Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
devel:documentation:application_configuration:dev:backend [2020/04/21 11:24]
tomiskar [Identity] 		devel:documentation:application_configuration:dev:backend [2020/09/01 05:33]
tomiskar [Authentication]
Line 45: Line 45:
  
  
-<note important>To prevent application startup fails due to Flyway error, property ''-Djava.util.Arrays.useLegacyMergeSort=true'' has to be added into environment properties. If property is not set, then application can fail on error: +[[https://proj.bcvsolutions.eu/ngidm/doku.php?id=help:czechidm_server_install_guide#vyber_profilu_aplikace|Add JAVA_OPTS parameters]]
-<code>Error creating bean with name 'flywayCore' defined in class path resource [eu/bcvsolutions/idm/core/config/flyway/CoreFlywayConfig.class]:  +
-Initialization of bean failed; nested exception is java.lang.IllegalArgumentException: Comparison method violates its general contract!</code> +
-</note>+
  
- 
-[[https://proj.bcvsolutions.eu/ngidm/doku.php?id=help:czechidm_server_install_guide#vyber_profilu_aplikace|Add JAVA_OPTS parameters]]: 
- 
-<code> 
--Djava.util.Arrays.useLegacyMergeSort=true 
-</code> 
  
  
Line 82: Line 73:
 # Show transaction identifiers (uuid) in frontend application  # Show transaction identifiers (uuid) in frontend application 
 idm.pub.app.show.transactionId=false idm.pub.app.show.transactionId=false
-# Show role environmnent in frontend application for roles (table, role detail, niceLabel, info components, role select) +# Show role environment in frontend application for roles (table, role detail, niceLabel, info components, role select) 
 idm.pub.app.show.environment=true idm.pub.app.show.environment=true
 +# Show role baseCode in frontend application for roles (table, role detail, niceLabel, info components, role select) 
 +idm.pub.app.show.role.baseCode=true
 # Available size options for tables in frontend application # Available size options for tables in frontend application
 idm.pub.app.show.sizeOptions=10, 25, 50, 100 idm.pub.app.show.sizeOptions=10, 25, 50, 100
Line 89: Line 82:
 # default form can be disabled => at least one configured form projection is needed # default form can be disabled => at least one configured form projection is needed
 idm.pub.app.show.identity.formProjection.default=true idm.pub.app.show.identity.formProjection.default=true
 +# If is true, then role-request description will be show on the detail.
 +# Description will hidden if this property will be false and role request
 +# doesn't contains any value in description (can be filled during the approval process).
 +idm.pub.app.show.roleRequest.description=true
 # #
 # Private properties - used on backend only. # Private properties - used on backend only.
Line 96: Line 93:
 # demo data was created - prevent to create demo data duplicitly # demo data was created - prevent to create demo data duplicitly
 idm.sec.core.demo.data.created=false idm.sec.core.demo.data.created=false
-Enable forest index for tree structures +Create init data at application start. Init data (product provided roles) are updated automatically with pruct updates. 
-idm.sec.app.forest.index.enabled=true+# Set property to false to disable init data creation and updates. 
 +idm.sec.core.init.data.enabled=true
 </code> </code>
  
Line 510: Line 508:
  
 <code properties> <code properties>
 +#
 # Default user role will be added automatically, after an identity is logged in # Default user role will be added automatically, after an identity is logged in
 # could contains default authorities and authority policies configuration # could contains default authorities and authority policies configuration
 # for adding autocomplete or all record read permission etc. # for adding autocomplete or all record read permission etc.
 +# Role full code should be given (should contain environment, if it is used).
 +# Role authorities are updated automatically, when new IdM version is installed.
 idm.sec.core.role.default=userRole idm.sec.core.role.default=userRole
 +#
 # Admin user role # Admin user role
 +# Role full code should be given (should contain environment, if it is used).
 +# Role authorities are updated automatically, when new IdM version is installed.
 idm.sec.core.role.admin=superAdminRole idm.sec.core.role.admin=superAdminRole
 +#
 +# Helpdesk user role
 +# Role full code should be given (should contain environment, if it is used).
 +# Role authorities are updated automatically, when new IdM version is installed.
 +idm.sec.core.role.helpdesk=helpdeskRole
 +#
 +# User manager role
 +# Role full code should be given (should contain environment, if it is used).
 +# Role authorities are updated automatically, when new IdM version is installed.
 +idm.sec.core.role.userManager=userManagerRole
 +#
 +# Role manager role - role guarantee
 +# Role full code should be given (should contain environment, if it is used).
 +# Role authorities are updated automatically, when new IdM version is installed.
 +idm.sec.core.role.roleManager=roleManagerRole
 +#
 +# Virtual system implementer  role - product provided role for implementers (approve vs request etc.).
 +# Role full code should be given (should contain environment, if it is used).
 +# Role authorities are updated automatically, when new IdM version is installed.
 +idm.sec.vs.role.implementer=virtualSystemImplementerRole
 +#
 # Separator for the suffix with environment used in role code. # Separator for the suffix with environment used in role code.
 # Look out: when separator is changed, then all roles should be updated (manually from ui, by scripted LRT or by change script). # Look out: when separator is changed, then all roles should be updated (manually from ui, by scripted LRT or by change script).
Line 631: Line 656:
 ==== Entity filters ==== ==== Entity filters ====
 In the application profile (''application.properties'') - overloadable via ''ConfigurationService''. In the application profile (''application.properties'') - overloadable via ''ConfigurationService''.
-Every filter could have his own configuration properties under prefix: + 
 +<code properties> 
 +# Enable / disable check filter is properly registered, when filter is used (by entity and property name). Throw exeption, when unrecognised filter is used. 
 +idm.sec.core.filter.check.supported.enabled=true 
 +</code> 
 + 
 +Every registered filter could have his own configuration properties under prefix: 
 <code properties> <code properties>
-# enable/ disable filter - enabled by default. When filter is disabled and property is filled in filter, then ''disjunction'' criteria is added => no data will be returned+# enable / disable filter - enabled by default. When filter is disabled and property is filled in filter, then ''disjunction'' criteria is added => no data will be returned
 idm.sec.<module>.filter.<entity>.<name>.enabled=true idm.sec.<module>.filter.<entity>.<name>.enabled=true
 # filter implementation # filter implementation
Line 668: Line 699:
  
 ==== Authentication ==== ==== Authentication ====
-UUID of system, against which to user will be authenticated.+UUID of system, against which to user will be authenticated. This authentication is from version 10.4.0 deprecated.
 <code properties> <code properties>
 # ID system against which to authenticate # ID system against which to authenticate
-idm.sec.security.auth.systemId=+idm.sec.security.auth.system=
 </code> </code>
 +
 +Authentication against multiple system wich to user will be authenticated (since 10.4.0) - ID or Code can be used:
 +<code properties>
 +idm.sec.acc.security.auth.order1.system=
 +idm.sec.acc.security.auth.order2.system=
 +</code>
 +
 +Maximum system for authentication can be set with the property:
 +<code properties>
 +idm.sec.acc.security.auth.maximumSystemCount=50
 +</code>
 +
 +More about authenticator can be found [[devel:documentation:security:dev:authentication|there]].
  
 === Authentication filters === === Authentication filters ===
  • by chalupat