.middleware.grouper.grouper.5.12.2.source-code.grouper-ws-ng.base.properties Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of grouper Show documentation
Show all versions of grouper Show documentation
Internet2 Groups Management Toolkit
########################################
## Config chaining hierarchy
########################################
# comma separated config files that override each other (files on the right override the left)
# each should start with file: or classpath:
# e.g. classpath:grouper-ws.example.properties, file:c:/something/myconfig.properties
# {valueType: "string", required: true, multiple: true}
ws.config.hierarchy = classpath:grouper-ws-ng.base.properties, classpath:grouper-ws.properties, database:grouper
# seconds between checking to see if the config files are updated
# {valueType: "integer", required: true}
ws.config.secondsBetweenUpdateChecks = 600
########################################
## General settings
########################################
# Max number of subjects to be able to pass to addMember service, default is 1000000
# {valueType: "integer", required: true}
ws.add.member.subjects.max = 20000
# Max number of subjects to be able to pass to addMember service, default is 1000000
# {valueType: "integer", required: true}
ws.has.member.subjects.max = 20000
# Max number of subjects to be able to pass to addMember service, default is 1000000
# {valueType: "integer", required: true}
ws.group.save.max = 20000
# Max number of subjects to be able to pass to getGroups service, default is 1000000
# {valueType: "integer", required: true}
ws.get.groups.subjects.max = 20000
# This is the number of subjects found which is too many to see if in group. When seeing if
# in group, that requires batched in size 80 each subject. So for 800 subjects, that is
# 10 queries
# {valueType: "integer", required: true}
ws.get.subjects.max.filter.by.group = 1000
# Web service users who are in the following group can use the actAs field to act as someone else
# You can put multiple groups separated by commas. e.g. a:b:c, e:f:g
# You can put a single entry as the group the calling user has to be in, and the grouper the actAs has to be in
# separated by 4 colons
# e.g. if the configured values is: a:b:c, e:f:d :::: r:e:w, x:e:w
# then if the calling user is in a:b:c or x:e:w, then the actAs can be anyone
# if not, then if the calling user is in e:f:d, then the actAs must be in r:e:w. If multiple rules, then
# if one passes, then it is a success, if they all fail, then fail.
# {valueType: "string", multiple: true}
#ws.act.as.group = etc:webServiceActAsGroup
# similar syntax as ws.act.as.group but for the grouper actas (e.g. for grouper messaging to WS bridge)
# {valueType: "group"}
ws.grouper.act.as.group =
# cache the decision to allow a user to actAs another, so it doesnt have to be calculated each time
# defaults to 30 minutes
# {valueType: "integer", required: true}
ws.act.as.cache.minutes = 30
# If there is an entry here for group name, then all web service client users must be in this group (before the actAs)
#ws.client.user.group.name = etc:webServiceClientUsers
# allow these ids even if not in group, e.g. for testing
# subjectIdOrIdentifier or sourceId::::subjectId or ::::subjectId or sourceId::::::subjectIdentifier or ::::::subjectIdentifier
# sourceId::::::::subjectIdOrIdentifier or ::::::::subjectIdOrIdentifier
# {valueType: "subject", multiple: true}
ws.client.user.group.subjects.allow =
# cache the decision to allow a user to user web services, so it doesnt have to be calculated each time
# defaults to 5 minutes:
# {valueType: "integer", required: true}
ws.client.user.group.cache.minutes = 5
# if you have subject namespace overlap (or not), set the default subject
# sources (comma-separated) to lookup the user if none specified in user name
# {valueType: "string"}
ws.logged.in.subject.default.source =
# prepend to the userid this value (e.g. if using local entities, might be: etc:servicePrincipals: )
# {valueType: "string"}
ws.security.prependToUserIdForSubjectLookup =
# subject attribute names to send back when a WsSubjectResult is sent, comma separated
# e.g. name, netid
# default is none
# {valueType: "string", multiple: true}
ws.subject.result.attribute.names =
# subject result attribute names when extended data is requested (comma separated)
# default is name, description
# note, these will be in addition to ws.subject.result.attribute.names
# {valueType: "string", multiple: true}
ws.subject.result.detail.attribute.names =
# if there are attribute names that need to be sent to the SubjectDecorator
# for subsequent dynamic lookup (configured in SubjectFinder), comma separated
# {valueType: "string", multiple: true}
ws.subject.attributes.for.decorator =
# if the request has no content type (http params), and the response content type is not
# specified in the url, then put it here. must be a valid value of WsRestResponseContentType
# defaults to json if blank. e.g. json, xml, xhtml
# {valueType: "string"}
ws.rest.default.response.content.type = json
# to provide custom authentication (instead of the default httpServletRequest.getUserPrincipal()
# for non-Rampart authentication. Class must implement the interface:
# edu.internet2.middleware.grouper.ws.security.WsCustomAuthentication
# class must be fully qualified. e.g. edu.school.whatever.MyAuthenticator
# blank means use default: edu.internet2.middleware.grouper.ws.security.WsGrouperDefaultAuthentication
# kerberos: edu.internet2.middleware.grouper.ws.security.WsGrouperKerberosAuthentication
# {valueType: "class", mustImplementInterface: "edu.internet2.middleware.grouper.ws.security.WsCustomAuthentication"}
ws.security.non-rampart.authentication.class =
# if providing a custom non-rampart authentication class (including kerberos and ldap), whether to
# return a 401 error in the servlet filter if authentication fails
# {valueType: "boolean", required: true}
ws.security.non-rampart.error.401.authentication.error = true
# if stacks should be thrown to client, default true
# {valueType: "boolean"}
ws.throwExceptionsToClient =
# if error message should be sent to client, default true. Note the error message is in the stack so if ws.throwExceptionsToClient is true then this isnt used
# {valueType: "boolean"}
ws.sendErrorMessageToClient =
###############################################
## Misc settings
###############################################
# ignore extraneous xml fields from server (e.g. on server upgrade, when the client isnt upgraded)
# if you dont ignore, and there is an extraneous field which is not omitted (below), then an exception
# will be thrown
# {valueType: "boolean", required: true}
ws.ignoreExtraneousXmlFieldsRest = false
# register fields to be ignored with xstream. this is useful if you are not
# ignoring extraneous fields (above), but know that there are a few to be ignored
# place them here with fully qualified classname dont property name, comma separated
# e.g. edu.internet2.middleware.grouper.ws.soap.WsResponseMeta.millis, edu.internet2.middleware.grouper.ws.soap.WsResponseMeta.millis2
# {valueType: "string", multiple: true}
ws.omitXmlPropertiesRest =
# will add the charset to the content type, blank to omit
# {valueType: "string"}
ws.restHttpContentTypeCharset = UTF-8
# Content type of REST responses. In 2.3, xml was "text/xml" and json was "text/x-json".
# Change if applications need a specific response type
# {valueType: "string"}
ws.restResponseContentType.xhtml = application/xhtml+xml
# content type of rest responses
# {valueType: "string"}
ws.restResponseContentType.xml = application/xml
# content type of rest responses
# {valueType: "string"}
ws.restResponseContentType.json = application/json
# configure the pluggable json converter (defaults to json.org implementation), must implement the JsonConverter interface
# to use the xstream converter, set to edu.internet2.middleware.grouper.ws.rest.json.XstreamJsonConverter
# {valueType: "class", mustImplementInterface: "edu.internet2.middleware.grouper.ws.rest.json.JsonConverter"}
jsonConverter =
# if a request takes longer than this many millis then log the request to a separate file
# {valueType: "integer", required: true}
ws.longRunningRequestLogMillis = 30000
# If set to false, retain existing behavior up to v4.4.0, in which WsRestGshTemplateExecRequest returned success even
# though the GSH script had a non-success status (by explicitly setting status, a non-zero GrouperUtil.gshReturn(int code),
# or adding output lines of type error)
# {valueType: "boolean", required: true}
ws.gshTemplate.ResultConsiderExecStatus = true
#################################################################
## KERBEROS settings, only needed if doing kerberos simple auth
#################################################################
# if you specify where this is, e.g. /etc/krb5.conf, then it will read it from there, else the classpath, else use the realm and address below
# {valueType: "string"}
kerberos.krb5.conf.location =
# IT IS RECOMMENDED TO USE krb5.conf ON FILE SYSTEM OR CLASSPATH INSTEAD! realm, whatever your realm is, e.g. SCHOOL.EDU
# {valueType: "string"}
kerberos.realm =
# IT IS RECOMMENDED TO USE krb5.conf ON FILE SYSTEM OR CLASSPATH INSTEAD! address of your kdc, e.g. kdc.school.edu
# {valueType: "string"}
kerberos.kdc.address =
# debug kerberos, sets system property sun.security.krb5.debug = true
# {valueType: "boolean"}
kerberos.debug = false
####################################################################
## TESTING
####################################################################
# for testing only, where the main dir is from the test project (or any)
# {valueType: "string"}
ws.testing.grouper-ws.dir=../grouper-ws
# for testing only, where is the generated client dir for samples / testing
# {valueType: "string"}
ws.testing.generated.client.dir=../grouper-ws-java-generated-client
# for testing only, where is the manual client dir for samples / testing
# {valueType: "string"}
ws.testing.manual.client.dir=../grouper-ws-java-manual-client
# http prefix for hitting tests
# {valueType: "string"}
ws.testing.httpPrefix=http
# host for hitting tests
# {valueType: "string"}
ws.testing.host=localhost
# port for hitting tests
# {valueType: "integer", required: true}
ws.testing.port=8090
# port that the sample capture proxy will forward to
# {valueType: "integer", required: true}
ws.sampleForwardTo.port=8089
# app name for hitting tests
# {valueType: "string"}
ws.testing.appName=grouper-ws
# user to login to tests
# {valueType: "string"}
ws.testing.user=GrouperSystem
# pass to login to tests
# {valueType: "password", sensitive: true}
ws.testing.pass=private
# version the client advertises to server
# {valueType: "string"}
ws.testing.version=v2_5_000
© 2015 - 2024 Weber Informatics LLC | Privacy Policy