Skip to main content

Configuration

What can be configured in LuciadFusion

The LuciadFusion configuration docs explicitly cover:

  • Spring profiles
  • service enable/disable
  • security
  • asynchronous event handling
  • logging
  • port
  • datastore
  • Studio database
  • Studio job thread pool
  • default metadata
  • OGC services
  • Tiling Engine / LTS
  • Symbology service

Core configurable parameters

Environment and profiles

  • spring.profiles.active
  • fusion.single
  • environment-specific profile such as fusion.production

Platform port

  • server.port

Service enable/disable

  • <service-prefix>.enabled
  • example: fusion.ogc.wms.enabled: false

Studio datastore

  • fusion.studio.configuration.datastore

Studio database

  • fusion.studio.db.url
  • fusion.studio.db.username
  • fusion.studio.db.password

Security

  • fusion.security.enabled
  • fusion.security.cors.origins
  • fusion.security.authenticationManager
  • fusion.security.authenticationTypes

Access control

  • fusion.accessControl.enabled
  • fusion.accessControl.adminRole
  • fusion.accessControl.authenticatedEndpoints

Service access

  • fusion.security.serviceAuthenticationRequired
  • fusion.security.authenticatedEndpoints

Async handling

  • fusion.events.async.enabled
  • fusion.events.async.threadPool.minimumSize
  • fusion.events.async.threadPool.maximumSize

Studio jobs

  • fusion.studio.configuration.jobs.threadPool.minimumSize
  • fusion.studio.configuration.jobs.threadPool.maximumSize

Tiling engine

  • fusion.engine.tilestoreHome

Authentication types supported

LuciadFusion documents these authentication manager options:

  • authenticate_all — demo/testing only
  • properties_in_memory — development only
  • ldap_ad
  • ldap

Predefined authentication types:

  • form
  • http_basic

It also supports replacing built-in logic with custom Spring Security authentication/authorization logic.

Example security configuration

Example A: Development only

fusion:
  security:
    enabled: true
    authenticationManager: properties_in_memory
    authenticationTypes:
      - form
      - http_basic
    users:
      - username: admin
        password: admin123
        roles: ["FUSION_ADMIN"]

Example B: Enterprise LDAP/AD

fusion:
  security:
    enabled: true
    authenticationManager: ldap_ad
    authenticationTypes:
      - form
      - http_basic
    cors:
      origins:
        - "https://ria.example.com"

  accessControl:
    enabled: true
    adminRole: "FUSION_ADMIN"

Example C: Require authentication for all WMS endpoints

fusion:
  security:
    enabled: true
    serviceAuthenticationRequired: false
    authenticatedEndpoints:
      - endpointPattern: "${fusion.ogc.wms.basePath}/**"
        authenticated: true

Real-world explanation

In practice:

  • Studio admins use form login
  • APIs and services often use http_basic or enterprise front-door auth
  • service exposure is not all-or-nothing; endpoint patterns can be individually locked down
  • public map layers can stay anonymous while sensitive service paths require authentication.

CCR wording

Configuration changes include Spring profile activation, server port assignment, datastore and database binding, service enablement, authentication mode selection, access-control role mapping, endpoint authentication behavior, and background thread pool sizing for events and Studio jobs.