139 lines
6.5 KiB
Properties
139 lines
6.5 KiB
Properties
# Configuration Lions User Manager Client
|
|
quarkus.application.name=lions-user-manager-client
|
|
quarkus.application.version=1.0.0
|
|
|
|
# Configuration HTTP
|
|
quarkus.http.port=8080
|
|
quarkus.http.host=0.0.0.0
|
|
quarkus.http.root-path=/
|
|
quarkus.http.so-reuse-port=true
|
|
|
|
# Configuration Session HTTP
|
|
quarkus.http.session-timeout=60m
|
|
quarkus.http.session-cookie-same-site=lax
|
|
quarkus.http.session-cookie-http-only=true
|
|
quarkus.http.session-cookie-secure=false
|
|
|
|
# Configuration logging
|
|
quarkus.log.console.enable=true
|
|
quarkus.log.console.level=INFO
|
|
quarkus.log.console.format=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{2.}] (%t) %s%e%n
|
|
quarkus.log.category."dev.lions.user.manager".level=DEBUG
|
|
|
|
# MyFaces Configuration
|
|
quarkus.myfaces.project-stage=Development
|
|
quarkus.myfaces.state-saving-method=server
|
|
quarkus.myfaces.number-of-views-in-session=50
|
|
quarkus.myfaces.number-of-sequential-views-in-session=10
|
|
quarkus.myfaces.serialize-state-in-session=false
|
|
quarkus.myfaces.client-view-state-timeout=3600000
|
|
quarkus.myfaces.view-expired-exception-handler-redirect-page=/
|
|
quarkus.myfaces.check-id-production-mode=false
|
|
quarkus.myfaces.strict-xhtml-links=false
|
|
quarkus.myfaces.refresh-transient-build-on-pss=true
|
|
quarkus.myfaces.resource-max-time-expires=604800000
|
|
quarkus.myfaces.resource-buffer-size=2048
|
|
|
|
# PrimeFaces Configuration
|
|
primefaces.THEME=freya
|
|
primefaces.FONT_AWESOME=true
|
|
primefaces.CLIENT_SIDE_VALIDATION=true
|
|
primefaces.MOVE_SCRIPTS_TO_BOTTOM=true
|
|
primefaces.CSP=false
|
|
primefaces.UPLOADER=commons
|
|
primefaces.AUTO_UPDATE=false
|
|
primefaces.CACHE_PROVIDER=org.primefaces.cache.DefaultCacheProvider
|
|
|
|
# Configuration Backend Lions User Manager
|
|
lions.user.manager.backend.url=${LIONS_USER_MANAGER_BACKEND_URL:http://localhost:8081}
|
|
|
|
# Configuration REST Client
|
|
quarkus.rest-client."lions-user-manager-api".url=${lions.user.manager.backend.url}
|
|
quarkus.rest-client."lions-user-manager-api".scope=jakarta.inject.Singleton
|
|
quarkus.rest-client."lions-user-manager-api".connect-timeout=5000
|
|
quarkus.rest-client."lions-user-manager-api".read-timeout=30000
|
|
# Propager le token OIDC au backend pour l'authentification
|
|
quarkus.rest-client."lions-user-manager-api".bearer-token-propagation=true
|
|
|
|
# Configuration OIDC - Extraction des rôles
|
|
# Le scope "roles" de Keycloak crée realm_access.roles dans l'access_token
|
|
# IMPORTANT: Les rôles sont dans l'access_token, PAS dans l'id_token
|
|
# Syntaxe Quarkus: utiliser un slash pour les chemins imbriqués
|
|
quarkus.oidc.roles.role-claim-path=realm_access/roles
|
|
# Source des rôles: access token (car id_token ne contient pas realm_access)
|
|
quarkus.oidc.roles.source=accesstoken
|
|
|
|
# ============================================
|
|
# OIDC Configuration - Base (All Environments)
|
|
# ============================================
|
|
quarkus.oidc.enabled=true
|
|
quarkus.oidc.application-type=web-app
|
|
quarkus.oidc.authentication.redirect-path=/auth/callback
|
|
quarkus.oidc.authentication.restore-path-after-redirect=true
|
|
quarkus.oidc.authentication.scopes=openid,profile,email,roles
|
|
quarkus.oidc.authentication.cookie-same-site=lax
|
|
quarkus.oidc.authentication.java-script-auto-redirect=false
|
|
quarkus.oidc.discovery-enabled=true
|
|
quarkus.oidc.verify-access-token=true
|
|
quarkus.security.auth.enabled=true
|
|
|
|
# ============================================
|
|
# OIDC Configuration - DEV Profile
|
|
# ============================================
|
|
%dev.quarkus.oidc.auth-server-url=http://localhost:8180/realms/lions-user-manager
|
|
%dev.quarkus.oidc.client-id=lions-user-manager-client
|
|
%dev.quarkus.oidc.credentials.secret=NTuaQpk5E6qiMqAWTFrCOcIkOABzZzKO
|
|
%dev.quarkus.oidc.token.issuer=http://localhost:8180/realms/lions-user-manager
|
|
%dev.quarkus.oidc.tls.verification=none
|
|
%dev.quarkus.oidc.authentication.pkce-required=true
|
|
# State Secret pour PKCE (OBLIGATOIRE quand pkce-required=true)
|
|
# Ce secret est utilisé pour encrypter le PKCE code verifier dans le state cookie
|
|
# Minimum 16 caractères requis, recommandé 32 caractères
|
|
# IMPORTANT: Ne PAS définir pkce-secret quand state-secret est défini (conflit Quarkus)
|
|
%dev.quarkus.oidc.authentication.state-secret=NTuaQpk5E6qiMqAWTFrCOcIkOABzZzKO
|
|
# Secret de chiffrement pour le token state manager (minimum 16 caractères requis)
|
|
# Cette clé est utilisée pour chiffrer les cookies d'état OIDC
|
|
# Valeur: 64 caractères (secret Keycloak dupliqué pour garantir la longueur)
|
|
%dev.quarkus.oidc.token-state-manager.encryption-secret=NTuaQpk5E6qiMqAWTFrCOcIkOABzZzKO
|
|
|
|
# ============================================
|
|
# OIDC Configuration - PROD Profile
|
|
# ============================================
|
|
%prod.quarkus.oidc.auth-server-url=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/master}
|
|
%prod.quarkus.oidc.client-id=${KEYCLOAK_CLIENT_ID:lions-user-manager-client}
|
|
%prod.quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET}
|
|
%prod.quarkus.oidc.token.issuer=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/master}
|
|
%prod.quarkus.oidc.tls.verification=required
|
|
%prod.quarkus.oidc.authentication.cookie-same-site=strict
|
|
%prod.quarkus.oidc.authentication.pkce-required=false
|
|
# Secret production via variable d'environnement (32 caractères requis)
|
|
%prod.quarkus.oidc.token-state-manager.encryption-secret=${OIDC_ENCRYPTION_SECRET}
|
|
|
|
# Chemins publics (non protégés par OIDC)
|
|
# Note: Les pages JSF sont servies via /pages/*.xhtml
|
|
quarkus.http.auth.permission.public.paths=/,/index.xhtml,/index,/pages/public/*,/auth/*,/q/*,/q/oidc/*,/favicon.ico,/resources/*,/META-INF/resources/*,/images/*,/jakarta.faces.resource/*,/javax.faces.resource/*
|
|
quarkus.http.auth.permission.public.policy=permit
|
|
|
|
# Chemins protégés (requièrent authentification) - Désactivé en dev
|
|
quarkus.http.auth.permission.authenticated.paths=/pages/user-manager/*
|
|
quarkus.http.auth.permission.authenticated.policy=authenticated
|
|
|
|
# DEV: Chemins publics élargis pour faciliter le développement
|
|
%dev.quarkus.http.auth.permission.public.paths=/,/index.xhtml,/index,/pages/public/*,/auth/*,/q/*,/q/oidc/*,/favicon.ico,/resources/*,/META-INF/resources/*,/images/*,/jakarta.faces.resource/*,/javax.faces.resource/*
|
|
|
|
# CORS (si nécessaire pour développement)
|
|
quarkus.http.cors=true
|
|
quarkus.http.cors.origins=${CORS_ORIGINS:http://localhost:8080,http://localhost:8081}
|
|
quarkus.http.cors.methods=GET,POST,PUT,DELETE,OPTIONS
|
|
quarkus.http.cors.headers=Accept,Authorization,Content-Type,X-Requested-With
|
|
|
|
# Health Checks
|
|
quarkus.smallrye-health.root-path=/health
|
|
quarkus.smallrye-health.liveness-path=/health/live
|
|
quarkus.smallrye-health.readiness-path=/health/ready
|
|
|
|
# Metrics (optionnel)
|
|
quarkus.micrometer.export.prometheus.enabled=true
|
|
quarkus.micrometer.export.prometheus.path=/metrics
|
|
|