-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathapplication-default.properties
256 lines (224 loc) · 12.4 KB
/
application-default.properties
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
# External configuration file for Typed PID Maker
# -----------------------------------------------
# Regarding the location of this file, consider the default paths for Spring Boot configurations, documented here:
# https://docs.spring.io/spring-boot/reference/features/external-config.html#:~:text=config%20data%20files%20are%20considered%20in%20the%20following%20order%3A
# You can change the path with e.g. this command (if you use gradle to run it):
# ./gradlew run --args="--spring.config.location=config/application-default.properties"
# Or by passing the parameter directly to the jar file.
#
# Documentation of common Spring Boot configuration properties (logging, ports, and others):
# https://docs.spring.io/spring-boot/appendix/application-properties/index.html
# More specific properties are documented within this file.
### General Spring Boot Settings ###
# When to include "message" attribute in HTTP responses on uncatched exceptions.
server.error.include-message: always
springdoc.show-actuator=true
# Do __not__ change these settings below:
spring.main.allow-bean-definition-overriding=true
spring.data.rest.detection-strategy:annotated
#####################################################
###########################
### Port, SSL, Security ###
###########################
server.port: 8090
#server.ssl.key-store: keystore.p12
#server.ssl.key-store-password: test123
#server.ssl.keyStoreType: PKCS12
#server.ssl.keyAlias: tomcat
# Data transfer settings, e.g. transfer compression and multipart message size.
# The properties max-file-size and max-request-size define the maximum size of files
# transferred to and from the repository. Setting them to -1 removes all limits.
server.compression.enabled: false
spring.servlet.multipart.max-file-size: 100MB
spring.servlet.multipart.max-request-size: 100MB
# *Generic* Spring Management Endpoint Settings. By default, the health endpoint will be
# enabled to apply service monitoring including detailed information.
# Furthermore, all endpoints will be exposed to external access. If this is not desired,
# just comment the property 'management.endpoints.web.exposure.include' in order to only
# allow local access.
management.endpoint.health.access: unrestricted
management.endpoint.health.show-details: ALWAYS
management.endpoint.health.sensitive: false
management.endpoints.web.exposure.include: health, info
###############
### Logging ###
###############
# Logging Settings. Most logging of KIT DM is performed on TRACE level. However, if you
# plan to enable logging with this granularity it is recommended to this only for
# a selection of a few packages. Otherwise, the amount of logging information might be
# overwhelming.
#logging.level.root: ERROR
#logging.level.edu.kit.datamanager.doip:TRACE
logging.level.edu.kit: WARN
#logging.level.org.springframework.transaction: TRACE
logging.level.org.springframework: WARN
logging.level.org.springframework.amqp: WARN
#logging.level.com.zaxxer.hikari: ERROR
logging.level.edu.kit.datamanager.pit.cli: INFO
######################
### Authentication ###
######################
# Enable/disable (default) authentication. If authentication is enabled, a separate
# Authentication Service should be used in order to obtain JSON Web Tokens holding
# login information. The token has then to be provided within the Authentication header
# of each HTTP request with a value of 'Bearer <TOKEN>' without quotes, replacing <TOKEN>
# be the token obtained from the authentication service.
# A token needs a "username" in its payload. A minimal token therefore may look like this:
# https://jwt.io/#debugger-io?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VybmFtZSI6InVzZXIifQ.pfZuRuxbj_izZlCnmotWHQuH00BJ35CbjpHILpuQU70
repo.auth.enabled: false
# The jwtSecret is the mutual secret between all trusted services. This means, that if
# authentication is enabled, the jwtSecret used by the Authentication Service to sign
# issued JWTokens must be the same as the jwtSecret of the repository in order to
# be able to validate the signature. By default, the secret should be selected randomly
# and with a sufficient length.
repo.auth.jwtSecret: vkfvoswsohwrxgjaxipuiyyjgubggzdaqrcuupbugxtnalhiegkppdgjgwxsmvdb
###############################
### Keycloak Authentication ###
###############################
spring.autoconfigure.exclude=org.keycloak.adapters.springboot.KeycloakAutoConfiguration,org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration
#keycloakjwt.jwk-url=http://localhost:8080/auth/realms/myrealm/protocol/openid-connect/certs
#keycloakjwt.resource=keycloak-angular
#keycloakjwt.jwt-claim=preferred_username # additional required payload by this application
##keycloakjwt.connect-timeoutms=500 # optional
##keycloakjwt.read-timeoutms=500 # optional
#
#keycloak.realm = myrealm
#keycloak.auth-server-url = http://localhost:8080/auth
#keycloak.resource = keycloak-angular
############################################
### Elastic Indexing and search endpoint ###
######## (requires Elasticsearch 8) ########
############################################
# enables search endpoint at /api/v1/search
repo.search.enabled: false
repo.search.index: *
# only enable if endpoint is enabled:
management.health.elasticsearch.enabled: false
# TO BE REMOVED!
repo.search.url: http://localhost:9200
# Soon will be:
#spring.elasticsearch.uris=http://localhost:9200
#spring.elasticsearch.username=user
#spring.elasticsearch.password=secret
#spring.elasticsearch.socket-timeout=10s
# Due to bug in spring cloud gateway
# https://github.com/spring-cloud/spring-cloud-gateway/issues/3154
spring.cloud.gateway.proxy.sensitive=content-length
#################
### Messaging ###
#################
# Enable (default)/disable messaging. The messaging functionality requires a RabbitMQ
# server receiving and distributing the messages sent by this service. The server is
# accessed via repo.messaging.hostname and repo.messaging.port
# The property 'repo.messaging.topic' defines the topic where messages are sent, whereas
# the all properties with 'binding' define from where messages are received, e.g. the
# exchange aka. topic and the queue. The routingKeys are defining wich messages are
# routed to the aforementioned queue.
repo.messaging.enabled: false
# enables report via health actuator. Only activate if messaging is enabled.
management.health.rabbit.enabled: false
repo.messaging.hostname: localhost
repo.messaging.port: 5672
repo.messaging.sender.exchange: record_events
# The rate in milliseconds at which the repository itself will check for new messages.
# E.g. if a resource has been created, the repository may has to perform additional
# ingest steps. Therefor, special handlers can be added which will be executed at the
# configured repo.schedule.rate if a new message has been received.
repo.schedule.rate:1000
#######################################################
##################### PIT Service #####################
#######################################################
# Standard resolver for Handle PIDs. Should usually stay like this.
pit.pidsystem.handle.baseURI = https://hdl.handle.net/
### Choosing and configuring the PID system ###
# Available implementations:
# - IN_MEMORY (default, sandboxed, non-permanent PIDs, for short testing / demonstration only),
# - LOCAL (sandboxed, uses local database, no public PIDs!, for long term testing or special use-cases),
# - HANDLE_PROTOCOL (recommended, for real FAIR Digital Objects),
pit.pidsystem.implementation = LOCAL
# If you chose IN_MEMORY, no further configuration is required.
# If you chose LOCAL, no further configuration is required.
# If you chose HANDLE_PROTOCOL, you need to set up your prefix and its key/certificate:
#pit.pidsystem.handle-protocol.credentials.handleIdentifierPrefix = 21.T11981
#pit.pidsystem.handle-protocol.credentials.userHandle = 21.T11981/USER01
#pit.pidsystem.handle-protocol.credentials.privateKeyPath = test_prefix_data/21.T11981_USER01_300_privkey.bin
# The handle system supports the redirection of web browsers to a URL.
# If your records may have such a URL stored in an attribute, you can
# list the attributes here. The first attribute to be found will have
# its value copied to a handle specific attribute (with key "URL"),
# enabling URL redirection. Only affects the handle system!
# Obligation: Optional (option missing = empty list)
pit.pidsystem.handle-protocol.handleRedirectAttributes = {'21.T11148/b8457812905b83046284'}
### Base URL for the DTR used. ###
# Currently, we support the DTRs of GWDG/ePIC. Currently known instances:
# - http://dtr-test.pidconsortium.eu/, https://dtr-test.pidconsortium.net/
# - http://dtr-pit.pidconsortium.eu/, http://dtr-pit.pidconsortium.net/
# - http://typeregistry.org/
pit.typeregistry.baseURI = https://dtr-test.pidconsortium.eu/
### As this service is a RESTful serice without GUI, CSRF protection is not required. ###
pit.security.enable-csrf: false
### You may define patterns here for services which are allowed for communication. (CORS) ###
pit.security.allowedOriginPattern: http*://localhost:[*]
#######################################################
#################### PID GENERATOR ####################
#######################################################
# The PID generator to use for the suffix. Possible values:
# "uuid4": generates a UUID v4 (random) PID suffix.
# "hex-chunks": generates hex-chunks. Each chunk is four characters long. Example: 1D6C-152C-C9E0-C136-1509
pit.pidgeneration.mode = uuid4
# A prefix for branding, in addition to the PID system prefix.
# Structure: <system-prefix><branding-prefix><suffix>
# Example: branding-prefix = "my-project.", system-prefix = "21.T11981", suffix = "12345"
# => PID = "21.T11981/my-project.12345"
#
# pit.pidgeneration.branding-prefix = my-project.
# Applies a casing on the PIDs after generation (see "mode" property). Possible values:
# "lower": all characters are lower case
# "upper": all characters are upper case
# "unmodified": no casing is applied after generation. Result depends fully on the generator.
pit.pidgeneration.casing = lower
# Affects chunk-based generation modes (see pid.pidgeneration.mode) only.
# Defines the number of chunks the generator should generate for each PID.
# Default: 4
# pit.pidgeneration.num-chunks = 4
### DANGEROUS OPTION! Please read carefully! ########################################
# Please keep this option as a last resort vor special use-cases
# where you need total control about the PID suffix you want to create.
# In addition to authentication, we recommend fully hide the Typed PID Maker behind
# a gateway which will manage your custom PIDs.
# NOTE! If you do not already include the configured prefix in the PID, it will be appended.
# This means that you can not create PIDs with a suffix starting with the system prefix.
# Example: system prefix = "abc", suffix = abcdef
# => PID = "abc/def" (delimiter may depend on PID system)
#
# pit.pidgeneration.custom-client-pids-enabled = false
### DANGEROUS OPTION! Please read carefully! ########################################
################################
######## Database ##############
################################
### - Stores known PIDs ###
### - Stores PID records if ###
### system is set to LOCAL ###
### - Required for messaging ###
################################
# This database will always run, as it is also required for the messaging feature,
# but for the messaging it is not required to be persistent.
# But the service will also use this database to store known PIDs.
# This can be used as a backup or documentation of all PIDs.
# The following properties can (and should) be set.
# When to store PIDs in the local database ("known PIDs")
pit.storage.strategy: keep-resolved-and-modified
#pit.storage.strategy: keep-resolved
# The driver determines the database system to start. Other drivers are untested, but may work.
spring.datasource.driver-class-name: org.h2.Driver
# Next, please choose a location for the database file on your file system.
# WARNING: If no url is being defined, an in-memory database is being used,
# loosing all data on restart.
# WARNING: Change the DB to be stored somewhere outside of /tmp!
spring.datasource.url: jdbc:h2:file:/tmp/database;MODE=LEGACY;NON_KEYWORDS=VALUE
# Credentials for the database:
spring.datasource.username: typid
spring.datasource.password: secure_me
# Do not change ddl-auto if you do not know what you are doing:
# https://docs.spring.io/spring-boot/docs/1.1.0.M1/reference/html/howto-database-initialization.html
spring.jpa.hibernate.ddl-auto: update