forked from networknt/light-4j
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
209 additions
and
33 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,43 +1,219 @@ | ||
# This is the configuration file for Http2Client. | ||
--- | ||
# Settings for TLS | ||
tls: | ||
# if the server is using self-signed certificate, this need to be false. | ||
verifyHostname: false | ||
# if the server is using self-signed certificate, this need to be false. If true, you have to use CA signed certificate | ||
# or load truststore that contains the self-signed cretificate. | ||
verifyHostname: ${client.verifyHostname:false} | ||
# The default trustedNames group used to created default SSL context. This is used to create Http2Client.SSL if set. | ||
defaultGroupKey: ${client.defaultGroupKey:trustedNames.local} | ||
# trusted hostnames, service names, service Ids, and so on. | ||
# Note: localhost and 127.0.0.1 are not trustable hostname/ip in general. So, these values should not be used as trusted names in production. | ||
trustedNames: | ||
local: localhost | ||
negativeTest: invalidhost | ||
empty: | ||
# trust store contains certifictes that server needs. Enable if tls is used. | ||
loadTrustStore: true | ||
loadTrustStore: ${client.loadTrustStore:true} | ||
# trust store location can be specified here or system properties javax.net.ssl.trustStore and password javax.net.ssl.trustStorePassword | ||
trustStore: client.truststore | ||
trustStore: ${client.trustStore:client.truststore} | ||
# trust store password | ||
trustStorePass: ${client.trustStorePass:password} | ||
# key store contains client key and it should be loaded if two-way ssl is uesed. | ||
loadKeyStore: true | ||
loadKeyStore: ${client.loadKeyStore:false} | ||
# key store location | ||
keyStore: client.keystore | ||
keyStore: ${client.keyStore:client.keystore} | ||
# key store password | ||
keyStorePass: ${client.keyStorePass:password} | ||
# private key password | ||
keyPass: ${client.keyPass:password} | ||
# settings for OAuth2 server communication | ||
oauth: | ||
# OAuth 2.0 token endpoint configuration | ||
token: | ||
tokenRenewBeforeExpired: 4000 | ||
expiredRefreshRetryDelay: 5000 | ||
earlyRefreshRetryDelay: 30000 | ||
server_url: http://localhost:7777 | ||
# you find oauth2 server from ether server_url or consul service discovery. | ||
# serviceId: com.networknt.oauth2-token-1.0.0 | ||
cache: | ||
#capacity of caching TOKENs | ||
capacity: ${client.tokenCacheCapacity:200} | ||
# The scope token will be renewed automatically 1 minutes before expiry | ||
tokenRenewBeforeExpired: ${client.tokenRenewBeforeExpired:60000} | ||
# if scope token is expired, we need short delay so that we can retry faster. | ||
expiredRefreshRetryDelay: ${client.expiredRefreshRetryDelay:2000} | ||
# if scope token is not expired but in renew windown, we need slow retry delay. | ||
earlyRefreshRetryDelay: ${client.earlyRefreshRetryDelay:4000} | ||
# token server url. The default port number for token service is 6882. If this is set, | ||
# it will take high priority than serviceId for the direct connection | ||
# server_url: ${client.tokenServerUrl:https://localhost:6882} | ||
# For users who leverage SaaS OAuth 2.0 provider from lightapi.net or others in the public cloud | ||
# and has an internal proxy server to access code, token and key services of OAuth 2.0, set up the | ||
# proxyHost here for the HTTPS traffic. This option is only working with server_url and serviceId | ||
# below should be commented out. OAuth 2.0 services cannot be discovered if a proxy server is used. | ||
# proxyHost: ${client.tokenProxyHost:proxy.lightapi.net} | ||
# We only support HTTPS traffic for the proxy and the default port is 443. If your proxy server has | ||
# a different port, please specify it here. If proxyHost is available and proxyPort is missing, then | ||
# the default value 443 is going to be used for the HTTP connection. | ||
# proxyPort: ${client.tokenProxyPort:3128} | ||
# token service unique id for OAuth 2.0 provider. If server_url is not set above, | ||
# a service discovery action will be taken to find an instance of token service. | ||
serviceId: ${client.tokenServiceId:com.networknt.oauth2-token-1.0.0} | ||
# set to true if the oauth2 provider supports HTTP/2 | ||
enableHttp2: ${client.tokenEnableHttp2:true} | ||
# the following section defines uri and parameters for authorization code grant type | ||
authorization_code: | ||
uri: "/oauth2/token" | ||
client_id: test_client | ||
client_secret: test_secret | ||
redirect_uri: https://localhost:8080/authorization_code | ||
scope: | ||
- test.r | ||
- test.w | ||
# token endpoint for authorization code grant | ||
uri: ${client.tokenAcUri:/oauth2/token} | ||
# client_id for authorization code grant flow. | ||
client_id: ${client.tokenAcClientId:f7d42348-c647-4efb-a52d-4c5787421e72} | ||
# client_secret for authorization code grant flow. | ||
client_secret: ${client.tokenAcClientSecret:f6h1FTI8Q3-7UScPZDzfXA} | ||
# the web server uri that will receive the redirected authorization code | ||
redirect_uri: ${client.tokenAcRedirectUri:https://localhost:3000/authorization} | ||
# optional scope, default scope in the client registration will be used if not defined. | ||
# If there are scopes specified here, they will be verified against the registered scopes. | ||
# scope: | ||
# - petstore.r | ||
# - petstore.w | ||
# the following section defines uri and parameters for client credentials grant type | ||
client_credentials: | ||
uri: "/oauth2/token" | ||
client_id: test_client | ||
client_secret: test_secret | ||
scope: | ||
- test.r | ||
- test.w | ||
key: | ||
# if there is no service discovery and you have OAuth2 server deployed on VM | ||
# and there is load balance in front of these service instances. | ||
server_url: http://localhost:7777 | ||
# if you are using consul/zookeeper for service discovery | ||
# serviceId: com.networknt.oauth2-key-1.0.0 | ||
uri: "/oauth2/key" | ||
client_id: 6e9d1db3-2feb-4c1f-a5ad-9e93ae8ca59d | ||
# token endpoint for client credentials grant | ||
uri: ${client.tokenCcUri:/oauth2/token} | ||
# client_id for client credentials grant flow. | ||
client_id: ${client.tokenCcClientId:f7d42348-c647-4efb-a52d-4c5787421e72} | ||
# client_secret for client credentials grant flow. | ||
client_secret: ${client.tokenCcClientSecret:f6h1FTI8Q3-7UScPZDzfXA} | ||
# optional scope, default scope in the client registration will be used if not defined. | ||
# If there are scopes specified here, they will be verified against the registered scopes. | ||
# scope: | ||
# - petstore.r | ||
# - petstore.w | ||
refresh_token: | ||
# token endpoint for refresh token grant | ||
uri: ${client.tokenRtUri:/oauth2/token} | ||
# client_id for refresh token grant flow. | ||
client_id: ${client.tokenRtClientId:f7d42348-c647-4efb-a52d-4c5787421e72} | ||
# client_secret for refresh token grant flow | ||
client_secret: ${client.tokenRtClientSecret:f6h1FTI8Q3-7UScPZDzfXA} | ||
# optional scope, default scope in the client registration will be used if not defined. | ||
# If there are scopes specified here, they will be verified against the registered scopes. | ||
# scope: | ||
# - petstore.r | ||
# - petstore.w | ||
# light-oauth2 key distribution endpoint configuration for token verification | ||
key: | ||
# key distribution server url for token verification. It will be used if it is configured. | ||
# If it is not set, a service lookup will be taken with serviceId to find an instance. | ||
# server_url: ${client.tokenKeyServerUrl:https://localhost:6886} | ||
# For users who leverage SaaS OAuth 2.0 provider from lightapi.net or others in the public cloud | ||
# and has an internal proxy server to access code, token and key services of OAuth 2.0, set up the | ||
# proxyHost here for the HTTPS traffic. This option is only working with server_url and serviceId | ||
# below should be commented out. OAuth 2.0 services cannot be discovered if a proxy server is used. | ||
# proxyHost: ${client.tokenKeyProxyHost:proxy.lightapi.net} | ||
# We only support HTTPS traffic for the proxy and the default port is 443. If your proxy server has | ||
# a different port, please specify it here. If proxyHost is available and proxyPort is missing, then | ||
# the default value 443 is going to be used for the HTTP connection. | ||
# proxyPort: ${client.tokenKeyProxyPort:3128} | ||
# key serviceId for key distribution service, it will be used if above server_url is not configured. | ||
serviceId: ${client.tokenKeyServiceId:com.networknt.oauth2-key-1.0.0} | ||
# the path for the key distribution endpoint | ||
uri: ${client.tokenKeyUri:/oauth2/key} | ||
# client_id used to access key distribution service. It can be the same client_id with token service or not. | ||
client_id: ${client.tokenKeyClientId:f7d42348-c647-4efb-a52d-4c5787421e72} | ||
# client secret used to access the key distribution service. | ||
client_secret: ${client.tokenKeyClientSecret:f6h1FTI8Q3-7UScPZDzfXA} | ||
# set to true if the oauth2 provider supports HTTP/2 | ||
enableHttp2: ${client.tokenKeyEnableHttp2:true} | ||
# sign endpoint configuration | ||
sign: | ||
# token server url. The default port number for token service is 6882. If this url exists, it will be used. | ||
# if it is not set, then a service lookup against serviceId will be taken to discover an instance. | ||
# server_url: ${client.signServerUrl:https://localhost:6882} | ||
# For users who leverage SaaS OAuth 2.0 provider from lightapi.net or others in the public cloud | ||
# and has an internal proxy server to access code, token and key services of OAuth 2.0, set up the | ||
# proxyHost here for the HTTPS traffic. This option is only working with server_url and serviceId | ||
# below should be commented out. OAuth 2.0 services cannot be discovered if a proxy server is used. | ||
# proxyHost: ${client.signProxyHost:proxy.lightapi.net} | ||
# We only support HTTPS traffic for the proxy and the default port is 443. If your proxy server has | ||
# a different port, please specify it here. If proxyHost is available and proxyPort is missing, then | ||
# the default value 443 is going to be used for the HTTP connection. | ||
# proxyPort: ${client.signProxyPort:3128} | ||
# token serviceId. If server_url doesn't exist, the serviceId will be used to lookup the token service. | ||
serviceId: ${client.signServiceId:com.networknt.oauth2-token-1.0.0} | ||
# signing endpoint for the sign request | ||
uri: ${client.signUri:/oauth2/token} | ||
# timeout in milliseconds | ||
timeout: ${client.signTimeout:2000} | ||
# set to true if the oauth2 provider supports HTTP/2 | ||
enableHttp2: ${client.signEnableHttp2:true} | ||
# client_id for client authentication | ||
client_id: ${client.signClientId:f7d42348-c647-4efb-a52d-4c5787421e72} | ||
# client secret for client authentication and it can be encrypted here. | ||
client_secret: ${client.signClientSecret:f6h1FTI8Q3-7UScPZDzfXA} | ||
# the key distribution sever config for sign. It can be different then token key distribution server. | ||
key: | ||
# key distribution server url. It will be used to establish connection if it exists. | ||
# if it is not set, then a service lookup against serviceId will be taken to discover an instance. | ||
# server_url: ${client.signKeyServerUrl:https://localhost:6886} | ||
# For users who leverage SaaS OAuth 2.0 provider from lightapi.net or others in the public cloud | ||
# and has an internal proxy server to access code, token and key services of OAuth 2.0, set up the | ||
# proxyHost here for the HTTPS traffic. This option is only working with server_url and serviceId | ||
# below should be commented out. OAuth 2.0 services cannot be discovered if a proxy server is used. | ||
# proxyHost: ${client.signKeyProxyHost:proxy.lightapi.net} | ||
# We only support HTTPS traffic for the proxy and the default port is 443. If your proxy server has | ||
# a different port, please specify it here. If proxyHost is available and proxyPort is missing, then | ||
# the default value 443 is going to be used for the HTTP connection. | ||
# proxyPort: ${client.signKeyProxyPort:3128} | ||
# the unique service id for key distribution service, it will be used to lookup key service if above url doesn't exist. | ||
serviceId: ${client.signKeyServiceId:com.networknt.oauth2-key-1.0.0} | ||
# the path for the key distribution endpoint | ||
uri: ${client.signKeyUri:/oauth2/key} | ||
# client_id used to access key distribution service. It can be the same client_id with token service or not. | ||
client_id: ${client.signKeyClientId:f7d42348-c647-4efb-a52d-4c5787421e72} | ||
# client secret used to access the key distribution service. | ||
client_secret: ${client.signKeyClientSecret:f6h1FTI8Q3-7UScPZDzfXA} | ||
# set to true if the oauth2 provider supports HTTP/2 | ||
enableHttp2: ${client.signKeyEnableHttp2:true} | ||
# de-ref by reference token to JWT token. It is separate service as it might be the external OAuth 2.0 provider. | ||
deref: | ||
# Token service server url, this might be different than the above token server url. The static url will be used if it is configured. | ||
# server_url: ${client.derefServerUrl:https://localhost:6882} | ||
# For users who leverage SaaS OAuth 2.0 provider in the public cloud and has an internal | ||
# proxy server to access code, token and key services of OAuth 2.0, set up the proxyHost | ||
# here for the HTTPS traffic. This option is only working with server_url and serviceId | ||
# below should be commented out. OAuth 2.0 services cannot be discovered if a proxy is used. | ||
# proxyHost: ${client.derefProxyHost:proxy.lightapi.net} | ||
# We only support HTTPS traffic for the proxy and the default port is 443. If your proxy server has | ||
# a different port, please specify it here. If proxyHost is available and proxyPort is missing, then | ||
# the default value 443 is going to be used for the HTTP connection. | ||
# proxyPort: ${client.derefProxyPort:3128} | ||
# token service unique id for OAuth 2.0 provider. Need for service lookup/discovery. It will be used if above server_url is not configured. | ||
serviceId: ${client.derefServiceId:com.networknt.oauth2-token-1.0.0} | ||
# set to true if the oauth2 provider supports HTTP/2 | ||
enableHttp2: ${client.derefEnableHttp2:true} | ||
# the path for the key distribution endpoint | ||
uri: ${client.derefUri:/oauth2/deref} | ||
# client_id used to access key distribution service. It can be the same client_id with token service or not. | ||
client_id: ${client.derefClientId:f7d42348-c647-4efb-a52d-4c5787421e72} | ||
# client_secret for deref | ||
client_secret: ${client.derefClientSecret:f6h1FTI8Q3-7UScPZDzfXA} | ||
# circuit breaker configuration for the client | ||
request: | ||
# number of timeouts/errors to break the circuit | ||
errorThreshold: ${client.errorThreshold:2} | ||
# timeout in millisecond to indicate a client error. | ||
timeout: ${client.timeout:3000} | ||
# reset the circuit after this timeout in millisecond | ||
resetTimeout: ${client.resetTimeout:7000} | ||
# if open tracing is enable. traceability, correlation and metrics should not be in the chain if opentracing is used. | ||
injectOpenTracing: ${client.injectOpenTracing:false} | ||
# inject serviceId as callerId into the http header for metrics to collect the caller. The serviceId is from server.yml | ||
injectCallerId: ${client.injectCallerId:false} | ||
# the flag to indicate whether http/2 is enabled when calling client.callService() | ||
enableHttp2: ${client.enableHttp2:true} | ||
# the maximum host capacity of connection pool | ||
connectionPoolSize: ${client.connectionPoolSize:1000} | ||
# the maximum request limitation for each connection | ||
maxReqPerConn: ${client.maxReqPerConn:1000000} | ||
# maximum quantity of connection in connection pool for each host | ||
maxConnectionNumPerHost: ${client.maxConnectionNumPerHost:1000} | ||
# minimum quantity of connection in connection pool for each host. The corresponding connection number will shrink to minConnectionNumPerHost | ||
# by remove least recently used connections when the connection number of a host reach 0.75 * maxConnectionNumPerHost. | ||
minConnectionNumPerHost: ${client.minConnectionNumPerHost:250} |