· 6 years ago · Nov 24, 2019, 06:44 PM
1<alfresco-config>
2
3 <!-- Global config section -->
4 <config replace="true">
5 <flags>
6 <!--
7 Developer debugging setting to turn on DEBUG mode for client scripts in the browser
8 -->
9 <client-debug>false</client-debug>
10
11 <!--
12 LOGGING can always be toggled at runtime when in DEBUG mode (Ctrl, Ctrl, Shift, Shift).
13 This flag automatically activates logging on page load.
14 -->
15 <client-debug-autologging>false</client-debug-autologging>
16 </flags>
17 </config>
18
19 <config evaluator="string-compare" condition="WebFramework">
20 <web-framework>
21 <!-- SpringSurf Autowire Runtime Settings -->
22 <!--
23 Developers can set mode to 'development' to disable; SpringSurf caches,
24 FreeMarker template caching and Rhino JavaScript compilation.
25 -->
26 <autowire>
27 <!-- Pick the mode: "production" or "development" -->
28 <mode>production</mode>
29 </autowire>
30
31 <!-- Allows extension modules with <auto-deploy> set to true to be automatically deployed -->
32 <module-deployment>
33 <mode>manual</mode>
34 <enable-auto-deploy-modules>true</enable-auto-deploy-modules>
35 </module-deployment>
36 </web-framework>
37 </config>
38
39 <!-- Disable the CSRF Token Filter -->
40 <!--
41 <config evaluator="string-compare" condition="CSRFPolicy" replace="true">
42 <filter/>
43 </config>
44 -->
45
46 <!--
47 To run the CSRF Token Filter behind 1 or more proxies that do not rewrite the Origin or Referere headers:
48
49 1. Copy the "CSRFPolicy" default config in share-security-config.xml and paste it into this file.
50 2. Replace the old config by setting the <config> element's "replace" attribute to "true" like below:
51 <config evaluator="string-compare" condition="CSRFPolicy" replace="true">
52 3. To every <action name="assertReferer"> element add the following child element
53 <param name="referer">http://www.proxy1.com/.*|http://www.proxy2.com/.*</param>
54 4. To every <action name="assertOrigin"> element add the following child element
55 <param name="origin">http://www.proxy1.com|http://www.proxy2.com</param>
56 -->
57
58 <!--
59 Remove the default wildcard setting and use instead a strict whitelist of the only domains that shall be allowed
60 to be used inside iframes (i.e. in the WebView dashlet on the dashboards)
61 -->
62 <!--
63 <config evaluator="string-compare" condition="IFramePolicy" replace="true">
64 <cross-domain>
65 <url>http://www.trusted-domain-1.com/</url>
66 <url>http://www.trusted-domain-2.com/</url>
67 </cross-domain>
68 </config>
69 -->
70
71 <!-- Turn off header that stops Share from being displayed in iframes on pages from other domains -->
72 <!--
73 <config evaluator="string-compare" condition="SecurityHeadersPolicy">
74 <headers>
75 <header>
76 <name>X-Frame-Options</name>
77 <enabled>false</enabled>
78 </header>
79 </headers>
80 </config>
81 -->
82
83 <!-- Prevent browser communication over HTTP (for HTTPS servers) -->
84 <!--
85 <config evaluator="string-compare" condition="SecurityHeadersPolicy">
86 <headers>
87 <header>
88 <name>Strict-Transport-Security</name>
89 <value>max-age=31536000</value>
90 </header>
91 </headers>
92 </config>
93 -->
94
95 <config evaluator="string-compare" condition="Replication">
96 <share-urls>
97 <!--
98 To locate your current repositoryId go to Admin Console > General > Repository Information:
99 http://localhost:8080/alfresco/s/enterprise/admin/admin-repositoryinfo
100
101 Example config entry:
102 <share-url repositoryId="622f9533-2a1e-48fe-af4e-ee9e41667ea4">http://new-york-office:8080/share/</share-url>
103 -->
104 </share-urls>
105 </config>
106
107 <!-- Document Library config section -->
108 <config evaluator="string-compare" condition="DocumentLibrary" replace="true">
109
110 <tree>
111 <!--
112 Whether the folder Tree component should enumerate child folders or not.
113 This is a relatively expensive operation, so should be set to "false" for Repositories with broad folder structures.
114 -->
115 <evaluate-child-folders>false</evaluate-child-folders>
116
117 <!--
118 Optionally limit the number of folders shown in treeview throughout Share.
119 -->
120 <maximum-folder-count>1000</maximum-folder-count>
121
122 <!--
123 Default timeout in milliseconds for folder Tree component to recieve response from Repository
124 -->
125 <timeout>7000</timeout>
126 </tree>
127
128 <!--
129 Used by "Manage Rules" -> "Add aspect" action.
130
131 If an aspect has been specified without a title element in the content model,
132 or you need to support multiple languages,
133 then an i18n file is needed on the Repo AMP/JAR extension side for the aspect to
134 be visible when creating rules:
135
136 custom_customModel.aspect.custom_myaspect.title=My Aspect
137
138 Used by the "Manage Aspects" action.
139
140 For the aspect to have a localised label add relevant i18n string(s) in a Share AMP/JAR extension:
141
142 aspect.custom_myaspect=My Aspect
143 -->
144 <aspects>
145 <!-- Aspects that a user can see -->
146 <visible>
147 <aspect name="cm:generalclassifiable" />
148 <aspect name="cm:complianceable" />
149 <aspect name="cm:dublincore" />
150 <aspect name="cm:effectivity" />
151 <aspect name="cm:summarizable" />
152 <aspect name="cm:versionable" />
153 <aspect name="cm:templatable" />
154 <aspect name="cm:emailed" />
155 <aspect name="emailserver:aliasable" />
156 <aspect name="cm:taggable" />
157 <aspect name="app:inlineeditable" />
158 <aspect name="cm:geographic" />
159 <aspect name="exif:exif" />
160 <aspect name="audio:audio" />
161 <aspect name="cm:indexControl" />
162 <aspect name="dp:restrictable" />
163 <aspect name="smf:customConfigSmartFolder" />
164 <aspect name="smf:systemConfigSmartFolder" />
165 </visible>
166
167 <!-- Aspects that a user can add. Same as "visible" if left empty -->
168 <addable>
169 </addable>
170
171 <!-- Aspects that a user can remove. Same as "visible" if left empty -->
172 <removeable>
173 </removeable>
174 </aspects>
175
176 <!--
177 Used by "Manage Rules" -> "Specialise type" action.
178
179 If a type has been specified without a title element in the content model,
180 or you need to support multiple languages,
181 then an i18n file is needed on the Repo AMP/JAR extension side for the type to
182 be visible when creating rules:
183
184 custom_customModel.type.custom_mytype.title=My SubType
185
186 Used by the "Change Type" action.
187
188 For the type to have a localised label add relevant i18n string(s) in a Share AMP/JAR extension:
189
190 type.custom_mytype=My SubType
191
192 Define valid subtypes using the following example:
193
194 <type name="cm:content">
195 <subtype name="custom:mytype" />
196 </type>
197 -->
198 <types>
199 <type name="cm:content">
200 <subtype name="smf:smartFolderTemplate" />
201 </type>
202
203 <type name="cm:folder">
204 </type>
205
206 <type name="trx:transferTarget">
207 <subtype name="trx:fileTransferTarget" />
208 </type>
209 </types>
210
211 <!--
212 If set, will present a WebDAV link for the current item on the Document and Folder details pages.
213 Also used to generate the "View in Alfresco Explorer" action for folders.
214 -->
215 <repository-url>http://localhost:8080/alfresco</repository-url>
216
217 <!--
218 Google Docs™ integration
219 -->
220 <google-docs>
221 <!--
222 Enable/disable the Google Docs UI integration (Extra types on Create Content menu, Google Docs actions).
223 -->
224 <enabled>false</enabled>
225
226 <!--
227 The mimetypes of documents Google Docs allows you to create via the Share interface.
228 The I18N label is created from the "type" attribute, e.g. google-docs.doc=Google Docs™ Document
229 -->
230 <creatable-types>
231 <creatable type="doc">application/vnd.openxmlformats-officedocument.wordprocessingml.document</creatable>
232 <creatable type="xls">application/vnd.openxmlformats-officedocument.spreadsheetml.sheet</creatable>
233 <creatable type="ppt">application/vnd.ms-powerpoint</creatable>
234 </creatable-types>
235 </google-docs>
236
237 <!--
238 File upload configuration
239 -->
240 <file-upload>
241 <!--
242 Adobe Flash™
243 In certain environments, an HTTP request originating from Flash cannot be authenticated using an existing session.
244 See: http://bugs.adobe.com/jira/browse/FP-4830
245 For these cases, it is useful to disable the Flash-based uploader for Share Document Libraries.
246 -->
247 <adobe-flash-enabled>true</adobe-flash-enabled>
248 </file-upload>
249 </config>
250
251
252 <!-- Custom DocLibActions config section -->
253 <config evaluator="string-compare" condition="DocLibActions">
254 <actionGroups>
255 <actionGroup id="document-browse">
256
257 <!-- Simple Repo Actions -->
258 <!--
259 <action index="340" id="document-extract-metadata" />
260 <action index="350" id="document-increment-counter" />
261 -->
262
263 <!-- Dialog Repo Actions -->
264 <!--
265 <action index="360" id="document-transform" />
266 <action index="370" id="document-transform-image" />
267 <action index="380" id="document-execute-script" />
268 -->
269
270 </actionGroup>
271 </actionGroups>
272 </config>
273
274 <!-- Global folder picker config section -->
275 <config evaluator="string-compare" condition="GlobalFolder">
276 <siteTree>
277 <container type="cm:folder">
278 <!-- Use a specific label for this container type in the tree -->
279 <rootLabel>location.path.documents</rootLabel>
280 <!-- Use a specific uri to retreive the child nodes for this container type in the tree -->
281 <uri>slingshot/doclib/treenode/site/{site}/{container}{path}?children={evaluateChildFoldersSite}&max={maximumFolderCountSite}</uri>
282 </container>
283 </siteTree>
284 </config>
285
286 <!-- Repository Library config section -->
287 <config evaluator="string-compare" condition="RepositoryLibrary" replace="true">
288 <!--
289 Root nodeRef or xpath expression for top-level folder.
290 e.g. alfresco://user/home, /app:company_home/st:sites/cm:site1
291 If using an xpath expression, ensure it is properly ISO9075 encoded here.
292 -->
293 <root-node>alfresco://company/home</root-node>
294
295 <tree>
296 <!--
297 Whether the folder Tree component should enumerate child folders or not.
298 This is a relatively expensive operation, so should be set to "false" for Repositories with broad folder structures.
299 -->
300 <evaluate-child-folders>false</evaluate-child-folders>
301
302 <!--
303 Optionally limit the number of folders shown in treeview throughout Share.
304 -->
305 <maximum-folder-count>500</maximum-folder-count>
306 </tree>
307
308 <!--
309 Whether the link to the Repository Library appears in the header component or not.
310 -->
311 <visible>true</visible>
312 </config>
313
314 <!-- Kerberos settings -->
315 <!-- To enable kerberos rename this condition to "Kerberos" -->
316 <config evaluator="string-compare" condition="KerberosDisabled" replace="true">
317 <kerberos>
318 <!--
319 Password for HTTP service account.
320 The account name *must* be built from the HTTP server name, in the format :
321 HTTP/<server_name>@<realm>
322 (NB this is because the web browser requests an ST for the
323 HTTP/<server_name> principal in the current realm, so if we're to decode
324 that ST, it has to match.)
325 -->
326 <password>secret</password>
327 <!--
328 Kerberos realm and KDC address.
329 -->
330 <realm>ALFRESCO.ORG</realm>
331 <!--
332 Service Principal Name to use on the repository tier.
333 This must be like: HTTP/host.name@REALM
334 -->
335 <endpoint-spn>HTTP/repository.server.com@ALFRESCO.ORG</endpoint-spn>
336 <!--
337 JAAS login configuration entry name.
338 -->
339 <config-entry>ShareHTTP</config-entry>
340 <!--
341 A Boolean which when true strips the @domain sufix from Kerberos authenticated usernames.
342 Use together with stripUsernameSuffix property in alfresco-global.properties file.
343 -->
344 <stripUserNameSuffix>true</stripUserNameSuffix>
345 </kerberos>
346 </config>
347
348 <!-- Uncomment and modify the URL to Activiti Admin Console if required. -->
349 <!--
350 <config evaluator="string-compare" condition="ActivitiAdmin" replace="true">
351 <activiti-admin-url>http://localhost:8080/alfresco/activiti-admin</activiti-admin-url>
352 </config>
353 -->
354
355 <config evaluator="string-compare" condition="Remote">
356 <remote>
357 <endpoint>
358 <id>alfresco-noauth</id>
359 <name>Alfresco - unauthenticated access</name>
360 <description>Access to Alfresco Repository WebScripts that do not require authentication</description>
361 <connector-id>alfresco</connector-id>
362 <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
363 <identity>none</identity>
364 </endpoint>
365
366 <endpoint>
367 <id>alfresco</id>
368 <name>Alfresco - user access</name>
369 <description>Access to Alfresco Repository WebScripts that require user authentication</description>
370 <connector-id>alfresco</connector-id>
371 <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
372 <identity>user</identity>
373 </endpoint>
374
375 <endpoint>
376 <id>alfresco-feed</id>
377 <name>Alfresco Feed</name>
378 <description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
379 <connector-id>http</connector-id>
380 <endpoint-url>http://localhost:8080/alfresco/s</endpoint-url>
381 <basic-auth>true</basic-auth>
382 <identity>user</identity>
383 </endpoint>
384
385 <endpoint>
386 <id>alfresco-api</id>
387 <parent-id>alfresco</parent-id>
388 <name>Alfresco Public API - user access</name>
389 <description>Access to Alfresco Repository Public API that require user authentication.
390 This makes use of the authentication that is provided by parent 'alfresco' endpoint.</description>
391 <connector-id>alfresco</connector-id>
392 <endpoint-url>http://localhost:8080/alfresco/api</endpoint-url>
393 <identity>user</identity>
394 </endpoint>
395 </remote>
396 </config>
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411 <!-- Búsqueda avanzada -->
412 <config replace="true" evaluator="string-compare" condition="AdvancedSearch">
413 <advanced-search>
414 <forms>
415 <form label="Ingresos" description="Búsqueda de Ingresos">jos:Ingresos</form>
416 <form label="FichaEmpleado" description="Búsqueda de Empleados">jos:FichaEmpleado</form>
417 <form label="Hacienda" description="Búsqueda de documentos Hacienda">jos:Hacienda</form>
418 <form label="Software" description="Búsqueda de Software">jos:Software</form>
419 <form label="Gastos" description="Búsqueda de Gastos">jos:Gastos</form>
420 </forms>
421 </advanced-search>
422 </config>
423
424
425 <!-- Prueba búsqueda por ingresos -->
426 <config evaluator="model-type" condition="jos:Ingresos">
427 <forms>
428 <form id="search">
429 <field-visibility>
430 <show id="jos:ID_Ingresos" />
431 </field-visibility>
432 </form>
433 </forms>
434 </config>
435
436 <config evaluator="model-type" condition="jos:FichaEmpleado">
437 <forms>
438 <form id="search">
439 <field-visibility>
440 <show id="jos:DNI" />
441 </field-visibility>
442 </form>
443 </forms>
444 </config>
445
446 <config evaluator="model-type" condition="jos:Hacienda">
447 <forms>
448 <form id="search">
449 <field-visibility>
450 <show id="jos:ref" />
451 </field-visibility>
452 </form>
453 </forms>
454 </config>
455
456 <config evaluator="model-type" condition="jos:Software">
457 <forms>
458 <form id="search">
459 <field-visibility>
460 <show id="jos:key" />
461 </field-visibility>
462 </form>
463 </forms>
464 </config>
465
466 <config evaluator="model-type" condition="jos:Gastos">
467 <forms>
468 <form id="search">
469 <field-visibility>
470 <show id="jos:ID_Gasto" />
471 </field-visibility>
472 </form>
473 </forms>
474 </config>
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490 <!--
491 Overriding endpoints to reference an Alfresco server with external SSO enabled
492 NOTE: If utilising a load balancer between web-tier and repository cluster, the "sticky
493 sessions" feature of your load balancer must be used.
494 NOTE: If alfresco server location is not localhost:8080 then also combine changes from the
495 "example port config" section below.
496 *Optional* ssl-config contains:
497 keystore for managing client key and certificate.
498 truststore for managing trusted CAs.
499 Used to authenticate share to an external SSO system such as CAS or
500 to make share talk to SSL layers that require client certificates.
501 Remove the ssl-config section if not required i.e. for NTLM.
502
503 NOTE: For Kerberos SSO rename the "KerberosDisabled" condition above to "Kerberos"
504
505 NOTE: For external SSO, switch the endpoint connector to "alfrescoHeader" and set
506 the userHeader value to the name of the HTTP header that the external SSO
507 uses to provide the authenticated user name.
508 NOTE: For external SSO, Share now supports the "userIdPattern" mechanism as is available
509 on the repository config for External Authentication sub-system. Add the following
510 element to your "alfrescoHeader" connector config:
511 <userIdPattern>^ignore-(\w+)-ignore</userIdPattern>
512 This is an example, ensure the Id pattern matches your repository config.
513 NOTE: For external SSO, Share now supports stateless (no Http Session or sticky session)
514 connection to the repository when using the alfrescoHeader remote user connector.
515 e.g. You can change endpoint config to use the faster /service URL instead of the
516 /wcs URL if you are using External Authentication and then remove sticky session config
517 from your proxy between Share and Alfresco. Note that this is also faster because Share
518 will no longer call the /touch REST API before every remote call to the repository.
519 -->
520
521 <!-- Security warning -->
522 <!-- For production environment set verify-hostname to true.-->
523 <!--
524 <config evaluator="string-compare" condition="Remote">
525 <remote>
526 <ssl-config>
527 <keystore-path>alfresco/web-extension/alfresco-system.p12</keystore-path>
528 <keystore-type>pkcs12</keystore-type>
529 <keystore-password>alfresco-system</keystore-password>
530
531 <truststore-path>alfresco/web-extension/ssl-truststore</truststore-path>
532 <truststore-type>JCEKS</truststore-type>
533 <truststore-password>password</truststore-password>
534
535 <verify-hostname>true</verify-hostname>
536 </ssl-config>
537
538 <connector>
539 <id>alfrescoCookie</id>
540 <name>Alfresco Connector</name>
541 <description>Connects to an Alfresco instance using cookie-based authentication</description>
542 <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
543 </connector>
544
545 <connector>
546 <id>alfrescoHeader</id>
547 <name>Alfresco Connector</name>
548 <description>Connects to an Alfresco instance using header and cookie-based authentication</description>
549 <class>org.alfresco.web.site.servlet.SlingshotAlfrescoConnector</class>
550 <userHeader>SsoUserHeader</userHeader>
551 </connector>
552
553 <endpoint>
554 <id>alfresco</id>
555 <name>Alfresco - user access</name>
556 <description>Access to Alfresco Repository WebScripts that require user authentication</description>
557 <connector-id>alfrescoCookie</connector-id>
558 <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
559 <identity>user</identity>
560 <external-auth>true</external-auth>
561 </endpoint>
562
563 <endpoint>
564 <id>alfresco-feed</id>
565 <parent-id>alfresco</parent-id>
566 <name>Alfresco Feed</name>
567 <description>Alfresco Feed - supports basic HTTP authentication via the EndPointProxyServlet</description>
568 <connector-id>alfrescoHeader</connector-id>
569 <endpoint-url>http://localhost:8080/alfresco/wcs</endpoint-url>
570 <identity>user</identity>
571 <external-auth>true</external-auth>
572 </endpoint>
573
574 <endpoint>
575 <id>alfresco-api</id>
576 <parent-id>alfresco</parent-id>
577 <name>Alfresco Public API - user access</name>
578 <description>Access to Alfresco Repository Public API that require user authentication.
579 This makes use of the authentication that is provided by parent 'alfresco' endpoint.</description>
580 <connector-id>alfrescoHeader</connector-id>
581 <endpoint-url>http://localhost:8080/alfresco/api</endpoint-url>
582 <identity>user</identity>
583 <external-auth>true</external-auth>
584 </endpoint>
585 </remote>
586 </config>
587 -->
588
589 <!-- Cookie settings -->
590 <!-- To disable alfUsername2 cookie set enableCookie value to "false" -->
591 <!--
592 <plug-ins>
593 <element-readers>
594 <element-reader element-name="cookie" class="org.alfresco.web.config.cookie.CookieElementReader"/>
595 </element-readers>
596 </plug-ins>
597
598 <config evaluator="string-compare" condition="Cookie" replace="true">
599 <cookie>
600 <enableCookie>false</enableCookie>
601 <cookies-to-remove>
602 <cookie-to-remove>alfUsername3</cookie-to-remove>
603 <cookie-to-remove>alfLogin</cookie-to-remove>
604 </cookies-to-remove>
605 </cookie>
606 </config>
607 -->
608</alfresco-config>