Global Option Settings
The global option setting controls many of the functional aspects of the expansion. The build engine, the security settings and expansion-specific settings are defined here.
Base comps mode
Should be set to “NONE” if the ‘Use java EE security’ option is to be used.
If set to “GLOBAL”, the expanded project will make sure that all instances of all elements have different database id’s.
Use app anchors
A legacy setting from when app anchors were first introduced. Clashes with the current anchors, and shoud therefore be set to
Use legacy finders
Expand finders as used in a previous version of the expanders.
Use java EE security
If set to “FALSE”, the expanded application will not use authentication or authorization provided by the account component. Requires ‘Base comps mode’ to be set to “NONE”.
Java build engine, options are “ANT” or “MAVEN”.
Bean interface policy
Can be set to “LOCAL”, “REMOTE” or “BOTH”. Will expand Local, Remote or both interfaces for each ejb bean in the application.
If this setting is set to “LOCAL”, RMI will not be available.
Enforce HTTP Method
The option enforceHttpMethod replaces the environment variable for expansion.
It makes policy on https methods more strict for security reasons. E.g. if a find action request is received with a POST method instead of GET, the request will be rejected.
For earlier version the environment variable ENFORCE_HTTP_METHOD can be used.
note that enforceHttpMethod should be defined with the attribute
value="true"in the xml
Use CSRF protection
The option useCsrfProtection replaces the environment variable for expansion. It adds extra security to prevent replay attacks on requests to the backend (see Cross-site request forgery).
For earlier version the environment variable USER_CSRF_PROTECTION can be used.
note that useCsrfProtection should be defined with the attribute
value="true"in the xml
Generate artifact label
The option generateArtifactLabel adds a tag to the version of the component pom.xml files to include expansion information (see Generate artifact label)
note that generateArtifactLabel should be defined with the attribute
value="true"in the xml`
<globalOptionSettings name="3.1 SECURE"> <baseCompsMode>GENERATE</baseCompsMode> <counterDefault>IDENTITY</counterDefault> <useAppAnchors>FALSE</useAppAnchors> <useLegacyFinders>FALSE</useLegacyFinders> <useJavaEESecurity>FALSE</useJavaEESecurity> <buildEngine>MAVEN</buildEngine> <description/> <beanInterfacePolicy>BOTH</beanInterfacePolicy> <enforceHttpMethod value="true"/> <useCsrfProtection value="true"/> <generateArtifactLabel value="true"/> </globalOptionSettings>
|201803||Added ‘generateArtifactLabel’, ‘useCsrfProtection’ and ‘enforceHttpMethod’|