In the EAP 7.4 security architecture guide it says,
Chapter 4. Elytron Subsystem Example Scenarios 4.1.1. Security For securing applications, JBoss EAP comes preconfigured with application-http-authentication for using HTTP and application-sasl-authentication for using SASL. The application-http-authentication http-authentication-factory uses ApplicationDomain which uses ApplicationRealm and groups-to-roles for authentication. ApplicationRealm is a properties-realm backed by application-users.properties and application-roles.properties for username, password, and role information.
But in my standalone.xml I do not see this. I only see one which uses ManagementDomain,
<subsystem xmlns="urn:wildfly:elytron:13.0" final-providers="combined-providers" disallowed-providers="OracleUcrypto">
...
<http-authentication-factory name="management-http-authentication" security-domain="ManagementDomain" http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="DIGEST">
<mechanism-realm realm-name="ManagementRealm"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
<provider-http-server-mechanism-factory name="global"/>
</http>
This is done in the undertow subsystem:
for example