Children (1)
transactions Represents a snapshot of the persistent information that the transaction manager stores for the purpose of recovering a transaction in the event of failure. Loading the information from the object store is provided by a 'probe' operation. The 'probe' operation flushes the existing data from the model and loads a new snapshot from the object store. The transactions model lists the transactions and provides operations to work with them. After probing, the model is updated to include information about the state of incomplete transactions. A 'stuck' transaction (one that is unable to finish) will remain in the model until either it is completed or explicitly removed using the 'delete' operation.
Attributes (2)
expose-all-logs Configures the behaviour of the probe operation. When true then all transaction log records are exposed. By default only a subset of the transaction log is exposed.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
runtime
Access Type
read-write
Restart Required
no-services
type Read-only attribute that specifies the implementation type of the logging store. The possible values are default, journal and jdbc.
Attribute
Value
Default Value
default
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
Operations (3)
add Add a representation of the transaction logging storage mechanism.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
type
STRING
false
false
default
Read-only attribute that specifies the implementation type of the logging store. The possible values are default, journal and jdbc.
probe Scan the content of the transaction log and load this snapshot as content of the model under log-store resource. This operation will create a child for each pending transaction with sub-resources representing transaction participants.
remove Remove a representation of the transaction logging storage mechanism.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/transactions/log-store/log-store/transactions/index.html b/latest/wildscribe/subsystem/transactions/log-store/log-store/transactions/index.html
new file mode 100644
index 000000000..4ca11a2b2
--- /dev/null
+++ b/latest/wildscribe/subsystem/transactions/log-store/log-store/transactions/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
The persistent information that the transaction manager stores for the purpose of recovering a transaction in the event of failure. The probe operation will add and remove transactions from the model as the corresponding real transactions start and finish the prepare and commit phases. A stuck transaction will remain in the model until either it is completed or explicitly removed by the delete operation.
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Children (1)
participants The resources that did work in a transaction.
Attributes (4)
age-in-seconds The time since this transaction was prepared or when the recovery system last tried to recover it.
type The type name under which this record is stored.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
Operations (1)
delete Remove this transaction record from the transaction log. This means removing all participant records which are part of the transaction and calling XAResource.forget on all these participants (if possible). WARNING after this operation is executed the transaction manager will have no knowledge of the transaction and will therefore never be able to recover it. If you are sure that the transaction is complete then the operation is safe. The representation of the transaction log is removed from the model too.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/transactions/log-store/log-store/transactions/participants/index.html b/latest/wildscribe/subsystem/transactions/log-store/log-store/transactions/participants/index.html
new file mode 100644
index 000000000..3e47b2d8d
--- /dev/null
+++ b/latest/wildscribe/subsystem/transactions/log-store/log-store/transactions/participants/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
status Reports the commitment status of this participant (can be one of Pending, Prepared, Failed, Heuristic or Readonly).
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
Allowed Values
PENDING PREPARED FAILED HEURISTIC READONLY
type The type name under which this record is stored.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-only
Operations (3)
delete Attempt to remove this participant from its containing transaction log. If the participant is an XA resource an attempt will be made to call forget on the actual resource and if the forget call fails then the remove operation will also fail.
recover If this record is in a heuristic state then attempt to replay the commit phase of the 2PC transaction. It switches the 'HEURISTIC' participant status to 'PREPARED', the operation does not immediately start the recovery process but the recovery manager will consider this participant with 'PREPARED' status in the next cycle.
refresh Refresh the management view of the attributes of this participant record by querying the transaction log which will update the snapshot view loaded in the model. Note that the model contains only a snapshot view of the transactions from time the probe was executed, not the real-time data from the transaction log, hence the need for this refresh operation.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/application-security-domain/index.html b/latest/wildscribe/subsystem/undertow/application-security-domain/index.html
new file mode 100644
index 000000000..0cf6ce691
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/application-security-domain/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add a new application referenced security domain mapping.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
enable-jacc
BOOLEAN
false
false
false
Enable authorization using Jakarta Authorization
enable-jaspi
BOOLEAN
false
true
true
Enable JASPI authentication for the associated deployments.
http-authentication-factory
STRING
true
false
The HTTP Authentication Factory to be used by deployments that reference the mapped security domain.
integrated-jaspi
BOOLEAN
false
true
true
Whether integrated JASPI should be used. If 'false', an ad hoc identity will be created instead.
override-deployment-config
BOOLEAN
false
false
false
Should the authentication configuration in the deployment be overridden by the factory.
security-domain
STRING
true
false
The SecurityDomain to be used by deployments that reference the mapped security domain.
remove Remove the application referenced security domain mapping.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/application-security-domain/setting/single-sign-on/index.html b/latest/wildscribe/subsystem/undertow/application-security-domain/setting/single-sign-on/index.html
new file mode 100644
index 000000000..c852a207d
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/application-security-domain/setting/single-sign-on/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/buffer-cache/index.html b/latest/wildscribe/subsystem/undertow/buffer-cache/index.html
new file mode 100644
index 000000000..b88910ee3
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/buffer-cache/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/byte-buffer-pool/index.html b/latest/wildscribe/subsystem/undertow/byte-buffer-pool/index.html
new file mode 100644
index 000000000..a2ad97ab0
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/byte-buffer-pool/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
A byte buffer pool used for IO operations, this provides the same capabilities as the buffer pool from the IO subsystem, so they can be used interchangeably and must have a unique name. This buffer pool allows for more precise configuration of the total amount of retained memory than the IO subsystem.
direct If this is true the buffer pool will use direct buffers, this is recommended for best performance
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
leak-detection-percent The percentage of buffers that will be allocated with a leak detector. This should only be larger than zero if you are experiencing issues with buffers leaking.
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-pool-size The maximum amount of buffers to keep in the pool. If more buffers are required at runtime they will be allocated dynamically. Setting this to zero effectively disables pooling.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
all-services
thread-local-cache-size The maximum number of buffers to cache on each thread. The actual number may be lower depending on the calculated usage pattern.
If this is true the buffer pool will use direct buffers, this is recommended for best performance
leak-detection-percent
INT
false
true
0
The percentage of buffers that will be allocated with a leak detector. This should only be larger than zero if you are experiencing issues with buffers leaking.
max-pool-size
INT
false
true
The maximum amount of buffers to keep in the pool. If more buffers are required at runtime they will be allocated dynamically. Setting this to zero effectively disables pooling.
thread-local-cache-size
INT
false
true
12
The maximum number of buffers to cache on each thread. The actual number may be lower depending on the calculated usage pattern.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/filter/custom-filter/index.html b/latest/wildscribe/subsystem/undertow/configuration/filter/custom-filter/index.html
new file mode 100644
index 000000000..49f26c508
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/filter/custom-filter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/filter/error-page/index.html b/latest/wildscribe/subsystem/undertow/configuration/filter/error-page/index.html
new file mode 100644
index 000000000..07d013a37
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/filter/error-page/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/filter/expression-filter/index.html b/latest/wildscribe/subsystem/undertow/configuration/filter/expression-filter/index.html
new file mode 100644
index 000000000..68de01348
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/filter/expression-filter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/filter/gzip/index.html b/latest/wildscribe/subsystem/undertow/configuration/filter/gzip/index.html
new file mode 100644
index 000000000..2cf657786
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/filter/gzip/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/filter/index.html b/latest/wildscribe/subsystem/undertow/configuration/filter/index.html
new file mode 100644
index 000000000..3e633b146
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/filter/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/none/index.html b/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/none/index.html
new file mode 100644
index 000000000..19b51b225
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/none/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Web requests will not have an affinity for any particular server, routing information will be ignored. Intended for use cases where web session state is not maintained within the application server.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/ranked/index.html b/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/ranked/index.html
new file mode 100644
index 000000000..ea4dc4671
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/ranked/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Web requests will have an affinity for the first available node in a list typically comprised of: primary owner, backup nodes, local node (if not a primary nor backup owner).
Attributes (1)
delimiter The delimiter used to separate ranked routes within the session ID.
The delimiter used to separate ranked routes within the session ID.
remove Remove ranked routing support, defaulting to single routing.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/single/index.html b/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/single/index.html
new file mode 100644
index 000000000..67ccd4c83
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/affinity/single/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove Removes single routing resource, however, retaining this as implicit default behavior.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/index.html b/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/index.html
new file mode 100644
index 000000000..335706034
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
sticky-session-force If this is true then an error will be returned if the request cannot be routed to the sticky node, otherwise it will be routed to another node
sticky-session-remove Remove the session cookie if the request cannot be routed to the correct host
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
wait-worker The number of seconds to wait for an available worker
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
false
Storage
runtime
Access Type
read-only
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/load-balancing-group/index.html b/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/load-balancing-group/index.html
new file mode 100644
index 000000000..a1726873f
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/load-balancing-group/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Runtime only resource This resource is runtime only and doesn't have any persistent configuration.
Operations (3)
disable-nodes Disables all nodes in the load balancing group
enable-nodes Enables all nodes in the load balancing group
stop-nodes Stops all nodes in the load balancing group
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/node/context/index.html b/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/node/context/index.html
new file mode 100644
index 000000000..c78ae7865
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/node/context/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/node/index.html b/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/node/index.html
new file mode 100644
index 000000000..f91525f2c
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/balancer/node/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/index.html b/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/index.html
new file mode 100644
index 000000000..e07b6ec57
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/filter/mod-cluster/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
affinity Determines how session affinity is handled. Typically used to enable ranked routing support or to disable routing completely.
none Web requests will not have an affinity for any particular server, routing information will be ignored. Intended for use cases where web session state is not maintained within the application server.
ranked Web requests will have an affinity for the first available node in a list typically comprised of: primary owner, backup nodes, local node (if not a primary nor backup owner).
single Web requests have an affinity for the member that last handled a given session. This option corresponds to traditional sticky session behavior.
balancer Runtime representation of a mod_cluster balancer
connection-idle-timeout The amount of time a connection can be idle before it will be closed. Connections will not time out once the pool size is down to the configured minimum (as configured by cached-connections-per-thread)
Attribute
Value
Default Value
60
Type
INT
Nillable
true
Expressions Allowed
true
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
connections-per-thread The number of connections that will be maintained to backend servers, per IO thread.
Attribute
Value
Default Value
40
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enable-http2 If the load balancer should attempt to upgrade back end connections to HTTP2. If HTTP2 is not supported HTTP or HTTPS will be used as normal
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
failover-strategy Determines how a failover node is chosen, in the event that the node to which a session has affinity is not available.
http2-header-table-size The size of the header table used for HPACK compression, in bytes. This amount of memory will be allocated per connection for compression. Larger values use more memory but may give better compression.
Attribute
Value
Default Value
4096
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
http2-initial-window-size The flow control window size that controls how quickly the client can send data to the server
Attribute
Value
Default Value
65535
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
http2-max-concurrent-streams The maximum number of HTTP/2 streams that can be active at any time on a single connection
management-access-predicate A predicate that is applied to incoming requests to determine if they can perform mod cluster management commands. Provides additional security on top of what is provided by limiting management to requests that originate from the management-socket-binding
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
management-socket-binding The socket binding of the mod_cluster management address and port. When using mod_cluster two HTTP listeners should be defined, a public one to handle requests, and one bound to the internal network to handle mod cluster commands. This socket binding should correspond to the internal listener, and should not be publicly accessible.
max-ajp-packet-size The maximum size for AJP packets. Increasing this will allow AJP to work for requests/responses that have a large amount of headers. This is an advanced option, and must be the same between load balancers and backend servers.
Attribute
Value
Default Value
8192
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-request-time The max amount of time that a request to a backend node can take before it is killed
Attribute
Value
Default Value
-1
Type
INT
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-retries The number of times to attempt to retry a request if it fails. Note that if a request is not considered idempotent then it will only be retried if the proxy can be sure it was not sent to the backend server).
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
request-queue-size The number of requests that can be queued if the connection pool is full before requests are rejected with a 503
Attribute
Value
Default Value
1000
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-key The security key that is used for the mod-cluster group. All members must use the same security key.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
security-realm The security realm that provides the SSL configuration
Deprecated Since 4.0.0
Use the ssl-context attribute to reference a configured SSLContext directly.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
ssl-context Reference to the SSLContext to be used by this filter.
The socket binding of the mod_cluster management address and port. When using mod_cluster two HTTP listeners should be defined, a public one to handle requests, and one bound to the internal network to handle mod cluster commands. This socket binding should correspond to the internal listener, and should not be publicly accessible.
advertise-socket-binding
STRING
false
true
The multicast group and port that is used to advertise.
security-key
STRING
false
true
The security key that is used for the mod-cluster group. All members must use the same security key.
advertise-protocol
STRING
false
true
http
The protocol that is in use.
advertise-path
STRING
false
true
/
The path that mod-cluster is registered under.
advertise-frequency
INT
false
true
10000
The frequency (in milliseconds) that mod-cluster advertises itself on the network
failover-strategy
STRING
false
false
LOAD_BALANCED
Determines how a failover node is chosen, in the event that the node to which a session has affinity is not available.
health-check-interval
INT
false
true
10000
The frequency of health check pings to backend nodes
broken-node-timeout
INT
false
true
60000
The amount of time that must elapse before a broken node is removed from the table
worker
STRING
false
true
default
The XNIO worker that is used to send the advertise notifications
max-request-time
INT
false
true
-1
The max amount of time that a request to a backend node can take before it is killed
management-access-predicate
STRING
false
true
A predicate that is applied to incoming requests to determine if they can perform mod cluster management commands. Provides additional security on top of what is provided by limiting management to requests that originate from the management-socket-binding
connections-per-thread
INT
false
true
40
The number of connections that will be maintained to backend servers, per IO thread.
cached-connections-per-thread
INT
false
true
40
The number of connections that will be kept alive indefinitely
connection-idle-timeout
INT
false
true
60
The amount of time a connection can be idle before it will be closed. Connections will not time out once the pool size is down to the configured minimum (as configured by cached-connections-per-thread)
request-queue-size
INT
false
true
1000
The number of requests that can be queued if the connection pool is full before requests are rejected with a 503
security-realm
STRING
false
false
The security realm that provides the SSL configuration
ssl-context
STRING
false
false
Reference to the SSLContext to be used by this filter.
use-alias
BOOLEAN
false
false
false
If an alias check is performed
enable-http2
BOOLEAN
false
false
false
If the load balancer should attempt to upgrade back end connections to HTTP2. If HTTP2 is not supported HTTP or HTTPS will be used as normal
max-ajp-packet-size
INT
false
true
8192
The maximum size for AJP packets. Increasing this will allow AJP to work for requests/responses that have a large amount of headers. This is an advanced option, and must be the same between load balancers and backend servers.
http2-max-header-list-size
INT
false
true
The maximum size of request headers the server is prepared to accept
http2-max-frame-size
INT
false
true
16384
The max HTTP/2 frame size
http2-max-concurrent-streams
INT
false
true
The maximum number of HTTP/2 streams that can be active at any time on a single connection
http2-initial-window-size
INT
false
true
65535
The flow control window size that controls how quickly the client can send data to the server
http2-header-table-size
INT
false
true
4096
The size of the header table used for HPACK compression, in bytes. This amount of memory will be allocated per connection for compression. Larger values use more memory but may give better compression.
http2-enable-push
BOOLEAN
false
true
true
If push should be enabled for HTTP/2 connections
max-retries
INT
false
true
1
The number of times to attempt to retry a request if it fails. Note that if a request is not considered idempotent then it will only be retried if the proxy can be sure it was not sent to the backend server).
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/filter/request-limit/index.html b/latest/wildscribe/subsystem/undertow/configuration/filter/request-limit/index.html
new file mode 100644
index 000000000..67d4edc7e
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/filter/request-limit/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/filter/response-header/index.html b/latest/wildscribe/subsystem/undertow/configuration/filter/response-header/index.html
new file mode 100644
index 000000000..354d81dba
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/filter/response-header/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/filter/rewrite/index.html b/latest/wildscribe/subsystem/undertow/configuration/filter/rewrite/index.html
new file mode 100644
index 000000000..cd347bea5
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/filter/rewrite/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/handler/file/index.html b/latest/wildscribe/subsystem/undertow/configuration/handler/file/index.html
new file mode 100644
index 000000000..549f0a47f
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/handler/file/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/handler/index.html b/latest/wildscribe/subsystem/undertow/configuration/handler/index.html
new file mode 100644
index 000000000..7ac48cb73
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/handler/reverse-proxy/host/index.html b/latest/wildscribe/subsystem/undertow/configuration/handler/reverse-proxy/host/index.html
new file mode 100644
index 000000000..bd5c88985
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/handler/reverse-proxy/host/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
enable-http2 If this is true then the proxy will attempt to use HTTP/2 to connect to the backend. If it is not supported it will fall back to HTTP/1.1.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
all-services
instance-id The instance id (aka JVM route) that will be used to enable sticky sessions
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/configuration/handler/reverse-proxy/index.html b/latest/wildscribe/subsystem/undertow/configuration/handler/reverse-proxy/index.html
new file mode 100644
index 000000000..3bdbecd48
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/configuration/handler/reverse-proxy/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
connection-idle-timeout The amount of time a connection can be idle before it will be closed. Connections will not time out once the pool size is down to the configured minimum (as configured by cached-connections-per-thread)
Attribute
Value
Default Value
60000
Type
INT
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
connections-per-thread The number of connections that will be maintained to backend servers, per IO thread.
Attribute
Value
Default Value
40
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-request-time The maximum time that a proxy request can be active for, before being killed
Attribute
Value
Default Value
-1
Type
INT
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-retries The number of times to attempt to retry a request if it fails. Note that if a request is not considered idempotent then it will only be retried if the proxy can be sure it was not sent to the backend server).
Attribute
Value
Default Value
1
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
problem-server-retry Time in seconds to wait before attempting to reconnect to a server that is down
Attribute
Value
Default Value
30
Type
INT
Nillable
true
Expressions Allowed
true
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
request-queue-size The number of requests that can be queued if the connection pool is full before requests are rejected with a 503
Attribute
Value
Default Value
10
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
session-cookie-names Comma separated list of session cookie names. Generally this will just be JSESSIONID.
The number of connections that will be kept alive indefinitely
connection-idle-timeout
INT
false
true
60000
The amount of time a connection can be idle before it will be closed. Connections will not time out once the pool size is down to the configured minimum (as configured by cached-connections-per-thread)
connections-per-thread
INT
false
true
40
The number of connections that will be maintained to backend servers, per IO thread.
max-request-time
INT
false
true
-1
The maximum time that a proxy request can be active for, before being killed
max-retries
INT
false
true
1
The number of times to attempt to retry a request if it fails. Note that if a request is not considered idempotent then it will only be retried if the proxy can be sure it was not sent to the backend server).
problem-server-retry
INT
false
true
30
Time in seconds to wait before attempting to reconnect to a server that is down
request-queue-size
INT
false
true
10
The number of requests that can be queued if the connection pool is full before requests are rejected with a 503
session-cookie-names
STRING
false
true
JSESSIONID
Comma separated list of session cookie names. Generally this will just be JSESSIONID.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/index.html b/latest/wildscribe/subsystem/undertow/index.html
new file mode 100644
index 000000000..08e7c4a26
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
buffer-cache The buffer cache used to cache static content
byte-buffer-pool A byte buffer pool used for IO operations, this provides the same capabilities as the buffer pool from the IO subsystem, so they can be used interchangeably and must have a unique name. This buffer pool allows for more precise configuration of the total amount of retained memory than the IO subsystem.
instance-id The cluster instance id (defaults to {$jboss.node.name} if undefined)
Attribute
Value
Default Value
${jboss.node.name}
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
obfuscate-session-route Obfuscate the instance-id when routing, thus preventing that data from being sent across connections when serving HTTP requests with the HTTP invoker
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
statistics-enabled Configures if statistics are enabled. Changes take effect on the connector level statistics immediately, deployment level statistics will only be affected after the deployment is redeployed (or the container is reloaded).
The default security domain used by web deployments
default-server
STRING
false
false
default-server
The default server to use for deployments
default-servlet-container
STRING
false
false
default
The default servlet container to use for deployments
default-virtual-host
STRING
false
false
default-host
The default virtual host to use for deployments
instance-id
STRING
false
true
${jboss.node.name}
The cluster instance id (defaults to {$jboss.node.name} if undefined)
obfuscate-session-route
BOOLEAN
false
true
false
Obfuscate the instance-id when routing, thus preventing that data from being sent across connections when serving HTTP requests with the HTTP invoker
statistics-enabled
BOOLEAN
false
true
false
Configures if statistics are enabled. Changes take effect on the connector level statistics immediately, deployment level statistics will only be affected after the deployment is redeployed (or the container is reloaded).
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/server/ajp-listener/index.html b/latest/wildscribe/subsystem/undertow/server/ajp-listener/index.html
new file mode 100644
index 000000000..44c75df57
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/server/ajp-listener/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allow-encoded-slash If a request comes in with encoded / characters (i.e. %2F), will these be decoded.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
allow-equals-in-cookie-value If this is true then Undertow will allow non-escaped equals characters in unquoted cookie values. Unquoted cookie values may not contain equals characters. If present the value ends before the equals sign. The remainder of the cookie value will be dropped.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
allow-unescaped-characters-in-url If this is true Undertow will accept non-encoded characters that are disallowed by the URI specification. This defaults to false, and in general should not be needed as most clients correctly encode characters. Note that setting this to true can be considered a security risk, as allowing non-standard characters can allow request smuggling attacks in some circumstances.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
always-set-keep-alive If this is true then a Connection: keep-alive header will be added to responses, even when it is not strictly required by the specification.
bytes-received The number of bytes that have been received by this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
BYTES
Storage
runtime
Access Type
metric
bytes-sent The number of bytes that have been sent out on this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
BYTES
Storage
runtime
Access Type
metric
decode-url If this is true then the parser will decode the URL and query parameters using the selected character encoding (UTF-8 by default). If this is false they will not be decoded. This will allow a later handler to decode them into whatever charset is desired.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
disallowed-methods A comma separated list of HTTP methods that are not allowed
Enabled attributes are being deprecated, as they cause problems in enforcement of configuration consistency.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
error-count The number of 500 responses that have been sent by this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
max-ajp-packet-size The maximum supported size of AJP packets. If this is modified it has to be increased on the load balancer and the backend server.
Attribute
Value
Default Value
8192
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-buffered-request-size Maximum size of a buffered request, in bytes. Requests are not usually buffered, the most common case is when performing SSL renegotiation for a POST request, and the post data must be fully buffered in order to perform the renegotiation.
Attribute
Value
Default Value
16384
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-connections The maximum number of concurrent connections. Only values greater than 0 are allowed. For unlimited connections simply undefine this attribute value.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-cookies The maximum number of cookies that will be parsed. This is used to protect against hash vulnerabilities.
Attribute
Value
Default Value
200
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-header-size The maximum size of a http request header, in bytes.
Attribute
Value
Default Value
1048576
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-headers The maximum number of headers that will be parsed. This is used to protect against hash vulnerabilities.
Attribute
Value
Default Value
200
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-parameters The maximum number of parameters that will be parsed. This is used to protect against hash vulnerabilities. This applies to both query parameters, and to POST data, but is not cumulative (i.e. you can potentially have max parameters * 2 total parameters).
Attribute
Value
Default Value
1000
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-post-size The maximum size of a post that will be accepted, in bytes.
Attribute
Value
Default Value
10485760
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-processing-time The maximum processing time taken by a request on this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
NANOSECONDS
Storage
runtime
Access Type
metric
no-request-timeout The length of time in milliseconds that the connection can be idle before it is closed by the container.
Attribute
Value
Default Value
60000
Type
INT
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
processing-time The total processing time of all requests handed by this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
NANOSECONDS
Storage
runtime
Access Type
metric
read-timeout Configure a read timeout for a socket, in milliseconds. If the given amount of time elapses without a successful read taking place, the socket's next read will throw a {@link ReadTimeoutException}.
record-request-start-time If this is true then Undertow will record the request start time, to allow for request time to be logged. This has a small but measurable performance impact
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
redirect-socket If this listener is supporting non-SSL requests, and a request is received for which a matching requires SSL transport, undertow will automatically redirect the request to the socket binding port specified here.
write-timeout Configure a write timeout for a socket, in milliseconds. If the given amount of time elapses without a successful write taking place, the socket's next write will throw a {@link WriteTimeoutException}.
If a request comes in with encoded / characters (i.e. %2F), will these be decoded.
allow-equals-in-cookie-value
BOOLEAN
false
true
false
If this is true then Undertow will allow non-escaped equals characters in unquoted cookie values. Unquoted cookie values may not contain equals characters. If present the value ends before the equals sign. The remainder of the cookie value will be dropped.
allow-unescaped-characters-in-url
BOOLEAN
false
true
false
If this is true Undertow will accept non-encoded characters that are disallowed by the URI specification. This defaults to false, and in general should not be needed as most clients correctly encode characters. Note that setting this to true can be considered a security risk, as allowing non-standard characters can allow request smuggling attacks in some circumstances.
always-set-keep-alive
BOOLEAN
false
true
true
If this is true then a Connection: keep-alive header will be added to responses, even when it is not strictly required by the specification.
buffer-pipelined-data
BOOLEAN
false
true
false
If we should buffer pipelined requests.
buffer-pool
STRING
false
false
default
The listeners buffer pool
decode-url
BOOLEAN
false
true
true
If this is true then the parser will decode the URL and query parameters using the selected character encoding (UTF-8 by default). If this is false they will not be decoded. This will allow a later handler to decode them into whatever charset is desired.
disallowed-methods
LIST
false
true
["TRACE"]
A comma separated list of HTTP methods that are not allowed
enabled
BOOLEAN
false
true
true
If the listener is enabled
max-ajp-packet-size
INT
false
true
8192
The maximum supported size of AJP packets. If this is modified it has to be increased on the load balancer and the backend server.
max-buffered-request-size
INT
false
true
16384
Maximum size of a buffered request, in bytes. Requests are not usually buffered, the most common case is when performing SSL renegotiation for a POST request, and the post data must be fully buffered in order to perform the renegotiation.
max-connections
INT
false
true
The maximum number of concurrent connections. Only values greater than 0 are allowed. For unlimited connections simply undefine this attribute value.
max-cookies
INT
false
true
200
The maximum number of cookies that will be parsed. This is used to protect against hash vulnerabilities.
max-header-size
INT
false
true
1048576
The maximum size of a http request header, in bytes.
max-headers
INT
false
true
200
The maximum number of headers that will be parsed. This is used to protect against hash vulnerabilities.
max-parameters
INT
false
true
1000
The maximum number of parameters that will be parsed. This is used to protect against hash vulnerabilities. This applies to both query parameters, and to POST data, but is not cumulative (i.e. you can potentially have max parameters * 2 total parameters).
max-post-size
LONG
false
true
10485760
The maximum size of a post that will be accepted, in bytes.
no-request-timeout
INT
false
true
60000
The length of time in milliseconds that the connection can be idle before it is closed by the container.
read-timeout
INT
false
true
90000
Configure a read timeout for a socket, in milliseconds. If the given amount of time elapses without a successful read taking place, the socket's next read will throw a {@link ReadTimeoutException}.
receive-buffer
INT
false
true
The receive buffer size, in bytes.
record-request-start-time
BOOLEAN
false
true
false
If this is true then Undertow will record the request start time, to allow for request time to be logged. This has a small but measurable performance impact
redirect-socket
STRING
false
false
If this listener is supporting non-SSL requests, and a request is received for which a matching requires SSL transport, undertow will automatically redirect the request to the socket binding port specified here.
request-parse-timeout
INT
false
true
The maximum amount of time (in milliseconds) that can be spent parsing the request
resolve-peer-address
BOOLEAN
false
true
false
Enables host dns lookup
rfc6265-cookie-validation
BOOLEAN
false
true
false
If cookies should be validated to ensure they comply with RFC6265.
scheme
STRING
false
true
The listener scheme, can be HTTP or HTTPS. By default the scheme will be taken from the incoming AJP request.
secure
BOOLEAN
false
true
false
If this is true then requests that originate from this listener are marked as secure, even if the request is not using HTTPS.
send-buffer
INT
false
true
The send buffer size, in bytes.
socket-binding
STRING
true
false
The listener socket binding
tcp-backlog
INT
false
true
10000
Configure a server with the specified backlog.
tcp-keep-alive
BOOLEAN
false
true
Configure a channel to send TCP keep-alive messages in an implementation-dependent manner.
url-charset
STRING
false
true
UTF-8
URL charset
worker
STRING
false
false
default
The listeners XNIO worker
write-timeout
INT
false
true
90000
Configure a write timeout for a socket, in milliseconds. If the given amount of time elapses without a successful write taking place, the socket's next write will throw a {@link WriteTimeoutException}.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/server/host/filter-ref/index.html b/latest/wildscribe/subsystem/undertow/server/host/filter-ref/index.html
new file mode 100644
index 000000000..80da67c78
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/server/host/filter-ref/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
predicate Predicates provide a simple way of making a true/false decision based on an exchange. Many handlers have a requirement that they be applied conditionally, and predicates provide a general way to specify a condition.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
priority Defines filter order. A lower number instructs the server to be included earlier in the handler chain than others with higher numbers. Values range from 1, indicating the filter will be handled first, to 2147483647, resulting in the filter being handled last.
Predicates provide a simple way of making a true/false decision based on an exchange. Many handlers have a requirement that they be applied conditionally, and predicates provide a general way to specify a condition.
priority
INT
false
true
1
Defines filter order. A lower number instructs the server to be included earlier in the handler chain than others with higher numbers. Values range from 1, indicating the filter will be handled first, to 2147483647, resulting in the filter being handled last.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/server/host/index.html b/latest/wildscribe/subsystem/undertow/server/host/index.html
new file mode 100644
index 000000000..a12a5ab70
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/server/host/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
disable-console-redirect if set to true, /console redirect wont be enabled for this host, default is false
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
queue-requests-on-start If requests should be queued on start for this host. If this is set to false the default response code will be returned instead.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/server/host/location/filter-ref/index.html b/latest/wildscribe/subsystem/undertow/server/host/location/filter-ref/index.html
new file mode 100644
index 000000000..34ba2d32b
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/server/host/location/filter-ref/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
predicate Predicates provide a simple way of making a true/false decision based on an exchange. Many handlers have a requirement that they be applied conditionally, and predicates provide a general way to specify a condition.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
priority Defines filter order. A lower number instructs the server to be included earlier in the handler chain than others with higher numbers. Values range from 1, indicating the filter will be handled first, to 2147483647, resulting in the filter being handled last.
Predicates provide a simple way of making a true/false decision based on an exchange. Many handlers have a requirement that they be applied conditionally, and predicates provide a general way to specify a condition.
priority
INT
false
true
1
Defines filter order. A lower number instructs the server to be included earlier in the handler chain than others with higher numbers. Values range from 1, indicating the filter will be handled first, to 2147483647, resulting in the filter being handled last.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/server/host/location/index.html b/latest/wildscribe/subsystem/undertow/server/host/location/index.html
new file mode 100644
index 000000000..d1b9f6ca8
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/server/host/location/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/server/host/setting/access-log/index.html b/latest/wildscribe/subsystem/undertow/server/host/setting/access-log/index.html
new file mode 100644
index 000000000..cd409d823
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/server/host/setting/access-log/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Add access log configuration to this virtual server.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
directory
STRING
false
true
${jboss.server.log.dir}
Directory in which to save logs
extended
BOOLEAN
false
true
false
If the log uses the extended log file format
pattern
STRING
false
false
common
The access log pattern.
predicate
STRING
false
true
Predicate that determines if the request should be logged
prefix
STRING
false
true
access_log.
Prefix for the log file name.
relative-to
STRING
false
true
The directory the path is relative to
rotate
BOOLEAN
false
true
true
Rotate the access log every day.
suffix
STRING
false
true
log
Suffix for the log file name.
use-server-log
BOOLEAN
false
true
false
If the log should be written to the server log, rather than a separate file.
worker
STRING
false
false
default
Name of the worker to use for logging
remove Remove access log configuration from this virtual server.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/server/host/setting/console-access-log/index.html b/latest/wildscribe/subsystem/undertow/server/host/setting/console-access-log/index.html
new file mode 100644
index 000000000..9485cd47d
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/server/host/setting/console-access-log/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
include-host-name Indicates whether or not the host name should included in the JSON structured output. If set to true the key will be hostName in the structured data and the value will be the host this console-access-log belongs to.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
metadata Any additional metadata to add to the JSON structured output.
Attribute
Value
Type
OBJECT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
predicate Predicate that determines if the request should be logged.
The attributes to be included in the structured output.
include-host-name
BOOLEAN
false
true
true
Indicates whether or not the host name should included in the JSON structured output. If set to true the key will be hostName in the structured data and the value will be the host this console-access-log belongs to.
metadata
OBJECT
false
true
Any additional metadata to add to the JSON structured output.
predicate
STRING
false
true
Predicate that determines if the request should be logged.
worker
STRING
false
false
default
Name of the worker to use for logging.
remove Stops the access logger from writing to the console.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/server/host/setting/http-invoker/index.html b/latest/wildscribe/subsystem/undertow/server/host/setting/http-invoker/index.html
new file mode 100644
index 000000000..fc68e3eb1
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/server/host/setting/http-invoker/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/server/host/setting/single-sign-on/index.html b/latest/wildscribe/subsystem/undertow/server/host/setting/single-sign-on/index.html
new file mode 100644
index 000000000..598a4f2ea
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/server/host/setting/single-sign-on/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/server/http-listener/index.html b/latest/wildscribe/subsystem/undertow/server/http-listener/index.html
new file mode 100644
index 000000000..f2e357f4c
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/server/http-listener/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allow-encoded-slash If a request comes in with encoded / characters (i.e. %2F), will these be decoded.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
allow-equals-in-cookie-value If this is true then Undertow will allow non-escaped equals characters in unquoted cookie values. Unquoted cookie values may not contain equals characters. If present the value ends before the equals sign. The remainder of the cookie value will be dropped.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
allow-unescaped-characters-in-url If this is true Undertow will accept non-encoded characters that are disallowed by the URI specification. This defaults to false, and in general should not be needed as most clients correctly encode characters. Note that setting this to true can be considered a security risk, as allowing non-standard characters can allow request smuggling attacks in some circumstances.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
always-set-keep-alive If this is true then a Connection: keep-alive header will be added to responses, even when it is not strictly required by the specification.
bytes-received The number of bytes that have been received by this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
BYTES
Storage
runtime
Access Type
metric
bytes-sent The number of bytes that have been sent out on this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
BYTES
Storage
runtime
Access Type
metric
certificate-forwarding If certificate forwarding should be enabled. If this is enabled then the listener will take the certificate from the SSL_CLIENT_CERT attribute. This should only be enabled if behind a proxy, and the proxy is configured to always set these headers.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
decode-url If this is true then the parser will decode the URL and query parameters using the selected character encoding (UTF-8 by default). If this is false they will not be decoded. This will allow a later handler to decode them into whatever charset is desired.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
disallowed-methods A comma separated list of HTTP methods that are not allowed
Attribute
Value
Default Value
["TRACE"]
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
enable-http2 Enables HTTP2 support for this listener
http2-header-table-size The size of the header table used for HPACK compression, in bytes. This amount of memory will be allocated per connection for compression. Larger values use more memory but may give better compression.
Attribute
Value
Default Value
4096
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
http2-initial-window-size The flow control window size that controls how quickly the client can send data to the server
Attribute
Value
Default Value
65535
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
http2-max-concurrent-streams The maximum number of HTTP/2 streams that can be active at any time on a single connection
max-buffered-request-size Maximum size of a buffered request, in bytes. Requests are not usually buffered, the most common case is when performing SSL renegotiation for a POST request, and the post data must be fully buffered in order to perform the renegotiation.
Attribute
Value
Default Value
16384
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-connections The maximum number of concurrent connections. Only values greater than 0 are allowed. For unlimited connections simply undefine this attribute value.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-cookies The maximum number of cookies that will be parsed. This is used to protect against hash vulnerabilities.
Attribute
Value
Default Value
200
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-header-size The maximum size of a http request header, in bytes.
Attribute
Value
Default Value
1048576
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-headers The maximum number of headers that will be parsed. This is used to protect against hash vulnerabilities.
Attribute
Value
Default Value
200
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-parameters The maximum number of parameters that will be parsed. This is used to protect against hash vulnerabilities. This applies to both query parameters, and to POST data, but is not cumulative (i.e. you can potentially have max parameters * 2 total parameters).
Attribute
Value
Default Value
1000
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-post-size The maximum size of a post that will be accepted, in bytes.
Attribute
Value
Default Value
10485760
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-processing-time The maximum processing time taken by a request on this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
NANOSECONDS
Storage
runtime
Access Type
metric
no-request-timeout The length of time in milliseconds that the connection can be idle before it is closed by the container.
Attribute
Value
Default Value
60000
Type
INT
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
processing-time The total processing time of all requests handed by this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
NANOSECONDS
Storage
runtime
Access Type
metric
proxy-address-forwarding Enables handling of x-forwarded-host header (and other x-forwarded-* headers) and use this header information to set the remote address. This should only be used behind a trusted proxy that sets these headers otherwise a remote user can spoof their IP address.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
proxy-protocol If this is true then the listener will use the proxy protocol v1, as defined by https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt. This option MUST only be enabled for listeners that are behind a load balancer that supports the same protocol.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
read-timeout Configure a read timeout for a socket, in milliseconds. If the given amount of time elapses without a successful read taking place, the socket's next read will throw a {@link ReadTimeoutException}.
record-request-start-time If this is true then Undertow will record the request start time, to allow for request time to be logged. This has a small but measurable performance impact
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
redirect-socket If this listener is supporting non-SSL requests, and a request is received for which a matching requires SSL transport, undertow will automatically redirect the request to the socket binding port specified here.
request-count The number of requests this listener has served
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
request-parse-timeout The maximum amount of time (in milliseconds) that can be spent parsing the request
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
require-host-http11 Require that all HTTP/1.1 requests have a 'Host' header, as per the RFC. IF the request does not include this header it will be rejected with a 403.
write-timeout Configure a write timeout for a socket, in milliseconds. If the given amount of time elapses without a successful write taking place, the socket's next write will throw a {@link WriteTimeoutException}.
If a request comes in with encoded / characters (i.e. %2F), will these be decoded.
allow-equals-in-cookie-value
BOOLEAN
false
true
false
If this is true then Undertow will allow non-escaped equals characters in unquoted cookie values. Unquoted cookie values may not contain equals characters. If present the value ends before the equals sign. The remainder of the cookie value will be dropped.
allow-unescaped-characters-in-url
BOOLEAN
false
true
false
If this is true Undertow will accept non-encoded characters that are disallowed by the URI specification. This defaults to false, and in general should not be needed as most clients correctly encode characters. Note that setting this to true can be considered a security risk, as allowing non-standard characters can allow request smuggling attacks in some circumstances.
always-set-keep-alive
BOOLEAN
false
true
true
If this is true then a Connection: keep-alive header will be added to responses, even when it is not strictly required by the specification.
buffer-pipelined-data
BOOLEAN
false
true
false
If we should buffer pipelined requests.
buffer-pool
STRING
false
false
default
The listeners buffer pool
certificate-forwarding
BOOLEAN
false
true
false
If certificate forwarding should be enabled. If this is enabled then the listener will take the certificate from the SSL_CLIENT_CERT attribute. This should only be enabled if behind a proxy, and the proxy is configured to always set these headers.
decode-url
BOOLEAN
false
true
true
If this is true then the parser will decode the URL and query parameters using the selected character encoding (UTF-8 by default). If this is false they will not be decoded. This will allow a later handler to decode them into whatever charset is desired.
disallowed-methods
LIST
false
true
["TRACE"]
A comma separated list of HTTP methods that are not allowed
enable-http2
BOOLEAN
false
true
false
Enables HTTP2 support for this listener
enabled
BOOLEAN
false
true
true
If the listener is enabled
http2-enable-push
BOOLEAN
false
true
true
If server push is enabled for this connection
http2-header-table-size
INT
false
true
4096
The size of the header table used for HPACK compression, in bytes. This amount of memory will be allocated per connection for compression. Larger values use more memory but may give better compression.
http2-initial-window-size
INT
false
true
65535
The flow control window size that controls how quickly the client can send data to the server
http2-max-concurrent-streams
INT
false
true
The maximum number of HTTP/2 streams that can be active at any time on a single connection
http2-max-frame-size
INT
false
true
16384
The max HTTP/2 frame size
http2-max-header-list-size
INT
false
true
The maximum size of request headers the server is prepared to accept
max-buffered-request-size
INT
false
true
16384
Maximum size of a buffered request, in bytes. Requests are not usually buffered, the most common case is when performing SSL renegotiation for a POST request, and the post data must be fully buffered in order to perform the renegotiation.
max-connections
INT
false
true
The maximum number of concurrent connections. Only values greater than 0 are allowed. For unlimited connections simply undefine this attribute value.
max-cookies
INT
false
true
200
The maximum number of cookies that will be parsed. This is used to protect against hash vulnerabilities.
max-header-size
INT
false
true
1048576
The maximum size of a http request header, in bytes.
max-headers
INT
false
true
200
The maximum number of headers that will be parsed. This is used to protect against hash vulnerabilities.
max-parameters
INT
false
true
1000
The maximum number of parameters that will be parsed. This is used to protect against hash vulnerabilities. This applies to both query parameters, and to POST data, but is not cumulative (i.e. you can potentially have max parameters * 2 total parameters).
max-post-size
LONG
false
true
10485760
The maximum size of a post that will be accepted, in bytes.
no-request-timeout
INT
false
true
60000
The length of time in milliseconds that the connection can be idle before it is closed by the container.
proxy-address-forwarding
BOOLEAN
false
true
false
Enables handling of x-forwarded-host header (and other x-forwarded-* headers) and use this header information to set the remote address. This should only be used behind a trusted proxy that sets these headers otherwise a remote user can spoof their IP address.
proxy-protocol
BOOLEAN
false
true
false
If this is true then the listener will use the proxy protocol v1, as defined by https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt. This option MUST only be enabled for listeners that are behind a load balancer that supports the same protocol.
read-timeout
INT
false
true
90000
Configure a read timeout for a socket, in milliseconds. If the given amount of time elapses without a successful read taking place, the socket's next read will throw a {@link ReadTimeoutException}.
receive-buffer
INT
false
true
The receive buffer size, in bytes.
record-request-start-time
BOOLEAN
false
true
false
If this is true then Undertow will record the request start time, to allow for request time to be logged. This has a small but measurable performance impact
redirect-socket
STRING
false
false
If this listener is supporting non-SSL requests, and a request is received for which a matching requires SSL transport, undertow will automatically redirect the request to the socket binding port specified here.
request-parse-timeout
INT
false
true
The maximum amount of time (in milliseconds) that can be spent parsing the request
require-host-http11
BOOLEAN
false
true
false
Require that all HTTP/1.1 requests have a 'Host' header, as per the RFC. IF the request does not include this header it will be rejected with a 403.
resolve-peer-address
BOOLEAN
false
true
false
Enables host dns lookup
rfc6265-cookie-validation
BOOLEAN
false
true
false
If cookies should be validated to ensure they comply with RFC6265.
secure
BOOLEAN
false
true
false
If this is true then requests that originate from this listener are marked as secure, even if the request is not using HTTPS.
send-buffer
INT
false
true
The send buffer size, in bytes.
socket-binding
STRING
true
false
The listener socket binding
tcp-backlog
INT
false
true
10000
Configure a server with the specified backlog.
tcp-keep-alive
BOOLEAN
false
true
Configure a channel to send TCP keep-alive messages in an implementation-dependent manner.
url-charset
STRING
false
true
UTF-8
URL charset
worker
STRING
false
false
default
The listeners XNIO worker
write-timeout
INT
false
true
90000
Configure a write timeout for a socket, in milliseconds. If the given amount of time elapses without a successful write taking place, the socket's next write will throw a {@link WriteTimeoutException}.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/server/https-listener/index.html b/latest/wildscribe/subsystem/undertow/server/https-listener/index.html
new file mode 100644
index 000000000..7f08c21c5
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/server/https-listener/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allow-encoded-slash If a request comes in with encoded / characters (i.e. %2F), will these be decoded.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
allow-equals-in-cookie-value If this is true then Undertow will allow non-escaped equals characters in unquoted cookie values. Unquoted cookie values may not contain equals characters. If present the value ends before the equals sign. The remainder of the cookie value will be dropped.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
allow-unescaped-characters-in-url If this is true Undertow will accept non-encoded characters that are disallowed by the URI specification. This defaults to false, and in general should not be needed as most clients correctly encode characters. Note that setting this to true can be considered a security risk, as allowing non-standard characters can allow request smuggling attacks in some circumstances.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
always-set-keep-alive If this is true then a Connection: keep-alive header will be added to responses, even when it is not strictly required by the specification.
bytes-received The number of bytes that have been received by this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
BYTES
Storage
runtime
Access Type
metric
bytes-sent The number of bytes that have been sent out on this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
BYTES
Storage
runtime
Access Type
metric
certificate-forwarding If certificate forwarding should be enabled. If this is enabled then the listener will take the certificate from the SSL_CLIENT_CERT attribute. This should only be enabled if behind a proxy, and the proxy is configured to always set these headers.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
decode-url If this is true then the parser will decode the URL and query parameters using the selected character encoding (UTF-8 by default). If this is false they will not be decoded. This will allow a later handler to decode them into whatever charset is desired.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
disallowed-methods A comma separated list of HTTP methods that are not allowed
Attribute
Value
Default Value
["TRACE"]
Type
LIST
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
enable-http2 Enables HTTP2 support for this listener
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
enable-spdy Enables SPDY support for this listener. This has been deprecated and has no effect, HTTP/2 should be used instead
http2-header-table-size The size of the header table used for HPACK compression, in bytes. This amount of memory will be allocated per connection for compression. Larger values use more memory but may give better compression.
Attribute
Value
Default Value
4096
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
http2-initial-window-size The flow control window size that controls how quickly the client can send data to the server
Attribute
Value
Default Value
65535
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
http2-max-concurrent-streams The maximum number of HTTP/2 streams that can be active at any time on a single connection
max-buffered-request-size Maximum size of a buffered request, in bytes. Requests are not usually buffered, the most common case is when performing SSL renegotiation for a POST request, and the post data must be fully buffered in order to perform the renegotiation.
Attribute
Value
Default Value
16384
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-connections The maximum number of concurrent connections. Only values greater than 0 are allowed. For unlimited connections simply undefine this attribute value.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-cookies The maximum number of cookies that will be parsed. This is used to protect against hash vulnerabilities.
Attribute
Value
Default Value
200
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-header-size The maximum size of a http request header, in bytes.
Attribute
Value
Default Value
1048576
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-headers The maximum number of headers that will be parsed. This is used to protect against hash vulnerabilities.
Attribute
Value
Default Value
200
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-parameters The maximum number of parameters that will be parsed. This is used to protect against hash vulnerabilities. This applies to both query parameters, and to POST data, but is not cumulative (i.e. you can potentially have max parameters * 2 total parameters).
Attribute
Value
Default Value
1000
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-post-size The maximum size of a post that will be accepted, in bytes.
Attribute
Value
Default Value
10485760
Type
LONG
Nillable
true
Expressions Allowed
true
Min
0
Max
-1
Unit
BYTES
Storage
configuration
Access Type
read-write
Restart Required
no-services
max-processing-time The maximum processing time taken by a request on this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
NANOSECONDS
Storage
runtime
Access Type
metric
no-request-timeout The length of time in milliseconds that the connection can be idle before it is closed by the container.
Attribute
Value
Default Value
60000
Type
INT
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
processing-time The total processing time of all requests handed by this listener
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Unit
NANOSECONDS
Storage
runtime
Access Type
metric
proxy-address-forwarding Enables handling of x-forwarded-host header (and other x-forwarded-* headers) and use this header information to set the remote address. This should only be used behind a trusted proxy that sets these headers otherwise a remote user can spoof their IP address.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
proxy-protocol If this is true then the listener will use the proxy protocol v1, as defined by https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt. This option MUST only be enabled for listeners that are behind a load balancer that supports the same protocol.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
resource-services
read-timeout Configure a read timeout for a socket, in milliseconds. If the given amount of time elapses without a successful read taking place, the socket's next read will throw a {@link ReadTimeoutException}.
record-request-start-time If this is true then Undertow will record the request start time, to allow for request time to be logged. This has a small but measurable performance impact
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
request-count The number of requests this listener has served
Attribute
Value
Type
LONG
Nillable
false
Expressions Allowed
false
Storage
runtime
Access Type
metric
request-parse-timeout The maximum amount of time (in milliseconds) that can be spent parsing the request
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Unit
MILLISECONDS
Storage
configuration
Access Type
read-write
Restart Required
no-services
require-host-http11 Require that all HTTP/1.1 requests have a 'Host' header, as per the RFC. IF the request does not include this header it will be rejected with a 403.
write-timeout Configure a write timeout for a socket, in milliseconds. If the given amount of time elapses without a successful write taking place, the socket's next write will throw a {@link WriteTimeoutException}.
If a request comes in with encoded / characters (i.e. %2F), will these be decoded.
allow-equals-in-cookie-value
BOOLEAN
false
true
false
If this is true then Undertow will allow non-escaped equals characters in unquoted cookie values. Unquoted cookie values may not contain equals characters. If present the value ends before the equals sign. The remainder of the cookie value will be dropped.
allow-unescaped-characters-in-url
BOOLEAN
false
true
false
If this is true Undertow will accept non-encoded characters that are disallowed by the URI specification. This defaults to false, and in general should not be needed as most clients correctly encode characters. Note that setting this to true can be considered a security risk, as allowing non-standard characters can allow request smuggling attacks in some circumstances.
always-set-keep-alive
BOOLEAN
false
true
true
If this is true then a Connection: keep-alive header will be added to responses, even when it is not strictly required by the specification.
buffer-pipelined-data
BOOLEAN
false
true
false
If we should buffer pipelined requests.
buffer-pool
STRING
false
false
default
The listeners buffer pool
certificate-forwarding
BOOLEAN
false
true
false
If certificate forwarding should be enabled. If this is enabled then the listener will take the certificate from the SSL_CLIENT_CERT attribute. This should only be enabled if behind a proxy, and the proxy is configured to always set these headers.
decode-url
BOOLEAN
false
true
true
If this is true then the parser will decode the URL and query parameters using the selected character encoding (UTF-8 by default). If this is false they will not be decoded. This will allow a later handler to decode them into whatever charset is desired.
disallowed-methods
LIST
false
true
["TRACE"]
A comma separated list of HTTP methods that are not allowed
enable-http2
BOOLEAN
false
true
false
Enables HTTP2 support for this listener
enable-spdy
BOOLEAN
false
true
false
Enables SPDY support for this listener. This has been deprecated and has no effect, HTTP/2 should be used instead
enabled
BOOLEAN
false
true
true
If the listener is enabled
enabled-cipher-suites
STRING
false
true
Configures Enabled SSL ciphers
enabled-protocols
STRING
false
true
Configures SSL protocols
http2-enable-push
BOOLEAN
false
true
true
If server push is enabled for this connection
http2-header-table-size
INT
false
true
4096
The size of the header table used for HPACK compression, in bytes. This amount of memory will be allocated per connection for compression. Larger values use more memory but may give better compression.
http2-initial-window-size
INT
false
true
65535
The flow control window size that controls how quickly the client can send data to the server
http2-max-concurrent-streams
INT
false
true
The maximum number of HTTP/2 streams that can be active at any time on a single connection
http2-max-frame-size
INT
false
true
16384
The max HTTP/2 frame size
http2-max-header-list-size
INT
false
true
The maximum size of request headers the server is prepared to accept
max-buffered-request-size
INT
false
true
16384
Maximum size of a buffered request, in bytes. Requests are not usually buffered, the most common case is when performing SSL renegotiation for a POST request, and the post data must be fully buffered in order to perform the renegotiation.
max-connections
INT
false
true
The maximum number of concurrent connections. Only values greater than 0 are allowed. For unlimited connections simply undefine this attribute value.
max-cookies
INT
false
true
200
The maximum number of cookies that will be parsed. This is used to protect against hash vulnerabilities.
max-header-size
INT
false
true
1048576
The maximum size of a http request header, in bytes.
max-headers
INT
false
true
200
The maximum number of headers that will be parsed. This is used to protect against hash vulnerabilities.
max-parameters
INT
false
true
1000
The maximum number of parameters that will be parsed. This is used to protect against hash vulnerabilities. This applies to both query parameters, and to POST data, but is not cumulative (i.e. you can potentially have max parameters * 2 total parameters).
max-post-size
LONG
false
true
10485760
The maximum size of a post that will be accepted, in bytes.
no-request-timeout
INT
false
true
60000
The length of time in milliseconds that the connection can be idle before it is closed by the container.
proxy-address-forwarding
BOOLEAN
false
true
false
Enables handling of x-forwarded-host header (and other x-forwarded-* headers) and use this header information to set the remote address. This should only be used behind a trusted proxy that sets these headers otherwise a remote user can spoof their IP address.
proxy-protocol
BOOLEAN
false
true
false
If this is true then the listener will use the proxy protocol v1, as defined by https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt. This option MUST only be enabled for listeners that are behind a load balancer that supports the same protocol.
read-timeout
INT
false
true
90000
Configure a read timeout for a socket, in milliseconds. If the given amount of time elapses without a successful read taking place, the socket's next read will throw a {@link ReadTimeoutException}.
receive-buffer
INT
false
true
The receive buffer size, in bytes.
record-request-start-time
BOOLEAN
false
true
false
If this is true then Undertow will record the request start time, to allow for request time to be logged. This has a small but measurable performance impact
request-parse-timeout
INT
false
true
The maximum amount of time (in milliseconds) that can be spent parsing the request
require-host-http11
BOOLEAN
false
true
false
Require that all HTTP/1.1 requests have a 'Host' header, as per the RFC. IF the request does not include this header it will be rejected with a 403.
resolve-peer-address
BOOLEAN
false
true
false
Enables host dns lookup
rfc6265-cookie-validation
BOOLEAN
false
true
false
If cookies should be validated to ensure they comply with RFC6265.
secure
BOOLEAN
false
true
false
If this is true then requests that originate from this listener are marked as secure, even if the request is not using HTTPS.
security-realm
STRING
true
false
The listeners security realm
send-buffer
INT
false
true
The send buffer size, in bytes.
socket-binding
STRING
true
false
The listener socket binding
ssl-context
STRING
true
false
Reference to the SSLContext to be used by this listener.
ssl-session-cache-size
INT
false
true
The maximum number of active SSL sessions
ssl-session-timeout
INT
false
true
The timeout for SSL sessions, in seconds
tcp-backlog
INT
false
true
10000
Configure a server with the specified backlog.
tcp-keep-alive
BOOLEAN
false
true
Configure a channel to send TCP keep-alive messages in an implementation-dependent manner.
url-charset
STRING
false
true
UTF-8
URL charset
verify-client
STRING
false
true
NOT_REQUESTED
The desired SSL client authentication mode for SSL channels
worker
STRING
false
false
default
The listeners XNIO worker
write-timeout
INT
false
true
90000
Configure a write timeout for a socket, in milliseconds. If the given amount of time elapses without a successful write taking place, the socket's next write will throw a {@link WriteTimeoutException}.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/server/index.html b/latest/wildscribe/subsystem/undertow/server/index.html
new file mode 100644
index 000000000..1cd7be4cd
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/server/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/servlet-container/index.html b/latest/wildscribe/subsystem/undertow/servlet-container/index.html
new file mode 100644
index 000000000..0f269cc2e
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/servlet-container/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
allow-non-standard-wrappers If true then request and response wrappers that do not extend the standard wrapper classes can be used
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
allow-orphan-session Indicates whether session creation should be permitted after a response-closing operation, e.g. HttpServletResponse.sendRedirect(...). Enabling this behavior is generally discouraged, as the created session will be unreferenceable.
default-encoding Default encoding to use for all deployed applications
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
default-session-timeout The default session timeout (in minutes) for all applications deployed in the container.
Attribute
Value
Default Value
30
Type
INT
Nillable
true
Expressions Allowed
true
Unit
MINUTES
Storage
configuration
Access Type
read-write
Restart Required
all-services
directory-listing If directory listing should be enabled for default servlets.
Attribute
Value
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
disable-caching-for-secured-pages If Undertow should set headers to disable caching for secured paged. Disabling this can cause security problems, as sensitive pages may be cached by an intermediary.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
disable-file-watch-service If this is true then the file watch service will not be used to monitor exploded deployments for changes
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
disable-session-id-reuse If this is true then an unknown session ID will never be reused, and a new session id will be generated. If this is false then it will be re-used if and only if it is present in the session manager of another deployment, to allow the same session id to be shared between applications on the same server.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
eager-filter-initialization If true undertow calls filter init() on deployment start rather than when first requested.
file-cache-time-to-live The length of time in ms an item will stay cached. By default this is 2000 for exploded deployments, and -1 (infinite) for archive deployments
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
ignore-flush Ignore flushes on the servlet output stream. In most cases these just hurt performance for no good reason.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
max-sessions The maximum number of sessions that can be active at one time
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
preserve-path-on-forward If this is true Undertow will reset request path, URL and URI information to original values after forward.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
proactive-authentication If proactive authentication should be used. If this is true a user will always be authenticated if credentials are present.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
session-id-length The length of the generated session ID. Longer session ID's are more secure. This number refers to the number of bytes of randomness that are used to generate the session ID, the actual ID that is sent to the client will be base64 encoded so will be approximately 33% larger (e.g. a session id length of 30 will result in a cookie value of length 40).
Attribute
Value
Default Value
30
Type
INT
Nillable
true
Expressions Allowed
true
Min
16
Max
200
Storage
configuration
Access Type
read-write
Restart Required
all-services
stack-trace-on-error If an error page with the stack trace should be generated on error. Values are all, none and local-only
If true then request and response wrappers that do not extend the standard wrapper classes can be used
allow-orphan-session
BOOLEAN
false
true
false
Indicates whether session creation should be permitted after a response-closing operation, e.g. HttpServletResponse.sendRedirect(...). Enabling this behavior is generally discouraged, as the created session will be unreferenceable.
default-buffer-cache
STRING
false
true
default
The buffer cache to use for caching static resources
default-cookie-version
INT
false
true
0
The default cookie version servlet applications will send
default-encoding
STRING
false
true
Default encoding to use for all deployed applications
default-session-timeout
INT
false
true
30
The default session timeout (in minutes) for all applications deployed in the container.
directory-listing
BOOLEAN
false
true
If directory listing should be enabled for default servlets.
disable-caching-for-secured-pages
BOOLEAN
false
true
true
If Undertow should set headers to disable caching for secured paged. Disabling this can cause security problems, as sensitive pages may be cached by an intermediary.
disable-file-watch-service
BOOLEAN
false
true
false
If this is true then the file watch service will not be used to monitor exploded deployments for changes
disable-session-id-reuse
BOOLEAN
false
true
false
If this is true then an unknown session ID will never be reused, and a new session id will be generated. If this is false then it will be re-used if and only if it is present in the session manager of another deployment, to allow the same session id to be shared between applications on the same server.
eager-filter-initialization
BOOLEAN
false
true
false
If true undertow calls filter init() on deployment start rather than when first requested.
file-cache-max-file-size
INT
false
true
10485760
The maximum size of a file that will be cached in the file cache
file-cache-metadata-size
INT
false
true
100
The maximum number of files that will have their metadata cached
file-cache-time-to-live
INT
false
true
The length of time in ms an item will stay cached. By default this is 2000 for exploded deployments, and -1 (infinite) for archive deployments
ignore-flush
BOOLEAN
false
true
false
Ignore flushes on the servlet output stream. In most cases these just hurt performance for no good reason.
max-sessions
INT
false
true
The maximum number of sessions that can be active at one time
preserve-path-on-forward
BOOLEAN
false
true
false
If this is true Undertow will reset request path, URL and URI information to original values after forward.
proactive-authentication
BOOLEAN
false
true
true
If proactive authentication should be used. If this is true a user will always be authenticated if credentials are present.
session-id-length
INT
false
true
30
The length of the generated session ID. Longer session ID's are more secure. This number refers to the number of bytes of randomness that are used to generate the session ID, the actual ID that is sent to the client will be base64 encoded so will be approximately 33% larger (e.g. a session id length of 30 will result in a cookie value of length 40).
stack-trace-on-error
STRING
false
true
local-only
If an error page with the stack trace should be generated on error. Values are all, none and local-only
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/servlet-container/mime-mapping/index.html b/latest/wildscribe/subsystem/undertow/servlet-container/mime-mapping/index.html
new file mode 100644
index 000000000..1468cb72c
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/servlet-container/mime-mapping/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/servlet-container/setting/affinity-cookie/index.html b/latest/wildscribe/subsystem/undertow/servlet-container/setting/affinity-cookie/index.html
new file mode 100644
index 000000000..80db682af
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/servlet-container/setting/affinity-cookie/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/servlet-container/setting/crawler-session-management/index.html b/latest/wildscribe/subsystem/undertow/servlet-container/setting/crawler-session-management/index.html
new file mode 100644
index 000000000..be6211385
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/servlet-container/setting/crawler-session-management/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
Configures special session handling for crawler bots
Attributes (2)
session-timeout The session timeout for sessions that are owned by crawlers
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Unit
SECONDS
Storage
configuration
Access Type
read-write
Restart Required
all-services
user-agents Regular expression that is used to match the user agent of a crawler
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add Adds special session handling for crawler bots
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
session-timeout
INT
false
true
The session timeout for sessions that are owned by crawlers
user-agents
STRING
false
true
Regular expression that is used to match the user agent of a crawler
remove Removes special session handling for crawler bots
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/servlet-container/setting/jsp/index.html b/latest/wildscribe/subsystem/undertow/servlet-container/setting/jsp/index.html
new file mode 100644
index 000000000..3b7d5242f
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/servlet-container/setting/jsp/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
check-interval Check interval for Jakarta Server Pages updates using a background thread. This has no effect for most deployments where Jakarta Server Pages change notifications are handled using the File System notification API. This only takes effect if the file watch service is disabled.
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
development Enable Development mode which enables reloading Jakarta Server Pages on-the-fly
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
disabled Disable the Jakarta Server Pages container.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
display-source-fragment When a runtime error occurs, attempts to display corresponding Jakarta Server Pages source fragment
trim-spaces Trim some spaces from the generated Servlet.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
x-powered-by Enable advertising the Jakarta Server Pages engine in x-powered-by.
Attribute
Value
Default Value
true
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
Operations (2)
add Adds Jakarta Server Pages container configuration.
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
check-interval
INT
false
true
0
Check interval for Jakarta Server Pages updates using a background thread. This has no effect for most deployments where Jakarta Server Pages change notifications are handled using the File System notification API. This only takes effect if the file watch service is disabled.
development
BOOLEAN
false
true
false
Enable Development mode which enables reloading Jakarta Server Pages on-the-fly
disabled
BOOLEAN
false
true
false
Disable the Jakarta Server Pages container.
display-source-fragment
BOOLEAN
false
true
true
When a runtime error occurs, attempts to display corresponding Jakarta Server Pages source fragment
dump-smap
BOOLEAN
false
true
false
Write SMAP data to a file.
error-on-use-bean-invalid-class-attribute
BOOLEAN
false
true
false
Enable errors when using a bad class in useBean.
generate-strings-as-char-arrays
BOOLEAN
false
true
false
Generate String constants as char arrays.
java-encoding
STRING
false
true
UTF8
Specify the encoding used for Java sources.
keep-generated
BOOLEAN
false
true
true
Keep the generated Servlets.
mapped-file
BOOLEAN
false
true
true
Map to the Jakarta Server Pages source.
modification-test-interval
INT
false
true
4
Minimum amount of time between two tests for updates, in seconds.
optimize-scriptlets
BOOLEAN
false
true
false
If Jakarta Server Pages scriptlets should be optimised to remove string concatenation
recompile-on-fail
BOOLEAN
false
true
false
Retry failed Jakarta Server Pages compilations on each request.
scratch-dir
STRING
false
true
Specify a different work directory.
smap
BOOLEAN
false
true
true
Enable SMAP.
source-vm
STRING
false
true
1.8
Source VM level for compilation.
tag-pooling
BOOLEAN
false
true
true
Enable tag pooling.
target-vm
STRING
false
true
1.8
Target VM level for compilation.
trim-spaces
BOOLEAN
false
true
false
Trim some spaces from the generated Servlet.
x-powered-by
BOOLEAN
false
true
true
Enable advertising the Jakarta Server Pages engine in x-powered-by.
remove Removes Jakarta Server Pages container configuration.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/servlet-container/setting/persistent-sessions/index.html b/latest/wildscribe/subsystem/undertow/servlet-container/setting/persistent-sessions/index.html
new file mode 100644
index 000000000..db5838a1c
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/servlet-container/setting/persistent-sessions/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/servlet-container/setting/session-cookie/index.html b/latest/wildscribe/subsystem/undertow/servlet-container/setting/session-cookie/index.html
new file mode 100644
index 000000000..cda508401
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/servlet-container/setting/session-cookie/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/servlet-container/setting/websockets/index.html b/latest/wildscribe/subsystem/undertow/servlet-container/setting/websockets/index.html
new file mode 100644
index 000000000..c0d348028
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/servlet-container/setting/websockets/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
deflater-level Configures the level of compression of the DEFLATE algorithm
Attribute
Value
Default Value
0
Type
INT
Nillable
true
Expressions Allowed
true
Min
0
Max
9
Storage
configuration
Access Type
read-write
Restart Required
all-services
dispatch-to-worker If callbacks should be dispatched to a worker thread. If this is false then they will be run in the IO thread, which is faster however care must be taken not to perform blocking operations.
Configures the level of compression of the DEFLATE algorithm
dispatch-to-worker
BOOLEAN
false
true
true
If callbacks should be dispatched to a worker thread. If this is false then they will be run in the IO thread, which is faster however care must be taken not to perform blocking operations.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/undertow/servlet-container/welcome-file/index.html b/latest/wildscribe/subsystem/undertow/servlet-container/welcome-file/index.html
new file mode 100644
index 000000000..a57936fca
--- /dev/null
+++ b/latest/wildscribe/subsystem/undertow/servlet-container/welcome-file/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/webservices/client-config/index.html b/latest/wildscribe/subsystem/webservices/client-config/index.html
new file mode 100644
index 000000000..1915e6754
--- /dev/null
+++ b/latest/wildscribe/subsystem/webservices/client-config/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/webservices/client-config/post-handler-chain/handler/index.html b/latest/wildscribe/subsystem/webservices/client-config/post-handler-chain/handler/index.html
new file mode 100644
index 000000000..bbcd45181
--- /dev/null
+++ b/latest/wildscribe/subsystem/webservices/client-config/post-handler-chain/handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/webservices/client-config/post-handler-chain/index.html b/latest/wildscribe/subsystem/webservices/client-config/post-handler-chain/index.html
new file mode 100644
index 000000000..26cf4ba71
--- /dev/null
+++ b/latest/wildscribe/subsystem/webservices/client-config/post-handler-chain/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Adds endpoint configuration POST handler chain
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
protocol-bindings
STRING
false
true
Protocol binding
remove Removes endpoint configuration POST handler chain
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/webservices/client-config/pre-handler-chain/handler/index.html b/latest/wildscribe/subsystem/webservices/client-config/pre-handler-chain/handler/index.html
new file mode 100644
index 000000000..c2a8f9e6f
--- /dev/null
+++ b/latest/wildscribe/subsystem/webservices/client-config/pre-handler-chain/handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/webservices/client-config/pre-handler-chain/index.html b/latest/wildscribe/subsystem/webservices/client-config/pre-handler-chain/index.html
new file mode 100644
index 000000000..e6dee6054
--- /dev/null
+++ b/latest/wildscribe/subsystem/webservices/client-config/pre-handler-chain/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove Removes Endpoint configuration PRE handler chain
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/webservices/client-config/property/index.html b/latest/wildscribe/subsystem/webservices/client-config/property/index.html
new file mode 100644
index 000000000..250245b68
--- /dev/null
+++ b/latest/wildscribe/subsystem/webservices/client-config/property/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/webservices/endpoint-config/index.html b/latest/wildscribe/subsystem/webservices/endpoint-config/index.html
new file mode 100644
index 000000000..e1ede9668
--- /dev/null
+++ b/latest/wildscribe/subsystem/webservices/endpoint-config/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/webservices/endpoint-config/post-handler-chain/handler/index.html b/latest/wildscribe/subsystem/webservices/endpoint-config/post-handler-chain/handler/index.html
new file mode 100644
index 000000000..a61436020
--- /dev/null
+++ b/latest/wildscribe/subsystem/webservices/endpoint-config/post-handler-chain/handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/webservices/endpoint-config/post-handler-chain/index.html b/latest/wildscribe/subsystem/webservices/endpoint-config/post-handler-chain/index.html
new file mode 100644
index 000000000..fa931d8f7
--- /dev/null
+++ b/latest/wildscribe/subsystem/webservices/endpoint-config/post-handler-chain/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
add Adds endpoint configuration POST handler chain
Request Parameter
Type
Required
Expressions Allowed
Default value
Description
protocol-bindings
STRING
false
true
Protocol binding
remove Removes endpoint configuration POST handler chain
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/webservices/endpoint-config/pre-handler-chain/handler/index.html b/latest/wildscribe/subsystem/webservices/endpoint-config/pre-handler-chain/handler/index.html
new file mode 100644
index 000000000..fe77cad6b
--- /dev/null
+++ b/latest/wildscribe/subsystem/webservices/endpoint-config/pre-handler-chain/handler/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/webservices/endpoint-config/pre-handler-chain/index.html b/latest/wildscribe/subsystem/webservices/endpoint-config/pre-handler-chain/index.html
new file mode 100644
index 000000000..58f682c98
--- /dev/null
+++ b/latest/wildscribe/subsystem/webservices/endpoint-config/pre-handler-chain/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
remove Removes Endpoint configuration PRE handler chain
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/webservices/endpoint-config/property/index.html b/latest/wildscribe/subsystem/webservices/endpoint-config/property/index.html
new file mode 100644
index 000000000..ace609da5
--- /dev/null
+++ b/latest/wildscribe/subsystem/webservices/endpoint-config/property/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/webservices/index.html b/latest/wildscribe/subsystem/webservices/index.html
new file mode 100644
index 000000000..be5c6494a
--- /dev/null
+++ b/latest/wildscribe/subsystem/webservices/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
statistics-enabled Whether statistics are to be gathered for endpoints, default value is 'false'.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
wsdl-host The WSDL, that is a required deployment artifact for an endpoint, has a element which points to the location of the endpoint. JBoss supports rewriting of that SOAP address. If the content of is a valid URL, JBossWS will not rewrite it unless 'modify-wsdl-address' is true. If the content of is not a valid URL, JBossWS will rewrite it using the attribute values given below. If 'wsdl-host' is set to 'jbossws.undefined.host', JBossWS uses requesters host when rewriting the
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
no-services
wsdl-path-rewrite-rule This string defines a SED substitution command (e.g., 's/regexp/replacement/g') that JBossWS executes against the path component of each URL published from the server. When wsdl-path-rewrite-rule is not defined, JBossWS retains the original path component of each URL. When 'modify-wsdl-address' is set to "false" this element is ignored.
Attribute
Value
Type
STRING
Nillable
true
Expressions Allowed
false
Storage
configuration
Access Type
read-write
Restart Required
no-services
wsdl-port The non-secure port that will be used for rewriting the SOAP address. If absent the port will be identified by querying the list of installed connectors.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
wsdl-secure-port The secure port that will be used for rewriting the SOAP address. If absent the port will be identified by querying the list of installed connectors.
Attribute
Value
Type
INT
Nillable
true
Expressions Allowed
true
Min
1
Max
2,147,483,647
Storage
configuration
Access Type
read-write
Restart Required
no-services
wsdl-uri-scheme The URI scheme to use for rewriting . Valid values are 'http' and 'https'. This configuration overrides scheme computed by processing the endpoint (even if a transport guarantee is specified). The provided values for 'wsdl-port' and 'wsdl-secure-port' (or their default values) are used depending on specified scheme.
Whether statistics are to be gathered for endpoints, default value is 'false'.
wsdl-host
STRING
false
true
The WSDL, that is a required deployment artifact for an endpoint, has a element which points to the location of the endpoint. JBoss supports rewriting of that SOAP address. If the content of is a valid URL, JBossWS will not rewrite it unless 'modify-wsdl-address' is true. If the content of is not a valid URL, JBossWS will rewrite it using the attribute values given below. If 'wsdl-host' is set to 'jbossws.undefined.host', JBossWS uses requesters host when rewriting the
wsdl-path-rewrite-rule
STRING
false
false
This string defines a SED substitution command (e.g., 's/regexp/replacement/g') that JBossWS executes against the path component of each URL published from the server. When wsdl-path-rewrite-rule is not defined, JBossWS retains the original path component of each URL. When 'modify-wsdl-address' is set to "false" this element is ignored.
wsdl-port
INT
false
true
The non-secure port that will be used for rewriting the SOAP address. If absent the port will be identified by querying the list of installed connectors.
wsdl-secure-port
INT
false
true
The secure port that will be used for rewriting the SOAP address. If absent the port will be identified by querying the list of installed connectors.
wsdl-uri-scheme
STRING
false
true
The URI scheme to use for rewriting . Valid values are 'http' and 'https'. This configuration overrides scheme computed by processing the endpoint (even if a transport guarantee is specified). The provided values for 'wsdl-port' and 'wsdl-secure-port' (or their default values) are used depending on specified scheme.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/weld/index.html b/latest/wildscribe/subsystem/weld/index.html
new file mode 100644
index 000000000..147f1c31e
--- /dev/null
+++ b/latest/wildscribe/subsystem/weld/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
development-mode Weld comes with a special mode for application development. When the development mode is enabled, certain built-in tools, which facilitate the development of Jakarta Contexts and Dependency Injection applications are available. Setting this attribute to true activates the development mode.
Deprecated Since 5.0.0
Development mode is no longer supported on servers running the current version.
non-portable-mode If true, then the non-portable mode is enabled. The non-portable mode is suggested by the specification to overcome problems with legacy applications that do not use Jakarta Contexts and Dependency Injection SPI properly and may be rejected by more strict validation in CDI 1.1.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
require-bean-descriptor If true, then implicit bean archives without a bean descriptor file (beans.xml) are ignored by Weld.
Attribute
Value
Default Value
false
Type
BOOLEAN
Nillable
true
Expressions Allowed
true
Storage
configuration
Access Type
read-write
Restart Required
all-services
thread-pool-size The number of threads to be used by the Weld thread pool. The pool is shared across all Jakarta Contexts and Dependency Injection enabled deployments and used primarily for parallel Weld bootstrapping.
Weld comes with a special mode for application development. When the development mode is enabled, certain built-in tools, which facilitate the development of Jakarta Contexts and Dependency Injection applications are available. Setting this attribute to true activates the development mode.
legacy-empty-beans-xml-treatment
BOOLEAN
false
true
false
If true, all bean archives with empty beans.xml are considered to have discovery mode ALL.
non-portable-mode
BOOLEAN
false
true
false
If true, then the non-portable mode is enabled. The non-portable mode is suggested by the specification to overcome problems with legacy applications that do not use Jakarta Contexts and Dependency Injection SPI properly and may be rejected by more strict validation in CDI 1.1.
require-bean-descriptor
BOOLEAN
false
true
false
If true, then implicit bean archives without a bean descriptor file (beans.xml) are ignored by Weld.
thread-pool-size
INT
false
true
The number of threads to be used by the Weld thread pool. The pool is shared across all Jakarta Contexts and Dependency Injection enabled deployments and used primarily for parallel Weld bootstrapping.
\ No newline at end of file
diff --git a/latest/wildscribe/subsystem/xts/index.html b/latest/wildscribe/subsystem/xts/index.html
new file mode 100644
index 000000000..57b21c42c
--- /dev/null
+++ b/latest/wildscribe/subsystem/xts/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
\ No newline at end of file
diff --git a/latest/wildscribe/system-property/index.html b/latest/wildscribe/system-property/index.html
new file mode 100644
index 000000000..227902b61
--- /dev/null
+++ b/latest/wildscribe/system-property/index.html
@@ -0,0 +1 @@
+ WildFly Full 29 Model Reference
-
