7.2.1. Fichiers communs

Les composants de la solution logicielle VITAM utilisent un socle de fichiers communs.

7.2.1.1. Fichier /vitam/conf/<composant>/sysconfig/java_opts

Ce fichier définit les JVMARGS.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#*******************************************************************************
# Copyright French Prime minister Office/SGMAP/DINSIC/Vitam Program (2015-2019)
#
# contact.vitam@culture.gouv.fr
#
# This software is a computer program whose purpose is to implement a digital archiving back-office system managing
# high volumetry securely and efficiently.
#
# This software is governed by the CeCILL 2.1 license under French law and abiding by the rules of distribution of free
# software. You can use, modify and/ or redistribute the software under the terms of the CeCILL 2.1 license as
# circulated by CEA, CNRS and INRIA at the following URL "http://www.cecill.info".
#
# As a counterpart to the access to the source code and rights to copy, modify and redistribute granted by the license,
# users are provided only with a limited warranty and the software's author, the holder of the economic rights, and the
# successive licensors have only limited liability.
#
# In this respect, the user's attention is drawn to the risks associated with loading, using, modifying and/or
# developing or reproducing the software by the user in light of its specific status of free software, that may mean
# that it is complicated to manipulate, and that also therefore means that it is reserved for developers and
# experienced professionals having in-depth computer knowledge. Users are therefore encouraged to load and test the
# software's suitability as regards their requirements in conditions enabling the security of their systems and/or data
# to be ensured and, more generally, to use and operate it in the same conditions as regards security.
#
# The fact that you are presently reading this means that you have had knowledge of the CeCILL 2.1 license and that you
# accept its terms.
#*******************************************************************************
JAVA_OPTS="{{ vitam_struct.jvm_opts.gc | default(gc_opts) }} {{ vitam_struct.jvm_opts.memory | default(memory_opts) }} {{ vitam_struct.jvm_opts.java | default(java_opts) }} -Dorg.owasp.esapi.resources={{ vitam_folder_conf }} -Dlogback.configurationFile={{vitam_folder_conf}}/logback.xml -Dvitam.config.folder={{ vitam_folder_conf }} -Dvitam.data.folder={{ vitam_folder_data }} -Dvitam.tmp.folder={{ vitam_folder_tmp }} -Dvitam.log.folder={{ vitam_folder_log }} -Djava.security.properties={{ vitam_folder_conf }}/java.security -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath={{ vitam_folder_log }}"
JAVA_ARGS="{{ vitam_folder_conf }}/{{ vitam_struct.vitam_component }}.conf"

7.2.1.2. Fichier /vitam/conf/<composant>/logback.xml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
	<appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
		<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
			<fileNamePattern>{{ vitam_folder_log }}/accesslog-{{ vitam_struct.vitam_component }}.%d{yyyy-MM-dd}.log</fileNamePattern>
			<maxHistory>{{ days_to_delete_access_local }}</maxHistory>
      		<totalSizeCap>14GB</totalSizeCap>
		</rollingPolicy>
		<encoder>
			<pattern>%h %l %u %t "%r" %s %b "%i{Referer}" "%i{User-agent}" %D %i{X-Request-Id} %i{X-Tenant-Id} %i{X-Application-Id}</pattern>
		</encoder>
	</appender>
	<appender-ref ref="FILE" />
</configuration>

7.2.1.3. Fichier /vitam/conf/<composant>/logback-access.xml

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
<?xml version="1.0" encoding="UTF-8"?>
<configuration>

	<!-- Send debug messages to System.out -->
	<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
		<!-- By default, encoders are assigned the type ch.qos.logback.classic.encoder.PatternLayoutEncoder -->
		<encoder>
			<pattern>%d{ISO8601} [[%thread]] [%X{X-Request-Id}]  %-5level %logger - %replace(%caller{1..2}){'Caller\+1	 at |\n',''} : %msg %rootException%n</pattern>
		</encoder>
	</appender>
	<!-- <appender name="FILE" class="ch.qos.logback.core.FileAppender"> -->
	<appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
		<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
			<fileNamePattern>{{vitam_folder_log}}/{{ vitam_struct.vitam_component }}.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
			<maxFileSize>10MB</maxFileSize>
			<maxHistory>{{ days_to_delete_logback_logfiles }}</maxHistory>
      		<totalSizeCap>5GB</totalSizeCap>
		</rollingPolicy>

		<!-- TODO : replace with rolling file appender -->
		<!-- <file>{{vitam_folder_log}}/{{ vitam_struct.vitam_component }}.log</file>
		<append>true</append> -->
		<encoder>
			<pattern>%d{ISO8601} [[%thread]] [%X{X-Request-Id}] %-5level %logger - %replace(%caller{1..2}){'Caller\+1     at |\n',''} : %msg %rootException%n</pattern>
		</encoder>
	</appender>


	<appender name="SECURITY" class="ch.qos.logback.core.rolling.RollingFileAppender">
		<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
			<fileNamePattern>{{vitam_folder_log}}/{{ vitam_struct.vitam_component }}_security.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
			<maxFileSize>10MB</maxFileSize>
			<maxHistory>{{ days_to_delete_logback_logfiles }}</maxHistory>
      		<totalSizeCap>5GB</totalSizeCap>
		</rollingPolicy>
		<encoder>
			<pattern>%d{ISO8601} [[%thread]] [%X{X-Request-Id}] %-5level %logger - %replace(%caller{1..2}){'Caller\+1     at |\n',''} : %msg %rootException%n
			</pattern>
		</encoder>
	</appender>

    {% if vitam_struct.vitam_component == 'storage' %}
	<appender name="OFFERSYNC" class="ch.qos.logback.core.rolling.RollingFileAppender">
		<rollingPolicy class="ch.qos.logback.core.rolling.SizeAndTimeBasedRollingPolicy">
			<fileNamePattern>{{vitam_folder_log}}/{{ vitam_struct.vitam_component }}_offer_sync.%d{yyyy-MM-dd}.%i.log</fileNamePattern>
			<maxFileSize>10MB</maxFileSize>
			<maxHistory>30</maxHistory>
			<totalSizeCap>5GB</totalSizeCap>
		</rollingPolicy>
		<encoder>
			<pattern>%d{ISO8601} [[%thread]] [%X{X-Request-Id}] %-5level %logger - %replace(%caller{1..2}){'Caller\+1     at |\n',''} : %msg %rootException%n
			</pattern>
		</encoder>
	</appender>
    {% endif %}

	<appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
		<syslogHost>localhost</syslogHost>
		<facility>{{ vitam_defaults.syslog_facility }}</facility>
		<suffixPattern>vitam-{{vitam_struct.vitam_component}}: %d{ISO8601} [[%thread]] [%X{X-Request-Id}] %-5level %logger - %replace(%caller{1..2}){'Caller\+1     at |\n',''} : %msg %rootException%n</suffixPattern>
	</appender>
	<!-- By default, the level of the root level is set to TRACE -->
	<root level="{{ vitam_struct.log_level | default(vitam_defaults.services.log_level) }}">
		<!-- <appender-ref ref="STDOUT" /> -->
		<appender-ref ref="FILE" />
		<appender-ref ref="SYSLOG" />
	</root>

  <logger name="org.eclipse.jetty" level="WARN"/>
  <logger name="fr.gouv.vitam.storage.engine.server.logbook.StorageLogbookMock" level="INFO"/>
  <logger name="fr.gouv.vitam.metadata.core.reconstruction.ReconstructionService" level="INFO"/>
  <logger name="fr.gouv.vitam.metadata.core.graph.StoreGraphService" level="INFO"/>
  <logger name="fr.gouv.vitam.metadata.core.graph.GraphComputeServiceImpl" level="INFO"/>
  <logger name="fr.gouv.vitam.common" level="WARN" />
  <logger name="fr.gouv.vitam.common.performance.PerformanceLogger" level="DEBUG" />
  <logger name="fr.gouv.vitam.common.alert.AlertServiceImpl" level="INFO">
	  <appender-ref ref="SECURITY" />
  </logger>
  {% if vitam_struct.vitam_component == 'storage' %}
  <logger name="fr.gouv.vitam.storage.engine.server.offersynchronization.OfferSyncServiceImpl">
       <appender-ref ref="OFFERSYNC" />
  </logger>
  {% endif %}

  {% if vitam_struct.vitam_component == 'metadata' %}
  <logger name="fr.gouv.vitam.metadata.core.migration" level="INFO"/>
  {% endif %}

</configuration>

7.2.1.4. Fichier /vitam/conf/<composant>/jetty-config.xml

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">

<!-- =============================================================== -->
<!-- Documentation of this file format can be found at:              -->
<!-- http://wiki.eclipse.org/Jetty/Reference/jetty.xml_syntax        -->
<!--                                                                 -->
<!-- Additional configuration files are available in $JETTY_HOME/etc -->
<!-- and can be mixed in. See start.ini file for the default         -->
<!-- configuration files.                                            -->
<!--                                                                 -->
<!-- For a description of the configuration mechanism, see the       -->
<!-- output of:                                                      -->
<!--   java -jar start.jar -?                                        -->
<!-- =============================================================== -->

<!-- =============================================================== -->
<!-- Configure a Jetty Server instance with an ID "Server"           -->
<!-- Other configuration files may also configure the "Server"       -->
<!-- ID, in which case they are adding configuration to the same     -->
<!-- instance.  If other configuration have a different ID, they     -->
<!-- will create and configure another instance of Jetty.            -->
<!-- Consult the javadoc of o.e.j.server.Server for all              -->
<!-- configuration that may be set here.                             -->
<!-- =============================================================== -->
<Configure id="Server" class="org.eclipse.jetty.server.Server">


    <!-- =========================================================== -->
    <!-- Add shared Scheduler instance                               -->
    <!-- =========================================================== -->
    <Call name="addBean">
        <Arg>
            <New class="org.eclipse.jetty.util.thread.ScheduledExecutorScheduler"/>
        </Arg>
    </Call>

    <!-- =========================================================== -->
    <!-- Http Configuration.                                         -->
    <!-- This is a common configuration instance used by all         -->
    <!-- connectors that can carry HTTP semantics (HTTP, HTTPS, SPDY)-->
    <!-- It configures the non wire protocol aspects of the HTTP     -->
    <!-- semantic.                                                   -->
    <!--                                                             -->
    <!-- This configuration is only defined here and is used by      -->
    <!-- reference from the jetty-http.xml, jetty-https.xml and      -->
    <!-- jetty-spdy.xml configuration files which instantiate the    -->
    <!-- connectors.                                                 -->
    <!--                                                             -->
    <!-- Consult the javadoc of o.e.j.server.HttpConfiguration       -->
    <!-- for all configuration that may be set here.                 -->
    <!-- =========================================================== -->
    <New id="httpConfig" class="org.eclipse.jetty.server.HttpConfiguration">
        <Set name="secureScheme">http</Set>
        <Set name="securePort">8443</Set>
        <Set name="outputBufferSize">32768</Set>
        <Set name="requestHeaderSize">8192</Set>
        <Set name="responseHeaderSize">8192</Set>
        <Set name="sendServerVersion">false</Set>
        <Set name="sendDateHeader">false</Set>
        <Set name="headerCacheSize">512</Set>

        <!-- Uncomment to enable handling of X-Forwarded- style headers
        <Call name="addCustomizer">
          <Arg><New class="org.eclipse.jetty.server.ForwardedRequestCustomizer"/></Arg>
        </Call>
        -->
    </New>

    <!-- ======================== Original Connector =============================== -->
    <!-- <Call name="addConnector">								-->
    <!--     <Arg>										-->
    <!--         <New class="org.eclipse.jetty.server.ServerConnector">				-->
    <!--             <Arg name="server"><Ref refid="Server" /></Arg>				-->
    <!--             <Arg name="factories">							-->
    <!--                 <Array type="org.eclipse.jetty.server.ConnectionFactory">		-->
    <!--                     <Item>								-->
    <!--                         <New class="org.eclipse.jetty.server.HttpConnectionFactory">	-->
    <!--                             <Arg name="config"><Ref refid="httpConfig" /></Arg>	-->
    <!--                         </New>								-->
    <!--                     </Item>								-->
    <!--                 </Array>								-->
    <!--             </Arg>									-->
    <!--             <Set name="port">{{ vitam_struct.port_service }}</Set>					-->
    <!--             <Set name="idleTimeout">							-->
    <!--                 <Property name="http.timeout" default="{{ vitam_defaults.services.port_service_timeout }}"/>	-->
    <!--             </Set>									-->
    <!--         </New>										-->
    <!--     </Arg>										-->
    <!-- </Call>										-->



    <!-- =========================================================== -->
    <!-- Set the default handler structure for the Server            -->
    <!-- A handler collection is used to pass received requests to   -->
    <!-- both the ContextHandlerCollection, which selects the next   -->
    <!-- handler by context path and virtual host, and the           -->
    <!-- DefaultHandler, which handles any requests not handled by   -->
    <!-- the context handlers.                                       -->
    <!-- Other handlers may be added to the "Handlers" collection,   -->
    <!-- for example the jetty-requestlog.xml file adds the          -->
    <!-- RequestLogHandler after the default handler                 -->
    <!-- =========================================================== -->
    <Set name="handler">
        <New id="Handlers" class="org.eclipse.jetty.server.handler.HandlerCollection">
            <Set name="handlers">
                <Array type="org.eclipse.jetty.server.Handler">
                    <Item>
                        <New id="Contexts" class="org.eclipse.jetty.server.handler.ContextHandlerCollection"/>
                    </Item>
                    <Item>
                        <New id="DefaultHandler" class="org.eclipse.jetty.server.handler.DefaultHandler"/>
                    </Item>
                </Array>
            </Set>
        </New>
    </Set>

    <Set name="RequestLog">
            <New id="RequestLogImpl" class="ch.qos.logback.access.jetty.RequestLogImpl">
                <Set name="fileName">{{vitam_folder_conf}}/logback-access.xml</Set>
            </New>
    </Set>
    <Ref id="RequestLogImpl">
              <Call name="start"/>
    </Ref>

    <!-- =========================================================== -->
    <!-- extra server options                                        -->
    <!-- =========================================================== -->
    <Set name="stopAtShutdown">true</Set>
    <Set name="stopTimeout">5000</Set>
    <Set name="dumpAfterStart">false</Set>
    <Set name="dumpBeforeStop">false</Set>

{% if vitam_struct.https_enabled==true %}
   <New id="httpsConfig" class="org.eclipse.jetty.server.HttpConfiguration">
        <Set name="sendServerVersion">false</Set>
        <Set name="sendDateHeader">false</Set>
        <Call name="addCustomizer">
            <Arg>
                <New class="org.eclipse.jetty.server.SecureRequestCustomizer" />
            </Arg>
        </Call>
    </New>
        <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
        <Set name="KeyStorePath">{{ vitam_folder_conf }}/keystore_{{ vitam_struct.vitam_component }}.jks</Set>
        <Set name="KeyStorePassword">{{password_keystore}}</Set>
        <Set name="KeyManagerPassword">{{password_manager_keystore}}</Set>
        <Set name="TrustStorePath">{{ vitam_folder_conf }}/truststore_{{ vitam_struct.vitam_component }}.jks</Set>
        <Set name="TrustStorePassword">{{password_truststore}}</Set>
        <Set name="TrustStoreType">JKS</Set>
        <Set name="NeedClientAuth">false</Set>
        <Set name="WantClientAuth">true</Set>
      <Set name="IncludeCipherSuites">
        <Array type="String">
          <Item>TLS_ECDHE.*</Item>
          <Item>TLS_DHE_RSA.*</Item>
        </Array>
      </Set>
       <Set name="IncludeProtocols">
        <Array type="String">
          <Item>TLSv1</Item>
          <Item>TLSv1.1</Item>
          <Item>TLSv1.2</Item>
        </Array>
      </Set>
      <Set name="ExcludeCipherSuites">
        <Array type="String">
          <Item>.*NULL.*</Item>
          <Item>.*RC4.*</Item>
          <Item>.*MD5.*</Item>
          <Item>.*DES.*</Item>
          <Item>.*DSS.</Item>
        </Array>
      </Set>
        <Set name="UseCipherSuitesOrder">true</Set>
        <Set name="RenegotiationAllowed">true</Set>
    </New>
    <New id="sslConnectionFactory" class="org.eclipse.jetty.server.SslConnectionFactory">
        <Arg name="sslContextFactory">
            <Ref refid="sslContextFactory" />
        </Arg>
        <Arg name="next">http/1.1</Arg>
    </New>
    <New id="businessConnector" class="org.eclipse.jetty.server.ServerConnector">
        <Arg name="server">
            <Ref refid="Server" />
        </Arg>
        <Arg name="factories">
            <Array type="org.eclipse.jetty.server.ConnectionFactory">
                <Item>
                    <Ref refid="sslConnectionFactory" />
                </Item>
                <Item>
                    <New class="org.eclipse.jetty.server.HttpConnectionFactory">
                        <Arg name="config">
                            <Ref refid="httpsConfig" />
                        </Arg>
                    </New>
                </Item>
            </Array>
        </Arg>
        <Set name="host">{{ip_service}}</Set>
        <Set name="port">
            <SystemProperty name="jetty.port" default="{{ vitam_struct.port_service }}"/>
        </Set>
	<Set name="name">business</Set>
    </New>

{% else %}

    <!-- =========================================================== -->
    <!-- Connector for API business            			     -->
    <!-- Attach all ContextHanlder except Admin			     -->
    <!-- =========================================================== -->

    <New id="businessConnector" class="org.eclipse.jetty.server.ServerConnector">
        <Arg name="server"><Ref refid="Server" /></Arg>
        <Arg name="factories">
            <Array type="org.eclipse.jetty.server.ConnectionFactory">
                <Item>
                    <New class="org.eclipse.jetty.server.HttpConnectionFactory">
                        <Arg name="config"><Ref refid="httpConfig" /></Arg>
                    </New>
                </Item>
            </Array>
        </Arg>
        <Set name="host">{{ ip_service }}</Set>
        <Set name="port">{{ vitam_struct.port_service }}</Set>
	<Set name="name">business</Set>
        <Set name="idleTimeout">
            <Property name="http.timeout" default="{{ vitam_defaults.services.port_service_timeout }}"/>
        </Set>
    </New>

{% endif %}

    <!-- =========================================================== -->
    <!-- Connector for API Admin            			     -->
    <!-- Attach all ContextHanlder				     -->
    <!-- =========================================================== -->

    <New id="adminConnector" class="org.eclipse.jetty.server.ServerConnector">
        <Arg name="server"><Ref refid="Server" /></Arg>
        <Arg name="factories">
            <Array type="org.eclipse.jetty.server.ConnectionFactory">
                <Item>
                    <New class="org.eclipse.jetty.server.HttpConnectionFactory">
                        <Arg name="config"><Ref refid="httpConfig" /></Arg>
                    </New>
                </Item>
            </Array>
        </Arg>
        <Set name="host">{{ ip_admin }}</Set>
        <Set name="port">{{ vitam_struct.port_admin }}</Set>
	<Set name="name">admin</Set>
        <Set name="idleTimeout">
            <Property name="http.timeout" default="{{ vitam_defaults.services.port_service_timeout }}"/>
        </Set>
    </New>




    <Call name="setConnectors">
        <Arg>
             <Array type="org.eclipse.jetty.server.ServerConnector">
                <Item>
                    <Ref refid="businessConnector" />
                </Item>
                <Item>
                    <Ref refid="adminConnector" />
                </Item>
            </Array>
        </Arg>
    </Call>

</Configure>

7.2.1.5. Fichier /vitam/conf/<composant>/logbook-client.conf

Ce fichier permet de configurer l’appel au composant logbook.

1
2
serverHost: {{ vitam.logbook.host }}
serverPort: {{ vitam.logbook.port_service }}

7.2.1.6. Fichier /vitam/conf/<composant>/server-identity.conf

1
2
3
identityName: {{ansible_nodename}} 
identityRole: {{vitam_struct.vitam_component}}
identitySiteId: {{vitam_site_id}}

7.2.1.7. Fichier /vitam/conf/<composant>/antisamy-esapi.xml

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
<?xml version="1.0" encoding="ISO-8859-1"?>
	
<!-- 
W3C rules retrieved from:
http://www.w3.org/TR/html401/struct/global.html
-->
	
<!--
Slashdot allowed tags taken from "Reply" page:
<b> <i> <p> <br> <a> <ol> <ul> <li> <dl> <dt> <dd> <em> <strong> <tt> <blockquote> <div> <ecode> <quote>
-->

<anti-samy-rules xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
		xsi:noNamespaceSchemaLocation="antisamy.xsd">
	
	<directives>
		<directive name="omitXmlDeclaration" value="true"/>
		<directive name="omitDoctypeDeclaration" value="true"/>
		<directive name="maxInputSize" value="2000000"/>
		<directive name="embedStyleSheets" value="false"/>
	</directives>
	
	
	<common-regexps>
		
		<!-- 
		From W3C:
		This attribute assigns a class name or set of class names to an
		element. Any number of elements may be assigned the same class
		name or names. Multiple class names must be separated by white 
		space characters.
		-->
		
		<regexp name="htmlTitle" value="[a-zA-Z0-9\s-_',:\[\]!\./\\\(\)]*"/> <!-- force non-empty with a '+' at the end instead of '*' -->
		<regexp name="onsiteURL" value="([\w\\/\.\?=&amp;;\#-~]+|\#(\w)+)"/>
		<regexp name="offsiteURL" value="(\s)*((ht|f)tp(s?)://|mailto:)[A-Za-z0-9]+[~a-zA-Z0-9-_\.@#$%&amp;;:,\?=/\+!]*(\s)*"/>
	
	</common-regexps>
	
	<!-- 
	
	Tag.name = a, b, div, body, etc.
	Tag.action = filter: remove tags, but keep content, validate: keep content as long as it passes rules, remove: remove tag and contents
	Attribute.name = id, class, href, align, width, etc.
	Attribute.onInvalid = what to do when the attribute is invalid, e.g., remove the tag (removeTag), remove the attribute (removeAttribute), filter the tag (filterTag)
	Attribute.description = What rules in English you want to tell the users they can have for this attribute. Include helpful things so they'll be able to tune their HTML
	 
	 -->

	<!-- 
	Some attributes are common to all (or most) HTML tags. There aren't many that qualify for this. You have to make sure there's no
	collisions between any of these attribute names with attribute names of other tags that are for different purposes.
	-->

	<common-attributes>
		

		<attribute name="lang" description="The 'lang' attribute tells the browser what language the element's attribute values and content are written in">
		 	<regexp-list>
		 		<regexp value="[a-zA-Z]{2,20}"/>
		 	</regexp-list>
		 </attribute>
		 
		 <attribute name="title" description="The 'title' attribute provides text that shows up in a 'tooltip' when a user hovers their mouse over the element">
		 	<regexp-list>
		 		<regexp name="htmlTitle"/>
		 	</regexp-list>
		 </attribute>

		<attribute name="href" onInvalid="filterTag">
			<regexp-list>
				<regexp name="onsiteURL"/>
				<regexp name="offsiteURL"/>
			</regexp-list>
		</attribute>
	
		<attribute name="align" description="The 'align' attribute of an HTML element is a direction word, like 'left', 'right' or 'center'">
			<literal-list>
				<literal value="center"/>
				<literal value="left"/>
				<literal value="right"/>
				<literal value="justify"/>
				<literal value="char"/>
			</literal-list>
		</attribute>

	</common-attributes>


	<!--
	This requires normal updates as browsers continue to diverge from the W3C and each other. As long as the browser wars continue
	this is going to continue. I'm not sure war is the right word for what's going on. Doesn't somebody have to win a war after 
	a while?
	 -->
	
	<global-tag-attributes>
		<attribute name="title"/>
		<attribute name="lang"/>
	</global-tag-attributes>


	<tag-rules>

		<!-- Tags related to JavaScript -->

		<tag name="script" action="remove"/>
		<tag name="noscript" action="remove"/>
		
		<!-- Frame & related tags -->
		
		<tag name="iframe" action="remove"/>
		<tag name="frameset" action="remove"/>
		<tag name="frame" action="remove"/>
		<tag name="noframes" action="remove"/>
		

		<!-- All reasonable formatting tags -->
		
		<tag name="p" action="validate">
			<attribute name="align"/>
		</tag>

		<tag name="div" action="validate"/>		
		<tag name="i" action="validate"/>
		<tag name="b" action="validate"/>
		<tag name="em" action="validate"/>
		<tag name="blockquote" action="validate"/>
		<tag name="tt" action="validate"/>
		
		<tag name="br" action="truncate"/>

		<!-- Custom Slashdot tags, though we're trimming the idea of having a possible mismatching end tag with the endtag="" attribute -->
		
		<tag name="quote" action="validate"/>
		<tag name="ecode" action="validate"/> 
		
						
		<!-- Anchor and anchor related tags -->
		
		<tag name="a" action="validate">

			<attribute name="href" onInvalid="filterTag"/>
			<attribute name="nohref">
				<literal-list>
					<literal value="nohref"/>
					<literal value=""/>
				</literal-list>
			</attribute>
			<attribute name="rel">
				<literal-list>
					<literal value="nofollow"/>
				</literal-list>
			</attribute>
		</tag>

		<!-- List tags -->

		<tag name="ul" action="validate"/>
		<tag name="ol" action="validate"/>
		<tag name="li" action="validate"/>
		
	</tag-rules>



	<!--  No CSS on Slashdot posts -->

	<css-rules>
	</css-rules>


	<html-entities>
		<entity name="amp" cdata="&amp;"/>
		<entity name="nbsp" cdata="&amp;#160;"/>
		
		<entity name="iexcl" cdata="&amp;#161;"/> <!--inverted exclamation mark, U+00A1 ISOnum -->
		<entity name="cent" cdata="&amp;#162;"/> <!--cent sign, U+00A2 ISOnum -->
		<entity name="pound" cdata="&amp;#163;"/> <!--pound sign, U+00A3 ISOnum -->
		<entity name="curren" cdata="&amp;#164;"/> <!--currency sign, U+00A4 ISOnum -->
		<entity name="yen" cdata="&amp;#165;"/> <!--yen sign = yuan sign, U+00A5 ISOnum -->
		<entity name="brvbar" cdata="&amp;#166;"/> <!--broken bar = broken vertical bar, U+00A6 ISOnum -->
		<entity name="sect" cdata="&amp;#167;"/> <!--section sign, U+00A7 ISOnum -->
		<entity name="uml" cdata="&amp;#168;"/> <!--diaeresis = spacing diaeresis, U+00A8 ISOdia -->
		<entity name="copy" cdata="&amp;#169;"/> <!--copyright sign, U+00A9 ISOnum -->
		<entity name="ordf" cdata="&amp;#170;"/> <!--feminine ordinal indicator, U+00AA ISOnum -->
		<entity name="laquo" cdata="&amp;#171;"/> <!--left-pointing double angle quotation mark = left pointing guillemet, U+00AB ISOnum -->
		<entity name="not" cdata="&amp;#172;"/> <!--not sign, U+00AC ISOnum -->
		<entity name="shy" cdata="&amp;#173;"/> <!--soft hyphen = discretionary hyphen,U+00AD ISOnum -->
		<entity name="reg" cdata="&amp;#174;"/> <!--registered sign = registered trade mark sign, U+00AE ISOnum -->
		<entity name="macr" cdata="&amp;#175;"/> <!--macron = spacing macron = overline = APL overbar, U+00AF ISOdia -->
		<entity name="deg" cdata="&amp;#176;"/> <!--degree sign, U+00B0 ISOnum -->
		<entity name="plusmn" cdata="&amp;#177;"/> <!--plus-minus sign = plus-or-minus sign, U+00B1 ISOnum -->
		<entity name="sup2" cdata="&amp;#178;"/> <!--superscript two = superscript digit two = squared, U+00B2 ISOnum -->
		<entity name="sup3" cdata="&amp;#179;"/> <!--superscript three = superscript digit three= cubed, U+00B3 ISOnum -->
		<entity name="acute" cdata="&amp;#180;"/> <!--acute accent = spacing acute, U+00B4 ISOdia -->
		<entity name="micro" cdata="&amp;#181;"/> <!--micro sign, U+00B5 ISOnum -->
		<entity name="para" cdata="&amp;#182;"/> <!--pilcrow sign = paragraph sign, U+00B6 ISOnum -->
		<entity name="middot" cdata="&amp;#183;"/> <!--middle dot = Georgian comma = Greek middle dot, U+00B7 ISOnum -->
		<entity name="cedil" cdata="&amp;#184;"/> <!--cedilla = spacing cedilla, U+00B8 ISOdia -->
		<entity name="sup1" cdata="&amp;#185;"/> <!--superscript one = superscript digit one,U+00B9 ISOnum -->
		<entity name="ordm" cdata="&amp;#186;"/> <!--masculine ordinal indicator, U+00BA ISOnum -->
		<entity name="raquo" cdata="&amp;#187;"/> <!--right-pointing double angle quotation mark = right pointing guillemet, U+00BB ISOnum -->
		<entity name="frac14" cdata="&amp;#188;"/> <!--vulgar fraction one quarter = fraction one quarter, U+00BC ISOnum -->
		<entity name="frac12" cdata="&amp;#189;"/> <!--vulgar fraction one half = fraction one half, U+00BD ISOnum -->
		<entity name="frac34" cdata="&amp;#190;"/> <!--vulgar fraction three quarters = fraction three quarters, U+00BE ISOnum -->
		<entity name="iquest" cdata="&amp;#191;"/> <!--inverted question mark = turned question mark, U+00BF ISOnum -->
		<entity name="Agrave" cdata="&amp;#192;"/> <!--latin capital letter A with grave = latin capital letter A grave,U+00C0 ISOlat1 -->
		<entity name="Aacute" cdata="&amp;#193;"/> <!--latin capital letter A with acute,U+00C1 ISOlat1 -->
		<entity name="Acirc" cdata="&amp;#194;"/> <!--latin capital letter A with circumflex,U+00C2 ISOlat1 -->
		<entity name="Atilde" cdata="&amp;#195;"/> <!--latin capital letter A with tilde,U+00C3 ISOlat1 -->
		<entity name="Auml" cdata="&amp;#196;"/> <!--latin capital letter A with diaeresis,U+00C4 ISOlat1 -->
		<entity name="Aring" cdata="&amp;#197;"/> <!--latin capital letter A with ring above = latin capital letter A ring, U+00C5 ISOlat1 -->
		<entity name="AElig" cdata="&amp;#198;"/> <!--latin capital letter AE = latin capital ligature AE, U+00C6 ISOlat1 -->
		<entity name="Ccedil" cdata="&amp;#199;"/> <!--latin capital letter C with cedilla, U+00C7 ISOlat1 -->
		<entity name="Egrave" cdata="&amp;#200;"/> <!--latin capital letter E with grave, U+00C8 ISOlat1 -->
		<entity name="Eacute" cdata="&amp;#201;"/> <!--latin capital letter E with acute,U+00C9 ISOlat1 -->
		<entity name="Ecirc" cdata="&amp;#202;"/> <!--latin capital letter E with circumflex,U+00CA ISOlat1 -->
		<entity name="Euml" cdata="&amp;#203;"/> <!--latin capital letter E with diaeresis, U+00CB ISOlat1 -->
		<entity name="Igrave" cdata="&amp;#204;"/> <!--latin capital letter I with grave, U+00CC ISOlat1 -->
		<entity name="Iacute" cdata="&amp;#205;"/> <!--latin capital letter I with acute, U+00CD ISOlat1 -->
		<entity name="Icirc" cdata="&amp;#206;"/> <!--latin capital letter I with circumflex, U+00CE ISOlat1 -->
		<entity name="Iuml" cdata="&amp;#207;"/> <!--latin capital letter I with diaeresis, U+00CF ISOlat1 -->
		<entity name="ETH" cdata="&amp;#208;"/> <!--latin capital letter ETH, U+00D0 ISOlat1 -->
		<entity name="Ntilde" cdata="&amp;#209;"/> <!--latin capital letter N with tilde, U+00D1 ISOlat1 -->
		<entity name="Ograve" cdata="&amp;#210;"/> <!--latin capital letter O with grave, U+00D2 ISOlat1 -->
		<entity name="Oacute" cdata="&amp;#211;"/> <!--latin capital letter O with acute, U+00D3 ISOlat1 -->
		<entity name="Ocirc" cdata="&amp;#212;"/> <!--latin capital letter O with circumflex, U+00D4 ISOlat1 -->
		<entity name="Otilde" cdata="&amp;#213;"/> <!--latin capital letter O with tilde, U+00D5 ISOlat1 -->
		<entity name="Ouml" cdata="&amp;#214;"/> <!--latin capital letter O with diaeresis, U+00D6 ISOlat1 -->
		<entity name="times" cdata="&amp;#215;"/> <!--multiplication sign, U+00D7 ISOnum -->
		<entity name="Oslash" cdata="&amp;#216;"/> <!--latin capital letter O with stroke = latin capital letter O slash, U+00D8 ISOlat1 -->
		<entity name="Ugrave" cdata="&amp;#217;"/> <!--latin capital letter U with grave, U+00D9 ISOlat1 -->
		<entity name="Uacute" cdata="&amp;#218;"/> <!--latin capital letter U with acute, U+00DA ISOlat1 -->
		<entity name="Ucirc" cdata="&amp;#219;"/> <!--latin capital letter U with circumflex, U+00DB ISOlat1 -->
		<entity name="Uuml" cdata="&amp;#220;"/> <!--latin capital letter U with diaeresis, U+00DC ISOlat1 -->
		<entity name="Yacute" cdata="&amp;#221;"/> <!--latin capital letter Y with acute, U+00DD ISOlat1 -->
		<entity name="THORN" cdata="&amp;#222;"/> <!--latin capital letter THORN, U+00DE ISOlat1 -->
		<entity name="szlig" cdata="&amp;#223;"/> <!--latin small letter sharp s = ess-zed, U+00DF ISOlat1 -->
		<entity name="agrave" cdata="&amp;#224;"/> <!--latin small letter a with grave = latin small letter a grave, U+00E0 ISOlat1 -->
		<entity name="aacute" cdata="&amp;#225;"/> <!--latin small letter a with acute, U+00E1 ISOlat1 -->
		<entity name="acirc" cdata="&amp;#226;"/> <!--latin small letter a with circumflex, U+00E2 ISOlat1 -->
		<entity name="atilde" cdata="&amp;#227;"/> <!--latin small letter a with tilde, U+00E3 ISOlat1 -->
		<entity name="auml" cdata="&amp;#228;"/> <!--latin small letter a with diaeresis, U+00E4 ISOlat1 -->
		<entity name="aring" cdata="&amp;#229;"/> <!--latin small letter a with ring above = latin small letter a ring, U+00E5 ISOlat1 -->
		<entity name="aelig" cdata="&amp;#230;"/> <!--latin small letter ae = latin small ligature ae, U+00E6 ISOlat1 -->
		<entity name="ccedil" cdata="&amp;#231;"/> <!--latin small letter c with cedilla, U+00E7 ISOlat1 -->
		<entity name="egrave" cdata="&amp;#232;"/> <!--latin small letter e with grave, U+00E8 ISOlat1 -->
		<entity name="eacute" cdata="&amp;#233;"/> <!--latin small letter e with acute, U+00E9 ISOlat1 -->
		<entity name="ecirc" cdata="&amp;#234;"/> <!--latin small letter e with circumflex, U+00EA ISOlat1 -->
		<entity name="euml" cdata="&amp;#235;"/> <!--latin small letter e with diaeresis, U+00EB ISOlat1 -->
		<entity name="igrave" cdata="&amp;#236;"/> <!--latin small letter i with grave, U+00EC ISOlat1 -->
		<entity name="iacute" cdata="&amp;#237;"/> <!--latin small letter i with acute, U+00ED ISOlat1 -->
		<entity name="icirc" cdata="&amp;#238;"/> <!--latin small letter i with circumflex, U+00EE ISOlat1 -->
		<entity name="iuml" cdata="&amp;#239;"/> <!--latin small letter i with diaeresis, U+00EF ISOlat1 -->
		<entity name="eth" cdata="&amp;#240;"/> <!--latin small letter eth, U+00F0 ISOlat1 -->
		<entity name="ntilde" cdata="&amp;#241;"/> <!--latin small letter n with tilde, U+00F1 ISOlat1 -->
		<entity name="ograve" cdata="&amp;#242;"/> <!--latin small letter o with grave, U+00F2 ISOlat1 -->
		<entity name="oacute" cdata="&amp;#243;"/> <!--latin small letter o with acute, U+00F3 ISOlat1 -->
		<entity name="ocirc " cdata="&amp;#244;"/> <!--latin small letter o with circumflex, U+00F4 ISOlat1 -->
		<entity name="otilde" cdata="&amp;#245;"/> <!--latin small letter o with tilde, U+00F5 ISOlat1 -->
		<entity name="ouml" cdata="&amp;#246;"/> <!--latin small letter o with diaeresis, U+00F6 ISOlat1 -->
		<entity name="divide" cdata="&amp;#247;"/> <!--division sign, U+00F7 ISOnum -->
		<entity name="oslash" cdata="&amp;#248;"/> <!--latin small letter o with stroke, = latin small letter o slash, U+00F8 ISOlat1 -->
		<entity name="ugrave" cdata="&amp;#249;"/> <!--latin small letter u with grave, U+00F9 ISOlat1 -->
		<entity name="uacute" cdata="&amp;#250;"/> <!--latin small letter u with acute, U+00FA ISOlat1 -->
		<entity name="ucirc" cdata="&amp;#251;"/> <!--latin small letter u with circumflex, U+00FB ISOlat1 -->
		<entity name="uuml" cdata="&amp;#252;"/> <!--latin small letter u with diaeresis, U+00FC ISOlat1 -->
		<entity name="yacute" cdata="&amp;#253;"/> <!--latin small letter y with acute, U+00FD ISOlat1 -->
		<entity name="thorn" cdata="&amp;#254;"/> <!--latin small letter thorn, U+00FE ISOlat1 -->
		<entity name="yuml" cdata="&amp;#255;"/> <!--latin small letter y with diaeresis, U+00FF ISOlat1 -->
		                                  
		<entity name="fnof" cdata="&amp;#402;"/> <!--latin small f with hook = function = florin, U+0192 ISOtech -->
		
		<!-- Greek -->
		<entity name="Alpha" cdata="&amp;#913;"/> <!--greek capital letter alpha, U+0391 -->
		<entity name="Beta" cdata="&amp;#914;"/> <!--greek capital letter beta, U+0392 -->
		<entity name="Gamma" cdata="&amp;#915;"/> <!--greek capital letter gamma, U+0393 ISOgrk3 -->
		<entity name="Delta" cdata="&amp;#916;"/> <!--greek capital letter delta, U+0394 ISOgrk3 -->
		<entity name="Epsilon" cdata="&amp;#917;"/> <!--greek capital letter epsilon, U+0395 -->
		<entity name="Zeta" cdata="&amp;#918;"/> <!--greek capital letter zeta, U+0396 -->
		<entity name="Eta" cdata="&amp;#919;"/> <!--greek capital letter eta, U+0397 -->
		<entity name="Theta" cdata="&amp;#920;"/> <!--greek capital letter theta, U+0398 ISOgrk3 -->
		<entity name="Iota" cdata="&amp;#921;"/> <!--greek capital letter iota, U+0399 -->
		<entity name="Kappa" cdata="&amp;#922;"/> <!--greek capital letter kappa, U+039A -->
		<entity name="Lambda" cdata="&amp;#923;"/> <!--greek capital letter lambda, U+039B ISOgrk3 -->
		<entity name="Mu" cdata="&amp;#924;"/> <!--greek capital letter mu, U+039C -->
		<entity name="Nu" cdata="&amp;#925;"/> <!--greek capital letter nu, U+039D -->
		<entity name="Xi" cdata="&amp;#926;"/> <!--greek capital letter xi, U+039E ISOgrk3 -->
		<entity name="Omicron" cdata="&amp;#927;"/> <!--greek capital letter omicron, U+039F -->
		<entity name="Pi" cdata="&amp;#928;"/> <!--greek capital letter pi, U+03A0 ISOgrk3 -->
		<entity name="Rho" cdata="&amp;#929;"/> <!--greek capital letter rho, U+03A1 -->
		<!-- there is no Sigmaf, and no U+03A2 character either -->
		<entity name="Sigma" cdata="&amp;#931;"/> <!--greek capital letter sigma, U+03A3 ISOgrk3 -->
		<entity name="Tau" cdata="&amp;#932;"/> <!--greek capital letter tau, U+03A4 -->
		<entity name="Upsilon" cdata="&amp;#933;"/> <!--greek capital letter upsilon,U+03A5 ISOgrk3 -->
		<entity name="Phi" cdata="&amp;#934;"/> <!--greek capital letter phi,U+03A6 ISOgrk3 -->
		<entity name="Chi" cdata="&amp;#935;"/> <!--greek capital letter chi, U+03A7 -->
		<entity name="Psi" cdata="&amp;#936;"/> <!--greek capital letter psi,U+03A8 ISOgrk3 -->
		<entity name="Omega" cdata="&amp;#937;"/> <!--greek capital letter omega,U+03A9 ISOgrk3 -->
		
		<entity name="alpha" cdata="&amp;#945;"/> <!--greek small letter alpha,U+03B1 ISOgrk3 -->
		<entity name="beta" cdata="&amp;#946;"/> <!--greek small letter beta, U+03B2 ISOgrk3 -->
		<entity name="gamma" cdata="&amp;#947;"/> <!--greek small letter gamma,U+03B3 ISOgrk3 -->
		<entity name="delta" cdata="&amp;#948;"/> <!--greek small letter delta,U+03B4 ISOgrk3 -->
		<entity name="epsilon" cdata="&amp;#949;"/> <!--greek small letter epsilon,U+03B5 ISOgrk3 -->
		<entity name="zeta" cdata="&amp;#950;"/> <!--greek small letter zeta, U+03B6 ISOgrk3 -->
		<entity name="eta" cdata="&amp;#951;"/> <!--greek small letter eta, U+03B7 ISOgrk3 -->
		<entity name="theta" cdata="&amp;#952;"/> <!--greek small letter theta, U+03B8 ISOgrk3 -->
		<entity name="iota" cdata="&amp;#953;"/> <!--greek small letter iota, U+03B9 ISOgrk3 -->
		<entity name="kappa" cdata="&amp;#954;"/> <!--greek small letter kappa,U+03BA ISOgrk3 -->
		<entity name="lambda" cdata="&amp;#955;"/> <!--greek small letter lambda, U+03BB ISOgrk3 -->
		<entity name="mu" cdata="&amp;#956;"/> <!--greek small letter mu, U+03BC ISOgrk3 -->
		<entity name="nu" cdata="&amp;#957;"/> <!--greek small letter nu, U+03BD ISOgrk3 -->
		<entity name="xi" cdata="&amp;#958;"/> <!--greek small letter xi, U+03BE ISOgrk3 -->
		<entity name="omicron" cdata="&amp;#959;"/> <!--greek small letter omicron, U+03BF NEW -->
		<entity name="pi" cdata="&amp;#960;"/> <!--greek small letter pi, U+03C0 ISOgrk3 -->
		<entity name="rho" cdata="&amp;#961;"/> <!--greek small letter rho, U+03C1 ISOgrk3 -->
		<entity name="sigmaf" cdata="&amp;#962;"/> <!--greek small letter final sigma, U+03C2 ISOgrk3 -->
		<entity name="sigma" cdata="&amp;#963;"/> <!--greek small letter sigma, U+03C3 ISOgrk3 -->
		<entity name="tau" cdata="&amp;#964;"/> <!--greek small letter tau, U+03C4 ISOgrk3 -->
		<entity name="upsilon" cdata="&amp;#965;"/> <!--greek small letter upsilon, U+03C5 ISOgrk3 -->
		<entity name="phi" cdata="&amp;#966;"/> <!--greek small letter phi, U+03C6 ISOgrk3 -->
		<entity name="chi" cdata="&amp;#967;"/> <!--greek small letter chi, U+03C7 ISOgrk3 -->
		<entity name="psi" cdata="&amp;#968;"/> <!--greek small letter psi, U+03C8 ISOgrk3 -->
		<entity name="omega" cdata="&amp;#969;"/> <!--greek small letter omega, U+03C9 ISOgrk3 -->
		<entity name="thetasym" cdata="&amp;#977;"/> <!--greek small letter theta symbol, U+03D1 NEW -->
		<entity name="upsih" cdata="&amp;#978;"/> <!--greek upsilon with hook symbol, U+03D2 NEW -->
		<entity name="piv" cdata="&amp;#982;"/> <!--greek pi symbol, U+03D6 ISOgrk3 -->
		
		<!-- General Punctuation -->
		<entity name="bull" cdata="&amp;#8226;"/> <!--bullet = black small circle, U+2022 ISOpub  -->
		<!-- bullet is NOT the same as bullet operator, U+2219 -->
		<entity name="hellip" cdata="&amp;#8230;"/> <!--horizontal ellipsis = three dot leader, U+2026 ISOpub  -->
		<entity name="prime" cdata="&amp;#8242;"/> <!--prime = minutes = feet, U+2032 ISOtech -->
		<entity name="Prime" cdata="&amp;#8243;"/> <!--double prime = seconds = inches, U+2033 ISOtech -->
		<entity name="oline" cdata="&amp;#8254;"/> <!--overline = spacing overscore, U+203E NEW -->
		<entity name="frasl" cdata="&amp;#8260;"/> <!--fraction slash, U+2044 NEW -->
		
		<!-- Letterlike Symbols -->
		<entity name="weierp" cdata="&amp;#8472;"/> <!--script capital P = power set = Weierstrass p, U+2118 ISOamso -->
		<entity name="image" cdata="&amp;#8465;"/> <!--blackletter capital I = imaginary part, U+2111 ISOamso -->
		<entity name="real" cdata="&amp;#8476;"/> <!--blackletter capital R = real part symbol, U+211C ISOamso -->
		<entity name="trade" cdata="&amp;#8482;"/> <!--trade mark sign, U+2122 ISOnum -->
		<entity name="alefsym" cdata="&amp;#8501;"/> <!--alef symbol = first transfinite cardinal, U+2135 NEW -->
		<!-- alef symbol is NOT the same as hebrew letter alef,
		     U+05D0 although the same glyph could be used to depict both characters -->
		
		<!-- Arrows -->
		<entity name="larr" cdata="&amp;#8592;"/> <!--leftwards arrow, U+2190 ISOnum -->
		<entity name="uarr" cdata="&amp;#8593;"/> <!--upwards arrow, U+2191 ISOnum-->
		<entity name="rarr" cdata="&amp;#8594;"/> <!--rightwards arrow, U+2192 ISOnum -->
		<entity name="darr" cdata="&amp;#8595;"/> <!--downwards arrow, U+2193 ISOnum -->
		<entity name="harr" cdata="&amp;#8596;"/> <!--left right arrow, U+2194 ISOamsa -->
		<entity name="crarr" cdata="&amp;#8629;"/> <!--downwards arrow with corner leftwards
		                                     = carriage return, U+21B5 NEW -->
		<entity name="lArr" cdata="&amp;#8656;"/> <!--leftwards double arrow, U+21D0 ISOtech -->
		
		<!-- ISO 10646 does not say that lArr is the same as the 'is implied by' arrow
		    but also does not have any other character for that function. So ? lArr can
		    be used for 'is implied by' as ISOtech suggests -->
		    
		<entity name="uArr" cdata="&amp;#8657;"/> <!--upwards double arrow, U+21D1 ISOamsa -->
		<entity name="rArr" cdata="&amp;#8658;"/> <!--rightwards double arrow, U+21D2 ISOtech -->
		
		<!-- ISO 10646 does not say this is the 'implies' character but does not have 
		     another character with this function so ?
		     rArr can be used for 'implies' as ISOtech suggests -->
		     
		<entity name="dArr" cdata="&amp;#8659;"/> <!--downwards double arrow, U+21D3 ISOamsa -->
		<entity name="hArr" cdata="&amp;#8660;"/> <!--left right double arrow, U+21D4 ISOamsa -->
		
		<!-- Mathematical Operators -->
		<entity name="forall" cdata="&amp;#8704;"/> <!--for all, U+2200 ISOtech -->
		<entity name="part" cdata="&amp;#8706;"/> <!--partial differential, U+2202 ISOtech  -->
		<entity name="exist" cdata="&amp;#8707;"/> <!--there exists, U+2203 ISOtech -->
		<entity name="empty" cdata="&amp;#8709;"/> <!--empty set = null set = diameter,U+2205 ISOamso -->
		<entity name="nabla" cdata="&amp;#8711;"/> <!--nabla = backward difference, U+2207 ISOtech -->
		<entity name="isin" cdata="&amp;#8712;"/> <!--element of, U+2208 ISOtech -->
		<entity name="notin" cdata="&amp;#8713;"/> <!--not an element of, U+2209 ISOtech -->
		<entity name="ni" cdata="&amp;#8715;"/> <!--contains as member, U+220B ISOtech -->
	
		<!-- should there be a more memorable name than 'ni'? -->
		<entity name="prod" cdata="&amp;#8719;"/> <!--n-ary product = product sign, U+220F ISOamsb -->
		
		<!-- prod is NOT the same character as U+03A0 'greek capital letter pi' though
		     the same glyph might be used for both -->
		     
		<entity name="sum" cdata="&amp;#8721;"/> <!--n-ary sumation, U+2211 ISOamsb -->
		
		<!-- sum is NOT the same character as U+03A3 'greek capital letter sigma'
		     though the same glyph might be used for both -->
		
		<entity name="minus" cdata="&amp;#8722;"/> <!--minus sign, U+2212 ISOtech -->
		<entity name="lowast" cdata="&amp;#8727;"/> <!--asterisk operator, U+2217 ISOtech -->
		<entity name="radic" cdata="&amp;#8730;"/> <!--square root = radical sign, U+221A ISOtech -->
		<entity name="prop" cdata="&amp;#8733;"/> <!--proportional to, U+221D ISOtech -->
		<entity name="infin" cdata="&amp;#8734;"/> <!--infinity, U+221E ISOtech -->
		<entity name="ang" cdata="&amp;#8736;"/> <!--angle, U+2220 ISOamso -->
		<entity name="and" cdata="&amp;#8743;"/> <!--logical and = wedge, U+2227 ISOtech -->
		<entity name="or" cdata="&amp;#8744;"/> <!--logical or = vee, U+2228 ISOtech -->
		<entity name="cap" cdata="&amp;#8745;"/> <!--intersection = cap, U+2229 ISOtech -->
		<entity name="cup" cdata="&amp;#8746;"/> <!--union = cup, U+222A ISOtech -->
		<entity name="int" cdata="&amp;#8747;"/> <!--integral, U+222B ISOtech -->
		<entity name="there4" cdata="&amp;#8756;"/> <!--therefore, U+2234 ISOtech -->
		<entity name="sim" cdata="&amp;#8764;"/> <!--tilde operator = varies with = similar to, U+223C ISOtech -->
		
		<!-- tilde operator is NOT the same character as the tilde, U+007E,
		     although the same glyph might be used to represent both  -->
		     
		<entity name="cong" cdata="&amp;#8773;"/> <!--approximately equal to, U+2245 ISOtech -->
		<entity name="asymp" cdata="&amp;#8776;"/> <!--almost equal to = asymptotic to, U+2248 ISOamsr -->
		<entity name="ne" cdata="&amp;#8800;"/> <!--not equal to, U+2260 ISOtech -->
		<entity name="equiv" cdata="&amp;#8801;"/> <!--identical to, U+2261 ISOtech -->
		<entity name="le" cdata="&amp;#8804;"/> <!--less-than or equal to, U+2264 ISOtech -->
		<entity name="ge" cdata="&amp;#8805;"/> <!--greater-than or equal to, U+2265 ISOtech -->
		<entity name="sub" cdata="&amp;#8834;"/> <!--subset of, U+2282 ISOtech -->
		<entity name="sup" cdata="&amp;#8835;"/> <!--superset of, U+2283 ISOtech -->
		
		<!-- note that nsup, 'not a superset of, U+2283' is not covered by the Symbol 
		     font encoding and is not included. Should it be, for symmetry?
		     It is in ISOamsn  --> 
		
		<entity name="nsub" cdata="&amp;#8836;"/> <!--not a subset of, U+2284 ISOamsn -->
		<entity name="sube" cdata="&amp;#8838;"/> <!--subset of or equal to, U+2286 ISOtech -->
		<entity name="supe" cdata="&amp;#8839;"/> <!--superset of or equal to, U+2287 ISOtech -->
		<entity name="oplus" cdata="&amp;#8853;"/> <!--circled plus = direct sum, U+2295 ISOamsb -->
		<entity name="otimes" cdata="&amp;#8855;"/> <!--circled times = vector product, U+2297 ISOamsb -->
		<entity name="perp" cdata="&amp;#8869;"/> <!--up tack = orthogonal to = perpendicular, U+22A5 ISOtech -->
		<entity name="sdot" cdata="&amp;#8901;"/> <!--dot operator, U+22C5 ISOamsb -->
		<!-- dot operator is NOT the same character as U+00B7 middle dot -->
		
		<!-- Miscellaneous Technical -->
		<entity name="lceil" cdata="&amp;#8968;"/> <!--left ceiling = apl upstile, U+2308 ISOamsc  -->
		<entity name="rceil" cdata="&amp;#8969;"/> <!--right ceiling, U+2309 ISOamsc  -->
		<entity name="lfloor" cdata="&amp;#8970;"/> <!--left floor = apl downstile, U+230A ISOamsc  -->
		<entity name="rfloor" cdata="&amp;#8971;"/> <!--right floor, U+230B ISOamsc  -->
		<entity name="lang" cdata="&amp;#9001;"/> <!--left-pointing angle bracket = bra, U+2329 ISOtech -->
		<!-- lang is NOT the same character as U+003C 'less than' 
		     or U+2039 'single left-pointing angle quotation mark' -->
		<entity name="rang" cdata="&amp;#9002;"/> <!--right-pointing angle bracket = ket, U+232A ISOtech -->
		<!-- rang is NOT the same character as U+003E 'greater than' or U+203A 'single right-pointing angle quotation mark' -->
		
		<!-- Geometric Shapes -->
		<entity name="loz" cdata="&amp;#9674;"/> <!--lozenge, U+25CA ISOpub -->
		
		<!-- Miscellaneous Symbols -->
		<entity name="spades" cdata="&amp;#9824;"/> <!--black spade suit, U+2660 ISOpub -->
		<!-- black here seems to mean filled as opposed to hollow -->
		<entity name="clubs" cdata="&amp;#9827;"/> <!--black club suit = shamrock, U+2663 ISOpub -->
		<entity name="hearts" cdata="&amp;#9829;"/> <!--black heart suit = valentine, U+2665 ISOpub -->
		<entity name="diams" cdata="&amp;#9830;"/> <!--black diamond suit, U+2666 ISOpub -->
		
		<entity name="quot" cdata="&amp;#34;"  /> <!--quotation mark = APL quote, U+0022 ISOnum -->
		<!-- Latin Extended-A -->
		<entity name="OElig" cdata="&amp;#338;" /> <!--latin capital ligature OE, U+0152 ISOlat2 -->
		<entity name="oelig" cdata="&amp;#339;" /> <!--latin small ligature oe, U+0153 ISOlat2 -->
		<!-- ligature is a misnomer, this is a separate character in some languages -->
		<entity name="Scaron" cdata="&amp;#352;" /> <!--latin capital letter S with caron, U+0160 ISOlat2 -->
		<entity name="scaron" cdata="&amp;#353;" /> <!--latin small letter s with caron, U+0161 ISOlat2 -->
		<entity name="Yuml" cdata="&amp;#376;" /> <!--latin capital letter Y with diaeresis, U+0178 ISOlat2 -->
		
		<!-- Spacing Modifier Letters -->
		<entity name="circ" cdata="&amp;#710;" /> <!--modifier letter circumflex accent, U+02C6 ISOpub -->
		<entity name="tilde" cdata="&amp;#732;" /> <!--small tilde, U+02DC ISOdia -->
		
		<!-- General Punctuation -->
		<entity name="ensp" cdata="&amp;#8194;"/> <!--en space, U+2002 ISOpub -->
		<entity name="emsp" cdata="&amp;#8195;"/> <!--em space, U+2003 ISOpub -->
		<entity name="thinsp" cdata="&amp;#8201;"/> <!--thin space, U+2009 ISOpub -->
		<entity name="zwnj" cdata="&amp;#8204;"/> <!--zero width non-joiner, U+200C NEW RFC 2070 -->
		<entity name="zwj" cdata="&amp;#8205;"/> <!--zero width joiner, U+200D NEW RFC 2070 -->
		<entity name="lrm" cdata="&amp;#8206;"/> <!--left-to-right mark, U+200E NEW RFC 2070 -->
		<entity name="rlm" cdata="&amp;#8207;"/> <!--right-to-left mark, U+200F NEW RFC 2070 -->
		<entity name="ndash" cdata="&amp;#8211;"/> <!--en dash, U+2013 ISOpub -->
		<entity name="mdash" cdata="&amp;#8212;"/> <!--em dash, U+2014 ISOpub -->
		<entity name="lsquo" cdata="&amp;#8216;"/> <!--left single quotation mark, U+2018 ISOnum -->
		<entity name="rsquo" cdata="&amp;#8217;"/> <!--right single quotation mark, U+2019 ISOnum -->
		<entity name="sbquo" cdata="&amp;#8218;"/> <!--single low-9 quotation mark, U+201A NEW -->
		<entity name="ldquo" cdata="&amp;#8220;"/> <!--left double quotation mark, U+201C ISOnum -->
		<entity name="rdquo" cdata="&amp;#8221;"/> <!--right double quotation mark, U+201D ISOnum -->
		<entity name="bdquo" cdata="&amp;#8222;"/> <!--double low-9 quotation mark, U+201E NEW -->
		<entity name="dagger" cdata="&amp;#8224;"/> <!--dagger, U+2020 ISOpub -->
		<entity name="Dagger" cdata="&amp;#8225;"/> <!--double dagger, U+2021 ISOpub -->
		<entity name="permil" cdata="&amp;#8240;"/> <!--per mille sign, U+2030 ISOtech -->
		<entity name="lsaquo" cdata="&amp;#8249;"/> <!--single left-pointing angle quotation mark, U+2039 ISO proposed -->
		<!-- lsaquo is proposed but not yet ISO standardized -->
		<entity name="rsaquo" cdata="&amp;#8250;"/> <!--single right-pointing angle quotation mark, U+203A ISO proposed -->
		<!-- rsaquo is proposed but not yet ISO standardized -->
		<entity name="euro" cdata="&amp;#8364;" /> <!--euro sign, U+20AC NEW -->
	</html-entities>

</anti-samy-rules>

7.2.1.8. Fichier /vitam/conf/<composant>/vitam.conf

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
secret : {{plateforme_secret}}
filterActivation : {{ vitam_struct.secret_platform }}
{% if vitam_struct.vitam_component == vitam.processing.vitam_component %}
distributeurBatchSize: 800
workerBulkSize: 16
{% endif %}
{% if vitam_struct.vitam_component == vitam.metadata.vitam_component %}
storeGraphElementsPerFile: 10000
storeGraphOverlapDelay: 300
expireCacheEntriesDelay: 300
deleteIncompleteReconstructedUnitDelay: 2592000
migrationBulkSize: 10000
{% endif %}
distributionThreshold : 100000
eliminationAnalysisThreshold : 100000
eliminationActionThreshold : 10000
intervalDelayCheckIdle : 5000
maxDelayUnusedConnection : 5000
delayValidationAfterInactivity : 2500
tenants:  [ "{{ vitam_tenant_ids | join('", "') }}" ]
adminTenant : {{vitam_tenant_admin}}
forceChunkModeInputStream : {{vitam_defaults.vitam_force_chunk_mode}}

{% if vitam_struct.vitam_component == vitam.worker.vitam_component %}
reclassificationMaxBulkThreshold: 1000
reclassificationMaxUnitsThreshold: 10000
reclassificationMaxGuildListSizeInLogbookOperation: 1000
{% endif %}

keywordMaxLength: 32766
textMaxLength: 32766

classificationLevel :
  allowList :  [{% for classification in classificationList %}{{ classification }}{% if not loop.last %},{% endif %}{% endfor %}]
  authorizeNotDefined: {{classificationLevelOptional}}

Ce fichier permet de définir le secret de plate-forme.

7.2.1.9. Fichier /vitam/conf/<composant>/vitam.metrics.conf

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#  Fichier de configuration des métriques
#
#  Les différents clés disponibles pour ce fichier de configuration sont les suivantes :
#
#  metricsJersey: true / false	Active ou non les métriques Jersey
#  metricsJVM: true / false	Active ou non les métriques JVM
#
#  metricReporter: ELASTICSEARCH | LOGBACK | NONE			défini le type de reporter
#  metricReporterInterval: int > 0					défini l'interval entre chaque reporting
#  metricReporterIntervalUnit: TimeUnit (ex: SECONDS, MINUTES...)	défini le type d'interval
#
#  Si le reporter est de type LOGBACK, la clé suivante est configurable:
#  metricLogLevel: DEBUG | INFO | WARN | ERROR ... 			défini le niveau de log Logback
#
#  Si le reporter est de type ELASTICSEARCH, la clé suivante est obligatoire :
#
#  (un tableau avec les différentes adresses des bases ElasticSearch)
#  metricReporterHosts:
#  	- 127.0.0.1:9201
#  	- 0.0.0.0:80
#  	- 8.8.8.8:22

{% if (groups['hosts-logstash'] | length) > 0  %}
metricsJersey: true
metricsJVM: true

metricReporter: ELASTICSEARCH
metricReporterHosts:
{% for host in groups['hosts-elasticsearch-log'] %}
   - "{{ hostvars[host]['ip_admin'] }}:{{ elasticsearch.log.port_http }}"
{% endfor %}
metricLogLevel: DEBUG
metricReporterInterval: 3
metricReporterIntervalUnit: MINUTES
{% endif %}

7.2.1.10. Fichier /vitam/conf/<composant>/java.security

1
2
3
4
5
# Use Bouncy Castle Provider when it is available
security.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider

# Override the default list of Centos 7 that disable Elliptic Curved Based Algorithms
jdk.tls.disabledAlgorithms="SSLv3, RC4, MD5withRSA, DH keySize < 768,RSA keySize < 2048"