############################################################################ # Copyright [2021] [MaxKey of copyright http://www.maxkey.top] # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. ############################################################################ #spring.profiles.active=http # ############################################################################ #server port server.port =8080 #session default 1800 #1800s =30m #28800s=8h server.servlet.session.timeout =1800 #server context path server.servlet.context-path =/maxkey #nacos spring.cloud.nacos.discovery.enabled =${NACOS_DISCOVERY_ENABLED:false} spring.cloud.nacos.discovery.instance-enabled =false spring.cloud.nacos.discovery.server-addr =${NACOS_DISCOVERY_SERVER_ADDR:127.0.0.1:8848} ############################################################################ #domain name configuration # ############################################################################ maxkey.server.scheme =http maxkey.server.basedomain =${SERVER_DOMAIN:maxkey.top} maxkey.server.domain =sso.${maxkey.server.basedomain} maxkey.server.name =${maxkey.server.scheme}://${maxkey.server.domain} maxkey.server.uri =${maxkey.server.name}:${server.port}/maxkey #default.uri maxkey.server.default.uri =${maxkey.server.uri}:${server.port}/maxkey/appList maxkey.server.mgt.uri =${maxkey.server.name}:9527/maxkey-mgt/login maxkey.server.authz.uri =${maxkey.server.name}:${server.port}/maxkey #InMemory 0 , Redis 2 maxkey.server.persistence =${SERVER_PERSISTENCE:0} #identity maxkey.server.kafka.support =${SERVER_KAFKA_SUPPORT:false} #issuer name maxkey.app.issuer =CN=ConSec,CN=COM,CN=SH ############################################################################ #Login configuration # ############################################################################ #enable captcha maxkey.login.captcha =${LOGIN_CAPTCHA:true} #text or arithmetic maxkey.login.captcha.type =${LOGIN_CAPTCHA_TYPE:text} #enable two factor,use one time password maxkey.login.mfa =${LOGIN_MFA_ENABLED:true} #TimeBasedOtpAuthn MailOtpAuthn SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud maxkey.login.mfa.type =${LOGIN_MFA_TYPE:TimeBasedOtpAuthn} #enable social sign on maxkey.login.socialsignon =${LOGIN_SOCIAL_ENABLED:true} #social sign on providers maxkey.login.socialsignon.providers =${LOGIN_SOCIAL_PROVIDERS:gitee,wechatopen,sinaweibo,google,qq,dingtalk,microsoft,facebook,workweixin} #Enable kerberos/SPNEGO maxkey.login.kerberos =false #wsFederation maxkey.login.wsfederation =false #remeberme maxkey.login.remeberme =${LOGIN_REMEBERME:true} #validity maxkey.login.remeberme.validity =0 #JWT support maxkey.login.jwt =${LOGIN_JWT:true} maxkey.login.jwt.issuer =${LOGIN_JWT_ISSUER:https://${maxkey.server.domain}/maxkey} #to default application web site maxkey.login.default.uri =appList maxkey.ipaddress.whitelist =false #notices show maxkey.notices.visible =false ############################################################################ #ssl configuration # ############################################################################ #server.ssl.key-store=maxkeyserver.keystore #server.ssl.key-alias=maxkey #server.ssl.enabled=true #server.ssl.key-store-password=maxkey #server.ssl.key-store-type=JKS ############################################################################ #database configuration # supported database # mysql # highgo # postgresql ############################################################################ spring.datasource.type =com.alibaba.druid.pool.DruidDataSource #mysql spring.datasource.driver-class-name =com.mysql.cj.jdbc.Driver spring.datasource.username =${DATABASE_USER:root} spring.datasource.password =${DATABASE_PWD:maxkey} spring.datasource.url =jdbc:mysql://${DATABASE_HOST:localhost}:${DATABASE_PORT:3306}/${DATABASE_NAME:maxkey}?autoReconnect=true&characterEncoding=UTF-8&serverTimezone=UTC #highgo #spring.datasource.driver-class-name=com.highgo.jdbc.Driver #spring.datasource.username=highgo #spring.datasource.password=High@123 #spring.datasource.url=jdbc:highgo://192.168.56.107:5866/highgo?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Shanghai #postgresql #spring.datasource.driver-class-name=org.postgresql.Driver #spring.datasource.username=root #spring.datasource.password=maxkey! #spring.datasource.url=jdbc:postgresql://localhost/maxkey?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Shanghai #mybatis mybatis.dialect =mysql mybatis.type-aliases-package =org.maxkey.entity,org.maxkey.entity.apps, mybatis.mapper-locations =classpath*:/org/maxkey/persistence/mapper/xml/${mybatis.dialect}/*.xml mybatis.table-column-snowflake-datacenter-id =1 mybatis.table-column-snowflake-machine-id =1 mybatis.table-column-escape =false mybatis.table-column-case =lowercase ############################################################################ #redis server configuration # ############################################################################ spring.redis.host =${REDIS_HOST:127.0.0.1} spring.redis.port =${REDIS_PORT:6379} spring.redis.password =${REDIS_PWD:password} spring.redis.timeout =10000 spring.redis.jedis.pool.max-wait =1000 spring.redis.jedis.pool.max-idle =200 spring.redis.lettuce.pool.max-active =-1 spring.redis.lettuce.pool.min-idle =0 ############################################################################ #mail configuration # ############################################################################ spring.mail.default-encoding =utf-8 spring.mail.host =${MAIL_HOST:smtp.163.com} spring.mail.port =${MAIL_PORT:465} spring.mail.username =${MAIL_USER:maxkey@163.com} spring.mail.password =${MAIL_PWD:password} spring.mail.protocol =smtp spring.mail.properties.ssl =true spring.mail.properties.sender =${MAIL_SENDER:maxkey@163.com} spring.mail.properties.mailotp.message.subject =MaxKey One Time PassWord spring.mail.properties.mailotp.message.template ={0} You Token is {1} , it validity in {2} minutes. spring.mail.properties.mailotp.message.type =html spring.mail.properties.mailotp.message.validity =300 ############################################################################ #Spring Session for Cluster configuration # ############################################################################ # Session store type. spring.session.store-type =none #spring.session.store-type=redis # Session timeout. If a duration suffix is not specified, seconds is used. #server.servlet.session.timeout=1800 # Sessions flush mode. #spring.session.redis.flush-mode=on_save # Namespace for keys used to store sessions. #spring.session.redis.namespace=spring:session ############################################################################ #Kafka for connectors configuration # ############################################################################ spring.kafka.bootstrap-servers =${KAFKA_SERVERS:localhost:9092} # retries spring.kafka.producer.retries =0 # acks spring.kafka.producer.acks =1 # batch-size spring.kafka.producer.batch-size =16384 # linger.ms spring.kafka.producer.properties.linger.ms =0 # buffer-memory spring.kafka.producer.buffer-memory =33554432 # serializer spring.kafka.producer.key-serializer =org.apache.kafka.common.serialization.StringSerializer spring.kafka.producer.value-serializer =org.apache.kafka.common.serialization.StringSerializer # partitioner #spring.kafka.producer.properties.partitioner.class=com.felix.kafka.producer.CustomizePartitioner ############################################################################ #SMS Message Login configuration # #aliyun yunxin tencentcloud # ############################################################################ #default maxkey.otp.sms.provider =${SMS_PROVIDER:yunxin} #aliyun maxkey.otp.sms.aliyun.accesskeyid =${SMS_ALIYUN_ACCESSKEYID:94395d754eb55693043f5d6a2b772ef4} maxkey.otp.sms.aliyun.accesssecret =${SMS_ALIYUN_ACCESSSECRET:05d5485357bc} maxkey.otp.sms.aliyun.templatecode =${SMS_ALIYUN_TEMPLATECODE:14860095} maxkey.otp.sms.aliyun.signname =${SMS_ALIYUN_SIGNNAME:maxkey} #yunxin maxkey.otp.sms.yunxin.appkey =${SMS_YUNXIN_APPKEY:94395d754eb55693043f5d6a2b772ef3} maxkey.otp.sms.yunxin.appsecret =${SMS_YUNXIN_APPSECRET:05d5485357bc} maxkey.otp.sms.yunxin.templateid =${SMS_YUNXIN_TEMPLATEID:14860099} #tencentcloud maxkey.otp.sms.tencentcloud.secretid =${SMS_TENCENTCLOUD_SECRETID:94395d754eb55693043f5d6a2b772ef4} maxkey.otp.sms.tencentcloud.secretkey =${SMS_TENCENTCLOUD_SECRETKEY:05d5485357bc} maxkey.otp.sms.tencentcloud.smssdkappid =${SMS_TENCENTCLOUD_SMSSDKAPPID:1486220095} maxkey.otp.sms.tencentcloud.templateid =${SMS_TENCENTCLOUD_TEMPLATEID:14860095} maxkey.otp.sms.tencentcloud.sign =${SMS_TENCENTCLOUD_SIGN:1486009522} ############################################################################ #Time-based One-Time Password configuration # ############################################################################ maxkey.otp.policy.type =totp maxkey.otp.policy.digits =6 maxkey.otp.policy.issuer =${OTP_POLICY_ISSUER:MaxKey} maxkey.otp.policy.domain =${maxkey.server.domain} maxkey.otp.policy.period =30 ############################################################################ #LDAP Login support configuration # ############################################################################ maxkey.login.ldap.enable =${LDAP_ENABLE:false} maxkey.login.ldap.jit =false #openldap,activedirectory,normal maxkey.login.ldap.product =${LDAP_PRODUCT:openldap} maxkey.login.ldap.ssl =${LDAP_SSL:false} maxkey.login.ldap.providerurl =${LDAP_PROVIDERURL:ldap://localhost:389} maxkey.login.ldap.principal =${LDAP_PRINCIPAL:cn=Manager,dc=maxcrc,dc=com} maxkey.login.ldap.credentials =${LDAP_CREDENTIALS:secret} maxkey.login.ldap.basedn =${LDAP_BASEDN:dc=maxcrc,dc=com} maxkey.login.ldap.filter =(uid=%s) maxkey.login.ldap.truststore =${LDAP_TRUSTSTORE:maxkey} maxkey.login.ldap.truststorepassword =${LDAP_TRUSTSTORE_PASSWORD:maxkey} #activedirectory effective maxkey.login.ldap.activedirectory.domain =${LDAP_AD_DOMAIN:MAXKEY.ORG} ############################################################################ #Kerberos Login configuration # #short name of user domain must be in upper case,eg:MAXKEY # ############################################################################ maxkey.login.kerberos.default.userdomain =MAXKEY #short name of user domain must be in upper case,eg:MAXKEY.ORG maxkey.login.kerberos.default.fulluserdomain =MAXKEY.ORG #last 8Bit crypto for Kerberos web Authentication maxkey.login.kerberos.default.crypto =846KZSzYq56M6d5o #Kerberos Authentication server RUL maxkey.login.kerberos.default.redirecturi =http://sso.maxkey.top/kerberos/authn/ ############################################################################ #HTTPHEADER Login configuration # ############################################################################ maxkey.login.httpheader.enable =false maxkey.login.httpheader.headername =header-user # iv-user is for IBM Security Access Manager #config.httpheader.headername=iv-user ############################################################################ #BASIC Login support configuration # ############################################################################ maxkey.login.basic.enable =false ############################################################################# #WsFederation Login support configuration #identifier: the identifer for the ADFS server #url: the login url for ADFS #principal: the name of the attribute/assertion returned by ADFS that contains the principal's username. #relyingParty: the identifier of the CAS Server as it has been configured in ADFS. #tolerance: (optional) the amount of drift to allow when validating the timestamp on the token. Default: 10000 (ms) #attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server #signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS. ############################################################################ maxkey.login.wsfederation.identifier =http://adfs.maxkey.top/adfs/services/trust maxkey.login.wsfederation.url =https://adfs.maxkey.top/adfs/ls/ maxkey.login.wsfederation.principal =upn maxkey.login.wsfederation.relyingParty =urn:federation:connsec maxkey.login.wsfederation.signingCertificate =adfs-signing.crt maxkey.login.wsfederation.tolerance =10000 maxkey.login.wsfederation.upn.suffix =maxkey.org maxkey.login.wsfederation.logoutUrl =https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0 ############################################################################# #OIDC V1.0 METADATA configuration # ############################################################################# maxkey.oidc.metadata.issuer =${maxkey.server.name}/maxkey maxkey.oidc.metadata.authorizationEndpoint =${maxkey.server.name}/maxkey/authz/oauth/v20/authorize maxkey.oidc.metadata.tokenEndpoint =${maxkey.server.name}/maxkey/authz/oauth/v20/token maxkey.oidc.metadata.userinfoEndpoint =${maxkey.server.name}/maxkey/api/connect/userinfo ############################################################################# #SAML V2.0 configuration # ############################################################################# #saml common maxkey.saml.v20.max.parser.pool.size =2 maxkey.saml.v20.assertion.validity.time.ins.seconds =90 maxkey.saml.v20.replay.cache.life.in.millis =14400000 maxkey.saml.v20.issue.instant.check.clock.skew.in.seconds =90 maxkey.saml.v20.issue.instant.check.validity.time.in.seconds =300 #saml idp keystore maxkey.saml.v20.idp.keystore.password =maxkey maxkey.saml.v20.idp.keystore.private.key.password =maxkey maxkey.saml.v20.idp.keystore =classpath\:config/samlServerKeystore.jks #keystore id for sec maxkey.saml.v20.idp.issuing.entity.id =maxkey.top maxkey.saml.v20.idp.issuer =https://sso.maxkey.top/maxkey/saml maxkey.saml.v20.idp.receiver.endpoint =https\://sso.maxkey.top/ #saml sp keystore maxkey.saml.v20.sp.keystore.password =maxkey maxkey.saml.v20.sp.keystore.private.key.password =maxkey maxkey.saml.v20.sp.keystore =classpath\:config/samlClientKeystore.jks maxkey.saml.v20.sp.issuing.entity.id =client.maxkey.org #Saml v20 METADATA maxkey.saml.v20.metadata.orgName =MaxKeyTop maxkey.saml.v20.metadata.orgDisplayName =MaxKeyTop maxkey.saml.v20.metadata.orgURL =https://www.maxkey.top maxkey.saml.v20.metadata.contactType =technical maxkey.saml.v20.metadata.company =MaxKeyTop maxkey.saml.v20.metadata.givenName =maxkey maxkey.saml.v20.metadata.surName =maxkey maxkey.saml.v20.metadata.emailAddress =maxkeysupport@163.com maxkey.saml.v20.metadata.telephoneNumber =4008981111 ############################################################################ # Social Sign On Configuration # #you config client.id & client.secret only # ############################################################################ #gitee maxkey.socialsignon.gitee.provider =gitee maxkey.socialsignon.gitee.provider.name =Gitee maxkey.socialsignon.gitee.icon =images/social/gitee.png maxkey.socialsignon.gitee.client.id =${SOCIAL_GITEE_CLIENTID:ee6fdc484b3398d17e77d6ff37fd8b9fe502106398c7b22bf5522d3c01303f45} maxkey.socialsignon.gitee.client.secret =${SOCIAL_GITEE_CLIENTSECRET:d6c3558f295f044df538c966a9084166f9a877c7a7392543184007a5faccdbad} maxkey.socialsignon.gitee.account.id =id maxkey.socialsignon.gitee.hidden =false maxkey.socialsignon.gitee.sortorder =1 #wechat maxkey.socialsignon.wechatopen.provider =wechatopen maxkey.socialsignon.wechatopen.provider.name =\u5fae\u4fe1 maxkey.socialsignon.wechatopen.icon =images/social/wechat.png maxkey.socialsignon.wechatopen.client.id =${SOCIAL_WECHATOPEN_CLIENTID:ee6fdc484b3398d17e7} maxkey.socialsignon.wechatopen.client.secret =${SOCIAL_WECHATOPEN_CLIENTSECRET:7a5faccdbad} maxkey.socialsignon.wechatopen.account.id =id maxkey.socialsignon.wechatopen.hidden =false maxkey.socialsignon.wechatopen.sortorder =2 #work weixin maxkey.socialsignon.workweixin.provider =workweixin maxkey.socialsignon.workweixin.provider.name =\u4F01\u4E1A\u5fae\u4fe1 maxkey.socialsignon.workweixin.icon =images/social/wechat_enterprise.png maxkey.socialsignon.workweixin.client.id =${SOCIAL_WORKWEIXIN_CLIENTID:ww61ca142e1fe5b8ca} maxkey.socialsignon.workweixin.client.secret =${SOCIAL_WORKWEIXIN_CLIENTSECRET:CfWEoALuKdSKzXiV-QWXeGSD5zPd6Svze3GR_gB5eFs} maxkey.socialsignon.workweixin.agent.id =${SOCIAL_WORKWEIXIN_AGENTID:1000002} maxkey.socialsignon.workweixin.account.id =id maxkey.socialsignon.workweixin.hidden =true maxkey.socialsignon.workweixin.sortorder =2 #sina weibo maxkey.socialsignon.sinaweibo.provider =sinaweibo maxkey.socialsignon.sinaweibo.provider.name =\u65b0\u6d6a\u5fae\u535a maxkey.socialsignon.sinaweibo.icon =images/social/weibo.png maxkey.socialsignon.sinaweibo.client.id =${SOCIAL_SINAWEIBO_CLIENTID:3379757634} maxkey.socialsignon.sinaweibo.client.secret =${SOCIAL_SINAWEIBO_CLIENTSECRET:1adfdf9800299037bcab9d1c238664ba} maxkey.socialsignon.sinaweibo.account.id =id maxkey.socialsignon.sinaweibo.hidden =false maxkey.socialsignon.sinaweibo.sortorder =3 #Google maxkey.socialsignon.google.provider =google maxkey.socialsignon.google.provider.name =Google maxkey.socialsignon.google.icon =images/social/google.png maxkey.socialsignon.google.client.id =${SOCIAL_GOOGLE_CLIENTID:519914515488.apps.googleusercontent.com} maxkey.socialsignon.google.client.secret =${SOCIAL_GOOGLE_CLIENTSECRET:3aTW3Iw7e11QqMnHxciCaXTt} maxkey.socialsignon.google.account.id =id maxkey.socialsignon.google.hidden =false maxkey.socialsignon.google.sortorder =4 #dingtalk maxkey.socialsignon.dingtalk.provider =dingtalk maxkey.socialsignon.dingtalk.provider.name =dingtalk maxkey.socialsignon.dingtalk.icon =images/social/dingtalk.png maxkey.socialsignon.dingtalk.client.id =${SOCIAL_DINGTALK_CLIENTID:dingoawf2jyiwh2uzqnphg} maxkey.socialsignon.dingtalk.client.secret =${SOCIAL_DINGTALK_CLIENTSECRET:Crm7YJbMKfRlvG2i1SHpg4GHVpqF_oXiEjhmRQyiSiuzNRWpbFh9i0UjDTfhOoN9} maxkey.socialsignon.dingtalk.account.id =openid maxkey.socialsignon.dingtalk.hidden =false maxkey.socialsignon.dingtalk.sortorder =5 #QQ maxkey.socialsignon.qq.provider =qq maxkey.socialsignon.qq.provider.name =QQ maxkey.socialsignon.qq.icon =images/social/qq.png maxkey.socialsignon.qq.client.id =${SOCIAL_QQ_CLIENTID:101225363} maxkey.socialsignon.qq.client.secret =${SOCIAL_QQ_CLIENTSECRET:8577d75e0eb4a91ac549cc8be3371bfd} maxkey.socialsignon.qq.account.id =openid maxkey.socialsignon.qq.hidden =false maxkey.socialsignon.qq.sortorder =6 #Microsoft maxkey.socialsignon.microsoft.provider =microsoft maxkey.socialsignon.microsoft.provider.name =Microsoft maxkey.socialsignon.microsoft.icon =images/social/microsoft.png maxkey.socialsignon.microsoft.client.id =${SOCIAL_MICROSOFT_CLIENTID:24aa73b6-7928-4e64-bd64-d8682e650f95} maxkey.socialsignon.microsoft.client.secret =${SOCIAL_MICROSOFT_CLIENTSECRET:PF[_AthtjVrtWVO2mNy@CJxY1@Z8FNf5} maxkey.socialsignon.microsoft.account.id =id maxkey.socialsignon.microsoft.hidden =false maxkey.socialsignon.microsoft.sortorder =7 #facebook maxkey.socialsignon.facebook.provider =facebook maxkey.socialsignon.facebook.provider.name =facebook maxkey.socialsignon.facebook.icon =images/social/facebook.png maxkey.socialsignon.facebook.client.id =${SOCIAL_FACEBOOK_CLIENTID:appKey} maxkey.socialsignon.facebook.client.secret =${SOCIAL_FACEBOOK_CLIENTSECRET:appSecret} maxkey.socialsignon.facebook.account.id =id maxkey.socialsignon.facebook.hidden =false maxkey.socialsignon.facebook.sortorder =8 ############################################################################ #Management endpoints configuration # ############################################################################ management.security.enabled =false #management.endpoints.jmx.exposure.include=health,info #management.endpoints.web.exposure.include=metrics,health,info,env management.endpoints.web.exposure.include =* management.endpoint.health.show-details =ALWAYS #Spring Boot Admin Client spring.boot.admin.client.url =${SPRING_BOOT_ADMIN_URL:http://127.0.0.1:9528} management.health.redis.enabled =false ############################################################################ #springfox.documentation.swagger.v2.path=/api-docs # #Swagger Configure Properties # ############################################################################ maxkey.swagger.enable =true maxkey.swagger.title =MaxKey\u5355\u70b9\u767b\u5f55\u8ba4\u8bc1\u7cfb\u7edfapi\u6587\u6863 maxkey.swagger.description =MaxKey\u5355\u70b9\u767b\u5f55\u8ba4\u8bc1\u7cfb\u7edfapi\u6587\u6863 maxkey.swagger.version =${application.formatted-version} ############################################################################ #freemarker configuration # ############################################################################ spring.freemarker.template-loader-path =classpath:/templates/views spring.freemarker.cache =false spring.freemarker.charset =UTF-8 spring.freemarker.check-template-location =true spring.freemarker.content-type =text/html spring.freemarker.expose-request-attributes =false spring.freemarker.expose-session-attributes =false spring.freemarker.request-context-attribute =request spring.freemarker.suffix =.ftl ############################################################################ #static resources configuration # ############################################################################ spring.mvc.static-path-pattern =/static/** spring.messages.basename =classpath:messages/message spring.messages.encoding =UTF-8 ############################################################################ #server servlet encoding configuration # ############################################################################ #encoding #server.servlet.encoding.charset=UTF-8 #server.servlet.encoding.enabled=true #server.servlet.encoding.force=true ############################################################################ #Servlet multipart configuration # ############################################################################ spring.servlet.multipart.enabled =true spring.servlet.multipart.max-file-size =4194304