Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:application_configuration:dev:backend [2020/03/06 08:42] tomiskar [Provisioning] |
devel:documentation:application_configuration:dev:backend [2020/08/11 12:40] tomiskar [Application/ Server] |
||
---|---|---|---|
Line 12: | Line 12: | ||
* if the name of a configuration item contains the'' | * if the name of a configuration item contains the'' | ||
* It is better to use constants for keys, e.g. '' | * It is better to use constants for keys, e.g. '' | ||
- | |||
- | Cache is used for reading configuration values - default spring boot cache (ConcurrentHashMap) is configured for now. Value in cache is cleared by an active (save, delete) operation. | ||
- | |||
- | <note tip> | ||
- | If you are debugging some of code and are you figuring, something is wrong with the cache, then you can turn the cache off with property (in application.properties) | ||
- | <code properties> | ||
- | spring.cache.type=none | ||
- | </ | ||
- | </ | ||
==== Configure environment properties ==== | ==== Configure environment properties ==== | ||
Line 54: | Line 45: | ||
- | <note important> | + | [[https:// |
- | < | + | |
- | Initialization of bean failed; nested exception is java.lang.IllegalArgumentException: | + | |
- | </ | + | |
- | |||
- | [[https:// | ||
- | |||
- | < | ||
- | -Djava.util.Arrays.useLegacyMergeSort=true | ||
- | </ | ||
Line 91: | Line 73: | ||
# Show transaction identifiers (uuid) in frontend application | # Show transaction identifiers (uuid) in frontend application | ||
idm.pub.app.show.transactionId=false | idm.pub.app.show.transactionId=false | ||
- | # Show role environmnent | + | # Show role environment |
idm.pub.app.show.environment=true | idm.pub.app.show.environment=true | ||
+ | # Show role baseCode in frontend application for roles (table, role detail, niceLabel, info components, role select) | ||
+ | idm.pub.app.show.role.baseCode=true | ||
# Available size options for tables in frontend application | # Available size options for tables in frontend application | ||
idm.pub.app.show.sizeOptions=10, | idm.pub.app.show.sizeOptions=10, | ||
+ | # show default form for newly created user | ||
+ | # default form can be disabled => at least one configured form projection is needed | ||
+ | idm.pub.app.show.identity.formProjection.default=true | ||
+ | # If is true, then role-request description will be show on the detail. | ||
+ | # Description will hidden if this property will be false and role request | ||
+ | # doesn' | ||
+ | idm.pub.app.show.roleRequest.description=true | ||
# | # | ||
# Private properties - used on backend only. | # Private properties - used on backend only. | ||
Line 102: | Line 93: | ||
# demo data was created - prevent to create demo data duplicitly | # demo data was created - prevent to create demo data duplicitly | ||
idm.sec.core.demo.data.created=false | idm.sec.core.demo.data.created=false | ||
- | # Enable forest index for tree structures | + | # Create init data at application start. Init data (product provided roles) are updated automatically with pruct updates. |
- | idm.sec.app.forest.index.enabled=true | + | # Set property to false to disable init data creation and updates. |
+ | idm.sec.core.init.data.enabled=true | ||
</ | </ | ||
Line 206: | Line 198: | ||
</ | </ | ||
+ | ==== Cache ==== | ||
- | ==== Attachment storage === | + | Cache is used for reading configuration values. Value in cache is cleared by an active (save, delete) operation. |
+ | |||
+ | In the application profile (application.properties): | ||
+ | |||
+ | |||
+ | |||
+ | <code properties> | ||
+ | # Disable cache | ||
+ | # If you are debugging some of code and are you figuring, something is wrong with the cache, then you can turn the cache off with property. | ||
+ | # | ||
+ | # | ||
+ | # Clusterred cache settings | ||
+ | # | ||
+ | idm.sec.cache.terracota.resource.name=main | ||
+ | idm.sec.cache.terracota.resource.pool.name=resource-pool | ||
+ | # Size in MB | ||
+ | idm.sec.cache.terracota.resource.pool.size=32 | ||
+ | </ | ||
+ | |||
+ | |||
+ | ==== Attachment storage | ||
'' | '' | ||
- | In the application profile (application.properties) and overloadable via '' | + | In the application profile (application.properties): |
+ | |||
+ | <code properties> | ||
+ | # Max file size of uploaded file. Values can use the suffixed " | ||
+ | # Application server (e.g. Tomcat " | ||
+ | spring.servlet.multipart.max-file-size=100MB | ||
+ | spring.servlet.multipart.max-request-size=100MB | ||
+ | |||
+ | </ | ||
+ | |||
+ | In the application profile (application.properties) and overloadable via '' | ||
<code properties> | <code properties> | ||
Line 232: | Line 255: | ||
</ | </ | ||
- | In the application profile (application.properties). | + | ==== Activiti workflow |
- | + | ||
- | <code properties> | + | |
- | # | + | |
- | # Max file size of uploaded file. Values can use the suffixed " | + | |
- | multipart.max-file-size=100Mb | + | |
- | + | ||
- | </ | + | |
- | + | ||
- | ==== Activiti workflow === | + | |
<code properties> | <code properties> | ||
# String boot properties for Activiti workflow engine | # String boot properties for Activiti workflow engine | ||
Line 278: | Line 292: | ||
# - recaptchaservice endpoint | # - recaptchaservice endpoint | ||
idm.sec.security.recaptcha.url=https:// | idm.sec.security.recaptcha.url=https:// | ||
- | # - secret key, can be generated here https:// | + | # - secret key, can be generated here https:// |
# - test secret key: https:// | # - test secret key: https:// | ||
idm.sec.security.recaptcha.secretKey=xxx | idm.sec.security.recaptcha.secretKey=xxx | ||
Line 418: | Line 432: | ||
# When queueCapacity is full, then new threads are created from corePoolSize to maxPoolSize. | # When queueCapacity is full, then new threads are created from corePoolSize to maxPoolSize. | ||
scheduler.task.executor.maxPoolSize= | scheduler.task.executor.maxPoolSize= | ||
- | # Waiting tasks to be processed. Uses {@code Integer.MAX_VALUE} | + | # Waiting tasks to be processed. Uses 20 as default. {@link LinkedBlockingQueue} is used for queue => capacity is initialized dynamically. |
- | # {@link AbotrPolicy} is set for rejected tasks. | + | # {@link AbotrPolicy} is set for rejected tasks - reject exception has to be processed by a caller ({@link LongRunningTaskManager}). |
- | scheduler.task.executor.queueCapacity= | + | scheduler.task.executor.queueCapacity=20 |
# Thread priority for threads in event executor pool - 5 by default (normal). | # Thread priority for threads in event executor pool - 5 by default (normal). | ||
scheduler.task.executor.threadPriority= | scheduler.task.executor.threadPriority= | ||
Line 434: | Line 448: | ||
scheduler.event.executor.maxPoolSize= | scheduler.event.executor.maxPoolSize= | ||
# Waiting events to be processed. Uses 50 as default - prevent to prepare events repetitively and use additional threads till maxPoolSize. {@link LinkedBlockingQueue} is used for queue => capacity is initialized dynamically. | # Waiting events to be processed. Uses 50 as default - prevent to prepare events repetitively and use additional threads till maxPoolSize. {@link LinkedBlockingQueue} is used for queue => capacity is initialized dynamically. | ||
- | # {@link AbotrPolicy} is set for rejected tasks. | + | # {@link AbotrPolicy} is set for rejected tasks - reject exception has to be processed by a caller ({@link EntityEventManager}). |
scheduler.event.executor.queueCapacity=50 | scheduler.event.executor.queueCapacity=50 | ||
# Thread priority for threads in event executor pool - 6 by default (a little higher priority than normal 5). | # Thread priority for threads in event executor pool - 6 by default (a little higher priority than normal 5). | ||
Line 453: | Line 467: | ||
# CUSTOM - users can choose for which accounts change password | # CUSTOM - users can choose for which accounts change password | ||
# Needed on FE (=> public) | # Needed on FE (=> public) | ||
- | idm.pub.core.identity.passwordChange=ALL_ONLY | + | idm.pub.core.identity.passwordChange=CUSTOM |
# | # | ||
# required old password for change password. | # required old password for change password. | ||
Line 472: | Line 486: | ||
# Needed on FE (=> public) | # Needed on FE (=> public) | ||
idm.pub.core.identity.dashboard.skip= | idm.pub.core.identity.dashboard.skip= | ||
- | # | ||
- | # supports authorization policies for extended form definitions and their values for identities | ||
- | # Default is false (backward compatibility) - all form definitions and attributes will be shown (controlled by permissions for identity - IDENTITY_READ / IDENTITY_UPDATE). | ||
- | # true - authorization policies will be evaluated (see https:// | ||
- | idm.sec.core.identity.formAttributes.secured=false | ||
</ | </ | ||
Line 502: | Line 511: | ||
# could contains default authorities and authority policies configuration | # could contains default authorities and authority policies configuration | ||
# for adding autocomplete or all record read permission etc. | # for adding autocomplete or all record read permission etc. | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
idm.sec.core.role.default=userRole | idm.sec.core.role.default=userRole | ||
# Admin user role | # Admin user role | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
idm.sec.core.role.admin=superAdminRole | idm.sec.core.role.admin=superAdminRole | ||
# Separator for the suffix with environment used in role code. | # Separator for the suffix with environment used in role code. | ||
Line 620: | Line 633: | ||
==== Entity filters ==== | ==== Entity filters ==== | ||
In the application profile ('' | In the application profile ('' | ||
- | Every filter could have his own configuration properties under prefix: | + | |
+ | <code properties> | ||
+ | # Enable / disable check filter is properly registered, when filter is used (by entity and property name). Throw exeption, when unrecognised filter is used. | ||
+ | idm.sec.core.filter.check.supported.enabled=true | ||
+ | </ | ||
+ | |||
+ | Every registered | ||
<code properties> | <code properties> | ||
- | # enable/ disable filter - enabled by default. When filter is disabled and property is filled in filter, then '' | + | # enable / disable filter - enabled by default. When filter is disabled and property is filled in filter, then '' |
idm.sec.< | idm.sec.< | ||
# filter implementation | # filter implementation | ||
Line 657: | Line 676: | ||
==== Authentication ==== | ==== Authentication ==== | ||
- | UUID of system, against which to user will be authenticated. | + | UUID of system, against which to user will be authenticated. This authentication is from version 10.4.0 deprecated. |
<code properties> | <code properties> | ||
# ID system against which to authenticate | # ID system against which to authenticate | ||
idm.sec.security.auth.systemId= | idm.sec.security.auth.systemId= | ||
</ | </ | ||
+ | |||
+ | Authentication against multiple system wich to user will be authenticated (since 10.4.0) - ID or Code can be used: | ||
+ | <code properties> | ||
+ | idm.sec.acc.security.auth.order1.system= | ||
+ | idm.sec.acc.security.auth.order2.system= | ||
+ | </ | ||
+ | |||
+ | Maximum system for authentication can be set with the property: | ||
+ | <code properties> | ||
+ | idm.sec.acc.security.auth.maximumSystemCount=50 | ||
+ | </ | ||
+ | |||
+ | More about authenticator can be found [[devel: | ||
=== Authentication filters === | === Authentication filters === | ||
Line 860: | Line 892: | ||
==== Logger ==== | ==== Logger ==== | ||
- | In the application profile ('' | + | In the application profile ('' |
+ | |||
+ | <code properties> | ||
+ | # Show thread name configured by thread pools (task, event) in logs (generated name is shown otherwise) | ||
+ | # Two appenders | ||
+ | logging.pattern.console=%d{yyyy-MM-dd HH: | ||
+ | logging.pattern.file=%d{yyyy-MM-dd HH: | ||
+ | </ | ||
Logger levels can be configured programmatically (override '' | Logger levels can be configured programmatically (override '' | ||
+ | |||
+ | In the application profile ('' | ||
<code properties> | <code properties> |