Application properties
Content
[
Hide
]
The file application.properties stores several application-wide properties, such as which links are shown on the start page or settings regarding failed logins. The file can be found in the config directory on the master server. The exact location of the propterties files is listed under System > Server information > Used paths > Configuration files.
UI
| Property | Default value | Explanation |
|---|---|---|
| login.show.link.register | true | Whether a link for creating a new account is shown on the start page. |
| login.show.link.password | true | Whether a link for forgotten passwords is shown on the start page. |
| login.show.link.help | true | Whether a link to these help pages is shown on the start page. |
| login.show.link.faq | true | Whether a link to the Q&A page is shown on the start page. |
| login.show.link.privacy | true | Whether a link to the privacy policy is shown on the start page. |
| login.show.link.imprint | true | Whether a link to the imprint is shown on the start page. |
| login.show.link.terms | true | Whether a link to the terms and conditions is shown on the start page. |
| login.show.link.license | true | Whether a link to the licensing conditions is shown on the start page. |
| login.show.footer | true | Whether the footer is shown on the start page. The footer contains the imprint, privacy policy etc. |
| defaults.show.logo | true | Whether the logo of the application is shown on the start page. |
| defaults.show.version | true | Whether the version of the application is shown on the start page. |
URLs
| Property | Default value | Explanation |
|---|---|---|
| defaults.url.help.designer | https://help.formcycle.eu/xwiki/bin/view/Main/Designer | URL for the help pages of the Xima® Formcycle Designer. |
| defaults.url.video | http://www.formcycle.de/videos/ | URL for the tutorial videos for Xima® Formcycle. |
| defaults.url.help | https://help.formcycle.eu/xwiki/bin/view/Main/ | URL for the help pages of Xima® Formcycle. |
| defaults.url.qa | https://faq.formcycle.eu/ | URL for the Q&A pages for Xima® Formcycle. |
| defaults.url.register | https://form.cloud | URL for creating a new account. |
| defaults.url.privacy | https://form.cloud/datenschutz.html | URL for the privacy policy. |
| defaults.url.imprint | https://www.xima.de/impressum/ | URL for the imprint. |
| defaults.url.terms | https://form.cloud/agb.html | URL for the terms and conditions. |
| defaults.url.license | https://www.formcycle.de/lizenzbedingungen | URL for the licensing conditions. |
| defaults.url.formcycle | https://www.formcycle.de | URL to Xima® Formcycle |
| defaults.url.formcloud | https://www.form.cloud | URL to the Xima® Formcloud. |
| defaults.url.loopback.base since 5.0.17 | Alternative loopback URL for internal calls (e.g. print) . |
Default language
Change the default language of the application by modifying these properties. The application itself is fully internationalizable.
| Property | Default value | Explanation |
|---|---|---|
| defaults.systemeinstellung.language | - | Language code for the default language of the application.ISO-639 alpha-2 oder alpha-3. |
| defaults.systemeinstellung.county | - | Region code for the default language of the application. ISO 3166 alpha-2 country code or UN M.49 numeric-3 area code. |
| defaults.systemeinstellung.variant | - | Language variation for the default language of the application. |
Login
To prevent attacks on user passwords, you can limit how often each user may fail to enter the correct password before they are locked out for a certain amount of time.
By default, a user must wait for 15 minutes after 5 consecutive failed login attempts.
| Property | Default value | Explanation |
|---|---|---|
| login.duplicated.message.suppress | false | Whether to show a message when a user logs in and another session already exists for the same user. |
| login.fails.lock.timeout | 900 (=15 minutes) | The amount of time in seconds a user needs to wait after using up all their login attempts. If the value is less than 60, it is clamped to 60. |
| login.fails.lock.count | 5 | The number of consecutive failed login attempts before a user is locked out. Set to 0 for an unlimited amount of attempts. |
| login.fails.lock.onfullcache | true | Whether the system is locked when the login cache is full. Users cannot login anymore if the system is locked. |
| login.fails.cache.heap.count | 10000 | The number of login attempts kept in memory. If less than or equal to 0, it is clamped to 1000. |
| login.fails.lock.maxentries | 11000 | The maximum number of login attempts stored in the cache. If the cache is full, no more logins are allowed. Set to 0 to disable the limit. |
| login.fails.cache.disk.size | 102400 | The number of login attempts cached in the file system. Set to 0 to disable this limit, and make sure you have got sufficient disk space. Set to a value less than 0 to disable the file cache (and use only the in-memory cache). |
| last.login.save | false | Whether the most recent date when a user signed in is saved and shown for each client. |
An example for a configuration requiring a user to wait to 100 minutes after 10 failed login attempts.
login.fails.lock.timeout=6000
login.fails.lock.count=10
login.fails.lock.count=10
Cache
The file cache stores files used by the system, the form cache stores rendered HTML forms.
| Property | Default value | Explanation |
|---|---|---|
| cache.files.disk.size | -1 | Maximum size in MB of what the file cache stores in the file system. No limit when set to -1. If set to 0, the file system is not used by the cache. |
| cache.files.heap.size | 75 | Maximum size in MB of what the file cache stores in-memory. If set to 0, the in-memory file cache is disabled. |
| cache.files.idletime | 0 | Time interval in seconds until an item in the form cache is removed when it is never accessed during that time interval. Set to 0 to disable. |
| cache.forms.disk.size | -1 | Maximum size in MB of what the form cache stores in the file system. No limit when set to -1. If set to 0, the file system is not used by the cache. |
| cache.forms.heap.size | 75 | Maximum size in MB of what the form cache stores in-memory. If set to 0, the in-memory form cache is disabled. |
| cache.forms.idletime | 0 | Time interval in seconds until an item in the form cache is removed when it is never accessed during that time interval. Set to 0 to disable. |
System
| Property | Default value | Explanation |
|---|---|---|
| bot.field.name | x-i-m-a-5536-required | Name of the hidden input field for detecting bots. Since V7, the field name is automatically renewed when the form is opened. |
| 7.1.0+ bot.field.autocomplete | new-password | Value for the autocomplete attribute of the bot field. When this property is not present, it defaults to new-password. When the value is empty, the autocomplete attribute is not set. Any other value is used for the autocomplete attribute. |
| defaults.systemeinstellung.loginName | sadmin | Login name for the super administrator of the system. |
| defaults.systemeinstellung.passwort | hash(admin) | Login name for the super administrator of the system. Should be changed after installing the application. The password is stored hashed, it should not be set manually in the configuration file, but only via the user interface. |
| cluster.implementation | jgroups | The implementation used for clustering. Allowed options are jgroups and shoal. |
| system.server.id | (generated) | Unique ID of the server which can be included in the HTTP header and attached to the submit URL of a form for the use of load balancers. See HTTP. |
| 7.1.0+ monitoring.enabled | false | Whether the frontend server monitoring URL is enabled. |
| 7.1.0+ monitoring.allowed.hosts | (empty) | List of host, that are allowd to access the frontend server monitoring URL . localhost (loopback) is always granted access. |
| defaults.http.use_system_properties 7.2.0+ | true | When true, uses settings from JVM system properties to configure HTTP requests. The following system properties are read: https.protocols, https.cipherSuites, http.keepAlive, http.maxConnections, http.agent. In addition, when a proxy was configured for the JVM, that proxy is used unless an explicit proxy server was configured within Xima® Formcycle. Finally, when attempting to access protected resources, the default system credentials provider is also queried for credentials. |
Limits
| Property | Default value | Explanation |
|---|---|---|
| defaults.upload.max_size | -1 | Maximum size in bytes for file uploads within forms. Applies to each file individually. Set to -1 to disable. |
| defaults.query.database.max_rowcount | 5000 | Maximum number of returned rows for a query to the database. Set to 0 to disable. |
| defaults.upload.max_fieldsize | 0 | Maximum size in bytes when retrieving columns of type character (eg. char or varchar) or binary. Set to 0 to disable. |
Frontend server
These settings control the connection to the frontend server. They should be edited via the user interface.
| Property | Default value | Explanation |
|---|---|---|
| fs.settings.interface | 0.0.0.0 | The network interface the frontend server uses for listening to connections from the master server. |
| fs.settings.port | 4753 | The port for the connection to the master server. |
| fs.settings.ssl.use | false | Whether the connection between the master serverand frontend server is encrypted via SSL. |
| fs.settings.authKey | (empty string) | The token of this frontend server. Used to check if the master server is authorized to establish a connection to this frontend server. |
| fs.settings.ssl.keystore.path | (empty string) | The path to the keystore file (on the file system) for the connection. Required if SSL is used. |
| fs.settings.ssl.keystore.pass | (empty string) | The password needed to access the keystore. Required if SSL is used. |
LDAP
| Property | Default value | Explanation |
|---|---|---|
| ldap.override.filter.user | (|(objectclass=user)(objectclass=person)(objectclass=inetOrgPerson)(objectclass=organizationalPerson)) | LDAP filter for searching for available LDAP users. By default, finds all objects with the object class user, person, inetOrgPerson, or organinsationalPerson. |
| ldap.override.filter.user.login | (|(sAMAccountName={0})(userPrincipalName={0})(uid={0})) | LDAP-Filter for locating a user with a given login name. Specify the login name with the placeholder {0}. By default, finds all users if the attribute sAMAccountName, userPrincipalName or uid matches the login name. |
| ldap.override.filter.kerberos.user | Value of the user query see above. | LDAP filter for searching a user after Kerberos authentication. The available login corresponds to the pattern <username>(/<instance>)@<REALM> where the /<instance> part is optional. Using the example test/admin@EXAMPLE.COM, the individual components are available in the corresponding filter as follows: {0}=test/admin@EXAMPLE.COM, {1}=test/admin, {2}=test,{3}=admin,{4}=EXAMPLE.COM. For example, to perform a user search within a single-domain environment with a non-standard userPrincipalName, the query could be defined as follows: (sAMAccountName={2}) |
| ldap.override.filter.group | (|(objectclass=group)(objectclass=groupofnames)(objectclass=groupofuniquenames)) | LDAP filter for searching for LDAP groups. By default, searches for all objects with the object class group, groupofnames, or groupofuniquenames. |
HTTP
| Property | Default value | Explanation |
|---|---|---|
| http.header.referer | same-origin | The referre policy for HTTP responses. You can also change this setting in the system settings menu . |
| http.header.hsts.max | (empty) | The value for the max-age of the HTTP Strict Transport Security. You can also change this setting in the system settings menu . |
| http.header.hsts.sub | false | Whether the HTTP Strict Transport Security should be applied to sub domains as well. You can also change this setting in the system settings menu . |
| http.header.serverid.name | (not available) | Specifies the header name with which the system.server.id is written to all requests. If this entry exists but is empty the corresponding header will not be set. If the entry does not exist the default XFC-Server-Id is used. |
| http.param.serverid.name | (not available) | Specifies the name of the URL parameter used to append the system.server.id to the form submission URL. If the value is empty or not available, no parameter will be appended. |
| http.header.csp.backend 7.2.1+ | (empty) | Sets the value for the HTTP headder Content-Security-Policy in the backend (configuration UI). You can also edit this value in the backend via the menu System, General. |
| http.header.csp.frontend 7.2.1+ | (empty) | Sets the value for the HTTP headder Content-Security-Policy in the frontend (web form). You can also edit this value in the backend via the menu System, General. |
| http.header.csp.reportonly.backend 7.2.1+ | (empty) | Sets the value for the HTTP headder Content-Security-Policy-Report-Only in the backend (configuration UI). You can also edit this value in the backend via the menu System, General. |
| http.header.csp.reportonly.frontend 7.2.1+ | (empty) | Sets the value for the HTTP headder Content-Security-Policy-Report-Only in the frontend (web forms). You can also edit this value in the backend via the menu System, General. |
Debug
| Property | Default value | Explanation |
|---|---|---|
| debug.show_sql | false | Sets the Hibernate properties hibernate.show_sql and hibernate.format_sql to true. Write all executed SQL statements to the console. |
Quartz jobs
| Property | Default value | Explanation |
|---|---|---|
| cleanup.worker.active | true | Whether the system cleanup job is active and run periodically. The system clean up jobs, for example, checks for unconfirmed form records waitning for a double opt-in confirmation, and deletes them when they are expired. |
| cleanup.worker.cronexpression | 0 0,15,30,45 * ? * * | The cron expression for the system clean up job that indicates when and how often that job is run. The system clean up jobs, for example, checks for unconfirmed form records waitning for a double opt-in confirmation, and deletes them when they are expired. |
| quartz.threadpool.thread.count 7.0.10+ | 10 | The number of threads for the scheduler. Default value is 10. When set to 0, new jobs are created, but no jobs are executed. This is useful in scenarios when the jobs should be run by another server. |
| quartz.scheduler.check.interval 7.0.10+ | 30000 | Is the amount of time in milliseconds that the scheduler will wait before re-queries for available triggers when the scheduler is otherwise idle. Normally you should not have to 'tune' this parameter, unless you’re using XA transactions, and are having problems with delayed firings of triggers that should fire immediately. Values less than 5000 ms are not recommended as it will cause excessive database querying. Values less than 1000 are not legal. |
| quartz.jobstore.misfire.threshold 7.0.10+ | 60000 | The number of milliseconds the scheduler will 'tolerate' a trigger to pass its next-fire-time by, before being considered "misfired". The default value (if you don’t make an entry of this property in your configuration) is 60000 (60 seconds). |
Sending of emails
| Eigenschaft | Standardwert | Beschreibung |
|---|---|---|
| mail.smtp.connectiontimeout 7.0.4+ | 300000 | SMTP Socket connection timeout value in milliseconds. |
| mail.smtp.timeout 7.0.4+ | 300000 | SMTP Socket I/O timeout value in milliseconds. |
Workflow
The following properties can be used to selectively enable or disable certain events or actions of the new workflow.
The properties for events share the following pattern:
trigger.<technical_name_of_the_event>.enable=false
The properties for actions share the following pattern:
processing.<technical_name_of_the_action>.enable=false
The technical event names are as follows:
- fc_catch_error: Workflow error
- fc_doi_verified: Double opt-in confirmed
- fc_form_submit_button: Technical name
- fc_invitation_error: Invitation failed
- fc_invitation_sent: Invitation sent
- fc_manual: Custom
- fc_qualified_form_submit_button: Submit button
- fc_state_timer: After state change
- fc_time_point: Date and time
The technical action names are as follows:
- fc_change_form_availability: Change availability
- fc_change_form_value: Change form values
- fc_change_state: Set state
- fc_compress_as_zip: Compress files
- fc_copy_form_record: Copy form record
- fc_counter: Change counter
- fc_create_text_file: Create text file
- fc_delete_form_record: Delete form record
- fc_doi_init: Send double opt-in email
- fc_email: Email
- fc_empty: Empty statement
- fc_experiment: Handle errors
- fc_export_to_persistence: Export to persistence file
- fc_export_to_xml: Export as XML
- fc_fill_pdf: Fill PDF document
- fc_fill_word: Fill word document
- fc_import_form_value_from_xml: Import from XML
- fc_ldap_query: LDAP query
- fc_move_form_record_to_inbox: Move to inbox
- fc_multiple_condition: Condition (Check value)
- fc_post_request: HTTP request
- fc_provide_resource: Provide file
- fc_queue_task: Queue custom event
- fc_redirect: Redirect
- fc_renew_process_id: Create new process ID
- fc_return: Stop processing chain
- fc_return_file: File download
- fc_save_to_file_system: Save to file system
- fc_set_saved_flag: Save
- fc_show_template: HTML response page
- fc_sql_statement: Database query
- fc_throw_exception: Throw error
- fc_write_form_record_attributes: Set server attribute
- sequence: Block statement