btpxpress-frontend/target/classes/application.properties

quarkus.application.name=BTP Xpress Client
quarkus.application.version=1.0.0

primefaces.THEME=freya-purple-light
primefaces.FONT_AWESOME=true
primefaces.UPLOADER=auto
primefaces.MOVE_SCRIPTS_TO_BOTTOM=true
primefaces.CLIENT_SIDE_VALIDATION=true

jakarta.faces.PROJECT_STAGE=Development
jakarta.faces.STATE_SAVING_METHOD=server
jakarta.faces.DATETIMECONVERTER_DEFAULT_TIMEZONE_IS_SYSTEM_TIMEZONE=true
jakarta.faces.PARTIAL_STATE_SAVING=true
jakarta.faces.VALIDATE_EMPTY_FIELDS=auto

quarkus.arc.remove-unused-beans=false

quarkus.http.port=8081
quarkus.http.cors=true
quarkus.http.cors.origins=http://localhost:8080,https://security.lions.dev

%dev.quarkus.oidc.enabled=true
%prod.quarkus.oidc.enabled=true
quarkus.oidc.auth-server-url=https://security.lions.dev/realms/btpxpress
quarkus.oidc.client-id=btpxpress-frontend
quarkus.oidc.application-type=web-app
quarkus.oidc.tls.verification=required

# Client confidential avec secret
quarkus.oidc.credentials.secret=0Ph4e31lQQuonodmLQG3JycehbFL1Hei

# PKCE activé (requis par Keycloak)
quarkus.oidc.authentication.pkce-required=true
# Laisser Quarkus auto-générer le secret PKCE (ne pas définir pkce-secret ni state-secret)

# Redirection après authentification
quarkus.oidc.authentication.redirect-path=/dashboard.xhtml
quarkus.oidc.authentication.restore-path-after-redirect=true
quarkus.oidc.authentication.cookie-path=/
quarkus.oidc.authentication.session-age-extension=PT30M
quarkus.oidc.authentication.java-script-auto-redirect=false
quarkus.oidc.authentication.force-redirect-https-scheme=false

# Token et découverte
quarkus.oidc.token.issuer=https://security.lions.dev/realms/btpxpress
quarkus.oidc.discovery-enabled=true

# Logout
quarkus.oidc.logout.path=/logout
quarkus.oidc.logout.post-logout-path=/index.xhtml

quarkus.oidc.token-state-manager.split-tokens=true
quarkus.oidc.token-state-manager.strategy=id-refresh-tokens
quarkus.oidc.token-state-manager.encryption-secret=btpxpress-secure-cookie-encryption-key-32chars-2025
quarkus.oidc.token-state-manager.encryption-required=false
quarkus.oidc.token-state-manager.cookie-max-size=8192

quarkus.http.max-headers-size=128K
quarkus.http.max-request-body-size=10M
quarkus.http.max-parameters=1000
quarkus.http.max-parameter-size=2048

quarkus.vertx.max-headers-size=128K
vertx.http.maxHeaderSize=131072

quarkus.security.users.embedded.enabled=false
quarkus.http.auth.proactive=false
quarkus.security.deny-unannotated-endpoints=false

quarkus.log.level=INFO
quarkus.log.category."dev.lions.btpxpress".level=DEBUG
quarkus.log.category."io.quarkus.oidc".level=DEBUG
quarkus.log.category."io.quarkus.security".level=DEBUG
quarkus.log.console.enable=true
quarkus.log.console.format=%d{HH:mm:ss} %-5p [%c{2.}] (%t) %s%e%n

btpxpress.api.base-url=http://localhost:8080
btpxpress.api.timeout=30000

quarkus.rest-client."dev.lions.btpxpress.service.BtpXpressApiClient".url=${btpxpress.api.base-url}
quarkus.rest-client."dev.lions.btpxpress.service.BtpXpressApiClient".scope=jakarta.inject.Singleton

quarkus.locale=fr_FR

# Ressources publiques (ordre important - du plus spécifique au plus général)
# 1. Ressources statiques JSF et layout
quarkus.http.auth.permission.static.paths=/resources/*,/jakarta.faces.resource/*,/layout/*,/demo/*,/theme/*
quarkus.http.auth.permission.static.policy=permit

# 2. Pages d'erreur seulement (pas d'index ni login)
quarkus.http.auth.permission.public-pages.paths=/error.xhtml,/access-denied.xhtml
quarkus.http.auth.permission.public-pages.policy=permit

# 3. Toutes les autres pages nécessitent une authentification (y compris / et /index.xhtml)
quarkus.http.auth.permission.authenticated.paths=/*
quarkus.http.auth.permission.authenticated.policy=authenticated