lionsdev/lions-user-manager-server-impl-quarkus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix Keycloak configuration: use lions-user-manager realm and add CORS for users.lions.dev

Browse Source
This commit is contained in:
dahoud
2026-01-04 14:21:18 +00:00
parent e05eae08fe
commit 0bb0198f53
1 changed files with 88 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

168
src/main/resources/application-prod.properties
View File

@@ -1,113 +1,121 @@
# ============================================================================ # ============================================================================
# Lions User Manager - Server Implementation Configuration - PRODUCTION # Lions User Manager Server - Configuration Production
# ============================================================================
# Ce fichier contient TOUTES les propriétés spécifiques à la production
# Il surcharge et complète application.properties
# ============================================================================ # ============================================================================
# HTTP Configuration # ============================================
quarkus.http.port=8081 # HTTP Configuration PROD
quarkus.http.host=0.0.0.0 # ============================================
quarkus.http.cors=true quarkus.http.port=8080
quarkus.http.cors.origins=https://btpxpress.lions.dev,https://admin.lions.dev
quarkus.http.cors.methods=GET,POST,PUT,DELETE,PATCH,OPTIONS
quarkus.http.cors.headers=*
# Keycloak OIDC Configuration (PROD) # CORS restrictif en production (via variable d'environnement)
quarkus.oidc.auth-server-url=https://security.lions.dev/realms/master quarkus.http.cors.origins=${CORS_ORIGINS:https://users.lions.dev,https://btpxpress.lions.dev,https://admin.lions.dev}
quarkus.oidc.client-id=lions-user-manager
quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET} # ============================================
# Logging PROD (moins verbeux)
# ============================================
quarkus.log.level=INFO
quarkus.log.category."dev.lions.user.manager".level=INFO
quarkus.log.category."org.keycloak".level=WARN
quarkus.log.console.format=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n
# File Logging pour Audit (PROD)
quarkus.log.file.path=/var/log/lions/lions-user-manager.log
quarkus.log.file.rotation.max-file-size=50M
quarkus.log.file.rotation.max-backup-index=30
quarkus.log.file.rotation.rotate-on-boot=false
# ============================================
# OIDC Configuration PROD - OBLIGATOIRE ET ACTIF
# ============================================
quarkus.oidc.enabled=true
quarkus.oidc.auth-server-url=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/lions-user-manager}
quarkus.oidc.client-id=${KEYCLOAK_CLIENT_ID:lions-user-manager-server}
# Client bearer-only - pas de secret nécessaire
# quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET}
quarkus.oidc.token.issuer=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/lions-user-manager}
# Vérification TLS requise en production
quarkus.oidc.tls.verification=required quarkus.oidc.tls.verification=required
quarkus.oidc.application-type=service
# Keycloak Admin Client Configuration (PROD) # Vérification stricte des tokens
lions.keycloak.server-url=https://security.lions.dev quarkus.oidc.discovery-enabled=true
lions.keycloak.admin-realm=master quarkus.oidc.verify-access-token=true
# Extraction des rôles
quarkus.oidc.roles.role-claim-path=realm_access/roles
# ============================================
# Keycloak Admin Client Configuration PROD
# ============================================
lions.keycloak.server-url=${KEYCLOAK_SERVER_URL:https://security.lions.dev}
lions.keycloak.admin-realm=${KEYCLOAK_ADMIN_REALM:master}
lions.keycloak.admin-client-id=admin-cli lions.keycloak.admin-client-id=admin-cli
lions.keycloak.admin-username=${KEYCLOAK_ADMIN_USERNAME} lions.keycloak.admin-username=${KEYCLOAK_ADMIN_USERNAME:admin}
lions.keycloak.admin-password=${KEYCLOAK_ADMIN_PASSWORD} lions.keycloak.admin-password=${KEYCLOAK_ADMIN_PASSWORD:KeycloakAdmin2025!}
# Pool de connexions augmenté en production
lions.keycloak.connection-pool-size=20 lions.keycloak.connection-pool-size=20
lions.keycloak.timeout-seconds=60 lions.keycloak.timeout-seconds=60
# Realms autorisés (PROD) # Realms autorisés en production (via variable d'environnement)
lions.keycloak.authorized-realms=btpxpress,lions-realm lions.keycloak.authorized-realms=${KEYCLOAK_AUTHORIZED_REALMS:lions-user-manager,btpxpress,master,unionflow}
# Circuit Breaker Configuration (PROD - strict) # ============================================
quarkus.smallrye-fault-tolerance.enabled=true # Retry Configuration PROD
# ============================================
# Retry Configuration (PROD)
lions.keycloak.retry.max-attempts=5 lions.keycloak.retry.max-attempts=5
lions.keycloak.retry.delay-seconds=3 lions.keycloak.retry.delay-seconds=3
# Audit Configuration (PROD) # ============================================
lions.audit.enabled=true # Audit Configuration PROD
lions.audit.log-to-database=true # ============================================
lions.audit.log-to-file=true
lions.audit.retention-days=365 lions.audit.retention-days=365
lions.audit.log-to-database=true
# Database Configuration (PROD - obligatoire pour audit) # ============================================
# Database Configuration PROD (pour audit)
# ============================================
quarkus.datasource.db-kind=postgresql quarkus.datasource.db-kind=postgresql
quarkus.datasource.username=${DB_USERNAME:audit_user} quarkus.datasource.username=${DB_USERNAME:audit_user}
quarkus.datasource.password=${DB_PASSWORD} quarkus.datasource.password=${DB_PASSWORD}
quarkus.datasource.jdbc.url=jdbc:postgresql://${DB_HOST:lions-db.lions.svc.cluster.local}:${DB_PORT:5432}/${DB_NAME:lions_audit} quarkus.datasource.jdbc.url=jdbc:postgresql://${DB_HOST:lions-db.lions.svc.cluster.local}:${DB_PORT:5432}/${DB_NAME:lions_audit}
quarkus.datasource.jdbc.max-size=20 quarkus.datasource.jdbc.max-size=20
quarkus.datasource.jdbc.min-size=5 quarkus.datasource.jdbc.min-size=5
quarkus.hibernate-orm.enabled=true
quarkus.hibernate-orm.database.generation=none quarkus.hibernate-orm.database.generation=none
quarkus.flyway.migrate-at-start=true quarkus.flyway.migrate-at-start=true
quarkus.flyway.baseline-on-migrate=true quarkus.flyway.baseline-on-migrate=true
quarkus.flyway.baseline-version=1.0.0 quarkus.flyway.baseline-version=1.0.0
# Logging Configuration (PROD) # ============================================
quarkus.log.level=INFO # OpenAPI/Swagger Configuration PROD
quarkus.log.category."dev.lions.user.manager".level=INFO # ============================================
quarkus.log.category."org.keycloak".level=WARN # Swagger désactivé en production par défaut
quarkus.log.category."io.quarkus".level=WARN
quarkus.log.console.enable=true
quarkus.log.console.format=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n
quarkus.log.console.json=true
# File Logging pour Audit (PROD)
quarkus.log.file.enable=true
quarkus.log.file.path=/var/log/lions/lions-user-manager.log
quarkus.log.file.rotation.max-file-size=50M
quarkus.log.file.rotation.max-backup-index=30
quarkus.log.file.rotation.rotate-on-boot=false
# OpenAPI/Swagger Configuration (PROD - désactivé par défaut)
quarkus.swagger-ui.always-include=false quarkus.swagger-ui.always-include=false
quarkus.swagger-ui.path=/swagger-ui
quarkus.swagger-ui.enable=false quarkus.swagger-ui.enable=false
# Dev Services (désactivé en PROD) # ============================================
quarkus.devservices.enabled=false # Security Configuration PROD (strict)
# ============================================
# Security Configuration (PROD - strict) quarkus.security.auth.enabled=true
quarkus.security.jaxrs.deny-unannotated-endpoints=true quarkus.security.jaxrs.deny-unannotated-endpoints=true
quarkus.security.auth.proactive=true
# Health Check Configuration (PROD) # ============================================
quarkus.smallrye-health.root-path=/health # Performance tuning PROD
quarkus.smallrye-health.liveness-path=/health/live # ============================================
quarkus.smallrye-health.readiness-path=/health/ready quarkus.thread-pool.core-threads=4
quarkus.thread-pool.max-threads=32
quarkus.thread-pool.queue-size=200
# Metrics Configuration (PROD) # ============================================
quarkus.micrometer.enabled=true # SSL/TLS Configuration PROD (optionnel)
quarkus.micrometer.export.prometheus.enabled=true # ============================================
quarkus.micrometer.export.prometheus.path=/metrics # Décommenter si le serveur gère le SSL directement (sinon géré par Ingress/Load Balancer)
# quarkus.http.ssl.certificate.key-store-file=${SSL_KEYSTORE_FILE:/etc/ssl/keystore.p12}
# Jackson Configuration (PROD) # quarkus.http.ssl.certificate.key-store-password=${SSL_KEYSTORE_PASSWORD}
quarkus.jackson.fail-on-unknown-properties=false # quarkus.http.ssl.certificate.key-store-file-type=PKCS12
quarkus.jackson.write-dates-as-timestamps=false
quarkus.jackson.serialization-inclusion=non_null
# Performance tuning (PROD)
quarkus.thread-pool.core-threads=2
quarkus.thread-pool.max-threads=16
quarkus.thread-pool.queue-size=100
# SSL/TLS Configuration (PROD)
quarkus.http.ssl.certificate.key-store-file=${SSL_KEYSTORE_FILE:/etc/ssl/keystore.p12}
quarkus.http.ssl.certificate.key-store-password=${SSL_KEYSTORE_PASSWORD}
quarkus.http.ssl.certificate.key-store-file-type=PKCS12
# Monitoring & Observability
quarkus.log.handler.gelf.enabled=false
quarkus.log.handler.gelf.host=${GRAYLOG_HOST:logs.lions.dev}
quarkus.log.handler.gelf.port=${GRAYLOG_PORT:12201}