1. Introduction

This manual describes the configuration of the server-side components of the GBS BEST application.

The configuration procedure should be done only after the installation step. For more information, refer to GBS Apps Setup Manual.

2. Configuration

The configurations steps are:

  1. Configure Tomcat;
  2. Configure Certificates;
  3. Generate encrypted password;
  4. Finish configurations in config.properties file.

All steps are described below. An example config.properties file is found in the Configuration File Example section.

Danger

All lines must be present in the configuration file. Commenting or deleting lines may cause unexpected behavior. For further information, contact Griaule Support Team.

2.1. Tomcat Configuration

Edit the Tomcat configuration file to configure the certificates and port that the application will use.

vi /var/lib/tomcats/best/conf/server.xml

To change the port, look for connector port=. This is the port for the backend operations.

2.2. Certificates Configuration

To enable SSL authentication, search for connector port= in the file /conf/server.xml.

There are two entries. The commented one is the configuration for SSL. Remove the comment delimiters <!-- and -->, and adjust these settings:

port="58194"
keystoreFile="/home/griaule/keystore"
keystorePass="password"
keyAlias="1"
clientAuth="true"
truststoreFile="/home/griaule/keystore"
truststorePass="password"

The parameter port should be the desired network port for the application.

Change the path of keystoreFile and truststoreFile to the proper values. Do the same for keystorePass and truststorePass.

The parameter clientAuth="true" will require authentication from server-side to client-side and from client-side to server-side. This means that the client will need to import the certificate in the browser to be able to access the application.

Warning

When clientAuth is set to true, the system administrator must provide the certificate.pfx file for the end-users.

2.3. Database password encryption

In the config.properties file, the jdbc.password parameter is an encrypted password. To generate the encrypted password, perform the following steps:

  1. Go to the following directory:

    cd /var/lib/tomcats/best/webapps/gbs-best-server/WEB-INF/lib

  2. Execute the command:

    java -cp gbs-common-db-<version>.jar com.griaule.commons.util.EncryptUtil <desiredPassword>

  3. The encrypted password will be displayed after the message: “Encrypted password is:”

Note

Store this encrypted password. It will be used in the next step.

2.4. Search Filter: Label

Some BEST configuration can be done through the databases, as the search labels. The search label is a list of labels the user can select in the fragment search configuration to restrict the candidate list.

To configure the desired labels, you need to include the labels at search.labels row in the sphinx.settings table. Note that the labels must me comma separated.

Those labels will be visible to all BEST users.

2.5. Application properties file

The last step is to configure the application properties file:

vi /var/lib/tomcats/best/conf/config.properties

The most important changes in this configuration file are the jdbc.url, jdbc.username, jdbc.password, and gbds.url properties. Configure the parameters according to the environment.

The complete configuration file is shown in the Configuration File Example section.

Note

Remember to substitute the correct encrypted password generated in the Database password encryption section in the file.

2.5.1. Case Segregation Label

It is possible to segregate the cases a user sees in the software. To do it you need to add a permission in the LDAP settings.

Inside a user group, add the label in the format best_org_{desired_label}, e.g. best_org__MG. New cases created by users in that group will have this label and will only be visible to users with the correct permissions.

Note

Cases created before the addition of this label will not be modified.

2.5.2. Multiple Node Usage

BEST can be used in more than one server node. To allow that, the master server must have the config poolingUL.active set as true, and other nodes must have it set as false.

Important

Remember to set a load balance between the nodes if using this method.

2.5.3. BEST Configuration

The last step is configuring IP and port of the application that the end-user will access. It must be the same IP and port configured in the Tomcat Configuration section.

best.ip=http://<ip>
best.port=<port>

Important

Its also possible to use https at best.ip configuration.

3. Finish Configuration

After all configuration steps are complete, go back to the GBS Apps Setup Manual - Configuration Section.

4. Configuration File Example

This section shows an example of the config.properties file.

# GBS BEST Server

jdbc.driverClassName=com.mysql.jdbc.Driver
jdbc.url=jdbc:mysql://192.168.0.200:3306/forensic?useSSL=false
jdbc.username=root
jdbc.password=CDrt8vbewA2YAubPNOLZkw==
jdbc.dialect=org.hibernate.dialect.MySQLDialect
jdbc.showSql=false

# GBDS connection
gbds.url=http://192.168.0.200:8085
gbds.user=admin
gbds.key=griaule123
gbds.logLevel=DEBUG

session.expirationTime=8h
same.user.simultaneous.login=true

locale=en_us

fingerprint.useSDK=true
useLatentExtrator.fingerprint=true
useLatentExtrator.palmprint=false

image.convert.useJnbis=false

poolingSearch.active=true
poolingSearch.time=5

poolingUL.active=true
poolingUL.time=300

extratorServer.firstPort=8100
extratorServer.processNumber=4

faceQuality.qtdeMinErrors=2

session.expirationTime=8h

server.standalone.port=8085

best.ip=
best.port=

# Path to save the videos (the face detection and extraction service needs to access this path)
fileDir=/var/lib/apache-tomcat-best/videos

# Endpoint for face detection/extraction service
detect.group.url=http://172.16.0.70:8127/v1/detection/

# Number of best faces desired for each identify (at least 1)
detect.numberBestFaces=5

# Number of threads (BEST server will import and search the faces in parallel)
identity.threadSize=4

# Frame detection step. If 3, only 1 out of 3 frames will be considered
detect.framesStep=3

# Faces must appear in at least this number of frames to be considered valid
detect.framesAppearingFilter=30

# Facelib match threshold
detect.matchThreshold=65