distribution/ddf-common/src/main/resources-filtered/etc/custom.system.properties

#
# The properties defined in this file will be made available through system
# properties at the very beginning of the Karaf's boot process.
#

# DDF Environment Settings
ddf.etc=${karaf.etc}
ddf.data=${karaf.data}
derby.system.home=${karaf.home}/data/derby

#
# Keystore and Truststore Java Properties
#
javax.net.ssl.keyStore=etc/keystores/serverKeystore.jks
javax.net.ssl.keyStorePassword=changeit
javax.net.ssl.trustStore=etc/keystores/serverTruststore.jks
javax.net.ssl.trustStorePassword=changeit
javax.net.ssl.keyStoreType=jks
javax.net.ssl.trustStoreType=jks

#
# Keyset Properties
#
keyset.dir=${ddf.etc}/keysets
associated.data.path=${ddf.etc}/associatedData.properties

#
# Headless Configuration
#

# Forces java to run in headless mode for when the server doesn't have a display device
#java.awt.headless=true


#
# Global URL Properties
#
# The httpsPort and httpPort are the ports that the system will run on
org.codice.ddf.system.protocol=https://
org.codice.ddf.system.hostname=localhost
org.codice.ddf.system.httpsPort=8993
org.codice.ddf.system.httpPort=8181
org.codice.ddf.system.port=_DO_NOT_EXPAND_${org.codice.ddf.system.httpsPort}
org.codice.ddf.system.rootContext=/services
# external properties are useful when DDF is behind a proxy and
# the URL a user sees is different than the local url DDF uses
org.codice.ddf.external.protocol=_DO_NOT_EXPAND_${org.codice.ddf.system.protocol}
org.codice.ddf.external.hostname=_DO_NOT_EXPAND_${org.codice.ddf.system.hostname}
org.codice.ddf.external.httpsPort=_DO_NOT_EXPAND_${org.codice.ddf.system.httpsPort}
org.codice.ddf.external.httpPort=_DO_NOT_EXPAND_${org.codice.ddf.system.httpPort}
org.codice.ddf.external.port=_DO_NOT_EXPAND_${org.codice.ddf.external.httpsPort}
org.codice.ddf.external.context=

# Whether or not CSRF filtering should be enabled. This should only be disabled for testing and
# debugging purposes, otherwise the system will be left insecure.
csrf.enabled=true

# Comma separated list of host/port combinations that can be trusted to make requests to DDF.
csrf.trustedAuthorities=

#
# System Information Properties
#
org.codice.ddf.system.branding=${branding-lowercase}
org.codice.ddf.system.siteName=${sitename.default}
org.codice.ddf.system.siteContact=
org.codice.ddf.system.version=${project.version}
org.codice.ddf.system.organization=${organization.name}
org.codice.ddf.system.registry-id=

#
# Solr Provider Configuration
#
solr.data.dir=_DO_NOT_EXPAND_${karaf.home}/data/solr

# Solr Cloud Provider
solr.client=CloudSolrClient
solr.cloud.zookeeper=localhost:2181

solr.useBasicAuth=false
solr.username=admin
solr.password=admin

# Comma-separated list of fields to expand to when a query use the anytext field
solr.query.anytext.fields=metadata,title,description,ext.extracted.text

# Comma-separated list of metacard types that do not support optimistic updates.
solr.commit.nrt.metacardTypes=workspace,metacard.query,metacard.list,query-template,attribute-group,resource-note

# Comma-separated list of metacard fields that should never show up as search result highlights
solr.highlight.blacklist=metacard-tags
solr.highlight.enabled=false
# solr.highlight.anytext.expand=false
# solr.highlight.config.file=etc/solr-highlighter.properties

# Whether or not case-insensitive sorting is enabled
solr.query.sort.caseInsensitive=true

#
# Thread Pool Settings
#

# Size of thread pool used for handling UI queries, federating requests, and downloading resources
# See "Configuring Thread Pools" under "Managing" documentation.
org.codice.ddf.system.threadPoolSize=128

#
# Security Manager Settings
#

#
# Admins can uncomment the following 6 lines and comment out the other definitions of
# the security manager properties in order to determine any missing security permissions
# should they install third-party bundles requiring additional access.
#
# Please note that turning on the PolicyFileGeneratorJSM has the side-effect of turning off
# security on your system. It should be used with caution, only to ascertain missing
# permissions to be added to the default.policy file.
#
# N.B. The use of the double equals on the 'java.security.policy' property is intentional.
# See http://docs.oracle.com/javase/7/docs/technotes/guides/security/PolicyFiles.html#DefaultLocs
# for more information.
#
# prograde.generated.policy=${karaf.home}/generated.policy
# prograde.use.own.policy=true
# policy.provider=net.sourceforge.prograde.policy.ProGradePolicy
# java.security.manager=net.sourceforge.prograde.sm.PolicyFileGeneratorJSM
# proGrade.getPermissions.override=sun.rmi.server.LoaderHandler:loadClass,org.apache.jasper.compiler.JspRuntimeContext:initSecurity

# policy.provider=net.sourceforge.prograde.policy.ProGradePolicy
# java.security.manager=net.sourceforge.prograde.sm.ProGradeJSM
# java.security.policy==${karaf.etc}/all.policy
# proGrade.getPermissions.override=sun.rmi.server.LoaderHandler:loadClass,org.apache.jasper.compiler.JspRuntimeContext:initSecurity


#
# HTTPS Specific Settings
#

# If making a Secure Connection not leveraging the HTTPS Java libraries and classes (e.g. if you
# are using secure sockets directly) then you will have to set this directly
https.cipherSuites=TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

# If using the JCE unlimited strength policy, uncomment this and use it instead.
#https.cipherSuites=TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

https.protocols=TLSv1.2,TLSv1.3
jdk.tls.client.protocols=TLSv1.2,TLSv1.3
jdk.tls.ephemeralDHKeySize=matched


#
# File Upload Settings
#

# Files uploaded with these bad file extensions or names will have their file names sanitized
# before being saved
bad.file.extensions=.exe,.jsp,.html,.js,.php,.phtml,.php3,.php4,.php5,.phps,.shtml,.jhtml,.pl,.py,.cgi,.msi,.com,.scr,.gadget,.application,.pif,.hta,.cpl,.msc,.jar,.kar,.bat,.cmd,.vb,.vbs,.vbe,.jse,.ws,.wsf,.wsc,.wsh,.ps1,.ps1xml,.ps2,.ps2xml,.psc1,.psc2,.msh,.msh1,.msh2,.mshxml,.msh1xml,.msh2xml,.scf,.lnk,.inf,.reg,.dll,.vxd,.cpl,.cfg,.config,.crt,.cert,.pem,.jks,.p12,.p7b,.key,.der,.csr,.jsb,.mhtml,.mht,.xhtml,.xht,.tmp
bad.files=crossdomain.xml,clientaccesspolicy.xml,.htaccess,.htpasswd,hosts,passwd,group,resolv.conf,nfs.conf,ftpd.conf,ntp.conf,web.config,robots.txt

# Files uploaded matching these mime types will be excluded from being stored
bad.mime.types=text/html,text/javascript,text/x-javascript,application/x-shellscript,text/scriptlet,application/x-msdownload,application/x-msmetafile

# Files uploaded matching these file names will be excluded from being stored
ignore.files=.DS_Store,Thumbs.db

#
# Basic Authentication
#

# Set to true to allow Basic Auth credentials to be sent over HTTP unsecurely. This should only be
# done in a test environment. These events will be audited.
org.codice.allowBasicAuthOverHttp=false

#
# Auditing Settings
#
# Set to true to require that all audit logs be HTML encoded before being written.
# This helps avoid any log injection flaws that may be present. Turning this feature on may slow down the system.
org.codice.ddf.platform.requireAuditEncoding=false

#
# Maximum Endpoint Contact Interval
#
# Max seconds between attempts to contact the endpoint of a source
org.codice.ddf.platform.util.http.maxRetryInterval=300
#
# Initial Endpoint Contact Interval
#
# Initial seconds between attempts to contact the endpoint of a source
org.codice.ddf.platform.util.http.initialRetryInterval=10


#
# XML Document Builder Factory
#
javax.xml.parsers.DocumentBuilderFactory=org.apache.xerces.jaxp.DocumentBuilderFactoryImpl
javax.xml.transform.TransformerFactory=org.apache.xalan.processor.TransformerFactoryImpl


#
# Access Logs
#

# Enables/Disables HTTP access logs for Jetty
org.codice.ddf.http.access.log.enabled=false

#
# Security
#
org.codice.ddf.security.ecp.enabled=true

#
# Security Logging
#
security.logger.extra_attributes=


#
# IDP (Identity Provider) Settings
#
# How long IDP clients should cache the IDP's metadata, ISO 8601 duration format. Default is 7 days.
org.codice.ddf.security.saml.Metadata.cacheDuration=P7D
#

#
# User name for the Karaf local console
#
karaf.local.user=admin

#
# Security properties
#
#java.security.policy=_DO_NOT_EXPAND_${karaf.etc}/all.policy
#org.osgi.framework.security=osgi
#org.osgi.framework.trust.repositories=_DO_NOT_EXPAND_${karaf.etc}/trustStore.ks
# pipe (|) separated list of regex patterns for DNs that are allowed to connect to the Security Token Service
ws-security.subject.cert.constraints=.*CN=_DO_NOT_EXPAND_${org.codice.ddf.system.hostname}.*
user.language="en"
user.country="US"

#
# This is the default home location which will work in development and test
# and, by virtue of being beneath the _DO_NOT_EXPAND_${user.home} directory, will not cause
# an access exception for being inaccessible.
#
org.ops4j.pax.url.mvn.settings=file:_DO_NOT_EXPAND_${user.home}/.m2/settings.xml

#
# Disable Hazelcast version check
#
hazelcast.version.check.enabled=false

#
# DDF's custom implementation of a Felix Config Admin PersistenceManager
#
felix.cm.pm=CodicePM

#DO NOT REMOVE THIS LINE