Versions Compared

Version Old Version 2 New Version Current
Changes made by

kiran.kumari@intellectdesign.com (Unlicensed)

DevaDarshini.S

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This key contains the bundle name of the property file that provides the configuration specific to Security Module.

...

languagexml

...

Config Key

Mandatory/ Optional

Type

Purpose

Category: URL configurations for various common page routingĀ 

LOGIN_PAGE_URL

Mandatory

URL

This key is used to identify the Log in page URL. The URL must not include the context root. For example: If the context root is "dummy" and the log in page is within a folder called "jsp" in the WAR file, then the value would be "/jsp/login.jsp".

LOGIN_PAGE_URL_ROUTING_MODE

Mandatory

Routing Mode

This key is used to identify the log in page URL routing mode.

LOGOUT
HOME_PAGE_URLMandatoryURLThis key is used to identify the
log out page URL. The URL must not include the context root. For example: If the context root is "dummy" and the log out page is within a folder called "jsp" in the WAR file, then the value would be "/jsp/logout.jsp".LOGOUT
Landing page / Home page.
HOME_PAGE_URL_ROUTING_MODEMandatoryRouting ModeThis key is used to identify the
log out
Login page URL routing mode.
INVALID_SESSION
EXPIRY_PAGE_URLMandatoryURLThis key is used to identify the
Invalid Session page URL. The URL must not include the context root. For example:If the context root is "dummy" and the log in page is within a folder called "jsp" in the WAR file, then the value is be "/jsp/invalidsession.jsp".INVALID_SESSION_
Expiry page.
EXPIRY_PAGE_URL_ROUTING_MODEMandatoryRouting ModeThis key is used to identify the
Invalid session
Expiry page URL routing mode.
SIMULATION_MODE
ERROR_PAGE_URL
Optional
MandatoryURLThis key is used to identify the
Simulation Mode launch
Error Page.
ERROR_PAGE_URL_ROUTING_MODEMandatoryRouting ModeThis key is used to identify the Error page URL routing mode.

LOGOUT_PAGE_URL

Mandatory

URL

This key is used to identify the log out page URL. The URL must not include the context root.


For example:


if

If the context root is "dummy" and the log

in

out page is within a folder called "jsp" in the WAR file, then the value

is

would be "/jsp/

simulationlaunch

logout.jsp".

Simulation Mode launch is always done as a new page launch. So, no routing mode is needed. This key is required only Simulation mode of Canvas is used by the application. Else this key can be ignored.

SIMULATION_MODE_PAGE_USER_TOKEN_NAME

Optional

String

LOGOUT_PAGE_URL_ROUTING_MODE

Mandatory

Routing Mode

This key is used to identify the log out page URL routing mode.

INVALID_SESSION_PAGE_URL

Mandatory

URL

This key is used to

indicate the key under which the user token is shared as part of the Simulation mode launch page URL. This key is required only Simulation mode of Canvas is used by the application. Else this key can be ignored.

FORCE_CHANGE_PWD_PAGE_URL

Optional

URL

This key is used to identify the Force Change Password

identify the Invalid Session page URL. The URL must not include the context root. For example:If the context root is "dummy" and the log in page is within a folder called "jsp" in the WAR file, then the value

would

is be "/jsp/

changepassword

invalidsession.jsp".

This URL configuration is needed only if the internal authentication support of Canvas is used.FORCE_CHANGE_PWD_

INVALID_SESSION_PAGE_URL_ROUTING_MODE

Optional

Mandatory

Routing Mode

This key is used to identify the

Force Change Password

Invalid session page URL routing mode

. This URL configuration is needed only if the internal authentication support of Canvas is used.

Category: CSRF Configuration

CSRF_VALIDATION_ENABLED

Mandatory

Boolean

This is a boolean configuration to indicate whether CSRF Validation is enabled or not.

CSRF_TOKEN_FIELD_NAME

Mandatory

String

This is the key under which the CSRF Token is sent by the browser to the server. This is applicable only if the CSRF validation is enabled.

CSRF_IGNORE_URLS

Optional

String[]

This is a comma separated list of URIs. This must not include the context root of the application. This is applicable only if the CSRF validation is enabled.

Category: Session ConfigurationĀ 

IDLE_SESSION_TIMEOUT_SEC

Mandatory

Number

This indicates the idle session time out interval in seconds that must be monitored at the browser level.

ALLOW_MULTI_LOGIN

Mandatory

Boolean

This is a boolean configuration to indicate whether multiple concurrent sessions for a single log in id of the user must be allowed or not.

AUTH_SERV_PROV_CLASS

Mandatory

Class Name

This is the default authentication provider that is to be used during log in / log out / re-authentication purposes. This must implement the interface ā€“ com.intellectdesign.canvas.security.IAuthenticationServiceProvider.

HYBRID_POLICY_PROV_CLASS

Mandatory

Class Name

This configuration does not allow capturing the authentication detail during log in, if 'NONE' is set as key value.

LOGIN_MODE

Optional

LOV

This indicates how the log in to the system must happen if there is a direct access to protected content. Possible values are as follows: AUTO - This mode indicates that user log in must happen automatically when the first time the user accesses the protected content. This mode must be used only if there is some kind of SSO solution and the AuthenticationProvider has the necessary capability to log in the user using the SSO. FORM - This mode indicates that the user must be routed to the log in page if the user tries to access protected content directly without log in. BLOCK - This mode indicates that the user must be shown an Access denied page if the user tries to access protected content directly without log in. The default value is BLOCK.

LOG_REQUESTID_AS_REFERENCE

.

SIMULATION_MODE_PAGE_URL

Optional

URL

This key is used to identify the Simulation Mode launch page URL. The URL must not include the context root.

For example:
if the context root is "dummy" and the log in page is within a folder called "jsp" in the WAR file, then the value is "/jsp/simulationlaunch.jsp". Simulation Mode launch is always done as a new page launch. So, no routing mode is needed. This key is required only Simulation mode of Canvas is used by the application. Else this key can be ignored.

SIMULATION_MODE_PAGE_USER_TOKEN_NAME

Optional

String

This key is used to indicate the key under which the user token is shared as part of the Simulation mode launch page URL. This key is required only Simulation mode of Canvas is used by the application. Else this key can be ignored.

FORCE_CHANGE_PWD_PAGE_URL

Optional

URL

This key is used to identify the Force Change Password page URL. The URL must not include the context root. For example: If the context root is "dummy" and the log in page is within a folder called "jsp" in the WAR file, then the value would be "/jsp/changepassword.jsp". This URL configuration is needed only if the internal authentication support of Canvas is used.

FORCE_CHANGE_PWD_PAGE_URL_ROUTING_MODE

Optional

Routing Mode

This key is used to identify the Force Change Password page URL routing mode. This URL configuration is needed only if the internal authentication support of Canvas is used.

Category: CSRF Configuration

CSRF_VALIDATION_ENABLED

Mandatory

Boolean

This is a boolean configuration to indicate whether CSRF Validation is enabled or not.

CSRF_TOKEN_FIELD_NAME

Mandatory

String

This is the key under which the CSRF Token is sent by the browser to the server. This is applicable only if the CSRF validation is enabled.

CSRF_IGNORE_URLS

Optional

String[]

This is a comma separated list of URIs. This must not include the context root of the application. This is applicable only if the CSRF validation is enabled.

Category: Session ConfigurationĀ 

IDLE_SESSION_TIMEOUT_SEC

Mandatory

Number

This indicates the idle session time out interval in seconds that must be monitored at the browser level.

ALLOW_MULTI_LOGIN

Mandatory

Boolean

This is a boolean configuration to indicate whether

the unique Request ID generated by Canvas for each request must be displayed to the end user in case of any errors faced.

CHECK_CLIENT_IP_FOR_SESSION_VALIDATION

Mandatory

Boolean

This is a boolean configuration to indicate whether for every request the Client IP must be validated with that detected at the time of application launch.

CLIENT_IP_PARAM_NAME

Optional

String

This key is used only if the CHECK_CLIENT_IP_FOR_SESSION_VALIDATION key is enabled. This key is optional and can be used to tell the Canvas platform as to how it can retrieve the Client IP from.

CLIENT_IP_PARAM_SCOPE

Optional

LOV

This key is used only if the CHECK_CLIENT_IP_FOR_SESSION_VALIDATION is enabled. This key is optional and used to indicate the exact location from where the custom Client IP key must be read from. The possible values are:

  • HEADER - indicating from Request Header
  • PARAM - indicating from Request parameters

XFRAMEOPTION_DEFAULT

Optional

LOV

This is the default value for X-FRAME-OPTIONS that must be set in all responses. The possible valid values for this option are:

  • DENY
  • SAMEORIGIN
    The default value is assumed to be DENY.

XFRAMEOPTION_IGNOREURLS

Optional

URL[]

This contains the comma separated list of URL patterns for which the X-FRAME-OPTIONS header must not be emitted.

Category: Context Root specific configuration

ALL_CONTEXT_ROOTS

Mandatory

String[]

This provides a comma separated list of all context roots enabled for the application. The context roots are the basis by which the ProtectionDomain and the context root level validations get configured.

[Context Root]_VALIDATE_REFERRER_ACTION_FLAG

Optional

Boolean

This key is used to indicate whether Referrer URL needs to be validation for a particular context root. If this is not configured, by default it is treated as "false". For this key to be detected, the context root must have been included in the ALL_CONTEXT_ROOTS list.

[Context Root]_VALID_REFERERS

Optional

URL[]

This key is used to provide the list of valid referrer URLs applicable for that particular Context root. For this key to be detected, the context root must have been included in the ALL_CONTEXT_ROOTS list.

[Context Root]_SKIP_REFERRER_SOURCE_URLS

Optional

URL[]

This key is used to provide the list of URLs for which the referrer validation need not be done. For this key to be detected, the context root must have been included in the ALL_CONTEXT_ROOTS list.

...

multiple concurrent sessions for a single log in id of the user must be allowed or not.

AUTH_SERV_PROV_CLASS

Mandatory

Class Name

This is the default authentication provider that is to be used during log in / log out / re-authentication purposes. This must implement the interface ā€“ com.intellectdesign.canvas.security.IAuthenticationServiceProvider.

HYBRID_POLICY_PROV_CLASS

Mandatory

Class Name

This configuration does not allow capturing the authentication detail during log in, if 'NONE' is set as key value.

LOGIN_MODE

Optional

LOV

This indicates how the log in to the system must happen if there is a direct access to protected content. Possible values are as follows: AUTO - This mode indicates that user log in must happen automatically when the first time the user accesses the protected content. This mode must be used only if there is some kind of SSO solution and the AuthenticationProvider has the necessary capability to log in the user using the SSO. FORM - This mode indicates that the user must be routed to the log in page if the user tries to access protected content directly without log in. BLOCK - This mode indicates that the user must be shown an Access denied page if the user tries to access protected content directly without log in. The default value is BLOCK.

LOG_REQUESTID_AS_REFERENCE

Mandatory

Boolean

This is a boolean configuration to indicate whether the unique Request ID generated by Canvas for each request must be displayed to the end user in case of any errors faced.

CHECK_CLIENT_IP_FOR_SESSION_VALIDATION

Mandatory

Boolean

This is a boolean configuration to indicate whether for every request the Client IP must be validated with that detected at the time of application launch.

CLIENT_IP_PARAM_NAME

Optional

String

This key is used only if the CHECK_CLIENT_IP_FOR_SESSION_VALIDATION key is enabled. This key is optional and can be used to tell the Canvas platform as to how it can retrieve the Client IP from.

CLIENT_IP_PARAM_SCOPE

Optional

LOV

This key is used only if the CHECK_CLIENT_IP_FOR_SESSION_VALIDATION is enabled. This key is optional and used to indicate the exact location from where the custom Client IP key must be read from. The possible values are:

  • HEADER - indicating from Request Header
  • PARAM - indicating from Request parameters

XFRAMEOPTION_DEFAULT

Optional

LOV

This is the default value for X-FRAME-OPTIONS that must be set in all responses. The possible valid values for this option are:

  • DENY
  • SAMEORIGIN
    The default value is assumed to be DENY.

XFRAMEOPTION_IGNOREURLS

Optional

URL[]

This contains the comma separated list of URL patterns for which the X-FRAME-OPTIONS header must not be emitted.

Category: Context Root specific configuration

ALL_CONTEXT_ROOTS

Mandatory

String[]

This key is used to identify the current application context path. This provides a comma separated list of all context roots enabled for the application. The context roots are the basis by which the ProtectionDomain and the context root level validations get configured.

[Context Root]_VALIDATE_REFERRER_ACTION_FLAG

Optional

Boolean

This key is used to indicate whether Referrer URL needs to be validation for a particular context root. If this is not configured, by default it is treated as "false". For this key to be detected, the context root must have been included in the ALL_CONTEXT_ROOTS list.

[Context Root]_VALID_REFERERS

Optional

URL[]

This key is used to provide the list of valid referrer URLs applicable for that particular Context root. For this key to be detected, the context root must have been included in the ALL_CONTEXT_ROOTS list.

[Context Root]_SKIP_REFERRER_SOURCE_URLS

Optional

URL[]

This key is used to provide the list of URLs for which the referrer validation need not be done. For this key to be detected, the context root must have been included in the ALL_CONTEXT_ROOTS list.

LOAD_KEYS_FROM_CERTIFICATEOptionalBooleanThis is a boolean configuration to indicate whether to encrypt the network calls based on keys from certificate or through default keypair.
KEYSTORE_PATHOptionalStringThis is the path from where the keystore is fetched.
KEYSTORE_ALIASOptionalStringThis is the alias name which is required to fetch the certicate from the keystore.
KEYSTORE_PASSWORDOptionalStringThis is a secure password which is needed while loading the keystore from the path.
ALIAS_PASSWORDOptionalStringThis is a secure password which is needed to get key from keystore based on alias name.
JWT_TOKEN_KEYOptionalStringThis is used to get JWT Token key.
WEB_SOCKET_ENABLEDOptionalStringThis is used to enable web socket connection.
SERVICE_CSRF_KEYOptionalStringThis is used to get CSRF key in service based execution.


The following is a sample security configuration securityconfig.properties (as per the name given in the default descriptor):

Code Block
languagebash
##############################################################################
# General guidelines for configuring property files for Canvas
# - All places where Routing mode is asked for, possible valid values for the same are - "FORWARD", "REDIRECT"
# - All places where it is indicated as a Boolean configuration, possible values for "true" are - "yes", "y", "true", "1" (ignore case)
##############################################################################


##############################################################################
# Standard URLs Section - This category contains the URLs for common functionality like - Login, Logout, Session Timeout, etc
##############################################################################
# This key is used to identify the Login page URL. The URL should not include the context root. For example, if the context root is "dummy" and the login page is within a folder called "jsp" in the WAR file, then the value would be "/jsp/login.jsp"
LOGIN_PAGE_URL=/index.jsp
# This key is used to identify the Log in page URL. The URL should not include the context root. For example, if the context root is "dummy" and the log in page is within a folder called "jsp" in the WAR file, then the value would be "/jsp/login.jsp"
LOGINLogin page URL routing mode.
LOGIN_PAGE_URL_ROUTING_MODE=FORWARD
#This key is used to identify the Landing page / Home page
HOME_PAGE_URL=/CT_Home.jsp
# This key is used to identify the Login page URL routing mode.
HOME_PAGE_URL_ROUTING_MODE=REDIRECT
#This key is used to identify the Expiry page
EXPIRY_PAGE_URL=/indexSESSION_EXPIRE.jsp


# This key is used to identify the Log inLogin page URL routing mode.
# The possible values are "FORWARD", "REDIRECT"
LOGIN
EXPIRY_PAGE_URL_ROUTING_MODE=FORWARDREDIRECT
# 
#ThisThis key is used to identify the LandingError page / Home page
HOMEPage
ERROR_PAGE_URL=/CT_Homeindex.jsp 

# This key is used to identify the Log inLogin page URL routing mode.
# The possible values are "FORWARD", "REDIRECT"
HOMEERROR_PAGE_URL_ROUTING_MODE=REDIRECT
# This #This key is used to identify the ExpiryLogout page EXPIRY_PAGE_URL=/index.jsp 

# This key is used to identify the Log in page URL routing mode.
# The possible values are "FORWARD", "REDIRECT"
EXPIRY_PAGE_URL_ROUTING_MODE=REDIRECT 

# This key is used to identify the Error Page
ERROR. The URL should not include the context root. For example, if the context root is "dummy" and the logout page is within a folder called "jsp" in the WAR file, then the value would be "/jsp/logout.jsp"
LOGOUT_PAGE_URL=/indexlogout.jsp 

# This key is used to identify the Log inLogout page URL routing mode.
# The possible values are "FORWARD", "REDIRECT"
ERRORLOGOUT_PAGE_URL_ROUTING_MODE=REDIRECT


# This key is used to identify the LogInvalid outSession page URL. The URL should not include the context root. For example, if the context root is "dummy" and the log outlogin page is within a folder called "jsp" in the WAR file, then the value would be "/jsp/logoutinvalidsession.jsp"
LOGOUTINVALID_SESSION_PAGE_URL=/index.jsp


# This key is used to identify the LogInvalid outsession page URL routing mode.
LOGOUTINVALID_SESSION_PAGE_URL_ROUTING_MODE=REDIRECT


# This key is used to identify the InvalidSimulation Mode Sessionlaunch page URL. The URL should not include the context root. For example, if the context root is "dummy" and the loglogin in page is within a folder called "jsp" in the WAR file, then the value would be "/jsp/invalidsessionsimulationlaunch.jsp"
INVALIDSIMULATION_SESSIONMODE_PAGE_URL=/index.jsp 

# This key is used to identify indicate the key under which the Invalid session page URL routing mode.
INVALID_SESSION_PAGE_URL_ROUTING_MODE=REDIRECT 

 user token will be shared as part of the Simulation mode launch page URL.
SIMULATION_MODE_PAGE_USER_TOKEN_NAME=FORWARD
# This key is used to identify the SimulationForce ModeChange launchPassword page URL. The URL should not include the context root. For example, if the context root is "dummy" and the loglogin in page is within a folder called "jsp" in the WAR file, then the value would be "/jsp/simulationlaunch.jsp"
SIMULATION_MODE/jsp/changepassword.jsp"
FORCE_CHANGE_PWD_PAGE_URL=/index.jsp
# This key is used to identify the Force Change Password page URL routing mode.
FORCE_CHANGE_PWD_PAGE_URL=/index.jsp_ROUTING_MODE=FORWARD

##############################################################################
# ThisCSRF Configuration key- isConfiguration usedspecific to indicateCSRF theValidation keyfor underthe whichapplication
the##############################################################################
user# tokenThis willis bethe sharedkey asunder part ofwhich the SimulationCSRF modeToken launch page URL.
# The possible values are "FORWARD", "REDIRECT"
SIMULATION_MODE_PAGE_USER_TOKEN_NAME=FORWARD 

# This key is used to identify the Force Change Password page URL. The URL will be sent by the browser to the server.
CSRF_TOKEN_FIELD_NAME=_dinsess
# This is a boolean configuration to indicate whether CSRF Validation is enabled or not.
CSRF_VALIDATION_ENABLED=Y
# This is a comma separated list of URIs. This should not include the context root. Forof example, if the context root is "dummy" and the log in page is within a folder called "jsp" in the WAR file, then the value would be "/jsp/changepassword.jsp"
FORCE_CHANGE_PWD_PAGE_URL=/index.jsp 

# This key is used to identify the Force Change Password page URL routing mode.
# The possible values are "FORWARD", "REDIRECT"
FORCE_CHANGE_PWD_PAGE_URL_ROUTING_MODE=FORWARD 

# CSRF Configuration - Configuration specific to CSRF Validation for the application
############################################################################## application
CSRF_IGNORE_URLS=/index.jsp,/PortalLoginServlet,/pfus

##############################################################################
# Session Configuration - Configuration specific to session handling of the application
##############################################################################
# This indicates the idle session time out interval in seconds that should be monitored at the browser level. 
IDLE_SESSION_TIMEOUT_SEC=6
# This is a boolean configuration to indicate whether multiple concurrent sessions for a single login id of the user should be allowed or not.
ALLOW_MULTI_LOGIN=Y
# This is the keydefault authentication underprovider whichthat theis CSRFto Tokenbe willused beduring sentLogin by/ thelogout browser/ tore-authentication the server.
CSRF_TOKEN_FIELD_NAME=_dinsess 

# This is a boolean configuration to indicate whether CSRF Validation is enabled or not.
CSRF_VALIDATION_ENABLED=Y 

# This is a comma separated list of URIs. This should not include the context root of the application
CSRF_IGNORE_URLS=/index.jsp,/PortalLoginServlet,/pfus 

# Session Configuration - Configuration specific to session handling of the application
##############################################################################purposes
AUTH_SERV_PROV_CLASS=com.intellectdesign.canvas.authentication.providers.CTAuthenticationProvider
#AUTH_SERV_PROV_CLASS=com.intellectdesign.canvas.provider.auth.ldap.LDAPAuthenticationProvider
#AUTH_SERV_PROV_CLASS=com.intellectdesign.canvas.provider.auth.arx.ARXAuthenticationProvider
#AUTH_SERV_PROV_CLASS=com.intellectdesign.canvas.provider.auth.arx.ARXCookieBasedAuthenticationProvider

# This is the default hybrid policy provider that is to be used during Login 
# com.intellectdesign.canvas.authentication.providers.CTOneToOneHybridPolicyProvider
HYBRID_POLICY_PROV_CLASS=NONE
# This indicates how the idlelogin sessioninto timethe outsystem intervalshould inhappen secondsif thatthere shouldis bea monitoreddirect ataccess theto browserprotected levelcontent. ThisPossible hasvalues toare be- lessAUTO, thanFORM, theBLOCK. valueDefault configuredis underBLOCK
MAX_SESSION_TIMOUT_SEC.
IDLE_SESSION_TIMEOUT_SEC=60 
LOGIN_MODE=AUTO
# This is a boolean configuration to indicate whether multiple concurrent sessions the unique Request Id generated by Canvas for aeach singlerequest logshould inbe iddisplayed ofto the end user in shouldcase beof allowedany orerrors notfaced.
ALLOWLOG_REQUESTID_MULTIAS_LOGINREFERENCE=Y


# This is the default authentication provider that is to be used during Log in / log out / re-authentication purposes
AUTH_SERV_PROV_CLASS=com.intellectdesign.canvas.authentication.providers.CTAuthenticationProvider

# This is the default hybrid policy provider that is to be used during Login 
# com.intellectdesign.canvas.authentication.providers.CTOneToOneHybridPolicyProvider
HYBRID_POLICY_PROV_CLASS=NONE 

# This indicates how the log in into the system should happen if there is a direct access to protected content. Possible values are - AUTO, FORM, BLOCK. Default is BLOCK
LOGIN_MODE=AUTO 

# This is a boolean configuration to indicate whether the unique Request Id generated by Canvas for each request should be displayed to the end user in case of any errors faced.
LOG_REQUESTID_AS_REFERENCE=Y 

# This is a boolean configuration to indicate whether for every request the Client IP should be validated with that detected at the time of application launch.
CHECK_CLIENT_IP_FOR_SESSION_VALIDATION=Y 

# This key is used only if the CHECK_CLIENT_IP_FOR_SESSION_VALIDATION is enabled. This key is optional and can be used to tell the Canvas platform as to how it can retrieve the Client IP from.
CLIENT_IP_PARAM_NAME= CANVAS 
 a boolean configuration to indicate whether for every request the Client IP should be validated with that detected at the time of application launch.
CHECK_CLIENT_IP_FOR_SESSION_VALIDATION=Y
# This key is used only if the CHECK_CLIENT_IP_FOR_SESSION_VALIDATION is enabled. This key is optional and can be used to tell the Canvas platform as to how it can retrieve the Client IP from.
CLIENT_IP_PARAM_NAME= CANVAS
# This key is used only if the CHECK_CLIENT_IP_FOR_SESSION_VALIDATION is enabled. This key is optional and used to indicate the exact location from where the custom Client IP key should be read from. The possible values are "HEADER" (indicating from Request Header) or "PARAM" (indicating from Request parameters).
CLIENT_IP_PARAM_SCOPE=PARAM 

##############################################################################
# Other Configuration - Other configurations related to security and validations
##############################################################################
# This key is used to identify the current application context path
# This provides a comma separated list of all context roots enabled for the application. The context roots are the basis by which the ProtectionDomain as well as context root level validations get configured.
#DEFAULT_CONTEXT_ROOT=
# ALL_CONTEXT_ROOTS=
# [CONTEXT_ROOT]_VALIDATE_REFERRER_ACTION_FLAG=
# [CONTEXT_ROOT]_VALID_REFERERS==
# [CONTEXT_ROOT]_SKIP_REFERRER_SOURCE_URLS=

DEFAULT_CONTEXT_ROOT=/ctmodelhouse
ALL_CONTEXT_ROOTS=ctmodelhouse
# This key is used only if the CHECK_CLIENT_IP_FOR_SESSION_VALIDATION is enabled. This key is optional and used to indicate the exact location from where the custom Client IP key should be read from. The possible values are "HEADER" (indicating from Request Header) or "PARAM" (indicating from Request parameters).
CLIENT_IP_PARAM_SCOPE=PARAM 

##############################################################################
# Other Configuration - Other configurations related to security and validations
##############################################################################

 to indicate whether Referrer URL needs to be validation for a particular context root. If this is not configured, by default it is treated as "false".
ctmodelhouse_VALIDATE_REFERRER_ACTION_FLAG=false
# This key is used to provide the list of valid referrer URLs applicable for that particular Context root. For this key to be detected, the context root should have been included in the ALL_CONTEXT_ROOTS list
ctmodelhouse_VALID_REFERERS=/,/index.jsp,/CT_HOME.jsp
# This key is used to identifyprovide the current application context path
# This provides a comma separated list of all context roots enabledURL's for the application. 
# The context roots are which the basisreferrer byvalidation whichneed the ProtectionDomain as well as context root level 
# validations get configured.
#
# DEFAULT_CONTEXT_ROOT=
# ALL_CONTEXT_ROOTS=
# [CONTEXT_ROOT]_VALIDATE_REFERRER_ACTION_FLAG=
# [CONTEXT_ROOT]_VALID_REFERERS==
# [CONTEXT_ROOT]not be done. For this key to be detected, the context root should have been included in the ALL_CONTEXT_ROOTS list
ctmodelhouse_SKIP_REFERRER_SOURCE_URLS=/printtemplate.jsp

DEFAULT_CONTEXT_ROOT=/CTModelHouse
ALL_CONTEXT_ROOTS=CTModelHouse 

# This key is used to indicate whether Referrer URL needs to be validation for a particular context root.# This is the default value for X-FRAME-OPTIONS that should be set in all responses. The possible valid values for this option are "DENY" and "SAMEORIGIN" If this is not configuredprovided, bythe default itvalue is treatedassumed to asbe "falseDENY".
CTModelHouse_VALIDATE_REFERRER_ACTION_FLAG=false 

# This key is used to provide the list of valid referrer URLs applicable for that particular Context root. For this key to be detected, the context root should have been included in the ALL_CONTEXT_ROOTS list
CTModelHouse_VALID_REFERERS=/,/index.jsp,/CT_HOME.jsp 

# This key is used to provide the list of URLs for which the referrer validation need not be done. For this key to be detected, the context root should have been included in the ALL_CONTEXT_ROOTS list
CTModelHouse_SKIP_REFERRER_SOURCE_URLS=/printtemplate.jsp 

# This is the default value for X-FRAME-OPTIONS that should be set in all responses. The possible valid values for this option are "DENY" and "SAMEORIGIN" If this is not provided, the default value is assumed to be "DENY"
XFRAMEOPTION_DEFAULT=DENY 

# This contains the comma separated list of URL patterns for which the X-FRAME-OPTIONS header should not be emitted.
XFRAMEOPTION_IGNOREURLS=/index.jsp,/index.jspXFRAMEOPTION_DEFAULT=DENY
# This contains the comma separated list of URL patterns for which the X-FRAME-OPTIONS header should not be emitted.
XFRAMEOPTION_IGNOREURLS=/index.jsp,/index.jsp,/pfus
#This is a boolean configuration to indicate whether to encrypt the network calls based on keys from certificate or through default keypair.
LOAD_KEYS_FROM_CERTIFICATE=N
#This is the path from where the keystore is fetched.
#Example : modelhouse.keystore
KEYSTORE_PATH=modelhouse.keystore
#This is the alias name which is required to fetch the certificate from the keystore
KEYSTORE_ALIAS=modelhouse
#This is a secure password which is needed while loading the keystore from the path
#Make sure environmental variable is set.
KEYSTORE_PASSWORD=${env.KEYSTORE_PASSWORD}
#This is a secure password which is needed to get key from keystore based on alias name
ALIAS_PASSWORD=${env.ALIAS_PASSWORD}

#This is used to get JWT Token key
JWT_TOKEN_KEY=${env.JWT_TOKEN_KEY}
#This is used to enable web socket connection
WEB_SOCKET_ENABLED=${env.WEB_SOCKET_ENABLED}
#This is used to get CSRF key in service based execution
SERVICE_CSRF_KEY=${env.SERVICE_CSRF_KEY}