{"type":"doc","content":[{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{},"macroMetadata":{"macroId":{"value":"009af4e9-2de2-480f-a985-90610489e982"},"schemaVersion":{"value":"1"},"title":"Table of Contents"}},"localId":"5cdf7504-3838-4757-9e38-05c50c3e30e6"}},{"type":"heading","attrs":{"level":1},"content":[{"text":"Administrative user management","type":"text"}]},{"type":"paragraph","content":[{"text":"This section describes how to set up users and user rights for accessing administrative instruments.","type":"text"}]},{"type":"paragraph","content":[{"text":"Administrative access to FEJ can be obtained through: ","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"remote shell","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"JMX","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"FIXICC app","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Configuration of users and their access rights are performed by using Spring Security.","type":"text"}]},{"type":"paragraph","content":[{"text":"For details on monitoring and management by using a remote shell, refer to ","type":"text"},{"text":"FIXEdge Java Administration","type":"text","marks":[{"type":"link","attrs":{"href":"https://b2bits.atlassian.net/wiki/display/B2BITS/FIXEdge+Java+Administration"}}]},{"text":".","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"The changes in the configuration will be applied after FIXEdge Java restart.","type":"text"}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Security configuration","type":"text"},{"type":"hardBreak"}]},{"type":"paragraph","content":[{"text":"FEJ uses Spring Security for authentication purposes. Authentication configuration is located in the ","type":"text"},{"text":"spring/custom-security.xml","type":"text","marks":[{"type":"strong"}]},{"text":" file.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"File-based ","type":"text"},{"text":"authentication ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#333333"}}]}]},{"type":"paragraph","content":[{"text":"By default, for testing purposes, the FEJ container uses simple in-memory authentication with the ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#172b4d"}}]},{"text":"NoOpPasswordEncoder","type":"text","marks":[{"type":"code"}]},{"text":" encoder and plain-text credentials.","type":"text","marks":[{"type":"textColor","attrs":{"color":"#172b4d"}}]}]},{"type":"paragraph","content":[{"text":"For other password encoder options, please check ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#172b4d"}}]},{"text":"Spring Security 5.0","type":"text","marks":[{"type":"link","attrs":{"href":"https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#pe-dpe"}}]},{"text":".","type":"text"}]},{"type":"paragraph","content":[{"text":"If you need a more complex authentication solution, please refer to the ","type":"text"},{"text":"Spring Security","type":"text","marks":[{"type":"link","attrs":{"href":"https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/"}}]},{"text":" documentation.","type":"text"}]},{"type":"paragraph","content":[{"text":"The authentication mechanism is defined in ","type":"text","marks":[{"type":"textColor","attrs":{"color":"#172b4d"}}]},{"text":"spring/custom-security.xml","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text","marks":[{"type":"textColor","attrs":{"color":"#172b4d"}}]}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":" \n \n \n \n \n \n \n \n \n \n \n \n\n","type":"text"}]},{"type":"paragraph","content":[{"text":"Authorized administrative users are defined in the ","type":"text"},{"text":"admin-users.properties","type":"text","marks":[{"type":"strong"}]},{"text":" properties file:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"java"},"content":[{"text":"# Spring security file format\n# password depends on configured spring PasswordEncoder (hash or plain text)\n#\n# Format: username=password,grantedAuthority[,grantedAuthority][,enabled|disabled]\n\n# password is plain text\nadmin=admin,JMX_ADMIN,SSH_ADMIN,FIXICC_ADMIN,enabled\nguest=guest,FIXICC_GUEST,enabled\n\n# password is hash (bcrypt)\n#admin=$2a$10$hCDWIHTwb7zui0dDbG8dXe2r9x3H4JDEynQuoGDn85rk6vOjxGoJC,JMX_ADMIN,SSH_ADMIN,FIXICC_ADMIN,enabled\n#guest=$2a$10$pQcJLlpuHRmn5w1MdBx/xudmEBKc0l/ER7TXifc2zntKIrW3lw8S2,FIXICC_GUEST,enabled","type":"text"}]},{"type":"paragraph","content":[{"text":"By default, FEJ provides such user roles with different access level: ","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"FIXICC_ADMIN - access by ","type":"text"},{"text":"FIXICC","type":"text","marks":[{"type":"link","attrs":{"href":"https://b2bits.atlassian.net/wiki/pages/viewpage.action?pageId=6070313"}}]},{"text":" with ALL permissions (the role is defined in ","type":"text"},{"text":"fixicc_permissions.properties","type":"text","marks":[{"type":"strong"}]},{"text":" )","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"FIXICC_GUEST - access by ","type":"text"},{"text":"FIXICC","type":"text","marks":[{"type":"link","attrs":{"href":"https://b2bits.atlassian.net/wiki/pages/viewpage.action?pageId=6070313"}}]},{"text":" with ONLY READ permissions (the role is defined in ","type":"text"},{"text":"fixicc_permissions.properties","type":"text","marks":[{"type":"strong"}]},{"text":" )","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"SSH_ADMIN - access by ","type":"text"},{"text":"Remote Shell","type":"text","marks":[{"type":"link","attrs":{"href":"https://b2bits.atlassian.net/wiki/display/B2BITS/FIXEdge+Java+Administration#FIXEdgeJavaAdministration-Monitoringandmanagementusingremoteshell"}}]},{"text":" with ALL permissions (the role is defined in ","type":"text"},{"text":"fixedge.properties","type":"text","marks":[{"type":"strong"}]},{"text":")","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"JMX_ADMIN - access by ","type":"text"},{"text":"JMX","type":"text","marks":[{"type":"link","attrs":{"href":"https://b2bits.atlassian.net/wiki/display/B2BITS/FIXEdge+Java+Administration#FIXEdgeJavaAdministration-ManagementoverJMX"}}]},{"text":" with ALL permissions (the role is defined in ","type":"text"},{"text":"fixedge.properties","type":"text","marks":[{"type":"strong"}]},{"text":")","type":"text"}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"LDAP authentication","type":"text","marks":[{"type":"textColor","attrs":{"color":"#333333"}}]}]},{"type":"paragraph","content":[{"text":"FEJ also supports authentication against an LDAP server.","type":"text"}]},{"type":"paragraph","content":[{"text":"Before getting deep into LDAP authentication, let’s get familiar with some LDAP terms.","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":1800.0,"localId":"b1abb639-7d60-4b3e-b497-9f9fcf551f9f"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Term","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Dn","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Distinguished name, a unique name which is used to find a user on an LDAP server, for example, in the Microsoft Active Directory.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Ou","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Organization unit","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Bind","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"LDAP Bind is an operation in which LDAP clients send bindRequest to an LDAP server including username and password and if","type":"text"},{"type":"hardBreak"},{"text":"the LDAP server is able to find the user and the password is correct, it allows access to the LDAP server.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Search","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"LDAP search is an operation which is performed to retrieve Dn of a user by using some user credentials.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Root","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"LDAP directory’s top element, like the root of a tree.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"BaseDn","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Branch in a LDAP tree which can be used as a base for the LDAP search operation.","type":"text"}]}]}]}]},{"type":"paragraph","content":[{"text":"To activate authentication of administrative users with LDAP, it needs to replace the authentication-manager bean definition in the ","type":"text"},{"text":"spring/custom-security.xml","type":"text","marks":[{"type":"strong"}]},{"text":" file:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"xml"},"content":[{"text":"\n \n \n\n \n","type":"text"}]},{"type":"paragraph","content":[{"text":"where","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":1800.0,"localId":"a84edfc6-8750-4226-824b-03d1c04a0d5d"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","marks":[{"type":"alignment","attrs":{"align":"center"}}],"content":[{"text":"Attribute name","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","marks":[{"type":"alignment","attrs":{"align":"center"}}],"content":[{"text":"Description","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":2,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"ldap-authentication-provider","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"user-search-base","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Search base for user searches. Defaults to \"\". Only used with a 'user-search-filter'.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"user-search-filter","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"The LDAP filter used to search for users (optional). For example, \"(uid={0})\".","type":"text"}]},{"type":"paragraph","content":[{"text":"The substituted parameter is user's login name.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"group-search-base","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Defines the part of the directory tree under which group searches should be performed.","type":"text"},{"type":"hardBreak"},{"text":"Defaults to \"\" (searching from the root).","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"group-search-filter","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"The filter which is used to search for group membership. ","type":"text"},{"type":"hardBreak"},{"text":"Defaults to (uniqueMember={0}). The substituted parameter is the DN of the user.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"group-role-attribute","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"The LDAP attribute name which contains the role name which will be used within Spring Security. Defaults to \"cn\".","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"user-dn-pattern","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"A specific pattern used to build user's DN, for example, \"uid={0},ou=people\". ","type":"text"},{"type":"hardBreak"},{"text":"The key \"{0}\" must be present and will be substituted with the username.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":2,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"ldap-server","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"url","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Specifies the LDAP server URL when not using the embedded LDAP server.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"manager-dn","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Username (DN) of the \"manager\" user identity (i.e. \"uid=admin,ou=system\") which will be used to authenticate to a (non-embedded) LDAP server. ","type":"text"},{"type":"hardBreak"},{"text":"If omitted, anonymous access will be used.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"manager-password","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"The password for the manager DN. This is required if the manager-dn is specified.","type":"text"}]}]}]}]},{"type":"paragraph","content":[{"text":"Check more details about the configuration authentication with an LDAP server on ","type":"text"},{"text":"Spring Documentation","type":"text","marks":[{"type":"link","attrs":{"href":"https://docs.spring.io/spring-security/site/docs/5.1.5.RELEASE/reference/htmlsingle/#ldap"}}]},{"text":".","type":"text"}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Administrative shell configuration","type":"text"}]},{"type":"paragraph","content":[{"text":"To configure access to the interactive shell, shell configuration properties are used.","type":"text"}]},{"type":"paragraph","content":[{"text":"Shell configuration properties are defined by the ","type":"text"},{"text":"shell.properties","type":"text","marks":[{"type":"strong"}]},{"text":" file.","type":"text"}]},{"type":"table","attrs":{"layout":"default","width":1800.0,"localId":"042ab5d2-7d97-47a2-bae2-fac992420e9c"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Name","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Default value","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Description","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"crash.auth","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"spring","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Authentication mechanism","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"crash.ssh.port","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"2000","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"SSH server port to listen","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"crash.ssh.keypath","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"/crash/hostkey.pem","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"The path to the PEM file with an SSH server key. Alternatively, Java Keystore can be used (see the ","type":"text"},{"text":"crash.ssh.keystore.path","type":"text","marks":[{"type":"strong"}]},{"text":" option)","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"crash.ssh.keystore.path","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph"}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"The path to the Keystore file with SSH server keys. Has higher priority than ","type":"text"},{"text":"crash.ssh.keypath","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"crash.ssh.keystore.password","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph"}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"The password for the Keystore file","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"crash.ssh.keystore.provider","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph"}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Key manager provider. ","type":"text"},{"type":"hardBreak"},{"text":"Note that the list of registered providers may be retrieved via the Security.getProviders() method.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"crash.ssh.keystore.type","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"JKS","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"The type of Keystore. ","type":"text"},{"type":"hardBreak"},{"text":"See the Keystore section in the ","type":"text"},{"text":"Java Cryptography Architecture Standard Algorithm Name Documentation","type":"text","marks":[{"type":"link","attrs":{"href":"https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore"}}]},{"text":" for information about standard Keystore types.","type":"text"},{"type":"hardBreak"},{"text":"Examples of value: JKS, JCEKS, PKCS12, PKCS11","type":"text"},{"type":"hardBreak"},{"text":"The default value is JKS (Java Key Store).","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"crash.ssh.keygen","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"false","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Specify if a key file should be generated during server start. The ","type":"text"},{"text":"crash.ssh.keypath","type":"text","marks":[{"type":"strong"}]},{"text":" should be defined.","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"crash.ssh.auth_timeout","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"300000","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Authentication timeout of the SSH server (in milliseconds)","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"crash.ssh.idle_timeout","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"300000","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Idle timeout of the SSH server (in milliseconds)","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"crash.ssh.default_encoding","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"UTF-8","type":"text"}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1},"content":[{"type":"paragraph","content":[{"text":"Character encoding","type":"text"}]}]}]}]},{"type":"paragraph","marks":[{"type":"indentation","attrs":{"level":1}}],"content":[{"text":"FEJ uses the Java shell called ‘CRaSH’. For more information about configuration properties, please refer to the ","type":"text"},{"text":"CRaSH reference documentation","type":"text","marks":[{"type":"link","attrs":{"href":"http://www.crashub.org/1.3/reference.html"}}]},{"text":".","type":"text"}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Administrative JMX configuration","type":"text"}]},{"type":"paragraph","content":[{"text":"The ","type":"text"},{"text":"fixedge.properties","type":"text","marks":[{"type":"strong"}]},{"text":" file contains settings for defining the JMX port and the URL for accessing the JMX service.","type":"text"}]},{"type":"paragraph","content":[{"text":"For details, refer to the ","type":"text"},{"text":"official Java documentation","type":"text","marks":[{"type":"link","attrs":{"href":"https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html#gdevg"}}]},{"text":".","type":"text"}]},{"type":"paragraph","content":[{"text":"Monitoring and management by using the JMX technology is described in the ","type":"text"},{"text":"Management over JMX","type":"text","marks":[{"type":"link","attrs":{"href":"https://b2bits.atlassian.net/wiki/display/B2BITS/FIXEdge+Java+Administration#FIXEdgeJavaAdministration-ManagementoverJMX"}}]},{"text":" section.","type":"text"}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"FIXICC access configuration","type":"text"}]},{"type":"paragraph","content":[{"text":"For details on the FIXICC access configuration, refer to the ","type":"text"},{"text":"FIXICC & FEJ Integration User Guide","type":"text","marks":[{"type":"link","attrs":{"href":"https://b2bits.atlassian.net/wiki/pages/viewpage.action?pageId=6070313"}}]},{"text":".","type":"text"}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Administrative REST API configuration","type":"text"}]},{"type":"paragraph","content":[{"text":"FIX Edge Java has REST API functionality that can be used for FIX sessions management.","type":"text"}]},{"type":"paragraph","content":[{"text":"REST API is configuring in the ","type":"text"},{"text":"fixedge.properties","type":"text","marks":[{"type":"strong"}]},{"text":" file.","type":"text"}]},{"type":"codeBlock","attrs":{"language":"visualbasic"},"content":[{"text":"# Enable REST service, if it is false or empty, REST service will not be available\nrest.service.enable=true\n\n# Name of REST service, if it is empty or disabled, REST service will not be available and registered in Service Discovery\n# rest.service.name=REST-AdminAPI\n\n# Name of REST port, if it is empty or disabled, REST service will not be available and registered in Service Discovery\nrest.service.port=9010\n\n# Path to SSL certificate, should not be empty to create REST service and register it in Discovery\nrest.ssl.cert.path=/ssl/cert.pem\n\n# Path to SSL key, should not be empty to create REST service and register it in Discovery\nrest.ssl.key.path=/ssl/key.pem\n\n# REST server keystore properties\n# Pass to keystore file with certificate, for example, jks or p12 format\nrest.keystore.path=classpath:/ssl/keystore.p12\n# Keystore password\nrest.keystore.password=password\n\n# REST server truststore properties\n# Pass to truststore file containing CA certificate, for example, jks or p12 format\nrest.truststore.path=classpath:/ssl/truststore.p12\n# Truststore password\nrest.truststore.password=password\n\n# True if REST server needs client authentication\nrest.ssl.auth=true","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"FIXICC H2 Configuration","type":"text","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"text":"Configure the following properties in the ","type":"text"},{"text":"local.app.properties","type":"text","marks":[{"type":"strong"}]},{"text":" file.","type":"text"}]},{"type":"codeBlock","attrs":{"language":"visualbasic"},"content":[{"text":"# REST API Security\n# Pass to keystore file with certificate, for example, jks or p12 format\nfixicch2.ssl.keystore.path=/opt/fixicch2-home/client.p12\n# Keystore password\nfixicch2.ssl.keystore.password=password\n\n# Pass to truststore file containing CA certificate, for example, jks or p12 format\nfixicch2.ssl.truststore.path=/opt/fixicch2-home/truststore.p12\n# Truststore password\nfixicch2.ssl.truststore.password=password","type":"text"}]},{"type":"paragraph","content":[{"text":"Please ensure these configurations are applied correctly to enable secure REST API communication.","type":"text"}]}],"version":1}

Browser not supported