Configuration

Configuring HTTPS

To authenticate desktop applications, the server must have HTTPS enabled. Here are simple instructions for configuring HTTPS in your development environment.

Generating Trusted Certificate

Trusted certificates can be obtained from SSL certificate providers or generated with certbot. But for the development purposes you can issue your own root certificate and sign development server’s certificate with it. To simplify this task, we recommend using the mkcert tool.

Install mkcert by following the instructions provided in its repository: https://github.com/FiloSottile/mkcert.
Generate and install the root certificate:
```
mkcert -install
```
Create a certificate for localhost:
```
mkcert -pkcs12 localhost 127.0.0.1 ::1
```
You will see the localhost+2.p12 file in the current folder.
Create a keystore file with the certificate for your project:
```
keytool -importkeystore -srckeystore localhost+2.p12 -srcstoretype pkcs12 -destkeystore localhost.jks
```
Enter changeit as the source keystore password.

You will see the localhost.jks file in the current folder.

Configuring Server

This section explains how to use the certificate generated in the previous section in your application when it runs from the IDE or as an executable JAR.

Create src/main/resources/<base-package>/keystore directory and copy localhost.jks into it.

Set the following properties in the application.properties file replacing <base-package> and <password> with actual values:

# Enables HTTPS
server.ssl.enabled=true
# The format used for the keystore
server.ssl.key-store-type = JKS
# The path to the keystore containing the certificate
server.ssl.key-store = classpath:<base-package>/keystore/localhost.jks
# The password used to generate the keystore
server.ssl.key-store-password = <password>
# The alias mapped to the certificate
server.ssl.key-alias = localhost

# Changes the server's port
server.port = 8443

The <base-package> in the path to the keystore (server.ssl.key-store property) should be presented as a slash-separated path:

server.ssl.key-store = classpath:com/example/demo/keystore/localhost.jks

Open the main application class and change the printApplicationUrl() method. The URL should be changed to https:// after configuring HTTPS:

@EventListener
    public void printApplicationUrl(final ApplicationStartedEvent event) {
        LoggerFactory.getLogger(DemoApplication.class).info("Application started at "
                + "https://localhost:"
                + environment.getProperty("local.server.port")
                + Strings.nullToEmpty(environment.getProperty("server.servlet.context-path")));
    }

Maintenance Tasks

The WebDAV add-on includes several maintenance tasks, as described below. To run these tasks regularly, include the Quartz add-on in your project as outlined in the Quartz / Installation section.

ExpiredLockCleaningJob

This job removes expired lock objects. By default, it runs every two hours.

To modify the job schedule, use the jmix.webdav.expired-lock-cleaning-cron property.

WebdavDocumentVersionsCleaningJob

This job removes WebdavDocumentVersion instances that are not associated with any documents. By default, it runs once a month.

To change the job schedule, use the jmix.webdav.document-versions-cleaning-cron property.

Configuring Security

Access restrictions for documents are set up using resource and row-level roles.

Predefined Roles

The Jmix application with the WebDAV add-on includes two default resource roles:

WebDAV: minimal access - a fundamental WebDAV role necessary for all users utilizing WebDAV functionality.
WebDAV: view document browser - provides permission to access the WebDAV documents view.

Was this page helpful?

Thank you for your feedback

Something went wrong