This page documents the configuration properties that can be used to configure the behaviour of the FluentForms Spring Boot Starter.
These configuration properties are used when connecting to AEM.
fluentforms.aem.servername - This property is the machine name of the server where AEM is running. It is used by FluentForms
when connecting to AEM.
fluentforms.aem.port - This property is the port that AEM is running on. This is usually 4502 (or 4503 for a publish instance).
fluentforms.aem.user - This is the AEM user that be used to log into AEM when communicating with AEM. In dev and test
scenarios, admin can be used however it is recommended that a different user (one that is created for the sole purpose of
authenticating FluentForms calls) be used in production. The created user does not normally need any additional permissions
beyond being a member of the forms-users group.
fluentforms.aem.password - This is the password that will be used to log into AEM when communicating with AEM. The Jasypt spring boot starter library is a dependency of the FluentForms Spring Boot
starter. The password property (well any of the Fluent Forms properties, really) can be encrypted with the Jasypt (see the
spring boot starter web site for more details.
fluentforms.aem.useSsl - This is used to indicate whether FluentForms should connect to AEM using https or http. This property
can be true or false. true will tell FLuentForms to log in with https, false will result in an http connection. This
property is optional, and it defaults to false if it is not supplied.
fluentforms.aem.sslBundle - This is the name used to locate a Spring Security SSL Bundle that will be used as a trust store
for SSL HTTPS connections to AEM. This property is optional, and it defaults to aem if it is not supplied.
fluentforms.rproxy.enabled - This is used to enable/disable the reverse proxying of secondary resources to AEM. If it is
true, then reverse proxying is enabled otherwise it is not. This property is optional and defaults to true.
fluentforms.rproxy.aemPrefix - This is used if the AEM instance is running under some directory other than the root
directory on the AEM server. This can happen, for instance, when AEM is running under a JEE Application server.
fluentforms.rproxy.clientPrefix - This is used if an application using the FluentForms reverse proxy functionality is located
somewhere besides the root of the web server. Normally, all secondary resources (like js and css files) are routed through /aem, however if the application is deployed to a app server under /clientApp, then the reverse proxy will reside under /clientApp/aem. In order to compensate for this, the configuration property fluentforms.rproxy.clientPrefix should
be set to /clientApp (as in fluentforms.rproxy.clientPrefix=/clientApp).
fluentforms.rproxy.afBaseLocation - TBD - This needs to be documented.
fluentforms.rproxy.type - This is used to set the mechanism used to reverse-proxy secondary resources to AEM. If the value is springmvc, then Spring MVC is used to implement the reverse proxy. If it is jersey, then JAX-RS Jersey is used. This property is optional and, if omitted, then the autoconfiguration will choose springmvc if no other type is available. It will typically use a different implementation if it is available (e.g. if fluentforms-jersey-spring-starter is on the class path). This means that under normal circumstances, this setting should not have to be set and is only intended to be used to override the autoconfiguration mechanisms.
Fluent Forms can be configured to use one of two different REST client libraries. It can use either the Jersey client libraries or the Spring RestClient libraries. it was originally developed to use the Jersey client libraries however this some drawbacks - firstly, the Spring requires special configuration when you combine it with libraries that use the built in Spring Web Mechanisms (e.g. Spring MVC, Spring Boot Activator, etc. - see https://docs.spring.io/spring-boot/how-to/jersey.html). Secondly, Spring Jersey is an extra dependency that duplicates functionality that is already available in the Spring Framework, so it causes some jar bloat.
The intention is to eventually eliminate Jersey as a required dependency (and make it an optional dependency).
A FluentForms application can choose which library it wishes to use based on a configuration value.
fluentforms.restclient - This is used to specify which REST client library will be used to make REST calls to AEM. It can have one of the following values: springrestclient - To use the Spring Framework REST client, or jersey to use the Spring Jersey libraries. If omitted, the application setting defaults to jersey for backwards compatibility however this is likely to change at some point in the future to use the springrestclient by default..
Some of the settings in the properties files contains usernames and passwords that, for security reasons, should not be stored in plain text. These can be encrypted using Jasypt and stored in the application.properties or profile properties files surrounded by ENC() to denote an encrypted property. The application will automatically decode these encrypted passwords if the encrypted properties are enabled.
The fluentforms Spring Boot starter uses a jasypt-spring-boot-starter. To enable encrypted properties, create properties in the src/main/resources directory of your application project and add the following properties:
jasypt.encryptor.algorithm=PBEWITHHMACSHA512ANDAES_256
jasypt.encryptor.password=4Point
jasypt.encryptor.iv-generator-classname=org.jasypt.iv.RandomIvGenerator
jasypt.encryptor.salt-generator-classname=org.jasypt.salt.RandomSaltGenerator
To encode usernames or passwords, perform the following steps:
- Download the latest jasypt distribution release from https://github.com/jasypt/jasypt/releases (1.9.3 at the time of this writing)
- Open the .zip and extract the directory to root (so creating
C:\jasypt-1.9.3) - CD into the new directory (i.e.
cd C:\jasypt-1.9.3) - Run the following command:
bin\encrypt.bat "password=4Point" "algorithm=PBEWITHHMACSHA512ANDAES_256" "saltGeneratorClassName=org.jasypt.salt.RandomSaltGenerator" "ivGeneratorClassName=org.jasypt.iv.RandomIvGenerator" "input=<username or password>"where <username or password> is the string you wish to encrypt. - This will produce some output like this:
----ENVIRONMENT-----------------
Runtime: Oracle Corporation Java HotSpot(TM) 64-Bit Server VM 11.0.12+8-LTS-237
----ARGUMENTS-------------------
input: testPassword
password: 4Point
saltGeneratorClassName: org.jasypt.salt.RandomSaltGenerator
ivGeneratorClassName: org.jasypt.iv.RandomIvGenerator
algorithm: PBEWITHHMACSHA512ANDAES_256
----OUTPUT----------------------
ZvyYeP694ZXtlp7VfjziAiayVLrnV5NiSqB4fdhDn9DZw6OMWMcN5CHBB4tCQFo+
- Place the encoded string in the correct property within the .properties file surrounded by ENC(). For example:
fluentforms.aem.password=ENC(ZvyYeP694ZXtlp7VfjziAiayVLrnV5NiSqB4fdhDn9DZw6OMWMcN5CHBB4tCQFo+) - Restart the application
Application trust stores must be configured using standard Spring SSL Bundles mechanisms. The bundle name is set by the fluentforms.aem.sslBundle property (outlined above). If it is not specified, then it defaults to "aem".
Here is a example configuration that uses the default name.
# AEM Coordinates for FluentForms libraries
# Note: You will need to have a 'trusted' certificate installed on your AEM instance to use SSL.
fluentforms.aem.useSsl=true
fluentforms.aem.port=8443
spring.ssl.bundle.jks.aem.truststore.location=file:/home/aem_user/aemforms.p12
spring.ssl.bundle.jks.aem.truststore.password=some_password
spring.ssl.bundle.jks.aem.truststore.type=PKCS12