Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:application_configuration:dev:backend [2019/05/07 08:26] kopro [Workflow settings for approval of change user roles] |
devel:documentation:application_configuration:dev:backend [2020/10/23 07:38] tomiskar [Entity filters] |
||
---|---|---|---|
Line 1: | Line 1: | ||
===== Configuration - backend ===== | ===== Configuration - backend ===== | ||
- | {{tag> configuration}} | + | {{tag> configuration |
The application uses a Spring boot configuration in the '' | The application uses a Spring boot configuration in the '' | ||
Line 12: | Line 12: | ||
* if the name of a configuration item contains the'' | * if the name of a configuration item contains the'' | ||
* It is better to use constants for keys, e.g. '' | * It is better to use constants for keys, e.g. '' | ||
- | |||
- | Cache is used for reading configuration values - default spring boot cache (ConcurrentHashMap) is configured for now. Value in cache is cleared by an active (save, delete) operation. | ||
- | |||
- | <note tip> | ||
- | If you are debugging some of code and are you figuring, something is wrong with the cache, then you can turn the cache off with property (in application.properties) | ||
- | <code properties> | ||
- | spring.cache.type=none | ||
- | </ | ||
- | </ | ||
==== Configure environment properties ==== | ==== Configure environment properties ==== | ||
Line 38: | Line 29: | ||
* '' | * '' | ||
* '' | * '' | ||
- | * '' | + | * '' |
* '' | * '' | ||
Line 54: | Line 45: | ||
- | <note important> | + | [[https:// |
- | < | + | |
- | Initialization of bean failed; nested exception is java.lang.IllegalArgumentException: | + | |
- | </ | + | |
- | |||
- | [[https:// | ||
- | |||
- | < | ||
- | -Djava.util.Arrays.useLegacyMergeSort=true | ||
- | </ | ||
Line 75: | Line 57: | ||
<code properties> | <code properties> | ||
# Application stage (development, | # Application stage (development, | ||
+ | # | ||
+ | # Public properties - available for frontend without authentication (show information about app, decorators etc.). | ||
+ | # | ||
+ | # Application stage - development, | ||
idm.pub.app.stage= | idm.pub.app.stage= | ||
# Application instance / server id - is used for scheduler etc. | # Application instance / server id - is used for scheduler etc. | ||
# Should be defined in property file only | # Should be defined in property file only | ||
idm.pub.app.instanceId=idm-primary | idm.pub.app.instanceId=idm-primary | ||
- | # Enable forest index for tree structures | ||
- | idm.sec.app.forest.index.enabled=true | ||
# global date format on BE. Used in notification templates, logs, etc. FE uses localization key ' | # global date format on BE. Used in notification templates, logs, etc. FE uses localization key ' | ||
idm.pub.app.format.date=dd.MM.yyyy | idm.pub.app.format.date=dd.MM.yyyy | ||
# global datetime format on BE. Used in notification templates, logs, etc. FE uses localization key ' | # global datetime format on BE. Used in notification templates, logs, etc. FE uses localization key ' | ||
idm.pub.app.format.datetime=dd.MM.yyyy HH:mm | idm.pub.app.format.datetime=dd.MM.yyyy HH:mm | ||
+ | # Show identifiers (uuid) in frontend application. Empty value by default => identifier is shown, when application ' | ||
+ | idm.pub.app.show.id= | ||
+ | # Show transaction identifiers (uuid) in frontend application | ||
+ | idm.pub.app.show.transactionId=false | ||
+ | # Show role environment in frontend application for roles (table, role detail, niceLabel, info components, role select) | ||
+ | idm.pub.app.show.environment=true | ||
+ | # Show role baseCode in frontend application for roles (table, role detail, niceLabel, info components, role select) | ||
+ | idm.pub.app.show.role.baseCode=true | ||
+ | # Available size options for tables in frontend application | ||
+ | idm.pub.app.show.sizeOptions=10, | ||
+ | # Show buttons for bulk actions in tables (0 = select box will be shown only). | ||
+ | # Count of quick access buttons for bulk actions in tables - the first count of bulk actions will be shown as button - next action will be rendered in drop down select box. | ||
+ | # Bulk action icon is required for quick access button - action without icon will be rendered in select box. | ||
+ | # Bulk action can enforce showing in quick access button (by bulk action configuration). | ||
+ | idm.pub.app.show.table.quickButton.count=5 | ||
+ | # Quick button for bulk actions in tables will be included in drop down select box too (available as button + menu item with text). | ||
+ | # Number of selected record is shown in drop down select header. | ||
+ | idm.pub.app.show.table.quickButton.menuIncluded=true | ||
+ | # show default form for newly created user | ||
+ | # default form can be disabled => at least one configured form projection is needed | ||
+ | idm.pub.app.show.identity.formProjection.default=true | ||
+ | # If is true, then role-request description will be show on the detail. | ||
+ | # Description will hidden if this property will be false and role request | ||
+ | # doesn' | ||
+ | idm.pub.app.show.roleRequest.description=true | ||
+ | # | ||
+ | # Private properties - used on backend only. | ||
+ | # | ||
# create demo data at application start | # create demo data at application start | ||
idm.sec.core.demo.data.enabled=true | idm.sec.core.demo.data.enabled=true | ||
# demo data was created - prevent to create demo data duplicitly | # demo data was created - prevent to create demo data duplicitly | ||
idm.sec.core.demo.data.created=false | idm.sec.core.demo.data.created=false | ||
+ | # Create init data at application start. Init data (product provided roles) are updated automatically with pruct updates. | ||
+ | # Set property to false to disable init data creation and updates. | ||
+ | idm.sec.core.init.data.enabled=true | ||
</ | </ | ||
Line 96: | Line 111: | ||
<code properties> | <code properties> | ||
- | # audit table suffix | + | # ZonedDateTime is stored in UTC |
+ | spring.jpa.properties.hibernate.jdbc.time_zone=UTC | ||
+ | # Driver (e.g. postgres) does not support contextual LOB creation | ||
+ | spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true | ||
+ | # audit table suffixes | ||
spring.jpa.properties.org.hibernate.envers.audit_table_suffix=_a | spring.jpa.properties.org.hibernate.envers.audit_table_suffix=_a | ||
+ | spring.jpa.properties.org.hibernate.envers.modified_flag_suffix=_m | ||
# modified flag for all audited columns | # modified flag for all audited columns | ||
spring.jpa.properties.org.hibernate.envers.global_with_modified_flag=true | spring.jpa.properties.org.hibernate.envers.global_with_modified_flag=true | ||
# prevent to modify attributes created, creator etc. | # prevent to modify attributes created, creator etc. | ||
- | spring.jpa.properties.hibernate.ejb.interceptor=eu.bcvsolutions.idm.core.model.repository.listener.AuditableInterceptor | + | spring.jpa.properties.org.hibernate.envers.audit_strategy=eu.bcvsolutions.idm.core.model.repository.listener.IdmAuditStrategy |
+ | spring.jpa.properties.hibernate.session_factory.interceptor=eu.bcvsolutions.idm.core.model.repository.listener.AuditableInterceptor | ||
# enable / disable audit (envers) | # enable / disable audit (envers) | ||
spring.jpa.properties.hibernate.listeners.envers.autoRegister=true | spring.jpa.properties.hibernate.listeners.envers.autoRegister=true | ||
+ | # Spring boot 2 changed default to true, but we are using IDENTITY identifier generators for mssql database. | ||
+ | spring.jpa.hibernate.use-new-id-generator-mappings=false | ||
# | # | ||
# DB ddl auto generation by hibernate is disabled - flyway database migration is used | # DB ddl auto generation by hibernate is disabled - flyway database migration is used | ||
Line 118: | Line 140: | ||
spring.datasource.testOnBorrow=true | spring.datasource.testOnBorrow=true | ||
spring.datasource.validationQuery=SELECT 1 | spring.datasource.validationQuery=SELECT 1 | ||
+ | # Enlarge pool size by default. This property should be revised for each project. Size should be configured by task and event thread pool size - should be higher than sum of pool sizes. | ||
+ | spring.datasource.hikari.maximumPoolSize=50 | ||
</ | </ | ||
Line 182: | Line 206: | ||
</ | </ | ||
+ | ==== Cache ==== | ||
- | ==== Attachment storage === | + | Cache is used for reading configuration values. Value in cache is cleared by an active (save, delete) operation. |
+ | |||
+ | In the application profile (application.properties): | ||
+ | |||
+ | |||
+ | |||
+ | <code properties> | ||
+ | # Disable cache | ||
+ | # If you are debugging some of code and are you figuring, something is wrong with the cache, then you can turn the cache off with property. | ||
+ | # | ||
+ | # | ||
+ | # Clusterred cache settings | ||
+ | # | ||
+ | idm.sec.cache.terracota.resource.name=main | ||
+ | idm.sec.cache.terracota.resource.pool.name=resource-pool | ||
+ | # Size in MB | ||
+ | idm.sec.cache.terracota.resource.pool.size=32 | ||
+ | </ | ||
+ | |||
+ | |||
+ | ==== Attachment storage | ||
'' | '' | ||
- | In the application profile (application.properties) and overloadable via '' | + | In the application profile (application.properties): |
+ | |||
+ | <code properties> | ||
+ | # Max file size of uploaded file. Values can use the suffixed " | ||
+ | # Application server (e.g. Tomcat " | ||
+ | spring.servlet.multipart.max-file-size=100MB | ||
+ | spring.servlet.multipart.max-request-size=100MB | ||
+ | |||
+ | </ | ||
+ | |||
+ | In the application profile (application.properties) and overloadable via '' | ||
<code properties> | <code properties> | ||
Line 204: | Line 259: | ||
# temporary file time to live in milliseconds | # temporary file time to live in milliseconds | ||
# older temporary files will be purged, default 14 days | # older temporary files will be purged, default 14 days | ||
+ | # Temporary file is used mainly for upload files internaly. When upload is complete, then temporary file is moved into normal IdM attachment (~ temporary file is not reachable, after user session ends). | ||
idm.sec.core.attachment.tempTtl=1209600000 | idm.sec.core.attachment.tempTtl=1209600000 | ||
- | # | ||
- | # Max file size of uploaded file. Values can use the suffixed " | ||
- | multipart.max-file-size=1Mb | ||
- | |||
- | </ | ||
- | |||
- | In the application profile (application.properties). | ||
- | |||
- | <code properties> | ||
- | # | ||
- | # Max file size of uploaded file. Values can use the suffixed " | ||
- | multipart.max-file-size=1Mb | ||
- | |||
</ | </ | ||
- | ==== Activiti workflow === | + | ==== Activiti workflow |
<code properties> | <code properties> | ||
# String boot properties for Activiti workflow engine | # String boot properties for Activiti workflow engine | ||
Line 257: | Line 300: | ||
# - recaptchaservice endpoint | # - recaptchaservice endpoint | ||
idm.sec.security.recaptcha.url=https:// | idm.sec.security.recaptcha.url=https:// | ||
- | # - secret key, can be generated here https:// | + | # - secret key, can be generated here https:// |
# - test secret key: https:// | # - test secret key: https:// | ||
idm.sec.security.recaptcha.secretKey=xxx | idm.sec.security.recaptcha.secretKey=xxx | ||
Line 397: | Line 440: | ||
# When queueCapacity is full, then new threads are created from corePoolSize to maxPoolSize. | # When queueCapacity is full, then new threads are created from corePoolSize to maxPoolSize. | ||
scheduler.task.executor.maxPoolSize= | scheduler.task.executor.maxPoolSize= | ||
- | # Waiting tasks to be processed. Uses {@code Integer.MAX_VALUE} | + | # Waiting tasks to be processed. Uses 20 as default. {@link LinkedBlockingQueue} is used for queue => capacity is initialized dynamically. |
- | # {@link AbotrPolicy} is set for rejected tasks. | + | # {@link AbotrPolicy} is set for rejected tasks - reject exception has to be processed by a caller ({@link LongRunningTaskManager}). |
- | scheduler.task.executor.queueCapacity= | + | scheduler.task.executor.queueCapacity=20 |
# Thread priority for threads in event executor pool - 5 by default (normal). | # Thread priority for threads in event executor pool - 5 by default (normal). | ||
scheduler.task.executor.threadPriority= | scheduler.task.executor.threadPriority= | ||
Line 412: | Line 455: | ||
# When queueCapacity is full, then new threads are created from corePoolSize to maxPoolSize. | # When queueCapacity is full, then new threads are created from corePoolSize to maxPoolSize. | ||
scheduler.event.executor.maxPoolSize= | scheduler.event.executor.maxPoolSize= | ||
- | # Waiting events to be processed. Uses 1000 as default - prevent to prepare events repetitively and use additional threads till maxPoolSize. {@link LinkedBlockingQueue} is used for queue => capacity is initialized dynamically. | + | # Waiting events to be processed. Uses 50 as default - prevent to prepare events repetitively and use additional threads till maxPoolSize. {@link LinkedBlockingQueue} is used for queue => capacity is initialized dynamically. |
- | # {@link AbotrPolicy} is set for rejected tasks. | + | # {@link AbotrPolicy} is set for rejected tasks - reject exception has to be processed by a caller ({@link EntityEventManager}). |
scheduler.event.executor.queueCapacity=50 | scheduler.event.executor.queueCapacity=50 | ||
# Thread priority for threads in event executor pool - 6 by default (a little higher priority than normal 5). | # Thread priority for threads in event executor pool - 6 by default (a little higher priority than normal 5). | ||
Line 425: | Line 468: | ||
<code properties> | <code properties> | ||
# supports delete identity. Needed on FE (=> public) to render available bulk action in table | # supports delete identity. Needed on FE (=> public) to render available bulk action in table | ||
+ | # @deprecated @since 10.6.0 - action can be disabled by bulk action configurable api - use ' | ||
idm.pub.core.identity.delete=true | idm.pub.core.identity.delete=true | ||
# | # | ||
Line 432: | Line 476: | ||
# CUSTOM - users can choose for which accounts change password | # CUSTOM - users can choose for which accounts change password | ||
# Needed on FE (=> public) | # Needed on FE (=> public) | ||
- | idm.pub.core.identity.passwordChange=ALL_ONLY | + | idm.pub.core.identity.passwordChange=CUSTOM |
# | # | ||
# required old password for change password. | # required old password for change password. | ||
Line 451: | Line 495: | ||
# Needed on FE (=> public) | # Needed on FE (=> public) | ||
idm.pub.core.identity.dashboard.skip= | idm.pub.core.identity.dashboard.skip= | ||
- | # | ||
- | # supports authorization policies for extended form definitions and their values for identities | ||
- | # Default is false (backward compatibility) - all form definitions and attributes will be shown (controlled by permissions for identity - IDENTITY_READ / IDENTITY_UPDATE). | ||
- | # true - authorization policies will be evaluated (see https:// | ||
- | idm.sec.core.identity.formAttributes.secured=false | ||
</ | </ | ||
Line 478: | Line 517: | ||
<code properties> | <code properties> | ||
+ | # | ||
# Default user role will be added automatically, | # Default user role will be added automatically, | ||
# could contains default authorities and authority policies configuration | # could contains default authorities and authority policies configuration | ||
# for adding autocomplete or all record read permission etc. | # for adding autocomplete or all record read permission etc. | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
idm.sec.core.role.default=userRole | idm.sec.core.role.default=userRole | ||
+ | # | ||
# Admin user role | # Admin user role | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
idm.sec.core.role.admin=superAdminRole | idm.sec.core.role.admin=superAdminRole | ||
+ | # | ||
+ | # Helpdesk user role | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
+ | idm.sec.core.role.helpdesk=helpdeskRole | ||
+ | # | ||
+ | # User manager role | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
+ | idm.sec.core.role.userManager=userManagerRole | ||
+ | # | ||
+ | # Role manager role - role guarantee | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
+ | idm.sec.core.role.roleManager=roleManagerRole | ||
+ | # | ||
+ | # Virtual system implementer | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
+ | idm.sec.vs.role.implementer=virtualSystemImplementerRole | ||
+ | # | ||
# Separator for the suffix with environment used in role code. | # Separator for the suffix with environment used in role code. | ||
# Look out: when separator is changed, then all roles should be updated (manually from ui, by scripted LRT or by change script). | # Look out: when separator is changed, then all roles should be updated (manually from ui, by scripted LRT or by change script). | ||
Line 532: | Line 598: | ||
idm.sec.< | idm.sec.< | ||
</ | </ | ||
- | Where ''< | + | Where ''< |
Common configuration properties for all processors: | Common configuration properties for all processors: | ||
Line 540: | Line 606: | ||
Exists processors configuration: | Exists processors configuration: | ||
+ | |||
+ | ==== Bulk actions ==== | ||
+ | |||
+ | @since 10.6.0 | ||
+ | |||
+ | In the application profile ('' | ||
+ | Every bulk action could have his own configuration properties under prefix: | ||
+ | <code properties> | ||
+ | # disable / enable bulk action | ||
+ | idm.sec.< | ||
+ | </ | ||
+ | Where ''< | ||
+ | |||
+ | Common configuration properties for all bulk actions: | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
Line 599: | Line 685: | ||
==== Entity filters ==== | ==== Entity filters ==== | ||
In the application profile ('' | In the application profile ('' | ||
- | Every filter could have his own configuration properties under prefix: | + | |
+ | <code properties> | ||
+ | # Enable / disable check filter is properly registered, when filter is used (by entity and property name). | ||
+ | # Throws exception, when unrecognized filter is used. | ||
+ | idm.sec.core.filter.check.supported.enabled=true | ||
+ | # Check count of values exceeded given maximum. | ||
+ | # Related to database count of query parameters (e.g. Oracle = {@code 1000}, MSSql = {@code 2100}). | ||
+ | # Throws exception, when size is exceeded. Set to {@code -1} to disable this check. | ||
+ | idm.sec.core.filter.check.size.maximum=500 | ||
+ | </ | ||
+ | |||
+ | Every registered | ||
<code properties> | <code properties> | ||
- | # enable/ disable filter - enabled by default. When filter is disabled and property is filled in filter, then '' | + | # enable / disable filter - enabled by default. When filter is disabled and property is filled in filter, then '' |
idm.sec.< | idm.sec.< | ||
# filter implementation | # filter implementation | ||
Line 636: | Line 733: | ||
==== Authentication ==== | ==== Authentication ==== | ||
- | UUID of system, against which to user will be authenticated. | + | UUID of system, against which to user will be authenticated. This authentication is from version 10.4.0 deprecated. |
<code properties> | <code properties> | ||
# ID system against which to authenticate | # ID system against which to authenticate | ||
- | idm.sec.security.auth.systemId= | + | idm.sec.security.auth.system= |
</ | </ | ||
+ | |||
+ | Authentication against multiple system wich to user will be authenticated (since 10.4.0) - ID or Code can be used: | ||
+ | <code properties> | ||
+ | idm.sec.acc.security.auth.order1.system= | ||
+ | idm.sec.acc.security.auth.order2.system= | ||
+ | </ | ||
+ | |||
+ | Maximum system for authentication can be set with the property: | ||
+ | <code properties> | ||
+ | idm.sec.acc.security.auth.maximumSystemCount=50 | ||
+ | </ | ||
+ | |||
+ | More about authenticator can be found [[devel: | ||
=== Authentication filters === | === Authentication filters === | ||
Line 668: | Line 778: | ||
idm.sec.core.authentication-filter.core-sso-authentication-filter.forbidden-uids= | idm.sec.core.authentication-filter.core-sso-authentication-filter.forbidden-uids= | ||
</ | </ | ||
+ | |||
+ | === Remote user authentication filter === | ||
+ | Login into IdM by preset request remote user by servlet container can be configured with following properties: | ||
+ | <code properties> | ||
+ | # Allow remote user authentication | ||
+ | idm.sec.core.authentication-filter.core-remote-user-authentication-filter.enabled=false | ||
+ | # The suffixes to remove from the login - usually domains | ||
+ | idm.sec.core.authentication-filter.core-remote-user-authentication-filter.uid-suffixes= | ||
+ | # The uids that can't be authenticated by SSO | ||
+ | idm.sec.core.authentication-filter.core-remote-user-authentication-filter.forbidden-uids= | ||
+ | </ | ||
+ | |||
+ | This authentication filter reuses SSO authentication filter behavior above ('' | ||
==== Backup ==== | ==== Backup ==== | ||
- | If you want to use redeploy and backup for example in agenda (notification | + | If you want to use redeploy and backup for example in agenda (notification |
+ | When redploy is used, then actual templates (or scripsts) are loaded from classpath by configuration (for templates or scripts) and deployed into application. Previous templates (or scripts) are backup too. | ||
<code properties> | <code properties> | ||
# configuration property for default backup | # configuration property for default backup | ||
Line 703: | Line 828: | ||
idm.sec.vs.role.default=< | idm.sec.vs.role.default=< | ||
</ | </ | ||
+ | |||
+ | ==== Long polling ==== | ||
+ | |||
+ | <code properties> | ||
+ | # Long polling | ||
+ | idm.pub.app.long-polling.enabled=true | ||
+ | </ | ||
+ | |||
+ | You can disable long polling for all types of entites with use value `false`. | ||
==== Provisioning ==== | ==== Provisioning ==== | ||
Line 719: | Line 853: | ||
# - Default value is ' | # - Default value is ' | ||
idm.sec.acc.provisioning.allowedAutoMappingOnExistingAccount=true | idm.sec.acc.provisioning.allowedAutoMappingOnExistingAccount=true | ||
+ | |||
+ | # Default provisioning timeout in milis - every longer provisioning operations will ends with timeout exception (prevent to stuck running operations). | ||
+ | # 3 minutes by default. | ||
+ | # Timeout has to be configured >= 1000, otherwise default will be returned. | ||
+ | idm.sec.acc.provisioning.timeout=180000 | ||
+ | </ | ||
+ | |||
+ | ==== Provisioning global break ==== | ||
+ | <note tip>For enable global provisioning break you must set configurations properties defined below, otherwise global provisioning break will not be active.</ | ||
+ | |||
+ | <code properties> | ||
+ | # Global break for update disabled/ | ||
+ | idm.sec.acc.provisioning.break.update.disabled | ||
+ | # Global break for update checked period (integer values) | ||
+ | idm.sec.acc.provisioning.break.update.period | ||
+ | # Global break for update disable limit (integer values) | ||
+ | idm.sec.acc.provisioning.break.update.disableLimit | ||
+ | # Global break for update disabled template (ID of template, if will by null default template will be used) | ||
+ | idm.sec.acc.provisioning.break.update.templateDisable | ||
+ | # Global break for update warning limit (integer values) | ||
+ | idm.sec.acc.provisioning.break.update.warningLimit | ||
+ | # Global break for update warning template (ID of template, if will by null default template will be used) | ||
+ | idm.sec.acc.provisioning.break.update.templateWarning | ||
+ | # Global break for update. Existing identity recipients (identity username or id, split by ',' | ||
+ | idm.sec.acc.provisioning.break.update.identityRecipients | ||
+ | # Global break for update. Recipient will be solved as identities that has assigned defined role/s (role code or id, split by ',' | ||
+ | idm.sec.acc.provisioning.break.update.roleRecipients | ||
+ | # | ||
+ | # | ||
+ | # Global break for create disabled/ | ||
+ | idm.sec.acc.provisioning.break.create.disabled | ||
+ | # Global break for create checked period (integer values) | ||
+ | idm.sec.acc.provisioning.break.create.period | ||
+ | # Global break for create disable limit (integer values) | ||
+ | idm.sec.acc.provisioning.break.create.disableLimit | ||
+ | # Global break for create disabled template (ID of template, if will by null default template will be used) | ||
+ | idm.sec.acc.provisioning.break.create.templateDisable | ||
+ | # Global break for create warning limit (integer values) | ||
+ | idm.sec.acc.provisioning.break.create.warningLimit | ||
+ | # Global break for create warning template (ID of template, if will by null default template will be used) | ||
+ | idm.sec.acc.provisioning.break.create.templateWarning | ||
+ | # Global break for create. Existing identity recipients (identity username or id, split by ',' | ||
+ | idm.sec.acc.provisioning.break.create.identityRecipients | ||
+ | # Global break for create. Recipient will be solved as identities that has assigned defined role/s (role code or id, split by ',' | ||
+ | idm.sec.acc.provisioning.break.create.roleRecipients | ||
+ | # | ||
+ | # | ||
+ | # | ||
+ | # Global break for delete disabled/ | ||
+ | idm.sec.acc.provisioning.break.delete.disabled | ||
+ | # Global break for delete checked period (integer values) | ||
+ | idm.sec.acc.provisioning.break.delete.period | ||
+ | # Global break for delete disable limit (integer values) | ||
+ | idm.sec.acc.provisioning.break.delete.disableLimit | ||
+ | # Global break for delete disabled template (ID of template, if will by null default template will be used) | ||
+ | idm.sec.acc.provisioning.break.delete.templateDisable | ||
+ | # Global break for delete warning limit (integer values) | ||
+ | idm.sec.acc.provisioning.break.delete.warningLimit | ||
+ | # Global break for delete warning template (ID of template, if will by null default template will be used) | ||
+ | idm.sec.acc.provisioning.break.delete.templateWarning | ||
+ | # Global break for delete. Existing identity recipients (identity username or id, split by ',' | ||
+ | idm.sec.acc.provisioning.break.delete.identityRecipients | ||
+ | # Global break for delete. Recipient will be solved as identities that has assigned defined role/s (role code or id, split by ',' | ||
+ | idm.sec.acc.provisioning.break.delete.roleRecipients | ||
</ | </ | ||
Line 748: | Line 946: | ||
Common configuration properties for all renderers: | Common configuration properties for all renderers: | ||
* '' | * '' | ||
+ | |||
+ | ==== Logger ==== | ||
+ | |||
+ | In the application profile ('' | ||
+ | |||
+ | <code properties> | ||
+ | # Show thread name configured by thread pools (task, event) in logs (generated name is shown otherwise) | ||
+ | # Two appenders ' | ||
+ | logging.pattern.console=%d{yyyy-MM-dd HH: | ||
+ | logging.pattern.file=%d{yyyy-MM-dd HH: | ||
+ | </ | ||
+ | |||
+ | Logger levels can be configured programmatically (override '' | ||
+ | |||
+ | In the application profile ('' | ||
+ | |||
+ | <code properties> | ||
+ | idm.sec.core.logger.< | ||
+ | </ | ||
+ | |||
+ | Where ''< | ||
+ | |||
+ | Example: | ||
+ | <code properties> | ||
+ | idm.sec.core.logger.eu.bcvsolutions=DEBUG | ||
+ | </ |