Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
devel:documentation:application_configuration:dev:backend [2019/10/23 21:25]
tomiskar [Reports] 		devel:documentation:application_configuration:dev:backend [2020/01/31 08:03]
tomiskar
Line 1: Line 1:
 ===== Configuration - backend ===== ===== Configuration - backend =====
  
-{{tag> configuration}}+{{tag> configuration final}}
  
 The application uses a Spring boot configuration in the ''application.properties'' files. All the configuration items which are used solely for idm begin with ''idm.'' prefix. The configuration items from the file can be overloaded through a setting agenda in the gui => a server restart isn't needed for changing the configuration with ''idm.'' prefix, which was one of the main goals. The configuration is saved in the database. Use ''ConfigurationService'' for reading and saving configuration items. The application uses a Spring boot configuration in the ''application.properties'' files. All the configuration items which are used solely for idm begin with ''idm.'' prefix. The configuration items from the file can be overloaded through a setting agenda in the gui => a server restart isn't needed for changing the configuration with ''idm.'' prefix, which was one of the main goals. The configuration is saved in the database. Use ''ConfigurationService'' for reading and saving configuration items.
Line 109: Line 109:
  
 <code properties> <code properties>
-# audit table suffix+# ZonedDateTime is stored in UTC 
 +spring.jpa.properties.hibernate.jdbc.time_zone=UTC 
 +# Driver (e.g. postgres) does not support contextual LOB creation 
 +spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true 
 +# audit table suffixes
 spring.jpa.properties.org.hibernate.envers.audit_table_suffix=_a spring.jpa.properties.org.hibernate.envers.audit_table_suffix=_a
 +spring.jpa.properties.org.hibernate.envers.modified_flag_suffix=_m
 # modified flag for all audited columns # modified flag for all audited columns
 spring.jpa.properties.org.hibernate.envers.global_with_modified_flag=true spring.jpa.properties.org.hibernate.envers.global_with_modified_flag=true
 # prevent to modify attributes created, creator etc. # prevent to modify attributes created, creator etc.
-spring.jpa.properties.hibernate.ejb.interceptor=eu.bcvsolutions.idm.core.model.repository.listener.AuditableInterceptor+spring.jpa.properties.org.hibernate.envers.audit_strategy=eu.bcvsolutions.idm.core.model.repository.listener.IdmAuditStrategy 
 +spring.jpa.properties.hibernate.session_factory.interceptor=eu.bcvsolutions.idm.core.model.repository.listener.AuditableInterceptor
 # enable / disable audit (envers) # enable / disable audit (envers)
 spring.jpa.properties.hibernate.listeners.envers.autoRegister=true spring.jpa.properties.hibernate.listeners.envers.autoRegister=true
 +# Spring boot 2 changed default to true, but we are using IDENTITY identifier generators for mssql database. 
 +spring.jpa.hibernate.use-new-id-generator-mappings=false
 # #
 # DB ddl auto generation by hibernate is disabled - flyway database migration is used # DB ddl auto generation by hibernate is disabled - flyway database migration is used
Line 131: Line 138:
 spring.datasource.testOnBorrow=true spring.datasource.testOnBorrow=true
 spring.datasource.validationQuery=SELECT 1 spring.datasource.validationQuery=SELECT 1
 +# Enlarge pool size by default. This property should be revised for each project. Size should be configured by task and event thread pool size - should be higher than sum of pool sizes. 
 +spring.datasource.hikari.maximumPoolSize=50
 </code> </code>
  
Line 218: Line 227:
 # older temporary files will be purged, default 14 days # older temporary files will be purged, default 14 days
 idm.sec.core.attachment.tempTtl=1209600000 idm.sec.core.attachment.tempTtl=1209600000
-# 
-# Max file size of uploaded file. Values can use the suffixed "MB" or "KB" to indicate a Megabyte or Kilobyte size. 
-multipart.max-file-size=1Mb 
- 
 </code> </code>
  
Line 229: Line 234:
 # #
 # Max file size of uploaded file. Values can use the suffixed "MB" or "KB" to indicate a Megabyte or Kilobyte size. # Max file size of uploaded file. Values can use the suffixed "MB" or "KB" to indicate a Megabyte or Kilobyte size.
-multipart.max-file-size=1Mb+multipart.max-file-size=100Mb
  
 </code> </code>
Line 681: Line 686:
 idm.sec.core.authentication-filter.core-sso-authentication-filter.forbidden-uids= idm.sec.core.authentication-filter.core-sso-authentication-filter.forbidden-uids=
 </code> </code>
 +
 +=== Remote user authentication filter ===
 +Login into IdM by preset request remote user by servlet container can be configured with following properties:
 +<code properties>
 +# Allow remote user authentication
 +idm.sec.core.authentication-filter.core-remote-user-authentication-filter.enabled=false
 +# The suffixes to remove from the login - usually domains
 +idm.sec.core.authentication-filter.core-remote-user-authentication-filter.uid-suffixes=
 +# The uids that can't be authenticated by SSO
 +idm.sec.core.authentication-filter.core-remote-user-authentication-filter.forbidden-uids=
 +</code>
 +
 +This authentication filter reuses SSO authentication filter behavior above (''uid-suffixes'', ''forbidden-uids''), but application administrator can be logged by this filter (identity with ''APP_ADMIN'' authority).
  
 ==== Backup ==== ==== Backup ====
  • by chalupat