Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
devel:documentation:application_configuration:dev:backend [2020/04/06 10:33]
tomiskar [Attachment storage] 		devel:documentation:application_configuration:dev:backend [2020/09/03 10:00]
tomiskar [Application/ Server]
Line 12: Line 12:
   * if the name of a configuration item contains the''password'' or ''token'' chain, the value of the configuration item is hidden in the rest interface listing (or rather replaced with substitute characters).   * if the name of a configuration item contains the''password'' or ''token'' chain, the value of the configuration item is hidden in the rest interface listing (or rather replaced with substitute characters).
   * It is better to use constants for keys, e.g. ''ConfigurationService.IDM\_PUBLIC\_PROPERTY\_PREFIX + "core.identity.delete"'' - using seperator constant in key name suffix is not preferred - constant can be simply found by key suffix ("ctrl-f" + "core.identity.delete").    * It is better to use constants for keys, e.g. ''ConfigurationService.IDM\_PUBLIC\_PROPERTY\_PREFIX + "core.identity.delete"'' - using seperator constant in key name suffix is not preferred - constant can be simply found by key suffix ("ctrl-f" + "core.identity.delete"). 
- 
-Cache is used for reading configuration values - default spring boot cache (ConcurrentHashMap) is configured for now. Value in cache is cleared by an active (save, delete) operation. 
- 
-<note tip> 
-If you are debugging some of code and are you figuring, something is wrong with the cache, then you can turn the cache off with property (in application.properties) 
-<code properties> 
-spring.cache.type=none 
-</code> 
-</note> 
  
 ==== Configure environment properties ==== ==== Configure environment properties ====
Line 54: Line 45:
  
  
-<note important>To prevent application startup fails due to Flyway error, property ''-Djava.util.Arrays.useLegacyMergeSort=true'' has to be added into environment properties. If property is not set, then application can fail on error: +[[https://proj.bcvsolutions.eu/ngidm/doku.php?id=help:czechidm_server_install_guide#vyber_profilu_aplikace|Add JAVA_OPTS parameters]]
-<code>Error creating bean with name 'flywayCore' defined in class path resource [eu/bcvsolutions/idm/core/config/flyway/CoreFlywayConfig.class]:  +
-Initialization of bean failed; nested exception is java.lang.IllegalArgumentException: Comparison method violates its general contract!</code> +
-</note>+
  
- 
-[[https://proj.bcvsolutions.eu/ngidm/doku.php?id=help:czechidm_server_install_guide#vyber_profilu_aplikace|Add JAVA_OPTS parameters]]: 
- 
-<code> 
--Djava.util.Arrays.useLegacyMergeSort=true 
-</code> 
  
  
Line 91: Line 73:
 # Show transaction identifiers (uuid) in frontend application  # Show transaction identifiers (uuid) in frontend application 
 idm.pub.app.show.transactionId=false idm.pub.app.show.transactionId=false
-# Show role environmnent in frontend application for roles (table, role detail, niceLabel, info components, role select) +# Show role environment in frontend application for roles (table, role detail, niceLabel, info components, role select) 
 idm.pub.app.show.environment=true idm.pub.app.show.environment=true
 +# Show role baseCode in frontend application for roles (table, role detail, niceLabel, info components, role select) 
 +idm.pub.app.show.role.baseCode=true
 # Available size options for tables in frontend application # Available size options for tables in frontend application
 idm.pub.app.show.sizeOptions=10, 25, 50, 100 idm.pub.app.show.sizeOptions=10, 25, 50, 100
 +# Show buttons for bulk actions in tables (0 = select box will be shown only).
 +# Maximum count of quick access buttons for bulk actions in tables - next action will be rendered in drop down select box.
 +# Bulk action icon is required for quick access button - action without icon will be rendered in select box.
 +idm.pub.app.show.table.quickAccessButton.maxCount=5
 # show default form for newly created user  # show default form for newly created user 
 # default form can be disabled => at least one configured form projection is needed # default form can be disabled => at least one configured form projection is needed
 idm.pub.app.show.identity.formProjection.default=true idm.pub.app.show.identity.formProjection.default=true
 +# If is true, then role-request description will be show on the detail.
 +# Description will hidden if this property will be false and role request
 +# doesn't contains any value in description (can be filled during the approval process).
 +idm.pub.app.show.roleRequest.description=true
 # #
 # Private properties - used on backend only. # Private properties - used on backend only.
Line 105: Line 97:
 # demo data was created - prevent to create demo data duplicitly # demo data was created - prevent to create demo data duplicitly
 idm.sec.core.demo.data.created=false idm.sec.core.demo.data.created=false
-Enable forest index for tree structures +Create init data at application start. Init data (product provided roles) are updated automatically with pruct updates. 
-idm.sec.app.forest.index.enabled=true+# Set property to false to disable init data creation and updates. 
 +idm.sec.core.init.data.enabled=true
 </code> </code>
  
Line 209: Line 202:
 </code> </code>
  
 +==== Cache ====
  
-==== Attachment storage ===+Cache is used for reading configuration values. Value in cache is cleared by an active (save, delete) operation. 
 + 
 +In the application profile (application.properties): 
 + 
 + 
 + 
 +<code properties> 
 +# Disable cache 
 +# If you are debugging some of code and are you figuring, something is wrong with the cache, then you can turn the cache off with property. 
 +#spring.cache.type=none 
 +
 +# Clusterred cache settings 
 +#idm.sec.cache.terracota.url=localhost:9410,localhost:9420 
 +idm.sec.cache.terracota.resource.name=main 
 +idm.sec.cache.terracota.resource.pool.name=resource-pool 
 +# Size in MB 
 +idm.sec.cache.terracota.resource.pool.size=32 
 +</code> 
 + 
 + 
 +==== Attachment storage ====
  
 ''DefaultAttachmentManager'' stores binary files on file system. Binary files can be attached to any entity, which implements ''AttachableEntity'' interface, [[..:..:modules_rpt:dev:attachment_manager| read more]]. ''DefaultAttachmentManager'' stores binary files on file system. Binary files can be attached to any entity, which implements ''AttachableEntity'' interface, [[..:..:modules_rpt:dev:attachment_manager| read more]].
  
-In the application profile (application.properties).+In the application profile (application.properties):
  
 <code properties> <code properties>
Line 224: Line 238:
 </code> </code>
  
-In the application profile (application.properties) and overloadable via ''ConfigurationService''+In the application profile (application.properties) and overloadable via ''ConfigurationService'':
  
 <code properties> <code properties>
Line 245: Line 259:
 </code> </code>
  
-==== Activiti workflow ===+==== Activiti workflow ====
 <code properties> <code properties>
 # String boot properties for Activiti workflow engine # String boot properties for Activiti workflow engine
Line 476: Line 490:
 # Needed on FE (=> public)  # Needed on FE (=> public) 
 idm.pub.core.identity.dashboard.skip= idm.pub.core.identity.dashboard.skip=
-# 
-# supports authorization policies for extended form definitions and their values for identities 
-# Default is false (backward compatibility) - all form definitions and attributes will be shown (controlled by permissions for identity - IDENTITY_READ / IDENTITY_UPDATE). 
-# true - authorization policies will be evaluated (see https://wiki.czechidm.com/devel/documentation/security/dev/authorization#secure_identity_form_extended_attribute_values) for form definitions (FORMDEFINITION_AUTOCOMPLETE is needed to show form definition) and for form values (FORMVALUE_UPDATE)  
-idm.sec.core.identity.formAttributes.secured=false 
  
 </code> </code>
Line 503: Line 512:
  
 <code properties> <code properties>
 +#
 # Default user role will be added automatically, after an identity is logged in # Default user role will be added automatically, after an identity is logged in
 # could contains default authorities and authority policies configuration # could contains default authorities and authority policies configuration
 # for adding autocomplete or all record read permission etc. # for adding autocomplete or all record read permission etc.
 +# Role full code should be given (should contain environment, if it is used).
 +# Role authorities are updated automatically, when new IdM version is installed.
 idm.sec.core.role.default=userRole idm.sec.core.role.default=userRole
 +#
 # Admin user role # Admin user role
 +# Role full code should be given (should contain environment, if it is used).
 +# Role authorities are updated automatically, when new IdM version is installed.
 idm.sec.core.role.admin=superAdminRole idm.sec.core.role.admin=superAdminRole
 +#
 +# Helpdesk user role
 +# Role full code should be given (should contain environment, if it is used).
 +# Role authorities are updated automatically, when new IdM version is installed.
 +idm.sec.core.role.helpdesk=helpdeskRole
 +#
 +# User manager role
 +# Role full code should be given (should contain environment, if it is used).
 +# Role authorities are updated automatically, when new IdM version is installed.
 +idm.sec.core.role.userManager=userManagerRole
 +#
 +# Role manager role - role guarantee
 +# Role full code should be given (should contain environment, if it is used).
 +# Role authorities are updated automatically, when new IdM version is installed.
 +idm.sec.core.role.roleManager=roleManagerRole
 +#
 +# Virtual system implementer  role - product provided role for implementers (approve vs request etc.).
 +# Role full code should be given (should contain environment, if it is used).
 +# Role authorities are updated automatically, when new IdM version is installed.
 +idm.sec.vs.role.implementer=virtualSystemImplementerRole
 +#
 # Separator for the suffix with environment used in role code. # Separator for the suffix with environment used in role code.
 # Look out: when separator is changed, then all roles should be updated (manually from ui, by scripted LRT or by change script). # Look out: when separator is changed, then all roles should be updated (manually from ui, by scripted LRT or by change script).
Line 624: Line 660:
 ==== Entity filters ==== ==== Entity filters ====
 In the application profile (''application.properties'') - overloadable via ''ConfigurationService''. In the application profile (''application.properties'') - overloadable via ''ConfigurationService''.
-Every filter could have his own configuration properties under prefix: + 
 +<code properties> 
 +# Enable / disable check filter is properly registered, when filter is used (by entity and property name). Throw exeption, when unrecognised filter is used. 
 +idm.sec.core.filter.check.supported.enabled=true 
 +</code> 
 + 
 +Every registered filter could have his own configuration properties under prefix: 
 <code properties> <code properties>
-# enable/ disable filter - enabled by default. When filter is disabled and property is filled in filter, then ''disjunction'' criteria is added => no data will be returned+# enable / disable filter - enabled by default. When filter is disabled and property is filled in filter, then ''disjunction'' criteria is added => no data will be returned
 idm.sec.<module>.filter.<entity>.<name>.enabled=true idm.sec.<module>.filter.<entity>.<name>.enabled=true
 # filter implementation # filter implementation
Line 661: Line 703:
  
 ==== Authentication ==== ==== Authentication ====
-UUID of system, against which to user will be authenticated.+UUID of system, against which to user will be authenticated. This authentication is from version 10.4.0 deprecated.
 <code properties> <code properties>
 # ID system against which to authenticate # ID system against which to authenticate
-idm.sec.security.auth.systemId=+idm.sec.security.auth.system=
 </code> </code>
 +
 +Authentication against multiple system wich to user will be authenticated (since 10.4.0) - ID or Code can be used:
 +<code properties>
 +idm.sec.acc.security.auth.order1.system=
 +idm.sec.acc.security.auth.order2.system=
 +</code>
 +
 +Maximum system for authentication can be set with the property:
 +<code properties>
 +idm.sec.acc.security.auth.maximumSystemCount=50
 +</code>
 +
 +More about authenticator can be found [[devel:documentation:security:dev:authentication|there]].
  
 === Authentication filters === === Authentication filters ===
Line 864: Line 919:
 ==== Logger ==== ==== Logger ====
  
-In the application profile (''application.properties''- overloadable via ''ConfigurationService''.+In the application profile (''application.properties'')
 + 
 +<code properties> 
 +# Show thread name configured by thread pools (task, event) in logs (generated name is shown otherwise) 
 +# Two appenders 'consoleand 'fileare provided by product. Same configuration is needed for your custom appenders (added in logback.xml). 
 +logging.pattern.console=%d{yyyy-MM-dd HH:mm:ss.SSS} %5level %relative --- [%thread] %logger{36}.%M : %msg%n 
 +logging.pattern.file=%d{yyyy-MM-dd HH:mm:ss.SSS} %5level %relative --- [%thread] %logger{36}.%M : %msg%n 
 +</code>
  
 Logger levels can be configured programmatically (override ''logback.xml'' file with default logger levels configuration). Logger levels can be configured programmatically (override ''logback.xml'' file with default logger levels configuration).
 +
 +In the application profile (''application.properties'') - overloadable via ''ConfigurationService'':
  
 <code properties> <code properties>
  • by chalupat