Disable management console
33 views
Skip to first unread message
morten hoffmann
Sep 15, 2025, 10:15:30 AM (12 days ago) Sep 15
to WildFly
Can anyone advise howto disable management console without using cli.sh?
I'm trying to deploy domain using a pipeline and I can modify xml files before deployment.
Should I simply remove the entire "<management>" chapter from standalone.xml?
It's for audit reason I want to disable console
Kind regards
Morten
Darran Lofthouse
Sep 15, 2025, 10:19:20 AM (12 days ago) Sep 15
to WildFly
Can I please check are you using domain mode or standalone mode?
It sounds like it is the management interfaces you want to be disabling but these are required for domain mode to be able to operate correctly.
morten hoffmann
Sep 16, 2025, 2:09:06 AM (11 days ago) Sep 16
to WildFly
Currently it's standalone, but will also use domain mode going forward
I want to disable the (9990) console without using jboss-cli. I can modify configuration/xml files and deploy these afterwardsDarran Lofthouse
Sep 16, 2025, 5:04:38 AM (11 days ago) Sep 16
to WildFly
FYI it is not really the console you are looking to remove, the console is just a web application that runs entirely in the client web browser - the console worked by sending management requests to the management interface. As you say you are doing this for audit reasons it sounds like it is remote management that you are really trying to disable.
Firstly for domain mode this will just not be possible, in domain mode the only option will be to ensure you don't define user accounts that can connect and execute operations - the reason is the domain mode implementation is built upon application server instances being able to connect to their host conroller over the management interfaces and also for secondary domain controllers to be able to connect to the primary using these interfaces.
In standalone mode on the latest code I did a quick experiment, you would need to remove the following management interface definitions:
<management-interfaces>
<http-interface http-authentication-factory="management-http-authentication" console-enabled="true">
<http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/>
<socket-binding http="management-http"/>
</http-interface>
</management-interfaces>
<http-interface http-authentication-factory="management-http-authentication" console-enabled="true">
<http-upgrade enabled="true" sasl-authentication-factory="management-sasl-authentication"/>
<socket-binding http="management-http"/>
</http-interface>
</management-interfaces>
You would then also need to remove the following extensions / subsystems:
- health
- metrics
- jmx
- sar
I haven't checked if Galleon could help here but it may be possible to provision the server without the management interfaces from the start.
morten hoffmann
Sep 16, 2025, 8:32:29 AM (11 days ago) Sep 16
to WildFly
many thanks for feedback Darran. Much appreciated
Reply all
Reply to author
Forward
0 new messages