dromara
/
MaxKey
镜像来自 https://gitee.com/dromara/MaxKey.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337
							############################################################################
#  Copyright [2021] [MaxKey of copyright http://www.maxkey.top]
#  
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#  
#      http://www.apache.org/licenses/LICENSE-2.0
#  
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.
############################################################################
#spring.profiles.active=http                                               #
############################################################################
#server port
server.port                                     =${SERVER_PORT:443}
#session default 1800
#1800s =30m
#28800s=8h
server.servlet.session.timeout                  =${SERVER_SESSION_TIMEOUT:1800}
#server context path
server.servlet.context-path                     =/maxkey
#nacos discovery
spring.cloud.nacos.discovery.enabled            =${NACOS_DISCOVERY_ENABLED:false}
spring.cloud.nacos.discovery.instance-enabled   =false
spring.cloud.nacos.discovery.server-addr        =${NACOS_DISCOVERY_SERVER_ADDR:127.0.0.1:8848}
############################################################################
#domain name configuration                                                 #
############################################################################
maxkey.server.scheme                            =https
maxkey.server.basedomain                        =${SERVER_DOMAIN:maxkey.top}
maxkey.server.domain                            =sso.${maxkey.server.basedomain}
maxkey.server.name                              =${maxkey.server.scheme}://${maxkey.server.domain}
maxkey.server.uri                               =${maxkey.server.name}${server.servlet.context-path}
#default.uri                
maxkey.server.default.uri                       =${maxkey.server.uri}/appList
maxkey.server.mgt.uri                           =${maxkey.server.name}:9527/maxkey-mgt/login
maxkey.server.authz.uri                         =${maxkey.server.name}${server.servlet.context-path}
#InMemory 0 , Redis 2               
maxkey.server.persistence                       =${SERVER_PERSISTENCE:0}
#identity none, Kafka ,RocketMQ
maxkey.server.message.queue                     =${SERVER_MESSAGE_QUEUE:none}
#issuer name                
maxkey.app.issuer                               =CN=ConSec,CN=COM,CN=SH

maxkey.auth.jwt.expire                          =86400
maxkey.auth.jwt.issuer                          =${maxkey.server.uri}
maxkey.auth.jwt.secret                          =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg
############################################################################
#Login configuration                                                       #
############################################################################
#enable captcha
maxkey.login.captcha                            =${LOGIN_CAPTCHA:false}
#enable two factor,use one time password
maxkey.login.mfa                                =${LOGIN_MFA_ENABLED:true}
#TimeBasedOtpAuthn MailOtpAuthn SmsOtpAuthnYunxin SmsOtpAuthnAliyun SmsOtpAuthnTencentCloud
maxkey.login.mfa.type                           =${LOGIN_MFA_TYPE:TimeBasedOtpAuthn}
#enable social sign on          
maxkey.login.socialsignon                       =${LOGIN_SOCIAL_ENABLED:true}
#Enable kerberos/SPNEGO         
maxkey.login.kerberos                           =false
#wsFederation           
maxkey.login.wsfederation                       =false
#remeberme          
maxkey.login.remeberme                          =${LOGIN_REMEBERME:true}
#validity           
maxkey.login.remeberme.validity                 =0
#JWT support
maxkey.login.jwt                                =${LOGIN_JWT:true}
maxkey.login.jwt.issuer                         =${LOGIN_JWT_ISSUER:${maxkey.server.authz.uri}}
#whitelist
maxkey.ipaddress.whitelist                      =false
#notices show
maxkey.notices.visible                          =false

############################################################################
#ssl configuration                                                         #
############################################################################
server.ssl.key-store                            =${SSL_KEY_STORE:classpath:maxkeyserver.keystore}
server.ssl.key-alias                            =${SSL_KEY_ALIAS:maxkey}
server.ssl.enabled                              =${SSL_ENABLED:true}
server.ssl.key-store-password                   =${SSL_KEY_PASSWORD:maxkey}
server.ssl.key-store-type                       =${SSL_KEY_STORE_TYPE:JKS}

############################################################################
#database configuration 
#   supported database
#       mysql
#       highgo
#       postgresql
############################################################################
spring.datasource.type                          =com.alibaba.druid.pool.DruidDataSource
#mysql
spring.datasource.driver-class-name             =com.mysql.cj.jdbc.Driver
spring.datasource.username                      =${DATABASE_USER:root}
spring.datasource.password                      =${DATABASE_PWD:maxkey}
spring.datasource.url                           =jdbc:mysql://${DATABASE_HOST:localhost}:${DATABASE_PORT:3306}/${DATABASE_NAME:maxkey}?autoReconnect=true&characterEncoding=UTF-8&serverTimezone=UTC
#highgo
#spring.datasource.driver-class-name=com.highgo.jdbc.Driver
#spring.datasource.username=highgo
#spring.datasource.password=High@123
#spring.datasource.url=jdbc:highgo://192.168.56.107:5866/highgo?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Shanghai
#postgresql
#spring.datasource.driver-class-name=org.postgresql.Driver
#spring.datasource.username=root
#spring.datasource.password=maxkey!
#spring.datasource.url=jdbc:postgresql://localhost/maxkey?characterEncoding=UTF-8&useUnicode=true&useSSL=false&tinyInt1isBit=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Shanghai
#mybatis
mybatis.dialect                                 =mysql
mybatis.type-aliases-package                    =org.maxkey.entity,org.maxkey.entity.apps,
mybatis.mapper-locations                        =classpath*:/org/maxkey/persistence/mapper/xml/${mybatis.dialect}/*.xml
mybatis.table-column-snowflake-datacenter-id    =1
mybatis.table-column-snowflake-machine-id       =1
mybatis.table-column-escape                     =false
mybatis.table-column-case                       =lowercase

############################################################################
#redis server  configuration                                               #
############################################################################
spring.redis.host                               =${REDIS_HOST:127.0.0.1}
spring.redis.port                               =${REDIS_PORT:6379}
spring.redis.password                           =${REDIS_PWD:password}
spring.redis.timeout                            =10000
spring.redis.jedis.pool.max-wait                =1000
spring.redis.jedis.pool.max-idle                =200
spring.redis.lettuce.pool.max-active            =-1
spring.redis.lettuce.pool.min-idle              =0

############################################################################
#mail configuration                                                        #
############################################################################
spring.mail.default-encoding                    =utf-8
spring.mail.host                                =${MAIL_HOST:smtp.163.com}
spring.mail.port                                =${MAIL_PORT:465}
spring.mail.username                            =${MAIL_USER:maxkey@163.com}
spring.mail.password                            =${MAIL_PWD:password}
spring.mail.protocol                            =smtp
spring.mail.properties.ssl                      =true
spring.mail.properties.sender                   =${MAIL_SENDER:maxkey@163.com}
spring.mail.properties.mailotp.message.subject  =MaxKey One Time PassWord
spring.mail.properties.mailotp.message.template ={0} You Token is {1} , it validity in {2}  minutes.
spring.mail.properties.mailotp.message.type     =html
spring.mail.properties.mailotp.message.validity =300

############################################################################
#Spring Session for Cluster configuration                                  #
############################################################################
# Session store type.
spring.session.store-type                       =none
#spring.session.store-type=redis
# Session timeout. If a duration suffix is not specified, seconds is used.
#server.servlet.session.timeout=1800
# Sessions flush mode.
#spring.session.redis.flush-mode=on_save 
# Namespace for keys used to store sessions.
#spring.session.redis.namespace=spring:session 

############################################################################
#Kafka for connectors configuration                                        #
############################################################################
spring.kafka.bootstrap-servers                  =${KAFKA_SERVERS:localhost:9092}
# retries   
spring.kafka.producer.retries                   =0
# acks  
spring.kafka.producer.acks                      =1
# batch-size    
spring.kafka.producer.batch-size                =16384
# linger.ms 
spring.kafka.producer.properties.linger.ms      =0
# buffer-memory 
spring.kafka.producer.buffer-memory             =33554432
# serializer    
spring.kafka.producer.key-serializer            =org.apache.kafka.common.serialization.StringSerializer
spring.kafka.producer.value-serializer          =org.apache.kafka.common.serialization.StringSerializer
# partitioner
#spring.kafka.producer.properties.partitioner.class=com.felix.kafka.producer.CustomizePartitioner
############################################################################
#RocketMQ for connectors configuration                                        #
############################################################################
rocketmq.name-server                            =${ROCKETMQ_SERVERS:localhost:9876}
rocketmq.producer.enable                        =true
rocketmq.producer.group                         =maxkey_identity
############################################################################ 
#Time-based One-Time Password configuration                                #
############################################################################
maxkey.otp.policy.type                          =totp
maxkey.otp.policy.digits                        =6
maxkey.otp.policy.issuer                        =${OTP_POLICY_ISSUER:MaxKey}
maxkey.otp.policy.domain                        =${maxkey.server.domain}
maxkey.otp.policy.period                        =30

############################################################################ 
#Kerberos Login configuration                                              #
#short name of user domain must be in upper case,eg:MAXKEY                 #
############################################################################
maxkey.login.kerberos.default.userdomain      =MAXKEY
#short name of user domain must be in upper case,eg:MAXKEY.ORG
maxkey.login.kerberos.default.fulluserdomain  =MAXKEY.ORG
#last 8Bit crypto for Kerberos web Authentication 
maxkey.login.kerberos.default.crypto          =846KZSzYq56M6d5o
#Kerberos Authentication server RUL
maxkey.login.kerberos.default.redirecturi     =http://sso.maxkey.top/kerberos/authn/

############################################################################ 
#HTTPHEADER Login configuration                                            #
############################################################################
maxkey.login.httpheader.enable                =false
maxkey.login.httpheader.headername            =header-user
# iv-user is for IBM Security Access Manager
#config.httpheader.headername=iv-user

############################################################################ 
#BASIC Login support configuration                                         #
############################################################################
maxkey.login.basic.enable                     =false

#############################################################################
#WsFederation Login support configuration
#identifier: the identifer for the ADFS server
#url: the login url for ADFS
#principal: the name of the attribute/assertion returned by ADFS that contains the principal's username.
#relyingParty: the identifier of the CAS Server as it has been configured in ADFS.
#tolerance: (optional) the amount of drift to allow when validating the timestamp on the token. Default: 10000 (ms)
#attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server
#signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS.
############################################################################
maxkey.login.wsfederation.identifier          =http://adfs.maxkey.top/adfs/services/trust
maxkey.login.wsfederation.url                 =https://adfs.maxkey.top/adfs/ls/
maxkey.login.wsfederation.principal           =upn
maxkey.login.wsfederation.relyingParty        =urn:federation:connsec
maxkey.login.wsfederation.signingCertificate  =adfs-signing.crt
maxkey.login.wsfederation.tolerance           =10000
maxkey.login.wsfederation.upn.suffix          =maxkey.org
maxkey.login.wsfederation.logoutUrl           =https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0

#############################################################################
#OIDC V1.0 METADATA configuration                                           #
#############################################################################
maxkey.oidc.metadata.issuer                     =${maxkey.server.authz.uri}
maxkey.oidc.metadata.authorizationEndpoint      =${maxkey.server.authz.uri}/authz/oauth/v20/authorize
maxkey.oidc.metadata.tokenEndpoint              =${maxkey.server.authz.uri}/authz/oauth/v20/token
maxkey.oidc.metadata.userinfoEndpoint           =${maxkey.server.authz.uri}/api/connect/userinfo

#############################################################################
#SAML V2.0 configuration                                                    #
#############################################################################
#saml common
maxkey.saml.v20.max.parser.pool.size                            =2
maxkey.saml.v20.assertion.validity.time.ins.seconds             =90
maxkey.saml.v20.replay.cache.life.in.millis                     =14400000
maxkey.saml.v20.issue.instant.check.clock.skew.in.seconds       =90
maxkey.saml.v20.issue.instant.check.validity.time.in.seconds    =300
#saml Identity Provider keystore
maxkey.saml.v20.idp.keystore.password                           =maxkey
maxkey.saml.v20.idp.keystore.private.key.password               =maxkey
maxkey.saml.v20.idp.keystore                                    =classpath\:config/samlServerKeystore.jks
#keystore Identity Provider for security
maxkey.saml.v20.idp.issuing.entity.id                           =maxkey.top
maxkey.saml.v20.idp.issuer                                      =${maxkey.server.authz.uri}/saml
maxkey.saml.v20.idp.receiver.endpoint                           =https\://sso.maxkey.top/
#Saml v20 Identity Provider METADATA
maxkey.saml.v20.metadata.orgName                =MaxKeyTop
maxkey.saml.v20.metadata.orgDisplayName         =MaxKeyTop
maxkey.saml.v20.metadata.orgURL                 =https://www.maxkey.top
maxkey.saml.v20.metadata.contactType            =technical
maxkey.saml.v20.metadata.company                =MaxKeyTop
maxkey.saml.v20.metadata.givenName              =maxkey
maxkey.saml.v20.metadata.surName                =maxkey
maxkey.saml.v20.metadata.emailAddress           =maxkeysupport@163.com
maxkey.saml.v20.metadata.telephoneNumber        =4008981111

#saml RelayParty keystore
maxkey.saml.v20.sp.keystore.password                            =maxkey
maxkey.saml.v20.sp.keystore.private.key.password                =maxkey
maxkey.saml.v20.sp.keystore                                     =classpath\:config/samlClientKeystore.jks
maxkey.saml.v20.sp.issuing.entity.id                            =client.maxkey.org

############################################################################
#Management endpoints configuration                                        #
############################################################################
management.security.enabled                     =false
#management.endpoints.jmx.exposure.include=health,info
#management.endpoints.web.exposure.include=metrics,health,info,env,prometheus
management.endpoints.web.exposure.include       =*
management.endpoint.health.show-details         =ALWAYS
#Spring Boot Admin Client
spring.boot.admin.client.url                    =${SPRING_BOOT_ADMIN_URL:http://127.0.0.1:9528}
management.health.redis.enabled                 =false
management.health.mail.enabled                  =false

############################################################################
#Do not modify the following configuration
############################################################################
#springfox.documentation.swagger.v2.path=/api-docs                         #
#Swagger Configure Properties                                              #
############################################################################
maxkey.swagger.enable                           =true
maxkey.swagger.title                            =MaxKey\u5355\u70b9\u767b\u5f55\u8ba4\u8bc1\u7cfb\u7edfAPI\u6587\u6863
maxkey.swagger.description                      =MaxKey\u5355\u70b9\u767b\u5f55\u8ba4\u8bc1\u7cfb\u7edfAPI\u6587\u6863
maxkey.swagger.version                          =${application.formatted-version}
springdoc.packagesToScan                        =org.maxkey
############################################################################
#freemarker configuration                                                  #
############################################################################
spring.freemarker.template-loader-path          =classpath:/templates/views
spring.freemarker.cache                         =false
spring.freemarker.charset                       =UTF-8
spring.freemarker.check-template-location       =true
spring.freemarker.content-type                  =text/html
spring.freemarker.expose-request-attributes     =false
spring.freemarker.expose-session-attributes     =false
spring.freemarker.request-context-attribute     =request
spring.freemarker.suffix                        =.ftl

############################################################################
#static resources configuration                                            #
############################################################################
spring.mvc.static-path-pattern                  =/static/**
spring.messages.basename                        =classpath:messages/message
spring.messages.encoding                        =UTF-8

############################################################################
#server servlet encoding configuration                                     #
############################################################################
#encoding
#server.servlet.encoding.charset=UTF-8
#server.servlet.encoding.enabled=true
#server.servlet.encoding.force=true

############################################################################
#Servlet multipart configuration                                           #
############################################################################
spring.servlet.multipart.enabled                =true
spring.servlet.multipart.max-file-size          =4194304