directory-fortress mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steve Moyer <smo...@psu.edu>
Subject Multiple fortress.properties files on one server
Date Wed, 29 Apr 2015 17:56:53 GMT
We've got a cluster of Java EE 7 application servers that host a 
significant number of services and applications and are trying to follow 
the principle of least privilege.

Most of the services and applications simply need to retrieve 
permissions and constraints from our Fortress server ... using an very 
unprivileged account works fine (and we even have a set of OpenLDAP ACLs 
that enforce these restrictions if anyone is interested).

There are two other applications (so far) that need greater privileges 
and we're wondering to make alternate fortress.properties files 
available to those two applications.  We're running on JBoss/Wildfly and 
so far our best approach is to provide multiple modules and use the 
jboss-deployment-structure.xml file in the two more privileged 
applications to exclude the basic fortress.properties file and include 
the more privileged one.

Note that the fortress.properties files (and all our system 
configuration files) are managed by the operations group and so they 
can't simply be included in the application's WAR file.

Any suggestions?

Steve

  -- "The pen is mightier than the sword if the sword is very short, and 
the pen is very sharp." — Terry Pratchett (RIP 2015)

Mime
View raw message