SAMO LIDS 10 Application Server Installation

This chapter describes only differences to the version 9 installation. For complete installation guide of version 10 see Installation Guide

Standalone Installation

Individual applications must run on specific ports. If multiple applications need to run on the same host and port, nginx or a reverse proxy must be used to route traffic.

All parameters that were previously written in Tomcat properties should now be moved to environment variables (.env) or SECRET_PROPERTIES in Docker Compose.

For Windows on-premise (non-Docker) service installation (Java -jar & WinSW automation), see the dedicated guide: Windows On-Premise (SAMO 10+).

Docker Installation

Note: lids-full image is no longer available.

Docker Compose must be configured carefully because each application requires its own ports. Parameters for database, HTTP/HTTPS, and debug ports must be specified in environment variables or SECRET_PROPERTIES.

Separate Services

Two services have been separated from LIDS AS and now have their own Docker images:

SAMO License Server for SAMO 10

license-server:
  image: docker.asseco-ce.com/samo/server/samo-license-server:${license_server_version}
  restart: always
  environment:
    - samo_env_configuration=${env_configuration}
    - SECRET_PROPERTIES= --ldap.password=$DEV_LDAP_PASSWORD --dataSource.password=$DEV_DATASOURCE_PASSWORD
    - JAVA_OPTS=-Dserver.servlet.context-path=/license
  ports:
    - "${license_server_http_port}:8080"
  volumes:
    - ${configuration_dir:-./configuration/packages}:/usr/local/configuration
    - ${env_dir:-./}:/usr/local/environment
    - ${data_dir}:/usr/local/data

SAMO Security Manager for SAMO 10

samo-security-manager:
  image: docker.asseco-ce.com/samo/server/samo-security-manager:${security_manager_version}
  restart: always
  environment:
    - samo_env_configuration=${env_configuration}
    - SECRET_PROPERTIES= --ldap.password=$DEV_LDAP_PASSWORD --dataSource.password=$DEV_DATASOURCE_PASSWORD
  ports:
    - "${security_manager_http_port}:8080"
  volumes:
    - ${configuration_dir:-./configuration/packages}:/usr/local/configuration
    - ${env_dir:-./}:/usr/local/environment
    - ${data_dir}:/usr/local/data

Note: Each service must be configured with its own ports and environment variables. Make sure SECRET_PROPERTIES are correctly set for each service.

Configuration Parameters

Database Configuration (`dataSource`)

Database connection properties can now be specified via .properties files or environment variables in Docker Compose.

A new parameter dataSource.property defines the prefix used to resolve the other database properties. Default:

dataSource.property=dataSource
dataSource.name=jndi:jdbc/lids
dataSource.driver=oracle.jdbc.OracleDriver
dataSource.url=jdbc:oracle:thin:@server.domain:1521:ORCL
dataSource.username=user
dataSource.password=<password>

Spring Boot/Tomcat connector defaults:

driver, url, username, password are resolved from environment properties first, then from system properties.
Password fallback: dataSource.password.
Connection pool defaults (HikariCP):

DataSource Parameter Mapping (Tomcat → New)

New Parameter	Replaces Old Tomcat Parameters / Comments	Default Value
`dataSource.name`	`dataSource.name` — unchanged	"defaultPool" (if not set)
`dataSource.driver` / `driverClassName`	`dataSource.driver` — unchanged	none (required)
`dataSource.username`	`dataSource.username` — unchanged	none (required)
`dataSource.password`	`dataSource.password` — unchanged	none (required)
`dataSource.url`	`dataSource.url` — unchanged	none (required)
`dataSource.maxActive`	`dataSource.maxActive` — unchanged	50
`dataSource.minIdle`	`dataSource.minIdle` — unchanged; if not set, `initialSize` is used	0 (if not set, uses initialSize)
`dataSource.initialSize`	Only used to populate `minIdle` if it is not set; `initialSize` no longer creates connections directly	-1 (ignored if minIdle set)
`dataSource.idleTimeout`	Replaces a combination of `timeBetweenEvictionRunsMillis` + `minEvictableIdleTimeMillis` + indirectly `testWhileIdle`	600000 ms (10 minutes)
`dataSource.maxLifetime`	No direct equivalent; previously connections lived until explicitly closed or removed by eviction process	1800000 ms (30 minutes)
`dataSource.connectionTimeout`	Partially replaces `validationQueryTimeout`, but the meaning is different: limits the wait time for a free connection from the pool	30000 ms (30 seconds)
`dataSource.validationQuery`	`dataSource.validationQuery` — unchanged	auto-detected by driver
`dataSource.validationQueryTimeout`	`dataSource.validationQueryTimeout` — unchanged	5000 ms (5 seconds)
`datasource.leakDetectionThreshold`	New - connection leaks detection, logs a warning if a connection is held too long. Minimal value is 2000ms (2 seconds)	0 (disabled)
`datasource.tcpKeepAlive`	New - enables TCP keep-alive on Postgres connections by periodically sending packets to prevent timeouts.	false
`datasource.loginTimeout`	New - specifies the maximum time (in ms) to wait for a Postgres database login before failing.	0 (disabled)

⚠️ Note: The following parameters are no longer used: rollbackOnReturn, removeAbandonedOnBorrow, removeAbandonedOnReturn, poolPreparedStatements, maxOpenPreparedStatements, numTestsPerEvictionRun, testOnBorrow, testWhileIdle.
Their functionality has either been removed or merged into new parameters (idleTimeout, connectionTimeout) and built-in HikariCP validation.

Application Ports

Each application has its own prefix (component name), e.g., authServer, userService, etc.

Parameter	Default	Notes
`{component}.http.disabled`	`false`	Disables main HTTP connector
`{component}.https.enabled`	`false`	Enables HTTPS connector
`{component}.debug.enabled`	`false`	Enables debug connector (Tomcat separate port)
`{component}.http.port`	`8080`	HTTP port
`{component}.https.port`	`8443`	HTTPS port
`{component}.debug.port`	`8000`	Debug port (Tomcat/JDWP)
`{component}.https.certificatePath`	-	Required if HTTPS enabled
`{component}.https.certificateKey`	Derived from certificate path (`.key`) if not explicitly provided	-

Notes:

Boolean variables default to false.
Ports defaults: HTTP = 8080, HTTPS = 8443, DEBUG = 8000.
If HTTPS is enabled, HTTPS_CERTIFICATE_PATH must be specified. HTTPS_CERTIFICATE_KEY will default to the same path with .key extension if not explicitly set.
All of these can be specified as environment variables in Docker Compose:

# Example for authServer
HTTP_DISABLED=false
HTTPS_ENABLED=true
HTTPS_CERTIFICATE_PATH=/usr/local/data/common/certs/server.pem
# HTTPS_CERTIFICATE_KEY will default to /usr/local/data/common/certs/server.key
DEBUG_ENABLED=false
HTTP_PORT=8080
HTTPS_PORT=8443
DEBUG_PORT=8000

Configuration Changes

The following elements have been permanently removed from config.xml. Remove them from all existing configurations before upgrading.

Removed	Location	Migration
`url`, `context`, `autodetect` attributes	`system.server`	Remove these attributes
`force` attributes	`system.server`	Remove attribute and declare in properties (lids.server.urlForce)
`<supported>` child elements	`system.language`	Remove all `<supported>` entries. Keep only the `default` attribute
`default` attributes	`system.language`	Remove attribute and declare in properties (lids.language.default)
`<cacheLevel>` element	`system.security`	Remove the element. It was already a no-op in previous versions

System modules are auto-registered

Starting with SAMO 10, the built-in HTTP modules, SOAP web services, and REST modules shipped with the Application Server are auto-registered at startup. In your project's config.xml, leave only your project-specific extensions under <services><modules>, <services><webServices>, and <restServices><modules> — delete the rest. The wrapping elements may be empty, or omitted entirely if you have no project-specific entries.

If a project's config.xml still lists a system entry (by name), the project entry is ignored and a warning is logged at startup:

WARN  --- [system] config : [SAMO-16786] System HTTP module 'WFS' is redeclared in config.xml — project entry ignored.

This means it is no longer possible to override the class of a built-in module via config.xml. Customizations that previously replaced (for example) the WFS module class with a multi-storage or vendor-specific variant now silently fall back to the system implementation. Such customizations need a different mechanism — for example, registering the customized module under a project-specific name.

Minimal project config.xml snippet (only a project-specific module shown):

<services>
  <modules>
    <module name="MyProjectModule">
      <moduleClass>com.example.MyProjectModuleImpl</moduleClass>
      <service name="MyService" servletName="MyService" title="My Project Service">
        <requests>
          <request name="myOperation" postServletName="MyService"/>
        </requests>
      </service>
    </module>
  </modules>
  <webServices/>
</services>
<restServices>
  <modules/>
</restServices>

Summary

All Tomcat/Spring Boot properties are now configurable via environment variables or SECRET_PROPERTIES.
Database configuration uses dataSource.property prefix for lookup.
Ports for HTTP, HTTPS, and debug must be unique per application.
Default boolean and port values:

HTTP_DISABLED=false
HTTPS_ENABLED=false
DEBUG_ENABLED=false
HTTP_PORT=8080
HTTPS_PORT=8443
DEBUG_PORT=8000

HTTPS certificate key is derived automatically if not specified.
Remove unused system properties from config.xml

Standalone Installation​

Docker Installation​

Separate Services​

SAMO License Server for SAMO 10​

SAMO Security Manager for SAMO 10​

Configuration Parameters​

Database Configuration (dataSource)​