1) read-children-names a) non-addressable [standalone@localhost:9990 subsystem=security] /core-service=management:read-children-names(child-type=security-realm){roles=Monitor} { "outcome" => "success", "result" => [], "response-headers" => {"access-control" => [{ "absolute-address" => [("core-service" => "management")], "relative-address" => [], "filtered-children-types" => ["security-realm"] }]} } b) addressable, non-readable [standalone@localhost:9990 /] /subsystem=security:read-children-names(child-type=security-domain){roles=Monitor} { "outcome" => "success", "result" => [ "jboss-ejb-policy", "jboss-web-policy", "other" ] } =================================== 2) read-children-resources a) non-addressable [standalone@localhost:9990 subsystem=security] /core-service=management:read-children-resources(child-type=security-realm){roles=Monitor} { "outcome" => "success", "result" => {}, "response-headers" => {"access-control" => [{ "absolute-address" => [("core-service" => "management")], "relative-address" => [], "filtered-children-types" => ["security-realm"] }]} } b) addressable, non-readable [standalone@localhost:9990 /] /subsystem=security:read-children-resources(child-type=security-domain){roles=Monitor} { "outcome" => "success", "result" => { "jboss-ejb-policy" => {}, "jboss-web-policy" => {}, "other" => {} }, "response-headers" => {"access-control" => [{ "absolute-address" => [("subsystem" => "security")], "relative-address" => [], "unreadable-children" => [ ("security-domain" => "jboss-web-policy"), ("security-domain" => "other"), ("security-domain" => "jboss-ejb-policy") ] }]} } ========================================================== 3) read-resource a) non-addressable i) specific [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm:read-resource{roles=Monitor} { "outcome" => "failed", "failure-description" => "JBAS014807: Management resource '[ (\"core-service\" => \"management\"), (\"security-realm\" => \"ManagementRealm\") ]' not found", "rolled-back" => true } ii) wildcard [standalone@localhost:9990 /] /core-service=management/security-realm=*:read-resource{roles=Monitor} { "outcome" => "success", "result" => [] } b) addressable, non-readable i) specific [standalone@localhost:9990 /] /subsystem=security/security-domain=other:read-resource{roles=Monitor} { "outcome" => "failed", "failure-description" => "JBAS013456: Unauthorized to execute operation 'read-resource' for resource '[ (\"subsystem\" => \"security\"), (\"security-domain\" => \"other\") ]' -- \"JBAS013475: Permission denied\"", "rolled-back" => true } ii) wildcard [standalone@localhost:9990 /] /subsystem=security/security-domain=*:read-resource{roles=Monitor} { "outcome" => "success", "result" => [] } ================================================================= 4) read-resource-description a) non-addressable i) specific [standalone@localhost:9990 /] /core-service=management/security-realm=ManagementRealm:read-resource-description{roles=Monitor} { "outcome" => "success", "result" => { "description" => "A security realm that can be associated with a management interface and used to control access to the management services.", "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => {"map-groups-to-roles" => { "type" => BOOLEAN, "description" => "After a users group membership has been loaded should a 1:1 relationship be assumed regarding group to role mapping.", "expressions-allowed" => true, "nillable" => true, "default" => true, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "resource-services" }}, "operations" => undefined, "children" => { "authentication" => { "description" => "Configuration of the server side authentication mechanisms. Optionally one truststore can be defined and one username/password based store can be defined. Authentication will first attempt to use the truststore and if this is not available will fall back to the username/password authentication. If none of these are specified the only available mechanism will be the local mechanism for the Native interface and the HTTP interface will not be accessible.", "model-description" => undefined }, "server-identity" => { "description" => "Configuration of the identities that represent the server.", "model-description" => undefined }, "authorization" => { "description" => "Configuration server side for loading additional user information such as roles to be used for subsequent authorization checks.", "model-description" => undefined }, "plug-in" => { "description" => "An extension to the security realm allowing additional authentication / authorization modules to be loaded.", "model-description" => undefined } } } } ii) wildcard [standalone@localhost:9990 /] /core-service=management/security-realm=*:read-resource-description{roles=Monitor} { "outcome" => "success", "result" => [{ "address" => [ ("core-service" => "management"), ("security-realm" => "*") ], "outcome" => "success", "result" => { "description" => "A security realm that can be associated with a management interface and used to control access to the management services.", "access-constraints" => {"sensitive" => {"security-realm" => {"type" => "core"}}}, "attributes" => {"map-groups-to-roles" => { "type" => BOOLEAN, "description" => "After a users group membership has been loaded should a 1:1 relationship be assumed regarding group to role mapping.", "expressions-allowed" => true, "nillable" => true, "default" => true, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "resource-services" }}, "operations" => undefined, "children" => { "authentication" => { "description" => "Configuration of the server side authentication mechanisms. Optionally one truststore can be defined and one username/password based store can be defined. Authentication will first attempt to use the truststore and if this is not available will fall back to the username/password authentication. If none of these are specified the only available mechanism will be the local mechanism for the Native interface and the HTTP interface will not be accessible.", "model-description" => undefined }, "server-identity" => { "description" => "Configuration of the identities that represent the server.", "model-description" => undefined }, "authorization" => { "description" => "Configuration server side for loading additional user information such as roles to be used for subsequent authorization checks.", "model-description" => undefined }, "plug-in" => { "description" => "An extension to the security realm allowing additional authentication / authorization modules to be loaded.", "model-description" => undefined } } } }] } b) addressable, non-readable i) specific [standalone@localhost:9990 /] /subsystem=security/security-domain=other:read-resource-description{roles=Monitor} { "outcome" => "success", "result" => { "description" => "Configures a security domain. Authentication, authorization, ACL, mapping, auditing and identity trust are configured here.", "access-constraints" => { "sensitive" => {"security-domain" => {"type" => "core"}}, "application" => {"security-domain" => {"type" => "security"}} }, "attributes" => {"cache-type" => { "type" => STRING, "description" => "Adds a cache to speed up authentication checks. Allowed values are 'default' to use simple map as the cache and 'infinispan' to use an Infinispan cache.", "expressions-allowed" => true, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" }}, "operations" => undefined, "children" => { "identity-trust" => { "description" => "Identity trust configuration. Configures a list of trust modules to be used.", "model-description" => undefined }, "authentication" => { "description" => "\"Authentication configuration for this domain. Can either be classic or jaspi.", "model-description" => undefined }, "acl" => { "description" => "Access control list configuration. Configures a list of ACL modules to be used.", "model-description" => undefined }, "audit" => { "description" => "Auditing configuration. Configures a list of provider modules to be used.", "model-description" => undefined }, "mapping" => { "description" => "Mapping configuration. Configures a list of mapping modules to be used for principal, role, attribute and credential mapping.", "model-description" => undefined }, "jsse" => { "description" => "JSSE configuration. Configures attributes for keystores that can be used for setting up SSL.", "model-description" => undefined }, "authorization" => { "description" => "Authorization configuration. Configures a list of authorization policy modules to be used.", "model-description" => undefined } } } } ii) wildcard [standalone@localhost:9990 /] /subsystem=security/security-domain=*:read-resource-description{roles=Monitor} { "outcome" => "success", "result" => [{ "address" => [ ("subsystem" => "security"), ("security-domain" => "*") ], "outcome" => "success", "result" => { "description" => "Configures a security domain. Authentication, authorization, ACL, mapping, auditing and identity trust are configured here.", "access-constraints" => { "sensitive" => {"security-domain" => {"type" => "core"}}, "application" => {"security-domain" => {"type" => "security"}} }, "attributes" => {"cache-type" => { "type" => STRING, "description" => "Adds a cache to speed up authentication checks. Allowed values are 'default' to use simple map as the cache and 'infinispan' to use an Infinispan cache.", "expressions-allowed" => true, "nillable" => true, "min-length" => 1L, "max-length" => 2147483647L, "access-type" => "read-write", "storage" => "configuration", "restart-required" => "no-services" }}, "operations" => undefined, "children" => { "identity-trust" => { "description" => "Identity trust configuration. Configures a list of trust modules to be used.", "model-description" => undefined }, "authentication" => { "description" => "\"Authentication configuration for this domain. Can either be classic or jaspi.", "model-description" => undefined }, "acl" => { "description" => "Access control list configuration. Configures a list of ACL modules to be used.", "model-description" => undefined }, "audit" => { "description" => "Auditing configuration. Configures a list of provider modules to be used.", "model-description" => undefined }, "mapping" => { "description" => "Mapping configuration. Configures a list of mapping modules to be used for principal, role, attribute and credential mapping.", "model-description" => undefined }, "jsse" => { "description" => "JSSE configuration. Configures attributes for keystores that can be used for setting up SSL.", "model-description" => undefined }, "authorization" => { "description" => "Authorization configuration. Configures a list of authorization policy modules to be used.", "model-description" => undefined } } } }] }