Properties - Student-Management-System/Sparkyservice-Project GitHub Wiki

WORK IN PROGRESS: This site is not ready for Sparkyservice v2.

Note: The application must be restarted after changes are made.

application.properties

Description: This is the default properties file used by spring. It have to be in the classpath in order to run the application.

Decides which settings profile should be used and it provides some necessary properties which are set during development

Example:

spring.profiles.active=release
springdoc.version = 0.2

application-release.properties

Description: The release profile is pre-defined in each release. It must be available on application startup and contains all necessary runtime settings.

Anything which is marked as "OPTIONAL" can be fully removed from the properties file

# MANDATORY
db:
   name:
   addr:
   user:
   password: 
jwt:
   secret: SECRET

# OPTIONAL
server:
   port: 80
zuul:
   routes:
      stmgmt:
         url: URL
         acl: none
recovery:
   enaled: false
   password: PASSWORD
   user: adminuser
ldap:
   enabled: false
   ad: true
   basedn: null
   url: null
   userdn: null
debug: false

Server

Property Description Status Default Value
server.port Port to listen on Optional 8080

Spring Datasource

Property Description Status Default Value
spring.datasource.* Database settings Mandatory unless jpa.hibernate.ddl-auto is removed \
spring.datasource.driver-class-name Defines the driver class which is used* \

*Supported Driver classes: org.postgresql.Driver and org.mariadb.jdbc.Driver

*Supported Dialects: org.hibernate.dialect.PostgreSQLDialect and `org.hibernate.dialect.MariaDBDialect

inMemory

Property Description Status Default Value
recovery.enabled Only a single memory user at a time is supported. Boolean - Optional false
recovery.user Username which will be the MEMORY realm with full permissions Optional user
recovery.password Password used for authentication Mandatory when enabled \

Note: The recovery user can access all application functions. The password can't be overridden through the local database nor any other administrator can demote this user. After the first setup you probably want to promote other users to the admin state and disable the recovery user afterwards in the settings.

LDAP

Sparkyservice (v2) supports only ActiveDirectory LDAP connections.

Property Description Status Default Value
ldap.ad Describes the underlying LDAP implementation. It should be true when Windows Active Directories (AD) are used. Optional false
ldap.basedn Search basedn gives the domains of the user (dc=example,dc=org). Must be a normal domain when used with AD enabled (example.org) Mandatory when AD is used Mandatory
lda.url Full LDAP Connection URL with port (ldap://IP:PORT) Mandatory \
ldap.userdn Bind DN or User. Can be used to authenticate at the LDAP server Optional \

Unused configuration values:

Property Description Status Default Value
ldap.username Currently not used with AD Optional \
ldap.password Currently not used with AD Optional \

Zuul Routing

Property Description Status Default Value
zuul.routes.CUSTOMROUTE.url Defines a new route. /customroute is route to the given value Optional \
zuu.routes.CUSTOMROUTE.acl User list which are allowed to access the given path (here: /customroute/**) Optional "none"

Response with URL

In this section, it is possible to define routing paths. Define a new route entry by appending the prefix with the desired path: zuul.routing.newpath.url=http://example.com.

Through this, all connections from "thisproject.com/newpath" will be redirected to "example.com".

To forward a request inside the same project (/web server) use the forward: modifier. Example:

zuul.routing.newpath.url=forward:/api/v0/authenticat

Further explanation of Proxy function under Proxy

Access Control List with with acl

The protections setting defines a set of users which are allowed to access a configured path. By appending the keyword acl followed by a comma separated user list:

zuul.routes.stmgmt.acl = test@MEMORY,test1@LDAP

Note: The realm of the user behind the "@" symbol must be provided. No whitespaces are allowed.

A user gets access to this path if he is authenticated with a JWT token described here

Supported options are:

  • none
  • <name>@<realm>
  • Or just an empty setting.
  • No setting

JWT

Property Description Status Default Value
jwt.issuer Arbitrary information about the token issuer Optional Empty
jwt.audience Arbitrary information about the token issuer Optional Empty
⚠️ **GitHub.com Fallback** ⚠️