application-http.properties

############################################################################
#  Copyright [2021] [MaxKey of copyright http://www.maxkey.top]
#  
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#  
#      http://www.apache.org/licenses/LICENSE-2.0
#  
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
############################################################################
#spring.profiles.active=http                                               #
############################################################################
#server port
server.port                                     =8080
#session default 1800
#1800s =30m
#28800s=8h
server.servlet.session.timeout                  =1800
#server context path
server.servlet.context-path                     =/maxkey
#nacos discovery
spring.cloud.nacos.discovery.enabled            =${NACOS_DISCOVERY_ENABLED:false}
spring.cloud.nacos.discovery.instance-enabled   =false
spring.cloud.nacos.discovery.server-addr        =${NACOS_DISCOVERY_SERVER_ADDR:127.0.0.1:8848}
############################################################################
#domain name configuration                                                 #
############################################################################
maxkey.server.scheme                            =http
maxkey.server.basedomain                        =${SERVER_DOMAIN:maxkey.top}
maxkey.server.domain                            =sso.${maxkey.server.basedomain}
maxkey.server.name                              =${maxkey.server.scheme}://${maxkey.server.domain}
maxkey.server.uri                               =${maxkey.server.name}:${server.port}${server.servlet.context-path}
#default.uri                
maxkey.server.default.uri                       =${maxkey.server.uri}/appList
maxkey.server.mgt.uri                           =${maxkey.server.name}:9527/maxkey-mgt/login
maxkey.server.authz.uri                         =${maxkey.server.name}:${server.port}${server.servlet.context-path}
#InMemory 0 , Redis 2               
maxkey.server.persistence                       =${SERVER_PERSISTENCE:2}
#identity               
maxkey.server.kafka.support                     =${SERVER_KAFKA_SUPPORT:false}
#issuer name                
maxkey.app.issuer                               =CN=ConSec,CN=COM,CN=SH
############################################################################
#Login configuration                                                       #
############################################################################
#enable captcha
maxkey.login.captcha                            =${LOGIN_CAPTCHA:true}
#text or arithmetic
maxkey.login.captcha.type                       =${LOGIN_CAPTCHA_TYPE:text}
#enable two factor,use one time password
maxkey.login.mfa                                =${LOGIN_MFA_ENABLED:true}
#TimeBasedOtpAuthn MailOtpAuthn SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud
maxkey.login.mfa.type                           =${LOGIN_MFA_TYPE:TimeBasedOtpAuthn}
#enable social sign on          
maxkey.login.socialsignon                       =${LOGIN_SOCIAL_ENABLED:true}
#Enable kerberos/SPNEGO         
maxkey.login.kerberos                           =false
#wsFederation           
maxkey.login.wsfederation                       =false
#remeberme          
maxkey.login.remeberme                          =${LOGIN_REMEBERME:true}
#validity           
maxkey.login.remeberme.validity                 =0
#JWT support
maxkey.login.jwt                                =${LOGIN_JWT:true}
maxkey.login.jwt.issuer                         =${LOGIN_JWT_ISSUER:${maxkey.server.authz.uri}}
#to default application web site            
maxkey.login.default.uri                        =appList
maxkey.ipaddress.whitelist                      =false
#notices show
maxkey.notices.visible                          =false
############################################################################
#ssl configuration                                                         #
############################################################################
#server.ssl.key-store=maxkeyserver.keystore
#server.ssl.key-alias=maxkey
#server.ssl.enabled=true
#server.ssl.key-store-password=maxkey
#server.ssl.key-store-type=JKS

############################################################################
#database configuration 
#   supported database
#       mysql
#       highgo
#       postgresql
############################################################################
spring.datasource.type                          =com.alibaba.druid.pool.DruidDataSource
#mysql
spring.datasource.driver-class-name             =com.mysql.cj.jdbc.Driver
spring.datasource.username                      =${DATABASE_USER:root}
spring.datasource.password                      =${DATABASE_PWD:maxkey}
spring.datasource.url                           =jdbc:mysql://${DATABASE_HOST:localhost}:${DATABASE_PORT:3306}/${DATABASE_NAME:maxkey}?autoReconnect=true&characterEncoding=UTF-8&serverTimezone=UTC
#highgo
#spring.datasource.driver-class-name=com.highgo.jdbc.Driver
#spring.datasource.username=highgo
#spring.datasource.password=High@123
#spring.datasource.url=jdbc:highgo://192.168.56.107:5866/highgo?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Shanghai
#postgresql
#spring.datasource.driver-class-name=org.postgresql.Driver
#spring.datasource.username=root
#spring.datasource.password=maxkey!
#spring.datasource.url=jdbc:postgresql://localhost/maxkey?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Shanghai
#mybatis
mybatis.dialect                                 =mysql
mybatis.type-aliases-package                    =org.maxkey.entity,org.maxkey.entity.apps,
mybatis.mapper-locations                        =classpath*:/org/maxkey/persistence/mapper/xml/${mybatis.dialect}/*.xml
mybatis.table-column-snowflake-datacenter-id    =1
mybatis.table-column-snowflake-machine-id       =1
mybatis.table-column-escape                     =false
mybatis.table-column-case                       =lowercase

############################################################################
#redis server  configuration                                               #
############################################################################
spring.redis.host                               =${REDIS_HOST:127.0.0.1}
spring.redis.port                               =${REDIS_PORT:6379}
spring.redis.password                           =${REDIS_PWD:password}
spring.redis.timeout                            =10000
spring.redis.jedis.pool.max-wait                =1000
spring.redis.jedis.pool.max-idle                =200
spring.redis.lettuce.pool.max-active            =-1
spring.redis.lettuce.pool.min-idle              =0

############################################################################
#mail configuration                                                        #
############################################################################
spring.mail.default-encoding                    =utf-8
spring.mail.host                                =${MAIL_HOST:smtp.163.com}
spring.mail.port                                =${MAIL_PORT:465}
spring.mail.username                            =${MAIL_USER:maxkey@163.com}
spring.mail.password                            =${MAIL_PWD:password}
spring.mail.protocol                            =smtp
spring.mail.properties.ssl                      =true
spring.mail.properties.sender                   =${MAIL_SENDER:maxkey@163.com}
spring.mail.properties.mailotp.message.subject  =MaxKey One Time PassWord
spring.mail.properties.mailotp.message.template ={0} You Token is {1} , it validity in {2}  minutes.
spring.mail.properties.mailotp.message.type     =html
spring.mail.properties.mailotp.message.validity =300

############################################################################
#Spring Session for Cluster configuration                                  #
############################################################################
# Session store type.
spring.session.store-type                       =none
#spring.session.store-type=redis
# Session timeout. If a duration suffix is not specified, seconds is used.
#server.servlet.session.timeout=1800
# Sessions flush mode.
#spring.session.redis.flush-mode=on_save 
# Namespace for keys used to store sessions.
#spring.session.redis.namespace=spring:session 

############################################################################
#Kafka for connectors configuration                                        #
############################################################################
spring.kafka.bootstrap-servers                  =${KAFKA_SERVERS:localhost:9092}
# retries   
spring.kafka.producer.retries                   =0
# acks  
spring.kafka.producer.acks                      =1
# batch-size    
spring.kafka.producer.batch-size                =16384
# linger.ms 
spring.kafka.producer.properties.linger.ms      =0
# buffer-memory 
spring.kafka.producer.buffer-memory             =33554432
# serializer    
spring.kafka.producer.key-serializer            =org.apache.kafka.common.serialization.StringSerializer
spring.kafka.producer.value-serializer          =org.apache.kafka.common.serialization.StringSerializer
# partitioner
#spring.kafka.producer.properties.partitioner.class=com.felix.kafka.producer.CustomizePartitioner

############################################################################ 
#SMS Message Login configuration                                           #
#aliyun yunxin tencentcloud                                                #
############################################################################
#default
maxkey.otp.sms.provider                         =${SMS_PROVIDER:yunxin}
#aliyun     
maxkey.otp.sms.aliyun.accesskeyid               =${SMS_ALIYUN_ACCESSKEYID:94395d754eb55693043f5d6a2b772ef4}
maxkey.otp.sms.aliyun.accesssecret              =${SMS_ALIYUN_ACCESSSECRET:05d5485357bc}
maxkey.otp.sms.aliyun.templatecode              =${SMS_ALIYUN_TEMPLATECODE:14860095}
maxkey.otp.sms.aliyun.signname                  =${SMS_ALIYUN_SIGNNAME:maxkey}
#yunxin     
maxkey.otp.sms.yunxin.appkey                    =${SMS_YUNXIN_APPKEY:94395d754eb55693043f5d6a2b772ef3}
maxkey.otp.sms.yunxin.appsecret                 =${SMS_YUNXIN_APPSECRET:05d5485357bc}
maxkey.otp.sms.yunxin.templateid                =${SMS_YUNXIN_TEMPLATEID:14860099}
#tencentcloud       
maxkey.otp.sms.tencentcloud.secretid            =${SMS_TENCENTCLOUD_SECRETID:94395d754eb55693043f5d6a2b772ef4}
maxkey.otp.sms.tencentcloud.secretkey           =${SMS_TENCENTCLOUD_SECRETKEY:05d5485357bc}
maxkey.otp.sms.tencentcloud.smssdkappid         =${SMS_TENCENTCLOUD_SMSSDKAPPID:1486220095}
maxkey.otp.sms.tencentcloud.templateid          =${SMS_TENCENTCLOUD_TEMPLATEID:14860095}
maxkey.otp.sms.tencentcloud.sign                =${SMS_TENCENTCLOUD_SIGN:1486009522}

############################################################################ 
#Time-based One-Time Password configuration                                #
############################################################################
maxkey.otp.policy.type                          =totp
maxkey.otp.policy.digits                        =6
maxkey.otp.policy.issuer                        =${OTP_POLICY_ISSUER:MaxKey}
maxkey.otp.policy.domain                        =${maxkey.server.domain}
maxkey.otp.policy.period                        =30

############################################################################ 
#LDAP Login support configuration                                          #
############################################################################
maxkey.login.ldap.enable                      =${LDAP_ENABLE:false}
maxkey.login.ldap.jit                         =false
#openldap,activedirectory,normal    
maxkey.login.ldap.product                     =${LDAP_PRODUCT:openldap}
maxkey.login.ldap.ssl                         =${LDAP_SSL:false}
maxkey.login.ldap.providerurl                 =${LDAP_PROVIDERURL:ldap://localhost:389}
maxkey.login.ldap.principal                   =${LDAP_PRINCIPAL:cn=Manager,dc=maxcrc,dc=com}
maxkey.login.ldap.credentials                 =${LDAP_CREDENTIALS:secret}
maxkey.login.ldap.basedn                      =${LDAP_BASEDN:dc=maxcrc,dc=com}
maxkey.login.ldap.filter                      =(uid=%s)
maxkey.login.ldap.truststore                  =${LDAP_TRUSTSTORE:maxkey}
maxkey.login.ldap.truststorepassword          =${LDAP_TRUSTSTORE_PASSWORD:maxkey}
#activedirectory effective  
maxkey.login.ldap.activedirectory.domain      =${LDAP_AD_DOMAIN:MAXKEY.ORG}

############################################################################ 
#Kerberos Login configuration                                              #
#short name of user domain must be in upper case,eg:MAXKEY                 #
############################################################################
maxkey.login.kerberos.default.userdomain      =MAXKEY
#short name of user domain must be in upper case,eg:MAXKEY.ORG
maxkey.login.kerberos.default.fulluserdomain  =MAXKEY.ORG
#last 8Bit crypto for Kerberos web Authentication 
maxkey.login.kerberos.default.crypto          =846KZSzYq56M6d5o
#Kerberos Authentication server RUL
maxkey.login.kerberos.default.redirecturi     =http://sso.maxkey.top/kerberos/authn/

############################################################################ 
#HTTPHEADER Login configuration                                            #
############################################################################
maxkey.login.httpheader.enable                =false
maxkey.login.httpheader.headername            =header-user
# iv-user is for IBM Security Access Manager
#config.httpheader.headername=iv-user

############################################################################ 
#BASIC Login support configuration                                         #
############################################################################
maxkey.login.basic.enable                     =false

#############################################################################
#WsFederation Login support configuration
#identifier: the identifer for the ADFS server
#url: the login url for ADFS
#principal: the name of the attribute/assertion returned by ADFS that contains the principal's username.
#relyingParty: the identifier of the CAS Server as it has been configured in ADFS.
#tolerance: (optional) the amount of drift to allow when validating the timestamp on the token. Default: 10000 (ms)
#attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server
#signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS.
############################################################################
maxkey.login.wsfederation.identifier          =http://adfs.maxkey.top/adfs/services/trust
maxkey.login.wsfederation.url                 =https://adfs.maxkey.top/adfs/ls/
maxkey.login.wsfederation.principal           =upn
maxkey.login.wsfederation.relyingParty        =urn:federation:connsec
maxkey.login.wsfederation.signingCertificate  =adfs-signing.crt
maxkey.login.wsfederation.tolerance           =10000
maxkey.login.wsfederation.upn.suffix          =maxkey.org
maxkey.login.wsfederation.logoutUrl           =https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0

#############################################################################
#OIDC V1.0 METADATA configuration                                           #
#############################################################################
maxkey.oidc.metadata.issuer                     =${maxkey.server.authz.uri}
maxkey.oidc.metadata.authorizationEndpoint      =${maxkey.server.authz.uri}/authz/oauth/v20/authorize
maxkey.oidc.metadata.tokenEndpoint              =${maxkey.server.authz.uri}/authz/oauth/v20/token
maxkey.oidc.metadata.userinfoEndpoint           =${maxkey.server.authz.uri}/api/connect/userinfo

#############################################################################
#SAML V2.0 configuration                                                    #
#############################################################################
#saml common
maxkey.saml.v20.max.parser.pool.size                            =2
maxkey.saml.v20.assertion.validity.time.ins.seconds             =90
maxkey.saml.v20.replay.cache.life.in.millis                     =14400000
maxkey.saml.v20.issue.instant.check.clock.skew.in.seconds       =90
maxkey.saml.v20.issue.instant.check.validity.time.in.seconds    =300
#saml Identity Provider keystore
maxkey.saml.v20.idp.keystore.password                           =maxkey
maxkey.saml.v20.idp.keystore.private.key.password               =maxkey
maxkey.saml.v20.idp.keystore                                    =classpath\:config/samlServerKeystore.jks
#keystore Identity Provider for security
maxkey.saml.v20.idp.issuing.entity.id                           =maxkey.top
maxkey.saml.v20.idp.issuer                                      =${maxkey.server.authz.uri}/saml
maxkey.saml.v20.idp.receiver.endpoint                           =https\://sso.maxkey.top/
#Saml v20 Identity Provider METADATA
maxkey.saml.v20.metadata.orgName                =MaxKeyTop
maxkey.saml.v20.metadata.orgDisplayName         =MaxKeyTop
maxkey.saml.v20.metadata.orgURL                 =https://www.maxkey.top
maxkey.saml.v20.metadata.contactType            =technical
maxkey.saml.v20.metadata.company                =MaxKeyTop
maxkey.saml.v20.metadata.givenName              =maxkey
maxkey.saml.v20.metadata.surName                =maxkey
maxkey.saml.v20.metadata.emailAddress           =maxkeysupport@163.com
maxkey.saml.v20.metadata.telephoneNumber        =4008981111

#saml RelayParty keystore
maxkey.saml.v20.sp.keystore.password                            =maxkey
maxkey.saml.v20.sp.keystore.private.key.password                =maxkey
maxkey.saml.v20.sp.keystore                                     =classpath\:config/samlClientKeystore.jks
maxkey.saml.v20.sp.issuing.entity.id                            =client.maxkey.org

############################################################################
#Management endpoints configuration                                        #
############################################################################
management.security.enabled                     =false
#management.endpoints.jmx.exposure.include=health,info
#management.endpoints.web.exposure.include=metrics,health,info,env
management.endpoints.web.exposure.include       =*
management.endpoint.health.show-details         =ALWAYS
#Spring Boot Admin Client
spring.boot.admin.client.url                    =${SPRING_BOOT_ADMIN_URL:http://127.0.0.1:9528}
management.health.redis.enabled                 =false
management.health.mail.enabled                  =false

############################################################################
#Do not modify the following configuration 
############################################################################
#springfox.documentation.swagger.v2.path=/api-docs                         #
#Swagger Configure Properties                                              #
############################################################################
maxkey.swagger.enable                           =true
maxkey.swagger.title                            =MaxKey\u5355\u70b9\u767b\u5f55\u8ba4\u8bc1\u7cfb\u7edfAPI\u6587\u6863
maxkey.swagger.description                      =MaxKey\u5355\u70b9\u767b\u5f55\u8ba4\u8bc1\u7cfb\u7edfAPI\u6587\u6863
maxkey.swagger.version                          =${application.formatted-version}

############################################################################
#freemarker configuration                                                  #
############################################################################
spring.freemarker.template-loader-path          =classpath:/templates/views
spring.freemarker.cache                         =false
spring.freemarker.charset                       =UTF-8
spring.freemarker.check-template-location       =true
spring.freemarker.content-type                  =text/html
spring.freemarker.expose-request-attributes     =false
spring.freemarker.expose-session-attributes     =false
spring.freemarker.request-context-attribute     =request
spring.freemarker.suffix                        =.ftl

############################################################################
#static resources configuration                                            #
############################################################################
spring.mvc.static-path-pattern                  =/static/**
spring.messages.basename                        =classpath:messages/message
spring.messages.encoding                        =UTF-8

############################################################################
#server servlet encoding configuration                                     #
############################################################################
#encoding
#server.servlet.encoding.charset=UTF-8
#server.servlet.encoding.enabled=true
#server.servlet.encoding.force=true

############################################################################
#Servlet multipart configuration                                           #
############################################################################
spring.servlet.multipart.enabled                =true
spring.servlet.multipart.max-file-size          =4194304