Security yfs.properties
Use the customer_overrides.properties
file
to override properties in the Security category of yfs.properties.
The following table contains the Security yfs.properties and descriptions.
Property | Values | Description |
---|---|---|
Security | ||
api.security.enabled | Valid values = Y or N Default = Y |
Set this property to secure access to APIs. If enabled, an authorization check is performed on a user's access to an API when the user calls that API. |
api.security.mode | Valid values = STRICT, LAX, or DEBUG Default = STRICT |
STRICT: If any validation fails, throw an exception. This is
appropriate for production systems, if all permissions are configured
properly. LAX: Filter out and log invalid input, but continue processing. The filtering allows the system to mostly work despite incorrect input or output, while the logging helps to identify placed that need change. LAX can be useful during initial development and testing. DEBUG: Log invalid input and output, but do not filter anything or throw exceptions. This is appropriate only during initial development, to identify the permissions required by various processes. Note: If you do not specify a security mode, then the system defaults to STRICT. Example: api.security.override.createorder.mode=DEBUG This example sets access for the CreateOrder API to DEBUG. |
api.security.token.enabled | Valid values = Y or N Default = Y |
If api.security.token.enabled = Y, the login API returns a
special UserToken security token attribute upon successful authentication. The api.security.token.timeout property controls how long this token is active. |
api.security.console.enabled | Valid values = Y or N Default = N |
If api.security.console.enabled = Y, API security, in addition
to the built-in security, is used for the JSP console. Note: Enabling this property may require that you relax other security settings or take additional steps that are described in the following article:
|
api.security.smc.enabled | Valid values = Y or N Default = N |
If api.security.smc.enabled = Y, API security, in addition
to the built-in security, is used for the Applications Manager and
the system monitor console. Note: Enabling this property may require that you relax other security settings or take additional steps that are described in the following article:
|
api.outputDBPasswords | Valid values = Y or N Default = N |
If api.outputDBPasswords = true, passwords are returned in the output of the getDBPoolLIst and getDBConnParams APIs. |
yfs.dsg.api.disable | Valid values = <api_name> | Set this property to disable the new data access policy functionality for specific APIs. Example: yfs.dsg.api.disable=<api_name, api_name, api_name> |
interopservlet.security.enabled | Valid values = Y or N Default = Y |
Enables application server to authenticate a user, using token-based or container-based authentication. |
interopservlet.auth.container.enabled | Valid values = Y or N Default = N |
Set this property to “true” if you want the application
server to authenticate a user by checking whether the user ID matches
the requested user ID. If this property is set to “false”,
container-based authentication is disabled. Example: interopservlet.auth.container.enabled = false |
interopservlet.auth.token.enabled | Valid values = Y or N Default = Y |
Setting this property to “true” validates the user
token supplied as a parameter on the request. When enabled, this also
allows access to the login API, which is what supplies the user token.
If this property is set to “false”, token-based authentication
is disabled. Example: interopservlet.auth.token.enabled = true |
interopservlet.auth.userPassword.enabled | Valid values = Y or N Default = Y |
Set this property to “true” if you want the user
ID and password to be passed as parameters to the servlet, instead
of using the typical login API/token approach. Example: interopservlet.auth.userPassword.enabled = true |
userauthfilter.enabled | Valid values = yes or no Default = Y |
Sets a servlet filter that ensures authenticated user access to everything under web root, except for login pages. |
yfs.login.singlesignon.class | <class name> | The class that handles Single Signon. Refer to the javadocs for the com.yantra.ycp.japi.util.YCPSSOManager interface for information about how to write your own implementation for this class. |
yfs.security.singlesignon.enabled | Valid values = Y or N Default = Y |
If this property is set to Y, the single sign on class is called. Note: If
the CSRF validation is enabled and the single sign on is implemented,
then it is recommended that you exclude the single sign on the landing
page URI from the CSRF validation.
|
yfs.login.singlesignon.checkuser | Valid values = Y or N Default = N |
If this property is set to Y, each request is validated against the singleSignOn Server for the user authentication. If the property is set to N, user authentication against the singleSignOn Server is done only when the session times out. |
yfs.security.authenticator | <class name> Default is not set. |
The class that will be invoked for user authentication. Uncomment
and change this only if you do not want to use application
authentication. Refer to the javadocs for the YFSAuthenticator interface for information about how to write your own implementation for this class. If you want to use the default implementation for LDAP authentication, uncomment the property and set it to com.yantra.yfs.util.YFSLdapAuthenticator. Example: yfs.security.authenticator= |
yfs.security.ldap.factory | <class name> | The LDAP context factory classname as specified in your LDAP
Server configuration. Example: yfs.security.ldap.factory=com.sun.jndi.ldap.LdapCtxFactory |
yfs.security.ldap.url | <url> | The URL for accessing your LDAP Server as specified in your
LDAP Server configuration. Example: yfs.security.ldap.url=ldap://<ldapservername>:<portnum> |
yfs.security.ldap.ou | Default is not set. | The value specified for the organizational unit in your LDAP
Server configuration. Example: yfs.security.ldap.ou= |
yfs.security.ldap.o | Default is not set. | The value specified for the organization in your LDAP Server
configuration. Example: yfs.security.ldap.o= |
yfs.encrypter.class | <class name> | The class that handles encryption and decryption of credit card numbers. Refer to the
Javadocs for the YCPEncrypter interface for information about how to write your own encrypter class.
If this property is not specified, then no encryption will be performed. Note: The
yfs.encrypter.class is deprecated and no longer used for property encryption. You can now use
security.encrypter.class for property encryption.
|
security.encrypter.class | Valid values = <your_property_encrypter_class> Default is not set |
The class that handles encryption and decryption of credit card numbers. Refer to the Javadocs for the YCPEncrypter interface for information about how to write your own encrypter class. If this property is not specified, then no encryption will be performed. |
yfs.propertyencrypter.class | Valid values = <class name> Default is not set. |
This class will be used for encrypting and decrypting properties specified in yfs.properties,
yiclient.properties and management.properties files. All properties which end with ".encrypted" are
automatically decrypted using this class at runtime. Use this property to encrypt critical data like
user/password. Note: The yfs.propertyencrypter.class is deprecated and no longer used for property
encryption. You can now use security.propertyencrypter.class for property encryption.
Example: yfs.agent.override.auth.password=<password> could be specified as: yfs.agent.override.auth.password.encrypted=<encrypted password> |
security.propertyencrypter.class | Valid values = <your_property_encrypter_class> Default is not set |
This class will be used for encrypting and decrypting any property (except for the
security.propertyencrypter.class property in the yfs.properties file) mentioned in the runtime
property files (including the sandbox.cfg file). Use this property to encrypt sensitive data, such
as user IDs and passwords. Properties starting with “encrypted:” are automatically
decrypted at run-time. Example: yfs.dblogin.datasource.name=encrypted:<encrypted value> |
httpOnlyCookie | Valid values = true or false Default = true |
Set the value of this property to “true”,
if you want to enable the httpOnly cookie at the application server
level. Example: yfs.httpOnlyCookie=true |