cadenzaweb

<basicWebConfiguration
>
required

This is basic configuration for Cadenza Web.

A simple configuration could look like:

<basicWebConfiguration>
  <publicCadenzaUrl>http://localhost:8080/cadenza</publicCadenzaUrl>
  <management>
    <maxConcurrentUsers>10</maxConcurrentUsers>
  </management>
  <!-- This is just a demo secret that is not actually a
       secure password, do not copy paste this
       into a productive installation of Cadenza -->
  <clusterSecret>d9bcdfadc8bc</clusterSecret>
</basicWebConfiguration>
<management
>
required
<maxConcurrentUsers
>
required
int
</maxConcurrentUsers>
<defaultDatasourceMaxCachingAge
>
required
duration

This is the duration that items will be kept in the QueryResultCache for a particular datasource if no specific timeout is defined on the datasource itself.

Default: PT5M

</defaultDatasourceMaxCachingAge>
<maxUploadFileSize
>
optional

Defines the maximum size of the file uploaded. Number with unit, e.g. 10M, 512K

Default: 100M

xs:string
</maxUploadFileSize>
</management>
<layout
>
optional
userSpecific
required
=
boolean
</layout>
<appearance
>
optional
<menuEntries
<menuEntry
id
required
=
xs:string
help
url
keymap
<printNameKey
>
optional
xs:string
</printNameKey>
<url
>
optional
anyURI
</url>
>
requiredmax. unbounded
</menuEntry>
>
required
</menuEntries>
</appearance>
<csp
>
optional

This is the Content-Security-Policy configuration for Cadenza. This configuration governs how a set of HTTP headers is sent to the browser to regulate a few security settings.

<frame-ancestors
>
optional

The frame-ancestors configuration allows Cadenza to defend itself against Clickjacking attacks. Cadenza defends itself against this by setting the frame-ancestors directive of the Content-Security-Policy header to self. This prevents Cadenza from being embedded in sites other than itself.

If you want to allow Cadenza to be embedded into a site on another origin, then you need to configure the origin of that site as a frame-ancestors source in this configuration.

enabled
optional
=
boolean

You can enable or disable the `Content-Security-Policy` entirely with this flag. This should *not* be disabled in production.

Default: true

<source
>
optionalmax. unbounded
string

Each source element identifies an origin that is allowed to embed Cadenza. By default, there is one source configured called self to allow Cadenza to embed itself. This source is automatically added to the list and does not need to be set here.

</source>
</frame-ancestors>
</csp>
<clusterSecret
>
optional
string

Encoded cluster secret used for encrypting sensitive data on the server. In multi node environment all Cadenza nodes must use the same cluster secret. E.g. cluster secret is used to sign url to enable secure workbook report generation. Use PasswordEncoder to create encoded cluster secret.

</clusterSecret>
<publicCadenzaUrl
>
optional
anyURI

The externally-reachable base URL for the Cadenza installation, for use e.g. in notification emails. Effectively required if such functionalities are in use.

</publicCadenzaUrl>
<labelSets
>
optional

Configuration, which maps a name to a set of labels, for use e.g. in filtering the navigator with those labels by calling the cadenza base url with the parameter labelSet and this name. E.g. http//localhost/cadenza/?labelSet={NAME}.

<labelSet
>
requiredmax. unbounded
name
optional
=
string
<label
>
requiredmax. unbounded
string
</label>
</labelSet>
</labelSets>
</basicWebConfiguration>