Please be aware that there is newer version of documentation available for Webswing. Documentation 26.1
Server root configuration
This is server configuration related to root handler and Admin Console server in webswing.config.
| Admin console label | Config field Id | Description | Default value | Type | Variable replacement |
|---|---|---|---|---|---|
| Context Path | path | Url context path where the application will be deployed. | String |
||
| Admin Console Url | adminConsoleUrl | Admin console used to manage this server. | String |
✅ | |
| Web Home Folder | webHomeDir | Webswing server's home directory for web-related content. This will be the base directory of any relative classpath entries specified. | ${user.dir} | String |
✅ |
| Web Folder | webFolder | Folder to be used to store customized static web files like HTML, CSS or Javascript. | String |
✅ | |
| Restricted Resources | restrictedResources | Defined path-prefix restricts access to resources only to authenticated users (e.g. '/docs'). Applies to static resources inside 'Web Folder' or packaged with Webswing. (e.g. '/myapp/docs/index.html') | List<String> |
✅ | |
| Localization Folder | langFolder | Folder to be used to store customized messages and translations in supported languages. English is available by default. | String |
✅ | |
| Security | security | WebswingSecurityConfig |
|||
| REST Users | restUsers | Define users that can access Admin Console's REST API using HTTP Basic Authentication. Permissions are enumerated values from WebswingAction class. | List<RestUserEntry> |
||
| Web Security | webSecurity | WebSecurityConfig |
|||
| Access-Control-Allow-Private-Network | accessControlAllowPrivateNetwork | Configuration of Access-Control-Allow-Private-Network response header. | String |
✅ | |
| Data Store | dataStore | WebswingDataStoreConfig |
|||
| BlackList | blacklist | Blacklisted features | List<String> |
||
| WhiteList | whitelist | Whitelisted features | List<String> |
RestUserEntry
| Admin console label | Config field Id | Description | Default value | Type | Variable replacement |
|---|---|---|---|---|---|
| Username | username | String |
✅ | ||
| Password | password | String |
✅ | ||
| Permissions | permissions | List<String> Values: rest_getPaths, rest_getAppInfo, rest_getSession, rest_getStats, rest_startRecording, rest_sessionShutdown, rest_sessionShutdownForce, rest_getConfig, rest_setConfig, rest_startApp, rest_stopApp, rest_createApp, rest_removeApp, rest_getThreadDump, rest_getHeapDump, rest_requestThreadDump, rest_requestHeapDump, rest_toggleStatisticsLogging, rest_getOverview, rest_manageScaling, rest_controlSessionPool, rest_reloadWebsocketUrls, rest_getScalingInfo, rest_viewLogs, rest_getApps, rest_getMetrics |
WebSecurityConfig
| Admin console label | Config field Id | Description | Default value | Type | Variable replacement |
|---|---|---|---|---|---|
| X-Frame-Options | xFrameOptions | Configuration of X-Frame-Options response header. | SAMEORIGIN | String |
✅ |
| Content-Security-Policy | contentSecurityPolicy | Configuration of Content-Security-Policy response header. Recommended value: \ | connect-src 'self' ws: wss: data: blob: | String |
✅ |
| Content-Security-Policy-Report-Only | contentSecurityPolicyReportOnly | Configuration of Content-Security-Policy-Report-Only response header. | String |
✅ | |
| X-Content-Type-Options | xContentTypeOptions | Configuration of X-Content-Type-Options response header. | nosniff | String |
✅ |
| X-XSS-Protection | xXSSProtection | Configuration of X-XSS-Protection response header. | 1; mode=block | String |
✅ |
| Referrer-Policy | referrerPolicy | Configuration of Referrer-Policy response header. | strict-origin-when-cross-origin | String |
✅ |
| Permissions-Policy | permissionsPolicy | Configuration of Permissions-Policy response header. | String |
✅ | |
| Strict-Transport-Security | strictTransportSecurity | Configuration of Strict-Transport-Security response header. | max-age=63072000; includeSubDomains; preload | String |
✅ |
| Cookie SameSite | cookieSameSite | Value of SameSite cookie attribute. | None | CookieSameSite Enum Values: None, Lax, Strict |
|
| Force secure cookie | forceSecureCookie | Force Secure attribute in cookies even in non-secured http connections. | false | boolean |
WebswingDataStoreConfig
| Admin console label | Config field Id | Description | Default value | Type | Variable replacement |
|---|---|---|---|---|---|
| Direct Transfer | directTransfer | If enabled, file transfer between browser and application will use WebSocket connection. Use this option if your deployment doesn't allow shared access to single data store. | true | boolean |
|
| Data Store Module Class Path | classPath | Additional classpath for built-in data store module or for defining custom data store module. | List<String> |
✅ | |
| Data Store Module Name | module | Select one of built-in modules or enter full class name of custom data store module (has to implement org.webswing.server.common.datastore.WebswingDataStoreModule interface). Note the class and its dependencies has to be on classpath defined above. | INHERITED | String |
|
| Data Store Module Config | config | Data store module specific configuration. | FileSystemDataStoreModuleConfig |
FileSystemDataStoreModuleConfig
| Admin console label | Config field Id | Description | Default value | Type | Variable replacement |
|---|---|---|---|---|---|
| Transfer Folder | transferFolder | Folder to be used to store application uploads and downloads. This folder must be accessible by application and server. | ${" + Constants.ROOT_DIR_PATH + "}/datastore/transfer | String |
✅ |