MaxKey/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-maxkey.properties

############################################################################
#  Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
#  
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#  
#      http://www.apache.org/licenses/LICENSE-2.0
#  
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
############################################################################
#spring.profiles.active=http                                               #
############################################################################
#server port
server.port                                     =${SERVER_PORT:9527}
#session default 600
#600s   =10m
#1800s  =30m
#3600s  =1h
#28800s =8h
server.servlet.session.timeout                  =${SERVLET_SESSION_TIMEOUT:600}
#server context path
server.servlet.context-path                     =/sign

server.frontend.port                            =${SERVER_FRONTEND_PORT:4200}
############################################################################
#domain name configuration                                                 #
############################################################################
maxkey.server.scheme                            =http
maxkey.server.basedomain                        =${SERVER_DOMAIN:maxkey.top}
maxkey.server.domain                            =sso.${maxkey.server.basedomain}
maxkey.server.name                              =${maxkey.server.scheme}://${maxkey.server.domain}
maxkey.server.uri                               =${maxkey.server.name}:${server.port}${server.servlet.context-path}
#default.uri                
maxkey.server.default.uri                       =${maxkey.server.uri}/appList
maxkey.server.mgt.uri                           =${maxkey.server.name}:9527/maxkey-mgt/login
maxkey.server.authz.uri                         =${maxkey.server.name}:${server.port}${server.servlet.context-path}
#http://sso.maxkey.top/sign
#http://sso.maxkey.top:4200
maxkey.server.frontend.uri                      =/maxkey
#InMemory 0 , Redis 2               
maxkey.server.persistence                       =${SERVER_PERSISTENCE:0}
#identity true,false
maxkey.server.provision                         =${SERVER_PROVISION:false}
#issuer name                
maxkey.app.issuer                               =CN=ConSec,CN=COM,CN=SH

#must > jwt expire * 2    
maxkey.auth.session.timeout                     =${SERVER_SESSION_TIMEOUT:1800}
maxkey.auth.jwt.expires                         =600
maxkey.auth.jwt.secret                          =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg
maxkey.auth.jwt.refresh.secret                  =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg
maxkey.auth.jwt.issuer                          =${maxkey.server.uri}

#plain,bcrypt,pbkdf2,scrypt,md4,md5,sha1,sha256,sha384,sha512,sm3,ldap
maxkey.crypto.password.encoder                  =bcrypt
############################################################################
#Login configuration                                                       #
############################################################################
#enable captcha
maxkey.login.captcha                            =${LOGIN_CAPTCHA:false}
#enable two factor,use one time password
maxkey.login.mfa                                =${LOGIN_MFA_ENABLED:true}
#TimeBasedOtpAuthn MailOtpAuthn SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud
maxkey.login.mfa.type                           =${LOGIN_MFA_TYPE:TimeBasedOtpAuthn}
#enable social sign on          
maxkey.login.socialsignon                       =${LOGIN_SOCIAL_ENABLED:true}
#Enable kerberos/SPNEGO         
maxkey.login.kerberos                           =false
#wsFederation           
maxkey.login.wsfederation                       =false
#remeberme          
maxkey.login.remeberme                          =${LOGIN_REMEBERME:true}
#validity day          
maxkey.login.remeberme.validity                 =0
#JWT support
maxkey.login.jwt                                =${LOGIN_JWT:true}
maxkey.login.jwt.issuer                         =${LOGIN_JWT_ISSUER:${maxkey.server.authz.uri}}
#whitelist       
maxkey.ipaddress.whitelist                      =false
#notices show
maxkey.notices.visible                          =false
############################################################################
#ssl configuration                                                         #
############################################################################
#server.ssl.key-store=maxkeyserver.keystore
#server.ssl.key-alias=maxkey
#server.ssl.enabled=true
#server.ssl.key-store-password=maxkey
#server.ssl.key-store-type=JKS

############################################################################
#database configuration 
#   supported database
#       mysql
#       highgo
#       postgresql
############################################################################
spring.datasource.type                          =com.alibaba.druid.pool.DruidDataSource
#mysql
spring.datasource.driver-class-name             =com.mysql.cj.jdbc.Driver
spring.datasource.username                      =${DATABASE_USER:root}
spring.datasource.password                      =${DATABASE_PWD:maxkey}
spring.datasource.url                           =jdbc:mysql://${DATABASE_HOST:localhost}:${DATABASE_PORT:3306}/${DATABASE_NAME:maxkey}?allowPublicKeyRetrieval=true&useSSL=false&autoReconnect=true&characterEncoding=UTF-8&serverTimezone=UTC
#highgo
#spring.datasource.driver-class-name=com.highgo.jdbc.Driver
#spring.datasource.username=highgo
#spring.datasource.password=High@123
#spring.datasource.url=jdbc:highgo://192.168.56.107:5866/highgo?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Shanghai
#postgresql
#spring.datasource.driver-class-name=org.postgresql.Driver
#spring.datasource.username=root
#spring.datasource.password=maxkey!
#spring.datasource.url=jdbc:postgresql://localhost/maxkey?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Shanghai
#mybatis
mybatis.dialect                                 =mysql
mybatis.type-aliases-package                    =org.dromara.maxkey.entity,org.dromara.maxkey.entity.apps,
mybatis.mapper-locations                        =classpath*:/org/dromara/maxkey/persistence/mapper/xml/${mybatis.dialect}/*.xml
mybatis.table-column-snowflake-datacenter-id    =1
mybatis.table-column-snowflake-machine-id       =1
mybatis.table-column-escape                     =false
mybatis.table-column-case                       =lowercase

############################################################################
#spring json 
spring.jackson.time-zone=GMT+8
spring.jackson.date-format=yyyy-MM-dd HH:mm:ss
# default-property-inclusion: NON_NULL
spring.mvc.date-format=yyyy-MM-dd HH:mm:ss

############################################################################
#redis server  configuration                                               #
############################################################################
spring.redis.host                               =${REDIS_HOST:127.0.0.1}
spring.redis.port                               =${REDIS_PORT:6379}
spring.redis.password                           =${REDIS_PWD:password}
spring.redis.timeout                            =10000
spring.redis.jedis.pool.max-wait                =1000
spring.redis.jedis.pool.max-idle                =200
spring.redis.lettuce.pool.max-active            =-1
spring.redis.lettuce.pool.min-idle              =0

############################################################################
#mail configuration                                                        #
############################################################################
spring.mail.default-encoding                    =utf-8
spring.mail.host                                =${MAIL_HOST:smtp.163.com}
spring.mail.port                                =${MAIL_PORT:465}
spring.mail.username                            =${MAIL_USER:maxkey@163.com}
spring.mail.password                            =${MAIL_PWD:password}
spring.mail.protocol                            =smtp
spring.mail.properties.ssl                      =true
spring.mail.properties.sender                   =${MAIL_SENDER:maxkey@163.com}
spring.mail.properties.mailotp.message.subject  =MaxKey One Time PassWord
spring.mail.properties.mailotp.message.template ={0} You Token is {1} , it validity in {2}  minutes.
spring.mail.properties.mailotp.message.type     =html
spring.mail.properties.mailotp.message.validity =300

############################################################################ 
#Time-based One-Time Password configuration                                #
############################################################################
maxkey.otp.policy.type                          =totp
maxkey.otp.policy.digits                        =6
maxkey.otp.policy.issuer                        =${OTP_POLICY_ISSUER:MaxKey}
maxkey.otp.policy.domain                        =${maxkey.server.domain}
maxkey.otp.policy.period                        =30

############################################################################ 
#Kerberos Login configuration                                              #
#short name of user domain must be in upper case,eg:MAXKEY                 #
############################################################################
maxkey.login.kerberos.default.userdomain      =MAXKEY
#short name of user domain must be in upper case,eg:MAXKEY.ORG
maxkey.login.kerberos.default.fulluserdomain  =MAXKEY.ORG
#last 8Bit crypto for Kerberos web Authentication 
maxkey.login.kerberos.default.crypto          =846KZSzYq56M6d5o
#Kerberos Authentication server RUL
maxkey.login.kerberos.default.redirecturi     =http://sso.maxkey.top/kerberos/authn/

############################################################################ 
#HTTPHEADER Login configuration                                            #
############################################################################
maxkey.login.httpheader.enable                =false
maxkey.login.httpheader.headername            =header-user
# iv-user is for IBM Security Access Manager
#config.httpheader.headername=iv-user

############################################################################ 
#BASIC Login support configuration                                         #
############################################################################
maxkey.login.basic.enable                     =false

#############################################################################
#WsFederation Login support configuration
#identifier: the identifer for the ADFS server
#url: the login url for ADFS
#principal: the name of the attribute/assertion returned by ADFS that contains the principal's username.
#relyingParty: the identifier of the CAS Server as it has been configured in ADFS.
#tolerance: (optional) the amount of drift to allow when validating the timestamp on the token. Default: 10000 (ms)
#attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server
#signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS.
############################################################################
maxkey.login.wsfederation.identifier          =http://adfs.maxkey.top/adfs/services/trust
maxkey.login.wsfederation.url                 =https://adfs.maxkey.top/adfs/ls/
maxkey.login.wsfederation.principal           =upn
maxkey.login.wsfederation.relyingParty        =urn:federation:connsec
maxkey.login.wsfederation.signingCertificate  =adfs-signing.crt
maxkey.login.wsfederation.tolerance           =10000
maxkey.login.wsfederation.upn.suffix          =maxkey.org
maxkey.login.wsfederation.logoutUrl           =https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0

#############################################################################
#OIDC V1.0 METADATA configuration                                           #
#############################################################################
maxkey.oidc.metadata.issuer                     =${maxkey.server.authz.uri}
maxkey.oidc.metadata.authorizationEndpoint      =${maxkey.server.authz.uri}/authz/oauth/v20/authorize
maxkey.oidc.metadata.tokenEndpoint              =${maxkey.server.authz.uri}/authz/oauth/v20/token
maxkey.oidc.metadata.userinfoEndpoint           =${maxkey.server.authz.uri}/api/connect/userinfo

#############################################################################
#SAML V2.0 configuration                                                    #
#############################################################################
#saml common
maxkey.saml.v20.max.parser.pool.size                            =2
maxkey.saml.v20.assertion.validity.time.ins.seconds             =90
maxkey.saml.v20.replay.cache.life.in.millis                     =14400000
maxkey.saml.v20.issue.instant.check.clock.skew.in.seconds       =90
maxkey.saml.v20.issue.instant.check.validity.time.in.seconds    =300
#saml Identity Provider keystore
maxkey.saml.v20.idp.keystore.password                           =maxkey
maxkey.saml.v20.idp.keystore.private.key.password               =maxkey
maxkey.saml.v20.idp.keystore                                    =classpath\:config/samlServerKeystore.jks
#keystore Identity Provider for security
maxkey.saml.v20.idp.issuing.entity.id                           =maxkey.top
maxkey.saml.v20.idp.issuer                                      =${maxkey.server.authz.uri}/saml
maxkey.saml.v20.idp.receiver.endpoint                           =https\://sso.maxkey.top/
#Saml v20 Identity Provider METADATA
maxkey.saml.v20.metadata.orgName                =MaxKeyTop
maxkey.saml.v20.metadata.orgDisplayName         =MaxKeyTop
maxkey.saml.v20.metadata.orgURL                 =https://www.maxkey.top
maxkey.saml.v20.metadata.contactType            =technical
maxkey.saml.v20.metadata.company                =MaxKeyTop
maxkey.saml.v20.metadata.givenName              =maxkey
maxkey.saml.v20.metadata.surName                =maxkey
maxkey.saml.v20.metadata.emailAddress           =maxkeysupport@163.com
maxkey.saml.v20.metadata.telephoneNumber        =4008981111

#saml RelayParty keystore
maxkey.saml.v20.sp.keystore.password                            =maxkey
maxkey.saml.v20.sp.keystore.private.key.password                =maxkey
maxkey.saml.v20.sp.keystore                                     =classpath\:config/samlClientKeystore.jks
maxkey.saml.v20.sp.issuing.entity.id                            =client.maxkey.org

############################################################################
#Management endpoints configuration                                        #
############################################################################
management.security.enabled                     =false
#management.endpoints.jmx.exposure.include=health,info
#management.endpoints.web.exposure.include=metrics,health,info,env,prometheus
management.endpoints.web.exposure.include       =*
management.endpoint.health.show-details         =ALWAYS
management.health.redis.enabled                 =false
management.health.mail.enabled                  =false

#Spring Boot Admin Client
spring.boot.admin.client.enabled                =${SPRING_BOOT_ADMIN_ENABLED:false}
spring.boot.admin.client.url                    =${SPRING_BOOT_ADMIN_URL:http://127.0.0.1:9528}
spring.boot.admin.client.username               =${SPRING_BOOT_ADMIN_USERNAME:}
spring.boot.admin.client.password               =${SPRING_BOOT_ADMIN_PASSWORD:}


############################################################################
#Do not modify the following configuration 
############################################################################
#springfox.documentation.swagger.v2.path=/api-docs                         #
#Swagger Configure Properties                                              #
############################################################################
maxkey.swagger.enable                           =true
maxkey.swagger.title                            =MaxKey\u5355\u70b9\u767b\u5f55\u8ba4\u8bc1\u7cfb\u7edfAPI\u6587\u6863
maxkey.swagger.description                      =MaxKey\u5355\u70b9\u767b\u5f55\u8ba4\u8bc1\u7cfb\u7edfAPI\u6587\u6863
maxkey.swagger.version                          =${application.formatted-version}

springdoc.swagger-ui.path                       =/swagger-ui.html
springdoc.swagger-ui.enabled                    =true
springdoc.swagger-ui.tags-sorter                =alpha
springdoc.swagger-ui.operations-sorter          =alpha
springdoc.swagger-ui.showExtensions             =true
springdoc.api-docs.path                         =/v3/api-docs
springdoc.group-configs[0].group                =default
springdoc.group-configs[0].paths-to-match       =/*
springdoc.group-configs[0].packages-to-scan     =org.dromara.maxkey

knife4j.enable                                  =true
knife4j.setting.language                        =zh_cn
knife4j.setting.swagger-model-name              =\u5B9E\u4F53\u7C7B\u5217\u8868

############################################################################
#freemarker configuration                                                  #
############################################################################
spring.freemarker.template-loader-path          =classpath:/templates/views
spring.freemarker.cache                         =false
spring.freemarker.charset                       =UTF-8
spring.freemarker.check-template-location       =true
spring.freemarker.content-type                  =text/html
spring.freemarker.expose-request-attributes     =false
spring.freemarker.expose-session-attributes     =false
spring.freemarker.request-context-attribute     =request
spring.freemarker.suffix                        =.ftl

############################################################################
#static resources configuration                                            #
############################################################################
spring.mvc.static-path-pattern                  =/static/**
spring.messages.basename                        =classpath:messages/message
spring.messages.encoding                        =UTF-8

############################################################################
#server servlet encoding configuration                                     #
############################################################################
#encoding
#server.servlet.encoding.charset=UTF-8
#server.servlet.encoding.enabled=true
#server.servlet.encoding.force=true

############################################################################
#Servlet multipart configuration                                           #
############################################################################
spring.servlet.multipart.enabled                =true
spring.servlet.multipart.max-file-size          =4194304