/
LocalDescriptions.properties
1528 lines (1376 loc) · 130 KB
/
LocalDescriptions.properties
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
elytron=The Elytron Subsystem
# Operations
elytron.add=Operation adds the Elytron subsystem
elytron.remove=Operation removes the Elytron subsystem
# Attributes
elytron.default-authentication-context=The default authentication context to be associated with all deployments.
elytron.initial-providers=Reference to the Providers that should be registered ahead of all existing Providers.
elytron.final-providers=Reference to the Providers that should be registered after all existing Providers.
elytron.disallowed-providers=A list of providers that are not allowed, and will be removed from the providers list.
elytron.register-jaspi-factory=Should the Elytron JASPI factory be globally registered?
elytron.default-ssl-context=Reference to the SSLContext which should be globally registered as the default.
#######################
# Security Properties #
#######################
elytron.security-properties=Security properties to be set.
################################
# Authentication Configuration #
################################
elytron.authentication-configuration=An individual authentication configuration definition.
# Operations
elytron.authentication-configuration.add=Add a new authentication configuration definition.
elytron.authentication-configuration.remove=Remove the authentication configuration definition.
# Attributes
elytron.authentication-configuration.extends=A previously defined authentication configuration to extend.
elytron.authentication-configuration.anonymous=Enables anonymous authentication.
elytron.authentication-configuration.authentication-name=The authentication name to use.
elytron.authentication-configuration.authorization-name=The authorization name to use.
elytron.authentication-configuration.host=The host to use.
elytron.authentication-configuration.port=The port to use.
elytron.authentication-configuration.protocol=The protocol to use.
elytron.authentication-configuration.realm=The realm to use.
elytron.authentication-configuration.security-domain=Reference to a security domain to obtain a forwarded identity.
elytron.authentication-configuration.forwarding-mode=The type of security identity forwarding to use. A mode of 'authentication' forwarding forwards the principal and credential. A mode of 'authorization' forwards the authorization id, allowing for a different authentication identity.
elytron.authentication-configuration.sasl-mechanism-selector=The SASL mechanism selector string.
elytron.authentication-configuration.mechanism-properties=Configuration properties for the SASL authentication mechanism.
elytron.authentication-configuration.mechanism-properties.name=Name of the property.
elytron.authentication-configuration.mechanism-properties.value=Value of the property.
elytron.authentication-configuration.credential-reference=The reference to credential stored in CredentialStore under defined alias or clear text password.
elytron.authentication-configuration.credential-reference.store=The name of the credential store holding the alias to credential.
elytron.authentication-configuration.credential-reference.alias=The alias which denotes stored secret or credential in the store.
elytron.authentication-configuration.credential-reference.type=The type of credential this reference is denoting.
elytron.authentication-configuration.credential-reference.clear-text=Secret specified using clear text. Check credential store way of supplying credential/secrets to services.
elytron.authentication-configuration.kerberos-security-factory=Reference to a kerberos security factory used to obtain a GSS kerberos credential
elytron.authentication-context=An individual authentication context definition.
# Operations
elytron.authentication-context.add=Add a new authentication context definition.
elytron.authentication-context.remove=Remove the authentication-context definition.
# Attributes
elytron.authentication-context.extends=A previously defined authentication context to extend.
elytron.authentication-context.match-rules=The match-rules for this authentication context.
elytron.authentication-context.match-rules.match-abstract-type=The abstract type to match against.
elytron.authentication-context.match-rules.match-abstract-type-authority=The abstract type authority to match against.
elytron.authentication-context.match-rules.match-host=The host to match against.
elytron.authentication-context.match-rules.match-local-security-domain=The local security domain to match against.
elytron.authentication-context.match-rules.match-no-user=Match against no user.
elytron.authentication-context.match-rules.match-path=The patch to match against.
elytron.authentication-context.match-rules.match-port=The port to match against.
elytron.authentication-context.match-rules.match-protocol=The protocol to match against.
elytron.authentication-context.match-rules.match-urn=The URN to match against.
elytron.authentication-context.match-rules.match-user=The user to match against.
elytron.authentication-context.match-rules.authentication-configuration=The authentication configuration to use for a successful match.
elytron.authentication-context.match-rules.ssl-context=The SSLContext to use for a successful match.
#############
# Providers #
#############
elytron.aggregate-providers=An aggregation of two or more Provider[] resources.
# Operations
elytron.aggregate-providers.add=The add operation for the aggregated providers resource
elytron.aggregate-providers.remove=The remove operation for the aggregated providers resource
# Attributes
elytron.aggregate-providers.providers=The referenced Provider[] resources to aggregate.
elytron.provider-loader=A definition for a Provider loader.
# Operations
elytron.provider-loader.add=Add a new provider loader definition.
elytron.provider-loader.remove=Remove a provider loader definition.
# Configuration Attributes
elytron.provider-loader.module=The name of the module to load the provider from.
elytron.provider-loader.class-names=The fully qualified class names of the providers to load, these are loaded after the service-loader discovered providers and duplicates will be skipped.
elytron.provider-loader.path=The path of the file to use to initialise the providers.
elytron.provider-loader.relative-to=The base path of the configuration file.
elytron.provider-loader.argument=An argument to be passed into the constructor as the Provider is instantiated.
elytron.provider-loader.configuration=The key/value configuration to be passed to the Provider to initialise it.
# Runtime Attributes
elytron.provider-loader.loaded-providers=The list of providers loaded by this provider loader.
elytron.provider-loader.loaded-providers.name=The name reported by the provider instance.
elytron.provider-loader.loaded-providers.info=The information reported by the provider instance.
elytron.provider-loader.loaded-providers.version=The version reported by the provider instance.
elytron.provider-loader.loaded-providers.services=List of services available from this provider.
elytron.provider-loader.loaded-providers.type=The service type.
elytron.provider-loader.loaded-providers.algorithm=The algorithm supported by the service.
elytron.provider-loader.loaded-providers.class-name=The class name of the implementation of the service SPI.
#################
# Audit Logging #
#################
elytron.aggregate-security-event-listener=An aggregation of two or more security event listener resources.
# Operations
elytron.aggregate-security-event-listener.add=The add operation for the aggregated security event listener resource.
elytron.aggregate-security-event-listener.remove=The remove operation for the aggregated security event listener resource
# Attributes
elytron.aggregate-security-event-listener.security-event-listeners=The referenced security event listener resources to aggregate.
elytron.custom-security-event-listener=A custom security event listener. (Audit logger for example.)
# Operations
elytron.custom-security-event-listener.add=The add operation for the listener.
elytron.custom-security-event-listener.remove=The remove operation for the listener.
# Attributes
elytron.custom-security-event-listener.module=The module to use to load the custom security event listener.
elytron.custom-security-event-listener.class-name=The class name of the implementation of the custom security event listener.
elytron.custom-security-event-listener.configuration=The optional key/value configuration for the custom security event listener.
elytron.file-audit-log=An audit logger that logs to a local file.
# Operations
elytron.file-audit-log.add=Add the audit logger resource.
elytron.file-audit-log.remove=Remove the audit logger resource.
#Attributes
elytron.file-audit-log.path=Path of the file to be written.
elytron.file-audit-log.relative-to=The relative path to the audit log.
elytron.file-audit-log.autoflush=Whether every event should be immediately flushed to disk (If undefined will default to the value of synchronized).
elytron.file-audit-log.synchronized=Whether every event should be immediately synchronised to disk.
elytron.file-audit-log.format=The format to use to record the audit event.
elytron.periodic-rotating-file-audit-log=An audit log definition for persisting an audit log to a local files rotating the log after a time period derived from the given suffix string, which should be in a format understood by java.time.format.DateTimeFormatter.
# Operations
elytron.periodic-rotating-file-audit-log.add=Add the audit logger resource.
elytron.periodic-rotating-file-audit-log.remove=Remove the audit logger resource.
#Attributes
elytron.periodic-rotating-file-audit-log.path=Path of the file to be written.
elytron.periodic-rotating-file-audit-log.relative-to=The relative path to the audit log.
elytron.periodic-rotating-file-audit-log.autoflush=Whether every event should be immediately flushed to disk (If undefined will default to the value of synchronized).
elytron.periodic-rotating-file-audit-log.synchronized=Whether every event should be immediately synchronised to disk.
elytron.periodic-rotating-file-audit-log.format=The format to use to record the audit event.
elytron.periodic-rotating-file-audit-log.suffix=The suffix string in a format which can be understood by java.time.format.DateTimeFormatter. The period of the rotation is automatically calculated based on the suffix.
elytron.size-rotating-file-audit-log=An audit log definition for persisting an audit log to a local files rotating the log after the size of the file grows beyond a certain point and keeping a fixed number of backups.
# Operations
elytron.size-rotating-file-audit-log.add=Add the audit logger resource.
elytron.size-rotating-file-audit-log.remove=Remove the audit logger resource.
#Attributes
elytron.size-rotating-file-audit-log.path=Path of the file to be written.
elytron.size-rotating-file-audit-log.relative-to=The relative path to the audit log.
elytron.size-rotating-file-audit-log.autoflush=Whether every event should be immediately flushed to disk.
elytron.size-rotating-file-audit-log.synchronized=Whether every event should be immediately flushed to disk (If undefined will default to the value of synchronized).
elytron.size-rotating-file-audit-log.format=The format to use to record the audit event.
elytron.size-rotating-file-audit-log.max-backup-index=The maximum number of files to backup when rotating.
elytron.size-rotating-file-audit-log.rotate-size=The log file size the file should rotate at.
elytron.size-rotating-file-audit-log.rotate-on-boot=Whether the file should be rotated before the a new file is set.
elytron.size-rotating-file-audit-log.suffix=Format of date used as suffix of log file names in java.time.format.DateTimeFormatter. The suffix does not play a role in determining when the file should be rotated.
elytron.syslog-audit-log=An audit logger that sends audit events to a remote syslog server.
# Operations
elytron.syslog-audit-log.add=Add the audit logger resource.
elytron.syslog-audit-log.remove=Remove the audit logger resource.
#Attributes
elytron.syslog-audit-log.server-address=The server address of the syslog server the events should be sent to.
elytron.syslog-audit-log.port=The listening port on the syslog server.
elytron.syslog-audit-log.transport=The transport to use to connect to the syslog server.
elytron.syslog-audit-log.format=The format to use to record the audit event.
elytron.syslog-audit-log.host-name=The host name to embed withing all events sent to the remote syslog server.
elytron.syslog-audit-log.ssl-context=The SSLContext to use to connect to the syslog server when SSL_TCP transport is used.
elytron.syslog-audit-log.syslog-format=The RFC format to be used for describing the audit event.
elytron.syslog-audit-log.reconnect-attempts=The maximum amount of failed reconnect attempts that should be made for sending messages to a syslog server before the endpoint is closed.
################################
# HTTP and SASL Authentication #
################################
elytron.http-authentication-factory=Resource containing the association of a SecurityDomain with a HttpServerAuthenticationMechanismFactory.
# Operations
elytron.http-authentication-factory.add=Add a new http-authentication-factory resource.
elytron.http-authentication-factory.remove=Remove the http-authentication-factory resource.
# Attributes
elytron.http-authentication-factory.security-domain=The SecurityDomain to associate with this resource
elytron.http-authentication-factory.http-server-mechanism-factory=The HttpServerAuthenticationMechanismFactory to associate with this resource
elytron.http-authentication-factory.mechanism-configurations=Mechanism specific configuration
elytron.http-authentication-factory.mechanism-configurations.mechanism-name=This configuration will only apply where a mechanism with the name specified is used. If this attribute is omitted then this will match any mechanism name.
elytron.http-authentication-factory.mechanism-configurations.host-name=The host name this configuration applies to.
elytron.http-authentication-factory.mechanism-configurations.protocol=The protocol this configuration applies to.
elytron.http-authentication-factory.mechanism-configurations.pre-realm-principal-transformer=A principal transformer to apply before the realm is selected
elytron.http-authentication-factory.mechanism-configurations.post-realm-principal-transformer=A principal transformer to apply after the realm is selected
elytron.http-authentication-factory.mechanism-configurations.final-principal-transformer=A final principal transformer to apply for this mechanism realm
elytron.http-authentication-factory.mechanism-configurations.realm-mapper=The realm mapper to be used by the mechanism
elytron.http-authentication-factory.mechanism-configurations.credential-security-factory=The security factory to use to obtain a credential as required by the mechanism
elytron.http-authentication-factory.mechanism-configurations.mechanism-realm-configurations=Definition of the realm names as understood by the mechanism
elytron.http-authentication-factory.mechanism-configurations.realm-name=The name of the realm to be presented by the mechanism
# Runtime Attributes
elytron.http-authentication-factory.available-mechanisms=The HTTP mechanisms available from this configuration after all filtering has been applied.
elytron.sasl-authentication-factory=Resource containing the association of a SecurityDomain with a SaslServerFactory.
# Operations
elytron.sasl-authentication-factory.add=Add a new sasl-authentication-factory resource.
elytron.sasl-authentication-factory.remove=Remove the sasl-authentication-factory resource.
# Attributes
elytron.sasl-authentication-factory.security-domain=The SecurityDomain to associate with this resource
elytron.sasl-authentication-factory.sasl-server-factory=The SaslServerFactory to associate with this resource
elytron.sasl-authentication-factory.mechanism-configurations=Mechanism specific configuration
elytron.sasl-authentication-factory.mechanism-configurations.mechanism-name=This configuration will only apply where a mechanism with the name specified is used. If this attribute is omitted then this will match any mechanism name.
elytron.sasl-authentication-factory.mechanism-configurations.host-name=The host name this configuration applies to.
elytron.sasl-authentication-factory.mechanism-configurations.protocol=The protocol this configuration applies to.
elytron.sasl-authentication-factory.mechanism-configurations.pre-realm-principal-transformer=A principal transformer to apply before the realm is selected
elytron.sasl-authentication-factory.mechanism-configurations.post-realm-principal-transformer=A principal transformer to apply after the realm is selected
elytron.sasl-authentication-factory.mechanism-configurations.final-principal-transformer=A final principal transformer to apply for this mechanism realm
elytron.sasl-authentication-factory.mechanism-configurations.realm-mapper=The realm mapper to be used by the mechanism
elytron.sasl-authentication-factory.mechanism-configurations.credential-security-factory=The security factory to use to obtain a credential as required by the mechanism
elytron.sasl-authentication-factory.mechanism-configurations.mechanism-realm-configurations=Definition of the realm names as understood by the mechanism
elytron.sasl-authentication-factory.mechanism-configurations.realm-name=The name of the realm to be presented by the mechanism
# Runtime Attributes
elytron.sasl-authentication-factory.available-mechanisms=The SASL mechanisms available from this configuration after all filtering has been applied.
#######################
# JASPI Configuration #
#######################
elytron.jaspi-configuration=Resource containing the JASPI ServerAuthModule configuration for the servlet profile.
elytron.jaspi-configuration.add=Add a new JASPI configuration.
elytron.jaspi-configuration.remove=Remove the JASPI configuration.
elytron.jaspi-configuration.layer=The layer this configuration is to be associated with or '*' for all layers.
elytron.jaspi-configuration.application-context=The application-context this configuration is to be associated with or '*' for all application contexts.
elytron.jaspi-configuration.description=Description of this configuration.
elytron.jaspi-configuration.server-auth-modules=List of ServerAuthModule definitions for this configuration.
elytron.jaspi-configuration.server-auth-modules.class-name=The fully qualified class name of the ServerAuthModule.
elytron.jaspi-configuration.server-auth-modules.module=The module to load the ServerAuthModule from.
elytron.jaspi-configuration.server-auth-modules.flag=Control flag for coordination of the ServerAuthModule results.
elytron.jaspi-configuration.server-auth-modules.options=Configuration options to be passed into the ServerAuthModule.
###################
# Security Domain #
###################
elytron.security-domain=A security domain definition.
elytron.security-domain.add=The add operation for a security domain definition.
elytron.security-domain.remove=The remove operation for a security domain definition.
elytron.security-domain.read-identity=Reads an identity from a security domain if it exists.
elytron.security-domain.read-identity.name=The name of the identity to read.
elytron.security-domain.authenticate=A temporary operation to be used to test authentication.
elytron.security-domain.authenticate.username=The username to authenticate with.
elytron.security-domain.authenticate.password=The password for the given username.
elytron.security-domain.pre-realm-principal-transformer=A reference to a principal transformer to be applied before the realm is selected.
elytron.security-domain.post-realm-principal-transformer=A reference to a principal transformer to be applied after the realm has operated on the supplied identity name.
elytron.security-domain.permission-mapper=A reference to a PermissionMapper to be used by this domain.
elytron.security-domain.principal-decoder=A reference to a PrincipalDecoder to be used by this domain.
elytron.security-domain.realm-mapper=Reference to the RealmMapper to be used by this domain.
elytron.security-domain.role-mapper=Reference to the RoleMapper to be used by this domain.
elytron.security-domain.evidence-decoder=A reference to an EvidenceDecoder to be used by this domain.
elytron.security-domain.security-event-listener=Reference to a listener for security events.
elytron.security-domain.default-realm=The default realm contained by this security domain.
elytron.security-domain.realms=The list of realms contained by this security domain.
elytron.security-domain.realms.realm=A reference to an individual security realm.
elytron.security-domain.realms.principal-transformer=A principal transformer to be associated with the realm.
elytron.security-domain.realms.role-decoder=A RoleDecoder reference to be associated with the realm.
elytron.security-domain.realms.role-mapper=A RoleMapper reference to be associated with the realm.
elytron.security-domain.trusted-security-domains=The list of security domains that are trusted by this security domain.
elytron.security-domain.outflow-security-domains=The list of security domains that the security identity from this domain should automatically outflow to.
elytron.security-domain.outflow-anonymous=When outflowing to a security domain if outflow is not possible should the anonymous identity be used? Outflowing anonymous has the effect of clearing any identity already established for that domain.
#########################
# HTTP Server Factories #
#########################
elytron.aggregate-http-server-mechanism-factory=A http server factory definition where the http server factory is an aggregation of other http server factories.
# Operations
elytron.aggregate-http-server-mechanism-factory.add=The add operation for the http server factory.
elytron.aggregate-http-server-mechanism-factory.remove=The remove operation for the http server factory.
# Attributes
elytron.aggregate-http-server-mechanism-factory.http-server-mechanism-factories=The referenced http server factories to aggregate.
# Runtime Attributes
elytron.aggregate-http-server-mechanism-factory.available-mechanisms=The HTTP mechanisms available from this factory instance.
elytron.configurable-http-server-mechanism-factory=A HTTP server factory definition that wraps another HTTP server factory and applies the specified configuration and filtering.
# Operations
elytron.configurable-http-server-mechanism-factory.add=The add operation for the http server factory.
elytron.configurable-http-server-mechanism-factory.remove=The remove operation for the http server factory.
# Attributes
elytron.configurable-http-server-mechanism-factory.http-server-mechanism-factory=The http server factory to be wrapped.
elytron.configurable-http-server-mechanism-factory.properties=Custom properties to be passed in to the http server factory calls.
elytron.configurable-http-server-mechanism-factory.filters=Filtering to be applied to enable / disable mechanisms based on the name.
elytron.configurable-http-server-mechanism-factory.filters.pattern-filter=A regular expression pattern based filter.
elytron.configurable-http-server-mechanism-factory.filters.enabling=Does this filter enable or disable a mechanism if it matches.
# Runtime Attributes
elytron.configurable-http-server-mechanism-factory.available-mechanisms=The HTTP mechanisms available from this factory instance.
elytron.provider-http-server-mechanism-factory=A http server factory definition where the http server factory is an aggregation of factories from the Provider[]
# Operations
elytron.provider-http-server-mechanism-factory.add=The add operation for the http server factory.
elytron.provider-http-server-mechanism-factory.remove=The remove operation for the http server factory.
# Attributes
elytron.provider-http-server-mechanism-factory.providers=The providers to use to locate the factories, if not specified the globally registered list of Providers will be used.
# Runtime Attributes
elytron.provider-http-server-mechanism-factory.available-mechanisms=The HTTP mechanisms available from this factory instance.
elytron.service-loader-http-server-mechanism-factory=A http server factory definition where the http server factory is an aggregation of factories identified using a ServiceLoader
# Operations
elytron.service-loader-http-server-mechanism-factory.add=The add operation for the http server factory.
elytron.service-loader-http-server-mechanism-factory.remove=The remove operation for the http server factory.
# Attributes
elytron.service-loader-http-server-mechanism-factory.module=The module to use to obtain the classloader to load the factories, if not specified the classloader to load the resource will be used instead.
# Runtime Attributes
elytron.service-loader-http-server-mechanism-factory.available-mechanisms=The HTTP mechanisms available from this factory instance.
######################
# Security Factories #
######################
elytron.custom-credential-security-factory=A custom credential SecurityFactory definition.
# Operations
elytron.custom-credential-security-factory.add=The add operation for the security factory.
elytron.custom-credential-security-factory.remove=The remove operation for the security factory.
# Attributes
elytron.custom-credential-security-factory.module=The module to use to load the custom security factory.
elytron.custom-credential-security-factory.class-name=The class name of the implementation of the custom security factory.
elytron.custom-credential-security-factory.configuration=The optional key/value configuration for the custom security factory.
elytron.kerberos-security-factory=A security factory for obtaining a GSSCredential for use during authentication.
# Operations
elytron.kerberos-security-factory.add=The add operation for the Kerberos SecurityFactory
elytron.kerberos-security-factory.remove=The remove operation for the Kerberos SecurityFactory
# Attributes
elytron.kerberos-security-factory.principal=The principal represented by the KeyTab
elytron.kerberos-security-factory.path=The path of the KeyTab to load to obtain the credential.
elytron.kerberos-security-factory.relative-to=The name of another previously named path, or of one of the standard paths provided by the system. If 'relative-to' is provided, the value of the 'path' attribute is treated as relative to the path specified by this attribute.
elytron.kerberos-security-factory.minimum-remaining-lifetime=How much lifetime (in seconds) should a cached credential have remaining before it is recreated.
elytron.kerberos-security-factory.request-lifetime=How much lifetime (in seconds) should be requested for newly created credentials.
elytron.kerberos-security-factory.fail-cache=Amount of seconds before new try to obtain server credential should be done if it has failed last time.
elytron.kerberos-security-factory.server=If this for use server side or client side?
elytron.kerberos-security-factory.obtain-kerberos-ticket=Should the KerberosTicket also be obtained and associated with the credential. This is required to be true where credentials are delegated to the server.
elytron.kerberos-security-factory.debug=Should the JAAS step of obtaining the credential have debug logging enabled.
elytron.kerberos-security-factory.wrap-gss-credential=Should generated GSS credentials be wrapped to prevent improper disposal or not?
elytron.kerberos-security-factory.required=Is the keytab file with adequate principal required to exist at the time the service starts?
elytron.kerberos-security-factory.mechanism-names=The mechanism names the credential should be usable with. Names will be converted to OIDs and used together with OIDs from mechanism-oids attribute.
elytron.kerberos-security-factory.mechanism-oids=The mechanism OIDs the credential should be usable with. Will be used together with OIDs derived from names from mechanism-names attribute.
elytron.kerberos-security-factory.options=The Krb5LoginModule additional options.
######################
# Permission Mappers #
######################
elytron.custom-permission-mapper=Definition of a custom permission mapper.
# Operations
elytron.custom-permission-mapper.add=Add operation for the permission mapper
elytron.custom-permission-mapper.remove=Remove operation for the permission mapper
#Attributes
elytron.custom-permission-mapper.module=Name of the module to use to load the permission mapper
elytron.custom-permission-mapper.class-name=Fully qualified class name of the permission mapper
elytron.custom-permission-mapper.configuration=The optional kay/value configuration for the permission mapper
elytron.logical-permission-mapper=Definition of a logical permission mapper.
# Operations
elytron.logical-permission-mapper.add=Add operation for the permission mapper
elytron.logical-permission-mapper.remove=Remove operation for the permission mapper
#Attributes
elytron.logical-permission-mapper.logical-operation=The logical operation to use to combine the permission mappers.
elytron.logical-permission-mapper.left=Reference to the permission mapper to use to the left of the operation.
elytron.logical-permission-mapper.right=Reference to the permission mapper to use to the right of the operation.
elytron.simple-permission-mapper=Definition of a simple configured permission mapper.
# Operations
elytron.simple-permission-mapper.add=Add operation for the permission mapper
elytron.simple-permission-mapper.remove=Remove operation for the permission mapper
#Attributes
elytron.simple-permission-mapper.mapping-mode=The mapping mode that should be used in the event of multiple matches.
elytron.simple-permission-mapper.permission-mappings=The defined permission mappings.
elytron.simple-permission-mapper.permission-mappings.match-all=The mapping applies to all identities.
elytron.simple-permission-mapper.permission-mappings.principals=Principals to compare when mapping permissions, if the identities principal matches any one in the list it is a match.
elytron.simple-permission-mapper.permission-mappings.roles=Roles to compare when mapping permissions, if the identity is a member of any one in the list it is a match.
elytron.simple-permission-mapper.permission-mappings.permission-sets=The permission sets to assign in the event of a match.
elytron.simple-permission-mapper.permission-mappings.permission-set=A reference to a permission set.
elytron.simple-permission-mapper.permission-mappings.permissions=The permissions to assign in the event of a match.
elytron.simple-permission-mapper.permission-mappings.permissions.depreacted=Use permission-sets instead.
elytron.simple-permission-mapper.permission-mappings.class-name=The fully qualified class name of the permission.
elytron.simple-permission-mapper.permission-mappings.module=The module to use to load the permission.
elytron.simple-permission-mapper.permission-mappings.target-name=The target name to pass to the permission as it is constructed.
elytron.simple-permission-mapper.permission-mappings.action=The action to pass to the permission as it is constructed.
elytron.constant-permission-mapper=Definition of a permission mapper that always returns the same constant.
# Operations
elytron.constant-permission-mapper.add=Add operation for the permission mapper
elytron.constant-permission-mapper.remove=Remove operation for the permission mapper
#Attributes
elytron.constant-permission-mapper.permission-sets=The permission sets to assign.
elytron.constant-permission-mapper.permission-sets.permission-set=A reference to a permission set.
elytron.constant-permission-mapper.permissions=The permissions to assign.
elytron.constant-permission-mapper.permissions.deprecated=Use permission-sets instead.
elytron.constant-permission-mapper.permissions.class-name=The fully qualified class name of the permission.
elytron.constant-permission-mapper.permissions.module=The module to use to load the permission.
elytron.constant-permission-mapper.permissions.target-name=The target name to pass to the permission as it is constructed.
elytron.constant-permission-mapper.permissions.action=The action to pass to the permission as it is constructed.
###################
# Permission Sets #
###################
elytron.permission-set=Definition of a permission set.
# Operations
elytron.permission-set.add=Add operation for the permission set.
elytron.permission-set.remove=Remove operation for the permission set.
# Attributes
elytron.permission-set.permissions=The permissions in the permission set.
elytron.permission-set.permissions.class-name=The fully qualified class name of the permission.
elytron.permission-set.permissions.module=The module to use to load the permission.
elytron.permission-set.permissions.target-name=The target name to pass to the permission as it is constructed.
elytron.permission-set.permissions.action=The action to pass to the permission as it is constructed.
######################
# Principal Decoders #
######################
elytron.aggregate-principal-decoder=A principal decoder definition where the principal decoder is an aggregation of other principal decoders.
# Operations
elytron.aggregate-principal-decoder.add=The add operation for the principal decoder.
elytron.aggregate-principal-decoder.remove=The remove operation for the principal decoder.
# Attributes
elytron.aggregate-principal-decoder.principal-decoders=The referenced principal decoders to aggregate.
elytron.concatenating-principal-decoder=A principal decoder definition where the principal decoder is a concatenation of other principal decoders.
# Operations
elytron.concatenating-principal-decoder.add=The add operation for the principal decoder.
elytron.concatenating-principal-decoder.remove=The remove operation for the principal decoder.
# Attributes
elytron.concatenating-principal-decoder.joiner=The string to use to join the results of the referenced principal decoders.
elytron.concatenating-principal-decoder.principal-decoders=The referenced principal decoders to concatenate.
elytron.constant-principal-decoder=Definition of a principal decoder that always returns the same constant.
# Operations
elytron.constant-principal-decoder.add=The add operation for the principal decoder.
elytron.constant-principal-decoder.remove=The remove operation for the principal decoder.
# Attributes
elytron.constant-principal-decoder.constant=The constant value the principal decoder will always return.
elytron.custom-principal-decoder=Definition of a custom principal decoder
# Operations
elytron.custom-principal-decoder.add=Add operation for the principal decoder
elytron.custom-principal-decoder.remove=Remove operation for the principal decoder
#Attributes
elytron.custom-principal-decoder.module=Name of the module to use to load the principal decoder
elytron.custom-principal-decoder.class-name=Fully qualified class name of the principal decoder
elytron.custom-principal-decoder.configuration=The optional kay/value configuration for the principal decoder
elytron.x500-attribute-principal-decoder=Definition of a X.500 attribute based principal decoder
# Operations
elytron.x500-attribute-principal-decoder.add=Add operation for the principal decoder
elytron.x500-attribute-principal-decoder.remove=Remove operation for the principal decoder
#Attributes
elytron.x500-attribute-principal-decoder.oid=The OID of the X.500 attribute to map (can be defined using attribute name instead)
elytron.x500-attribute-principal-decoder.attribute-name=The name of the X.500 attribute to map (can be defined using OID instead)
elytron.x500-attribute-principal-decoder.joiner=The joining string
elytron.x500-attribute-principal-decoder.start-segment=The 0-based starting occurrence of the attribute to map
elytron.x500-attribute-principal-decoder.maximum-segments=The maximum number of occurrences of the attribute to map
elytron.x500-attribute-principal-decoder.reverse=When set to 'true', the attribute values will be processed and returned in reverse order
elytron.x500-attribute-principal-decoder.convert=When set to 'true', if the Principal is not already an X500Principal conversion will be attempted
elytron.x500-attribute-principal-decoder.required-oids=The OIDs of the attributes that must be present in the principal
elytron.x500-attribute-principal-decoder.required-attributes=The attributes names of the attributes that must be present in the principal
##########################
# Principal Transformers #
##########################
elytron.aggregate-principal-transformer=A principal transformer aggregating more principal transformers. Original principal is tried to be transformed by individual transformers until one return non-null principal - that is returned.
# Operations
elytron.aggregate-principal-transformer.add=The add operation for the principal transformer.
elytron.aggregate-principal-transformer.remove=The remove operation for the principal transformer.
# Attributes
elytron.aggregate-principal-transformer.principal-transformers=The referenced principal transformers to aggregate.
elytron.chained-principal-transformer=A principal transformer definition where the principal transformer is a chaining of other principal transformers.
# Operations
elytron.chained-principal-transformer.add=The add operation for the principal transformer.
elytron.chained-principal-transformer.remove=The remove operation for the principal transformer.
# Attributes
elytron.chained-principal-transformer.principal-transformers=The referenced principal transformers to chain.
elytron.constant-principal-transformer=A principal transformer definition for a PrincipalTransformer that always returns the same constant.
# Operations
elytron.constant-principal-transformer.add=The add operation for the principal transformer.
elytron.constant-principal-transformer.remove=The remove operation for the principal transformer.
# Attributes
elytron.constant-principal-transformer.constant=The constant value this PrincipalTransformer will always return.
elytron.custom-principal-transformer=A custom principal transformer definition.
# Operations
elytron.custom-principal-transformer.add=The add operation for the principal transformer.
elytron.custom-principal-transformer.remove=The remove operation for the principal transformer.
# Attributes
elytron.custom-principal-transformer.module=The module to use to load the custom principal transformer.
elytron.custom-principal-transformer.class-name=The class name of the implementation of the custom principal transformer.
elytron.custom-principal-transformer.configuration=The optional key/value configuration for the custom principal transformer.
elytron.regex-principal-transformer=A regular expression based principal transformer
# Operations
elytron.regex-principal-transformer.add=The add operation for the principal transformer.
elytron.regex-principal-transformer.remove=The remove operation for the principal transformer.
# Attributes
elytron.regex-principal-transformer.pattern=The regular expression to use to locate the portion of the name to be replaced.
elytron.regex-principal-transformer.replacement=The value to be used as the replacement.
elytron.regex-principal-transformer.replace-all=Should all occurrences of the pattern matched be replaced or only the first occurrence.
elytron.regex-validating-principal-transformer=A regular expression based principal transformer which uses the regular expression to validate the name.
# Operations
elytron.regex-validating-principal-transformer.add=The add operation for the principal transformer.
elytron.regex-validating-principal-transformer.remove=The remove operation for the principal transformer.
# Attributes
elytron.regex-validating-principal-transformer.pattern=The regular expression to use for the principal transformer.
elytron.regex-validating-principal-transformer.match=If set to true, the name must match the given pattern to make validation successful. If set to false, the name must not match the given pattern to make validation successful.
######################
# Evidence Decoders #
######################
elytron.aggregate-evidence-decoder=An evidence decoder that is an aggregation of other evidence decoders. Given evidence, these evidence decoders will be attempted in order until one returns a non-null principal or until there are no more evidence decoders left to try.
# Operations
elytron.aggregate-evidence-decoder.add=The add operation for the evidence decoder.
elytron.aggregate-evidence-decoder.remove=The remove operation for the evidence decoder.
# Attributes
elytron.aggregate-evidence-decoder.evidence-decoders=The referenced evidence decoders to aggregate.
elytron.x509-subject-alt-name-evidence-decoder=An evidence decoder that derives the principal associated with the given evidence from an X.509 subject alternative name from the first certificate in the given evidence.
# Operations
elytron.x509-subject-alt-name-evidence-decoder.add=The add operation for the evidence decoder.
elytron.x509-subject-alt-name-evidence-decoder.remove=The remove operation for the evidence decoder.
# Attributes
elytron.x509-subject-alt-name-evidence-decoder.alt-name-type=The subject alternative name type to decode from the given evidence. Allowed values: 'rfc822Name', 'dNSName', 'directoryName', 'uniformResourceIdentifier', 'iPAddress', 'registeredID'
elytron.x509-subject-alt-name-evidence-decoder.segment=The 0-based occurrence of the subject alternative name to map. This attribute is optional and only used when there is more than one subject alternative name of the given alt-name-type. The default value is 0.
elytron.x500-subject-evidence-decoder=An evidence decoder that derives the principal associated with the given evidence from the subject from the first certificate in the given evidence.
# Operations
elytron.x500-subject-evidence-decoder.add=The add operation for the evidence decoder.
elytron.x500-subject-evidence-decoder.remove=The remove operation for the evidence decoder.
elytron.custom-evidence-decoder=Definition of a custom evidence decoder.
# Operations
elytron.custom-evidence-decoder.add=Add operation for the evidence decoder.
elytron.custom-evidence-decoder.remove=Remove operation for the evidence decoder.
#Attributes
elytron.custom-evidence-decoder.module=Name of the module to use to load the evidence decoder.
elytron.custom-evidence-decoder.class-name=Fully qualified class name of the evidence decoder.
elytron.custom-evidence-decoder.configuration=The optional key/value configuration for the evidence decoder.
#################
# Realm Mappers #
#################
elytron.constant-realm-mapper=Definition of a constant RealmMapper that always returns the same value.
# Operations
elytron.constant-realm-mapper.add=Add operation for the RealmMapper
elytron.constant-realm-mapper.remove=Remove operation for the RealmMapper
#Attributes
elytron.constant-realm-mapper.realm-name=The name of the constant realm to return.
elytron.custom-realm-mapper=Definition of a custom RealmMapper
# Operations
elytron.custom-realm-mapper.add=Add operation for the RealmMapper
elytron.custom-realm-mapper.remove=Remove operation for the RealmMapper
#Attributes
elytron.custom-realm-mapper.module=Name of the module to use to load the RealmMapper
elytron.custom-realm-mapper.class-name=Fully qualified class name of the RealmMapper
elytron.custom-realm-mapper.configuration=The optional kay/value configuration for the RealmMapper
elytron.simple-regex-realm-mapper=Definition of a simple RealmMapper that attempts to extract the realm name using the capture group from the regular expression, if that does not provide a match then the delegate RealmMapper is used instead.
# Operations
elytron.simple-regex-realm-mapper.add=Add operation for the RealmMapper
elytron.simple-regex-realm-mapper.remove=Remove operation for the RealmMapper
#Attributes
elytron.simple-regex-realm-mapper.pattern=The regular expression which must contain at least one capture group to extract the realm from the name. If the regular expression matches more than one capture group, the first capture group is used.
elytron.simple-regex-realm-mapper.delegate-realm-mapper=The RealmMapper to delegate to if there is no match using the pattern.
elytron.mapped-regex-realm-mapper=Definition of a RealmMapper implementation that first uses a regular expression to extract the realm name, this is then converted using the configured mapping of realm names.
# Operations
elytron.mapped-regex-realm-mapper.add=Add operation for the RealmMapper
elytron.mapped-regex-realm-mapper.remove=Remove operation for the RealmMapper
#Attributes
elytron.mapped-regex-realm-mapper.pattern=The regular expression which must contain at least one capture group to extract the realm from the name. If the regular expression matches more than one capture group, the first capture group is used.
elytron.mapped-regex-realm-mapper.delegate-realm-mapper=The RealmMapper to delegate to if the pattern does not match. If no delegate is specified then the default realm on the domain will be used instead. If the username does not match the pattern and a delegate realm-mapper is present, the result of delegate-realm-mapper is mapped via the realm-map.
elytron.mapped-regex-realm-mapper.realm-map=Mapping of realm name extracted using the regular expression to a defined realm name. If the value for the mapping is not in the map or the realm whose name is the result of the mapping does not exist in the given security domain, the default realm is used.
#################
# Role Decoders #
#################
elytron.custom-role-decoder=Definition of a custom RoleDecoder
# Operations
elytron.custom-role-decoder.add=Add operation for the RoleDecoder
elytron.custom-role-decoder.remove=Remove operation for the RoleDecoder
#Attributes
elytron.custom-role-decoder.module=Name of the module to use to load the RoleDecoder
elytron.custom-role-decoder.class-name=Fully qualified class name of the RoleDecoder
elytron.custom-role-decoder.configuration=The optional kay/value configuration for the RoleDecoder
elytron.empty-role-decoder=Definition of an empty RoleDecoder that never returns any roles.
# Operations
elytron.empty-role-decoder.add=Add operation for the RoleDecoder
elytron.empty-role-decoder.remove=Remove operation for the RoleDecoder
elytron.simple-role-decoder=Definition of a simple RoleDecoder that takes a single attribute and maps it directly to roles.
# Operations
elytron.simple-role-decoder.add=Add operation for the RoleDecoder
elytron.simple-role-decoder.remove=Remove operation for the RoleDecoder
# Attributes
elytron.simple-role-decoder.attribute=The name of the attribute from the identity to map directly to roles.
################
# Role Mappers #
################
elytron.add-prefix-role-mapper=A role mapper definition for a role mapper that adds a prefix to each provided.
# Operations
elytron.add-prefix-role-mapper.add=The add operation for the role mapper.
elytron.add-prefix-role-mapper.remove=The remove operation for the role mapper.
# Attributes
elytron.add-prefix-role-mapper.prefix=The prefix to add to each role.
elytron.add-suffix-role-mapper=A role mapper definition for a role mapper that adds a suffix to each provided.
# Operations
elytron.add-suffix-role-mapper.add=The add operation for the role mapper.
elytron.add-suffix-role-mapper.remove=The remove operation for the role mapper.
# Attributes
elytron.add-suffix-role-mapper.suffix=The suffix to add to each role.
elytron.aggregate-role-mapper=A role mapper definition where the role mapper is an aggregation of other role mappers.
# Operations
elytron.aggregate-role-mapper.add=The add operation for the role mapper.
elytron.aggregate-role-mapper.remove=The remove operation for the role mapper.
# Attributes
elytron.aggregate-role-mapper.role-mappers=The referenced role mappers to aggregate.
elytron.constant-role-mapper=A role mapper definition where a constant set of roles is always returned.
# Operations
elytron.constant-role-mapper.add=The add operation for the role mapper.
elytron.constant-role-mapper.remove=The remove operation for the role mapper.
# Attributes
elytron.constant-role-mapper.roles=The constant roles to be returned by this role mapper.
elytron.custom-role-mapper=Definition of a custom RoleMapper
# Operations
elytron.custom-role-mapper.add=Add operation for the RoleMapper
elytron.custom-role-mapper.remove=Remove operation for the RoleMapper
#Attributes
elytron.custom-role-mapper.module=Name of the module to use to load the RoleMapper
elytron.custom-role-mapper.class-name=Fully qualified class name of the RoleMapper
elytron.custom-role-mapper.configuration=The optional key/value configuration for the RoleMapper
elytron.logical-role-mapper=A RoleMapper definition for a RoleMapper that performs a logical operation using two referenced RoleMappers.
# Operations
elytron.logical-role-mapper.add=The add operation for the role mapper.
elytron.logical-role-mapper.remove=The remove operation for the role mapper.
# Attributes
elytron.logical-role-mapper.logical-operation=The logical operation to be performed on the role mapper mappings.
elytron.logical-role-mapper.left=Reference to a role mapper to be used on the left side of the operation.
elytron.logical-role-mapper.right=Reference to a role mapper to be used on the right side of the operation.
elytron.mapped-role-mapper=A RoleMapper definition for a RoleMapper that performs a mapping based on configured map.
# Operations
elytron.mapped-role-mapper.add=The add operation for the role mapper.
elytron.mapped-role-mapper.remove=The remove operation for the role mapper.
# Attributes
elytron.mapped-role-mapper.keep-mapped=When set to 'true' the mapped roles will retain all roles, that have defined mappings.
elytron.mapped-role-mapper.keep-non-mapped=When set to 'true' the mapped roles will retain all roles, that have no defined mappings.
elytron.mapped-role-mapper.role-map=A string to string list map for mapping roles.
elytron.regex-role-mapper=A RoleMapper definition for a RoleMapper that performs a mapping based on regex and replaces matching roles with replacement pattern.
# Operations
elytron.regex-role-mapper.add=The add operation for the role mapper.
elytron.regex-role-mapper.remove=The remove operation for the role mapper.
# Attributes
elytron.regex-role-mapper.regex=Regex string that will be used for matching.
elytron.regex-role-mapper.replacement=Replacement pattern that will be used when replacing matching roles.
elytron.regex-role-mapper.keep-non-mapped=When set to 'true' the mapped roles will retain all roles, even those that do not match provided regex.
#####################
# Realm Definitions #
#####################
elytron.aggregate-realm=A realm definition that is an aggregation of two realms, one for the authentication steps and one for loading the identity for the authorization steps.
# Operations
elytron.aggregate-realm.add=The add operation for the security realm.
elytron.aggregate-realm.remove=The remove operation for the security realm.
# Attributes
elytron.aggregate-realm.authentication-realm=Reference to the security realm to use for authentication steps (obtaining or validating credentials).
elytron.aggregate-realm.authorization-realm=Reference to the security realm to use for loading the identity for authorization steps (loading of the identity).
elytron.aggregate-realm.authorization-realms=Reference to one or more security realms to use for loading the identity for authorization steps and aggregating the attributes (loading of the identity).
elytron.aggregate-realm.principal-transformer=Reference to a principal transformer to apply between loading the identity for authentication and loading the identity for authorization
elytron.custom-modifiable-realm=Custom realm configured as being modifiable will be expected to implement the ModifiableSecurityRealm interface. By configuring a realm as being modifiable management operations will be made available to manipulate the realm.
# Operations
elytron.custom-modifiable-realm.add=The add operation for the security realm.
elytron.custom-modifiable-realm.remove=The remove operation for the security realm.
# Attributes
elytron.custom-modifiable-realm.class-name=The class name of the implementation of the custom realm.
elytron.custom-modifiable-realm.configuration=The optional key/value configuration for the custom realm.
elytron.custom-modifiable-realm.identity=An identity which can be managed by a security realm.
elytron.custom-modifiable-realm.module=The module to use to load the custom realm.
elytron.custom-realm=A custom realm definitions can implement either the SecurityRealm interface or the ModifiableSecurityRealm interface. Regardless of which interface is implemented management operations will not be exposed to manage the realm. However other services that depend on the realm will still be able to perform a type check and cast to gain access to the modification API.
# Operations
elytron.custom-realm.add=The add operation for the security realm.
elytron.custom-realm.remove=The remove operation for the security realm.
# Attributes
elytron.custom-realm.module=The module to use to load the custom realm.
elytron.custom-realm.class-name=The class name of the implementation of the custom realm.
elytron.custom-realm.configuration=The optional key/value configuration for the custom realm.
elytron.jdbc-realm=A security realm definition backed by database using JDBC.
# Operations
elytron.jdbc-realm.add=The add operation for the security realm.
elytron.jdbc-realm.remove=The remove operation for the security realm.
# Authentication Query Complex Attribute
elytron.jdbc-realm.principal-query=The authentication query used to authenticate users based on specific key types.
elytron.jdbc-realm.principal-query.sql=The SQL statement used to obtain the keys(as table columns) for a specific user and map them accordingly with their type.
elytron.jdbc-realm.principal-query.data-source=The name of the datasource used to connect to the database.
elytron.jdbc-realm.principal-query.algorithm=The algorithm for a specific password key mapper.
elytron.jdbc-realm.principal-query.password-index=The column index from an authentication query that represents the user's password.
elytron.jdbc-realm.principal-query.salt-index=The column index from an authentication query that represents the password's salt, if supported.
elytron.jdbc-realm.principal-query.iteration-count-index=The column index from an authentication query that represents the password's iteration count, if supported.
elytron.jdbc-realm.principal-query.hash-encoding=The encoding of the user's password hash.
elytron.jdbc-realm.principal-query.salt-encoding=The encoding of the password's salt.
# Password Mapper Complex Attributes
elytron.jdbc-realm.principal-query.clear-password-mapper=A key mapper that maps a column returned from a SQL query to a Clear Password key type.
elytron.jdbc-realm.principal-query.bcrypt-mapper=A key mapper that maps a column returned from a SQL query to a Bcrypt key type.
elytron.jdbc-realm.principal-query.salted-simple-digest-mapper=A key mapper that maps a column returned from a SQL query to a Salted Simple Digest key type.
elytron.jdbc-realm.principal-query.simple-digest-mapper=A key mapper that maps a column returned from a SQL query to a Simple Digest key type.
elytron.jdbc-realm.principal-query.scram-mapper=A key mapper that maps a column returned from a SQL query to a Scram key type.
elytron.jdbc-realm.principal-query.modular-crypt-mapper=A key mapper that maps a column returned from a SQL query to a Modular Crypt key type.
# Attribute Mapping Attributes
elytron.jdbc-realm.principal-query.attribute-mapping=The attribute mappings defined for this resource.
elytron.jdbc-realm.principal-query.index=The column index from a query that representing the mapped attribute.
elytron.jdbc-realm.principal-query.to=The name of the identity attribute mapped from a column returned from a SQL query.
elytron.identity-realm=Realm definition for a realm which contains a single pre-defined identity.
# Operations
elytron.identity-realm.add=The add operation for the security realm.
elytron.identity-realm.remove=The remove operation for the security realm.
# Attributes
elytron.identity-realm.identity=The name of the identity available from the security realm.
elytron.identity-realm.attribute-name=The name of the attribute associated with this identity.
elytron.identity-realm.attribute-values=The values associated with the identity attributes.
elytron.key-store-realm=A security realm definition backed by a key store.
# Operations
elytron.key-store-realm.add=The add operation for the security realm.
elytron.key-store-realm.remove=The remove operation for the security realm.
# Attributes
elytron.key-store-realm.key-store=Reference to the KeyStore that should be used to back this security realm.
elytron.properties-realm=A security realm definition backed by properties files.
# Operations
elytron.properties-realm.add=The add operation for the security realm.
elytron.properties-realm.remove=The remove operation for the security realm.
elytron.properties-realm.load=Reload the properties files from the file system.
# Attributes
elytron.properties-realm.users-properties=The properties file containing the users and their passwords.
elytron.properties-realm.users-properties.path=The path to the file containing the users and their passwords. The file should contain realm name declaration.
elytron.properties-realm.users-properties.relative-to=The pre-defined path the path is relative to.
elytron.properties-realm.users-properties.digest-realm-name=The default realm name to use for digested passwords if one is not discovered in the properties file.
elytron.properties-realm.users-properties.plain-text=Are the passwords in properties file stored in plain text or pre-hashed? (Pre-hashed form: HEX( MD5( username ':' realm ':' password ) ) )
elytron.properties-realm.groups-properties=The properties file containing the users and their groups.
elytron.properties-realm.groups-properties.path=The path to the file containing the users and their groups.
elytron.properties-realm.groups-properties.relative-to=The pre-defined path the path is relative to.
elytron.properties-realm.groups-attribute=The name of the attribute in the returned AuthorizationIdentity that should contain the group membership information for the identity.
# Runtime Attributes
elytron.properties-realm.synchronized=The time the properties files that back this realm were last loaded.
elytron.ldap-realm=A security realm definition backed by LDAP.
# Operations
elytron.ldap-realm.add=The add operation for the security realm.
elytron.ldap-realm.remove=The remove operation for the security realm.
# Attributes
elytron.ldap-realm.dir-context=The configuration to connect to a LDAP server.
elytron.ldap-realm.dir-context.url=The connection url.
elytron.ldap-realm.dir-context.authentication-level=The authentication level.
elytron.ldap-realm.dir-context.principal=The principal to authenticate and connect to the LDAP server.
elytron.ldap-realm.dir-context.credential=The credential to authenticate and connect to the LDAP server.
elytron.ldap-realm.dir-context.enable-connection-pooling=Indicates if connection pooling is enabled.
elytron.ldap-realm.identity-mapping=The configuration options that define how principals are mapped to their corresponding entries in the underlying LDAP server.
elytron.ldap-realm.identity-mapping.rdn-identifier=The RDN part of the principal's DN to be used to obtain the principal's name from an LDAP entry. Used also when creating new identities.
elytron.ldap-realm.identity-mapping.search-base-dn=The base DN to search for identities.
elytron.ldap-realm.identity-mapping.use-recursive-search=Indicates if identity search queries are recursive.
elytron.ldap-realm.identity-mapping.attribute-mapping=The attribute mappings defined for this resource.
elytron.ldap-realm.identity-mapping.attribute-mapping.attribute=The configuration used to map a specific LDAP attribute as an identity attribute.
elytron.ldap-realm.identity-mapping.from=The name of the LDAP attribute to map to an identity attribute. If not defined, DN of entry is used.
elytron.ldap-realm.identity-mapping.to=The name of the identity attribute mapped from a specific LDAP attribute. If not provided, the name of the attribute is the same as define in 'from'. If the 'from' is not defined too, value 'dn' is used.
elytron.ldap-realm.identity-mapping.reference=The name of LDAP attribute containing DN of entry to obtain value from.
elytron.ldap-realm.identity-mapping.filter=The filter to use to obtain the values for a specific attribute. String '{0}' will be replaced by username, '{1}' by user identity DN.
elytron.ldap-realm.identity-mapping.filter-base-dn=The name of the context where the filter should be performed.
elytron.ldap-realm.identity-mapping.search-recursive=Indicates if attribute LDAP search queries are recursive.
elytron.ldap-realm.identity-mapping.role-recursion=Sets recursive roles assignment - value determine maximum depth of recursion. (0 for no recursion)
elytron.ldap-realm.identity-mapping.role-recursion-name=Determine LDAP attribute of role entry which will be substitute for '{0}' in filter-name when searching roles of role.
elytron.ldap-realm.identity-mapping.extract-rdn=The RDN key to use as the value for an attribute, in case the value in its raw form is in X.500 format.
elytron.ldap-realm.identity-mapping.filter-name=The LDAP filter for getting identity by name. If this is not specified then the default value will be (rdn_identifier={0}). The string '{0}' will be replaced by searched identity name and the 'rdn_identifier' will be the value of the attribute 'rdn-identifier'.
elytron.ldap-realm.identity-mapping.iterator-filter=The LDAP filter for iterating over identities of the realm.
elytron.ldap-realm.identity-mapping.new-identity-parent-dn=The DN of parent of newly created identities. Required for modifiability of the realm.
elytron.ldap-realm.identity-mapping.new-identity-attributes=The attributes of newly created identities. Required for modifiability of the realm.
elytron.ldap-realm.identity-mapping.name=The attribute name.
elytron.ldap-realm.identity-mapping.value=The attribute value.
elytron.ldap-realm.identity-mapping.credential-mapping=The credential mappings defined for this resource.
elytron.ldap-realm.identity-mapping.credential-mapping.credential=The configuration used to map a specific LDAP attribute as an user password attribute.
elytron.ldap-realm.identity-mapping.user-password-mapper=The credential mapping for userPassword-like credential attribute.
elytron.ldap-realm.identity-mapping.otp-credential-mapper=The credential mapping for OTP credential.
elytron.ldap-realm.identity-mapping.algorithm-from=The name of the LDAP attribute to map to an OTP credential algorithm.
elytron.ldap-realm.identity-mapping.hash-from=The name of the LDAP attribute to map to a Base64 encoded OTP credential hash.
elytron.ldap-realm.identity-mapping.seed-from=The name of the LDAP attribute to map to an OTP credential seed.
elytron.ldap-realm.identity-mapping.sequence-from=The name of the LDAP attribute to map to an OTP credential sequence number.
elytron.ldap-realm.identity-mapping.writable=Indicates if password can be changed.
elytron.ldap-realm.identity-mapping.verifiable=Indicates if password can be used to verify user.
elytron.ldap-realm.identity-mapping.x509-credential-mapper=The configuration allowing to use LDAP as storage of X509 credentials. X509 credential is user certificate or information allowing to identify it. At least one *-from attribute should be specified. This definition will be ignored otherwise. If more *-from attributes is defined, user certificate must match all defined criteria.
elytron.ldap-realm.identity-mapping.digest-from=The name of the LDAP attribute to map to a user certificate digest. If not defined, certificate digest will not be checked.
elytron.ldap-realm.identity-mapping.digest-algorithm=The digest algorithm (hash function) used to compute digest of the user certificate. Will be used only if digest-from have been defined.
elytron.ldap-realm.identity-mapping.certificate-from=The name of the LDAP attribute to map to an encoded user certificate. If not defined, encoded certificate will not be checked.
elytron.ldap-realm.identity-mapping.serial-number-from=The name of the LDAP attribute to map to a serial number of user certificate. If not defined, serial number will not be checked.
elytron.ldap-realm.identity-mapping.subject-dn-from=The name of the LDAP attribute to map to a subject DN of user certificate. If not defined, subject DN will not be checked.
elytron.ldap-realm.direct-verification=Does this realm support verification of credentials by directly connecting to LDAP as the account being authenticated?
elytron.ldap-realm.allow-blank-password=Does this realm support blank password direct verification? Blank password attempt will be rejected otherwise.
elytron.ldap-realm.identity=An identity which can be managed by a security realm.
elytron.filesystem-realm=A simple security realm definition backed by the filesystem.
elytron.filesystem-realm.add=The add operation for the security realm.
elytron.filesystem-realm.remove=The remove operation for the security realm.
elytron.filesystem-realm.path=The path to the file containing the realm.
elytron.filesystem-realm.relative-to=The pre-defined path the path is relative to.
elytron.filesystem-realm.levels=The number of levels of directory hashing to apply.
elytron.filesystem-realm.encoded=Whether the identity names should be stored encoded (Base32) in file names.
elytron.filesystem-realm.identity=An identity which can be managed by a security realm.
elytron.token-realm=A security realm definition capable of validating and extracting identities from security tokens.
# Operations
elytron.token-realm.add=The add operation for the security realm.
elytron.token-realm.remove=The remove operation for the security realm.
# Attributes
elytron.token-realm.principal-claim=The name of the claim that should be used to obtain the principal's name.
# JWT Validator Complex Attribute
elytron.token-realm.jwt=A token validator to be used in conjunction with a token-based realm that handles security tokens based on the JWT/JWS standard.
elytron.token-realm.jwt.issuer=A list of strings representing the issuers supported by this configuration. During validation JWT tokens must have an 'iss' claim that contains one of the values defined here.
elytron.token-realm.jwt.audience=A list of strings representing the audiences supported by this configuration. During validation JWT tokens must have an 'aud' claim that contains one of the values defined here.
elytron.token-realm.jwt.public-key=A public key in PEM Format. During validation, if a public key is provided, signature will be verified based on the key you provided here.
elytron.token-realm.jwt.key-store=A key store from where the certificate with a public key should be loaded from.
elytron.token-realm.jwt.key-map=A map of named public keys for token verification.
elytron.token-realm.jwt.certificate=The name of the certificate with a public key to load from the key store.
elytron.token-realm.jwt.client-ssl-context=The SSL context to be used for fetching jku keys using HTTPS.
elytron.token-realm.jwt.host-name-verification-policy=A policy that defines how host names should be verified when using HTTPS.
# OAuth2 Introspection Validator Complex Attribute
elytron.token-realm.oauth2-introspection=A token validator to be used in conjunction with a token-based realm that handles OAuth2 Access Tokens and validates them using an endpoint compliant with OAuth2 Token Introspection specification(RFC-7662).
elytron.token-realm.oauth2-introspection.client-id=The identifier of the client on the OAuth2 Authorization Server.
elytron.token-realm.oauth2-introspection.client-secret=The secret of the client.
elytron.token-realm.oauth2-introspection.introspection-url=The URL of token introspection endpoint.
elytron.token-realm.oauth2-introspection.client-ssl-context=The SSL context to be used if the introspection endpoint is using HTTPS.
elytron.token-realm.oauth2-introspection.host-name-verification-policy=A policy that defines how host names should be verified when using HTTPS. Allowed values: 'ANY'.
# Identity management descriptions
elytron.modifiable-security-realm.add-identity=Add an identity to a security realm.
elytron.modifiable-security-realm.add-identity.identity=The name of the identity.
elytron.modifiable-security-realm.remove-identity=Remove an identity from a security realm.
elytron.modifiable-security-realm.remove-identity.identity=The name of the identity.
elytron.modifiable-security-realm.read-identity=Read an identity from a security realm if it exists.
elytron.modifiable-security-realm.read-identity.identity=The name of the identity.
elytron.modifiable-security-realm.add-identity-attribute=Add an attribute to an existing identity.
elytron.modifiable-security-realm.add-identity-attribute.identity=The name of the identity.
elytron.modifiable-security-realm.add-identity-attribute.name=The name of the attribute.
elytron.modifiable-security-realm.add-identity-attribute.value=The value of the attribute.
elytron.modifiable-security-realm.remove-identity-attribute=Remove an attribute to an existing identity.
elytron.modifiable-security-realm.remove-identity-attribute.identity=The name of the identity.
elytron.modifiable-security-realm.remove-identity-attribute.name=The name of the attribute.
elytron.modifiable-security-realm.remove-identity-attribute.value=The value of the attribute.
elytron.modifiable-security-realm.set-password=Add a password to an existing identity.
elytron.modifiable-security-realm.set-password.identity=The name of the identity.
elytron.modifiable-security-realm.bcrypt.algorithm=The algorithm used to encrypt the password.
elytron.modifiable-security-realm.bcrypt.iteration-count=The iteration count or cost to apply to the password.
elytron.modifiable-security-realm.bcrypt.salt=The salt to apply to the password.
elytron.modifiable-security-realm.bcrypt.password=The actual password to set.
elytron.modifiable-security-realm.set-password.bcrypt=A password using the Bcrypt algorithm.
elytron.modifiable-security-realm.clear.password=The actual password to set.
elytron.modifiable-security-realm.set-password.clear=A password in clear text.
elytron.modifiable-security-realm.simple-digest.algorithm=The algorithm used to encrypt the password.
elytron.modifiable-security-realm.simple-digest.password=The actual password to set.
elytron.modifiable-security-realm.set-password.simple-digest=A simple digest password.
elytron.modifiable-security-realm.salted-simple-digest.algorithm=The algorithm used to encrypt the password.
elytron.modifiable-security-realm.salted-simple-digest.salt=The salt to apply to the password.
elytron.modifiable-security-realm.salted-simple-digest.password=The actual password to set.
elytron.modifiable-security-realm.set-password.salted-simple-digest=A salted simple digest password.
elytron.modifiable-security-realm.digest.algorithm=The algorithm used to encrypt the password.
elytron.modifiable-security-realm.digest.realm=The realm.
elytron.modifiable-security-realm.digest.password=The actual password to set.
elytron.modifiable-security-realm.set-password.digest=A digest password.
elytron.modifiable-security-realm.otp.algorithm=The algorithm used to encrypt the password.
elytron.modifiable-security-realm.otp.seed=The seed used to generate the hash.
elytron.modifiable-security-realm.otp.sequence=The sequence number used to generate the hash.
elytron.modifiable-security-realm.otp.password=The actual password to set.
elytron.modifiable-security-realm.set-password.otp=A one-time password, used by the OTP SASL mechanism.
elytron.modifiable-security-realm.scram-digest.algorithm=The algorithm used to encrypt the password.
elytron.modifiable-security-realm.scram-digest.iteration-count=The iteration count or cost to apply to the password.
elytron.modifiable-security-realm.scram-digest.salt=The salt to apply to the password.
elytron.modifiable-security-realm.scram-digest.password=The actual password to set.
elytron.modifiable-security-realm.set-password.scram-digest=A password using the SCRAM digest algorithm.
elytron.caching-realm=A realm definition that enables caching to another security realm. Caching strategy is LRU (Least Recently Used) where least accessed entries are discarded when maximum number of entries is reached.
# Operations
elytron.caching-realm.add=The add operation for the security realm.
elytron.caching-realm.remove=The remove operation for the security realm.
# Attributes
elytron.caching-realm.realm=A reference to a cacheable security realm.
elytron.caching-realm.maximum-entries=The maximum number of entries to keep in the cache.
elytron.caching-realm.maximum-age=The time in milliseconds that an item can stay in the cache.
elytron.caching-realm.clear-cache=Removes all entries from the cache.
#########################
# SASL Server Factories #
#########################
elytron.aggregate-sasl-server-factory=A sasl server factory definition where the sasl server factory is an aggregation of other sasl server factories.
# Operations
elytron.aggregate-sasl-server-factory.add=The add operation for the sasl server factory.
elytron.aggregate-sasl-server-factory.remove=The remove operation for the sasl server factory.
# Attributes
elytron.aggregate-sasl-server-factory.sasl-server-factories=The referenced sasl server factories to aggregate.
# Runtime Attributes
elytron.aggregate-sasl-server-factory.available-mechanisms=The SASL mechanisms available from this factory after all filtering has been applied.
elytron.configurable-sasl-server-factory=A SaslServerFactory definition that wraps another SaslServerFactory and applies the specified configuration and filtering.
# Operations
elytron.configurable-sasl-server-factory.add=The add operation for the sasl server factory.
elytron.configurable-sasl-server-factory.remove=The remove operation for the sasl server factory.
# Attributes
elytron.configurable-sasl-server-factory.sasl-server-factory=The sasl server factory to be wrapped.
elytron.configurable-sasl-server-factory.protocol=The protocol that should be passed into factory when creating the mechanism.
elytron.configurable-sasl-server-factory.server-name=The server name that should be passed into factory when creating the mechanism.
elytron.configurable-sasl-server-factory.properties=Custom properties to be passed in to the sasl server factory calls.
elytron.configurable-sasl-server-factory.filters=List of filters to be evaluated sequentially combining the results using 'or'.
elytron.configurable-sasl-server-factory.filters.predefined-filter=A predefined filter to use to filter the mechanism name.
elytron.configurable-sasl-server-factory.filters.pattern-filter=A regular expression based filter of the mechanism name.
elytron.configurable-sasl-server-factory.filters.enabling=Is this filter enabling or disabling the matched names.
# Runtime Attributes
elytron.configurable-sasl-server-factory.available-mechanisms=The SASL mechanisms available from this factory after all filtering has been applied.
elytron.mechanism-provider-filtering-sasl-server-factory=A SaslServerFactory definition that wraps another SaslServerFactory and enables filtering of mechanisms based on the mechanism name and Provider name and version. Any mechanisms loaded by factories not located using a Provider will not be filtered by this definition.
# Operations
elytron.mechanism-provider-filtering-sasl-server-factory.add=The add operation for the sasl server factory.
elytron.mechanism-provider-filtering-sasl-server-factory.remove=The remove operation for the sasl server factory.
# Attributes
elytron.mechanism-provider-filtering-sasl-server-factory.sasl-server-factory=Reference to a sasl server factory to be wrapped by this definition.
elytron.mechanism-provider-filtering-sasl-server-factory.enabling=When set to 'true' no provider loaded mechanisms are enabled unless matched by one of the filters, setting to 'false' has the inverse effect.
elytron.mechanism-provider-filtering-sasl-server-factory.filters=The filters to apply when comparing the mechanisms from the providers, a filter matches when all of the specified values match the mechanism / provider pair.
elytron.mechanism-provider-filtering-sasl-server-factory.filters.mechanism-name=This configuration will only apply where a mechanism with the name specified is used. If this attribute is omitted then this will match any mechanism name.
elytron.mechanism-provider-filtering-sasl-server-factory.filters.provider-name=The name of the provider to match against.
elytron.mechanism-provider-filtering-sasl-server-factory.filters.provider-version=Version to compare against the version reported by the provider.
elytron.mechanism-provider-filtering-sasl-server-factory.filters.version-comparison=When set to 'less-than' a Provider will match against the filter if the Provider's version is less-than the version specified here. Setting to 'greater-than' has the opposite effect. Has no effect if a provider-version has not been specified in the filter.
# Runtime Attributes
elytron.mechanism-provider-filtering-sasl-server-factory.available-mechanisms=The SASL mechanisms available from this factory after all filtering has been applied.
elytron.provider-sasl-server-factory=A sasl server factory definition where the sasl server factory is an aggregation of factories from the Provider[]
# Operations
elytron.provider-sasl-server-factory.add=The add operation for the sasl server factory.
elytron.provider-sasl-server-factory.remove=The remove operation for the sasl server factory.
# Attributes
elytron.provider-sasl-server-factory.providers=The providers to use to locate the factories, if not specified the globally registered list of Providers will be used.
# Runtime Attributes
elytron.provider-sasl-server-factory.available-mechanisms=The SASL mechanisms available from this factory after all filtering has been applied.
elytron.service-loader-sasl-server-factory=A sasl server factory definition where the sasl server factory is an aggregation of factories identified using a ServiceLoader
# Operations
elytron.service-loader-sasl-server-factory.add=The add operation for the sasl server factory.
elytron.service-loader-sasl-server-factory.remove=The remove operation for the sasl server factory.
# Attributes
elytron.service-loader-sasl-server-factory.module=The module to use to obtain the classloader to load the factories, if not specified the classloader to load the resource will be used instead.
# Runtime Attributes
elytron.service-loader-sasl-server-factory.available-mechanisms=The SASL mechanisms available from this factory after all filtering has been applied.
##################
# TLS / KeyStore #
##################
elytron.key-store=A KeyStore definition.
# Operations
elytron.key-store.add=Add a new KeyStore definition.
elytron.key-store.remove=Remove the KeyStore definition.
elytron.key-store.load=Load the KeyStore, if the KeyStore is file backed this will involve re-reading the contents of the file.
elytron.key-store.store=Store the KeyStore to file, this operation will fail for any KeyStore instances not backed by a file. If the file does not exist and it was not flagged as required it will be created.
# Configuration Attributes
elytron.key-store.type=The type of the KeyStore, used when creating the new KeyStore instance.
elytron.key-store.provider-name=The name of the provider to use to load the KeyStore, disables searching for the first Provider that can create a KeyStore of the specified type.
elytron.key-store.credential-reference=The reference to credential stored in CredentialStore under defined alias or clear text password.
elytron.key-store.credential-reference.store=The name of the credential store holding the alias to credential.
elytron.key-store.credential-reference.alias=The alias which denotes stored secret or credential in the store.