Server configurations
This is server configurations in webswing.config.
| Admin console label | Config field Id | Description | Default value | Type | Variable replacement |
|---|---|---|---|---|---|
| Context Path | path | Url context path where the application will be deployed. | String |
||
| Admin Console Url | adminConsoleUrl | Admin console used to manage this server. | String |
✅ | |
| Web Home Folder | webHomeDir | Webswing server's home directory for web-related content. This will be the base directory of any relative classpath entries specified. | ${user.dir} | String |
✅ |
| Web Folder | webFolder | Folder to be used to store customized static web files like HTML, CSS or Javascript. | String |
✅ | |
| Restricted Resources | restrictedResources | Defined path-prefix restricts access to resources only to authenticated users (e.g. '/docs'). Applies to static resources inside 'Web Folder' or packaged with Webswing. (e.g. '/myapp/docs/index.html') | List<String> |
✅ | |
| Localization Folder | langFolder | Folder to be used to store customized messages and translations in supported languages. English is available by default. | String |
✅ | |
| Security | security | WebswingSecurityConfig |
|||
| REST Users | restUsers | Define users that can access Admin Console's REST API using HTTP Basic Authentication. Permissions are enumerated values from WebswingAction class. | List<RestUserEntry> |
||
| Web Security | webSecurity | WebSecurityConfig |
|||
| Access-Control-Allow-Private-Network | accessControlAllowPrivateNetwork | Configuration of Access-Control-Allow-Private-Network response header. | String |
✅ | |
| Data Store | dataStore | WebswingDataStoreConfig |
|||
| BlackList | blacklist | Blacklisted features | List<String> |
||
| WhiteList | whitelist | Whitelisted features | List<String> |
RestUserEntry
| Admin console label | Config field Id | Description | Default value | Type | Variable replacement |
|---|---|---|---|---|---|
| Username | username | String |
✅ | ||
| Password | password | String |
✅ | ||
| Permissions | permissions | List<String> Values: rest_getPaths, rest_getAppInfo, rest_getSession, rest_getStats, rest_startRecording, rest_sessionShutdown, rest_sessionShutdownForce, rest_getConfig, rest_setConfig, rest_startApp, rest_stopApp, rest_createApp, rest_removeApp, rest_getThreadDump, rest_getHeapDump, rest_requestThreadDump, rest_requestHeapDump, rest_toggleStatisticsLogging, rest_getOverview, rest_manageScaling, rest_controlSessionPool, rest_reloadWebsocketUrls, rest_getScalingInfo, rest_viewLogs, rest_getApps, rest_getMetrics |
WebSecurityConfig
| Admin console label | Config field Id | Description | Default value | Type | Variable replacement |
|---|---|---|---|---|---|
| X-Frame-Options | xFrameOptions | Configuration of X-Frame-Options response header. | SAMEORIGIN | String |
✅ |
| Content-Security-Policy | contentSecurityPolicy | Configuration of Content-Security-Policy response header. Recommended value: \ | connect-src 'self' ws: wss: data: blob: | String |
✅ |
| Content-Security-Policy-Report-Only | contentSecurityPolicyReportOnly | Configuration of Content-Security-Policy-Report-Only response header. | String |
✅ | |
| X-Content-Type-Options | xContentTypeOptions | Configuration of X-Content-Type-Options response header. | nosniff | String |
✅ |
| X-XSS-Protection | xXSSProtection | Configuration of X-XSS-Protection response header. | 1; mode=block | String |
✅ |
| Referrer-Policy | referrerPolicy | Configuration of Referrer-Policy response header. | strict-origin-when-cross-origin | String |
✅ |
| Permissions-Policy | permissionsPolicy | Configuration of Permissions-Policy response header. | String |
✅ | |
| Strict-Transport-Security | strictTransportSecurity | Configuration of Strict-Transport-Security response header. | max-age=63072000; includeSubDomains; preload | String |
✅ |
| Cookie SameSite | cookieSameSite | Value of SameSite cookie attribute. | None | CookieSameSite Enum Values: None, Lax, Strict |
|
| Force secure cookie | forceSecureCookie | Force Secure attribute in cookies even in non-secured http connections. | false | boolean |
WebswingDataStoreConfig
| Admin console label | Config field Id | Description | Default value | Type | Variable replacement |
|---|---|---|---|---|---|
| Direct Transfer | directTransfer | If enabled, file transfer between browser and application will use WebSocket connection. Use this option if your deployment doesn't allow shared access to single data store. | true | boolean |
|
| Data Store Module Class Path | classPath | Additional classpath for built-in data store module or for defining custom data store module. | List<String> |
✅ | |
| Data Store Module Name | module | Select one of built-in modules or enter full class name of custom data store module (has to implement org.webswing.server.common.datastore.WebswingDataStoreModule interface). Note the class and its dependencies has to be on classpath defined above. | INHERITED | String |
|
| Data Store Module Config | config | Data store module specific configuration. | FileSystemDataStoreModuleConfig |
FileSystemDataStoreModuleConfig
| Admin console label | Config field Id | Description | Default value | Type | Variable replacement |
|---|---|---|---|---|---|
| Transfer Folder | transferFolder | Folder to be used to store application uploads and downloads. This folder must be accessible by application and server. | ${" + Constants.ROOT_DIR_PATH + "}/datastore/transfer | String |
✅ |