Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:application_configuration:dev:backend [2019/10/23 21:25] tomiskar [Reports] |
devel:documentation:application_configuration:dev:backend [2020/03/27 12:46] tomiskar [Identity] |
||
---|---|---|---|
Line 1: | Line 1: | ||
===== Configuration - backend ===== | ===== Configuration - backend ===== | ||
- | {{tag> configuration}} | + | {{tag> configuration |
The application uses a Spring boot configuration in the '' | The application uses a Spring boot configuration in the '' | ||
Line 93: | Line 93: | ||
# Show role environmnent in frontend application for roles (table, role detail, niceLabel, info components, role select) | # Show role environmnent in frontend application for roles (table, role detail, niceLabel, info components, role select) | ||
idm.pub.app.show.environment=true | idm.pub.app.show.environment=true | ||
+ | # Available size options for tables in frontend application | ||
+ | idm.pub.app.show.sizeOptions=10, | ||
+ | # show default form for newly created user | ||
+ | # default form can be disabled => at least one configured form projection is needed | ||
+ | idm.pub.app.show.identity.formProjection.default=true | ||
# | # | ||
# Private properties - used on backend only. | # Private properties - used on backend only. | ||
Line 109: | Line 114: | ||
<code properties> | <code properties> | ||
- | # audit table suffix | + | # ZonedDateTime is stored in UTC |
+ | spring.jpa.properties.hibernate.jdbc.time_zone=UTC | ||
+ | # Driver (e.g. postgres) does not support contextual LOB creation | ||
+ | spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true | ||
+ | # audit table suffixes | ||
spring.jpa.properties.org.hibernate.envers.audit_table_suffix=_a | spring.jpa.properties.org.hibernate.envers.audit_table_suffix=_a | ||
+ | spring.jpa.properties.org.hibernate.envers.modified_flag_suffix=_m | ||
# modified flag for all audited columns | # modified flag for all audited columns | ||
spring.jpa.properties.org.hibernate.envers.global_with_modified_flag=true | spring.jpa.properties.org.hibernate.envers.global_with_modified_flag=true | ||
# prevent to modify attributes created, creator etc. | # prevent to modify attributes created, creator etc. | ||
- | spring.jpa.properties.hibernate.ejb.interceptor=eu.bcvsolutions.idm.core.model.repository.listener.AuditableInterceptor | + | spring.jpa.properties.org.hibernate.envers.audit_strategy=eu.bcvsolutions.idm.core.model.repository.listener.IdmAuditStrategy |
+ | spring.jpa.properties.hibernate.session_factory.interceptor=eu.bcvsolutions.idm.core.model.repository.listener.AuditableInterceptor | ||
# enable / disable audit (envers) | # enable / disable audit (envers) | ||
spring.jpa.properties.hibernate.listeners.envers.autoRegister=true | spring.jpa.properties.hibernate.listeners.envers.autoRegister=true | ||
+ | # Spring boot 2 changed default to true, but we are using IDENTITY identifier generators for mssql database. | ||
+ | spring.jpa.hibernate.use-new-id-generator-mappings=false | ||
# | # | ||
# DB ddl auto generation by hibernate is disabled - flyway database migration is used | # DB ddl auto generation by hibernate is disabled - flyway database migration is used | ||
Line 131: | Line 143: | ||
spring.datasource.testOnBorrow=true | spring.datasource.testOnBorrow=true | ||
spring.datasource.validationQuery=SELECT 1 | spring.datasource.validationQuery=SELECT 1 | ||
+ | # Enlarge pool size by default. This property should be revised for each project. Size should be configured by task and event thread pool size - should be higher than sum of pool sizes. | ||
+ | spring.datasource.hikari.maximumPoolSize=50 | ||
</ | </ | ||
Line 217: | Line 231: | ||
# temporary file time to live in milliseconds | # temporary file time to live in milliseconds | ||
# older temporary files will be purged, default 14 days | # older temporary files will be purged, default 14 days | ||
+ | # Temporary file is used mainly for upload files internaly. When upload is complete, then temporary file is moved into normal IdM attachment (~ temporary file is not reachable, after user session ends). | ||
idm.sec.core.attachment.tempTtl=1209600000 | idm.sec.core.attachment.tempTtl=1209600000 | ||
- | # | ||
- | # Max file size of uploaded file. Values can use the suffixed " | ||
- | multipart.max-file-size=1Mb | ||
- | |||
</ | </ | ||
Line 227: | Line 238: | ||
<code properties> | <code properties> | ||
- | # | ||
# Max file size of uploaded file. Values can use the suffixed " | # Max file size of uploaded file. Values can use the suffixed " | ||
- | multipart.max-file-size=1Mb | + | spring.servlet.multipart.max-file-size=100MB |
+ | spring.servlet.multipart.max-request-size=100MB | ||
</ | </ | ||
Line 270: | Line 281: | ||
# - recaptchaservice endpoint | # - recaptchaservice endpoint | ||
idm.sec.security.recaptcha.url=https:// | idm.sec.security.recaptcha.url=https:// | ||
- | # - secret key, can be generated here https:// | + | # - secret key, can be generated here https:// |
# - test secret key: https:// | # - test secret key: https:// | ||
idm.sec.security.recaptcha.secretKey=xxx | idm.sec.security.recaptcha.secretKey=xxx | ||
Line 410: | Line 421: | ||
# When queueCapacity is full, then new threads are created from corePoolSize to maxPoolSize. | # When queueCapacity is full, then new threads are created from corePoolSize to maxPoolSize. | ||
scheduler.task.executor.maxPoolSize= | scheduler.task.executor.maxPoolSize= | ||
- | # Waiting tasks to be processed. Uses {@code Integer.MAX_VALUE} | + | # Waiting tasks to be processed. Uses 20 as default. {@link LinkedBlockingQueue} is used for queue => capacity is initialized dynamically. |
- | # {@link AbotrPolicy} is set for rejected tasks. | + | # {@link AbotrPolicy} is set for rejected tasks - reject exception has to be processed by a caller ({@link LongRunningTaskManager}). |
- | scheduler.task.executor.queueCapacity= | + | scheduler.task.executor.queueCapacity=20 |
# Thread priority for threads in event executor pool - 5 by default (normal). | # Thread priority for threads in event executor pool - 5 by default (normal). | ||
scheduler.task.executor.threadPriority= | scheduler.task.executor.threadPriority= | ||
Line 426: | Line 437: | ||
scheduler.event.executor.maxPoolSize= | scheduler.event.executor.maxPoolSize= | ||
# Waiting events to be processed. Uses 50 as default - prevent to prepare events repetitively and use additional threads till maxPoolSize. {@link LinkedBlockingQueue} is used for queue => capacity is initialized dynamically. | # Waiting events to be processed. Uses 50 as default - prevent to prepare events repetitively and use additional threads till maxPoolSize. {@link LinkedBlockingQueue} is used for queue => capacity is initialized dynamically. | ||
- | # {@link AbotrPolicy} is set for rejected tasks. | + | # {@link AbotrPolicy} is set for rejected tasks - reject exception has to be processed by a caller ({@link EntityEventManager}). |
scheduler.event.executor.queueCapacity=50 | scheduler.event.executor.queueCapacity=50 | ||
# Thread priority for threads in event executor pool - 6 by default (a little higher priority than normal 5). | # Thread priority for threads in event executor pool - 6 by default (a little higher priority than normal 5). | ||
Line 445: | Line 456: | ||
# CUSTOM - users can choose for which accounts change password | # CUSTOM - users can choose for which accounts change password | ||
# Needed on FE (=> public) | # Needed on FE (=> public) | ||
- | idm.pub.core.identity.passwordChange=ALL_ONLY | + | idm.pub.core.identity.passwordChange=CUSTOM |
# | # | ||
# required old password for change password. | # required old password for change password. | ||
Line 681: | Line 692: | ||
idm.sec.core.authentication-filter.core-sso-authentication-filter.forbidden-uids= | idm.sec.core.authentication-filter.core-sso-authentication-filter.forbidden-uids= | ||
</ | </ | ||
+ | |||
+ | === Remote user authentication filter === | ||
+ | Login into IdM by preset request remote user by servlet container can be configured with following properties: | ||
+ | <code properties> | ||
+ | # Allow remote user authentication | ||
+ | idm.sec.core.authentication-filter.core-remote-user-authentication-filter.enabled=false | ||
+ | # The suffixes to remove from the login - usually domains | ||
+ | idm.sec.core.authentication-filter.core-remote-user-authentication-filter.uid-suffixes= | ||
+ | # The uids that can't be authenticated by SSO | ||
+ | idm.sec.core.authentication-filter.core-remote-user-authentication-filter.forbidden-uids= | ||
+ | </ | ||
+ | |||
+ | This authentication filter reuses SSO authentication filter behavior above ('' | ||
==== Backup ==== | ==== Backup ==== | ||
Line 743: | Line 767: | ||
# - Default value is ' | # - Default value is ' | ||
idm.sec.acc.provisioning.allowedAutoMappingOnExistingAccount=true | idm.sec.acc.provisioning.allowedAutoMappingOnExistingAccount=true | ||
+ | |||
+ | # Default provisioning timeout in milis - every longer provisioning operations will ends with timeout exception (prevent to stuck running operations). | ||
+ | # 3 minutes by default. | ||
+ | # Timeout has to be configured >= 1000, otherwise default will be returned. | ||
+ | idm.sec.acc.provisioning.timeout=180000 | ||
</ | </ | ||