[
"
\n
Access Control
\n The access control definitions grant or restrict access to management operations.\n\n
Common Configuration Tasks
\n
\n - Add users and groups.
\n - Assign roles to users and groups.
\n - Define custom roles scoped to hosts or server groups.
\n
\n
\n",
"\n
Messaging (ActiveMQ)
\n The Messaging (ActiveMQ) subsystem allows you to configure connections, destinations, clustering, and general settings for messaging providers.\n\n",
"Administrator
The Administrator role has unrestricted access to all resources and operations on the server except the audit logging system. The Administrator role has access to sensitive data and operations. This role can also configure the access control system. The Administrator role is only required when handling sensitive data or configuring users and roles. Administrators cannot change their permissions to Auditor or SuperUser.
\n",
"\n\n
Assignment
\n
A user is considered to be assigned to a role if:
\n
\n - The user is:\n
\n - listed as a user to be included in the role, or
\n - a member of a group that is listed to be included in the role.
\n
\n \n - The user is not:\n
\n - listed as a user to exclude from the role, or
\n - a member of a group that is listed to be excluded from the role.
\n
\n \n
\n
Exclusions take priority over inclusions.
\n
",
"Auditor
The Auditor role has all the permissions of the Monitor role and can also view, but not modify, sensitive data. The Auditor role is the only role other than SuperUser that can access the audit logging system. Only read access is permitted.
\n",
"\n
Batch Subsystem
\n The Batch subsystem allows you to configure an environment for running batch applications.\n\n",
"Infinispan
The Infinispan subsystem allows you to configure the local, invalidation, distributed, and replicated caches for Infinispan cache containers.\n",
"\n
Content Repository
\n
Manage all deployments that have been uploaded to the domain.
\n
Upload a new deployment or create an unmanaged deployment. Assign deployments to server groups or remove deployments.
\n
",
"Deployer
The Deployer role has the same permissions as the Monitor, but can modify configuration and state for deployments and any other resource type enabled as an application resource.
",
"Deployment Scanners
The Deployment Scanners subsystem allows you to configure deployment scanners that monitor certain locations for applications to deploy.\n",
"\n\n
Deployment
\n A deployment is anything that can be deployed to a server, such as WAR, EAR, and EJB JAR applications, standard archives, or JBoss-specific deployments.\n\n Common Configuration Tasks
\n Deploy and manage applications and other Java EE resources.\n\n",
"Datasources
The Datasource subsystem allows you to create and configure datasources.\n",
"EE
The EE subsystem allows you to configure common functionality in the Java EE platform, such as defining global modules, enabling descriptor-based property replacement, and configuring default bindings.\n",
"EJB 3
The EJB 3 subsystem allows you to configure Enterprise JavaBeans (EJBs) including session, message-driven, and entity beans. \n",
"\n
Factory
\n Elytron settings for factories and transformers.\n\n",
"\n
Mapper / Decoder
\n Elytron settings for\n
\n - Role mappers
\n - Permission mappers
\n - Principal decoders
\n - Role decoders
\n
\n
\n",
"\n
Security Realm
\n Elytron settings for security realms and authentication.\n\n",
"\n
Other settings
\n Elytron settings for:\n
\n - Key stores
\n - Credential stores
\n - Filtering key stores
\n - Ldap key stores
\n - Key managers
\n - Server SSL contexts
\n - Client SSL contexts
\n - Trust managers
\n - Security domains
\n - Security properties
\n - Audit Log
\n - Aggregate Security Event Listener
\n - Policy
\n - Directory contexts (LDAP)
\n - Provider Loader
\n
\n
\n",
"\n\n
Groups
\n
Manage a mapping of groups to a specific role.
\n\n
",
"HTTP
General configuration for the Undertow subsystem.\n",
"\n
IIOP OpenJDK
\n The IIOP subsystem allows you to configure CORBA services for JTS transactions and other ORB services.\n",
"\n
Interfaces
\n
An interface is a logical name for a network interface, IP address, or host name to which sockets can be bound. Other areas of the configuration can then reference the interface by its logical name instead of providing the full details, which may vary on different machines. An interface configuration also specifies criteria for resolving the actual physical address to use.
\n
\n",
"\n
IO
\n The IO subsystem allows you to define workers and buffer pools to be used by other subsystems.\n\n",
"JacORB
The JacORB subsystem allows you to enable configure the CORBA services for JTS transactions and other ORB services.",
"JCA
The Java EE Connector Architecture (JCA) subsystem allows you to configure the general settings for the JCA container and resource adapter deployments.\n",
"\n
JGroups
\n The JGroups subsystem allows you to configure the protocol stacks and mechanisms for how servers in a cluster communicate.\n\n",
"\n
JMS Bridge
\n
A JMS bridge consumes messages from a source JMS destination and sends them to a target JMS destination, typically on a different server.
\n\n
The bridge can also be used to bridge messages from other non-Artemis JMS servers, as long as they are JMS 1.1 compliant.
\n
\n",
"JMX
The Java Management Extensions (JMX) subsystem allows you to configure JMX access and settings. \n",
"JPA
The Java Persistence API (JPA) subsystem manages the JPA 2.1 container-managed requirements and allows you to deploy persistent unit definitions, annotations, and descriptors.\n",
"\n
Servlet / JSP
\n Configuration for JSP and servlet container settings.\n\n",
"Logging
The Logging subsystem, which also supports several third-party logging frameworks, allows you to configure log categories and handlers for the server and for application deployments.\n",
"Mail
The Mail subsystem allows you to configure standard mail server attributes and define custom mail transports.",
"\n
Mail Sessions
\n The Mail subsystem allows you to configure standard mail server attributes and define custom mail transports.\n\n",
"Maintainer
The Maintainer role has access to view and modify runtime state and all configuration except sensitive data and operations. The Maintainer role is the general purpose role that does not have access to sensitive data and operations. The Maintainer role allows users to be granted almost complete access to administer the server without giving those users access to passwords and other sensitive information.
\n",
"\n\n
Membership
\n
A user is considered to be assigned to a role if:
\n
\n - The user is:\n
\n - listed as a user to be included in the role, or
\n - a member of a group that is listed to be included in the role.
\n
\n \n - The user is not:\n
\n - listed as a user to exclude from the role, or
\n - a member of a group that is listed to be excluded from the role.
\n
\n \n
\n
Exclusions take priority over inclusions.
\n
",
"\n
Messaging Provider
\n
A messaging provider is an ActiveMQ server instance.
\n\n
Queues / Topics
\n
Create queues and topics used by this messaging provider.
\n\n
Connections
\n
Manage acceptors, which define how connections can be made to the messaging provider.
\n
Create bridges, which consume messages from a source queue, and forward them to a target address, typically on a different server.
\n\n
Clustering
\n
Define broadcast and discovery groups, which control how connectors are handled and distributed by this provider.
\n
Manage cluster connections to load balance between nodes of a cluster.
\n\n
Provider settings
\n
Configure the settings of this messaging provider.
\n
\n",
"\n
ModCluster
\n The ModCluster subsystem allows you to configure the server-side mod_cluster worker node.\n\n",
"Monitor
The Monitor role has the fewest permissions and can only read the current configuration and state of the server. This role is intended for users who need to track and report on the performance of the server. Monitors cannot modify server configuration nor can they access sensitive data or operations.
\n",
"Operator
The Operator role extends the Monitor role by adding the ability to modify the runtime state of the server. This means that Operators can reload and shut down the server as well as pause and resume JMS destinations. The Operator role is ideal for users who are responsible for the physical or virtual hosts of the application server so they can ensure that servers can be shut down and restarted correctly when needed. Operators cannot modify server configuration nor access sensitive data or operations.
\n",
"\n\n\n
Paths
\n A path is a logical name for a file system path. Other areas of the configuration can then reference the path using the logical name instead of the full path, which may vary on different machines. There are several predefined paths in use by the default configuration, such as the jboss.server.log.dir path that defines the directory for the server log.\n\n",
"PicketLink Federations
\n
The PicketLink subsystem allows you to configure and deploy identity providers (IDP) and service providers (SP), which are grouped together in a federation.
\n
A federation can be understood as a circle of trust from which applications share common configurations, such as certificates and SAML-specific configurations. Each participating domain is trusted to accurately document the processes used to identify a user, the type of authentication system used, and any policies associated with the resulting authentication credentials.
\n
Each federation has one IDP and many SPs.
\n
\n",
"\n\n
Configuration
\n \n\n The overall system and server configuration.\n\n
Common Configuration Tasks
\n Configure subsystems, interfaces, and socket bindings.\n\n
Related Links
\n
\n
\n",
"\n\n
Configuration
\n The overall system configuration, including collections of subsystem configurations known as profiles.\n\n
Common Configuration Tasks
\n Configure profiles, subsystems, interfaces, and socket bindings.\n\n
Related Links
\n
\n
\n",
"\n
Profiles
\n
A profile is a named collection of subsystem configurations. A subsystem is a set of capabilities that extends the core functionality of the server, such as messaging, logging, and application security. A managed domain can define many profiles for use by the servers in the domain.
\n
\n",
"\n\n\n
System Properties
\n These properties are available throughout the configuration. In a managed domain, the Boot-Time flag specifies whether a property should be passed in to the JVM when server processes are started (-Dproperty=value).\n\n\n",
"Resource Adapters
The Resource Adapters subsystem allows you to configure and deploy resource adapters.\n",
"\n
Remoting
\n The Remoting subsystem allows you to configure settings for inbound and outbound connections for local and remote services.\n\n",
"\n\n
Roles
\n
Manage role permissions and membership lists.
\n\n
",
"\n
Data Source Metrics
\n
Datasources runtime metrics. If no metrics are shown, you may need to enable statistics for the Datasources subsystem in the 'Configuration' section.
\n
\n",
"\n\n
Runtime
\n
Manage hosts, server groups, and servers. View and monitor runtime services, such as log files, JVM metrics, and subsystem-specific runtime data.
\n\n
Common Configuration Tasks
\n
\n - Create and configure server groups.
\n - Create and assign servers to server groups.
\n - View and monitor metrics.
\n - Inspect server state.
\n - Look up application-related runtime service names.
\n
\n
\n",
"\n\n
Runtime
\n
View and monitor runtime services, such as log files, JVM metrics, and subsystem-specific runtime data.
\n\n
Common Configuration Tasks
\n
\n - View and monitor metrics.
\n - Inspect server state.
\n - Look up application-related runtime service names.
\n
\n
\n",
"\n
Host Configuration
\n
A host controller is a physical or virtual host that interacts with the central domain controller to configure and manage the application server insatnces running on its host.
\n
Common Configuration Tasks
\n
\n - Configure network interfaces, JVM settings, and other properties for this host.
\n - Create and manage server instances for this host.
\n - View server log files.
\n
\n
\n",
"\n
Hosts
\n
A managed domain consists of host controllers, which are physical or virtual hosts that interact with the central domain controller to manage the application server instances running on its host. One host controller is configured to act as the central domain controller. Each host controller can have multiple server groups.
\n
\n",
"\n
HTTP Server
\n
Configuration for HTTP servers. Select a server to view its settings. If no metrics are shown, you might need to enable statistics in the 'Configuration' section.
\n
\n",
"\n
Server Group
\n
A server group is a set of server instances that will be configured and managed as one. In a managed domain, all server instances are members of a server group. All server instances within a server group use the same profile and have the same deployment content.
\n
Common Configuration Tasks
\n
\n - Add new server groups.
\n - Create and assign servers to server groups.
\n - Start, stop, and reload servers.
\n - View server log files.
\n
\n
\n",
"\n
Server Groups
\n
A server group is set of server instances that will be configured and managed as one. In a managed domain, every application server instance is a member of a server group, even if there is only a single server in a server group.
\n
It is the responsibility of the domain controller and the host controllers to ensure that all servers in a server group have a consistent configuration. All server instances use the same profile and have the same deployment content.
\n
\n",
"\n
Transaction Metrics
\n
The current state of the transaction subsystem. If no metrics are shown, you may need to enable statistics for the Transaction subsystem in the 'Configuration' section.
\n
\n",
"\n
Web Service Endpoints
\n
List of web service endpoints, which must be deployed as regular applications. If no metrics are shown, you may need to enable statistics for the Web Services subsystem in the 'Configuration' section.
\n
\n",
"Security Subsystem
The Security subsystem provides the infrastructure for securing applications. Security domains can be configured to expose authentication, authorization, ACL, audit, mapping, and identity trust capabilities.",
"Security
The Security subsystem allows you to create and configure security domains for application security.\n",
"Server Groups
A server group is set of server instances that will be managed and configured as one. In a managed domain each application server instance is a member of a server group. (Even if the group only has a single server, the server is still a member of a group.) It is the responsibility of the Domain Controller and the Host Controllers to ensure that all servers in a server group have a consistent configuration. They should all be configured with the same profile and they should have the same deployment content deployed.",
"\n
Server Groups
\n
Manage deployments that have been assigned to one or more server groups.
\n
Upload a new deployment, create an unmanaged deployment, or choose a deployment from the content repository. Enable or unassign deployments.
\n
",
"Servlet/HTTP
The Servlet subsystem allows you to configure the servlet/JSP configuration of the Web subsystem. \n",
"\n\n\n
Socket Bindings
\n Socket bindings and socket binding groups allow you to define network\n ports and their relationship to the networking interfaces required for\n a configuration profile.\n\n",
"SuperUser
The SuperUser role has no restrictions and has complete access to all resources and operations of the server, including the audit logging system and sensitive data. This role is equivalent to the administrator users of earlier versions. If RBAC is disabled, all management users have permissions equivalent to the SuperUser role.
\n",
"Threads
The Threads subsystem allows you to create and configure thread pools.",
"Transactions
The Transactions subsystem allows you to configure transaction manager options, such as timeout values, transaction logging, statistics collection, and whether to use Java Transaction Service (JTS).\n",
"\n
Unassigned Content
\n
Manage deployments that are not assigned to any server group.
\n
Assign deployments to server groups or remove deployments. Deployments that have been assigned to one or more server group can be found in the Server Groups section.
\n
\n",
"\n
Filters
\n Configuration for Undertow filters to filter and modify requests.\n\n",
"\n
Undertow
\n The Undertow (Web/HTTP) subsystem allows you to configure the web server and servlet container settings.\n\n",
"\n\n
Users
\n
Manage a mapping of users to a specific role.
\n\n
",
"Web Services
The Web Services subsystem allows you to configure the host name, ports, and WSDL address for the web services provider.\n"]