Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:application_configuration:dev:backend [2019/02/05 09:41] svandav [Notification from Workflow] |
devel:documentation:application_configuration:dev:backend [2019/07/04 08:54] tomiskar [Backup] |
||
---|---|---|---|
Line 38: | Line 38: | ||
* '' | * '' | ||
* '' | * '' | ||
- | * '' | + | * '' |
* '' | * '' | ||
Line 75: | Line 75: | ||
<code properties> | <code properties> | ||
# Application stage (development, | # Application stage (development, | ||
+ | # | ||
+ | # Public properties - available for frontend without authentication (show information about app, decorators etc.). | ||
+ | # | ||
+ | # Application stage - development, | ||
idm.pub.app.stage= | idm.pub.app.stage= | ||
# Application instance / server id - is used for scheduler etc. | # Application instance / server id - is used for scheduler etc. | ||
# Should be defined in property file only | # Should be defined in property file only | ||
idm.pub.app.instanceId=idm-primary | idm.pub.app.instanceId=idm-primary | ||
- | # Enable forest index for tree structures | ||
- | idm.sec.app.forest.index.enabled=true | ||
# global date format on BE. Used in notification templates, logs, etc. FE uses localization key ' | # global date format on BE. Used in notification templates, logs, etc. FE uses localization key ' | ||
idm.pub.app.format.date=dd.MM.yyyy | idm.pub.app.format.date=dd.MM.yyyy | ||
# global datetime format on BE. Used in notification templates, logs, etc. FE uses localization key ' | # global datetime format on BE. Used in notification templates, logs, etc. FE uses localization key ' | ||
idm.pub.app.format.datetime=dd.MM.yyyy HH:mm | idm.pub.app.format.datetime=dd.MM.yyyy HH:mm | ||
+ | # Show identifiers (uuid) in frontend application. Empty value by default => identifier is shown, when application ' | ||
+ | idm.pub.app.show.id= | ||
+ | # Show transaction identifiers (uuid) in frontend application | ||
+ | idm.pub.app.show.transactionId=false | ||
+ | # Show role environmnent in frontend application for roles (table, role detail, niceLabel, info components, role select) | ||
+ | idm.pub.app.show.environment=true | ||
+ | # | ||
+ | # Private properties - used on backend only. | ||
+ | # | ||
# create demo data at application start | # create demo data at application start | ||
idm.sec.core.demo.data.enabled=true | idm.sec.core.demo.data.enabled=true | ||
# demo data was created - prevent to create demo data duplicitly | # demo data was created - prevent to create demo data duplicitly | ||
idm.sec.core.demo.data.created=false | idm.sec.core.demo.data.created=false | ||
+ | # Enable forest index for tree structures | ||
+ | idm.sec.app.forest.index.enabled=true | ||
</ | </ | ||
Line 205: | Line 218: | ||
# older temporary files will be purged, default 14 days | # older temporary files will be purged, default 14 days | ||
idm.sec.core.attachment.tempTtl=1209600000 | idm.sec.core.attachment.tempTtl=1209600000 | ||
+ | # | ||
+ | # Max file size of uploaded file. Values can use the suffixed " | ||
+ | multipart.max-file-size=1Mb | ||
+ | |||
+ | </ | ||
+ | |||
+ | In the application profile (application.properties). | ||
+ | |||
+ | <code properties> | ||
+ | # | ||
+ | # Max file size of uploaded file. Values can use the suffixed " | ||
+ | multipart.max-file-size=1Mb | ||
+ | |||
</ | </ | ||
Line 389: | Line 415: | ||
# Thread priority for threads in event executor pool - 5 by default (normal). | # Thread priority for threads in event executor pool - 5 by default (normal). | ||
scheduler.task.executor.threadPriority= | scheduler.task.executor.threadPriority= | ||
- | # Event queue processing period (ms). Default | + | # Event queue processing period (ms). Period to read prepared (~created) asynchronous entity events from queue. |
- | scheduler.event.queue.process=1000 | + | # Events are processed in batch configured by property ' |
+ | # Default | ||
+ | scheduler.event.queue.process=500 | ||
# Event executor core pool size. Uses CPU count + 1 as default. | # Event executor core pool size. Uses CPU count + 1 as default. | ||
scheduler.event.executor.corePoolSize= | scheduler.event.executor.corePoolSize= | ||
Line 397: | Line 425: | ||
# When queueCapacity is full, then new threads are created from corePoolSize to maxPoolSize. | # When queueCapacity is full, then new threads are created from corePoolSize to maxPoolSize. | ||
scheduler.event.executor.maxPoolSize= | scheduler.event.executor.maxPoolSize= | ||
- | # Waiting events to be processed. Uses 1000 as default - prevent to prepare events repetitively and use additional threads till maxPoolSize. {@link LinkedBlockingQueue} is used for queue => capacity is initialized dynamically. | + | # Waiting events to be processed. Uses 50 as default - prevent to prepare events repetitively and use additional threads till maxPoolSize. {@link LinkedBlockingQueue} is used for queue => capacity is initialized dynamically. |
# {@link AbotrPolicy} is set for rejected tasks. | # {@link AbotrPolicy} is set for rejected tasks. | ||
- | scheduler.event.executor.queueCapacity=1000 | + | scheduler.event.executor.queueCapacity=50 |
# Thread priority for threads in event executor pool - 6 by default (a little higher priority than normal 5). | # Thread priority for threads in event executor pool - 6 by default (a little higher priority than normal 5). | ||
scheduler.event.executor.threadPriority=6 | scheduler.event.executor.threadPriority=6 | ||
Line 419: | Line 447: | ||
idm.pub.core.identity.passwordChange=ALL_ONLY | idm.pub.core.identity.passwordChange=ALL_ONLY | ||
# | # | ||
- | # required old password for change password. Needed on FE (=> public) | + | # required old password for change password. |
+ | # Needed on FE (=> public) | ||
idm.pub.core.identity.passwordChange.requireOldPassword=true | idm.pub.core.identity.passwordChange.requireOldPassword=true | ||
# | # | ||
Line 425: | Line 454: | ||
# true - change to IdM and all system | # true - change to IdM and all system | ||
# false - change to all system except IdM | # false - change to all system except IdM | ||
+ | # Needed on FE (=> public) | ||
idm.pub.core.identity.passwordChange.public.idm.enabled=true | idm.pub.core.identity.passwordChange.public.idm.enabled=true | ||
# | # | ||
Line 430: | Line 460: | ||
# skipped in synchronizations - contract synchronization should be provided. | # skipped in synchronizations - contract synchronization should be provided. | ||
idm.pub.core.identity.create.defaultContract.enabled=true | idm.pub.core.identity.create.defaultContract.enabled=true | ||
+ | # | ||
+ | # Skip identity dashboard content - show full detail directly (link from table or from info component) | ||
+ | # Needed on FE (=> public) | ||
+ | idm.pub.core.identity.dashboard.skip= | ||
# | # | ||
# supports authorization policies for extended form definitions and their values for identities | # supports authorization policies for extended form definitions and their values for identities | ||
Line 497: | Line 531: | ||
# Asynchronous events will be executed on server instance with id. Default is the same as {@link ConfigurationService# | # Asynchronous events will be executed on server instance with id. Default is the same as {@link ConfigurationService# | ||
idm.sec.core.event.asynchronous.instanceId= | idm.sec.core.event.asynchronous.instanceId= | ||
+ | # Asynchronous events will be executed in batch - batch will be split for event with HIGH / NORMAL priority in 70% HIGH / 30% NORMAL. | ||
+ | # If you events are processed quickly (~provisioning on your environment is quick), then batch size can be higher (in combination with higher ' | ||
+ | idm.sec.core.event.asynchronous.batchSize=15 | ||
</ | </ | ||
Line 519: | Line 556: | ||
- | ==== Workflow ===== | + | ==== Workflow |
<code properties> | <code properties> | ||
## WF | ## WF | ||
- | # Global property that allow disable or enable sending notification from WF | ||
- | idm.sec.core.wf.notification.send=false | ||
# Approve by manager | # Approve by manager | ||
idm.sec.core.wf.approval.manager.enabled=false | idm.sec.core.wf.approval.manager.enabled=false | ||
Line 547: | Line 582: | ||
# In the request to create new role is also used. | # In the request to create new role is also used. | ||
idm.sec.core.wf.approval.role-change.role= | idm.sec.core.wf.approval.role-change.role= | ||
+ | # | ||
+ | # Default main WF for approve all roles. | ||
+ | idm.sec.core.processor.role-request-approval-processor.wf=approve-identity-change-permissions | ||
</ | </ | ||
Line 645: | Line 683: | ||
==== Backup ==== | ==== Backup ==== | ||
- | If you want to use redeploy and backup for example in agenda (notification | + | If you want to use redeploy and backup for example in agenda (notification |
+ | When redploy is used, then actual templates (or scripsts) are loaded from classpath by configuration (for templates or scripts) and deployed into application. Previous templates (or scripts) are backup too. | ||
<code properties> | <code properties> | ||
# configuration property for default backup | # configuration property for default backup | ||
Line 694: | Line 734: | ||
# - Default value is ' | # - Default value is ' | ||
idm.sec.acc.provisioning.allowedAutoMappingOnExistingAccount=true | idm.sec.acc.provisioning.allowedAutoMappingOnExistingAccount=true | ||
+ | </ | ||
+ | |||
+ | ==== Provisioning global break ==== | ||
+ | <note tip>For enable global provisioning break you must set configurations properties defined below, otherwise global provisioning break will not be active.</ | ||
+ | |||
+ | <code properties> | ||
+ | # Global break for update disabled/ | ||
+ | idm.sec.acc.provisioning.break.update.disabled | ||
+ | # Global break for update checked period (integer values) | ||
+ | idm.sec.acc.provisioning.break.update.period | ||
+ | # Global break for update disable limit (integer values) | ||
+ | idm.sec.acc.provisioning.break.update.disableLimit | ||
+ | # Global break for update disabled template (ID of template, if will by null default template will be used) | ||
+ | idm.sec.acc.provisioning.break.update.templateDisable | ||
+ | # Global break for update warning limit (integer values) | ||
+ | idm.sec.acc.provisioning.break.update.warningLimit | ||
+ | # Global break for update warning template (ID of template, if will by null default template will be used) | ||
+ | idm.sec.acc.provisioning.break.update.templateWarning | ||
+ | # Global break for update. Existing identity recipients (identity username or id, split by ',' | ||
+ | idm.sec.acc.provisioning.break.update.identityRecipients | ||
+ | # Global break for update. Recipient will be solved as identities that has assigned defined role/s (role code or id, split by ',' | ||
+ | idm.sec.acc.provisioning.break.update.roleRecipients | ||
+ | # | ||
+ | # | ||
+ | # Global break for create disabled/ | ||
+ | idm.sec.acc.provisioning.break.create.disabled | ||
+ | # Global break for create checked period (integer values) | ||
+ | idm.sec.acc.provisioning.break.create.period | ||
+ | # Global break for create disable limit (integer values) | ||
+ | idm.sec.acc.provisioning.break.create.disableLimit | ||
+ | # Global break for create disabled template (ID of template, if will by null default template will be used) | ||
+ | idm.sec.acc.provisioning.break.create.templateDisable | ||
+ | # Global break for create warning limit (integer values) | ||
+ | idm.sec.acc.provisioning.break.create.warningLimit | ||
+ | # Global break for create warning template (ID of template, if will by null default template will be used) | ||
+ | idm.sec.acc.provisioning.break.create.templateWarning | ||
+ | # Global break for create. Existing identity recipients (identity username or id, split by ',' | ||
+ | idm.sec.acc.provisioning.break.create.identityRecipients | ||
+ | # Global break for create. Recipient will be solved as identities that has assigned defined role/s (role code or id, split by ',' | ||
+ | idm.sec.acc.provisioning.break.create.roleRecipients | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # Global break for delete disabled/ | ||
+ | idm.sec.acc.provisioning.break.delete.disabled | ||
+ | # Global break for delete checked period (integer values) | ||
+ | idm.sec.acc.provisioning.break.delete.period | ||
+ | # Global break for delete disable limit (integer values) | ||
+ | idm.sec.acc.provisioning.break.delete.disableLimit | ||
+ | # Global break for delete disabled template (ID of template, if will by null default template will be used) | ||
+ | idm.sec.acc.provisioning.break.delete.templateDisable | ||
+ | # Global break for delete warning limit (integer values) | ||
+ | idm.sec.acc.provisioning.break.delete.warningLimit | ||
+ | # Global break for delete warning template (ID of template, if will by null default template will be used) | ||
+ | idm.sec.acc.provisioning.break.delete.templateWarning | ||
+ | # Global break for delete. Existing identity recipients (identity username or id, split by ',' | ||
+ | idm.sec.acc.provisioning.break.delete.identityRecipients | ||
+ | # Global break for delete. Recipient will be solved as identities that has assigned defined role/s (role code or id, split by ',' | ||
+ | idm.sec.acc.provisioning.break.delete.roleRecipients | ||
</ | </ | ||