Whether it is allowed for clients to request a synthetic replay of the
content repository, for example using the constant
Timestamp.SYNTHETIC_REPLAY Unified API. This is a very expensive
operation that is rarely used except when setting up a Replication
Live Server from scratch.
cap.server.base-dir
Type
String
Default
user.dir
Description
Used as base directory for handling relative file-paths in the
content-server configuration. Defaults to the value of system-property
user.dir.
cap.server.blob-channel-timeout
Type
Duration
Default
1m
Description
This property sets the timeout duration for streaming blobs to and
from the database. (Default unit is seconds) In general, you don't
have to change the default value. It is provided for exceptional
cases, when the connection to the database is unreliable.
cap.server.blob-md5-permission-check
Type
Boolean
Default
true
Description
Blob access by clients is protected against URL guessing. If you want
to use clients from releases < CMCC 2110 with content servers of
CMCC 2110 or newer, you must set this flag to false for the new
content servers.
cap.server.blob-url-pattern
Type
String
Default
https?:.*
Description
A regular expression that must match the entire URL string for URL
blobs, that is, blobs that are only referenced by their URL in the
content repository and are resolved at the client side on access.
Using URL blobs can significantly reduce the storage requirements of
the Content Server. The pattern must match the entire URL string,
starting with the protocol. Before matching, the path component of the
URL is normalized according to java.net.URI#normalize() where
applicable. URLs with the schemes s3: and classpath: are not
normalized.
By default, only http: and https: URLs are allowed. Allowing too many
URLs may cause security problems. For example, allowing file:.* would
also grant access to all configuration files. Instead, a single path
like file:///share/blobData/.* should be sufficient in most cases.
Alternative patterns can be given according to the Java regular
expression syntax as implemented by java.util.regex.Pattern:
file:///share/blobData/.*|http://blobstorage.internal/.*
cap.server.blobstore.s3.bucketname
Type
String
Description
The name of the S3 bucket that is used to store blobs. If this
property is not specified, the S3 media store is not enabled.
cap.server.blobstore.s3.encryption-mode
Type
String
Description
The server side encryption mode to use for storing blobs in S3. Only
valid for the enhanced S3 store implementation. If not set, the
default encryption mode of the bucket is used. Valid values are
AES256, aws_kms and aws_kms_dsse.
cap.server.blobstore.s3.enhanced
Type
Boolean
Default
false
Description
Flag indicating whether to use an enhanced store implementation for S3
operations. If not set or set to false, the legacy S3 store without
the possibility to configure additional properties like path style
URLs and encryption settings is used.
cap.server.blobstore.s3.force-path-style
Type
Boolean
Default
false
Description
Flag indicating whether to use path style URLs for S3 requests. Only
valid for the enhanced S3 store implementation. If set to true, legacy
path style URLs are used for all requests. If not set or set to false,
virtual host style URLs are used, which is the AWS recommended way to
access S3 buckets.
cap.server.blobstore.s3.rootdir
Type
String
Description
The name of an S3 path prefix, used to disambiguate multiple media
stores in one S3 bucket. If possible, it is recommended to use
separate buckets instead, improving performance by avoiding constant
path prefixes.
cap.server.blobstore.s3.tags
Type
Map<String,String>
Description
A map of additional tags to apply to all objects stored in the S3
bucket. Only valid for the enhanced S3 store implementation.
cap.server.cache.group-cache-size
Type
Integer
Default
500
Description
This property defines the size of the group cache. It limits the
maximum number of groups which can be found in one search for groups
by CMS clients. Set the property so that all groups connected to
rights can be cached in memory.
cap.server.cache.group-cache-status-interval
Type
Duration
Default
0
Description
The duration between two log messages reporting the current state of
the group cache. (Default unit is seconds)
The minimum value is 10 seconds, the maximum value is 1 hour.
cap.server.cache.member-folder-rights-cache-size
Type
Integer
Default
1000
Description
This property defines the size of the folder-specific rights cache.
This cache stores the results of right calculations per folder and
member, aggregating the results for all content types. This cache
might help custom code using APIs other than the Unified API. Change
this setting only if you observe the method getRights(MemberKey) in
thread dumps of a slow Content Server.
cap.server.cache.resource-cache-size
Type
Integer
Default
60000
Description
The capacity of the resource cache of the Content Server; the maximum
value is 1000000, the minimum value is 100. This property defines the
resource cache size, that is, the number of resources the server holds
in memory. This value should sometimes be adapted to the increasing
number of resources in the actual working set. If the value is too
small, the server does not perform well. One resource needs about 2kB
of heap space.
cap.server.cache.resource-cache-status-interval
Type
Duration
Default
5m
Description
The duration between two log messages reporting the current state of
the resource cache. (Default unit is seconds)
The minimum value is 10 seconds, the maximum value is 1 hour.
cap.server.cache.rights-cache-size
Type
Integer
Default
3000
Description
This property defines the size of the rights cache. This cache stores
the results of right calculations per resource, content type and
member. If you have lots of different resources, content types and
users you might need to adapt the value of the property. Check the
proper size of the cache by examining the cache misses and faults in
the log. To activate the log output of the rights cache set the
cap.server.cache.rights-cache-status-interval property to a value
larger than zero.
cap.server.cache.rights-cache-status-interval
Type
Duration
Default
0
Description
This property defines the interval at which log output of the rights
cache is written. (Default unit is seconds)
"0" means, that no log output is written.
cap.server.cache.user-cache-size
Type
Integer
Default
500
Description
This property defines the size of the user cache. It limits the
maximum number of users which can be found in one search for users by
CMS clients. Set the property to the size of the largest user search
you want to perform, or the number of concurrently working users,
whichever is greater.
cap.server.cache.user-cache-status-interval
Type
Duration
Default
0
Description
The duration between two log messages reporting the current state of
the user cache. (Default unit is seconds)
The minimum value is 10 seconds, the maximum value is 1 hour.
cap.server.check-unique-db-access
Type
Boolean
Default
true
Description
This property determines whether to check for another server that is
running concurrently on the same database on server startup.
cap.server.document-types
Type
List<String>
Default
classpath*:framework/doctypes/**/*.xml
Description
This property defines where the server finds the XML file(s)
containing the content type definitions.
The pattern supports resources from classpath or the filesystem.
Relative file-paths are resolved against
cap.server.base-dir).
The location of the key generated by cm encryptpasswords (absolute or
relative to cap.server.base-dir). If empty,
defaults to etc/keys/DATABASE_NAME.DATABASE_USER.rijndael
cap.server.http-port
Type
Integer
Default
0
Description
Defines the HTTP(S) port of the application container containing the
Content Server. The entry /Server/Service/Connector@port in server.xml
has to have the same value as this property.
cap.server.init-runlevel
Type
String
Default
online
Description
The initial runlevel that the server will try to reach on startup.
Possible runlevels are: online, administration, maintenance. This
property does not override the default behavior of the Replication
Live Server for the initial replication.
cap.server.initial-password
Type
Map<String,String>
Description
The initial password to set for the default user with the indicated
name. This password is set when the server is started for the first
time. You can change the passwords later on at any time.
cap.server.license
Type
String
Default
license.zip
Description
Defines where the server finds the license file (url or file-path
absolute or relative to cap.server.base-dir).
cap.server.login-service-webserver-privileged
Type
Boolean
Default
false
Description
This property specifies whether client connections of the login
service 'webserver' are privileged and may log in as different users
without further authentication. The default is false. It may be set to
true to make the 'webserver' login service a privileged service as it
was the case in releases before 1907.
cap.server.login.authentication
Type
String
Default
classpath:coremedia-jaas.conf
Description
Defines where the server finds the JAAS login configuration file (url
or file-path absolute or relative to
cap.server.base-dir). Will be set on the
java.security.auth.login.config System property (in case of a URL, a
temporary file is created).
cap.server.login.bouncers
Type
String
Description
This property points to the optional login bouncer configuration file
(absolute or relative to cap.server.base-dir). A
login bouncer can grant or deny access to the Content Server based on
the characteristics of the user and the set of currently logged in
users.
cap.server.login.password-hash-algorithm
Type
String
Default
bcrypt:10
Description
A specification of the hash algorithm used for storing passwords.
Allowed values are md5 for MD5-based password hashing and bcrypt:N
with N being an integer between 4 and 30 (inclusive) for bcrypt-based
password hashing. In the latter case N denotes the work factor which
should adapted to the available CPU resources. This parameter applies
to passwords of users defined in the built-in user repository of the
Content Server, only.
The value md5 is discouraged, because it makes brute-force attacks on
passwords of low and medium strength possible. It should only be used
if passwords need to be changed by clients (Studio, cm changepassword)
that have not been updated to a CMS release that supports configurable
password hashing.
Old clients can login even after a password change without any
restrictions. After changing this property, it is recommended to
update the passwords of all users to ensure that all hashes have been
computed according to the desired algorithm.
cap.server.maximum-startup-delay
Type
Integer
Default
120
Description
Configured maximum time for Content Server startup in seconds
This is the maximum time the startup of the server's Spring-Boot
component is delayed if the configured initial runlevel has not been
reached. After this timeout expires or the initial runlevel is reached
the following things will happen:
The Spring-Boot component will resume its startup and open the web
application and actuator ports.
The server will listen to 'health', 'liveness' and 'readiness'
actuator requests. However, the 'health' and 'readiness' probes
will block until the initial runlevel is reached.
The server will serve the CORBA IOR via the IOR-Servlet. As the
server may not be fully initialized yet, clients should not
connect to the server before the 'readiness' probe returns a
positive result.
As it is possible that the server is not fully initialized after this
timeout expires, e.g. when running a database schema upgrade, it is
recommended to delay the startup of dependent services until the
'health' or 'readiness' probes return a positive result. Additionally,
health checks for the server are best based on the 'liveness' probe
but must take the configured startup delay into account as the server
may be unresponsive for this time.
cap.server.multiple-live-servers
Type
Boolean
Default
false
Description
This property defines whether the server publishes to multiple live
servers. Note that this flag cannot be easily changed after the first
start of the Content Management Server.
cap.server.naming-policy-allow-at
Type
Boolean
Default
false
Description
Allow '@' in member names (may cause confusion with user domains)
cap.server.persistent-property-writers
Type
List<String>
Default
*
Description
A list of names of groups that may write or delete persistent
properties. The magic group "*" grants rights to all users.
This is the default for compatibility reasons. Connections using the
publisher and replicator login service are always allowed to write
persistent properties.
cap.server.repository-home
Type
String
Default
/Home
Description
Defines the folder which will be used to store the home folders of the
users. The whole folder hierarchy of the home folders is only visible
to the administrator. Other user will only see one home folder with
the path defined in cap.server.repository-home containing his personal
files, such as the preferences. The default folder is /Home which will
be automatically created by the system. If you define another folder,
you need to create this folder by your own.
cap.server.repository-system
Type
String
Default
/System
Description
Defines the system folder. It contains for example the public
dictionary of the spell checker. The default folder is /System which
will be automatically created by the system. If you define another
folder, you need to create this folder by your own.
cap.server.search.enable
Type
Boolean
Default
false
Description
If true full text search is enabled.
cap.server.session-ping-interval
Type
Duration
Default
1m
Description
The maximum duration that a ping is delayed when there are no
available events. (Default unit is seconds)
The session ping interval must not be less than 10 seconds to avoid
possible session loss and ping flooding and not more than half an hour
so that dead sessions are detected after an hour.
cap.server.termination-timeout-seconds
Type
Duration
Default
30s
Description
Timeout for waiting on running threads on shutdown
cap.server.unique-db-access-write-interval
Type
Duration
Default
0
Description
If unique DB access is checked and if this property is positive, this
property determines the duration between two writes of the current
timestamp to the database to indicate the liveliness of the server.
(Default unit is seconds) If 0 or negative the server neither writes a
timestamp regularly nor expects a timestamp to be written.
cap.server.use-strict-workflow
Type
Boolean
Default
false
Description
This property enforces the strict workflow mode. That is, the approver
of a resource must be different from the editor. This is checked
independently of the workflow engine, and should only be used in cases
where a custom workflow definition is not an option.