c89377d12f
Module d'implémentation serveur pour lions-user-manager Contenu: - KeycloakAdminClient avec résilience (Circuit Breaker, Retry, Timeout) - UserServiceImpl (25+ méthodes) - RoleServiceImpl (20+ méthodes) - AuditServiceImpl (logging et statistiques) - UserResource, RoleResource (REST API) - Mappers (User, Role) - Health checks - Configurations dev/prod séparées Statut: 🔄 80% complété 🤖 Generated with Claude Code Co-Authored-By: Claude <noreply@anthropic.com>
114 lines
4.1 KiB
Properties
114 lines
4.1 KiB
Properties
# ============================================================================
|
|
# Lions User Manager - Server Implementation Configuration - PRODUCTION
|
|
# ============================================================================
|
|
|
|
# HTTP Configuration
|
|
quarkus.http.port=8081
|
|
quarkus.http.host=0.0.0.0
|
|
quarkus.http.cors=true
|
|
quarkus.http.cors.origins=https://btpxpress.lions.dev,https://admin.lions.dev
|
|
quarkus.http.cors.methods=GET,POST,PUT,DELETE,PATCH,OPTIONS
|
|
quarkus.http.cors.headers=*
|
|
|
|
# Keycloak OIDC Configuration (PROD)
|
|
quarkus.oidc.auth-server-url=https://security.lions.dev/realms/master
|
|
quarkus.oidc.client-id=lions-user-manager
|
|
quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET}
|
|
quarkus.oidc.tls.verification=required
|
|
quarkus.oidc.application-type=service
|
|
|
|
# Keycloak Admin Client Configuration (PROD)
|
|
lions.keycloak.server-url=https://security.lions.dev
|
|
lions.keycloak.admin-realm=master
|
|
lions.keycloak.admin-client-id=admin-cli
|
|
lions.keycloak.admin-username=${KEYCLOAK_ADMIN_USERNAME}
|
|
lions.keycloak.admin-password=${KEYCLOAK_ADMIN_PASSWORD}
|
|
lions.keycloak.connection-pool-size=20
|
|
lions.keycloak.timeout-seconds=60
|
|
|
|
# Realms autorisés (PROD)
|
|
lions.keycloak.authorized-realms=btpxpress,lions-realm
|
|
|
|
# Circuit Breaker Configuration (PROD - strict)
|
|
quarkus.smallrye-fault-tolerance.enabled=true
|
|
|
|
# Retry Configuration (PROD)
|
|
lions.keycloak.retry.max-attempts=5
|
|
lions.keycloak.retry.delay-seconds=3
|
|
|
|
# Audit Configuration (PROD)
|
|
lions.audit.enabled=true
|
|
lions.audit.log-to-database=true
|
|
lions.audit.log-to-file=true
|
|
lions.audit.retention-days=365
|
|
|
|
# Database Configuration (PROD - obligatoire pour audit)
|
|
quarkus.datasource.db-kind=postgresql
|
|
quarkus.datasource.username=${DB_USERNAME:audit_user}
|
|
quarkus.datasource.password=${DB_PASSWORD}
|
|
quarkus.datasource.jdbc.url=jdbc:postgresql://${DB_HOST:lions-db.lions.svc.cluster.local}:${DB_PORT:5432}/${DB_NAME:lions_audit}
|
|
quarkus.datasource.jdbc.max-size=20
|
|
quarkus.datasource.jdbc.min-size=5
|
|
quarkus.hibernate-orm.database.generation=none
|
|
quarkus.flyway.migrate-at-start=true
|
|
quarkus.flyway.baseline-on-migrate=true
|
|
quarkus.flyway.baseline-version=1.0.0
|
|
|
|
# Logging Configuration (PROD)
|
|
quarkus.log.level=INFO
|
|
quarkus.log.category."dev.lions.user.manager".level=INFO
|
|
quarkus.log.category."org.keycloak".level=WARN
|
|
quarkus.log.category."io.quarkus".level=WARN
|
|
|
|
quarkus.log.console.enable=true
|
|
quarkus.log.console.format=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n
|
|
quarkus.log.console.json=true
|
|
|
|
# File Logging pour Audit (PROD)
|
|
quarkus.log.file.enable=true
|
|
quarkus.log.file.path=/var/log/lions/lions-user-manager.log
|
|
quarkus.log.file.rotation.max-file-size=50M
|
|
quarkus.log.file.rotation.max-backup-index=30
|
|
quarkus.log.file.rotation.rotate-on-boot=false
|
|
|
|
# OpenAPI/Swagger Configuration (PROD - désactivé par défaut)
|
|
quarkus.swagger-ui.always-include=false
|
|
quarkus.swagger-ui.path=/swagger-ui
|
|
quarkus.swagger-ui.enable=false
|
|
|
|
# Dev Services (désactivé en PROD)
|
|
quarkus.devservices.enabled=false
|
|
|
|
# Security Configuration (PROD - strict)
|
|
quarkus.security.jaxrs.deny-unannotated-endpoints=true
|
|
|
|
# Health Check Configuration (PROD)
|
|
quarkus.smallrye-health.root-path=/health
|
|
quarkus.smallrye-health.liveness-path=/health/live
|
|
quarkus.smallrye-health.readiness-path=/health/ready
|
|
|
|
# Metrics Configuration (PROD)
|
|
quarkus.micrometer.enabled=true
|
|
quarkus.micrometer.export.prometheus.enabled=true
|
|
quarkus.micrometer.export.prometheus.path=/metrics
|
|
|
|
# Jackson Configuration (PROD)
|
|
quarkus.jackson.fail-on-unknown-properties=false
|
|
quarkus.jackson.write-dates-as-timestamps=false
|
|
quarkus.jackson.serialization-inclusion=non_null
|
|
|
|
# Performance tuning (PROD)
|
|
quarkus.thread-pool.core-threads=2
|
|
quarkus.thread-pool.max-threads=16
|
|
quarkus.thread-pool.queue-size=100
|
|
|
|
# SSL/TLS Configuration (PROD)
|
|
quarkus.http.ssl.certificate.key-store-file=${SSL_KEYSTORE_FILE:/etc/ssl/keystore.p12}
|
|
quarkus.http.ssl.certificate.key-store-password=${SSL_KEYSTORE_PASSWORD}
|
|
quarkus.http.ssl.certificate.key-store-file-type=PKCS12
|
|
|
|
# Monitoring & Observability
|
|
quarkus.log.handler.gelf.enabled=false
|
|
quarkus.log.handler.gelf.host=${GRAYLOG_HOST:logs.lions.dev}
|
|
quarkus.log.handler.gelf.port=${GRAYLOG_PORT:12201}
|