We've got a cluster of Java EE 7 application servers that host a
significant number of services and applications and are trying to follow
the principle of least privilege.
Most of the services and applications simply need to retrieve
permissions and constraints from our Fortress server ... using an very
unprivileged account works fine (and we even have a set of OpenLDAP ACLs
that enforce these restrictions if anyone is interested).
There are two other applications (so far) that need greater privileges
and we're wondering to make alternate fortress.properties files
available to those two applications. We're running on JBoss/Wildfly and
so far our best approach is to provide multiple modules and use the
jboss-deployment-structure.xml file in the two more privileged
applications to exclude the basic fortress.properties file and include
the more privileged one.
Note that the fortress.properties files (and all our system
configuration files) are managed by the operations group and so they
can't simply be included in the application's WAR file.
Any suggestions?
Steve
-- "The pen is mightier than the sword if the sword is very short, and
the pen is very sharp." — Terry Pratchett (RIP 2015)
- Multiple fortress.properties files on one server Steve Moyer
-
