-
Notifications
You must be signed in to change notification settings - Fork 2
Properties
WORK IN PROGRESS: This site is not ready for Sparkyservice v2.
Note: The application must be restarted after changes are made.
Description: This is the default properties file used by spring. It have to be in the classpath in order to run the application.
Decides which settings profile should be used and it provides some necessary properties which are set during development
Example:
spring.profiles.active=release
springdoc.version = 0.2
Description: The release profile is pre-defined in each release. It must be available on application startup and contains all necessary runtime settings.
Anything which is marked as "OPTIONAL" can be fully removed from the properties file
# MANDATORY
db:
name:
addr:
user:
password:
jwt:
secret: SECRET
# OPTIONAL
server:
port: 80
zuul:
routes:
stmgmt:
url: URL
acl: none
recovery:
enaled: false
password: PASSWORD
user: adminuser
ldap:
enabled: false
ad: true
basedn: null
url: null
userdn: null
debug: false
| Property | Description | Status | Default Value |
|---|---|---|---|
| server.port | Port to listen on | Optional | 8080 |
| Property | Description | Status | Default Value |
|---|---|---|---|
| spring.datasource.* | Database settings | Mandatory unless jpa.hibernate.ddl-auto is removed |
\ |
| spring.datasource.driver-class-name | Defines the driver class which is used* | \ |
*Supported Driver classes: org.postgresql.Driver and org.mariadb.jdbc.Driver
*Supported Dialects: org.hibernate.dialect.PostgreSQLDialect and `org.hibernate.dialect.MariaDBDialect
| Property | Description | Status | Default Value |
|---|---|---|---|
| recovery.enabled | Only a single memory user at a time is supported. | Boolean - Optional | false |
| recovery.user | Username which will be the MEMORY realm with full permissions |
Optional | user |
| recovery.password | Password used for authentication | Mandatory when enabled | \ |
Note: The recovery user can access all application functions. The password can't be overridden through the local database nor any other administrator can demote this user. After the first setup you probably want to promote other users to the admin state and disable the recovery user afterwards in the settings.
Sparkyservice (v2) supports only ActiveDirectory LDAP connections.
| Property | Description | Status | Default Value |
|---|---|---|---|
| ldap.ad | Describes the underlying LDAP implementation. It should be true when Windows Active Directories (AD) are used. | Optional | false |
| ldap.basedn | Search basedn gives the domains of the user (dc=example,dc=org). Must be a normal domain when used with AD enabled (example.org) | Mandatory when AD is used | Mandatory |
| lda.url | Full LDAP Connection URL with port (ldap://IP:PORT) | Mandatory | \ |
| ldap.userdn | Bind DN or User. Can be used to authenticate at the LDAP server | Optional | \ |
Unused configuration values:
| Property | Description | Status | Default Value |
|---|---|---|---|
| ldap.username | Currently not used with AD | Optional | \ |
| ldap.password | Currently not used with AD | Optional | \ |
| Property | Description | Status | Default Value |
|---|---|---|---|
| zuul.routes.CUSTOMROUTE.url | Defines a new route. /customroute is route to the given value |
Optional | \ |
| zuu.routes.CUSTOMROUTE.acl | User list which are allowed to access the given path (here: /customroute/**) |
Optional | "none" |
In this section, it is possible to define routing paths. Define a new route entry by appending the prefix with the desired path: zuul.routing.newpath.url=http://example.com.
Through this, all connections from "thisproject.com/newpath" will be redirected to "example.com".
To forward a request inside the same project (/web server) use the forward: modifier. Example:
zuul.routing.newpath.url=forward:/api/v0/authenticat
Further explanation of Proxy function under Proxy
The protections setting defines a set of users which are allowed to access a configured path. By appending the keyword acl followed by a comma separated user list:
zuul.routes.stmgmt.acl = test@MEMORY,test1@LDAP
Note: The realm of the user behind the "@" symbol must be provided. No whitespaces are allowed.
A user gets access to this path if he is authenticated with a JWT token described here
Supported options are:
none<name>@<realm>- Or just an empty setting.
- No setting
| Property | Description | Status | Default Value |
|---|---|---|---|
| jwt.issuer | Arbitrary information about the token issuer | Optional | Empty |
| jwt.audience | Arbitrary information about the token issuer | Optional | Empty |