Security configuration parameters

Field / PropertyTypeDescription
default.user.role String

Sets the default general connection role.

Any user to successfully login in the screen needs to have default.user.role or default.admin.role, otherwise will get 403 error.

ROLE_USER

default.admin.role String

Sets the default administration connection role. This role will get users access to Administration tools.

Any user to successfully login in the screen need to have default.user.role or default.admin.role, otherwise will get 403 error.

ROLE_ADMIN

user.assign.document.creation Boolean

By default when a user creates a node, he is added to the node with full permissions. You can disable this behavior by setting this parameter to false. By default the parameters is set to true.

true

user.password.reset Boolean

Sometimes the user loses or forgets their password. When this option is enabled, used in landing page have got the option to restart their password and be notified with a newer one by mail. By default this option is set to false.

false

system.antivir

String

Path to antivirus.

An antivirus can decrease perfomance, taking several seconds to analyze each document and consuming a lot of CPU resources.

security.access.manager

String

Sets security access manager determinate the way on how the security is evaluated. Default value is "simple".

Values:

  • simple.
  • recursive.
  • read_recursive.

simple

Takes a look at Security configuration 

security.search.evaluation

String

Sets the security search manager and determinates the way how the security is evaluated by search engine.

Values:

  • lucene.
  • am_more, am_window or am_limited.

Take a look at Security configuration 

security.extended.mask

Integer

Security evaluation can be extended to downloaded files, starts workflows, adds, removes or modifies property groups ( metadata ) or compact history. Default value is empty.

Values:

  • DOWNLOAD = 1024;
  • START_WORKFLOW = 2048;
  • COMPACT_HISTORY = 4096;
  • PROPERTY_GROUP = 8192;

For example to enable download and property groups you should put the mask 9216 ( 1024+8192 )

9216

Take a look at Security configuration

security.live.change.node.limit

Integer

When security changes affect more than the values set in this property the security changes are applied as a background task.

100

Take a look at Security configuration

system.login.lowercase

Boolean

By default is empty. In case connecting to AD ( Microsoft Active Directory ) must be set to "true", that force all users to be logged with lowercase user Id. The reason is OpenKM is case sensitive and Microsoft Active Directory not.

principal.adapter

String

You must restart OpenKM service after you change this parameter

OpenKM can handle user access using the Spring Security framework. OpenKM needs an available method for reading users and roles, so when users are stored in a database (as is the default), the class DatabasePrincipalAdapter does this job.

com.openkm.core.DatabasePrincipalAdapter

If you configure OpenKM to authenticate against an LDAP server, you need to configure another principal adapter like LdapPrincipalAdapter.

principal.identifier.validation

String

Sets a regular expression to validate on the creation of user names and roles names.

^[a-zA-Z0-9_]+$

This parameter only can be used in combination with "principal.adapter" parameter value "com.openkm.core.DatabasePrincipalAdapter".