Hanami ext folder
The ext folder contains configuration files and resources that define the behavior of the Hanami application. It has the following structure:
boot/: Contains Trig files (.trig) to be loaded into the internal triple store. Those are loaded only the first time hanami is booted, unless backups are disabled (seehanami.backup.enabledinconfig/customer.yml) below.collections/: Contains configuration for the various collections (see detailed section here).config/: Contains configuration yaml files. There should at least becustomer.ymlandsecurity.yml. Profile-specific files can also be included here.environment-changes/: Contains SPARQL queries (.sparql) to be run on the data in thebootfolder before loading. These are mainly used to correctly configure the external RDF store for different environments. Thehanami.customer.template-argumentsproperty incustomer.ymldefines values to be templated in these queries.operations/: Containsoperations.json5that defines the possible operations that are checked before allowing CRUD operations. This implements a role-based access control system and is only used for admin access in environments using WAC. This should not be edited.config.json5: Contains configurations mostly related to access control.
config/ folder
The config/ folder contains at least a customer.yml file and a security.yml file.
customer.yml
This file contains customer-specific configuration.
hanami.authorization.provider: Specifies the authorization provider, eitheroperationsorwac.hanami.elasticsearch.url: URL for Elasticsearch, typically referenced from environment variables.hanami.lang.app: Application language settings:default-lang: Default language for the application UI (e.g., 'en').available-langs: List of available languages for the application UI (e.g., ['en', 'fr']).locale-mapping: Maps language codes to locale codes (e.g., 'fr' to 'fr-BE').
hanami.lang.data: Data language settings:available-langs: List of available languages for data (e.g., ['en', 'fr']). This is used to give default possible languages for thehanami:LangStringEditorwidget if nosh:languageInis given.
hanami.prefixes: Namespace prefixes used throughout the application for RDF data, defining shorthand references to URIs (legacy config, will be removed in the future).
Example of a customer.yml file:
hanami:
authorization:
provider: operations # alternative: wac
elasticsearch:
url: ${env.hanami.elasticsearch.url}
lang:
app:
default-lang: en
available-langs:
- en
- fr
locale-mapping:
en: en-UK
fr: fr-BE
data:
available-langs:
- en
- fr
prefixes:
dct: http://purl.org/dc/terms/
hanami: https://hanami.app/ontology#
owl: http://www.w3.org/2002/07/owl#
prov: http://www.w3.org/ns/prov#
rdf: http://www.w3.org/1999/02/22-rdf-syntax-ns#
rdfs: http://www.w3.org/2000/01/rdf-schema#
schema: http://schema.org/
sh: http://www.w3.org/ns/shacl#
skos: http://www.w3.org/2004/02/skos/core#
vcard: http://www.w3.org/2006/vcard/ns#
xsd: http://www.w3.org/2001/XMLSchema#
security.yml
This file contains the security-related configuration and can have the given properties:
cognizone.security.auth-method: Authentication method,basicorsaml. # TODO I suppose that oauth will come here?cognizone.security.basic-auth: Basic authentication configuration:realm: Authentication realm message.users: User definitions with:password: Encrypted password (typically BCrypt format).roles: List of roles assigned to the user (e.g., 'ADMIN', 'EDITOR').
Example of a security.yml file:
cognizone:
security:
auth-method: basic
basic-auth:
realm: Hanami is asking who you are
users:
admin:
password: "{bcrypt}$2a$12$QwLcj3Tu/sSTNF9RfctXBe2AGFO4GBBjOLXWVVvs1OnZPQAUbuo82" # admin/admin
roles:
- ADMIN
editor:
password: "{bcrypt}$2a$12$eUJ1BsUCkXK9Jr8i5KLu5.HHmhB/dzWr2ZtXz7.0EZJe.qRDCXROS" # editor/editor
roles:
- EDITOR
Profile-specific files
Profile-specific YAML files can also be included in the config/ folder, which may override settings in the base configuration files for different deployment environments. These files follow the naming convention application-{profile}.yml and are loaded based on the active Spring profile.
Profile-specific files can:
- Override settings from base configuration files
- Provide environment-specific configurations
- Split configuration into logical sections for better maintainability
Common configurations in profile-specific files include:
env: Environment-specific variables and settings, used to be references in other files to make references to. Can contain anything.hanami.index: Indexing configurationfull-node-indexing.enabled: Whether full node indexing is enabled or not (should be true for newer installations)startup.workspaces: Whether to index workspaces at startupstartup.collections: Whether to index collections at startup
hanami.features: Feature toggles for the environmentvalidation.enabled: Whether validation features are enabledactions.enabled: Whether action features are enabled
hanami.backup: Backup configurationenabled: Whether backups are enabledbackup-rate-ms: Backup frequency in millisecondsbackup-delay-ms: Delay before first backup in millisecondsclean-rate-ms: Cleanup frequency in millisecondsclean-delay-ms: Delay before first cleanup in milliseconds
hanami.customer.template-arguments: Environment-specific template arguments. Typically a map of strings for variable to be used in templated sparql queries.info.app.environmentName: Human-readable name for the environment, displayed in the top-right part of the UI.
Example of a profile-specific file structure:
env: # can contain anything
cognizone:
security:
auth-method: basic
hanami:
id: hanami-dev
elasticsearch:
url: http://elasticsearch-dev:9200/
hanami:
index:
full-node-indexing:
enabled: true
startup:
workspaces: true
collections: true
features:
validation:
enabled: true
actions:
enabled: true
customer:
template-arguments:
rdfStore: http://rdf-store-dev:8890/sparql
rdfStoreUser: dba
rdfStorePassword: password123
serviceAHost: http://localhost:8080
serviceAAuthHeaders: Basic YWRtaW46YWRtaW4=
info:
app:
environmentName: Development Environment
For better maintainability, profile-specific configurations can be split across multiple files (e.g., application-profile1.yml, application-profile2.yml, application-profile3.yml), which will be combined when the corresponding profiles are active.
config.json5
This file contains configurations that should eventually move to RDF in the admin workspace. It primarily defines security-related settings and access control for different parts of the application. In details:
security.collections: Maps CRUD keywords in the application to their corresponding operations to be checked for authorization.security.endpoints: Defines role-based access control for specific API endpoints.security.workspaces: Defines which workspaces are accessible to users with specific roles.security.isDefaultAllowed: A boolean flag that determines whether users can access collections that are not explicitly configured in the access control settings.
Example of a config.json5 file:
{
security: {
collections: {
create: "crud-download/create-check",
read: "crud-download/read-check",
update: "crud-download/update-check",
delete: "crud-download/delete-check",
download: "crud-download/download-check",
},
endpoints: {
"api/admin/index": {
"index-workspaces": ["ADMIN"],
"index-collections": ["ADMIN"],
"index-items": ["ADMIN"],
"index-delete": ["ADMIN"],
"index-query": ["ADMIN"],
},
"api/admin/index/is-running": {
"is-running": ["ADMIN"],
},
"api/admin/tools/yasgui/sparql-endpoints": {
"get-endpoints": ["ADMIN", "EDITOR"],
},
"api/admin/tools/yasgui/run": {
"query-endpoint": ["ADMIN"],
},
"api/admin/backup": {
create: ["ADMIN"],
},
},
workspaces: {
ADMIN: [
"https://data.hanami.app/config/workspace/1",
"https://data.hanami.app/config/workspace/data",
"https://data.hanami.app/config/workspace/external-data",
],
EDITOR: ["https://data.hanami.app/config/workspace/data"],
},
isDefaultAllowed: true,
},
}