Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
devel:documentation:application_configuration:dev:backend [2020/03/27 12:46] tomiskar [Identity] |
devel:documentation:application_configuration:dev:backend [2020/09/08 10:52] tomiskar [Application/ Server] |
||
---|---|---|---|
Line 12: | Line 12: | ||
* if the name of a configuration item contains the'' | * if the name of a configuration item contains the'' | ||
* It is better to use constants for keys, e.g. '' | * It is better to use constants for keys, e.g. '' | ||
- | |||
- | Cache is used for reading configuration values - default spring boot cache (ConcurrentHashMap) is configured for now. Value in cache is cleared by an active (save, delete) operation. | ||
- | |||
- | <note tip> | ||
- | If you are debugging some of code and are you figuring, something is wrong with the cache, then you can turn the cache off with property (in application.properties) | ||
- | <code properties> | ||
- | spring.cache.type=none | ||
- | </ | ||
- | </ | ||
==== Configure environment properties ==== | ==== Configure environment properties ==== | ||
Line 54: | Line 45: | ||
- | <note important> | + | [[https:// |
- | < | + | |
- | Initialization of bean failed; nested exception is java.lang.IllegalArgumentException: | + | |
- | </ | + | |
- | |||
- | [[https:// | ||
- | |||
- | < | ||
- | -Djava.util.Arrays.useLegacyMergeSort=true | ||
- | </ | ||
Line 91: | Line 73: | ||
# Show transaction identifiers (uuid) in frontend application | # Show transaction identifiers (uuid) in frontend application | ||
idm.pub.app.show.transactionId=false | idm.pub.app.show.transactionId=false | ||
- | # Show role environmnent | + | # Show role environment |
idm.pub.app.show.environment=true | idm.pub.app.show.environment=true | ||
+ | # Show role baseCode in frontend application for roles (table, role detail, niceLabel, info components, role select) | ||
+ | idm.pub.app.show.role.baseCode=true | ||
# Available size options for tables in frontend application | # Available size options for tables in frontend application | ||
idm.pub.app.show.sizeOptions=10, | idm.pub.app.show.sizeOptions=10, | ||
+ | # Show buttons for bulk actions in tables (0 = select box will be shown only). | ||
+ | # Count of quick access buttons for bulk actions in tables - the first count of bulk actions will be shown as button - next action will be rendered in drop down select box. | ||
+ | # Bulk action icon is required for quick access button - action without icon will be rendered in select box. | ||
+ | # Bulk action can enforce showing in quick access button (by bulk action configuration). | ||
+ | idm.pub.app.show.table.quickButton.count=5 | ||
+ | # Quick button for bulk actions in tables will be included in drop down select box too (available as button + menu item with text). | ||
+ | idm.pub.app.show.table.quickButton.menuIncluded=false | ||
# show default form for newly created user | # show default form for newly created user | ||
# default form can be disabled => at least one configured form projection is needed | # default form can be disabled => at least one configured form projection is needed | ||
idm.pub.app.show.identity.formProjection.default=true | idm.pub.app.show.identity.formProjection.default=true | ||
+ | # If is true, then role-request description will be show on the detail. | ||
+ | # Description will hidden if this property will be false and role request | ||
+ | # doesn' | ||
+ | idm.pub.app.show.roleRequest.description=true | ||
# | # | ||
# Private properties - used on backend only. | # Private properties - used on backend only. | ||
Line 105: | Line 100: | ||
# demo data was created - prevent to create demo data duplicitly | # demo data was created - prevent to create demo data duplicitly | ||
idm.sec.core.demo.data.created=false | idm.sec.core.demo.data.created=false | ||
- | # Enable forest index for tree structures | + | # Create init data at application start. Init data (product provided roles) are updated automatically with pruct updates. |
- | idm.sec.app.forest.index.enabled=true | + | # Set property to false to disable init data creation and updates. |
+ | idm.sec.core.init.data.enabled=true | ||
</ | </ | ||
Line 209: | Line 205: | ||
</ | </ | ||
+ | ==== Cache ==== | ||
- | ==== Attachment storage === | + | Cache is used for reading configuration values. Value in cache is cleared by an active (save, delete) operation. |
+ | |||
+ | In the application profile (application.properties): | ||
+ | |||
+ | |||
+ | |||
+ | <code properties> | ||
+ | # Disable cache | ||
+ | # If you are debugging some of code and are you figuring, something is wrong with the cache, then you can turn the cache off with property. | ||
+ | # | ||
+ | # | ||
+ | # Clusterred cache settings | ||
+ | # | ||
+ | idm.sec.cache.terracota.resource.name=main | ||
+ | idm.sec.cache.terracota.resource.pool.name=resource-pool | ||
+ | # Size in MB | ||
+ | idm.sec.cache.terracota.resource.pool.size=32 | ||
+ | </ | ||
+ | |||
+ | |||
+ | ==== Attachment storage | ||
'' | '' | ||
- | In the application profile (application.properties) and overloadable via '' | + | In the application profile (application.properties): |
+ | |||
+ | <code properties> | ||
+ | # Max file size of uploaded file. Values can use the suffixed " | ||
+ | # Application server (e.g. Tomcat " | ||
+ | spring.servlet.multipart.max-file-size=100MB | ||
+ | spring.servlet.multipart.max-request-size=100MB | ||
+ | |||
+ | </ | ||
+ | |||
+ | In the application profile (application.properties) and overloadable via '' | ||
<code properties> | <code properties> | ||
Line 235: | Line 262: | ||
</ | </ | ||
- | In the application profile (application.properties). | + | ==== Activiti workflow |
- | + | ||
- | <code properties> | + | |
- | # Max file size of uploaded file. Values can use the suffixed " | + | |
- | spring.servlet.multipart.max-file-size=100MB | + | |
- | spring.servlet.multipart.max-request-size=100MB | + | |
- | + | ||
- | </ | + | |
- | + | ||
- | ==== Activiti workflow === | + | |
<code properties> | <code properties> | ||
# String boot properties for Activiti workflow engine | # String boot properties for Activiti workflow engine | ||
Line 449: | Line 467: | ||
<code properties> | <code properties> | ||
# supports delete identity. Needed on FE (=> public) to render available bulk action in table | # supports delete identity. Needed on FE (=> public) to render available bulk action in table | ||
+ | # @deprecated @since 10.6.0 - action can be disabled by bulk action configurable api - use ' | ||
idm.pub.core.identity.delete=true | idm.pub.core.identity.delete=true | ||
# | # | ||
Line 475: | Line 494: | ||
# Needed on FE (=> public) | # Needed on FE (=> public) | ||
idm.pub.core.identity.dashboard.skip= | idm.pub.core.identity.dashboard.skip= | ||
- | # | ||
- | # supports authorization policies for extended form definitions and their values for identities | ||
- | # Default is false (backward compatibility) - all form definitions and attributes will be shown (controlled by permissions for identity - IDENTITY_READ / IDENTITY_UPDATE). | ||
- | # true - authorization policies will be evaluated (see https:// | ||
- | idm.sec.core.identity.formAttributes.secured=false | ||
</ | </ | ||
Line 502: | Line 516: | ||
<code properties> | <code properties> | ||
+ | # | ||
# Default user role will be added automatically, | # Default user role will be added automatically, | ||
# could contains default authorities and authority policies configuration | # could contains default authorities and authority policies configuration | ||
# for adding autocomplete or all record read permission etc. | # for adding autocomplete or all record read permission etc. | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
idm.sec.core.role.default=userRole | idm.sec.core.role.default=userRole | ||
+ | # | ||
# Admin user role | # Admin user role | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
idm.sec.core.role.admin=superAdminRole | idm.sec.core.role.admin=superAdminRole | ||
+ | # | ||
+ | # Helpdesk user role | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
+ | idm.sec.core.role.helpdesk=helpdeskRole | ||
+ | # | ||
+ | # User manager role | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
+ | idm.sec.core.role.userManager=userManagerRole | ||
+ | # | ||
+ | # Role manager role - role guarantee | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
+ | idm.sec.core.role.roleManager=roleManagerRole | ||
+ | # | ||
+ | # Virtual system implementer | ||
+ | # Role full code should be given (should contain environment, | ||
+ | # Role authorities are updated automatically, | ||
+ | idm.sec.vs.role.implementer=virtualSystemImplementerRole | ||
+ | # | ||
# Separator for the suffix with environment used in role code. | # Separator for the suffix with environment used in role code. | ||
# Look out: when separator is changed, then all roles should be updated (manually from ui, by scripted LRT or by change script). | # Look out: when separator is changed, then all roles should be updated (manually from ui, by scripted LRT or by change script). | ||
Line 623: | Line 664: | ||
==== Entity filters ==== | ==== Entity filters ==== | ||
In the application profile ('' | In the application profile ('' | ||
- | Every filter could have his own configuration properties under prefix: | + | |
+ | <code properties> | ||
+ | # Enable / disable check filter is properly registered, when filter is used (by entity and property name). Throw exeption, when unrecognised filter is used. | ||
+ | idm.sec.core.filter.check.supported.enabled=true | ||
+ | </ | ||
+ | |||
+ | Every registered | ||
<code properties> | <code properties> | ||
- | # enable/ disable filter - enabled by default. When filter is disabled and property is filled in filter, then '' | + | # enable / disable filter - enabled by default. When filter is disabled and property is filled in filter, then '' |
idm.sec.< | idm.sec.< | ||
# filter implementation | # filter implementation | ||
Line 660: | Line 707: | ||
==== Authentication ==== | ==== Authentication ==== | ||
- | UUID of system, against which to user will be authenticated. | + | UUID of system, against which to user will be authenticated. This authentication is from version 10.4.0 deprecated. |
<code properties> | <code properties> | ||
# ID system against which to authenticate | # ID system against which to authenticate | ||
- | idm.sec.security.auth.systemId= | + | idm.sec.security.auth.system= |
</ | </ | ||
+ | |||
+ | Authentication against multiple system wich to user will be authenticated (since 10.4.0) - ID or Code can be used: | ||
+ | <code properties> | ||
+ | idm.sec.acc.security.auth.order1.system= | ||
+ | idm.sec.acc.security.auth.order2.system= | ||
+ | </ | ||
+ | |||
+ | Maximum system for authentication can be set with the property: | ||
+ | <code properties> | ||
+ | idm.sec.acc.security.auth.maximumSystemCount=50 | ||
+ | </ | ||
+ | |||
+ | More about authenticator can be found [[devel: | ||
=== Authentication filters === | === Authentication filters === | ||
Line 863: | Line 923: | ||
==== Logger ==== | ==== Logger ==== | ||
- | In the application profile ('' | + | In the application profile ('' |
+ | |||
+ | <code properties> | ||
+ | # Show thread name configured by thread pools (task, event) in logs (generated name is shown otherwise) | ||
+ | # Two appenders | ||
+ | logging.pattern.console=%d{yyyy-MM-dd HH: | ||
+ | logging.pattern.file=%d{yyyy-MM-dd HH: | ||
+ | </ | ||
Logger levels can be configured programmatically (override '' | Logger levels can be configured programmatically (override '' | ||
+ | |||
+ | In the application profile ('' | ||
<code properties> | <code properties> |