Package com.atlassian.crowd.common.properties

Class SystemProperties

java.lang.Object
com.atlassian.crowd.common.properties.SystemProperties
public class SystemProperties extends Object
System properties.

  • Field Details

    • INCLUDE_USERNAME_HEADER_IN_RESPONSES

      public static final BooleanSystemProperty INCLUDE_USERNAME_HEADER_IN_RESPONSES
      When set to true, Crowd will add AdditionalHeaders.HEADER_X_AUSERNAME header containing username of logged in user for all HTTP requests (including REST). This header can be utilized in Tomcat's access logs.

    • INCLUDE_APPNAME_HEADER_IN_RESPONSES

      public static final BooleanSystemProperty INCLUDE_APPNAME_HEADER_IN_RESPONSES
      When set to true, Crowd will add AdditionalHeaders.HEADER_X_AAPPNAME header containing application name of application making REST requests to Crowd. This header can be utilized in Tomcat's access logs.

    • MEMBERSHIPS_SYNC_IMPROVEMENT_ENABLED

      public static final BooleanSystemProperty MEMBERSHIPS_SYNC_IMPROVEMENT_ENABLED
      For the XML membership rest endpoint (i.e. outgoing membership), this property defines whether the optimized version of synchronization should be used.

      From manual tests of an application with 1M users in 4 directories enabling this feature saves ~2h time of full synchronisation of memberships and increases memory consumption by ~300MB.

    • USE_LEGACY_AD_MEMBERSHIP_SYNC

      public static final BooleanSystemProperty USE_LEGACY_AD_MEMBERSHIP_SYNC
      For the internal full synchronisation process (from Active Directory to Crowd database tables), this property defines whether membership details should be retrieved up-front.

      The legacy approach is to individually retrieve membership for each group (for both group and user based directories) and can cause full synchronisation to take several hours or more for an AD instance with large numbers of groups/users.

      The preferred (non legacy) approach is to retrieve all membership details as part of an up-front request to AD. This approach is normally able to complete a full synchronisation in several minutes (depending on server, database and AD speed/specifications) for an AD instance with large numbers of groups/users. Normally, this approach should not use much (if any) additional memory (when compared to the legacy approach). See CrowdLdapNameFactory for details.

      Since:
      5.3

    • USE_LEGACY_AD_INCREMENTAL_SYNC

      public static final BooleanSystemProperty USE_LEGACY_AD_INCREMENTAL_SYNC
      For Active Directory, the incremental sync of users comes in two flavors:
      • Legacy mode - based on usnChanged attribute only
      • 'bulletproof' mode (default) - using both usnChanged and ObjectGUID diff between internal and remote directory

    • AD_GROUP_USER_CACHE_DISABLED

      public static final BooleanSystemProperty AD_GROUP_USER_CACHE_DISABLED
      This property disables the caching performed by GroupUserCache.

      In general, USE_LEGACY_AD_MEMBERSHIP_SYNC property should be used to turn off up-front membership retrieval. This property caters for the case where a customer is having a problem with sync processing and has turned on legacy mode (USE_LEGACY_AD_MEMBERSHIP_SYNC) but is still experiencing a problem with GroupUserCache (e.g. for incremental syncs). In such a case, this flag can be used (in addition to the legacy flag) while the problem with the cache is resolved.

      Since:
      5.3

    • ALLOW_DUPLICATED_EXTERNAL_IDS_IN_SYNC

      public static final BooleanSystemProperty ALLOW_DUPLICATED_EXTERNAL_IDS_IN_SYNC
      When set to true Crowd will match users with duplicated external ids by names, instead of failing sync.

    • APPLICATION_STATUS_CACHE_DURATION

      public static final DurationSystemProperty APPLICATION_STATUS_CACHE_DURATION
      When set to an integer, Crowd web application /status endpoint will memoize database health check for a provided number of seconds instead of the default value

    • ATLASSIAN_DEV_MODE

      public static final BooleanSystemProperty ATLASSIAN_DEV_MODE

    • EMAIL_CHANGE_BY_EXTERNAL_APPS_ENABLED

      public static final BooleanSystemProperty EMAIL_CHANGE_BY_EXTERNAL_APPS_ENABLED
      Since Crowd 4.4, Crowd does NOT allow external apps to change e-mail of user. Enabling this flag bypasses this, meaning that if it's set to true, external apps can change e-mail of user.

      Note: One SHOULD NOT enable this as it opens a security vulnerability for user impersonation in SAML SSO connected applications which use e-mail as UID.

      Since:
      4.4.0

    • EVENT_TRANSFORMER_DIRECTORY_MANAGER_CACHE_SIZE

      public static final IntegerSystemProperty EVENT_TRANSFORMER_DIRECTORY_MANAGER_CACHE_SIZE
      Sets cache size of DirectoryManager in the EventTransformer
      Since:
      5.0.4

    • RECREATED_MEMBERSHIPS_BATCHING_ENABLED

      public static final BooleanSystemProperty RECREATED_MEMBERSHIPS_BATCHING_ENABLED
      Enables batching of requests to verify if a user or group is a direct member of a parent group when determining recreated memberships during incremental synchronisation.
      Since:
      5.0.4

    • AUDITLOG_SEARCH_ESCAPE_SPECIAL_CHARACTERS_ENABLED

      public static final BooleanSystemProperty AUDITLOG_SEARCH_ESCAPE_SPECIAL_CHARACTERS_ENABLED
      Setting this to "true" enables the special character (_) escaping
      Since:
      5.1.2

    • HSQL_NO_DATA_LOG_SUPPRESSING_FILTER_ENABLED

      public static final BooleanSystemProperty HSQL_NO_DATA_LOG_SUPPRESSING_FILTER_ENABLED
      Enables HSQL specific "no data" log suppressing filter
      Since:
      5.2.0

    • HSQL_UPGRADE_CONDITION_SKIP_PROPERTY

      public static final BooleanSystemProperty HSQL_UPGRADE_CONDITION_SKIP_PROPERTY
      Allows skipping legacy HSQL condition check for automatic upgrade
      Since:
      5.2.0

    • ADVANCED_SECURITY_PASSWORD_ENCODER_ENABLED

      public static final BooleanSystemProperty ADVANCED_SECURITY_PASSWORD_ENCODER_ENABLED
      Enables Crowd advanced PBKDF2-HMAC-SHA512 password encoder with 210,000 iterations
      Since:
      5.2.1

    • SECURITY_ANNOTATIONS_ENABLED

      public static final BooleanSystemProperty SECURITY_ANNOTATIONS_ENABLED
      Controls enabling of handling security annotations on struts actions, servlets and filters Note: atlassian-rest is controlled by a separate flag.
      Since:
      6.0.0

    • PLUGIN_SECURITY_ANNOTATIONS_ENABLED

      public static final BooleanSystemProperty PLUGIN_SECURITY_ANNOTATIONS_ENABLED
      Controls enabling of handling security annotations on plugin actions, servlets and filters
      Since:
      6.0.0

    • SECURITY_SERVLET_ANNOTATION_CACHE_ENABLED

      public static final BooleanSystemProperty SECURITY_SERVLET_ANNOTATION_CACHE_ENABLED
      Determines whether the caching of AccessTypes for servlet methods is enabled. By default, it is set to 'true' (cache is enabled).
      Since:
      6.0

    • DEFAULT_TO_LICENSED_ACCESS_ENABLED

      public static final BooleanSystemProperty DEFAULT_TO_LICENSED_ACCESS_ENABLED
      Controls defaulting to licensed access when there is no annotation Note: atlassian-rest is controlled by a separate flag.
      Since:
      6.0.0

  • Method Details

    • createBooleanSystemProperty

      public static BooleanSystemProperty createBooleanSystemProperty(String propertyName, boolean defaultForCrowd, boolean defaultForNonCrowd)
      Creates system property with separate default values for Crowd and other products.