Role-based security
In JBoss 7, a logged-in administrator has unlimited power over every configuration aspect of a running server. This could be a problem in a production environment when multiple users have access to the server to do different tasks. One user could only be interested in deploying new applications, another should only be able to restart the server, and there could be one who should not be able to change anything (for example, a monitoring agent sending data about the execution of an application).
To support these kinds of requirements, WildFly brings two access control strategies:
Simple, which is the all-or-nothing approach known from JBoss AS 7 and EAP in versions earlier than 6.2 (every authenticated administrator has full access to the application server). This is the default strategy.
Role based access control (RBAC), which allows you to assign administrative users to specific management roles.
Let's navigate to http://localhost:8080/console
and log in with our administrator...