User Community Service Desk Downloads
If you can't find the product or version you're looking for, visit support.ataccama.com/downloads

MDM Web App Application Properties

This article is intended to serve as a reference point for MDM Web App configuration. As such, it provides an overview of the available properties and, when applicable, refers users to more comprehensive sources. The properties described here are defined in the mdm/etc/application.properties file. For each property, you will find information about the required data type, its default value, and a short description. The Mandatory column specifies whether a property is required for the application to run and function as expected.

MDM Web App

Use these properties to specify details about the server where MDM Webbapp is running.

Name Data Type Default Value Mandatory Description

server.port

Number

8050

Yes

The number of the port where the MDM Web App server is running.

ataccama.one.mda.server.url

String

http://localhost:8051

Yes

The URL of the server where the MDM Web App is running. Only used when the private and public URLs below are not defined.

ataccama.one.mda.server.read.only.url

Strin

${ataccama.one.mda.server.url}

Yes

The URL of the MDM Web App server for HA read-only requests.

ataccama.one.mda.max.connections

Number

50

Yes

The maximum number of simultaneously opened HTTP connections between the web server and the MDM Web App server.

Keycloak

The following properties configure Keycloak. See Encrypt Passwords for information on how to encrypt passwords.

Name Data Type Default Value Mandatory Description

ataccama.authentication.keycloak.server-url

String

http://localhost:8083/auth

Yes

The URL of the server where Keycloak is running.

ataccama.authentication.keycloak.realm

String

ataccamaone

Yes

The name of the Keycloak realm.

ataccama.authentication.keycloak.token.client-id

String

crypted:AES:nmty81oLrmbEt/U7t9fhnPV+nWbErHPMkPl/EuygRDAbtHZ6v3o/zJWwgtCx69cO

Yes

The client identifier. Used to verify a user authorization token and to log in a user.

ataccama.authentication.keycloak.public.client-id

String

${ataccama.authentication.keycloak.token.client-id}

Yes

Keycloak public client ID for web application browsing.

ataccama.authentication.keycloak.token.issuer

String

${ataccama.authentication.keycloak.server-url}/realms/${ataccama.authentication.keycloak.realm}

Yes

Specifies the issuer of the JWT token. Typically, Keycloak uses the URL of the realm as the token issuer.

ataccama.authentication.keycloak.admin.enable

Boolean

true

No

Enables access to Keycloak API with admin rights to perform health checks.

Obsolete. From versions 13.9.4, 14.4.0, and 15.1.0, and later it must be set to true or not defined at all.

ataccama.authentication.keycloak.token.secret

String

mdm-webapp-public-client-s3cret

Yes

The public key of the client.

SSL

Use these properties to set up SSL.

Name Data Type Default Value Mandatory Description

server.ssl.enabled

Boolean

true

No

Enables SSL.

server.ssl.key-store

String

/

No

The full path to the keystore.

server.ssl.key-store-password

String

/

No

The password for decrypting the keystore. Used if the keystore is encrypted (recommended).

server.ssl.key-password

String

/

No

The password for the private key. Used if the private key is encrypted.

server.ssl.trust-store

String

/

No

The full path to the truststore.

server.ssl.trust-store-password

String

/

No

The password for the trusstore. Used if the truststore is encrypted.

Logging

The following properties configure logging.

Name Data Type Default Value Mandatory Description

logging.level.root

String

INFO

No

The root logging level. Available values are INFO, WARN, ERROR, DEBUG, OFF.

logging.level.com.ataccama

String

INFO

No

The logging level for com.ataccama packages. Available values are INFO, WARN, ERROR, DEBUG.

logging.level.com.ataccama.mda

String

DEBUG

No

Logging level for MDM Web App packages.

ataccama.logging.plainTextConsoleAppender

Boolean

true

No

If set to true, logs are outputted as plain text in the console.

ataccama.logging.jsonConsoleAppender

Boolean

false

No

If set to true, logs are outputted in JSON format in the console.

ataccama.logging.plainTextFileAppender

Boolean

false

No

If set to true, logs are outputted as plain text in the log file.

ataccama.logging.jsonFileAppender

Boolean

true

No

If set to true, logs are outputted in JSON format in the log file.

Endpoints for Monitoring

The following properties configure monitoring. For more information, see Monitoring Configuration.

Name Data Type Default Value Mandatory Description

management.endpoints.enabled-by-default

Boolean

false

No

Enables all actuator endpoints. If set to false, it is possible to configure individually which endpoints should be enabled.

management.endpoint.info.enabled

Boolean

true

No

Enables /info monitoring endpoint.

management.endpoint.health.enabled

Boolean

true

No

Enables /health monitoring endpoint.

management.endpoint.prometheus.enabled

Boolean

true

No

Enables /prometheus monitoring endpoint.

management.endpoints.web.exposure.include

String

health,info,prometheus

No

A comma-separated list of exposed actuator endpoints that should provide information about the application.

These endpoints track the following:

  • health: The health status of the application.

  • info: Other information about the application.

  • prometheus: Provides all metrics from the application in a format that Prometheus can scrape.

management.endpoint.health.show-details

String

always

No

Specifies how much information is provided by the health monitoring endpoint. The following values are available:

  • never: Health details are never displayed to any user.

  • when-authorized: Only authorized users have access to health information.

  • always: All users can see health details.

management.endpoint.health.show-components

String

always

No

Specifies how much detail the health monitoring endpoint provides about the application components. You can also define which components are shown. The following values are available:

  • never: Component information is never displayed to any user.

  • when-authorized: Only authorized users have access to information about components.

  • always: All users can see component details.

management.endpoint.health.status.order

String

down,out-of-service,reloading,unknown,up

No

A comma-separated list that determines how the /health monitoring endpoint prioritizes application health statuses.

management.info.git.mode

String

full

No

Configures how much information the /info monitoring endpoint retrieves from Git about the application source code repository. To show all available information from the git.properties file, set the value to full. To display only basic information, such as the name of the branch, the commit identifier, and the time the commit was made, set the value to simple.

management.endpoint.health.probes.enabled

Boolean

true

No

Enables /health/liveness and /health/readiness endpoints `management.endpoint.health.group.liveness.include`StringdiskSpace,pingNo

management.endpoint.health.group.liveness.include

String

diskSpace,ping

No

Defines which components are covered by the liveness probe. These components are a subset of /health components.

management.endpoint.health.group.readiness.include

String

db

No

Defines which components are covered by the readiness probe. These components are a subset of /health components.

ataccama.authentication.http.acl.endpoints.prometheus.endpoint-filter

String

/actuator/prometheus

No

Allows access to the endpoint defined in the endpoint-filter property for the selected user roles.

ataccama.authentication.http.acl.endpoints.prometheus.allowed-roles

String

ONE_PLATFORM_MONITORING

No

A comma-separated list of user roles allowed to access the Prometheus endpoint.

management.metrics.web.server.request.autotime.enable

Boolean

false

No

Enables recording metrics for all Spring MVC requests.

management.metrics.web.server.auto-time-requests

Boolean

false

No

Timing metrics to all Spring endpoints.

Client Security Headers

You can configure MDM Web App security by adding response headers (security headers) to HTTP responses from the web application.

We recommend setting security headers to help protect your web application against potential security threats.
Name Data Type Default value Mandatory Desription

one.security.header.content-security-policy.connect-src

String

'self' ${ataccama.authentication.keycloak.server-url}

No

Specifies allowed connections. We strongly recommend using the default value.

one.security.header.content-security-policy.script-src

String

* 'unsafe-inline' 'unsafe-eval'

No

Specifies allowed script sources. We strongly recommend using the default value.

one.security.header.content-security-policy.img-src

String

'self' data:

No

Specifies allowed image sources. We strongly recommend using the default value.

one.security.header.X-Frame-Options

String

deny

No

Protects against clickjacking. If set to deny, iframes are disabled.

one.security.header.X-Permitted-Cross-Domain-Policies

String

none

No

Specifies if cross-domain requests from Flash and PDF documents are allowed.

one.security.header.Referrer-Policy:

String

strict-origin

No

Defines how much referrer information (sent with the Referer header) should be included with requests. If set to strict-origin, only the origin is sent.

one.security.header.X-XSS-Protection

String

1; mode=block

No

Protects against cross-site scripting attacks. If set to block, the page doesn’t load when an attack is detected.

one.security.header.X-Content-Type-Options

String

nosniff

No

Protects against MIME sniffing.

Was this page useful?