Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:application_configuration:dev:backend [2020/01/29 12:55] tomiskar [Attachment storage] |
devel:documentation:application_configuration:dev:backend [2020/10/29 05:46] tomiskar [Backup] |
||
---|---|---|---|
Line 1: | Line 1: | ||
===== Configuration - backend ===== | ===== Configuration - backend ===== | ||
- | {{tag> configuration}} | + | {{tag> configuration |
The application uses a Spring boot configuration in the '' | The application uses a Spring boot configuration in the '' | ||
Line 12: | Line 12: | ||
* if the name of a configuration item contains the'' | * if the name of a configuration item contains the'' | ||
* It is better to use constants for keys, e.g. '' | * It is better to use constants for keys, e.g. '' | ||
- | |||
- | Cache is used for reading configuration values - default spring boot cache (ConcurrentHashMap) is configured for now. Value in cache is cleared by an active (save, delete) operation. | ||
- | |||
- | <note tip> | ||
- | If you are debugging some of code and are you figuring, something is wrong with the cache, then you can turn the cache off with property (in application.properties) | ||
- | <code properties> | ||
- | spring.cache.type=none | ||
- | </ | ||
- | </ | ||
==== Configure environment properties ==== | ==== Configure environment properties ==== | ||
Line 54: | Line 45: | ||
- | <note important> | + | [[https:// |
- | < | + | |
- | Initialization of bean failed; nested exception is java.lang.IllegalArgumentException: | + | |
- | </ | + | |
- | |||
- | [[https:// | ||
- | |||
- | < | ||
- | -Djava.util.Arrays.useLegacyMergeSort=true | ||
- | </ | ||
Line 91: | Line 73: | ||
# Show transaction identifiers (uuid) in frontend application | # Show transaction identifiers (uuid) in frontend application | ||
idm.pub.app.show.transactionId=false | idm.pub.app.show.transactionId=false | ||
- | # Show role environmnent | + | # Show role environment |
idm.pub.app.show.environment=true | idm.pub.app.show.environment=true | ||
+ | # Show role baseCode in frontend application for roles (table, role detail, niceLabel, info components, role select) | ||
+ | idm.pub.app.show.role.baseCode=true | ||
+ | # Available size options for tables in frontend application | ||
+ | idm.pub.app.show.sizeOptions=10, | ||
+ | # Show buttons for bulk actions in tables (0 = select box will be shown only). | ||
+ | # Count of quick access buttons for bulk actions in tables - the first count of bulk actions will be shown as button - next action will be rendered in drop down select box. | ||
+ | # Bulk action icon is required for quick access button - action without icon will be rendered in select box. | ||
+ | # Bulk action can enforce showing in quick access button (by bulk action configuration). | ||
+ | idm.pub.app.show.table.quickButton.count=5 | ||
+ | # Quick button for bulk actions in tables will be included in drop down select box too (available as button + menu item with text). | ||
+ | # Number of selected record is shown in drop down select header. | ||
+ | idm.pub.app.show.table.quickButton.menuIncluded=true | ||
+ | # show default form for newly created user | ||
+ | # default form can be disabled => at least one configured form projection is needed | ||
+ | idm.pub.app.show.identity.formProjection.default=true | ||
+ | # If is true, then role-request description will be show on the detail. | ||
+ | # Description will hidden if this property will be false and role request | ||
+ | # doesn' | ||
+ | idm.pub.app.show.roleRequest.description=true | ||
# | # | ||
# Private properties - used on backend only. | # Private properties - used on backend only. | ||
Line 100: | Line 101: | ||
# demo data was created - prevent to create demo data duplicitly | # demo data was created - prevent to create demo data duplicitly | ||
idm.sec.core.demo.data.created=false | idm.sec.core.demo.data.created=false | ||
- | # Enable forest index for tree structures | + | # Create init data at application start. Init data (product provided roles) are updated automatically with pruct updates. |
- | idm.sec.app.forest.index.enabled=true | + | # Set property to false to disable init data creation and updates. |
+ | idm.sec.core.init.data.enabled=true | ||
</ | </ | ||
Line 109: | Line 111: | ||
<code properties> | <code properties> | ||
- | # audit table suffix | + | # ZonedDateTime is stored in UTC |
+ | spring.jpa.properties.hibernate.jdbc.time_zone=UTC | ||
+ | # Driver (e.g. postgres) does not support contextual LOB creation | ||
+ | spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true | ||
+ | # audit table suffixes | ||
spring.jpa.properties.org.hibernate.envers.audit_table_suffix=_a | spring.jpa.properties.org.hibernate.envers.audit_table_suffix=_a | ||
+ | spring.jpa.properties.org.hibernate.envers.modified_flag_suffix=_m | ||
# modified flag for all audited columns | # modified flag for all audited columns | ||
spring.jpa.properties.org.hibernate.envers.global_with_modified_flag=true | spring.jpa.properties.org.hibernate.envers.global_with_modified_flag=true | ||
# prevent to modify attributes created, creator etc. | # prevent to modify attributes created, creator etc. | ||
- | spring.jpa.properties.hibernate.ejb.interceptor=eu.bcvsolutions.idm.core.model.repository.listener.AuditableInterceptor | + | spring.jpa.properties.org.hibernate.envers.audit_strategy=eu.bcvsolutions.idm.core.model.repository.listener.IdmAuditStrategy |
+ | spring.jpa.properties.hibernate.session_factory.interceptor=eu.bcvsolutions.idm.core.model.repository.listener.AuditableInterceptor | ||
# enable / disable audit (envers) | # enable / disable audit (envers) | ||
spring.jpa.properties.hibernate.listeners.envers.autoRegister=true | spring.jpa.properties.hibernate.listeners.envers.autoRegister=true | ||
+ | # Spring boot 2 changed default to true, but we are using IDENTITY identifier generators for mssql database. | ||
+ | spring.jpa.hibernate.use-new-id-generator-mappings=false | ||
# | # | ||
# DB ddl auto generation by hibernate is disabled - flyway database migration is used | # DB ddl auto generation by hibernate is disabled - flyway database migration is used | ||
Line 131: | Line 140: | ||
spring.datasource.testOnBorrow=true | spring.datasource.testOnBorrow=true | ||
spring.datasource.validationQuery=SELECT 1 | spring.datasource.validationQuery=SELECT 1 | ||
+ | # Enlarge pool size by default. This property should be revised for each project. Size should be configured by task and event thread pool size - should be higher than sum of pool sizes. | ||
+ | spring.datasource.hikari.maximumPoolSize=50 | ||
</ | </ | ||
Line 195: | Line 206: | ||
</ | </ | ||
+ | ==== Cache ==== | ||
- | ==== Attachment storage === | + | Cache is used for reading configuration values. Value in cache is cleared by an active (save, delete) operation. |
+ | |||
+ | In the application profile (application.properties): | ||
+ | |||
+ | |||
+ | |||
+ | <code properties> | ||
+ | # Disable cache | ||
+ | # If you are debugging some of code and are you figuring, something is wrong with the cache, then you can turn the cache off with property. | ||
+ | # | ||
+ | # | ||
+ | # Clusterred cache settings | ||
+ | # | ||
+ | idm.sec.cache.terracota.resource.name=main | ||
+ | idm.sec.cache.terracota.resource.pool.name=resource-pool | ||
+ | # Size in MB | ||
+ | idm.sec.cache.terracota.resource.pool.size=32 | ||
+ | </ | ||
+ | |||
+ | |||
+ | ==== Attachment storage | ||
'' | '' | ||
- | In the application profile (application.properties) and overloadable via '' | + | In the application profile (application.properties): |
+ | |||
+ | <code properties> | ||
+ | # Max file size of uploaded file. Values can use the suffixed " | ||
+ | # Application server (e.g. Tomcat " | ||
+ | spring.servlet.multipart.max-file-size=100MB | ||
+ | spring.servlet.multipart.max-request-size=100MB | ||
+ | |||
+ | </ | ||
+ | |||
+ | In the application profile (application.properties) and overloadable via '' | ||
<code properties> | <code properties> | ||
Line 217: | Line 259: | ||
# temporary file time to live in milliseconds | # temporary file time to live in milliseconds | ||
# older temporary files will be purged, default 14 days | # older temporary files will be purged, default 14 days | ||
+ | # Temporary file is used mainly for upload files internaly. When upload is complete, then temporary file is moved into normal IdM attachment (~ temporary file is not reachable, after user session ends). | ||
idm.sec.core.attachment.tempTtl=1209600000 | idm.sec.core.attachment.tempTtl=1209600000 | ||
</ | </ | ||
- | In the application profile (application.properties). | + | ==== Activiti workflow |
- | + | ||
- | <code properties> | + | |
- | # | + | |
- | # Max file size of uploaded file. Values can use the suffixed " | + | |
- | multipart.max-file-size=100Mb | + | |
- | + | ||
- | </ | + | |
- | + | ||
- | ==== Activiti workflow === | + | |
<code properties> | <code properties> | ||
# String boot properties for Activiti workflow engine | # String boot properties for Activiti workflow engine | ||
Line 266: | Line 300: | ||
# - recaptchaservice endpoint | # - recaptchaservice endpoint | ||
idm.sec.security.recaptcha.url=https:// | idm.sec.security.recaptcha.url=https:// | ||
- | # - secret key, can be generated here https:// | + | # - secret key, can be generated here https:// |
# - test secret key: https:// | # - test secret key: https:// | ||
idm.sec.security.recaptcha.secretKey=xxx | idm.sec.security.recaptcha.secretKey=xxx | ||
Line 406: | Line 440: | ||
# When queueCapacity is full, then new threads are created from corePoolSize to maxPoolSize. | # When queueCapacity is full, then new threads are created from corePoolSize to maxPoolSize. | ||
scheduler.task.executor.maxPoolSize= | scheduler.task.executor.maxPoolSize= | ||
- | # Waiting tasks to be processed. Uses {@code Integer.MAX_VALUE} | + | # Waiting tasks to be processed. Uses 20 as default. {@link LinkedBlockingQueue} is used for queue => capacity is initialized dynamically. |
- | # {@link AbotrPolicy} is set for rejected tasks. | + | # {@link AbotrPolicy} is set for rejected tasks - reject exception has to be processed by a caller ({@link LongRunningTaskManager}). |
- | scheduler.task.executor.queueCapacity= | + | scheduler.task.executor.queueCapacity=20 |
# Thread priority for threads in event executor pool - 5 by default (normal). | # Thread priority for threads in event executor pool - 5 by default (normal). | ||
scheduler.task.executor.threadPriority= | scheduler.task.executor.threadPriority= | ||
Line 422: | Line 456: | ||
scheduler.event.executor.maxPoolSize= | scheduler.event.executor.maxPoolSize= | ||
# Waiting events to be processed. Uses 50 as default - prevent to prepare events repetitively and use additional threads till maxPoolSize. {@link LinkedBlockingQueue} is used for queue => capacity is initialized dynamically. | # Waiting events to be processed. Uses 50 as default - prevent to prepare events repetitively and use additional threads till maxPoolSize. {@link LinkedBlockingQueue} is used for queue => capacity is initialized dynamically. | ||
- | # {@link AbotrPolicy} is set for rejected tasks. | + | # {@link AbotrPolicy} is set for rejected tasks - reject exception has to be processed by a caller ({@link EntityEventManager}). |
scheduler.event.executor.queueCapacity=50 | scheduler.event.executor.queueCapacity=50 | ||
# Thread priority for threads in event executor pool - 6 by default (a little higher priority than normal 5). | # Thread priority for threads in event executor pool - 6 by default (a little higher priority than normal 5). | ||
Line 434: | Line 468: | ||
<code properties> | <code properties> | ||
# supports delete identity. Needed on FE (=> public) to render available bulk action in table | # supports delete identity. Needed on FE (=> public) to render available bulk action in table | ||
+ | # @deprecated @since 10.6.0 - action can be disabled by bulk action configurable api - use ' | ||
idm.pub.core.identity.delete=true | idm.pub.core.identity.delete=true | ||
# | # | ||
Line 441: | Line 476: | ||
# CUSTOM - users can choose for which accounts change password | # CUSTOM - users can choose for which accounts change password | ||
# Needed on FE (=> public) | # Needed on FE (=> public) | ||
- | idm.pub.core.identity.passwordChange=ALL_ONLY | + | idm.pub.core.identity.passwordChange=CUSTOM |
# | # | ||
# required old password for change password. | # required old password for change password. | ||
Line 460: | Line 495: | ||
# Needed on FE (=> public) | # Needed on FE (=> public) | ||
idm.pub.core.identity.dashboard.skip= | idm.pub.core.identity.dashboard.skip= | ||
- | # | ||
- | # supports authorization policies for extended form definitions and their values for identities | ||
- | # Default is false (backward compatibility) - all form definitions and attributes will be shown (controlled by permissions for identity - IDENTITY_READ / IDENTITY_UPDATE). | ||
- | # true - authorization policies will be evaluated (see https:// | ||
- | idm.sec.core.identity.formAttributes.secured=false | ||
</ | </ | ||
Line 487: | Line 517: | ||
<code properties> | <code properties> | ||
+ | # | ||
# Default user role will be added automatically, | # Default user role will be added automatically, | ||
# could contains default authorities and authority policies configuration | # could contains default authorities and authority policies configuration | ||
# for adding autocomplete or all record read permission etc. | # for adding autocomplete or all record read permission etc. | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
idm.sec.core.role.default=userRole | idm.sec.core.role.default=userRole | ||
+ | # | ||
# Admin user role | # Admin user role | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
idm.sec.core.role.admin=superAdminRole | idm.sec.core.role.admin=superAdminRole | ||
+ | # | ||
+ | # Helpdesk user role | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
+ | idm.sec.core.role.helpdesk=helpdeskRole | ||
+ | # | ||
+ | # User manager role | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
+ | idm.sec.core.role.userManager=userManagerRole | ||
+ | # | ||
+ | # Role manager role - role guarantee | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
+ | idm.sec.core.role.roleManager=roleManagerRole | ||
+ | # | ||
+ | # Virtual system implementer | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
+ | idm.sec.vs.role.implementer=virtualSystemImplementerRole | ||
+ | # | ||
# Separator for the suffix with environment used in role code. | # Separator for the suffix with environment used in role code. | ||
# Look out: when separator is changed, then all roles should be updated (manually from ui, by scripted LRT or by change script). | # Look out: when separator is changed, then all roles should be updated (manually from ui, by scripted LRT or by change script). | ||
Line 541: | Line 598: | ||
idm.sec.< | idm.sec.< | ||
</ | </ | ||
- | Where ''< | + | Where ''< |
Common configuration properties for all processors: | Common configuration properties for all processors: | ||
Line 549: | Line 606: | ||
Exists processors configuration: | Exists processors configuration: | ||
+ | |||
+ | ==== Bulk actions ==== | ||
+ | |||
+ | @since 10.6.0 | ||
+ | |||
+ | In the application profile ('' | ||
+ | Every bulk action could have his own configuration properties under prefix: | ||
+ | <code properties> | ||
+ | # disable / enable bulk action | ||
+ | idm.sec.< | ||
+ | </ | ||
+ | Where ''< | ||
+ | |||
+ | Common configuration properties for all bulk actions: | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
+ | * '' | ||
Line 608: | Line 685: | ||
==== Entity filters ==== | ==== Entity filters ==== | ||
In the application profile ('' | In the application profile ('' | ||
- | Every filter could have his own configuration properties under prefix: | + | |
+ | <code properties> | ||
+ | # Enable / disable check filter is properly registered, when filter is used (by entity and property name). | ||
+ | # Throws exception, when unrecognized filter is used. | ||
+ | idm.sec.core.filter.check.supported.enabled=true | ||
+ | # Check count of values exceeded given maximum. | ||
+ | # Related to database count of query parameters (e.g. Oracle = {@code 1000}, MSSql = {@code 2100}). | ||
+ | # Throws exception, when size is exceeded. Set to {@code -1} to disable this check. | ||
+ | idm.sec.core.filter.check.size.maximum=500 | ||
+ | </ | ||
+ | |||
+ | Every registered | ||
<code properties> | <code properties> | ||
- | # enable/ disable filter - enabled by default. When filter is disabled and property is filled in filter, then '' | + | # enable / disable filter - enabled by default. When filter is disabled and property is filled in filter, then '' |
idm.sec.< | idm.sec.< | ||
# filter implementation | # filter implementation | ||
Line 645: | Line 733: | ||
==== Authentication ==== | ==== Authentication ==== | ||
- | UUID of system, against which to user will be authenticated. | + | UUID of system, against which to user will be authenticated. This authentication is from version 10.4.0 deprecated. |
<code properties> | <code properties> | ||
# ID system against which to authenticate | # ID system against which to authenticate | ||
- | idm.sec.security.auth.systemId= | + | idm.sec.security.auth.system= |
</ | </ | ||
+ | |||
+ | Authentication against multiple system wich to user will be authenticated (since 10.4.0) - ID or Code can be used: | ||
+ | <code properties> | ||
+ | idm.sec.acc.security.auth.order1.system= | ||
+ | idm.sec.acc.security.auth.order2.system= | ||
+ | </ | ||
+ | |||
+ | Maximum system for authentication can be set with the property: | ||
+ | <code properties> | ||
+ | idm.sec.acc.security.auth.maximumSystemCount=50 | ||
+ | </ | ||
+ | |||
+ | More about authenticator can be found [[devel: | ||
=== Authentication filters === | === Authentication filters === | ||
Line 696: | Line 797: | ||
<code properties> | <code properties> | ||
- | # configuration | + | # Configuration |
+ | # Configured attachment storage patrh ( see ' | ||
idm.sec.core.backups.default.folder.path=/ | idm.sec.core.backups.default.folder.path=/ | ||
</ | </ | ||
Line 752: | Line 854: | ||
# - Default value is ' | # - Default value is ' | ||
idm.sec.acc.provisioning.allowedAutoMappingOnExistingAccount=true | idm.sec.acc.provisioning.allowedAutoMappingOnExistingAccount=true | ||
+ | |||
+ | # Default provisioning timeout in milis - every longer provisioning operations will ends with timeout exception (prevent to stuck running operations). | ||
+ | # 3 minutes by default. | ||
+ | # Timeout has to be configured >= 1000, otherwise default will be returned. | ||
+ | idm.sec.acc.provisioning.timeout=180000 | ||
</ | </ | ||
Line 843: | Line 950: | ||
==== Logger ==== | ==== Logger ==== | ||
- | In the application profile ('' | + | In the application profile ('' |
+ | |||
+ | <code properties> | ||
+ | # Show thread name configured by thread pools (task, event) in logs (generated name is shown otherwise) | ||
+ | # Two appenders | ||
+ | logging.pattern.console=%d{yyyy-MM-dd HH: | ||
+ | logging.pattern.file=%d{yyyy-MM-dd HH: | ||
+ | </ | ||
Logger levels can be configured programmatically (override '' | Logger levels can be configured programmatically (override '' | ||
+ | |||
+ | In the application profile ('' | ||
<code properties> | <code properties> |