Application configuration

From OpenKM Documentation
Revision as of 08:09, 30 August 2012 by Pavila (talk | contribs) (Extended security)

Jump to: navigation, search

OpenKM configuration file

OpenKM.cfg file is the main OpenKM configuration file. You can find this file in your server in $JBOSS_HOME/OpenKM.cfg.

A full listing of available configuration options can be found when logged into OpenKM as administrator role. You only will see the Administration tab if the logged user has the AdminRole or ROLE_ADMIN role, depending on the OpenKM version installed.


Nota clasica.png Each time you make some change in the OpenKM.cfg file JBoss server must be restarted to take effect.


Nota advertencia.png Starting with OpenKM 5.1 these configuration properties are located in the database to ease their management. To change the configuration properties, go to Administration > Configuration.

Changing uploading max file size

The default limit is 64MB. If you want to increase to 100MB: 

max.file.size=100.

Since OpenKM relies on InputStream.available() method which returns an Integer, and according to Java Primitive Data Types, you should not upload files bigger than 2GB.

Since OpenKM 5.1.10 you can disable file size checking by setting max.file.size to 0.

Since OpenKM 6.0 by default this option is set to 0, so file size check is disabled by default.

Changing repository.xml configuration filename and path

repository.config=repository.xml

Changing default repository home

By default repository is stored in $JBOSS_HOME/repository folder but you can change it with: 

repository.home=repotest

Changing default connection role

By default, the role required to connect to OpenKM is called UserRole. You can change this to another role name. This change also needs some changes in the web.xml file located in $JBOSS_HOME/server/default/deploy/OpenKM.war/WEB-INF 

default.user.role=OtherRole

<security-constraint>
    <web-resource-collection>
      <web-resource-name>OpenKM Protected Area</web-resource-name>
      <!-- GWT -->
      <url-pattern>/es.git.openkm.frontend.Main/*</url-pattern>
      <url-pattern>/es.git.openkm.backend.Main/*</url-pattern>
      <!-- JSPs -->
      <url-pattern>/admin/*</url-pattern>
      <url-pattern>/mobi/*</url-pattern>
      <!-- Servlets -->
      <url-pattern>/RepositoryStartupServlet</url-pattern>
      <url-pattern>/Test</url-pattern>
      <url-pattern>/OKM*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>AdminRole</role-name>
      <role-name>OtherRole</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>OpenKM</realm-name>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/login.jsp?error=1</form-error-page>
    </form-login-config>
  </login-config>
  <security-role>
    <description>Admin user access</description>
    <role-name>AdminRole</role-name>
  </security-role>
  <security-role>
    <description>General user access</description>
    <role-name>OtherRole</role-name>
  </security-role>

Changing default admin role

By default, connection role to OpenKM is called AdminRole. You can change this to another role name. This change also needs some changes in the web.xml file located in $JBOSS_HOME/server/default/deploy/OpenKM.war/WEB-INF 

default.admin.role=OtherAdminRole

<security-constraint>
    <web-resource-collection>
      <web-resource-name>OpenKM Protected Area</web-resource-name>
      <!-- GWT -->
      <url-pattern>/es.git.openkm.frontend.Main/*</url-pattern>
      <url-pattern>/es.git.openkm.backend.Main/*</url-pattern>
      <!-- JSPs -->
      <url-pattern>/admin/*</url-pattern>
      <url-pattern>/mobi/*</url-pattern>
      <!-- Servlets -->
      <url-pattern>/RepositoryStartupServlet</url-pattern>
      <url-pattern>/Test</url-pattern>
      <url-pattern>/OKM*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
      <role-name>OtherAdminRole</role-name>
      <role-name>UserRole</role-name>
    </auth-constraint>
    <user-data-constraint>
      <transport-guarantee>NONE</transport-guarantee>
    </user-data-constraint>
  </security-constraint>
  <login-config>
    <auth-method>FORM</auth-method>
    <realm-name>OpenKM</realm-name>
    <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/login.jsp?error=1</form-error-page>
    </form-login-config>
  </login-config>
  <security-role>
    <description>Admin user access</description>
    <role-name>OtherAdminRole</role-name>
  </security-role>
  <security-role>
    <description>General user access</description>
    <role-name>UserRole</role-name>
  </security-role>

Change max results in UI

This option limits the search results in the UI. 

max.search.results=25

Since: OpenKM 4.0

Change access URL

By default OpenKM sets the access URL to http://localhost:8080/OpenKM/index.jsp, but obviously you don't want to access your OpenKM installation only from localhost. This URL is used in mail notifications and the copy-to-clipboard feature. To change this default URL use this property: 

application.url=http://your-server.com/OpenKM/index.jsp

Since: OpenKM 4.0

Change principal adapter

OpenKM can handle user access using the JBoss DatabasePrincipalAdapter login module by default. OpenKM needs an available method for reading users and roles. The class DatabasePrincipalAdapter does this job. For more information take a look at OpenKM authentication and Active Directory 

principal.adapter=com.openkm.core.DatabasePrincipalAdapter

Since: OpenKM 4.0

Switch OpenKM to demo mode

In demo mode some options are disabled by default. 

system.demo=on

Since: OpenKM 4.0

Enabling OCR

To enable OCR you must set the path of your OCR engine 

system.ocr=/usr/local/bin/tesseract

Starting with OpenKM 5.1 you can select between 3 OCR engines:

  • Tesseract 2.x
  • Tesseract 3.x
  • Cuneiform 0.7.x

See Third-party software integration: OCR for more info.

Setting default language of OpenKM UI

OpenKM by default guesses the language depending on the browser user language configuration, but you can set a language for all OpenKM users to use by default: 

default.lang=es-ES

Force username to lowercase

You can force all usernames to be written in lower case. It's useful for example when you integrate with microsoft active directory where the username is not case sensitive 

system.login.username.lowercase=on

Since: OpenKM 4.0

System read only

You can force the whole repository to be read only. This is useful when you're doing maintenance tasks, while doing migration and you want to continue to have the system running but you want to be sure any user will not be able to upload or change documents, etc... 

system.readonly=true

Since: OpenKM 5.0

Enable document preview

Several applications are used by OpenKM to generate the document preview: OpenOffice.org, pdf2swf and convert. Read Enable PDF to SWF conversion, Enable image preview and Enable OpenOffice.org service. Also take a look at Random errors in preview in case of problems.

Enable PDF to SWF conversion

To enable the preview UI tab, OpenKM needs to convert PDF files to SWF. You also must have OpenOffice installed as a service. 

system.pdf2swf=/usr/bin/pdf2swf

Nota clasica.png Starting from OpenKM 5.1 this configuration property has changed to system.swftools.pdf2swf.


Nota clasica.png Since OpenKM 5.1.9 the pdf2swf command line parameters should be added in the configuration property, for example: 
 system.swftools.pdf2swf=/usr/bin/pdf2swf -T 9 -f ${fileIn} -o ${fileOut}


Note: Read Third-party software integration: SWFTools for more complete documentation.

Since: OpenKM 4.1

Enable PS to SWF conversion

To enable postscript document preview, OpenKM needs to convert PS files to SWF using the ps2pdf utility from Ghostscript: 

system.ghostscript.ps2pdf=/usr/bin/ps2pdf

Since: OpenKM 5.1.2

Enable image preview

To enable image preview, you need to install the ImageMagick convert utility and configure it: 

system.convert=/usr/bin/convert

Nota clasica.png Starting from OpenKM 5.1 this configuration property has changed to system.imagemagick.convert.

Since: OpenKM 4.1

Enable OpenOffice.org integration

OpenOffice.org is used by OpenKM to convert files to PDF and generate the preview. 

system.openoffice=on

Starting with OpenKM 5.0 this properties was changed to: 

system.openoffice.path=/usr/lib/openoffice
system.openoffice.tasks=5
system.openoffice.port=2222

Where you should specify an OpenOffice.org installation path, the maximum number of conversion tasks before restarting the service and a port where the OpenOffice.org conversion service will be attached. Only the first property is mandatory.


Nota idea.png If you have problems with OpenOffice / LibreOffice integration, take a look at OpenOffice configuration issues.

Note 1: Read Third-party software integration: OpenOffice.org for more up-to-date documentation.

Note 2: You can enhance OCR results by configuring an OpenOffice.org dictionary. See OpenKM 5.1 OCR configuration for more info.

Since: OpenKM 4.0

Configuring email

To configure email service you must enable subscription and notification properties. View a complete example in Notification and subscription messages. 

subscription.message.subject=OpenKM - {0} - {1};
subscription.message.body=Document: <a href=\"{0}\">{1}</a>
notify.message.subject=OpenKM - NOTIFICATION - {0}
notify.message.body=Document: <a href=\"{0}\">{1}</a>

Since: OpenKM 4.1

Configuring password validation

To configure password validation you have several properties. CompletePasswordValidator is the default password validator class that comes by default with OpenKM. By default, this validator is not enabled. You can also create your own Create password validator Padlock.gif.

You can select which validation rules you want to enable, for example if you only enable validator.password.min.length property, the validator will only validate minimum length. 

validator.password=com.openkm.validator.password.CompletePasswordValidator
validator.password.min.length=numeric value greater than 0
validator.password.max.length=numeric value greater than 0
validator.password.min.lowercase=numeric value greater than 0
validator.password.min.uppercase=numeric value greater than 0
validator.password.min.digits=numeric value greater than 0
validator.password.mini.special=numeric value greater than 0
validator.password.error.min.length=Your message error
validator.password.error.max.length=Your message error
validator.password.error.min.lowercase=Your message error
validator.password.error.max.uppercase=Your message error
validator.password.error.min.digits=Your message error
validator.password.error.min.special=Your message error

Since: OpenKM 4.1

Configuring chat service

By default chat and chat autologin are enabled. In order to enable or disable them, values can be "on" or "off". 

chat.enabled=off
chat.autologin=off

Since: OpenKM 5.0

Configuring schedulers

There are some schedulers that OpenKM uses. Some internally, like mail importer and getting repository news, and others used by the user interface like dashboard refresh time and keepalive.


Nota clasica.png Values are in minutes.

OpenKM enquires for repository news ( by default every 24 hours i.e. 1440 minutes ) 

schedule.repository.info=1440

OpenKM imports emails from an imap server ( by default set to 0, that is disabled ) 

schedule.mail.importer=0

Nota clasica.png In OpenKM 4.1 and before, the default value was 60 and cannot be disabled.

KeepAlive is used by the user interface to mantain the browser connected to OpenKM even when a user stays for some time without performing any operation. For this reason, it should never be lower than server session timeout ( by default set to 15 minutes ). 

schedule.session.keepalive=15

Dashboard data is refreshed by default every 30 minutes. 

schedule.dashboard.refresh=30

Since: OpenKM 4.1

Configuring wizard

You can configure a wizard to be used each time a user uploads a document. The wizard can be a sequence of property groups, keywords ( including thesaurus ) and categories. By default, wizard is disabled.

Property groups can be configured as a list of property group names separated by "," 

wizard.property.groups=okg:consulting,okg:technology

To enable keywords, wizard keywords value must be "on". Default value is "off". 

wizard.keywords=on

To enable categories, wizard categories value must be "on". Default value is "off". 

wizard.categories=on

Since: OpenKM 5.0

You can replace the default OpenKM logo in the login page and reports. 

logo.login
logo.mobile
logo.report

Recommended image size:

  • logo.login: 316px × 74px (background #F1F3F5)
  • logo.mobile: 161px × 38px (background #F1F3F5)
  • logo.report: 150px × 35px (background #FFF)

You can also set a message on the login page with: 

logo.text

Since: OpenKM 5.1 (configuration stored in database)

Configuring WebDAV access

In recent OpenKM releases, WebDAV is disabled by default. If you want to enable it, set the property system.webdav.server to on. The okm:root path may cause problems with some WebDAV clients. For this reason there is another configuration parameter system.webdav.fix which replaces a path like okm:root with okm_root. See WebDAV access for more info.

Since: OpenKM 5.1

Disable document name mismatch check

By default OpenKM will check the document name on check-in to ensure you upload another version of the same document. You can disable this behaviour with this configuration property: 

system.document.name.mismatch.check=false

Since: OpenKM 5.0.1

Force keywords lowercase conversion

By default keywords are stored as is, but you can force a lowercase conversion using this configuration property: 

system.keyword.lowercase

Since: OpenKM 5.1

Disable user assign on document creation

By default when a user creates a document or folder, he is added to the node with full permissions. You can disable this behaviour this way: 

user.assign.document.creation=off

Since: OpenKM 5.0.2

Improve OpenKM performance

If you experience a slowndown of OpenKM when the number documents grows, you can disable user quotas or make use of the user items size cache.

To enable user items size cache: 

user.item.cache=on

Starting from 5.1 user.item.cache is set to on by default.

To disable user quotas, go to User Profiles (Administration -> Profiles) and set Quota limit to 0 (This field is in megabytes). This feature of disabling quotas is available from OpenKM 5.1.6.

Since: OpenKM 5.0.3

Change conversion cache home

In case you have little space in your JBoss partition, you can configure to store the conversion cache folder somewhere else. For this, use the cache.home configuration property. By default, this is set to $JBOSS_HOME/cache.

Since: OpenKM 5.1.8

Reindex the whole repository

To reindex the whole document repository (document content will be extracted again and indexed by Lucene), follow these steps:


Nota advertencia.png Keep in mind that the next time you start JBoss, a process which runs the text extraction for every document in the repository will be launched and you can't use OpenKM until this process is finished.

  • Stop JBoss
  • Delete the $JBOSS_HOME/repository/repository/index and $JBOSS_HOME/repository/workspaces/default/index directories
  • Start JBoss again

Nota clasica.png In OpenKM 6.0 this process will be different and you will be able to reindex the document repository without stopping OpenKM.

Batch document text extraction

In OpenKM 6.0 the text extraction can be delayed every few seconds or at a specific cron like definition. This can be configured in the applicationContext.xml Spring definition. Take a look at the textExtractorWorker bean definition. Every time the text extraction worker wakes up, a bunch of pending documents are processed. You can configure the number of documents with the experimental.text.extraction.batch configuration property.

Since: OpenKM 6.0

Security configuration

Starting with OpenKM 6.0 you can make use of these configuration properties:

  • security.access.manager: You can switch between "simple" and "recursive". This is the way the security is evaluated. With "recursive", the security is evaluated starting with the selected node until the repository root. The "simple" option only evaluates the selected node. By default, this is set to "simple".
  • security.search.evaluation: Here you can choose between several search result security evaluation strategies. The fastest one is called "lucene", because it is the Lucene search engine which restricts the search results based on the node security. The two others are "am_window" and "am_limited", which make use of the AccessManager (see previous property) to restrict the search results. By default, this is set to "lucene".

Since: OpenKM 6.0

Extended security

Starting with OpenKM 6.0 you can extend security to download files, start workflows, add, remove or modify property groups ( metadata ) or compact history.

The possible values are:

  • DOWNLOAD = 1024;
  • START_WORKFLOW = 2048;
  • COMPACT_HISTORY = 4096;
  • PROPERTY_GROUP = 8192;
  • security.extended.mask: Here you can activate which kind of extended security you want in your OpenKM. For example to enable download and property groups you should put the mask 9216 ( 1024+8192 )

Since: OpenKM 6.0.1 Available only in OpenKM Professional

Autocad previewer

If you have problems with autocad previewer text, you should configure some url to indicate an extra fonts repository used in autocad files. Simply copy the files to some url that can be resolved by desktop users and take into consideration that font file names should be in lower case ( rename if you have uppercase font file names). You can also enable Autocad previewer debug mode. 

dxf.applet.debug.window=false
dxf.applet.default.bigfont=arial
dxf.applet.default.font=arial
dxf.applet.fontdir=http://fonts.openkm.com

Since: OpenKM 6.0

Minimum search characters

You can set the minimum characters required to execute a search. If less characters are available the search button will not be enabled. By default the minimum search characters is set to 3. 

min.search.characters = 3

Since: OpenKM 6.0.0

Execution timeout

The maximum permitted time to execute a command like OCR, Antivirus, etc. After this time the child process is killed. Time given in minutes. 

system.execution.timeout=5

Since: OpenKM 6.0.1

Managed text extraction

In previous OpenKM releases, the text extraction was a transparent process where you can't do anything with the configuration. Since OpenKM 6.0 you have several configuration options to adapt the document text extraction to your needs. Let's see these parameters:

  • managed.text.extraction.batch: Integer. How many documents are processed every time the text extractor worker is awoken.
  • managed.text.extraction.pool.size: Integer. How many threads are launched concurrently every time. This number should be smaller or equal to the number of CPUs in the server.
  • managed.text.extraction.pool.threads: Integer. How many threads will be executed in every time. If managed.text.extraction.pool.size is 8 and managed.text.extraction.pool.threads is set to 16 then all these 16 threads will be launched using this pool. If every task take the same time to complete, in theory every pool thread will execute two tasks. Of course this is not true in the real world.
  • managed.text.extraction.pool.timeout: Minutes. How many minutes should the worker wait for the text extraction pool to complete the tasks. After these minutes, the remaining pool threads are interrupted.
  • managed.text.extraction.schedule: Minutes. How often the text extractor worker is awoken.
  • managed.text.extraction.concurrent: Boolean. If the concurrent text extraction should be enabled. By default the text extraction is serial, but you can improve the extraction performance if you have several CPUs.

Since: OpenKM 6.0.1

Retrieved from "https://www.openkm.com/wiki/index.php?title=Application_configuration&oldid=7062"