General configuration

The application.properties uses the Java Properties file format .

You can override every property with your operating system’s environment variable. For example, to override the property security.mode set an according environment variable named SECURITY_MODE.

Security properties

security.mode: Authentication mode of security.manager for OGC.

If all users are allowed to access security.manager for OGC, use NONE. If users authenticate via the identity service, use IDENTITY.

Allowed values: NONE, IDENTITY
Default: NONE
security.identity.self.service.url: URL of the identity service to validate access tokens and receive user data.

Default: https://example.com/identity/account/self
Example: https://myidentitybroker.example.com/identity/account/self
security.identity.cookieEnabled: Enables cookie support.

Default: true
security.identity.cookieName: Name of the identity session cookie.

It must match the name configured in the identity service application.properties.

Default: ctIDENTITY
security.identity.tokenInQuery: Enables the support of tokens transported as ?access_token=abc inside the url.

Default: true
security.identity.cache.maxEntries: The maximal number of entries inside the identity cache.

Default: 250
security.identity.cache.maxTimeToLiveInSeconds: The maximal lifetime of entries inside the identity cache.

Default: 60
security.identity.connectionTimeoutSeconds: The maximal connection timeout to the identity service for token/cookie validation.

Default: 10

Logging properties

logging.logger.level: The log level.

Allowed values: TRACE, DEBUG, INFO, WARN, ERROR
Default: INFO
logging.console.enabled: Enable console/system-out logging.

Default: false
logging.file.enabled: Enable file logging.

Default: true
logging.file.location: Folder where the log files are saved.

Default: ${catalina.base}/logs
logging.gelf.enabled: Enable logstash logging.

Default: false
logging.gelf.host: The host name of the logstash server.

Default: gelf.example.com
logging.gelf.port: The port of the logstash server.

Default: 12202
logging.gelf.protocol: The protocol of the logstash server.

Default: udp

HTTP client properties

http.client.chunking: Determines whether the Apache HTTP client library should make use of "Transfer-Encoding : chunked` or not.

Using chunking may lead to problems with some reverse proxies and web application firewalls.

Default: true
security.ssl.trustAny: Indicates if invalid or self-signed certificates should be trusted.

Default: false

CORS properties

cors.allowed.origins: List of base URLs of websites that are allowed to access the provided service interfaces via CORS.

Example: http://mydomain.net:8080,http://otherdomain.de:9090
cors.any.origins: Defines that any origin is allowed to use security.manager for OGC via CORS.

Setting this option to true poses a security risk. Set the value to false in production environments and define allowed origins via cors.allowed.origins.

Default: false

Other properties

proxy.response.rewriteUrls: Determines whether URLs in response documents from secured services are replaced with matching proxy URLs of security.manager for OGC.

See Configure URL rewriting.

Default: true
proxy.request.addForwardedHeaders: Determines whether X-Forwarded-* headers are added to the request.

Default: true