If you can't find the product or version you're looking for, visit support.ataccama.com/downloads

MDM Web App Application Properties

This article is intended to serve as a reference point for MDM Web App configuration. As such, it provides an overview of the available properties and, when applicable, refers users to more comprehensive sources. The properties described here are defined in the mdm/etc/application.properties file. For each property, you will find information about the required data type, its default value, and a short description. The Mandatory column specifies whether a property is required for the application to run and function as expected.

MDM Web App

Use these properties to specify details about the server where MDM Webbapp is running.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`server.port`	Number	`8050`	Yes	The number of the port where the MDM Web App server is running.
`ataccama.one.mda.server.url`	String	`http://localhost:8051`	Yes	The URL of the server where the MDM Web App is running. Only used when the private and public URLs below are not defined.
`ataccama.one.mda.server.read.only.url`	Strin	`${ataccama.one.mda.server.url}`	Yes	The URL of the MDM Web App server for HA read-only requests.
`ataccama.one.mda.max.connections`	Number	`50`	Yes	The maximum number of simultaneously opened HTTP connections between the web server and the MDM Web App server.

server.port

Number

8050

Yes

The number of the port where the MDM Web App server is running.

ataccama.one.mda.server.url

String

http://localhost:8051

Yes

The URL of the server where the MDM Web App is running. Only used when the private and public URLs below are not defined.

ataccama.one.mda.server.read.only.url

Strin

${ataccama.one.mda.server.url}

Yes

The URL of the MDM Web App server for HA read-only requests.

ataccama.one.mda.max.connections

Number

50

Yes

The maximum number of simultaneously opened HTTP connections between the web server and the MDM Web App server.

Keycloak

The following properties configure Keycloak. See Encrypting Passwords for information on how to encrypt passwords.

Name Data Type Default Value Mandatory Description

ataccama.authentication.keycloak.server-url

String

http://localhost:8083/auth

Yes

The URL of the server where Keycloak is running.

ataccama.authentication.keycloak.realm

String

ataccamaone

Yes

The name of the Keycloak realm.

ataccama.authentication.keycloak.token.client-id

String

crypted:AES:nmty81oLrmbEt/U7t9fhnPV+nWbErHPMkPl/EuygRDAbtHZ6v3o/zJWwgtCx69cO

Yes

The client identifier. Used to verify a user authorization token and to log in a user.

ataccama.authentication.keycloak.public.client-id

String

${ataccama.authentication.keycloak.token.client-id}

Yes

Keycloak public client ID for web application browsing.

ataccama.authentication.keycloak.token.issuer

String

${ataccama.authentication.keycloak.server-url}/realms/${ataccama.authentication.keycloak.realm}

Yes

Specifies the issuer of the JWT token. Typically, Keycloak uses the URL of the realm as the token issuer.

ataccama.authentication.keycloak.admin.enable

Boolean

true

Enables access to Keycloak API with admin rights to perform health checks.

Obsolete. From versions 13.9.4, 14.4.0, and 15.1.0, and later it must be set to true or not defined at all.

ataccama.authentication.keycloak.token.secret

String

mdm-webapp-public-client-s3cret

Yes

The public key of the client.

SSL

Use these properties to set up SSL.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`server.ssl.enabled`	Boolean	`true`	No	Enables SSL.
`server.ssl.key-store`	String	/	No	The full path to the keystore.
`server.ssl.key-store-password`	String	/	No	The password for decrypting the keystore. Used if the keystore is encrypted (recommended).
`server.ssl.key-password`	String	/	No	The password for the private key. Used if the private key is encrypted.
`server.ssl.trust-store`	String	/	No	The full path to the truststore.
`server.ssl.trust-store-password`	String	/	No	The password for the trusstore. Used if the truststore is encrypted.

server.ssl.enabled

Boolean

true

Enables SSL.

server.ssl.key-store

String

The full path to the keystore.

server.ssl.key-store-password

String

The password for decrypting the keystore. Used if the keystore is encrypted (recommended).

server.ssl.key-password

String

The password for the private key. Used if the private key is encrypted.

server.ssl.trust-store

String

The full path to the truststore.

server.ssl.trust-store-password

String

The password for the trusstore. Used if the truststore is encrypted.

Logging

The following properties configure logging.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`logging.level.root`	String	`INFO`	No	The root logging level. Available values are `INFO`, `WARN`, `ERROR`, `DEBUG`, `OFF`.
`logging.level.com.ataccama`	String	`INFO`	No	The logging level for `com.ataccama` packages. Available values are `INFO`, `WARN`, `ERROR`, `DEBUG`.
`logging.level.com.ataccama.mda`	String	`DEBUG`	No	Logging level for MDM Web App packages.
`ataccama.logging.plainTextConsoleAppender`	Boolean	`true`	No	If set to `true`, logs are outputted as plain text in the console.
`ataccama.logging.jsonConsoleAppender`	Boolean	`false`	No	If set to `true`, logs are outputted in JSON format in the console.
`ataccama.logging.plainTextFileAppender`	Boolean	`false`	No	If set to `true`, logs are outputted as plain text in the log file.
`ataccama.logging.jsonFileAppender`	Boolean	`true`	No	If set to `true`, logs are outputted in JSON format in the log file.

logging.level.root

String

INFO

The root logging level. Available values are INFO, WARN, ERROR, DEBUG, OFF.

logging.level.com.ataccama

String

INFO

The logging level for com.ataccama packages. Available values are INFO, WARN, ERROR, DEBUG.

logging.level.com.ataccama.mda

String

DEBUG

Logging level for MDM Web App packages.

ataccama.logging.plainTextConsoleAppender

Boolean

true

If set to true, logs are outputted as plain text in the console.

ataccama.logging.jsonConsoleAppender

Boolean

false

If set to true, logs are outputted in JSON format in the console.

ataccama.logging.plainTextFileAppender

Boolean

false

If set to true, logs are outputted as plain text in the log file.

ataccama.logging.jsonFileAppender

Boolean

true

If set to true, logs are outputted in JSON format in the log file.

Endpoints for Monitoring

The following properties configure monitoring. For more information, see Monitoring Configuration.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`management.endpoints.enabled-by-default`	Boolean	`false`	No	Enables all actuator endpoints. If set to `false`, it is possible to configure individually which endpoints should be enabled.
`management.endpoint.info.enabled`	Boolean	`true`	No	Enables `/info` monitoring endpoint.
`management.endpoint.health.enabled`	Boolean	`true`	No	Enables `/health` monitoring endpoint.
`management.endpoint.prometheus.enabled`	Boolean	`true`	No	Enables `/prometheus` monitoring endpoint.
`management.endpoints.web.exposure.include`	String	`health,info,prometheus`	No	A comma-separated list of exposed actuator endpoints that should provide information about the application. These endpoints track the following: `health`: The health status of the application. `info`: Other information about the application. `prometheus`: Provides all metrics from the application in a format that Prometheus can scrape.
`management.endpoint.health.show-details`	String	`always`	No	Specifies how much information is provided by the `health` monitoring endpoint. The following values are available: `never`: Health details are never displayed to any user. `when-authorized`: Only authorized users have access to health information. `always`: All users can see health details.
`management.endpoint.health.show-components`	String	`always`	No	Specifies how much detail the `health` monitoring endpoint provides about the application components. You can also define which components are shown. The following values are available: `never`: Component information is never displayed to any user. `when-authorized`: Only authorized users have access to information about components. `always`: All users can see component details.
`management.endpoint.health.status.order`	String	`down,out-of-service,reloading,unknown,up`	No	A comma-separated list that determines how the `/health` monitoring endpoint prioritizes application health statuses.
`management.info.git.mode`	String	`full`	No	Configures how much information the `/info` monitoring endpoint retrieves from Git about the application source code repository. To show all available information from the `git.properties` file, set the value to `full`. To display only basic information, such as the name of the branch, the commit identifier, and the time the commit was made, set the value to `simple`.
`management.endpoint.health.probes.enabled`	Boolean	`true`	No	Enables `/health/liveness` and `/health/readiness` endpoints `management.endpoint.health.group.liveness.include`StringdiskSpace,pingNo
`management.endpoint.health.group.liveness.include`	String	`diskSpace,ping`	No	Defines which components are covered by the liveness probe. These components are a subset of `/health` components.
`management.endpoint.health.group.readiness.include`	String	`db`	No	Defines which components are covered by the readiness probe. These components are a subset of `/health` components.
`ataccama.authentication.http.acl.endpoints.prometheus.endpoint-filter`	String	`/actuator/prometheus`	No	Allows access to the endpoint defined in the `endpoint-filter` property for the selected user roles.
`ataccama.authentication.http.acl.endpoints.prometheus.allowed-roles`	String	`ONE_PLATFORM_MONITORING`	No	A comma-separated list of user roles allowed to access the Prometheus endpoint.
`management.metrics.web.server.request.autotime.enable`	Boolean	`false`	No	Enables recording metrics for all Spring MVC requests.
`management.metrics.web.server.auto-time-requests`	Boolean	`false`	No	Timing metrics to all Spring endpoints.

management.endpoints.enabled-by-default

Boolean

false

Enables all actuator endpoints. If set to false, it is possible to configure individually which endpoints should be enabled.

management.endpoint.info.enabled

Boolean

true

Enables /info monitoring endpoint.

management.endpoint.health.enabled

Boolean

true

Enables /health monitoring endpoint.

management.endpoint.prometheus.enabled

Boolean

true

Enables /prometheus monitoring endpoint.

management.endpoints.web.exposure.include

String

health,info,prometheus

A comma-separated list of exposed actuator endpoints that should provide information about the application.

These endpoints track the following:

health: The health status of the application.
info: Other information about the application.
prometheus: Provides all metrics from the application in a format that Prometheus can scrape.

management.endpoint.health.show-details

String

always

Specifies how much information is provided by the health monitoring endpoint. The following values are available:

never: Health details are never displayed to any user.
when-authorized: Only authorized users have access to health information.
always: All users can see health details.

management.endpoint.health.show-components

String

always

Specifies how much detail the health monitoring endpoint provides about the application components. You can also define which components are shown. The following values are available:

never: Component information is never displayed to any user.
when-authorized: Only authorized users have access to information about components.
always: All users can see component details.

management.endpoint.health.status.order

String

down,out-of-service,reloading,unknown,up

A comma-separated list that determines how the /health monitoring endpoint prioritizes application health statuses.

management.info.git.mode

String

full

Configures how much information the /info monitoring endpoint retrieves from Git about the application source code repository. To show all available information from the git.properties file, set the value to full. To display only basic information, such as the name of the branch, the commit identifier, and the time the commit was made, set the value to simple.

management.endpoint.health.probes.enabled

Boolean

true

Enables /health/liveness and /health/readiness endpoints `management.endpoint.health.group.liveness.include`StringdiskSpace,pingNo

management.endpoint.health.group.liveness.include

String

diskSpace,ping

Defines which components are covered by the liveness probe. These components are a subset of /health components.

management.endpoint.health.group.readiness.include

String

db

Defines which components are covered by the readiness probe. These components are a subset of /health components.

ataccama.authentication.http.acl.endpoints.prometheus.endpoint-filter

String

/actuator/prometheus

Allows access to the endpoint defined in the endpoint-filter property for the selected user roles.

ataccama.authentication.http.acl.endpoints.prometheus.allowed-roles

String

ONE_PLATFORM_MONITORING

A comma-separated list of user roles allowed to access the Prometheus endpoint.

management.metrics.web.server.request.autotime.enable

Boolean

false

Enables recording metrics for all Spring MVC requests.

management.metrics.web.server.auto-time-requests

Boolean

false

Timing metrics to all Spring endpoints.

Client Security Headers

You can configure MDM Web App security by adding response headers (security headers) to HTTP responses from the web application.

We recommend setting security headers to help protect your web application against potential security threats.

Name Data Type Default value Mandatory Desription

Name	Data Type	Default value	Mandatory	Desription
`one.security.header.content-security-policy.connect-src`	String	`'self' ${ataccama.authentication.keycloak.server-url}`	No	Specifies allowed connections. We strongly recommend using the default value.
`one.security.header.content-security-policy.script-src`	String	`* 'unsafe-inline' 'unsafe-eval'`	No	Specifies allowed script sources. We strongly recommend using the default value.
`one.security.header.content-security-policy.img-src`	String	`'self' data:`	No	Specifies allowed image sources. We strongly recommend using the default value.
`one.security.header.X-Frame-Options`	String	`deny`	No	Protects against clickjacking. If set to `deny`, iframes are disabled.
`one.security.header.X-Permitted-Cross-Domain-Policies`	String	`none`	No	Specifies if cross-domain requests from Flash and PDF documents are allowed.
`one.security.header.Referrer-Policy:`	String	`strict-origin`	No	Defines how much referrer information (sent with the Referer header) should be included with requests. If set to `strict-origin`, only the origin is sent.
`one.security.header.X-XSS-Protection`	String	`1; mode=block`	No	Protects against cross-site scripting attacks. If set to `block`, the page doesn’t load when an attack is detected.
`one.security.header.X-Content-Type-Options`	String	`nosniff`	No	Protects against MIME sniffing.

one.security.header.content-security-policy.connect-src

String

'self' ${ataccama.authentication.keycloak.server-url}

Specifies allowed connections. We strongly recommend using the default value.

one.security.header.content-security-policy.script-src

String

* 'unsafe-inline' 'unsafe-eval'

Specifies allowed script sources. We strongly recommend using the default value.

one.security.header.content-security-policy.img-src

String

'self' data:

Specifies allowed image sources. We strongly recommend using the default value.

one.security.header.X-Frame-Options

String

deny

Protects against clickjacking. If set to deny, iframes are disabled.

one.security.header.X-Permitted-Cross-Domain-Policies

String

none

Specifies if cross-domain requests from Flash and PDF documents are allowed.

one.security.header.Referrer-Policy:

String

strict-origin

Defines how much referrer information (sent with the Referer header) should be included with requests. If set to strict-origin, only the origin is sent.

one.security.header.X-XSS-Protection

String

1; mode=block

Protects against cross-site scripting attacks. If set to block, the page doesn’t load when an attack is detected.

one.security.header.X-Content-Type-Options

String

nosniff

Protects against MIME sniffing.

Was this page useful?