All Downloads are FREE. Search and download functionalities are using the official Maven repository.

.middleware.grouper.grouper.5.12.2.source-code.grouper-ws-ng.base.properties Maven / Gradle / Ivy

There is a newer version: 5.13.5
Show newest version

########################################
## Config chaining hierarchy
########################################

# comma separated config files that override each other (files on the right override the left)
# each should start with file: or classpath:
# e.g. classpath:grouper-ws.example.properties, file:c:/something/myconfig.properties
# {valueType: "string", required: true, multiple: true}
ws.config.hierarchy = classpath:grouper-ws-ng.base.properties, classpath:grouper-ws.properties, database:grouper

# seconds between checking to see if the config files are updated
# {valueType: "integer", required: true}
ws.config.secondsBetweenUpdateChecks = 600

########################################
## General settings
########################################

# Max number of subjects to be able to pass to addMember service, default is 1000000
# {valueType: "integer", required: true}
ws.add.member.subjects.max = 20000

# Max number of subjects to be able to pass to addMember service, default is 1000000
# {valueType: "integer", required: true}
ws.has.member.subjects.max = 20000

# Max number of subjects to be able to pass to addMember service, default is 1000000
# {valueType: "integer", required: true}
ws.group.save.max = 20000

# Max number of subjects to be able to pass to getGroups service, default is 1000000
# {valueType: "integer", required: true}
ws.get.groups.subjects.max = 20000

# This is the number of subjects found which is too many to see if in group.  When seeing if
# in group, that requires batched in size 80 each subject.  So for 800 subjects, that is 
# 10 queries
# {valueType: "integer", required: true}
ws.get.subjects.max.filter.by.group = 1000

# Web service users who are in the following group can use the actAs field to act as someone else
# You can put multiple groups separated by commas.  e.g. a:b:c, e:f:g
# You can put a single entry as the group the calling user has to be in, and the grouper the actAs has to be in
# separated by 4 colons
# e.g. if the configured values is:       a:b:c, e:f:d :::: r:e:w, x:e:w
# then if the calling user is in a:b:c or x:e:w, then the actAs can be anyone
# if not, then if the calling user is in e:f:d, then the actAs must be in r:e:w.  If multiple rules, then 
# if one passes, then it is a success, if they all fail, then fail.
# {valueType: "string", multiple: true}
#ws.act.as.group = etc:webServiceActAsGroup

# similar syntax as ws.act.as.group but for the grouper actas (e.g. for grouper messaging to WS bridge)
# {valueType: "group"}
ws.grouper.act.as.group = 

# cache the decision to allow a user to actAs another, so it doesnt have to be calculated each time
# defaults to 30 minutes
# {valueType: "integer", required: true}
ws.act.as.cache.minutes = 30

# If there is an entry here for group name, then all web service client users must be in this group (before the actAs)
#ws.client.user.group.name = etc:webServiceClientUsers

# allow these ids even if not in group, e.g. for testing
# subjectIdOrIdentifier  or  sourceId::::subjectId  or  ::::subjectId  or  sourceId::::::subjectIdentifier  or  ::::::subjectIdentifier
# sourceId::::::::subjectIdOrIdentifier  or  ::::::::subjectIdOrIdentifier
# {valueType: "subject", multiple: true}
ws.client.user.group.subjects.allow = 

# cache the decision to allow a user to user web services, so it doesnt have to be calculated each time
# defaults to 5 minutes: 
# {valueType: "integer", required: true}
ws.client.user.group.cache.minutes = 5

# if you have subject namespace overlap (or not), set the default subject 
# sources (comma-separated) to lookup the user if none specified in user name
# {valueType: "string"}
ws.logged.in.subject.default.source = 

# prepend to the userid this value (e.g. if using local entities, might be:    etc:servicePrincipals:   )
# {valueType: "string"}
ws.security.prependToUserIdForSubjectLookup = 

# subject attribute names to send back when a WsSubjectResult is sent, comma separated
# e.g. name, netid
# default is none
# {valueType: "string", multiple: true}
ws.subject.result.attribute.names = 

# subject result attribute names when extended data is requested (comma separated)
# default is name, description
# note, these will be in addition to ws.subject.result.attribute.names
# {valueType: "string", multiple: true}
ws.subject.result.detail.attribute.names = 

# if there are attribute names that need to be sent to the SubjectDecorator
# for subsequent dynamic lookup (configured in SubjectFinder), comma separated
# {valueType: "string", multiple: true}
ws.subject.attributes.for.decorator = 

# if the request has no content type (http params), and the response content type is not
# specified in the url, then put it here.  must be a valid value of WsRestResponseContentType
# defaults to json if blank.  e.g. json, xml, xhtml
# {valueType: "string"}
ws.rest.default.response.content.type = json

# to provide custom authentication (instead of the default httpServletRequest.getUserPrincipal()
# for non-Rampart authentication.  Class must implement the interface:
# edu.internet2.middleware.grouper.ws.security.WsCustomAuthentication
# class must be fully qualified.  e.g. edu.school.whatever.MyAuthenticator
# blank means use default: edu.internet2.middleware.grouper.ws.security.WsGrouperDefaultAuthentication
# kerberos: edu.internet2.middleware.grouper.ws.security.WsGrouperKerberosAuthentication
# {valueType: "class", mustImplementInterface: "edu.internet2.middleware.grouper.ws.security.WsCustomAuthentication"}
ws.security.non-rampart.authentication.class = 

# if providing a custom non-rampart authentication class (including kerberos and ldap), whether to
# return a 401 error in the servlet filter if authentication fails
# {valueType: "boolean", required: true}
ws.security.non-rampart.error.401.authentication.error = true

# if stacks should be thrown to client, default true
# {valueType: "boolean"}
ws.throwExceptionsToClient = 

# if error message should be sent to client, default true.  Note the error message is in the stack so if ws.throwExceptionsToClient is true then this isnt used
# {valueType: "boolean"}
ws.sendErrorMessageToClient = 

###############################################
## Misc settings
###############################################

# ignore extraneous xml fields from server (e.g. on server upgrade, when the client isnt upgraded)
# if you dont ignore, and there is an extraneous field which is not omitted (below), then an exception 
# will be thrown
# {valueType: "boolean", required: true}
ws.ignoreExtraneousXmlFieldsRest = false

# register fields to be ignored with xstream.  this is useful if you are not
# ignoring extraneous fields (above), but know that there are a few to be ignored
# place them here with fully qualified classname dont property name, comma separated
# e.g. edu.internet2.middleware.grouper.ws.soap.WsResponseMeta.millis, edu.internet2.middleware.grouper.ws.soap.WsResponseMeta.millis2
# {valueType: "string", multiple: true}
ws.omitXmlPropertiesRest = 

# will add the charset to the content type, blank to omit
# {valueType: "string"}
ws.restHttpContentTypeCharset = UTF-8

# Content type of REST responses. In 2.3, xml was "text/xml" and json was "text/x-json".
# Change if applications need a specific response type
# {valueType: "string"}
ws.restResponseContentType.xhtml = application/xhtml+xml

# content type of rest responses
# {valueType: "string"}
ws.restResponseContentType.xml = application/xml

# content type of rest responses
# {valueType: "string"}
ws.restResponseContentType.json = application/json



# configure the pluggable json converter (defaults to json.org implementation), must implement the JsonConverter interface
# to use the xstream converter, set to edu.internet2.middleware.grouper.ws.rest.json.XstreamJsonConverter
# {valueType: "class", mustImplementInterface: "edu.internet2.middleware.grouper.ws.rest.json.JsonConverter"}
jsonConverter = 

# if a request takes longer than this many millis then log the request to a separate file
# {valueType: "integer", required: true}
ws.longRunningRequestLogMillis = 30000

# If set to false, retain existing behavior up to v4.4.0, in which WsRestGshTemplateExecRequest returned success even
# though the GSH script had a non-success status (by explicitly setting status, a non-zero GrouperUtil.gshReturn(int code),
# or adding output lines of type error)
# {valueType: "boolean", required: true}
ws.gshTemplate.ResultConsiderExecStatus = true

#################################################################
## KERBEROS settings, only needed if doing kerberos simple auth
#################################################################

# if you specify where this is, e.g. /etc/krb5.conf, then it will read it from there, else the classpath, else use the realm and address below
# {valueType: "string"}
kerberos.krb5.conf.location =

# IT IS RECOMMENDED TO USE krb5.conf ON FILE SYSTEM OR CLASSPATH INSTEAD!  realm, whatever your realm is, e.g. SCHOOL.EDU
# {valueType: "string"}
kerberos.realm =

# IT IS RECOMMENDED TO USE krb5.conf ON FILE SYSTEM OR CLASSPATH INSTEAD!  address of your kdc, e.g. kdc.school.edu
# {valueType: "string"}
kerberos.kdc.address =

# debug kerberos, sets system property sun.security.krb5.debug = true
# {valueType: "boolean"}
kerberos.debug = false

####################################################################
## TESTING
####################################################################

# for testing only, where the main dir is from the test project (or any)
# {valueType: "string"}
ws.testing.grouper-ws.dir=../grouper-ws

# for testing only, where is the generated client dir for samples / testing
# {valueType: "string"}
ws.testing.generated.client.dir=../grouper-ws-java-generated-client

# for testing only, where is the manual client dir for samples / testing
# {valueType: "string"}
ws.testing.manual.client.dir=../grouper-ws-java-manual-client

# http prefix for hitting tests
# {valueType: "string"}
ws.testing.httpPrefix=http

# host for hitting tests
# {valueType: "string"}
ws.testing.host=localhost

# port for hitting tests
# {valueType: "integer", required: true}
ws.testing.port=8090

# port that the sample capture proxy will forward to
# {valueType: "integer", required: true}
ws.sampleForwardTo.port=8089

# app name for hitting tests
# {valueType: "string"}
ws.testing.appName=grouper-ws

# user to login to tests
# {valueType: "string"}
ws.testing.user=GrouperSystem

# pass to login to tests
# {valueType: "password", sensitive: true}
ws.testing.pass=private

# version the client advertises to server
# {valueType: "string"}
ws.testing.version=v2_5_000




© 2015 - 2024 Weber Informatics LLC | Privacy Policy