Skip to main content

Configuration

TimeBase Web Administrator is a Spring application. You can follow standard best practices to configuring Spring applications properties, such as:

info

TimeBase Web Administrator starts with the default configuration specified in the following application.yaml file.

Important

It is not recommended changing the default configurations.

#default configuration
server:
port: 8099
compression:
enabled: true
mime-types: text/html,text/css,application/javascript,application/json
spring:
mvc:
async:
request-timeout: 3600000 # 60 * 60 * 1000 = 1 hour
timebase:
url: dxtick://localhost:8011
readonly: false
flushPeriodMs: 500
user:
password:
streams:
include:
exclude: \#$ && \^metrics#
currencies:
tree:
group-size: 1000
grafana:
pluginsPackages:
- epam.rtc.grafana
enabled: true
streams:
include: .*
exclude:
security:
oauth2:
provider:
providerType: BUILT_IN_OAUTH # valid values: EXTERNAL_OAUTH, BUILT_IN_OAUTH, SSO
clientId: web
oauthServer: http://localhost:8099
getTokenEndpoint: /oauth/token
checkTokenEndpoint: /oauth/check
clientId: web
secret: $2a$10$1DWT60qCpc1bTJUNiV/C0u.Zw0L5Yq80OhZbsyA8LAKn7G/18q9za
authorizedGrantTypes:
- password
- refresh_token
users:
- username: admin
password: $2a$10$7M3W5JMk1wggimrbVegxWeeasqjrZUjNEiZTpMSYdId92409D2TSq
authorities: [TB_ALLOW_READ, TB_ALLOW_WRITE]
- username: reader
password: $2a$10$7M3W5JMk1wggimrbVegxWeeasqjrZUjNEiZTpMSYdId92409D2TSq
authorities: [ TB_ALLOW_READ]
- username: test
password: $2a$10$3PL6X1Gn8VjRy4r0od9NLeZrO2YWpUjzozv3jOxU0/RMjsElzPQdu
authorities: [TB_ALLOW_READ, TB_ALLOW_WRITE]
scopes:
- trust
accessTokenValiditySeconds: 300 # 5 min
refreshTokenValiditySeconds: 86400 # one day

ai-api: # AI assitant properties
enabled: false
endpointUrl: "" # endpoint to send prompts, can be chat gpt https://api.openai.com/v1/chat/completions
deploymentName: gpt-4o-2024-05-13
key: INVALID_API_KEY # key
maxAttempts: 3

You can override specific default configuration parameters (in this case other parameters keep their default values) or the entire default configuration to meet your specific requirements.

Additional Configuration File

You can create an additional application.yaml configuration file to override the selected configuration parameters.

For example, to override the default TimeBase URL, you can create an additional application.yaml configuration file as shown in the example below:

# additional application.yaml
timebase:
url: dxtick://localhost:8045

and run the application with -Dspring.config.additional-location system property, where you provide the path to the additional application.yaml you want to use.

# docker-compose.yaml
services:
timebase-admin:
environment:
- JAVA_OPTS=
-Dspring.config.additional-location=/path/to/the/additional/config_file/application.yaml

or add the additional configuration file using environment variable:

# docker-compose.yaml
services:
timebase-admin:
environment:
- SPRING_CONFIG_ADDITIONAL-LOCATION=/path/to/the/additional/config_file/application.yaml

System Properties

Default configuration parameters can be mapped on and overridden using Java system properties.

For example, to override the default TimeBase URL, you can add a system property as shown in the below example:

# docker-compose.yaml
services:
timebase-admin:
environment:
- JAVA_OPTS=
-Dtimebase.url=dxtick://localhost:8045

Environment Variables

Default configuration parameters can be overridden using environment variables.

Refer to Spring Naming Convention for your reference.

# docker-compose.yaml
services:
timebase-admin:
environment:
- TIMEBASE_URL=dxtick://localhost:8045

Replace the Default Configuration

You can ignore the default configuration and entirely replace it by the custom application.yaml. In this case, run the application with -Dspring.config.location system property and provide the path to the new application.yaml you want to use instead of the default one.

Be aware, that in this case, you will have to create the entire config from scratch, which is significantly more resourceful than redefining the selected parameters - described in the above sections.

# docker-compose.yaml
services:
timebase-admin:
environment:
- JAVA_OPTS=
-Dspring.config.location=/path/to/the/config_file/application.yaml

Examples

Override TimeBase connection parameters in the additional application.yaml file:

# additional application.yaml
timebase:
url: dxtick://localhost:8045
user: admin
password: admin

Configure users by adding an additional application.yaml:

# additional application.yaml
security:
oauth2:
users:
- username: admin
password: admin # or BCrypt encoded password
authorities: [TB_ALLOW_READ, TB_ALLOW_WRITE]

Configure ORY Hydra SSO provider in the additional application.yaml:

# additional application.yaml
spring:
security:
oauth2:
resourceserver:
jwt:
issuer-uri: http://hydra-url:8011/my-client-id

security:
oauth2:
provider:
providerType: SSO
name: hydra
clientId: my-hydra-client-id
validateIssuer: false
userInfo:
enable: true

Configure users via Java system properties:

# docker-compose.yaml
services:
timebase-admin:
environment:
- JAVA_OPTS=
-Dsecurity.oauth2.users.0.username=admin
-Dsecurity.oauth2.users.0.password=admin
-Dsecurity.oauth2.users.0.authorities="TB_ALLOW_READ, TB_ALLOW_WRITE"

Configure API Keys via environment variables:

# docker-compose.yaml
services:
timebase-admin:
environment:
- SECURITY_AUTHORIZATION_SOURCE=CONFIG
- SECURITY_API-KEYS_SESSIONS_ENABLED=false
- SECURITY_API-KEYS-PROVIDER_API-KEYS_0_NAME=TEST_API_KEY
- SECURITY_API-KEYS-PROVIDER_API-KEYS_0_KEY=TEST_API_SECRET
- SECURITY_API-KEYS-PROVIDER_API-KEYS_0_USER=admin
- SECURITY_API-KEYS-PROVIDER_API-KEYS_0_AUTHORITIES=TB_ALLOW_READ, TB_ALLOW_WRITE

Enabling HTTPS

To enable HTTPS:

  1. Create a keystore with a valid key pair. Here we generate a self-signed certificate using JDK’s keytool:
keytool -genkey -keyalg RSA -alias webadmin -keystore selfsigned.jks -validity 1000 -keysize 2048
  1. Add the following settings to application.yaml:
server:
ssl:
key-store: /timebase/webadmin/selfsigned.jks
    key-store-password: password
    keyStoreType: JKS
    keyAlias: timebase

WebAdmin uses the Spring Boot framework. You can use Spring parameters to adjust web settings.

For example, to require TLS 1.2:

server:
ssl:
protocol: TLS
enabled-protocols: TLSv1.2

Configure TimeBase onnection with OAuth2

Add the following settings to application.yaml to be able to connect with TimeBase configured with OAuth2:

timebase:
oauth2-client:
url: https://login.microsoftonline.com/b41b72d0-4e9f-1111-1111-1111111111111/oauth2/v2.0/token # issuer request token url
client-id: 4d69eb9b-e7c3-1111-1111-1111111111111
client-secret: <base64 client secret>
scope: "api%3A%2F%2Ffcf8a41f-bf18-1111-1111-1111111111111%2F.default"

To connect with certificate credentials flow instead of secret, add the following settings to application.yaml:

timebase:
oauth2-client:
url: https://login.microsoftonline.com/b41b72d0-4e9f-1111-1111-1111111111111/oauth2/v2.0/token # issuer request token url
client-id: 4d69eb9b-e7c3-1111-1111-1111111111111
scope: "api%3A%2F%2Ffcf8a41f-bf18-1111-1111-1111111111111%2F.default"
keystore:
keystore-type: PKCS12 # PKCS12, JKS
keystore-location: <keystore location>
keystore-alias: <keystore alias>
keystore-password: <base64 encoded keystore password>

Configure Other Services

You can configure selected parameters for various services. Use one of standard approaches for configuration:

In configuration file:

charting:
max-pool-size: 8
...

Via Java OPTS:

-Dcharting.max-pool-size=10

Via ENV Variables:

set CHARTING_MAX-POOL-SIZE=10

ParameterDescriptionDefault
Charting
charting.queryTimeoutSecTime limit (in seconds) allowed to build a chart.60 sec
charting.max-pool-sizeThread pool size for charts. Number of users that can build chart simultaneously.8
Websockets
websocket.send-buffer-size-limitThe max amount of data that can be kept in buffer when sending messages to a websocket session.512K
websocket.message-size-limitMax size of the inbound sub-protocol message, such as STOMP frame, which can be aggregated from multiple websocket messages.64K
websocket.send-time-limitTime limit (in milliseconds) allowed when sending messages to a websocket session.10 sec
Order Book Service
timebase.order-book.max-tasksThread pool size for order book service tasks. Number of connections that can build order book simultaneously.50
timebase.order-book.flush-period-msFlush messages period in milliseconds. The frequency of the order book data updates coming from the server.500ms
Order Book Debugger Service
order-book-debugger.snapshot-lookup-msLook-up snapshot period in milliseconds to build order book.60000ms
Views
views.processor.thread-pool-sizeThread pool size for processing of views. Refer to Views to learn more.4
Instrument Service
instrumentsService.securitiesStreamThe name of the stream for securities.securities
instrumentsService.deltixSymbolFieldName of the field in the securities stream where the symbol name by DELTIX is stored.deltixSymbol
instrumentsService.smiUrlCentral securities service URL.https://smi.deltixhub.com
instrumentsService.timeoutDefault timeout for securities service requests in milliseconds.30000
Import Settings
import.directoryThe name of the directory on the server for import files.temp
import.directorySizeMbMax directory size for import files, in megabytes.1024
import.max-uploadsThread pool size for import tasks. Max number of upload processes that can run simultaneously.10
import.stale-import-timeout-msStale tasks (for example, when import process was not closed gracefully) sweep time in milliseconds.65000ms
import.log-file-sizeMax log size for import process in bytes that is stored on server.1048576
import.preview.sizeWhen importing form a CSV file, the max lines count for preview.50
Flow Chart
timebase.flowchart.metrics-streamStream key with metrics for the flow chart.metrics#
timebase.flowchart.max-intervalLook back time in millis, how far back service starts reading metrics.10000
timebase.flowchart.max-tasksThread pool size for flow chart. Number of users that can view flow chart simultaneously.10
Global Task Executor
task-executor-service.max-tasksThread pool size for common tasks (for example, live charting tasks). Number of tasks allowed in a global pool of tasks.50
Metrics
metrics.users.active.timeout-msActive users timeout in milliseconds. User is considered active if there has been any activity within this time period.300000