<https-listener name="https" socket-binding="https" security-realm="ApplicationR

1. <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true"/>
2.  
3. <security-realm name="ApplicationRealm">
4. <server-identities>
5. <ssl>
6. <keystore path="ssl/server.jks" relative-to="jboss.server.config.dir" keystore-password="secret" alias="server" key-password="secret"/>
7. </ssl>
8. </server-identities>
9. <authentication>
10. <truststore path="/cert-auth/server/ServerTruststore.jks" relative-to="jboss.server.config.dir" keystore-password="secret"/>
11. <local default-user="$local" allowed-users="*" skip-group-loading="true"/>
12. <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
13. </authentication>
14. </security-realm>
15.  
16. <security-domain name="client_cert_domain" cache-type="default">
17. <authentication>
18. <login-module code="CertificateRoles" flag="required">
19. <module-option name="password-stacking" value="useFirstPass"/>
20. <module-option name="verifier" value="org.jboss.security.auth.certs.AnyCertVerifier"/>
21. <module-option name="securityDomain" value="client_cert_domain"/>
22. <module-option name="rolesProperties" value="file:${jboss.server.config.dir}/application-roles.properties"/>
23. </login-module>
24. <login-module code="Identity" flag="required">
25. <module-option name="password-stacking" value="useFirstPass"/>
26. <module-option name="roles" value="default"/>
27. </login-module>
28. </authentication>
29. <jsse keystore-password="secret" keystore-url="file:${jboss.server.config.dir}/cert-auth/server/ServerKeystore.jks" truststore-password="secret" truststore-url="file:${jboss.server.config.dir}/cert-auth/server/ServerTruststore.jks" client-auth="true"/>
30. </security-domain>
31.  
32. <?xml version="1.0" encoding="UTF-8"?>
33. <jboss-web version="10.0"
34. xmlns="http://www.jboss.com/xml/ns/javaee"
35. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
36. xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_10_0.xsd">
37. <context-root>cert-auth</context-root>
38. <security-domain>client_cert_domain</security-domain>
39. </jboss-web>
40.  
41. <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
42. xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
43. xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
44.  
45. <security-constraint>
46. <display-name>SSL Authentication Constraint</display-name>
47. <web-resource-collection>
48. <web-resource-name>all</web-resource-name>
49. <url-pattern>/secured/*</url-pattern>
50. </web-resource-collection>
51. <auth-constraint>
52. <role-name>default</role-name>
53. </auth-constraint>
54. </security-constraint>
55.  
56. <security-role>
57. <role-name>default</role-name>
58. </security-role>
59.  
60. <login-config>
61. <auth-method>CLIENT-CERT</auth-method>
62. <realm-name>client_cert_domain</realm-name>
63. </login-config>
64.  
65.  
66. <servlet-mapping>
67. <servlet-name>javax.ws.rs.core.Application</servlet-name>
68. <url-pattern>/*</url-pattern>
69. </servlet-mapping>
70. </web-app>