JNDI environment entries for MobileFirst projects in production
JNDI environment entries cover all the properties that you can set in a production environment. Set production environment properties by configuring your project WAR file with JNDI environment entries.
- Editing the configuration XML file for the deployer Ant tasks.
- Configuring the server environment entries. On WebSphere® Application Server full profile and WebSphere Application Server Network Deployment, use the administration console. On WebSphere Application Server Liberty profile or Apache Tomcat, you edit the server.xml file.
Many of the MobileFirst configuration properties must have different values when the project is deployed to different environments. For example, the configuration properties that are used to specify the MobileFirst Server public URL (that is, publicWorkLightHostname, publicWorkLightPort, and publicWorkLightProtocol) might be different when the MobileFirst project is deployed to a staging server or to a production server. You can configure the project WAR file through JNDI environment entries.
Some of the properties are relevant only in a development environment and are not available as JNDI entries.
- You can define the property with the .enc suffix in the worklight.properties file that is packaged in the WAR file of the MobileFirst project. You can then override the encrypted value by using a JNDI property. With Apache Tomcat, this option is the only one available.
- On WebSphere Application Server full profile and Liberty profile, you can use the password encoding tools: PropFilePasswordEncoder for WebSphere Application Server and SecurityUtility for Liberty profile.
The following table lists the MobileFirst properties that are always available as JNDI entries:
| Property name | Description |
|---|---|
| adapters.saxparser.doctype.validation | Specifies whether the adapter should validate the XML response received from the back-end server. If you set this property to false, the adapter does not validate the response. This might be useful in cases when the time required to validate could be expected to exceed the allowed timeout value. Default: true |
| cluster.data.synchronization.taskFrequencyInSeconds | Interval for the synchronization of event sources data within clusters. Default: 2. |
| deployables.cleanup.taskFrequencyInSeconds | Interval at which deployable folder are cleaned up (in seconds). Default: 86400. |
| ibm.worklight.admin.environmentid | Optional. Environment identifier for the registration of the MBeans. Use this identifier when different instances of the MobileFirst Server are installed on the same application server. The identifier determines which Administration Services, which console, and which runtimes belong to the same installation. The Administration Services manage only the runtimes that have the same environment identifier. |
| ibm.worklight.admin.jmx.connector | Mandatory. JMX connector type, by default RMI or SOAP. WebSphere Application Server profile only. |
| ibm.worklight.admin.jmx.dmgr.host | Mandatory. Deployment Manager host name. WebSphere Application Server Network Deployment only. |
| ibm.worklight.admin.jmx.dmgr.port | Mandatory. Deployment Manager RMI or SOAP port. WebSphere Application Server Network Deployment only. |
| ibm.worklight.admin.jmx.pwd | Optional. WebSphere Application Server Farm: the user password of the SOAP connection. |
| ibm.worklight.admin.jmx.user | Optional. WebSphere Application Server Farm: the user name of the SOAP connection. |
| ibm.worklight.admin.rmi.registryPort | Optional. RMI registry port for the JMX connection through a firewall. Tomcat only. |
| ibm.worklight.admin.rmi.serverPort | Optional. RMI server port for the JMX connection through a firewall. Tomcat only. |
| ibm.worklight.admin.serverid | Optional. Server identifier. Must be different for each server in the farm. Server farms only. |
| ibm.worklight.jndi.configuration | Optional. If the JNDI configuration is injected into the WAR files or provided as a shared library, the value of this property is the name of the JNDI configuration. You can also specify this value as a system property. See Predefining MobileFirst Server configuration for several deployment environments. |
| ibm.worklight.jndi.file | Optional. If the JNDI configuration is stored as an external file, the value of this property is the path of a file that describes the JNDI configuration. You can also specify this value as a system property. See Predefining MobileFirst Server configuration for several deployment environments. |
| ibm.worklight.topology.clustermode | In addition to the server type, you must
specify the server topology. Valid values:
|
| ibm.worklight.topology.platform | Server type. Valid values:
If the default value is not set, the application tries to guess the server type. |
| publicWorkLightHostname | The IP address or host name of the computer
that is running IBM MobileFirst™ Platform Foundation. If the MobileFirst Server is behind a reverse proxy, the value is the IP address or host name of the reverse proxy. This property must be identical for nodes within the same cluster. Default: IP address of current server. |
| publicWorkLightPort | The port for accessing the MobileFirst Server. If the MobileFirst Server is behind a reverse proxy, the value is the port for accessing the reverse proxy. This property must be identical for nodes within the same cluster. Default: 10080. The configureApplicationServer Ant task sets a default value that depends on the application server. |
| publicWorkLightProtocol | The protocol for accessing the MobileFirst Server. The valid values are HTTP and HTTPS. If the MobileFirst Server is behind a reverse proxy, the value is the protocol for accessing the reverse proxy. This property must be identical for nodes within the same cluster. Default: HTTP. The configureApplicationServer Ant task sets a default value that depends on the application server. |
| push.apns.proxy.enabled | Indicates whether APNS must be accessed through a proxy. Default: false. |
| push.apns.proxy.host | The hostname of the proxy server to be used to connect to APNS. |
| push.apns.proxy.port | The port number on the proxy server to be used to connect to APNS. |
| push.apns.proxy.user | The user name for authenticating with the APNS proxy server if the proxy requires authentication. An empty user name means no authentication. |
| push.apns.proxy.password | The password for authenticating with the APNS proxy if the proxy requires authentication. |
| push.apns.connectionIdleTimeout | Optional. APNs Idle Connection Timeout. Default : 0 |
| push.clearUserOnLogout | Clear the user name from push device registration on logout. Default: false |
| push.gcm.proxy.enabled | Shows whether GCM must be accessed through a proxy. Default: false. |
| push.gcm.proxy.host | The hostname of the proxy server to be used to connect to GCM |
| push.gcm.proxy.password | The password for authenticating with the GCM proxy server if the proxy requires authentication. |
| push.gcm.proxy.port | The port number on the proxy server to be used to connect to GCM. Default port: -1. |
| push.gcm.proxy.protocol | Either http or https. |
| push.gcm.proxy.user | Proxy user name, if the proxy requires authentication. Empty user name means no authentication. |
| push.sms.proxy.enabled | Indicates whether push SMS proxy is enabled. Default: false. |
| push.sms.proxy.host | The hostname of the proxy server to be used to connect to the SMS Gateway. |
| push.sms.proxy.password | The password for authenticating with the proxy server if authentication is enabled on the proxy |
| push.sms.proxy.port | The port number on the proxy server to be used to connect to the SMS Gateway |
| push.sms.proxy.protocol | The protocol to be used (HTTP or HTTPS) to connect to the proxy server |
| push.sms.proxy.user | The user name for authenticating with the proxy server if authentication is enabled on the proxy |
| reports.exportRawData | Indicates whether reporting is activated (true or false). Default: false. |
| serverSessionTimeout | Idle session timeout in minutes. Default: 10. Used in session-dependent mode only. |
| ssl.keystore.password | SSL certificate keystore password. |
| ssl.keystore.path | SSL certificate keystore location. Default: conf/mfp-default.keystore. |
| ssl.keystore.type | SSL certificate keystore type. Valid keystore types: jks or PKCS12. Default: jks. |
| ssl.websphere.alias | The WebSphere SSL configuration alias used by the HTTP adapters |
| ssl.websphere.config | Set this property to true to have HTTP adapters use WebSphere SSL configuration. Default: false. |
| sso.cleanup.taskFrequencyInSeconds | Interval (seconds) for a cleanup task that cleans the database of orphaned and expired single-sign-on login contexts. Default: 5 |
| trusted.signer.certificate.paths | A space-separated list of trusted signer certificates for authenticating non-mobile (confidential) clients. The paths may be relative to the server folder in the MobileFirst Project (for example: conf/rootCA.crt), or absolute paths. |
| wl.analytics.console.url | Optional. The URL that is exposed by IBM MobileFirst Platform Operational
Analytics that
links to the Analytics console. Set this property if you want to access
the Analytics console from the MobileFirst Operations
Console.
Example:
|
| wl.analytics.logs.forward | A Boolean value (true or false) that indicates whether to send all com.worklight.* logs to the operational analytics server. If this value is true, all logs that are specified in com.worklight.* settings are forwarded to the operational analytics server. The default value is true. This setting is supported only on MobileFirst production servers. It is not supported on the MobileFirst Development Server. |
| wl.analytics.password | The password that is used if the data entry point for the IBM MobileFirst Platform Operational Analytics is protected with basic authentication. |
| wl.analytics.url | The URL that is exposed by the IBM MobileFirst Platform Operational Analytics that receives incoming analytics data. Example: http://hostname:port/context-root/data. |
| wl.analytics.username | The user name that is used if the data entry point for the IBM MobileFirst Platform Operational Analytics is protected with basic authentication. |
| wl.ca.key.alias | The alias of the entry where the private key and certificate are stored in the keystore. Default: mfp-default-cert. |
| wl.ca.key.alias.password | The password that protects the keystore entry where the private key and certificate are stored. The alias name for this entry is defined in the wl.ca.key.alias JNDI property. |
| wl.ca.keystore.password | The password that protects the keystore. The path to the keystore is defined in the wl.ca.keystore.path JNDI property. |
| wl.ca.keystore.path | The path to the keystore relative to the server folder in the MobileFirst project. Default: conf/mfp-default.keystore. |
| wl.ca.keystore.type | Type of keystore file. Valid values are jks or pkcs12. Default: jks. |
| wl.clientlogs.adapter.name | The name of the HTTP adapter that you want to use to receive client-side logs. If you do not specify this property, the default WLClientLogReceiver name is used. |
| wl.device.archiveDecommissioned.when | A value, in days, that defines when client devices that were decommissioned will be placed in an archive file when the decommissioning task is run. The archived client devices are written to a file in the MobileFirst Server home\devices_archive directory. The name of the file contains the time stamp when the archive file is created. Default: 90 days. |
| wl.device.decommission.when | The number of days of inactivity after which a client device is decommissioned by the device decommissioning task. Default: 90 days. |
| wl.device.enableAccessManagement | A Boolean value (true or false) that enables the Access Management features on the MobileFirst Server. If the Access Management features are enabled, each time a device attempts to connect to the server, it is checked against the back end for its access rights. |
| wl.device.tracking.enabled | A value that is used to enable or disable device tracking in IBM MobileFirst Platform Foundation. For performance reasons, you can disable this flag when IBM MobileFirst Platform Foundation runs only Business-to-Consumer (B2C) apps. When device tracking is disabled, the license reports are also disabled and no license metrics are generated. |
| mfp.adapter.invocation.url | The URL to be used for invoking adapter procedures from inside Java™ adapters, or JavaScript adapters that are invoked using the /rest endpoint. If this property is not set, the URL of the currently executing request will be used (this is the default behavior). This value should contain the full URL, including the context root. |
| mfp.attrStore.db.cleanupFrequency.minutes | The attribute store database cleanup task interval (in minutes). The default is 60 minutes. |
| mfp.attrStore.db.stalePeriod.days | The interval (in days) after which an expired attribute is considered stale, and may be deleted by the attribute store database cleanup task. The default is 30 days. For more information about the store database cleanup task, see Configuring the attribute store cleanup task. |
| mfp.attrStore.type | Specifies the cache or persistent store to save the authentication context that is kept in the attribute store of MobileFirst Server. Options:
Default: database |
| mfp.attrStore.xs.endpoint | A comma-separated list of host-port pairs of the WebSphere eXtreme Scale catalog servers, in the form: "host:port". |
| mfp.attrStore.xs.gridname | The eXtreme Scale grid that is used for caching the attribute store. |
| mfp.attrStore.xs.mapname | The eXtreme Scale backing map that is used for caching the attribute store. |
| mfp.attrStore.xs.password | The password for connecting to the eXtreme Scale server. Leave empty if authentication is not required. |
| mfp.attrStore.xs.username | The user name for connecting to the eXtreme Scale server. Leave empty if authentication is not required. |
| mfp.db.cloudant.username | The user name of the Cloudant account. When this property is defined along with a Cloudant password, the runtime database is Cloudant. Otherwise, the runtime uses the relational database that is configured. |
| mfp.db.cloudant.password | The password to the Cloudant account. When this property is defined along with a Cloudant user name, the runtime database is Cloudant. Otherwise, the runtime uses the relational database that is configured. |
| mfp.db.cloudant.url | The URL of the Cloudant account that is used only if Cloudant is active, and has a defined username and password. When this property is defined, the Cloudant database is directed to this URL. Otherwise, it is redirected to the default URL: https://cloudant.com |
| mfp.db.cloudant.ssl.authentication | A Boolean value (true or false)
that specifies whether the SSL certificate chain validation and host
name verification are enabled for HTTPS connections to the Cloudant database. Default: true.
Important: Setting this property to false creates
security risks.
|
| mfp.db.cloudant.ssl.configuration | Property that applies to WebSphere Application Server Full Profile only. For HTTPS connections to the Cloudant database, it specifies the name of an SSL configuration in the WebSphere Application Server configuration, to use when no configuration is specified for the host and port. |
| mfp.db.cloudant.dbNamePrefix | The Cloudant database prefix. When this property is configured, the prefix is added to the default database name, followed by an underscore: "MobileFirst_runtime_context-root_runtime_db". The prefix string must contain lowercase letters only. |
| mfp.db.cloudant.connectTimeout | A timeout for establishing a network connection to Cloudant, in milliseconds. The zero (0) value means an infinite timeout. A negative value means the default (no override). If this property is not configured, a default value is used, which is described in the documentation for the Cloudant Java Client. |
| mfp.db.cloudant.socketTimeout | A timeout for detecting the loss of a network connection to Cloudant, in milliseconds. The zero (0) value means an infinite timeout. A negative value means the default (no override). If this property is not configured, a default value is used, which is described in the documentation for the Cloudant Java Client. |
| mfp.db.cloudant.maxConnections | The maximum number of connections of the Cloudant connector. If this property is not configured, a default value is used, which is described in the documentation for the Cloudant Java Client. |
| mfp.db.cloudant.proxyHost | The proxy host of the Cloudant connector. If this property is not configured, a default value is used, which is described in the documentation for the Cloudant Java Client. |
| mfp.db.cloudant.proxyPort | The proxy port of the Cloudant connector. If this property is not configured, a default value is used, which is described in the documentation for the Cloudant Java Client. |
| mfp.session.independent | Turns session dependency in MobileFirst Server on or off. Options:
Default: true |
Custom user properties that are defined in the worklight.properties file are also exposed.
The wl.db.* and wl.reports.db.* properties are not available as JNDI environment entries because they are intended for use only during the development phase.