System Properties

Table of Contents

Properties

Start your application server with the system property"system.properties.set" set to true to load the external file calledsystem.properties. This is given as a convenient way to ensure all propertiesare set for deployment. When the server starts, the portal will loadsystem.properties and then system-ext.properties.

Start your application server with the system property"system.properties.set.override" set to true if the properties ofsystem.properties override all similar command line properties. If set tofalse, the properties of system.properties will be set if and only if thoseproperties are not currently set.

Some application servers require you to set the "file.encoding" and"user.timezone" on startup regardless of system.properties because theapplication server reads these properties before system.properties is everloaded.


Top of Page

Axis


URLs that match the specified pattern use the SimpleHTTPSender. URLs that do not match the specified pattern use Axis' default HTTPSender.

Defaults:

    com.liferay.util.axis.SimpleHTTPSender.regexp.pattern=.*mappoint\.net.*


Top of Page

CXF


Set CXF logger class.

Defaults:

    org.apache.cxf.Logger=com.liferay.portal.remote.jaxrs.whiteboard.internal.log.LiferayCXFLogger


Top of Page

Cookie


HTTP only cookies are not supposed to be exposed to client-side scripting code, and may therefore help mitigate certain kinds of cross-site scripting attacks. Input a list of comma delimited cookie names that are not HTTP only.

Defaults:

    cookie.http.only.names.excludes=


Top of Page

Ehcache


Set this to true to skip the update check.

Defaults:

    net.sf.ehcache.skipUpdateCheck=true


Top of Page

Encryptor


Set the security provider class.

Defaults:

    com.liferay.util.Encryptor.provider.class=com.sun.crypto.provider.SunJCE


Top of Page

HTTP


See portal.properties for more HTTP settings.


Set the HTTP proxy location where the portal fetches external content.

Set http.nonProxyHosts for hosts that must not be proxied. This is useful for proxied environments where you need direct access to internal servers. Follow the same semantics as the java.net package.

Examples:

    http.proxyHost=192.168.0.200
    http.proxyPort=4480
    http.nonProxyHosts=192.168.0.250


Top of Page

HTTP Header Response


See portal.properties for more HTTP Header Response settings.


Set this to true for the portal to send the "X-Content-Type-Options: nosniff" HTTP header to protect against MIME sniffing. Custom URLs that allow for unhindered MIME sniffing are specified via the "http.header.secure.x.content.type.options.urls.excludes" property.

Defaults:

    http.header.secure.x.content.type.options=true


Set a list of comma-delimited URL prefixes that allow for unhindered MIME sniffing. This property is used only when the property "http.header.secure.x.content.type.options" is set to true.

Examples:

    http.header.secure.x.content.type.options.urls.excludes=


Set this to true for the portal to send the "X-Frame-Options: DENY" HTTP header to protect against clickjacking.

Custom HTTP header values instead of "DENY" are specified per URL via "http.header.secure.x.frame.options.*" properties.

Defaults:

    http.header.secure.x.frame.options=true


If the property "http.header.secure.x.frame.options" is set to true, then the portal searches the "http.header.secure.x.frame.options.*" properties for a matching pipe-delimited URL and HTTP header value pair (e.g., "/|SAMEORIGIN"). The portal iterates through the "http.header.secure.x.frame.options.*" properties where the wildcard "*" is replaced with an integer between 0 and 255 (starting with 0).

Upon finding a matched a URL, the portal uses the custom HTTP header value instead of the "DENY" value.

By default, URLs that start with "/" use the "SAMEORIGIN" custom HTTP header value. Specify another URL and HTTP header value with a number smaller than 255 to intercept this default behavior.

Defaults:

    http.header.secure.x.frame.options.255=/|SAMEORIGIN


Top of Page

HTTPS


Input a list of comma-delimited HTTPS cipher suites allowed for HTTPS connection to a 3rd party server.

Examples:

    https.cipherSuites=


Input a list of comma delimited protocols allowed for HTTPS connection to a 3rd party server. For example -Dhttps.protocols=TLSv1.1,TLSv1.2 disables outbound TLS 1.0 connections.

Examples:

    https.protocols=


Top of Page

IO Netty

Defaults:

    io.netty.allocator.type=pooled

Examples:

    io.netty.allocator.cacheTrimInterval=
    io.netty.allocator.maxCachedBufferCapacity=
    io.netty.allocator.maxOrder=
    io.netty.allocator.normalCacheSize=
    io.netty.allocator.numDirectArenas=
    io.netty.allocator.numHeapArenas=
    io.netty.allocator.pageSize=
    io.netty.allocator.smallCacheSize=
    io.netty.allocator.tinyCacheSize=
    io.netty.threadLocalDirectBufferSize=


Top of Page

Java


The file encoding must be set to UTF-8 for internationalization to work correctly.

Defaults:

    file.encoding=UTF-8


Java uses the underlying operating system to generate images. If you are using Unix and do not start the portal in an X Windows session, then Java does not generate images and lots of nasty exceptions are thrown. Setting this property to true fixes that. If this property does not set dynamically on server startup, edit your start script to include this setting as a system property.

Defaults:

    java.awt.headless=true


Set the default locale to use. This locale is no longer set at the VM level. See LEP-2584.

Defaults:

    user.country=US
    user.language=en


Top of Page

Java Advanced Imaging


JAI relies on native acceleration to improve performance. To use native acceleration, you must install the appropriate native libraries and set this property to false. Warnings are reported if this is set to false without installing the proper native libraries.

Defaults:

    com.sun.media.jai.disableMediaLib=true


Top of Page

Java Architecture for XML Binding


Specify the JAXB context factory to avoid using the one detected by context. This forces Java to use the same implementation instead of different implementations for different Java versions. Set this property to a blank value to use the auto-detected JAXB context factory.

Defaults:

    javax.xml.bind.JAXBContextFactory=com.sun.xml.bind.v2.ContextFactory


Top of Page

JRuby


Set this to true to enable native extensions (like JNA for non-Java APIs).

Defaults:

    jruby.native.enabled=false


Top of Page

Log Sanitizer


Set this to true to enable the log sanitizer, which is a safe logging mechanism that avoids directly embedding user input in log files. The log sanitizer automatically sanitizes log messages by replacing all unexpected characters from user supplied data with safe replacement characters.

See the "log.sanitizer.escape.html.enabled" property to encode HTML entities in log messages.

Defaults:

    log.sanitizer.enabled=true


Set this to true to encode HTML data in log messages.

Defaults:

    log.sanitizer.escape.html.enabled=false


Specify the code point of the character to replace forbidden characters. The underscore character, which has code point 95, is the default replacement character.

Defaults:

    log.sanitizer.replacement.character=95


Specify characters to allow in log messages. The sanitizer operates on characters with code points less than 128. Characters with code points greater than 128 are always allowed. Please see ASCII tables to look up character code points.

This default whitelist allows characters with code points 9 (tab), 32 (space), and all characters with code points greater than 32 except 127 (delete).

Defaults:

    log.sanitizer.whitelist.characters=9,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126


Top of Page

Logging


Set any logger that implements org.apache.commons.logging.Log.

Examples:

    org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger


Set this to true if Log4j complains that it is not properly configured.

Defaults:

    log4j.configure.on.startup=true


Set this to create a single logger context using a single configuration for sharing across all applications.

Defaults:

    log4j2.contextSelector=org.apache.logging.log4j.core.selector.BasicContextSelector


Set this to true to disable JMX and to prevent Log4j 2 MBean creation.

Defaults:

    log4j2.disable.jmx=true


Top of Page

Lucene


Set a timeout to avoid lock errors.

Examples:

    org.apache.lucene.writeLockTimeout=30000


Top of Page

Quartz


Make threads daemons for the JVM to exit cleanly.

Defaults:

    org.quartz.threadPool.makeThreadsDaemons=true


Turn off the update checking for better performance and security.

Defaults:

    org.terracotta.quartz.skipUpdateCheck=true


Top of Page

Security

Defaults:

    com.liferay.portal.kernel.io.ProtectedObjectInputStream.restricted.class.names=\
        com.sun.org.apache.xalan.internal.xsltc.trax.TemplatesImpl,\
        org.apache.commons.collections.functors.CloneTransformer,\
        org.apache.commons.collections.functors.ForClosure,\
        org.apache.commons.collections.functors.InstantiateFactory,\
        org.apache.commons.collections.functors.InstantiateTransformer,\
        org.apache.commons.collections.functors.InvokerTransformer,\
        org.apache.commons.collections.functors.PrototypeFactory$PrototypeCloneFactory,\
        org.apache.commons.collections.functors.PrototypeFactory$PrototypeSerializationFactory,\
        org.apache.commons.collections.functors.WhileClosure,\
        org.apache.commons.collections4.functors.InvokerTransformer,\
        org.codehaus.groovy.runtime.ConvertedClosure,\
        org.codehaus.groovy.runtime.MethodClosure,\
        org.springframework.beans.factory.ObjectFactory,\
        org.springframework.core.SerializableTypeWrapper$MethodInvokeTypeProvider,\
        sun.reflect.annotation.AnnotationInvocationHandler

Defaults:

    com.liferay.portal.kernel.security.SecureRandomUtil.buffer.size=65536


Top of Page

Service Proxy Factory


Set the service proxy factory timeout in milliseconds.

Defaults:

    com.liferay.portal.kernel.util.ServiceProxyFactory.timeout=60000


Top of Page

Session Parameters


Encrypt session parameters so that browsers cannot remember them.

Defaults:

    com.liferay.util.servlet.SessionParameters=false


Top of Page

Spring


Set this to true to ignore Spring BeanInfo classes.

Defaults:

    spring.beaninfo.ignore=true


Top of Page

Static LPKGs

Defaults:

    static.lpkg.bundle.symbolic.names=\
        Static - API,\
        Static - Impl


Top of Page

Stream

Defaults:

    com.liferay.portal.kernel.util.StreamUtil.buffer.size=8192


Set this to true when doing large file transfers on a 32-bit JVM to prevent running out of memory. This worsens performance but increases stability for older environments.

Defaults:

    com.liferay.portal.kernel.util.StreamUtil.force.tio=false


Top of Page

String Bundler


Set this property to tell StringBundler when to use a ThreadLocal buffer to build the output String. SoftReference marks the buffer to be removed forcibly by the GC when memory is nearly exhausted. Set the limit to a high value to balance ThreadLocal access by the garbage collection savings. Setting the limit too low may actually do more harm than good.

Set a value larger than 0 to enable this feature when using StringBundler with an output length longer than the specified value. A reasonable value is 8192 (8 kb) or 16384 (16 kb). The best value depends on how the portal is used.

Defaults:

    com.liferay.portal.kernel.util.StringBundler.threadlocal.buffer.limit=0


Top of Page

Tika


Set the Tika configuration file.

Defaults:

    tika.config=tika/tika.xml


Top of Page

Xerces


Configure the default parser to avoid looking up an XMLParserConfiguration from the class path each time a SAXParser object is created. Set this property to a blank value to revert to the default behavior.

See https://xerces.apache.org/xerces2-j/faq-xni.html for more information.

Defaults:

    org.apache.xerces.xni.parser.XMLParserConfiguration=org.apache.xerces.parsers.XIncludeAwareParserConfiguration