Security configuration
FEJ uses Spring Security for authentication purposes. Security configuration is stored in fej-security.xml file.
In-Memory Authentication
By default, FEJ container uses simple in-memory authentication.
<sec:authentication-manager id="authenticationManager">
<sec:authentication-provider>
<sec:user-service id="userDetailsService" properties="users.properties"/>
</sec:authentication-provider>
</sec:authentication-manager>
Users are stored in the external properties file named users.properties. It contains single user test with password test and role ROLE_ADMIN:
$ pwd /usr/share/fixedgej-1.0.0/conf $ cat users.properties test=test,ROLE_ADMIN,enabled
LDAP authentication
FEJ also supports authentication against an LDAP server.
Before getting deep into LDAP authentication, let’s get familiar with some LDAP terms.
| Term | Description |
|---|---|
Dn | Distinguished name, a unique name which is used to find user in LDAP server e.g. Microsoft Active Directory. |
Ou | Organization Unit. |
Bind | LDAP Bind is an operation in which LDAP clients sends bindRequest to LDAP user including username and password and if |
Search | LDAP search is the operation which is performed to retrieve Dn of user by using some user credentials. |
Root | LDAP directory’s top element, like root of a tree. |
BaseDn | a branch in LDAP tree which can be used as base for LDAP search operation. |
When the LDAP authentication option is activated, the default single user mode is turned off.
FIX Session configuration
FIX Antenna java is used for establishing and managing FIX sessions. But FEJ introduce per-file base configuration for each FIX session. All such configuration files are placed into subdirectories of session directory and should follow s_fix_[SESSION_ID].properties mask (this behaviour can be changed with 'sessionConfigManager' bean into fej-server.xml). Additional each subfolder may have SESSION_GROUP_s_fixDefault.properties configuration file which define common option for all group of FIX sessions.
Main options for FIX session(advanced options for FIX session you can find on FIX Antenna Java configuration page):
| Property name | Default value | Description |
|---|---|---|
sessionType | acceptor | Session type. If type is not defined then session will be resolved as acceptor. Valid values: acceptor/initiator. |
host | The connecting host for initiator session | |
port | The connecting port for initiator session | |
senderCompID | Assigned value used to identify firm sending message | |
senderSubID | Assigned value used to identify specific message originator (desk, trader, etc.) | |
senderLocationID | Assigned value used to identify specific message originator’s location (i.e. geographic location and/or desk, trader) | |
targetCompID | Assigned value used to identify receiving firm | |
targetSubID | Assigned value used to identify specific individual or unit intended to receive message | |
targetLocationID | Assigned value used to identify specific message destination’s location (i.e. geographic location and/or desk, trader) | |
fixVersion | Version of the FIX protocol | |
appVersion | ||
backupHost | Backup host for initiator session | |
backupPort | Backup port for initiator session | |
incomingSequenceNumber | 0 | Incoming sequence number |
outgoingSequenceNumber | 0 | Outgoing sequence number |
processedIncomingSequenceNumber | 0 | Last valid incoming sequence number |
heartbeatInterval | 30 | Heartbeat interval (in seconds) |
lastSeqNumResetTimestamp | ||
fixFieldList | User defined fields for messages. If this list is not empty, Engine add it to each outgoing message. | |
outgoingLoginFixFieldList | Additional fields for outgoing Logon message | |
groups | Comma-separated list of routing groups | |
| username | The assigned value used to identify a username to send in Logon message for initiator session and username to validate with user name from Logon request for acceptor session. The session will be accepted if the username is not defined. | |
| password | The assigned value used to identify a password to send in Logon message for initiator session and password to validate with password from logon request for acceptor session. The session will be accepted if the password is not defined |
Routing Rules Configuration
FIX Edge Java provides an RoutingRule unit as an abstraction for internal message routing element. FEJ supports pure Java and Groovy implementations for routing rules. Please find additional information in the article FIXEdge Java - Groovy rules
Logging configuration
FEJ uses Log4j 2 as a logging framework. Its configuration is stored in log4j2.xml file. For more information about configuration please refer Log4j 2 official documentation.
Administrative shell configuration
Shell configuration properties are stored in shell.properties file.
| Name | Default value | Description |
|---|---|---|
crash.auth | spring | Authentication mechanism |
crash.ssh.port | 2000 | SSH server port |
crash.ssh.auth_timeout | 300000 | Authentication timeout of the SSH server (in milliseconds) |
crash.ssh.idle_timeout | 300000 | Idle timeout of the SSH server (in milliseconds) |
crash.ssh.default_encoding | UTF-8 | Character encoding |
FEJ uses Java shell called ‘CRaSH’. For more information about it configuration properties please refer to the CRaSH reference documentation.
Wrapper configuration
FEJ uses YAJSW to run the application as a Windows Service or UNIX Daemon. It configuration is stored in wrapper.conf file. Please refer to the YAJSW reference documentation for more information about available configuration properties.