diff --git a/README.md b/README.md
index e617554ffa..435746d726 100644
--- a/README.md
+++ b/README.md
@@ -24,6 +24,62 @@ The API Documentation is found at [http://webapidoc.ohdsi.org/](http://webapidoc
Documentation can be found a the [Web API Installation Guide](https://github.com/OHDSI/WebAPI/wiki) which covers the system requirements and installation instructions.
+## WebAPI Configuration in version 3.0
+
+Application configuration has moved from a maven build-based pipeline (in version 2.x) to external configuration in WebAPI 3.0 (and using a new YAML format) as described in this [Atlas Sandbox project](https://github.com/OHDSI/AtlasWebAPISandbox/tree/main/ExternalConfig).
+
+### VS.Code Launch settings Example
+
+In VS Code, to launch the app using an external config, you can define a new launch settings in your local .vscode/launch.json file:
+
+```
+{
+ "configurations": [
+ {
+ "type": "java",
+ "name": "WebApi",
+ "request": "launch",
+ "mainClass": "org.ohdsi.webapi.WebApi",
+ "projectName": "WebAPI",
+ "vmArgs": "-Dspring.config.additional-location=file:C:/localsource/VSCodeWorkspace/webapi30-application.yaml"
+ }
+ ]
+}
+```
+_Note the format of Windows paths in this example_
+
+This will pass the necessary VM arg to load additional Spring configuration from the specified file. For example, for a local Postgres install with Windows Authentication enabled:
+
+```
+datasource:
+ dialect: postgresql
+ dialect.source: postgresql
+ driverClassName: org.postgresql.Driver
+ ohdsi:
+ schema: webapi
+ password: app1
+ url: jdbc:postgresql://localhost:5436/OHDSI_30
+ username: ohdsi_app_user
+security:
+ auth:
+ windows:
+ enabled: true
+ origin: http://localhost
+ provider: AtlasRegularSecurity
+```
+### Deploying WAR to Tomcat
+
+You can provide the enviornment variable `spring.config.additional-location` using a context.xml that is uploaded along with the WAR:
+
+```
+
+
+
+```
+
## JAR Build (Executable)
WebAPI can also be built as a self-contained executable JAR with embedded Tomcat:
@@ -56,40 +112,42 @@ java -jar target/WebAPI.jar \
Notes:
- Batch uses a table prefix and the security datasource can be overridden if you choose a separate connection, but both are optional when you keep everything on the main datasource/schema.
-## SAML Auth support
+## SAML Auth support (Updated for 3.0)
The following parameters are used:
-- `security.saml.idpMetadataLocation=classpath:saml/dev/idp-metadata.xml` - path to metadata used by identity provider
-- `security.saml.metadataLocation=saml/dev/sp-metadata.xml` - service provider metadata path
-- `security.saml.keyManager.keyStoreFile=classpath:saml/samlKeystore.jks` - path to keystore
-- `security.saml.keyManager.storePassword=nalle123` - keystore password
-- `security.saml.keyManager.passwords.arachnenetwork=nalle123` - private key password
-- `security.saml.keyManager.defaultKey=apollo` - keystore alias
-- `security.saml.sloUrl=https://localhost:8443/cas/logout` - identity provider logout URL
-- `security.saml.callbackUrl=http://localhost:8080/WebAPI/user/saml/callback` - URL called from identity provider after login
+- `security.auth.saml.idpMetadataLocation=classpath:saml/dev/idp-metadata.xml` - path to metadata used by identity provider
+- `security.auth.saml.metadataLocation=saml/dev/sp-metadata.xml` - service provider metadata path
+- `security.auth.saml.keyManager.keyStoreFile=classpath:saml/samlKeystore.jks` - path to keystore
+- `security.auth.saml.keyManager.storePassword=nalle123` - keystore password
+- `security.auth.saml.keyManager.passwords.arachnenetwork=nalle123` - private key password
+- `security.auth.saml.keyManager.defaultKey=apollo` - keystore alias
+- `security.auth.saml.sloUrl=https://localhost:8443/cas/logout` - identity provider logout URL
+- `security.auth.saml.callbackUrl=http://localhost:8080/WebAPI/user/saml/callback` - URL called from identity provider after login
Sample idp metadata and sp metadata config files for okta:
- `saml/dev/idp-metadata-okta.xml`
- `saml/dev/sp-metadata-okta.xml`
-## Managing auth providers
+## Managing auth providers (Updated for v3.0)
The following parameters are used to enable/disable certain provider:
-- `security.auth.windows.enabled`
-- `security.auth.kerberos.enabled`
-- `security.auth.openid.enabled`
-- `security.auth.facebook.enabled`
-- `security.auth.github.enabled`
-- `security.auth.google.enabled`
-- `security.auth.jdbc.enabled`
-- `security.auth.ldap.enabled`
- `security.auth.ad.enabled`
- `security.auth.cas.enabled`
+- `security.auth.jdbc.enabled`
+- `security.auth.kerberos.enabled`
+- `security.auth.ldap.enabled`
+- `security.auth.oauth.facebook.enabled`
+- `security.auth.oauth.github.enabled`
+- `security.auth.oauth.google.enabled`
+- `security.auth.openid.enabled`
+- `security.auth.windows.enabled`
Acceptable values are `true` and `false`
+Default paramaters for each of these authentication providers are provided as an example in the embedded application.yaml file. All providers are disabled by default.
+
## Geospatial support
Instructions can be found at [webapi-component-geospatial](https://github.com/OHDSI/webapi-component-geospatial)
diff --git a/pom.xml b/pom.xml
index 33d89ebd96..691c4d07b4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -10,8 +10,12 @@
WebAPI
war
- ${BUILD_NUMBER}
+ org.ohdsi.webapi.WebApi
+ false
+ false
+ none
UTF-8
+
3.5.6
@@ -23,291 +27,26 @@
1.5
-
1.12.1
3.1.9
1.19.1
3.1.2
6.0.5
2.18.2
- org.ohdsi.webapi.WebApi
- false
- false
- none
21
21
21
21
-
-
- org.postgresql.Driver
- jdbc:postgresql://localhost:5433/postgres?currentSchema=webapi
- postgres
- mypass
-
- postgresql
- webapi
- postgresql
-
- org.postgresql.Driver
- ${datasource.url}
- ${datasource.username}
- ${datasource.password}
- classpath:db/migration/postgresql
-
- ${datasource.ohdsi.schema}
- false
- ${datasource.ohdsi.schema}
-
- CDM_NAME
- 5
-
- false
-
- 5
-
-
- 60
- /etc/krb5.conf
-
-
- ${datasource.ohdsi.schema}.BATCH_
- ISOLATION_READ_COMMITTED
- default
-
- DisabledSecurity
- 43200
- http://localhost
- false
- http://localhost/Atlas/#/welcome
- http://localhost:8080/WebAPI/user/oauth/callback
-
- query
-
-
-
-
-
-
-
-
-
-
-
- {:}
- http://localhost/index.html#/welcome/
-
-
- cn={0},dc=example,dc=org
- ldap://localhost:389
-
-
-
- (&(objectClass=person)(CN={0}))
- displayName
- givenName
- initials
- sn
- cn
- cn
- uid
- CN=Users,DC=example,DC=org
-
- CN=Users,DC=example,DC=org
- @example.org
-
-
- (&(objectClass=person)(cn=%s))
- true
- 30000
- public
- (&(objectClass=person)(userPrincipalName=%s))
- displayname
- givenname
- initials
- sn
- cn
- sAMAccountName
- cn
-
-
-
-
-
- casticket
-
- ${datasource.ohdsi.schema}
- ${datasource.url}
- ${datasource.driverClassName}
- ${datasource.username}
- ${datasource.password}
-
- select password from ${security.db.datasource.schema}.users where lower(email) = lower(?)
- true
-
-
-
- false
-
- true
- 3
- 10
- 10
-
- false
-
-
-
-
-
-
-
-
-
- 60
-
- true
- true
- true
- true
- true
- true
- true
- true
- true
- true
-
- SELECT 1
- 2000
- 5
- 1
- 5000
- true
- authDataSource
-
-
-
-
- true
-
-
- 8080
-
-
-
- /WebAPI
-
1.17.4
3.1.9
- 600000
- 12
- 10000
- https://localhost:8888/api/v1/analyze
- Basic YWRtaW5Ab2R5c3NldXNpbmMuY29tOnBhc3N3b3Jk
-
- http://localhost:8080/WebAPI/executionservice/callbacks/submission/{id}/status/update/{password}
- http://localhost:8080/WebAPI/executionservice/callbacks/submission/{id}/result/{password}
- 100
-
-
- false
-
- PBEWithMD5AndDES
-
-
- OHDSI
-
-
- true
-
-
- false
- false
- 200
- true
- info
- info
- info
- info
- info
- info
- warn
-
-
- jcache
-
-
- 10
- 20
- 2147483647
-
-
-
-
- admin
- Moderator
-
- txt
-
-
- true
- false
-
- false
-
-
-
-
-
-
-
-
-
-
- 0 0 2 * * *
- 30
- 3600000
- false
-
- 3
-
- true
- true
- 47
49
- *
*
- false
-
-
- true
- en
-
-
- true
-
-
- 600000
-
-
- 10
-
- false
- /tmp/atlas/audit/audit.log
- /tmp/atlas/audit/audit-%d{yyyy-MM-dd}-%i.log
- /tmp/atlas/audit/audit-extra.log
-
false
-
- false
- ./data/cache
-
@@ -316,56 +55,6 @@
${basedir}/src/test/java
${basedir}/target/classes
${basedir}/target/test-classes
-
-
- src/main/resources
- true
-
- **/*.properties
- log4j.xml
-
-
-
- src/main/resources
- false
-
- **/*.*
-
-
- **/*.properties
- log4j.xml
-
-
-
-
-
- src/test/resources
- true
-
- **/*.properties
-
-
- application-test.properties
-
-
-
- src/test/resources
- false
-
- application-test.properties
-
-
-
- src/test/resources
- false
-
- **/*.*
-
-
- **/*.properties
-
-
-
org.apache.maven.plugins
@@ -442,7 +131,6 @@
spring-boot-maven-plugin
${spring.boot.version}
-
false
false
org.ohdsi.webapi.WebApi
@@ -454,10 +142,10 @@
--add-opens java.naming/com.sun.jndi.ldap=ALL-UNNAMED
- ${buildinfo.atlas.milestone.id}
${buildinfo.webapi.milestone.id}
- ${buildinfo.atlas.release.tag}
${buildinfo.webapi.release.tag}
+ ${git.branch}
+ ${git.commit.id.abbrev}
@@ -497,7 +185,7 @@
-parameters
-
+
**/trexsql/**
@@ -581,27 +269,14 @@
-
- central
- Maven Central
- https://repo.maven.apache.org/maven2
-
ohdsi
repo.ohdsi.org
https://repo.ohdsi.org/nexus/content/groups/public
-
- jitpack.io
- https://jitpack.io
-
-
- central
- https://repo.maven.apache.org/maven2
-
ohdsi
repo.ohdsi.org
@@ -1051,12 +726,6 @@
-
-
- com.nimbusds
- oauth2-oidc-sdk
- 11.20.1
-
org.pac4j
pac4j-http
@@ -1260,7 +929,7 @@
- trexsql
+ tcache
true
@@ -1268,7 +937,7 @@
com.github.p-hoffmann
trexsql-ext
- v0.1.23
+ v0.1.18
@@ -1277,7 +946,7 @@
org.apache.maven.plugins
maven-compiler-plugin
-
+
@@ -1293,30 +962,6 @@
webapi-oracle
-
- oracle.jdbc.OracleDriver
- jdbc:oracle:thin:@127.0.0.1:1521/ohdsi
- user
- password
- oracle
- ${datasource.driverClassName}
- ${datasource.url}
- user
- pass
- OHDSI
- ${datasource.ohdsi.schema}
- ${datasource.ohdsi.schema}
- ${datasource.ohdsi.schema}.BATCH_
-
- classpath:db/migration/oracle
- org.hibernate.dialect.Oracle10gDialect
- ${datasource.url}
- ${datasource.driverClassName}
- ${datasource.username}
- ${datasource.password}
- select password from ${security.db.datasource.schema}.user where \
- lower(email) = lower(?)
-
com.oracle.database.jdbc
@@ -1325,107 +970,12 @@
-
- webapi-postgresql
-
- org.postgresql.Driver
- jdbc:postgresql://54.209.111.128:5432/vocabularyv5
- USER
- PASS
- postgresql
- ohdsi
- ${datasource.driverClassName}
- ${datasource.url}
- userWithWritesToOhdsiSchema
- PASS
- ${datasource.ohdsi.schema}
- ${datasource.ohdsi.schema}
- classpath:db/migration/postgresql
- ${datasource.ohdsi.schema}.BATCH_
- org.hibernate.dialect.PostgreSQLDialect
- ${datasource.url}
- ${datasource.driverClassName}
- ${datasource.username}
- ${datasource.password}
- select password from ${security.db.datasource.schema}.users_data where \
- lower(email) = lower(?)
-
-
-
- webapi-docker
-
- unknown
- unknown
- true
- none
- true
- org.postgresql.Driver
- jdbc:postgresql://54.209.111.128:5432/vocabularyv5
- USER
- PASS
- postgresql
- ohdsi
- ${datasource.driverClassName}
- ${datasource.url}
- userWithWritesToOhdsiSchema
- PASS
- ${datasource.ohdsi.schema}
- ${datasource.ohdsi.schema}
- classpath:db/migration/postgresql
- ${datasource.ohdsi.schema}.BATCH_
- org.hibernate.dialect.PostgreSQLDialect
- ${datasource.url}
- ${datasource.driverClassName}
- ${datasource.username}
- ${datasource.password}
- select password from ${security.db.datasource.schema}.users_data where \
- lower(email) = lower(?)
-
-
-
- ohdsi.snapshots
- repo.ohdsi.org-snapshots
- https://repo.ohdsi.org/nexus/content/repositories/snapshots
-
- false
-
-
- true
-
-
-
-
webapi-mssql
-
- com.microsoft.sqlserver.jdbc.SQLServerDriver
- jdbc:sqlserver://server
- USER
- PASS
- sql server
- OHDSI_schema
- ${datasource.driverClassName}
- ${datasource.url}
- FLYWAY_USER
- FLYWAY_PASS
- ${datasource.ohdsi.schema}
- ${datasource.ohdsi.schema}
- classpath:db/migration/sqlserver
- ${datasource.ohdsi.schema}.BATCH_
- org.hibernate.dialect.SQLServer2012Dialect
- ${datasource.url}
- ${datasource.driverClassName}
- ${datasource.username}
- ${datasource.password}
- select password from ${security.db.datasource.schema}.user where \
- lower(email) = lower(?)
-
+
webapi-netezza
-
- true
-
org.netezza
@@ -1462,10 +1012,7 @@
webapi-impala
- true
2.6.15
-
- ...path/to/impala/jdbc/drivers...
@@ -1503,7 +1050,6 @@
webapi-spark
- true
${basedir}/src/main/extras/spark
@@ -1847,10 +1393,6 @@
webapi-redshift
-
-
- ...path/to/redshift/jdbc/drivers...
-
com.amazonaws
@@ -1880,7 +1422,6 @@
webapi-snowflake
- true
3.26.1
@@ -1894,7 +1435,6 @@
webapi-iris
- true
3.10.2
@@ -1943,6 +1483,8 @@
+
+
war
diff --git a/src/main/java/org/ohdsi/webapi/AuthDataSource.java b/src/main/java/org/ohdsi/webapi/AuthDataSource.java
index 0d1d4cee34..24bcc507c8 100644
--- a/src/main/java/org/ohdsi/webapi/AuthDataSource.java
+++ b/src/main/java/org/ohdsi/webapi/AuthDataSource.java
@@ -34,15 +34,15 @@
public class AuthDataSource {
private final Logger logger = LoggerFactory.getLogger(AuthDataSource.class);
- @Value("${security.db.datasource.driverClassName}")
+ @Value("${security.auth.jdbc.datasource.driverClassName}")
private String driverClassName;
- @Value("${security.db.datasource.url}")
+ @Value("${security.auth.jdbc.datasource.url}")
private String url;
- @Value("${security.db.datasource.username}")
+ @Value("${security.auth.jdbc.datasource.username}")
private String username;
- @Value("${security.db.datasource.password}")
+ @Value("${security.auth.jdbc.datasource.password}")
private String password;
- @Value("${security.db.datasource.schema}")
+ @Value("${security.auth.jdbc.datasource.schema}")
private String schema;
@Value("${spring.datasource.hikari.connection-test-query}")
private String testQuery;
diff --git a/src/main/java/org/ohdsi/webapi/OidcConfCreator.java b/src/main/java/org/ohdsi/webapi/OidcConfCreator.java
index 92aa5699db..281a960824 100644
--- a/src/main/java/org/ohdsi/webapi/OidcConfCreator.java
+++ b/src/main/java/org/ohdsi/webapi/OidcConfCreator.java
@@ -24,6 +24,7 @@
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.stereotype.Component;
import java.util.HashMap;
@@ -38,28 +39,28 @@ public class OidcConfCreator {
private volatile OidcConfiguration cachedConfiguration;
private final Object lock = new Object();
- @Value("${security.oid.clientId}")
+ @Value("${security.auth.openId.clientId}")
private String clientId;
- @Value("${security.oid.apiSecret}")
+ @Value("${security.auth.openId.apiSecret}")
private String apiSecret;
- @Value("${security.oid.url}")
+ @Value("${security.auth.openId.url}")
private String url;
- @Value("${security.oid.externalUrl:}")
+ @Value("${security.auth.openId.externalUrl:}")
private String externalUrl;
- @Value("${security.oid.logoutUrl}")
+ @Value("${security.auth.openId.logoutUrl}")
private String logoutUrl;
- @Value("${security.oid.extraScopes}")
+ @Value("${security.auth.openId.extraScopes}")
private String extraScopes;
- @Value("#{${security.oid.customParams:{T(java.util.Collections).emptyMap()}}}")
+ @Value("#{${security.auth.openId.customParams:{T(java.util.Collections).emptyMap()}}}")
private Map customParams = new HashMap<>();
- @Value("${security.oauth.callback.api}")
+ @Value("${security.auth.oauth.callback.api}")
private String oauthApiCallback;
/**
diff --git a/src/main/java/org/ohdsi/webapi/auth/AuthProviderService.java b/src/main/java/org/ohdsi/webapi/auth/AuthProviderService.java
index d82ce0c889..766abb7dbb 100644
--- a/src/main/java/org/ohdsi/webapi/auth/AuthProviderService.java
+++ b/src/main/java/org/ohdsi/webapi/auth/AuthProviderService.java
@@ -52,22 +52,22 @@ public class AuthProviderService {
@Value("${security.auth.cas.enabled}")
private boolean casAuthEnabled;
- @Value("${security.auth.openid.enabled}")
+ @Value("${security.auth.openId.enabled}")
private boolean openidAuthEnabled;
- @Value("${security.auth.facebook.enabled}")
+ @Value("${security.auth.oauth.facebook.enabled}")
private boolean facebookAuthEnabled;
- @Value("${security.auth.github.enabled}")
+ @Value("${security.auth.oauth.github.enabled}")
private boolean githubAuthEnabled;
- @Value("${security.auth.google.enabled}")
+ @Value("${security.auth.oauth.google.enabled}")
private boolean googleAuthEnabled;
- @Value("${security.auth.saml.enabled:false}")
+ @Value("${security.auth.saml.enabled}")
private boolean samlAuthEnabled;
- @Value("${security.oid.logoutUrl:}")
+ @Value("${security.auth.openId.logoutUrl:}")
private String oidcLogoutUrl;
/**
diff --git a/src/main/java/org/ohdsi/webapi/security/SSOController.java b/src/main/java/org/ohdsi/webapi/security/SSOController.java
index a1a47d99d0..b9c50fd627 100644
--- a/src/main/java/org/ohdsi/webapi/security/SSOController.java
+++ b/src/main/java/org/ohdsi/webapi/security/SSOController.java
@@ -49,9 +49,9 @@
@Controller
@Path("/saml/")
public class SSOController {
- @Value("${security.saml.metadataLocation}")
+ @Value("${security.auth.saml.metadataLocation}")
private String metadataLocation;
- @Value("${security.saml.sloUrl}")
+ @Value("${security.auth.saml.sloUrl}")
private String sloUri;
@Value("${security.origin}")
private String origin;
diff --git a/src/main/java/org/ohdsi/webapi/security/SecurityConfigurationInfo.java b/src/main/java/org/ohdsi/webapi/security/SecurityConfigurationInfo.java
index 4eb477ee2c..ab49bb6ff0 100644
--- a/src/main/java/org/ohdsi/webapi/security/SecurityConfigurationInfo.java
+++ b/src/main/java/org/ohdsi/webapi/security/SecurityConfigurationInfo.java
@@ -15,7 +15,7 @@ public class SecurityConfigurationInfo extends ConfigurationInfo {
private static final String KEY = "security";
public SecurityConfigurationInfo(@Value("${security.provider}") String securityProvider,
- @Value("${security.saml.enabled}") Boolean samlEnabled,
+ @Value("${security.auth.saml.enabled}") Boolean samlEnabled,
Security atlasSecurity) {
boolean enabled = !Objects.equals(securityProvider, Constants.SecurityProviders.DISABLED);
diff --git a/src/main/java/org/ohdsi/webapi/service/UserService.java b/src/main/java/org/ohdsi/webapi/service/UserService.java
index 51de0648c9..ab990c8131 100644
--- a/src/main/java/org/ohdsi/webapi/service/UserService.java
+++ b/src/main/java/org/ohdsi/webapi/service/UserService.java
@@ -36,7 +36,7 @@ public class UserService {
@Value("${trexsql.enabled:false}")
private boolean trexsqlCacheEnabled;
- @Value("${security.ad.default.import.group}#{T(java.util.Collections).emptyList()}")
+ @Value("${security.auth.ad.default.import.group}#{T(java.util.Collections).emptyList()}")
private List defaultRoles;
private Map roleCreatorPermissionsTemplate = new LinkedHashMap<>();
diff --git a/src/main/java/org/ohdsi/webapi/shiro/management/AtlasGoogleSecurity.java b/src/main/java/org/ohdsi/webapi/shiro/management/AtlasGoogleSecurity.java
index 2b53cab3ed..4cd31e2ca4 100644
--- a/src/main/java/org/ohdsi/webapi/shiro/management/AtlasGoogleSecurity.java
+++ b/src/main/java/org/ohdsi/webapi/shiro/management/AtlasGoogleSecurity.java
@@ -28,12 +28,12 @@ public class AtlasGoogleSecurity extends AtlasSecurity {
// Execute in console to get the ID:
// gcloud config get-value account | tr -cd "[0-9]"
- @Value("${security.googleIap.cloudProjectId}")
+ @Value("${security.auth.googleIap.cloudProjectId}")
private Long googleCloudProjectId;
// Execute in console to get the ID:
// gcloud compute backend-services describe my-backend-service --global --format="value(id)"
- @Value("${security.googleIap.backendServiceId}")
+ @Value("${security.auth.googleIap.backendServiceId}")
private Long googleBackendServiceId;
public AtlasGoogleSecurity(EntityPermissionSchemaResolver permissionSchemaResolver) {
diff --git a/src/main/java/org/ohdsi/webapi/shiro/management/AtlasRegularSecurity.java b/src/main/java/org/ohdsi/webapi/shiro/management/AtlasRegularSecurity.java
index 5290807ebc..c5ca7837c4 100644
--- a/src/main/java/org/ohdsi/webapi/shiro/management/AtlasRegularSecurity.java
+++ b/src/main/java/org/ohdsi/webapi/shiro/management/AtlasRegularSecurity.java
@@ -88,106 +88,106 @@ public class AtlasRegularSecurity extends AtlasSecurity {
@Value("${security.token.expiration}")
private int tokenExpirationIntervalInSeconds;
- @Value("${security.oauth.callback.ui}")
+ @Value("${security.auth.oauth.callback.ui}")
private String oauthUiCallback;
- @Value("${security.oauth.callback.api}")
+ @Value("${security.auth.oauth.callback.api}")
private String oauthApiCallback;
- @Value("${security.oauth.callback.urlResolver}")
+ @Value("${security.auth.oauth.callback.urlResolver}")
private String oauthCallbackUrlResolver;
- @Value("${security.oauth.google.apiKey}")
+ @Value("${security.auth.oauth.google.apiKey}")
private String googleApiKey;
- @Value("${security.oauth.google.apiSecret}")
+ @Value("${security.auth.oauth.google.apiSecret}")
private String googleApiSecret;
- @Value("${security.oauth.facebook.apiKey}")
+ @Value("${security.auth.oauth.facebook.apiKey}")
private String facebookApiKey;
- @Value("${security.oauth.facebook.apiSecret}")
+ @Value("${security.auth.oauth.facebook.apiSecret}")
private String facebookApiSecret;
- @Value("${security.oauth.github.apiKey}")
+ @Value("${security.auth.oauth.github.apiKey}")
private String githubApiKey;
- @Value("${security.oauth.github.apiSecret}")
+ @Value("${security.auth.oauth.github.apiSecret}")
private String githubApiSecret;
- @Value("${security.kerberos.spn}")
+ @Value("${security.auth.kerberos.spn}")
private String kerberosSpn;
- @Value("${security.kerberos.keytabPath}")
+ @Value("${security.auth.kerberos.keytabPath}")
private String kerberosKeytabPath;
- @Value("${security.ldap.dn}")
+ @Value("${security.auth.ldap.dn}")
private String userDnTemplate;
- @Value("${security.ldap.url}")
+ @Value("${security.auth.ldap.url}")
private String ldapUrl;
- @Value("${security.ldap.searchString}")
+ @Value("${security.auth.ldap.searchString}")
private String ldapSearchString;
- @Value("${security.ldap.searchBase}")
+ @Value("${security.auth.ldap.searchBase}")
private String ldapSearchBase;
- @Value("${security.ad.url}")
+ @Value("${security.auth.ad.url}")
private String adUrl;
- @Value("${security.ad.searchBase}")
+ @Value("${security.auth.ad.searchBase}")
private String adSearchBase;
- @Value("${security.ad.principalSuffix}")
+ @Value("${security.auth.ad.principalSuffix}")
private String adPrincipalSuffix;
- @Value("${security.ad.system.username}")
+ @Value("${security.auth.ad.system.username}")
private String adSystemUsername;
- @Value("${security.ad.system.password}")
+ @Value("${security.auth.ad.system.password}")
private String adSystemPassword;
- @Value("${security.db.datasource.authenticationQuery}")
+ @Value("${security.auth.jdbc.datasource.authenticationQuery}")
private String jdbcAuthenticationQuery;
- @Value("${security.ad.searchFilter}")
+ @Value("${security.auth.ad.searchFilter}")
private String adSearchFilter;
- @Value("${security.ad.searchString}")
+ @Value("${security.auth.ad.searchString}")
private String adSearchString;
- @Value("${security.ad.ignore.partial.result.exception}")
+ @Value("${security.auth.ad.ignore.partial.result.exception}")
private Boolean adIgnorePartialResultException;
- @Value("${security.google.accessToken.enabled}")
+ @Value("${security.auth.google.accessToken.enabled}")
private Boolean googleAccessTokenEnabled;
- @Value("${security.saml.keyManager.storePassword}")
+ @Value("${security.auth.saml.keyManager.storePassword}")
private String keyStorePassword;
- @Value("${security.saml.keyManager.passwords.arachnenetwork}")
+ @Value("${security.auth.saml.keyManager.passwords.arachnenetwork}")
private String privateKeyPassword;
- @Value("${security.saml.entityId}")
+ @Value("${security.auth.saml.entityId}")
private String identityProviderEntityId;
- @Value("${security.saml.idpMetadataLocation}")
+ @Value("${security.auth.saml.idpMetadataLocation}")
private String metadataLocation;
- @Value("${security.saml.keyManager.keyStoreFile}")
+ @Value("${security.auth.saml.keyManager.keyStoreFile}")
private String keyStoreFile;
- @Value("${security.saml.keyManager.defaultKey}")
+ @Value("${security.auth.saml.keyManager.defaultKey}")
private String alias;
- @Value("${security.saml.metadataLocation}")
+ @Value("${security.auth.saml.metadataLocation}")
private String spMetadataLocation;
- @Value("${security.saml.callbackUrl}")
+ @Value("${security.auth.saml.callbackUrl}")
private String samlCallbackUrl;
- @Value("${security.saml.maximumAuthenticationLifetime}")
+ @Value("${security.auth.saml.maximumAuthenticationLifetime}")
private int maximumAuthenticationLifetime;
@Autowired
@@ -210,25 +210,25 @@ public class AtlasRegularSecurity extends AtlasSecurity {
@Autowired
private LdapUserMapper ldapUserMapper;
- @Value("${security.oid.redirectUrl}")
+ @Value("${security.auth.openId.redirectUrl}")
private String redirectUrl;
- @Value("${security.cas.loginUrl}")
+ @Value("${security.auth.cas.loginUrl}")
private String casLoginUrl;
- @Value("${security.cas.callbackUrl}")
+ @Value("${security.auth.cas.callbackUrl}")
private String casCallbackUrl;
- @Value("${security.cas.serverUrl}")
+ @Value("${security.auth.cas.serverUrl}")
private String casServerUrl;
- @Value("${security.cas.cassvcs}")
+ @Value("${security.auth.cas.cassvcs}")
private String casSvcs;
- @Value("${security.cas.casticket}")
+ @Value("${security.auth.cas.casticket}")
private String casticket;
- @Value("${security.saml.enabled:false}")
+ @Value("${security.auth.saml.enabled:false}")
private boolean samlEnabled;
@Value("${security.auth.windows.enabled}")
@@ -249,16 +249,16 @@ public class AtlasRegularSecurity extends AtlasSecurity {
@Value("${security.auth.cas.enabled}")
private boolean casAuthEnabled;
- @Value("${security.auth.openid.enabled}")
+ @Value("${security.auth.openId.enabled}")
private boolean openidAuthEnabled;
- @Value("${security.auth.facebook.enabled}")
+ @Value("${security.auth.oauth.facebook.enabled}")
private boolean facebookAuthEnabled;
- @Value("${security.auth.github.enabled}")
+ @Value("${security.auth.oauth.github.enabled}")
private boolean githubAuthEnabled;
- @Value("${security.auth.google.enabled}")
+ @Value("${security.auth.oauth.google.enabled}")
private boolean googleAuthEnabled;
private RestTemplate restTemplate = new RestTemplate();
diff --git a/src/main/java/org/ohdsi/webapi/shiro/mapper/ADUserMapper.java b/src/main/java/org/ohdsi/webapi/shiro/mapper/ADUserMapper.java
index e7a9ffb918..c5157c0ce6 100644
--- a/src/main/java/org/ohdsi/webapi/shiro/mapper/ADUserMapper.java
+++ b/src/main/java/org/ohdsi/webapi/shiro/mapper/ADUserMapper.java
@@ -5,19 +5,19 @@
@Component
public class ADUserMapper extends UserMapper {
- @Value("${security.ad.userMapping.firstnameAttr}")
+ @Value("${security.auth.ad.userMapping.firstnameAttr}")
private String firstnameKey;
- @Value("${security.ad.userMapping.middlenameAttr}")
+ @Value("${security.auth.ad.userMapping.middlenameAttr}")
private String middlenameKey;
- @Value("${security.ad.userMapping.lastnameAttr}")
+ @Value("${security.auth.ad.userMapping.lastnameAttr}")
private String lastnameKey;
- @Value("${security.ad.userMapping.usernameAttr}")
+ @Value("${security.auth.ad.userMapping.usernameAttr}")
private String usernameKey;
- @Value("${security.ad.userMapping.displaynameAttr}")
+ @Value("${security.auth.ad.userMapping.displaynameAttr}")
private String displaynameKey;
@Override
diff --git a/src/main/java/org/ohdsi/webapi/shiro/mapper/LdapUserMapper.java b/src/main/java/org/ohdsi/webapi/shiro/mapper/LdapUserMapper.java
index 4fdf4f467b..1fe6129e7d 100644
--- a/src/main/java/org/ohdsi/webapi/shiro/mapper/LdapUserMapper.java
+++ b/src/main/java/org/ohdsi/webapi/shiro/mapper/LdapUserMapper.java
@@ -5,19 +5,19 @@
@Component
public class LdapUserMapper extends UserMapper {
- @Value("${security.ldap.userMapping.firstnameAttr}")
+ @Value("${security.auth.ldap.userMapping.firstnameAttr}")
private String firstnameKey;
- @Value("${security.ldap.userMapping.middlenameAttr}")
+ @Value("${security.auth.ldap.userMapping.middlenameAttr}")
private String middlenameKey;
- @Value("${security.ldap.userMapping.lastnameAttr}")
+ @Value("${security.auth.ldap.userMapping.lastnameAttr}")
private String lastnameKey;
- @Value("${security.ldap.userMapping.usernameAttr}")
+ @Value("${security.auth.ldap.userMapping.usernameAttr}")
private String usernameKey;
- @Value("${security.ldap.userMapping.displaynameAttr}")
+ @Value("${security.auth.ldap.userMapping.displaynameAttr}")
private String displaynameKey;
@Override
diff --git a/src/main/java/org/ohdsi/webapi/user/importer/UserImportController.java b/src/main/java/org/ohdsi/webapi/user/importer/UserImportController.java
index cc4653228e..d68e5f19b6 100644
--- a/src/main/java/org/ohdsi/webapi/user/importer/UserImportController.java
+++ b/src/main/java/org/ohdsi/webapi/user/importer/UserImportController.java
@@ -57,10 +57,10 @@ public class UserImportController {
@Autowired
private GenericConversionService conversionService;
- @Value("${security.ad.url}")
+ @Value("${security.auth.ad.url}")
private String adUrl;
- @Value("${security.ldap.url}")
+ @Value("${security.auth.ldap.url}")
private String ldapUrl;
@GET
diff --git a/src/main/java/org/ohdsi/webapi/user/importer/providers/ActiveDirectoryProvider.java b/src/main/java/org/ohdsi/webapi/user/importer/providers/ActiveDirectoryProvider.java
index 926c051c7b..b8be287d42 100644
--- a/src/main/java/org/ohdsi/webapi/user/importer/providers/ActiveDirectoryProvider.java
+++ b/src/main/java/org/ohdsi/webapi/user/importer/providers/ActiveDirectoryProvider.java
@@ -24,40 +24,40 @@
import static org.ohdsi.webapi.user.importer.providers.OhdsiLdapUtils.valueAsList;
@Component
-@ConditionalOnProperty("security.ad.url")
+@ConditionalOnProperty("security.auth.ad.url")
public class ActiveDirectoryProvider extends AbstractLdapProvider {
- @Value("${security.ad.url}")
+ @Value("${security.auth.ad.url}")
private String adUrl;
- @Value("${security.ad.searchBase}")
+ @Value("${security.auth.ad.searchBase}")
private String adSearchBase;
- @Value("${security.ad.principalSuffix}")
+ @Value("${security.auth.ad.principalSuffix}")
private String adPrincipalSuffix;
- @Value("${security.ad.system.username}")
+ @Value("${security.auth.ad.system.username}")
private String adSystemUsername;
- @Value("${security.ad.system.password}")
+ @Value("${security.auth.ad.system.password}")
private String adSystemPassword;
- @Value("${security.ad.referral:#{null}}")
+ @Value("${security.auth.ad.referral:#{null}}")
private String referral;
- @Value("${security.ad.ignore.partial.result.exception:false}")
+ @Value("${security.auth.ad.ignore.partial.result.exception:false}")
private Boolean adIgnorePartialResultException;
- @Value("${security.ad.result.count.limit:30000}")
+ @Value("${security.auth.ad.result.count.limit:30000}")
private Long countLimit;
- @Value("${security.ad.searchFilter}")
+ @Value("${security.auth.ad.searchFilter}")
private String adSearchFilter;
- @Value("${security.ad.userImport.loginAttr}")
+ @Value("${security.auth.ad.userImport.loginAttr}")
private String loginAttr;
- @Value("${security.ad.userImport.usernameAttr}")
+ @Value("${security.auth.ad.userImport.usernameAttr}")
private String usernameAttr;
private String[] userAttributes;
diff --git a/src/main/java/org/ohdsi/webapi/user/importer/providers/DefaultLdapProvider.java b/src/main/java/org/ohdsi/webapi/user/importer/providers/DefaultLdapProvider.java
index d1435b9d59..dc13889a91 100644
--- a/src/main/java/org/ohdsi/webapi/user/importer/providers/DefaultLdapProvider.java
+++ b/src/main/java/org/ohdsi/webapi/user/importer/providers/DefaultLdapProvider.java
@@ -33,34 +33,34 @@
import static org.ohdsi.webapi.user.importer.providers.OhdsiLdapUtils.valueAsString;
@Component
-@ConditionalOnProperty("security.ldap.url")
+@ConditionalOnProperty(name = "security.auth.ldap.enabled", havingValue = "true", matchIfMissing = false)
public class DefaultLdapProvider extends AbstractLdapProvider {
private static final String DN = "DN";
private static final String[] RETURNING_ATTRS = {DN, "cn", "ou"};
private static final String[] USER_ATTRIBUTES = {DN, "uid", "cn"};
- @Value("${security.ldap.url}")
+ @Value("${security.auth.ldap.url}")
private String ldapUrl;
- @Value("${security.ldap.baseDn}")
+ @Value("${security.auth.ldap.baseDn}")
private String baseDn;
- @Value("${security.ldap.system.username}")
+ @Value("${security.auth.ldap.system.username}")
private String systemUsername;
- @Value("${security.ldap.referral:#{null}}")
+ @Value("${security.auth.ldap.referral:#{null}}")
private String referral;
- @Value("${security.ldap.system.password}")
+ @Value("${security.auth.ldap.system.password}")
private String systemPassword;
- @Value("${security.ldap.ignore.partial.result.exception:false}")
+ @Value("${security.auth.ldap.ignore.partial.result.exception:false}")
private Boolean ldapIgnorePartialResultException;
- @Value("${security.ldap.userImport.loginAttr}")
+ @Value("${security.auth.ldap.userImport.loginAttr}")
private String loginAttr;
- @Value("${security.ldap.userImport.usernameAttr}")
+ @Value("${security.auth.ldap.userImport.usernameAttr}")
private String usernameAttr;
private String[] userAttributes;
diff --git a/src/main/java/org/ohdsi/webapi/user/importer/service/UserImportServiceImpl.java b/src/main/java/org/ohdsi/webapi/user/importer/service/UserImportServiceImpl.java
index bb4abdf61c..9555333e72 100644
--- a/src/main/java/org/ohdsi/webapi/user/importer/service/UserImportServiceImpl.java
+++ b/src/main/java/org/ohdsi/webapi/user/importer/service/UserImportServiceImpl.java
@@ -61,7 +61,7 @@ public class UserImportServiceImpl implements UserImportService {
private final RoleGroupRepository roleGroupMappingRepository;
- @Value("${security.ad.default.import.group}#{T(java.util.Collections).emptyList()}")
+ @Value("${security.auth.ad.default.import.group}#{T(java.util.Collections).emptyList()}")
private List defaultRoles;
public UserImportServiceImpl(@Autowired(required = false) ActiveDirectoryProvider activeDirectoryProvider,
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
deleted file mode 100644
index 70003061ca..0000000000
--- a/src/main/resources/application.properties
+++ /dev/null
@@ -1,288 +0,0 @@
-#BuildNumber Version property stub until migration to spring boot 2
-build.number=NA
-
-spring.profiles.active=${spring.profiles.active}
-
-# Logging
-logging.level.org.springframework.web=${logging.level.org.springframework.web}
-logging.level.org.hibernate=${logging.level.org.hibernate}
-logging.level.root=${logging.level.root}
-logging.level.org.ohdsi=${logging.level.org.ohdsi}
-logging.level.org.springframework.orm=${logging.level.org.springframework.orm}
-logging.level.org.springframework.jdbc=${logging.level.org.springframework.jdbc}
-logging.level.org.apache.shiro=${logging.level.org.apache.shiro}
-
-spring.jackson.serialization.write-dates-as-timestamps=true
-
-#Primary DataSource
-datasource.driverClassName=${datasource.driverClassName}
-datasource.url=${datasource.url}
-datasource.username=${datasource.username}
-datasource.password=${datasource.password}
-datasource.dialect=${datasource.dialect}
-datasource.ohdsi.schema=${datasource.ohdsi.schema}
-datasource.dialect.source=${datasource.dialect.source}
-
-#CDM properties
-source.name=${source.name}
-cdm.version=${cdm.version}
-
-#R Service Host
-r.serviceHost=${r.serviceHost}
-
-#DataSource for Change Managment / Migration
-spring.flyway.enabled=true
-spring.flyway.driver-class-name=${datasource.driverClassName}
-spring.flyway.url=${datasource.url}
-spring.flyway.user=${flyway.datasource.username}
-spring.flyway.password=${flyway.datasource.password}
-# Flyway schema history table name
-spring.flyway.table=schema_version
-# check that migration scripts location exists
-spring.flyway.fail-on-missing-locations=true
-spring.flyway.locations=${flyway.locations}
-# locations of migrations scripts
-# schemas to manage/update (e.g. ohdsi/results schema) -NOTE: CASE SENSITIVE!
-spring.flyway.schemas=${datasource.ohdsi.schema}
-#Baseline - start flyway managment with existing objects
-spring.flyway.baseline-on-migrate=true
-#Due to issue https://github.com/flyway/flyway/issues/752 use default baselineVersion=1 (Note equality to 1.0.0.0, so scripts with that version will be omitted)
-#spring.flyway.baseline-version=1.0.0.0
-spring.flyway.validate-on-migrate=${flyway.validateOnMigrate}
-# Enable out of order migrations due to distributed development nature of WebAPI
-spring.flyway.out-of-order=false
-# Flyway Placeholders:
-spring.flyway.placeholders.ohdsiSchema=${datasource.ohdsi.schema}
-
-#Disable any auto init
-#http://docs.spring.io/spring-boot/docs/current/reference/html/howto-database-initialization.html
-spring.datasource.initialize=false
-#JPA / Spring Data
-spring.jpa.show-sql=${spring.jpa.show-sql}
-# JPA Default Schema
-spring.jpa.properties.hibernate.default_schema=${datasource.ohdsi.schema}
-spring.jpa.properties.hibernate.generate_statistics=${spring.jpa.properties.hibernate.generate_statistics}
-spring.jpa.properties.hibernate.jdbc.batch_size=${spring.jpa.properties.hibernate.jdbc.batch_size}
-spring.jpa.properties.hibernate.order_inserts=${spring.jpa.properties.hibernate.order_inserts}
-
-#Spring Autoconfig
-spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.ldap.LdapAutoConfiguration
-
-#Jersey WADL disabled to silence missing JAXBContext warning
-jersey.config.server.wadl.disableWadl=true
-
-#Spring Cache
-spring.cache.jcache.config=classpath:appCache.xml
-spring.cache.type=${spring.cache.type}
-
-#JAX-RS
-jersey.resources.root.package=org.ohdsi.webapi
-
-#Spring boot auto starts jobs upon application start
-spring.batch.job.enabled=false
-#Disable auto init of spring batch tables
-spring.batch.initializer.enabled=false
-#Custom properties
-spring.batch.repository.tableprefix=${spring.batch.repository.tableprefix}
-spring.batch.repository.isolationLevelForCreate=${spring.batch.repository.isolationLevelForCreate}
-spring.batch.taskExecutor.corePoolSize=${spring.batch.taskExecutor.corePoolSize}
-spring.batch.taskExecutor.maxPoolSize=${spring.batch.taskExecutor.maxPoolSize}
-spring.batch.taskExecutor.queueCapacity=${spring.batch.taskExecutor.queueCapacity}
-spring.batch.taskExecutor.threadGroupName=${spring.batch.taskExecutor.threadGroupName}
-spring.batch.taskExecutor.threadNamePrefix=${spring.batch.taskExecutor.threadNamePrefix}
-
-# EMBEDDED SERVER CONFIGURATION (ServerProperties)
-server.port = ${server.port}
-server.ssl.enabled = ${security.ssl.enabled}
-server.ssl.key-store = ${server.ssl.key-store}
-server.ssl.key-store-password = ${server.ssl.key-store-password}
-server.ssl.key-password = ${server.ssl.key-password}
-# the context path, defaults to '/'
-server.context-path=/WebAPI
-security.cas.loginUrl=${security.cas.loginUrl}
-security.cas.callbackUrl=${security.cas.callbackUrl}
-security.cas.serverUrl=${security.cas.serverUrl}
-security.cas.cassvcs=${security.cas.cassvcs}
-security.cas.casticket=${security.cas.casticket}
-# Full Text Search settings
-solr.endpoint = ${solr.endpoint}
-solr.query.prefix = ${solr.query.prefix}
-# Enabling Compression
-compression=true
-compressableMimeType=application/json,application/xml,text/html,text/xml,text/plain
-
-
-#Disabled to support Basic Auth and RESTful interface
-#http://docs.spring.io/spring-security/site/docs/3.2.x-SNAPSHOT/reference/html5/#when-to-use-csrf-protection
-csrf.disable=true
-
-sparql.endpoint=http://virtuoso.ohdsi.org:8890/sparql?default-graph-uri=&query=
-
-security.defaultGlobalReadPermissions=${security.defaultGlobalReadPermissions}
-security.provider=${security.provider}
-security.cors.enabled=${security.cors.enabled}
-security.token.expiration=${security.token.expiration}
-security.origin=${security.origin}
-security.ssl.enabled=${security.ssl.enabled}
-security.oauth.callback.ui=${security.oauth.callback.ui}
-security.oauth.callback.api=${security.oauth.callback.api}
-security.oauth.callback.urlResolver=${security.oauth.callback.urlResolver}
-security.oauth.google.apiKey=${security.oauth.google.apiKey}
-security.oauth.google.apiSecret=${security.oauth.google.apiSecret}
-security.oauth.facebook.apiKey=${security.oauth.facebook.apiKey}
-security.oauth.facebook.apiSecret=${security.oauth.facebook.apiSecret}
-security.oauth.github.apiKey=${security.oauth.github.apiKey}
-security.oauth.github.apiSecret=${security.oauth.github.apiSecret}
-security.oid.clientId=${security.oid.clientId}
-security.oid.apiSecret=${security.oid.apiSecret}
-security.oid.url=${security.oid.url}
-security.oid.redirectUrl=${security.oid.redirectUrl}
-security.oid.logoutUrl=${security.oid.logoutUrl}
-security.oid.extraScopes=${security.oid.extraScopes}
-security.oid.customParams=${security.oid.customParams}
-security.db.datasource.driverClassName=${security.db.datasource.driverClassName}
-security.db.datasource.url=${security.db.datasource.url}
-security.db.datasource.username=${security.db.datasource.username}
-security.db.datasource.password=${security.db.datasource.password}
-security.db.datasource.schema=${security.db.datasource.schema}
-security.db.datasource.authenticationQuery=${security.db.datasource.authenticationQuery}
-security.ldap.dn=${security.ldap.dn}
-security.ldap.url=${security.ldap.url}
-security.ldap.baseDn=${security.ldap.baseDn}
-security.ldap.system.username=${security.ldap.system.username}
-security.ldap.system.password=${security.ldap.system.password}
-security.ldap.searchString=${security.ldap.searchString}
-security.ldap.searchBase=${security.ldap.searchBase}
-security.ldap.userMapping.displaynameAttr=${security.ldap.userMapping.displaynameAttr}
-security.ldap.userMapping.firstnameAttr=${security.ldap.userMapping.firstnameAttr}
-security.ldap.userMapping.middlenameAttr=${security.ldap.userMapping.middlenameAttr}
-security.ldap.userMapping.lastnameAttr=${security.ldap.userMapping.lastnameAttr}
-security.ldap.userMapping.usernameAttr=${security.ldap.userMapping.usernameAttr}
-security.ldap.userImport.usernameAttr=${security.ldap.userImport.usernameAttr}
-security.ldap.userImport.loginAttr=${security.ldap.userImport.loginAttr}
-security.ad.url=${security.ad.url}
-security.ad.searchBase=${security.ad.searchBase}
-security.ad.principalSuffix=${security.ad.principalSuffix}
-security.ad.system.username=${security.ad.system.username}
-security.ad.system.password=${security.ad.system.password}
-security.ad.searchFilter=${security.ad.searchFilter}
-security.ad.searchString=${security.ad.searchString}
-security.ad.ignore.partial.result.exception=${security.ad.ignore.partial.result.exception}
-security.ad.result.count.limit=${security.ad.result.count.limit}
-security.ad.default.import.group=${security.ad.default.import.group}
-security.ad.userMapping.displaynameAttr=${security.ad.userMapping.displaynameAttr}
-security.ad.userMapping.firstnameAttr=${security.ad.userMapping.firstnameAttr}
-security.ad.userMapping.middlenameAttr=${security.ad.userMapping.middlenameAttr}
-security.ad.userMapping.lastnameAttr=${security.ad.userMapping.lastnameAttr}
-security.ad.userMapping.usernameAttr=${security.ad.userMapping.usernameAttr}
-security.ad.userImport.usernameAttr=${security.ad.userImport.usernameAttr}
-security.ad.userImport.loginAttr=${security.ad.userImport.loginAttr}
-
-security.saml.enabled=${security.saml.enabled}
-security.saml.entityId=${security.saml.entityId}
-security.saml.idpMetadataLocation=${security.saml.idpMetadataLocation}
-security.saml.keyManager.keyStoreFile=${security.saml.keyManager.keyStoreFile}
-security.saml.keyManager.storePassword=${security.saml.keyManager.storePassword}
-security.saml.keyManager.defaultKey=${security.saml.keyManager.defaultKey}
-security.saml.keyManager.passwords.arachnenetwork=${security.saml.keyManager.passwords.arachnenetwork}
-security.saml.metadataLocation=${security.saml.metadataLocation}
-security.saml.callbackUrl=${security.saml.callbackUrl}
-security.saml.sloUrl=${security.saml.sloUrl}
-security.saml.maximumAuthenticationLifetime=${security.saml.maximumAuthenticationLifetime}
-
-security.googleIap.cloudProjectId=${security.googleIap.cloudProjectId}
-security.googleIap.backendServiceId=${security.googleIap.backendServiceId}
-security.google.accessToken.enabled=${security.google.accessToken.enabled}
-
-security.kerberos.spn=${security.kerberos.spn}
-security.kerberos.keytabPath=${security.kerberos.keytabPath}
-
-security.maxLoginAttempts=${security.maxLoginAttempts}
-security.duration.initial=${security.duration.initial}
-security.duration.increment=${security.duration.increment}
-
-security.auth.windows.enabled=${security.auth.windows.enabled}
-security.auth.kerberos.enabled=${security.auth.kerberos.enabled}
-security.auth.openid.enabled=${security.auth.openid.enabled}
-security.auth.facebook.enabled=${security.auth.facebook.enabled}
-security.auth.github.enabled=${security.auth.github.enabled}
-security.auth.google.enabled=${security.auth.google.enabled}
-security.auth.jdbc.enabled=${security.auth.jdbc.enabled}
-security.auth.ldap.enabled=${security.auth.ldap.enabled}
-security.auth.ad.enabled=${security.auth.ad.enabled}
-security.auth.cas.enabled=${security.auth.cas.enabled}
-
-
-#Hikari
-spring.datasource.hikari.connection-test-query=${spring.datasource.hikari.connection-test-query}
-spring.datasource.hikari.connection-test-query-timeout=${spring.datasource.hikari.connection-test-query-timeout}
-spring.datasource.hikari.maximum-pool-size=${spring.datasource.hikari.maximum-pool-size}
-spring.datasource.hikari.minimum-idle=${spring.datasource.hikari.minimum-idle}
-spring.datasource.hikari.connection-timeout=${spring.datasource.hikari.connection-timeout}
-spring.datasource.hikari.register-mbeans=${spring.datasource.hikari.register-mbeans}
-spring.datasource.hikari.mbean-name=${spring.datasource.hikari.mbean-name}
-
-person.viewDates=${person.viewDates}
-
-#Heracles settings
-heracles.smallcellcount=${heracles.smallcellcount}
-
-jasypt.encryptor.enabled=${jasypt.encryptor.enabled}
-jasypt.encryptor.password=${jasypt.encryptor.password}
-jasypt.encryptor.algorithm=${jasypt.encryptor.algorithm}
-
-#Kerberos settings
-kerberos.timeout=${kerberos.timeout}
-kerberos.configPath=${kerberos.configPath}
-kerberos.kinitPath=${kerberos.kinitPath}
-
-#Organization Settings
-organization.name=${organization.name}
-
-#JdbcTemplate
-jdbc.suppressInvalidApiException=${jdbc.suppressInvalidApiException}
-
-#Sensitive info settings
-sensitiveinfo.admin.role=${sensitiveinfo.admin.role}
-sensitiveinfo.moderator.role=${sensitiveinfo.moderator.role}
-sensitiveinfo.analysis.extensions=${sensitiveinfo.analysis.extensions}
-analysis.result.zipVolumeSizeMb=${analysis.result.zipVolumeSizeMb}
-
-#Cache Config
-cdm.result.cache.warming.enable=${cdm.result.cache.warming.enable}
-cdm.cache.achilles.warming.enable=${cdm.cache.achilles.warming.enable}
-cdm.cache.cron.warming.enable=${cdm.cache.cron.warming.enable}
-cdm.cache.cron.expression=${cdm.cache.cron.expression}
-
-cache.generation.invalidAfterDays=${cache.generation.invalidAfterDays}
-cache.generation.cleanupInterval=${cache.generation.cleanupInterval}
-cache.generation.useAsync=${cache.generation.useAsync}
-cache.jobs.count=${cache.jobs.count}
-
-# Achilles cache
-cache.achilles.usePersonCount=${cache.achilles.usePersonCount}
-
-#Atlas geo spatial
-atlasgis.enabled=${gis.enabled}
-
-#I18n
-i18n.enabled=${i18n.enabled}
-i18n.defaultLocale=${i18n.defaultLocale}
-
-#Tags
-tag.enabled=${tag.enabled}
-tag.refreshStat.period=${tag.refreshStat.period}
-
-#Versioning
-versioning.maxAttempt=${versioning.maxAttempt}
-
-#Audit trail
-audit.trail.enabled=${audit.trail.enabled}
-audit.trail.log.file=${audit.trail.log.file}
-audit.trail.log.file.pattern=${audit.trail.log.file.pattern}
-audit.trail.log.extraFile=${audit.trail.log.extraFile}
-
-# Trexsql configuration
-trexsql.enabled=${trexsql.enabled}
-trexsql.cache-path=${trexsql.cache-path}
-trexsql.extensions-path=${trexsql.extensions-path}
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
new file mode 100644
index 0000000000..b879102a2f
--- /dev/null
+++ b/src/main/resources/application.yaml
@@ -0,0 +1,364 @@
+analysis:
+ result:
+ zipVolumeSizeMb: 100
+atlasgis:
+ enabled: false
+audit:
+ trail:
+ enabled: false
+ log:
+ extraFile: /tmp/atlas/audit/audit-extra.log
+ file: /tmp/atlas/audit/audit.log
+ file.pattern: /tmp/atlas/audit/audit-%d{yyyy-MM-dd}-%i.log
+build:
+ number: NA
+cache:
+ achilles:
+ usePersonCount: true
+ generation:
+ cleanupInterval: 3600000
+ invalidAfterDays: 30
+ useAsync: false
+ jobs:
+ count: 3
+cdm:
+ cache:
+ achilles:
+ warming:
+ enable: false
+ cron:
+ # cron expression to warm cdm cache
+ # cron expression format (asterisk means 'every' - '*' in seconds means 'every second')
+ # default value is '0 0 2 * * *' which means "at 2am every day"
+ # ┌───────second (0-59)
+ # │ ┌────── minute (0-59)
+ # │ │ ┌────── hour (0-23)
+ # │ │ │ ┌────── day of the month (1-31)
+ # │ │ │ │ ┌────── month (1-12)
+ # │ │ │ │ │ ┌────── day of the week (0-7)
+ # * * * * * *
+ expression: 0 0 2 * * *
+ warming:
+ enable: false
+ result:
+ cache:
+ warming:
+ enable: false
+ version: 5
+compressableMimeType: application/json,application/xml,text/html,text/xml,text/plain
+compression: true
+csrf:
+ disable: true
+datasource:
+ dialect: postgresql
+ dialect.source: postgresql
+ driverClassName: org.postgresql.Driver
+ ohdsi:
+ schema: webapi
+ password: app1
+ url: jdbc:postgresql://localhost:5432/YOUR_DATABASE_NAME
+ username: ohdsi_app_user
+execution:
+ invalidation:
+ period: 600000
+ maxage:
+ hours: 12
+ status:
+ period: 10000
+executionengine:
+ resultCallback:
+ resultExclusions: ""
+ token: Basic YWRtaW5Ab2R5c3NldXNpbmMuY29tOnBhc3N3b3Jk
+ updateStatusCallback: "http://localhost:8080/WebAPI/executionservice/callbacks/submission/{id}/status/update/{password}"
+ url: https://localhost:8888/api/v1/analyze
+
+heracles:
+ smallcellcount: 5
+i18n:
+ defaultLocale: en
+ enabled: true
+jasypt:
+ encryptor:
+ algorithm: PBEWithMD5AndDES
+ enabled: false
+ password: ""
+jdbc:
+ suppressInvalidApiException: true
+jersey:
+ config:
+ server:
+ wadl:
+ disableWadl: true
+ resources:
+ root:
+ package: org.ohdsi.webapi
+kerberos:
+ configPath: /etc/krb5.conf
+ kinitPath: ""
+ timeout: 60
+logging:
+ level:
+ org:
+ apache:
+ shiro: warn
+ hibernate: info
+ ohdsi: info
+ springframework:
+ jdbc: info
+ orm: info
+ web: info
+ root: info
+organization:
+ name: OHDSI
+person:
+ viewDates: false
+r:
+ serviceHost: ${r.serviceHost}
+security:
+ auth:
+ ad: # Active Directory Settings
+ enabled: false
+ default:
+ import:
+ group: public
+ ignore:
+ partial:
+ result:
+ exception: true
+ principalSuffix: "@example.org"
+ result:
+ count:
+ limit: 30000
+ searchBase: CN=Users,DC=example,DC=org
+ searchFilter: (&(objectClass=person)(cn=%s))
+ searchString: (&(objectClass=person)(userPrincipalName=%s))
+ system:
+ password: ""
+ username: ""
+ url: ""
+ userImport:
+ loginAttr: sAMAccountName
+ usernameAttr: cn
+ userMapping:
+ displaynameAttr: displayname
+ firstnameAttr: givenname
+ lastnameAttr: sn
+ middlenameAttr: initials
+ usernameAttr: cn
+
+ cas: # Central Authentication Security (CAS)
+ enabled: false
+ callbackUrl: ""
+ cassvcs: ""
+ casticket: casticket
+ loginUrl: ""
+ serverUrl: ""
+
+ google: # TODO: Need documentation on authentication via google token.
+ accessToken:
+ enabled: false
+
+ googleIap: # Google Cloud Identity-Aware Proxy (IAP)
+ enabled: false
+ backendServiceId: ""
+ cloudProjectId: ""
+
+ jdbc: # Java Database Connectivity (JDBC) Authentication
+ enabled: false
+ datasource:
+ authenticationQuery: select password from ${security.auth.jdbc.datasource.schema}.your_schema.users where lower(email) = lower(?)
+ driverClassName: org.postgresql.Driver
+ password: app1dbsecurity_pass
+ schema: your_schema
+ url: jdbc:postgresql://localhost:5436/SECURITY_DB
+ username: dbsecurity_user
+
+ kerberos: # Kerberos
+ enabled: false
+ keytabPath: ""
+ spn: ""
+
+ ldap: # Lightweight Directory Access (LDAP)
+ enabled: false
+ baseDn: ""
+ dn: cn={0},dc=example,dc=org
+ searchBase: CN=Users,DC=example,DC=org
+ searchString: (&(objectClass=person)(CN={0}))
+ system:
+ password: ""
+ username: ""
+ url: ldap://localhost:389
+ userImport:
+ loginAttr: uid
+ usernameAttr: cn
+ userMapping:
+ displaynameAttr: displayName
+ firstnameAttr: givenName
+ lastnameAttr: sn
+ middlenameAttr: initials
+ usernameAttr: cn
+
+ oauth: # OAuth
+ callback:
+ api: http://localhost:8080/WebAPI/user/oauth/callback
+ ui: http://localhost/Atlas/#/welcome
+ urlResolver: query
+ facebook:
+ enabled: false
+ apiKey: ""
+ apiSecret: ""
+ github:
+ enabled: false
+ apiKey: ""
+ apiSecret: ""
+ google:
+ enabled: false
+ apiKey: ""
+ apiSecret: ""
+
+ openId: # OpenID
+ enabled: false
+ apiSecret: ""
+ clientId: ""
+ customParams: "{:}"
+ extraScopes: ""
+ logoutUrl: ""
+ redirectUrl: http://localhost/index.html#/welcome/
+ url: ""
+
+ saml: # SAML (Security Assertion Markup Language)
+ enabled: false
+ callbackUrl: ""
+ entityId: ""
+ idpMetadataLocation: ""
+ keyManager:
+ defaultKey: ""
+ keyStoreFile: ""
+ passwords:
+ arachnenetwork: ""
+ storePassword: ""
+ maximumAuthenticationLifetime: 60
+ metadataLocation: ""
+ sloUrl: ""
+
+ windows:
+ enabled: true
+
+ cors: # Cross origin requests
+ enabled: true
+
+ # If defaultGlobalReadPermissions is set to true (default), then all users can see every artifact.
+ # If it is set to false, WebAPI will filter out the artifacts that a user does not explicitly have read permissions to
+ defaultGlobalReadPermissions: true
+
+ duration:
+ increment: 10
+ initial: 10
+
+ maxLoginAttempts: 3
+ origin: http://localhost
+ provider: DisabledSecurity
+
+ ssl:
+ enabled: false
+ token:
+ expiration: 360000
+
+# Sensitive Info settings
+sensitiveinfo:
+ admin:
+ role: admin
+ analysis:
+ # Use "-" for files without extension, "*" for all files, extension must not include a leading dot. Use comma to separate values.
+ # In case of "*" other values will be ignored
+ extensions: txt
+ moderator:
+ role: Moderator
+
+# EMBEDDED SERVER CONFIGURATION (ServerProperties)
+server:
+ context-path: /WebAPI
+ port: 8080
+ ssl:
+ enabled: false
+ key-password: ""
+ key-store: ""
+ key-store-password: ""
+solr:
+ endpoint: ${solr.endpoint}
+ query:
+ prefix: ${solr.query.prefix}
+source:
+ name: CDM_NAME
+sparql:
+ endpoint: http://virtuoso.ohdsi.org:8890/sparql?default-graph-uri=&query=
+spring:
+ autoconfigure:
+ exclude: org.springframework.boot.autoconfigure.ldap.LdapAutoConfiguration
+ batch:
+ initializer:
+ enabled: false
+ job:
+ enabled: false
+ repository:
+ isolationLevelForCreate: ISOLATION_READ_COMMITTED
+ tableprefix: ${datasource.ohdsi.schema}.BATCH_
+ taskExecutor:
+ corePoolSize: 10
+ maxPoolSize: 20
+ queueCapacity: 2147483647
+ threadGroupName: ""
+ threadNamePrefix: ""
+ cache:
+ jcache:
+ config: classpath:appCache.xml
+ type: jcache
+ datasource:
+ hikari:
+ connection-test-query: SELECT 1
+ connection-test-query-timeout: 2000
+ connection-timeout: 5000
+ maximum-pool-size: 5
+ mbean-name: authDataSource
+ minimum-idle: 1
+ register-mbeans: true
+ initialize: false
+ flyway:
+ baseline-on-migrate: true
+ driver-class-name: ${datasource.driverClassName}
+ enabled: true
+ fail-on-missing-locations: true
+ locations: classpath:db/migration/postgresql
+ out-of-order: false
+ password: admin1
+ placeholders:
+ ohdsiSchema: ${datasource.ohdsi.schema}
+ schemas: ${datasource.ohdsi.schema}
+ table: schema_version
+ url: ${datasource.url}
+ user: ohdsi_admin_user
+ validate-on-migrate: false
+ jackson:
+ serialization:
+ write-dates-as-timestamps: true
+ jpa:
+ properties:
+ hibernate:
+ default_schema: ${datasource.ohdsi.schema}
+ generate_statistics: false
+ jdbc:
+ batch_size: 200
+ order_inserts: true
+ show-sql: false
+ profiles:
+ active: default
+tag:
+ enabled: true
+ refreshStat:
+ period: 600000
+trexsql:
+ cache-path: ./data/cache
+ enabled: false
+ extensions-path: ""
+versioning:
+ maxAttempt: 10
diff --git a/src/test/java/org/ohdsi/webapi/test/ITStarter.java b/src/test/java/org/ohdsi/webapi/test/ITStarter.java
index 94e17a5e8c..a24451d910 100644
--- a/src/test/java/org/ohdsi/webapi/test/ITStarter.java
+++ b/src/test/java/org/ohdsi/webapi/test/ITStarter.java
@@ -39,10 +39,10 @@ public static void before() throws IOException {
String jdbcUrl = pg.getPostgresDatabase().getConnection().getMetaData().getURL();
System.setProperty("datasource.url", jdbcUrl);
System.setProperty("spring.flyway.url", jdbcUrl);
- System.setProperty("security.db.datasource.url", jdbcUrl);
- System.setProperty("security.db.datasource.username", "postgres");
- System.setProperty("security.db.datasource.password", "postgres");
- System.setProperty("security.db.datasource.schema", "public");
+ System.setProperty("security.auth.jdbc.datasource.url", jdbcUrl);
+ System.setProperty("security.auth.jdbc.datasource.username", "postgres");
+ System.setProperty("security.auth.jdbc.datasource.password", "postgres");
+ System.setProperty("security.auth.jdbc.datasource.schema", "public");
} catch (SQLException e) {
throw new RuntimeException(e);
}
diff --git a/src/test/resources/application-test.properties b/src/test/resources/application-test.properties
index 77c4a365a4..50529fafb1 100644
--- a/src/test/resources/application-test.properties
+++ b/src/test/resources/application-test.properties
@@ -1,5 +1,5 @@
baseUri=http://localhost:${local.server.port}${server.context-path}
-security.db.datasource.url=http://localhost:${datasource.url}/arachne_portal_enterprise
+security.auth.jdbc.datasource.url=http://localhost:${datasource.url}/arachne_portal_enterprise
vocabularyservice.endpoint=${baseUri}/vocabulary
cdmResultsService.endpoint=${baseUri}/cdmresults
#GET vocabularies