###################################################################################
# #
# Copyright 2010-2012 Ning, Inc. #
# #
# Ning licenses this file to you under the Apache License, version 2.0 #
# (the "License"); you may not use this file except in compliance with the #
# License. You may obtain a copy of the License at: #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT #
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the #
# License for the specific language governing permissions and limitations #
# under the License. #
# #
###################################################################################
[main]
# Bypass the servlet container completely for session management and delegate
# it to Shiro (to be portable across servlet containers)
# The default session timeout is 30 minutes.
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
# Use the configured native session manager
securityManager.sessionManager = $sessionManager
jdbcRealm=com.ning.billing.server.security.KillbillJdbcRealm
[urls]
# Special endpoints: healthcheck, tenant API.
# TODO: don't secure them for now - eventually require admin privileges
/1.0/healthcheck = anon
/1.0/kb/tenants/** = anon
# For all other resources, require basic auth
# TODO: ssl, authcBasic
# Commented out because that seems to break the server tests that don't require authentification
#/1.0/kb/** = authcBasic