# Rules and Syntax for this file: # # If the property you are currently specifying # fits in one of the categories herein (delimited by -------) # then define it in the group # # If the property does not fit in one of the categories, # please choose an appropriate name for a category # and add it to the file, following the same logic present # # Please prefix your property with a lower case simple # identifier so that it can be easely identified elsewhere # # Please specify a @message metadata that is easy to understand # by non-technical personel # # Please use the @type most appropriate for the property # you are defining and only use the general string type # if your property is freeform # # Use the type "default" or "nullableDefault" if your property has just # one possible value, even if you indicate the options and # optionsValues for later replacement by a "menu" type # # Please clean all the properties that are not used anymore # and don't expect others to comment on the properties that # you defined... Do it yourself from the beggining. It will # be easier even for you in the future. # # Mainly this indications are just common sense rules... # Follow them so that the system is easy for you and others # to build... # # Please feel free to propose and write additional rules # that you find important to keep the system clean. # #------------------------------------------------------------------------------ # Security - ServiceManager Configuration #------------------------------------------------------------------------------ # # @message = Filter broker that will be used in the application # @type = default # @options = {"Berserk Filter Broker"} # @optionsValues = {"pt.utl.ist.berserk.logic.filterManager.FilterBroker"} security.application.filterBroker=pt.utl.ist.berserk.logic.filterManager.FilterBroker #------------------------------------------------------------------------------ # Security Configuration - Portal Filter patterns #------------------------------------------------------------------------------ # # @message = The hostnames under which this application will be made available for portal filters availability # @type = hostnameList # @validate = true # @required=true # @persist=true # @validate=true ## # @generated.1.message=Please choose the available portals for hostname ${value} # @generated.1.type=roleType # @generated.1.required=true # @generated.1.persist=true # @generated.1.key=security.filter.hostname.${value} # @generated.1.defaultValue=* ## # @generated.2.message=Application index page link on host ${value} # @generated.2.type=string # @generated.2.required=true # @generated.2.persist=true # @generated.2.key=application.index.html.link.${value} # @generated.2.defaultValue=siteMap.do ## # @generated.3.message=Application login page link on host ${value} # @generated.3.type=string # @generated.3.required=true # @generated.3.persist=true # @generated.3.key=application.login.html.link.${value} # @generated.3.defaultValue=loginPage.jsp ## # @generated.4.message=CAS Service URL on host ${value} # @generated.4.type=url # @generated.4.required=true # @generated.4.persist=true # @generated.4.key=security.cas.serviceUrl.${value} # @generated.4.defaultValue=https://${value}:8443/${application.virtual.context}/loginCAS.do # @generated.4.dependency=security.cas.enabled=true ## security.filter.hostnames=localhost,localhost.localdomain # @message = Should we rewrite all generated html and add a digest to every link and form, for every request? # If true, then every request will be checked against the provided checksum! # @type = boolean # @yesOption = y # @yesOptionValue = true # @noOption = n # @noOptionValue = false security.filter.request.with.digest=true #---------------------------------------------- # Security Configuration - Auth #---------------------------------------------- # TODO - Additional Auth Services must be specified as options and optionsValues # @message = Authentication service # @type = menu # @options = {"Default authentication service","Kerberos Script Authentication Service","Generic JAAS Proxy Authentication Service"} # @optionsValues = {"net.sourceforge.fenixedu.applicationTier.Servico.Authenticate","net.sourceforge.fenixedu.applicationTier.Servico.KerberosAuthenticate","net.sourceforge.fenixedu.applicationTier.Servico.AuthenticateGenericJAASProxy"} security.auth.authenticationService.class=net.sourceforge.fenixedu.applicationTier.Servico.Authenticate # @message = Change password service # @type = menu # @options = {"Default change password service"} # @optionsValues = {"net.sourceforge.fenixedu.applicationTier.Servico.person.ChangePassword"} security.auth.changePassService.class=net.sourceforge.fenixedu.applicationTier.Servico.person.ChangePassword # @message = Password Generator class # @type = menu # @options = {"Default Password Generator"} # @optionsValues = {"net.sourceforge.fenixedu.applicationTier.utils.GeneratePasswordBase"} security.auth.passwordGenerator.class=net.sourceforge.fenixedu.applicationTier.utils.GeneratePasswordBase # @message = External Login Service class # @type = menu # @options = {"Default External Login Service"} # @optionsValues = {"net.sourceforge.fenixedu.applicationTier.Servico.publico.EnableExternalLoginWithKerberos"} security.auth.enableExternalLoginService.class=net.sourceforge.fenixedu.applicationTier.Servico.publico.EnableExternalLoginWithKerberos #---------------------------------------------- # Security Configuration - Host access control, filter configuration #---------------------------------------------- # # TODO - Check the messages to the users on these cases # @message = The Struts Actions classes to check host access lists on (Comma separated list) # @type = string # @required = false # @generated.1.message = Hosts with permission for Action ${value} # @generated.1.type = hostnameList # @generated.1.key = security.host.control.name.${value} # @generated.1.defaultValue = localhost security.host.controllable.actions=net.sourceforge.fenixedu.presentationTier.Action.CheckPasswordKerberosAction,net.sourceforge.fenixedu.presentationTier.Action.externalServices.RetrieveUserInformation,net.sourceforge.fenixedu.presentationTier.Action.externalServices.UserPermissionCheck,net.sourceforge.fenixedu.presentationTier.Action.externalServices.GroupCheck,net.sourceforge.fenixedu.presentationTier.Action.messaging.ExecutionCourseAliasExpandingAction # @message = The Struts Paths to check host access lists on (Comma separated list) # @type = string # @required = false # @generated.1.message = Hosts with permission for Path ${value} # @generated.1.key = security.host.control.path.${value} # @generated.1.type = hostnameList # @generated.1.defaultValue = localhost security.host.controllable.paths= #---------------------------------------------- # Security Configuration - CAS #---------------------------------------------- # # TODO - Check dependencies between the Auth Service and this prop # @message = Use CAS for Security Checking? # @type = boolean # @yesOption = y # @yesOptionValue = true # @noOption = n # @noOptionValue = false security.cas.enabled=false # @message = CAS Hostame # @type = hostname # @validate = true # @dependency = security.cas.enabled=true security.cas.hostname=localhost # @message = CAS Port # @type = integer # @min = 1 # @max = 65535 # @dependency = security.cas.enabled=true security.cas.port=8443 # @message = CAS Virtual Context # @type = string # @dependency = security.cas.enabled=true security.cas.virtual.context=cas # @message = CAS Login URL # @type = url # @validate = false # @dependency = security.cas.enabled=true security.cas.loginUrl=https://${security.cas.hostname}:${security.cas.port}/${security.cas.virtual.context}/login # @message = CAS service Validation URL # @type = url # @validate = false # @dependency = security.cas.enabled=true security.cas.validateUrl=https://${security.cas.hostname}:${security.cas.port}/${security.cas.virtual.context}/serviceValidate # @message = CAS Logout URL # @type = url # @validate = false # @dependency = security.cas.enabled=true security.cas.logoutUrl=https://${security.cas.hostname}:${security.cas.port}/${security.cas.virtual.context}/logout # @message = Validate the password expiration date? # @type = boolean # @yesOption = y # @yesOptionValue = true # @noOption = n # @noOptionValue = false security.validateExpirationDate=false #------------------------------------------------------------------------------ # External Services #------------------------------------------------------------------------------ # # email.admin.allowed.hosts: comma seperated values of hosts and/or ip addresses # that are allowed to call external email administration # email.admin.password: password required to call external email administration # # @message = The hostnames which are allowed use the email administration service # @type = hostnameList # @validate = true # @required=true # @persist=true # @validate=true security.email.admin.allowed.hosts= # @message = The password to access the email administration service # @type = password # @persist = false security.email.admin.password= # @message = The hostnames which are allowed to use the Roles consulting service # @type = hostnameList # @validate = true # @required=true # @persist=true # @validate=true security.consult.roles.admin.allowed.hosts=localhost # @message = The password to access the Roles consulting service # @type = password # @persist = false security.consult.roles.admin.password= # @message = The password to access the Student Info by Username service # @type = password # @persist = false security.externalServices.StudentInfoByUsername.externalAppPassword= # #------------------------------------------------------------------------------ # End of security.build.properties.sample file #------------------------------------------------------------------------------