Flowable Control Properties
Control is a Spring Boot application. This means that it is configured as a Spring Boot application and all available properties for Spring Boot application are also applicable for Control.
Control specific properties
The following list displays the properties which are specific for Control.
General properties
Properties with the prefix flowable.control.app
| Property | Description | Default value |
|---|---|---|
| data-source-prefix | The prefix for the database tables. | |
| use-basic-user-store | Whether to use a basic user store. | true |
| license-location | The location of the license file | file:${user.home}/.flowable/flowable.license |
| db-store-enabled | Whether the license should be fetched from the database | false |
| database-schema-update | The strategy that should be used for the database update schema (possible values: drop-create, true, false, ignore) | true |
| database-schema | The database schema to be used for table checks / generation (needed in case the database metadata doesn't return that correctly) | |
| cluster-type | The configuration type of the target cluster. Possible values: orchestrate, orchestrate_metrics, work, engage, work_without_es_history_and_metrics, work_without_es_history | work |
| database-schema | The database schema to be used for table checks / generation (needed in case the database metadata doesn't return that correctly) |
Security properties
Properties with the prefix flowable.control.app.security
| Property | Description | Default value |
|---|---|---|
| type | The type of the security that should be used. Possible values: basic, oauth2 | basic |
| remember-me-key | The hash key used by Spring Security for the remember me cookie. | testkey |
| user-validity-period | How long should a user be cached before invalidating in the user security cache |
Security OAuth2 properties
Properties with the prefix flowable.control.app.security.oauth2
| Property | Description | Default value |
|---|---|---|
| admin-authorities | A comma separated list of all the authorities which should make the user an admin | - |
| authorities-attributes | A comma separated list of the names of the attributes from which authorities should be extracted from without any changes. | - |
| tenant-attribute | The name of the attribute that holds the tenant id for the authentication. | - |
| post-logout-redirect-url | The post logout redirect URL. | - |
| privilege-role-attribute-prefix | The prefix used to load roles for the user instead of directly granting authorities | - |
| username-attribute | The name of the attribute that holds the user name | - |
Security OAuth2 Resource Server properties
Properties with the prefix flowable.control.app.security.oauth2.resourceserver.mapper
| Property | Description | Default value |
|---|---|---|
| admin-authorities | A comma separated list of all the authorities which should make the user an admin | - |
| authorities-attributes | A comma separated list of the names of the attributes from which authorities should be extracted from without any changes. | - |
| tenant-attribute | The name of the attribute that holds the tenant id for the authentication. | - |
| privilege-role-attribute-prefix | The prefix used to load roles for the user instead of directly granting authorities | - |
| username-attribute | The name of the attribute that holds the user name | - |
Security OAuth2 Current User properties
Properties with the prefix flowable.control.app.security.oauth2.current-user
| Property | Description | Default value |
|---|---|---|
| first-name-attribute | The name of the attribute in which the first name is located (only applies when not using OIDC). | given_name |
| last-name-attribute | The name of the attribute in which the last name is located (only applies when not using OIDC). | family_name |
| display-name-attribute | The name of the attribute in which the display name is located (only applies when not using OIDC). | name |
| email-attribute | The name of the attribute in which the email is located (only applies when not using OIDC). |
Security Cookie properties
Properties with the prefix flowable.control.app.security.cookie
| Property | Description | Default value |
|---|---|---|
| name | The name of the remember me cookie | FLOWABLE_DESIGN_REMEMBER_ME |
| domain | The domain for the coookie | |
| refresh-age | The refresh age of the cookie in seconds | 1d |
| max-age | The max age of the security cookie in seconds | 31d |
Security Encryption properties
Properties with the prefix flowable.control.app.security.encryption
Do note that if these properties are changed after passwords have been saved, all existing passwords will not be able to be decrypted and the password would need to be reset in the UI.
| Property | Description | Default value |
|---|---|---|
| credentials-i-v-spec | The string that needs to be used to create an IvParameterSpec object using it's the bytes. The string can be any value with a length of 16 characters | |
| credentials-secret-spec | The string that needs to be used to create a SecretKeySpec using it's bytes. The string can be any value with a length of 16 characters |
If the encryption properties are changed after passwords for the cluster configurations have been saved, all existing passwords would need to be reset in the UI.
Role properties
Properties with the prefix flowable.control.app.roles
| Property | Description | Default value |
|---|---|---|
| default-admin-role | The name of the default admin role | - |
| default-user-role | The name of the default user role | - |
Audit Log properties
Properties with the prefix flowable.control.app.audit-log
| Property | Description | Default value |
|---|---|---|
| enabled | Flag to enable/disable the audit log in control | false |
User Store properties
Properties with the prefix flowable.control.app.user-store
| Property | Description | Default value |
|---|---|---|
| password | The password that should be used when creating the user for the basic user store during application start if there are no users and basic user store is used. | test |
Security CSRF properties
Properties with the prefix flowable.control.app.rest.csrf
| Property | Description | Default value |
|---|---|---|
| enabled | Flag indicating the CSRF protection for Flowable Control should be enabled | true |
| cookieName | The name of the cookie in which the CSRF token will be stored | FLOWABLE_CONTROL_CSRF_TOKEN |
| headerName | The name of the header in which the CSRF token will be stored | X-FLOWABLE-CONTROL-CSRF-TOKEN |
| cookieDomain | The name of the domain where the CSRF token cookie will be saved and read from | |
| cookiePath | The name of the path where the CSRF token cookie will be saved and read from |
Cluster Config properties
Properties with the prefix flowable.control.app.cluster-config
These cluster-config properties are only used to initialize a default cluster configuration on startup if there is none present in the database. They have no impact if a configuration already exists.
| Property | Description | Default value |
|---|---|---|
| type | The type of the cluster. Possible values: orchestrate, orchestrate_metrics, work, engage, work_without_es_history_and_metrics, work_without_es_history | work |
| name | The name of the cluster. | |
| description | The description of the cluster | |
| server-address | The server host for the cluster | |
| port | The server port of the cluster | |
| context-root | The context root under which the application where the rest endpoint is cluster on | |
| user-name | The username that needs to be used when accessing the cluster | |
| password | The password that needs to be used when accessing the cluster | |
| authentication-type | The type of the authentication that needs to be used when accessing the cluster (basic/oauth2) |
Frontend properties
Properties with the prefix flowable.control.app.frontend
| Property | Description | Default value |
|---|---|---|
| form-based-logout | Wether a form based logout should be used in the frontend. | false |